Re: [Samba] Restricting samba subfolder acl changes to admin users

[suresh.kandukuru]

Thanks Volker. Adding Jeremy, as my manager told me that let samba team know 
that I am part of EMC lifeline team .. and some of team members discussed with 
Jeremy  regarding some other samba problems.


Volker ,  if you don't mind can you elaborate this , if we make share offline , 
how the setting of acls goes through the samba source code.?
 
However, I think this might cause quite a few problems. For
example, if you make such a share available offline,
disallowing setting of ACLs will cause severe problems when
clients synchronize their data. Moreover, some applications
like for example Microsoft Excel explicitly set the ACL when
saving files. You need to check if disallowing this does not
cause you trouble.
-

Thanks
Suresh

-Original Message-
From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] On 
Behalf Of Volker Lendecke
Sent: Thursday, October 14, 2010 5:43 PM
To: Kandukuru, Suresh
Cc: samba@lists.samba.org
Subject: Re: [Samba] Restricting samba subfolder acl changes to admin users

On Thu, Oct 14, 2010 at 08:05:38AM -0400, suresh.kanduk...@emc.com wrote:
 I am talking about users who has write access  on the
 share, not necessarily owners of the file/sub folders in
 it.  can we disallow the (some) users who has write access
 on the share to change subfolder ACL's in it?. I want to
 give this ACL change permission only to specific set of
 users .  I think this is valid requirement in general use
 case.

Yes, I think this might be a valid use case, although Samba
does not right now do this. It would require a patch to add
this capability along the lines of valid users etc.

However, I think this might cause quite a few problems. For
example, if you make such a share available offline,
disallowing setting of ACLs will cause severe problems when
clients synchronize their data. Moreover, some applications
like for example Microsoft Excel explicitly set the ACL when
saving files. You need to check if disallowing this does not
cause you trouble.

Volker
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Restricting samba subfolder acl changes to admin users

[Volker Lendecke]

On Fri, Oct 15, 2010 at 02:07:55AM -0400, suresh.kanduk...@emc.com wrote:
 Thanks Volker. Adding Jeremy, as my manager told me that
 let samba team know that I am part of EMC lifeline team ..
 and some of team members discussed with Jeremy  regarding
 some other samba problems.
 
 
 Volker ,  if you don't mind can you elaborate this , if we
 make share offline , how the setting of acls goes through
 the samba source code.?

When you make a folder available offline, then when a user
comes back and re-synchronizes his data, then the client
will set ACLs. I'm not sure how it reacts when you deny
that. The setting of ACLs goes comes into the Samba source
code in source3/smbd/nttrans.c, there we have the function
called call_nt_transact_set_security_desc. From there we end
up in set_sd and via the VFS we call SMB_VFS_FSET_NT_ACL,
which is by default the function set_nt_acl() in
smbd/posix_acls.c.

Hope that helps,

Volker
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Restricting samba subfolder acl changes to admin users

[suresh.kandukuru]

Got it Volker . Thanks .

once final Q is ,I have admin user in NAS . for a share test , he has given 
write access to user user1  and  read access for a  subfolder - testsubdir 
in share test .
when user1 logged into share  test,  he could not write into testsubdir. 
obviously it is because he has read access on the folder an most restrictive 
access will be effective.

and the problem is since the user1 has write access to share , he is able to 
change the  read access on the sub folder by himself. why samba is allowing 
this ? since effectively user1 has read access on the sub folder testsubdir 
it should deny acl changes on that right?.


Thanks
Suresh


-Original Message-
From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] On 
Behalf Of Volker Lendecke
Sent: Friday, October 15, 2010 2:27 PM
To: Kandukuru, Suresh
Cc: samba@lists.samba.org; j...@samba.org
Subject: Re: [Samba] Restricting samba subfolder acl changes to admin users

On Fri, Oct 15, 2010 at 02:07:55AM -0400, suresh.kanduk...@emc.com wrote:
 Thanks Volker. Adding Jeremy, as my manager told me that
 let samba team know that I am part of EMC lifeline team ..
 and some of team members discussed with Jeremy  regarding
 some other samba problems.
 
 
 Volker ,  if you don't mind can you elaborate this , if we
 make share offline , how the setting of acls goes through
 the samba source code.?

When you make a folder available offline, then when a user
comes back and re-synchronizes his data, then the client
will set ACLs. I'm not sure how it reacts when you deny
that. The setting of ACLs goes comes into the Samba source
code in source3/smbd/nttrans.c, there we have the function
called call_nt_transact_set_security_desc. From there we end
up in set_sd and via the VFS we call SMB_VFS_FSET_NT_ACL,
which is by default the function set_nt_acl() in
smbd/posix_acls.c.

Hope that helps,

Volker
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Error was Transport endpoint is not connected

[robert . gehr]

Nice try. The backup fails exactly the moment the message appears in the
log. So I would say it is something to worry about.

Has really no one any ideas why this all of a sudden comes up.

Thanks for any hints

Rob


On Tue, 2010-10-12 at 08:41 +0200, Daniel Müller wrote:
 This message only says: I established to one of the ports 139 or 445
 and dropped the other.
 It is nothing to trouble about.
 
 ---
 EDV Daniel Mller
 
 Leitung EDV
 Tropenklinik Paul-Lechler-Krankenhaus
 Paul-Lechler-Str. 24
 72076 Tbingen
 
 Tel.: 07071/206-463, Fax: 07071/206-499
 eMail: muel...@tropenklinik.de
 Internet: www.tropenklinik.de
 ---
 
 -Ursprngliche Nachricht-
 Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im
 Auftrag von Gaiseric Vandal
 Gesendet: Montag, 11. Oktober 2010 16:48
 An: samba@lists.samba.org
 Betreff: Re: [Samba] Error was Transport endpoint is not connected
 
 By default samba listens on two TCP ports-  445 and 139.  You can 
 specify this in smb.conf
 
  smb ports = 445 139
 
 
 445 is the newer smb  over tcp.139 is the older smb over netbios 
 over tcp/ip.   445 was for Windows 2000 and newer clients..  I am 
 not sure why samba enables 445 by default since as far as I know it does 
 not support smb-over-tcp (without the NBT/netbios over tcp stuff.)If 
 you  set smb ports = 139 in your smb.conf you should see endpoint 
 messages disappear.
 
 I think what happens is Win 2000 (and newer)  clients will initially try 
 to connect on port 445, find it isn't really compatible, and then dump 
 down to NBT on port 139.
 
 So your NAS may be occasionally connecting on port 139 without problems 
 and occasionally connecting on port 445, and which point it fails.
 
 OR-  the endpoint errors may be completely unrelated, but you just 
 don't look for when when the NAS is working.
 
 
 Is the NAS part of the domain?  Is it a windows or linux/samba based device?
 
 My samba server is a PDC.  XP clients in the domain connect with no 
 problems regardless of  if smb ports is 139 only or 139 + 445.   XP/Win7 
 clients NOT in the domain can't connect to shares if 445 is disabled, 
 which indicates they are connecting to 445 1st.
 
 
 
 On 10/11/2010 08:57 AM, robert.gehr wrote:
  Hello All
 
  I used to back up a Mssql database (about 55GB) to a samba share without
  any problems. The samba server Server-A was running version 3.4.7
  We just got one of those Netgear ReadyNas3200 things and I tried to
  backup up to a share there which sometimes works and sometimes not in
  wich case I get the following error:
 
  snip---
 
  [2010/10/08 21:32:26.937834,  0]
  lib/util_sock.c:474(read_fd_with_timeout)
  [2010/10/08 21:32:26.966404,  0]
  lib/util_sock.c:1432(get_peer_addr_internal)
 getpeername failed. Error was Transport endpoint is not connected
 read_fd_with_timeout: client 0.0.0.0 read error = Connection reset by
  peer.
 
  ---snap-
 
  The samba version on the ReadyNas is 3.5.4
 
  On the windows side nothing has changed apart form the destination to
  the new share. The ReadyNas performs pretty well and I do not get any
  network errors or otherwise. To rule out some network problem I exported
  a nfs share on the ReadyNas which I mounted on Server-A, created a
  share on Server-A that points to the nfs-mount and ran a backup. No
  problems and no errors.
 
  Any ideas which buttons to push in order to get a reliable backup going
  again? From what I read this usually points to a problem on the client
  side but nothing has changed there. I could of course use the
  Server-A:smb-nfs-mount:ReadyNas solution but this is not what I want.
 
  Thanks
 
  Rob
 
 
 

--

Everything should be made as simple as possible, but not simpler.

~ Albert Einstein


-- 
baumann GmbH
Oskar-von-Miller-Str. 7
92224 Amberg - Deutschland / Germany

GF / CEO: Dr. Georg Baumann, Rudi Neumann, Josef Konrad
HR: Amberg HRB 1067 

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Restricting samba subfolder acl changes to admin users

[Volker Lendecke]

On Fri, Oct 15, 2010 at 07:09:02AM -0400, suresh.kanduk...@emc.com wrote:
 once final Q is ,I have admin user in NAS . for a share
 test , he has given write access to user user1  and
 read access for a  subfolder - testsubdir in share
 test .
 when user1 logged into share  test,  he could not write
 into testsubdir. obviously it is because he has read
 access on the folder an most restrictive access will be
 effective.
 
 and the problem is since the user1 has write access to
 share , he is able to change the  read access on the sub
 folder by himself. why samba is allowing this ? since
 effectively user1 has read access on the sub folder
 testsubdir it should deny acl changes on that right?.

Who is the file owner of testsubdir? You can find out who
is the owner with the command ls -ld testsubdir. If user1
is the owner, then it does not matter if user1 has only read
access. If user1 is not the owner, then we might have a bug
in Samba. Please send us your smb.conf configuration file
and a debug level 10 log of the smbd allowing this
operation.

