[Samba] Grant computer account access to share?
Hi, I have a Microsoft application (SCCM) which I need to grant access to a samba share, however the service which reads the files can only authenticate using the computer account, there is option to configure it to use a domain account. Is there any way to grant a computer account access to a share? On windows I can simply add computer$ to the permissions but this doesn't seem to be possible. Failing that might somebody suggest where the samba code could be patched so that I could create a matching user account (computer with $ stripped) and have samba grant that access instead. Or a way to grant access based on the IP/name of the client? Thanks Andy -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Problem with joining WindowsXP to samba domain after upgrade from samba 3.5.11 to 3.6.1
Hi all. I had samba domain in version 3.5.11. Then i made upgrade to version 3.6.1. I use samba from Sernet on my centos 5.7 machine x86_64. After upgrade i restarted samba. Since then in my log i have reapeating message: Nov 10 09:27:59 165G6 smbd[25702]: [2011/11/10 09:27:59.246183, 0] rpc_server/netlogon/srv_netlog_nt.c:976(_netr_ServerAuthenticate3) Nov 10 09:27:59 165G6 smbd[25702]: _netr_ServerAuthenticate3: netlogon_creds_server_check failed. Rejecting auth request from client DKASPRZYK machine account DKASPRZYK$ Nov 10 09:28:00 165G6 smbd[25702]: [2011/11/10 09:28:00.117480, 0] rpc_server/netlogon/srv_netlog_nt.c:976(_netr_ServerAuthenticate3) Nov 10 09:28:00 165G6 smbd[25702]: _netr_ServerAuthenticate3: netlogon_creds_server_check failed. Rejecting auth request from client DKASPRZYK machine account DKASPRZYK$ Nov 10 09:28:03 165G6 smbd[25702]: [2011/11/10 09:28:03.928048, 0] rpc_server/netlogon/srv_netlog_nt.c:976(_netr_ServerAuthenticate3) Nov 10 09:28:03 165G6 smbd[25702]: _netr_ServerAuthenticate3: netlogon_creds_server_check failed. Rejecting auth request from client MBP-DKASPRZYK machine account DKASPRZYK$ Since then i can not join any machine with Windows XP to my domain. I see this in log of this machine: [2011/11/09 15:38:45.434190, 0] passdb/pdb_tdb.c:810(tdb_update_ridrec_only) Unable to modify TDB passwd: NT_STATUS_UNSUCCESSFUL! What is going on ? I will probably revert back to samba 3.5 line (3.5.12). Best regards, I.Piasecki -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba ghost folder on roaming profile
Hello list, nobody got a idea ? I am the only one with this issue ? Where sould I look to survey what happen when synchronisation occur ? Regards Sébastien Le 08/11/2011 17:00, sebastien PROUFF a écrit : Hello, a got a annoying issue with my samba pdc. ( v3.4.7) Here is my config : samba/ldap Pdc v3.4.7 (for samba) on ubuntu 10.04 lts I used roaming profile for my users, which are mostly with W7 OS. I got a synchronisation profile issue. If a delete a folder after I openned a session, when i close the session, and re oppen it, the folder is back again. It does not happen all the time, mostly when the folder is present from a while. ( several weeks) The files inside the folder are deleted. Does anybody encounter this issue ? What is the magic option in smb.conf to solve this problem ? Thanks in advance Sébastien -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] R: RE: R: Re: Dos/Unix newline translating
From: Riccardo Castellani ric.castell...@alice.it on Debian I'm using VIM 7.2.445 on RedHat I'm using VIM 6.3.82 Google found: http://vim.wikia.com/wiki/File_format Maybe that will solve your problem... JD -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] mangle a character or forbid/prohibit it's use when creating files/folders
hi everybody is it possible at all? thanks Pawel -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Unable to execute raw tests using lxc-execute.
Hi, I have doubt in executing raw.write tests using lxc-execute. When I execute it without lxc-execute it works fine i.e it performs raw.write testing. command :: root@nishant:/home/nishant/Desktop/samba-4.0.0alpha15# bin/smbtorture //localhost/ubuntu -Ubase%base_system raw.write This command works fine. We can see the o/p of this also, /***/ O/P:: Inside main() of smbtorture Indside torture_raw_write outside torture_raw_write The value of print_testsuite_list is :: 0 The argc_new is 3 and argc is 4 The list_tests is ::0 In for loop ::bin/smbtorture:: In for loop:://localhost/ubuntu:: In for loop::raw.write:: In for loop(null):: Using seed 1320930423 Inside smbtorture.c before subunit_ops_calling Inside smbtorture.c after subunit_ops_calling Ui_ops_name is 'subunit' The basedir is (null) The outputdir is :: /home/nishant/Desktop/samba-4.0.0alpha15/smbtortureXX The argc_new is 3The new argv inside loop is :: raw.write and i is 2time: 2011-11-10 18:37:03.361497 Before running the specific test We are running the test_suite in non restricted. Inside file subunit.c and func :: suite_start Inside file subunit.c and func :: suite_start and suite_name :: write progress: 4 Inside file subunit.c and func subunit_test_name:: test_name :: write and test_case_name :: write Inside file subunit.c and func