[Samba] Windows machine has to join two times
Hi, I'm running a debian lenny machine with samba (3.5.0) and OpenLDAP installed (2.4.11). When i add a machine to the domain, windows reports the following error: The specified computer account could not be found. The computer account is added to the LDAP database but without the samba attributes. The weird thing is that if i try it a second the, the samba attributes are added to the computer account and the machine successfully joins the domain. This happens with XP, Vista and Windows 7 cliënts. I have no idea why it doesn't work the first time. On the internet and in this mailing list i found other people where the samba attributes aren't added but i didn't find anyone where it does work on a second attempt. Log after the first try (fail): [2010/03/08 11:35:35.135255, 2] smbd/sesssetup.c:1390(setup_new_vc_session) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2010/03/08 11:35:35.158356, 2] smbd/sesssetup.c:1390(setup_new_vc_session) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2010/03/08 11:35:35.159037, 2] lib/smbldap.c:950(smbldap_open_connection) smbldap_open_connection: connection opened [2010/03/08 11:35:35.184862, 2] passdb/pdb_ldap.c:572(init_sam_from_ldap) init_sam_from_ldap: Entry found for user: root [2010/03/08 11:35:35.242603, 2] passdb/pdb_ldap.c:2446(init_group_from_ldap) init_group_from_ldap: Entry found for group: 513 [2010/03/08 11:35:35.246777, 2] passdb/pdb_ldap.c:2446(init_group_from_ldap) init_group_from_ldap: Entry found for group: 512 [2010/03/08 11:35:35.246893, 2] auth/auth.c:304(check_ntlm_password) check_ntlm_password: authentication for user [root] - [root] - [root] succeeded [2010/03/08 11:35:35.353990, 2] auth/auth.c:314(check_ntlm_password) check_ntlm_password: Authentication for user [qsdf] - [qsdf] FAILED with error NT_STATUS_NO_SUCH_USER [2010/03/08 11:35:35.503246, 0] rpc_server/srv_netlog_nt.c:669(_netr_ServerAuthenticate3) _netr_ServerAuthenticate3: no challenge sent to client QSDF-PC [2010/03/08 11:35:35.664174, 2] auth/auth.c:314(check_ntlm_password) check_ntlm_password: Authentication for user [qsdf] - [qsdf] FAILED with error NT_STATUS_NO_SUCH_USER [2010/03/08 11:35:35.811769, 2] rpc_server/srv_samr_nt.c:4115(_samr_LookupDomain) Returning domain sid for domain SAMBADOM - S-1-5-21-2536920342-1981552595-828935944 Log after the second time: [2010/03/08 12:05:27.002217, 2] smbd/sesssetup.c:1390(setup_new_vc_session) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2010/03/08 12:05:27.005300, 2] smbd/sesssetup.c:1390(setup_new_vc_session) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2010/03/08 12:05:27.005945, 2] lib/smbldap.c:950(smbldap_open_connection) smbldap_open_connection: connection opened [2010/03/08 12:05:27.021907, 2] passdb/pdb_ldap.c:572(init_sam_from_ldap) init_sam_from_ldap: Entry found for user: root [2010/03/08 12:05:27.087024, 2] passdb/pdb_ldap.c:2446(init_group_from_ldap) init_group_from_ldap: Entry found for group: 513 [2010/03/08 12:05:27.093436, 2] passdb/pdb_ldap.c:2446(init_group_from_ldap) init_group_from_ldap: Entry found for group: 512 [2010/03/08 12:05:27.093545, 2] auth/auth.c:304(check_ntlm_password) check_ntlm_password: authentication for user [root] - [root] - [root] succeeded [2010/03/08 12:05:27.144319, 2] auth/auth.c:314(check_ntlm_password) check_ntlm_password: Authentication for user [qsdf] - [qsdf] FAILED with error NT_STATUS_NO_SUCH_USER [2010/03/08 12:05:27.261506, 0] rpc_server/srv_netlog_nt.c:669(_netr_ServerAuthenticate3) _netr_ServerAuthenticate3: no challenge sent to client QSDF-PC [2010/03/08 12:05:27.392859, 2] auth/auth.c:314(check_ntlm_password) check_ntlm_password: Authentication for user [qsdf] - [qsdf] FAILED with error NT_STATUS_NO_SUCH_USER [2010/03/08 12:05:27.488414, 2] rpc_server/srv_samr_nt.c:4115(_samr_LookupDomain) Returning domain sid for domain SAMBADOM - S-1-5-21-2536920342-1981552595-828935944 [2010/03/08 12:05:27.505219, 2] lib/smbldap_util.c:277(smbldap_search_domain_info) smbldap_search_domain_info: Searching for:[((objectClass=sambaDomain)(sambaDomainName=SAMBADOM))] [2010/03/08 12:05:27.592142, 2] passdb/pdb_ldap.c:1200(init_ldap_from_sam) init_ldap_from_sam: Setting entry for user: QSDF-PC$ [2010/03/08 12:05:27.633889, 2] passdb/pdb_ldap.c:2384(ldapsam_add_sam_account) ldapsam_add_sam_account: added: uid == QSDF-PC$ in the LDAP database [2010/03/08 12:05:27.640585, 2] passdb/pdb_ldap.c:572(init_sam_from_ldap) init_sam_from_ldap: Entry found for user: qsdf-pc$ [2010/03/08 12:05:27.647470, 2] passdb/pdb_ldap.c:572(init_sam_from_ldap) init_sam_from_ldap: Entry found for user: qsdf-pc$ [2010/03/08 12:05:27.663073, 2] passdb/pdb_ldap.c:572(init_sam_from_ldap) init_sam_from_ldap: Entry found for user: qsdf-pc$ [2010/03/08 12:05:27.663625,
Re: [Samba] New Domain Controler (PDC) and Windows Profiles
Hi there Gaiseric, Just to clarify, you are using local profiles? There is not profile share on the server and the profile types on the PC's show up as local not roaming yes it is local profile, and the machines still added to the server, Does the new samba PDC have the same SID as the old one? Did you have rejoin the machines to the domain? My guess is the PC's think it is a new domain, therefore new user, therefore a new profile. ok, I think thats the point. the SID isnt the same, but by now I cant figure out how to set the same SID. can u tell me how to do this ? []´s PedRib --- Em ter, 9/3/10, Gaiseric Vandal gaiseric.van...@gmail.com escreveu: De: Gaiseric Vandal gaiseric.van...@gmail.com Assunto: Re: [Samba] New Domain Controler (PDC) and Windows Profiles Para: samba@lists.samba.org Data: Terça-feira, 9 de Março de 2010, 11:53 Just to clarify, you are using local profiles? There is not profile share on the server and the profile types on the PC's show up as local not roaming Does the new samba PDC have the same SID as the old one? Did you have rejoin the machines to the domain? My guess is the PC's think it is a new domain, therefore new user, therefore a new profile. On 03/09/2010 08:37 AM, Pedro Ribeiro wrote: Cheers ! My name is Pedro Ribeiro and I´m new here, but not so new with samba. I have a question about new domain and what occurs with windows profiles. I had a samba PDC that worked fine, but it´s broke now, so I created another samba PDC, with the same configs, but when an user try to login, a new profile is configured. How can I create a samba PDC where a windows station can login and load the proper local profile ? -- PedRib Veja quais são os assuntos do momento no Yahoo! +Buscados http://br.maisbuscados.yahoo.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba Veja quais são os assuntos do momento no Yahoo! +Buscados http://br.maisbuscados.yahoo.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] New Domain Controler (PDC) and Windows Profiles
On the OLD server you ideally would have typed net getdomainsid net getlocalsid (I think you could have also used pdbedit or smbpasswd or smbpasswd -w to get this info.) The resulting SID should be the same same. On the new machine you would then type net setdomainsid SID net setlocalsid SID You should also be able to on each workstation try the following - delete (or maybe rename) the new profile - check the permissions on the old profile to make sure that it is owned by the appropriate user. So if you are user Jsmith from MYDOMAIN, when you log into a PC it should look for a profile directory called jsmith. If for some reason that profile directory is owned by another user, it would then create a directory called MYDOMAIN.jsmith. If that doesn't work you can always copy the contents from the old profile directory into the new one and then make sure you do a reset of the permissions. On 03/09/2010 10:05 AM, Pedro Ribeiro wrote: Hi there Gaiseric, Just to clarify, you are using local profiles? There is not profile share on the server and the profile types on the PC's show up as local not roaming yes it is local profile, and the machines still added to the server, Does the new samba PDC have the same SID as the old one? Did you have rejoin the machines to the domain? My guess is the PC's think it is a new domain, therefore new user, therefore a new profile. ok, I think thats the point. the SID isnt the same, but by now I cant figure out how to set the same SID. can u tell me how to do this ? []´s PedRib --- Em ter, 9/3/10, Gaiseric Vandalgaiseric.van...@gmail.com escreveu: De: Gaiseric Vandalgaiseric.van...@gmail.com Assunto: Re: [Samba] New Domain Controler (PDC) and Windows Profiles Para: samba@lists.samba.org Data: Terça-feira, 9 de Março de 2010, 11:53 Just to clarify, you are using local profiles? There is not profile share on the server and the profile types on the PC's show up as local not roaming Does the new samba PDC have the same SID as the old one? Did you have rejoin the machines to the domain? My guess is the PC's think it is a new domain, therefore new user, therefore a new profile. On 03/09/2010 08:37 AM, Pedro Ribeiro wrote: Cheers ! My name is Pedro Ribeiro and I´m new here, but not so new with samba. I have a question about new domain and what occurs with windows profiles. I had a samba PDC that worked fine, but it´s broke now, so I created another samba PDC, with the same configs, but when an user try to login, a new profile is configured. How can I create a samba PDC where a windows station can login and load the proper local profile ? -- PedRib Veja quais são os assuntos do momento no Yahoo! +Buscados http://br.maisbuscados.yahoo.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Windows machine has to join two times
On 2010-03-09 at 08:57 +0100 toonverdo...@dommel.be sent off: I'm running a debian lenny machine with samba (3.5.0) and OpenLDAP installed (2.4.11). When i add a machine to the domain, windows reports the following error: The specified computer account could not be found. The computer account is added to the LDAP database but without the samba attributes. The weird thing is that if i try it a second the, the samba attributes are added to the computer account and the machine successfully joins the domain. This happens with XP, Vista and Windows 7 cliënts. I have no idea why it doesn't work the first time. make sure to invoke nscd -i passwd at the end of your add machine/user script and maybe sleep a second. Björn -- SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen phone: +49-551-37-0, fax: +49-551-37-9 AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen pgpXvKtw6TVld.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] New Domain Controler (PDC) and Windows Profiles
Just to clarify, you are using local profiles? There is not profile share on the server and the profile types on the PC's show up as local not roaming Does the new samba PDC have the same SID as the old one? Did you have rejoin the machines to the domain? My guess is the PC's think it is a new domain, therefore new user, therefore a new profile. On 03/09/2010 08:37 AM, Pedro Ribeiro wrote: Cheers ! My name is Pedro Ribeiro and I´m new here, but not so new with samba. I have a question about new domain and what occurs with windows profiles. I had a samba PDC that worked fine, but it´s broke now, so I created another samba PDC, with the same configs, but when an user try to login, a new profile is configured. How can I create a samba PDC where a windows station can login and load the proper local profile ? -- PedRib Veja quais são os assuntos do momento no Yahoo! +Buscados http://br.maisbuscados.yahoo.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] NMB is flooding logfile
Hello, I have a litle strnge problem with 3.0.23d on a SuSE 10.2. In Messages, I have hundreds of Messages like: = Mar 9 14:59:19 v-gate nmbd[3664]: [2010/03/09 14:59:19, 0] nmbd/nmbd_incomingrequests.c:process_name_refresh_request(172) Mar 9 14:59:19 v-gate nmbd[3664]: process_name_refresh_request: unicast name registration request received for name VXP00 from IP 10.17.28.1 on subnet UNICAST_SUBNET. Mar 9 14:59:19 v-gate nmbd[3664]: [2010/03/09 14:59:19, 0] nmbd/nmbd_incomingrequests.c:process_name_refresh_request(173) Mar 9 14:59:19 v-gate nmbd[3664]: Error - should be sent to WINS server Mar 9 14:59:19 v-gate nmbd[3664]: [2010/03/09 14:59:19, 0] nmbd/nmbd_incomingrequests.c:process_name_refresh_request(172) Mar 9 14:59:19 v-gate nmbd[3664]: process_name_refresh_request: unicast name registration request received for name WORKGROUP00 from IP 10.17.28.1 on subnet UNICAST_SUBNET. Mar 9 14:59:19 v-gate nmbd[3664]: [2010/03/09 14:59:19, 0] nmbd/nmbd_incomingrequests.c:process_name_refresh_request(173) Mar 9 14:59:19 v-gate nmbd[3664]: Error - should be sent to WINS server I don't know the cause for this Messages. Here my smb.conf: [global] ; speed optimierungen socket options = TCP_NODELAY share modes = no debug level = 0 getwd cache = yes preserve case = yes encrypt passwords = no printing = cups printcap name = cups printcap cache time = 750 cups options = raw smb ports = 139 local master = no ; - same as umask 2 create mask = 0775 ; - disconnect after N minutes inactive dead time = 300 ; - check whether clients are alive [seconds] keep alive = 300 ; - may delete readonly files delete readonly = yes ; - logfiles grow up to N kByte max log size = 100 ; - don't map archive bit to execute bit map archive = no ; - umask 2 setting for files and directories create mask = 0775 directory mask = 0775 ; - do NOT use oplocks oplocks = false ; - WINS support wins support = yes preferred master = yes os level = 32 ; wins server = gate name resolve order = wins host bcast security = user == The Network is small, only the suse 10.2, a WIN-XP Professional an a Network printer. Does anybody know what causes this messages? Regards Daniel -- Daniel Spannbauer Software Entwicklung marco Systemanalyse und Entwicklung GmbH Tel +49 8333 9233-27 Fax -11 Rechbergstr. 4 - 6, D 87727 Babenhausen Mobil +49 171 4033220 http://www.marco.de/ Email d...@marco.de Geschäftsführer Martin Reuter HRB 171775 Amtsgericht München -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] New Domain Controler (PDC) and Windows Profiles
Cheers ! My name is Pedro Ribeiro and I´m new here, but not so new with samba. I have a question about new domain and what occurs with windows profiles. I had a samba PDC that worked fine, but it´s broke now, so I created another samba PDC, with the same configs, but when an user try to login, a new profile is configured. How can I create a samba PDC where a windows station can login and load the proper local profile ? -- PedRib Veja quais são os assuntos do momento no Yahoo! +Buscados http://br.maisbuscados.yahoo.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] New Domain Controler (PDC) and Windows Profiles
