Re: [Samba] samba 4 for new authentication domain?
On Mon, Apr 26, 2010 at 09:59:02PM -0700, Kevin Keane wrote: Exactly WHY do you need AD instead of NT domains? Without understanding that, I don't think your question can be answered. In some cases, you can use a stand-alone Kerberos and/or LDAP server. Or conversely, some application you use may require a Microsoft AD server, sometimes even a specific version. I have some COTS Windows web apps that want to authenticate either using local accounts or against AD. They've been doing local accounts, but account and password management is increasingly problematic, so it would really help to have central password mangement. The apps doesn't support NT domain auth. It might be possible to do this with OpenLDAP+kerberos, but that sounds like a whole lot of manual work, so I'd rather get something more integrated (AD or samba4). I like *nix servers better than Windows, so I'd rather do samba4, but don't have a good feel for samba4's stability as an authentication server. Hence the earlier question. Basically, your tradeoff is between cost and risk. Windows 2008 R2 is all but guaranteed to work no matter what AD issue you throw at it, but it can get expensive, especially if you have many users. On the other hand, Samba is free, but Samba 4 is pretty unproven at this point. Software cost will probably not be a factor. Functionality is. Sounds like I/we need AD. :( - Morty -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] smbldap-tools vrs. Ldapsam:Editposix
Hi, recently I got my ldap server up an running and now I'd like to start to use it with our 600-user-300-windows-pc samba server. (Centos 5.4, samba-3.0.33-3.28, openldap-2.3.43, smbldap-tools-0.9.5-) So I started to read the samba how to, some books, a lot of postings and finaly tried first the smbldap-tools from idealx. After that I tried the Ldapsam:Editposix as this is the build in and may be simpler way to set up/manage the samba server. But as a novice in samba+ldap I'm faced with some questions and did not find any answers yet, because most docs start with a fresh set up and don't do a migration. After importing my posix accounts into ldap and populating the basic tree for samba I was able to migrate the sambapasswd too and finaly my windows users can log in. (This was the smbldap-tools-way) Doing this the Ldapsam:Editposix-way, something with the users main group mapping(?) fails. (1) May be somewone can poit me to a good migrating to Ldapsam:Editposix how tos? Or can help my in an other way? I can provide my config in detail and describe the steps I did. One importend question for me too is, should I go the Ldapsam:Editposix way or smbldap-tool-way? Any suggestions? Thanks a lot and best regards, Götz (1) [2010/04/26 15:38:30, 3] passdb/pdb_ldap.c:ldapsam_enum_group_memberships(2719) primary group of [greinick] not found [2010/04/26 15:38:30, 10] auth/auth_util.c:make_server_info_sam(639) pdb_enum_group_memberships failed: NT_STATUS_UNSUCCESSFUL [2010/04/26 15:38:30, 3] smbd/sec_ctx.c:pop_sec_ctx(356) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/26 15:38:30, 0] auth/auth_sam.c:check_sam_security(353) check_sam_security: make_server_info_sam() failed with 'NT_STATUS_UNSUCCESSFUL' [2010/04/26 15:38:30, 5] auth/auth.c:check_ntlm_password(273) check_ntlm_password: sam authentication for user [greinick] FAILED with error NT_STATUS_UNSUCCESSFUL [2010/04/26 15:38:30, 3] auth/auth_winbind.c:check_winbind_security(80) check_winbind_security: Not using winbind, requested domain [DALICLONE] was for this SAM. [2010/04/26 15:38:30, 10] auth/auth.c:check_ntlm_password(261) check_ntlm_password: winbind had nothing to say [2010/04/26 15:38:30, 2] auth/auth.c:check_ntlm_password(319) check_ntlm_password: Authentication for user [greinick] - [greinick] FAILED with error NT_STATUS_UNSUCCESSFUL [2010/04/26 15:38:30, 5] auth/auth_util.c:free_user_info(2108) attempting to free (and zero) a user_info structure -- Götz Reinicke IT-Koordinator Tel. +49 7141 969 420 Fax +49 7141 969 55 420 E-Mail goetz.reini...@filmakademie.de Filmakademie Baden-Württemberg GmbH Akademiehof 10 71638 Ludwigsburg www.filmakademie.de Eintragung Amtsgericht Stuttgart HRB 205016 Vorsitzende des Aufsichtsrats: Prof. Dr. Claudia Hübner Geschäftsführer: Prof. Thomas Schadt -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba 4 for new authentication domain?
On Tue, Apr 27, 2010 at 6:30 PM, Morty morty+sa...@frakir.orgmorty%2bsa...@frakir.org wrote: On Mon, Apr 26, 2010 at 09:59:02PM -0700, Kevin Keane wrote: Exactly WHY do you need AD instead of NT domains? Without understanding that, I don't think your question can be answered. I have some COTS Windows web apps that want to authenticate either using local accounts or against AD. You should clarify what mechanisms those web apps use for authentication. Generally most web apps use LDAP/NTML for authentication and LDAP for pulling user information. These two things you can achieve more reliably using Samba3 with an LDAP backend compared to Samba 4 (at this stage). Another pathway you should investigate is whether a single sign-on (SSO) system is applicable/appropriate. There are plenty of choices out there, but it does depend on what your COTS applications are. The benefit of SSO is that it abstracts web application authentication from your underlying authentication service. It is a bit more work, and not all web applications work with it, but once in place the results are very good. David -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba 4 for new authentication domain?
On Tue, Apr 27, 2010 at 07:36:39PM +1200, David Harrison wrote: You should clarify what mechanisms those web apps use for authentication. I don't know. :) The apps are black-box COTS apps which use AD for authentication. I didn't pick them, and don't have much insight into them. More apps might come later, so even if I can research and answer this question based on the current profiles, requirements might change. What I want to do is spec hardware and any necessary software to support authentication for the apps. I'd prefer to use free/open source software if it will work as a drop-in replacement for AD. Generally most web apps use LDAP/NTML for authentication and LDAP for pulling user information. These two things you can achieve more reliably using Samba3 with an LDAP backend compared to Samba 4 (at this stage). I've played with samba3+openldap+kerberos+bind9 as a replacement for AD before. It was extremely complex to setup and maintain, so I don't want to do that in production. samba4 seemed like it would be simpler and more compatible with AD. Ah, well. :( It's a shame that samba4 is waiting on file+print services to ship. samba3 is already a fine file+print services server. It might be better to just ship samba4 as AD-style authentication-only for now, and people who need AD-style auth, file, and print can run separate instances of samba4 and samba3 on separate VMs or separate physical servers. It wouldn't be as ideal as having a single combined server that could run everything, but at least all functionality would be shipped, and y'all would still have a roadmap towards an integrated product. - Morty -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba 4 for new authentication domain?
-Original Message- From: samba-boun...@lists.samba.org [mailto:samba- boun...@lists.samba.org] On Behalf Of Morty Sent: Tuesday, April 27, 2010 1:08 AM To: samba@lists.samba.org Subject: Re: [Samba] samba 4 for new authentication domain? On Tue, Apr 27, 2010 at 07:36:39PM +1200, David Harrison wrote: You should clarify what mechanisms those web apps use for authentication. I don't know. :) The apps are black-box COTS apps which use AD for authentication. You can usually find out simply by reading the documentation on how to set up authentication. Just as David said, almost all of them would use LDAP. The only exception is anything that supports Single-Sign-On via Internet Exploder. In that case, it's probably Kerberos. I didn't pick them, and don't have much insight into them. More apps might come later, so even if I can research and answer this question based on the current profiles, requirements might change. What I want to do is spec hardware and any necessary software to support authentication for the apps. I'd prefer to use free/open source software if it will work as a drop-in replacement for AD. You won't find true drop-in replacements anywhere. Even Samba 3 isn't a drop-in replacement for file sharing or NT domains; certain things won't work. For instance, some accounting packages (Quickbooks or Peachtree) also require a database component on the server. I'm sure there will be similar issues with Samba 4 vs. Active Directory. Generally most web apps use LDAP/NTML for authentication and LDAP for pulling user information. These two things you can achieve more reliably using Samba3 with an LDAP backend compared to Samba 4 (at this stage). I've played with samba3+openldap+kerberos+bind9 as a replacement for AD before. It was extremely complex to setup and maintain, so I don't want to do that in production. Agreed. Basically, that simplicity (and the tools to do it) is what you buy with the $$$ from Microsoft. Or with the $$$ to a RedHat consultant to make it all work for you. samba4 seemed like it would be simpler and more compatible with AD. Ah, well. :( What I found works exceedingly well (although not flawlessly) is a Windows AD Domain Controller, and then Samba servers for file and print sharing. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba ADS on AIX 6.1 TL04
Hi All I'm trying to intergrate samba server with ADS on AIX 6.1 TL04, for last one week, with idmap / winbind but no satisfactory results. I have gone through various links at samba.org relating to winbind, idmapper and followed http://pware.hvcc.edu/ for precompiled binaries and http://pware.hvcc.edu/AIX-Samba.pdf which is for AIX 6.1 TL03 though. I have found the samba which is provided by IBM with expansion pack doesn't have support for ADS. The binaries I have tried with is both 32 bit and 64bit of samba, neither of them has worked for me. ADS join is ok, I am able to see all good ouput for wbinfo -t/-m/-p etc. I have copied the WINBIND module under /usr/lib/security and changed /usr/lib/security/methods.cfg as WINBIND: program = /usr/lib/security/WINBIND options = authonly the /etc/security/user the default stanza with SYSTEM = WINBIND OR compat The errors I have repeatedly encountered is -- Could not trigger lookup sid sid2gid returned an error Could not lookup name for user MYDOMAIN\USER1 Some other errors are Error GID range is full!! No matter I removed *.tdb files, specified new ranges etc, this GID error persistenly appears. I have reached to the point where user autentication is successful but sid to gig mapping doesn't work, or lookup for that AD user fails. The AD seems to be OK , as another server AIX 5.2 is already working with samba compiled with ADS support. What I would like to know. 1. How do we compile samba from scratch, I tried 3.5.2 , ./configure was OK, but this didn;t created any makefile! , I understand I need to compile kerbros , db, openldap before compiling samba, which version of the dependent software (kerbros, db, openldap) be used? 2. How can I resolve this GID range full error. 3. what shall be done to have sid to gid mapping. Best Regards, Yash -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Undocumented TDB files
Moray Henderson wrote: Chris Smith wrote: /var/lib/samba/locking.tdb /var/lib/samba/wins.tdb /var/lib/samba/mutex.tdb which are not documented in Try: http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/tdb.html mutex.tdb is still missing but the two areas should be complete and consistent in information Thanks, I hadn't spotted that page. Although: - group_mapping.tdb should be group_mapping.ldb - printing directory: preserve Y conflicts with printing/*.tdb: backup no from the Official HOWTO /var/lib/samba/notify.tdb is not documented either; does that only in certain Samba versions? Moray. To err is human. To purr, feline -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba 4 for new authentication domain?
What I found works exceedingly well (although not flawlessly) is a Windows AD Domain Controller, and then Samba servers for file and print sharing. Hello Kevin, but what if you already have 1000 users in a samba domain. Is there a way to migrate them to a MS AD without loosing the uidNumber, Samba SID and such things ? We don't like the idea to set new users an groups for every directory we have on ous samba servers Bye Andreas -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba 4 for new authentication domain?
On Tue, Apr 27, 2010 at 01:27:35AM -0700, Kevin Keane wrote: You can usually find out simply by reading the documentation on how to set up authentication. Just as David said, almost all of them would use LDAP. The only exception is anything that supports Single-Sign-On via Internet Exploder. In that case, it's probably Kerberos. I'm reading the docs for one of the major apps, and unfortunately, it doesn't say. Although regardless, I wouldn't want to be pigeonholed. We could be required to install something new at any time. I'd prefer to be maximally AD-compatible. You won't find true drop-in replacements anywhere. Sounds like AD is the most AD-compatible package. :( - Morty -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba ADS on AIX 6.1 TL04
Yashpal Nagar wrote: Hi All I'm trying to intergrate samba server with ADS on AIX 6.1 TL04, for last one week, with idmap / winbind but no satisfactory results. I have gone through various links at samba.org relating to winbind, idmapper and followed http://pware.hvcc.edu/ for precompiled binaries and http://pware.hvcc.edu/AIX-Samba.pdf which is for AIX 6.1 TL03 though. It shouldn't matter. The TL's are just IBM's way of drawing lines for patch sets. The documentation was updated when TL-03 was released. The code compiled on 5.3 should run just fine under 6.1. I have found the samba which is provided by IBM with expansion pack doesn't have support for ADS. The binaries I have tried with is both 32 bit and 64bit of samba, neither of them has worked for me. ADS join is ok, I am able to see all good ouput for wbinfo -t/-m/-p etc. I have copied the WINBIND module under /usr/lib/security and changed /usr/lib/security/methods.cfg as WINBIND: program = /usr/lib/security/WINBIND options = authonly Please remove the authonly, it's not necessary. the /etc/security/user the default stanza with SYSTEM = WINBIND OR compat The errors I have repeatedly encountered is -- Could not trigger lookup sid sid2gid returned an error Could not lookup name for user MYDOMAIN\USER1 Some other errors are Error GID range is full!! This is an indication that the winbind configuration may be incorrect. In general, the AD configurations work as expected on AIX. Could you post your smb.conf for review? Also, are you using the LDAP backend or TDB? The IDMAP piece has been significantly modified from 3.3.x through 3.5.x, so some docs (including my own) may need some revision and depending on how yours is written may be getting misinterpreted. I am posting info from one of my (old - 5.3-TL6-SP4) AIX machines running 3.5.2 joined to w2k8R2: [aixdev:/] # oslevel -s 5300-06-04-0748 [aixdev:/] # lslpp -l pware* Fileset Level State Description Path: /usr/lib/objrepos pware53.base.rte 5.3.0.0 COMMITTED pWare base for 5.3 pware53.bash.rte 4.0.35.0 COMMITTED GNU bash 4.0 pware53.bdb.rte 4.7.25.4 COMMITTED Berkeley DB 4.7.25 pware53.cyrus-sasl.rte2.1.23.1 COMMITTED cyrus-sasl 2.1.23 pware53.gettext.rte 0.17.0.0 COMMITTED GNU gettext 0.17 pware53.krb5.rte 1.7.1.1 COMMITTED MIT Kerberos 1.7.1 pware53.libiconv.rte 1.13.1.0 COMMITTED GNU libiconv 1.13.1 pware53.ncurses.rte5.7.0.1 COMMITTED ncurses 5.7.0.1 pware53.openldap.rte 2.4.21.1 COMMITTED OpenLDAP 2.4.21 pware53.openssl.rte 0.9.8.13 COMMITTED OpenSSL 0.9.8m pware53.popt.rte 1.10.4.0 COMMITTED popt 1.10.4 pware53.readline.rte 6.1.0.0 COMMITTED GNU readline 6.1 pware53.samba.rte 3.5.2.0 COMMITTED Samba 3.5.2 pware53.tar.rte 1.22.0.0 COMMITTED GNU tar 1.22 pware53.zlib.rte 1.2.4.0 COMMITTED zlib 1.2.4 [aixdev:/] # cat /opt/pware/lib/smb.conf [global] security = ads realm = DEV35.LOCAL password server = 151.103.35.21 workgroup = DEV35 winbind separator = + idmap uid = 1-2 idmap gid = 1-2 winbind enum users = yes winbind enum groups = yes log level = 3 template homedir = /home/%D/%U template shell = /opt/pware/bin/bash client use spnego = yes client ntlmv2 auth = yes encrypt passwords = yes winbind use default domain = yes restrict anonymous = 2 [netlogon] path = /netlogon [aixdev:/] # net ads testjoin Join is OK [aixdev:/] # wbinfo -u administrator guest krbtgt w.jojo [aixdev:/] # wbinfo -g domain computers domain controllers schema admins enterprise admins cert publishers domain admins domain users domain guests group policy creator owners ras and ias servers allowed rodc password replication group denied rodc password replication group read-only domain controllers enterprise read-only domain controllers dnsadmins dnsupdateproxy ctxpilot [aixdev:/] # lsuser w.jojo w.jojo id=1 pgrp=domain users home=/home/DEV35/w.jojo shell=/opt/pware/bin/bash gecos=William Jojo login=true su=true rlogin=true daemon=true admin=false sugroups=ALL admgroups= tpath=nosak ttys=ALL expires=0 auth1=SYSTEM auth2=NONE umask=22 registry=WINBIND SYSTEM=compat or WINBIND logintimes= loginretries=0 pwdwarntime=0 account_locked=false minage=0 maxage=0 maxexpired=-1 minalpha=0 minother=0 mindiff=0 maxrepeats=8 minlen=0 histexpire=0 histsize=0 pwdchecks= dictionlist= fsize=-1 cpu=-1 data=-1 stack=-1 core=2097151 rss=-1 nofiles=-1 roles= id=1 pgrp=domain users home=/home/DEV35/w.jojo shell=/opt/pware/bin/bash pgid=1 gecos=William Jojo shell=/opt/pware/bin/bash pgrp=domain users SID=S-1-5-21-2261283086-3937381662-459627218-1113
Re: [Samba] KVNO keeps getting higher and higher
Richard Smits wrote: Hello, We have clients running Fedora 11. They are running samba and winbind version 3.4.2.0.42. samba-winbind-3.4.2-0.42.fc11.x86_64 samba-3.4.2-0.42.fc11.x86_64 samba-common-3.4.2-0.42.fc11.x86_64 Our problem is that the KVNO (Key Version Number) msDS-KeyVersionNumber keeps changing in the AD and is getting higher and higher. We are at 16 now and counting. The problem is that I have to recreate a new keytab file because our clients are also using a nfs4/krb5 mount on another server. When the version is higher than local in the keytab, the krb5 security will not work anymore. I have talked to the Windows sysadmins and the say that the password for a computer object is changed every 30 days, but my experience is that the key is increased every couple of days it seems. But the strange thing is that this is not for every computer object. There are also linux servers with AD computer objects that still have version 2 ? How is this possible ? This is a mystery for me. The other servers are using pam_winbind. Could that be the reason why the number will not increase in their case ? I hope to get some hints why this keeps happening. Greetings .. Richard Well, I am still having this problem, but have captured it in a logfile. It was in the 2003 DC security log. I seems that the computer object password in the AD is changed. Why ? And why would winbind not negotiate in a normal manner so this could be avoided. See logfile below... Does anyone has a clue why this is happening ? Greetings ... -- 27-4-2010 12:49:56 Security Success Audit Account Management 646 NT AUTHORITY\ANONYMOUS LOGON SRVxxx Computer Account Changed: - Target Account Name:linuxserver$ Target Domain: DASTUD Target Account ID: DOMAIN\linuxserver$ Caller User Name: SRVxxx$ Caller Domain: DASTUD Caller Logon ID:(0x0,0x3E7) Privileges: - Changed Attributes: Sam Account Name: - Display Name: - User Principal Name:- Home Directory: - Home Drive: - Script Path:- Profile Path: - User Workstations: - Password Last Set: 4/27/2010 12:49:56 PM Account Expires:- Primary Group ID: - AllowedToDelegateTo:- Old UAC Value: - New UAC Value: - User Account Control: - User Parameters:- Sid History:- Logon Hours:- DNS Host Name: - Service Principal Names:- 27-4-2010 12:49:56 Security Success Audit Account Management 646 NT AUTHORITY\ANONYMOUS LOGON SRVxxx Computer Account Changed: - Target Account Name:linuxserver$ Target Domain: DASTUD Target Account ID: DOMAIN\linuxserver$ Caller User Name: SRVxxx$ Caller Domain: DASTUD Caller Logon ID:(0x0,0x3E7) Privileges: - Changed Attributes: Sam Account Name: - Display Name: - User Principal Name:- Home Directory: - Home Drive: - Script Path:- Profile Path: - User Workstations: - Password Last Set: 4/27/2010 12:49:56 PM Account Expires:- Primary Group ID: - AllowedToDelegateTo:- Old UAC Value: - New UAC Value: - User Account Control: - User Parameters:- Sid History:- Logon Hours:- DNS Host Name: - Service Principal Names:- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba ADS on AIX 6.1 TL04