subunit_test_start:: test_name :: write and test_case_name :: write test: write time: 2011-11-10 18:37:03.361930 Inside test_write :: The base_dir is \testwrite\test.txt Inside RAW.WRITE (test_write)and test_case name is :: write Inside RAW.WRITE (test_write)and test name is :: write Testing RAW_WRITE_WRITE Inside file subunit.c and func subunit_test_name:: test_name :: write and test_case_name :: write time: 2011-11-10 18:37:03.372680 failure: write [ ../source4/torture/raw/write.c:129: Failed to create \testwrite\test.txt - NT_STATUS_OBJECT_PATH_NOT_FOUND ] Inside file subunit.c and func subunit_test_name:: test_name :: write unlock and test_case_name :: write unlock Inside file subunit.c and func subunit_test_start:: test_name :: write unlock and test_case_name :: write unlock test: write unlock time: 2011-11-10 18:37:03.372749 Inside RAW.WRITE (test_writeunlock)and test_case name is :: write unlock Inside RAW.WRITE (test_writeunlock)and test name is :: write unlock inside writeunlock Testing RAW_WRITE_WRITEUNLOCK Trying zero write Trying small write Inside check_buffer outside check_buffer Inside check_buffer outside check_buffer Trying large write Inside check_buffer outside check_buffer Trying bad fnum Setting file as sparse Trying 2^32 offset Inside check_buffer outside check_buffer outside writeunlock Inside file subunit.c and func subunit_test_name:: test_name :: write unlock and test_case_name :: write unlock time: 2011-11-10 18:37:03.395429 success: write unlock Inside file subunit.c and func subunit_test_name:: test_name :: write close and test_case_name :: write close Inside file subunit.c and func subunit_test_start:: test_name :: write close and test_case_name :: write close test: write close time: 2011-11-10 18:37:03.395522 Inside RAW.WRITE (test_writeclose)and test_case name is :: write close Inside RAW.WRITE (test_writeclose)and test name is :: write close inside write_close Testing RAW_WRITE_WRITECLOSE Trying zero write Trying small write Inside check_buffer outside check_buffer Inside check_buffer outside check_buffer Trying large write Inside check_buffer outside check_buffer Trying bad fnum Setting file as sparse Trying 2^32 offset Inside check_buffer outside check_buffer outside write_close Inside file subunit.c and func subunit_test_name:: test_name :: write close and test_case_name :: write close time: 2011-11-10 18:37:03.423069 success: write close Inside file subunit.c and func subunit_test_name:: test_name :: writex and test_case_name :: writex Inside file subunit.c and func subunit_test_start:: test_name :: writex and test_case_name :: writex test: writex time: 2011-11-10 18:37:03.423138 Inside RAW.WRITE (test_writex)and test_case name is :: writex Inside RAW.WRITE (test_writex)and test name is :: writex Inside test_writex dangerous not set - limiting range of test to 2^33 Testing RAW_WRITE_WRITEX Trying zero write Trying small write Inside check_buffer outside check_buffer Trying large write Inside check_buffer outside check_buffer Trying bad fnum Testing wmode Trying locked region Setting file as sparse Trying 2^32 offset Inside check_buffer outside check_buffer limit is 2^33 outside test_writex Inside file subunit.c and func subunit_test_name:: test_name :: writex and test_case_name :: writex time: 2011-11-10 18:37:03.456223 success: writex Before the torture_deltree_outputdir
Re: [Samba] Samba4 and sysvol share
For beginners, I would like to contribute with the steps I followed to make Bind, Ntp and Samba4 work together on Debian Lenny. How can I do it? Make a wiki account, and then let me know the username. Try not to make a duplicate of the main HOWTO, but feel free to create a page with distribution-specific assistance. Andrew Bartlett Thank you. I made an account. Username: felixcarb. Felix. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Grant computer account access to share?
On Thu, Nov 10, 2011 at 2:24 AM, Andrew Lyon andrew.l...@gmail.com wrote: Hi, I have a Microsoft application (SCCM) which I need to grant access to a samba share, however the service which reads the files can only authenticate using the computer account, there is option to configure it to use a domain account. do you mean to say that it's a windows service that's Log On tab is set to local system? because authenticate using the computer account isn't a thing. A windows service running as local system does not have permissions to access network resources at all. This is a windows restriction, you have to have the account log on as a local or domain user if you want it to be able to access the network. Is there any way to grant a computer account access to a share? On windows I can simply add computer$ to the permissions but this doesn't seem to be possible. without reading man smb.conf again, there used to be an option that you could set allowed and denied client IP addresses, and basically make the share public otherwise. I don't know if the option still exists in recent versions, my understanding is that it is trivially easy to spoof. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Grant computer account access to share?