Thanks in advance,

Volker Lendecke
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Error was Transport endpoint is not connected

[Gaiseric Vandal]

Did you try changing smb.conf on the NAS to be port 139 only?

Also, it seems that 55 GB should not take one hour to copy (55 GBytes is 
440 Gbit, and at 1 Gbit/sec  and 60 secs / min, the transfer sohuld take 
about minutes-  at least in theory.)


I am guessing it is dropping because it tries to reestablish a 
connection part way through the transfer.






On 10/15/2010 07:12 AM, robert.gehr wrote:

Nice try. The backup fails exactly the moment the message appears in the
log. So I would say it is something to worry about.

Has really no one any ideas why this all of a sudden comes up.

Thanks for any hints

Rob


On Tue, 2010-10-12 at 08:41 +0200, Daniel Müller wrote:
   

This message only says: I established to one of the ports 139 or 445
and dropped the other.
It is nothing to trouble about.

---
EDV Daniel Mller

Leitung EDV
Tropenklinik Paul-Lechler-Krankenhaus
Paul-Lechler-Str. 24
72076 Tbingen

Tel.: 07071/206-463, Fax: 07071/206-499
eMail: muel...@tropenklinik.de
Internet: www.tropenklinik.de
---

-Ursprngliche Nachricht-
Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im
Auftrag von Gaiseric Vandal
Gesendet: Montag, 11. Oktober 2010 16:48
An: samba@lists.samba.org
Betreff: Re: [Samba] Error was Transport endpoint is not connected

By default samba listens on two TCP ports-  445 and 139.  You can
specify this in smb.conf

  smb ports = 445 139


445 is the newer smb  over tcp.139 is the older smb over netbios
over tcp/ip.   445 was for Windows 2000 and newer clients..  I am
not sure why samba enables 445 by default since as far as I know it does
not support smb-over-tcp (without the NBT/netbios over tcp stuff.)If
you  set smb ports = 139 in your smb.conf you should see endpoint
messages disappear.

I think what happens is Win 2000 (and newer)  clients will initially try
to connect on port 445, find it isn't really compatible, and then dump
down to NBT on port 139.

So your NAS may be occasionally connecting on port 139 without problems
and occasionally connecting on port 445, and which point it fails.

OR-  the endpoint errors may be completely unrelated, but you just
don't look for when when the NAS is working.


Is the NAS part of the domain?  Is it a windows or linux/samba based device?

My samba server is a PDC.  XP clients in the domain connect with no
problems regardless of  if smb ports is 139 only or 139 + 445.   XP/Win7
clients NOT in the domain can't connect to shares if 445 is disabled,
which indicates they are connecting to 445 1st.



On 10/11/2010 08:57 AM, robert.gehr wrote:
 

Hello All

I used to back up a Mssql database (about 55GB) to a samba share without
any problems. The samba server Server-A was running version 3.4.7
We just got one of those Netgear ReadyNas3200 things and I tried to
backup up to a share there which sometimes works and sometimes not in
wich case I get the following error:

snip---

[2010/10/08 21:32:26.937834,  0]
lib/util_sock.c:474(read_fd_with_timeout)
[2010/10/08 21:32:26.966404,  0]
lib/util_sock.c:1432(get_peer_addr_internal)
getpeername failed. Error was Transport endpoint is not connected
read_fd_with_timeout: client 0.0.0.0 read error = Connection reset by
peer.

---snap-

The samba version on the ReadyNas is 3.5.4

On the windows side nothing has changed apart form the destination to
the new share. The ReadyNas performs pretty well and I do not get any
network errors or otherwise. To rule out some network problem I exported
a nfs share on the ReadyNas which I mounted on Server-A, created a
share on Server-A that points to the nfs-mount and ran a backup. No
problems and no errors.

Any ideas which buttons to push in order to get a reliable backup going
again? From what I read this usually points to a problem on the client
side but nothing has changed there. I could of course use the
Server-A:smb-nfs-mount:ReadyNas solution but this is not what I want.

Thanks

Rob


   
 

--

Everything should be made as simple as possible, but not simpler.

 ~ Albert Einstein


   


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] IDMAP SID to UID problem

[Yashpal Nagar]

Hi All

I have Samba server 3.4.3.0 from pware which is integrated to AD users. I
can list down the user from wbinfo e.g
foo:/opt/samba/varwbinfo -n USER1
S-1-5-21-2072526652-XX-945835055-315051 User (1)

foo:/opt/samba/varwbinfo -s S-1-5-21-2072526652-XX-945835055-315051
DOMAIN1\USER1 1

But when I check the mapping into the winbindd_idmap.tdb, I can't see the
mapping there.

picchu:/opt/samba/var/lockstdbdump winbindd_idmap.tdb|grep 315051
which results nothing

Now, if I create the wbinfo --set-uid-mapping=UID,SID the samba works OK,
means that the SID to UID mapping is not working..

I can see many error in the log file --
Fatal Error: GID range full!! (max: 199)
Fatal Error: UID range full!! (max: 99)


I'm quite sure we don't have that many user which might fill such a large
range for UID and GID we have provided. Can anyone let me know how I can get
this mapping corrected?

Thanks in advance

Yash
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Restricting samba subfolder acl changes to admin users

[suresh.kandukuru]

Volker I will send the log,
  why it does not matter here if user1 is owner of the subfolder and has read 
only access on it?.
my Q is though user1 has read only access on subfolder testsubfldr, he is 
able to change it to the write , since user1 has write access on the share.
cannot samba disallow acl changes on the subfolder testsufldr  for the user 
user1  since has read access for it , though he has write access on the share?.

Thanks
Suresh
 

-Original Message-
From: Volker Lendecke [mailto:volker.lende...@sernet.de] 
Sent: Friday, October 15, 2010 4:51 PM
To: Kandukuru, Suresh
Cc: samba@lists.samba.org; j...@samba.org
Subject: Re: [Samba] Restricting samba subfolder acl changes to admin users

On Fri, Oct 15, 2010 at 07:09:02AM -0400, suresh.kanduk...@emc.com wrote:
 once final Q is ,I have admin user in NAS . for a share
 test , he has given write access to user user1  and
 read access for a  subfolder - testsubdir in share
 test .
 when user1 logged into share  test,  he could not write
 into testsubdir. obviously it is because he has read
 access on the folder an most restrictive access will be
 effective.
 
 and the problem is since the user1 has write access to
 share , he is able to change the  read access on the sub
 folder by himself. why samba is allowing this ? since
 effectively user1 has read access on the sub folder
 testsubdir it should deny acl changes on that right?.

Who is the file owner of testsubdir? You can find out who
is the owner with the command ls -ld testsubdir. If user1
is the owner, then it does not matter if user1 has only read
access. If user1 is not the owner, then we might have a bug
in Samba. Please send us your smb.conf configuration file
and a debug level 10 log of the smbd allowing this
operation.

Thanks in advance,

Volker Lendecke

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Restricting samba subfolder acl changes to admin users

[Volker Lendecke]

On Fri, Oct 15, 2010 at 09:28:30AM -0400, suresh.kanduk...@emc.com wrote:
 why it does not matter here if user1 is owner of the
 subfolder and has read only access on it?.
 my Q is though user1 has read only access on subfolder
 testsubfldr, he is able to change it to the write ,
 since user1 has write access on the share.
 cannot samba disallow acl changes on the subfolder
 testsufldr  for the user user1  since has read access
 for it , though he has write access on the share?.

Sorry, I'm lost here. Samba passes the Posix semantics of
chmod and setfacl 1:1 to the client. This means if you are
owner of the file and have general write access to the share
(not necessarily the file itself), chmod and getfacl are
allowed. This is just what Posix does. Quoting the susv3
definition for chmod:

 The application shall ensure that the effective user ID of
 the process matches the owner of the file or the process
 has appropriate privileges in order to do this.

This means that both the file owner or root can change an
ACL. To really understand what you mean, would it be
possible that you send your smb.conf file, an ls -la
of all subdirectories that participate?

If you really only want to allow setting ACLs for a very
limited set of users, one possibility would be to export the
same share twice. Once for administrators with an
appropriate valid users = @administrators (or so) line,
and another share with exactly the same path setting, but
with nt acl support = no. This is a very brute-force way
of denying all ACL setting. As I tried to point out in
previous mails, I would however recommend to thoroughly test
this setting with the applications you want to support.

Jeremy, maybe you can be of more help?

My English is probably just too limited to really give a
precise enough description of how smbd does what it does.

Thanks,

Volker
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] New to Linux and Samba

[Michael Schmid]

I tried this and it did not help. I also disabled the firewall as well.
I believe my issue for some reason is deeper then the user login
permissions.  Because I don't even get the login request, when I try to
connect from my windows p.c. Just the standard windows error pop-up
window, with the message the host that I want to connect to.

//host Not accessible. You might not have permission to use The
account is not authorized to log in from this station 
 


Thanks
Michael 
 
On Thu, 2010-10-14 at 08:13 +0200, Daniel Müller wrote:
 Change available = No to available= YES
 
 ---
 EDV Daniel Müller
 
 Leitung EDV
 Tropenklinik Paul-Lechler-Krankenhaus
 Paul-Lechler-Str. 24
 72076 Tübingen
 
 Tel.: 07071/206-463, Fax: 07071/206-499
 eMail: muel...@tropenklinik.de
 Internet: www.tropenklinik.de
 ---
 -Ursprüngliche Nachricht-
 Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im 
 Auftrag von Michael Schmid
 Gesendet: Donnerstag, 14. Oktober 2010 03:17
 An: samba@lists.samba.org
 Betreff: [Samba] New to Linux and Samba
 
 I can't seem to get Samba working correctly, when I set it up with SWAT I am 
 able to see the server from my windows p.c. but when I try to connect, I just 
 get the following error message. I attached my config file. Hopefully someone 
 can help. It seems pretty simple but I just don't understand enough about 
 this to figure it out on my own. Some basic info: I'm using Fedora 13, I 
 installed samba-3.5.2-60.fc13(x86_64) using the package manager.
 