On Tue, Apr 27, 2010 at 5:32 PM, William Jojo w.j...@hvcc.edu wrote: Yashpal Nagar wrote: Hi All I'm trying to intergrate samba server with ADS on AIX 6.1 TL04, for last one week, with idmap / winbind but no satisfactory results. I have gone through various links at samba.org relating to winbind, idmapper and followed http://pware.hvcc.edu/ for precompiled binaries and http://pware.hvcc.edu/AIX-Samba.pdf which is for AIX 6.1 TL03 though. It shouldn't matter. The TL's are just IBM's way of drawing lines for patch sets. The documentation was updated when TL-03 was released. The code compiled on 5.3 should run just fine under 6.1. I have found the samba which is provided by IBM with expansion pack doesn't have support for ADS. The binaries I have tried with is both 32 bit and 64bit of samba, neither of them has worked for me. ADS join is ok, I am able to see all good ouput for wbinfo -t/-m/-p etc. I have copied the WINBIND module under /usr/lib/security and changed /usr/lib/security/methods.cfg as WINBIND: program = /usr/lib/security/WINBIND options = authonly Please remove the authonly, it's not necessary. the /etc/security/user the default stanza with SYSTEM = WINBIND OR compat The errors I have repeatedly encountered is -- Could not trigger lookup sid sid2gid returned an error Could not lookup name for user MYDOMAIN\USER1 Some other errors are Error GID range is full!! This is an indication that the winbind configuration may be incorrect. In general, the AD configurations work as expected on AIX. Could you post your smb.conf for review? Also, are you using the LDAP backend or TDB? The IDMAP piece has been significantly modified from 3.3.x through 3.5.x, so some docs (including my own) may need some revision and depending on how yours is written may be getting misinterpreted. I am posting info from one of my (old - 5.3-TL6-SP4) AIX machines running 3.5.2 joined to w2k8R2: [aixdev:/] # oslevel -s 5300-06-04-0748 [aixdev:/] # lslpp -l pware* Fileset Level State Description Path: /usr/lib/objrepos pware53.base.rte 5.3.0.0 COMMITTED pWare base for 5.3 pware53.bash.rte 4.0.35.0 COMMITTED GNU bash 4.0 pware53.bdb.rte 4.7.25.4 COMMITTED Berkeley DB 4.7.25 pware53.cyrus-sasl.rte2.1.23.1 COMMITTED cyrus-sasl 2.1.23 pware53.gettext.rte 0.17.0.0 COMMITTED GNU gettext 0.17 pware53.krb5.rte 1.7.1.1 COMMITTED MIT Kerberos 1.7.1 pware53.libiconv.rte 1.13.1.0 COMMITTED GNU libiconv 1.13.1 pware53.ncurses.rte5.7.0.1 COMMITTED ncurses 5.7.0.1 pware53.openldap.rte 2.4.21.1 COMMITTED OpenLDAP 2.4.21 pware53.openssl.rte 0.9.8.13 COMMITTED OpenSSL 0.9.8m pware53.popt.rte 1.10.4.0 COMMITTED popt 1.10.4 pware53.readline.rte 6.1.0.0 COMMITTED GNU readline 6.1 pware53.samba.rte 3.5.2.0 COMMITTED Samba 3.5.2 pware53.tar.rte 1.22.0.0 COMMITTED GNU tar 1.22 pware53.zlib.rte 1.2.4.0 COMMITTED zlib 1.2.4 [aixdev:/] # cat /opt/pware/lib/smb.conf [global] security = ads realm = DEV35.LOCAL password server = 151.103.35.21 workgroup = DEV35 winbind separator = + idmap uid = 1-2 idmap gid = 1-2 winbind enum users = yes winbind enum groups = yes log level = 3 template homedir = /home/%D/%U template shell = /opt/pware/bin/bash client use spnego = yes client ntlmv2 auth = yes encrypt passwords = yes winbind use default domain = yes restrict anonymous = 2 [netlogon] path = /netlogon [aixdev:/] # net ads testjoin Join is OK [aixdev:/] # wbinfo -u administrator guest krbtgt w.jojo [aixdev:/] # wbinfo -g domain computers domain controllers schema admins enterprise admins cert publishers domain admins domain users domain guests group policy creator owners ras and ias servers allowed rodc password replication group denied rodc password replication group read-only domain controllers enterprise read-only domain controllers dnsadmins dnsupdateproxy ctxpilot [aixdev:/] # lsuser w.jojo w.jojo id=1 pgrp=domain users home=/home/DEV35/w.jojo shell=/opt/pware/bin/bash gecos=William Jojo login=true su=true rlogin=true daemon=true admin=false sugroups=ALL admgroups= tpath=nosak ttys=ALL expires=0 auth1=SYSTEM auth2=NONE umask=22 registry=WINBIND SYSTEM=compat or WINBIND logintimes= loginretries=0 pwdwarntime=0 account_locked=false minage=0 maxage=0 maxexpired=-1 minalpha=0 minother=0 mindiff=0 maxrepeats=8 minlen=0 histexpire=0 histsize=0 pwdchecks= dictionlist= fsize=-1 cpu=-1 data=-1 stack=-1 core=2097151 rss=-1 nofiles=-1 roles= id=1 pgrp=domain users home=/home/DEV35/w.jojo shell=/opt/pware/bin/bash
Re: [Samba] Samba 3.5.2 on Redhat 4
On Mon, Apr 26, 2010 at 7:23 PM, Nico Kadel-Garcia nka...@gmail.com wrote: On Mon, Apr 26, 2010 at 5:30 PM, Linux Addict linuxaddi...@gmail.com wrote: Greetings, Did anyone able create rpms using makerpms.sh script. I tried with many spec files, but I cant fix net error. Anyone who had success, please reply. Thank you. thanks LA Take a look at http://ftp.sernet.de/pub/samba/3.5/rhel/4/. The SRPM is at http://ftp.sernet.de/pub/samba/3.5/src/rpm/. Thanks. Its named as suse.. Will it work on RHEL? And also I want to avoid sernet label on samba packages. That is one of the reason I am trying to use makerpms.sh. Let me check the SPEC file. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Small bug when server IP changes
I think this is a bug: CentOS 5.4 using Samba 3.4.7. If the server IP address changes, nmbd complains every few minutes that There is already a domain master browser on the old IP address. Although Chapter 41. Managing TDB Files states: wins.dat N WINS database iused only when wins support = yes has been set. This gets rebuilt or updated at every restart. that does not appear to be the case, since manually deleting wins.dat and restarting Samba makes the problem go away. Steps to reproduce: Server IP address 10.32.1.201 running Samba: # rpm -qa samba3\* libsmb\* libwb\* kernel samba3-client-3.4.7-42.el5 samba3-cifsmount-3.4.7-42.el5 samba3-3.4.7-42.el5 samba3-doc-3.4.7-42.el5 libwbclient0-3.4.7-42.el5 samba3-winbind-3.4.7-42.el5 kernel-2.6.18-164.15.1.el5 # service smb status smbd (pid 2591 2548) is running... nmbd (pid 2552 2551) is running... # ip addr list up 1: lo: LOOPBACK,UP,LOWER_UP mtu 16436 qdisc noqueue link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: BROADCAST,MULTICAST,UP,LOWER_UP mtu 1500 qdisc pfifo_fast qlen 1000 link/ether 00:0c:29:dd:52:71 brd ff:ff:ff:ff:ff:ff inet 10.32.1.201/24 brd 10.32.1.255 scope global eth0 inet6 fe80::20c:29ff:fedd:5271/64 scope link valid_lft forever preferred_lft forever # testparm -s | grep interfaces interfaces = 10.32.1.201/255.255.255.0 Now change the server's IP address by editing ifcfg-eth0 and smb.conf to change 10.32.1.201 to 10.32.1.200. Reboot the server. # service smb status smbd (pid 2591 2548) is running... nmbd (pid 2552 2551) is running... # ip addr list up 1: lo: LOOPBACK,UP,LOWER_UP mtu 16436 qdisc noqueue link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: BROADCAST,MULTICAST,UP,LOWER_UP mtu 1500 qdisc pfifo_fast qlen 1000 link/ether 00:0c:29:dd:52:71 brd ff:ff:ff:ff:ff:ff inet 10.32.1.200/24 brd 10.32.1.255 scope global eth0 inet6 fe80::20c:29ff:fedd:5271/64 scope link valid_lft forever preferred_lft forever # testparm -s | grep interfaces interfaces = 10.32.1.200/255.255.255.0 # ping 10.32.1.201 PING 10.32.1.201 (10.32.1.201) 56(84) bytes of data. From 10.32.1.200 icmp_seq=1 Destination Host Unreachable ... Every few minutes, nmbd logs the following in /var/log/messages: Apr 27 13:38:20 16test nmbd[2551]: [2010/04/27 13:38:20, 0] nmbd/nmbd_become_dmb.c:337(become_domain_master_browser_wins) Apr 27 13:38:20 16test nmbd[2551]: become_domain_master_browser_wins: Apr 27 13:38:20 16test nmbd[2551]: Attempting to become domain master browser on workgroup WORKGROUP, subnet UNICAST_SUBNET. Apr 27 13:38:20 16test nmbd[2551]: [2010/04/27 13:38:20, 0] nmbd/nmbd_become_dmb.c:351(become_domain_master_browser_wins) Apr 27 13:38:20 16test nmbd[2551]: become_domain_master_browser_wins: querying WINS server from IP 10.32.1.200 for domain master browser name WORKGROUP1b on workgroup WORKGROUP Apr 27 13:38:21 16test nmbd[2551]: [2010/04/27 13:38:21, 0] nmbd/nmbd_become_dmb.c:235(become_domain_master_query_success) Apr 27 13:38:21 16test nmbd[2551]: become_domain_master_query_success: Apr 27 13:38:21 16test nmbd[2551]: There is already a domain master browser at IP 10.32.1.201 for workgroup WORKGROUP registered on subnet UNICAST_SUBNET. Shut down Samba, delete wins.dat, and restart Samba. Messages disappear. Moray. To err is human. To purr, feline -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Winbind 3.5.2 caching issues under SLES11???
On Mon, Apr 26, 2010 at 4:35 AM, Volker Lendecke volker.lende...@sernet.de wrote: netsamlogon_cache.tdb is probably the culprit. Once you log in using pam or for example wbinfo -a the problem should be gone. I deleted netsamlogon_cache.tdb as well. Didn't do a wbinfo -a, but did a wbinfo -u and wbinfo -g. The idmapping did not change even after restarting samba until I manually deleted those tdb's. Chris -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Migration from 3.0.24 to 3.5.2
Hervé Hénoch wrote: Hello, I've a Samba Server 3.0.24 with LDAP backend. I've tried to migrate to Samba 3.5 (Version 3.5.2-SerNet-Debian) with again a LDAP backend. But once the server was installed, my XP machine can't connect the domain. The error is : netlogon_creds_server_check failed. Rejecting auth request from client DEVH machine account DEVH$ Since I've done the test locally the DNS server is not reachable and i've the following error wich seems to be logical : get_peer_name: getnameinfo failed for 172.18.101.31 with error Temporary failure in name resolution) The following commands run well : 1. getent passwd 2. net rpc user 3. smbclient -L localhost -U% 4. pdbedit -Lv 5. net rpc join - domain SC joined 6. net localsid = net domainsid What i've missed ? When you say migrate, do you mean an ordinary upgrade on the one server, or are you changing servers and copying the settings across? I was having this problem migrating to 3.4.7 using tdbsam backend; it went away after I rewrote the script that migrated the TDB files to the new server. See thread Undocumented TDB files for more on the TDB files. Earlier someone posted that a problem like this was fixed for them by changing workstation/server names in passwd and group to uppercase. Moray. To err is human. To purr, feline -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Winbind 3.5.2 caching issues under SLES11???
On Tue, Apr 27, 2010 at 10:10:29AM -0400, Chris Smith wrote: netsamlogon_cache.tdb is probably the culprit. Once you log in using pam or for example wbinfo -a the problem should be gone. I deleted netsamlogon_cache.tdb as well. Didn't do a wbinfo -a, but did a wbinfo -u and wbinfo -g. The idmapping did not change even after restarting samba until I manually deleted those tdb's. wbinfo -a or an equivalent is the authoritative source. Quote from http://msdn.microsoft.com/en-us/magazine/cc188757.aspx: The authorization framework in Windows has become so complicated that it's virtually impossible for a server developer to manually discover the groups for a user. That's the reason why we rely on the DC with wbinfo -a and can just do flawed attempts to get it right without -a. Volker -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] BUILTIN-Groups break winbind_idmap
Hello, i want to migrate from samba 3.2.6-37 (sernet-built on sles9) to 3.3.12-25 (sernet-built on debian lenny). It's a domain member server in an w2k3 ad with all company files on it. I migrated the smb.conf and moved the winbindd_idmap.tdb to the lenny server. The winbind idmap options are still the same with tdb as idmap backend and don't conflict with entries of /etc/group and /etc/passwd. My gid range starts by 1 (1 was originally mapped by winbind to domain-users). Now on lenny it seems that samba overrides the winbindd_idmap of the domain-users to BUILTIN\administrators. A wbinfo -Y S-1-5-32-544 with a result of 1 confirmed my assumptions. I don't know why samba behaves like this. For further analysis i attach the global section of the smb.conf. Anyone an idea? Thanks Thorsten [global] unix charset = ISO8859-15 display charset = ISO8859-15 workgroup = SCHARRNET realm = SCHARRNET.DE server string = interfaces = 127.0.0.1, eth0 bind interfaces only = Yes security = ADS password server = OMBRE DC1 log level = 2 socket options = SO_KEEPALIVE IPTOS_LOWDELAY TCP_NODELAY load printers = No printcap name = cups add share command = /usr/local/bin/modify_samba_config.pl change share command = /usr/local/bin/modify_samba_config.pl delete share command = /usr/local/bin/modify_samba_config.pl panic action = /usr/share/samba/panic-action %d idmap uid = 1-2 idmap gid = 1-2 winbind separator = + winbind cache time = 900 winbind enum users = Yes winbind enum groups = Yes ea support = Yes map acl inherit = Yes hide unreadable = Yes veto oplock files = /*.mdb/*.MDB/ store dos attributes = Yes dos filemode = Yes dos filetime resolution = Yes -- Thorsten Leiser IT-Systembetreuung SYNCHRON Gesellschaft für betriebswirtschaftliche Beratung und Informationssysteme mbH Liebknechtstr. 50 70565 Stuttgart-Vaihingen -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba ADS on AIX 6.1 TL04
Yashpal Nagar wrote: Thanks a lot Bill for your reply. My smb.conf - [global] As a member server, I would have expected workgroup to be AA, that is, the prefix of the realm. workgroup = MYGRP domain master = no local master = no server string = Test Samba Server netbios name = FOO realm = AA.DK http://AA.DK allow trusted domains = no security = ADS encrypt passwords = yes password server = * dns proxy = no log level = 3 max log size = 100 log file = /var/log/samba/%m.log client use spnego = yes Remove the following: idmap domains = MYGRP idmap config MYGRP:default = yes idmap config MYGRP:backend = tdb idmap config MYGRP:range = 20 - 50 idmap alloc backend = tdb idmap alloc config:range = 20 - 50 Add the following: idmap uid = 20-50 idmap gid = 20-50 Please see the following: http://samba.org/samba/docs/man/manpages-3/idmap_tdb.8.html But ignore the last example. :-) The idmap alloc is only necessary if the allocator it not going to the tdb model specified by idmap backend The man pages are very out of sync with the reality of IDMAP, but IDMAP is not a simple component and not always easy to debug, but I think it is in a better place now than previously. restrict anonymous = yes wins server = namesrv04 namesrv03 name resolve order = wins bcast - When I run testparm, it say unrecognised idmap domains = MYGRP. If I comment that out this throws no error for 'net ads testjoin' etc. No matter whichever samba ver I use it complains about this line, I may notice you have mentioned same example in one of your examples in your pdf, under IDMAP_TDB. Yeah, as of 3.3, that's not the case any longer. I will update my docs to reflect the truth. :-) Other smb.conf, I have tried which works well on AIX 5.2, but didn't work with precompiled binaries on AIX 6.1 --- [global] workgroup = MYGRP domain master = no local master = no server string = Test Samba Server netbios name = foo realm = AA.DK http://AA.DK allow trusted domains = no security = ADS encrypt passwords = yes password server = * dns proxy = no log level = 1 max log size = 100 log file = /var/log/samba/%m.log idmap uid = 10-99 idmap gid = 100-199 restrict anonymous = yes wins server = namesrv04 namesrv03 name resolve order = wins bcast winbind enum groups = no winbind enum users = no winbind cache time = 300 winbind use default domain = yes -- Since the existing setup (AIX5.2) works well with tdb backend, though it is not explicitly mentioned into the config above, But i can see a large winbindd_idmap.tdb under $SAMBA/var. I would keep the same tdb (default?) backend. The default is TDB, so yes, it would stay the same. You should (and probably want to) copy the winbindd_idmap.tdb to the new server to keep your mappings unless this is not desired. What I would like know - 1. Which samba binaries you have installed, I believe it is 32 bit. Can I use 64 bit binaries on a production server? You have mentioned *The 64-bit code is to be treated as PRODUCTION. * what does this mean? if this PRODUCTION means it shall be used for production servers or it is for you/SAMBA development team currently using for development/production of samba. Some more information here on your website surely would help more. Sorry about that. All of my package were initially 32-bit, then I offered the 64-bit code as BETA for about 6 months, and after some testing and feedback from users, I marked it as production quality. The Samba Team makes no guarantees whatsoever on what I produce. This is simply a statement of usability. I will remove that line from the site. 3. After changing mehtods.cfg, user file, Is there any program need to be restarted apart from samba or server reboot? The most you may need to do is stop Samba and run slibclean, then restart Samba. 4. I understand AIX uses LAM, instead of PAM which is used on Linux. Is there any setting related to LAM we got to do on AIX. There is no nsswitch.conf file as well, I assume since these binaries are already compiled for that platform, it should take care automatically? The package(s) I provide also support PAM. The IBM LAM framework is in use with the WINBIND product Andrew Tridgell wrote some time ago. You are correct that there no nsswitch.conf. Effectively, methods.cfg and /etc/security/user are the equivalent. Let me know how you get on. Cheers, Bill -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba 3.5.2 with/out aio on FreeBSD 7.2
Hi, I have a FreeBSD 7.2 machine with Samba 3.4.5 with aio support enabled. If I try to upgrade to Samba 3.5.2 from source aio support compiles but I receive Abnormal server exit: Failed to setup RT_SIGNAL_AIO handler fatal error from smbd. Without aio 3.5.2 too works nice. Any hint please what has been changed from 3.4.5 to 3.5.2 regarding aio? Or what special compile option would be required now to enable aio? Thanks. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Account Users
Attn. Student/Staff Email Account Users... We regret to announce to you that we will be making some vital maintainance on our School website. During this process you might have login problems in signing into your Online account, but to prevent this you have to confirm your account immediately after you receive this notification. To confirm and to keep your account active during and after this process, please reply to this message with the below account informations. Failure to do this might cause a permanent deactivation of your user account from our database to enable us create more spaces for new users. YOUR EMAIL ACCOUNT CONFIRMATION Email address: Username: Password: Date of birth: Your account shall remain active after you have successfully confirmed your account details. Thanks for bearing with us. Warning Code: 002671 This message was sent using IMP, the Internet Messaging Program. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3.5.2 on Redhat 4
On Tue, Apr 27, 2010 at 9:48 AM, Linux Addict linuxaddi...@gmail.com wrote: On Mon, Apr 26, 2010 at 7:23 PM, Nico Kadel-Garcia nka...@gmail.com wrote: On Mon, Apr 26, 2010 at 5:30 PM, Linux Addict linuxaddi...@gmail.com wrote: Greetings, Did anyone able create rpms using makerpms.sh script. I tried with many spec files, but I cant fix net error. Anyone who had success, please reply. Thank you. thanks LA Take a look at http://ftp.sernet.de/pub/samba/3.5/rhel/4/. The SRPM is at http://ftp.sernet.de/pub/samba/3.5/src/rpm/. Thanks. Its named as suse.. Will it work on RHEL? And also I want to avoid sernet label on samba packages. That is one of the reason I am trying to use makerpms.sh. Let me check the SPEC file. That bothered me, too, but it works with a very modest tweak published here: http://www.mail-archive.com/samba@lists.samba.org/msg107299.html I'm still unclear how it ever worked in our faithful binary provider's repository, but this patch fixes it. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] ntconfig.pol decode tool (?)