On Thu, Nov 10, 2011 at 2:48 PM, Chris Weiss cwe...@gmail.com wrote: On Thu, Nov 10, 2011 at 2:24 AM, Andrew Lyon andrew.l...@gmail.com wrote: Hi, I have a Microsoft application (SCCM) which I need to grant access to a samba share, however the service which reads the files can only authenticate using the computer account, there is option to configure it to use a domain account. do you mean to say that it's a windows service that's Log On tab is set to local system? because authenticate using the computer account isn't a thing. A windows service running as local system does not have permissions to access network resources at all. This is a windows restriction, you have to have the account log on as a local or domain user if you want it to be able to access the network. Yes exactly that, in order to give the service access to windows shares on other windows servers I can open the share properties, select permissions, add, and add permissions for the ad computer account, like this: http://oi44.tinypic.com/3007f36.jpg notice the computer icon and trailing $, then a service running as local system can then access the share, here computer management is showing the connected machine http://oi41.tinypic.com/11wedl3.jpg, I can also run cmd.exe as system using sysinternals psexec and access the share. I assume that when the computer boots up it logs on to AD and thus permissions can be granted directly to its AD account, its quite an unusual thing to do and I think it is very bad design that MS provide no way to configure a user account that the service uses to access the share but thats just how it works. Is there any way to grant a computer account access to a share? On windows I can simply add computer$ to the permissions but this doesn't seem to be possible. without reading man smb.conf again, there used to be an option that you could set allowed and denied client IP addresses, and basically make the share public otherwise. I don't know if the option still exists in recent versions, my understanding is that it is trivially easy to spoof. It doesn't really matter how I end up making this work, if I have to run another instance of samba on a different IP and run a separate cable/vlan then that's what i will do, at the moment I'm struggling to find any combination of smb.conf options that allow the process to access the share. Andy -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] User authentication log
We've changed the password for the administrator account, once it was changed a few minutes later the administrator account locked out, Something is set to log in as admin on our network whether it be a share set up with those credentials,, not sure at this point.. I'm having trouble finding any logs of failed login attempts, and would like some help on getting the proper logging or pointers on what to grep for from the logs, or anything that will point me in the right direction to find the nodes in questions? I have an openldap backend.. Right now for logging I have #log file = /var/log/samba/%m.%U.log log file = /var/log/samba/%m.log log level = 5 vfs objects = full_audit full_audit:prefix = %u|%I|%m|%S full_audit:success = connect mkdir rename rmdir #full_audit:success = all full_audit:failure = none full_audit:facility = LOCAL7 full_audit:priority = alert Thank you Very much, Aaron -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] wbinfo --ping can't find winbind?
I have compiled 3.5.12 from source on CentOS 5.7. I am using krb5.conf, smb.conf files that have worked with other 3.5.x installs of Samba (at least in terms of wbinfo working) but now I am not able to get any data from winbind. The server is running and the logs don't report any errors. I had done several 'make uninstall' while compiling/recompiling with different options. Could the problem somehow be related? [root@sambatest samba]# bin/wbinfo -u Error looking up domain users [root@sambatest samba]# bin/wbinfo --ping Ping to winbindd failed could not ping winbindd! [root@sambatest samba]# ps -ef | grep winbin root 3743 1 0 10:19 ?00:00:00 sbin/winbindd -D root 3744 3743 0 10:19 ?00:00:00 sbin/winbindd -D root 3838 3709 0 10:42 pts/000:00:00 grep winbin [root@sambatest samba]# tail var/log.winbindd [2011/11/10 10:19:35, 0] winbindd/winbindd.c:1102(main) winbindd version 3.5.12 started. Copyright Andrew Tridgell and the Samba Team 1992-2010 [2011/11/10 10:19:35.733572, 0] winbindd/winbindd_cache.c:3076(initialize_winbindd_cache) initialize_winbindd_cache: clearing cache and re-creating with version number 1 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Users full name
Hi everyone. What's the trick to get the users full name in the start menu? I used to think it was as simple as assigning it in the system account on the samba server but that doesn't seem to work. Just curious... Thanks, Phil -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Users full name
2011.11.10. 20:39 keltezéssel, Philippe LeCavalier írta: Hi everyone. What's the trick to get the users full name in the start menu? I used to think it was as simple as assigning it in the system account on the samba server but that doesn't seem to work. Just curious... Thanks, Phil Hi, It can be set with pdbedit -r -u username -f Full Name Cheers Geza -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Users full name
