Re: [Samba] Old application very slow
Adam Williams schreef: you might try adding: socket options = IPTOS_LOWDELAY TCP_NODELAY SO_RCVBUF=65536 SO_SNDBUF=65536 SO_KEEPALIVE READ_SIZE=65536 use mmap = No use sendfile = Yes blocking locks = No read raw = no write raw = no kernel oplocks = no oplocks = yes level2 oplocks = yes Thanks for your responses. I tried some of those suggestions, others are recommended not to modify in the documentations. But no improvement in speed. I also dissolved the bond between two NIC's I had, with no solution. Anyone has other suggestions ? Regards, Koenraad Lelong. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] samba 3.4.2 centos with ldap 2.4.11 stucks - The workaround
Hi! As I said, I the smbd daemon stucks if you use Samba 3.4.2 on CentOS 5.3 with ldap 2.4.11. (You start the smb daemons, then you have to wait a few minutes before the daemon states waiting for connections and then after you try to connect to a network share the daemon stucks - all that behaviour when you use the local ldap) I found a workaround - if I use winbind nested groups=no then it works. Can someone give me a hint what is wrong? regards Martin -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Old application very slow
Adam Williams schreef: you might try adding: socket options = IPTOS_LOWDELAY TCP_NODELAY SO_RCVBUF=65536 SO_SNDBUF=65536 SO_KEEPALIVE READ_SIZE=65536 use mmap = No use sendfile = Yes blocking locks = No read raw = no write raw = no kernel oplocks = no oplocks = yes level2 oplocks = yes Thanks for your responses. I tried some of those suggestions, others are recommended not to modify in the documentations. But no improvement in speed. I also dissolved the bond between two NIC's I had, with no solution. Anyone has other suggestions ? Regards, Koenraad Lelong. A long shot, interfaces = 192.168.0.0/20, lo bind interfaces only = Yes try to set interfaces to just the interface name and the ipadres. Maybe it is a network problem. Regards, Johan No virus found in this outgoing message. Checked by AVG - www.avg.com Version: 8.5.423 / Virus Database: 270.14.24/2449 - Release Date: 10/20/09 18:42:00 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] SAMBA + CUPS examples ?
Hello I'm searching for a CUPS integration in SAMBA manual with as much as possible configuration examples Thanks -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Suppressing the Windows password pop up when using bad user trap for user from trusted domains
Dear all, I have a situation where the Samba file server is the ADS domain member of DomA, and the DomA is trusting another domain DomB. Currently the Samba version I am using is 3.0.34 under Solaris 10 Update 7 with Sun Cluster 3.2 HA solution. I understand that the trusted domains feature on this release is breaking, thus I cannot make it works, and the path to upgrade to 3.2.2 is also not possible since it is not supported by Sun Cluster agent. Therefore I need to have a mechanism to trap the user from DomB, to be bad user, and allowing it to access as guest user. The problem I have now, when the user from DomB is accessing the share, he/she is always presented with the Windows password pop up, which is difficult since we want it to be unattended or at least silently login behind the application. Only after the user entering bogus username/password, then he can access the share as guest user. Basically if the authentication result is NT_STATUS_LOGON_FAILURE, the dekstop will keep asking with pop up screen. Only when the result is NT_STATUS_NO_SUCH_USER, it is directed to guest account. What I want is that both authentication failure is mapped to guest account, and supressing Windows login pop up. Many thanks in advance, Dedhi PS : some information This is my excerpt of smb.conf : [global] log level = 3 syslog only = no max log size = 5 realm = DOMA.PVT workgroup = DOMA security = ADS encrypt passwords = true unix extensions = yes password server = ESSBCST1.doma.pvt ESSBCST2.doma.pvt server string = SAMBA File Server wins server = 192.168.1.11 192.168.1.12 domain master = no local master = no client schannel = no client use spnego = yes interfaces = 192.168.1.17/24 bind interfaces only = yes netbios name=SAM-FS-SAMBA pid directory = /global/SAM-QFS-HA/samba/SAM-FS-SAMBA/var/locks log file = /global/SAM-QFS-HA/samba/SAM-FS-SAMBA/logs/log.%m smb passwd file = /global/SAM-QFS-HA/samba/SAM-FS-SAMBA/private/smbpasswd private dir = /global/SAM-QFS-HA/samba/SAM-FS-SAMBA/private lock dir = /global/SAM-QFS-HA/samba/SAM-FS-SAMBA/var/locks kernel oplocks = true oplocks = true # winbind winbind separator = / idmap uid = 11000-19000 idmap gid = 11000-19000 # idmap domains = DOMA idmap config DOMA:backend = rid idmap config DOMA:default = yes idmap config DOMA:range = 11000-19000 # winbind enum users = yes winbind enum groups = yes winbind nested groups = yes allow trusted domains = no winbind use default domain = yes template shell = /bin/bash map to guest = bad password guest account = nobody [media] comment = Media directory path = /samfs1/omnibus_F/Media read only = No create mask = 0666 directory mask = 0775 writable = yes browseable = yes guest ok = yes case sensitive = true default case = lower preserve case = no short preserve case = no level2 oplocks = true Output from the log : check_ntlm_password: mapped user is: [domb]\[teng...@[dt06-016654] [2009/10/21 17:26:26, 1] auth/auth.c:(172) check_domain_match: Attempt to connect as user TengTM from domain DOMB denied. [2009/10/21 17:26:26, 3] smbd/error.c:(106) error packet at smbd/sesssetup.c(107) cmd=115 (SMBsesssetupX) NT_STATUS_LOGON_FAILURE check_ntlm_password: Checking password for unmapped user [local]\[tt...@[dt06-016654] with the new password interface [2009/10/21 17:26:45, 3] auth/auth.c:(224) check_ntlm_password: mapped user is: [doma]\[tt...@[dt06-016654] check_ntlm_password: Authentication for user [ttty] - [ttty] FAILED with error NT_STATUS_NO_SUCH_USER [2009/10/21 17:26:45, 3] smbd/sesssetup.c:(45) No such user ttty [local] - using guest account -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] error getting workgroup name ....
Hi ! I installed a server under Debian. In this server i installed tow samba service. One for a domain D1 and an other for D2. The conf file for D1 smb.D1.conf and the process smbd, nmbd, the network interface eth0, netbios name : name0 The conf file for D2 smb.D2.conf and the process smbd.bis, nmbd.bis, the network interface eth1, netbios name : name1 All work fine but a message eeror disturb me: nmbd[12251]: [2009/10/21 06:29:37, 0] nmbd/nmbd_browsesync.c:get_domain_master_name_node_status_fail(485) Oct 21 06:29:37 localhost nmbd[12251]: get_domain_master_name_node_status_fail: Oct 21 06:29:37 localhost nmbd[12251]: Doing a node status request to the domain master browser at IP 192.168.10.253 failed. Oct 21 06:29:37 localhost nmbd[12251]: Cannot get workgroup name. Oct 21 06:29:37 localhost nmbd.bis[27653]: [2009/10/21 06:29:37, 0] nmbd/nmbd_browsesync.c:get_domain_master_name_node_status_fail(485) Oct 21 06:29:37 localhost nmbd.bis[27653]: get_domain_master_name_node_status_fail: Oct 21 06:29:37 localhost nmbd.bis[27653]: Doing a node status request to the domain master browser at IP 192.168.20.253 failed. Oct 21 06:29:37 localhost nmbd.bis[27653]: Cannot get workgroup name. What this main and how to resolve it ? Thnks in advance Ya. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Ldapsam:editposix: How to continue once it's setup
Hi to everybody, I managed to setup ldapsam:editposix for Debian Lenny as described here: http://wiki.samba.org/index.php/Ldapsam_Editposix and had the impression that in order to add a Samba Unix client, it would be best to continue here: http://www.samba.org/samba/docs/man/Samba-Guide/unixclients.html However, in the ldapsam:editposix tutorial, the Administrator is mentioned instead of root (judging from what I've read so far, the Administrator user is only used for real Windows client PCs). My smb.conf is setup so that no NetBIOS stuff is used (no wins, only port 445, netbios disabled). Before running net sam provision, there were already user accounts present in LDAP. Do I have to execute smbpasswd, even though I intend to use MIT Kerberos (the value for the userPassword attribute in LDAP looks like this {KERBEROS}user@kerberos-realm ??? (This especially applies to the root user since this account doesn't seem to be created during net sam provision). By the way, the Kerberos database is also stored in LDAP. What do I have to do so that the remaining users in LDAP also get the Samba specific LDAP attributes added to their account info and can be used for Kerberized Samba sessions (either from Windows or smbclient setups from Unix)? getent passwd, getent group, kinit all work as expected, i. e. they return the accounts and groups stored in LDAP and I can obtain Kerberos tickets. I can also use these tickets for passwordless SSH logins and create files as that user, including changing group membership to an auxiliary group using newgrp. So, Kerberos works. In case you need any additional info (etc. smb.conf) I will surely provide it, but I didn't want to make this mail too long. Any help is greatly appreciated! Thanks kind regards, Holger signature.asc Description: Digital signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Password prompt in security = share
Hi, I need to create a samba server with multiple shares. Imagine the scenario: Server \_Public \_Depto1 \_Depto2 When a windows user try to access Server for the first time, he can access \\server and list all of shares. When click in Public, can access without password prompt, full access. When click in Depto1, samba ask for password, but in the password dialog, Username is blocked (Guest) and password is blank. In a Windows 2008 server, the username and password are in blank too, but when try to log using a user declared in 'valid users', logon failed. Using: security = user, It works! But, ask for password to access the Server. Some idea to help me? Best Regards. Rafael Camacho -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] zfs acls and MS office applications
I ran into the following two related problems with samba 3.0.xx and Solaris 10 and ZFS 1. With Word, Excel or PowerPoint 2003 you could save the document maybe 4 times but on the 5th time you wouldn't be able to save the file - or worse it would disappear. The issue seemed to be that for the first 4 saves, the MS App would merely modify the document. But with the 5th save it writes the document out in full to a new file and deletes the old.Also, rather than allowing the new file to just inherit file permissions, the app will explicitly set the ACE's. Visual Studio does this as well. ZFS inheritance is ignored if Windows inheritance is used. 2. On unix level, you might chmod 770 somefile to allow anyone in the group to access the file. Other is not explicitly permitted but not explictly denied. So the in effect everyone else does not have access. But in Windows, this other is not explicitly permitted can be interpreted as everyone is explicitly denied.Something similar can happen with group perms. Although supposedly the correct ACE ordering shd have avoided this. Nt. I used the samba packages bundled with Solaris. They have the zfs module backported from newer samba versions. If I compiled Samba 3.0.x from scratch I did not get zfs support and the winbind functionality was broken. However, Sun doesn't do a great job of documenting any of this. On 10/20/09 22:01, Tom Lieuallen wrote: I'm trying to use zfs acls in solaris 10. I've looked at past posts regarding this and some online help, but am stuck. I'm currently using samba 3.3.9; I've had the same problem with 3.3.7. samba is compiled and running as an Active Directory member server (compiled with ldap and kerberos). The zfs disk is local. I'm not using winbind. I compiled with zfsacl module. Permissions appear just fine in solaris. Plus I can read/write with notepad and use other applications such as acrobat. However, Microsoft Office 2007 won't open or save files. I haven't tried other versions of Office; they're not handy. The following is the configuration for the share: [testzfs] comment = test path = /moe2 browseable = true public = false writable = true inherit permissions = yes acl check permissions = False vfs objects = zfsacl inherit acls = yes nfs4: mode = simple nfs4: acedup = merge zfsacl: acesort = dontcare map archive = no map hidden = no map read only = no map system = no The zfs permissions I'm testing look like this. This is for the parent directory; files within have the same permissions (sans the inheritance). moe-lh /moe2/office/student_workers 546# ls -vd . drwxrws---+ 2 toml cefac 5 Oct 20 18:36 ./ 0:group:cefac:list_directory/read_data/add_file/write_data /add_subdirectory/append_data/write_xattr/execute/write_attributes /write_acl/write_owner:file_inherit/dir_inherit/inherit_only:allow 1:group:cefac:list_directory/read_data/add_file/write_data /add_subdirectory/append_data/write_xattr/execute/write_attributes /write_acl/write_owner:allow 2:group:ceoffstu:list_directory/read_data/add_file/write_data /add_subdirectory/append_data/write_xattr/execute/write_attributes /write_acl/write_owner:file_inherit/dir_inherit/inherit_only:allow 3:group:ceoffstu:list_directory/read_data/add_file/write_data /add_subdirectory/append_data/write_xattr/execute/write_attributes /write_acl/write_owner:allow 4:group:ceoffstu:list_directory/read_data/add_file/write_data /add_subdirectory/append_data/write_xattr/execute/write_attributes /write_acl/write_owner:allow 5:owner@::deny 6:owner@:list_directory/read_data/add_file/write_data/add_subdirectory /append_data/write_xattr/execute/write_attributes/write_acl /write_owner:allow 7:group@::deny 8:group@:list_directory/read_data/add_file/write_data/add_subdirectory /append_data/execute:allow 9:everyone@:list_directory/read_data/add_file/write_data /add_subdirectory/append_data/write_xattr/execute/write_attributes /write_acl/write_owner:deny 10:everyone@:read_xattr/read_attributes/read_acl/synchronize:allow thank you Tom Lieuallen Oregon State University -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] map acl inherit stopped working