Hello, is there any tool that would dump a plain-text version of ntconfig.pol? Thanks in advance, Norberto -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] smbstatus shows no hostnames (3.5.1)
Am Freitag 16 April 2010 06:01:06 schrieb Günter Kukkukk: Am Mittwoch 24 März 2010 20:06:41 schrieb Volker Lendecke: On Wed, Mar 24, 2010 at 02:51:50PM +0100, christoph.be...@desy.de wrote: while debugging I observed something 'new' the name resolution works fine on the samba server as long as I browse the server 'directly' on the windows host (\\printserver) It is not working when I look into a printerqueue etc on the windows host, this goes along whith what I see in my working environment, a couple of hostnames get resolved but very few. So you can find to debug logfiles here, one with working name resolution and one without working name resolution: https://www.desy.de/~chbeyer/public/smbd_log_d10_working.tar https://www.desy.de/~chbeyer/public/smbd_log_d10.tar Thansk for the support ! Compared the logs, I don't see any difference in the relevant pieces of them. I'm lost at this point. Someone with Samba knowledge needs to look at the box itself. Sorry, Volker I assume hostname lookups = Yes is set in smb.conf During the last months i was also wondering about smbstatus output regarding hostnames or simple IPs - i had the impression that somewhat randomly some hostnames were not shown anymore, only their IP addresses. I'm often running/testing very different samba versions - and the (different) output of smbstatus didn't hit my interest/attention at all. I'm now doing some further tests on the git master branch. smbstatus e.g. relies on info stored in sessionid.tdb and connections.tdb ... , and the DNS related entries seem to be not properly collected and/or passed over to the calling function (inside the server). smbstatus just displays what the server previously has collected... Cheers, Günter did a lot of debugging and testing (using a recent samba git master branch). I was not able to catch any misbehavior regarding samba's (reverse) DNS lookup. More info is needed ... Cheers, Günter -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Build status as of Tue Apr 27 06:00:02 2010
URL: http://build.samba.org/ --- /home/build/master/cache/broken_results.txt.old 2010-04-26 00:00:20.0 -0600 +++ /home/build/master/cache/broken_results.txt 2010-04-27 00:00:10.0 -0600 @@ -1,4 +1,4 @@ -Build status as of Mon Apr 26 06:00:04 2010 +Build status as of Tue Apr 27 06:00:02 2010 Build counts: Tree Total Broken Panic @@ -16,7 +16,7 @@ samba_3_master 28 27 1 samba_3_next 28 23 2 samba_4_0_test 30 30 1 -samba_4_0_waf 29 28 2 +samba_4_0_waf 29 25 4 talloc 30 10 0 tdb 28 18 0
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 2f339f7... s4:wb_cmd_getdcname.c - fix s4 winbind up regarding the new correct GetAnyDCName behaviour via 2654e34... s4:netr_DsRAddressToSitenames[Ex]W calls - implement them correctly with the client site information via bb91afe... Revert s4:netr_DsRAddressToSitenames[Ex]W calls - implement them correctly with the client site information via 581f86b... Revert s4-netlogon: fixed breakage of dcesrv_netr_GetAnyDCName in sites patch from 280d06f... s4-libnet: cope with an empty client site name from CLDAP http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 2f339f71bd40484959a7008982b243cef0b06bea Author: Matthias Dieter Wallnöfer m...@samba.org Date: Mon Apr 26 20:19:36 2010 +0200 s4:wb_cmd_getdcname.c - fix s4 winbind up regarding the new correct GetAnyDCName behaviour We get back NO_SUCH_DOMAIN when we query the PDC. This is fine and therefore we use the logon_server variable as dcname. commit 2654e34cf092f1ec49e1462b67a10c681da4d3df Author: Matthias Dieter Wallnöfer m...@samba.org Date: Tue Apr 13 22:49:48 2010 +0200 s4:netr_DsRAddressToSitenames[Ex]W calls - implement them correctly with the client site information This behaviour should be similar to the one of Windows Server (in my case 2008) commit bb91afe50c2fb1ab8dc102ddef339bd7d46ff84a Author: Matthias Dieter Wallnöfer m...@samba.org Date: Tue Apr 27 08:08:42 2010 +0200 Revert s4:netr_DsRAddressToSitenames[Ex]W calls - implement them correctly with the client site information This reverts commit 908d982980846257b65ab576d31131e8793e9399. I need to merge the improved version of this commit. commit 581f86ba73b773f08996d473aaf0fad3e94ae2f3 Author: Matthias Dieter Wallnöfer m...@samba.org Date: Tue Apr 27 08:07:19 2010 +0200 Revert s4-netlogon: fixed breakage of dcesrv_netr_GetAnyDCName in sites patch This reverts commit e88a54a87e185b44e2d216bd853e6a87bf950be6. This isn't the correct behaviour. See MS-NRPC documentation under the GetAnyDCName section. --- Summary of changes: source4/rpc_server/netlogon/dcerpc_netlogon.c | 17 ++--- source4/winbind/wb_cmd_getdcname.c|5 + 2 files changed, 19 insertions(+), 3 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/rpc_server/netlogon/dcerpc_netlogon.c b/source4/rpc_server/netlogon/dcerpc_netlogon.c index 8681e68..a62a2ac 100644 --- a/source4/rpc_server/netlogon/dcerpc_netlogon.c +++ b/source4/rpc_server/netlogon/dcerpc_netlogon.c @@ -1019,6 +1019,12 @@ static WERROR dcesrv_netr_GetAnyDCName(struct dcesrv_call_state *dce_call, TALLO } if (strcasecmp(r-in.domainname, lp_workgroup(lp_ctx)) == 0) { + /* well we asked for a DC of our own domain */ + if (samdb_is_pdc(sam_ctx)) { + /* we are the PDC of the specified domain */ + return WERR_NO_SUCH_DOMAIN; + } + *r-out.dcname = talloc_asprintf(mem_ctx, \\%s, lp_netbios_name(lp_ctx)); W_ERROR_HAVE_NO_MEMORY(*r-out.dcname); @@ -1665,8 +1671,12 @@ static WERROR dcesrv_netr_DsRAddressToSitenamesExW(struct dcesrv_call_state *dce struct loadparm_context *lp_ctx = dce_call-conn-dce_ctx-lp_ctx; uint16_t sin_family; struct sockaddr_in *addr; +#ifdef HAVE_IPV6 struct sockaddr_in6 *addr6; char addr_str[INET6_ADDRSTRLEN]; +#else + char addr_str[INET_ADDRSTRLEN]; +#endif char *subnet_name; const char *res; uint32_t i; @@ -1706,6 +1716,7 @@ static WERROR dcesrv_netr_DsRAddressToSitenamesExW(struct dcesrv_call_state *dce res = inet_ntop(AF_INET, addr-sin_addr, addr_str, sizeof(addr_str)); break; +#ifdef HAVE_IPV6 case AF_INET6: if (r-in.addresses[i].size sizeof(struct sockaddr_in6)) { continue; @@ -1714,9 +1725,9 @@ static WERROR dcesrv_netr_DsRAddressToSitenamesExW(struct dcesrv_call_state *dce res = inet_ntop(AF_INET6, addr6-sin6_addr, addr_str, sizeof(addr_str)); break; +#endif default: continue; - break; } if (res == NULL) { @@ -1755,8 +1766,6 @@ static WERROR dcesrv_netr_DsRAddressToSitenamesW(struct dcesrv_call_state *dce_c r2.out.ctr = talloc(mem_ctx, struct netr_DsRAddressToSitenamesExWCtr *); W_ERROR_HAVE_NO_MEMORY(r2.out.ctr); - werr =
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 8219c4f... s4:kcc_periodic.c - fix counter types from 2f339f7... s4:wb_cmd_getdcname.c - fix s4 winbind up regarding the new correct GetAnyDCName behaviour http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 8219c4f69c2fd2d1f0f795a5dc28dec6dfeb0079 Author: Matthias Dieter Wallnöfer m...@samba.org Date: Tue Apr 27 08:19:10 2010 +0200 s4:kcc_periodic.c - fix counter types We are counting LDB objects here - therefore unsigned --- Summary of changes: source4/dsdb/kcc/kcc_periodic.c |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/dsdb/kcc/kcc_periodic.c b/source4/dsdb/kcc/kcc_periodic.c index 6dab6b5..9937e2e 100644 --- a/source4/dsdb/kcc/kcc_periodic.c +++ b/source4/dsdb/kcc/kcc_periodic.c @@ -62,7 +62,7 @@ static bool check_MasterNC(struct kccsrv_partition *p, struct repsFromToBlob *r, struct repsFromTo1 *r1; r1 = r-ctr.ctr1; struct GUID invocation_id = r1-source_dsa_invocation_id; - int i, j; + unsigned int i, j; for (i=0; ires-count; i++) { struct ldb_message *msg = res-msgs[i]; -- Samba Shared Repository
Re: [SCM] Samba Shared Repository - branch master updated
Hi Jeremy, - Log - commit 6beba782f1bf951236813e0b46115b8102212c03 Author: Jeremy Allison j...@samba.org Date: Mon Apr 26 10:54:33 2010 -0700 Fix crash when rescheduling oplock open. + /* + * This is subtle. We must null out the callback + * before resheduling, else the first call to + * tevent_req_nterror() causes the _receive() + * function to be called, this causing tevent_req_post() + * to crash. + */ + tevent_req_set_callback(smb2req-subreq, NULL, NULL); + im = tevent_create_immediate(smb2req); if (!im) { smbd_server_connection_terminate(smb2req-sconn, I'm not sure this is correct. I haven't looked in detail, but this looks like just hiding the real problem. The real problem is likely that we're abusing the tevent_req guidelines. I think 8f67f873ace91964da066c421986e260aceba75b is maybe ok, for getting stuff working, but I'd like to see the design changed. smb2_deferred_open_timer() should not call smbd_smb2_request_dispatch(). The re-entrant should happen inside the smbd_smb2_create_* code, the place were it decides to go async, instead of two layers above. I think the smbd_smb2_create_* should setup a smb2req-retry_callback(struct tevent_req *) function pointer. smb2_deferred_open_timer() would then just call it should just call it. I'd like to have something similar for smb1 (I know it would be a lot of work), but the layer violation is really confusing. The top level smb1/2 server code should not see any of this retry logic, it should just do a foo_send() call set it's callback on the returned tevent_req and get the final result with foo_recv(). All magic should be in one spot in the lower level. metze signature.asc Description: OpenPGP digital signature
Re: [SCM] Samba Shared Repository - branch master updated
Hi Tridge, commit c375b90f5d1b1cbef2896f9a9d5964126ce82022 Author: Andrew Tridgell tri...@samba.org Date: Mon Apr 26 21:49:37 2010 +1000 s4-getncchanges: honor DRSUAPI_DRS_REF_GCSPN this is an alternative way of establishing repsTo I think we should use that when we act as client... metze signature.asc Description: OpenPGP digital signature
Re: [SCM] Samba Shared Repository - branch master updated
Hi Jeremy, - Log - commit a94a4b788c3056068d0c8e42c55e990f418db666 Author: Jeremy Allison j...@samba.org Date: Mon Apr 26 20:11:59 2010 -0700 Plumb in get_nt_acl into SMB2. Jeremy. /* the levels directly map to the passthru levels */ file_info_level = in_file_info_class + 1000; @@ -392,7 +408,59 @@ static struct tevent_req *smbd_smb2_getinfo_send(TALLOC_CTX *mem_ctx, break; } + case 0x03:/* SMB2_GETINFO_SEC */ + { + uint8_t *p_marshalled_sd = NULL; + size_t sd_size = 0; I think we should check in_file_info_class for the correct value here and maybe return an error instead of ignoring it. + status = smbd_do_query_security_desc(conn, + state, + fsp, + /* Security info wanted. */ + in_additional_information, + in_output_buffer_length, + p_marshalled_sd, + sd_size); + + if (NT_STATUS_EQUAL(status, NT_STATUS_BUFFER_TOO_SMALL)) { + /* Return needed size. */ + state-out_output_buffer = data_blob_talloc(state, + NULL, + 4); + if (tevent_req_nomem(state-out_output_buffer.data, req)) { + return tevent_req_post(req, ev); + } + SIVAL(state-out_output_buffer.data,0,(uint32_t)sd_size); + state-status = NT_STATUS_BUFFER_TOO_SMALL; + break; don't we need to make sure that in_output_buffer_length is at least 4? + } + if (!NT_STATUS_IS_OK(status)) { + DEBUG(10,(smbd_smb2_getinfo_send: + smbd_do_query_security_desc of %s failed + (%s)\n, fsp_str_dbg(fsp), + nt_errstr(status))); + tevent_req_nterror(req, status); + return tevent_req_post(req, ev); + } + + if (sd_size 0) { + state-out_output_buffer = data_blob_talloc(state, + p_marshalled_sd, + sd_size); + if (tevent_req_nomem(state-out_output_buffer.data, req)) { + return tevent_req_post(req, ev); + } + } can't we use talloc_move here and avoid a memdup? metze signature.asc Description: OpenPGP digital signature
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 1ae9044... s4:gensec Use a different form of 'name' in GSSAPI import_name() via 6be72df... Simple fix to prevent crash for non-pac principals via 8c61477... s4:kerberos Give a better error message than Could not allocate memory from 8219c4f... s4:kcc_periodic.c - fix counter types http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 1ae9044b8e2347a0c8c948a65a22fae6ec1ef385 Author: Andrew Bartlett abart...@samba.org Date: Tue Apr 20 15:00:50 2010 +1000 s4:gensec Use a different form of 'name' in GSSAPI import_name() The idea here is to make it not dependent on the system's default realm. Andrew Bartlett commit 6be72df7362c27c973a63a960d0b87eefa22db15 Author: Marcel Ritter unr...@linux.rrze.uni-erlangen.de Date: Thu Apr 22 14:29:52 2010 +0200 Simple fix to prevent crash for non-pac principals Signed-off-by: Andrew Bartlett abart...@samba.org commit 8c6147715371e88c425ff8530f9bd7f44cd4cafb Author: Andrew Bartlett abart...@samba.org Date: Tue Apr 27 13:57:39 2010 +1000 s4:kerberos Give a better error message than Could not allocate memory Andrew Bartlett --- Summary of changes: source4/auth/credentials/credentials_krb5.c |6 +++--- source4/auth/gensec/gensec_gssapi.c |6 +++--- source4/kdc/pac-glue.c |5 + 3 files changed, 11 insertions(+), 6 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/auth/credentials/credentials_krb5.c b/source4/auth/credentials/credentials_krb5.c index 1e0db3c..d760730 100644 --- a/source4/auth/credentials/credentials_krb5.c +++ b/source4/auth/credentials/credentials_krb5.c @@ -423,7 +423,7 @@ _PUBLIC_ int cli_credentials_get_client_gss_creds(struct cli_credentials *cred, } else { ret = EINVAL; } - (*error_string) = error_message(ENOMEM); + (*error_string) = talloc_asprintf(cred, gss_krb5_import_cred failed: %s, error_message(ret)); return ret; } @@ -455,7 +455,7 @@ _PUBLIC_ int cli_credentials_get_client_gss_creds(struct cli_credentials *cred, } else { ret = EINVAL; } - (*error_string) = error_message(ENOMEM); + (*error_string) = talloc_asprintf(cred, gss_krb5_set_allowable_enctypes failed: %s, error_message(ret)); return ret; } } @@ -471,7 +471,7 @@ _PUBLIC_ int cli_credentials_get_client_gss_creds(struct cli_credentials *cred, } else { ret = EINVAL; } - (*error_string) = error_message(ENOMEM); + (*error_string) = talloc_asprintf(cred, gss_set_cred_option failed: %s, error_message(ret)); return ret; } diff --git a/source4/auth/gensec/gensec_gssapi.c b/source4/auth/gensec/gensec_gssapi.c index fe9aaa3..9e974cb 100644 --- a/source4/auth/gensec/gensec_gssapi.c +++ b/source4/auth/gensec/gensec_gssapi.c @@ -347,11 +347,11 @@ static NTSTATUS gensec_gssapi_client_start(struct gensec_security *gensec_securi if (principal lp_client_use_spnego_principal(gensec_security-settings-lp_ctx)) { name_type = GSS_C_NULL_OID; } else { - principal = talloc_asprintf(gensec_gssapi_state, %...