[Samba] Password policy doesn't work (pdbedit)
Hello, I'm using samba 3.0.24 and Debian 4.0. As a password backend I use smbpasswd. I set password policy: Length - 8 signs, Password history - 3, password complexity - script, maximum password age - 30 days The password length and complexity works, but password history and maximum password age doesn't. I tried do the same on test machine (samba 3.2.5) and it works fine (users and settings I took from my working Samba 3.0.24) . What can I do about that? What should I check? Any ideas? Pdbedit shows correct settings but the password must change time is 19 jan 2038 04:14:07 CET Thanks and regards Radek Bojek -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Password policy doesn't work (pdbedit)
I had the same problem when I set a password policy using pdbedit and tdbsam as the backend... turns out the policy would only apply to new accounts and not existing ones. However if I got the existing users to reset their passwords manually the account policy would kick in. Radek wrote: Hello, I'm using samba 3.0.24 and Debian 4.0. As a password backend I use smbpasswd. I set password policy: Length - 8 signs, Password history - 3, password complexity - script, maximum password age - 30 days The password length and complexity works, but password history and maximum password age doesn't. I tried do the same on test machine (samba 3.2.5) and it works fine (users and settings I took from my working Samba 3.0.24) . What can I do about that? What should I check? Any ideas? Pdbedit shows correct settings but the password must change time is 19 jan 2038 04:14:07 CET Thanks and regards Radek Bojek -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Domain Trusts
Hi, I am trying to get two Samba4 domain's linked in a trust over an openvpn tunnel. Everything seems to be setup fine and each domain recognizes the other domain when starting to create the trust. I am unable to get this to work though as when I go through the wizard and it creates the trust, the last screen says The operation failed. The error is: The stub received bad data.. I also get this error when using netdom to create the trust. This seems to happen no matter what type of trust I create. My question is, is this feature implemented yet? If so, has anybody been able to get it working or had a similar problem? If not, is anybody working on implementing this as a feature? If so, do you have an eta? Also how do I get samba4 to log? I have been unable to find any logs and putting 'log file = /var/log/samba/log.smbd' into /usr/local/samba/etc/smb.conf has no affect. Thanks, Charlie -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] doc examples bug regarding 'xattr' special switch need
Linda Walsh wrote: This may already be fixed, but various places talk about the need for a 'user_xattr' switch on mounts to use extended attributes. I've never known 'xfs' to have such a switch -- if they are enabled in the kernel, they just work -- I tried it. I also tried adding the switch and verified it is not an accepted switch for XFS. Is the documentation referring to some newer filesystem that has incompatible options (regarding external attributes)? I'm running a stock SuSE kernel and they are enabled by default (and fully available to non-root users). Another bit of minor confusion about this is that RedHat and CentOS (and probably Fedora and others) enable them by default too, without the switch in fstab. I think it is because they are used by SElinux. However, if you add another mountpoint and filesystem later (after installation), then they are not enabled on the new filesystem until you add the switch at mount time. This results in the confusing situation of two mountpoints looking the same in fstab, but one having xattrs enabled and the other not. My observations above are for ext3 filesystems. I think the best advice may be to do a simple test on your filesystem to see if you can set and read extended attributes. If you can, you are good to go. If not, add the switch in fstab. -- Mark Nienberg Sent from an invalid address. Please reply to the group. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] samba wins question
Hello all, I have some questions regarding samba's wins configuration in an environment where samba has been integrated with Windows 2003 Active Directory. We do not use WINS in our Active Directory environment and only use DNS. We have 2 samba servers, let's say they are named samba1 and samba2. samba1 is running 3.0.33-3.7.el5_3.1 and samba2 is running 3.0.28a-1ubuntu4.8. Both of their configuration regarding WINS: name resolve order = hosts lmhosts bcast wins support = no dns proxy = no This seems to work fine but was wondering if there's a better configuration that I should be using. If this is not an ideal configuration, should I configure one of the samba servers, let's say samba1 as WINS and thus, change the configuration on them as follows? Since we're not going to set WINS configuration on our Windows client machines, they won't register to WINS on samba server though: change samba1's smb.conf: wins support = yes dns proxy = yes name resolve order = wins lmhosts hosts bcast change samba2's smb.conf: wins server = IP of samba1 wins proxy = yes dns proxy = yes name resolve order = wins hosts lmhosts bcast -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] FYI, Samba presentation at Ohio LinuxFest 2009
At this years Ohio LinuxFest 2009 Don Vosburg will be presenting on his experiences deploying Samba in various configurations: So You Think You Can Dance? Samba in the Real World by Don Vosburg Samba is a terrific file sharing project - but how well can you dance? Hear real world examples of hot to swing with Samba. We will explore integration with existing networks, or standing up your own Samba domain. The emphasis will be on creating a practical Samba server environment, and making it robust as well. Look for some strong tips, a few tricks, and a start on best practice. Demonstrations will be shown as well. Don Vosburg (So You Think You Can Dance? Samba in the Real World) has been in the IT industry for over 15 years in a wide variety of roles. His experiences as a system administrator, architect, and consultant provide a wealth of illustration. For the last five years he has been a technology specialist for Novell, Inc. His area of special concentration has been Linux. He has been tapped for presentations at Novell Brainshare, LinuxWorld San Francisco, Ohio LinuxFest, and numerous other venues. OHIO LINUXFEST REGISTRATION DEADLINE IS SEPT 18 Ohio LinuxFest 2009 Free and Open Source Software Conference and Expo Columbus, Ohio : September 25-27, 2009 http://www.ohiolinux.org Registration Deadline: September 18, 2009 The Ohio LinuxFest 2009 registration deadline is September 18, 2009. If you have not registered yet, please hurry over to http://www.ohiolinux.org and register today. Join us for the seventh annual Ohio LinuxFest conference to celebrate 40 years of Unix. We have an exciting line up of talks and this year the conference extends from Friday to Sunday. Friday, September 25, features professional training courses (Professional package registration required) and a course for Linux beginners which includes a refurbished computer, with Linux pre- installed for you (Quick Start package required). A series of conference talks and other sessions will be held on Friday as well. Saturday, September 26, features the expo and four conference tracks. We have a great line up of speakers; Doug McIlroy, Shawn Powers, Dr. Peter Salus, and many more. The Diversity in OpenSource Workshop will be held on Sunday, September 27th. A mix of talks and open discussion will help attendees identify biases and learn ways to break down barriers, invisible or blatant. Also, two certification examinations will be held on Sunday the 27th. Linux Professional Institute will host an LPI certification exam, and the BSD Certification Group will offer the BSDA certification exam for Ohio LinuxFest attendees. Four registration packages are available for the Ohio LinuxFest this year. The Enthusiast Package is available at no cost for students, enthusiasts, and those that want to come to the event to find out more about Free and Open Source software. The Supporter Package is available again at a low cost of $65.00 to support the event. As a measure of appreciation, the supporter package includes lunch on Saturday and a commemorative Ohio LinuxFest tee-shirt. The Quick Start Package is available for $250.00, which in addition to access to the events on Saturday, includes a full day of Linux Basics training on Friday and a refurbished Linux computer to take home. The Professional Package is available for $350.00, which in addition to Saturday's activities, also includes access to the one day OLFU tutorials on Friday. The Ohio LinuxFest welcomes people from all 50 states and international participants. We have had participants from Canada, England, Argentina, Brazil, and Australia in years past. Note that the Ohio LinuxFest is a 501c3 non-profit, volunteer organization. All proceeds are used for conference costs. Thank you and hope to see you in Columbus, The Ohio LinuxFest team. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] doc examples bug regarding 'xattr' special switch need
On Tue, 2009-09-15 at 09:57 -0700, Mark Nienberg wrote: I think the best advice may be to do a simple test on your filesystem to see if you can set and read extended attributes. If you can, you are good to go. If not, add the switch in fstab. Rather then adding the switch in fstab use tune2fs and turn them on by default for that file system. (-o +user_xattrs) Simo. -- Simo Sorce Samba Team GPL Compliance Officer s...@samba.org Principal Software Engineer at Red Hat, Inc. s...@redhat.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Domain SID vs. Local SID on Domain Controller SID requirements
IF a samba server is setup to be a domain controller, should it's local SID = the domain SID? Also, what are the requirements of a SID? I usually see S-1-5-21-x-y-z, where x,y,z = 10 digits, but could x,y,z be 1,2,3 (for example)? I.e. do they have to be 10 digit numbers or can they be shorter? If I have a simple setup, and want a sid I can remember can I just make it 'short'? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Domain SID vs. Local SID on Domain Controller SID requirements
On Tue, 2009-09-15 at 11:42 -0700, Linda Walsh wrote: IF a samba server is setup to be a domain controller, should it's local SID = the domain SID? yes the PDC exports the local SAM as the domain SAM (the SAM is the DB where user information is stored including SIDs) Also, what are the requirements of a SID? I usually see S-1-5-21-x-y-z, where x,y,z = 10 digits, but could x,y,z be 1,2,3 (for example)? I.e. do they have to be 10 digit numbers or can they be shorter? They are random 32bit integers, they can be any number between 1 and 2^32-1 If I have a simple setup, and want a sid I can remember can I just make it 'short'? No, users SID are composed of Domain SID + RID, the Domain SID part is identical for all domain user and is generated once by the PDC at installation time. Simo. -- Simo Sorce Samba Team GPL Compliance Officer s...@samba.org Principal Software Engineer at Red Hat, Inc. s...@redhat.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] FreeBSD 6.2 fresh install samba 3.3.7 problems
Hello, I've port installed 3.3.7 samba onto the box and was trying to start samba server through '/usr/local/etc/rc.d/samba' with no success (server wouldn't start at all). I've tried running '/usr/local/bin/smdb -D' and server started for few moments before it died. Below are configuration files and log dump with the dump error. What am I doing wrong? [r...@crossbow ~]# cat /usr/local/etc/samba/smbpasswd pcguest:1010:AAD3B435B51404EEAAD3B435B51404EE:31D6CFE0D16AE931B73C59D7E0C089C0:[U ]:LCT-4AAFA483: [r...@crossbow ~]# testparm -s Load smb config files from /usr/local/etc/smb.conf Processing section [share] Loaded services file OK. Server role: ROLE_STANDALONE [global] security = SHARE passdb backend = tdbsam guest account = pcguest [share] path = /usr/local/www read only = No guest ok = Yes [r...@crossbow ~]# cat /usr/local/etc/smb.conf [global] workgroup = WORKGROUP passdb backend = tdbsam ;Anonymous Configuration security = share guest account = pcguest [share] path = /usr/local/www read only = no guest ok = yes [r...@crossbow ~]# cat /var/log/samba/log.smbd [2009/09/15 14:38:36, 0] smbd/server.c:main(1274) smbd version 3.3.7 started. Copyright Andrew Tridgell and the Samba Team 1992-2009 [2009/09/15 14:38:36, 0] printing/print_cups.c:cups_connect(103) Unable to connect to CUPS server localhost:631 - Connection refused [2009/09/15 14:38:36, 0] printing/print_cups.c:cups_connect(103) Unable to connect to CUPS server localhost:631 - Connection refused [2009/09/15 14:38:37, 1] passdb/pdb_tdb.c:tdbsam_open(503) tdbsam_open: Converting version 0.0 database to version 4.0. [2009/09/15 14:38:37, 1] passdb/pdb_tdb.c:tdbsam_convert_backup(282) tdbsam_convert_backup: updated /usr/local/etc/samba/passdb.tdb file. [2009/09/15 14:39:18, 0] lib/fault.c:fault_report(40) === [2009/09/15 14:39:19, 0] lib/fault.c:fault_report(41) INTERNAL ERROR: Signal 11 in pid 853 (3.3.7) Please read the Trouble-Shooting section of the Samba3-HOWTO [2009/09/15 14:39:19, 0] lib/fault.c:fault_report(43) From: http://www.samba.org/samba/docs/Samba3-HOWTO.pdf [2009/09/15 14:39:19, 0] lib/fault.c:fault_report(44) === [2009/09/15 14:39:19, 0] lib/util.c:smb_panic(1673) PANIC (pid 853): internal error [2009/09/15 14:39:19, 0] lib/util.c:log_stack_trace(1777) BACKTRACE: 8 stack frames: #0 0x82d5581 smb_panic+125 at smbd #1 0x82c0641 debug_ctx+565 at smbd #2 0x82c0652 debug_ctx+582 at smbd #3 0x28a52f5d sigaction+10485 at /lib/libpthread.so.2 #4 0xbfbfff94 #5 0x84fde6f smbd_memcache+4507 at smbd #6 0x84ff3ab main+2451 at smbd #7 0x80a47a6 _start+118 at smbd [2009/09/15 14:39:19, 0] lib/fault.c:dump_core(231) dumping core in /var/log/samba/cores/smbd -- Best regards, Vitaliy Sholokhov -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba PDC + OpenLDAP, Jaunty: Can't join domain
But I can't seem to join a computer to the domain, and I've run out of ideas. I'd like some help trying to identify where I've gone wrong and how to get the server to allow desktops to join. Sorry to reply to my own post. I figured out my problem: $ smbclient -L //newserv Domain=[TESTDOM] OS=[Unix] Server=[Samba 3.3.2] Server Comment ---- NEWSERV newserv server (Samba, Ubuntu) WorkgroupMaster ---- -TESTDOM DESKTOP +TESTDOM NEWSERV In other words, I had another test machine that was acting as the domain master. Nothing I did on the new server made any difference because joining to the domain was going to the wrong place. Cheers, Chris -- Christopher S. Swingley http://swingleydev.com/ cswin...@gmail.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Domain SID vs. Local SID on Domain Controller SID requirements
IF a samba server is setup to be a domain controller, should it's local SID = the domain SID? The SID of the Primary Domain Controler (PDC) is also the Domain's SID. Also, what are the requirements of a SID? Security Identifier http://en.wikipedia.org/wiki/Security_Identifier I usually see S-1-5-21-x-y-z, where x,y,z = 10 digits, but could x,y,z be 1,2,3 (for example)? I.e. do they have to be 10 digit numbers or can they be shorter? If I have a simple setup, and want a sid I can remember can I just make it 'short'? No. Please consult the above article. You don't need to remember the SID, you may need to keep it. net getdomainsid -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Can winning authenticate users from two AD groups?
