date:20091218

[Samba] Samba4 Provisioning Segfault

2009-12-18 Thread Ash Hughes


Hi,

Hope this is the right place to ask about this... I did a clean install of S4 
alpha10 the other day and attempted to provision it with the python script 
provided. This failed with a segmentation fault, however doing this with alpha8 
does not fail. I've compiled this under arm5 little endian on Ubuntu 9.04 and 
included a backtrace below. Any ideas where I'm going wrong or is this a 
(platform specific?) bug?

I also had trouble connecting Win7 clients to an alpha8 domain, trust 
relationship failed. Is this something which would be changed in the new 
release or have I missed a Windows registry change somewhere along the line?

Many Thanks

Ash

gdb:

r...@ubuntu:~/src/samba-4.0.0alpha10/source4# gdb python
GNU gdb 6.8-debian
Copyright (C) 2008 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later http://gnu.org/licenses/gpl.html
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type show copying
and show warranty for details.
This GDB was configured as arm-linux-gnueabi...
(gdb) run ./setup/provision
Starting program: /usr/bin/python ./setup/provision
[Thread debugging using libthread_db enabled]
[New Thread 0x402694d0 (LWP 4004)]
Realm: ashnet.lan
 Domain [ashnet]:
 Server Role (dc, member, standalone) [dc]:
Administrator password:
 Setting up share.ldb

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x402694d0 (LWP 4004)]
0x40b1782c in talloc_chunk_from_ptr () from bin/python/ldb.so
Current language:  auto; currently asm
(gdb) bt
#0  0x40b1782c in talloc_chunk_from_ptr () from bin/python/ldb.so
#1  0x40b19284 in talloc_get_name () from bin/python/ldb.so
#2  0x40b19358 in talloc_check_name () from bin/python/ldb.so
#3  0x4048ce88 in ltdb_index_idxptr () from bin/python/ldb.so
#4  0x4048d878 in ltdb_index_traverse_store () from bin/python/ldb.so
#5  0x40b1184c in tdb_traverse_internal () from bin/python/ldb.so
#6  0x40b11ae4 in tdb_traverse () from bin/python/ldb.so
#7  0x4048da6c in ltdb_index_transaction_commit () from bin/python/ldb.so
#8  0x4048942c in ltdb_prepare_commit () from bin/python/ldb.so
#9  0x403f0d08 in ldb_transaction_prepare_commit () from bin/python/ldb.so
#10 0x403f0ee8 in ldb_transaction_commit () from bin/python/ldb.so
#11 0x403e97f0 in py_ldb_add () from bin/python/ldb.so
#12 0x0012b84c in PyCFunction_Call (func=0x45756378, arg=0x4394f238,
kw=0x15fd88) at ../Objects/methodobject.c:116
#13 0x0009ed50 in PyEval_EvalFrameEx (f=0xab8ed8,
throwflag=value optimized out) at ../Python/ceval.c:3706
#14 0x000a0970 in PyEval_EvalCodeEx (co=0x4030f848,
globals=value optimized out, locals=value optimized out,
args=0x4032a780, argcount=2, kws=0xac7cd8, kwcount=1165320760,
defs=0x4032a77c, defcount=1, closure=0x0) at ../Python/ceval.c:2968
#15 0x0009f184 in PyEval_EvalFrameEx (f=0xab8900,
throwflag=value optimized out) at ../Python/ceval.c:3802
#16 0x0009f7b0 in PyEval_EvalFrameEx (f=0x35ae80,
throwflag=value optimized out) at ../Python/ceval.c:3792
#17 0x000a0970 in PyEval_EvalCodeEx (co=0x4033c848,
globals=value optimized out, locals=value optimized out,
args=0x4032264c, argcount=4, kws=0x2a2e48, kwcount=8196, defs=0x402967bc,
defcount=41, closure=0x0) at ../Python/ceval.c:2968
#18 0x0009f184 in PyEval_EvalFrameEx (f=0x2a2d10,
throwflag=value optimized out) at ../Python/ceval.c:3802
#19 0x000a0970 in PyEval_EvalCodeEx (co=0x402d2800,
globals=value optimized out, locals=value optimized out, args=0x0,
argcount=1076326696, kws=0xbeee1668, kwcount=1076701184, defs=0x0,
defcount=0, closure=0x0) at ../Python/ceval.c:2968
#20 0x000a0a88 in PyEval_EvalCode (co=0x244eaa18, globals=0x1617f0,
locals=0x15fd88) at ../Python/ceval.c:522
#21 0x000bfdb4 in PyRun_FileExFlags (fp=0x253cd8,
filename=0xbeee19ff ./setup/provision, start=value optimized out,
globals=0x40290270, locals=0x40290270, closeit=1076710432,
flags=0xbeee176c) at ../Python/pythonrun.c:1335
#22 0x000c007c in PyRun_SimpleFileExFlags (fp=0x253cd8,
filename=0xbeee19ff ./setup/provision, closeit=1, flags=0xbeee176c)
at ../Python/pythonrun.c:931
#23 0x00019bd4 in Py_Main (argc=2, argv=0xbeee18e4) at ../Modules/main.c:599
#24 0x4013a03c in __libc_start_main () from /lib/libc.so.6
#25 0x00018d10 in _start ()
(gdb)

  
_
Add your Gmail and Yahoo! Mail email accounts into Hotmail - it's easy
http://clk.atdmt.com/UKM/go/186394592/direct/01/
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Migrating an NT4 domain to a Samba PDC - How to limit users access to only certain machines?

2009-12-18 Thread Jason Somers


Solved!

In case any of you are interested, John Terpstra gave me a call and 
explained how to set this up, and I figured I would pass along the 
information.


First, having set up the PDC, I logged into one of the Windows XP 
workstations as a Domain Admin and downloaded the Windows NT Server 
Tools package:


http://support.microsoft.com/kb/173673

I extracted the archive and ran USRMGR.EXE
From this old school interface, I was able to see my domain users and 
using the Log Onto button, was able to set which machines each user 
has the permission to log on to. I tested it out afterwords, and it 
worked great. After uing an LDAP manager, I was able to see that the 
object class added to the user profile was sambaUserWorkstations, so 
Michael was indeed correct!
There was also an option in that app to set logon times and password 
expiry options, but I have not yet gotten a chance to try them out.


A big thanks to everyone for your help

-Jason

=
Jason Somers
Network Administrator
Red Barn Technology Group, Inc.
1235 Front Street - Suite 3
Binghamton, NY 13905
(607) 772-1888 x222



Michael Heydon wrote:


we need to limit certain users to have permission only to log in to 
their specific workstation.
I'm not familiar with ClearOS, but if it uses an LDAP backend (and 
maybe even if it doesn't) the sambaUserWorkstations property should do 
what you want.


*Michael Heydon - IT Administrator *
micha...@jaswin.com.au mailto:micha...@jaswin.com.au


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Cannot see server in win Neighborhood (again)

2009-12-18 Thread Matias Morawicki

Hello u all, sorry to bring this issue back again, but I´ve been
searching and trying all the advices suggested in previous posts and I
still can´t see the samba server in the win network neighborhood.

I can see the samba shares from win via net view \\servername

but if I issue a plain net view samba won´t show up. only the win
machines, the same i can see on the Neighborhood...

I´ve tried stopping iptables, different smb.conf from the simple
examples of t first chapters of samba by example,  to plenty of
options... that´s why I´m not including my smb.conf, because I´ve
tried many variations, always with the same results. I even tried a
working smb.conf from another linux box which was showing in win
Neighborhood...

and when I select local master = no  Samba would stay without master!
I issue smbclient -L servername -U% and the master section remains empty.

It´s like samba is not being able to talk to the rest of the
workgroup. (of course they are all in the same workgroup)

Btw, the server is a Centos 5.3, with samba 3.2.15 (it also happened
with the default samba, so I´ve upgraded just in case...)

I hope someone can point me some directions...

thanks in advance!!

Matias
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Sharing violations on XP host

2009-12-18 Thread john

Greetings,

I've got a samba server that has been serving a 100+ user network for over
a year with no issues, except recently, one XP workstation throws a
sharing violation when saving Excel files, but only intermittently.

It's an older Samba version (3.0.29) - and yes, I know I have to upgrade.

OS is Fedora 9 x64.

The log shows the following when this occurs:

[2009/12/18 09:42:25, 0] lib/util_sec.c:assert_uid(101)
  Failed to set uid privileges to (1075,1075) now set to (0,0)
[2009/12/18 09:42:25, 0] lib/util.c:smb_panic(1633)
  PANIC (pid 20846): failed to set uid

[2009/12/18 09:42:25, 0] lib/util.c:log_stack_trace(1737)
  BACKTRACE: 16 stack frames:
   #0 /usr/local/samba/sbin/smbd(log_stack_trace+0x1c) [0x7fa0a799e2a5]
   #1 /usr/local/samba/sbin/smbd(smb_panic+0x55) [0x7fa0a799e3a7]
   #2 /usr/local/samba/sbin/smbd [0x7fa0a79a2f65]
   #3 /usr/local/samba/sbin/smbd(restore_re_uid_fromroot+0x2b)
[0x7fa0a79a2fce]
   #4 /usr/local/samba/sbin/smbd [0x7fa0a79a5950]
   #5 /usr/local/samba/sbin/smbd [0x7fa0a79a5d57]
   #6 /usr/local/samba/sbin/smbd(messaging_send+0x23) [0x7fa0a79a6093]
   #7 /usr/local/samba/sbin/smbd(notify_trigger+0x307) [0x7fa0a79d2d75]
   #8 /usr/local/samba/sbin/smbd(notify_fname+0x96) [0x7fa0a79d10c8]
   #9 /usr/local/samba/sbin/smbd(rename_internals+0x94a) [0x7fa0a782a926]
   #10 /usr/local/samba/sbin/smbd(reply_mv+0x2b8) [0x7fa0a7832058]
   #11 /usr/local/samba/sbin/smbd [0x7fa0a78639f1]
   #12 /usr/local/samba/sbin/smbd(smbd_process+0x392) [0x7fa0a78644df]
   #13 /usr/local/samba/sbin/smbd(main+0xa6b) [0x7fa0a7a4ec3d]
   #14 /lib64/libc.so.6(__libc_start_main+0xfa) [0x20ea32a]
   #15 /usr/local/samba/sbin/smbd [0x7fa0a77f7669]
[2009/12/18 09:42:25, 0] lib/fault.c:dump_core(181)
  dumping core in /usr/local/samba/var/cores/smbd
[2009/12/18 09:42:25, 1] smbd/service.c:make_connection_snum(1033)
  wks (123.456.789.10) connect to service DATA initially as user
myuser (uid=1075, gid=1000) (pid 21329)

Note above, the error starts when trying to chown the file to uid.gid
1075.1075 - that UID is valid and is the user's UID, but that GID does not
exist.  In the last few lines, it reconnects as UID 1075 (again, valid)
and GID 1000 (That *is* the correct GID).  Although it says it's dumping
core, it doesn't.

On that share, the GID is forced (config excerpt):

[DATA]
   path = /DATA
   public = yes
   writable = yes
   printable = no
   write list = @samba
   create mask = 0660
   force create mode = 0660
   security mask = 0660
   force security mode = 0660
   directory mask = 0770
   force directory mode = 0770
   directory security mask = 0770
   force directory security mode = 0770
   force group = samba
   nt acl support = no

The samba group is GID 1000, as above.

Any ideas?

TIA

-John


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Cannot see server in win Neighborhood (again)

2009-12-18 Thread Gaiseric Vandal


On 12/18/09 10:15, Matias Morawicki wrote:

Hello u all, sorry to bring this issue back again, but I´ve been
searching and trying all the advices suggested in previous posts and I
still can´t see the samba server in the win network neighborhood.

I can see the samba shares from win via net view \\servername

but if I issue a plain net view samba won´t show up. only the win
machines, the same i can see on the Neighborhood...

I´ve tried stopping iptables, different smb.conf from the simple
examples of t first chapters of samba by example,  to plenty of
options... that´s why I´m not including my smb.conf, because I´ve
tried many variations, always with the same results. I even tried a
working smb.conf from another linux box which was showing in win
Neighborhood...

and when I select local master = no  Samba would stay without master!
I issue smbclient -L servername -U% and the master section remains empty.

It´s like samba is not being able to talk to the rest of the
workgroup. (of course they are all in the same workgroup)

Btw, the server is a Centos 5.3, with samba 3.2.15 (it also happened
with the default samba, so I´ve upgraded just in case...)

I hope someone can point me some directions...

thanks in advance!!

Matias
   
Are you using a WINS server-  I find that makes a lot of these issues go 
away.My guess is that your samba machines and windows machines are 
talking to different net bios browser masters (I use WINS servers to 
avoid having to figure out this stuff.)



I have, at home, run in to this same issue with Windows machines 
(workgroup not domain, and no samba servers involved) not seeing each 
other in network neighborhood. Does turning off the XP firewall 
(assuming that you are using XP Pro) make a difference?



--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] new user can't log

2009-12-18 Thread Leonardo Carneiro


Hello everyone.

I was having a problem with my Samba PDC with LDAP backend. The command 
'net getlocalsid' gaves me the message Got too many (2) domain info 
entries for domain [domain]. I logged im my ldap server, and saw that i 
have the following entries:


   dn: sambaDomainName=DOMINIO,dc=dominio,dc=com,dc=br
   sambaDomainName: DOMINIO
   sambaSID: S-1-5-21-874179082-3571801642-3889913597
   sambaAlgorithmicRidBase: 1000
   objectClass: sambaDomain
   sambaNextUserRid: 67109862
   sambaNextGroupRid: 67109863
   structuralObjectClass: sambaDomain
   entryUUID: 9ca720c8-00a6-102c-9973-d48efacd902d
   creatorsName: cn=root,dc=dominio,dc=com,dc=br
   createTimestamp: 20070926180404Z
   entryCSN: 20070926180404Z#01#00#00
   modifiersName: cn=root,dc=dominio,dc=com,dc=br
   modifyTimestamp: 20070926180404Z


and:

   dn: ou=Dominios,dc=dominio,dc=com,dc=br
   ou: Dominios
   objectClass: top
   objectClass: organizationalUnit
   structuralObjectClass: organizationalUnit

   dn: sambaDomainName=DOMINIO,ou=Dominios,dc=dominio,dc=com,dc=br
   objectClass: sambaDomain
   sambaAlgorithmicRidBase: 1000
   sambaSID: S-1-5-21-874179082-3571801642-3889913597
   sambaDomainName: DOMINIO
   sambaMinPwdLength: 4
   sambaLogonToChgPwd: 2
   sambaForceLogoff: 0
   sambaRefuseMachinePwdChange: 1
   structuralObjectClass: sambaDomain

Deleting the former (the one that was not inside the 'ou=Dominios') 
solved the problem. Now, the 'net getlocalsid' gives me the SID for my 
domain correctly. I don't know if this have any relation with my new 
problem, but i created a new user and he can't login.


The error is in portuguese, but i'll translate here: The system could 
not logon by the following error: A device conected to the system is not 
working.


In the log of the machine the user is trying to log, i have the 
following info:


   [2009/12/18 16:47:29,  2] auth/auth.c:check_ntlm_password(308)
 check_ntlm_password:  authentication for user [dsribeiro] -
   [dsribeiro] - [dsribeiro] succeeded
   [2009/12/18 16:47:29,  1]
   rpc_server/srv_netlog_nt.c:_netr_LogonSamLogon(1060)
 _netr_LogonSamLogon: user DOMINIO\dsribeiro has user sid
   S-1-5-21-4161212321-1980848047-2820993626-3468
  but group sid S-1-5-21-874179082-3571801642-3889913597-513.
 The conflicting domain portions are not supported for NETLOGON calls

Can anyone point me to how to solve this? I'm not what you guys could 
call an expert in samba :D




--

*Leonardo de Souza Carneiro*
*Veltrac - Tecnologia em Logística.*
lscarne...@veltrac.com.br mailto:lscarne...@veltrac.com.br
http://www.veltrac.com.br http://www.veltrac.com.br/
/Fone Com.: (43)2105-5601/
/Av. Higienópolis 1601 Ed. Eurocenter Sl. 803/
/Londrina- PR/
/Cep: 86015-010/

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Cannot see server in win Neighborhood (again)

2009-12-18 Thread Matias Morawicki

2009/12/18 Gaiseric Vandal gaiseric.van...@gmail.com

 On 12/18/09 10:15, Matias Morawicki wrote:

 Hello u all, sorry to bring this issue back again, but I´ve been
 searching and trying all the advices suggested in previous posts and I
 still can´t see the samba server in the win network neighborhood.

 I can see the samba shares from win via net view \\servername

 but if I issue a plain net view samba won´t show up. only the win
 machines, the same i can see on the Neighborhood...

 I´ve tried stopping iptables, different smb.conf from the simple
 examples of t first chapters of samba by example,  to plenty of
 options... that´s why I´m not including my smb.conf, because I´ve
 tried many variations, always with the same results. I even tried a
 working smb.conf from another linux box which was showing in win
 Neighborhood...

 and when I select local master = no  Samba would stay without master!
 I issue smbclient -L servername -U% and the master section remains empty.

 It´s like samba is not being able to talk to the rest of the
 workgroup. (of course they are all in the same workgroup)

 Btw, the server is a Centos 5.3, with samba 3.2.15 (it also happened
 with the default samba, so I´ve upgraded just in case...)

 I hope someone can point me some directions...

 thanks in advance!!

 Matias


 Are you using a WINS server-  I find that makes a lot of these issues go
 away.My guess is that your samba machines and windows machines are
 talking to different net bios browser masters (I use WINS servers to avoid
 having to figure out this stuff.)


 I have, at home, run in to this same issue with Windows machines (workgroup
 not domain, and no samba servers involved) not seeing each other in network
 neighborhood. Does turning off the XP firewall (assuming that you are
 using XP Pro) make a difference?

 Thanx for the reply Gaiseric!

yes, I´m using wins support = yes and I´ve set the DHCP to set the clients
to use the samba server as wins server.I´ve checked the win clients and they
get the correct conf.

I haven´t tried turning off the XP firewall, but when I tried a basic samba
configuration in a ubuntu server in another box just to test, they were able
to see it in the neigbohood... so I guess the issue is on the Centos side. I
tried the same smb.conf from that working ubuntu-samba and didn´t make it on
the Centos...

thanks again!

Matias
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] new user can't log

2009-12-18 Thread Zoolook

2009/12/18 Leonardo Carneiro lscarne...@veltrac.com.br:

   [2009/12/18 16:47:29,  2] auth/auth.c:check_ntlm_password(308)
     check_ntlm_password:  authentication for user [dsribeiro] -
   [dsribeiro] - [dsribeiro] succeeded
   [2009/12/18 16:47:29,  1]
   rpc_server/srv_netlog_nt.c:_netr_LogonSamLogon(1060)
     _netr_LogonSamLogon: user DOMINIO\dsribeiro has user sid
   S-1-5-21-4161212321-1980848047-2820993626-3468
      but group sid S-1-5-21-874179082-3571801642-3889913597-513.
     The conflicting domain portions are not supported for NETLOGON calls

 Can anyone point me to how to solve this? I'm not what you guys could call
 an expert in samba :D


The SIDs do not match.

Is this the only domain there? If so, I would simply use ldapmodify to
modify users' SID to match the domain SID. You'll need to replace
S-1-5-21-4161212321-1980848047-2820993626 with
S-1-5-21-874179082-3571801642-3889913597
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] new user can't log

2009-12-18 Thread David Whitney

Unless I've blown my memory on Windows internals, each user's SID is
comprised of the domain's SID, then a self-refential RID portion. That
means a user from the domain DOMINIOS should NOT have what amounts to a
prefix that looks as though it came from a different domain. But unless
I'm mistaken, your logs are telling you exactly that - the domain portion of
the group and user SID's indicate different domains, and that indicates a
problem.

One theory is that perhaps your domain was created, groups and users were
created, but then for some reason your domain SID changed, and perhaps that
led to your described duplicate domain entry (?) problem.

Anyway, I'd take a look at the SIDS of other users and groups and see if
this problem exists for other users or groups on your domain.

-David
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] new user can't log

2009-12-18 Thread Leonardo Carneiro

The database from ldap was a copy from another domain, that existed in 
another network. i've done a slapcat in the old domain and did a slapadd 
in this new one (both domain have the same name). But this happened 
about 2 years ago. After a samba and ldap upgrade via apt-get, the 
duplicated domains message start to pop (abouth 3 months ago). Just now 
i've solved, but now, this =S.


I'll try some of the stuff you guys sugested me.

tks and sorry for my poor english.

*Leonardo de Souza Carneiro*
*Veltrac - Tecnologia em Logística.*
lscarne...@veltrac.com.br mailto:lscarne...@veltrac.com.br
http://www.veltrac.com.br http://www.veltrac.com.br/
/Fone Com.: (43)2105-5601/
/Av. Higienópolis 1601 Ed. Eurocenter Sl. 803/
/Londrina- PR/
/Cep: 86015-010/



David Whitney escreveu:

Unless I've blown my memory on Windows internals, each user's SID is
comprised of the domain's SID, then a self-refential RID portion. That
means a user from the domain DOMINIOS should NOT have what amounts to a
prefix that looks as though it came from a different domain. But unless
I'm mistaken, your logs are telling you exactly that - the domain portion of
the group and user SID's indicate different domains, and that indicates a
problem.

One theory is that perhaps your domain was created, groups and users were
created, but then for some reason your domain SID changed, and perhaps that
led to your described duplicate domain entry (?) problem.

Anyway, I'd take a look at the SIDS of other users and groups and see if
this problem exists for other users or groups on your domain.

-David
  

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] mac client: folder copy problem

2009-12-18 Thread George K Colley

Different issue that the winbind one, hopefully will be fixed in a future 
update, along with the winbind issue.

George

On Dec 16, 2009, at 9:48 AM, Anton Starikov wrote:

 Probably it can be related.
 
 
 In my case filesync of portable directories with samba server always fail for 
 newly created directories with error
 
 0:: 09/12/16 06:49:55.282 EXCEPTION: Invalid argument -SStoreFileOperator_FS 
 applyPermissionsFromObject: (StoreFileOperator-FS.m:508): 
 chflags('/Network/Servers/samba.server.host/cifstest/', flags=0)-- Error 
 Domain=NSPOSIXErrorDomain Code=22 UserInfo=0x10058c170 Invalid argument
 
 It tries to chflags after creation of directory and get this error. 
 
 Anton.
 
 
 
 On Dec 16, 2009, at 6:37 PM, Ryan Suarez wrote:
 
 Volker Lendecke wrote:
 On Wed, Dec 16, 2009 at 09:30:18AM -0800, Jeremy Allison wrote:
 
 Yes, I have seen this at a customer site. I've stared at the
 logs and sniffs for MANY hours, but I could not find
 anything. If you solve this, please let me know :-)
 
 Try pinging George and James (CC:ed on this :-).
 
 Hopefully they can help.
 
 
 Already done. Jht mentioned that turning off winbind fixed
 it for him ... :-)
 
 hmm, this server isn't even running winbind...
 -- 
 To unsubscribe from this list go to the following URL and read the
 instructions:  https://lists.samba.org/mailman/options/samba
 

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] mac client: folder copy problem

2009-12-18 Thread George K Colley


On Dec 16, 2009, at 10:08 AM, Jeremy Allison wrote:

 On Wed, Dec 16, 2009 at 07:00:09PM +0100, Anton Starikov wrote:
 And although it creates directory, it doesn't copy contents, because it 
 stops process of copying directory after this error. If I repeat filesync, 
 the contents of directory will be copid (cause directory is already here).
 
 So, it looks exactly the same.
 If so, then problem in chflags(). 
 I expect that samba on linux is compiled without support for chflags, 
 obviously.
 
 I presume that settings unix extensions = no would probably fix this, but 
 it has a drawback, because then you loose native unix things like symlinks 
 etc.
 
 Which is, at least in our case is not possible, cause shares accessed by 
 both, mac and linux clients over NFS (the same clients on different hosts) 
 and symlinks are heavily used.
 
 I think, OSX client, when it sees that server supports unix extensions, 
 expects that on other side is OSX server with samba which supports chflags.
 
 So, if we don't discuss rewrite of OSX cifs FS, then only solution is to 
 emulate chflags support on samba side (or convert flags to XFS/ETX3 attrs 
 somehow)
 
 Hmmm. Looks like a client bug then, in that they don't cope with an
 error on chflags set. What error is the Samba server returning here ?
 
 George, what errors can the MacOSX client cope with and continue ?
 
 Jeremy.
The lack of support of the BSD MODES flags in Samba is a known issue that we 
hope to solve in a future release. We will never be able to support Samba 
correctly without these bits, but plan on doing a better job in the future.It 
would be nice if Samba would support the following flags the same as the DOS 
Attributes. That would solve so many issues:)

BSD hidden Flag  - DOS Attribute Hidden
BSD immutable - Windows Read-Only bit
BSD archived - the reverse of the BSD archive bit 

But the UNIX extensions does not require this support, but this causes the Mac 
OS Client to have several issue. 

George

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] mac client: folder copy problem

2009-12-18 Thread George K Colley


On Dec 16, 2009, at 10:51 AM, Anton Starikov wrote:

 Yep, and there is some other problem with OSX client and linux samba server:
 
 smbd_audit: cifstest|IP_HERE|cifstest|chmod_acl|fail (No data 
 available)|Desktop/ddldldl|755
 
 smbd_audit: cifstest|IP_HERE|cifstest|chmod_acl|fail (No data 
 available)|Library/Application 
 Support/Growl/Tickets/.fstemp.+PHD-R-722svsk6Bb5-cifstest+jMHkRwxhxN3.noindex|644
 
 cmsdata smbd_audit: cifstest|IP_HERE|cifstest|chmod_acl|fail (No data 
 available)|Library/Application 
 Support/Growl/Tickets/.fstemp.+PHD-R-722svsk6Bb5-cifstest+jMHkRwxhxN3.noindex|744
 
 It is with unix extensions = yes.
Please get me more details

George
 
 
 On Dec 16, 2009, at 7:08 PM, Jeremy Allison wrote:
 
 On Wed, Dec 16, 2009 at 07:00:09PM +0100, Anton Starikov wrote:
 And although it creates directory, it doesn't copy contents, because it 
 stops process of copying directory after this error. If I repeat filesync, 
 the contents of directory will be copid (cause directory is already here).
 
 So, it looks exactly the same.
 If so, then problem in chflags(). 
 I expect that samba on linux is compiled without support for chflags, 
 obviously.
 
 I presume that settings unix extensions = no would probably fix this, but 
 it has a drawback, because then you loose native unix things like symlinks 
 etc.
 
 Which is, at least in our case is not possible, cause shares accessed by 
 both, mac and linux clients over NFS (the same clients on different hosts) 
 and symlinks are heavily used.
 
 I think, OSX client, when it sees that server supports unix extensions, 
 expects that on other side is OSX server with samba which supports chflags.
 
 So, if we don't discuss rewrite of OSX cifs FS, then only solution is to 
 emulate chflags support on samba side (or convert flags to XFS/ETX3 attrs 
 somehow)
 
 Hmmm. Looks like a client bug then, in that they don't cope with an
 error on chflags set. What error is the Samba server returning here ?
 
 George, what errors can the MacOSX client cope with and continue ?
 
 Jeremy.
 

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] mac client: folder copy problem

2009-12-18 Thread George K Colley


On Dec 16, 2009, at 10:59 AM, Anton Starikov wrote:

 But what is strange, is the fact that I don't see chflags commands, during 
 audit of server side.
 
 And, obviously, client accepts chmod_acl errors silently. (Although I don't 
 have ACL's on files on server side, as result).
 
 So, it looks like client knows that server doesn't support chflags, and 
 complains locally.
 Can it be an issue, that vfs_audit doesn't audit chflags if they unsupported 
 on server side?
So with Mac OS the chflags can also be set with getattrlist:( There are several 
known issue here, we try to work around these issues, but sadly I didn't do a 
very good enough job handling the lack of support.

George
 
 On Dec 16, 2009, at 7:51 PM, Anton Starikov wrote:
 
 Yep, and there is some other problem with OSX client and linux samba server:
 
 smbd_audit: cifstest|IP_HERE|cifstest|chmod_acl|fail (No data 
 available)|Desktop/ddldldl|755
 
 smbd_audit: cifstest|IP_HERE|cifstest|chmod_acl|fail (No data 
 available)|Library/Application 
 Support/Growl/Tickets/.fstemp.+PHD-R-722svsk6Bb5-cifstest+jMHkRwxhxN3.noindex|644
 
 cmsdata smbd_audit: cifstest|IP_HERE|cifstest|chmod_acl|fail (No data 
 available)|Library/Application 
 Support/Growl/Tickets/.fstemp.+PHD-R-722svsk6Bb5-cifstest+jMHkRwxhxN3.noindex|744
 
 It is with unix extensions = yes.
 
 
 On Dec 16, 2009, at 7:08 PM, Jeremy Allison wrote:
 
 On Wed, Dec 16, 2009 at 07:00:09PM +0100, Anton Starikov wrote:
 And although it creates directory, it doesn't copy contents, because it 
 stops process of copying directory after this error. If I repeat filesync, 
 the contents of directory will be copid (cause directory is already here).
 
 So, it looks exactly the same.
 If so, then problem in chflags(). 
 I expect that samba on linux is compiled without support for chflags, 
 obviously.
 
 I presume that settings unix extensions = no would probably fix this, 
 but it has a drawback, because then you loose native unix things like 
 symlinks etc.
 
 Which is, at least in our case is not possible, cause shares accessed by 
 both, mac and linux clients over NFS (the same clients on different hosts) 
 and symlinks are heavily used.
 
 I think, OSX client, when it sees that server supports unix extensions, 
 expects that on other side is OSX server with samba which supports chflags.
 
 So, if we don't discuss rewrite of OSX cifs FS, then only solution is to 
 emulate chflags support on samba side (or convert flags to XFS/ETX3 
 attrs somehow)
 
 Hmmm. Looks like a client bug then, in that they don't cope with an
 error on chflags set. What error is the Samba server returning here ?
 
 George, what errors can the MacOSX client cope with and continue ?
 
 Jeremy.
 
 

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] mac client: folder copy problem

2009-12-18 Thread George K Colley


On Dec 16, 2009, at 1:39 PM, Anton Starikov wrote:

 
 On Dec 16, 2009, at 10:28 PM, Ryan Suarez wrote:
 
 Anton Starikov wrote:
 Then with unix extension = yes there os no way for propagation of ACL's?
 
 BTW, I tried it with unix extension = no on server side. According to 
 google it used to work on 10.5.x in this way.   
 
 Nope, I'm testing with OSX v10.5.7 client and we have 'unix extensions=no' 
 explicitly set on the server.  This problem still occurs.
 
 
 Then I don't understand. I found few cases on the internet, where disabling 
 of unix extensions helped to enable ACL for 10.5.x.
 Probably it was with older versions of Leopard with older of smbfs.
unix extension on or off has no affect on ACL support. We turn on NT Style ACL 
support only if we think the Server, Client and Network Log in user all belong 
to the same Domain.

George
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] mac client: folder copy problem

2009-12-18 Thread George K Colley


On Dec 16, 2009, at 11:24 PM, Volker Lendecke wrote:

 On Wed, Dec 16, 2009 at 11:16:24PM -0800, George K Colley wrote:
 The lack of support of the BSD MODES flags in Samba is a
 known issue that we hope to solve in a future release. We
 will never be able to support Samba correctly without
 these bits, but plan on doing a better job in the
 future.It would be nice if Samba would support the
 following flags the same as the DOS Attributes. That would
 solve so many issues:)
 
 BSD hidden Flag  - DOS Attribute Hidden
 BSD immutable - Windows Read-Only bit
 BSD archived - the reverse of the BSD archive bit 
 
 But the UNIX extensions does not require this support, but
 this causes the Mac OS Client to have several issue. 
 
 Where in the protocol do these show up? In a unixinfo call?
 
 If they directly map to the Windows attributes, it should be
 possible to splice them into our Winattr logic (x permission
 bits or the EA xattr).
 
 Volker
So the UNIX INFO2 call both FindFirst and Query have support for these fields. 
In the Samba Docs at 
http://wiki.samba.org/index.php/UNIX_Extensions#SET_CIFS_UNIX_INFO.

4   108 ULONG   FileFlags   File flags enumeration
4   112 ULONG   FileFlagsMask   Mask of valid flags
If the client is doing a set with the UNIX_INFO2 level and it does not want to 
alter the FileFlags, it should provide a FileFlagsMask of 0.
The defined set of file flags is
File Flag   Value   Interpretation
EXT_SECURE_DELETE   0x0001  File should be erased such that the 
data is not recoverable
EXT_ENABLE_UNDELETE 0x0002  File should opt-in to a server-specific 
deletion recovery scheme
EXT_SYNCHRONOUS 0x0004  I/O to this file should be performed 
synchronously
EXT_IMMUTABLE   0x0008  NO changes can be made to this file
EXT_OPEN_APPEND_ONLY0x0010  Only appends can be made to this file
EXT_DO_NOT_BACKUP   0x0020  Backup programs should ignore this file
EXT_NO_UPDATE_ATIME 0x0040  The server is not required to update 
the last access time on this file
EXT_HIDDEN  0x0080  User interface programs may ignore this file



We only care about the EXT_IMMUTABLE, EXT_HIDDEN and EXT_DO_NOT_BACKUP(reverse  
of the DOS Archive Bit)

Set Query UNIX Info2 allow us to set these values.

George
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] mac client: folder copy problem

2009-12-18 Thread George K Colley


On Dec 16, 2009, at 11:31 PM, Anton Starikov wrote:

 
 On Dec 17, 2009, at 8:22 AM, George K Colley wrote:
 
 
 On Dec 16, 2009, at 1:39 PM, Anton Starikov wrote:
 
 
 On Dec 16, 2009, at 10:28 PM, Ryan Suarez wrote:
 
 Anton Starikov wrote:
 Then with unix extension = yes there os no way for propagation of ACL's?
 
 BTW, I tried it with unix extension = no on server side. According to 
 google it used to work on 10.5.x in this way.   
 
 Nope, I'm testing with OSX v10.5.7 client and we have 'unix extensions=no' 
 explicitly set on the server.  This problem still occurs.
 
 
 Then I don't understand. I found few cases on the internet, where disabling 
 of unix extensions helped to enable ACL for 10.5.x.
 Probably it was with older versions of Leopard with older of smbfs.
 unix extension on or off has no affect on ACL support. We turn on NT Style 
 ACL support only if we think the Server, Client and Network Log in user all 
 belong to the same Domain.
 
 How to check it or enforce it?
 
 Setup is next:
 1) On OSX 10.5 server OpenDirectory + samba PDC.
ON 10.5 we require that the mount point be owned by an AD user and the log user 
is an AD user.
 
 2) Linux server with samba (member of domain hosted on OSX)
Can't be some with 10.5 clients
 
 3) OSX 10.6 client.
 
 OSX client login as OpenDirectory user. In opendirectory apple-user-homeurl 
 set to point to samba share on linux server.
Need to return the correct info in the WhoAMI call. I will need to look at the 
code. So let me get back to you on this one.

George
 
 
 Anton.

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] SerNet package spool directory

2009-12-18 Thread Karolin Seeger

Hi Moray,

On Di, Dez 15, 2009 at 06:20:31 +, Moray Henderson wrote:
 It would be useful if your 3.3.9 build (currently in recent) included
 the /var/spool/samba directory - it just took me a while to figure out
 why Samba printing wasn't working on a new EL5 server ;-)

thanks for the hint!

We packaged the /var/spool/samba directory in the past, but decided to
drop it, because it's a 1777 directory which gives each user the chance to
fill-up the /var partition. You could either use /tmp instead or create
/var/spool/samba manually.

Cheers,
Karolin

-- 
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-37-0, fax: +49-551-37-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.SerNet.DE, mailto: Info @ SerNet.DE



pgptpc68wTQ8D.pgp
Description: PGP signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] srvtools -- are these really useful?

2009-12-18 Thread Raymond Lillard

I have installed 3.4.3 on a CentOS 5.4 box as a PDC with tdbsam
for a backend.  All seems to be working as expected in the
Samba world.

With the intention of getting ordinary maintenance off of
my back, I downloaded and installed usrmgr and srvmgr in
/root/bin.

When I launch either of them from a WinXP workstation member
while logged into the domain as root, the domain is not found.
I can find the domain from the menu and look at various settings,
but cannot do much of anything that can be made permanent.

Question:  Have I omitted some critical setting to make these
   tools useful?  Should I not be able to add users to
   groups, for example?


What follows is some output that shows thing to be configured
correctly.  I think.


r...@foobar {~} net rpc group MEMBERS Domain Admins
Enter root's password:
PS2\root
PS2\b0fh


r...@foobar {~} net groupmap list
... cut several local groups from this list ...
Domain Users (S-1-5-21-2487701501-27877076-1099799052-513) - staff
Domain Guests (S-1-5-21-2487701501-27877076-1099799052-514) - nobody
Domain Admins (S-1-5-21-2487701501-27877076-1099799052-512) - wheel
Administrators (S-1-5-32-544) - 1
Users (S-1-5-32-545) - 10001

Note: I'm not sure what the groups Administrators and Users are about.



r...@foobar {~} net rpc rights list
Enter root's password:
 SeMachineAccountPrivilege  Add machines to domain
  SeTakeOwnershipPrivilege  Take ownership of files or other objects
 SeBackupPrivilege  Back up files and directories
SeRestorePrivilege  Restore files and directories
 SeRemoteShutdownPrivilege  Force shutdown from a remote system
  SePrintOperatorPrivilege  Manage printers
   SeAddUsersPrivilege  Add users and groups to the domain
   SeDiskOperatorPrivilege  Manage disk shares

Note: I see no priv to add users to an existing group?




Thank you for your time,
Ray

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Cannot see server in win Neighborhood (again)

2009-12-18 Thread Kevin Keane

Are you listening on port 139, or only on port 445?

Microsoft had a great idea when they implemented SMB over TCP on port 445 and 
eliminated the ancient and inefficient NETBIOS over TCP, or NetBT (on port 
139). Unfortunately, they didn't think it all the way through - you still need 
NETBIOS to populate the network neighborhood, so if your Samba server only 
listens on port 445, you won't get happy in your network neighborhood.

In Vista and Windows 7, this problem is fixed: they now use UPnP (renamed to 
Network Discovery) to populate the network neighborhood (and do a lot of other 
neat stuff). Samba does not yet support UPnP, though.

Bottom line: even though Samba supports turning off NetBT, DON'T.

This problem is exacerbated if you are using an IPv6 network, because Microsoft 
no longer even supports NETBIOS at all.

 -Original Message-
 From: samba-boun...@lists.samba.org [mailto:samba-
 boun...@lists.samba.org] On Behalf Of Matias Morawicki
 Sent: Friday, December 18, 2009 7:16 AM
 To: samba@lists.samba.org
 Subject: [Samba] Cannot see server in win Neighborhood (again)
 
 Hello u all, sorry to bring this issue back again, but I´ve been
 searching and trying all the advices suggested in previous posts and I
 still can´t see the samba server in the win network neighborhood.
 
 I can see the samba shares from win via net view \\servername
 
 but if I issue a plain net view samba won´t show up. only the win
 machines, the same i can see on the Neighborhood...
 
 I´ve tried stopping iptables, different smb.conf from the simple
 examples of t first chapters of samba by example,  to plenty of
 options... that´s why I´m not including my smb.conf, because I´ve
 tried many variations, always with the same results. I even tried a
 working smb.conf from another linux box which was showing in win
 Neighborhood...
 
 and when I select local master = no  Samba would stay without master!
 I issue smbclient -L servername -U% and the master section remains
 empty.
 
 It´s like samba is not being able to talk to the rest of the
 workgroup. (of course they are all in the same workgroup)
 
 Btw, the server is a Centos 5.3, with samba 3.2.15 (it also happened
 with the default samba, so I´ve upgraded just in case...)
 
 I hope someone can point me some directions...
 
 thanks in advance!!
 
 Matias
 --
 To unsubscribe from this list go to the following URL and read the
 instructions:  https://lists.samba.org/mailman/options/samba
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[SCM] Samba Shared Repository - branch master updated

2009-12-18 Thread Andrew Tridgell

The branch, master has been updated
   via  19cdcde... s4-dsdb: stop warnings about unknown struct GUID in 
prototypes
   via  cb841c3... s4-ldb: fixed a valgrind error in ldbtest
   via  5d7805b... s4-dsdb: greatly simplify the subtree_delete module
   via  b3c69e7... s4-dsdb: declare ldb_dn_update_components()
   via  82bf0d8... s4-dsdb: added ldb_dn_update_components()
   via  db76e65... s4-dsdb: fixed the sort in dsdb_find_nc_root()
   via  f392ae5... s4-ldb: display msDS-OptionalFeatureGUID as a GUID
   via  811b405... s4-scripts: add a enablerecyclebin script
   via  20869a0... s4-ldb: canonicalise the message on ldb_add
  from  7cb858e... s4-dsdb: Add a test for adding, deleting, and appending 
a posixAccount objectClass to a user

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit 19cdcdec096f5d1e3be2707d546715912e3db122
Author: Andrew Tridgell tri...@samba.org
Date:   Fri Dec 18 14:57:57 2009 +1100

s4-dsdb: stop warnings about unknown struct GUID in prototypes

Pair-Programmed-With: Andrew Bartlett abart...@samba.org

commit cb841c363a3f78689b0bea12d359a4f0855164dd
Author: Andrew Tridgell tri...@samba.org
Date:   Fri Dec 18 13:07:48 2009 +1100

s4-ldb: fixed a valgrind error in ldbtest

we were using msg-dn after the ldb it contained had been freed

Pair-Programmed-With: Andrew Bartlett abart...@samba.org

commit 5d7805b07f1417e79325c5fd51c0c621f609b6df
Author: Andrew Tridgell tri...@samba.org
Date:   Thu Dec 17 23:01:13 2009 +1100

s4-dsdb: greatly simplify the subtree_delete module

We can use dsdb_module_search() to make this much simpler

Pair-Programmed-With: Andrew Bartlett abart...@samba.org

commit b3c69e76ec9dbcffe363e3bdfcd7ed3c76b48220
Author: Andrew Tridgell tri...@samba.org
Date:   Thu Dec 17 23:04:00 2009 +1100

s4-dsdb: declare ldb_dn_update_components()

commit 82bf0d8bc6b4fa43f015b700a97f68f3d479eb36
Author: Andrew Tridgell tri...@samba.org
Date:   Thu Dec 17 23:03:41 2009 +1100

s4-dsdb: added ldb_dn_update_components()

This is used to udpate just the DN components of a ldb_dn, leaving the
other extended fields alone. It is needed to prevent linked attribute
updates from removing other extended components.

Pair-Programmed-With: Andrew Bartlett abart...@samba.org

commit db76e6531825e66d4859106b583d9f7be8ae0a3a
Author: Andrew Tridgell tri...@samba.org
Date:   Thu Dec 17 23:50:05 2009 +1100

s4-dsdb: fixed the sort in dsdb_find_nc_root()

commit f392ae5169150dc939e0cea9732a6d0ef0ab860a
Author: Andrew Tridgell tri...@samba.org
Date:   Fri Dec 18 11:43:21 2009 +1100

s4-ldb: display msDS-OptionalFeatureGUID as a GUID

Pair-Programmed-With: Andrew Bartlett abart...@samba.org

commit 811b4054f95dca3c61a32b99627394ba40f9c1fc
Author: Andrew Tridgell tri...@samba.org
Date:   Fri Dec 18 11:44:20 2009 +1100

s4-scripts: add a enablerecyclebin script

This can be used to enable the recyclebin on a windows box. Once we
properly implement this feature in samba we will use this to enable
the feature on ourselves as well.

commit 20869a0bf0758936b31dc648db7c1ee435dadc34
Author: Andrew Tridgell tri...@samba.org
Date:   Thu Dec 17 14:20:35 2009 +1100

s4-ldb: canonicalise the message on ldb_add

This canonicalise avoids a problem with an add that has multiple
elements with the same el-name. That is allowed by MS servers, and by
ldb, but it breaks things like the tdb backend and the repl_meta_data
RPMD handling.

Pair-Programmed-With: Andrew Bartlett abart...@samba.org

---

Summary of changes:
 source4/dsdb/common/util.c  |7 +-
 source4/dsdb/samdb/ldb_modules/subtree_delete.c |  137 ---
 source4/dsdb/samdb/ldb_modules/util.h   |1 +
 source4/lib/ldb-samba/ldif_handlers.c   |1 +
 source4/lib/ldb/common/ldb.c|9 ++
 source4/lib/ldb/common/ldb_dn.c |   23 
 source4/lib/ldb/include/ldb.h   |1 +
 source4/lib/ldb/tools/ldbtest.c |2 +
 source4/scripting/bin/enablerecyclebin  |   54 +
 9 files changed, 117 insertions(+), 118 deletions(-)
 create mode 100755 source4/scripting/bin/enablerecyclebin


Changeset truncated at 500 lines:

diff --git a/source4/dsdb/common/util.c b/source4/dsdb/common/util.c
index 8ba734c..61d065b 100644
--- a/source4/dsdb/common/util.c
+++ b/source4/dsdb/common/util.c
@@ -2781,6 +2781,11 @@ int dsdb_wellknown_dn(struct ldb_context *samdb, 
TALLOC_CTX *mem_ctx,
 }
 
 
+static int dsdb_dn_compare_ptrs(struct ldb_dn **dn1, struct ldb_dn **dn2)
+{
+   return ldb_dn_compare(*dn1, *dn2);
+}
+
 /*
   find a NC root given a DN within the NC
  */
@@ -2830,7 +2835,7 @@ int

[SCM] Samba Shared Repository - branch v3-5-test updated

2009-12-18 Thread Karolin Seeger

The branch, v3-5-test has been updated
   via  f3f1c3c... WHATSNEW: Fix typo.
  from  e315849... Always map EMFILE to ERRDOS, ERRnofids, *NOT* 
NT_STATUS_TOO_MANY_OPENED_FILES. This is what W2KR3 does for NTCreateX and 
openX calls. May be the correct fix for bug 6837 - Too many open files when 
trying to access large number of files. Jeremy. (cherry picked from commit 
6585621d367d997b79ffb99e0a8743766e6ff6d2)

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test


- Log -
commit f3f1c3ca0878651f02dbe50d439cb1541ef04142
Author: Karolin Seeger ksee...@samba.org
Date:   Fri Dec 18 12:53:35 2009 +0100

WHATSNEW: Fix typo.

Thanks, Bjoern! :-)

Karolin

---

Summary of changes:
 WHATSNEW.txt |2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)


Changeset truncated at 500 lines:

diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index d165113..e92d30b 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -73,7 +73,7 @@ smb.conf changes
 New configure options
 -
 
---enable-external-libtallocEnable external tdb
+--enable-external-libtdb   Enable external tdb
 --enable-netapiTurn on netapi support
 --enable-pthreadpool   Enable pthreads pool helper support
 --with-cifsumount  Include umount.cifs (Linux only) support


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - branch v3-4-test updated

2009-12-18 Thread Karolin Seeger

The branch, v3-4-test has been updated
   via  ce060ae... s3:posix_acls: Fix bug 6841 - map acl inherit = yes 
not working.
  from  22332e0... Second part of fix for 6875 - trans2 FIND_FIRST2 
response -- FIND_FIRST2 Data - Fille Attributes are returned as 0x220 for 
LANMAN2.1 dialect

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-4-test


- Log -
commit ce060ae48d71e8988282b16f8348ca0b0434cfde
Author: Jeremy Allison j...@samba.org
Date:   Fri Dec 18 13:46:13 2009 +0100

s3:posix_acls: Fix bug 6841 - map acl inherit = yes not working.

The code to read the new V2 SAMBA_PAI entries had
two errors.

Jeremy.

---

Summary of changes:
 source3/smbd/posix_acls.c |   37 +
 1 files changed, 29 insertions(+), 8 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c
index 766c7b0..3b6f70b 100644
--- a/source3/smbd/posix_acls.c
+++ b/source3/smbd/posix_acls.c
@@ -181,6 +181,7 @@ static char *create_pai_buf_v2(canon_ace *file_ace_list,
char *entry_offset = NULL;
unsigned int num_entries = 0;
unsigned int num_def_entries = 0;
+   unsigned int i;
 
for (ace_list = file_ace_list; ace_list; ace_list = ace_list-next) {
num_entries++;
@@ -207,8 +208,12 @@ static char *create_pai_buf_v2(canon_ace *file_ace_list,
SSVAL(pai_buf,PAI_V2_NUM_ENTRIES_OFFSET,num_entries);
SSVAL(pai_buf,PAI_V2_NUM_DEFAULT_ENTRIES_OFFSET,num_def_entries);
 
+   DEBUG(10,(create_pai_buf_v2: sd_type = 0x%x\n,
+   (unsigned int)sd_type ));
+
entry_offset = pai_buf + PAI_V2_ENTRIES_BASE;
 
+   i = 0;
for (ace_list = file_ace_list; ace_list; ace_list = ace_list-next) {
uint8_t type_val = (uint8_t)ace_list-owner_type;
uint32_t entry_val = get_entry_val(ace_list);
@@ -216,6 +221,12 @@ static char *create_pai_buf_v2(canon_ace *file_ace_list,
SCVAL(entry_offset,0,ace_list-ace_flags);
SCVAL(entry_offset,1,type_val);
SIVAL(entry_offset,2,entry_val);
+   DEBUG(10,(create_pai_buf_v2: entry %u [0x%x] [0x%x] [0x%x]\n,
+   i,
+   (unsigned int)ace_list-ace_flags,
+   (unsigned int)type_val,
+   (unsigned int)entry_val ));
+   i++;
entry_offset += PAI_V2_ENTRY_LENGTH;
}
 
@@ -226,6 +237,12 @@ static char *create_pai_buf_v2(canon_ace *file_ace_list,
SCVAL(entry_offset,0,ace_list-ace_flags);
SCVAL(entry_offset,1,type_val);
SIVAL(entry_offset,2,entry_val);
+   DEBUG(10,(create_pai_buf_v2: entry %u [0x%x] [0x%x] [0x%x]\n,
+   i,
+   (unsigned int)ace_list-ace_flags,
+   (unsigned int)type_val,
+   (unsigned int)entry_val ));
+   i++;
entry_offset += PAI_V2_ENTRY_LENGTH;
}
 
@@ -399,6 +416,8 @@ static bool get_pai_owner_type(struct pai_entry *paie, 
const char *entry_offset)
DEBUG(10,(get_pai_owner_type: world ace\n));
break;
default:
+   DEBUG(10,(get_pai_owner_type: unknown type %u\n,
+   (unsigned int)paie-owner_type ));
return false;
}
return true;
@@ -485,12 +504,13 @@ static struct pai_val *create_pai_val_v1(const char *buf, 
size_t size)
 /
 
 static const char *create_pai_v2_entries(struct pai_val *paiv,
+   unsigned int num_entries,
const char *entry_offset,
bool def_entry)
 {
-   int i;
+   unsigned int i;
 
-   for (i = 0; i  paiv-num_entries; i++) {
+   for (i = 0; i  num_entries; i++) {
struct pai_entry *paie = SMB_MALLOC_P(struct pai_entry);
if (!paie) {
return NULL;
@@ -498,9 +518,7 @@ static const char *create_pai_v2_entries(struct pai_val 
*paiv,
 
paie-ace_flags = CVAL(entry_offset,0);
 
-   entry_offset++;
-
-   if (!get_pai_owner_type(paie, entry_offset)) {
+   if (!get_pai_owner_type(paie, entry_offset+1)) {
return NULL;
}
if (!def_entry) {
@@ -540,15 +558,18 @@ static struct pai_val *create_pai_val_v2(const char *buf, 
size_t size)
 
entry_offset = buf + PAI_V2_ENTRIES_BASE;
 
-   DEBUG(10,(create_pai_val_v2: num_entries = %u, num_def_entries = %u\n,
+   DEBUG(10,(create_pai_val_v2: sd_type =

[SCM] Samba Shared Repository - branch master updated

2009-12-18 Thread Günther Deschner

The branch, master has been updated
   via  72d68ac... s3-docs: mention pam_winbind.conf(5) manpage in 
pam_winbind(8) manpage.
   via  7481667... s3-docs: add new pam_winbind.conf(5) manpage.
  from  19cdcde... s4-dsdb: stop warnings about unknown struct GUID in 
prototypes

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit 72d68acbf59aa8531cc132551cc8e8313b7dc3b7
Author: GÃ¼nther Deschner g...@samba.org
Date:   Fri Dec 18 13:56:43 2009 +0100

s3-docs: mention pam_winbind.conf(5) manpage in pam_winbind(8) manpage.

Guenther

commit 74816678706b7028fa63a4e552887fcf98322711
Author: GÃ¼nther Deschner g...@samba.org
Date:   Fri Dec 18 13:56:01 2009 +0100

s3-docs: add new pam_winbind.conf(5) manpage.

Guenther

---

Summary of changes:
 docs-xml/manpages-3/pam_winbind.8.xml  |6 +-
 .../{pam_winbind.8.xml = pam_winbind.conf.5.xml}  |  154 ++--
 2 files changed, 47 insertions(+), 113 deletions(-)
 copy docs-xml/manpages-3/{pam_winbind.8.xml = pam_winbind.conf.5.xml} (56%)


Changeset truncated at 500 lines:

diff --git a/docs-xml/manpages-3/pam_winbind.8.xml 
b/docs-xml/manpages-3/pam_winbind.8.xml
index f8c4375..14f4e70 100644
--- a/docs-xml/manpages-3/pam_winbind.8.xml
+++ b/docs-xml/manpages-3/pam_winbind.8.xml
@@ -62,7 +62,9 @@
file situated at
filename/etc/security/pam_winbind.conf/filename. Options
from the PAM configuration file take precedence to those from
-   the configuration file.
+   the configuration file. See
+   
citerefentryrefentrytitlepam_winbind.conf/refentrytitlemanvolnum5/manvolnum/citerefentry
+   for further details.
 
variablelist
 
@@ -231,6 +233,8 @@
 refsect1
titleSEE ALSO/title
paraciterefentry
+   refentrytitlepam_winbind.conf/refentrytitle
+   manvolnum5/manvolnum/citerefentry, citerefentry
refentrytitlewbinfo/refentrytitle
manvolnum1/manvolnum/citerefentry, citerefentry
refentrytitlewinbindd/refentrytitle
diff --git a/docs-xml/manpages-3/pam_winbind.8.xml 
b/docs-xml/manpages-3/pam_winbind.conf.5.xml
similarity index 56%
copy from docs-xml/manpages-3/pam_winbind.8.xml
copy to docs-xml/manpages-3/pam_winbind.conf.5.xml
index f8c4375..113515c 100644
--- a/docs-xml/manpages-3/pam_winbind.8.xml
+++ b/docs-xml/manpages-3/pam_winbind.conf.5.xml
@@ -1,120 +1,92 @@
 ?xml version=1.0 encoding=iso-8859-1?
 !DOCTYPE refentry PUBLIC -//Samba-Team//DTD DocBook V4.2-Based Variant 
V1.0//EN http://www.samba.org/samba/DTD/samba-doc;
-refentry id=pam_winbind.8
+refentry id=pam_winbind.conf.5
 
 refmeta
-   refentrytitlepam_winbind/refentrytitle
-   manvolnum8/manvolnum
+   refentrytitlepam_winbind.conf/refentrytitle
+   manvolnum5/manvolnum
refmiscinfo class=sourceSamba/refmiscinfo
-   refmiscinfo class=manual8/refmiscinfo
+   refmiscinfo class=manual5/refmiscinfo
refmiscinfo class=version3.6/refmiscinfo
 /refmeta
 
 
 refnamediv
-   refnamepam_winbind/refname
-   refpurposePAM module for Winbind/refpurpose
+   refnamepam_winbind.conf/refname
+   refpurposeConfiguration file of PAM module for Winbind/refpurpose
 /refnamediv
 
 refsect1
titleDESCRIPTION/title
 
-   paraThis tool is part of the 
citerefentryrefentrytitlesamba/refentrytitle
+   paraThis configuration file is part of the 
citerefentryrefentrytitlesamba/refentrytitle
manvolnum7/manvolnum/citerefentry suite./para
 
para
-   pam_winbind is a PAM module that can authenticate users against the 
local domain by talking to the Winbind daemon.
+   pam_winbind.conf is the configuration file for the pam_winbind PAM
+   module. See
+   
citerefentryrefentrytitlepam_winbind/refentrytitlemanvolnum8/manvolnum/citerefentry
+   for further details.
/para
-
 /refsect1
 
 refsect1
titleSYNOPSIS/title
 
para
-   Edit the PAM system config /etc/pam.d/service and modify it as 
the following example shows:
-   programlisting
-   ...
-   auth  requiredpam_env.so
-   auth  sufficient  pam_unix2.so
-   +++ auth  requiredpam_winbind.so  
use_first_pass
-   account   requisite   pam_unix2.so
-   +++ account   requiredpam_winbind.so  
use_first_pass
-   +++ password  sufficient  pam_winbind.so
-   password  requisite   pam_pwcheck.so  cracklib
-   password  requiredpam_unix2.so
use_authtok
-   session   requiredpam_unix2.so
-

[SCM] Samba Shared Repository - branch master updated

2009-12-18 Thread Nadezhda Ivanova

The branch, master has been updated
   via  39616c0... Added oid for AS_SYSTEM control, used to bypass access 
checks for system operations.
  from  72d68ac... s3-docs: mention pam_winbind.conf(5) manpage in 
pam_winbind(8) manpage.

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit 39616c0ea2e2268d7b403bdb5d1a1250c7e44653
Author: Nadezhda Ivanova nadezhda.ivan...@postpath.com
Date:   Fri Dec 18 15:40:11 2009 +0200

Added oid for AS_SYSTEM control, used to bypass access checks for system 
operations.

---

Summary of changes:
 source4/lib/ldb/include/ldb.h |6 ++
 1 files changed, 6 insertions(+), 0 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source4/lib/ldb/include/ldb.h b/source4/lib/ldb/include/ldb.h
index 81ec9ee..c8bfa24 100644
--- a/source4/lib/ldb/include/ldb.h
+++ b/source4/lib/ldb/include/ldb.h
@@ -477,6 +477,12 @@ typedef int (*ldb_qsort_cmp_fn_t) (void *v1, void *v2, 
void *opaque);
 */
 #define LDB_CONTROL_REVEAL_INTERNALS 1.3.6.1.4.1.7165.4.3.6
 
+/**
+   LDB_CONTROL_AS_SYSTEM is used to skip access checks on operations
+   that are performed by the system, but with a user's credentials, e.g.
+   updating prefix map
+*/
+#define LDB_CONTROL_AS_SYSTEM_OID 1.3.6.1.4.1.7165.4.3.7
 
 /**
OID for the paged results control. This control is included in the


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - branch master updated

2009-12-18 Thread Nadezhda Ivanova

The branch, master has been updated
   via  ea365af... Added freeing a successful req so it doesnt croud the 
ldb context
  from  39616c0... Added oid for AS_SYSTEM control, used to bypass access 
checks for system operations.

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit ea365af4f597fd1fb596018920040a6af49144ec
Author: Nadezhda Ivanova nadezhda.ivan...@postpath.com
Date:   Fri Dec 18 17:57:08 2009 +0200

Added freeing a successful req so it doesnt croud the ldb context

---

Summary of changes:
 source4/ldap_server/ldap_backend.c |6 --
 1 files changed, 4 insertions(+), 2 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source4/ldap_server/ldap_backend.c 
b/source4/ldap_server/ldap_backend.c
index d983a54..689fd31 100644
--- a/source4/ldap_server/ldap_backend.c
+++ b/source4/ldap_server/ldap_backend.c
@@ -206,9 +206,11 @@ static int ldb_mod_req_with_controls(struct ldb_context 
*ldb,
}
 
if (ret == LDB_SUCCESS) {
-   return ldb_transaction_commit(ldb);
+   ret = ldb_transaction_commit(ldb);
+   }
+   else {
+   ldb_transaction_cancel(ldb);
}
-   ldb_transaction_cancel(ldb);
 
talloc_free(req);
return ret;


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - branch master updated

2009-12-18 Thread Tim Prouty

The branch, master has been updated
   via  daa561d... s4 torture: Add test to show archive bit behavior with 
directories
   via  9b86923... s4 torture: Fix RAW-STREAMS-DELETE to pass against samba3
  from  ea365af... Added freeing a successful req so it doesnt croud the 
ldb context

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit daa561d75ba64f8034cd529243a4e71219b01c6f
Author: Zachary Loafman zachary.loaf...@isilon.com
Date:   Thu Dec 17 22:32:58 2009 +

s4 torture: Add test to show archive bit behavior with directories

Signed-off-by: Tim Prouty tpro...@samba.org

commit 9b869230a724dc00ea21d00a222f4eb9396a385f
Author: Tim Prouty tpro...@samba.org
Date:   Fri Dec 18 09:35:57 2009 -0800

s4 torture: Fix RAW-STREAMS-DELETE to pass against samba3

---

Summary of changes:
 source4/torture/raw/setfileinfo.c |  153 +
 source4/torture/raw/streams.c |3 +-
 2 files changed, 155 insertions(+), 1 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source4/torture/raw/setfileinfo.c 
b/source4/torture/raw/setfileinfo.c
index 42f4f32..1f8adfb 100644
--- a/source4/torture/raw/setfileinfo.c
+++ b/source4/torture/raw/setfileinfo.c
@@ -970,6 +970,158 @@ done:
return ret;
 }
 
+static bool
+torture_raw_sfileinfo_archive(struct torture_context *tctx,
+struct smbcli_state *cli)
+{
+   const char *fname = BASEDIR \\test_archive.dat;
+   NTSTATUS status;
+   bool ret = true;
+   union smb_open io;
+   union smb_setfileinfo sfinfo;
+   union smb_fileinfo finfo;
+   uint16_t fnum=0;
+   uint32_t access_mask = 0;
+
+   if (!torture_setup_dir(cli, BASEDIR)) {
+   return false;
+   }
+
+   /* cleanup */
+   smbcli_unlink(cli-tree, fname);
+
+   /*
+* create a normal file, verify archive bit
+*/
+   io.generic.level = RAW_OPEN_NTCREATEX;
+   io.ntcreatex.in.root_fid.fnum = 0;
+   io.ntcreatex.in.access_mask = SEC_RIGHTS_FILE_ALL;
+   io.ntcreatex.in.alloc_size = 0;
+   io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
+   io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_NONE;
+   io.ntcreatex.in.open_disposition = NTCREATEX_DISP_CREATE;
+   io.ntcreatex.in.create_options = 0;
+   io.ntcreatex.in.impersonation = NTCREATEX_IMPERSONATION_ANONYMOUS;
+   io.ntcreatex.in.security_flags = 0;
+   io.ntcreatex.in.fname = fname;
+   io.ntcreatex.in.flags = 0;
+   status = smb_raw_open(cli-tree, tctx, io);
+   torture_assert_ntstatus_equal_goto(tctx, status, NT_STATUS_OK,
+   ret, done, open failed);
+   fnum = io.ntcreatex.out.file.fnum;
+
+   torture_assert_int_equal(tctx,
+   io.ntcreatex.out.attrib  ~FILE_ATTRIBUTE_NONINDEXED,
+   FILE_ATTRIBUTE_ARCHIVE,
+   archive bit not set);
+
+   /*
+* try to turn off archive bit
+*/
+   ZERO_STRUCT(sfinfo);
+   sfinfo.generic.level = RAW_SFILEINFO_BASIC_INFO;
+   sfinfo.generic.in.file.fnum = fnum;
+   sfinfo.basic_info.in.attrib = FILE_ATTRIBUTE_NORMAL;
+   status = smb_raw_setfileinfo(cli-tree, sfinfo);
+   torture_assert_ntstatus_equal_goto(tctx, status, NT_STATUS_OK,
+   ret, done, setfileinfo failed);
+
+   finfo.generic.level = RAW_FILEINFO_ALL_INFO;
+   finfo.generic.in.file.fnum = fnum;
+   status = smb_raw_fileinfo(cli-tree, tctx, finfo);
+   torture_assert_ntstatus_equal_goto(tctx, status, NT_STATUS_OK,
+   ret, done, fileinfo failed);
+
+   torture_assert_int_equal(tctx,
+   finfo.all_info.out.attrib  ~FILE_ATTRIBUTE_NONINDEXED,
+   FILE_ATTRIBUTE_NORMAL,
+   archive bit set);
+
+   status = smbcli_close(cli-tree, fnum);
+   torture_assert_ntstatus_equal_goto(tctx, status, NT_STATUS_OK,
+   ret, done, close failed);
+
+   status = smbcli_unlink(cli-tree, fname);
+   torture_assert_ntstatus_equal_goto(tctx, status, NT_STATUS_OK,
+   ret, done, unlink failed);
+
+   /*
+* create a directory, verify no archive bit
+*/
+   io.generic.level = RAW_OPEN_NTCREATEX;
+   io.ntcreatex.in.root_fid.fnum = 0;
+   io.ntcreatex.in.access_mask = SEC_RIGHTS_DIR_ALL;
+   io.ntcreatex.in.alloc_size = 0;
+   io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_DIRECTORY;
+   io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_NONE;
+   io.ntcreatex.in.open_disposition = NTCREATEX_DISP_CREATE;
+   io.ntcreatex.in.create_options = NTCREATEX_OPTIONS_DIRECTORY;
+   io.ntcreatex.in.impersonation = NTCREATEX_IMPERSONATION_ANONYMOUS;
+   io.ntcreatex.in.security_flags = 0;
+   io.ntcreatex.in.fname = fname;
+   io.ntcreatex.in.flags = 0;
+   status = smb_raw_open(cli-tree, tctx, io);

[SCM] Samba Shared Repository - branch master updated

2009-12-18 Thread Jeremy Allison

The branch, master has been updated
   via  32861b9... Actually explain the twisty paths of tortured logic 
behind reply_doserror(), reply_nterror(), and reply_nterror(NT_STATUS_DOS()).
   via  0dd8c8a... reply_doserror() doesn't force DOS errors on the wire.
   via  69d26d2... reply_force_nterror() is not used anywhere. Remove it. 
Jeremy.
  from  daa561d... s4 torture: Add test to show archive bit behavior with 
directories

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit 32861b926f1beef009d475b5c903a6b703f5bc1e
Author: Jeremy Allison j...@samba.org
Date:   Fri Dec 18 14:28:22 2009 -0800

Actually explain the twisty paths of tortured logic behind
reply_doserror(), reply_nterror(), and reply_nterror(NT_STATUS_DOS()).

Fix the call in rely_openerror() to actually force a DOS error
for too many open files.

Jeremy.

commit 0dd8c8a6ffed20be89ff1c407ea1d2876bd30792
Author: Jeremy Allison j...@samba.org
Date:   Fri Dec 18 14:25:39 2009 -0800

reply_doserror() doesn't force DOS errors on the wire.

Start migrating uses of reply_doserror() to reply_nterror() with the
correct mapping. Eventually we'll get to the point where we can
change reply_doserror() to force a DOS error code on the wire,
and can change calls to reply_nterror(req, NT_STATUS_DOS()) - which *does*
force DOS errors on the wire - to reply_doserror(). Which might
actually make the server code look like it's making sense.

Jeremy.

commit 69d26d25f7f2a46e87337fa50af4ed0a1b11a2b5
Author: Jeremy Allison j...@samba.org
Date:   Fri Dec 18 14:25:07 2009 -0800

reply_force_nterror() is not used anywhere. Remove it.
Jeremy.

---

Summary of changes:
 source3/include/proto.h  |2 -
 source3/include/smb_macros.h |1 -
 source3/smbd/error.c |   56 +++--
 source3/smbd/reply.c |   20 +++---
 4 files changed, 52 insertions(+), 27 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/include/proto.h b/source3/include/proto.h
index ab74c9c..f138306 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -6277,8 +6277,6 @@ void error_packet_set(char *outbuf, uint8 eclass, uint32 
ecode, NTSTATUS ntstatu
 int error_packet(char *outbuf, uint8 eclass, uint32 ecode, NTSTATUS ntstatus, 
int line, const char *file);
 void reply_nt_error(struct smb_request *req, NTSTATUS ntstatus,
int line, const char *file);
-void reply_force_nt_error(struct smb_request *req, NTSTATUS ntstatus,
- int line, const char *file);
 void reply_dos_error(struct smb_request *req, uint8 eclass, uint32 ecode,
int line, const char *file);
 void reply_both_error(struct smb_request *req, uint8 eclass, uint32 ecode,
diff --git a/source3/include/smb_macros.h b/source3/include/smb_macros.h
index 10ee78b..a4a9ca0 100644
--- a/source3/include/smb_macros.h
+++ b/source3/include/smb_macros.h
@@ -112,7 +112,6 @@
 #define ERROR_BOTH(status,class,code) 
error_packet(outbuf,class,code,status,__LINE__,__FILE__)
 
 #define reply_nterror(req,status) reply_nt_error(req,status,__LINE__,__FILE__)
-#define reply_force_nterror(req,status) 
reply_force_nt_error(req,status,__LINE__,__FILE__)
 #define reply_doserror(req,eclass,ecode) 
reply_dos_error(req,eclass,ecode,__LINE__,__FILE__)
 #define reply_botherror(req,status,eclass,ecode) 
reply_both_error(req,eclass,ecode,status,__LINE__,__FILE__)
 
diff --git a/source3/smbd/error.c b/source3/smbd/error.c
index 279b7ba..85b4520 100644
--- a/source3/smbd/error.c
+++ b/source3/smbd/error.c
@@ -30,9 +30,35 @@ bool use_nt_status(void)
 
 /
  Create an error packet. Normally called using the ERROR() macro.
- Setting eclass and ecode only and status to NT_STATUS_OK forces DOS errors.
- Setting status only and eclass and ecode to zero forces NT errors.
- If the override errors are set they take precedence over any passed in values.
+
+ Setting eclass and ecode to zero and status to a valid NT error will
+ reply with an NT error if the client supports CAP_STATUS32, otherwise
+ it maps to and returns a DOS error if the client doesn't support CAP_STATUS32.
+ This is the normal mode of calling this function via reply_nterror(req, 
status).
+
+ Setting eclass and ecode to non-zero and status to NT_STATUS_OK (0) will map
+ from a DOS error to an NT error and reply with an NT error if the client
+ supports CAP_STATUS32, otherwise it replies with the given DOS error.
+ This is the path taken by calling reply_doserror(req, eclass, ecode).
+
+ Setting both eclass, ecode and status to non-zero values allows a non-default
+ mapping from NT error codes to DOS error codes, and will return one or the
+ other

[SCM] Samba Shared Repository - branch v3-5-test updated

2009-12-18 Thread Jeremy Allison

The branch, v3-5-test has been updated
   via  9203d8e... Actually explain the twisty paths of tortured logic 
behind reply_doserror(), reply_nterror(), and reply_nterror(NT_STATUS_DOS()).
   via  5541236... reply_doserror() doesn't force DOS errors on the wire.
   via  a29eff8... reply_force_nterror() is not used anywhere. Remove it. 
Jeremy. (cherry picked from commit 69d26d25f7f2a46e87337fa50af4ed0a1b11a2b5)
  from  038fb57... s3: re-run make samba3-idl.

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test


- Log -
commit 9203d8ecbcda32f74beca6dbf9efd4544db5789f
Author: Jeremy Allison j...@samba.org
Date:   Fri Dec 18 14:28:22 2009 -0800

Actually explain the twisty paths of tortured logic behind
reply_doserror(), reply_nterror(), and reply_nterror(NT_STATUS_DOS()).

Fix the call in rely_openerror() to actually force a DOS error
for too many open files.

Jeremy.
(cherry picked from commit 32861b926f1beef009d475b5c903a6b703f5bc1e)

commit 55412366c185f731d5815c58f06745e1f5c8debf
Author: Jeremy Allison j...@samba.org
Date:   Fri Dec 18 14:25:39 2009 -0800

reply_doserror() doesn't force DOS errors on the wire.

Start migrating uses of reply_doserror() to reply_nterror() with the
correct mapping. Eventually we'll get to the point where we can
change reply_doserror() to force a DOS error code on the wire,
and can change calls to reply_nterror(req, NT_STATUS_DOS()) - which *does*
force DOS errors on the wire - to reply_doserror(). Which might
actually make the server code look like it's making sense.

Jeremy.
(cherry picked from commit 0dd8c8a6ffed20be89ff1c407ea1d2876bd30792)

commit a29eff82703e9f309c9b1aa78581dd94d8f8dafd
Author: Jeremy Allison j...@samba.org
Date:   Fri Dec 18 14:25:07 2009 -0800

reply_force_nterror() is not used anywhere. Remove it.
Jeremy.
(cherry picked from commit 69d26d25f7f2a46e87337fa50af4ed0a1b11a2b5)

---

Summary of changes:
 source3/include/proto.h  |2 -
 source3/include/smb_macros.h |1 -
 source3/smbd/error.c |   56 +++--
 source3/smbd/reply.c |   20 +++---
 4 files changed, 52 insertions(+), 27 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/include/proto.h b/source3/include/proto.h
index eba9fd5..42d508a 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -6261,8 +6261,6 @@ void error_packet_set(char *outbuf, uint8 eclass, uint32 
ecode, NTSTATUS ntstatu
 int error_packet(char *outbuf, uint8 eclass, uint32 ecode, NTSTATUS ntstatus, 
int line, const char *file);
 void reply_nt_error(struct smb_request *req, NTSTATUS ntstatus,
int line, const char *file);
-void reply_force_nt_error(struct smb_request *req, NTSTATUS ntstatus,
- int line, const char *file);
 void reply_dos_error(struct smb_request *req, uint8 eclass, uint32 ecode,
int line, const char *file);
 void reply_both_error(struct smb_request *req, uint8 eclass, uint32 ecode,
diff --git a/source3/include/smb_macros.h b/source3/include/smb_macros.h
index 10ee78b..a4a9ca0 100644
--- a/source3/include/smb_macros.h
+++ b/source3/include/smb_macros.h
@@ -112,7 +112,6 @@
 #define ERROR_BOTH(status,class,code) 
error_packet(outbuf,class,code,status,__LINE__,__FILE__)
 
 #define reply_nterror(req,status) reply_nt_error(req,status,__LINE__,__FILE__)
-#define reply_force_nterror(req,status) 
reply_force_nt_error(req,status,__LINE__,__FILE__)
 #define reply_doserror(req,eclass,ecode) 
reply_dos_error(req,eclass,ecode,__LINE__,__FILE__)
 #define reply_botherror(req,status,eclass,ecode) 
reply_both_error(req,eclass,ecode,status,__LINE__,__FILE__)
 
diff --git a/source3/smbd/error.c b/source3/smbd/error.c
index 279b7ba..85b4520 100644
--- a/source3/smbd/error.c
+++ b/source3/smbd/error.c
@@ -30,9 +30,35 @@ bool use_nt_status(void)
 
 /
  Create an error packet. Normally called using the ERROR() macro.
- Setting eclass and ecode only and status to NT_STATUS_OK forces DOS errors.
- Setting status only and eclass and ecode to zero forces NT errors.
- If the override errors are set they take precedence over any passed in values.
+
+ Setting eclass and ecode to zero and status to a valid NT error will
+ reply with an NT error if the client supports CAP_STATUS32, otherwise
+ it maps to and returns a DOS error if the client doesn't support CAP_STATUS32.
+ This is the normal mode of calling this function via reply_nterror(req, 
status).
+
+ Setting eclass and ecode to non-zero and status to NT_STATUS_OK (0) will map
+ from a DOS error to an NT error and reply with an NT error if the client
+ supports CAP_STATUS32, otherwise it replies with the given

[SCM] SAMBA-CTDB repository - branch v3-4-ctdb updated - 3.4.2-ctdb-14-19-g19f7461

2009-12-18 Thread Michael Adam

The branch, v3-4-ctdb has been updated
   via  19f746178841c579a4db31733524f68924859262 (commit)
   via  08ef827ee483c408027ccb723c54b49504def982 (commit)
   via  6a9a4aca7762472d2cd1e930c1289314cb72a6ce (commit)
   via  494281756af631a1ea89dcb56547dc43fdf3c240 (commit)
   via  ce5ee6aa7d59bcef185be83d5f3b6cfb8d40e26d (commit)
   via  a26696918d4fcb46e19a74b57084605351e6b69b (commit)
   via  66c2268a58898033c891d14375b3f1ed25fb8b30 (commit)
   via  e76f6cd4efd8e607b0e9dae17fc0a011dbfb9601 (commit)
   via  45cc71fefa75a47c56e3714267da771b678d431d (commit)
   via  4452ca040e2d15ab5ac28787a4cffc0a650e69d2 (commit)
   via  8ba098c97b03fb45896b80ac68f2b22e3e098356 (commit)
   via  c2731e36006f54a9e000b84464ba2bf08ebbe6d7 (commit)
   via  201e6021d215d3025c0e8c26dbdb2126876ff4af (commit)
   via  6cf20428fb2d47f5c16d9e9e1f93d256442d2f65 (commit)
   via  a0f87e3cc5aaf5d4d93cd511e67fe0afee571c6c (commit)
   via  867e7ca81a00b158097d72f8d22f1b63cd872618 (commit)
   via  3247e9f96f6632180311d51f85833cd655cfff61 (commit)
   via  24ed4e16292c8cef79dc58083027ac41329d950c (commit)
   via  0793018d0d0cc7463315528e707032f88848dd7b (commit)
  from  c859996a0c424c5a7073b71dee61a43cf9ae09ef (commit)

http://gitweb.samba.org/?p=obnox/samba-ctdb.git;a=shortlog;h=v3-4-ctdb


- Log -
commit 19f746178841c579a4db31733524f68924859262
Author: Michael Adam ob...@samba.org
Date:   Thu Dec 17 13:42:34 2009 +0100

v3-4-ctdb: bump the ctdb vendor patch level to 16

Michael

commit 08ef827ee483c408027ccb723c54b49504def982
Author: Michael Adam ob...@samba.org
Date:   Sat Dec 12 00:38:14 2009 +0100

s3:dbwrap_ctdb: fix two may be used uninitialized warnings

Michael

commit 6a9a4aca7762472d2cd1e930c1289314cb72a6ce
Author: Michael Adam ob...@samba.org
Date:   Sat Dec 12 00:30:37 2009 +0100

s3:dbwrap_ctdb: fix db_ctdb_fetch_db_seqnum_from_db() when 
NT_STATUS_NOT_FOUND.

Don't treat this as an error but return seqnum 0 instead.

Michael

commit 494281756af631a1ea89dcb56547dc43fdf3c240
Author: Volker Lendecke v...@samba.org
Date:   Fri Dec 11 16:51:40 2009 +0100

s3:dbwrap: If -n is given to dbwrap_torture, open db with CLEAR_IF_FIRST

commit ce5ee6aa7d59bcef185be83d5f3b6cfb8d40e26d
Author: Michael Adam ob...@samba.org
Date:   Fri Dec 11 16:45:38 2009 +0100

s3:build: remove checks for deprecated ctdb controls.

Michael

commit a26696918d4fcb46e19a74b57084605351e6b69b
Author: Michael Adam ob...@samba.org
Date:   Fri Dec 11 14:07:28 2009 +0100

s3:dbwrap_ctdb: maintain a database sequence number that bumps in 
transactions

For persistent databases, 64bit integer is kept in a special record
__db_sequence_number__. This record is incremented with each completed
transaction.

The retry mechanism for failing TRANS3_COMMIT controls inside the
db_ctdb_transaction_commit() function now relies one a modified
behaviour of ctdbd's treatment of persistent databases in recoveries.
Recently, a special treatment for persistent databases had been
introduced in ctdb (1.0.108) to work around the problems with the
orinal design of persistent transactions.
Now with the rewrite we need to revert to the old behaviour that
ctdb always takes the newest copies of all records.

This change also paves the way for a next step, which will make
recovery use the db seqnum to tell which node has the newest copy
of a persistent db and use that node's copy. This will greatly
reduce the amount of data transferred with each recovery.

Michael

commit 66c2268a58898033c891d14375b3f1ed25fb8b30
Author: Michael Adam ob...@samba.org
Date:   Fri Dec 11 12:30:57 2009 +0100

s3:dbwrap_ctdb: change db_ctdb_transaction_store() to return NTSTATUS.

The return values calculated by the callers were wrong anyways since
the new marshalling code does not set the local tdbs tdb error code.

Michael

commit e76f6cd4efd8e607b0e9dae17fc0a011dbfb9601
Author: Michael Adam ob...@samba.org
Date:   Fri Dec 11 10:35:50 2009 +0100

s3:dbwrap_ctdb: update (C)

Michael

commit 45cc71fefa75a47c56e3714267da771b678d431d
Author: Michael Adam ob...@samba.org
Date:   Fri Dec 4 11:49:21 2009 +0100

build: Add a configure check for CTDB_CONTROL_TRANS3_COMMIT.

This is the new implementation of ctdb transactions using the
global lock feature. It is needed by the current dbwrap_ctdb code.

Michael

commit 4452ca040e2d15ab5ac28787a4cffc0a650e69d2
Author: Volker Lendecke v...@samba.org
Date:   Fri Dec 11 15:37:52 2009 +0100

s3:torture: add a test LOCAL-DBTRANS to torture dbwrap with transactions.

commit 8ba098c97b03fb45896b80ac68f2b22e3e098356
Author: Michael Adam ob...@samba.org
Date:   Thu Dec 3 17:29:54 2009 +0100

s3:dbwrap_ctdb: start rewrite of transactions

[SCM] SAMBA-CTDB repository - annotated tag 3.4.2-ctdb-15 created - 3.4.2-ctdb-15

2009-12-18 Thread Michael Adam

The annotated tag, 3.4.2-ctdb-15 has been created
at  6463c8d6d64a61eecec81f9c02f4d1c09b522d89 (tag)
   tagging  867e7ca81a00b158097d72f8d22f1b63cd872618 (commit)
  replaces  3.4.2-ctdb-14
 tagged by  Michael Adam
on  Sat Dec 19 01:43:15 2009 +0100

- Log -
release 3.4.2-ctdb-15
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEABECAAYFAkssIa0ACgkQyU9JOBhPkDQCNQCfShWM5aDSloBYmgznhznRQ/J7
xegAn15ySQi/d558lv4RfpKaqyEw9Fj6
=2Jte
-END PGP SIGNATURE-

Christian Ambach (1):
  streamline some log levels for invalid servicenames

Volker Lendecke (3):
  s3: Add net registry getvaluesraw
  s3: Correctly handle timeouts for the ping-dc operation
  v3-4-ctdb: Bump the vendor patch level to 15

---


-- 
SAMBA-CTDB repository

[SCM] SAMBA-CTDB repository - annotated tag 3.4.2-ctdb-16 created - 3.4.2-ctdb-16

2009-12-18 Thread Michael Adam

The annotated tag, 3.4.2-ctdb-16 has been created
at  873de0a04d284d00e5a33297e9ed2910241ba0dc (tag)
   tagging  19f746178841c579a4db31733524f68924859262 (commit)
  replaces  3.4.2-ctdb-15
 tagged by  Michael Adam
on  Sat Dec 19 01:44:55 2009 +0100

- Log -
release 3.4.2-ctdb-16
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEABECAAYFAkssIhMACgkQyU9JOBhPkDRqSwCZAYM0sCU7yq+zQdSJIhJJZ4cn
HTgAnjn3ZtSHKx71Jq/V+TbAOhS5m2O3
=hZJK
-END PGP SIGNATURE-

Michael Adam (9):
  s3:dbwrap_ctdb: start rewrite of transactions using the global lock 
(g_lock)
  build: Add a configure check for CTDB_CONTROL_TRANS3_COMMIT.
  s3:dbwrap_ctdb: update (C)
  s3:dbwrap_ctdb: change db_ctdb_transaction_store() to return NTSTATUS.
  s3:dbwrap_ctdb: maintain a database sequence number that bumps in 
transactions
  s3:build: remove checks for deprecated ctdb controls.
  s3:dbwrap_ctdb: fix db_ctdb_fetch_db_seqnum_from_db() when 
NT_STATUS_NOT_FOUND.
  s3:dbwrap_ctdb: fix two may be used uninitialized warnings
  v3-4-ctdb: bump the ctdb vendor patch level to 16

Volker Lendecke (6):
  s3: Add tdb_data_equal
  s3: Implement global locks in a g_lock tdb
  s3: Add ctdb_conn_msg_ctx()
  s3: setup debug for smbtorture
  s3:torture: add a test LOCAL-DBTRANS to torture dbwrap with transactions.
  s3:dbwrap: If -n is given to dbwrap_torture, open db with CLEAR_IF_FIRST

---


-- 
SAMBA-CTDB repository

[SCM] SAMBA-CTDB repository - annotated tag v3-4-ctdb-latest-release updated - 3.4.2-ctdb-16

2009-12-18 Thread Michael Adam

The annotated tag, v3-4-ctdb-latest-release has been updated
to  6e1e0787ebd1383030b7d0026d40c05c70c82d9d (tag)
  from  710b1690c1ba8bfdcd4c1e6cd66ca7fff38d025f (which is now obsolete)
   tagging  19f746178841c579a4db31733524f68924859262 (commit)
  replaces  3.4.2-ctdb-15
 tagged by  Michael Adam
on  Sat Dec 19 01:45:14 2009 +0100

- Log -
latest release tag
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEABECAAYFAkssIiUACgkQyU9JOBhPkDQprwCePZ3Z7phumPcEy/HutuA8NcaG
SEUAnig4e0fXP3WnHVWRifooRGKMb4Rb
=edXc
-END PGP SIGNATURE-

Michael Adam (9):
  s3:dbwrap_ctdb: start rewrite of transactions using the global lock 
(g_lock)
  build: Add a configure check for CTDB_CONTROL_TRANS3_COMMIT.
  s3:dbwrap_ctdb: update (C)
  s3:dbwrap_ctdb: change db_ctdb_transaction_store() to return NTSTATUS.
  s3:dbwrap_ctdb: maintain a database sequence number that bumps in 
transactions
  s3:build: remove checks for deprecated ctdb controls.
  s3:dbwrap_ctdb: fix db_ctdb_fetch_db_seqnum_from_db() when 
NT_STATUS_NOT_FOUND.
  s3:dbwrap_ctdb: fix two may be used uninitialized warnings
  v3-4-ctdb: bump the ctdb vendor patch level to 16

Volker Lendecke (6):
  s3: Add tdb_data_equal
  s3: Implement global locks in a g_lock tdb
  s3: Add ctdb_conn_msg_ctx()
  s3: setup debug for smbtorture
  s3:torture: add a test LOCAL-DBTRANS to torture dbwrap with transactions.
  s3:dbwrap: If -n is given to dbwrap_torture, open db with CLEAR_IF_FIRST

---


-- 
SAMBA-CTDB repository

Build status as of Sat Dec 19 07:00:03 2009

2009-12-18 Thread build

URL: http://build.samba.org/

--- /home/build/master/cache/broken_results.txt.old 2009-12-18 
00:00:09.0 -0700
+++ /home/build/master/cache/broken_results.txt 2009-12-19 00:00:04.0 
-0700
@@ -1,4 +1,4 @@
-Build status as of Fri Dec 18 07:00:02 2009
+Build status as of Sat Dec 19 07:00:03 2009
 
 Build counts:
 Tree Total  Broken Panic 
@@ -8,7 +8,7 @@
 ldb  33 33 0 
 libreplace   1  1  0 
 lorikeet 0  0  0 
-pidl 2  2  0 
+pidl 1  1  0 
 ppp  0  0  0 
 rsync33 12 0 
 samba-docs   0  0  0 
@@ -18,5 +18,5 @@
 samba_3_next 31 30 2 
 samba_4_0_test 33 30 0 
 talloc   33 11 0 
-tdb  30 13 0 
+tdb  31 13 0

[Samba] Samba4 Provisioning Segfault

Re: [Samba] Migrating an NT4 domain to a Samba PDC - How to limit users access to only certain machines?

[Samba] Cannot see server in win Neighborhood (again)

[Samba] Sharing violations on XP host

Re: [Samba] Cannot see server in win Neighborhood (again)

[Samba] new user can't log

Re: [Samba] Cannot see server in win Neighborhood (again)

Re: [Samba] new user can't log

[Samba] new user can't log

Re: [Samba] new user can't log

Re: [Samba] mac client: folder copy problem

Re: [Samba] mac client: folder copy problem

Re: [Samba] mac client: folder copy problem

Re: [Samba] mac client: folder copy problem

Re: [Samba] mac client: folder copy problem

Re: [Samba] mac client: folder copy problem

Re: [Samba] mac client: folder copy problem

Re: [Samba] SerNet package spool directory

[Samba] srvtools -- are these really useful?

Re: [Samba] Cannot see server in win Neighborhood (again)

[SCM] Samba Shared Repository - branch master updated

[SCM] Samba Shared Repository - branch v3-5-test updated

[SCM] Samba Shared Repository - branch v3-4-test updated

[SCM] Samba Shared Repository - branch master updated

[SCM] Samba Shared Repository - branch master updated

[SCM] Samba Shared Repository - branch master updated

[SCM] Samba Shared Repository - branch master updated

[SCM] Samba Shared Repository - branch master updated

[SCM] Samba Shared Repository - branch v3-5-test updated

[SCM] SAMBA-CTDB repository - branch v3-4-ctdb updated - 3.4.2-ctdb-14-19-g19f7461

[SCM] SAMBA-CTDB repository - annotated tag 3.4.2-ctdb-15 created - 3.4.2-ctdb-15

[SCM] SAMBA-CTDB repository - annotated tag 3.4.2-ctdb-16 created - 3.4.2-ctdb-16

[SCM] SAMBA-CTDB repository - annotated tag v3-4-ctdb-latest-release updated - 3.4.2-ctdb-16

Build status as of Sat Dec 19 07:00:03 2009

34 matches

Site Navigation

Mail list logo

Footer information