On Tue, 2010-03-09 at 07:05 -0800, Pedro Ribeiro wrote: Hi there Gaiseric, Does the new samba PDC have the same SID as the old one? Did you have rejoin the machines to the domain? My guess is the PC's think it is a new domain, therefore new user, therefore a new profile. ok, I think thats the point. the SID isnt the same, but by now I cant figure out how to set the same SID. can u tell me how to do this ? net setlocalsid S-1-5-21-x-y-z -- Adam Tauno Williams awill...@whitemice.org LPIC-1, Novell CLA http://www.whitemiceconsulting.com OpenGroupware, Cyrus IMAPd, Postfix, OpenLDAP, Samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] NMB is flooding logfile
Daniel, It looks like you have both wins support and wins server configured. From the rest of your smb.conf, it appears you want wins support = Yes, so try disabling the wins server = gate. Ensure that your XP system knows where to find the WINS server. You might even be able to do the same for your network printer. The source of your log problem can probably be deduced by knowing which system has ip 10.17.28.1. http://old.nabble.com/Error-should-be-sent-to-WINS-server-td8938043.html Dale On 03/09/2010 8:06 AM, Daniel Spannbauer wrote: Hello, I have a litle strnge problem with 3.0.23d on a SuSE 10.2. In Messages, I have hundreds of Messages like: = Mar 9 14:59:19 v-gate nmbd[3664]: [2010/03/09 14:59:19, 0] nmbd/nmbd_incomingrequests.c:process_name_refresh_request(172) Mar 9 14:59:19 v-gate nmbd[3664]: process_name_refresh_request: unicast name registration request received for name VXP00 from IP 10.17.28.1 on subnet UNICAST_SUBNET. Mar 9 14:59:19 v-gate nmbd[3664]: [2010/03/09 14:59:19, 0] nmbd/nmbd_incomingrequests.c:process_name_refresh_request(173) Mar 9 14:59:19 v-gate nmbd[3664]: Error - should be sent to WINS server Mar 9 14:59:19 v-gate nmbd[3664]: [2010/03/09 14:59:19, 0] nmbd/nmbd_incomingrequests.c:process_name_refresh_request(172) Mar 9 14:59:19 v-gate nmbd[3664]: process_name_refresh_request: unicast name registration request received for name WORKGROUP00 from IP 10.17.28.1 on subnet UNICAST_SUBNET. Mar 9 14:59:19 v-gate nmbd[3664]: [2010/03/09 14:59:19, 0] nmbd/nmbd_incomingrequests.c:process_name_refresh_request(173) Mar 9 14:59:19 v-gate nmbd[3664]: Error - should be sent to WINS server I don't know the cause for this Messages. Here my smb.conf: [global] ; speed optimierungen socket options = TCP_NODELAY share modes = no debug level = 0 getwd cache = yes preserve case = yes encrypt passwords = no printing = cups printcap name = cups printcap cache time = 750 cups options = raw smb ports = 139 local master = no ; - same as umask 2 create mask = 0775 ; - disconnect after N minutes inactive dead time = 300 ; - check whether clients are alive [seconds] keep alive = 300 ; - may delete readonly files delete readonly = yes ; - logfiles grow up to N kByte max log size = 100 ; - don't map archive bit to execute bit map archive = no ; - umask 2 setting for files and directories create mask = 0775 directory mask = 0775 ; - do NOT use oplocks oplocks = false ; - WINS support *wins support = yes * preferred master = yes os level = 32 ; *wins server = gate * name resolve order = wins host bcast security = user == The Network is small, only the suse 10.2, a WIN-XP Professional an a Network printer. Does anybody know what causes this messages? Regards Daniel -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] NMB is flooding logfile
Dale Schroeder schrieb: Daniel, It looks like you have both wins support and wins server configured. From the rest of your smb.conf, it appears you want wins support = Yes, so try disabling the wins server = gate. Ensure that your XP system knows where to find the WINS server. You might even be able to do the same for your network printer. The source of your log problem can probably be deduced by knowing which system has ip 10.17.28.1. http://old.nabble.com/Error-should-be-sent-to-WINS-server-td8938043.html Dale Hello Dale, the IP 10.17.28.1 is the XP-Machine. I think I simply disable the winssupport completly. Thanks Daniel On 03/09/2010 8:06 AM, Daniel Spannbauer wrote: Hello, I have a litle strnge problem with 3.0.23d on a SuSE 10.2. In Messages, I have hundreds of Messages like: = Mar 9 14:59:19 v-gate nmbd[3664]: [2010/03/09 14:59:19, 0] nmbd/nmbd_incomingrequests.c:process_name_refresh_request(172) Mar 9 14:59:19 v-gate nmbd[3664]: process_name_refresh_request: unicast name registration request received for name VXP00 from IP 10.17.28.1 on subnet UNICAST_SUBNET. Mar 9 14:59:19 v-gate nmbd[3664]: [2010/03/09 14:59:19, 0] nmbd/nmbd_incomingrequests.c:process_name_refresh_request(173) Mar 9 14:59:19 v-gate nmbd[3664]: Error - should be sent to WINS server Mar 9 14:59:19 v-gate nmbd[3664]: [2010/03/09 14:59:19, 0] nmbd/nmbd_incomingrequests.c:process_name_refresh_request(172) Mar 9 14:59:19 v-gate nmbd[3664]: process_name_refresh_request: unicast name registration request received for name WORKGROUP00 from IP 10.17.28.1 on subnet UNICAST_SUBNET. Mar 9 14:59:19 v-gate nmbd[3664]: [2010/03/09 14:59:19, 0] nmbd/nmbd_incomingrequests.c:process_name_refresh_request(173) Mar 9 14:59:19 v-gate nmbd[3664]: Error - should be sent to WINS server I don't know the cause for this Messages. Here my smb.conf: [global] ; speed optimierungen socket options = TCP_NODELAY share modes = no debug level = 0 getwd cache = yes preserve case = yes encrypt passwords = no printing = cups printcap name = cups printcap cache time = 750 cups options = raw smb ports = 139 local master = no ; - same as umask 2 create mask = 0775 ; - disconnect after N minutes inactive dead time = 300 ; - check whether clients are alive [seconds] keep alive = 300 ; - may delete readonly files delete readonly = yes ; - logfiles grow up to N kByte max log size = 100 ; - don't map archive bit to execute bit map archive = no ; - umask 2 setting for files and directories create mask = 0775 directory mask = 0775 ; - do NOT use oplocks oplocks = false ; - WINS support *wins support = yes * preferred master = yes os level = 32 ; *wins server = gate * name resolve order = wins host bcast security = user == The Network is small, only the suse 10.2, a WIN-XP Professional an a Network printer. Does anybody know what causes this messages? Regards Daniel -- Daniel Spannbauer Software Entwicklung marco Systemanalyse und Entwicklung GmbH Tel +49 8333 9233-27 Fax -11 Rechbergstr. 4 - 6, D 87727 Babenhausen Mobil +49 171 4033220 http://www.marco.de/ Email d...@marco.de Geschäftsführer Martin Reuter HRB 171775 Amtsgericht München -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Active Directory domain controller authentication order
Hello, I'm curious if anybody knows how to configure the order in which domain controllers are contacted by clients for authentication purposes and other such stuff. I've a situation where it seems that all our Windows computers are attempting to authenticate off of a remote server before the local one, which is backwards. I'm not even certain where to check what they are actually attempting to authenticate against, but whenever a VPN tunnel we have to an upstream office breaks, logins and file share browsing and other stuff slows to a crawl. Thanks for any hints, -- Casey Allen Shobe ca...@shobe.info -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Active Directory domain controller authentication order
Make sure the subnets in AD Sites and Services are correctly configured. I believe they perform to functions: 1. To control DC replication traffic between sites. 2. To make clients authenticate with local domain controllers first. Thanks David -Original Message- From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] On Behalf Of Casey Allen Shobe Sent: Tuesday, March 09, 2010 3:31 PM To: samba@lists.samba.org Subject: [Samba] Active Directory domain controller authentication order Hello, I'm curious if anybody knows how to configure the order in which domain controllers are contacted by clients for authentication purposes and other such stuff. I've a situation where it seems that all our Windows computers are attempting to authenticate off of a remote server before the local one, which is backwards. I'm not even certain where to check what they are actually attempting to authenticate against, but whenever a VPN tunnel we have to an upstream office breaks, logins and file share browsing and other stuff slows to a crawl. Thanks for any hints, -- Casey Allen Shobe ca...@shobe.info -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Active Directory domain controller authentication order
Hi, Casey Allen Shobe wrote: which is backwards. I'm not even certain where to check what they are actually attempting to authenticate against, echo %LOGONSERVER% at the DOS prompt will tell you. but whenever a VPN tunnel we have to an upstream office breaks, logins and file share browsing and other stuff slows to a crawl. I believe that you can use the option init logon delay To forcibly make remote Sambas announce reply more slowly to broadcasts and make them less likely to become the logon server. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Active Directory domain controller authentication order
Thanks, I've found the following, as I only have read-only access to the sites and services stuff: * Our subnet is associated with our site definition. * Under our site -- Servers, only the local domain controller is listed. I also googled around and found out about set l on the command line, which shows our local DC. But I'm not sure how useful this is, because the VPN tunnel has been broken for a couple days and the logins are more recent than that. On Tue, Mar 9, 2010 at 3:38 PM, Vaudo, David dva...@bentley.edu wrote: Make sure the subnets in AD Sites and Services are correctly configured. I believe they perform to functions: 1. To control DC replication traffic between sites. 2. To make clients authenticate with local domain controllers first. Thanks David -Original Message- From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] On Behalf Of Casey Allen Shobe Sent: Tuesday, March 09, 2010 3:31 PM To: samba@lists.samba.org Subject: [Samba] Active Directory domain controller authentication order Hello, I'm curious if anybody knows how to configure the order in which domain controllers are contacted by clients for authentication purposes and other such stuff. I've a situation where it seems that all our Windows computers are attempting to authenticate off of a remote server before the local one, which is backwards. I'm not even certain where to check what they are actually attempting to authenticate against, but whenever a VPN tunnel we have to an upstream office breaks, logins and file share browsing and other stuff slows to a crawl. Thanks for any hints, -- Casey Allen Shobe ca...@shobe.info -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- Casey Allen Shobe ca...@shobe.info -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Active Directory domain controller authentication order
Set will tell you which logon server has handled the clients logon. Look for LOGONSERVER: There could be something wrong with our local DC. Run DCDIAG and check the event viewer for errors in directory service and DNS. From: Casey Allen Shobe [mailto:ca...@shobe.info] Sent: Tuesday, March 09, 2010 4:12 PM To: Vaudo, David Cc: samba@lists.samba.org Subject: Re: [Samba] Active Directory domain controller authentication order Thanks, I've found the following, as I only have read-only access to the sites and services stuff: * Our subnet is associated with our site definition. * Under our site -- Servers, only the local domain controller is listed. I also googled around and found out about set l on the command line, which shows our local DC. But I'm not sure how useful this is, because the VPN tunnel has been broken for a couple days and the logins are more recent than that. On Tue, Mar 9, 2010 at 3:38 PM, Vaudo, David dva...@bentley.edumailto:dva...@bentley.edu wrote: Make sure the subnets in AD Sites and Services are correctly configured. I believe they perform to functions: 1. To control DC replication traffic between sites. 2. To make clients authenticate with local domain controllers first. Thanks David -Original Message- From: samba-boun...@lists.samba.orgmailto:samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.orgmailto:samba-boun...@lists.samba.org] On Behalf Of Casey Allen Shobe Sent: Tuesday, March 09, 2010 3:31 PM To: samba@lists.samba.orgmailto:samba@lists.samba.org Subject: [Samba] Active Directory domain controller authentication order Hello, I'm curious if anybody knows how to configure the order in which domain controllers are contacted by clients for authentication purposes and other such stuff. I've a situation where it seems that all our Windows computers are attempting to authenticate off of a remote server before the local one, which is backwards. I'm not even certain where to check what they are actually attempting to authenticate against, but whenever a VPN tunnel we have to an upstream office breaks, logins and file share browsing and other stuff slows to a crawl. Thanks for any hints, -- Casey Allen Shobe ca...@shobe.infomailto:ca...@shobe.info -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- Casey Allen Shobe ca...@shobe.infomailto:ca...@shobe.info -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] New Domain Controler (PDC) and Windows Profiles
thanks a lot people, the tips worked fine for me, ty, PedRib --- Em ter, 9/3/10, Gaiseric Vandal gaiseric.van...@gmail.com escreveu: De: Gaiseric Vandal gaiseric.van...@gmail.com Assunto: Re: [Samba] New Domain Controler (PDC) and Windows Profiles Para: samba@lists.samba.org Data: Terça-feira, 9 de Março de 2010, 12:17 On the OLD server you ideally would have typed net getdomainsid net getlocalsid (I think you could have also used pdbedit or smbpasswd or smbpasswd -w to get this info.) The resulting SID should be the same same. On the new machine you would then type net setdomainsid SID net setlocalsid SID You should also be able to on each workstation try the following - delete (or maybe rename) the new profile - check the permissions on the old profile to make sure that it is owned by the appropriate user. So if you are user Jsmith from MYDOMAIN, when you log into a PC it should look for a profile directory called jsmith. If for some reason that profile directory is owned by another user, it would then create a directory called MYDOMAIN.jsmith. If that doesn't work you can always copy the contents from the old profile directory into the new one and then make sure you do a reset of the permissions. On 03/09/2010 10:05 AM, Pedro Ribeiro wrote: Hi there Gaiseric, Just to clarify, you are using local profiles? There is not profile share on the server and the profile types on the PC's show up as local not roaming yes it is local profile, and the machines still added to the server, Does the new samba PDC have the same SID as the old one? Did you have rejoin the machines to the domain? My guess is the PC's think it is a new domain, therefore new user, therefore a new profile. ok, I think thats the point. the SID isnt the same, but by now I cant figure out how to set the same SID. can u tell me how to do this ? []´s PedRib --- Em ter, 9/3/10, Gaiseric Vandalgaiseric.van...@gmail.com escreveu: De: Gaiseric Vandalgaiseric.van...@gmail.com Assunto: Re: [Samba] New Domain Controler (PDC) and Windows Profiles Para: samba@lists.samba.org Data: Terça-feira, 9 de Março de 2010, 11:53 Just to clarify, you are using local profiles? There is not profile share on the server and the profile types on the PC's show up as local not roaming Does the new samba PDC have the same SID as the old one? Did you have rejoin the machines to the domain? My guess is the PC's think it is a new domain, therefore new user, therefore a new profile. On 03/09/2010 08:37 AM, Pedro Ribeiro wrote: Cheers ! My name is Pedro Ribeiro and I´m new here, but not so new with samba. I have a question about new domain and what occurs with windows profiles. I had a samba PDC that worked fine, but it´s broke now, so I created another samba PDC, with the same configs, but when an user try to login, a new profile is configured. How can I create a samba PDC where a windows station can login and load the proper local profile ? -- PedRib Veja quais são os assuntos do momento no Yahoo! +Buscados http://br.maisbuscados.yahoo.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba Veja quais são os assuntos do momento no Yahoo! +Buscados http://br.maisbuscados.yahoo.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Backup files from Windows application