Hello, I am trying to authenticate users from two seperate groups within our active directory listings: faculty and students. I can do wbinfo -a on users from both groups. But when students try to access samba shares they cannot. Since I am using PAM for authentication, I had them try logging into the Linux box. They can do that using the exact same credentials they tried with the samba login. Faculty have no issues. I have the samba.conf file and log files available if needed. Thanks in advance for any help, this issue is preventing my students from having easy access to the lab's data file server. Joel Therrien Ast. Professor, Electrical and Computer Engineering -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] FYI, Samba presentation at Ohio LinuxFest 2009
On Tue, Sep 15, 2009 at 02:31:40PM -0400, Adam Tauno Williams wrote: At this years Ohio LinuxFest 2009 Don Vosburg will be presenting on his experiences deploying Samba in various configurations: So You Think You Can Dance? Samba in the Real World by Don Vosburg Samba is a terrific file sharing project - but how well can you dance? Hear real world examples of hot to swing with Samba. We will explore integration with existing networks, or standing up your own Samba domain. The emphasis will be on creating a practical Samba server environment, and making it robust as well. Look for some strong tips, a few tricks, and a start on best practice. Demonstrations will be shown as well. Don Vosburg (So You Think You Can Dance? Samba in the Real World) has been in the IT industry for over 15 years in a wide variety of roles. His experiences as a system administrator, architect, and consultant provide a wealth of illustration. For the last five years he has been a technology specialist for Novell, Inc. His area of special concentration has been Linux. He has been tapped for presentations at Novell Brainshare, LinuxWorld San Francisco, Ohio LinuxFest, and numerous other venues. That sounds a very interesting presentation ! Can you post a copy to the list once the show is over ? Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] 2.6.31-rc8: CIFS with 5 seconds hiccups
On Mon, 14 Sep 2009 16:10:47 -0400 (EDT) Christoph Lameter c...@linux-foundation.org wrote: On Thu, 10 Sep 2009, Jeff Layton wrote: In any case, I think we need to look closely at what's happening at mount time. First, I'll need some other info: 1) output of /sbin/mount.cifs -V from both machines The 32 bit machine #/sbin/mount.cifs -V mount.cifs version: 1.5 //chiprodfs2/company /mnt -ouser=clameter,domain=xxx mount -t cifs //chiprodfs2/company /mnt -ouser=clameter,domain=xxx Yow, that version of mount.cifs is really old. I wonder if it may be passing bad mount options to the kernel? Might be interesting to strace that. Something like: # strace -f -s 256 -e mount mount -t cifs //chiprodfs2/company /mnt -ouser=clameter,domain=xxx ...it'll probably have a cleartext password in it so you might want to doctor the options a bit before sending along if you do. Alternately, you might just want to try a newer version of mount.cifs and see whether that fixes this. 64 bit machine $ /sbin/mount.cifs -V mount.cifs version: 1.12-3.4.0 mount -t cifs //chiprodfs2/company /mnt -ouser=clameter,domain=w2k 3) wire captures from mount attempts on both machines. Try to mount the clameter dir on both boxes and do captures of each attempt. Maybe this time use -s 0 with tcpdump so we get all of the traffic. I cannot mount the clameter dir on the 32 bit box. Hangs. So I will mount /company. Actually, the trace of a hanging mount would probably be interesting. Does the 32-bit capture that you sent represent a mount attempt that hung? Or was it successful? There may be crackable password hashes in the captures, so you may want to send them to me privately and not cc the list. Ok will follow. Thanks for the info, I had a look at the captures. They both look fairly similar. The main difference is that the 32-bit box doesn't seem to have sent any more calls after sending a QPathInfo call to the server for the root inode of the mount. What's the devname that you're giving to the mount command for the clameter dir? If there's more than 1 path component after the hostname, then the problem may be in the old version of mount.cifs. Some of them had broken handling for path prefixes. -- Jeff Layton jlay...@redhat.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Can winning authenticate users from two AD groups?
What exactly error, does it give login / password error while connecting samba box from windows. thnks On Wed, Sep 16, 2009 at 2:45 AM, Joel_Therrien joel_therr...@uml.eduwrote: Hello, I am trying to authenticate users from two seperate groups within our active directory listings: faculty and students. I can do wbinfo -a on users from both groups. But when students try to access samba shares they cannot. Since I am using PAM for authentication, I had them try logging into the Linux box. They can do that using the exact same credentials they tried with the samba login. Faculty have no issues. I have the samba.conf file and log files available if needed. Thanks in advance for any help, this issue is preventing my students from having easy access to the lab's data file server. Joel Therrien Ast. Professor, Electrical and Computer Engineering -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- http://linuxinterviews.blogspot.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Domain SID vs. Local SID on Domain Controller SID requirements
simo wrote: On Tue, 2009-09-15 at 11:42 -0700, Linda Walsh wrote: IF a samba server is setup to be a domain controller, should it's local SID = the domain SID? yes the PDC exports the local SAM as the domain SAM (the SAM is the DB where user information is stored including SIDs) excellent! If I have a simple setup, and want a sid I can remember can I just make it 'short'? No, users SID are composed of Domain SID + RID, the Domain SID part is identical for all domain user and is generated once by the PDC at installation time. Sorry -- my fault -- I wasn't clear, I meant setting the the Domain SID (Net setdomainsid S-1-5-21-1-2-3). Sounds like the answer is yes...it can be any 32-bit int in those fields. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Windows 2008 terminal services with a samba PDC
Dear, Does nobody have a windows 2008 terminal server running well in a samba domain? regards, Thomas -- Met vriendelijke groeten, Thomas Six Schaubroeck informatica Tel 0032 9 389 0526 DISCLAIMER http://www.schaubroeck.be/maildisclaimer.htm -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Build status as of Tue Sep 15 06:00:02 2009
URL: http://build.samba.org/ --- /home/build/master/cache/broken_results.txt.old 2009-09-14 00:00:03.0 -0600 +++ /home/build/master/cache/broken_results.txt 2009-09-15 00:00:53.0 -0600 @@ -1,22 +1,22 @@ -Build status as of Mon Sep 14 06:00:02 2009 +Build status as of Tue Sep 15 06:00:02 2009 Build counts: Tree Total Broken Panic build_farm 0 0 0 -ccache 1 0 0 +ccache 2 0 0 distcc 0 0 0 -ldb 31 31 0 -libreplace 6 1 0 +ldb 32 32 0 +libreplace 27 11 0 lorikeet 0 0 0 pidl 21 20 0 ppp 0 0 0 -rsync30 11 0 +rsync31 11 0 samba-docs 0 0 0 samba-web0 0 0 -samba_3_current 8 6 0 -samba_3_master 29 29 3 -samba_3_next 29 28 1 -samba_4_0_test 31 31 0 -talloc 30 30 0 -tdb 28 28 0 +samba_3_current 7 6 0 +samba_3_master 29 29 4 +samba_3_next 28 27 1 +samba_4_0_test 32 32 2 +talloc 31 31 0 +tdb 29 29 0
[SCM] Samba Shared Repository - branch v3-4-test updated - release-4-0-0alpha7-1290-ge971428
The branch, v3-4-test has been updated via e971428f137dcb42e8b735386d79f1b3a6effe34 (commit) via 5cd771b964aa36082716352522a68c962e1aaba8 (commit) from 686439599ad78c6f4d5609129113e6da51fb4a57 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-4-test - Log - commit e971428f137dcb42e8b735386d79f1b3a6effe34 Author: Jeremy Allison j...@samba.org Date: Wed Sep 9 14:39:17 2009 -0700 Fix bug 6529 - Offline files conflict with Vista and Office 2003. Jeremy. commit 5cd771b964aa36082716352522a68c962e1aaba8 Author: Lars Müller l...@samba.org Date: Mon Feb 2 21:12:52 2009 +0100 Conditional install of the cifs.upcall man page Only install the cifs.upcall man page if CIFSUPCALL_PROGS was set while configure. (cherry picked from commit e9e2414e798a2eb447de45803e61cc0a49752f11) --- Summary of changes: source3/include/includes.h|6 ++ source3/include/proto.h |5 +- source3/include/smb.h |4 + source3/lib/time.c| 41 +- source3/modules/vfs_default.c | 51 - source3/modules/vfs_onefs.c |4 +- source3/script/installman.sh |1 + source3/smbd/nttrans.c| 16 +++--- source3/smbd/trans2.c | 126 ++--- 9 files changed, 183 insertions(+), 71 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/include/includes.h b/source3/include/includes.h index 248c326..4dee258 100644 --- a/source3/include/includes.h +++ b/source3/include/includes.h @@ -526,6 +526,12 @@ struct timespec { }; #endif +enum timestamp_set_resolution { + TIMESTAMP_SET_SECONDS = 0, + TIMESTAMP_SET_MSEC, + TIMESTAMP_SET_NT_OR_BETTER +}; + #ifdef HAVE_BROKEN_GETGROUPS #define GID_T int #else diff --git a/source3/include/proto.h b/source3/include/proto.h index d33a019..5873386 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -1017,7 +1017,8 @@ char *current_timestring(TALLOC_CTX *ctx, bool hires); void srv_put_dos_date(char *buf,int offset,time_t unixdate); void srv_put_dos_date2(char *buf,int offset, time_t unixdate); void srv_put_dos_date3(char *buf,int offset,time_t unixdate); -void put_long_date_timespec(char *p, struct timespec ts); +void round_timespec(enum timestamp_set_resolution res, struct timespec *ts); +void put_long_date_timespec(enum timestamp_set_resolution res, char *p, struct timespec ts); void put_long_date(char *p, time_t t); struct timespec get_create_timespec(const SMB_STRUCT_STAT *st,bool fake_dirs); struct timespec get_atimespec(const SMB_STRUCT_STAT *pst); @@ -1038,6 +1039,8 @@ struct timespec timespec_current(void); struct timespec timespec_min(const struct timespec *ts1, const struct timespec *ts2); int timespec_compare(const struct timespec *ts1, const struct timespec *ts2); +void round_timespec_to_sec(struct timespec *ts); +void round_timespec_to_usec(struct timespec *ts); struct timespec interpret_long_date(const char *p); void cli_put_dos_date(struct cli_state *cli, char *buf, int offset, time_t unixdate); void cli_put_dos_date2(struct cli_state *cli, char *buf, int offset, time_t unixdate); diff --git a/source3/include/smb.h b/source3/include/smb.h index b20a8ef..7cb8e95 100644 --- a/source3/include/smb.h +++ b/source3/include/smb.h @@ -559,6 +559,10 @@ typedef struct connection_struct { bool ipc; bool read_only; /* Attributes for the current user of the share. */ bool admin_user; /* Attributes for the current user of the share. */ + /* Does this filesystem honor + sub second timestamps on files + and directories when setting time ? */ + enum timestamp_set_resolution ts_res; char *dirpath; char *connectpath; char *origpath; diff --git a/source3/lib/time.c b/source3/lib/time.c index 865456b..839ebe9 100644 --- a/source3/lib/time.c +++ b/source3/lib/time.c @@ -301,14 +301,30 @@ void srv_put_dos_date3(char *buf,int offset,time_t unixdate) put_dos_date3(buf, offset, unixdate, server_zone_offset); } +void round_timespec(enum timestamp_set_resolution res, struct timespec *ts) +{ + switch (res) { + case TIMESTAMP_SET_SECONDS: + round_timespec_to_sec(ts); + break; + case TIMESTAMP_SET_MSEC: + round_timespec_to_usec(ts); + break; + case TIMESTAMP_SET_NT_OR_BETTER: + /* No rounding needed. */ + break; + } +} + / Take a Unix time and convert to an NTTIME structure and place in buffer pointed to by p.