Philippe LeCavalier supp...@plecavalier.com wrote: What's the trick to get the users full name in the start menu? I used to think it was as simple as assigning it in the system account on the samba server but that doesn't seem to work. Do you see the user's full name in the user manager? What SAM backed are you using? -- Adam Tauno Williams -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Users full name
Philippe LeCavalier supp...@plecavalier.com wrote: What's the trick to get the users full name in the start menu? I used to think it was as simple as assigning it in the system account on the samba server but that doesn't seem to work. Do you see the user's full name in the user manager? What SAM backed are you using? -- Adam Tauno Williams -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] switching to smbldap-tools from custom scripts
I'm looking for advice on how to handle this problem... I've inherited a samba domain with an ldap backend. It uses custom scripts to add users and to join a machine to the domain. I don't mind the custom add user script but I'd like to do away with the custom script to join a machine to the domain. The custom script breaks all the time and our Windows systems admin is pretty frustrated with our samba domain. Every time he wants to join a machine to the domain, he has to come to me to coerce that script into working. So I'd like to switch to the smbldap-tools script for adding a machine to the domain. The tricky part is that our ldap database is also used for linux authentication so I have to make sure I don't mess up the ldap database when I fix it for smbldap-tools. I was thinking of building a new ldap/samba server with an empty ldap database, running the smbldap-populate script, and then importing just the ldap records for existing users and machines. So then I could test linux authentication vs the new machine while the old machine is still up. But I don't actually know how to extract the data I need from the old ldap database. And maybe it would be safer to let the old dreck in there. But how does the smbldap-tools populate script know about existing machines? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Users full name
Hi Adam. On Thu, 2011-11-10 at 14:58 -0500, Adam Tauno Williams wrote: Philippe LeCavalier supp...@plecavalier.com wrote: What's the trick to get the users full name in the start menu? I used to think it was as simple as assigning it in the system account on the samba server but that doesn't seem to work. Do you see the user's full name in the user manager? Nope. What SAM backed are you using? tdb Thanks, Phil -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba StartTLS
Hi Scenario: Lan with opensuse 11.4 Samba and LDAP server. Linux, win-xp and win7 clients. The Linux clients can login fine under TLS: Nov 10 11:31:22 hh1 slapd[1727]: conn=1243 op=0 STARTTLS Nov 10 11:31:22 hh1 slapd[1727]: conn=1243 op=0 RESULT oid= err=0 text= Nov 10 11:31:22 hh1 slapd[1727]: conn=1243 fd=23 TLS established tls_ssf=256 ssf=256 Nov 10 11:31:22 hh1 slapd[1727]: conn=1243 op=1 BIND dn= method=128 - - - lots of lines cut - - - Nov 10 11:31:22 hh1 slapd[1727]: conn=1243 op=3 BIND dn=uid=lynn2,ou=people,dc=site method=128 The windows clients can login but are denied access to their home folder: Nov 10 11:20:16 hh1 smbd[6066]: [2011/11/10 11:20:16.268556, 0] lib/smbldap.c:731(smb_ldap_start_tls) Nov 10 11:20:16 hh1 smbd[6066]: Failed to issue the StartTLS instruction: Connect error If smb.conf contains the line: ldap ssl = start tls windows clients can login, but are denied access to their home folders. Uncommenting this line and resarting smb allows windows clients both to login and gain access to their home folder. Summary: Samba without TLS works. Samba with TLS doesn't. Can I confirm: 1. That LDAP is working. 2. That the CA and server certificates (signed by the CA) are correct. 3. The problem is with smb.conf and lastly after much googling and reading, can anyone help me get rid of the samba tls issue? Thanks -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [SCM] Samba Shared Repository - branch master updated
Hi Tridge, Amitay, On 10/11/11 06:05, Andrew Tridgell wrote: The branch, master has been updated via ac0bba2 test: added -D option to subunitrun subunitrun is to be deprecated, python -m subunit.run is the preferred way to run tests. Can we revert this? via 333248f pyldb: fixed ldb API test This makes LDB depend on Samba, because it imports from samba.tests. This makes it impossible to run the pyldb testsuite without having Samba installed. I'll submit an alternative fix. Cheers, Jelmer