On 2009-10-19 23:04, Jeremy Allison wrote: On Sat, Oct 17, 2009 at 12:40:10AM +0200, Peter Rindfuss wrote: Hi, It seems that at some point map acl inherit = yes stopped working for me. I now have Samba 3.4.2, but this problem started with an earlier version, possibly some 3.2.x or 3.3.x. No SAMBA_PAI extended attributes are created anymore, but existing ones are still honored. OS is Suse 11.0, file system is XFS. What could be wrong? Not sure, can you log a bug and upload logs please ? Hi Jeremy, I will file a bug, if necessary, but perhaps my further investigations can help. My statement no SAMBA_PAI extended attributes are created anymore is wrong, I apologize. But it is interesting what really happens to SAMBA_PAI: I looked at an old existing folder: Windows security tab shows that rights are inherited from the folder above. SAMBA_PAI is 0x01000300039a750151c302009a750151c302 When I remove and (try to) set inheritance again, SAMBA_PAI becomes 0x02048d030003009a75000151c303020b009a750b0151c30302 and inheritance is gone, same as if SAMBA_PAI were not there at all. When I manually set SAMBA_PAI to the first value, inherited rights are back there again. One more interesting observation: The acl_xattr VFS module seems to work fine with respect to inheritance (on a test share). BTW, the SAMBA_PAI created with acl_xattr looks similar to the non-working one above. Cheers, Peter -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] using ldap only idmap
On Sun, Oct 18, 2009 at 13:47, Miguel Medalha miguelmeda...@sapo.pt wrote: Yes... I read this... and deleted the idmap config MIDOMINIO:default = yes setting... but it still doesn't work :-( I suppose you will also have to remove those idmap alloc backend and idmap alloc config entries. Looks like THAT was the problem... today I could do a quick test and it seems to work fine now... Muito obrigado, Miguel. -- Mariano Absatz - El Baby www.clueless.com.ar -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] migrate Windows Active Directory Users to Samba+LDAP
I was also searching for same. Thnks for suggestion On 10/21/09, mor...@tuxedo.darktech.org mor...@tuxedo.darktech.org wrote: On Tue 20/10/09 4:34 AM , Osmany Goderich Navarro osm...@oc.quimefa.cu wrote: utility that's built in AD and it works fine. I can specifically extract de OU of my interest but the problem is that the users in the output file come out with lots of attributes that are not compatible with the samba schema. I'm wondering if there is some script that can restructure and modify the users so that I can import these users to OpenLDAP with a simple ldapadd command. There aren't any that I'm personally aware of (maybe others on the list know of scripts that I don't know about), but once you have an LDIF it's all text. You could slap a Perl or Python script together in no time; these scripts tend to be very site-specific. The Windows 2003 'R2' LDAP schema for AD is RFC 2307 compliant, so if your target LDAP directory is RFC 2307, it should be a piece of cake. Either you add the necessary AD attributes to your LDAP schema, or you simply weed the ones you don't care about out of the of the LDIF by using something along the lines of what 'grep -v' does. If you're using some other ActiveDirectory schema, I'm afraid it's going to be rather harder. Message sent via Atmail Open - http://atmail.org/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- Sent from my mobile device http://linuxinterviews.blogspot.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] zfs acls and MS office applications
On Wed, Oct 21, 2009 at 09:30:16AM -0400, Gaiseric Vandal wrote: I ran into the following two related problems with samba 3.0.xx and Solaris 10 and ZFS 1. With Word, Excel or PowerPoint 2003 you could save the document maybe 4 times but on the 5th time you wouldn't be able to save the file - or worse it would disappear. The issue seemed to be that for the first 4 saves, the MS App would merely modify the document. But with the 5th save it writes the document out in full to a new file and deletes the old.Also, rather than allowing the new file to just inherit file permissions, the app will explicitly set the ACE's. Visual Studio does this as well. Samba 3.2 and above has much better support for ZFS (NFSv4-style) ACLs. I suggest trying a later Samba release on Solaris. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] local copy microsoft/credentials directory profile redirection
Date: Mon, 19 Oct 2009 13:25:48 -0600 Subject: [Samba] local copy microsoft/credentials directory profile redirection hello, i've set up a domain controller to replace a production server. both servers use profile redirection for all user environment directories. my problem is that when logging onto the new domain and server, windows will create in the %userprofile% local directory an Application Directory containing Microsoft/Credentials/*SID*, although a copy exists on the server. this directory is used to store the user's network passwords. because a blank credential directory is created stored network passwords (explorer only) are not used. all other applications use the network copy of the directory (as they should). redirection is done through adm here are the pertinent settings: [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders] AppData=%logonserver%\profiles\%username%\Application Data Cookies=%logonserver%\profiles\%username%\Cookies Desktop=%logonserver%\%username%\Desktop Personal=%logonserver%\%username%\My Documents Local AppData=%logonserver%\profiles\%username%\Local Settings\Application Data Cache=c:\temp\users\%username%\Local Settings\Temporary Internet Files History=c:\temp\users\%username%\Local Settings\History Local Settings=c:\temp\users\%username%\Local Settings the same client joined to current domain (with the same adm settings) will not reproduce un-desired behavior. does anyone have any suggestions, guesses, etc? clients: windows xp sp3 (offline files disabled; set to delete local copies of profiles at log off) os: ubuntu 9.04 server samba: 3.3.2-1ubuntu3.2 config: Server role: ROLE_DOMAIN_PDC [global] workgroup = domain-name server string = server-name passdb backend = ldapsam:ldap://127.0.0.1 passwd program = /usr/sbin/smbldap-passwd -u %u passwd chat = *New*password* %n\n *Retype*new*password* %n\n *all*authentication*tokens*updated* log level = 5 vfs:0 smb:0 syslog = 0 log file = /var/log/samba/log.%h max log size = 1000 max xmit = 65535 socket options = TCP_NODELAY SO_SNDBUF=1638400 SO_RCVBUF=1638400 SO_KEEPALIVE printcap name = cups show add printer wizard = No max stat cache size = 1024 add user script = /usr/sbin/smbldap-useradd -m %u delete user script = /usr/sbin/smbldap-userdel %u add group script = /usr/sbin/smbldap-groupadd -p %g add user to group script = /usr/sbin/smbldap-groupmod -m %u %g delete user from group script = /usr/sbin/smbldap-groupmod -x %u %g set primary group script = /usr/sbin/smbldap-usermod -g %g %u add machine script = /usr/sbin/smbldap-useradd -t 0 -w %u logon script = logon.bat logon path = \\%N\hives\%U logon drive = domain logons = Yes os level = 65 preferred master = Yes domain master = Yes kernel oplocks = No ldap admin dn = cn=admin,dc=domain-name,dc=bz ldap group suffix = ou=Groups ldap idmap suffix = ou=Idmap ldap machine suffix = ou=Computers ldap suffix = dc=domain-name,dc=bz ldap ssl = no ldap user suffix = ou=Users utmp = Yes panic action = /usr/share/samba/panic-action %d cups options = raw case sensitive = No hide files = /desktop.ini/ [netlogon] path = /usershare/netlogon write list = jorge guest ok = Yes [hives] comment = Profile Hive Directory path = /userdata/hives/%a read only = No create mask = 0600 directory mask = 0700 browseable = No csc policy = disable oplocks = No level2 oplocks = No vfs objects = full_audit, recycle full_audit:priority = notice full_audit:facility = local5 full_audit:failure = connect mkdir rename unlink rmdir pwrite full_audit:success = connect disconnect mkdir rename unlink rmdir pwrite full_audit:prefix = %u|%S - %m|%I recycle:maxsize = 0 recycle:versions = yes recycle:touch = yes recycle:keeptree = yes recycle:repository = /userdata/user_trash/%U [profiles] comment = Profile Data Directory path = /userdata/profiles/%a read only = No create mask = 0600 directory mask = 0700 browseable = No csc policy = disable oplocks = No level2 oplocks = No [printers] comment = Printers path = /var/spool/samba admin users = @lpadmin write list = @lpadmin, root guest ok = Yes printable = Yes browseable = No [print$] comment = Printer Drivers path = /etc/samba/drivers admin users = @lpadmin write list = @lpadmin, root -- Charles Belmopan,
[Samba] Samba 3.3.4 very slow file access times
Can anyone shed any light ( or offer dome diagnosing tips) on why I am seeing a considerable time delay in opening and writing back to excel files on a Samba 3.3.4 build where as the same file on an earlier build (2.2.8.a) does not exhibit the same latency ???- 11 seconds as opposed to 3 seconds.The problem does not seem to be as pronounced with other file types though it is still slower. This problem has been plaguing me since I upgraded samba to a new host and went production on it and NOW I am receiving a barrage of complaints from admin staff with the why did you break it ? underscore !! At this point I have ruled out the obvious. Hosts running the builds are on same network, storage is faster on the new build, same ver of excel, same file (7mb) accessed from same machine. Newer build is running on substantially faster hardware, and storage BUT is authing against an ldap backend as opposed to /etc/passwd Any suggestions are appreciated !! ( I will score big points and possibly keep my job if i can solve this !!) -john SMBSTATUS info on share/file used for testing: Samba version 2.2.8a KADY OS Solaris 8 Service uid gid pid machine -- test john staff 9896 el-gusano-huapo (128.111.207.6) Wed Oct 21 10:45:26 2009 Locked files: PidDenyMode Access R/WOplock Name -- 9896 DENY_WRITE 0x2019f RDWR NONE /shared_files/gse/test/testxls3.xls Wed Oct 21 10:47:39 2009 Samba version 3.3.4 MINA OS Solaris 10 PID Username Group Machine --- 13903 test ldaptest el-gusano-huapo (128.111.207.6) Locked files: Pid UidDenyMode Access R/WOplock SharePath Name Time -- 139036000 DENY_WRITE 0x2019f RDWR NONE /data/test testxls3.xls Wed Oct 21 10:49:48 2009 -- John Goubeaux Systems Administrator Gevirtz Graduate School of Education UC Santa Barbara ESSB 4203C 805 893-8190 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] winbind causes Linux to lockup when connectivity to AD is lost (subject line edited for clarity)
Just a FYI, but this looks an awful lot like the bug I reported months ago https://bugzilla.samba.org/show_bug.cgi?id=6103 Basically I'm running Fedora11 with no local accounts (beyond root) - relying on winbind. On occasion winbind appears to hang - and no local access works - including root - which shouldn't need winbind to succeed! Normally I have to reboot to fix, however if I was lucky enough for it to happen before my screensaver kicked in, then simply restarting winbind fixes the problem. -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] mount.cifs not reporting locking issues to Linux?