[SCM] Samba Shared Repository - branch v3-4-test updated - release-4-0-0alpha7-1291-g0241ba8
The branch, v3-4-test has been updated via 0241ba8ce2b6da049fb3cc512508a9e9c5732781 (commit) from e971428f137dcb42e8b735386d79f1b3a6effe34 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-4-test - Log - commit 0241ba8ce2b6da049fb3cc512508a9e9c5732781 Author: Marc Aurele La France t...@ualberta.ca Date: Thu Sep 10 09:52:11 2009 -0700 Fix bug 6707 - 3.4.1 segfault in parsing configs. Fixes an occasional segfault caused by an out-of-bounds reference in config file parsing. (cherry picked from commit 7c00227f00a83345035c4c0a6716b46864f2da8d) --- Summary of changes: source3/lib/interfaces.c |8 1 files changed, 4 insertions(+), 4 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/lib/interfaces.c b/source3/lib/interfaces.c index bc6c991..b4b3800 100644 --- a/source3/lib/interfaces.c +++ b/source3/lib/interfaces.c @@ -156,10 +156,6 @@ static int _get_interfaces(TALLOC_CTX *mem_ctx, struct iface_struct **pifaces) /* Loop through interfaces, looking for given IP address */ for (ifptr = iflist; ifptr != NULL; ifptr = ifptr-ifa_next) { - memset(ifaces[total], '\0', sizeof(ifaces[total])); - - copy_size = sizeof(struct sockaddr_in); - if (!ifptr-ifa_addr || !ifptr-ifa_netmask) { continue; } @@ -169,6 +165,10 @@ static int _get_interfaces(TALLOC_CTX *mem_ctx, struct iface_struct **pifaces) continue; } + memset(ifaces[total], '\0', sizeof(ifaces[total])); + + copy_size = sizeof(struct sockaddr_in); + ifaces[total].flags = ifptr-ifa_flags; #if defined(HAVE_IPV6) -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-4-test updated - release-4-0-0alpha7-1292-g7ec7440
The branch, v3-4-test has been updated via 7ec7440fc2f78ef49cebdc819ff81db5ce9d143c (commit) from 0241ba8ce2b6da049fb3cc512508a9e9c5732781 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-4-test - Log - commit 7ec7440fc2f78ef49cebdc819ff81db5ce9d143c Author: Jeremy Allison j...@samba.org Date: Tue Sep 15 09:40:48 2009 +0200 s3/libsmb: SIVAL should have been an SVAL. Fix bug #6726. --- Summary of changes: source3/libsmb/clifile.c |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/libsmb/clifile.c b/source3/libsmb/clifile.c index 62d710e..d9fdfb6 100644 --- a/source3/libsmb/clifile.c +++ b/source3/libsmb/clifile.c @@ -820,7 +820,7 @@ struct async_req *cli_ntcreate_send(TALLOC_CTX *mem_ctx, return NULL; } - SIVAL(vwv+2, 1, converted_len); + SSVAL(vwv+2, 1, converted_len); result = cli_request_send(mem_ctx, ev, cli, SMBntcreateX, 0, 24, vwv, 0, talloc_get_size(bytes), bytes); -- Samba Shared Repository
[SCM] CTDB repository - branch master updated - ctdb-1.0.89-35-g03b0d91
The branch, master has been updated via 03b0d913ae009284e2fadda1b9246ec77d19db29 (commit) via db7b96304e4725f29b12398b7582e385daed63ed (commit) from 4f7b39a4871af28df1c4545ec37db179fa47a7da (commit) http://gitweb.samba.org/?p=sahlberg/ctdb.git;a=shortlog;h=master - Log - commit 03b0d913ae009284e2fadda1b9246ec77d19db29 Author: Ronnie Sahlberg ronniesahlb...@gmail.com Date: Tue Sep 15 19:33:53 2009 +1000 try restarting ststd indefinitely not just once commit db7b96304e4725f29b12398b7582e385daed63ed Author: Ronnie Sahlberg ronniesahlb...@gmail.com Date: Tue Sep 15 19:33:35 2009 +1000 Revert try to restart statd everytime it fails, not just the first time This reverts commit 4f7b39a4871af28df1c4545ec37db179fa47a7da. --- Summary of changes: config.guess | 197 ++- config.sub| 216 ++--- config/ctdb.init |3 +- config/ctdb.sysconfig |6 +- config/events.d/11.natgw |2 +- config/events.d/20.multipathd |4 +- config/events.d/31.clamd |2 +- config/events.d/41.httpd |2 +- config/events.d/50.samba |6 +- config/events.d/61.nfstickle |3 +- config/functions |2 +- doc/onnode.1 | 105 +- doc/onnode.1.html | 17 ++- doc/onnode.1.xml |8 + lib/replace/config.guess | 197 ++- lib/replace/config.sub| 216 ++--- lib/talloc/config.guess | 197 ++- lib/talloc/config.sub | 216 ++--- lib/tdb/config.guess | 197 ++- lib/tdb/config.sub| 216 ++--- server/ctdb_logging.c |2 +- tests/complex/31_nfs_tickle.sh|8 +- tests/complex/32_cifs_tickle.sh |2 +- tests/complex/42_failover_ssh_hostname.sh |4 +- tests/scripts/ctdb_test_functions.bash|4 +- tests/src/ctdb_persistent.c | 25 +++- tests/src/ctdb_transaction.c |2 +- tools/onnode | 25 +++- 28 files changed, 1355 insertions(+), 529 deletions(-) Changeset truncated at 500 lines: diff --git a/config.guess b/config.guess index 386626b..e3a2116 100755 --- a/config.guess +++ b/config.guess @@ -1,13 +1,14 @@ #! /bin/sh # Attempt to guess a canonical system name. # Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, -# 2000, 2001, 2002, 2003, 2004, 2005 Free Software Foundation, Inc. +# 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009 +# Free Software Foundation, Inc. -timestamp='2007-07-10' +timestamp='2009-06-10' # This file is free software; you can redistribute it and/or modify it # under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 3 of the License, or +# the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, but @@ -16,7 +17,9 @@ timestamp='2007-07-10' # General Public License for more details. # # You should have received a copy of the GNU General Public License -# along with this program; if not, see http://www.gnu.org/licenses/. +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA +# 02110-1301, USA. # # As a special exception to the GNU General Public License, if you # distribute this file as part of a program that contains a @@ -53,8 +56,8 @@ version=\ GNU config.guess ($timestamp) Originally written by Per Bothner. -Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005 -Free Software Foundation, Inc. +Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, +2002, 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. @@ -104,7 +107,7 @@ set_cc_for_build=' trap exitcode=\$?; (rm -f \$tmpfiles 2/dev/null; rmdir \$tmp 2/dev/null) exit \$exitcode 0 ; trap rm -f \$tmpfiles 2/dev/null; rmdir \$tmp 2/dev/null; exit 1 1 2 13 15 ; : ${TMPDIR=/tmp} ; - { tmp=`(umask 077 mktemp -d -q $TMPDIR/cgXX) 2/dev/null` test -n $tmp test -d $tmp ; } || + { tmp=`(umask 077
[SCM] SAMBA-CTDB repository - branch v3-2-ctdb updated - 3.2.11-ctdb-64-3-gf96db2a
The branch, v3-2-ctdb has been updated via f96db2a7501c994ff370ad182a095fc784e1826b (commit) from f9a8a677279e3c9f8783604b4c551c7463c64b94 (commit) http://gitweb.samba.org/?p=obnox/samba-ctdb.git;a=shortlog;h=v3-2-ctdb - Log - commit f96db2a7501c994ff370ad182a095fc784e1826b Author: Michael Adam ob...@samba.org Date: Fri Sep 11 13:23:34 2009 +0200 s3:dbwrap_ctdb: set dmaster in ctdb_transaction_store() also when updating an existing record not only when creating a record. This matches commit e9194a130327d6b05a8ab90bd976475b0e93b06d from ctdb-master. Michael Signed-off-by: Michael Adam ob...@samba.org --- Summary of changes: source/lib/dbwrap_ctdb.c |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/source/lib/dbwrap_ctdb.c b/source/lib/dbwrap_ctdb.c index 60dc857..259532b 100644 --- a/source/lib/dbwrap_ctdb.c +++ b/source/lib/dbwrap_ctdb.c @@ -469,7 +469,6 @@ static int db_ctdb_transaction_store(struct db_ctdb_transaction_handle *h, This is only safe because we are in a transaction and this is a persistent database */ ZERO_STRUCT(header); - header.dmaster = get_my_vnn(); } else { memcpy(header, rec.dptr, sizeof(struct ctdb_ltdb_header)); rec.dsize -= sizeof(struct ctdb_ltdb_header); @@ -483,6 +482,7 @@ static int db_ctdb_transaction_store(struct db_ctdb_transaction_handle *h, SAFE_FREE(rec.dptr); } + header.dmaster = get_my_vnn(); header.rsn++; if (!h-in_replay) { -- SAMBA-CTDB repository
[SCM] Samba Shared Repository - branch master updated - tevent-0-9-8-313-g668470c
The branch, master has been updated via 668470c9923364c6c43afbf94162b549c8baef9a (commit) from f07e77e13ff86c76644660e2d574e663c9ffdeb8 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 668470c9923364c6c43afbf94162b549c8baef9a Author: Andrew Bartlett abart...@samba.org Date: Tue Sep 15 07:42:54 2009 -0700 libcli:nbt make the lmhosts parsing code and dependicies common This starts the process to have Samba4 use lmhosts. Andrew Bartlett --- Summary of changes: lib/util/util.h| 22 ++- lib/util/util_net.c| 118 +- libcli/nbt/config.mk | 50 ++ libcli/nbt/lmhosts.c | 156 source3/Makefile.in|2 +- source3/include/proto.h|9 --- source3/lib/util_sock.c| 115 source3/libsmb/namequery.c | 128 source4/libcli/config.mk | 43 source4/main.mk|1 + 10 files changed, 346 insertions(+), 298 deletions(-) create mode 100644 libcli/nbt/config.mk create mode 100644 libcli/nbt/lmhosts.c Changeset truncated at 500 lines: diff --git a/lib/util/util.h b/lib/util/util.h index c0e87a2..8438602 100644 --- a/lib/util/util.h +++ b/lib/util/util.h @@ -21,7 +21,7 @@ #ifndef _SAMBA_UTIL_H_ #define _SAMBA_UTIL_H_ -#include netinet/in.h +#include system/network.h #if _SAMBA_BUILD_ == 4 #include ../lib/util/charset/charset.h @@ -842,4 +842,24 @@ bool add_uid_to_array_unique(TALLOC_CTX *mem_ctx, uid_t uid, bool add_gid_to_array_unique(TALLOC_CTX *mem_ctx, gid_t gid, gid_t **gids, size_t *num_gids); +/* The following definitions come from lib/util/util_net.c */ + +void zero_sockaddr(struct sockaddr_storage *pss); + +bool interpret_string_addr_internal(struct addrinfo **ppres, + const char *str, int flags); + +bool interpret_string_addr(struct sockaddr_storage *pss, + const char *str, + int flags); + +/*** + Map a text hostname or IP address (IPv4 or IPv6) into a + struct sockaddr_storage. Version that prefers IPv4. +**/ + +bool interpret_string_addr_prefer_ipv4(struct sockaddr_storage *pss, + const char *str, + int flags); + #endif /* _SAMBA_UTIL_H_ */ diff --git a/lib/util/util_net.c b/lib/util/util_net.c index d1dadc2..0ce495e 100644 --- a/lib/util/util_net.c +++ b/lib/util/util_net.c @@ -3,10 +3,11 @@ Samba utility functions Copyright (C) Jelmer Vernooij jel...@samba.org 2008 Copyright (C) Andrew Tridgell 1992-1998 - Copyright (C) Jeremy Allison 2001-2007 + Copyright (C) Jeremy Allison 1992-2007 Copyright (C) Simo Sorce 2001 Copyright (C) Jim McDonough (j...@us.ibm.com) 2003. Copyright (C) James J Myers 2003 + Copyright (C) Tim Potter 2000-2001 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -28,6 +29,17 @@ #include system/filesys.h #undef strcasecmp +/*** + Set an address to INADDR_ANY. +**/ + +void zero_sockaddr(struct sockaddr_storage *pss) +{ + memset(pss, '\0', sizeof(*pss)); + /* Ensure we're at least a valid sockaddr-storage. */ + pss-ss_family = AF_INET; +} + /** * Wrap getaddrinfo... */ @@ -59,6 +71,110 @@ bool interpret_string_addr_internal(struct addrinfo **ppres, return true; } +/*** + Map a text hostname or IP address (IPv4 or IPv6) into a + struct sockaddr_storage. Takes a flag which allows it to + prefer an IPv4 address (needed for DC's). +**/ + +static bool interpret_string_addr_pref(struct sockaddr_storage *pss, + const char *str, + int flags, + bool prefer_ipv4) +{ + struct addrinfo *res = NULL; +#if defined(HAVE_IPV6) + char addr[INET6_ADDRSTRLEN]; + unsigned int scope_id = 0; + + if (strchr_m(str, ':')) { + char *p = strchr_m(str, '%'); + + /* +* Cope with link-local. +* This is IP:v6:addr%ifname. +*/ + + if (p (p str) ((scope_id = if_nametoindex(p+1)) != 0)) { + strlcpy(addr, str, +
[SCM] Samba Shared Repository - branch master updated - tevent-0-9-8-317-gfdf3bd6