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 22ddbb5 s3:smbd: don't limit the number of open dptrs for smb2 (bug #8592) via 39bb5a6 s3:smbd: fully construct the dptr before allocating a dnum in the bitmap via 7644547 s3:smbd: avoid string_set() in dir.c via 5387481 Fix -Wunused-but-set-variable compiler warnings in tevent_signal.c from 7d84805 s4: samba-tool time --help documentation improvements http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 22ddbb50534aa73240a171732d4ac1fa884fa412 Author: Stefan Metzmacher me...@samba.org Date: Wed Nov 9 16:04:09 2011 +0100 s3:smbd: don't limit the number of open dptrs for smb2 (bug #8592) This fixes a crash bug that is triggered, when a client has more than 256 directory handles with searches. metze Autobuild-User: Stefan Metzmacher me...@samba.org Autobuild-Date: Thu Nov 10 14:08:14 CET 2011 on sn-devel-104 commit 39bb5a62977261d0926f56b792aacaa5e772ff6f Author: Stefan Metzmacher me...@samba.org Date: Wed Nov 9 15:59:22 2011 +0100 s3:smbd: fully construct the dptr before allocating a dnum in the bitmap metze commit 7644547a5523b77bd49d9a5d979d5e4939153401 Author: Stefan Metzmacher me...@samba.org Date: Thu Nov 10 10:39:34 2011 +0100 s3:smbd: avoid string_set() in dir.c And do some more error checks. metze commit 538748132fbf6bcc1ce0bbd474e4abf3ecdabffa Author: Martin Schwenke mar...@meltin.net Date: Thu Nov 10 10:46:10 2011 +1100 Fix -Wunused-but-set-variable compiler warnings in tevent_signal.c The results of some read(2) and write(2) calls are assigned into a variable that is never used. Presumably this used to avoid compiler warnings or similar. However, from (approximately) GCC 4.6 this produces some warnings: [ 609/3910] Compiling lib/tevent/tevent_signal.c ../lib/tevent/tevent_signal.c: In function ‘tevent_common_signal_handler’: ../lib/tevent/tevent_signal.c:85:10: warning: variable ‘res’ set but not used [-Wunused-but-set-variable] ../lib/tevent/tevent_signal.c: In function ‘signal_pipe_handler’: ../lib/tevent/tevent_signal.c:183:10: warning: variable ‘res’ set but not used [-Wunused-but-set-variable] The simplest thing to do is remove the variables and cast the function return to void. There is already a comment above each call. Signed-off-by: Martin Schwenke mar...@meltin.net Signed-off-by: Stefan Metzmacher me...@samba.org --- Summary of changes: lib/tevent/tevent_signal.c |6 +-- source3/smbd/dir.c | 66 2 files changed, 44 insertions(+), 28 deletions(-) Changeset truncated at 500 lines: diff --git a/lib/tevent/tevent_signal.c b/lib/tevent/tevent_signal.c index b790859..fabe72c 100644 --- a/lib/tevent/tevent_signal.c +++ b/lib/tevent/tevent_signal.c @@ -82,7 +82,6 @@ static uint32_t tevent_sig_count(struct tevent_sigcounter s) static void tevent_common_signal_handler(int signum) { char c = 0; - ssize_t res; struct tevent_common_signal_list *sl; struct tevent_context *ev = NULL; int saved_errno = errno; @@ -95,7 +94,7 @@ static void tevent_common_signal_handler(int signum) if (sl-se-event_ctx sl-se-event_ctx != ev) { ev = sl-se-event_ctx; /* doesn't matter if this pipe overflows */ - res = write(ev-pipe_fds[1], c, 1); + (void) write(ev-pipe_fds[1], c, 1); } } @@ -180,9 +179,8 @@ static void signal_pipe_handler(struct tevent_context *ev, struct tevent_fd *fde uint16_t flags, void *_private) { char c[16]; - ssize_t res; /* its non-blocking, doesn't matter if we read too much */ - res = read(fde-fd, c, sizeof(c)); + (void) read(fde-fd, c, sizeof(c)); } /* diff --git a/source3/smbd/dir.c b/source3/smbd/dir.c index 322c2fe..a7dc537 100644 --- a/source3/smbd/dir.c +++ b/source3/smbd/dir.c @@ -261,6 +261,10 @@ static void dptr_close_internal(struct dptr_struct *dptr) goto done; } + if (sconn-using_smb2) { + goto done; + } + DLIST_REMOVE(sconn-searches.dirptrs, dptr); /* @@ -280,7 +284,7 @@ done: /* Lanman 2 specific code */ SAFE_FREE(dptr-wcard); - string_set(dptr-path,); + SAFE_FREE(dptr-path); SAFE_FREE(dptr); } @@ -499,6 +503,35 @@ NTSTATUS dptr_create(connection_struct *conn, files_struct *fsp, ZERO_STRUCTP(dptr); + dptr-path = SMB_STRDUP(path); + if (!dptr-path) { + SAFE_FREE(dptr); + TALLOC_FREE(dir_hnd); +
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 17f1a97 libcli/cldap: fix a crash bug in cldap_socket_recv_dgram() (bug #8593) via 88bcdbb s4:finddcs_cldap: debug the correct server address instead of NULL from 22ddbb5 s3:smbd: don't limit the number of open dptrs for smb2 (bug #8592) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 17f1a97a614db4ed8292544988cb6a6cf56621d8 Author: Stefan Metzmacher me...@samba.org Date: Thu Nov 10 14:43:55 2011 +0100 libcli/cldap: fix a crash bug in cldap_socket_recv_dgram() (bug #8593) After a calling any wrapper of tevent_req_notify_callback(), e.g. tevent_req_nterror(), tevent_req_done(), tevent_req_nomem(), a function has to return immediately otherwise it is very likely to crash, unless in calls tevent_req_defer_callback() before. metze Autobuild-User: Stefan Metzmacher me...@samba.org Autobuild-Date: Thu Nov 10 16:31:59 CET 2011 on sn-devel-104 commit 88bcdbb16a42dcd21bb1584d7d7ffa00ac1957b8 Author: Stefan Metzmacher me...