@%s, + principal = talloc_asprintf(gensec_gssapi_state, %s/%...@%s, gensec_get_target_service(gensec_security), - hostname); + hostname, lp_realm(gensec_security-settings-lp_ctx)); - name_type = GSS_C_NT_HOSTBASED_SERVICE; + name_type = GSS_C_NT_USER_NAME; } name_token.value = discard_const_p(uint8_t, principal); name_token.length = strlen(principal); diff --git a/source4/kdc/pac-glue.c b/source4/kdc/pac-glue.c index 97f7416..2a932fa 100644 --- a/source4/kdc/pac-glue.c +++ b/source4/kdc/pac-glue.c @@ -79,6 +79,11 @@ krb5_error_code samba_make_krb5_pac(krb5_context context, krb5_data pac_data; krb5_error_code ret; +/* The user account may be set not to want the PAC */ + if (!pac_blob) { + return 0; + } + ret = krb5_data_copy(pac_data, pac_blob-data, pac_blob-length); if (ret != 0) { return ret; -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via ef13264... s4-provision: setup spn_update_list in provision via b5b8e6b... s4-dns: install samba_spnupdate via ff2edd5... s4-dns: call spn update command alongside dns update via 37dfaff... s4-param: added a spn update command option via fa26383... s4-dsdb: added samba_spnupdate via 570c892... s4-dns: explain what the file is for via 7872efc... s4-dns: cope better with comments in dns_update_list from 1ae9044... s4:gensec Use a different form of 'name' in GSSAPI import_name() http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit ef1326412573777b0a5457c06d130c6455932af7 Author: Andrew Tridgell tri...@samba.org Date: Tue Apr 27 18:38:47 2010 +1000 s4-provision: setup spn_update_list in provision commit b5b8e6b6adc0abcb833c034f8dc33f338dd6b815 Author: Andrew Tridgell tri...@samba.org Date: Tue Apr 27 18:38:25 2010 +1000 s4-dns: install samba_spnupdate commit ff2edd52cba6e99763be5193847900119670ad7e Author: Andrew Tridgell tri...@samba.org Date: Tue Apr 27 18:38:04 2010 +1000 s4-dns: call spn update command alongside dns update call samba_spnupdate at the same time as samba_spnupdate commit 37dfaff82cb554492fb0a3ddc95d3144d0508bc6 Author: Andrew Tridgell tri...@samba.org Date: Tue Apr 27 18:37:12 2010 +1000 s4-param: added a spn update command option used by SPN update code commit fa26383884751c5775ccb65e3fbbf9ec7eeda28c Author: Andrew Tridgell tri...@samba.org Date: Tue Apr 27 18:25:55 2010 +1000 s4-dsdb: added samba_spnupdate this script adds all our required servicePrincipalName entries at runtime. The admin can add more entries to spn_update_list as needed commit 570c89287e3f5e424db65098d5e60c9e37a5b6f3 Author: Andrew Tridgell tri...@samba.org Date: Tue Apr 27 18:25:06 2010 +1000 s4-dns: explain what the file is for commit 7872efcbc0d02ef5ca79abf08f3274463ff3ec26 Author: Andrew Tridgell tri...@samba.org Date: Tue Apr 27 18:24:52 2010 +1000 s4-dns: cope better with comments in dns_update_list --- Summary of changes: source4/dsdb/dns/dns_update.c | 46 + source4/param/loadparm.c|4 + source4/param/param.h |1 + source4/script/installmisc.sh |2 +- source4/scripting/bin/samba_dnsupdate | 11 +-- source4/scripting/bin/samba_spnupdate | 137 +++ source4/scripting/python/samba/provision.py |6 +- source4/scripting/wscript_build |2 +- source4/setup/dns_update_list |2 + source4/setup/spn_update_list | 27 + 10 files changed, 228 insertions(+), 10 deletions(-) create mode 100755 source4/scripting/bin/samba_spnupdate create mode 100644 source4/setup/spn_update_list Changeset truncated at 500 lines: diff --git a/source4/dsdb/dns/dns_update.c b/source4/dsdb/dns/dns_update.c index 1420bb7..7242acf 100644 --- a/source4/dsdb/dns/dns_update.c +++ b/source4/dsdb/dns/dns_update.c @@ -55,6 +55,7 @@ struct dnsupdate_service { uint32_t interval; struct tevent_timer *te; struct tevent_req *subreq; + struct tevent_req *spnreq; NTSTATUS status; } nameupdate; }; @@ -251,12 +252,42 @@ static void dnsupdate_nameupdate_done(struct tevent_req *subreq) } } + +/* + called when spn update script has finished + */ +static void dnsupdate_spnupdate_done(struct tevent_req *subreq) +{ + struct dnsupdate_service *service = tevent_req_callback_data(subreq, + struct dnsupdate_service); + int ret; + int sys_errno; + + service-nameupdate.spnreq = NULL; + + ret = samba_runcmd_recv(subreq, sys_errno); + TALLOC_FREE(subreq); + if (ret != 0) { + service-nameupdate.status = map_nt_error_from_unix(sys_errno); + } else { + service-nameupdate.status = NT_STATUS_OK; + } + + if (!NT_STATUS_IS_OK(service-nameupdate.status)) { + DEBUG(0,(__location__ : Failed SPN update - %s\n, +nt_errstr(service-nameupdate.status))); + } else { + DEBUG(3,(Completed SPN update check OK\n)); + } +} + /* called every 'dnsupdate:name interval' seconds */ static void dnsupdate_check_names(struct dnsupdate_service *service) { const char * const *dns_update_command = lp_dns_update_command(service-task-lp_ctx); + const char * const *spn_update_command = lp_spn_update_command(service-task-lp_ctx); /* kill any existing child */ TALLOC_FREE(service-nameupdate.subreq); @@ -275,6 +306,21 @@ static void
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 3dd50b2... s4-test: make spnupdate work without make install from ef13264... s4-provision: setup spn_update_list in provision http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 3dd50b29228994c8dd5162cb300d234316126586 Author: Andrew Tridgell tri...@samba.org Date: Tue Apr 27 19:45:49 2010 +1000 s4-test: make spnupdate work without make install thanks to metze for noticing this --- Summary of changes: selftest/target/Samba4.pm |1 + 1 files changed, 1 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/selftest/target/Samba4.pm b/selftest/target/Samba4.pm index c5b6d77..5680dd8 100644 --- a/selftest/target/Samba4.pm +++ b/selftest/target/Samba4.pm @@ -586,6 +586,7 @@ sub provision_raw_step1($$) lanman auth = Yes rndc command = true dns update command = $ENV{SRCDIR_ABS}/scripting/bin/samba_dnsupdate --all-interfaces --use-file=$ctx-{dns_host_file} +spn update command = $ENV{SRCDIR_ABS}/scripting/bin/samba_spnupdate resolv:host file = $ctx-{dns_host_file} ; -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via d94c94f... s4:ntvfs: remove socket_address based functions via bb04e90... s4:ntvfs/ipc: pass the already given tsocket_address structures to the named_pipe_auth code via 8fb3292... s4:smb_server: pass tsocket_addresses to the ntvfs layer via c04d809... s4:ntvfs: add tsocket based addresses to ntvfs_context via 7bbaab8... s4:rpc_server: remove 'socket_address' based functions via 32bcc73... s4:rpc_server/srvsvc: pass tsocket_address to the ntvfs layer via 772cf15... s4:rpc_server/spoolss: use tsocket_address in dcesrv_spoolss_check_server_name() via 606025f... s4:rpc_server/netlogon: use tsocket_address in dcesrv_netr_DsRGetDCNameEx2() via c42bb8e... s4:rpc_server: remember the local and remote address via ba703cb... s4:service_named_pipe: use the passed client and server addresses via cf3c595... s4:cldap_server: allow src_address = NULL in fill_netlogon_samlogon_response() via 4d191b6... s4:dsdb/common: if we don't have the ip of the client return the server site as client site via 2436ec2... lib/tsocket: add tsocket_address_is_unix() function via e1596bb... lib/tsocket: add tsocket_address_is_inet() function from 3dd50b2... s4-test: make spnupdate work without make install http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit d94c94fcb94ae0dfd221b5c807ec310f9c0fd8ed Author: Stefan Metzmacher me...@samba.org Date: Mon Apr 26 13:38:00 2010 +0200 s4:ntvfs: remove socket_address based functions metze commit bb04e90259315fd49fe1222b7c8f7fce23f1a2b6 Author: Stefan Metzmacher me...@samba.org Date: Mon Apr 26 13:37:12 2010 +0200 s4:ntvfs/ipc: pass the already given tsocket_address structures to the named_pipe_auth code metze commit 8fb3292c993302b74247d6fa4795b279b131abcf Author: Stefan Metzmacher me...@samba.org Date: Mon Apr 26 13:34:44 2010 +0200 s4:smb_server: pass tsocket_addresses to the ntvfs layer metze commit c04d809ba001ebca17b68eae3a9f7d37454a290c Author: Stefan Metzmacher me...@samba.org Date: Mon Apr 26 13:40:15 2010 +0200 s4:ntvfs: add tsocket based addresses to ntvfs_context metze commit 7bbaab8dffcfe55b5da099840ec200be4d098b69 Author: Stefan Metzmacher me...@samba.org Date: Mon Apr 26 13:39:36 2010 +0200 s4:rpc_server: remove 'socket_address' based functions metze commit 32bcc73cf8b59e2254967d55ebeb2715d4287840 Author: Stefan Metzmacher me...@samba.org Date: Mon Apr 26 13:27:51 2010 +0200 s4:rpc_server/srvsvc: pass tsocket_address to the ntvfs layer metze commit 772cf15eb969591d65598a03fee24a4e559158ea Author: Stefan Metzmacher me...@samba.org Date: Mon Apr 26 13:22:01 2010 +0200 s4:rpc_server/spoolss: use tsocket_address in dcesrv_spoolss_check_server_name() metze commit 606025f11de9e1b9fa7c6d69a6fc346ca984dd93 Author: Stefan Metzmacher me...@samba.org Date: Mon Apr 26 13:18:41 2010 +0200 s4:rpc_server/netlogon: use tsocket_address in dcesrv_netr_DsRGetDCNameEx2() metze commit c42bb8e49c77517729f9b57a81fd07815b5b493a Author: Stefan Metzmacher me...@samba.org Date: Mon Apr 26 13:06:07 2010 +0200 s4:rpc_server: remember the local and remote address metze commit ba703cb8e90070447dda46a3356f6a49b2fee537 Author: Stefan Metzmacher me...@samba.org Date: Mon Apr 26 13:56:06 2010 +0200 s4:service_named_pipe: use the passed client and server addresses This gives the rpc server code the correct client and server ip addresses for ncacn_np. metze commit cf3c595b9c6778ee4dea28176936013bc1f1e876 Author: Stefan Metzmacher me...@samba.org Date: Tue Apr 27 10:22:25 2010 +0200 s4:cldap_server: allow src_address = NULL in fill_netlogon_samlogon_response() If we don't have the client address, we assume it's a local call, maybe ncalrpc. metze commit 4d191b6fa7b96ed56912bf68e6771ffb8e3cfe12 Author: Stefan Metzmacher me...@samba.org Date: Tue Apr 27 10:21:28 2010 +0200 s4:dsdb/common: if we don't have the ip of the client return the server site as client site metze commit 2436ec2928d1aac0e6fd885ca1b9cdecef8bf89a Author: Stefan Metzmacher me...@samba.org Date: Tue Apr 27 10:41:46 2010 +0200 lib/tsocket: add tsocket_address_is_unix() function metze commit e1596bbf27ee636d8ab47e39eda21c64ef49b671 Author: Stefan Metzmacher me...@samba.org Date: Tue Apr 27 10:34:15 2010 +0200 lib/tsocket: add tsocket_address_is_inet() function metze --- Summary of changes: lib/tsocket/tsocket.h | 29 + lib/tsocket/tsocket_bsd.c | 54 + source4/cldap_server/netlogon.c
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 1cd4f50... s4-torture: not all platforms have defines like AF_AX25 from d94c94f... s4:ntvfs: remove socket_address based functions http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 1cd4f50079290e20bbe6be21d71ea654b6afb032 Author: Andrew Tridgell tri...@samba.org Date: Tue Apr 27 21:56:51 2010 +1000 s4-torture: not all platforms have defines like AF_AX25 all we need are invalid values here, so just use fixd high values. --- Summary of changes: source4/torture/rpc/netlogon.c | 12 ++-- 1 files changed, 6 insertions(+), 6 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/torture/rpc/netlogon.c b/source4/torture/rpc/netlogon.c index 9b8f9b7..1fc902b 100644 --- a/source4/torture/rpc/netlogon.c +++ b/source4/torture/rpc/netlogon.c @@ -2479,11 +2479,11 @@ static bool test_netr_DsRAddressToSitenamesW(struct torture_context *tctx, addrs[2].buffer[0] = AF_UNIX; addrs[3].size = 10; - addrs[3].buffer[0] = AF_FILE; + addrs[3].buffer[0] = 250; addrs[4].size = 10; - addrs[4].buffer[0] = AF_AX25; + addrs[4].buffer[0] = 251; addrs[5].size = 10; - addrs[5].buffer[0] = AF_IPX; + addrs[5].buffer[0] = 252; status = dcerpc_netr_DsRAddressToSitenamesW_r(b, tctx, r); torture_assert_ntstatus_ok(tctx, status, failed); @@ -2632,11 +2632,11 @@ static bool test_netr_DsRAddressToSitenamesExW(struct torture_context *tctx, addrs[2].buffer[0] = AF_UNIX; addrs[3].size = 10; - addrs[3].buffer[0] = AF_FILE; + addrs[3].buffer[0] = 250; addrs[4].size = 10; - addrs[4].buffer[0] = AF_AX25; + addrs[4].buffer[0] = 251; addrs[5].size = 10; - addrs[5].buffer[0] = AF_IPX; + addrs[5].buffer[0] = 252; status = dcerpc_netr_DsRAddressToSitenamesExW_r(b, tctx, r); torture_assert_ntstatus_ok(tctx, status, failed); -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 7c4d9fa... s4:ntvfs/ipc: remote // debug comments from 1cd4f50... s4-torture: not all platforms have defines like AF_AX25 http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 7c4d9fa0e9f45ddf789fe6c90227d8a67273d9d9 Author: Stefan Metzmacher me...@samba.org Date: Tue Apr 27 15:06:33 2010 +0200 s4:ntvfs/ipc: remote // debug comments metze --- Summary of changes: source4/ntvfs/ipc/vfs_ipc.c |5 - 1 files changed, 0 insertions(+), 5 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/ntvfs/ipc/vfs_ipc.c b/source4/ntvfs/ipc/vfs_ipc.c index 2d40d1f..8c9e8e9 100644 --- a/source4/ntvfs/ipc/vfs_ipc.c +++ b/source4/ntvfs/ipc/vfs_ipc.c @@ -504,7 +504,6 @@ static void ipc_readv_next_vector_init(struct ipc_readv_next_vector_state *s, s-buf = buf; s-len = MIN(len, UINT16_MAX); - //DEBUG(0,(readv_next_vector_init[%u 0x%04X]\n, s-len, s-len)); } static int ipc_readv_next_vector(struct tstream_context *stream, @@ -522,8 +521,6 @@ static int ipc_readv_next_vector(struct tstream_context *stream, if (state-ofs == state-len) { *_vector = NULL; *count = 0; -// DEBUG(0,(readv_next_vector done ofs[%u 0x%04X]\n, -// state-ofs, state-ofs)); return 0; } @@ -536,8 +533,6 @@ static int ipc_readv_next_vector(struct tstream_context *stream, /* return a short read */ *_vector = NULL; *count = 0; -// DEBUG(0,(readv_next_vector short read ofs[%u 0x%04X]\n, -// state-ofs, state-ofs)); return 0; } -- Samba Shared Repository
svn commit: samba-web r1418 - in trunk/support: .