Hi there I recall in times past that when a locked file on a Windows server was accessed by smbfs, you received a kind of text file busy type error under Linux. However, on our CentOS4 servers running mount.cifs, accessing a locked file now only reports a Permission denied Wireshark shows the server sending STATUS_FILE_LOCK_CONFLICT errors to Linux, but it appears that isn't exposed to the OS? Is this a bug - or a lack of a feature? This is samba-3.2.11-1 Thanks -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] mount.cifs not reporting locking issues to Linux?
On Thu, Oct 22, 2009 at 10:33:28AM +1300, Jason Haar wrote: Hi there I recall in times past that when a locked file on a Windows server was accessed by smbfs, you received a kind of text file busy type error under Linux. However, on our CentOS4 servers running mount.cifs, accessing a locked file now only reports a Permission denied Wireshark shows the server sending STATUS_FILE_LOCK_CONFLICT errors to Linux, but it appears that isn't exposed to the OS? Is this a bug - or a lack of a feature? This is samba-3.2.11-1 Is this smbfs you're using, or cifsfs ? Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] mount.cifs not reporting locking issues to Linux?
On 10/22/2009 12:07 PM, Jeremy Allison wrote: On Thu, Oct 22, 2009 at 10:33:28AM +1300, Jason Haar wrote: Hi there I recall in times past that when a locked file on a Windows server was accessed by smbfs, you received a kind of text file busy type error under Linux. However, on our CentOS4 servers running mount.cifs, accessing a locked file now only reports a Permission denied Wireshark shows the server sending STATUS_FILE_LOCK_CONFLICT errors to Linux, but it appears that isn't exposed to the OS? Is this a bug - or a lack of a feature? This is samba-3.2.11-1 Is this smbfs you're using, or cifsfs ? Jeremy. cifsfs - I don't think smbfs exists any more? -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] mount.cifs not reporting locking issues to Linux?
On Thu, Oct 22, 2009 at 12:11:39PM +1300, Jason Haar wrote: On 10/22/2009 12:07 PM, Jeremy Allison wrote: On Thu, Oct 22, 2009 at 10:33:28AM +1300, Jason Haar wrote: Hi there I recall in times past that when a locked file on a Windows server was accessed by smbfs, you received a kind of text file busy type error under Linux. However, on our CentOS4 servers running mount.cifs, accessing a locked file now only reports a Permission denied Wireshark shows the server sending STATUS_FILE_LOCK_CONFLICT errors to Linux, but it appears that isn't exposed to the OS? Is this a bug - or a lack of a feature? This is samba-3.2.11-1 Is this smbfs you're using, or cifsfs ? Jeremy. cifsfs - I don't think smbfs exists any more? Bug Stevef directly (or Jeff Layton). Looks like the error code mapping has changed. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] map acl inherit stopped working
On Wed, Oct 21, 2009 at 04:12:58PM +0200, Peter Rindfuss wrote: On 2009-10-19 23:04, Jeremy Allison wrote: On Sat, Oct 17, 2009 at 12:40:10AM +0200, Peter Rindfuss wrote: Hi, It seems that at some point map acl inherit = yes stopped working for me. I now have Samba 3.4.2, but this problem started with an earlier version, possibly some 3.2.x or 3.3.x. No SAMBA_PAI extended attributes are created anymore, but existing ones are still honored. OS is Suse 11.0, file system is XFS. What could be wrong? Not sure, can you log a bug and upload logs please ? Hi Jeremy, I will file a bug, if necessary, but perhaps my further investigations can help. My statement no SAMBA_PAI extended attributes are created anymore is wrong, I apologize. But it is interesting what really happens to SAMBA_PAI: I looked at an old existing folder: Windows security tab shows that rights are inherited from the folder above. SAMBA_PAI is 0x01000300039a750151c302009a750151c302 When I remove and (try to) set inheritance again, SAMBA_PAI becomes 0x02048d030003009a75000151c303020b009a750b0151c30302 and inheritance is gone, same as if SAMBA_PAI were not there at all. When I manually set SAMBA_PAI to the first value, inherited rights are back there again. I'm guessing this is the version 1 to version 2 upgrade. (From posix_acls.c) /* * EA format of user.SAMBA_PAI (Samba_Posix_Acl_Interitance) * attribute on disk - version 1. * All values are little endian. * * | 1 | 1 | 2 | 2 | * +--+--+-+-+-++ * | vers | flag | num_entries | num_default_entries | ..entries.. | * default_entries... | * +--+--+-+-+-++ * * Entry format is : * * | 1 | 4 | * +--+---+ * | value| uid/gid or world | * | type | value| * +--+---+ * * Version 2 format. Stores extra Windows metadata about an ACL. * * | 1 | 2 | 2 | 2 | * +--+--+-+-+-++ * | vers | ace | num_entries | num_default_entries | ..entries.. | * default_entries... | * | 2 | type| | | | * | * +--+--+-+-+-++ * * Entry format is : * * | 1 | 1 | 4 | * +--+--+---+ * | ace | value| uid/gid or world | * | flag | type | value| * +--+---+--+ * Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3.3.4 very slow file access times
On Wed, Oct 21, 2009 at 11:28:49AM -0700, John Goubeaux wrote: Can anyone shed any light ( or offer dome diagnosing tips) on why I am seeing a considerable time delay in opening and writing back to excel files on a Samba 3.3.4 build where as the same file on an earlier build (2.2.8.a) does not exhibit the same latency ???- 11 seconds as opposed to 3 seconds.The problem does not seem to be as pronounced with other file types though it is still slower. This problem has been plaguing me since I upgraded samba to a new host and went production on it and NOW I am receiving a barrage of complaints from admin staff with the why did you break it ? underscore !! At this point I have ruled out the obvious. Hosts running the builds are on same network, storage is faster on the new build, same ver of excel, same file (7mb) accessed from same machine. Newer build is running on substantially faster hardware, and storage BUT is authing against an ldap backend as opposed to /etc/passwd Changed version of the kernel ? You might want to get debug level 10 logs from the old and new versions and compare where things start being different. Jeremy -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3.3.4 very slow file access times
At 5:10 PM -0700 10/21/09, Jeremy Allison wrote: On Wed, Oct 21, 2009 at 11:28:49AM -0700, John Goubeaux wrote: Can anyone shed any light ( or offer dome diagnosing tips) on why I am seeing a considerable time delay in opening and writing back to excel files on a Samba 3.3.4 build where as the same file on an earlier build (2.2.8.a) does not exhibit the same latency ???- 11 seconds as opposed to 3 seconds.The problem does not seem to be as pronounced with other file types though it is still slower. This problem has been plaguing me since I upgraded samba to a new host and went production on it and NOW I am receiving a barrage of complaints from admin staff with the why did you break it ? underscore !! At this point I have ruled out the obvious. Hosts running the builds are on same network, storage is faster on the new build, same ver of excel, same file (7mb) accessed from same machine. Newer build is running on substantially faster hardware, and storage BUT is authing against an ldap backend as opposed to /etc/passwd Changed version of the kernel ? You might want to get debug level 10 logs from the old and new versions and compare where things start being different. Jeremy Yes, completely different OS's eg Solaris 8 Sparc and Solaris 10 x86. Which log file(s) would I want to grab that info out of ? Samba logs to a variety of logfiles and is verbose when set at 10. If I can isolate this specific large .xls file access in the logs this might be a start? I was hoping that there was some obvious setting OR difference between the two versions of Samba that I missed AND am wondering if others are seeing this behavior, with say MS Office apps on this ver of Samba ? -john -- John Goubeaux Systems Administrator Gevirtz Graduate School of Education UC Santa Barbara ESSB 4203C 805 893-8190 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3.3.4 very slow file access times
On Wed, Oct 21, 2009 at 05:17:27PM -0700, John Goubeaux wrote: Which log file(s) would I want to grab that info out of ? Samba logs to a variety of logfiles and is verbose when set at 10. If I can isolate this specific large .xls file access in the logs this might be a start? Split out the log files by accessing machine (%m) and use debug timestamps. I was hoping that there was some obvious setting OR difference between the two versions of Samba that I missed AND am wondering if others are seeing this behavior, with say MS Office apps on this ver of Samba ? There are *so many* changes between 2.2.x and 3.2.x and beyond it's not even possible to list them all :-). Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] testparm error winbind separator +