Hello, I'm using sama 3.0.24 on linux machine that serves a share for a windows client. When editing a file on samba, using MS Word I can see there are severals (probably) backup files. ls looks like this: Dotaznik1.doc ~$taznik1.doc ~WRD.tmp ~WRD0001.tmp ~WRD0002.tmp ~WRD0003.tmp ~WRD0004.tmp These files do not disappear after I quit the Word. This does not happen if I edit the files locally, the backup files are created but deleted after application quits. Is it something samba related? the share looks like: [uvt] comment = UVT For testing browseable = yes writable = yes path = /mnt/export2/smb/UVT guest ok = no create mask = 0644 directory mask = 0755 public = yes valid users = some users -- Lukáš Hejtmánek -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Setting up LDAP Authentification - Tree design/search scope
On Mon, 2010-03-08 at 11:04 -0500, Gaiseric Vandal wrote: smb.conf will list where samba searches in ldap. ldap suffix=o=abc.com ldap user suffix=ou=employees,ou=people ldap group suffix = ou=groups ldap machine suffix=ou=machines,ou=people I think the main challenge will be configuring access control lists. If you have a server you only want accessed by employees, you would set the ldap user suffix parameter in smb.conf appropriately. We've parented all of Samba related 'stuff' under ou=SAM,$BASE, so we have ou=SAM,$BASE ou=Entities,ou=SAM,$BASE ou=People,ou=Entities,ou=SAM,$BASE ou=System Account,ou=Entities,ou=SAM,$BASE ou=Groups,ou=SAM,$BASE Because very different ACLs typically apply to these three types of objects (users, system accounts, and groups) But in terms of an address book, if someone has an LDAP address book client (e.g. thunderbird) you can't prevent them from trying to recursively query ou=people,) vs ou=students.You can advise end users whether they should set up two LDAP address books (students vs employees) rather than one top level people one.From the end user pespective, a single LDAP directory will probably be simpler. True; or all non-related entries can simply be hidden from the clients. Or, the simplest solution, is it use a virtual root to 'glob' any objects [and just the specific attributes] that an addressbook consumer would want to see. OpenLDAP provides excellent support for partitioning, federating, and creating virtual (remapped) partitions. Aside: Although in the end I think you'll find LDAP makes a very crappy addressbook soluton. I also suspect that LDAP attributes may not be restricted by default as much as they should be. Yep; you'll find most sites [in-my-experience] to have severely neglected the confguration of their DSA once they reach got-it-working status. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Active Directory domain controller authentication order
I'm having the same problem with the wrong DC being used. I think it might be the Kerberos setup on the Unix box that's at fault, as it only points to the offsite DC not the local one, though it could allow for multiple. Our support organisation is investigating ... On Wed 10/03/10 7:51 AM , Vaudo, David dva...@bentley.edu sent: Set will tell you which logon server has handled the clients logon. Look for LOGONSERVER: There could be something wrong with our local DC. Run DCDIAG and check the event viewer for errors in directory service and DNS. From: Casey Allen Shobe [ca...@shobe.info [1]] Sent: Tuesday, March 09, 2010 4:12 PM To: Vaudo, David Cc: samba@lists.samba.org [2] Subject: Re: [Samba] Active Directory domain controller authentication order Thanks, I've found the following, as I only have read-only access to the sites and services stuff: * Our subnet is associated with our site definition. * Under our site -- Servers, only the local domain controller is listed. I also googled around and found out about set l on the command line, which shows our local DC. But I'm not sure how useful this is, because the VPN tunnel has been broken for a couple days and the logins are more recent than that. On Tue, Mar 9, 2010 at 3:38 PM, Vaudo, David wrote: Make sure the subnets in AD Sites and Services are correctly configured. I believe they perform to functions: 1. To control DC replication traffic between sites. 2. To make clients authenticate with local domain controllers first. Thanks David -Original Message- From: samba-boun...@lists.samba.org [samba-boun...@lists.samba.org [5]] On Behalf Of Casey Allen Shobe Sent: Tuesday, March 09, 2010 3:31 PM To: samba@lists.samba.org Subject: [Samba] Active Directory domain controller authentication order Hello, I'm curious if anybody knows how to configure the order in which domain controllers are contacted by clients for authentication purposes and other such stuff. I've a situation where it seems that all our Windows computers are attempting to authenticate off of a remote server before the local one, which is backwards. I'm not even certain where to check what they are actually attempting to authenticate against, but whenever a VPN tunnel we have to an upstream office breaks, logins and file share browsing and other stuff slows to a crawl. Thanks for any hints, -- Casey Allen Shobe ca...@shobe.info -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba [9] -- Casey Allen Shobe ca...@shobe.info -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba [11] Links: -- [1] mailto:ca...@shobe.info [2] mailto:samba@lists.samba.org [3] mailto:dva...@bentley.edu [4] mailto:samba-boun...@lists.samba.org [5] mailto:samba-boun...@lists.samba.org [6] mailto:samba-boun...@lists.samba.org [7] mailto:samba@lists.samba.org [8] mailto:ca...@shobe.info [9] https://lists.samba.org/mailman/options/samba [10] mailto:ca...@shobe.info [11] https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] major upgrade to 3.5.1, major problem
Just upgraded a Samba PDC from 3.0.32 to 3.5.1. The good news - it is running - the bad news - probably on life support. All seemed well until I started getting messages on some Windows clients that the domain was not available - if your credentials were not cached you could not log in - if they were everything seemed to work. The test: nmblookup -B BIGSERVER __SAMBA__ failed (yes, I replaced BIGSERVER with the proper PDC name) The test: nmblookup -M testgroup also failed. But if your credentials were cached, you could login, the netlogon scripts would run, the shared directories and printers were available,etc. A restart makes everything right (the tests above will produce correct info and the domain will be available) - for anywhere from a few minutes to an hour or so but at some point samba will lose its head and the domain will be unavailable. Assistance is greatly appreciated. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] major upgrade to 3.5.1, major problem
On Tue, Mar 09, 2010 at 10:45:39PM -0500, Chris Smith wrote: Just upgraded a Samba PDC from 3.0.32 to 3.5.1. The good news - it is running - the bad news - probably on life support. All seemed well until I started getting messages on some Windows clients that the domain was not available - if your credentials were not cached you could not log in - if they were everything seemed to work. The test: nmblookup -B BIGSERVER __SAMBA__ failed (yes, I replaced BIGSERVER with the proper PDC name) The test: nmblookup -M testgroup also failed. But if your credentials were cached, you could login, the netlogon scripts would run, the shared directories and printers were available,etc. A restart makes everything right (the tests above will produce correct info and the domain will be available) - for anywhere from a few minutes to an hour or so but at some point samba will lose its head and the domain will be unavailable. Assistance is greatly appreciated. There were some changes that went into nmbd in 3.5.x to allow it to run correctly on a box with bind interfaces only set. Can you post your smb.conf ? Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] major upgrade to 3.5.1, major problem
On Tue, Mar 9, 2010 at 11:09 PM, Jeremy Allison j...@samba.org wrote: There were some changes that went into nmbd in 3.5.x to allow it to run correctly on a box with bind interfaces only set. Can you post your smb.conf ? Here it is: = [global] name resolve order = host wins bcast enable privileges = Yes strict locking = No host msdfs = no show add printer wizard = Yes time server = Yes passwd program = /usr/bin/passwd %u msdfs root = no cups options = raw netbios name = BIONAME printing = cups max wins ttl = 86400 logon script = scripts\agents.bat local master = Yes workgroup = WRKGRP os level = 32 printcap name = cups security = user add machine script = /usr/sbin/useradd -d /dev/null -g 'nofiles' -c 'Machine Account' -s /bin/false '%u' min wins ttl = 3600 max log size = 1000 log level = 2 passdb:2 auth:2 winbind:0 log file = /var/log/samba/%m smb ports = 445 139 map acl inherit = Yes logon drive = h: deadtime = 3 username map = /etc/samba/smbusers interfaces = eth0, 127.0.0.1 bind interfaces only = Yes domain master = Yes preferred master = Yes logon home = \\%N\%U passdb backend = tdbsam ea support = yes wins support = true unix password sync = Yes max ttl = 43200 logon path = use sendfile = Yes add user script = /usr/sbin/useradd -g users -G agent -m -k /etc/skelnul -s /bin/false '%u' syslog = 0 domain logons = Yes passwd chat = *New*password* %n\n *Retype*new*password*%n\n *password*updated*succesfully* pam password change = Yes = The rest is netlogon, printer file shares - if you want it no problem. Also notice that after the failure if I edit the init script to restart _just_ the nmbd daemon (leave smbd up and running) it seems to run - if I restart both daemons it fails quickly. Thanks, Chris -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] [Probably OT]: Samba LDAP data migration
Hi List, This is probably more of an LDAP specific question but I am sure I can have a couple of pointers from the list members. So, I have this Samba PDC running Samba 3.4.3 with OpenLDAP 2.3.43-3 on a CentOS 5.3 box. All the user data is stored in the OpenLDAP directory. I am interested in migrating this data to a Sun LDAP server that is already in place. Is there any script that any of you might have come across to help migrate the data from OpenLDAP to Sun? Any pointers or caveats that I may have to face in such a migration? Appreciate the help. Regards -- Zaeem -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] [Probably OT]: Samba LDAP data migration
On Wed, Mar 10, 2010 at 11:28 AM, Zaeem Arshad zaeem.ars...@gmail.comwrote: Hi List, This is probably more of an LDAP specific question but I am sure I can have a couple of pointers from the list members. So, I have this Samba PDC running Samba 3.4.3 with OpenLDAP 2.3.43-3 on a CentOS 5.3 box. All the user data is stored in the OpenLDAP directory. I am interested in migrating this data to a Sun LDAP server that is already in place. Is there any script that any of you might have come across to help migrate the data from OpenLDAP to Sun? Any pointers or caveats that I may have to face in such a migration? Appreciate the help. Hi What about doing ldapsearch to the base tree and redirecting it to an LDIF and importing LDIF file to Sun DIrectory server but there are few thing you need to take care 1. First stop samba service, so that no further user passowrd changes or machine password changes takes place 2. Take an LDIF output by using ldap search example : #ldapsearch -LLL -x -b dc=example,dc=com -D cn=Manager,dc=example,dc=com -W /tmp/mybackup.ldif 3. Once the LDAP information is exported to Sun Directory server, change the ldap server ip address in smb.conf Now there is one more part the secrets.tdb file has the password of DN through which it binds to LDAP server, I would suggest to keep the same password for the Sun Directory server also. because having a different password means running smbpasswd command to update it and this may cause to change the SID , though . so be careful here. Let me know if the above helped and if any body else can comment on above steps , or is there anything else i am missing. Regards Niranjan Regards -- Zaeem -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Security problem with Samba on Linux: situation for Debian
Quoting Jeremy Allison (j...@samba.org): Security problem with Samba on Linux In Samba releases 3.5.0, 3.4.6 and 3.3.11 new code was added to fix a problem with Linux asynchronous IO handling. Situation for Debian: - Debian stable isn't affected by this issue (we have 3.2.5+patches there) - Official backports from www.backports.org aren't affected too (we have 3.4.5) - Debian unstable has 3.4.7 since yesterday, a few hours after the official annoucement. As it had 3.4.6 earlier, users of Debian unstable *are strongly advised to apt-get upgrade* - Debian experimental has 3.5.1 since about the same time. Users who follow samba in experimental to have 3.5 should also upgrade The most important info: - Debian testing (squeeze) *is* affected as of now. By a very very infortunate sequence of events, yesterday was the day where 3.4.6 packages that were in unstable aged enough to enter testing. And they did. Before I could notice (I happen to do paid work during the day..:-)) So, users of Debian testing should either avoid upgrading today if they still have 3.4.5 packages or upgrade their systems ASAP with the packages uploaded yesterday in unstable (you need to do this manually) if they already upgraded to 3.4.6 3.4.7 packages were bumped to high urgency, which means they will enter testing by Thursday March 11th (I'm unsure about the exact time). I don't think that Ubuntu is affected by all this, even the soon to come Lucidbut this is unverified information. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
svn commit: samba-web r1410 - in trunk/history: .