The branch, master has been updated via fdf3bd6203b35fc82bda1fd07cc91b76de3f9edd (commit) via e1ecb807e39264ab6bdd4a7d3dc35c95d7c17442 (commit) via 7b36ea55ea542d5a7f293359a12c441e3e9ba0c6 (commit) via d3af0346c87390b72f6f1708019c7cd055ae047d (commit) from 668470c9923364c6c43afbf94162b549c8baef9a (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit fdf3bd6203b35fc82bda1fd07cc91b76de3f9edd Author: Günther Deschner g...@samba.org Date: Tue Sep 15 08:21:00 2009 +0200 s3-dcerpc: remove unsed auth type defines as seen on the wire. Guenther commit e1ecb807e39264ab6bdd4a7d3dc35c95d7c17442 Author: Günther Deschner g...@samba.org Date: Tue Sep 15 06:37:10 2009 +0200 s3-dcerpc: remove more unused structs. Guenther commit 7b36ea55ea542d5a7f293359a12c441e3e9ba0c6 Author: Günther Deschner g...@samba.org Date: Tue Sep 15 06:36:44 2009 +0200 s3-dcerpc: remove duplicate RPC_AUTH_LEVEL flags. Guenther commit d3af0346c87390b72f6f1708019c7cd055ae047d Author: Günther Deschner g...@samba.org Date: Mon Sep 14 20:39:54 2009 +0200 s3-dcerpc: use dcerpc_AuthLevel and remove duplicate set of flags. Guenther --- Summary of changes: source3/auth/auth_domain.c |2 +- source3/auth/auth_netlogond.c |2 +- source3/include/client.h |2 +- source3/include/ntdomain.h |9 + source3/include/proto.h| 22 +- source3/include/rpc_dce.h | 34 --- source3/libnet/libnet_join.c |2 +- source3/libsmb/passchange.c|2 +- source3/rpc_client/cli_pipe.c | 80 ++-- source3/rpc_parse/parse_prs.c | 16 source3/rpc_server/srv_netlog_nt.c |4 +- source3/rpc_server/srv_pipe.c | 40 +- source3/rpc_server/srv_samr_nt.c |2 +- source3/rpcclient/rpcclient.c | 12 +++--- source3/utils/net_rpc.c|4 +- source3/utils/net_rpc_join.c |4 +- source3/winbindd/winbindd_cm.c | 10 ++-- 17 files changed, 103 insertions(+), 144 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/auth/auth_domain.c b/source3/auth/auth_domain.c index 85210e6..7dec6ad 100644 --- a/source3/auth/auth_domain.c +++ b/source3/auth/auth_domain.c @@ -177,7 +177,7 @@ static NTSTATUS connect_to_domain_password_server(struct cli_state **cli, /* We also setup the creds chain in the open_schannel call. */ result = cli_rpc_pipe_open_schannel( *cli, ndr_table_netlogon.syntax_id, NCACN_NP, - PIPE_AUTH_LEVEL_PRIVACY, domain, netlogon_pipe); + DCERPC_AUTH_LEVEL_PRIVACY, domain, netlogon_pipe); } else { result = cli_rpc_pipe_open_noauth( *cli, ndr_table_netlogon.syntax_id, netlogon_pipe); diff --git a/source3/auth/auth_netlogond.c b/source3/auth/auth_netlogond.c index 3947873..5f4d2f1 100644 --- a/source3/auth/auth_netlogond.c +++ b/source3/auth/auth_netlogond.c @@ -47,7 +47,7 @@ static NTSTATUS netlogond_validate(TALLOC_CTX *mem_ctx, } status = rpccli_schannel_bind_data(p, lp_workgroup(), - PIPE_AUTH_LEVEL_PRIVACY, + DCERPC_AUTH_LEVEL_PRIVACY, schannel_key, auth); if (!NT_STATUS_IS_OK(status)) { DEBUG(10, (rpccli_schannel_bind_data failed: %s\n, diff --git a/source3/include/client.h b/source3/include/client.h index 5b64b9b..e83927c 100644 --- a/source3/include/client.h +++ b/source3/include/client.h @@ -48,7 +48,7 @@ struct print_job_info { struct cli_pipe_auth_data { enum pipe_auth_type auth_type; /* switch for the union below. Defined in ntdomain.h */ - enum pipe_auth_level auth_level; /* defined in ntdomain.h */ + enum dcerpc_AuthLevel auth_level; /* defined in ntdomain.h */ char *domain; char *user_name; diff --git a/source3/include/ntdomain.h b/source3/include/ntdomain.h index 53e89a8..1d303ca 100644 --- a/source3/include/ntdomain.h +++ b/source3/include/ntdomain.h @@ -132,13 +132,6 @@ typedef struct pipe_rpc_fns { enum pipe_auth_type { PIPE_AUTH_TYPE_NONE = 0, PIPE_AUTH_TYPE_NTLMSSP, PIPE_AUTH_TYPE_SCHANNEL, PIPE_AUTH_TYPE_SPNEGO_NTLMSSP, PIPE_AUTH_TYPE_KRB5, PIPE_AUTH_TYPE_SPNEGO_KRB5 }; -/* Possible auth levels - keep these in sync with the wire values. */ -enum pipe_auth_level { PIPE_AUTH_LEVEL_NONE = 0, - PIPE_AUTH_LEVEL_CONNECT = 1,/* We treat as NONE. */ - PIPE_AUTH_LEVEL_INTEGRITY = 5, /* Sign. */ -
[SCM] SAMBA-CTDB repository - branch v3-2-ctdb updated - 3.2.11-ctdb-64-4-gf321f09
The branch, v3-2-ctdb has been updated via f321f0937e27467b4b3a5d8e2a4336acc95b0efd (commit) from f96db2a7501c994ff370ad182a095fc784e1826b (commit) http://gitweb.samba.org/?p=obnox/samba-ctdb.git;a=shortlog;h=v3-2-ctdb - Log - commit f321f0937e27467b4b3a5d8e2a4336acc95b0efd Author: Volker Lendecke v...@samba.org Date: Tue Sep 15 02:19:14 2009 +0200 s3:gpfs: Add support for the gpfs_ftruncate call --- Summary of changes: source/modules/gpfs.c | 14 ++ source/modules/vfs_gpfs.c | 16 source/modules/vfs_gpfs.h |1 + 3 files changed, 31 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/source/modules/gpfs.c b/source/modules/gpfs.c index 96bce00..e154402 100644 --- a/source/modules/gpfs.c +++ b/source/modules/gpfs.c @@ -27,6 +27,7 @@ static bool gpfs_share_modes; static bool gpfs_leases; static bool gpfs_getrealfilename; +static bool gpfs_do_ftruncate; static int (*gpfs_set_share_fn)(int fd, unsigned int allow, unsigned int deny); static int (*gpfs_set_lease_fn)(int fd, unsigned int leaseType); @@ -34,6 +35,7 @@ static int (*gpfs_getacl_fn)(char *pathname, int flags, void *acl); static int (*gpfs_putacl_fn)(char *pathname, int flags, void *acl); static int (*gpfs_get_realfilename_path_fn)(char *pathname, char *filenamep, int *buflen); +static int (*gpfs_ftruncate_fn)(int fd, gpfs_off64_t length); bool set_gpfs_sharemode(files_struct *fsp, uint32 access_mask, @@ -137,6 +139,16 @@ int smbd_gpfs_putacl(char *pathname, int flags, void *acl) return gpfs_putacl_fn(pathname, flags, acl); } +int smbd_gpfs_ftrunctate(int fd, gpfs_off64_t length) +{ + if (!gpfs_do_ftruncate || (gpfs_ftruncate_fn == NULL)) { + errno = ENOSYS; + return -1; + } + + return gpfs_ftruncate_fn(fd, length); +} + int smbd_gpfs_get_realfilename_path(char *pathname, char *filenamep, int *buflen) { @@ -207,11 +219,13 @@ void init_gpfs(void) init_gpfs_function(gpfs_putacl_fn, gpfs_putacl); init_gpfs_function(gpfs_get_realfilename_path_fn, gpfs_get_realfilename_path); +init_gpfs_function(gpfs_ftruncate_fn,gpfs_ftruncate); gpfs_share_modes = lp_parm_bool(-1, gpfs, sharemodes, True); gpfs_leases = lp_parm_bool(-1, gpfs, leases, True); gpfs_getrealfilename = lp_parm_bool(-1, gpfs, getrealfilename, True); + gpfs_do_ftruncate = lp_parm_bool(-1, gpfs, ftruncate, True); return; } diff --git a/source/modules/vfs_gpfs.c b/source/modules/vfs_gpfs.c index 0b1f52c..9e6f6ed 100644 --- a/source/modules/vfs_gpfs.c +++ b/source/modules/vfs_gpfs.c @@ -888,6 +888,18 @@ static int vfs_gpfs_fchmod(vfs_handle_struct *handle, files_struct *fsp, mode_t return rc; } +static int vfs_gpfs_ftruncate(vfs_handle_struct *handle, files_struct *fsp, + SMB_OFF_T len) +{ + int result; + + result = smbd_gpfs_ftrunctate(fsp-fh-fd, len); + if ((result == -1) (errno == ENOSYS)) { + return SMB_VFS_NEXT_FTRUNCATE(handle, fsp, len); + } + return result; +} + /* VFS operations structure */ static vfs_op_tuple gpfs_op_tuples[] = { @@ -952,6 +964,10 @@ static vfs_op_tuple gpfs_op_tuples[] = { SMB_VFS_OP_CLOSE, SMB_VFS_LAYER_TRANSPARENT }, +{ SMB_VFS_OP(vfs_gpfs_ftruncate), + SMB_VFS_OP_FTRUNCATE, + SMB_VFS_LAYER_TRANSPARENT }, + { SMB_VFS_OP(NULL), SMB_VFS_OP_NOOP, SMB_VFS_LAYER_NOOP } }; diff --git a/source/modules/vfs_gpfs.h b/source/modules/vfs_gpfs.h index 3c499b0..a100bef 100644 --- a/source/modules/vfs_gpfs.h +++ b/source/modules/vfs_gpfs.h @@ -29,4 +29,5 @@ bool set_gpfs_sharemode(files_struct *fsp, uint32 access_mask, int set_gpfs_lease(int fd, int leasetype); int smbd_gpfs_getacl(char *pathname, int flags, void *acl); int smbd_gpfs_putacl(char *pathname, int flags, void *acl); +int smbd_gpfs_ftrunctate(int fd, gpfs_off64_t length); void init_gpfs(void); -- SAMBA-CTDB repository
[SCM] Samba Shared Repository - branch master updated - tevent-0-9-8-319-g9831e76
The branch, master has been updated via 9831e7675c2f393bd02167f435b202e818d4d50b (commit) via ed03edc2e49c686d582abe0506f9422bfb795201 (commit) from fdf3bd6203b35fc82bda1fd07cc91b76de3f9edd (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 9831e7675c2f393bd02167f435b202e818d4d50b Author: Günther Deschner g...@samba.org Date: Tue Sep 15 00:26:31 2009 +0200 ntlmssp: pretty print a VERSION structure. Guenther commit ed03edc2e49c686d582abe0506f9422bfb795201 Author: Günther Deschner g...@samba.org Date: Mon Sep 14 23:25:33 2009 +0200 ntlmssp: better document to what structures we are reffering to. Guenther --- Summary of changes: librpc/gen_ndr/ndr_ntlmssp.c | 16 librpc/gen_ndr/ndr_ntlmssp.h |1 - librpc/gen_ndr/ntlmssp.h |2 +- librpc/idl/ntlmssp.idl | 30 ++ librpc/ndr/ndr_ntlmssp.c | 17 + librpc/ndr/ndr_ntlmssp.h |2 ++ 6 files changed, 46 insertions(+), 22 deletions(-) Changeset truncated at 500 lines: diff --git a/librpc/gen_ndr/ndr_ntlmssp.c b/librpc/gen_ndr/ndr_ntlmssp.c index b593d9e..2b4e70e 100644 --- a/librpc/gen_ndr/ndr_ntlmssp.c +++ b/librpc/gen_ndr/ndr_ntlmssp.c @@ -250,22 +250,6 @@ static enum ndr_err_code ndr_pull_ntlmssp_Version(struct ndr_pull *ndr, int ndr_ return NDR_ERR_SUCCESS; } -_PUBLIC_ void ndr_print_ntlmssp_Version(struct ndr_print *ndr, const char *name, const union ntlmssp_Version *r) -{ - int level; - level = ndr_print_get_switch_value(ndr, r); - ndr_print_union(ndr, name, level, ntlmssp_Version); - switch (level) { - case NTLMSSP_NEGOTIATE_VERSION: - ndr_print_VERSION(ndr, version, r-version); - break; - - default: - break; - - } -} - _PUBLIC_ enum ndr_err_code ndr_push_NEGOTIATE_MESSAGE(struct ndr_push *ndr, int ndr_flags, const struct NEGOTIATE_MESSAGE *r) { if (ndr_flags NDR_SCALARS) { diff --git a/librpc/gen_ndr/ndr_ntlmssp.h b/librpc/gen_ndr/ndr_ntlmssp.h index ab095d1..de31c6c 100644 --- a/librpc/gen_ndr/ndr_ntlmssp.h +++ b/librpc/gen_ndr/ndr_ntlmssp.h @@ -50,7 +50,6 @@ void ndr_print_LM_RESPONSE(struct ndr_print *ndr, const char *name, const struct enum ndr_err_code ndr_push_LMv2_RESPONSE(struct ndr_push *ndr, int ndr_flags, const struct LMv2_RESPONSE *r); enum ndr_err_code ndr_pull_LMv2_RESPONSE(struct ndr_pull *ndr, int ndr_flags, struct LMv2_RESPONSE *r); void ndr_print_LMv2_RESPONSE(struct ndr_print *ndr, const char *name, const struct LMv2_RESPONSE *r); -void ndr_print_ntlmssp_LM_RESPONSE(struct ndr_print *ndr, const char *name, const union ntlmssp_LM_RESPONSE *r); enum ndr_err_code ndr_push_NTLM_RESPONSE(struct ndr_push *ndr, int ndr_flags, const struct NTLM_RESPONSE *r); enum ndr_err_code ndr_pull_NTLM_RESPONSE(struct ndr_pull *ndr, int ndr_flags, struct NTLM_RESPONSE *r); void ndr_print_NTLM_RESPONSE(struct ndr_print *ndr, const char *name, const struct NTLM_RESPONSE *r); diff --git a/librpc/gen_ndr/ntlmssp.h b/librpc/gen_ndr/ntlmssp.h index 4509915..5205dce 100644 --- a/librpc/gen_ndr/ntlmssp.h +++ b/librpc/gen_ndr/ntlmssp.h @@ -104,7 +104,7 @@ struct VERSION { union ntlmssp_Version { struct VERSION version;/* [case(NTLMSSP_NEGOTIATE_VERSION)] */ -}/* [nodiscriminant] */; +}/* [noprint,nodiscriminant] */; struct NEGOTIATE_MESSAGE { const char *Signature;/* [value(NTLMSSP),charset(DOS)] */ diff --git a/librpc/idl/ntlmssp.idl b/librpc/idl/ntlmssp.idl index 0bb30bb..8cabec3 100644 --- a/librpc/idl/ntlmssp.idl +++ b/librpc/idl/ntlmssp.idl @@ -18,6 +18,8 @@ interface ntlmssp NtLmAuthenticate= 0x0003 } ntlmssp_MessageType; + /* [MS-NLMP] 2.2.2.5 NEGOTIATE */ + typedef [bitmap32bit] bitmap { NTLMSSP_NEGOTIATE_UNICODE = 0x0001, NTLMSSP_NEGOTIATE_OEM = 0x0002, /* NTLM_NEGOTIATE_OEM in MS-NLMP */ @@ -82,6 +84,8 @@ interface ntlmssp NTLMSSP_REVISION_W2K3 = 0x0F } ntlmssp_NTLMRevisionCurrent; + /* [MS-NLMP] 2.2.2.10 VERSION */ + typedef struct { ntlmssp_WindowsMajorVersion ProductMajorVersion; ntlmssp_WindowsMinorVersion ProductMinorVersion; @@ -90,12 +94,12 @@ interface ntlmssp ntlmssp_NTLMRevisionCurrent NTLMRevisionCurrent; } VERSION; - typedef [nodiscriminant] union { + typedef [noprint,nodiscriminant] union { [case(NTLMSSP_NEGOTIATE_VERSION)] VERSION version; [default]; } ntlmssp_Version; - /* NTLMSSP negotiate message */ + /* [MS-NLMP] 2.2.1.1 NEGOTIATE_MESSAGE */
[SCM] Samba Shared Repository - branch master updated - tevent-0-9-8-320-gc2d7c7a