os:opensuse 11.1 standard samba under 11.1 Hallo, I tested the smb.conf with testparm. I got the error: winbind separator = +' might cause problems with group membership Where I have to search the error? thankyou kaspar -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Build status as of Wed Oct 21 06:00:03 2009
URL: http://build.samba.org/ --- /home/build/master/cache/broken_results.txt.old 2009-10-20 00:00:32.0 -0600 +++ /home/build/master/cache/broken_results.txt 2009-10-21 00:00:04.0 -0600 @@ -1,22 +1,22 @@ -Build status as of Tue Oct 20 06:00:04 2009 +Build status as of Wed Oct 21 06:00:03 2009 Build counts: Tree Total Broken Panic build_farm 0 0 0 ccache 26 6 0 distcc 0 0 0 -ldb 27 27 0 +ldb 26 26 0 libreplace 1 1 0 lorikeet 0 0 0 pidl 1 1 0 ppp 10 0 0 -rsync26 10 0 +rsync26 9 0 samba-docs 0 0 0 samba-web0 0 0 -samba_3_current 24 23 0 -samba_3_master 25 25 5 -samba_3_next 25 24 0 -samba_4_0_test 26 24 0 +samba_3_current 0 0 0 +samba_3_master 24 23 0 +samba_3_next 23 23 0 +samba_4_0_test 24 24 0 talloc 1 1 0 -tdb 23 23 0 +tdb 24 24 0
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 9393d94... s4/drs: prefixMap main interface implementation via 4dc90c0... s4/drs(tort): Unit test for prefixMap implementation. via 31168f1... s4/drs(tort): Comment typos fixed in drs_util.c via 1ecca31... s4/drs(tort): fixed '==' to '=' from 4b6cfbb... s4-lsa: Fix dcesrv_lsa_EnumTrustDom() and avoid infite windows client loop. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 9393d94ad48160d3af665ed7362683b0a59ce72d Author: Kamen Mazdrashki kamen.mazdras...@postpath.com Date: Sun Oct 18 21:34:21 2009 +0300 s4/drs: prefixMap main interface implementation Currenly implemented functions are: dsdb_schema_pfm_new(), dsdb_schema_pfm_make_attid() and dsdb_schema_pfm_oid_from_attid() commit 4dc90c0851bdeeb0f10205e4105658d75ff3df6a Author: Kamen Mazdrashki kamen.mazdras...@postpath.com Date: Sun Oct 18 21:31:37 2009 +0300 s4/drs(tort): Unit test for prefixMap implementation. Currenly those tests cover only the main part of the interface, i.e. dsdb_schema_pfm_new(), dsdb_schema_pfm_make_attid() and dsdb_schema_pfm_oid_from_attid() commit 31168f1fac4c50c078f106a59c6d1da0134212b2 Author: Kamen Mazdrashki kamen.mazdras...@postpath.com Date: Sun Oct 18 21:28:55 2009 +0300 s4/drs(tort): Comment typos fixed in drs_util.c commit 1ecca31caa8c366264e8b15fdb6363a4a5338cde Author: Kamen Mazdrashki kamen.mazdras...@postpath.com Date: Sun Oct 18 21:28:28 2009 +0300 s4/drs(tort): fixed '==' to '=' ATTID is marked as partial by adding 32768. Thus the check should be '= 32768' --- Summary of changes: source4/dsdb/schema/prefixmap.h|6 +- source4/dsdb/schema/schema.h |2 + source4/dsdb/schema/schema_prefixmap.c | 244 + source4/torture/drs/drs_util.c |6 +- source4/torture/drs/internal/prefixmap_tests.c | 332 +++- 5 files changed, 578 insertions(+), 12 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/dsdb/schema/prefixmap.h b/source4/dsdb/schema/prefixmap.h index 7b28c88..816ddcf 100644 --- a/source4/dsdb/schema/prefixmap.h +++ b/source4/dsdb/schema/prefixmap.h @@ -26,8 +26,8 @@ * oid-prefix in prefixmap */ struct dsdb_schema_prefixmap_oid { - uint32_t id; - DATA_BLOB *bin_oid; /* partial binary-oid prefix */ + uint32_t id; + DATA_BLOB bin_oid; /* partial binary-oid prefix */ }; /** @@ -39,7 +39,5 @@ struct dsdb_schema_prefixmap { }; -#include dsdb/schema/proto.h - #endif /* _DSDB_PREFIXMAP_H */ diff --git a/source4/dsdb/schema/schema.h b/source4/dsdb/schema/schema.h index ddd9b37..175e999 100644 --- a/source4/dsdb/schema/schema.h +++ b/source4/dsdb/schema/schema.h @@ -22,6 +22,8 @@ #ifndef _DSDB_SCHEMA_H #define _DSDB_SCHEMA_H +#include prefixmap.h + struct dsdb_attribute; struct dsdb_class; struct dsdb_schema; diff --git a/source4/dsdb/schema/schema_prefixmap.c b/source4/dsdb/schema/schema_prefixmap.c index d24c5ad..8173f89 100644 --- a/source4/dsdb/schema/schema_prefixmap.c +++ b/source4/dsdb/schema/schema_prefixmap.c @@ -20,3 +20,247 @@ */ #include includes.h +#include dsdb/samdb/samdb.h +#include librpc/gen_ndr/ndr_drsuapi.h +#include librpc/gen_ndr/ndr_drsblobs.h +#include ../lib/util/asn1.h + +/** + * Initial prefixMap creation according to: + * [MS-DRSR] section 5.12.2 + */ +WERROR dsdb_schema_pfm_new(TALLOC_CTX *mem_ctx, struct dsdb_schema_prefixmap **ppfm) +{ + uint32_t i; + struct dsdb_schema_prefixmap *pfm; + const struct { + uint32_tid; + const char *oid_prefix; + } pfm_init_data[] = { + {.id=0x, .oid_prefix=2.5.4}, + {.id=0x0001, .oid_prefix=2.5.6}, + {.id=0x0002, .oid_prefix=1.2.840.113556.1.2}, + {.id=0x0003, .oid_prefix=1.2.840.113556.1.3}, + {.id=0x0004, .oid_prefix=2.16.840.1.101.2.2.1}, + {.id=0x0005, .oid_prefix=2.16.840.1.101.2.2.3}, + {.id=0x0006, .oid_prefix=2.16.840.1.101.2.1.5}, + {.id=0x0007, .oid_prefix=2.16.840.1.101.2.1.4}, + {.id=0x0008, .oid_prefix=2.5.5}, + {.id=0x0009, .oid_prefix=1.2.840.113556.1.4}, + {.id=0x000A, .oid_prefix=1.2.840.113556.1.5}, + {.id=0x0013, .oid_prefix=0.9.2342.19200300.100}, + {.id=0x0014, .oid_prefix=2.16.840.1.113730.3}, + {.id=0x0015, .oid_prefix=0.9.2342.19200300.100.1}, + {.id=0x0016, .oid_prefix=2.16.840.1.113730.3.1}, + {.id=0x0017, .oid_prefix=1.2.840.113556.1.5.7000}, + {.id=0x0018, .oid_prefix=2.5.21},
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 1467e5e... s4-ldb: allow for non-null terminated ldb_val in ldb_dn_from_ldb_val via 16a80f1... s4:dsdb Add note explaining about the partition format upgrade via d7cf71d... s4:dsdb Allow loading of old-style partition records via 4209cf9... s4:dsdb Make the 'relative path' code in partitions handle tdb:// via fa2e04b... s4:ldb_map Fix use-after-free of memory in ldb_map via 96ec453... s4:dsdb talloc_steal the backend module to under the partition via 937140b... s4:ldb Put ltdb_private under the 'module' via a0a787a... s4:rpc_server Ensure we talloc_free handles when we delete objects via 398188f... s4:dsdb Remove potentially confusing 'partition' control from result via bd53628... s4:ldb Add new function to create a cut down list of controls via fcbe616... s4:samr Don't leak the whole user onto the long-term handle via 108b834... librpc Make talloc tree in binding tower match the floors via 47daa27... s4:epmapper Create a proper talloc tree of endpoint floors via 1547477... s4:dsdb Allow creation of new partitions via 4c36cac... s4:provision Use schema to casefold partitions on 'upgrade'. via da7c778... s4:dsdb Remove default instanceType from repl_meta_data via c106017... s4:dsdb Remove workaround for two partition head records via 96c9bc1... s4:dsdb Use 'partition modified' information to update @REPLCHANGED via d3a5037... s4:repl Pass schema as argument to replmd_update_rpmd() via f545d5f... s4:dsdb In partitions module, tell the caller what partition was used. via 17237f1... s4:ldb Add function to add controls to an LDB reply via be5f081... s4:dsdb Load new partitions in a running LDB if metadata changes via 6a77165... s4:dsdb Only reload partition metadata on search and transaction start via e62200e... s4:dsdb Reload partition metadata if the main db updates via 1803525... s4:provision Test ability to set GUIDs from provision command line via d3b50ec... s4:provison Allow the NTDS guid on the command line (for testing) via fa5ebaa... s4:dsdb Split 'set per-partition metadata' into it's own function via 27c28d3... s4:Handle reprovision with existing partitions via ff3b60d... s4:dsdb Don't try and casefold DNs during startup for partition load via 129bda5... s4:dsdb Fix partition_create not to return early via b73d584... s4:dsdb Fix tests for samba3sam to pass after partitions module changes via b04bdee... s4:dsdb Be strict in selecting on-disk names for partitions via 8ea2a8b... s4:dsdb Set 'notification' after the success of a change. via d4048b2... s4:provision Set @OPTIONS in the provision_init.ldif via c59f008... s4:dsdb Rework modules create new partitions at runtime from 9393d94... s4/drs: prefixMap main interface implementation http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 1467e5eaab24b2b5c90ba0dd4e9dad4f321568c3 Author: Andrew Tridgell tri...@samba.org Date: Wed Oct 21 22:18:16 2009 +1100 s4-ldb: allow for non-null terminated ldb_val in ldb_dn_from_ldb_val The strlen() could go past the end of a non-null terminated value commit 16a80f17425c5de9d0bd52494e3e26a6840cfd7d Author: Andrew Bartlett abart...@samba.org Date: Wed Oct 21 22:28:29 2009 +1100 s4:dsdb Add note explaining about the partition format upgrade commit d7cf71d9b6cae19b2f9a215f910b4b6e1474291d Author: Andrew Bartlett abart...@samba.org Date: Wed Oct 21 22:27:22 2009 +1100 s4:dsdb Allow loading of old-style partition records This should make upgrades easier commit 4209cf9860b528f2ac9da175feec8783a35950f9 Author: Andrew Bartlett abart...@samba.org Date: Wed Oct 21 18:25:00 2009 +1100 s4:dsdb Make the 'relative path' code in partitions handle tdb:// The previous code would fail if the caller used tdb:// in the URL for the top-level database. Andrew Bartlett commit fa2e04b64004f24bcac51a44ce37b8923480b819 Author: Andrew Bartlett abart...@samba.org Date: Wed Oct 21 18:23:18 2009 +1100 s4:ldb_map Fix use-after-free of memory in ldb_map We need to keep the old 'ares' from the remote server around so we can forward it back to the caller. We can't send the same controls (from the last search entry) twice (and it makes no sense anyway). Andrew Bartlett commit 96ec45309a367a00234f7c62c2d30c64ae95b680 Author: Andrew Bartlett abart...@samba.org Date: Wed Oct 21 16:09:10 2009 +1100 s4:dsdb talloc_steal the backend module to under the partition commit 937140bf102a2a92d7822f22f30a9adc19920834 Author: Andrew Bartlett abart...@samba.org Date: Wed Oct 21 16:08:24 2009 +1100 s4:ldb Put ltdb_private