 Thanks
 Michael
 

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Problems with Windows 7 on domain, Samba server not

[Joshua J. Kugler]

On Wednesday 13 October 2010, Gaiseric Vandal elucidated thus:
 Do you have an account (or accounts) for on the samba server for the
 Windows user(s)?  Are the passwords the same?
 Does the samba server workgroup name match the domain name on the
 windows clients?

 Can you use the username map option in smb.conf and have a username
 map file that maps DOMAIN/user to user ?

Here is the debug level 10 log for trying to connect via 
Start-Run-hostname.

http://pastebin.org/213949

Again, it works without issue from the command line via 'net use...'

j


-- 
Joshua Kugler
Part-Time System Admin/Programmer
http://www.eeinternet.com - Fairbanks, AK
PGP Key: http://pgp.mit.edu/  ID 0x73B13B6A
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Problems with Windows 7 on domain, Samba server not

[Joshua J. Kugler]

[Accidentally sent this to Gaiseric. Oops]

On Wednesday 13 October 2010, Gaiseric Vandal elucidated thus:
 Do you have an account (or accounts) for on the samba server for the
 Windows user(s)?

The account names are the same on the server and in the domain.

 Are the passwords the same? 

No. Their domain password is not the same as their system password.

 Does the samba server workgroup name match the domain name on the
 windows clients?

No.

 Can you use the username map option in smb.conf and have a username
 map file that maps DOMAIN/user to user ?

Had not tried that,  But neither

OUR_DOMAIN\jkugler

nor

OUR_DOMAIN/jkugler

allows me to log in from the Windows 7 system, so I'm not sure what's up 
there.

As I mentioned, using

net use w: \\server_name * /USER:user_name

works just fine.

j


 On 10/12/2010 06:45 PM, Joshua J. Kugler wrote:
  I've googled and read, and haven't run across any solutions to this
  problem. Yes, I know about the Network Security: LAN Manager
  authentication level change, but, as you will see, this isn't the
  issue.
 
  Samba 3.4.7
  Windows 7
 
  Windows machine is on a domain. Samba box is *not* on a domain.
 
  Windows insists on adding the domain to the user name when browsing
  to Samba machine. Saving credentials and editing in Credential
  Manager kind of works, and the Samba share will open once the
  password is entered yet another time (don't know why)but it only
  saves it until logout.
 
  Adding the samba host/user/pass in Generic Credentials doesn't seem
  to make windows use that user/pass for that host.  Ideas?
 
  Oh, and using 'net use...' with the Samba system's user/pass works
  just GREAT, and we may resort to that, but were trying to avoid it.
 
  Any other tricks I can do? So users can easily log in from the GUI?
 
  j



-- 
Joshua Kugler
Part-Time System Admin/Programmer
http://www.eeinternet.com - Fairbanks, AK
PGP Key: http://pgp.mit.edu/  ID 0x73B13B6A
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Permitting guest printer access with ADS security

[Madhusudan Singh]

I forgot to add that the file server is working fine.

On Thu, Oct 14, 2010 at 4:57 PM, Madhusudan Singh 
singh.madhusu...@gmail.com wrote:

 I am using security = ads to authenticate users to my Samba server.

 I want to allow guest access to Samba print server at the same time.

 This is my smb.conf:

 [global]
 workgroup = workgroup name
 realm = realm name
  server string = %h server (Samba, Ubuntu)
 security = ADS
 map to guest = Bad User
  obey pam restrictions = Yes
 password server = password server
 pam password change = Yes
  passwd program = /usr/bin/passwd %u
 passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:*
 %n\n *password\supdated\ssuccessfully* .
  unix password sync = Yes
 syslog = 0
 log file = /var/log/samba/log.%m
  max log size = 1000
 printcap name = cups
 disable spoolss = Yes
  show add printer wizard = No
 domain master = No
 dns proxy = No
  panic action = /usr/share/samba/panic-action %d
 idmap uid = 500-100
 idmap gid = 500-100
  template shell = /bin/bash
 winbind separator = +
 winbind use default domain = Yes
  hosts allow = 10.0.0.0/8, 127.0.0.1
 hosts deny = ALL

 [homes]
 comment = Home Directories
 invalid users = root, bin, daemon, nobody, named, sys, tty, disk, users
  valid users = %U
 write list = @fileusers
 read only = No
  create mask = 0700
 directory mask = 0700
 browseable = No
  browsable = No

 [printers]
 comment = All Printers
  path = /var/spool/samba
 guest ok = Yes
 printable = Yes
  use client driver = Yes
 browseable = No
 browsable = No

 [hpprinter]
 comment = HP Printer
 path = /var/spool/samba
  create mask = 0700
 guest ok = Yes
 printable = Yes
  browseable = No
 browsable = No

 

 However, I keep getting requests for authentication when I try to print to
 smb://servername/hpprinter.

 Cups printing on the server works perfectly.

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Problems with Windows 7 on domain, Samba server not

[Gaiseric Vandal]

Can you try setting one of the user's samba password to match the system 
password?
Do you have an XP machines?I read somewhere that Win 7 and XP handle 
caching credentials for network shares differently.


I don't know if that will help anything -  it may just indicate that 
your issue is a feature of Windows 7 and not an actual bug.




On 10/15/2010 04:09 PM, Joshua J. Kugler wrote:

[Accidentally sent this to Gaiseric. Oops]

On Wednesday 13 October 2010, Gaiseric Vandal elucidated thus:
   

Do you have an account (or accounts) for on the samba server for the
Windows user(s)?
 

The account names are the same on the server and in the domain.

   

Are the passwords the same?
 

No. Their domain password is not the same as their system password.

   

Does the samba server workgroup name match the domain name on the
windows clients?
 

No.

   

Can you use the username map option in smb.conf and have a username
map file that maps DOMAIN/user to user ?
 

Had not tried that,  But neither

OUR_DOMAIN\jkugler

nor

OUR_DOMAIN/jkugler

allows me to log in from the Windows 7 system, so I'm not sure what's up
there.

As I mentioned, using

net use w: \\server_name * /USER:user_name

works just fine.

j

   

On 10/12/2010 06:45 PM, Joshua J. Kugler wrote:
 

I've googled and read, and haven't run across any solutions to this
problem. Yes, I know about the Network Security: LAN Manager
authentication level change, but, as you will see, this isn't the
issue.

Samba 3.4.7
Windows 7

Windows machine is on a domain. Samba box is *not* on a domain.

Windows insists on adding the domain to the user name when browsing
to Samba machine. Saving credentials and editing in Credential
Manager kind of works, and the Samba share will open once the
password is entered yet another time (don't know why)but it only
saves it until logout.

Adding the samba host/user/pass in Generic Credentials doesn't seem
to make windows use that user/pass for that host.  Ideas?

Oh, and using 'net use...' with the Samba system's user/pass works
just GREAT, and we may resort to that, but were trying to avoid it.

Any other tricks I can do? So users can easily log in from the GUI?

j
   



   


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Network Browsing

[Doug Sampson]

Hello,

We use a Ricoh Aficio 3035 copier which has multiple functions- one of
them is to scan to a folder via SMB/FTP/NFS. We've chosen to scan
documents into PDF documents via SMB to user's shared folders on a
Windows NT server for several years with no issues. About a year ago the
user's folders location was changed to one on Windows 2003 Server also
with no problems. Last week I attempted to change the location of the
folders to a Samba server and ran into problems. Working through this
problem, I eventually discovered that while I could see all Windows and
Samba servers from the copier, I could not browse into any of our Samba
servers' shares. I can see shares under all Windows servers but not on
any of the Samba servers. Now, all of our Windows and Mac clients can
browse through all shared on both Windows and Samba servers on the
network just fine.

When using the SMB method, the copier uses a workgroup name of the old
NT domain name and also the username and password of an administrator.
The network is currently in mixed mode. Haven't upgraded to pure AD mode
just yet. All of the Samba servers are using the AD realm method and
appear to serve successfully.

Is it the copier misconfigured or are the Samba servers misconfigured?
Our smb.conf for all of the servers are generally like this:

#=== Global Settings
=
[global]
security = ads
realm = DAWNSIGN.COM
workgroup = nt domain name
password server = 192.168.xxx.xxx 192.168.xxx.xxx 
server string = CETUS
netbios name = Cetus
encrypt passwords = yes 
ldap ssl = no 
unix extensions = no
name resolve order = hosts wins dns lmhosts bcast
wins server = 192.168.xxx.xxx
socket options = TCP_NODELAY IPTOS_LOWDELAY SO_KEEPALIVE
load printers = no
disable spoolss = yes
# Uncomment this if you want a guest account, you must add this to
/etc/passwd
# otherwise the user nobody is used
#guest account = nobody 
guest account = nt domain name-admin 

# Log settings
log level = 1
log file = /var/log/samba34/log.%m
max log size = 50
syslog = 1

# Browser settings
local master = no
domain master = no
preferred master = no

# ACL settings
#inherit acls = yes
acl compatibility = auto
acl check permissions = yes
acl map full control = yes
dos filemode = yes

# Use inherited ACLs for directories
nt acl support = yes
#inherit acls = yes
#map acl inherit = yes

# Config domain security
;idmap backend = ad
;idmap alloc config: range = 50001 - 10
idmap uid = 50001 - 10
idmap gid = 50001 - 10

;idmap config MYDOMAIN:default  = yes
;idmap config MYDOMAIN:backend  = ad
;idmap config MYDOMAIN:range= 1 - 5
;idmap config MYDOMAIN:schema-mode  = sfu
hosts allow = 192.168.xxx., 192.168.xxx., 127., 10.8.xxx.