@samba.org Date: Thu Nov 10 13:18:20 2011 +0100 s4:finddcs_cldap: debug the correct server address instead of NULL metze --- Summary of changes: libcli/cldap/cldap.c | 35 +-- source4/libcli/finddcs_cldap.c |3 ++- 2 files changed, 27 insertions(+), 11 deletions(-) Changeset truncated at 500 lines: diff --git a/libcli/cldap/cldap.c b/libcli/cldap/cldap.c index b7df9d2..29c3b7b 100644 --- a/libcli/cldap/cldap.c +++ b/libcli/cldap/cldap.c @@ -258,7 +258,8 @@ static bool cldap_socket_recv_dgram(struct cldap_socket *c, p = idr_find(c-searches.idr, in-ldap_msg-messageid); if (p == NULL) { if (!c-incoming.handler) { - goto done; + TALLOC_FREE(in); + return true; } /* this function should free or steal 'in' */ @@ -266,37 +267,51 @@ static bool cldap_socket_recv_dgram(struct cldap_socket *c, return false; } - search = talloc_get_type(p, struct cldap_search_state); + search = talloc_get_type_abort(p, struct cldap_search_state); search-response.in = talloc_move(search, in); search-response.asn1 = asn1; search-response.asn1-ofs = 0; DLIST_REMOVE(c-searches.list, search); - if (!cldap_recvfrom_setup(c)) { - goto nomem; + if (cldap_recvfrom_setup(c)) { + tevent_req_done(search-req); + return true; } + /* +* This request was ok, just defer the notify of the caller +* and then just fail the next request if needed +*/ + tevent_req_defer_callback(search-req, search-caller.ev); tevent_req_done(search-req); - talloc_free(in); - return true; + status = NT_STATUS_NO_MEMORY; + /* in is NULL it this point */ + goto nterror; nomem: in-recv_errno = ENOMEM; error: status = map_nt_error_from_unix_common(in-recv_errno); nterror: + TALLOC_FREE(in); /* in connected mode the first pending search gets the error */ if (!c-connected) { /* otherwise we just ignore the error */ - goto done; + return false; } if (!c-searches.list) { - goto done; + return false; } + /* +* We might called tevent_req_done() for a successful +* search before, so we better deliver the failure +* after the success, that is why we better also +* use tevent_req_defer_callback() here. +*/ + tevent_req_defer_callback(c-searches.list-req, + c-searches.list-caller.ev); tevent_req_nterror(c-searches.list-req, status); -done: - talloc_free(in); return false; } diff --git a/source4/libcli/finddcs_cldap.c b/source4/libcli/finddcs_cldap.c index 8199e37..a0f538d 100644 --- a/source4/libcli/finddcs_cldap.c +++ b/source4/libcli/finddcs_cldap.c @@ -249,7 +249,8 @@ static void finddcs_cldap_next_server(struct finddcs_cldap_state *state) NETLOGON_NT_VERSION_IP; state-netlogon-in.map_response = true; - DEBUG(4,(finddcs: performing CLDAP query on %s\n, state-netlogon-in.dest_address)); + DEBUG(4,(finddcs: performing CLDAP query on %s\n, +state-srv_addresses[state-srv_address_index])); subreq = cldap_netlogon_send(state, state-ev, state-cldap, state-netlogon); -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 145f53e s3: server_id.pid has turned 64 (bits, that is) via 5e0258f s3: Avoid a race with the async echo handler from 17f1a97 libcli/cldap: fix a crash bug in cldap_socket_recv_dgram() (bug #8593) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 145f53e82413d7307643079f4a34aaeed0da80ab Author: Volker Lendecke v...@samba.org Date: Thu Nov 10 17:17:20 2011 +0100 s3: server_id.pid has turned 64 (bits, that is) Fix ctdb_processes_exist protocol. The socket expects pid_t which is 32 bits on 32 bit machines. Autobuild-User: Volker Lendecke vlen...@samba.org Autobuild-Date: Thu Nov 10 18:57:01 CET 2011 on sn-devel-104 commit 5e0258fc932c280428173bb397ef5a18352e63db Author: Volker Lendecke v...@samba.org Date: Thu Nov 10 09:39:23 2011 +0100 s3: Avoid a race with the async echo handler We can not read from the echo handler socket when we have the main socket locked. This leads to the echo responder to lock up sitting in the fcntl lock while the parent wants to read the remainder of a large packet. --- Summary of changes: source3/lib/ctdbd_conn.c | 15 --- source3/smbd/process.c | 61 +- 2 files changed, 39 insertions(+), 37 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/lib/ctdbd_conn.c b/source3/lib/ctdbd_conn.c index 5c3b7c1..e0bdbd0 100644 --- a/source3/lib/ctdbd_conn.c +++ b/source3/lib/ctdbd_conn.c @@ -938,18 +938,25 @@ bool ctdb_processes_exist(struct ctdbd_connection *conn, for (i=0; inum_pids; i++) { struct ctdb_req_control req; + pid_t pid; results[i] = false; reqids[i] = ctdbd_next_reqid(conn); ZERO_STRUCT(req); + /* +* pids[i].pid is uint64_t, scale down to pid_t which +* is the wire protocol towards ctdb. +*/ + pid = pids[i].pid; + DEBUG(10, (Requesting PID %d/%d, reqid=%d\n, - (int)pids[i].vnn, (int)pids[i].pid, + (int)pids[i].vnn, (int)pid, (int)reqids[i])); req.hdr.length = offsetof(struct ctdb_req_control, data); - req.hdr.length += sizeof(pid_t); + req.hdr.length += sizeof(pid); req.hdr.ctdb_magic = CTDB_MAGIC; req.hdr.ctdb_version = CTDB_VERSION; req.hdr.operation= CTDB_REQ_CONTROL; @@ -957,7 +964,7 @@ bool ctdb_processes_exist(struct ctdbd_connection *conn, req.hdr.destnode = pids[i].vnn; req.opcode = CTDB_CONTROL_PROCESS_EXISTS; req.srvid= 0; - req.datalen = sizeof(pids[i].pid); + req.datalen = sizeof(pid); req.flags= 0; DEBUG(10, (ctdbd_control: Sending ctdb packet\n)); @@ -967,7 +974,7 @@ bool ctdb_processes_exist(struct ctdbd_connection *conn, conn-pkt, 2, data_blob_const( req, offsetof(struct ctdb_req_control, data)), - data_blob_const(pids[i].pid, sizeof(pids[i].pid))); + data_blob_const(pid, sizeof(pid))); if (!NT_STATUS_IS_OK(status)) { DEBUG(10, (ctdb_packet_send failed: %s\n, nt_errstr(status))); diff --git a/source3/smbd/process.c b/source3/smbd/process.c index 0ad5542..82dd510 100644 --- a/source3/smbd/process.c +++ b/source3/smbd/process.c @@ -2217,46 +2217,41 @@ static void smbd_server_connection_read_handler( NTSTATUS status; uint32_t seqnum; - bool from_client = (sconn-sock == fd); + bool from_client; + + if (lp_async_smb_echo_handler() +fd_is_readable(sconn-smb1.echo_handler.trusted_fd)) { + /* +* This is the super-ugly hack to prefer the packets +* forwarded by the echo handler over the ones by the +* client directly +*/ + fd = sconn-smb1.echo_handler.trusted_fd; + } + + from_client = (sconn-sock == fd); if (from_client) { smbd_lock_socket(sconn); - if (lp_async_smb_echo_handler()) { - - if (fd_is_readable(sconn-smb1.echo_handler.trusted_fd)) { - /* -* This is the super-ugly hack to -* prefer the packets forwarded by the -* echo handler over the ones by the -