The branch, master has been updated via c2d7c7a9dd188e10bf30f84b3783de3e183af88a (commit) from 9831e7675c2f393bd02167f435b202e818d4d50b (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit c2d7c7a9dd188e10bf30f84b3783de3e183af88a Author: Günther Deschner g...@samba.org Date: Tue Sep 15 18:30:01 2009 +0200 s3-dcerpc: fix remaining old auth level constants. Guenther --- Summary of changes: source3/rpc_client/cli_pipe.c | 12 ++-- source3/rpc_server/srv_pipe.c | 26 +- 2 files changed, 19 insertions(+), 19 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c index a189b70..a667a9f 100644 --- a/source3/rpc_client/cli_pipe.c +++ b/source3/rpc_client/cli_pipe.c @@ -714,7 +714,7 @@ static NTSTATUS cli_pipe_verify_schannel(struct rpc_pipe_client *cli, RPC_HDR *p return NT_STATUS_BUFFER_TOO_SMALL; } - if (auth_info.auth_type != RPC_SCHANNEL_AUTH_TYPE) { + if (auth_info.auth_type != DCERPC_AUTH_TYPE_SCHANNEL) { DEBUG(0,(cli_pipe_verify_schannel: Invalid auth info %d on schannel\n, auth_info.auth_type)); return NT_STATUS_BUFFER_TOO_SMALL; @@ -1481,7 +1481,7 @@ static NTSTATUS create_krb5_auth_bind_req( struct rpc_pipe_client *cli, DATA_BLOB tkt_wrapped = data_blob_null; /* We may change the pad length before marshalling. */ - init_rpc_hdr_auth(pauth_out, RPC_KRB5_AUTH_TYPE, (int)auth_level, 0, 1); + init_rpc_hdr_auth(pauth_out, DCERPC_AUTH_TYPE_KRB5, (int)auth_level, 0, 1); DEBUG(5, (create_krb5_auth_bind_req: creating a service ticket for principal %s\n, a-service_principal )); @@ -1539,7 +1539,7 @@ static NTSTATUS create_spnego_ntlmssp_auth_rpc_bind_req( struct rpc_pipe_client DATA_BLOB spnego_msg = data_blob_null; /* We may change the pad length before marshalling. */ - init_rpc_hdr_auth(pauth_out, RPC_SPNEGO_AUTH_TYPE, (int)auth_level, 0, 1); + init_rpc_hdr_auth(pauth_out, DCERPC_AUTH_TYPE_SPNEGO, (int)auth_level, 0, 1); DEBUG(5, (create_spnego_ntlmssp_auth_rpc_bind_req: Processing NTLMSSP Negotiate\n)); nt_status = ntlmssp_update(cli-auth-a_u.ntlmssp_state, @@ -1585,7 +1585,7 @@ static NTSTATUS create_ntlmssp_auth_rpc_bind_req( struct rpc_pipe_client *cli, DATA_BLOB request = data_blob_null; /* We may change the pad length before marshalling. */ - init_rpc_hdr_auth(pauth_out, RPC_NTLMSSP_AUTH_TYPE, (int)auth_level, 0, 1); + init_rpc_hdr_auth(pauth_out, DCERPC_AUTH_TYPE_NTLMSSP, (int)auth_level, 0, 1); DEBUG(5, (create_ntlmssp_auth_rpc_bind_req: Processing NTLMSSP Negotiate\n)); nt_status = ntlmssp_update(cli-auth-a_u.ntlmssp_state, @@ -1626,7 +1626,7 @@ static NTSTATUS create_schannel_auth_rpc_bind_req( struct rpc_pipe_client *cli, DATA_BLOB blob; /* We may change the pad length before marshalling. */ - init_rpc_hdr_auth(pauth_out, RPC_SCHANNEL_AUTH_TYPE, (int)auth_level, 0, 1); + init_rpc_hdr_auth(pauth_out, DCERPC_AUTH_TYPE_SCHANNEL, (int)auth_level, 0, 1); /* Use lp_workgroup() if domain not specified */ @@ -2477,7 +2477,7 @@ static NTSTATUS create_rpc_alter_context(uint32 rpc_call_id, return NT_STATUS_NO_MEMORY; /* We may change the pad length before marshalling. */ - init_rpc_hdr_auth(hdr_auth, RPC_SPNEGO_AUTH_TYPE, (int)auth_level, 0, 1); + init_rpc_hdr_auth(hdr_auth, DCERPC_AUTH_TYPE_SPNEGO, (int)auth_level, 0, 1); if (pauth_blob-length) { if (!prs_copy_data_in(auth_info, (const char *)pauth_blob-data, pauth_blob-length)) { diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c index 257094e..a4b4cb7 100644 --- a/source3/rpc_server/srv_pipe.c +++ b/source3/rpc_server/srv_pipe.c @@ -192,9 +192,9 @@ static bool create_next_pdu_ntlmssp(pipes_struct *p) /* Now write out the auth header and null blob. */ if (p-auth.auth_type == PIPE_AUTH_TYPE_NTLMSSP) { - auth_type = RPC_NTLMSSP_AUTH_TYPE; + auth_type = DCERPC_AUTH_TYPE_NTLMSSP; } else { - auth_type = RPC_SPNEGO_AUTH_TYPE; + auth_type = DCERPC_AUTH_TYPE_SPNEGO; } if (p-auth.auth_level == DCERPC_AUTH_LEVEL_PRIVACY) { auth_level = DCERPC_AUTH_LEVEL_PRIVACY; @@ -414,7 +414,7 @@ static bool create_next_pdu_schannel(pipes_struct *p) /* Check it's the type of reply we were expecting to decode */ init_rpc_hdr_auth(auth_info, - RPC_SCHANNEL_AUTH_TYPE, +
[SCM] Samba Shared Repository - branch master updated - tevent-0-9-8-321-g231b2fa
The branch, master has been updated via 231b2fa26139a38bb67b3777c80b72e2f9d6d904 (commit) from c2d7c7a9dd188e10bf30f84b3783de3e183af88a (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 231b2fa26139a38bb67b3777c80b72e2f9d6d904 Author: Günther Deschner g...@samba.org Date: Tue Sep 15 19:32:39 2009 +0200 s3-dcerpc: really fix remaining old auth level constants. sorry... Guenther --- Summary of changes: source3/rpc_server/srv_pipe.c |4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c index a4b4cb7..3bd68c4 100644 --- a/source3/rpc_server/srv_pipe.c +++ b/source3/rpc_server/srv_pipe.c @@ -1564,7 +1564,7 @@ bool api_pipe_bind_req(pipes_struct *p, prs_struct *rpc_in_p) prs_struct out_auth; int i = 0; int auth_len = 0; - unsigned int auth_type = RPC_ANONYMOUS_AUTH_TYPE; + unsigned int auth_type = DCERPC_AUTH_TYPE_NONE; /* No rebinds on a bound pipe - use alter context. */ if (p-pipe_bound) { @@ -1726,7 +1726,7 @@ bool api_pipe_bind_req(pipes_struct *p, prs_struct *rpc_in_p) } break; - case RPC_ANONYMOUS_AUTH_TYPE: + case DCERPC_AUTH_TYPE_NONE: /* Unauthenticated bind request. */ /* We're finished - no more packets. */ p-auth.auth_type = PIPE_AUTH_TYPE_NONE; -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated - tevent-0-9-8-323-g5a01071
The branch, master has been updated via 5a01071692db91a4ea7131e31c41b6426d184758 (commit) via 9a209ac252508bc9a5b1eaaaf256610aceb37736 (commit) from 231b2fa26139a38bb67b3777c80b72e2f9d6d904 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 5a01071692db91a4ea7131e31c41b6426d184758 Author: Andrew Bartlett abart...@samba.org Date: Tue Sep 15 10:11:45 2009 -0700 libcli:nbt put util_net.c protos in new header file This fixed a very odd build problem due to util.h importing system/network.h being imported before the uid_wapper code. Andrew Bartlett commit 9a209ac252508bc9a5b1eaaaf256610aceb37736 Author: Andrew Bartlett abart...@samba.org Date: Tue Sep 15 08:14:54 2009 -0700 s4:schema Add code to provide an index into the subClass tree In time, this should avoid the astounding (order) complexity of the objectclass sorting in objectclass.c eventually. Andrew Bartlett --- Summary of changes: lib/util/util.h| 21 --- source4/libcli/raw/rawlpq.c = lib/util/util_net.h | 62 ++-- libcli/nbt/lmhosts.c |1 + source3/include/includes.h |1 + source4/dsdb/schema/schema.h |7 ++ source4/dsdb/schema/schema_inferiors.c | 21 ++- 6 files changed, 59 insertions(+), 54 deletions(-) copy source4/libcli/raw/rawlpq.c = lib/util/util_net.h (50%) Changeset truncated at 500 lines: diff --git a/lib/util/util.h b/lib/util/util.h index 8438602..385a3ae 100644 --- a/lib/util/util.h +++ b/lib/util/util.h @@ -21,8 +21,6 @@ #ifndef _SAMBA_UTIL_H_ #define _SAMBA_UTIL_H_ -#include system/network.h - #if _SAMBA_BUILD_ == 4 #include ../lib/util/charset/charset.h #endif @@ -842,24 +840,5 @@ bool add_uid_to_array_unique(TALLOC_CTX *mem_ctx, uid_t uid, bool add_gid_to_array_unique(TALLOC_CTX *mem_ctx, gid_t gid, gid_t **gids, size_t *num_gids); -/* The following definitions come from lib/util/util_net.c */ - -void zero_sockaddr(struct sockaddr_storage *pss); - -bool interpret_string_addr_internal(struct addrinfo **ppres, - const char *str, int flags); - -bool interpret_string_addr(struct sockaddr_storage *pss, - const char *str, - int flags); - -/*** - Map a text hostname or IP address (IPv4 or IPv6) into a - struct sockaddr_storage. Version that prefers IPv4. -**/ - -bool interpret_string_addr_prefer_ipv4(struct sockaddr_storage *pss, - const char *str, - int flags); #endif /* _SAMBA_UTIL_H_ */ diff --git a/source4/libcli/raw/rawlpq.c b/lib/util/util_net.h similarity index 50% copy from source4/libcli/raw/rawlpq.c copy to lib/util/util_net.h index 5c44772..6eacfc3 100644 --- a/source4/libcli/raw/rawlpq.c +++ b/lib/util/util_net.h @@ -1,8 +1,9 @@ /* Unix SMB/CIFS implementation. - client lpq operations - Copyright (C) Tim Potter 2005 - + Utility functions for Samba + Copyright (C) Andrew Tridgell 1992-1999 + Copyright (C) Jelmer Vernooij 2005 + This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or @@ -17,32 +18,29 @@ along with this program. If not, see http://www.gnu.org/licenses/. */ -#include includes.h -#include libcli/raw/libcliraw.h -#include libcli/raw/raw_proto.h - -/ - lpq - async send -/ -struct smbcli_request *smb_raw_lpq_send(struct smbcli_tree *tree, - union smb_lpq *parms) -{ - return NULL; -} - -/ - lpq - async receive -/ -NTSTATUS smb_raw_lpq_recv(struct smbcli_request *req, union smb_lpq *parms) -{ - return NT_STATUS_NOT_IMPLEMENTED; -} - -/* - lpq - sync interface -*/ -NTSTATUS smb_raw_lpq(struct smbcli_tree *tree, union smb_lpq *parms) -{ - struct smbcli_request *req = smb_raw_lpq_send(tree, parms); - return smb_raw_lpq_recv(req, parms); -} +#ifndef _SAMBA_UTIL_NET_H_ +#define _SAMBA_UTIL_NET_H_ + +#include system/network.h + +/* The following definitions come from lib/util/util_net.c */ + +void zero_sockaddr(struct sockaddr_storage *pss); +
[SCM] Samba Shared Repository - branch master updated - tevent-0-9-8-324-g18f1f5b
The branch, master has been updated via 18f1f5b56b14070fee0748b72b473507bfe99357 (commit) from 5a01071692db91a4ea7131e31c41b6426d184758 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 18f1f5b56b14070fee0748b72b473507bfe99357 Author: Björn Jacke b...@sernet.de Date: Tue Sep 15 19:41:58 2009 +0200 s3: ignore cups-config to tidy up library dependencies contrary to krb5-config for example, which outputs useful things, cups-config --libs does not output libs we have to link against. It outputs libs that cups linked against. We just have to link against cups. --- Summary of changes: source3/configure.in |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/configure.in b/source3/configure.in index 4eaebca..a922e3f 100644 --- a/source3/configure.in +++ b/source3/configure.in @@ -743,7 +743,7 @@ if test x$enable_cups != xno; then ac_save_PRINT_LIBS=$PRINT_LIBS CFLAGS=$CFLAGS `$CUPS_CONFIG --cflags` LDFLAGS=$LDFLAGS `$CUPS_CONFIG --ldflags` - PRINT_LIBS=$PRINT_LIBS `$CUPS_CONFIG --libs` + PRINT_LIBS=-lcups AC_CHECK_HEADERS(cups/cups.h cups/language.h) if test x$ac_cv_header_cups_cups_h = xyes -a \ x$ac_cv_header_cups_language_h = xyes; then -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-5-test updated - release-4-0-0alpha8-1408-g3f8202c
The branch, v3-5-test has been updated via 3f8202cd9e8cefb0cfea7a2245e941b0cf905d56 (commit) via d988afc43acb7c1e2a0b4d1f1b6357230d483072 (commit) via 129ef463f9f7d58d3db3da0354b1af6337229131 (commit) via da19f25bd59dc6c8111af147afc4431efd798634 (commit) via 13b125d3251dfeb28aa9834496c4bf71b3ba3974 (commit) from 5148eefe1ea6e215dcbf4ffaa642860bd8dab45f (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test - Log - commit 3f8202cd9e8cefb0cfea7a2245e941b0cf905d56 Author: Björn Jacke b...@sernet.de Date: Tue Sep 15 06:48:49 2009 +0200 s3: BSD needs sys/sysctl.h included to build properly FreeBSD (and other BSDs, too) need sys/sysctl.h inclueded to use sysctlbyname(). Thanks to Timur Bakeyev for that. commit d988afc43acb7c1e2a0b4d1f1b6357230d483072 Author: Björn Jacke b...@sernet.de Date: Tue Sep 15 03:41:06 2009 +0200 nss_winbind: remove unused variable commit 129ef463f9f7d58d3db3da0354b1af6337229131 Author: Björn Jacke b...@sernet.de Date: Wed Sep 9 20:07:19 2009 +0200 s3:examples:ldap: allow substing search on more attributes in nds schema file commit da19f25bd59dc6c8111af147afc4431efd798634 Author: Björn Jacke b...@sernet.de Date: Wed Sep 9 19:13:32 2009 +0200 s3:examples:ldap: fix some OIDs in various schema files commit 13b125d3251dfeb28aa9834496c4bf71b3ba3974 Author: Björn Jacke b...@sernet.de Date: Tue Sep 15 19:41:58 2009 +0200 s3: ignore cups-config to tidy up library dependencies contrary to krb5-config for example, which outputs useful things, cups-config --libs does not output libs we have to link against. It outputs libs that cups linked against. We just have to link against cups. --- Summary of changes: examples/LDAP/samba-nds.schema | 12 ++-- examples/LDAP/samba-schema-netscapeds4.x |6 +++--- examples/LDAP/samba-schema-netscapeds5.x |6 +++--- examples/LDAP/samba.schema.oc.IBM-DS |6 +++--- nsswitch/winbind_nss_netbsd.c|1 - source3/configure.in |4 ++-- source3/lib/fault.c |5 + source3/param/loadparm.c |4 8 files changed, 26 insertions(+), 18 deletions(-) Changeset truncated at 500 lines: diff --git a/examples/LDAP/samba-nds.schema b/examples/LDAP/samba-nds.schema index 8e8c5bc..2fc220f 100644 --- a/examples/LDAP/samba-nds.schema +++ b/examples/LDAP/samba-nds.schema @@ -35,7 +35,7 @@ attributeTypes: ( 1.3.6.1.4.1.7165.2.1.25 NAME 'sambaNTPassword' DESC 'MD4 hash dn: cn=schema changetype: modify add: attributetypes -attributeTypes: ( 1.3.6.1.4.1.7165.2.1.26 NAME 'sambaAcctFlags' DESC 'Account Flags' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{16} SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.26 NAME 'sambaAcctFlags' DESC 'Account Flags' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{16} SINGLE-VALUE ) ## ## Password timestamps policies @@ -137,7 +137,7 @@ attributeTypes: ( 1.3.6.1.4.1.7165.2.1.54 NAME 'sambaPasswordHistory' DESC 'Conc dn: cn=schema changetype: modify add: attributetypes -attributeTypes: ( 1.3.6.1.4.1.7165.2.1.20 NAME 'sambaSID' DESC 'Security ID' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{64} SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.20 NAME 'sambaSID' DESC 'Security ID' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{64} SINGLE-VALUE ) ## ## Primary group SID, compatible with ntSid @@ -328,22 +328,22 @@ objectClasses: ( 1.3.6.1.4.1.7165.2.2.5 NAME 'sambaDomain' DESC 'Samba Domain In dn: cn=schema changetype: modify add: objectClasses -objectClasses: ( 1.3.6.1.4.1.7165.1.2.2.7 NAME 'sambaUnixIdPool' DESC 'Pool for allocating UNIX uids/gids' SUP top AUXILIARY MUST ( uidNumber $ gidNumber )) +objectClasses: ( 1.3.6.1.4.1.7165.2.2.7 NAME 'sambaUnixIdPool' DESC 'Pool for allocating UNIX uids/gids' SUP top AUXILIARY MUST ( uidNumber $ gidNumber )) dn: cn=schema changetype: modify add: objectClasses -objectClasses: ( 1.3.6.1.4.1.7165.1.2.2.8 NAME 'sambaIdmapEntry' DESC 'Mapping from a SID to an ID' SUP top AUXILIARY MUST ( sambaSID ) MAY ( uidNumber $ gidNumber )) +objectClasses: ( 1.3.6.1.4.1.7165.2.2.8 NAME 'sambaIdmapEntry' DESC 'Mapping from a SID to an ID' SUP top AUXILIARY MUST ( sambaSID ) MAY ( uidNumber $ gidNumber )) dn: cn=schema changetype: modify add: objectClasses -objectClasses: ( 1.3.6.1.4.1.7165.1.2.2.9 NAME 'sambaSidEntry' DESC 'Structural Class for a SID' SUP top STRUCTURAL MUST ( sambaSID )) +objectClasses: ( 1.3.6.1.4.1.7165.2.2.9 NAME 'sambaSidEntry' DESC 'Structural Class for a SID' SUP top STRUCTURAL MUST ( sambaSID )) dn: cn=schema