Author: jht Date: 2010-04-27 07:25:53 -0600 (Tue, 27 Apr 2010) New Revision: 1418 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=samba-webrev=1418 Log: Added itsystems at request of hansjoerg.mau...@itsd.de Modified: trunk/support/germany.html Changeset: Modified: trunk/support/germany.html === --- trunk/support/germany.html 2010-04-08 11:50:48 UTC (rev 1417) +++ trunk/support/germany.html 2010-04-27 13:25:53 UTC (rev 1418) @@ -4,7 +4,35 @@ !--#include virtual=header_support.html -- h2 align=centerCommercial Support - Germany/h2 +!-- Added JHT 20100427 -- +hr / +h3itsystems Deutschland AG/h3 +presmall +itsystems Deutschland AG +Linprunstraße 10 +80335 München +Germany +a href=http://www.itsd.de;http://www.itsd.de/a +Tel: +49-89-52 04 68-40 +a hred=mailto:in...@itsd.de;i...@itsd.de/a +Dr. Hansjörg Maurer +/small/pre +p +Die itsystems Deutschland AG in München ist ein auf Linux Louml;sungen spezialisiertes IT Systemhaus in München. +/pp +Wir bieten unseren Kunden Produkte und Dienstleistungen in den Bereichen File- und Printservice (Samba, Samba+Cups), Groupware (Scalix), Backup (Bacula und TSM), IT-Sicherheit (u.a. Endian) und Telephonie (asterisk, Starface). +/pp +Unser Schwerpunkt liegt auf der nahtlosen Integration von Windows Arbeitsplauml;tzen (PC oder Terminalserver) und Linux-basierten Serverlouml;sungen. Wir planen und realisieren Migrationsprojekte sowohl von einer Windows-Domauml;ne hin zu Samba + Openldap als auch von Exchange zu Scalix. +/pp +Auf Wunsch implementieren wir unsere Produkte auch in hochverfügbarer Form (clustered Samba, Clusterdateisystem GPFS, DRBD und LInux-HA). +/pp +Unsere Zielgruppe sind kleine und mittelständische Unternehmen in Muuml;nchen und Bayern, die im Serverbereich auf leistungsfauml;hige, sichere, flexible und kostenguuml;nstige Louml;sungen setzen. Wir begleiten und unterstuuml;tzen sie außerdem mit individuellem, auf ihre Beduuml;rfnisse zugeschnittenen Service: Unsere Servicemodelle reichen von Full Service inklusive Monitoring uuml;ber individuelle Servicemodule bis hin zu Service on Demand zu definierten Reaktionszeiten. +/pp +Neben der professionellen Umsetzung Ihrer geplanten IT-Projekte liegt uns vor allem der Aufbau einer langfristigen vertrauensvollen Kundenbeziehung am Herzen, in der Sie sich optimal betreut fuuml;hlen. +/p + + !-- Added JHT 20100222 -- hr / h3science + computing ag/h3
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 54abb07... s4:smb_server: use tsocket_address_string() to display the client address via 8fce492... s4:smb_server: remove unused socket_address functions from 7c4d9fa... s4:ntvfs/ipc: remote // debug comments http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 54abb0724b5577eb7a9a132f647649dc30931b18 Author: Stefan Metzmacher me...@samba.org Date: Tue Apr 27 15:45:12 2010 +0200 s4:smb_server: use tsocket_address_string() to display the client address metze commit 8fce492ffc0f276d433825ebc1ec4c7ad4c33cfa Author: Stefan Metzmacher me...@samba.org Date: Tue Apr 27 15:44:40 2010 +0200 s4:smb_server: remove unused socket_address functions metze --- Summary of changes: source4/smb_server/tcon.c | 24 +--- 1 files changed, 5 insertions(+), 19 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/smb_server/tcon.c b/source4/smb_server/tcon.c index f8243a0..34c303c 100644 --- a/source4/smb_server/tcon.c +++ b/source4/smb_server/tcon.c @@ -22,24 +22,9 @@ #include includes.h #include smb_server/smb_server.h #include smbd/service_stream.h +#include lib/tsocket/tsocket.h #include ntvfs/ntvfs.h -struct socket_address *smbsrv_get_my_addr(void *p, TALLOC_CTX *mem_ctx) -{ - struct smbsrv_connection *smb_conn = talloc_get_type(p, -struct smbsrv_connection); - - return socket_get_my_addr(smb_conn-connection-socket, mem_ctx); -} - -struct socket_address *smbsrv_get_peer_addr(void *p, TALLOC_CTX *mem_ctx) -{ - struct smbsrv_connection *smb_conn = talloc_get_type(p, -struct smbsrv_connection); - - return socket_get_peer_addr(smb_conn-connection-socket, mem_ctx); -} - / init the tcon structures / @@ -112,11 +97,12 @@ struct smbsrv_tcon *smbsrv_smb2_tcon_find(struct smbsrv_session *smb_sess, static int smbsrv_tcon_destructor(struct smbsrv_tcon *tcon) { struct smbsrv_tcons_context *tcons_ctx; - struct socket_address *client_addr; + struct tsocket_address *client_addr; + + client_addr = tcon-smb_conn-connection-remote_address; - client_addr = socket_get_peer_addr(tcon-smb_conn-connection-socket, tcon); DEBUG(3,(%s closed connection to service %s\n, -client_addr ? client_addr-addr : (unknown), +tsocket_address_string(client_addr, tcon), tcon-share_name)); /* tell the ntvfs backend that we are disconnecting */ -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 7f25723... s4:wrepl_server: use tsocket_address functions to get the peer ip via 9dd4419... s4:smb_server: use tsocket_address_string() for debugging the client address from 54abb07... s4:smb_server: use tsocket_address_string() to display the client address http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 7f25723cf504b3cdc0db68ff4125539baa486975 Author: Stefan Metzmacher me...@samba.org Date: Tue Apr 27 16:17:28 2010 +0200 s4:wrepl_server: use tsocket_address functions to get the peer ip metze commit 9dd4419ebe12d8a4eb467cf26640de5575e04e83 Author: Stefan Metzmacher me...@samba.org Date: Tue Apr 27 16:05:08 2010 +0200 s4:smb_server: use tsocket_address_string() for debugging the client address metze --- Summary of changes: source4/smb_server/management.c| 17 + source4/wrepl_server/wrepl_in_connection.c | 19 +++ 2 files changed, 24 insertions(+), 12 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/smb_server/management.c b/source4/smb_server/management.c index e58c278..b8e42ae 100644 --- a/source4/smb_server/management.c +++ b/source4/smb_server/management.c @@ -25,6 +25,7 @@ #include lib/messaging/irpc.h #include librpc/gen_ndr/ndr_irpc.h #include auth/auth.h +#include lib/tsocket/tsocket.h /* return a list of open sessions @@ -34,9 +35,15 @@ static NTSTATUS smbsrv_session_information(struct irpc_message *msg, { struct smbsrv_connection *smb_conn = talloc_get_type(msg-private_data, struct smbsrv_connection); + struct tsocket_address *client_addr = smb_conn-connection-remote_address; + char *client_addr_string; int i=0, count=0; struct smbsrv_session *sess; + /* This is for debugging only! */ + client_addr_string = tsocket_address_string(client_addr, r); + NT_STATUS_HAVE_NO_MEMORY(client_addr_string); + /* count the number of sessions */ for (sess=smb_conn-sessions.list; sess; sess=sess-next) { count++; @@ -48,14 +55,8 @@ static NTSTATUS smbsrv_session_information(struct irpc_message *msg, for (sess=smb_conn-sessions.list; sess; sess=sess-next) { struct smbsrv_session_info *info = r-out.info.sessions.sessions[i]; - struct socket_address *client_addr; - client_addr = socket_get_peer_addr(smb_conn-connection-socket, r); - - if (client_addr) { - info-client_ip = client_addr-addr; - } else { - info-client_ip = NULL; - } + + info-client_ip= client_addr_string; info-vuid = sess-vuid; info-account_name = sess-session_info-server_info-account_name; diff --git a/source4/wrepl_server/wrepl_in_connection.c b/source4/wrepl_server/wrepl_in_connection.c index ff0bb6c..09fb325 100644 --- a/source4/wrepl_server/wrepl_in_connection.c +++ b/source4/wrepl_server/wrepl_in_connection.c @@ -103,7 +103,8 @@ static void wreplsrv_accept(struct stream_connection *conn) { struct wreplsrv_service *service = talloc_get_type(conn-private_data, struct wreplsrv_service); struct wreplsrv_in_connection *wrepl_conn; - struct socket_address *peer_ip; + struct tsocket_address *peer_addr; + char *peer_ip; struct tevent_req *subreq; int rc, fd; @@ -151,14 +152,24 @@ static void wreplsrv_accept(struct stream_connection *conn) wrepl_conn-conn = conn; wrepl_conn-service = service; - peer_ip = socket_get_peer_addr(conn-socket, wrepl_conn); + peer_addr = conn-remote_address; + + if (!tsocket_address_is_inet(peer_addr, ipv4)) { + DEBUG(0,(wreplsrv_accept: non ipv4 peer addr '%s'\n, + tsocket_address_string(peer_addr, wrepl_conn))); + wreplsrv_terminate_in_connection(wrepl_conn, wreplsrv_accept: + invalid peer IP); + return; + } + + peer_ip = tsocket_address_inet_addr_string(peer_addr, wrepl_conn); if (peer_ip == NULL) { wreplsrv_terminate_in_connection(wrepl_conn, wreplsrv_accept: - could not obtain peer IP from kernel); + could not convert peer IP into a string); return; } - wrepl_conn-partner = wreplsrv_find_partner(service, peer_ip-addr); + wrepl_conn-partner = wreplsrv_find_partner(service, peer_ip); irpc_add_name(conn-msg_ctx, wreplsrv_connection); /* -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 91bb489... s4-netlogon: fixed getDcNameEx2 for blank inputs from 7f25723... s4:wrepl_server: use tsocket_address functions to get the peer ip http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 91bb4893c486275602242b67c810f02adb7ce9ba Author: Andrew Tridgell tri...@samba.org Date: Tue Apr 27 23:39:57 2010 +1000 s4-netlogon: fixed getDcNameEx2 for blank inputs w2k8r2 returns the local DC information on no inputs for getDcNameEx2. This is needed for starting dsa.msc (ADUC) on Win7. CDLAP on the same call returns an error. This uses a parameter fill_on_blank_request to distinguish the two cases. --- Summary of changes: source4/cldap_server/cldap_server.h |3 ++- source4/cldap_server/netlogon.c | 25 + source4/nbt_server/dgram/netlogon.c |2 +- source4/rpc_server/netlogon/dcerpc_netlogon.c |2 +- source4/torture/rpc/netlogon.c|9 + 5 files changed, 34 insertions(+), 7 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/cldap_server/cldap_server.h b/source4/cldap_server/cldap_server.h index 2eaf594..e40a1bd 100644 --- a/source4/cldap_server/cldap_server.h +++ b/source4/cldap_server/cldap_server.h @@ -43,6 +43,7 @@ NTSTATUS fill_netlogon_samlogon_response(struct ldb_context *sam_ctx, const char *src_address, uint32_t version, struct loadparm_context *lp_ctx, - struct netlogon_samlogon_response *netlogon); + struct netlogon_samlogon_response *netlogon, +bool fill_on_blank_request); #include cldap_server/proto.h diff --git a/source4/cldap_server/netlogon.c b/source4/cldap_server/netlogon.c index e24f1b3..06c61ac 100644 --- a/source4/cldap_server/netlogon.c +++ b/source4/cldap_server/netlogon.c @@ -51,7 +51,8 @@ NTSTATUS fill_netlogon_samlogon_response(struct ldb_context *sam_ctx, const char *src_address, uint32_t version, struct loadparm_context *lp_ctx, -struct netlogon_samlogon_response *netlogon) +struct netlogon_samlogon_response *netlogon, +bool fill_on_blank_request) { const char *dom_attrs[] = {objectGUID, NULL}; const char *none_attrs[] = {NULL}; @@ -170,8 +171,24 @@ NTSTATUS fill_netlogon_samlogon_response(struct ldb_context *sam_ctx, } } - if (dom_res == NULL) { - DEBUG(2,(Unable to get domain informations if no parameter of the list [long domainname, short domainname, GUID, SID] was specified!\n)); + if (dom_res == NULL fill_on_blank_request) { + /* blank inputs gives our domain - tested against + w2k8r2. Without this ADUC on Win7 won't start */ + domain_dn = ldb_get_default_basedn(sam_ctx); + ret = ldb_search(sam_ctx, mem_ctx, dom_res, +domain_dn, LDB_SCOPE_BASE, dom_attrs, +objectClass=domain); + if (ret != LDB_SUCCESS) { + DEBUG(2,(Error finding domain '%s'/'%s' in sam: %s\n, +lp_dnsdomain(lp_ctx), +ldb_dn_get_linearized(domain_dn), +ldb_errstring(sam_ctx))); + return NT_STATUS_NO_SUCH_DOMAIN; + } + } + +if (dom_res == NULL) { + DEBUG(2,(__location__ : Unable to get domain informations with no inputs\n)); return NT_STATUS_NO_SUCH_DOMAIN; } @@ -437,7 +454,7 @@ void cldapd_netlogon_request(struct cldap_socket *cldap, status = fill_netlogon_samlogon_response(cldapd-samctx, tmp_ctx, domain, NULL, NULL, domain_guid, user, acct_control, tsocket_address_inet_addr_string(src, tmp_ctx), -version, cldapd-task-lp_ctx, netlogon); +version, cldapd-task-lp_ctx, netlogon, false); if (!NT_STATUS_IS_OK(status)) { goto failed; } diff --git a/source4/nbt_server/dgram/netlogon.c b/source4/nbt_server/dgram/netlogon.c index 8fec15a..c9d864c 100644 --- a/source4/nbt_server/dgram/netlogon.c +++
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via a2b8e28... s4-smbtorture: upload the full cups driver, otherwise windows will not allow using it. via f44cec7... s4-smbtorture: only compare level 3 for s3 when checking winreg and spoolss_Driver. via a0fd53e... s4-smbtorture: mention architecture of added drivers in debug output. via b40d281... s4-smbtorture: make sure to not attempt to remove a driver file twice. via ad80131... s4-smbtorture: setup all members of level 3,4,6,8 driver add. via fc3e959... s4-smbtorture: use a torture_printer_context and upload own driver for RPC-SPOOLSS-PRINTER test. via 12cf6dc... s4-smbtorture: split RPC-SPOOLSS-PRINTER into more tests. via b062cac... s4-smbtorture: finally test REG_MULTI_SZ in winreg/driverinfo consistency tests. via 6864828... s3: use shared registry functions. via a833be0... s4: use shared registry functions. via ee1b8e5... registry: add some shared registry helper functions. via c2c5672... s4-smbtorture: remove some typecasts in rap tests. from 91bb489... s4-netlogon: fixed getDcNameEx2 for blank inputs http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit a2b8e28aef1799cac45809bfe38c9b0980aef68f Author: Günther Deschner g...@samba.org Date: Tue Apr 27 15:56:09 2010 +0200 s4-smbtorture: upload the full cups driver, otherwise windows will not allow using it. Guenther commit f44cec7b60f3b6449fe2844a1600438b7b13682c Author: Günther Deschner g...@samba.org Date: Tue Apr 27 15:48:03 2010 +0200 s4-smbtorture: only compare level 3 for s3 when checking winreg and spoolss_Driver. Guenther commit a0fd53e388466c4866f96d2ca728eec28181e42f Author: Günther Deschner g...@samba.org Date: Tue Apr 27 14:13:12 2010 +0200 s4-smbtorture: mention architecture of added drivers in debug output. Guenther commit b40d2815cd3495b66ed2b469e3495baf1a7a6256 Author: Günther Deschner g...@samba.org Date: Tue Apr 27 15:48:52 2010 +0200 s4-smbtorture: make sure to not attempt to remove a driver file twice. Guenther commit ad80131bb176b17fda15e9a76f3934913829a0bb Author: Günther Deschner g...@samba.org Date: Tue Apr 27 13:15:04 2010 +0200 s4-smbtorture: setup all members of level 3,4,6,8 driver add. Guenther commit fc3e9595060db116cd6661baa311ba6fe992162a Author: Günther Deschner g...@samba.org Date: Tue Apr 27 11:30:35 2010 +0200 s4-smbtorture: use a torture_printer_context and upload own driver for RPC-SPOOLSS-PRINTER test. Guenther commit 12cf6dc8ee649e5888dd7210bd279931fa2ff4e0 Author: Günther Deschner g...@samba.org Date: Tue Apr 27 10:38:36 2010 +0200 s4-smbtorture: split RPC-SPOOLSS-PRINTER into more tests. Guenther commit b062cac6c4b15569ae42dc7e4fea9ee709fce337 Author: Günther Deschner g...@samba.org Date: Mon Apr 26 23:35:19 2010 +0200 s4-smbtorture: finally test REG_MULTI_SZ in winreg/driverinfo consistency tests. Guenther commit 6864828d9d85dacff0ca9df73761a98d2ceb9f2e Author: Günther Deschner g...@samba.org Date: Tue Apr 27 16:38:40 2010 +0200 s3: use shared registry functions. Guenther commit a833be0c4e44135e4f45b3d460586762da04cf32 Author: Günther Deschner g...@samba.org Date: Tue Apr 27 16:37:56 2010 +0200 s4: use shared registry functions. Guenther commit ee1b8e5edeecd5a6a3526e88265a5ad28522a45d Author: Günther Deschner g...@samba.org Date: Tue Apr 27 16:37:06 2010 +0200 registry: add some shared registry helper functions. Guenther commit c2c56722b5588206fefaa0fdfa1ea9a8b557750d Author: Günther Deschner g...@samba.org Date: Mon Apr 26 23:21:07 2010 +0200 s4-smbtorture: remove some typecasts in rap tests. Guenther --- Summary of changes: {source3/lib = libcli/registry}/util_reg.c | 98 +++--- source3/Makefile.in |2 +- source3/include/proto.h |4 +- source3/libgpo/gpo_reg.c|4 +- source3/utils/net_registry.c|2 +- source3/utils/net_registry_util.c |2 +- source3/utils/net_rpc_registry.c|2 +- source4/lib/registry/config.mk |3 +- source4/lib/registry/registry.h |9 + source4/lib/registry/util.c | 48 +--- source4/lib/registry/wscript_build |2 +- source4/torture/rap/rap.c | 14 +- source4/torture/rpc/spoolss.c | 476 --- 13 files changed, 427 insertions(+), 239 deletions(-) rename {source3/lib = libcli/registry}/util_reg.c (71%) Changeset truncated at 500 lines: diff --git a/source3/lib/util_reg.c b/libcli/registry/util_reg.c similarity index 71% rename