# Winbind settings
# Enable offline logon support
winbind offline logon = yes
winbind enum users = yes
winbind enum groups = yes
;winbind nss info = sfu
winbind nested groups = yes
winbind separator = -
winbind use default domain = no
allow trusted domains = no
;client schannel = no

# client settings
template homedir = /home/%D/%U

admin users = nt domain name-doug nt domain name-admin @nt domain
name-domain admins

# Share Definitions
==
# [homes]
#   comment = Home Directories
#   browseable = no
#   writable = yes
; File creation mask is set to 0700 for security reasons. If you want to
; create files with group=rw permissions, set next parameter to 0775.
#   create mask = 700
; Directory creation mask is set to 0700 for security reasons. If you
want to
; create dirs. with group=rw permissions, set next parameter to 0775
#   directory mask = 700

[shared]
   comment = Shared Folders
   browseable = yes
   path = /home/nt domain name/shared
   public = yes
   writeable = yes
   create mask = 2774
   directory mask = 2774
   delete veto files = Yes
   veto files = /lost+found/Network Trash
Folder/TheFindByContentFolder/TheVolumeSettingsFolder/._.DS_Store/
   hide files =
/_*/:*/.*/.AppleDB/.AppleDouble/.bin/.AppleDesktop/Temporary
Items/.DS_Store/*.gmon


The scanned documents go to the shared share. I use the nt domain
name-admin username to authenticate the transfer of the scanned
documents from the copier into the shared share. When switching from
the Windows server to the Samba server, I get an error message on the
copier as follows:

Authentication with the destination has failed. Check settings.

I tried the public = yes statement and specified the guest account =
nt domain name-admin in conjunction with public = yes but no dice.
This share should be available to anyone. I tried the valid users = nt
domain name-admin statement to no effect.

What am I doing wrong? Or is it the Ricoh copier?

Using Samba 3.4 on FreeBSD 7.3/8.1 servers.

~Doug
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Restricting samba subfolder acl changes to admin users

[Jeremy Allison]

On Fri, Oct 15, 2010 at 07:09:02AM -0400, suresh.kanduk...@emc.com wrote:
 Got it Volker . Thanks .
 
 once final Q is ,I have admin user in NAS . for a share test , he has given 
 write access to user user1  and  read access for a  subfolder - 
 testsubdir in share test .
 when user1 logged into share  test,  he could not write into testsubdir. 
 obviously it is because he has read access on the folder an most restrictive 
 access will be effective.
 
 and the problem is since the user1 has write access to share , he is able to 
 change the  read access on the sub folder by himself. why samba is allowing 
 this ? since effectively user1 has read access on the sub folder testsubdir 
 it should deny acl changes on that right?.


You are confusing write access on a share ACL, with write access on a
directory.

If a user only has read access on a share ACL, he will only be able
to read data on that share, no modifications to any files/folders or
ACLs will be allowed.

If a user has write access on a share ACL, then he can modify anything
inside that share that the underlying filesystem gives him rights to
do so (if you're using POSIX ACLs/permissions, not Windows ACLs).

So, when you complain that user1 can change the permissions on a sub
folder, look at the owner and permissions on that sub folder. If user1
has permission to write into the containing directory, he can modify
anything within it (according to the POSIX specs.).

Samba will override the POSIX permissions if dos filemode is set:
See the smb.conf man page:

   dos filemode (S)

   The default behavior in Samba is to provide UNIX-like behavior where 
only the owner of a
   file/directory is able to change the permissions on it. However, 
this behavior is often
   confusing to DOS/Windows users. Enabling this parameter allows a 
user who has write access to
   the file (by whatever means, including an ACL permission) to modify 
the permissions
   (including ACL) on it. Note that a user belonging to the group 
owning the file will not be
   allowed to change permissions if the group is only granted read 
access. Ownership of the
   file/directory may also be changed. Note that using the VFS modules 
acl_xattr or acl_tdb
   which store native Windows as meta-data will automatically turn this 
option on for any share
   for which they are loaded, as they require this option to emulate 
Windows ACLs correctly.

This might be what you're seeing.

If you want the client to only see Windows ACLs, look into the
vfs objects = acl_xattr option. There are a few bugs in it,
which I've currently fixed for 3.6.0 (and am preparing a back
port for the next 3.5.x release).

Jeremy.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Build status as of Fri Oct 15 06:00:01 2010

[build]

URL: http://build.samba.org/

--- /home/build/master/cache/broken_results.txt.old 2010-10-14 
00:00:02.0 -0600
+++ /home/build/master/cache/broken_results.txt 2010-10-15 00:00:03.0 
-0600
@@ -1,4 +1,4 @@
-Build status as of Thu Oct 14 06:00:01 2010
+Build status as of Fri Oct 15 06:00:01 2010
 
 Build counts:
 Tree Total  Broken Panic 
@@ -15,7 +15,7 @@
 samba-web0  0  0 
 samba_3_current 32 32 5 
 samba_3_master 32 24 0 
-samba_3_next 32 29 0 
+samba_3_next 32 30 0 
 samba_4_0_test 36 31 0 
 talloc   32 8  0 
 tdb  30 11 0 

[SCM] Samba Shared Repository - branch master updated

[Matthias Dieter Wallnöfer]

The branch, master has been updated
   via  f794563 s4:lib/registry/util.c - cosmetic - fix indentation, 
trailing whitespaces
   via  7be36a0 s4:lib/registry/util.c - strtoll call - better say 
explicitly that data is in hex format
   via  8055074 s4:ntptr/ntptr_simple_ldb.c - use LDB result constants
   via  c362ce3 s4:libnet_samsync_ldb.c - use LDB result constants
   via  ace4378 s4:lsa RPC server - use LDB result constant
   via  b647b2d s4:samldb LDB module - cosmetic - use ldb variable rather 
than ldb_module_get_ctx
   via  9310da1 s4:samdb_create_foreign_security_principal - proof error 
code of samdb_msg_add_string
   via  9e69b22 s4:dsdb/common/util.c - samdb_msg_add_* calls - proof for 
more OOM conditions
   via  06ec5d0 s4:dsdb/common/util.c - samdb_msg_add_string - the 
attribute name doesn't need to be duplicated
   via  d099f86 s4:libds/common/flags.h - fix typo
  from  9bc57e1 s4:dsdb - remove samdb_msg_add_value

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit f794563267ca26b62d844d87b5a4fa3668fb803c
Author: Matthias Dieter Wallnöfer m...@samba.org
Date:   Thu Oct 14 10:54:50 2010 +0200

s4:lib/registry/util.c - cosmetic - fix indentation, trailing whitespaces

Autobuild-User: Matthias Dieter Wallnöfer m...@samba.org
Autobuild-Date: Fri Oct 15 07:27:07 UTC 2010 on sn-devel-104

commit 7be36a0bd99ce7f6391ea49b66ca809380189c36
Author: Matthias Dieter Wallnöfer m...@samba.org
Date:   Thu Oct 14 10:50:19 2010 +0200

s4:lib/registry/util.c - strtoll call - better say explicitly that data is 
in hex format

Template is commit deebc934edb9a0a70e7615b1161d7a60fcb1d78f from Wilco.

commit 80550746ffbb09658ce19520e853e218d793635e
Author: Matthias Dieter Wallnöfer m...@samba.org
Date:   Thu Oct 14 22:38:10 2010 +0200

s4:ntptr/ntptr_simple_ldb.c - use LDB result constants

commit c362ce36b36937571cf0d4ac8d015f09848a9780
Author: Matthias Dieter Wallnöfer m...@samba.org
Date:   Thu Oct 14 22:25:40 2010 +0200

s4:libnet_samsync_ldb.c - use LDB result constants

commit ace4378de19371994e8e4c0d1a2d61bb9c039ea7
Author: Matthias Dieter Wallnöfer m...@samba.org
Date:   Thu Oct 14 21:54:26 2010 +0200

s4:lsa RPC server - use LDB result constant

commit b647b2d5b366a6720adc88918c2bd3d6b16bcd13
Author: Matthias Dieter Wallnöfer m...@samba.org
Date:   Thu Oct 14 17:00:19 2010 +0200

s4:samldb LDB module - cosmetic - use ldb variable rather than 
ldb_module_get_ctx

commit 9310da1e2b483cbf9899ad1ebcdfd07f7c0eeac0
Author: Matthias Dieter Wallnöfer m...@samba.org
Date:   Thu Oct 14 22:36:07 2010 +0200

s4:samdb_create_foreign_security_principal - proof error code of 
samdb_msg_add_string

commit 9e69b22e70a6e119255e8e3d37964e6ae16ade09
Author: Matthias Dieter Wallnöfer m...@samba.org
Date:   Thu Oct 14 22:43:33 2010 +0200

s4:dsdb/common/util.c - samdb_msg_add_* calls - proof for more OOM 
conditions

commit 06ec5d0177ac3bcd2b12f6279b23bc0a02f93bf9
Author: Matthias Dieter Wallnöfer m...@samba.org
Date:   Thu Oct 14 22:41:06 2010 +0200

s4:dsdb/common/util.c - samdb_msg_add_string - the attribute name doesn't 
need to be duplicated

This is done internally by the LDB library - look at ldb_msg_add_empty.

commit d099f86a373e4e8dd11c7736ffbce177a910db9f
Author: Matthias Dieter Wallnöfer m...@samba.org
Date:   Thu Oct 14 11:31:44 2010 +0200

s4:libds/common/flags.h - fix typo

---

Summary of changes:
 libds/common/flags.h|2 +-
 source4/dsdb/common/util.c  |   22 +--
 source4/dsdb/samdb/ldb_modules/samldb.c |2 +-
 source4/lib/registry/util.c |   23 ++-
 source4/libnet/libnet_samsync_ldb.c |   30 +-
 source4/ntptr/simple_ldb/ntptr_simple_ldb.c |4 +-
 source4/rpc_server/lsa/dcesrv_lsa.c |2 +-
 7 files changed, 47 insertions(+), 38 deletions(-)