[SCM] Samba Shared Repository - branch master updated - tevent-0-9-8-325-g8703d9f
The branch, master has been updated via 8703d9f5bfd8ded57f263fd4a1f70d121b656b03 (commit) from 18f1f5b56b14070fee0748b72b473507bfe99357 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 8703d9f5bfd8ded57f263fd4a1f70d121b656b03 Author: Björn Jacke b...@sernet.de Date: Tue Sep 15 20:26:24 2009 +0200 libreplace: white space cleanups --- Summary of changes: lib/replace/system/filesys.h | 16 lib/replace/system/passwd.h |8 2 files changed, 12 insertions(+), 12 deletions(-) Changeset truncated at 500 lines: diff --git a/lib/replace/system/filesys.h b/lib/replace/system/filesys.h index 1cf6f23..22e3d23 100644 --- a/lib/replace/system/filesys.h +++ b/lib/replace/system/filesys.h @@ -1,16 +1,16 @@ #ifndef _system_filesys_h #define _system_filesys_h -/* +/* Unix SMB/CIFS implementation. filesystem system include wrappers Copyright (C) Andrew Tridgell 2004 - + ** NOTE! The following LGPL license applies to the replace ** library. This does NOT imply that all of Samba is released ** under the LGPL - + This library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either @@ -53,23 +53,23 @@ #include acl/libacl.h #endif -#ifdef HAVE_SYS_FS_S5PARAM_H +#ifdef HAVE_SYS_FS_S5PARAM_H #include sys/fs/s5param.h #endif #if defined (HAVE_SYS_FILSYS_H) !defined (_CRAY) -#include sys/filsys.h +#include sys/filsys.h #endif #ifdef HAVE_SYS_STATFS_H # include sys/statfs.h #endif -#ifdef HAVE_DUSTAT_H +#ifdef HAVE_DUSTAT_H #include sys/dustat.h #endif -#ifdef HAVE_SYS_STATVFS_H +#ifdef HAVE_SYS_STATVFS_H #include sys/statvfs.h #endif @@ -123,7 +123,7 @@ #endif /* Some POSIX definitions for those without */ - + #ifndef S_IFDIR #define S_IFDIR 0x4000 #endif diff --git a/lib/replace/system/passwd.h b/lib/replace/system/passwd.h index 9d7de34..b41608c 100644 --- a/lib/replace/system/passwd.h +++ b/lib/replace/system/passwd.h @@ -1,17 +1,17 @@ #ifndef _system_passwd_h #define _system_passwd_h -/* +/* Unix SMB/CIFS implementation. passwd system include wrappers Copyright (C) Andrew Tridgell 2004 - + ** NOTE! The following LGPL license applies to the replace ** library. This does NOT imply that all of Samba is released ** under the LGPL - + This library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either @@ -80,7 +80,7 @@ char *rep_getpass(const char *prompt); #define NGROUPS_MAX 32 /* Guess... */ #endif -/* what is the longest significant password available on your system? +/* what is the longest significant password available on your system? Knowing this speeds up password searches a lot */ #ifndef PASSWORD_LENGTH #define PASSWORD_LENGTH 8 -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated - tevent-0-9-8-327-gf8014d3
The branch, master has been updated via f8014d30e7023532dfdfce7469024f20af37a3d3 (commit) via 87acb96fc360aba0020581eeb4e66768a81e485b (commit) from 8703d9f5bfd8ded57f263fd4a1f70d121b656b03 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit f8014d30e7023532dfdfce7469024f20af37a3d3 Author: Günther Deschner g...@samba.org Date: Tue Sep 15 22:13:12 2009 +0200 s3-schannel: fix blob length when pulling off a NL_AUTH_SIGNATURE in cli_pipe_verify_schannel(). Guenther commit 87acb96fc360aba0020581eeb4e66768a81e485b Author: Günther Deschner g...@samba.org Date: Tue Sep 15 23:52:20 2009 +0200 lib/crypto: add aes encryption routines to main cryto lib. Guenther --- Summary of changes: lib/crypto/aes.c | 114 lib/crypto/aes.h | 79 +++ lib/crypto/rijndael-alg-fst.c | 1223 + lib/crypto/rijndael-alg-fst.h | 46 ++ source3/Makefile.in |3 +- source3/rpc_client/cli_pipe.c |2 +- 6 files changed, 1465 insertions(+), 2 deletions(-) create mode 100644 lib/crypto/aes.c create mode 100644 lib/crypto/aes.h create mode 100644 lib/crypto/rijndael-alg-fst.c create mode 100644 lib/crypto/rijndael-alg-fst.h Changeset truncated at 500 lines: diff --git a/lib/crypto/aes.c b/lib/crypto/aes.c new file mode 100644 index 000..7735e8f --- /dev/null +++ b/lib/crypto/aes.c @@ -0,0 +1,114 @@ +/* + * Copyright (c) 2003 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + *notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + *notice, this list of conditions and the following disclaimer in the + *documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + *may be used to endorse or promote products derived from this software + *without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include replace.h + +#include rijndael-alg-fst.h +#include aes.h + +int +AES_set_encrypt_key(const unsigned char *userkey, const int bits, AES_KEY *key) +{ +key-rounds = rijndaelKeySetupEnc(key-key, userkey, bits); +if (key-rounds == 0) + return -1; +return 0; +} + +int +AES_set_decrypt_key(const unsigned char *userkey, const int bits, AES_KEY *key) +{ +key-rounds = rijndaelKeySetupDec(key-key, userkey, bits); +if (key-rounds == 0) + return -1; +return 0; +} + +void +AES_encrypt(const unsigned char *in, unsigned char *out, const AES_KEY *key) +{ +rijndaelEncrypt(key-key, key-rounds, in, out); +} + +void +AES_decrypt(const unsigned char *in, unsigned char *out, const AES_KEY *key) +{ +rijndaelDecrypt(key-key, key-rounds, in, out); +} + +void +AES_cbc_encrypt(const unsigned char *in, unsigned char *out, + unsigned long size, const AES_KEY *key, + unsigned char *iv, int forward_encrypt) +{ +unsigned char tmp[AES_BLOCK_SIZE]; +int i; + +if (forward_encrypt) { + while (size = AES_BLOCK_SIZE) { + for (i = 0; i AES_BLOCK_SIZE; i++) + tmp[i] = in[i] ^ iv[i]; + AES_encrypt(tmp, out, key); + memcpy(iv, out, AES_BLOCK_SIZE); + size -= AES_BLOCK_SIZE; + in += AES_BLOCK_SIZE; + out += AES_BLOCK_SIZE; + } + if (size) { + for (i = 0; i size; i++) + tmp[i] = in[i] ^ iv[i]; + for (i = size; i AES_BLOCK_SIZE; i++) + tmp[i] = iv[i]; + AES_encrypt(tmp, out, key); + memcpy(iv, out, AES_BLOCK_SIZE); + } +} else { + while (size = AES_BLOCK_SIZE) { +
[SCM] Samba Shared Repository - branch master updated - tevent-0-9-8-329-g1f41236
The branch, master has been updated via 1f4123677e509f4479b87c0a9c20abdc556890b1 (commit) via 9cb205d7535ce1ff811892580e3419c3f562d607 (commit) from f8014d30e7023532dfdfce7469024f20af37a3d3 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 1f4123677e509f4479b87c0a9c20abdc556890b1 Author: Günther Deschner g...@samba.org Date: Sun Sep 13 18:42:45 2009 +0200 s4-schannel: first step of decoupling schannel from gensec. Guenther commit 9cb205d7535ce1ff811892580e3419c3f562d607 Author: Günther Deschner g...@samba.org Date: Sun Sep 13 15:21:20 2009 +0200 s4-schannel: strip trailing whitespace. Guenther --- Summary of changes: source4/auth/gensec/schannel.c | 51 ++-- source4/auth/gensec/schannel_sign.c | 74 ++ 2 files changed, 78 insertions(+), 47 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/auth/gensec/schannel.c b/source4/auth/gensec/schannel.c index 15d6443..90b90fc 100644 --- a/source4/auth/gensec/schannel.c +++ b/source4/auth/gensec/schannel.c @@ -281,6 +281,49 @@ static bool schannel_have_feature(struct gensec_security *gensec_security, return false; } +static NTSTATUS schannel_seal_packet_wrap(struct gensec_security *gensec_security, + TALLOC_CTX *mem_ctx, + uint8_t *data, size_t length, + const uint8_t *whole_pdu, size_t pdu_length, + DATA_BLOB *sig) +{ + struct schannel_state *state = talloc_get_type(gensec_security-private_data, struct schannel_state); + + return schannel_seal_packet(state, mem_ctx, data, length, sig); +} + +static NTSTATUS schannel_sign_packet_wrap(struct gensec_security *gensec_security, + TALLOC_CTX *mem_ctx, + const uint8_t *data, size_t length, + const uint8_t *whole_pdu, size_t pdu_length, + DATA_BLOB *sig) +{ + struct schannel_state *state = talloc_get_type(gensec_security-private_data, struct schannel_state); + + return schannel_sign_packet(state, mem_ctx, data, length, sig); +} + +static NTSTATUS schannel_check_packet_wrap(struct gensec_security *gensec_security, + TALLOC_CTX *mem_ctx, + const uint8_t *data, size_t length, + const uint8_t *whole_pdu, size_t pdu_length, + const DATA_BLOB *sig) +{ + struct schannel_state *state = talloc_get_type(gensec_security-private_data, struct schannel_state); + + return schannel_check_packet(state, mem_ctx, data, length, sig); +} + +static NTSTATUS schannel_unseal_packet_wrap(struct gensec_security *gensec_security, + TALLOC_CTX *mem_ctx, + uint8_t *data, size_t length, + const uint8_t *whole_pdu, size_t pdu_length, + const DATA_BLOB *sig) +{ + struct schannel_state *state = talloc_get_type(gensec_security-private_data, struct schannel_state); + + return schannel_unseal_packet(state, mem_ctx, data, length, sig); +} static const struct gensec_security_ops gensec_schannel_security_ops = { .name = schannel, @@ -288,10 +331,10 @@ static const struct gensec_security_ops gensec_schannel_security_ops = { .client_start = schannel_client_start, .server_start = schannel_server_start, .update = schannel_update, - .seal_packet= schannel_seal_packet, - .sign_packet= schannel_sign_packet, - .check_packet = schannel_check_packet, - .unseal_packet = schannel_unseal_packet, + .seal_packet= schannel_seal_packet_wrap, + .sign_packet= schannel_sign_packet_wrap, + .check_packet = schannel_check_packet_wrap, + .unseal_packet = schannel_unseal_packet_wrap, .session_key= schannel_session_key, .session_info = schannel_session_info, .sig_size = schannel_sig_size, diff --git a/source4/auth/gensec/schannel_sign.c b/source4/auth/gensec/schannel_sign.c index 17a0c17..ca066b1 100644 --- a/source4/auth/gensec/schannel_sign.c +++ b/source4/auth/gensec/schannel_sign.c @@ -1,21 +1,21 @@ -/* +/* Unix SMB/CIFS implementation. schannel library code Copyright (C) Andrew Tridgell 2004 Copyright (C) Andrew Bartlett abart...@samba.org 2005 - + This program is free software;
[SCM] Samba Shared Repository - branch master updated - tevent-0-9-8-330-g1a21db8
The branch, master has been updated via 1a21db8ea11b3f07b007fe0cb48ff08b1ce75ba0 (commit) from 1f4123677e509f4479b87c0a9c20abdc556890b1 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 1a21db8ea11b3f07b007fe0cb48ff08b1ce75ba0 Author: Günther Deschner g...@samba.org Date: Wed Sep 16 01:07:26 2009 +0200 s4-schannel: try to fix the build. Guenther --- Summary of changes: source4/auth/gensec/schannel.h |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/auth/gensec/schannel.h b/source4/auth/gensec/schannel.h index 461f6ba..1ec605e 100644 --- a/source4/auth/gensec/schannel.h +++ b/source4/auth/gensec/schannel.h @@ -21,7 +21,6 @@ */ #include libcli/auth/libcli_auth.h -#include auth/gensec/schannel_proto.h #include auth/gensec/schannel_state.h #include libcli/auth/schannel_state.h @@ -37,3 +36,4 @@ struct schannel_state { struct netlogon_creds_CredentialState *creds; }; +#include auth/gensec/schannel_proto.h -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated - tevent-0-9-8-333-g97d7a52