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 7ca576e... s4:rpc_server: remove unused socket_address based functions via 9a1a001... s4:web_server: use tsocket_address functions to get the local ip and port via 41d9707... s4:smb_server: use tsocket_address_string() for debugging the client address via b778251... s4:wrepl_server: use tsocket_address functions to get the peer ip via 0a70788... s4:lib/registry: fix the waf build from a2b8e28... s4-smbtorture: upload the full cups driver, otherwise windows will not allow using it. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 7ca576e5c4a0da616c2a6738859c9c989f76202e Author: Stefan Metzmacher me...@samba.org Date: Tue Apr 27 16:49:00 2010 +0200 s4:rpc_server: remove unused socket_address based functions metze commit 9a1a00199c2603376eacfdba7e7d0d55bc64f405 Author: Stefan Metzmacher me...@samba.org Date: Tue Apr 27 16:36:26 2010 +0200 s4:web_server: use tsocket_address functions to get the local ip and port metze commit 41d970718a105a1321cf80bc1004b51b7af7cc69 Author: Stefan Metzmacher me...@samba.org Date: Tue Apr 27 16:05:08 2010 +0200 s4:smb_server: use tsocket_address_string() for debugging the client address metze commit b7782514b91b365ec07426d4adfc8f59c53c372e Author: Stefan Metzmacher me...@samba.org Date: Tue Apr 27 16:17:28 2010 +0200 s4:wrepl_server: use tsocket_address functions to get the peer ip metze commit 0a70788e190ca00cab27c67000abf77617141b5e Author: Stefan Metzmacher me...@samba.org Date: Tue Apr 27 17:04:32 2010 +0200 s4:lib/registry: fix the waf build The pass to a source file is relative to the wscript* file. metze --- Summary of changes: source4/lib/registry/wscript_build |2 +- source4/rpc_server/service_rpc.c | 18 -- source4/smb_server/management.c | 16 source4/web_server/wsgi.c| 16 +++- source4/wrepl_server/wrepl_in_call.c | 21 - 5 files changed, 36 insertions(+), 37 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/lib/registry/wscript_build b/source4/lib/registry/wscript_build index 2e07757..185685c 100644 --- a/source4/lib/registry/wscript_build +++ b/source4/lib/registry/wscript_build @@ -11,7 +11,7 @@ bld.SAMBA_SUBSYSTEM('TDR_REGF', bld.SAMBA_LIBRARY('registry', - source='interface.c ../libcli/registry/util_reg.c util.c samba.c patchfile_dotreg.c patchfile_preg.c patchfile.c regf.c hive.c local.c ldb.c dir.c rpc.c', + source='interface.c ../../../libcli/registry/util_reg.c util.c samba.c patchfile_dotreg.c patchfile_preg.c patchfile.c regf.c hive.c local.c ldb.c dir.c rpc.c', pc_files='registry.pc', public_deps='LIBSAMBA-UTIL CHARSET TDR_REGF ldb RPC_NDR_WINREG LDB_WRAP', public_headers='registry.h', diff --git a/source4/rpc_server/service_rpc.c b/source4/rpc_server/service_rpc.c index 906b02d..6f4df00 100644 --- a/source4/rpc_server/service_rpc.c +++ b/source4/rpc_server/service_rpc.c @@ -133,24 +133,6 @@ static void dcesrv_sock_reply_done(struct tevent_req *subreq) } } -static struct socket_address *dcesrv_sock_get_my_addr(struct dcesrv_connection *dcesrv_conn, TALLOC_CTX *mem_ctx) -{ - struct stream_connection *srv_conn; - srv_conn = talloc_get_type(dcesrv_conn-transport.private_data, - struct stream_connection); - - return socket_get_my_addr(srv_conn-socket, mem_ctx); -} - -static struct socket_address *dcesrv_sock_get_peer_addr(struct dcesrv_connection *dcesrv_conn, TALLOC_CTX *mem_ctx) -{ - struct stream_connection *srv_conn; - srv_conn = talloc_get_type(dcesrv_conn-transport.private_data, - struct stream_connection); - - return socket_get_peer_addr(srv_conn-socket, mem_ctx); -} - struct dcerpc_read_ncacn_packet_state { struct { struct smb_iconv_convenience *smb_iconv_c; diff --git a/source4/smb_server/management.c b/source4/smb_server/management.c index b8e42ae..0537359 100644 --- a/source4/smb_server/management.c +++ b/source4/smb_server/management.c @@ -79,9 +79,15 @@ static NTSTATUS smbsrv_tcon_information(struct irpc_message *msg, { struct smbsrv_connection *smb_conn = talloc_get_type(msg-private_data, struct smbsrv_connection); + struct tsocket_address *client_addr = smb_conn-connection-remote_address; + char *client_addr_string; int i=0, count=0; struct smbsrv_tcon *tcon; + /* This is for debugging only! */ + client_addr_string = tsocket_address_string(client_addr, r); +
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 8f74d38... s3/packaging: make rpm build work by overriding strict linker flags from 7ca576e... s4:rpc_server: remove unused socket_address based functions http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 8f74d38c3a4a853f608fed0bed1b55915d01555a Author: Björn Jacke b...@sernet.de Date: Tue Apr 27 17:06:55 2010 +0200 s3/packaging: make rpm build work by overriding strict linker flags --- Summary of changes: packaging/RHEL/samba.spec.tmpl |3 +++ 1 files changed, 3 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/packaging/RHEL/samba.spec.tmpl b/packaging/RHEL/samba.spec.tmpl index 4d27b1a..ab10f23 100644 --- a/packaging/RHEL/samba.spec.tmpl +++ b/packaging/RHEL/samba.spec.tmpl @@ -131,6 +131,9 @@ fi ## always run autogen.sh ./autogen.sh +## ignore insufficiently linked libreadline (RH bugzilla #499837): +export LDFLAGS=$LDFLAGS -Wl,--allow-shlib-undefined,--no-as-needed + CC=$CC CFLAGS=$RPM_OPT_FLAGS $EXTRA -D_GNU_SOURCE ./configure \ --prefix=%{_prefix} \ --localstatedir=/var \ -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via b764145... s3:smbd: keep local and remote tsocket_address per connection from 8f74d38... s3/packaging: make rpm build work by overriding strict linker flags http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit b764145ac8523f6e44d22adfef1bcd6cecbbed48 Author: Stefan Metzmacher me...@samba.org Date: Tue Apr 27 13:36:21 2010 +0200 s3:smbd: keep local and remote tsocket_address per connection metze --- Summary of changes: source3/smbd/globals.h |2 + source3/smbd/process.c | 72 ++-- 2 files changed, 65 insertions(+), 9 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/smbd/globals.h b/source3/smbd/globals.h index aa0018f..6c780eb 100644 --- a/source3/smbd/globals.h +++ b/source3/smbd/globals.h @@ -462,6 +462,8 @@ struct smbd_smb2_tcon { struct pending_auth_data; struct smbd_server_connection { + const struct tsocket_address *local_address; + const struct tsocket_address *remote_address; struct { bool got_session; } nbt; diff --git a/source3/smbd/process.c b/source3/smbd/process.c index bbfa052..1ba1db5 100644 --- a/source3/smbd/process.c +++ b/source3/smbd/process.c @@ -2835,7 +2835,13 @@ fail: void smbd_process(void) { TALLOC_CTX *frame = talloc_stackframe(); - char remaddr[INET6_ADDRSTRLEN]; + struct sockaddr_storage ss; + struct sockaddr *sa = NULL; + socklen_t sa_len; + struct tsocket_address *local_address = NULL; + struct tsocket_address *remote_address = NULL; + const char *remaddr = NULL; + int ret; if (lp_maxprotocol() == PROTOCOL_SMB2 lp_security() != SEC_SHARE @@ -2849,12 +2855,57 @@ void smbd_process(void) set_socket_options(smbd_server_fd(),SO_KEEPALIVE); set_socket_options(smbd_server_fd(), lp_socket_options()); + sa = (struct sockaddr *)(void *)ss; + sa_len = sizeof(ss); + ret = getpeername(smbd_server_fd(), sa, sa_len); + if (ret != 0) { + int level = (errno == ENOTCONN)?2:0; + DEBUG(level,(getpeername() failed - %s\n, strerror(errno))); + exit_server(getpeername() failed.\n); + } + ret = tsocket_address_bsd_from_sockaddr(smbd_server_conn, + sa, sa_len, + remote_address); + if (ret != 0) { + DEBUG(0,(%s: tsocket_address_bsd_from_sockaddr remote failed - %s\n, + __location__, strerror(errno))); + exit_server(tsocket_address_bsd_from_sockaddr remote failed.\n); + } + + sa = (struct sockaddr *)(void *)ss; + sa_len = sizeof(ss); + ret = getsockname(smbd_server_fd(), sa, sa_len); + if (ret != 0) { + int level = (errno == ENOTCONN)?2:0; + DEBUG(level,(getsockname() failed - %s\n, strerror(errno))); + exit_server(getsockname() failed.\n); + } + ret = tsocket_address_bsd_from_sockaddr(smbd_server_conn, + sa, sa_len, + local_address); + if (ret != 0) { + DEBUG(0,(%s: tsocket_address_bsd_from_sockaddr remote failed - %s\n, + __location__, strerror(errno))); + exit_server(tsocket_address_bsd_from_sockaddr remote failed.\n); + } + + smbd_server_conn-local_address = local_address; + smbd_server_conn-remote_address = remote_address; + + if (tsocket_address_is_inet(remote_address, ip)) { + remaddr = tsocket_address_inet_addr_string( + smbd_server_conn-remote_address, + talloc_tos()); + if (remaddr == NULL) { + + } + } else { + remaddr = 0.0.0.0; + } + /* this is needed so that we get decent entries in smbstatus for port 445 connects */ - set_remote_machine_name(get_peer_addr(smbd_server_fd(), - remaddr, - sizeof(remaddr)), - false); + set_remote_machine_name(remaddr, false); reload_services(true); /* @@ -2866,20 +2917,23 @@ void smbd_process(void) if (!check_access(smbd_server_fd(), lp_hostsallow(-1), lp_hostsdeny(-1))) { - char addr[INET6_ADDRSTRLEN]; - /* * send a negative session response not listening on calling * name */ unsigned char buf[5] = {0x83,
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 03a9ac4... s3-spoolss: fix some uninitialized variables. from b764145... s3:smbd: keep local and remote tsocket_address per connection http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 03a9ac4e2bb28620c773104f4b3dd23798b7146c Author: Günther Deschner g...@samba.org Date: Tue Apr 27 17:55:55 2010 +0200 s3-spoolss: fix some uninitialized variables. Guenther --- Summary of changes: source3/rpc_server/srv_spoolss_util.c |4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/rpc_server/srv_spoolss_util.c b/source3/rpc_server/srv_spoolss_util.c index 1035b20..a0dc128 100644 --- a/source3/rpc_server/srv_spoolss_util.c +++ b/source3/rpc_server/srv_spoolss_util.c @@ -1368,7 +1368,7 @@ WERROR winreg_create_printer(TALLOC_CTX *mem_ctx, struct rpc_pipe_client *winreg_pipe = NULL; struct policy_handle hive_hnd, key_hnd; struct spoolss_SetPrinterInfo2 *info2; - struct spoolss_DeviceMode *devmode; + struct spoolss_DeviceMode *devmode = NULL; struct security_descriptor *secdesc; struct winreg_String wkey, wkeyclass; const char *path; @@ -3324,7 +3324,7 @@ WERROR winreg_add_driver(TALLOC_CTX *mem_ctx, struct rpc_pipe_client *winreg_pipe = NULL; struct policy_handle hive_hnd, key_hnd; struct spoolss_DriverInfo8 info8; - TALLOC_CTX *tmp_ctx; + TALLOC_CTX *tmp_ctx = NULL; WERROR result; ZERO_STRUCT(hive_hnd); -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 158d41b... s4-smbtorture: make sure to zero the add driver info 8 struct before adding drivers. via 7532640... s3-spoolss: publish Monitor in winreg for drivers. via 70ec7e0... s3-spoolss: fix winreg attribute for storing datatype. from 03a9ac4... s3-spoolss: fix some uninitialized variables. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 158d41b6b4264e7ece93cf77a15e70ccbf8673b8 Author: Günther Deschner g...@samba.org Date: Tue Apr 27 17:52:47 2010 +0200 s4-smbtorture: make sure to zero the add driver info 8 struct before adding drivers. Guenther commit 7532640a74bbdd3c815e29732785350e9622925e Author: Günther Deschner g...@samba.org Date: Tue Apr 27 17:32:34 2010 +0200 s3-spoolss: publish Monitor in winreg for drivers. Found by torture test. Guenther commit 70ec7e07001d0308cb3902b13378a1ef61b2acb9 Author: Günther Deschner g...@samba.org Date: Tue Apr 27 16:48:29 2010 +0200 s3-spoolss: fix winreg attribute for storing datatype. Found by torture test (and checked with w2k, w2k3 and w2k8). Guenther --- Summary of changes: source3/registry/reg_backend_printing.c |3 ++- source4/torture/rpc/spoolss.c |2 ++ 2 files changed, 4 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/registry/reg_backend_printing.c b/source3/registry/reg_backend_printing.c index 7383ce6..e90c708 100644 --- a/source3/registry/reg_backend_printing.c +++ b/source3/registry/reg_backend_printing.c @@ -905,7 +905,8 @@ static void fill_in_driver_values(const struct spoolss_DriverInfo8 *r, filename = dos_basename(r-help_file); regval_ctr_addvalue_sz(values, Help File, filename); - regval_ctr_addvalue_sz(values, Data Type, r-default_datatype); + regval_ctr_addvalue_sz(values, Datatype, r-default_datatype); + regval_ctr_addvalue_sz(values, Monitor, r-monitor_name); regval_ctr_addvalue( values, Version, REG_DWORD, (char*)r-version, sizeof(r-version) ); diff --git a/source4/torture/rpc/spoolss.c b/source4/torture/rpc/spoolss.c index a0adff3..7d0038e 100644 --- a/source4/torture/rpc/spoolss.c +++ b/source4/torture/rpc/spoolss.c @@ -7547,6 +7547,8 @@ static bool test_add_driver_arg(struct torture_context *tctx, uint32_t add_flags = APD_COPY_NEW_FILES; uint32_t delete_flags = 0; + ZERO_STRUCT(info8); + torture_comment(tctx, Testing PrinterDriver%s '%s' for environment '%s'\n, d-ex ? Ex : , d-info8.driver_name, d-local.environment); -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 8f8e7c7... Revert s3-build: Remove --enable-merged support. from 158d41b... s4-smbtorture: make sure to zero the add driver info 8 struct before adding drivers. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 8f8e7c788a12d1e0bda9183ed765cc1048e105f7 Author: Günther Deschner g...@samba.org Date: Tue Apr 27 18:00:43 2010 +0200 Revert s3-build: Remove --enable-merged support. This reverts commit f8fc7fcbeb8141c5b2775e2219bae17c55ad4a3c. Was that pushed by coincidence ? merged build is really, really required over here. --- Summary of changes: source3/configure.in| 51 - source3/samba4-templates.mk | 144 +++ source3/samba4.m4 | 211 ++ source3/samba4.mk | 265 +++ 4 files changed, 668 insertions(+), 3 deletions(-) create mode 100644 source3/samba4-templates.mk create mode 100644 source3/samba4.m4 create mode 100644 source3/samba4.mk Changeset truncated at 500 lines: diff --git a/source3/configure.in b/source3/configure.in index a30f301..9a190cc 100644 --- a/source3/configure.in +++ b/source3/configure.in @@ -195,15 +195,17 @@ AC_ARG_WITH(profiling-data, ) dnl Checks for programs. +merged_build_possible=yes + AC_PROG_INSTALL AC_PROG_AWK # Check for GNU make m4_include(../m4/check_make.m4) -AC_SAMBA_GNU_MAKE([true], [true]) +AC_SAMBA_GNU_MAKE([true], [merged_build_possible=no]) # Check for perl m4_include(../m4/check_perl.m4) -AC_SAMBA_PERL([true], [true]) +AC_SAMBA_PERL([true], [merged_build_possible=no]) AC_CHECK_TOOL(AR, ar) @@ -1829,6 +1831,7 @@ if test x$BLDSHARED != xtrue; then SHLD=shared-libraries-disabled PICFLAG=${PIE_CFLAGS} SHLIBEXT=shared_libraries_disabled + merged_build_possible=no fi AC_MSG_CHECKING([used PICFLAG]) @@ -4232,6 +4235,10 @@ if test x$with_ads_support != xno; then LIBS=$ac_save_LIBS fi +if test x$use_ads != xyes; then + merged_build_possible=no +fi + AC_CHECK_LIB_EXT(nscd, NSCD_LIBS, nscd_flush_cache) PASSDB_LIBS=$PASSDB_LIBS $NSCD_LIBS @@ -6620,8 +6627,39 @@ MSG fi +AC_ARG_ENABLE(merged-build, +[AS_HELP_STRING([--enable-merged-build], [Build Samba 4 as well])], +[ enable_merged_build=$enableval ], [ enable_merged_build=auto ]) + +if test x$enable_merged_build = xyes -a \ + x$merged_build_possible = xno ; then + AC_MSG_ERROR(Merged build required but not possible) +fi + m4_include(../lib/zlib/zlib.m4) +if test x$enable_merged_build = xauto; then + # Check for python + m4_include(../m4/check_python.m4) + AC_SAMBA_PYTHON_DEVEL([true], [merged_build_possible=no]) + + AC_MSG_CHECKING([whether it would be possible to do a merged build]) + AC_MSG_RESULT([$merged_build_possible]) + + # Enable merged build automatically if possible, when in developer mode + if test x$developer = xyes; then + enable_merged_build=$merged_build_possible + fi +fi + +if test x$enable_merged_build = xyes; then + MERGED_BUILD=1 + saved_USESHARED=$USESHARED + USESHARED=false + m4_include(samba4.m4) + USESHARED=$saved_USESHARED +fi + AC_SUBST(ZLIB_LIBS) AC_SUBST(ZLIB_OBJS) AC_ZLIB([ZLIB_OBJS=], [ @@ -6693,7 +6731,14 @@ SMBD_LIBS=$samba_dmapi_libs AC_SUBST(SMBD_LIBS) CFLAGS=${CFLAGS} \$(FLAGS) -CFLAGS=${CFLAGS} -D_SAMBA_BUILD_=3 + +if test x$MERGED_BUILD != x1; then + CFLAGS=${CFLAGS} -D_SAMBA_BUILD_=3 +else + if test x$BLDSHARED = xtrue ; then + LDFLAGS=$LDFLAGS -L./bin + fi +fi AC_SUBST(MAKEFILE) if test x$samba_cv_gnu_make = xyes; then diff --git a/source3/samba4-templates.mk b/source3/samba4-templates.mk new file mode 100644 index 000..0024a75 --- /dev/null +++ b/source3/samba4-templates.mk @@ -0,0 +1,144 @@ +# Templates file for Samba 4 +# This relies on GNU make. +# +# © 2008 Jelmer Vernooij jel...@samba.org +# +### +# Templates +### + +# Partially link +# Arguments: target object file, source object files +define partial_link_template +$(1): $(2) ; + @echo Partially linking $$@ + @mkdir -p $$(@D) + @$$(PARTLINK) -o $$@ $$^ +endef + +# Link a binary +# Arguments: target file, depends, flags +define binary_link_template +$(1)4: $(2) ; + @echo Linking $$@ + @$$(BNLD) $$(BNLD_FLAGS) $$(INTERN_LDFLAGS) -o $$@ $$(INSTALL_LINK_FLAGS) $(3) $$(LIBS) +clean:: + @rm -f $(1) + +everything:: $(1)4 + +endef + +# Link a host-machine binary +# Arguments: target file, depends, flags +define host_binary_link_template +$(1)4: $(2) ; +