Author: kseeger Date: 2010-03-09 01:27:55 -0700 (Tue, 09 Mar 2010) New Revision: 1410 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=samba-webrev=1410 Log: Add new security issue Karolin Modified: trunk/history/security.html Changeset: Modified: trunk/history/security.html === --- trunk/history/security.html 2010-03-08 22:00:48 UTC (rev 1409) +++ trunk/history/security.html 2010-03-09 08:27:55 UTC (rev 1410) @@ -22,6 +22,20 @@ /tr tr +td08 Mar 2010/td +tda href=/samba/ftp/patches/security/samba-3.5.0-CVE-2010-0728.patch + patch for Samba 3.5.0/a + a href=/samba/ftp/patches/security/samba-3.4.6-CVE-2010-0728.patch + patch for Samba 3.4.6/a + a href=/samba/ftp/patches/security/samba-3.3.11-CVE-2010-0728.patch + patch for Samba 3.3.11/a +tdPermission ignored/td +td3.3.11, 3.4.6, 3.5.0/td +tda href=http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0728;CVE-2010-0728/a/td +tda href=/samba/security/CVE-2010-0728.htmlAnnouncement/a/td +/tr + +tr td01 Oct 2009/td tda href=/samba/ftp/patches/security/samba-3.4.1-CVE-2009-2948-1.patch patch 1 for Samba 3.4.1/a
[SCM] Samba Shared Repository - branch v3-5-test updated
The branch, v3-5-test has been updated via afd8272... WHATSNEW: Start release notes for Samba 3.5.2. via 6889e16... VERSION: Raise version number up to 3.5.2. via f472949... Revert Fix bug #7067 - Linux asynchronous IO (aio) can cause smbd to fail to respond to a read or write. via 7611a42... WHATSNEW: Prepare release notes for Samba 3.5.1. from cb627d3... s3: Fix the build of net_afs.c with --fake-kaserver=yes, bug 7216 http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test - Log - commit afd8272605854f2686f2b66541f2158afe2137d4 Author: Karolin Seeger ksee...@samba.org Date: Tue Mar 9 10:36:06 2010 +0100 WHATSNEW: Start release notes for Samba 3.5.2. Karolin commit 6889e16974301ef36c0a9c6e57b2bcbd984b0d5f Author: Karolin Seeger ksee...@samba.org Date: Tue Mar 9 10:33:30 2010 +0100 VERSION: Raise version number up to 3.5.2. Karolin commit f4729490766300ba1673f1c2c3fe2dedf460312f Author: Karolin Seeger ksee...@samba.org Date: Mon Mar 8 20:34:39 2010 +0100 Revert Fix bug #7067 - Linux asynchronous IO (aio) can cause smbd to fail to respond to a read or write. This reverts commit a6ae7a552f851a31262377cc0e062e40ac20. This fixes bug #7222 (All users have full rigths on all shares) (CVE-2010-0728). (cherry picked from commit 1c9494c76cc9686c61e0966f38528d3318f3176f) commit 7611a4208a1effbf2f0e04f0910162fbad26f757 Author: Karolin Seeger ksee...@samba.org Date: Mon Mar 8 20:32:49 2010 +0100 WHATSNEW: Prepare release notes for Samba 3.5.1. Karolin (cherry picked from commit cd499eaf0418fa0a3034c5ba4709278a302ea980) --- Summary of changes: WHATSNEW.txt | 93 - source3/VERSION |2 +- source3/include/smb.h |3 +- source3/lib/system.c | 65 ++ source3/smbd/server.c |8 5 files changed, 98 insertions(+), 73 deletions(-) Changeset truncated at 500 lines: diff --git a/WHATSNEW.txt b/WHATSNEW.txt index caad89d..6602941 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,4 +1,96 @@ = + Release Notes for Samba 3.5.2 + , 2010 + = + + +This is the third stable release of Samba 3.5. + +Major enhancements in Samba 3.5.2 include: + +o + +Changes since 3.5.1 +--- + + +o + + +## +Reporting bugs Development Discussion +### + +Please discuss this release on the samba-technical mailing list or by +joining the #samba-technical IRC channel on irc.freenode.net. + +If you do report problems then please try to send high quality +feedback. If you don't provide vital information to help us track down +the problem then you will probably be ignored. All bug reports should +be filed under the Samba 3.5 product in the project's Bugzilla +database (https://bugzilla.samba.org/). + + +== +== Our Code, Our Bugs, Our Responsibility. +== The Samba Team +== + + +Release notes for older releases follow: + + + = + Release Notes for Samba 3.5.1 + March 8, 2010 + = + + +This is a security release in order to address CVE-2010-0728. + + +o CVE-2010-0728: + In Samba releases 3.5.0, 3.4.6 and 3.3.11, new code + was added to fix a problem with Linux asynchronous IO handling. + This code introduced a bad security flaw on Linux platforms if the + binaries were built on Linux platforms with libcap support. + The flaw caused all smbd processes to inherit CAP_DAC_OVERRIDE + capabilities, allowing all file system access to be allowed + even when permissions should have denied access. + + +Changes since 3.5.0 +--- + + +o Jeremy Allison j...@samba.org +* BUG 7222: Fix for CVE-2010-0728. + + +## +Reporting bugs Development Discussion +### + +Please discuss this release on the samba-technical mailing list or by +joining the #samba-technical IRC channel on irc.freenode.net. + +If you do report problems then please try to send high quality +feedback. If you don't provide vital information to help us track down +the problem then you will probably be ignored. All bug reports should +be filed under the Samba 3.5 product in the project's Bugzilla +database
[SCM] Samba Shared Repository - branch v3-5-stable updated
The branch, v3-5-stable has been updated via 647836f... WHATSNEW: Start release notes for Samba 3.5.2. via 638ac5b... VERSION: Raise version number up to 3.5.2. from 1c9494c... Revert Fix bug #7067 - Linux asynchronous IO (aio) can cause smbd to fail to respond to a read or write. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-stable - Log - commit 647836f0bd691aa3ac4e9bd33d06e6e20cc06863 Author: Karolin Seeger ksee...@samba.org Date: Tue Mar 9 10:36:06 2010 +0100 WHATSNEW: Start release notes for Samba 3.5.2. Karolin (cherry picked from commit afd8272605854f2686f2b66541f2158afe2137d4) commit 638ac5b8536cec0113a17f42441840edacaa05da Author: Karolin Seeger ksee...@samba.org Date: Tue Mar 9 10:33:30 2010 +0100 VERSION: Raise version number up to 3.5.2. Karolin (cherry picked from commit 6889e16974301ef36c0a9c6e57b2bcbd984b0d5f) --- Summary of changes: WHATSNEW.txt| 45 +++-- source3/VERSION |2 +- 2 files changed, 44 insertions(+), 3 deletions(-) Changeset truncated at 500 lines: diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 12c12d5..6602941 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,4 +1,46 @@ = + Release Notes for Samba 3.5.2 + , 2010 + = + + +This is the third stable release of Samba 3.5. + +Major enhancements in Samba 3.5.2 include: + +o + +Changes since 3.5.1 +--- + + +o + + +## +Reporting bugs Development Discussion +### + +Please discuss this release on the samba-technical mailing list or by +joining the #samba-technical IRC channel on irc.freenode.net. + +If you do report problems then please try to send high quality +feedback. If you don't provide vital information to help us track down +the problem then you will probably be ignored. All bug reports should +be filed under the Samba 3.5 product in the project's Bugzilla +database (https://bugzilla.samba.org/). + + +== +== Our Code, Our Bugs, Our Responsibility. +== The Samba Team +== + + +Release notes for older releases follow: + + + = Release Notes for Samba 3.5.1 March 8, 2010 = @@ -45,8 +87,7 @@ database (https://bugzilla.samba.org/). == -Release notes for older releases follow: - +-- = diff --git a/source3/VERSION b/source3/VERSION index 35c8256..425a2c2 100644 --- a/source3/VERSION +++ b/source3/VERSION @@ -25,7 +25,7 @@ SAMBA_VERSION_MAJOR=3 SAMBA_VERSION_MINOR=5 -SAMBA_VERSION_RELEASE=1 +SAMBA_VERSION_RELEASE=2 # Bug fix releases use a letter for the patch revision # -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-4-test updated
The branch, v3-4-test has been updated via cf67945... WHATSNEW: Start release notes for Samba 3.4.8. via 16f92f7... VERSION: Raise version number up to 3.4.8. via b6311ea... Revert Fix bug #7067 - Linux asynchronous IO (aio) can cause smbd to fail to respond to a read or write. via da0da47... WHATSNEW: Prepare release notes for Samba 3.4.7. from f94a377... mount.cifs: don't allow it to be run as setuid root program http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-4-test - Log - commit cf679452b32de243cea61349f93e661f61ba4988 Author: Karolin Seeger ksee...@samba.org Date: Tue Mar 9 10:42:40 2010 +0100 WHATSNEW: Start release notes for Samba 3.4.8. Karolin commit 16f92f795d8403988919f0890445acffa249e29a Author: Karolin Seeger ksee...@samba.org Date: Tue Mar 9 10:39:40 2010 +0100 VERSION: Raise version number up to 3.4.8. Karolin commit b6311eaa51d8dc3d96164d88cec5735052ba19a2 Author: Karolin Seeger ksee...@samba.org Date: Mon Mar 8 20:53:38 2010 +0100 Revert Fix bug #7067 - Linux asynchronous IO (aio) can cause smbd to fail to respond to a read or write. This reverts commit c81c109a6ce83741bb5149a51ceb4ab30855e9f9. This fixes bug #7222 (All users have full rigths on all shares)(CVE-2010-0728). (cherry picked from commit 49fc62cc5d8bcb2ef246fa6505c99071b406c413) commit da0da473dd0d397236836c177c97d2f98853f1a3 Author: Karolin Seeger ksee...@samba.org Date: Mon Mar 8 20:52:56 2010 +0100 WHATSNEW: Prepare release notes for Samba 3.4.7. Karolin (cherry picked from commit bdad63514f345a10774dade1746072312ed140c1) --- Summary of changes: WHATSNEW.txt | 64 ++-- source3/VERSION |2 +- source3/include/smb.h |3 +- source3/lib/system.c | 65 +++-- source3/smbd/server.c |8 -- 5 files changed, 62 insertions(+), 80 deletions(-) Changeset truncated at 500 lines: diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 28f1812..9a61578 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,23 +1,21 @@ = - Release Notes for Samba 3.4.7 -, 2010 + Release Notes for Samba 3.4.8 + , 2010 = This is the latest stable release of Samba 3.4. -Major enhancements in Samba 3.4.7 include: +Major enhancements in Samba 3.4.6 include: - o +o -## -Changes -### -Changes since 3.4.6 +Changes since 3.4.7 --- +o ## @@ -44,6 +42,56 @@ Release notes for older versions follow: = + Release Notes for Samba 3.4.7 + March 8, 2010 + = + + +This is a security release in order to address CVE-2010-0728. + + +o CVE-2010-0728: + In Samba releases 3.5.0, 3.4.6 and 3.3.11, new code + was added to fix a problem with Linux asynchronous IO handling. + This code introduced a bad security flaw on Linux platforms if the + binaries were built on Linux platforms with libcap support. + The flaw caused all smbd processes to inherit CAP_DAC_OVERRIDE + capabilities, allowing all file system access to be allowed + even when permissions should have denied access. + + +Changes since 3.4.6 +--- + + +o Jeremy Allison j...@samba.org +* BUG 7222: Fix for CVE-2010-0728. + + +## +Reporting bugs Development Discussion +### + +Please discuss this release on the samba-technical mailing list or by +joining the #samba-technical IRC channel on irc.freenode.net. + +If you do report problems then please try to send high quality +feedback. If you don't provide vital information to help us track down +the problem then you will probably be ignored. All bug reports should +be filed under the Samba 3.4 product in the project's Bugzilla +database (https://bugzilla.samba.org/). + + +== +== Our Code, Our Bugs, Our Responsibility. +== The Samba Team +== + + +-- + + + = Release Notes for Samba 3.4.6 February 24, 2010
[SCM] Samba Shared Repository - branch v3-4-stable updated
The branch, v3-4-stable has been updated via 8a08b80... WHATSNEW: Start release notes for Samba 3.4.8. via 25b982b... VERSION: Raise version number up to 3.4.8. from 49fc62c... Revert Fix bug #7067 - Linux asynchronous IO (aio) can cause smbd to fail to respond to a read or write. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-4-stable - Log - commit 8a08b8009f4941e40bbf2e25517a913fb2e36b09 Author: Karolin Seeger ksee...@samba.org Date: Tue Mar 9 10:42:40 2010 +0100 WHATSNEW: Start release notes for Samba 3.4.8. Karolin (cherry picked from commit cf679452b32de243cea61349f93e661f61ba4988) commit 25b982be4633edb7d42b72cba127eb71edc9584e Author: Karolin Seeger ksee...@samba.org Date: Tue Mar 9 10:39:40 2010 +0100 VERSION: Raise version number up to 3.4.8. Karolin (cherry picked from commit 16f92f795d8403988919f0890445acffa249e29a) --- Summary of changes: WHATSNEW.txt| 49 ++--- source3/VERSION |2 +- 2 files changed, 47 insertions(+), 4 deletions(-) Changeset truncated at 500 lines: diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 80589c7..9a61578 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,4 +1,47 @@ = + Release Notes for Samba 3.4.8 + , 2010 + = + + +This is the latest stable release of Samba 3.4. + +Major enhancements in Samba 3.4.6 include: + +o + + +Changes since 3.4.7 +--- + + +o + + +## +Reporting bugs Development Discussion +### + +Please discuss this release on the samba-technical mailing list or by +joining the #samba-technical IRC channel on irc.freenode.net. + +If you do report problems then please try to send high quality +feedback. If you don't provide vital information to help us track down +the problem then you will probably be ignored. All bug reports should +be filed under the Samba 3.4 product in the project's Bugzilla +database (https://bugzilla.samba.org/). + + +== +== Our Code, Our Bugs, Our Responsibility. +== The Samba Team +== + + +Release notes for older versions follow: + + + = Release Notes for Samba 3.4.7 March 8, 2010 = @@ -17,7 +60,7 @@ o CVE-2010-0728: even when permissions should have denied access. -Changes since 3.5.0 +Changes since 3.4.6 --- @@ -45,8 +88,8 @@ database (https://bugzilla.samba.org/). == -Release notes for older versions follow: - +-- + = Release Notes for Samba 3.4.6 diff --git a/source3/VERSION b/source3/VERSION index f40ac81..c134d2c 100644 --- a/source3/VERSION +++ b/source3/VERSION @@ -25,7 +25,7 @@ SAMBA_VERSION_MAJOR=3 SAMBA_VERSION_MINOR=4 -SAMBA_VERSION_RELEASE=7 +SAMBA_VERSION_RELEASE=8 # Bug fix releases use a letter for the patch revision # -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-3-test updated
The branch, v3-3-test has been updated via d3831a5... Revert Fix bug #7067 - Linux asynchronous IO (aio) can cause smbd to fail to respond to a read or write. via 1954222... WHATSNEW: Prepare release notes for Samba 3.3.12. via 110f245... VERSION: Raise version number up to 3.3.12. from 550cc06... WHATSNEW: Update changes since 3.3.10. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-3-test - Log - commit d3831a573ee2d8bddd123cf30f2262fd5935a2b4 Author: Karolin Seeger ksee...@samba.org Date: Mon Mar 8 21:08:36 2010 +0100 Revert Fix bug #7067 - Linux asynchronous IO (aio) can cause smbd to fail to respond to a read or write. This reverts commit 153357b9bb4d70a168c81cb9ff2da437eae823fc. This fixes bug #7222 (All users have full rigths on all shares) (CVE-2010-0728). (cherry picked from commit 007f9c90e952aeea2d8f73cff3ccd0f747a9c06e) commit 1954222e9ab5cad0eddb3b35ee528df969ff5449 Author: Karolin Seeger ksee...@samba.org Date: Mon Mar 8 21:08:01 2010 +0100 WHATSNEW: Prepare release notes for Samba 3.3.12. Karolin (cherry picked from commit cb608fef71f9da629a1858cd1d6c8b19e27e6655) commit 110f24526e37bb77a4e193ebca44d40374d51c08 Author: Karolin Seeger ksee...@samba.org Date: Mon Mar 8 21:05:40 2010 +0100 VERSION: Raise version number up to 3.3.12. Karolin (cherry picked from commit 689fd1bd11806f92e9f5acbc634e27f7b197ee23) --- Summary of changes: WHATSNEW.txt | 54 - source/VERSION |2 +- source/include/smb.h |3 +- source/lib/system.c | 65 +++-- source/smbd/server.c |8 -- 5 files changed, 58 insertions(+), 74 deletions(-) Changeset truncated at 500 lines: diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 0d5d5f0..90a1960 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,4 +1,54 @@ == + Release Notes for Samba 3.3.12 + March 8, 2010 + == + + +This is a security release in order to address CVE-2010-0728. + + +o CVE-2010-0728: + In Samba releases 3.5.0, 3.4.6 and 3.3.11, new code + was added to fix a problem with Linux asynchronous IO handling. + This code introduced a bad security flaw on Linux platforms if the + binaries were built on Linux platforms with libcap support. + The flaw caused all smbd processes to inherit CAP_DAC_OVERRIDE + capabilities, allowing all file system access to be allowed + even when permissions should have denied access. + + +Changes since 3.5.0 +--- + + +o Jeremy Allison j...@samba.org +* BUG 7222: Fix for CVE-2010-0728. + + +## +Reporting bugs Development Discussion +### + +Please discuss this release on the samba-technical mailing list or by +joining the #samba-technical IRC channel on irc.freenode.net. + +If you do report problems then please try to send high quality +feedback. If you don't provide vital information to help us track down +the problem then you will probably be ignored. All bug reports should +be filed under the Samba 3.3 product in the project's Bugzilla +database (https://bugzilla.samba.org/). + + +== +== Our Code, Our Bugs, Our Responsibility. +== The Samba Team +== + + +Release notes for older releases follow: + + + == Release Notes for Samba 3.3.11 February 26, 2010 == @@ -79,8 +129,8 @@ database (https://bugzilla.samba.org/). == -Release notes for older releases follow: - +-- + == Release Notes for Samba 3.3.10 diff --git a/source/VERSION b/source/VERSION index 3be8505..d637568 100644 --- a/source/VERSION +++ b/source/VERSION @@ -25,7 +25,7 @@ SAMBA_VERSION_MAJOR=3 SAMBA_VERSION_MINOR=3 -SAMBA_VERSION_RELEASE=11 +SAMBA_VERSION_RELEASE=12 # Bug fix releases use a letter for the patch revision # diff --git a/source/include/smb.h b/source/include/smb.h index 3825c63..327f212 100644 --- a/source/include/smb.h +++ b/source/include/smb.h @@ -1684,8
svn commit: samba-web r1411 - in trunk/history: .
Author: kseeger Date: 2010-03-09 03:01:27 -0700 (Tue, 09 Mar 2010) New Revision: 1411 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=samba-webrev=1411 Log: Fix typo Karolin Modified: trunk/history/samba-3.3.12.html trunk/history/samba-3.4.7.html Changeset: Modified: trunk/history/samba-3.3.12.html === --- trunk/history/samba-3.3.12.html 2010-03-09 08:27:55 UTC (rev 1410) +++ trunk/history/samba-3.3.12.html 2010-03-09 10:01:27 UTC (rev 1411) @@ -31,8 +31,8 @@ even when permissions should have denied access. -Changes since 3.5.0 +Changes since 3.3.11 + o Jeremy Allison lt;j...@samba.orggt; Modified: trunk/history/samba-3.4.7.html === --- trunk/history/samba-3.4.7.html 2010-03-09 08:27:55 UTC (rev 1410) +++ trunk/history/samba-3.4.7.html 2010-03-09 10:01:27 UTC (rev 1411) @@ -31,7 +31,7 @@ even when permissions should have denied access. -Changes since 3.5.0 +Changes since 3.4.6 ---
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 8fd43f4... s3: Fix a typo. Thanks to Christian Ambach for pointing me at it :-) from deebbe7... A helper function to get the Infrastructure DN. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 8fd43f44efcf0a5ee3ccf8ad1d2b69d1570e6ac4 Author: Volker Lendecke v...@samba.org Date: Tue Mar 9 15:36:08 2010 +0100 s3: Fix a typo. Thanks to Christian Ambach for pointing me at it :-) --- Summary of changes: source3/libsmb/nterr.c |2 +- source3/locale/pam_winbind/ar.po|2 +- source3/locale/pam_winbind/cs.po|2 +- source3/locale/pam_winbind/da.po|2 +- source3/locale/pam_winbind/de.po|2 +- source3/locale/pam_winbind/es.po|2 +- source3/locale/pam_winbind/fi.po|2 +- source3/locale/pam_winbind/fr.po|2 +- source3/locale/pam_winbind/hu.po|2 +- source3/locale/pam_winbind/it.po|2 +- source3/locale/pam_winbind/ja.po|2 +- source3/locale/pam_winbind/ko.po|2 +- source3/locale/pam_winbind/nb.po|2 +- source3/locale/pam_winbind/nl.po|2 +- source3/locale/pam_winbind/pl.po|2 +- source3/locale/pam_winbind/pt_BR.po |2 +- source3/locale/pam_winbind/ru.po|2 +- source3/locale/pam_winbind/sv.po|2 +- source3/locale/pam_winbind/zh_CN.po |2 +- source3/locale/pam_winbind/zh_TW.po |2 +- source4/libcli/util/nterr.c |2 +- 21 files changed, 21 insertions(+), 21 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/libsmb/nterr.c b/source3/libsmb/nterr.c index 328ba3b..6b5cfcd 100644 --- a/source3/libsmb/nterr.c +++ b/source3/libsmb/nterr.c @@ -598,7 +598,7 @@ nt_err_code_struct nt_err_desc[] = { N_(Invalid pipe state), NT_STATUS_INVALID_PIPE_STATE }, { N_(Named pipe busy),NT_STATUS_PIPE_BUSY }, { N_(Illegal function), NT_STATUS_ILLEGAL_FUNCTION }, - { N_(Named pipe dicconnected), NT_STATUS_PIPE_DISCONNECTED }, + { N_(Named pipe disconnected), NT_STATUS_PIPE_DISCONNECTED }, { N_(Named pipe closing), NT_STATUS_PIPE_CLOSING }, { N_(Remote host not listening), NT_STATUS_REMOTE_NOT_LISTENING }, { N_(Duplicate name on network), NT_STATUS_DUPLICATE_NAME }, diff --git a/source3/locale/pam_winbind/ar.po b/source3/locale/pam_winbind/ar.po index 6ed0ac1..de56bf7 100644 --- a/source3/locale/pam_winbind/ar.po +++ b/source3/locale/pam_winbind/ar.po @@ -363,7 +363,7 @@ msgid Illegal function msgstr #: ../../libsmb/nterr.c:601 -msgid Named pipe dicconnected +msgid Named pipe disconnected msgstr #: ../../libsmb/nterr.c:602 diff --git a/source3/locale/pam_winbind/cs.po b/source3/locale/pam_winbind/cs.po index 8c15431..a299c1d 100644 --- a/source3/locale/pam_winbind/cs.po +++ b/source3/locale/pam_winbind/cs.po @@ -363,7 +363,7 @@ msgid Illegal function msgstr #: ../../libsmb/nterr.c:601 -msgid Named pipe dicconnected +msgid Named pipe disconnected msgstr #: ../../libsmb/nterr.c:602 diff --git a/source3/locale/pam_winbind/da.po b/source3/locale/pam_winbind/da.po index 3d8f2b1..df2d484 100644 --- a/source3/locale/pam_winbind/da.po +++ b/source3/locale/pam_winbind/da.po @@ -365,7 +365,7 @@ msgid Illegal function msgstr #: ../../libsmb/nterr.c:601 -msgid Named pipe dicconnected +msgid Named pipe disconnected msgstr #: ../../libsmb/nterr.c:602 diff --git a/source3/locale/pam_winbind/de.po b/source3/locale/pam_winbind/de.po index f2614cb..af46ef3 100644 --- a/source3/locale/pam_winbind/de.po +++ b/source3/locale/pam_winbind/de.po @@ -368,7 +368,7 @@ msgid Illegal function msgstr #: ../../libsmb/nterr.c:601 -msgid Named pipe dicconnected +msgid Named pipe disconnected msgstr #: ../../libsmb/nterr.c:602 diff --git a/source3/locale/pam_winbind/es.po b/source3/locale/pam_winbind/es.po index 8bc904e..e0d4147 100644 --- a/source3/locale/pam_winbind/es.po +++ b/source3/locale/pam_winbind/es.po @@ -363,7 +363,7 @@ msgid Illegal function msgstr #: ../../libsmb/nterr.c:601 -msgid Named pipe dicconnected +msgid Named pipe disconnected msgstr #: ../../libsmb/nterr.c:602 diff --git a/source3/locale/pam_winbind/fi.po b/source3/locale/pam_winbind/fi.po index d11bfeb..984cadc 100644 --- a/source3/locale/pam_winbind/fi.po +++ b/source3/locale/pam_winbind/fi.po @@ -368,7 +368,7 @@ msgid Illegal function msgstr #: ../../libsmb/nterr.c:601 -msgid Named pipe dicconnected +msgid Named pipe disconnected msgstr #: ../../libsmb/nterr.c:602 diff --git a/source3/locale/pam_winbind/fr.po b/source3/locale/pam_winbind/fr.po index 4a7d847..176224d 100644 --- a/source3/locale/pam_winbind/fr.po +++ b/source3/locale/pam_winbind/fr.po @@
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via f742623... Added a check for permissions to modify the RDN attribute on rename. from ec53a0c... s4:dsdb/dns: change callers of samba_runcmd() http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit f742623b7b8a19ff3230754562deeac7657cd8cd Author: Nadezhda Ivanova nadezhda.ivan...@postpath.com Date: Sun Mar 7 21:42:53 2010 +0200 Added a check for permissions to modify the RDN attribute on rename. Necessary because rdn module will be moved lower than acl in the stack. --- Summary of changes: source4/dsdb/samdb/ldb_modules/acl.c | 12 source4/lib/ldb/tests/python/acl.py | 32 2 files changed, 44 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/dsdb/samdb/ldb_modules/acl.c b/source4/dsdb/samdb/ldb_modules/acl.c index c10624d..e7665c7 100644 --- a/source4/dsdb/samdb/ldb_modules/acl.c +++ b/source4/dsdb/samdb/ldb_modules/acl.c @@ -958,6 +958,7 @@ static int acl_rename(struct ldb_module *module, struct ldb_request *req) TALLOC_CTX *tmp_ctx = talloc_new(req); NTSTATUS status; uint32_t access_granted; + const char *rdn_name; static const char *acl_attrs[] = { nTSecurityDescriptor, objectClass, @@ -1001,6 +1002,17 @@ static int acl_rename(struct ldb_module *module, struct ldb_request *req) return LDB_ERR_OPERATIONS_ERROR; }; + rdn_name = ldb_dn_get_rdn_name(req-op.rename.olddn); + if (rdn_name == NULL) { + return LDB_ERR_OPERATIONS_ERROR; + } + guid = attribute_schemaid_guid_by_lDAPDisplayName(dsdb_get_schema(ldb), + rdn_name); + if (!insert_in_object_tree(tmp_ctx, guid, SEC_ADS_WRITE_PROP, + new_node, new_node)) { + return LDB_ERR_OPERATIONS_ERROR; + }; + ret = get_sd_from_ldb_message(req, acl_res-msgs[0], sd); if (ret != LDB_SUCCESS) { diff --git a/source4/lib/ldb/tests/python/acl.py b/source4/lib/ldb/tests/python/acl.py index 083c7ae..42c8c7e 100755 --- a/source4/lib/ldb/tests/python/acl.py +++ b/source4/lib/ldb/tests/python/acl.py @@ -785,6 +785,7 @@ class AclRenameTests(AclTests): self.delete_force(self.ldb_admin, CN=test_rename_user1,OU=test_rename_ou1, + self.base_dn) self.delete_force(self.ldb_admin, CN=test_rename_user2,OU=test_rename_ou1, + self.base_dn) self.delete_force(self.ldb_admin, CN=test_rename_user5,OU=test_rename_ou1, + self.base_dn) +self.delete_force(self.ldb_admin, OU=test_rename_ou3,OU=test_rename_ou1, + self.base_dn) self.delete_force(self.ldb_admin, OU=test_rename_ou1, + self.base_dn) if self.SAMBA: self.delete_force(self.ldb_admin, self.get_user_dn(self.regular_user)) @@ -939,6 +940,37 @@ class AclRenameTests(AclTests): % rename_user_dn ) self.assertNotEqual( res, [] ) +def test_rename_u8(self): +Test rename on an object with and without modify access on the RDN attribute +ou1_dn = OU=test_rename_ou1, + self.base_dn +ou2_dn = OU=test_rename_ou2, + ou1_dn +ou3_dn = OU=test_rename_ou3, + ou1_dn +# Create OU structure +self.create_ou(self.ldb_admin, ou1_dn) +self.create_ou(self.ldb_admin, ou2_dn) +sid = self.get_object_sid(self.get_user_dn(self.regular_user)) +mod = (OA;;WP;bf967a0e-0de6-11d0-a285-00aa003049e2;;%s) % str(sid) +self.dacl_add_ace(ou2_dn, mod) +mod = (OD;;WP;bf9679f0-0de6-11d0-a285-00aa003049e2;;%s) % str(sid) +self.dacl_add_ace(ou2_dn, mod) +try: +self.ldb_user.rename(ou2_dn, ou3_dn) +except LdbError, (num, _): +self.assertEquals(num, ERR_INSUFFICIENT_ACCESS_RIGHTS) +else: +# This rename operation should always throw ERR_INSUFFICIENT_ACCESS_RIGHTS +self.fail() +sid = self.get_object_sid(self.get_user_dn(self.regular_user)) +mod = (A;;WP;bf9679f0-0de6-11d0-a285-00aa003049e2;;%s) % str(sid) +self.dacl_add_ace(ou2_dn, mod) +self.ldb_user.rename(ou2_dn, ou3_dn) +res = self.ldb_admin.search( self.base_dn, expression=(distinguishedName=%s) \ +% ou2_dn ) +self.assertEqual( res, [] ) +res = self.ldb_admin.search( self.base_dn, expression=(distinguishedName=%s) \ +% ou3_dn ) +self.assertNotEqual( res, [] ) + # Important unit running information if not :// in host: -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 48cdca0... s4-smbtorture: fix uninitialized variable in winreg QueryValue call. from 8fd43f4... s3: Fix a typo. Thanks to Christian Ambach for pointing me at it :-) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 48cdca0d474cc6ae6fa6be88580d5f2fbcb0dd84 Author: Günther Deschner g...@samba.org Date: Tue Mar 9 16:10:40 2010 +0100 s4-smbtorture: fix uninitialized variable in winreg QueryValue call. Guenther --- Summary of changes: source4/torture/rpc/spoolss.c |1 + 1 files changed, 1 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/torture/rpc/spoolss.c b/source4/torture/rpc/spoolss.c index 909c372..f83d3b5 100644 --- a/source4/torture/rpc/spoolss.c +++ b/source4/torture/rpc/spoolss.c @@ -3353,6 +3353,7 @@ static bool test_winreg_QueryValue(struct torture_context *tctx, r.in.type = type; r.in.data_size = data_size; r.in.data_length = data_length; + r.in.data = talloc_zero_array(tctx, uint8_t, *r.in.data_size); r.out.type = type; r.out.data = talloc_zero_array(tctx, uint8_t, *r.in.data_size); r.out.data_size = data_size; -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via deebbe7... A helper function to get the Infrastructure DN. from 4b8961bc.. Fixed a bug in acl tests - python error when we create user/group/ou with a descriptor. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit deebbe7cfae309baed9654e6e8354886eb3c568f Author: Nadezhda Ivanova nadezhda.ivan...@postpath.com Date: Tue Mar 9 14:56:46 2010 +0200 A helper function to get the Infrastructure DN. --- Summary of changes: source4/dsdb/common/util.c | 12 1 files changed, 12 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/dsdb/common/util.c b/source4/dsdb/common/util.c index f597c41..9c29509 100644 --- a/source4/dsdb/common/util.c +++ b/source4/dsdb/common/util.c @@ -1069,6 +1069,18 @@ struct ldb_dn *samdb_partitions_dn(struct ldb_context *sam_ctx, TALLOC_CTX *mem_ return new_dn; } +struct ldb_dn *samdb_infrastructure_dn(struct ldb_context *sam_ctx, TALLOC_CTX *mem_ctx) +{ + struct ldb_dn *new_dn; + + new_dn = ldb_dn_copy(mem_ctx, samdb_base_dn(sam_ctx)); + if ( ! ldb_dn_add_child_fmt(new_dn, CN=Infrastructure)) { + talloc_free(new_dn); + return NULL; + } + return new_dn; +} + struct ldb_dn *samdb_sites_dn(struct ldb_context *sam_ctx, TALLOC_CTX *mem_ctx) { struct ldb_dn *new_dn; -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 4b8961bc.. Fixed a bug in acl tests - python error when we create user/group/ou with a descriptor. from f742623... Added a check for permissions to modify the RDN attribute on rename. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 4b8961bc6f7aaf2c420d7b2bc2ef6eb07ab42429 Author: Nadezhda Ivanova nadezhda.ivan...@postpath.com Date: Tue Mar 9 13:53:41 2010 +0200 Fixed a bug in acl tests - python error when we create user/group/ou with a descriptor. --- Summary of changes: source4/lib/ldb/tests/python/acl.py | 46 +- 1 files changed, 23 insertions(+), 23 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/lib/ldb/tests/python/acl.py b/source4/lib/ldb/tests/python/acl.py index 42c8c7e..0613689 100755 --- a/source4/lib/ldb/tests/python/acl.py +++ b/source4/lib/ldb/tests/python/acl.py @@ -120,51 +120,51 @@ member: + member_dn _ldb.modify_ldif(ldif) def create_ou(self, _ldb, ou_dn, desc=None): -ou_dict = { -dn : ou_dn, -ou : ou_dn.split(,)[0][3:], -objectClass : organizationalUnit, -url : www.bbc.co.uk, -} +ldif = +dn: + ou_dn + +ou: + ou_dn.split(,)[0][3:] + +objectClass: organizationalUnit +url: www.example.com + if desc: assert(isinstance(desc, str) or isinstance(desc, security.descriptor)) if isinstance(desc, str): ldif += nTSecurityDescriptor: %s % desc elif isinstance(desc, security.descriptor): ldif += nTSecurityDescriptor:: %s % base64.b64encode(ndr_pack(desc)) -_ldb.add(ou_dict) +_ldb.add_ldif(ldif) def create_user(self, _ldb, user_dn, desc=None): -user_dict = { -dn : user_dn, -sAMAccountName : user_dn.split(,)[0][3:], -objectClass : user, -userPassword : self.user_pass, -url : www.bbc.co.uk, -} +ldif = +dn: + user_dn + +sAMAccountName: + user_dn.split(,)[0][3:] + +objectClass: user +userPassword: + self.user_pass + +url: www.example.com + if desc: assert(isinstance(desc, str) or isinstance(desc, security.descriptor)) if isinstance(desc, str): ldif += nTSecurityDescriptor: %s % desc elif isinstance(desc, security.descriptor): ldif += nTSecurityDescriptor:: %s % base64.b64encode(ndr_pack(desc)) -_ldb.add(user_dict) +_ldb.add_ldif(ldif) def create_group(self, _ldb, group_dn, desc=None): -group_dict = { -dn : group_dn, -objectClass : group, -sAMAccountName : group_dn.split(,)[0][3:], -groupType : 4, -url : www.bbc.co.uk, -} +ldif = +dn: + group_dn + +objectClass: group +sAMAccountName: + group_dn.split(,)[0][3:] + +groupType: 4 +url: www.example.com + if desc: assert(isinstance(desc, str) or isinstance(desc, security.descriptor)) if isinstance(desc, str): ldif += nTSecurityDescriptor: %s % desc elif isinstance(desc, security.descriptor): ldif += nTSecurityDescriptor:: %s % base64.b64encode(ndr_pack(desc)) -_ldb.add(group_dict) +_ldb.add_ldif(ldif) def read_desc(self, object_dn): res = self.ldb_admin.search(object_dn, SCOPE_BASE, None, [nTSecurityDescriptor]) -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via ec53a0c... s4:dsdb/dns: change callers of samba_runcmd() via 6ea3393... lib/util: change samba_runcmd() to use tevent_req _send/_recv from 56b13ee... Revert Fix bug #7067 - Linux asynchronous IO (aio) can cause smbd to fail to respond to a read or write. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit ec53a0ca5a568627df8dac91ec2c736b0d106829 Author: Stefan Metzmacher me...@samba.org Date: Thu Feb 25 16:01:15 2010 +0100 s4:dsdb/dns: change callers of samba_runcmd() metze commit 6ea339379890fa1f99e802cac4f705b96ffcff8d Author: Stefan Metzmacher me...@samba.org Date: Wed Feb 24 12:43:45 2010 +0100 lib/util: change samba_runcmd() to use tevent_req _send/_recv metze --- Summary of changes: lib/util/util.h | 15 +- lib/util/util_runcmd.c| 319 +++-- source4/dsdb/dns/dns_update.c | 104 +- 3 files changed, 256 insertions(+), 182 deletions(-) Changeset truncated at 500 lines: diff --git a/lib/util/util.h b/lib/util/util.h index 264396e..e1160d5 100644 --- a/lib/util/util.h +++ b/lib/util/util.h @@ -890,12 +890,13 @@ bool add_gid_to_array_unique(TALLOC_CTX *mem_ctx, gid_t gid, with the return code from the command */ struct tevent_context; -struct composite_context *samba_runcmd(struct tevent_context *ev, - TALLOC_CTX *mem_ctx, - struct timeval timeout, - int stdout_log_level, - int stderr_log_level, - const char **argv0, ...); - +struct tevent_req; +struct tevent_req *samba_runcmd_send(TALLOC_CTX *mem_ctx, +struct tevent_context *ev, +struct timeval endtime, +int stdout_log_level, +int stderr_log_level, +const char * const *argv0, ...); +int samba_runcmd_recv(struct tevent_req *req, int *perrno); #endif /* _SAMBA_UTIL_H_ */ diff --git a/lib/util/util_runcmd.c b/lib/util/util_runcmd.c index dea3ff9..ef897d4 100644 --- a/lib/util/util_runcmd.c +++ b/lib/util/util_runcmd.c @@ -28,9 +28,9 @@ #include includes.h #include system/filesys.h #include lib/tevent/tevent.h -#include libcli/composite/composite.h +#include lib/util/tevent_unix.h -struct samba_runcmd { +struct samba_runcmd_state { int stdout_log_level; int stderr_log_level; struct tevent_fd *fde_stdout; @@ -42,106 +42,20 @@ struct samba_runcmd { uint16_t buf_used; }; -/* - called when a command times out - */ -static void runcmd_timeout(struct tevent_context *ev, - struct tevent_timer *te, - struct timeval current_time, - void *private_data) +static int samba_runcmd_state_destructor(struct samba_runcmd_state *state) { - struct composite_context *c = talloc_get_type_abort(private_data, struct composite_context); - struct samba_runcmd *r = talloc_get_type_abort(c-private_data, struct samba_runcmd); - kill(r-pid, SIGKILL); - waitpid(r-pid, NULL, 0); - talloc_free(r-fde_stderr); - talloc_free(r-fde_stdout); - composite_error(c, NT_STATUS_IO_TIMEOUT); -} - -/* - handle stdout/stderr from the child - */ -static void runcmd_io_handler(struct tevent_context *ev, - struct tevent_fd *fde, - uint16_t flags, - void *private_data) -{ - struct composite_context *c = talloc_get_type_abort(private_data, struct composite_context); - struct samba_runcmd *r = talloc_get_type_abort(c-private_data, struct samba_runcmd); - int level; - char *p; - int n, fd; - - if (fde == r-fde_stdout) { - level = r-stdout_log_level; - fd = r-fd_stdout; - } else { - level = r-stderr_log_level; - fd = r-fd_stderr; - } - - if (!(flags TEVENT_FD_READ)) { - return; - } - - n = read(fd, r-buf[r-buf_used], -sizeof(r-buf) - r-buf_used); - if (n 0) { - r-buf_used += n; - } else if (n == 0) { - if (fde == r-fde_stdout) { - talloc_free(fde); - r-fde_stdout = NULL; - } - if (fde == r-fde_stderr) { - talloc_free(fde); - r-fde_stderr = NULL; - } - if (r-fde_stdout == NULL - r-fde_stderr == NULL) { -
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 2ee3cca... s4:winbind - use unsigned variables where possible via 1310eba... s4:winbind/wb_cmd_getgroups.c - fix up warnings via 98bc10d... s4:unittest Fix unittest to reflect that wbinfo -r no longer fail via bc766a9... s4:winbind: stub implementation of WINBINDD_PAM_LOGOFF via 238ff24... s4:winbind: Fix a misplaced returned info via 42b5b38... s4:winbind Implement logic for getgroups to work via 30baf31... s4:winbind: implement calls for allowing getent groups via 74166c3... s4:torture/rpc/netlogon.c - LogonGetDomainInfo test - make it compatible against Windows Server 2008 via 9995a37... s4:netlogon RPC - LogonGetDomainInfo - make the call compatible with = Windows 2008 via 1deefca... libcli/auth/schannel_state_tdb.c - fix an obviously wrong error handling from 48cdca0... s4-smbtorture: fix uninitialized variable in winreg QueryValue call. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 2ee3cca4ffd60d091ca5fe8035f90969f6b91cc4 Author: Matthias Dieter Wallnöfer mwallnoe...@yahoo.de Date: Tue Mar 9 17:54:12 2010 +0100 s4:winbind - use unsigned variables where possible commit 1310eba9705d6c49ec36555f546c4b99174ee695 Author: Matthias Dieter Wallnöfer mwallnoe...@yahoo.de Date: Tue Mar 9 17:52:10 2010 +0100 s4:winbind/wb_cmd_getgroups.c - fix up warnings Also fix some indentations. commit 98bc10d0a8284387789fafc32a1a1e54a7e31824 Author: Matthieu Patou m...@matws.net Date: Tue Mar 9 15:35:54 2010 +0300 s4:unittest Fix unittest to reflect that wbinfo -r no longer fail Signed-off-by: Matthias Dieter Wallnöfer mwallnoe...@yahoo.de commit bc766a9a8475344eb4556da91f68874523d1fe52 Author: Matthieu Patou m...@matws.net Date: Wed Mar 3 23:29:15 2010 +0300 s4:winbind: stub implementation of WINBINDD_PAM_LOGOFF Signed-off-by: Matthias Dieter Wallnöfer mwallnoe...@yahoo.de commit 238ff24341767230614a3931646df59c1cf87a52 Author: Matthieu Patou m...@matws.net Date: Wed Mar 3 23:29:32 2010 +0300 s4:winbind: Fix a misplaced returned info libwbclient expect to have in auth.exra_data the INFO3_TXT and in auth.unix_username the username Signed-off-by: Matthias Dieter Wallnöfer mwallnoe...@yahoo.de commit 42b5b381871dd935aeda34669a2c03a05a63f5f0 Author: Matthieu Patou m...@matws.net Date: Thu Mar 4 03:05:06 2010 +0300 s4:winbind Implement logic for getgroups to work This function is called by the system everytime we do a id user or when we do wbinfo -r Signed-off-by: Matthias Dieter Wallnöfer mwallnoe...@yahoo.de commit 30baf31411363ebd79a6366caf4a792850c40192 Author: Matthieu Patou m...@matws.net Date: Thu Mar 4 02:46:36 2010 +0300 s4:winbind: implement calls for allowing getent groups This is to say getgrent and setgrent, and the associated technical objects (states, build directives,...) needed. Signed-off-by: Matthias Dieter Wallnöfer mwallnoe...@yahoo.de commit 74166c380c5ad110d93c4e7141eaa7b1d069ced8 Author: Matthias Dieter Wallnöfer mwallnoe...@yahoo.de Date: Wed Feb 17 09:51:41 2010 +0100 s4:torture/rpc/netlogon.c - LogonGetDomainInfo test - make it compatible against Windows Server 2008 This is a reworked version of the mentioned test which passes against Windows Server 2008. The previous version, also mainly written by me passed only against Windows Server = 2003. commit 9995a37a8cffb5e20e2b0ef5abfee602673d362d Author: Matthias Dieter Wallnöfer mwallnoe...@yahoo.de Date: Fri Mar 5 11:09:57 2010 +0100 s4:netlogon RPC - LogonGetDomainInfo - make the call compatible with = Windows 2008 Add more security checks and other corrections to imitate Windows Server = 2008. commit 1deefcaee1f3de97c0377b513a6f9c3d1181e2b0 Author: Matthias Dieter Wallnöfer mwallnoe...@yahoo.de Date: Tue Mar 9 17:12:02 2010 +0100 libcli/auth/schannel_state_tdb.c - fix an obviously wrong error handling --- Summary of changes: libcli/auth/schannel_state_tdb.c |1 - nsswitch/tests/test_wbinfo.sh |3 +- source4/rpc_server/netlogon/dcerpc_netlogon.c | 85 +++--- source4/torture/rpc/netlogon.c| 118 +++-- source4/winbind/config.mk |3 + source4/winbind/wb_async_helpers.c| 20 +- source4/winbind/wb_cmd_getgrent.c | 124 ++ source4/winbind/wb_cmd_getgroups.c| 223 + source4/winbind/wb_cmd_list_trustdom.c|8 +- source4/winbind/wb_cmd_setgrent.c | 171 +++ source4/winbind/wb_cmd_userdomgroups.c|8 +- source4/winbind/wb_cmd_usersids.c | 12
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via c05d13d... s4:ldb fix escape parsing via 9f53820... s3:tldap add own filter parsing from 2ee3cca... s4:winbind - use unsigned variables where possible http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit c05d13d3c2c5d516c55cec133ba635f528034862 Author: Simo Sorce i...@samba.org Date: Sun Mar 7 20:20:45 2010 -0500 s4:ldb fix escape parsing sscanf can return also on short reads, in this case an invalid escape sequence like '\1k' would be accepted, returning 1 as value and swallowing the 'k'. Use an auxiliar function to validate and convert hex escapes. commit 9f53820de731ca1a7f06341958b43fcfccf82600 Author: Simo Sorce i...@samba.org Date: Sun Mar 7 20:20:02 2010 -0500 s3:tldap add own filter parsing Also add torture test to check filter parsing. --- Summary of changes: source3/lib/tldap.c| 714 ++-- source3/torture/torture.c | 14 + source4/lib/ldb/common/ldb_parse.c | 26 ++- 3 files changed, 638 insertions(+), 116 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/lib/tldap.c b/source3/lib/tldap.c index fa56763..3b256c4 100644 --- a/source3/lib/tldap.c +++ b/source3/lib/tldap.c @@ -956,175 +956,654 @@ int tldap_simple_bind(struct tldap_context *ld, const char *dn, /*/ -/* - * This piece has a dependency on ldb, the ldb_parse_tree() function is used. - * In case we want to separate out tldap, we need to copy or rewrite it. +/* can't use isalpha() as only a strict set is valid for LDAP */ +#define TLDAP_IS_ALPHA(c) c) = 'a') ((c) = 'z')) || \ + (((c) = 'A') ((c) = 'Z'))) + +#define TLDAP_IS_ADH(c) (TLDAP_IS_ALPHA(c) || isdigit(c) || (c) == '-') + +#define TLDAP_FILTER_AND ASN1_CONTEXT(0) +#define TLDAP_FILTER_OR ASN1_CONTEXT(1) +#define TLDAP_FILTER_NOT ASN1_CONTEXT(2) +#define TLDAP_FILTER_EQ ASN1_CONTEXT(3) +#define TLDAP_FILTER_SUB ASN1_CONTEXT(4) +#define TLDAP_FILTER_LE ASN1_CONTEXT(5) +#define TLDAP_FILTER_GE ASN1_CONTEXT(6) +#define TLDAP_FILTER_PRES ASN1_CONTEXT_SIMPLE(7) +#define TLDAP_FILTER_APX ASN1_CONTEXT(8) +#define TLDAP_FILTER_EXT ASN1_CONTEXT(9) + +#define TLDAP_SUB_INI ASN1_CONTEXT_SIMPLE(0) +#define TLDAP_SUB_ANY ASN1_CONTEXT_SIMPLE(1) +#define TLDAP_SUB_FIN ASN1_CONTEXT_SIMPLE(2) + + +/* oid's should be numerical only in theory, + * but apparently some broken servers may have alphanum aliases instead. + * Do like openldap libraries and allow alphanum aliases for oids, but + * do not allow Tagging options in that case. */ +static bool tldap_is_attrdesc(const char *s, int len, bool no_tagopts) +{ + bool is_oid = false; + bool dot = false; + int i; + + /* first char has stricter rules */ + if (isdigit(*s)) { + is_oid = true; + } else if (!TLDAP_IS_ALPHA(*s)) { + /* bad first char */ + return false; + } + + for (i = 1; i len; i++) { + + if (is_oid) { + if (isdigit(s[i])) { + dot = false; + continue; + } + if (s[i] == '.') { + if (dot) { + /* malformed */ + return false; + } + dot = true; + continue; + } + } else { + if (TLDAP_IS_ADH(s[i])) { + continue; + } + } + + if (s[i] == ';') { + if (no_tagopts) { + /* no tagging options */ + return false; + } + if (dot) { + /* malformed */ + return false; + } + if ((i + 1) == len) { + /* malformed */ + return false; + } -#include lib/ldb/include/ldb.h -#include lib/ldb/include/ldb_errors.h + is_oid = false; + continue; + } + } -static bool ldap_push_filter(struct asn1_data *data, -struct ldb_parse_tree *tree) + if (dot) { + /* malformed */ + return false; + } + + return true; +} + +/* this function copies the value until the closing parenthesis is found. */ +static char
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 25452a2... s3: Fix a NULL pointer dereference from c05d13d... s4:ldb fix escape parsing http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 25452a2268ac7013da28125f3df22085139af12d Author: Volker Lendecke v...@samba.org Date: Tue Mar 9 11:14:14 2010 +0100 s3: Fix a NULL pointer dereference Found by Laurent Gaffie laurent.gaf...@gmail.com. Thanks! Volker --- Summary of changes: source3/smbd/process.c | 11 ++- 1 files changed, 10 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/smbd/process.c b/source3/smbd/process.c index 65bb25d..9a39779 100644 --- a/source3/smbd/process.c +++ b/source3/smbd/process.c @@ -1810,6 +1810,15 @@ void chain_reply(struct smb_request *req) */ if ((req-wct 2) || (CVAL(req-outbuf, smb_wct) 2)) { + if (req-chain_outbuf == NULL) { + req-chain_outbuf = TALLOC_REALLOC_ARRAY( + req, req-outbuf, uint8_t, + smb_len(req-outbuf) + 4); + if (req-chain_outbuf == NULL) { + smb_panic(talloc failed); + } + } + req-outbuf = NULL; goto error; } @@ -1837,7 +1846,7 @@ void chain_reply(struct smb_request *req) req-chain_outbuf = TALLOC_REALLOC_ARRAY( req, req-outbuf, uint8_t, smb_len(req-outbuf) + 4); if (req-chain_outbuf == NULL) { - goto error; + smb_panic(talloc failed); } req-outbuf = NULL; } else { -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 9adbba6... Allow make test to complete as root. Obviously only safe on tightly controlled developer machines. Jeremy. from 25452a2... s3: Fix a NULL pointer dereference http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 9adbba6fb9404bb7f6d88cf58e7d5ce06fe73b0e Author: Jeremy Allison j...@samba.org Date: Tue Mar 9 13:14:18 2010 -0800 Allow make test to complete as root. Obviously only safe on tightly controlled developer machines. Jeremy. --- Summary of changes: source3/script/tests/selftest.sh | 16 1 files changed, 16 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/script/tests/selftest.sh b/source3/script/tests/selftest.sh index 09f7dc8..9994e47 100755 --- a/source3/script/tests/selftest.sh +++ b/source3/script/tests/selftest.sh @@ -302,6 +302,7 @@ EOF ## create a test account ## +if [ $USERID != 0 ]; then cat $NSS_WRAPPER_PASSWDEOF root:x:65533:65532:root gecos:$PREFIX_ABS:/bin/false nobody:x:65534:65533:nobody gecos:$PREFIX_ABS:/bin/false @@ -314,6 +315,21 @@ nogroup:x:65534:nobody root:x:65532: $USERNAME-group:x:$GROUPID: EOF +else +## +## Running as root... +## +cat $NSS_WRAPPER_PASSWDEOF +$USERNAME:x:$USERID:$GROUPID:$USERNAME gecos:$PREFIX_ABS:/bin/false +nobody:x:65534:65533:nobody gecos:$PREFIX_ABS:/bin/false +EOF + +cat $NSS_WRAPPER_GROUPEOF +$USERNAME-group:x:$GROUPID: +nobody:x:65533: +nogroup:x:65534:nobody +EOF +fi MAKE_TEST_BINARY=bin/smbpasswd export MAKE_TEST_BINARY -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via f7f67e9... Fix typo and convert spaces to tabs via 8fa81e9... Fix typo from 9adbba6... Allow make test to complete as root. Obviously only safe on tightly controlled developer machines. Jeremy. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit f7f67e9e1f678e0256deeca94939bf29e6a04fa4 Author: Simo Sorce i...@samba.org Date: Tue Mar 9 16:40:55 2010 -0500 Fix typo and convert spaces to tabs commit 8fa81e99093bccf40c4ddea162896ccc020da9db Author: Simo Sorce i...@samba.org Date: Tue Mar 9 16:41:44 2010 -0500 Fix typo --- Summary of changes: source3/lib/tldap.c|4 ++-- source4/lib/ldb/common/ldb_parse.c |8 2 files changed, 6 insertions(+), 6 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/lib/tldap.c b/source3/lib/tldap.c index 3b256c4..c8f3af7 100644 --- a/source3/lib/tldap.c +++ b/source3/lib/tldap.c @@ -1080,8 +1080,8 @@ static int tldap_hex2char(const char *x) else if (h1 = '0') c = h1 - (int)'0'; c = c 4; if (h2 = 'a') c += h2 - (int)'a' + 10; - else if (h1 = 'A') c += h2 - (int)'A' + 10; - else if (h1 = '0') c += h2 - (int)'0'; + else if (h2 = 'A') c += h2 - (int)'A' + 10; + else if (h2 = '0') c += h2 - (int)'0'; return c; } diff --git a/source4/lib/ldb/common/ldb_parse.c b/source4/lib/ldb/common/ldb_parse.c index 6d43000..a684593 100644 --- a/source4/lib/ldb/common/ldb_parse.c +++ b/source4/lib/ldb/common/ldb_parse.c @@ -54,8 +54,8 @@ static int ldb_parse_hex2char(const char *x) else if (h1 = '0') c = h1 - (int)'0'; c = c 4; if (h2 = 'a') c += h2 - (int)'a' + 10; - else if (h1 = 'A') c += h2 - (int)'A' + 10; - else if (h1 = '0') c += h2 - (int)'0'; + else if (h2 = 'A') c += h2 - (int)'A' + 10; + else if (h2 = '0') c += h2 - (int)'0'; return c; } @@ -93,8 +93,8 @@ struct ldb_val ldb_binary_decode(void *mem_ctx, const char *str) if (str[i] == '\\') { int c; -c = ldb_parse_hex2char(str[i+1]); -if (c == -1) { + c = ldb_parse_hex2char(str[i+1]); + if (c == -1) { talloc_free(ret.data); memset(ret, 0, sizeof(ret)); return ret; -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via ae79d8c... s4-smbtorture: on HKLM hive test the well known CurrentVersion value. via 722daf4... s4-smbtorture: add full coverage test for winreg QueryValue calls. via 62b41e6... s4-smbtorture: rework test_winreg_QueryValue in RPC-SPOOLSS-PRINTER once again. via 6d10645... s4-smbtorture: add tests for set and delete value in RPC-WINREG. from f7f67e9... Fix typo and convert spaces to tabs http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit ae79d8ce02921e9a5c82433527909c7f707051e3 Author: Günther Deschner g...@samba.org Date: Wed Mar 10 00:43:57 2010 +0100 s4-smbtorture: on HKLM hive test the well known CurrentVersion value. Guenther commit 722daf43d0ef3a7951d8ee6b4aea97fd3e056719 Author: Günther Deschner g...@samba.org Date: Wed Mar 10 00:17:59 2010 +0100 s4-smbtorture: add full coverage test for winreg QueryValue calls. Guenther commit 62b41e684286ec04dfb0c03b42d0d028212084c9 Author: Günther Deschner g...@samba.org Date: Wed Mar 10 00:16:46 2010 +0100 s4-smbtorture: rework test_winreg_QueryValue in RPC-SPOOLSS-PRINTER once again. Guenther commit 6d10645bcae39f1377c1e3bfd01578519586289d Author: Günther Deschner g...@samba.org Date: Wed Mar 10 00:06:52 2010 +0100 s4-smbtorture: add tests for set and delete value in RPC-WINREG. Guenther --- Summary of changes: source4/torture/rpc/spoolss.c | 11 ++- source4/torture/rpc/winreg.c | 170 + 2 files changed, 178 insertions(+), 3 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/torture/rpc/spoolss.c b/source4/torture/rpc/spoolss.c index f83d3b5..84e73c3 100644 --- a/source4/torture/rpc/spoolss.c +++ b/source4/torture/rpc/spoolss.c @@ -3345,17 +3345,20 @@ static bool test_winreg_QueryValue(struct torture_context *tctx, uint32_t data_size = 0; uint32_t data_length = 0; struct winreg_String valuename; + uint8_t *data = NULL; init_winreg_String(valuename, value_name); + data = talloc_zero_array(tctx, uint8_t, 0); + r.in.handle = handle; r.in.value_name = valuename; r.in.type = type; r.in.data_size = data_size; r.in.data_length = data_length; - r.in.data = talloc_zero_array(tctx, uint8_t, *r.in.data_size); + r.in.data = data; r.out.type = type; - r.out.data = talloc_zero_array(tctx, uint8_t, *r.in.data_size); + r.out.data = data; r.out.data_size = data_size; r.out.data_length = data_length; @@ -3364,7 +3367,9 @@ static bool test_winreg_QueryValue(struct torture_context *tctx, torture_assert_ntstatus_ok(tctx, dcerpc_winreg_QueryValue(p, tctx, r), QueryValue failed); if (W_ERROR_EQUAL(r.out.result, WERR_MORE_DATA)) { *r.in.data_size = *r.out.data_size; - r.out.data = talloc_zero_array(tctx, uint8_t, *r.in.data_size); + data = talloc_zero_array(tctx, uint8_t, *r.in.data_size); + r.in.data = data; + r.out.data = data; torture_assert_ntstatus_ok(tctx, dcerpc_winreg_QueryValue(p, tctx, r), QueryValue failed); } torture_assert_werr_ok(tctx, r.out.result, QueryValue failed); diff --git a/source4/torture/rpc/winreg.c b/source4/torture/rpc/winreg.c index 5f1a66b..e4de39e 100644 --- a/source4/torture/rpc/winreg.c +++ b/source4/torture/rpc/winreg.c @@ -1429,6 +1429,58 @@ static bool test_QueryInfoKey(struct dcerpc_pipe *p, return true; } +static bool test_SetValue(struct dcerpc_pipe *p, + struct torture_context *tctx, + struct policy_handle *handle, + const char *value_name, + enum winreg_Type type, + uint8_t *data, + uint32_t size) +{ + struct winreg_SetValue r; + struct winreg_String name; + + torture_comment(tctx, Testing SetValue(%s)\n, value_name); + + init_winreg_String(name, value_name); + + r.in.handle = handle; + r.in.name = name; + r.in.type = type; + r.in.data = data; + r.in.size = size; + + torture_assert_ntstatus_ok(tctx, dcerpc_winreg_SetValue(p, tctx, r), + winreg_SetValue failed); + torture_assert_werr_ok(tctx, r.out.result, + winreg_SetValue failed); + + return true; +} + +static bool test_DeleteValue(struct dcerpc_pipe *p, +struct torture_context *tctx, +struct policy_handle *handle, +const char *value_name) +{ + struct winreg_DeleteValue r; + struct winreg_String value; + +
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 3855c94... Add tests which, when run as root, will ensure we can't write into a read-only directory, or read a owner-read-only file. from ae79d8c... s4-smbtorture: on HKLM hive test the well known CurrentVersion value. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 3855c948c029490c616f4b4aa81b47e6df8c12a0 Author: Jeremy Allison j...@samba.org Date: Tue Mar 9 16:36:48 2010 -0800 Add tests which, when run as root, will ensure we can't write into a read-only directory, or read a owner-read-only file. Jeremy. --- Summary of changes: source3/script/tests/selftest.sh | 33 ++-- source3/script/tests/test_smbclient_s3.sh | 128 - source3/script/tests/tests_all.sh |4 +- 3 files changed, 154 insertions(+), 11 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/script/tests/selftest.sh b/source3/script/tests/selftest.sh index 9994e47..e49bca8 100755 --- a/source3/script/tests/selftest.sh +++ b/source3/script/tests/selftest.sh @@ -36,9 +36,22 @@ if [ $CUSTOM_CONF_ARG ]; then fi ## -## create the test directory +## create the test directory layout ## PREFIX=`echo $DIRECTORY | sed s+//+/+` +printf %s CREATE TEST ENVIRONMENT IN '$PREFIX'... +/bin/rm -rf $PREFIX +if [ -e $PREFIX ]; then + echo *** + echo *** Failed to delete test environment $PREFIX + echo *** Was a previous run done as root ? + echo *** + exit 1 +fi + +## +## create the test directory +## mkdir -p $PREFIX || exit $? OLD_PWD=`pwd` cd $PREFIX || exit $? @@ -145,11 +158,6 @@ if test x`smbd -b | grep NSS_WRAPPER` = x; then fi -## -## create the test directory layout -## -printf %s CREATE TEST ENVIRONMENT IN '$PREFIX'... -/bin/rm -rf $PREFIX/* mkdir -p $PRIVATEDIR $NCALRPCDIR $LIBDIR $PIDDIR $LOCKDIR $LOGDIR mkdir -p $SOCKET_WRAPPER_DIR mkdir -p $WINBINDD_SOCKET_DIR @@ -173,6 +181,16 @@ fi chmod 777 $SHRDIR ## +## Create a read-only directory. +## +RO_SHRDIR=`echo $SHRDIR | sed -e 's:/[^/]*$::'` +RO_SHRDIR=$RO_SHRDIR/root-tmp +mkdir -p $RO_SHRDIR +chmod 755 $RO_SHRDIR +touch $RO_SHRDIR/unreadable_file +chmod 600 $RO_SHRDIR/unreadable_file + +## ## Create the common config include file with the basic settings ## @@ -269,6 +287,9 @@ cat $SERVERCONFFILEEOF [tmp] path = $SHRDIR +[ro-tmp] + path = $RO_SHRDIR + guest ok = yes [hideunread] copy = tmp hide unreadable = yes diff --git a/source3/script/tests/test_smbclient_s3.sh b/source3/script/tests/test_smbclient_s3.sh index ff50220..84a3999 100755 --- a/source3/script/tests/test_smbclient_s3.sh +++ b/source3/script/tests/test_smbclient_s3.sh @@ -2,9 +2,9 @@ # this runs the file serving tests that are expected to pass with samba3 -if [ $# -lt 4 ]; then +if [ $# -lt 5 ]; then cat EOF -Usage: test_smbclient_s3.sh SERVER SERVER_IP USERNAME PASSWORD +Usage: test_smbclient_s3.sh SERVER SERVER_IP USERNAME PASSWORD USERID EOF exit 1; fi @@ -13,8 +13,9 @@ SERVER=$1 SERVER_IP=$2 USERNAME=$3 PASSWORD=$4 +USERID=$5 SMBCLIENT=$VALGRIND ${SMBCLIENT:-$BINDIR/smbclient} $CONFIGURATION -shift 4 +shift 5 ADDARGS=$* test x$TEST_FUNCTIONS_SH != xINCLUDED { @@ -126,6 +127,119 @@ EOF fi } +# Test writing into a read-only directory (logon as guest) fails. +test_read_only_dir() +{ +prompt=NT_STATUS_ACCESS_DENIED making remote directory +tmpfile=/tmp/smbclient.in.$$ + +## +## We can't do this as non-root. We always have rights to +## create the directory. +## +if [ $USERID != 0 ]; then + echo skipping test_read_only_dir as non-root + true + return +fi + +## +## We can't do this with an encrypted connection. No credentials +## to set up the channel. +## +if [ $ADDARGS == -e ]; then + echo skipping test_read_only_dir with encrypted connection + true + return +fi + +cat $tmpfile EOF +mkdir a_test_dir +quit +EOF + +cmd='CLI_FORCE_INTERACTIVE=yes $SMBCLIENT $CONFIGURATION $@ -U% //$SERVER/ro-tmp -I $SERVER_IP $ADDARGS $tmpfile 21' +eval echo $cmd +out=`eval $cmd` +ret=$? +rm -f $tmpfile + +if [ $ret != 0 ] ; then + echo $out + echo failed writing into read-only directory with error $ret + false + return +fi + +echo $out | grep $prompt /dev/null 21 + +ret=$? +if [ $ret = 0 ] ; then + # got the correct prompt .. succeed + true +else + echo $out + echo failed writing into read-only directory - grep failed with $ret + false +fi +} + +# Test reading an owner-only file (logon as guest) fails. +test_owner_only_file() +{ +prompt=NT_STATUS_ACCESS_DENIED opening remote file +tmpfile=/tmp/smbclient.in.$$ + +## +## We can't do this as non-root. We
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 420e3b8... s4-smbtorture: disable winreg QueryValue test for today. via 0a253e6... s4-smbtorture: fix some build warnings in RPC-SPOOLSS test. from 3855c94... Add tests which, when run as root, will ensure we can't write into a read-only directory, or read a owner-read-only file. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 420e3b8553c9e721fba27dd64eb78b2c7105ce64 Author: Günther Deschner g...@samba.org Date: Wed Mar 10 02:52:13 2010 +0100 s4-smbtorture: disable winreg QueryValue test for today. wow, both s3 and s4 crash on full coverage winreg QueryValue testing. Guenther commit 0a253e6b72dbf5cfe6be1952fde72cf492680e36 Author: Günther Deschner g...@samba.org Date: Wed Mar 10 02:50:32 2010 +0100 s4-smbtorture: fix some build warnings in RPC-SPOOLSS test. Guenther --- Summary of changes: source4/torture/rpc/spoolss.c | 16 source4/torture/rpc/winreg.c |4 ++-- 2 files changed, 10 insertions(+), 10 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/torture/rpc/spoolss.c b/source4/torture/rpc/spoolss.c index 84e73c3..73787a9 100644 --- a/source4/torture/rpc/spoolss.c +++ b/source4/torture/rpc/spoolss.c @@ -3504,7 +3504,7 @@ static bool test_SetPrinterDataEx_matrix(struct torture_context *tctx, c = strchr(key, '\\'); if (c) { - int i; + int k; /* we have subkeys */ @@ -3514,9 +3514,9 @@ static bool test_SetPrinterDataEx_matrix(struct torture_context *tctx, return false; } - for (i=0; subkeys subkeys[i]; i++) { + for (k=0; subkeys subkeys[k]; k++) { - const char *current_key = talloc_asprintf(tctx, %s\\%s, key, subkeys[i]); + const char *current_key = talloc_asprintf(tctx, %s\\%s, key, subkeys[k]); if (!test_DeletePrinterKey(tctx, p, handle, current_key)) { return false; @@ -4278,7 +4278,7 @@ static bool test_EnumPrinters_findname(struct torture_context *tctx, for (i=0; i count; i++) { const char *current = NULL; - const char *p; + const char *q; switch (level) { case 1: @@ -4291,14 +4291,14 @@ static bool test_EnumPrinters_findname(struct torture_context *tctx, break; } - p = strrchr(current, '\\'); - if (p) { + q = strrchr(current, '\\'); + if (q) { if (!e.in.server) { torture_warning(tctx, server returns printername %s incl. servername although we did not set servername, current); } - p++; - if (strequal(p, name)) { + q++; + if (strequal(q, name)) { *found = true; break; } diff --git a/source4/torture/rpc/winreg.c b/source4/torture/rpc/winreg.c index e4de39e..7368b2d 100644 --- a/source4/torture/rpc/winreg.c +++ b/source4/torture/rpc/winreg.c @@ -1949,7 +1949,7 @@ static bool test_Open(struct torture_context *tctx, struct dcerpc_pipe *p, torture_assert_ntstatus_ok(tctx, open_fn(p, tctx, r), open); - +#if 0 /* FIXME: s3 and s4 crash on QueryValue */ if (open_fn == (void *)dcerpc_winreg_OpenHKLM) { #if 0 torture_assert(tctx, test_OpenKey(p, tctx, handle, KEY_CURRENT_VERSION, newhandle), @@ -1963,7 +1963,7 @@ static bool test_Open(struct torture_context *tctx, struct dcerpc_pipe *p, torture_assert(tctx, test_CloseKey(p, tctx, newhandle), failed to close current version key); } - +#endif /* FIXME */ test_Cleanup(p, tctx, handle, TEST_KEY_BASE); if (!test_CreateKey(p, tctx, handle, TEST_KEY_BASE, NULL)) { -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 41be390... Fix the shell script in the root case. When run as root, make test now detects CAP_DAC_OVERRIDE being left on in error. from 420e3b8... s4-smbtorture: disable winreg QueryValue test for today. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 41be39013b02a6813e87af9d6579a80b3ad5227f Author: Jeremy Allison j...@samba.org Date: Tue Mar 9 20:06:19 2010 -0800 Fix the shell script in the root case. When run as root, make test now detects CAP_DAC_OVERRIDE being left on in error. Jeremy. --- Summary of changes: source3/script/tests/test_smbclient_s3.sh |8 1 files changed, 4 insertions(+), 4 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/script/tests/test_smbclient_s3.sh b/source3/script/tests/test_smbclient_s3.sh index 84a3999..1ee829e 100755 --- a/source3/script/tests/test_smbclient_s3.sh +++ b/source3/script/tests/test_smbclient_s3.sh @@ -137,7 +137,7 @@ test_read_only_dir() ## We can't do this as non-root. We always have rights to ## create the directory. ## -if [ $USERID != 0 ]; then +if [ $USERID != 0 ] ; then echo skipping test_read_only_dir as non-root true return @@ -147,7 +147,7 @@ test_read_only_dir() ## We can't do this with an encrypted connection. No credentials ## to set up the channel. ## -if [ $ADDARGS == -e ]; then +if [ $ADDARGS = -e ] ; then echo skipping test_read_only_dir with encrypted connection true return @@ -194,7 +194,7 @@ test_owner_only_file() ## We can't do this as non-root. We always have rights to ## read the file. ## -if [ $USERID != 0 ]; then +if [ $USERID != 0 ] ; then echo skipping test_owner_only_file as non-root true return @@ -204,7 +204,7 @@ test_owner_only_file() ## We can't do this with an encrypted connection. No credentials ## to set up the channel. ## -if [ $ADDARGS == -e ]; then +if [ $ADDARGS = -e ] ; then echo skipping test_owner_only_file with encrypted connection true return -- Samba Shared Repository
[SCM] CTDB repository - branch master updated - ctdb-1.0.113-131-g3d82ca5
The branch, master has been updated via 3d82ca5b1b8ba2770c739493aa0cdd34bb4827d8 (commit) via e21b40db64b314a24caa2bc611cb48b93decb5aa (commit) from 51fce280d3a7e2cce8e6e268a19d3594b38b9bb6 (commit) http://gitweb.samba.org/?p=sahlberg/ctdb.git;a=shortlog;h=master - Log - commit 3d82ca5b1b8ba2770c739493aa0cdd34bb4827d8 Author: Mathieu Parent math.par...@gmail.com Date: Thu Mar 4 16:06:11 2010 +0100 Fix some more bashisms commit e21b40db64b314a24caa2bc611cb48b93decb5aa Author: Mathieu Parent math.par...@gmail.com Date: Mon Mar 8 21:19:35 2010 +0100 Correct nice_service() nice takes a binary as argument and not a function or builtin command --- Summary of changes: config/events.d/11.natgw |2 +- config/events.d/13.per_ip_routing | 11 --- config/functions | 13 +++-- 3 files changed, 20 insertions(+), 6 deletions(-) Changeset truncated at 500 lines: diff --git a/config/events.d/11.natgw b/config/events.d/11.natgw index 18db3de..b226b81 100644 --- a/config/events.d/11.natgw +++ b/config/events.d/11.natgw @@ -41,7 +41,7 @@ case $1 in NATGWIP=`ctdb natgwlist | head -1 | sed -e s/^[^ ]* *//` CTDB_NATGW_PUBLIC_IP_HOST=`echo $CTDB_NATGW_PUBLIC_IP | sed -e s/\/.*/\/32/` - if [ $NATGWMASTER == -1 ]; then + if [ $NATGWMASTER = -1 ]; then echo There is not NATGW master node exit 1 fi diff --git a/config/events.d/13.per_ip_routing b/config/events.d/13.per_ip_routing index b8a1e3e..e85ba66 100755 --- a/config/events.d/13.per_ip_routing +++ b/config/events.d/13.per_ip_routing @@ -75,7 +75,7 @@ lock_file() { stat -c%y $lckf return 1 } - kill -0 $pid { + /bin/kill -0 $pid { lock_debug lock file $lckf is valid for process $pid stat -c%y $lckf return 1 @@ -165,7 +165,10 @@ run_release_script_once() #echo run it: end } - echo -e #!/bin/sh\n#\n $_script + echo '#!/bin/sh' $_script + echo '#' $_script + echo $_script + chmod +x $_script return 0; @@ -230,7 +233,9 @@ generate_per_ip_routing() run_release_script_once $release_script - echo -e #!/bin/sh\n#\n $setup_script + echo '#!/bin/sh' $setup_script + echo '#' $setup_script + echo $setup_script chmod +x $setup_script return 0; diff --git a/config/functions b/config/functions index b70a352..6556b21 100644 --- a/config/functions +++ b/config/functions @@ -61,10 +61,19 @@ service() { ## # simulate /sbin/service (niced) on platforms that don't have it nice_service() { + _service_name=$1 + _op=$2 + # do nothing, when no service was specified - [ -z $1 ] return + [ -z $_service_name ] return -nice service $@ + if [ -x /sbin/service ]; then + nice /sbin/service $_service_name $_op + elif [ -x /etc/init.d/$_service_name ]; then + nice /etc/init.d/$_service_name $_op + elif [ -x /etc/rc.d/init.d/$_service_name ]; then + nice /etc/rc.d/init.d/$_service_name $_op + fi } ## -- CTDB repository
Build status as of Wed Mar 10 07:00:05 2010
URL: http://build.samba.org/ --- /home/build/master/cache/broken_results.txt.old 2010-03-09 00:00:06.0 -0700 +++ /home/build/master/cache/broken_results.txt 2010-03-10 00:00:06.0 -0700 @@ -1,4 +1,4 @@ -Build status as of Tue Mar 9 07:00:06 2010 +Build status as of Wed Mar 10 07:00:05 2010 Build counts: Tree Total Broken Panic @@ -13,9 +13,9 @@ samba-docs 0 0 0 samba-web0 0 0 samba_3_current 32 32 2 -samba_3_master 32 32 7 -samba_3_next 29 28 4 -samba_4_0_test 34 32 1 +samba_3_master 32 32 2 +samba_3_next 29 29 4 +samba_4_0_test 34 34 2 talloc 34 11 0 tdb 32 22 0