The branch, master has been updated via 97d7a524abc4993f231357ef22c637994d2cdcb9 (commit) via 799f8d7e13cc712f32cdd779770e4868ad17486b (commit) via f3979b50a9b2aacb0497df770f09950b78878fcc (commit) from 1a21db8ea11b3f07b007fe0cb48ff08b1ce75ba0 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 97d7a524abc4993f231357ef22c637994d2cdcb9 Author: Günther Deschner g...@samba.org Date: Wed Sep 16 00:52:33 2009 +0200 s3-schannel: remove unused schannel_decode/schannel_encode. Guenther commit 799f8d7e13cc712f32cdd779770e4868ad17486b Author: Günther Deschner g...@samba.org Date: Wed Sep 16 00:26:17 2009 +0200 schannel: fully share schannel sign/seal between s3 and 4. Guenther commit f3979b50a9b2aacb0497df770f09950b78878fcc Author: Günther Deschner g...@samba.org Date: Tue Sep 15 18:29:10 2009 +0200 schannel: move schannel_sign to main directory. Guenther --- Summary of changes: libcli/auth/schannel.h| 38 libcli/auth/schannel_proto.h | 42 libcli/auth/schannel_sign.c | 271 +++ libcli/auth/schannel_state_ldb.c |1 + source3/Makefile.in |1 + source3/auth/auth_netlogond.c | 26 ++-- source3/include/client.h |2 +- source3/include/ntdomain.h|2 +- source3/include/proto.h |9 +- source3/rpc_client/cli_pipe.c | 105 ++ source3/rpc_parse/parse_prs.c | 286 - source3/rpc_server/srv_netlog_nt.c|3 +- source3/rpc_server/srv_pipe.c | 85 +--- source4/auth/gensec/config.mk |2 +- source4/auth/gensec/schannel.c|3 +- source4/auth/gensec/schannel.h| 39 source4/auth/gensec/schannel_sign.c | 271 --- source4/rpc_server/netlogon/dcerpc_netlogon.c |3 +- 18 files changed, 500 insertions(+), 689 deletions(-) create mode 100644 libcli/auth/schannel.h create mode 100644 libcli/auth/schannel_proto.h create mode 100644 libcli/auth/schannel_sign.c delete mode 100644 source4/auth/gensec/schannel.h delete mode 100644 source4/auth/gensec/schannel_sign.c Changeset truncated at 500 lines: diff --git a/libcli/auth/schannel.h b/libcli/auth/schannel.h new file mode 100644 index 000..bfccd95 --- /dev/null +++ b/libcli/auth/schannel.h @@ -0,0 +1,38 @@ +/* + Unix SMB/CIFS implementation. + + dcerpc schannel operations + + Copyright (C) Andrew Tridgell 2004 + Copyright (C) Andrew Bartlett abart...@samba.org 2004-2005 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see http://www.gnu.org/licenses/. +*/ + +#include libcli/auth/libcli_auth.h +#include libcli/auth/schannel_state.h + +enum schannel_position { + SCHANNEL_STATE_START = 0, + SCHANNEL_STATE_UPDATE_1 +}; + +struct schannel_state { + enum schannel_position state; + uint32_t seq_num; + bool initiator; + struct netlogon_creds_CredentialState *creds; +}; + +#include libcli/auth/schannel_proto.h diff --git a/libcli/auth/schannel_proto.h b/libcli/auth/schannel_proto.h new file mode 100644 index 000..d31707d --- /dev/null +++ b/libcli/auth/schannel_proto.h @@ -0,0 +1,42 @@ +/* + Unix SMB/CIFS implementation. + + dcerpc schannel operations + + Copyright (C) Andrew Tridgell 2004 + Copyright (C) Andrew Bartlett abart...@samba.org 2004-2005 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see http://www.gnu.org/licenses/. +*/ + +#ifndef
[SCM] Samba Shared Repository - branch master updated - tevent-0-9-8-334-g310051c
The branch, master has been updated via 310051c79de5c649847972cdc1ae565d81841ec5 (commit) from 97d7a524abc4993f231357ef22c637994d2cdcb9 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 310051c79de5c649847972cdc1ae565d81841ec5 Author: Günther Deschner g...@samba.org Date: Wed Sep 16 02:09:06 2009 +0200 lib/crypto: link in AES crypto for s4 as well. Guenther --- Summary of changes: lib/crypto/config.mk |3 ++- 1 files changed, 2 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/lib/crypto/config.mk b/lib/crypto/config.mk index e39f06d..c9ba779 100644 --- a/lib/crypto/config.mk +++ b/lib/crypto/config.mk @@ -6,7 +6,8 @@ LIBCRYPTO_OBJ_FILES = $(addprefix $(libcryptosrcdir)/, \ crc32.o md5.o hmacmd5.o md4.o \ -arcfour.o sha256.o hmacsha256.o) +arcfour.o sha256.o hmacsha256.o \ +aes.o rijndael-alg-fst.o) [SUBSYSTEM::TORTURE_LIBCRYPTO] PRIVATE_DEPENDENCIES = LIBCRYPTO -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated - tevent-0-9-8-335-g5b86a0a
The branch, master has been updated via 5b86a0ac013173e9d00f2f1476fb3ee54463e930 (commit) from 310051c79de5c649847972cdc1ae565d81841ec5 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 5b86a0ac013173e9d00f2f1476fb3ee54463e930 Author: Günther Deschner g...@samba.org Date: Wed Sep 16 03:23:05 2009 +0200 schannel: remove last traces of gensec. Guenther --- Summary of changes: libcli/auth/schannel_sign.c |2 -- 1 files changed, 0 insertions(+), 2 deletions(-) Changeset truncated at 500 lines: diff --git a/libcli/auth/schannel_sign.c b/libcli/auth/schannel_sign.c index 45f3989..e60b410 100644 --- a/libcli/auth/schannel_sign.c +++ b/libcli/auth/schannel_sign.c @@ -23,8 +23,6 @@ #include includes.h #include ../libcli/auth/schannel.h #include ../lib/crypto/crypto.h -#include auth/gensec/gensec.h -#include auth/gensec/gensec_proto.h #define NETSEC_SIGN_SIGNATURE { 0x77, 0x00, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00 } #define NETSEC_SEAL_SIGNATURE { 0x77, 0x00, 0x7a, 0x00, 0xff, 0xff, 0x00, 0x00 } -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated - tevent-0-9-8-337-g444a05c
The branch, master has been updated via 444a05c28df693a745809fef73ae583a78be7c8f (commit) via 00d7aad85a594c123d4f00dd7eb15357ed7f3495 (commit) from 5b86a0ac013173e9d00f2f1476fb3ee54463e930 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 444a05c28df693a745809fef73ae583a78be7c8f Author: Volker Lendecke v...@samba.org Date: Wed Sep 16 03:20:49 2009 +0200 s3: Fix reading beyond the end of a named stream in xattr_streams This was found thanks to a test by Sivani from Microsoft against Samba at the SDC plugfest commit 00d7aad85a594c123d4f00dd7eb15357ed7f3495 Author: Volker Lendecke v...@samba.org Date: Wed Sep 16 03:15:53 2009 +0200 s3: Add some debugs to streams_xattr --- Summary of changes: source3/modules/vfs_streams_xattr.c |9 +++-- 1 files changed, 7 insertions(+), 2 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/modules/vfs_streams_xattr.c b/source3/modules/vfs_streams_xattr.c index 033d027..b68fa02 100644 --- a/source3/modules/vfs_streams_xattr.c +++ b/source3/modules/vfs_streams_xattr.c @@ -916,6 +916,9 @@ static ssize_t streams_xattr_pread(vfs_handle_struct *handle, NTSTATUS status; size_t length, overlap; + DEBUG(10, (streams_xattr_pread: offset=%d, size=%d\n, + (int)offset, (int)n)); + if (sio == NULL) { return SMB_VFS_NEXT_PREAD(handle, fsp, data, n, offset); } @@ -932,10 +935,12 @@ static ssize_t streams_xattr_pread(vfs_handle_struct *handle, length = ea.value.length-1; + DEBUG(10, (streams_xattr_pread: get_ea_value returned %d bytes\n, + (int)length)); + /* Attempt to read past EOF. */ if (length = offset) { -errno = EINVAL; -return -1; +return 0; } overlap = (offset + n) length ? (length - offset) : n; -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated - tevent-0-9-8-347-g10e25fc
The branch, master has been updated via 10e25fc5e90e9eaabedc2f3477ac1e8947c88c77 (commit) via 03d0005b250ebd7e632e5cd5cbb8e76fceb1bbee (commit) via 458dda1f15db3db674cf8846b3c08340378a29a8 (commit) via 654672008cb8c1293c7637718a84ac40a4476aa6 (commit) via 9e0b1a3a1f0ea9ca1b402aa60b8ddbe9ce0c9c10 (commit) via bc3bbae6d28c79706b83b7e3f5457674b98d4a74 (commit) via ff8ad222cd1ec26f0e29e409525e16d3b0f1b8c4 (commit) via 12f689eef4394e8c2cf8efdded06d5b398d6e0a7 (commit) via 00fb6705ffc937617e11c6da33b39bad7dda2ac3 (commit) via 089dc64cbb40fe270d44bed10cfb2ccfacff669a (commit) from 444a05c28df693a745809fef73ae583a78be7c8f (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 10e25fc5e90e9eaabedc2f3477ac1e8947c88c77 Author: Andrew Tridgell tri...@samba.org Date: Tue Sep 15 14:07:43 2009 -0700 s4-ldb: ldap attribute names can contain a '.' When they are of the form of OIDs commit 03d0005b250ebd7e632e5cd5cbb8e76fceb1bbee Author: Andrew Tridgell tri...@samba.org Date: Tue Sep 15 14:07:06 2009 -0700 s4-ldb: expose ldb_transaction_prepare_commit() in ldb It is useful to be able to control the 2 phase commit from application code (s4 replication uses it) commit 458dda1f15db3db674cf8846b3c08340378a29a8 Author: Andrew Tridgell tri...@samba.org Date: Tue Sep 15 14:06:07 2009 -0700 s4-repl: don't do double replication When we replicate from a remote DC, we need to note the new uSN that the local changes have resulted in, and modify the uSN that the notify task uses to determine if it should send a ReplicaSync message back to the remote DC. Otherwise we end up always triggering a ReplicaSync every time we replicate from another DC commit 654672008cb8c1293c7637718a84ac40a4476aa6 Author: Andrew Tridgell tri...@samba.org Date: Tue Sep 15 14:04:22 2009 -0700 tdb: allow reads after prepare commit We previously only allowed a commit to happen after a prepare commit. It is in fact safe to allow reads between a prepare and a commit, and the s4 replication code can make use of that, so allow it. commit 9e0b1a3a1f0ea9ca1b402aa60b8ddbe9ce0c9c10 Author: Andrew Tridgell tri...@samba.org Date: Tue Sep 15 11:47:42 2009 -0700 s4-drs: filter based on local_usn The getncchanges uSN is in our local space, so we must compare it to the local_usn in replPropertyMetaData commit bc3bbae6d28c79706b83b7e3f5457674b98d4a74 Author: Andrew Tridgell tri...@samba.org Date: Tue Sep 15 11:46:59 2009 -0700 s4-repl: make sure we marshal the replPropertyMetaData after the last change we were setting local_usn after the marshall, so it wasn't going into the object commit ff8ad222cd1ec26f0e29e409525e16d3b0f1b8c4 Author: Andrew Tridgell tri...@samba.org Date: Tue Sep 15 10:01:26 2009 -0700 s4-dsdb: use DLIST_ADD() not DLIST_ADD_END() Using DLIST_ADD_END() to construct a long list is very inefficient (it is O(n^2). These lists are not ordered, so using DLIST_ADD() is much better. commit 12f689eef4394e8c2cf8efdded06d5b398d6e0a7 Author: Andrew Tridgell tri...@samba.org Date: Tue Sep 15 10:00:24 2009 -0700 s4-ldb: cope better with corruption of tdb records When doing an indexed search if we hit a corrupt record we abandoned the indexed search and did a full search. The problem was that we might have sent some records to the caller already, which means the caller ended up with duplicate records. Fix this by returning a search error if indexing returns an error and we have given any records to the caller. commit 00fb6705ffc937617e11c6da33b39bad7dda2ac3 Author: Andrew Tridgell tri...@samba.org Date: Tue Sep 15 09:43:27 2009 -0700 talloc: when we enable NULL tracking, reparent the autofree context If NULL tracking is enabled after the autofree context is initialised then autofree ends up separate from the null_context. This means that talloc_report_full() doesn't report the autofree context. Fix this by reparenting the autofree context when we create the null_context. commit 089dc64cbb40fe270d44bed10cfb2ccfacff669a Author: Andrew Tridgell tri...@samba.org Date: Tue Sep 15 09:23:14 2009 -0700 s4-repl: add a debug to make it easier to monitor replication --- Summary of changes: lib/talloc/talloc.c |3 + lib/tdb/common/transaction.c|8 --- source4/dsdb/repl/drepl_out_helpers.c |3 +- source4/dsdb/repl/replicated_objects.c | 40 +++- source4/dsdb/samdb/ldb_modules/repl_meta_data.c | 20 +++--- source4/dsdb/schema/schema_init.c |4 +- source4/dsdb/schema/schema_set.c|4 +-
[SCM] Samba Shared Repository - branch master updated - tevent-0-9-8-349-g5d2dfd1
The branch, master has been updated via 5d2dfd12cf779c410e041a1815e5e3edf0ea38d8 (commit) via 7ded0741d9d5a4c2859769e4abfbc197aed0e5e1 (commit) from 10e25fc5e90e9eaabedc2f3477ac1e8947c88c77 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 5d2dfd12cf779c410e041a1815e5e3edf0ea38d8 Author: Andrew Tridgell tri...@samba.org Date: Tue Sep 15 19:26:33 2009 -0700 s4-drs: lock down key DRS calls The key DRS calls should only be allowed by administrators or domain controllers commit 7ded0741d9d5a4c2859769e4abfbc197aed0e5e1 Author: Andrew Tridgell tri...@samba.org Date: Tue Sep 15 19:25:45 2009 -0700 s4-security: added a new security level SECURITY_DOMAIN_CONTROLLER This will be used as a simple way to lock down DRS replication to administrators and domain controllers --- Summary of changes: source4/libcli/security/security.h |1 + source4/libcli/security/security_token.c|9 + source4/rpc_server/drsuapi/addentry.c |7 source4/rpc_server/drsuapi/dcesrv_drsuapi.c | 13 ++- source4/rpc_server/drsuapi/getncchanges.c | 49 --- source4/rpc_server/drsuapi/updaterefs.c |7 6 files changed, 64 insertions(+), 22 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/libcli/security/security.h b/source4/libcli/security/security.h index 6dbbe01..3cfa484 100644 --- a/source4/libcli/security/security.h +++ b/source4/libcli/security/security.h @@ -22,6 +22,7 @@ enum security_user_level { SECURITY_ANONYMOUS, SECURITY_USER, + SECURITY_DOMAIN_CONTROLLER, SECURITY_ADMINISTRATOR, SECURITY_SYSTEM }; diff --git a/source4/libcli/security/security_token.c b/source4/libcli/security/security_token.c index 0764dfe..d3eff93 100644 --- a/source4/libcli/security/security_token.c +++ b/source4/libcli/security/security_token.c @@ -142,6 +142,11 @@ bool security_token_has_nt_authenticated_users(const struct security_token *toke return security_token_has_sid_string(token, SID_NT_AUTHENTICATED_USERS); } +bool security_token_has_enterprise_dcs(const struct security_token *token) +{ + return security_token_has_sid_string(token, SID_NT_ENTERPRISE_DCS); +} + enum security_user_level security_session_user_level(struct auth_session_info *session_info) { if (!session_info) { @@ -160,6 +165,10 @@ enum security_user_level security_session_user_level(struct auth_session_info *s return SECURITY_ADMINISTRATOR; } + if (security_token_has_enterprise_dcs(session_info-security_token)) { + return SECURITY_DOMAIN_CONTROLLER; + } + if (security_token_has_nt_authenticated_users(session_info-security_token)) { return SECURITY_USER; } diff --git a/source4/rpc_server/drsuapi/addentry.c b/source4/rpc_server/drsuapi/addentry.c index ae47802..edf46aa 100644 --- a/source4/rpc_server/drsuapi/addentry.c +++ b/source4/rpc_server/drsuapi/addentry.c @@ -30,6 +30,7 @@ #include librpc/gen_ndr/ndr_drsblobs.h #include auth/auth.h #include rpc_server/drsuapi/dcesrv_drsuapi.h +#include libcli/security/security.h /* @@ -149,6 +150,12 @@ WERROR dcesrv_drsuapi_DsAddEntry(struct dcesrv_call_state *dce_call, TALLOC_CTX DCESRV_PULL_HANDLE_WERR(h, r-in.bind_handle, DRSUAPI_BIND_HANDLE); b_state = h-data; + if (security_session_user_level(dce_call-conn-auth_state.session_info) + SECURITY_DOMAIN_CONTROLLER) { + DEBUG(0,(DsAddEntry refused for security token\n)); + return WERR_DS_DRA_ACCESS_DENIED; + } + switch (r-in.level) { case 2: ret = ldb_transaction_start(b_state-sam_ctx); diff --git a/source4/rpc_server/drsuapi/dcesrv_drsuapi.c b/source4/rpc_server/drsuapi/dcesrv_drsuapi.c index a5418a1..c01711d 100644 --- a/source4/rpc_server/drsuapi/dcesrv_drsuapi.c +++ b/source4/rpc_server/drsuapi/dcesrv_drsuapi.c @@ -30,6 +30,7 @@ #include librpc/gen_ndr/ndr_drsblobs.h #include messaging/irpc.h #include rpc_server/drsuapi/dcesrv_drsuapi.h +#include libcli/security/security.h /* drsuapi_DsBind @@ -234,8 +235,10 @@ static WERROR dcesrv_drsuapi_DsReplicaSync(struct dcesrv_call_state *dce_call, T struct server_id *repld; struct irpc_request *ireq; - if (DEBUGLVL(4)) { - NDR_PRINT_IN_DEBUG(drsuapi_DsReplicaSync, r); + if (security_session_user_level(dce_call-conn-auth_state.session_info) + SECURITY_DOMAIN_CONTROLLER) { + DEBUG(0,(DsReplicaSync refused for security token\n)); + return WERR_DS_DRA_ACCESS_DENIED; } repld = irpc_servers_byname(dce_call-msg_ctx, mem_ctx, dreplsrv); @@ -474,6 +477,12 @@
[SCM] Samba Shared Repository - branch master updated - tevent-0-9-8-351-g30d1328
The branch, master has been updated via 30d13288e5bb506584a0bf012d7b2e579a6a2074 (commit) via f80363c90a60a4496309a50d760ca05ac4b59e4f (commit) from 5d2dfd12cf779c410e041a1815e5e3edf0ea38d8 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 30d13288e5bb506584a0bf012d7b2e579a6a2074 Author: Andrew Tridgell tri...@samba.org Date: Tue Sep 15 20:51:10 2009 -0700 s4-repl: take advantage of async RPC forwarding This uses async RPC forwarding for the DsReplicaSync call commit f80363c90a60a4496309a50d760ca05ac4b59e4f Author: Andrew Tridgell tri...@samba.org Date: Tue Sep 15 20:50:30 2009 -0700 s4-rpc: added a module for forwarding RPC requests dcesrv_irpc_forward_rpc_call() can be used to forward an arbitrary RPC request to another task in Samba4, with the return being handled asynchronously. This is useful for forwarding DRS requests to the repl or kcc tasks --- Summary of changes: source4/dsdb/repl/drepl_service.c |8 +- source4/rpc_server/common/common.h | 10 +-- source4/rpc_server/common/forward.c | 112 +++ source4/rpc_server/config.mk|3 +- source4/rpc_server/drsuapi/dcesrv_drsuapi.c | 25 +- 5 files changed, 123 insertions(+), 35 deletions(-) create mode 100644 source4/rpc_server/common/forward.c Changeset truncated at 500 lines: diff --git a/source4/dsdb/repl/drepl_service.c b/source4/dsdb/repl/drepl_service.c index cb415b6..75ce42b 100644 --- a/source4/dsdb/repl/drepl_service.c +++ b/source4/dsdb/repl/drepl_service.c @@ -113,18 +113,16 @@ static NTSTATUS drepl_replica_sync(struct irpc_message *msg, { struct dreplsrv_service *service = talloc_get_type(msg-private_data, struct dreplsrv_service); - WERROR werr; struct GUID *guid = r-in.req.req1.naming_context-guid; - werr = dreplsrv_schedule_partition_pull_by_guid(service, msg, guid); - if (W_ERROR_IS_OK(werr)) { + r-out.result = dreplsrv_schedule_partition_pull_by_guid(service, msg, guid); + if (W_ERROR_IS_OK(r-out.result)) { DEBUG(3,(drepl_replica_sync: forcing sync of partition %s\n, GUID_string(msg, guid))); dreplsrv_run_pending_ops(service); } else { DEBUG(3,(drepl_replica_sync: failed setup of sync of partition %s - %s\n, -GUID_string(msg, guid), win_errstr(werr))); - return NT_STATUS_INTERNAL_ERROR; +GUID_string(msg, guid), win_errstr(r-out.result))); } return NT_STATUS_OK; } diff --git a/source4/rpc_server/common/common.h b/source4/rpc_server/common/common.h index aacd460..5a1d7ab 100644 --- a/source4/rpc_server/common/common.h +++ b/source4/rpc_server/common/common.h @@ -25,14 +25,6 @@ struct share_config; struct dcesrv_context; -enum srvsvc_ShareType dcesrv_common_get_share_type(TALLOC_CTX *mem_ctx, struct dcesrv_context *dce_ctx, struct share_config *scfg); -enum srvsvc_PlatformId dcesrv_common_get_platform_id(TALLOC_CTX *mem_ctx, struct dcesrv_context *dce_ctx); -const char *dcesrv_common_get_lan_root(TALLOC_CTX *mem_ctx, struct dcesrv_context *dce_ctx); -const char *dcesrv_common_get_server_name(TALLOC_CTX *mem_ctx, struct dcesrv_context *dce_ctx, const char *server_unc); -uint32_t dcesrv_common_get_share_permissions(TALLOC_CTX *mem_ctx, struct dcesrv_context *dce_ctx, struct share_config *scfg); -uint32_t dcesrv_common_get_share_current_users(TALLOC_CTX *mem_ctx, struct dcesrv_context *dce_ctx, struct share_config *scfg); -const char *dcesrv_common_get_share_path(TALLOC_CTX *mem_ctx, struct dcesrv_context *dce_ctx, struct share_config *scfg); - struct dcesrv_context; struct dcerpc_server_info { @@ -42,4 +34,6 @@ struct dcerpc_server_info { uint32_t version_build; }; +#include rpc_server/common/proto.h + #endif /* _DCERPC_SERVER_COMMON_H_ */ diff --git a/source4/rpc_server/common/forward.c b/source4/rpc_server/common/forward.c new file mode 100644 index 000..e0fac0e --- /dev/null +++ b/source4/rpc_server/common/forward.c @@ -0,0 +1,112 @@ +/* + Unix SMB/CIFS implementation. + + forwarding of RPC calls to other tasks + + Copyright (C) Andrew Tridgell 2009 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +
[SCM] Samba Shared Repository - branch master updated - tevent-0-9-8-352-gc5c04fc
The branch, master has been updated via c5c04fcf90849d31ff4d0343dedec2c097823a7e (commit) from 30d13288e5bb506584a0bf012d7b2e579a6a2074 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit c5c04fcf90849d31ff4d0343dedec2c097823a7e Author: Günther Deschner g...@samba.org Date: Wed Sep 16 07:53:26 2009 +0200 s3-schannel: add dump_NL_AUTH_SIGNATURE. Guenther --- Summary of changes: librpc/ndr/ndr_schannel.c | 36 librpc/ndr/ndr_schannel.h |3 ++- source3/rpc_client/cli_pipe.c | 23 +++ source3/rpc_server/srv_pipe.c | 26 +++--- 4 files changed, 44 insertions(+), 44 deletions(-) Changeset truncated at 500 lines: diff --git a/librpc/ndr/ndr_schannel.c b/librpc/ndr/ndr_schannel.c index 02796f7..b610429 100644 --- a/librpc/ndr/ndr_schannel.c +++ b/librpc/ndr/ndr_schannel.c @@ -69,3 +69,39 @@ _PUBLIC_ void ndr_print_NL_AUTH_MESSAGE_BUFFER_REPLY(struct ndr_print *ndr, cons } } + +void dump_NL_AUTH_SIGNATURE(TALLOC_CTX *mem_ctx, + const DATA_BLOB *blob) +{ + enum ndr_err_code ndr_err; + uint16_t signature_algorithm; + + if (blob-length 2) { + return; + } + + signature_algorithm = SVAL(blob-data, 0); + + switch (signature_algorithm) { + case NL_SIGN_HMAC_MD5: { + struct NL_AUTH_SIGNATURE r; + ndr_err = ndr_pull_struct_blob(blob, mem_ctx, NULL, r, + (ndr_pull_flags_fn_t)ndr_pull_NL_AUTH_SIGNATURE); + if (NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { + NDR_PRINT_DEBUG(NL_AUTH_SIGNATURE, r); + } + break; + } + case NL_SIGN_HMAC_SHA256: { + struct NL_AUTH_SHA2_SIGNATURE r; + ndr_err = ndr_pull_struct_blob(blob, mem_ctx, NULL, r, + (ndr_pull_flags_fn_t)ndr_pull_NL_AUTH_SHA2_SIGNATURE); + if (NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { + NDR_PRINT_DEBUG(NL_AUTH_SHA2_SIGNATURE, r); + } + break; + } + default: + break; + } +} diff --git a/librpc/ndr/ndr_schannel.h b/librpc/ndr/ndr_schannel.h index d2dce79..d57278c 100644 --- a/librpc/ndr/ndr_schannel.h +++ b/librpc/ndr/ndr_schannel.h @@ -21,4 +21,5 @@ void ndr_print_NL_AUTH_MESSAGE_BUFFER(struct ndr_print *ndr, const char *name, const union NL_AUTH_MESSAGE_BUFFER *r); void ndr_print_NL_AUTH_MESSAGE_BUFFER_REPLY(struct ndr_print *ndr, const char *name, const union NL_AUTH_MESSAGE_BUFFER_REPLY *r); - +void dump_NL_AUTH_SIGNATURE(TALLOC_CTX *mem_ctx, + const DATA_BLOB *blob); diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c index febf787..14b 100644 --- a/source3/rpc_client/cli_pipe.c +++ b/source3/rpc_client/cli_pipe.c @@ -672,13 +672,11 @@ static NTSTATUS cli_pipe_verify_schannel(struct rpc_pipe_client *cli, RPC_HDR *p uint8 *p_ss_padding_len) { RPC_HDR_AUTH auth_info; - struct NL_AUTH_SIGNATURE schannel_chk; uint32 auth_len = prhdr-auth_len; uint32 save_offset = prs_offset(current_pdu); struct schannel_state *schannel_auth = cli-auth-a_u.schannel_auth; uint32 data_len; - enum ndr_err_code ndr_err; DATA_BLOB blob; NTSTATUS status; @@ -725,15 +723,8 @@ static NTSTATUS cli_pipe_verify_schannel(struct rpc_pipe_client *cli, RPC_HDR *p blob = data_blob_const(prs_data_p(current_pdu) + prs_offset(current_pdu), auth_len); - ndr_err = ndr_pull_struct_blob(blob, talloc_tos(), NULL, schannel_chk, - (ndr_pull_flags_fn_t)ndr_pull_NL_AUTH_SIGNATURE); - if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { - DEBUG(0,(cli_pipe_verify_schannel: failed to unmarshal RPC_AUTH_SCHANNEL_CHK.\n)); - return ndr_map_error2ntstatus(ndr_err); - } - if (DEBUGLEVEL = 10) { - NDR_PRINT_DEBUG(NL_AUTH_SIGNATURE, schannel_chk); + dump_NL_AUTH_SIGNATURE(talloc_tos(), blob); } switch (cli-auth-auth_level) { @@ -1930,11 +1921,9 @@ static NTSTATUS add_schannel_auth_footer(struct rpc_pipe_client *cli, prs_struct *outgoing_pdu) { RPC_HDR_AUTH auth_info; - struct NL_AUTH_SIGNATURE verf; struct schannel_state *sas = cli-auth-a_u.schannel_auth; char *data_p = prs_data_p(outgoing_pdu) + RPC_HEADER_LEN + RPC_HDR_RESP_LEN; size_t data_and_pad_len = prs_offset(outgoing_pdu) - RPC_HEADER_LEN - RPC_HDR_RESP_LEN; - enum ndr_err_code ndr_err; DATA_BLOB blob; NTSTATUS status; @@