Changeset truncated at 500 lines:

diff --git a/libds/common/flags.h b/libds/common/flags.h
index 44a5014..a10fa48 100644
--- a/libds/common/flags.h
+++ b/libds/common/flags.h
@@ -208,7 +208,7 @@
 /* wellknown GUIDs for optional directory features */
 #define DS_GUID_FEATURE_RECYCLE_BIN  
766ddcd8-acd0-445e-f3b9-a7f9b6744f2a
 
-/* dsHeurisrics character indexes see MS-ADTS 7.1.1.2.4.1.2 */
+/* dsHeuristics character indexes see MS-ADTS 7.1.1.2.4.1.2 */
 
 #define DS_HR_SUPFIRSTLASTANR 0x0001
 #define DS_HR_SUPLASTFIRSTANR 0x0002
diff --git a/source4/dsdb/common/util.c b/source4/dsdb/common/util.c
index 18a8669..d0fc3b1 100644
--- a/source4/dsdb/common/util.c
+++ b/source4/dsdb/common/util.c
@@ -770,12 +770,11 @@ int samdb_find_or_add_attribute(struct ldb_context *ldb, 
struct ldb_message *msg
 

[SCM] Samba Shared Repository - branch master updated

[Matthieu Patou]

The branch, master has been updated
   via  666e0c3 s4 param: change messaging directory name from messaging to 
msg
   via  34f12d5 s4 dsdb: fix sign problem on PPC and x86
  from  f794563 s4:lib/registry/util.c - cosmetic - fix indentation, 
trailing whitespaces

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit 666e0c3cce32c259dfaaf03383fac58940994dbc
Author: Matthieu Patou m...@matws.net
Date:   Fri Oct 15 10:16:46 2010 +0400

s4 param: change messaging directory name from messaging to msg

This saves 6 chars and as in some installation users tends to install
samba in directory with very long name they have a problem with the
sockets.
It will also ease the pain on buildfarms as we tend to have very long
environnement name (ie. vampire_dc) in path that are already quite long
leading also to errors on unix socket manipulation.

Autobuild-User: Matthieu Patou m...@samba.org
Autobuild-Date: Fri Oct 15 08:15:56 UTC 2010 on sn-devel-104

commit 34f12d541b0bb2e7d931968b2079dfb7ba84d692
Author: Matthieu Patou m...@matws.net
Date:   Thu Oct 14 17:56:23 2010 +0400

s4 dsdb: fix sign problem on PPC and x86

In LDAP we used signed intege and groups have the highest bit set (ie.
0x8002). So it will result with values that are  2^31 when these
value are used on some plateforms (x86 and PPC 64bits in this case) it
causes problem with strtol.

---

Summary of changes:
 source4/dsdb/samdb/ldb_modules/samldb.c |4 ++--
 source4/param/util.c|2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c 
b/source4/dsdb/samdb/ldb_modules/samldb.c
index 400ae81..ff110b7 100644
--- a/source4/dsdb/samdb/ldb_modules/samldb.c
+++ b/source4/dsdb/samdb/ldb_modules/samldb.c
@@ -793,7 +793,7 @@ static int samldb_objectclass_trigger(struct samldb_ctx *ac)
/* Step 1.2: Default values */
ret = samdb_find_or_add_attribute(ldb, ac-msg,
userAccountControl,
-   talloc_asprintf(ac-msg, %u, UF_NORMAL_ACCOUNT));
+   talloc_asprintf(ac-msg, %d, UF_NORMAL_ACCOUNT));
if (ret != LDB_SUCCESS) return ret;
ret = samdb_find_or_add_attribute(ldb, ac-msg,
badPwdCount, 0);
@@ -896,7 +896,7 @@ static int samldb_objectclass_trigger(struct samldb_ctx *ac)
/* Step 2.2: Default values */
ret = samdb_find_or_add_attribute(ldb, ac-msg,
groupType,
-   talloc_asprintf(ac-msg, %u, 
GTYPE_SECURITY_GLOBAL_GROUP));
+   talloc_asprintf(ac-msg, %d, 
GTYPE_SECURITY_GLOBAL_GROUP));
if (ret != LDB_SUCCESS) return ret;
 
/* Step 2.3: groupType - sAMAccountType */
diff --git a/source4/param/util.c b/source4/param/util.c
index dd1d319..6953857 100644
--- a/source4/param/util.c
+++ b/source4/param/util.c
@@ -296,7 +296,7 @@ init_module_fn *load_samba_modules(TALLOC_CTX *mem_ctx, 
struct loadparm_context
 const char *lpcfg_messaging_path(TALLOC_CTX *mem_ctx,
   struct loadparm_context *lp_ctx)
 {
-   return smbd_tmp_path(mem_ctx, lp_ctx, messaging);
+   return smbd_tmp_path(mem_ctx, lp_ctx, msg);
 }
 
 struct smb_iconv_convenience *smb_iconv_convenience_reinit_lp(TALLOC_CTX 
*mem_ctx,


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - branch master updated

[Matthias Dieter Wallnöfer]

The branch, master has been updated
   via  10e1de3 s4:samdb_msg_add_int* - use ldb_msg_add_string rather 
than samdb_msg_add_string
  from  666e0c3 s4 param: change messaging directory name from messaging to 
msg

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit 10e1de3e06cf6b8a524f50685d6a675a2d49c9a9
Author: Matthias Dieter Wallnöfer m...@samba.org
Date:   Fri Oct 15 10:27:51 2010 +0200

s4:samdb_msg_add_int* - use ldb_msg_add_string rather than 
samdb_msg_add_string

ldb_msg_add_string is safe here since the integer has already been 
converted
to a string which is talloced on mem_ctx.

Autobuild-User: Matthias Dieter Wallnöfer m...@samba.org
Autobuild-Date: Fri Oct 15 09:11:49 UTC 2010 on sn-devel-104

---

Summary of changes:
 source4/dsdb/common/util.c |4 ++--
 1 files changed, 2 insertions(+), 2 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source4/dsdb/common/util.c b/source4/dsdb/common/util.c
index d0fc3b1..1d28771 100644
--- a/source4/dsdb/common/util.c
+++ b/source4/dsdb/common/util.c
@@ -929,7 +929,7 @@ int samdb_msg_add_int(struct ldb_context *sam_ldb, 
TALLOC_CTX *mem_ctx, struct l
if (s == NULL) {
return ldb_oom(sam_ldb);
}
-   return samdb_msg_add_string(sam_ldb, mem_ctx, msg, attr_name, s);
+   return ldb_msg_add_string(msg, attr_name, s);
 }
 
 /*
@@ -951,7 +951,7 @@ int samdb_msg_add_int64(struct ldb_context *sam_ldb, 
TALLOC_CTX *mem_ctx, struct
if (s == NULL) {
return ldb_oom(sam_ldb);
}
-   return samdb_msg_add_string(sam_ldb, mem_ctx, msg, attr_name, s);
+   return ldb_msg_add_string(msg, attr_name, s);
 }
 
 /*


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - branch master updated

[Andrew Tridgell]

The branch, master has been updated
   via  0061116 s4-test: fixed a typo in test_kinit.sh
   via  d59a342 s4-test: fixed test_kinit.sh time command test
   via  918d864 s4-net: exit with a failure when a command is unknown
   via  add7ddb script: the --tests option has been replaced by 
--test-command
   via  bda626d s4-finddcs: better debug messages to help track down DNS 
problems
   via  77a16bf s4-net: fix the dependence on command line ordering
  from  10e1de3 s4:samdb_msg_add_int* - use ldb_msg_add_string rather 
than samdb_msg_add_string

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit 006111646c0a032cc8d76cf54adfd55a79e18761
Author: Andrew Tridgell tri...@samba.org
Date:   Fri Oct 15 20:32:09 2010 +1100

s4-test: fixed a typo in test_kinit.sh

too many Ts

Autobuild-User: Andrew Tridgell tri...@samba.org
Autobuild-Date: Fri Oct 15 10:14:27 UTC 2010 on sn-devel-104

commit d59a342c7120fb5d997591ec7425d1560e947416
Author: Andrew Tridgell tri...@samba.org
Date:   Fri Oct 15 20:31:06 2010 +1100

s4-test: fixed test_kinit.sh time command test

passing -W breaks -k yes

commit 918d864a67fc4b94abe2d36dec32160a17eaa259
Author: Andrew Tridgell tri...@samba.org
Date:   Fri Oct 15 20:30:03 2010 +1100

s4-net: exit with a failure when a command is unknown

this ensures we don't pass bad tests in 'make test' if they call
unknown net commands

commit add7ddb2e01ff4000513e0136aa2bc305228e561
Author: Andrew Tridgell tri...@samba.org
Date:   Fri Oct 15 17:43:44 2010 +1100

script: the --tests option has been replaced by --test-command

commit bda626da8149d58b82c16015e30f22681e06a962
Author: Andrew Tridgell tri...@samba.org
Date:   Fri Oct 15 17:40:53 2010 +1100

s4-finddcs: better debug messages to help track down DNS problems

Pair-Programmed-With: Andrew Bartlett abart...@samba.org

commit 77a16bf5046e6026cc8ed8b96c15623c84a17ef7
Author: Andrew Tridgell tri...@samba.org
Date:   Fri Oct 15 12:10:02 2010 +1100

s4-net: fix the dependence on command line ordering

this fixes python net commands where you use a '-' option before the
command name