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 4cafcf0 libcli/cldap/cldap.c - remove outdated comment from 145f53e s3: server_id.pid has turned 64 (bits, that is) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 4cafcf0e6b2eaeda01fc340cdf1e552bafc4073b Author: Matthias Dieter Wallnöfer m...@samba.org Date: Thu Nov 10 17:13:29 2011 +0100 libcli/cldap/cldap.c - remove outdated comment Reviewed-by: metze Autobuild-User: Matthias Dieter Wallnöfer m...@samba.org Autobuild-Date: Thu Nov 10 20:32:08 CET 2011 on sn-devel-104 --- Summary of changes: libcli/cldap/cldap.c |2 -- 1 files changed, 0 insertions(+), 2 deletions(-) Changeset truncated at 500 lines: diff --git a/libcli/cldap/cldap.c b/libcli/cldap/cldap.c index 29c3b7b..3322bd8 100644 --- a/libcli/cldap/cldap.c +++ b/libcli/cldap/cldap.c @@ -212,8 +212,6 @@ static void cldap_recvfrom_done(struct tevent_req *subreq) nomem: talloc_free(subreq); talloc_free(in); - /*TODO: call a dead socket handler */ - return; } /* -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-6-test updated
The branch, v3-6-test has been updated via a0cfd19 s3:idmap_autorid: document allocation pool via a980956 s3:idmap_autorid: add an allocation range to autorid via 31593bc s3:idmap_autorid: move HWM initialization into a function via 188a12e s3:idmap_autorid: use strings as parameter for range allocator from 81823a0 systemd: Fix dependencies. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test - Log - commit a0cfd1983fae8b0090bcae36a11dad4531e48f49 Author: Christian Ambach a...@samba.org Date: Thu Oct 20 18:53:02 2011 +0200 s3:idmap_autorid: document allocation pool document the need that excessive use of local users/group might require increasing the rangesize Autobuild-User: Christian Ambach a...@samba.org Autobuild-Date: Fri Oct 21 18:04:50 CEST 2011 on sn-devel-104 The last 4 patches address bug #8444 (idmap_autorid does not have allocation pool). commit a98095601dc585a6c49813399466a455c43fc0fc Author: Christian Ambach a...@samba.org Date: Thu Oct 20 18:44:48 2011 +0200 s3:idmap_autorid: add an allocation range to autorid this is needed to allocate gids for BUILTIN\Users and BUILTIN\Administrators and for local users/group that admins might want to create autorid will now allocate one range for this purpose and can so give out as many uids and gids as the configured rangesize allows commit 31593bcd74f4063217190012a83e1003e29fdba7 Author: Christian Ambach a...@samba.org Date: Thu Oct 20 18:39:30 2011 +0200 s3:idmap_autorid: move HWM initialization into a function we will need some more HWM soon, so move out initialization and optimize the logic using the new interface of dbwrap_fetch_uint32 commit 188a12e1df2a5a3ae39cb2e25c87ae2093a62853 Author: Christian Ambach a...@samba.org Date: Thu Oct 20 18:22:19 2011 +0200 s3:idmap_autorid: use strings as parameter for range allocator this prepares for allocation of non-domain ranges that cannot be expressed by a SID (e.g. an allocation pool) --- Summary of changes: docs-xml/manpages-3/idmap_autorid.8.xml |7 +- source3/winbindd/idmap_autorid.c| 158 ++- 2 files changed, 138 insertions(+), 27 deletions(-) Changeset truncated at 500 lines: diff --git a/docs-xml/manpages-3/idmap_autorid.8.xml b/docs-xml/manpages-3/idmap_autorid.8.xml index 87b9268..c437d0e 100644 --- a/docs-xml/manpages-3/idmap_autorid.8.xml +++ b/docs-xml/manpages-3/idmap_autorid.8.xml @@ -51,7 +51,12 @@ for regular users. As the parameter cannot be changed later, please plan accordingly for your expected number of users in a domain with safety margins. - /para + /para + paraOne range will be used for local users and groups. + Thus the number of local users and groups that can be created is + limited by this option as well. If you plan to create a large amount + of local users or groups, you will need set this parameter accordingly. + /para paraThe default value is 10./para /listitem /varlistentry diff --git a/source3/winbindd/idmap_autorid.c b/source3/winbindd/idmap_autorid.c index 4028a46..6bb35de 100644 --- a/source3/winbindd/idmap_autorid.c +++ b/source3/winbindd/idmap_autorid.c @@ -34,6 +34,9 @@ #define DBGC_CLASS DBGC_IDMAP #define HWM NEXT RANGE +#define ALLOC_HWM_UID NEXT ALLOC UID +#define ALLOC_HWM_GID NEXT ALLOC GID +#define ALLOC_RANGE ALLOC #define CONFIGKEY CONFIG struct autorid_global_config { @@ -43,7 +46,7 @@ struct autorid_global_config { }; struct autorid_domain_config { - struct dom_sid sid; + fstring sid; uint32_t domainnum; struct autorid_global_config *globalcfg; }; @@ -56,15 +59,13 @@ static NTSTATUS idmap_autorid_get_domainrange(struct db_context *db, { NTSTATUS ret; uint32_t domainnum, hwm; - fstring sidstr; char *numstr; struct autorid_domain_config *cfg; cfg = (struct autorid_domain_config *)private_data; - dom_sid_string_buf((cfg-sid), sidstr, sizeof(sidstr)); - if (!dbwrap_fetch_uint32(db, sidstr, domainnum)) { - DEBUG(10, (Acquiring new range for domain %s\n, sidstr)); + if (!dbwrap_fetch_uint32(db, cfg-sid, domainnum)) { + DEBUG(10, (Acquiring new range for domain %s\n, cfg-sid)); /* fetch the current HWM */ if (!dbwrap_fetch_uint32(db, HWM, hwm)) { @@ -90,7 +91,7 @@ static NTSTATUS idmap_autorid_get_domainrange(struct db_context *db, }