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via d1db751... Revert s4:web_server: use tsocket_address functions to get the local ip and port via 79a29a8... s4:cldap_server/netlogon.c - handle the domain SID correctly via eceffe6... nbt: samlogon/netlogon structures - unify denominations via 3f1bd92... s4:fill_netlogon_samlogon_response - reorder assign operations (to be consistent) via a89ba9e... s4:fill_netlogon_samlogon_response - use lp_workgroup for the short netbios domainname via 7efb436... s4:torture - DsRAddressToSitenames[Ex]W testsuite - make it IPv4-only compatible from 8f8e7c7... Revert s3-build: Remove --enable-merged support. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit d1db751ff8e6b15c059db254b57c72dfda8d4bfc Author: Matthias Dieter Wallnöfer m...@samba.org Date: Tue Apr 27 18:25:21 2010 +0200 Revert s4:web_server: use tsocket_address functions to get the local ip and port This reverts commit 9a1a00199c2603376eacfdba7e7d0d55bc64f405. This broke the build. commit 79a29a8cd65534884934c60ae2fb2854e064722b Author: Matthias Dieter Wallnöfer m...@samba.org Date: Tue Apr 27 18:07:09 2010 +0200 s4:cldap_server/netlogon.c - handle the domain SID correctly commit eceffe690912b1fbce4ecddaffd29b52e2cf9cd1 Author: Matthias Dieter Wallnöfer m...@samba.org Date: Tue Apr 27 16:56:36 2010 +0200 nbt: samlogon/netlogon structures - unify denominations commit 3f1bd92306b2f11b5c8086ef9e0a311d9e99da89 Author: Matthias Dieter Wallnöfer m...@samba.org Date: Tue Apr 27 16:32:46 2010 +0200 s4:fill_netlogon_samlogon_response - reorder assign operations (to be consistent) commit a89ba9e21d53ae2c163e6cdaf4198d3148d5019e Author: Matthias Dieter Wallnöfer m...@samba.org Date: Tue Apr 27 16:31:07 2010 +0200 s4:fill_netlogon_samlogon_response - use lp_workgroup for the short netbios domainname This call is only for the DC mode. commit 7efb43669838245cd240ac2c5aa443ba0d285b9c Author: Matthias Dieter Wallnöfer m...@samba.org Date: Tue Apr 27 15:27:40 2010 +0200 s4:torture - DsRAddressToSitenames[Ex]W testsuite - make it IPv4-only compatible --- Summary of changes: libcli/ndr_netlogon.c |4 +- libcli/netlogon.c |6 ++-- librpc/gen_ndr/nbt.h|6 ++-- librpc/gen_ndr/ndr_nbt.c| 18 +- librpc/idl/nbt.idl |6 ++-- source3/libsmb/clidgram.c |2 +- source3/libsmb/dsgetdcname.c| 14 source4/cldap_server/netlogon.c | 43 - source4/libnet/libnet_become_dc.c |2 +- source4/libnet/libnet_unbecome_dc.c |2 +- source4/nbt_server/irpc.c |4 +- source4/torture/ldap/cldap.c| 12 +++--- source4/torture/rpc/netlogon.c | 60 -- source4/web_server/wsgi.c | 16 +++-- 14 files changed, 127 insertions(+), 68 deletions(-) Changeset truncated at 500 lines: diff --git a/libcli/ndr_netlogon.c b/libcli/ndr_netlogon.c index 0354cfb..1c6b2bc 100644 --- a/libcli/ndr_netlogon.c +++ b/libcli/ndr_netlogon.c @@ -131,7 +131,7 @@ enum ndr_err_code ndr_push_NETLOGON_SAM_LOGON_RESPONSE_EX_with_flags(struct ndr_ NDR_CHECK(ndr_push_nbt_string(ndr, NDR_SCALARS, r-forest)); NDR_CHECK(ndr_push_nbt_string(ndr, NDR_SCALARS, r-dns_domain)); NDR_CHECK(ndr_push_nbt_string(ndr, NDR_SCALARS, r-pdc_dns_name)); - NDR_CHECK(ndr_push_nbt_string(ndr, NDR_SCALARS, r-domain)); + NDR_CHECK(ndr_push_nbt_string(ndr, NDR_SCALARS, r-domain_name)); NDR_CHECK(ndr_push_nbt_string(ndr, NDR_SCALARS, r-pdc_name)); NDR_CHECK(ndr_push_nbt_string(ndr, NDR_SCALARS, r-user_name)); NDR_CHECK(ndr_push_nbt_string(ndr, NDR_SCALARS, r-server_site)); @@ -177,7 +177,7 @@ enum ndr_err_code ndr_pull_NETLOGON_SAM_LOGON_RESPONSE_EX_with_flags(struct ndr_ NDR_CHECK(ndr_pull_nbt_string(ndr, NDR_SCALARS, r-forest)); NDR_CHECK(ndr_pull_nbt_string(ndr, NDR_SCALARS, r-dns_domain)); NDR_CHECK(ndr_pull_nbt_string(ndr, NDR_SCALARS, r-pdc_dns_name)); - NDR_CHECK(ndr_pull_nbt_string(ndr, NDR_SCALARS, r-domain)); + NDR_CHECK(ndr_pull_nbt_string(ndr, NDR_SCALARS, r-domain_name)); NDR_CHECK(ndr_pull_nbt_string(ndr, NDR_SCALARS, r-pdc_name)); NDR_CHECK(ndr_pull_nbt_string(ndr, NDR_SCALARS, r-user_name)); NDR_CHECK(ndr_pull_nbt_string(ndr, NDR_SCALARS, r-server_site)); diff --git
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 0798977... s3:libads/ldap.c - fix a build breakage from d1db751... Revert s4:web_server: use tsocket_address functions to get the local ip and port http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 079897709ed99dac049d7b2b5f0c1958527462c4 Author: Matthias Dieter Wallnöfer m...@samba.org Date: Tue Apr 27 20:45:06 2010 +0200 s3:libads/ldap.c - fix a build breakage --- Summary of changes: source3/libads/ldap.c |4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/libads/ldap.c b/source3/libads/ldap.c index 19a37c7..0bb206f 100644 --- a/source3/libads/ldap.c +++ b/source3/libads/ldap.c @@ -265,7 +265,7 @@ static bool ads_try_connect(ADS_STRUCT *ads, const char *server, bool gc) ads-config.client_site_name = SMB_STRDUP(cldap_reply.client_site); } - ads-server.workgroup = SMB_STRDUP(cldap_reply.domain); + ads-server.workgroup = SMB_STRDUP(cldap_reply.domain_name); ads-ldap.port = gc ? LDAP_GC_PORT : LDAP_PORT; if (!interpret_string_addr(ads-ldap.ss, srv, 0)) { @@ -277,7 +277,7 @@ static bool ads_try_connect(ADS_STRUCT *ads, const char *server, bool gc) } /* Store our site name. */ - sitename_store( cldap_reply.domain, cldap_reply.client_site); + sitename_store( cldap_reply.domain_name, cldap_reply.client_site); sitename_store( cldap_reply.dns_domain, cldap_reply.client_site); ret = true; -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via e6f5961... Install spn_update_list to setup/ dir from 0798977... s3:libads/ldap.c - fix a build breakage http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit e6f59613fec82710914c429d97a1e1144723b0f9 Author: Marcel Ritter marcel.rit...@rrze.uni-erlangen.de Date: Tue Apr 27 13:53:04 2010 +0200 Install spn_update_list to setup/ dir Signed-off-by: Matthias Dieter Wallnöfer m...@samba.org --- Summary of changes: source4/script/installmisc.sh |1 + source4/setup/wscript_build |1 + 2 files changed, 2 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/script/installmisc.sh b/source4/script/installmisc.sh index f9ac073..1de1781 100755 --- a/source4/script/installmisc.sh +++ b/source4/script/installmisc.sh @@ -80,6 +80,7 @@ cp setup/provision.smb.conf.dc $SETUPDIR || exit 1 cp setup/provision.smb.conf.member $SETUPDIR || exit 1 cp setup/provision.smb.conf.standalone $SETUPDIR || exit 1 cp setup/dns_update_list $SETUPDIR || exit 1 +cp setup/spn_update_list $SETUPDIR || exit 1 echo Installing external python libraries mkdir -p $DESTDIR$PYTHONDIR || exit 1 diff --git a/source4/setup/wscript_build b/source4/setup/wscript_build index 97d26a3..2d1e3ec 100644 --- a/source4/setup/wscript_build +++ b/source4/setup/wscript_build @@ -7,6 +7,7 @@ O755 = 493 bld.INSTALL_FILES('${SBINDIR}','provision', chmod=O755, python_fixup=True) bld.INSTALL_FILES('${SETUPDIR}', 'dns_update_list') +bld.INSTALL_FILES('${SETUPDIR}', 'spn_update_list') for p in '''schema-map-* DB_CONFIG *.inf *.ldif *.reg *.zone *.conf *.php *.txt named.conf named.conf.update provision.smb.conf.dc provision.smb.conf.member -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via ce8595f... Fix more S3 build breakage. Matthias, please ensure S3 builds when changing common code. from e6f5961... Install spn_update_list to setup/ dir http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit ce8595f68e3ca6fd8be0d4777aa8157e29597444 Author: Jeremy Allison j...@samba.org Date: Tue Apr 27 12:10:20 2010 -0700 Fix more S3 build breakage. Matthias, please ensure S3 builds when changing common code. Jeremy. --- Summary of changes: source3/utils/net_ads.c |4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index 3cd4fd8..53cb9ac 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -103,7 +103,7 @@ static int net_ads_cldap_netlogon(struct net_context *c, ADS_STRUCT *ads) printf(_(Domain:\t\t\t%s\n), reply.dns_domain); printf(_(Domain Controller:\t%s\n), reply.pdc_dns_name); - printf(_(Pre-Win2k Domain:\t%s\n), reply.domain); + printf(_(Pre-Win2k Domain:\t%s\n), reply.domain_name); printf(_(Pre-Win2k Hostname:\t%s\n), reply.pdc_name); if (*reply.user_name) printf(_(User name:\t%s\n), reply.user_name); @@ -401,7 +401,7 @@ static int net_ads_workgroup(struct net_context *c, int argc, const char **argv) return -1; } - d_printf(_(Workgroup: %s\n), reply.domain); + d_printf(_(Workgroup: %s\n), reply.domain_name); ads_destroy(ads); -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via f4f9d54... s3-lanman: use spoolss for api_PrintJobInfo(). via d6d8c3f... s4-smbtorture: also try renaming jobname in test_DoPrintTest_check_jobs(). via b87b1de... s4-smbtorture: allow to pass down spoolss_JobInfoContainer to SetJob functions. via 2af4493... s4-smbtorture: be more liberal when spoolss_SetJob fails. via 1691eb7... s3-spoolss: add support for SetJobInfo level 1 (for jobfile rename). via 2b7002f... s3-lanman: remove unsupported print_job_set_place(). from ce8595f... Fix more S3 build breakage. Matthias, please ensure S3 builds when changing common code. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit f4f9d54721a3b6b9bf61ba84eaf144cbecbcf937 Author: Günther Deschner g...@samba.org Date: Tue Apr 27 19:58:32 2010 +0200 s3-lanman: use spoolss for api_PrintJobInfo(). Guenther commit d6d8c3ffe3a235fe6b55a79989e1734d229ca8f1 Author: Günther Deschner g...@samba.org Date: Wed Apr 28 00:05:41 2010 +0200 s4-smbtorture: also try renaming jobname in test_DoPrintTest_check_jobs(). Guenther commit b87b1de83432611e511e511d0320b8c1c1a8b323 Author: Günther Deschner g...@samba.org Date: Tue Apr 27 23:33:05 2010 +0200 s4-smbtorture: allow to pass down spoolss_JobInfoContainer to SetJob functions. Guenther commit 2af449391b28dda10ebb797fcf61e2319b36a0b0 Author: Günther Deschner g...@samba.org Date: Tue Apr 27 23:31:25 2010 +0200 s4-smbtorture: be more liberal when spoolss_SetJob fails. For some reason, spoolss_SetJob pausing and resuming of printjob is still racy on the buildfarm. Converting the fatal assert to a warning for now. Guenther commit 1691eb73da62f3a50c12031d0a76cc6d4deed955 Author: Günther Deschner g...@samba.org Date: Tue Apr 27 19:57:47 2010 +0200 s3-spoolss: add support for SetJobInfo level 1 (for jobfile rename). Guenther commit 2b7002f38571a920244d9ad309c606caaf2c0411 Author: Günther Deschner g...@samba.org Date: Tue Apr 27 19:30:49 2010 +0200 s3-lanman: remove unsupported print_job_set_place(). Guenther --- Summary of changes: source3/include/proto.h |4 +- source3/printing/printing.c | 32 +++--- source3/rpc_server/srv_spoolss_nt.c | 49 +++ source3/smbd/lanman.c | 110 --- source4/torture/rpc/spoolss.c | 57 +++--- 5 files changed, 209 insertions(+), 43 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/include/proto.h b/source3/include/proto.h index 09c2c02..f5e9ec4 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -4976,8 +4976,8 @@ bool print_job_exists(const char* sharename, uint32 jobid); int print_job_fd(const char* sharename, uint32 jobid); char *print_job_fname(const char* sharename, uint32 jobid); NT_DEVICEMODE *print_job_devmode(const char* sharename, uint32 jobid); -bool print_job_set_place(const char *sharename, uint32 jobid, int place); -bool print_job_set_name(const char *sharename, uint32 jobid, char *name); +bool print_job_set_name(const char *sharename, uint32 jobid, const char *name); +bool print_job_get_name(TALLOC_CTX *mem_ctx, const char *sharename, uint32_t jobid, char **name); bool print_job_delete(struct auth_serversupplied_info *server_info, int snum, uint32 jobid, WERROR *errcode); bool print_job_pause(struct auth_serversupplied_info *server_info, int snum, diff --git a/source3/printing/printing.c b/source3/printing/printing.c index 9bd98a6..e67c5d4 100644 --- a/source3/printing/printing.c +++ b/source3/printing/printing.c @@ -1854,31 +1854,43 @@ NT_DEVICEMODE *print_job_devmode(const char* sharename, uint32 jobid) } / - Set the place in the queue for a job. + Set the name of a job. Only possible for owner. / -bool print_job_set_place(const char *sharename, uint32 jobid, int place) +bool print_job_set_name(const char *sharename, uint32 jobid, const char *name) { - DEBUG(2,(print_job_set_place not implemented yet\n)); - return False; + struct printjob *pjob; + + pjob = print_job_find(sharename, jobid); + if (!pjob || pjob-pid != sys_getpid()) + return False; + + fstrcpy(pjob-jobname, name); + return pjob_store(sharename, jobid, pjob); } / - Set the name of a job. Only possible for owner. + Get the name of a job. Only possible for owner. / -bool
[SCM] CTDB repository - branch 1.0.112 updated - ctdb-1.0.111-69-g906e892
The branch, 1.0.112 has been updated via 906e892e1d0c646e01bceddf42ca5df005b42f20 (commit) from c07cd2cb042d62ee4adcfa1b75dd423424ca681b (commit) http://gitweb.samba.org/?p=sahlberg/ctdb.git;a=shortlog;h=1.0.112 - Log - commit 906e892e1d0c646e01bceddf42ca5df005b42f20 Author: Ronnie Sahlberg ronniesahlb...@gmail.com Date: Wed Apr 28 08:46:41 2010 +1000 If the admin makes a configuration mistake and configures NATGW to use the same ip address as a normal public-address, check for this in the natgw script and warn the user. Also prevent ctdb from starting up since this configuration will not work. BZ60933 --- Summary of changes: config/events.d/11.natgw |9 + 1 files changed, 9 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/config/events.d/11.natgw b/config/events.d/11.natgw index ce1becc..3c2836b 100644 --- a/config/events.d/11.natgw +++ b/config/events.d/11.natgw @@ -24,6 +24,15 @@ delete_all() { case $1 in startup) + [ -z $CTDB_PUBLIC_ADDRESSES ] { + CTDB_PUBLIC_ADDRESSES=/etc/ctdb/public_addresses + } + egrep ^$CTDB_NATGW_PUBLIC_IP[ \t] $CTDB_PUBLIC_ADDRESSES /dev/null + [ $? = 0 ] { + echo ERROR: NATGW configured to use a public address. NATGW must not use a public address. + exit 1 + } + # do not respond to ARPs that are for ip addresses with scope 'host' echo 3 /proc/sys/net/ipv4/conf/all/arp_ignore # do not send out arp requests from loopback addresses -- CTDB repository
[SCM] CTDB repository - branch master updated - ctdb-1.0.114-67-g480af69