Pair-Programmed-With: Andrew Bartlett abart...@samba.org

---

Summary of changes:
 script/bisect-test.py|1 -
 source4/libcli/finddcs_cldap.c   |   13 -
 source4/utils/net/net.c  |   20 +++-
 testprogs/blackbox/test_kinit.sh |4 ++--
 4 files changed, 25 insertions(+), 13 deletions(-)


Changeset truncated at 500 lines:

diff --git a/script/bisect-test.py b/script/bisect-test.py
index accee7a..e4daa8c 100755
--- a/script/bisect-test.py
+++ b/script/bisect-test.py
@@ -9,7 +9,6 @@ import os, tempfile, sys
 from optparse import OptionParser
 
 parser = OptionParser()
-parser.add_option(, --tests, help=list of tests to run, default='*')
 parser.add_option(, --good, help=known good revision (default HEAD~100), 
default='HEAD~100')
 parser.add_option(, --bad, help=known bad revision (default HEAD), 
default='HEAD')
 parser.add_option(, --skip-build-errors, help=skip revision where make 
fails,
diff --git a/source4/libcli/finddcs_cldap.c b/source4/libcli/finddcs_cldap.c
index 011d35d..4c21f00 100644
--- a/source4/libcli/finddcs_cldap.c
+++ b/source4/libcli/finddcs_cldap.c
@@ -94,15 +94,18 @@ struct tevent_req *finddcs_cldap_send(TALLOC_CTX *mem_ctx,
}
 
if (io-in.server_address) {
+   DEBUG(4,(finddcs: searching for a DC by IP %s\n, 
io-in.server_address));
if (!finddcs_cldap_ipaddress(state, io)) {
return tevent_req_post(req, event_ctx);
}
} else if (strchr(state-domain_name, '.')) {
/* looks like a DNS name */
+   DEBUG(4,(finddcs: searching for a DC by DNS domain %s\n, 
state-domain_name));
if (!finddcs_cldap_srv_lookup(state, io, resolve_ctx, 
event_ctx)) {
return tevent_req_post(req, event_ctx);
}
} else {
+   DEBUG(4,(finddcs: searching for a DC by NBT lookup %s\n, 
state-domain_name));
if (!finddcs_cldap_nbt_lookup(state, io, resolve_ctx, 
event_ctx)) {
return tevent_req_post(req, event_ctx);
}
@@ -157,6 +160,8 @@ static bool finddcs_cldap_srv_lookup(struct 
finddcs_cldap_state *state,
state-srv_name = talloc_asprintf(state, _ldap._tcp.%s, 
io-in.domain_name);
}
 
+   DEBUG(4,(finddcs: looking for SRV records for %s\n, state-srv_name));
+
make_nbt_name(name, state-srv_name, 0);
 
creq = resolve_name_ex_send(resolve_ctx, state,
@@ -229,6 +234,8 @@ static void finddcs_cldap_next_server(struct 
finddcs_cldap_state *state)

[SCM] Samba Shared Repository - branch master updated

[Andreas Schneider]

The branch, master has been updated
   via  a8f26f6 s3-rpc_server: Normalize rpc_pipe_open_interface pipe name.
   via  f22e6cf s3-rpc_server: Make auth_serversupplied_info const.
   via  0195f35 s3-winbind: Fixed the build of idmap_rid.
  from  0061116 s4-test: fixed a typo in test_kinit.sh

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit a8f26f60ec97d23f9c0496797237ead8cc3feff1
Author: Andreas Schneider a...@samba.org
Date:   Thu Sep 16 10:49:39 2010 +0200

s3-rpc_server: Normalize rpc_pipe_open_interface pipe name.

Autobuild-User: Andreas Schneider a...@samba.org
Autobuild-Date: Fri Oct 15 12:15:45 UTC 2010 on sn-devel-104

commit f22e6cf3b73c04e8fada3b163567285b14840a16
Author: Andreas Schneider a...@samba.org
Date:   Wed Sep 15 17:24:08 2010 +0200

s3-rpc_server: Make auth_serversupplied_info const.

commit 0195f35ce1aaa5733e006b0b703ce29b6f080b57
Author: Andreas Schneider a...@samba.org
Date:   Fri Oct 15 13:32:08 2010 +0200

s3-winbind: Fixed the build of idmap_rid.

---

Summary of changes:
 source3/auth/server_info.c|2 +-
 source3/include/proto.h   |6 +++---
 source3/rpc_server/rpc_ncacn_np.c |   15 ++-
 source3/rpc_server/rpc_ncacn_np.h |6 +++---
 source3/winbindd/idmap_rid.c  |1 +
 5 files changed, 18 insertions(+), 12 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/auth/server_info.c b/source3/auth/server_info.c
index 344e8e9..c08c284 100644
--- a/source3/auth/server_info.c
+++ b/source3/auth/server_info.c
@@ -107,7 +107,7 @@ NTSTATUS serverinfo_to_SamInfo2(struct 
auth_serversupplied_info *server_info,
  already be initialized and is used as the talloc parent for its members.
 */
 
-NTSTATUS serverinfo_to_SamInfo3(struct auth_serversupplied_info *server_info,
+NTSTATUS serverinfo_to_SamInfo3(const struct auth_serversupplied_info 
*server_info,
uint8_t *pipe_session_key,
size_t pipe_session_key_len,
struct netr_SamInfo3 *sam3)
diff --git a/source3/include/proto.h b/source3/include/proto.h
index 3725ea3..650d431 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -199,7 +199,7 @@ NTSTATUS serverinfo_to_SamInfo2(struct 
auth_serversupplied_info *server_info,
uint8_t *pipe_session_key,
size_t pipe_session_key_len,
struct netr_SamInfo2 *sam2);
-NTSTATUS serverinfo_to_SamInfo3(struct auth_serversupplied_info *server_info,
+NTSTATUS serverinfo_to_SamInfo3(const struct auth_serversupplied_info 
*server_info,
uint8_t *pipe_session_key,
size_t pipe_session_key_len,
struct netr_SamInfo3 *sam3);
@@ -4083,13 +4083,13 @@ NTSTATUS rpcint_binding_handle(TALLOC_CTX *mem_ctx,
   struct dcerpc_binding_handle **binding_handle);
 NTSTATUS rpc_pipe_open_internal(TALLOC_CTX *mem_ctx,
const struct ndr_syntax_id *abstract_syntax,
-   struct auth_serversupplied_info 
*serversupplied_info,
+   const struct auth_serversupplied_info 
*serversupplied_info,
struct client_address *client_id,
struct messaging_context *msg_ctx,
struct rpc_pipe_client **presult);
 NTSTATUS rpc_pipe_open_interface(TALLOC_CTX *mem_ctx,
 const struct ndr_syntax_id *syntax,
-struct auth_serversupplied_info *server_info,
+const struct auth_serversupplied_info 
*server_info,
 struct client_address *client_id,
 struct messaging_context *msg_ctx,
 struct rpc_pipe_client **cli_pipe);
diff --git a/source3/rpc_server/rpc_ncacn_np.c 
b/source3/rpc_server/rpc_ncacn_np.c
index b6cf58b..f4c47fc 100644
--- a/source3/rpc_server/rpc_ncacn_np.c
+++ b/source3/rpc_server/rpc_ncacn_np.c
@@ -536,7 +536,7 @@ NTSTATUS rpcint_binding_handle(TALLOC_CTX *mem_ctx,
  */
 NTSTATUS rpc_pipe_open_internal(TALLOC_CTX *mem_ctx,
const struct ndr_syntax_id *abstract_syntax,
-   struct auth_serversupplied_info 
*serversupplied_info,
+   const struct auth_serversupplied_info 
*serversupplied_info,
struct client_address *client_id,
struct messaging_context *msg_ctx,

[SCM] Samba Shared Repository - branch master updated

[Matthias Dieter Wallnöfer]

The branch, master has been updated
   via  5339bad s4:torture/local/dbspeed.c - use LDB result constant
  from  a8f26f6 s3-rpc_server: Normalize rpc_pipe_open_interface pipe name.

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit 5339bad942759f8daa4ff04b0c204247478ed579
Author: Matthias Dieter Wallnöfer m...@samba.org
Date:   Fri Oct 15 20:18:22 2010 +0200

s4:torture/local/dbspeed.c - use LDB result constant

Autobuild-User: Matthias Dieter Wallnöfer m...@samba.org
Autobuild-Date: Fri Oct 15 19:11:32 UTC 2010 on sn-devel-104

---

Summary of changes:
 source4/torture/local/dbspeed.c |3 ++-
 1 files changed, 2 insertions(+), 1 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source4/torture/local/dbspeed.c b/source4/torture/local/dbspeed.c
index f66688d..62c1384 100644
--- a/source4/torture/local/dbspeed.c
+++ b/source4/torture/local/dbspeed.c
@@ -145,7 +145,8 @@ static bool ldb_add_record(struct ldb_context *ldb, 
unsigned rid)
return false;
}
 
-   if (ldb_msg_add_fmt(msg, UID, %u, rid) != 0) {
+   ret = ldb_msg_add_fmt(msg, UID, %u, rid);
+   if (ret != LDB_SUCCESS) {
talloc_free(msg);
return false;
}


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - branch master updated

[Jelmer Vernooij]

The branch, master has been updated
   via  68d1b3b heimdal Add missing dependencies on wind.
   via  613e03f heimdal_build: Allow using system wind.
  from  5339bad s4:torture/local/dbspeed.c - use LDB result constant

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit 68d1b3b5052f20bfd9ac8771c917b07a854d8fd3
Author: Jelmer Vernooij jel...@samba.org
Date:   Sat Oct 16 00:38:29 2010 +0200

heimdal Add missing dependencies on wind.

Autobuild-User: Jelmer Vernooij jel...@samba.org
Autobuild-Date: Fri Oct 15 23:20:22 UTC 2010 on sn-devel-104

commit 613e03f908bc0ff9e877f0eaf5fbcff0adbaf742
Author: Jelmer Vernooij jel...@samba.org
Date:   Sat Oct 16 00:31:10 2010 +0200

heimdal_build: Allow using system wind.

Please note that to use the system wind library the user explicitly has
to specify --bundled-library=!wind . Without that option we will always
use the included wind library.

---

Summary of changes:
 source4/heimdal_build/wscript_build |   98 +++---
 source4/heimdal_build/wscript_configure |   20 ++
 2 files changed, 69 insertions(+), 49 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source4/heimdal_build/wscript_build 
b/source4/heimdal_build/wscript_build
index ac6575a..86e6aa9 100644
--- a/source4/heimdal_build/wscript_build
+++ b/source4/heimdal_build/wscript_build
@@ -323,44 +323,6 @@ def HEIMDAL_BINARY(binname, source,
 )
 
 
-HEIMDAL_GENERATOR(
-name=HEIMDAL_ERRORLIST,
-rule=${PYTHON} ${SRC[0].abspath()} ${SRC[1].abspath()} 
${SRC[1].parent.abspath(env)},
-source = '../heimdal/lib/wind/gen-errorlist.py 
../heimdal/lib/wind/rfc3454.txt ../heimdal/lib/wind/stringprep.py',
-target = '../heimdal/lib/wind/errorlist_table.c 
../heimdal/lib/wind/errorlist_table.h'
-)
-
-
-HEIMDAL_GENERATOR(
-name = 'HEIMDAL_NORMALIZE_TABLE',
-rule=${PYTHON} ${SRC[0].abspath()} ${SRC[1].abspath()} 
${SRC[2].abspath()} ${SRC[1].parent.abspath(env)},
-source = '../heimdal/lib/wind/gen-normalize.py 
../heimdal/lib/wind/UnicodeData.txt 
../heimdal/lib/wind/CompositionExclusions-3.2.0.txt',
-target = '../heimdal/lib/wind/normalize_table.h 
../heimdal/lib/wind/normalize_table.c'
-)
-
-HEIMDAL_GENERATOR(
-name = 'HEIMDAL_COMBINING_TABLE',
-rule=${PYTHON} ${SRC[0].abspath()} ${SRC[1].abspath()} 
${SRC[1].parent.abspath(env)},
-source = '../heimdal/lib/wind/gen-combining.py 
../heimdal/lib/wind/UnicodeData.txt',
-target = '../heimdal/lib/wind/combining_table.h 
../heimdal/lib/wind/combining_table.c'
-)
-
-HEIMDAL_GENERATOR(
-name = 'HEIMDAL_BIDI_TABLE',
-rule=${PYTHON} ${SRC[0].abspath()} ${SRC[1].abspath()} 
${SRC[1].parent.abspath(env)},
-source = '../heimdal/lib/wind/gen-bidi.py ../heimdal/lib/wind/rfc3454.txt',
-target = '../heimdal/lib/wind/bidi_table.h 
../heimdal/lib/wind/bidi_table.c'
-)
-
-
-HEIMDAL_GENERATOR(
-name = 'HEIMDAL_MAP_TABLE',
-rule=${PYTHON} ${SRC[0].abspath()} ${SRC[2].abspath()} 
${SRC[2].parent.abspath(env)},
-source = '../heimdal/lib/wind/gen-map.py ../heimdal/lib/wind/stringprep.py 
../heimdal/lib/wind/rfc3454.txt',
-target = '../heimdal/lib/wind/map_table.h ../heimdal/lib/wind/map_table.c'
-)
-
-
 HEIMDAL_ASN1('HEIMDAL_SPNEGO_ASN1',
 source='../heimdal/lib/gssapi/spnego/spnego.asn1',
 options='--sequence=MechTypeList',
@@ -485,9 +447,6 @@ HEIMDAL_ERRTABLE('HEIMDAL_HX509_ERR_ET',
 '../heimdal/lib/hx509/hx509_err.et')
 
 
-HEIMDAL_ERRTABLE('WIND_ERR_ET',
-'../heimdal/lib/wind/wind_err.et')
-
 ROKEN_HOSTCC_SOURCE = '''
 ../heimdal/lib/roken/base64.c
 ../heimdal/lib/roken/ct.c
@@ -552,7 +511,7 @@ HEIMDAL_LIBRARY('kdc',
 includes='../heimdal/kdc',
 autoproto='../heimdal/kdc/kdc-protos.h',
 autoproto_private='../heimdal/kdc/kdc-private.h',
-deps='roken krb5 hdb HEIMDAL_HEIM_ASN1 HEIMDAL_DIGEST_ASN1 
HEIMDAL_KX509_ASN1 heimntlm HEIMDAL_HCRYPTO com_err',
+deps='roken krb5 hdb HEIMDAL_HEIM_ASN1 HEIMDAL_DIGEST_ASN1 
HEIMDAL_KX509_ASN1 heimntlm HEIMDAL_HCRYPTO com_err wind',
 vnum='2.0.0',
 )
 
@@ -581,7 +540,7 @@ HEIMDAL_LIBRARY('hdb',
 includes='../heimdal/lib/hdb',
 autoproto='../heimdal/lib/hdb/hdb-protos.h',
 autoproto_private='../heimdal/lib/hdb/hdb-private.h',
-deps='HDB_LDB krb5 HEIMDAL_HDB_KEYS roken HEIMDAL_HCRYPTO 
com_err HEIMDAL_HDB_ASN1',
+deps='HDB_LDB krb5 HEIMDAL_HDB_KEYS roken HEIMDAL_HCRYPTO 
com_err HEIMDAL_HDB_ASN1 wind',
 vnum='11.0.2',
 )
 
@@ -628,7 +587,7 @@ HEIMDAL_LIBRARY('gssapi',
 ../heimdal/lib/gssapi/mech/gss_export_sec_context.c 

[SCM] Samba Shared Repository - branch master updated

[Jeremy Allison]

The branch, master has been updated
   via  06fc79f Add acl_xattr:ignore system acls boolean (normally false) 
to allow Samba ACL module to ignore mapping to lower POSIX layer. With this fix 
Samba 3.6.x now passes RAW-ACLs (with certain smb.conf parameters set).
   via  cf45581 Add make_default_filesystem_acl() function to be used in 
following change to acl_xattr and acl_tdb module.
   via  1904c44 Fix handling of NULL DACL. Map to u/g/w - rwx.
   via  e031f8a Fix force unknown ACL user to strip out foreign SIDs from 
POSIX ACLs if they can't be mapped.
   via  f4a9d25 Add debug message to get_nt_acl_internal() to see what we 
got.
   via  625126d Fix valgrind uninitialized read error on info when 
returning !NT_STATUS_OK.
   via  8cad5e2 Fix bug #7734 - When creating files with inherit ACLs set 
to true, we neglect to apply appropriate create masks.
   via  92adb68 Fix bug #7733 - Invalid client DOS attributes on create can 
cause incorrect unix mode_t to be generated.
  from  68d1b3b heimdal Add missing dependencies on wind.

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit 06fc79f1fde5963ef89027e2cd297e866aa8c204
Author: Jeremy Allison j...@samba.org
Date:   Fri Oct 15 15:56:09 2010 -0700

Add acl_xattr:ignore system acls boolean (normally false) to allow
Samba ACL module to ignore mapping to lower POSIX layer. With this
fix Samba 3.6.x now passes RAW-ACLs (with certain smb.conf parameters
set).

Jeremy.

Autobuild-User: Jeremy Allison j...@samba.org
Autobuild-Date: Sat Oct 16 01:26:31 UTC 2010 on sn-devel-104

commit cf45581cdfbe60815c5b278f2c4cbceeb7ca1407
Author: Jeremy Allison j...@samba.org
Date:   Fri Oct 15 15:53:51 2010 -0700

Add make_default_filesystem_acl() function to be used in following change 
to acl_xattr and acl_tdb module.

commit 1904c44ec84fe5d706a4e07f73bad17d0948535a
Author: Jeremy Allison j...@samba.org
Date:   Fri Oct 15 15:42:44 2010 -0700

Fix handling of NULL DACL. Map to u/g/w - rwx.

Jeremy.

commit e031f8ae6aee266c0ebf0b53465906e215ac9561
Author: Jeremy Allison j...@samba.org
Date:   Fri Oct 15 15:28:23 2010 -0700

Fix force unknown ACL user to strip out foreign SIDs from POSIX ACLs if 
they can't be mapped.

commit f4a9d25cfc70e79f476d01ae3234f2155bbcf39e
Author: Jeremy Allison j...@samba.org
Date:   Fri Oct 15 14:18:22 2010 -0700

Add debug message to get_nt_acl_internal() to see what we got.

commit 625126dc8dec1198b94bda0643222f0b046587d8
Author: Jeremy Allison j...@samba.org
Date:   Fri Oct 15 14:16:30 2010 -0700

Fix valgrind uninitialized read error on info when returning 
!NT_STATUS_OK.

Jeremy.

commit 8cad5e23b6e2440a566def6fb138d484e3b47643
Author: Jeremy Allison j...@samba.org
Date:   Fri Oct 15 14:12:04 2010 -0700

Fix bug #7734 - When creating files with inherit ACLs set to true, we 
neglect to apply appropriate create masks.

Jeremy.

commit 92adb686372a9b67e47efb5b051bc351212f1780
Author: Jeremy Allison j...@samba.org
Date:   Fri Oct 15 13:30:07 2010 -0700

Fix bug #7733 - Invalid client DOS attributes on create can cause incorrect 
unix mode_t to be generated.

It turns out a client can send an NTCreateX call for a new file, but specify
FILE_ATTRIBUTE_DIRECTORY in the attribute list. Windows silently strips 
this,
but we don't - causing the unix_mode() function to go through the mode bits
for new directory codepath, instead of the mode bits for new file 
codepath.

Jeremy.

---

Summary of changes:
 source3/include/proto.h  |4 +
 source3/modules/vfs_acl_common.c |   59 ++---
 source3/modules/vfs_acl_tdb.c|1 +
 source3/modules/vfs_acl_xattr.c  |2 +
 source3/modules/vfs_default.c|2 +-
 source3/smbd/open.c  |   11 ++-
 source3/smbd/posix_acls.c|  174 +-
 7 files changed, 216 insertions(+), 37 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/include/proto.h b/source3/include/proto.h
index 650d431..9a8cf67 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -5123,6 +5123,10 @@ bool set_unix_posix_default_acl(connection_struct *conn, 
const char *fname,
uint16 num_def_acls, const char *pdata);
 bool set_unix_posix_acl(connection_struct *conn, files_struct *fsp, const char 
*fname, uint16 num_acls, const char *pdata);
 struct security_descriptor *get_nt_acl_no_snum( TALLOC_CTX *ctx, const char 
*fname);
+NTSTATUS make_default_filesystem_acl(TALLOC_CTX *ctx,
+   const char *name,
+   SMB_STRUCT_STAT *psbuf,
+   struct security_descriptor **ppdesc);
 
 /* The following definitions come 

[SCM] Samba Shared Repository - branch master updated

[Jelmer Vernooij]

The branch, master has been updated
   via  50d3baff heimdal_build: Support using system asn1 library.
   via  12fa110 heimdal_build: Skip some hx509 code when using system hx509.
   via  8db6453 heimdal_build: Add comment with stub for finding the system 
libtommath.
   via  b244383 heimdal_build: Initial work on supporting an external 
heimdal library.
   via  471e57e heimdal_build: Support using system hx509 library when 
explicitly requested.
   via  3fe2bfd heimdal_build: Fix build with system roken.
   via  6852cc4 heimdal_build: Put version objects in a separate subsystem.
   via  2e038a7 heimdal: Support using system roken.
   via  7af5687 heimdal_build: Use existing functions for finding system 
libraries.
  from  06fc79f Add acl_xattr:ignore system acls boolean (normally false) 
to allow Samba ACL module to ignore mapping to lower POSIX layer. With this fix 
Samba 3.6.x now passes RAW-ACLs (with certain smb.conf parameters set).

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit 50d3baffb223999bd264cfa957003cd6189d9a8c
Author: Jelmer Vernooij jel...@samba.org
Date:   Sat Oct 16 03:27:02 2010 +0200

heimdal_build: Support using system asn1 library.

Autobuild-User: Jelmer Vernooij jel...@samba.org
Autobuild-Date: Sat Oct 16 02:14:32 UTC 2010 on sn-devel-104

commit 12fa11021916e32899fd4607be78d5cc7418fa04
Author: Jelmer Vernooij jel...@samba.org
Date:   Sat Oct 16 03:07:40 2010 +0200

heimdal_build: Skip some hx509 code when using system hx509.

commit 8db6453ae2b8ebb2dda06f5970a1bd5512632e3c
Author: Jelmer Vernooij jel...@samba.org
Date:   Sat Oct 16 02:57:57 2010 +0200

heimdal_build: Add comment with stub for finding the system libtommath.

commit b244383e75a5d9a6dab4c3fb0595a703a7c762e7
Author: Jelmer Vernooij jel...@samba.org
Date:   Sat Oct 16 02:48:06 2010 +0200

heimdal_build: Initial work on supporting an external heimdal library.

commit 471e57edf87373a352aca1d7b006360068b18274
Author: Jelmer Vernooij jel...@samba.org
Date:   Sat Oct 16 02:25:40 2010 +0200

heimdal_build: Support using system hx509 library when explicitly
requested.

commit 3fe2bfddda6149f6bf7402720226e9285f479fef
Author: Jelmer Vernooij jel...@samba.org
Date:   Sat Oct 16 02:15:36 2010 +0200

heimdal_build: Fix build with system roken.

commit 6852cc4a7a5601261ba31ee05388a4078e69c77c
Author: Jelmer Vernooij jel...@samba.org
Date:   Sat Oct 16 01:49:41 2010 +0200

heimdal_build: Put version objects in a separate subsystem.

commit 2e038a78fdcc9dc8a9f65de48176323ad68a3420
Author: Jelmer Vernooij jel...@samba.org
Date:   Sat Oct 16 00:58:56 2010 +0200

heimdal: Support using system roken.

commit 7af56875040c0d170d3313bb0e0c126d3f19aed8
Author: Jelmer Vernooij jel...@samba.org
Date:   Sat Oct 16 00:41:34 2010 +0200

heimdal_build: Use existing functions for finding system libraries.

---

Summary of changes:
 buildtools/wafsamba/samba_bundled.py   |2 +-
 source4/heimdal_build/replace.c|4 -
 source4/heimdal_build/{gssapi-glue.c = version.c} |   21 +-
 source4/heimdal_build/wscript_build|  462 ++--
 source4/heimdal_build/wscript_configure|   30 +-
 5 files changed, 266 insertions(+), 253 deletions(-)
 copy source4/heimdal_build/{gssapi-glue.c = version.c} (74%)


Changeset truncated at 500 lines:

diff --git a/buildtools/wafsamba/samba_bundled.py 
b/buildtools/wafsamba/samba_bundled.py
index 29b0a50..822e49c 100644
--- a/buildtools/wafsamba/samba_bundled.py
+++ b/buildtools/wafsamba/samba_bundled.py
@@ -104,7 +104,7 @@ def CHECK_BUNDLED_SYSTEM(conf, libname, minversion='0.0.0',
 '''helper function for CHECK_BUNDLED_SYSTEM'''
 if checkfunctions is None:
 return True
-if require_headers and headers and not conf.CHECK_HEADERS(headers):
+if require_headers and headers and not conf.CHECK_HEADERS(headers, 
lib=libname):
 return False
 return conf.CHECK_FUNCS_IN(checkfunctions, libname, headers=headers,
empty_decl=False, set_target=False)
diff --git a/source4/heimdal_build/replace.c b/source4/heimdal_build/replace.c
index 8c3def7..51393f6 100644
--- a/source4/heimdal_build/replace.c
+++ b/source4/heimdal_build/replace.c
@@ -83,7 +83,3 @@
return -1;
 }
 #endif
-
-const char *heimdal_version = samba-internal-heimdal;
-const char *heimdal_long_version = samba-interal-heimdal;
-
diff --git a/source4/heimdal_build/gssapi-glue.c 
b/source4/heimdal_build/version.c
similarity index 74%
copy from source4/heimdal_build/gssapi-glue.c
copy to source4/heimdal_build/version.c
index 0c27f51..8cceff1 100644
--- a/source4/heimdal_build/gssapi-glue.c
+++ b/source4/heimdal_build/version.c
@@ -1,28 +1,27 @@
-/*
+/* 
   

[SCM] Samba Shared Repository - branch master updated

[Jeremy Allison]

The branch, master has been updated
   via  bcdf781 Ensure we have correct parameters to use Windows ACL 
modules.
  from  50d3baff heimdal_build: Support using system asn1 library.

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit bcdf781545ae31f9ec7caf2c60f74d27a962de6d
Author: Jeremy Allison j...@samba.org
Date:   Fri Oct 15 19:54:51 2010 -0700

Ensure we have correct parameters to use Windows ACL modules.

Autobuild-User: Jeremy Allison j...@samba.org
Autobuild-Date: Sat Oct 16 03:36:04 UTC 2010 on sn-devel-104

---

Summary of changes:
 source3/modules/vfs_acl_tdb.c   |7 +--
 source3/modules/vfs_acl_xattr.c |6 --
 2 files changed, 9 insertions(+), 4 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/modules/vfs_acl_tdb.c b/source3/modules/vfs_acl_tdb.c
index 6364b7b..5fc1bc0 100644
--- a/source3/modules/vfs_acl_tdb.c
+++ b/source3/modules/vfs_acl_tdb.c
@@ -316,13 +316,16 @@ static int connect_acl_tdb(struct vfs_handle_struct 
*handle,
return -1;
}
 
-   /* Ensure we have inherit acls = yes if we're
+   /* Ensure we have the parameters correct if we're
 * using this module. */
DEBUG(2,(connect_acl_tdb: setting 'inherit acls = true' 
-   and 'dos filemode = true' for service %s\n,
+   'dos filemode = true' and 
+   'force unknown acl user = true' for service %s\n,
service ));
+
lp_do_parameter(SNUM(handle-conn), inherit acls, true);
lp_do_parameter(SNUM(handle-conn), dos filemode, true);
+   lp_do_parameter(SNUM(handle-conn), force unknown acl user, true);
 
return 0;
 }
diff --git a/source3/modules/vfs_acl_xattr.c b/source3/modules/vfs_acl_xattr.c
index e486e20..aa7aeae 100644
--- a/source3/modules/vfs_acl_xattr.c
+++ b/source3/modules/vfs_acl_xattr.c
@@ -185,14 +185,16 @@ static int connect_acl_xattr(struct vfs_handle_struct 
*handle,
return ret;
}
 
-   /* Ensure we have inherit acls = yes if we're
+   /* Ensure we have the parameters correct if we're
 * using this module. */
DEBUG(2,(connect_acl_xattr: setting 'inherit acls = true' 
-   and 'dos filemode = true' for service %s\n,
+   'dos filemode = true' and 
+   'force unknown acl user = true' for service %s\n,
service ));
 
 lp_do_parameter(SNUM(handle-conn), inherit acls, true);
 lp_do_parameter(SNUM(handle-conn), dos filemode, true);
+lp_do_parameter(SNUM(handle-conn), force unknown acl user, true);
 
return 0;
 }


-- 
Samba Shared Repository