[SCM] SAMBA-CTDB repository - branch v3-2-ctdb updated - 3.2.11-ctdb-65-5-g587caa3
The branch, v3-2-ctdb has been updated via 587caa3d8ad6a97c480e371a3cc5bc3b2c932ec7 (commit) via a2d1d3cd0add8d116454b32d337813fbaf8f1c76 (commit) via ea3128a0f1d3842f1e6c14390b4967a5758b5257 (commit) via 415fb7fc0e07517f4e681b5872ac3f0e59632d96 (commit) from bf00bbf3e71eff5f2cb732f78b8fd9aed84dfa2e (commit) http://gitweb.samba.org/?p=obnox/samba-ctdb.git;a=shortlog;h=v3-2-ctdb - Log - commit 587caa3d8ad6a97c480e371a3cc5bc3b2c932ec7 Author: Volker Lendecke v...@samba.org Date: Mon Oct 19 13:10:58 2009 +0200 v3-2-ctdb: Bump the ctdb vendor patch level to 67. commit a2d1d3cd0add8d116454b32d337813fbaf8f1c76 Author: Volker Lendecke v...@samba.org Date: Fri Oct 16 12:37:27 2009 +0200 s3: Attempt to fix a deadlock between smbd and ctdbd In Samba we access the notify databases under the locking.tdb lock when closing a file. This leads to a deadlock with ctdb when doing a recovery. This is a bad hack, and ctdb will need to get fixed for this. But for now, it seems necessary. commit ea3128a0f1d3842f1e6c14390b4967a5758b5257 Author: Günther Deschner g...@samba.org Date: Tue Sep 1 11:58:05 2009 +0200 wbclient: Fix Bug #6680: always activate handling of large ( 256 byte) ntlmv2 blobs in wbcAuthenticateUserEx(). Guenther commit 415fb7fc0e07517f4e681b5872ac3f0e59632d96 Author: Volker Lendecke v...@samba.org Date: Thu Oct 8 14:02:39 2009 +0200 s3: Fix shadow copy display on Windows 7 Windows 7 is a bit more picky on our NT_STATUS_BUFFER_TOO_SMALL. Announce the right buffer size, the same amount we later check for. --- Summary of changes: source/VERSION|2 +- source/nsswitch/libwbclient/wbc_pam.c | 19 +-- source/smbd/notify.c | 92 - source/smbd/nttrans.c |2 +- 4 files changed, 96 insertions(+), 19 deletions(-) Changeset truncated at 500 lines: diff --git a/source/VERSION b/source/VERSION index f071384..7374600 100644 --- a/source/VERSION +++ b/source/VERSION @@ -96,4 +96,4 @@ SAMBA_VERSION_IS_GIT_SNAPSHOT= # - CVS 3.0.0rc2-VendorVersion# SAMBA_VERSION_VENDOR_SUFFIX=ctdb -SAMBA_VERSION_VENDOR_PATCH=66 +SAMBA_VERSION_VENDOR_PATCH=67 diff --git a/source/nsswitch/libwbclient/wbc_pam.c b/source/nsswitch/libwbclient/wbc_pam.c index 5427ddb..8f1df16 100644 --- a/source/nsswitch/libwbclient/wbc_pam.c +++ b/source/nsswitch/libwbclient/wbc_pam.c @@ -369,15 +369,24 @@ wbcErr wbcAuthenticateUserEx(const struct wbcAuthUserParams *params, request.data.auth_crap.lm_resp_len = MIN(params-password.response.lm_length, sizeof(request.data.auth_crap.lm_resp)); - request.data.auth_crap.nt_resp_len = - MIN(params-password.response.nt_length, - sizeof(request.data.auth_crap.nt_resp)); if (params-password.response.lm_data) { memcpy(request.data.auth_crap.lm_resp, params-password.response.lm_data, request.data.auth_crap.lm_resp_len); } - if (params-password.response.nt_data) { + request.data.auth_crap.nt_resp_len = params-password.response.nt_length; + if (params-password.response.nt_length sizeof(request.data.auth_crap.nt_resp)) { + request.flags |= WBFLAG_BIG_NTLMV2_BLOB; + request.extra_len = params-password.response.nt_length; + request.extra_data.data = talloc_zero_array(NULL, char, request.extra_len); + if (request.extra_data.data == NULL) { + wbc_status = WBC_ERR_NO_MEMORY; + BAIL_ON_WBC_ERROR(wbc_status); + } + memcpy(request.extra_data.data, + params-password.response.nt_data, + request.data.auth_crap.nt_resp_len); + } else if (params-password.response.nt_data) { memcpy(request.data.auth_crap.nt_resp, params-password.response.nt_data, request.data.auth_crap.nt_resp_len); @@ -419,6 +428,8 @@ done: if (response.extra_data.data) free(response.extra_data.data); + talloc_free(request.extra_data.data); + return wbc_status; } diff --git a/source/smbd/notify.c b/source/smbd/notify.c index 180e086..8b5a14e 100644 --- a/source/smbd/notify.c +++ b/source/smbd/notify.c @@ -357,32 +357,98 @@ void
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 7030043... lib/tdb: TDB_TRACE support (for developers) from 1467e5e... s4-ldb: allow for non-null terminated ldb_val in ldb_dn_from_ldb_val http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 703004340c3e0f43f741bd368d2525cfd187d590 Author: Rusty Russell ru...@rustcorp.com.au Date: Tue Oct 20 12:19:41 2009 +1030 lib/tdb: TDB_TRACE support (for developers) When TDB_TRACE is defined (in tdb_private.h), verbose tracing of tdb operations is enabled. This can be replayed using replay_trace from http://ccan.ozlabs.org/info/tdb. The majority of this patch comes from moving internal functions to _funcname to avoid double-tracing. There should be no additional overhead for the normal (!TDB_TRACE) case. Note that the verbose traces compress really well with rzip. Signed-off-by: Rusty Russell ru...@rustcorp.com.au --- Summary of changes: lib/tdb/common/lock.c| 34 +- lib/tdb/common/open.c| 31 +- lib/tdb/common/tdb.c | 232 + lib/tdb/common/tdb_private.h | 36 +++ lib/tdb/common/transaction.c | 55 +++ lib/tdb/common/traverse.c| 23 - lib/tdb/docs/tracing.txt | 46 7 files changed, 402 insertions(+), 55 deletions(-) create mode 100644 lib/tdb/docs/tracing.txt Changeset truncated at 500 lines: diff --git a/lib/tdb/common/lock.c b/lib/tdb/common/lock.c index 2c72ae1..3414049 100644 --- a/lib/tdb/common/lock.c +++ b/lib/tdb/common/lock.c @@ -422,48 +422,58 @@ static int _tdb_unlockall(struct tdb_context *tdb, int ltype) /* lock entire database with write lock */ int tdb_lockall(struct tdb_context *tdb) { + tdb_trace(tdb, tdb_lockall); return _tdb_lockall(tdb, F_WRLCK, F_SETLKW); } /* lock entire database with write lock - mark only */ int tdb_lockall_mark(struct tdb_context *tdb) { + tdb_trace(tdb, tdb_lockall_mark); return _tdb_lockall(tdb, F_WRLCK | TDB_MARK_LOCK, F_SETLKW); } /* unlock entire database with write lock - unmark only */ int tdb_lockall_unmark(struct tdb_context *tdb) { + tdb_trace(tdb, tdb_lockall_unmark); return _tdb_unlockall(tdb, F_WRLCK | TDB_MARK_LOCK); } /* lock entire database with write lock - nonblocking varient */ int tdb_lockall_nonblock(struct tdb_context *tdb) { - return _tdb_lockall(tdb, F_WRLCK, F_SETLK); + int ret = _tdb_lockall(tdb, F_WRLCK, F_SETLK); + tdb_trace_ret(tdb, tdb_lockall_nonblock, ret); + return ret; } /* unlock entire database with write lock */ int tdb_unlockall(struct tdb_context *tdb) { + tdb_trace(tdb, tdb_unlockall); return _tdb_unlockall(tdb, F_WRLCK); } /* lock entire database with read lock */ int tdb_lockall_read(struct tdb_context *tdb) { + tdb_trace(tdb, tdb_lockall_read); return _tdb_lockall(tdb, F_RDLCK, F_SETLKW); } /* lock entire database with read lock - nonblock varient */ int tdb_lockall_read_nonblock(struct tdb_context *tdb) { - return _tdb_lockall(tdb, F_RDLCK, F_SETLK); + int ret = _tdb_lockall(tdb, F_RDLCK, F_SETLK); + tdb_trace_ret(tdb, tdb_lockall_read_nonblock, ret); + return ret; } /* unlock entire database with read lock */ int tdb_unlockall_read(struct tdb_context *tdb) { + tdb_trace(tdb, tdb_unlockall_read); return _tdb_unlockall(tdb, F_RDLCK); } @@ -471,7 +481,9 @@ int tdb_unlockall_read(struct tdb_context *tdb) contention - it cannot guarantee how many records will be locked */ int tdb_chainlock(struct tdb_context *tdb, TDB_DATA key) { - return tdb_lock(tdb, BUCKET(tdb-hash_fn(key)), F_WRLCK); + int ret = tdb_lock(tdb, BUCKET(tdb-hash_fn(key)), F_WRLCK); + tdb_trace_1rec(tdb, tdb_chainlock, key); + return ret; } /* lock/unlock one hash chain, non-blocking. This is meant to be used @@ -479,33 +491,43 @@ int tdb_chainlock(struct tdb_context *tdb, TDB_DATA key) locked */ int tdb_chainlock_nonblock(struct tdb_context *tdb, TDB_DATA key) { - return tdb_lock_nonblock(tdb, BUCKET(tdb-hash_fn(key)), F_WRLCK); + int ret = tdb_lock_nonblock(tdb, BUCKET(tdb-hash_fn(key)), F_WRLCK); + tdb_trace_1rec_ret(tdb, tdb_chainlock_nonblock, key, ret); + return ret; } /* mark a chain as locked without actually locking it. Warning! use with great caution! */ int tdb_chainlock_mark(struct tdb_context *tdb, TDB_DATA key) { - return tdb_lock(tdb, BUCKET(tdb-hash_fn(key)), F_WRLCK | TDB_MARK_LOCK); + int ret = tdb_lock(tdb, BUCKET(tdb-hash_fn(key)), F_WRLCK | TDB_MARK_LOCK); + tdb_trace_1rec(tdb, tdb_chainlock_mark, key); + return ret; } /* unmark a chain as locked without actually locking it. Warning!
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 0944931... lib/tdb: make tdbtool use tdb_check() for check command via 022b4d4... lib/tdb: add tdb_check() via 0fc6800... lib/tdb: add -t (always use transactions) option to tdbtorture via b77f41d... lib/tdb: wean off TDB_ERRCODE. from 7030043... lib/tdb: TDB_TRACE support (for developers) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 094493115971cf3d5a3138ff10ebe02335824723 Author: Rusty Russell ru...@rustcorp.com.au Date: Thu Oct 22 00:11:34 2009 +1030 lib/tdb: make tdbtool use tdb_check() for check command Also, set logging function so we get more informative messages. Signed-off-by: Rusty Russell ru...@rustcorp.com.au commit 022b4d4aa6861c1e3e6d76484d92555221cb6d14 Author: Rusty Russell ru...@rustcorp.com.au Date: Thu Oct 22 00:10:34 2009 +1030 lib/tdb: add tdb_check() ctdb wants a quick way to detect corrupt tdbs; particularly, tdbs with loops in their hash chains. tdb_check() provides this. Signed-off-by: Rusty Russell ru...@rustcorp.com.au commit 0fc685ffb532a5e5699c97f13f1de138d51f Author: Rusty Russell ru...@rustcorp.com.au Date: Thu Oct 22 00:10:54 2009 +1030 lib/tdb: add -t (always use transactions) option to tdbtorture This means you can kill it at any time and expect no corruption. Signed-off-by: Rusty Russell ru...@rustcorp.com.au commit b77f41d58b05101e02d8ac0e54cb0e30807d89c2 Author: Rusty Russell ru...@rustcorp.com.au Date: Thu Oct 22 00:09:43 2009 +1030 lib/tdb: wean off TDB_ERRCODE. It was a regrettable hack which I used to reduce line count in tdb; in fact it caused confusion as can be seen in this patch. In particular, ecode now needs to be set before TDB_LOG anyway, and having it exposed in the header is useless (the struct tdb_context isn't defined, so it's doubly useless). Also, we should never set errno, as io.c was doing. Signed-off-by: Rusty Russell ru...@rustcorp.com.au --- Summary of changes: lib/tdb/common/check.c | 422 lib/tdb/common/freelist.c |5 +- lib/tdb/common/freelistcheck.c |6 +- lib/tdb/common/io.c| 35 ++-- lib/tdb/common/lock.c | 30 ++- lib/tdb/common/open.c |6 +- lib/tdb/common/tdb.c |9 +- lib/tdb/common/transaction.c |3 +- lib/tdb/common/traverse.c |3 +- lib/tdb/config.mk |2 +- lib/tdb/configure.ac |2 +- lib/tdb/docs/README| 11 + lib/tdb/include/tdb.h |5 +- lib/tdb/libtdb.m4 |2 +- lib/tdb/tdb.exports|1 + lib/tdb/tdb.signatures |1 + lib/tdb/tools/tdbtool.c| 44 +++-- lib/tdb/tools/tdbtorture.c | 41 +++-- source4/min_versions.m4|2 +- 19 files changed, 560 insertions(+), 70 deletions(-) create mode 100644 lib/tdb/common/check.c Changeset truncated at 500 lines: diff --git a/lib/tdb/common/check.c b/lib/tdb/common/check.c new file mode 100644 index 000..94240bb --- /dev/null +++ b/lib/tdb/common/check.c @@ -0,0 +1,422 @@ + /* + Unix SMB/CIFS implementation. + + trivial database library + + Copyright (C) Rusty Russell2009 + + ** NOTE! The following LGPL license applies to the tdb + ** library. This does NOT imply that all of Samba is released + ** under the LGPL + + This library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 3 of the License, or (at your option) any later version. + + This library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with this library; if not, see http://www.gnu.org/licenses/. +*/ +#include tdb_private.h + +/* Since we opened it, these shouldn't fail unless it's recent corruption. */ +static bool tdb_check_header(struct tdb_context *tdb, tdb_off_t *recovery) +{ + struct tdb_header hdr; + + if (tdb-methods-tdb_read(tdb, 0, hdr, sizeof(hdr), DOCONV()) == -1) + return false; + if (strcmp(hdr.magic_food, TDB_MAGIC_FOOD) != 0) + goto corrupt; + + CONVERT(hdr); + if (hdr.version != TDB_VERSION) + goto corrupt; + + if (hdr.rwlocks != 0) + goto corrupt; + + if (hdr.hash_size == 0) + goto corrupt; + + if (hdr.hash_size !=
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 95ce7df... S4: ldb_map modules uses defines that are reserved via 6e5dad4... S4: Building on a system with libintl from 0944931... lib/tdb: make tdbtool use tdb_check() for check command http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 95ce7dff20d5629eff16cc6f7527c542987d8eb0 Author: Torgeir Lerkerød torgeir.lerke...@gmail.com Date: Tue Oct 20 18:33:25 2009 +0200 S4: ldb_map modules uses defines that are reserved On OpenSolaris MAP_RENAME and friends are defined in sys/mman.h e.g. mmap and friends. So on these systems MAP_* have a meaning. Cleaned up LDB name space by adding LDB_ in front of MAP_* e.g. MAP_RENAME = LDB_MAP_RENAME Signed-off-by: Torgeir Lerkerød torgeir.lerke...@gmail.com Signed-off-by: Stefan Metzmacher me...@samba.org commit 6e5dad49d9cfc8e8a3fc6c1e60733d6e25865ef7 Author: Torgeir Lerkerød torgeir.lerke...@gmail.com Date: Tue Oct 20 18:25:53 2009 +0200 S4: Building on a system with libintl Heimdal's internal buildsystem uses a different define for checking for libintl than what samba uses. LIBINTL vs HAVE_LIBINTL_H. Since changing heimdals defineswould brake dropin merges of heimdal. This is a simple workaround in line with others in heimdal_build catalog. Signed-off-by: Torgeir Lerkerød torgeir.lerke...@gmail.com Signed-off-by: Stefan Metzmacher me...@samba.org --- Summary of changes: source4/dsdb/samdb/ldb_modules/samba3sam.c | 168 +++--- source4/dsdb/samdb/ldb_modules/simple_ldap_map.c | 66 +- source4/heimdal_build/config.h |5 + source4/lib/ldb/ldb_map/ldb_map.c| 58 source4/lib/ldb/ldb_map/ldb_map.h| 10 +- source4/lib/ldb/ldb_map/ldb_map_inbound.c| 10 +- source4/lib/ldb/ldb_map/ldb_map_outbound.c | 38 +++--- 7 files changed, 180 insertions(+), 175 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/dsdb/samdb/ldb_modules/samba3sam.c b/source4/dsdb/samdb/ldb_modules/samba3sam.c index f5ddff9..61013d1 100644 --- a/source4/dsdb/samdb/ldb_modules/samba3sam.c +++ b/source4/dsdb/samdb/ldb_modules/samba3sam.c @@ -308,7 +308,7 @@ const struct ldb_map_attribute samba3_attributes[] = /* sambaNextRid - nextRid */ { .local_name = nextRid, - .type = MAP_RENAME, + .type = LDB_MAP_RENAME, .u = { .rename = { .remote_name = sambaNextRid, @@ -319,7 +319,7 @@ const struct ldb_map_attribute samba3_attributes[] = /* sambaBadPasswordTime - badPasswordtime*/ { .local_name = badPasswordTime, - .type = MAP_RENAME, + .type = LDB_MAP_RENAME, .u = { .rename = { .remote_name = sambaBadPasswordTime, @@ -330,7 +330,7 @@ const struct ldb_map_attribute samba3_attributes[] = /* sambaLMPassword - lmPwdHash*/ { .local_name = dBCSPwd, - .type = MAP_CONVERT, + .type = LDB_MAP_CONVERT, .u = { .convert = { .remote_name = sambaLMPassword, @@ -343,7 +343,7 @@ const struct ldb_map_attribute samba3_attributes[] = /* sambaGroupType - groupType */ { .local_name = groupType, - .type = MAP_RENAME, + .type = LDB_MAP_RENAME, .u = { .rename = { .remote_name = sambaGroupType, @@ -354,7 +354,7 @@ const struct ldb_map_attribute samba3_attributes[] = /* sambaNTPassword - ntPwdHash*/ { .local_name = ntpwdhash, - .type = MAP_CONVERT, + .type = LDB_MAP_CONVERT, .u = { .convert = { .remote_name = sambaNTPassword, @@ -367,7 +367,7 @@ const struct ldb_map_attribute samba3_attributes[] = /* sambaPrimaryGroupSID - primaryGroupID */ { .local_name = primaryGroupID, - .type = MAP_GENERATE, + .type = LDB_MAP_GENERATE, .u = { .generate = { .remote_names = { sambaPrimaryGroupSID, NULL }, @@ -380,7 +380,7 @@ const struct ldb_map_attribute samba3_attributes[] = /* sambaBadPasswordCount - badPwdCount */ { .local_name = badPwdCount, - .type = MAP_RENAME, + .type = LDB_MAP_RENAME, .u = { .rename = { .remote_name =
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 9f170bc... heimdal - hdb/ext.c - fix a shadows variable warning from 95ce7df... S4: ldb_map modules uses defines that are reserved http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 9f170bc7ea5838756b58158842b61815e29a2aaa Author: Matthias Dieter Wallnöfer mwallnoe...@yahoo.de Date: Wed Oct 21 17:35:51 2009 +0200 heimdal - hdb/ext.c - fix a shadows variable warning Renamed the variable str in the nested block to str2 to prevent the collision with str in the main function block. --- Summary of changes: source4/heimdal/lib/hdb/ext.c |8 1 files changed, 4 insertions(+), 4 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/heimdal/lib/hdb/ext.c b/source4/heimdal/lib/hdb/ext.c index faf0b6b..8248098 100644 --- a/source4/heimdal/lib/hdb/ext.c +++ b/source4/heimdal/lib/hdb/ext.c @@ -286,7 +286,7 @@ hdb_entry_get_password(krb5_context context, HDB *db, ext = hdb_find_extension(entry, choice_HDB_extension_data_password); if (ext) { - heim_utf8_string str; + heim_utf8_string str2; heim_octet_string pw; if (db-hdb_master_key_set ext-data.u.password.mkvno) { @@ -314,13 +314,13 @@ hdb_entry_get_password(krb5_context context, HDB *db, return ret; } - str = pw.data; - if (str[pw.length - 1] != '\0') { + str2 = pw.data; + if (str2[pw.length - 1] != '\0') { krb5_set_error_message(context, EINVAL, password malformated); return EINVAL; } - *p = strdup(str); + *p = strdup(str2); der_free_octet_string(pw); if (*p == NULL) { -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 925b156... .gitignore: add partition_proto.h from 9f170bc... heimdal - hdb/ext.c - fix a shadows variable warning http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 925b156a12ac1b6ff02c0f8e0161f2f0576e61ac Author: Matthias Dieter Wallnöfer mwallnoe...@yahoo.de Date: Wed Oct 21 17:56:17 2009 +0200 .gitignore: add partition_proto.h --- Summary of changes: .gitignore |1 + 1 files changed, 1 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/.gitignore b/.gitignore index 3a752f5..13dd2d8 100644 --- a/.gitignore +++ b/.gitignore @@ -142,6 +142,7 @@ source4/dsdb/kcc/kcc_service_proto.h source4/dsdb/repl/drepl_service_proto.h source4/dsdb/samdb/samdb_proto.h source4/dsdb/samdb/ldb_modules/util_proto.h +source4/dsdb/samdb/ldb_modules/partition_proto.h source4/dsdb/schema/proto.h source4/extra_cflags.txt source4/foo.tdb -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 47fcde1... s4:provision - important fix for DNS domainname: lower realm from 925b156... .gitignore: add partition_proto.h http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 47fcde1922afc80909fb45bab9b55ea267d4a66f Author: Matthias Dieter Wallnöfer mwallnoe...@yahoo.de Date: Wed Oct 21 18:46:44 2009 +0200 s4:provision - important fix for DNS domainname: lower realm --- Summary of changes: source4/scripting/python/samba/provision.py |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/scripting/python/samba/provision.py b/source4/scripting/python/samba/provision.py index f6236cc..10f4845 100644 --- a/source4/scripting/python/samba/provision.py +++ b/source4/scripting/python/samba/provision.py @@ -1266,7 +1266,7 @@ def provision(setup_dir, message, session_info, lp.load(smbconf) names = guess_names(lp=lp, hostname=hostname, domain=domain, -dnsdomain=realm, serverrole=serverrole, sitename=sitename, +dnsdomain=realm.lower(), serverrole=serverrole, sitename=sitename, rootdn=rootdn, domaindn=domaindn, configdn=configdn, schemadn=schemadn, serverdn=serverdn) -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 78a5e26... s3:Makefile: add some explicit dependencies to libc from 47fcde1... s4:provision - important fix for DNS domainname: lower realm http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 78a5e26783aa7a1beff5cd6674e9ff305a0a6390 Author: Björn Jacke b...@sernet.de Date: Wed Oct 21 22:45:18 2009 +0200 s3:Makefile: add some explicit dependencies to libc Add libc as explicit dependency where we use -z defs linker flags. This is to silence the Sun linker. Otherwise it whines: malloc ... (symbol belongs to implicit dependency /lib/libc.so.1) --- Summary of changes: source3/Makefile.in |4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/Makefile.in b/source3/Makefile.in index 7ac7a6f..0a9fb91 100644 --- a/source3/Makefile.in +++ b/source3/Makefile.in @@ -45,11 +45,11 @@ CPPFLAGS=-DHAVE_CONFIG_H @CPPFLAGS@ exee...@exeext@ a...@ar@ -ldshfla...@ldshflags@ @RELRO_LDFLAGS@ @LDFLAGS@ @LDSHFLAGS_Z_DEFS@ +ldshfla...@ldshflags@ @RELRO_LDFLAGS@ @LDFLAGS@ -lc @LDSHFLAGS_Z_DEFS@ ldshflags_modul...@ldshflags@ @RELRO_LDFLAGS@ @LDFLAGS@ @LDSHFLAGS_Z_NODEFS@ ldfla...@pie_ldflags@ @RELRO_LDFLAGS@ @LDFLAGS@ -winbind_nss_ldshfla...@winbind_nss_ldshflags@ @LDFLAGS@ @LDSHFLAGS_Z_DEFS@ +winbind_nss_ldshfla...@winbind_nss_ldshflags@ @LDFLAGS@ -lc @LDSHFLAGS_Z_DEFS@ a...@awk@ picfl...@picflag@ dyne...@dynexp@ -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 33f3d54... s4:provision - rework the guess_names and make_smbconf method from 78a5e26... s3:Makefile: add some explicit dependencies to libc http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 33f3d54de4ffab239e107cb8c92a8454080adbf3 Author: Matthias Dieter Wallnöfer mwallnoe...@yahoo.de Date: Wed Oct 21 19:38:52 2009 +0200 s4:provision - rework the guess_names and make_smbconf method - Cleans it up from unnecessary lower()/upper() and parameters which can be derived through lp calls. - Substitute the HOSTNAME caption in the smb.conf templates with NETBIOS_NAME which fits better. - Now the realm and domain parameter of the provision are totally case insensitive and the script itself up/downcases them appropriately depending on the use (e.g. realm upcase for KERBEROS, lowcase for DNS domainname). --- Summary of changes: source4/scripting/python/samba/provision.py | 55 +-- source4/setup/provision.smb.conf.dc |2 +- source4/setup/provision.smb.conf.member |2 +- source4/setup/provision.smb.conf.standalone |2 +- 4 files changed, 21 insertions(+), 40 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/scripting/python/samba/provision.py b/source4/scripting/python/samba/provision.py index 10f4845..d8c6790 100644 --- a/source4/scripting/python/samba/provision.py +++ b/source4/scripting/python/samba/provision.py @@ -428,59 +428,38 @@ def provision_paths_from_lp(lp, dnsdomain): return paths -def guess_names(lp=None, hostname=None, domain=None, dnsdomain=None, -serverrole=None, rootdn=None, domaindn=None, configdn=None, -schemadn=None, serverdn=None, sitename=None, sambadn=None): +def guess_names(lp=None, hostname=None, rootdn=None, +domaindn=None, configdn=None, schemadn=None, serverdn=None, +sitename=None, sambadn=None): Guess configuration settings to use. if hostname is None: -hostname = socket.gethostname().split(.)[0].lower() +hostname = socket.gethostname().split(.)[0] netbiosname = hostname.upper() if not valid_netbios_name(netbiosname): raise InvalidNetbiosName(netbiosname) -hostname = hostname.lower() +dnsdomain = lp.get(realm).lower() +realm = lp.get(realm).upper() +serverrole = lp.get(server role).lower() -if dnsdomain is None: -dnsdomain = lp.get(realm).lower() - -if serverrole is None: -serverrole = lp.get(server role) - -assert dnsdomain is not None -realm = dnsdomain.upper() - -if lp.get(realm).upper() != realm: -raise Exception(realm '%s' in %s must match chosen realm '%s' % -(lp.get(realm), lp.configfile, realm)) - if serverrole == domain controller: -if domain is None: -domain = lp.get(workgroup) +domain = lp.get(workgroup).upper() if domaindn is None: domaindn = DC= + dnsdomain.replace(., ,DC=) -if lp.get(workgroup).upper() != domain.upper(): -raise Exception(workgroup '%s' in smb.conf must match chosen domain '%s', -lp.get(workgroup), domain) else: domain = netbiosname if domaindn is None: domaindn = DC= + netbiosname -assert domain is not None -domain = domain.upper() - if not valid_netbios_name(domain): raise InvalidNetbiosName(domain) -if netbiosname.upper() == realm: +if netbiosname == realm: raise Exception(realm %s must not be equal to netbios domain name %s, realm, netbiosname) -if hostname.upper() == realm: -raise Exception(realm %s must not be equal to hostname %s, realm, hostname) - -if domain.upper() == realm: +if domain == realm: raise Exception(realm %s must not be equal to domain name %s, realm, domain) if rootdn is None: @@ -520,7 +499,8 @@ def make_smbconf(smbconf, setup_path, hostname, domain, realm, serverrole, assert smbconf is not None if hostname is None: -hostname = socket.gethostname().split(.)[0].lower() +hostname = socket.gethostname().split(.)[0] +netbiosname = hostname.upper() if serverrole is None: serverrole = standalone @@ -534,7 +514,10 @@ def make_smbconf(smbconf, setup_path, hostname, domain, realm, serverrole, smbconfsuffix = standalone assert domain is not None +domain = domain.upper() + assert realm is not None +realm = realm.upper() default_lp = param.LoadParm() #Load non-existant file @@ -555,7 +538,7 @@ def make_smbconf(smbconf, setup_path, hostname, domain, realm,
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via f424097... s4:dsdb Add default modules list to samba3sam from 33f3d54... s4:provision - rework the guess_names and make_smbconf method http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit f4240973ba40934d435c753094bbb32ce474 Author: Andrew Bartlett abart...@samba.org Date: Thu Oct 22 09:22:18 2009 +1100 s4:dsdb Add default modules list to samba3sam This is needed because the work to allow existing databases to be loaded now moves the 'you have an old @PARTITION' record to the presense or absence of this attribute. Andrew Bartlett --- Summary of changes: source4/dsdb/samdb/ldb_modules/tests/samba3sam.py |3 ++- 1 files changed, 2 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/dsdb/samdb/ldb_modules/tests/samba3sam.py b/source4/dsdb/samdb/ldb_modules/tests/samba3sam.py index 252de85..2478043 100644 --- a/source4/dsdb/samdb/ldb_modules/tests/samba3sam.py +++ b/source4/dsdb/samdb/ldb_modules/tests/samba3sam.py @@ -54,7 +54,8 @@ class MapBaseTestCase(TestCaseInTempDir): ldb.add({dn: @PARTITION, partition: [%s % (s4.basedn_casefold), %s % (s3.basedn_casefold)], -replicateEntries: [@ATTRIBUTES, @INDEXLIST]}) +replicateEntries: [@ATTRIBUTES, @INDEXLIST], +modules: *:}) def setUp(self): super(MapBaseTestCase, self).setUp() -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via c9838f0... s4:torture Silence const warning by use of data_blob_const() via 60ec0f1... s4:dsdb/samdb/cracknames - Remove unused header and add more const via d120e7e... s4:ldb_sort - Add some more const via 0defcfb... s4:libcli/security/access_check - Add const in front of type via 24bca52... s4:smbtorture - Add const before value via 925a94b... s4:dsdb Use the 'correct' case for the namingContext values in rootDSE from f424097... s4:dsdb Add default modules list to samba3sam http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit c9838f0e135dc8d1aa46eb86e6fbc8a82c4ada3a Author: Andrew Bartlett abart...@samba.org Date: Thu Oct 22 10:17:35 2009 +1100 s4:torture Silence const warning by use of data_blob_const() This was inspired by one of mdw's const patches Andrew Bartlett commit 60ec0f1ae7e3efc65cce3abc1c56138e09473fcf Author: Matthias Dieter Wallnöfer mwallnoe...@yahoo.de Date: Sat Oct 17 22:20:43 2009 +0200 s4:dsdb/samdb/cracknames - Remove unused header and add more const Signed-off-by: Andrew Bartlett abart...@samba.org commit d120e7ebde71c0ab694e1e7c0002dd1f80c05f0a Author: Matthias Dieter Wallnöfer mwallnoe...@yahoo.de Date: Sat Oct 17 22:30:22 2009 +0200 s4:ldb_sort - Add some more const Signed-off-by: Andrew Bartlett abart...@samba.org commit 0defcfb4f7d6ff82144f9673203777d17d84e53d Author: Matthias Dieter Wallnöfer mwallnoe...@yahoo.de Date: Sat Oct 17 22:30:43 2009 +0200 s4:libcli/security/access_check - Add const in front of type Signed-off-by: Andrew Bartlett abart...@samba.org commit 24bca52c0baafa10ceaf657d7165acea250281bc Author: Matthias Dieter Wallnöfer mwallnoe...@yahoo.de Date: Sat Oct 17 22:39:15 2009 +0200 s4:smbtorture - Add const before value Signed-off-by: Andrew Bartlett abart...@samba.org commit 925a94b67c83fb9a0d762f6b11740d1091623f7c Author: Andrew Bartlett abart...@samba.org Date: Thu Oct 22 09:45:14 2009 +1100 s4:dsdb Use the 'correct' case for the namingContext values in rootDSE This makes the namingContext attributes in the rootDSE a little more pretty, by using the exact same values as used in the database DNs. Andrew Bartlett --- Summary of changes: source4/dsdb/samdb/cracknames.c |7 +++ source4/dsdb/samdb/ldb_modules/partition_init.c | 22 ++ source4/lib/ldb/modules/sort.c |4 ++-- source4/libcli/security/access_check.c |2 +- source4/torture/ldb/ldb.c |3 +-- source4/torture/smbtorture.c|2 +- 6 files changed, 30 insertions(+), 10 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/dsdb/samdb/cracknames.c b/source4/dsdb/samdb/cracknames.c index 8f7f481..23811d3 100644 --- a/source4/dsdb/samdb/cracknames.c +++ b/source4/dsdb/samdb/cracknames.c @@ -23,15 +23,14 @@ #include includes.h #include librpc/gen_ndr/drsuapi.h -#include rpc_server/common/common.h #include lib/events/events.h +#include rpc_server/common/common.h #include lib/ldb/include/ldb.h #include lib/ldb/include/ldb_errors.h #include system/kerberos.h #include auth/kerberos/kerberos.h #include libcli/ldap/ldap_ndr.h #include libcli/security/security.h -#include librpc/gen_ndr/ndr_misc.h #include auth/auth.h #include ../lib/util/util_ldb.h #include dsdb/samdb/samdb.h @@ -55,7 +54,7 @@ static WERROR dns_domain_from_principal(TALLOC_CTX *mem_ctx, struct smb_krb5_con krb5_error_code ret; krb5_principal principal; /* perhaps it's a principal with a realm, so return the right 'domain only' response */ - char *realm; + const char *realm; ret = krb5_parse_name_flags(smb_krb5_context-krb5_context, name, KRB5_PRINCIPAL_PARSE_REQUIRE_REALM, principal); if (ret) { @@ -271,7 +270,7 @@ static WERROR DsCrackNameUPN(struct ldb_context *sam_ctx, TALLOC_CTX *mem_ctx, const char *result_filter = NULL; krb5_error_code ret; krb5_principal principal; - char *realm; + const char *realm; char *unparsed_name_short; const char *domain_attrs[] = { NULL }; struct ldb_result *domain_res = NULL; diff --git a/source4/dsdb/samdb/ldb_modules/partition_init.c b/source4/dsdb/samdb/ldb_modules/partition_init.c index c88d418..f4163da 100644 --- a/source4/dsdb/samdb/ldb_modules/partition_init.c +++ b/source4/dsdb/samdb/ldb_modules/partition_init.c @@ -394,6 +394,9 @@ int partition_reload_if_required(struct ldb_module *module, DATA_BLOB dn_blob; struct ldb_dn *dn; struct dsdb_partition *partition; +
[SCM] CTDB repository - branch master updated - ctdb-1.0.98-10-ge01ab46
The branch, master has been updated via e01ab46bafad09a5e320d420734db129d35863bc (commit) via 27296a47b3d057a6729287acf128b2b67775ecde (commit) via 5b70fa8cfd5916d3c212823ad5cc1b251ae175ed (commit) from befabc917edb036ca81f5216f65a6d62b26ee83e (commit) http://gitweb.samba.org/?p=sahlberg/ctdb.git;a=shortlog;h=master - Log - commit e01ab46bafad09a5e320d420734db129d35863bc Author: Ronnie Sahlberg ronniesahlb...@gmail.com Date: Thu Oct 22 13:41:28 2009 +1100 if a lock wait child died/finished, we could have released the lockwait handle and set it to NULL before we call the destructors for releaseing the waiters. The waiters reference the locakwait handle in order to remove itself from the li nked list which caused a SEGV. We dont actually need to remove ourselves from this list here since if the parent freeze_handle holding the list is freed, then all waiters are rele ased as well, and the only place we actually need to relink the waiter is in ctd b_freeze_lock_handler, where we want to respond back to the clients and release the waiters but we still want to keep the freeze_handle hanging around. commit 27296a47b3d057a6729287acf128b2b67775ecde Author: Ronnie Sahlberg ronniesahlb...@gmail.com Date: Thu Oct 22 12:19:40 2009 +1100 From Volker L Fix some warnings and an incorrect check for a talloc failure commit 5b70fa8cfd5916d3c212823ad5cc1b251ae175ed Author: Ronnie Sahlberg ronniesahlb...@gmail.com Date: Thu Oct 22 07:58:44 2009 +1100 From Wolfgang M. With the new vacuuming code, dont treat an invalid dmaster as fatal. Let it update to the new value insetad. --- Summary of changes: server/ctdb_call.c | 11 +++ server/ctdb_freeze.c | 21 +++-- server/ctdb_monitor.c |2 +- server/ctdb_recoverd.c | 15 +++ server/ctdb_takeover.c |7 ++- server/eventscript.c |2 +- 6 files changed, 41 insertions(+), 17 deletions(-) Changeset truncated at 500 lines: diff --git a/server/ctdb_call.c b/server/ctdb_call.c index cd52867..1dac919 100644 --- a/server/ctdb_call.c +++ b/server/ctdb_call.c @@ -342,10 +342,13 @@ void ctdb_request_dmaster(struct ctdb_context *ctdb, struct ctdb_req_header *hdr ctdb_db-db_id, hdr-generation, ctdb-vnn_map-generation, (unsigned long long)c-rsn, (unsigned long long)header.rsn, c-hdr.reqid, (key.dsize = 4)?(*(uint32_t *)key.dptr):0)); - if (header.rsn != 0 || header.dmaster != ctdb-pnn) { - ctdb_fatal(ctdb, ctdb_req_dmaster from non-master); - return; - } + /* +* with the new vacuuming code there are conditions where a node has outdated +* information about the real dmaster +* since here we are lmaster and always know who is the real dmaster +* we don't need to exit with a fatal error and we even don't have +* to initiate a recovery +*/ } if (header.rsn c-rsn) { diff --git a/server/ctdb_freeze.c b/server/ctdb_freeze.c index 69e70ab..36d033d 100644 --- a/server/ctdb_freeze.c +++ b/server/ctdb_freeze.c @@ -151,9 +151,12 @@ static void ctdb_freeze_lock_handler(struct event_context *ev, struct fd_event * h-ctdb-freeze_mode[h-priority] = CTDB_FREEZE_FROZEN; /* notify the waiters */ - while ((w = h-ctdb-freeze_handles[h-priority]-waiters)) { + if (h != h-ctdb-freeze_handles[h-priority]) { + DEBUG(DEBUG_ERR,(lockwait finished but h is not linked\n)); + } + while ((w = h-waiters)) { w-status = status; - DLIST_REMOVE(h-ctdb-freeze_handles[h-priority]-waiters, w); + DLIST_REMOVE(h-waiters, w); talloc_free(w); } } @@ -241,7 +244,6 @@ static struct ctdb_freeze_handle *ctdb_freeze_lock(struct ctdb_context *ctdb, ui */ static int ctdb_freeze_waiter_destructor(struct ctdb_freeze_waiter *w) { - DLIST_REMOVE(w-ctdb-freeze_handles[w-priority]-waiters, w); ctdb_request_control_reply(w-ctdb, w-c, NULL, w-status, NULL); return 0; } @@ -267,7 +269,7 @@ int ctdb_start_freeze(struct ctdb_context *ctdb, uint32_t priority) } /* if there isn't a freeze lock child then create one */ - if (!ctdb-freeze_handles[priority]) { + if (ctdb-freeze_handles[priority] == NULL) { ctdb-freeze_handles[priority] = ctdb_freeze_lock(ctdb, priority); CTDB_NO_MEMORY(ctdb, ctdb-freeze_handles[priority]); ctdb-freeze_mode[priority] = CTDB_FREEZE_PENDING; @@ -309,6 +311,11 @@ int32_t ctdb_control_freeze(struct ctdb_context
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via fc97c60... s4-lsa: fixed the lsa server to cope with the new tests from gd via a109ee7... s4-ldb: added a TODO about checking the indexlist via f2988f5... s4-ldb: fixed some memory leaks in new indexing code via 0fb6e2a... s4-ldb: don't try to index non-indexed attributes via a5712ff... s4-selftest: removed raw.unlink from quicktest via 1b48764... s4-ldb: ensure new dn_list elements are not owned by caller via 129298c... s4-ldb: over-allocate index records to save on realloc costs via d483c3b... s4-ldb: fixed tdb error handling in ldb_index.c via fcd16ea... s4-ldb: delete empty index records via 936c8f3... s4-ldb: do more validation of idxptr lists via 74ae8b9... s4-ldb: expose ltdb_err_map and ltdb_delete_noindex via c4cb0c5... s4-ldb: fast path for equal pointers via 606ff46... selftest: make python run unbuffered via dfa0b74... util: fixed place where we could look one byte past end of string via 3f5d535... idl-drsblobs: mark some more reserved values as value(0) via 5f3cbb5... s4-ldb: when taking a list intersection, the result can be as long as the first list via 859cf72... s4-ldb: ldb indexing rewrite - part1 via c5de880... s4-ldb: ldb_oom() for modules from c9838f0... s4:torture Silence const warning by use of data_blob_const() http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit fc97c60c56c0492c923743b7e3190fa06cad6e90 Author: Andrew Tridgell tri...@samba.org Date: Thu Oct 22 14:44:47 2009 +1100 s4-lsa: fixed the lsa server to cope with the new tests from gd commit a109ee71fb9b8fa25f9ca739caaba5a1399b7864 Author: Andrew Tridgell tri...@samba.org Date: Thu Oct 22 12:45:48 2009 +1100 s4-ldb: added a TODO about checking the indexlist commit f2988f5cad156da54e7ad41c2c2d8bd7a0ee29b8 Author: Andrew Tridgell tri...@samba.org Date: Thu Oct 22 12:45:26 2009 +1100 s4-ldb: fixed some memory leaks in new indexing code commit 0fb6e2a52cb681cfdd73c4be16487d1d9d7d8318 Author: Andrew Tridgell tri...@samba.org Date: Thu Oct 22 12:29:35 2009 +1100 s4-ldb: don't try to index non-indexed attributes commit a5712ff673226e0259a7f6fcca4377feb0eabf8f Author: Andrew Tridgell tri...@samba.org Date: Thu Oct 22 11:19:19 2009 +1100 s4-selftest: removed raw.unlink from quicktest This test takes 40s, and quicktest already covers delete operations in base.delete commit 1b48764f24cf2204fb12cc4fa1381fc6bc9e14f4 Author: Andrew Tridgell tri...@samba.org Date: Thu Oct 22 11:16:30 2009 +1100 s4-ldb: ensure new dn_list elements are not owned by caller commit 129298c9b9793794125558b8334fd5b578ca1112 Author: Andrew Tridgell tri...@samba.org Date: Thu Oct 22 11:16:00 2009 +1100 s4-ldb: over-allocate index records to save on realloc costs commit d483c3bb960823cbf9a812872d6040bc390c48ca Author: Andrew Tridgell tri...@samba.org Date: Thu Oct 22 11:15:18 2009 +1100 s4-ldb: fixed tdb error handling in ldb_index.c commit fcd16eab6c9cbba05f3e2719527ed217d816d75c Author: Andrew Tridgell tri...@samba.org Date: Thu Oct 22 11:14:36 2009 +1100 s4-ldb: delete empty index records commit 936c8f311ac435a7d6cf2643c3dc4a9cbc9a79da Author: Andrew Tridgell tri...@samba.org Date: Thu Oct 22 11:13:28 2009 +1100 s4-ldb: do more validation of idxptr lists commit 74ae8b90ae71446ccafab3a324087f2edf928b13 Author: Andrew Tridgell tri...@samba.org Date: Thu Oct 22 11:06:33 2009 +1100 s4-ldb: expose ltdb_err_map and ltdb_delete_noindex These will be used by ldb_index.c commit c4cb0c520c4599d3d480a24b33473e304e172baf Author: Andrew Tridgell tri...@samba.org Date: Thu Oct 22 11:05:15 2009 +1100 s4-ldb: fast path for equal pointers We compare identical ldb_val values surprisingly often commit 606ff46447f9b1f8708270a69a248c3439408aab Author: Andrew Tridgell tri...@samba.org Date: Thu Oct 22 11:04:40 2009 +1100 selftest: make python run unbuffered This makes some output in make test easier to follow commit dfa0b74516349f892b77f384d0c59ae2008199c2 Author: Andrew Tridgell tri...@samba.org Date: Thu Oct 22 11:03:27 2009 +1100 util: fixed place where we could look one byte past end of string We need to check the length before the value commit 3f5d5359726f30b7bdbc2b46da67a0df7e830f33 Author: Andrew Tridgell tri...@samba.org Date: Thu Oct 22 10:36:58 2009 +1100 idl-drsblobs: mark some more reserved values as value(0) This prevents valgrind errors when we store these blobs in a database commit 5f3cbb5f0b19a3db2657659709e3a8377b6dd26a Author: Andrew Tridgell tri...@samba.org Date: Wed Oct 21 22:33:58 2009 +1100 s4-ldb: when taking a list intersection, the result can be as long as the first list Intuitively you