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via c2eb036 policy/tests: Fix import of TestCase. via b24dd2c selftesthelper: Fix argument order. via a0a31d3 selftest: Make planoldpythontestsuite arguments consistent with planpythontestsuite. via e0b8af5 selftesthelpers: Fix syntax error. via 0fcec8b selftest: Simplify calling of python tests. via 8ea8683 selftest: Allow passing arbitrary number of additional python path values. via a0ed2da ldb: Re-apply pyldb fixes from Tridge and Amity, using unittest rather than samba.tests. via ad40581 subunitrun: Add notes about subunitrun being deprecated. via d84ba4f selftest: re-implement directory option for planpythontestsuite. via f5d3e45 Revert test: added directory option to planpythontestsuite() via ae88d73 Revert test: added -D option to subunitrun via 04be49f Revert pyldb: fixed ldb API test from 4cafcf0 libcli/cldap/cldap.c - remove outdated comment http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit c2eb036d3f25d7d4456400595aec8f8c8a0b1cb2 Author: Jelmer Vernooij jel...@samba.org Date: Thu Nov 10 23:33:47 2011 +0100 policy/tests: Fix import of TestCase. Autobuild-User: Jelmer Vernooij jel...@samba.org Autobuild-Date: Fri Nov 11 01:10:49 CET 2011 on sn-devel-104 commit b24dd2ca1c5fe66df27b76bc9b5e818623eeb03b Author: Jelmer Vernooij jel...@samba.org Date: Thu Nov 10 23:33:31 2011 +0100 selftesthelper: Fix argument order. commit a0a31d32126162b7ec6606fa03cb5029e434f58d Author: Jelmer Vernooij jel...@samba.org Date: Thu Nov 10 21:50:38 2011 +0100 selftest: Make planoldpythontestsuite arguments consistent with planpythontestsuite. commit e0b8af57c43e3fcb0ed9485ac707761a04582a34 Author: Jelmer Vernooij jel...@samba.org Date: Thu Nov 10 20:44:59 2011 +0100 selftesthelpers: Fix syntax error. commit 0fcec8bfa0da647d478198a2b468951f230a9022 Author: Jelmer Vernooij jel...@samba.org Date: Thu Nov 10 20:39:34 2011 +0100 selftest: Simplify calling of python tests. commit 8ea8683f72fbd460507b987ca27a859a8a8da3c0 Author: Jelmer Vernooij jel...@samba.org Date: Thu Nov 10 20:24:17 2011 +0100 selftest: Allow passing arbitrary number of additional python path values. commit a0ed2da1053a15f2b453556952390968d86fa2f2 Author: Jelmer Vernooij jel...@samba.org Date: Thu Nov 10 20:20:00 2011 +0100 ldb: Re-apply pyldb fixes from Tridge and Amity, using unittest rather than samba.tests. commit ad40581142ca1e26406b0048b78d43ce54a5a2ff Author: Jelmer Vernooij jel...@samba.org Date: Thu Nov 10 14:03:29 2011 +0100 subunitrun: Add notes about subunitrun being deprecated. commit d84ba4fc0a28b481229c57754deb3dcacf61ed93 Author: Jelmer Vernooij jel...@samba.org Date: Thu Nov 10 13:59:21 2011 +0100 selftest: re-implement directory option for planpythontestsuite. commit f5d3e4572234ab28a95a35c87e7b56cf94ab1780 Author: Jelmer Vernooij jel...@samba.org Date: Thu Nov 10 13:46:01 2011 +0100 Revert test: added directory option to planpythontestsuite() This reverts commit b0be72d5080aed3da3f33a45b72f88e90fbe3d13. I'll add an alternative that uses subunit.run. commit ae88d7390bc743d1a424c3115762556d6c9173ef Author: Jelmer Vernooij jel...@samba.org Date: Thu Nov 10 13:43:43 2011 +0100 Revert test: added -D option to subunitrun This reverts commit ac0bba2ea18e2e9ac578a333a3b260951e4c976e. python -m subunit.run is the preferred way of running tests to generate subunit. I also don't want to move too far away from the standard test running infrastructure for python so that other test runners (nosetests, trial, tribunal, ...) can be used with Samba code. commit 04be49f60091b54f6ab7cf2920b590b3f758ca81 Author: Jelmer Vernooij jel...@samba.org Date: Thu Nov 10 13:40:03 2011 +0100 Revert pyldb: fixed ldb API test This reverts commit 333248f08c83cc5b18f8e7e84cb19d79a8309d6e. This commit made the pyldb tests depend on the Samba testsuite. --- Summary of changes: lib/ldb/tests/python/api.py | 11 - selftest/selftesthelpers.py | 23 --- source4/lib/policy/tests/python/bindings.py |5 +- source4/scripting/bin/subunitrun| 17 ++-- source4/selftest/tests.py | 55 +++--- 5 files changed, 73 insertions(+), 38 deletions(-) Changeset truncated at 500 lines: diff --git a/lib/ldb/tests/python/api.py b/lib/ldb/tests/python/api.py index 4a582be..97dd020 100755 --- a/lib/ldb/tests/python/api.py +++ b/lib/ldb/tests/python/api.py @@ -2,8 +2,8 @@ # Simple tests for the ldb python bindings. # Copyright (C) 2007 Jelmer Vernooij jel...@samba.org -import os, sys -from samba.tests import