The branch, master has been updated via 480af69b63b9162c85d8e04461ca9e4a083c04a4 (commit) from 35d9ac7d162f99795ac3146fcd464e9d2e45feaa (commit) http://gitweb.samba.org/?p=sahlberg/ctdb.git;a=shortlog;h=master - Log - commit 480af69b63b9162c85d8e04461ca9e4a083c04a4 Author: Ronnie Sahlberg ronniesahlb...@gmail.com Date: Wed Apr 28 08:46:41 2010 +1000 If the admin makes a configuration mistake and configures NATGW to use the same ip address as a normal public-address, check for this in the natgw script and warn the user. Also prevent ctdb from starting up since this configuration will not work. BZ60933 --- Summary of changes: config/events.d/11.natgw |9 + 1 files changed, 9 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/config/events.d/11.natgw b/config/events.d/11.natgw index b226b81..e6e54f4 100644 --- a/config/events.d/11.natgw +++ b/config/events.d/11.natgw @@ -27,6 +27,15 @@ delete_all() { case $1 in startup) + [ -z $CTDB_PUBLIC_ADDRESSES ] { + CTDB_PUBLIC_ADDRESSES=/etc/ctdb/public_addresses + } + egrep ^$CTDB_NATGW_PUBLIC_IP[ \t] $CTDB_PUBLIC_ADDRESSES /dev/null + [ $? = 0 ] { + echo ERROR: NATGW configured to use a public address. NATGW must not use a public address. + exit 1 + } + # do not respond to ARPs that are for ip addresses with scope 'host' echo 3 /proc/sys/net/ipv4/conf/all/arp_ignore # do not send out arp requests from loopback addresses -- CTDB repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via f11a5d1... Don't return an intermediate reply on async on a pipe call (Windows doesn't). from f4f9d54... s3-lanman: use spoolss for api_PrintJobInfo(). http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit f11a5d196d6beaeb8445d759559ff684045776f5 Author: Jeremy Allison j...@samba.org Date: Tue Apr 27 16:07:12 2010 -0700 Don't return an intermediate reply on async on a pipe call (Windows doesn't). Jeremy. --- Summary of changes: source3/smbd/smb2_server.c |5 + 1 files changed, 5 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/smbd/smb2_server.c b/source3/smbd/smb2_server.c index 8940427..67d20b1 100644 --- a/source3/smbd/smb2_server.c +++ b/source3/smbd/smb2_server.c @@ -712,6 +712,11 @@ NTSTATUS smbd_smb2_request_pending_queue(struct smbd_smb2_request *req, } } + /* Don't return an intermediate packet on a pipe read/write. */ + if (req-tcon req-tcon-compat_conn IS_IPC(req-tcon-compat_conn)) { + return NT_STATUS_OK; + } + reqhdr = (uint8_t *)req-out.vector[i].iov_base; flags = (IVAL(reqhdr, SMB2_HDR_FLAGS) ~SMB2_HDR_FLAG_CHAINED); message_id = BVAL(reqhdr, SMB2_HDR_MESSAGE_ID); -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via f56d900... s3-lanman: use spoolss for api_WPrintDestGetInfo() and api_WPrintDestEnum(). via c88ff10... s3-lanman: fix debug message in api_WPrintJobEnumerate(). via 566ea59... s3-lanman: remove a unnecessary memset in api_WPrintJobEnumerate(). via fe1f503... s3-lanman: remove unused code. via f23bcb5... s3-lanman: use spoolss for api_DosPrintQGetInfo and api_DosPrintQEnum. from f11a5d1... Don't return an intermediate reply on async on a pipe call (Windows doesn't). http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit f56d9006d5790b8b752c72600ccd3942a2742f17 Author: Günther Deschner g...@samba.org Date: Wed Apr 28 01:11:19 2010 +0200 s3-lanman: use spoolss for api_WPrintDestGetInfo() and api_WPrintDestEnum(). With this, I think, all implemented RAP printing calls are routed over SPOOLSS. Torture tests to follow... Guenther commit c88ff10d690094617ed382a6ff16921a7bef2a63 Author: Günther Deschner g...@samba.org Date: Wed Apr 28 01:10:49 2010 +0200 s3-lanman: fix debug message in api_WPrintJobEnumerate(). Guenther commit 566ea59b27b97038f7fd4315746019eab002a599 Author: Günther Deschner g...@samba.org Date: Wed Apr 28 01:07:08 2010 +0200 s3-lanman: remove a unnecessary memset in api_WPrintJobEnumerate(). Guenther commit fe1f503a957aa0041ae101e27950b7e31a965548 Author: Günther Deschner g...@samba.org Date: Tue Apr 27 23:12:40 2010 +0200 s3-lanman: remove unused code. Guenther commit f23bcb5c5e64cfd6b8a4b19568d40919c28610f1 Author: Günther Deschner g...@samba.org Date: Tue Apr 27 22:55:11 2010 +0200 s3-lanman: use spoolss for api_DosPrintQGetInfo and api_DosPrintQEnum. Guenther --- Summary of changes: source3/smbd/lanman.c | 644 + 1 files changed, 325 insertions(+), 319 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/smbd/lanman.c b/source3/smbd/lanman.c index 4b7703b..e3c94cf 100644 --- a/source3/smbd/lanman.c +++ b/source3/smbd/lanman.c @@ -168,32 +168,6 @@ static int StrlenExpanded(connection_struct *conn, int snum, char *s) return strlen(buf) + 1; } -static char *Expand(connection_struct *conn, int snum, char *s) -{ - TALLOC_CTX *ctx = talloc_tos(); - char *buf = NULL; - - if (!s) { - return NULL; - } - buf = talloc_strdup(ctx,s); - if (!buf) { - return 0; - } - buf = talloc_string_sub(ctx,buf,%S,lp_servicename(snum)); - if (!buf) { - return 0; - } - return talloc_sub_advanced(ctx, - lp_servicename(SNUM(conn)), - conn-server_info-unix_name, - conn-connectpath, - conn-server_info-utok.gid, - conn-server_info-sanitized_username, - pdb_get_domain(conn-server_info-sam_account), - buf); -} - /*** Check a API string for validity when we only need to check the prefix. **/ @@ -533,21 +507,6 @@ static int check_printq_info(struct pack_desc* desc, /* turn a print job status into a on the wire status */ -static int printj_status(int v) -{ - switch (v) { - case LPQ_QUEUED: - return RAP_JOB_STATUS_QUEUED; - case LPQ_PAUSED: - return RAP_JOB_STATUS_PAUSED; - case LPQ_SPOOLING: - return RAP_JOB_STATUS_SPOOLING; - case LPQ_PRINTING: - return RAP_JOB_STATUS_PRINTING; - } - return 0; -} - static int printj_spoolss_status(int v) { if (v == JOB_STATUS_QUEUED) @@ -563,75 +522,15 @@ static int printj_spoolss_status(int v) /* turn a print queue status into a on the wire status */ -static int printq_status(int v) +static int printq_spoolss_status(int v) { - switch (v) { - case LPQ_QUEUED: + if (v == PRINTER_STATUS_OK) return 0; - case LPQ_PAUSED: + if (v PRINTER_STATUS_PAUSED) return RAP_QUEUE_STATUS_PAUSED; - } return RAP_QUEUE_STATUS_ERROR; } -static void fill_printjob_info(connection_struct *conn, int snum, int uLevel, - struct pack_desc *desc, - print_queue_struct *queue, int n) -{ - time_t t = queue-time; - - /* the client expects localtime */ - t -= get_time_zone(t); - - PACKI(desc,W,pjobid_to_rap(lp_const_servicename(snum),queue-job)); /* uJobId */ - if (uLevel == 1) { -
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 4d1f043... Don't return a potentially uninitialized NT_STATUS. We can now see user lists in Windows ACLs. via 33256e4... Add debug statements so I can track the flow of RPC data. from f56d900... s3-lanman: use spoolss for api_WPrintDestGetInfo() and api_WPrintDestEnum(). http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 4d1f0436bd4f63887173473541efa205fb98210f Author: Jeremy Allison j...@samba.org Date: Tue Apr 27 17:09:40 2010 -0700 Don't return a potentially uninitialized NT_STATUS. We can now see user lists in Windows ACLs. Jeremy. commit 33256e41e1ed7a4a2caeef2f0cf26d0abb9032ca Author: Jeremy Allison j...@samba.org Date: Tue Apr 27 17:07:44 2010 -0700 Add debug statements so I can track the flow of RPC data. Jeremy. --- Summary of changes: source3/smbd/smb2_ioctl.c | 31 --- 1 files changed, 28 insertions(+), 3 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/smbd/smb2_ioctl.c b/source3/smbd/smb2_ioctl.c index 0041e5f..c7775b4 100644 --- a/source3/smbd/smb2_ioctl.c +++ b/source3/smbd/smb2_ioctl.c @@ -127,6 +127,12 @@ static void smbd_smb2_request_ioctl_done(struct tevent_req *subreq) NTSTATUS error; /* transport error */ status = smbd_smb2_ioctl_recv(subreq, req, out_output_buffer); + + DEBUG(10,(smbd_smb2_request_ioctl_done: smbd_smb2_ioctl_recv returned + %u status %s\n, + (unsigned int)out_output_buffer.length, + nt_errstr(status) )); + TALLOC_FREE(subreq); if (NT_STATUS_EQUAL(status, STATUS_BUFFER_OVERFLOW)) { /* also ok */ @@ -353,6 +359,9 @@ static struct tevent_req *smbd_smb2_ioctl_send(TALLOC_CTX *mem_ctx, return tevent_req_post(req, ev); } + DEBUG(10,(smbd_smb2_ioctl_send: np_write_send of size %u\n, + (unsigned int)in_input.length )); + subreq = np_write_send(state, ev, fsp-fake_file_handle, in_input.data, @@ -388,6 +397,10 @@ static void smbd_smb2_ioctl_pipe_write_done(struct tevent_req *subreq) ssize_t nwritten = -1; status = np_write_recv(subreq, nwritten); + + DEBUG(10,(smbd_smb2_ioctl_pipe_write_done: received %ld\n, + (long int)nwritten )); + TALLOC_FREE(subreq); if (!NT_STATUS_IS_OK(status)) { tevent_req_nterror(req, status); @@ -405,6 +418,11 @@ static void smbd_smb2_ioctl_pipe_write_done(struct tevent_req *subreq) return; } + DEBUG(10,(smbd_smb2_ioctl_pipe_write_done: issuing np_read_send + of size %u\n, + (unsigned int)state-out_output.length )); + + TALLOC_FREE(subreq); subreq = np_read_send(state-smbreq-conn, state-smb2req-sconn-smb2.event_ctx, state-fsp-fake_file_handle, @@ -423,10 +441,17 @@ static void smbd_smb2_ioctl_pipe_read_done(struct tevent_req *subreq) struct smbd_smb2_ioctl_state *state = tevent_req_data(req, struct smbd_smb2_ioctl_state); NTSTATUS status; - ssize_t nread; - bool is_data_outstanding; + ssize_t nread = -1; + bool is_data_outstanding = false; status = np_read_recv(subreq, nread, is_data_outstanding); + + DEBUG(10,(smbd_smb2_ioctl_pipe_read_done: np_read_recv nread = %d +is_data_outstanding = %d, status = %s\n, + (int)nread, + (int)is_data_outstanding, + nt_errstr(status) )); + TALLOC_FREE(subreq); if (!NT_STATUS_IS_OK(status)) { tevent_req_nterror(req, status); @@ -442,7 +467,7 @@ static NTSTATUS smbd_smb2_ioctl_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx, DATA_BLOB *out_output) { - NTSTATUS status; + NTSTATUS status = NT_STATUS_OK; struct smbd_smb2_ioctl_state *state = tevent_req_data(req, struct smbd_smb2_ioctl_state); -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 3c585e9... s4:provisionbackend Don't loop forever waiting for OpenLDAP from 4d1f043... Don't return a potentially uninitialized NT_STATUS. We can now see user lists in Windows ACLs. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 3c585e9a8068d5065b1a5f320ffd130290c1cd07 Author: Andrew Bartlett abart...@samba.org Date: Wed Apr 28 10:39:05 2010 +1000 s4:provisionbackend Don't loop forever waiting for OpenLDAP We need to give a good error when we can't get OpenLDAP to accept our connections. Andrew Bartlett --- Summary of changes: source4/scripting/python/samba/provisionbackend.py |6 ++ 1 files changed, 6 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/scripting/python/samba/provisionbackend.py b/source4/scripting/python/samba/provisionbackend.py index 25e416c..8d035ab 100644 --- a/source4/scripting/python/samba/provisionbackend.py +++ b/source4/scripting/python/samba/provisionbackend.py @@ -222,6 +222,7 @@ class LDAPBackend(ProvisionBackend): self.slapd = subprocess.Popen(self.slapd_provision_command, close_fds=True, shell=False) +count = 0 while self.slapd.poll() is None: # Wait until the socket appears try: @@ -232,6 +233,11 @@ class LDAPBackend(ProvisionBackend): return except LdbError: time.sleep(1) +count = count + 1 + +if count 15: +self.message(Could not connect to slapd started with: %s % \' + \' \'.join(self.slapd_provision_command) + \') +raise ProvisioningError(slapd never accepted a connection within 15 seconds of starting) self.message(Could not start slapd with: %s % \' + \' \'.join(self.slapd_provision_command) + \') raise ProvisioningError(slapd died before we could make a connection to it) -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via c9a3661... Fix the allow_smb2 bug being set to false that was driving me mad :-). from 3c585e9... s4:provisionbackend Don't loop forever waiting for OpenLDAP http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit c9a3661c4b0997172782c55de4a3b15dff2c6ea4 Author: Jeremy Allison j...@samba.org Date: Tue Apr 27 22:15:17 2010 -0700 Fix the allow_smb2 bug being set to false that was driving me mad :-). The first packet from a rebooted Win7 on an SMB2 connection is an SMB1 negprot... Jeremy. --- Summary of changes: source3/smbd/process.c |6 +- 1 files changed, 5 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/smbd/process.c b/source3/smbd/process.c index 1ba1db5..53c5e0b 100644 --- a/source3/smbd/process.c +++ b/source3/smbd/process.c @@ -1633,8 +1633,12 @@ static void process_smb(struct smbd_server_connection *conn, if (smbd_is_smb2_header(inbuf, nread)) { smbd_smb2_first_negprot(smbd_server_conn, inbuf, nread); return; + } else if (nread = smb_size valid_smb_header(inbuf) +CVAL(inbuf, smb_com) != 0x72) { + /* This is a non-negprot SMB1 packet. + Disable SMB2 from now on. */ + smbd_server_conn-allow_smb2 = false; } - smbd_server_conn-allow_smb2 = false; } show_msg((char *)inbuf); -- Samba Shared Repository
[SCM] CTDB repository - branch 1.0.112 updated - ctdb-1.0.111-73-gb23c575
The branch, 1.0.112 has been updated via b23c575ac94511cc03ee366c73e4fbdf12afa9c9 (commit) via dad19c940d91eae4625f5489f166e3b5e1e3606c (commit) via 0a87e27e85d4075348fc888fc4f9f5d4ef853fb1 (commit) via 0e714cb24b80f0c1b36124cf9a53c9f3796c1965 (commit) from 906e892e1d0c646e01bceddf42ca5df005b42f20 (commit) http://gitweb.samba.org/?p=sahlberg/ctdb.git;a=shortlog;h=1.0.112 - Log - commit b23c575ac94511cc03ee366c73e4fbdf12afa9c9 Author: Ronnie Sahlberg ronniesahlb...@gmail.com Date: Wed Apr 28 15:47:19 2010 +1000 Dont check ip assignment across the cluster while ip-verification checks are disabled commit dad19c940d91eae4625f5489f166e3b5e1e3606c Author: Ronnie Sahlberg ronniesahlb...@gmail.com Date: Wed Apr 28 15:43:11 2010 +1000 The recent change to the recovery daemon to keep track of and verify that all nodes agree on the most recent ip address assignments broke ctdb moveip ... since that call would never trigger a full takeover run and thus would immediately trigger an inconsistency. Add a new message to the recovery daemon where we can tell the recovery daemon to update its assignments. BZ62782 commit 0a87e27e85d4075348fc888fc4f9f5d4ef853fb1 Author: Ronnie Sahlberg ronniesahlb...@gmail.com Date: Wed Apr 28 14:47:37 2010 +1000 Make create_merged_ip_list() a static function since it is not called from outside of ctdb_takeover.c commit 0e714cb24b80f0c1b36124cf9a53c9f3796c1965 Author: Ronnie Sahlberg ronniesahlb...@gmail.com Date: Wed Apr 28 14:44:53 2010 +1000 In the log message when we have found an inconsistent ip address allocation, add extra log information about what the inconsistency is. --- Summary of changes: include/ctdb.h |6 ++ include/ctdb_private.h |2 ++ server/ctdb_recoverd.c | 34 +++--- server/ctdb_takeover.c | 25 +++-- tools/ctdb.c |9 + 5 files changed, 71 insertions(+), 5 deletions(-) Changeset truncated at 500 lines: diff --git a/include/ctdb.h b/include/ctdb.h index 3633751..c380c3d 100644 --- a/include/ctdb.h +++ b/include/ctdb.h @@ -75,6 +75,12 @@ struct ctdb_call_info { */ #define CTDB_SRVID_SET_NODE_FLAGS 0xF400LL +/* + a message ID to ask the recovery daemon to update the expected node + assignment for a public ip + */ +#define CTDB_SRVID_RECD_UPDATE_IP 0xF500LL + /* a message to tell the recovery daemon to fetch a set of records */ diff --git a/include/ctdb_private.h b/include/ctdb_private.h index 06985a3..6c70623 100644 --- a/include/ctdb_private.h +++ b/include/ctdb_private.h @@ -1566,5 +1566,7 @@ int ctdb_recheck_persistent_health(struct ctdb_context *ctdb); int verify_remote_ip_allocation(struct ctdb_context *ctdb, struct ctdb_all_public_ips *ips); +int update_ip_assignment_tree(struct ctdb_context *ctdb, + struct ctdb_public_ip *ip); #endif diff --git a/server/ctdb_recoverd.c b/server/ctdb_recoverd.c index 6ceb95e..dd678cf 100644 --- a/server/ctdb_recoverd.c +++ b/server/ctdb_recoverd.c @@ -1814,6 +1814,29 @@ static void reenable_ip_check(struct event_context *ev, struct timed_event *te, rec-ip_check_disable_ctx = NULL; } + +static void recd_update_ip_handler(struct ctdb_context *ctdb, uint64_t srvid, +TDB_DATA data, void *private_data) +{ + struct ctdb_recoverd *rec = talloc_get_type(private_data, struct ctdb_recoverd); + struct ctdb_public_ip *ip; + + if (rec-recmaster != rec-ctdb-pnn) { + DEBUG(DEBUG_INFO,(Not recmaster, ignore update ip message\n)); + return; + } + + if (data.dsize != sizeof(struct ctdb_public_ip)) { + DEBUG(DEBUG_ERR,(__location__ Incorrect size of recd update ip message. Was %zd but expected %zd bytes\n, data.dsize, sizeof(struct ctdb_public_ip))); + return; + } + + ip = (struct ctdb_public_ip *)data.dptr; + + update_ip_assignment_tree(rec-ctdb, ip); +} + + static void disable_ip_check_handler(struct ctdb_context *ctdb, uint64_t srvid, TDB_DATA data, void *private_data) { @@ -2807,6 +2830,9 @@ static void monitor_cluster(struct ctdb_context *ctdb) /* register a message port for disabling the ip check for a short while */ ctdb_set_message_handler(ctdb, CTDB_SRVID_DISABLE_IP_CHECK, disable_ip_check_handler, rec); + /* register a message port for updating the recovery daemons node assignment for an ip */ + ctdb_set_message_handler(ctdb, CTDB_SRVID_RECD_UPDATE_IP, recd_update_ip_handler, rec); + again: if (mem_ctx) { talloc_free(mem_ctx); @@ -3098,9 +3124,11 @@ again: