[Samba] samba 3.6.3 server - windows printer driver dialog opening delays
Hi all, since upgrading Samba from a 3.5.X to 3.6.X I am facing some problems with shared printers. Opening a printer driver dialog, to change some settings for a printer from a Win XP machine, takes very long. This is the case for all shared printers. I am using Ubuntu Precise (12.04) In the logs sometimes these error messages appear: [2012/08/15 08:17:49.862966, 0] rpc_server/spoolss/srv_spoolss_nt.c:1748(_spoolss_OpenPrinterEx) _spoolss_OpenPrinterEx: Cannot open a printer handle for printer \\NOVALX09 [2012/08/15 08:23:24.888305, 0] libads/kerberos.c:941(create_local_private_krb5_conf_for_domain) create_local_private_krb5_conf_for_domain: rename of /var/run/samba/smb_tmp_krb5.Hdb7um to /var/run/samba/smb_krb5/k rb5.conf.NOVA failed. Errno Permission denied NOVALX09 is actually not a printer but the server hosting the print queues. Printing itself does work without any problems. here the relevant stuff from my smb.conf: [global] load printers = yes printing = cups printcap name = cups [printers] comment = All Printers browseable = no path = /var/spool/samba printable = yes print ok = Yes guest ok = yes [print$] comment = Printer Drivers path = /var/lib/samba/printers browseable = yes read only = yes guest ok = no write list = +NOVA\Domain-Admins Does anybody know what could be the cause of this, and how to resolve it ? Thank you for your kind help. best regards Andreas -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4: rfc2307 compatibility with Samba3
On 15/08/12 06:51, Gémes Géza wrote: 2012-08-14 23:15 keltezéssel, steve írta: On 12/08/12 17:45, Gémes Géza wrote: 2012-08-12 16:26 keltezéssel, steve írta: On 12/08/12 15:28, Gémes Géza wrote: 2012-08-12 09:31 keltezéssel, steve írta: On 08/11/2012 01:10 PM, Andrew Bartlett wrote: On Sat, 2012-08-11 at 11:21 +0200, Helmut Hullen wrote: What is wrong with Vbox? Is Xen any smaller or faster? Both smaller and faster (http://www.phoronix.com/scan.php?page=articleitem=ubuntu_1110_xenkvmnum=1), and unlike vbox both kvm and xen provide a way to boot your virtual machine at the boot of the host. Hi Thanks for the link. Unfortunately Vbox is the only VM which has 32bit support. The others need 64bit, which we don't have:( I'll ask on the openSUSE list to see if there is any workaround. Cheers, Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4: rfc2307 compatibility with Samba3
On 15/08/12 08:02, steve wrote: On 15/08/12 06:51, Gémes Géza wrote: 2012-08-14 23:15 keltezéssel, steve írta: On 12/08/12 17:45, Gémes Géza wrote: 2012-08-12 16:26 keltezéssel, steve írta: On 12/08/12 15:28, Gémes Géza wrote: 2012-08-12 09:31 keltezéssel, steve írta: On 08/11/2012 01:10 PM, Andrew Bartlett wrote: On Sat, 2012-08-11 at 11:21 +0200, Helmut Hullen wrote: What is wrong with Vbox? Is Xen any smaller or faster? Both smaller and faster (http://www.phoronix.com/scan.php?page=articleitem=ubuntu_1110_xenkvmnum=1), and unlike vbox both kvm and xen provide a way to boot your virtual machine at the boot of the host. Hi Thanks for the link. Unfortunately Vbox is the only VM which has 32bit support. The others need 64bit, which we don't have:( I'll ask on the openSUSE list to see if there is any workaround. Cheers, Steve Hello Steve, you seem to be working on the same thing as I am, using Samba4 as a domain controller. I initially tried your set up and found the problems that you have, this is where we seem to have forked off in different directions. You seem to be chasing using Winbind and NFS, whilst I went with Winbind and Pam_mount. I am only using one server running samba4, with Pam-mount I can mount any users unixhomedir (wherever that may be) from the server onto the clients (like windows profiles) via the use of groups and can also mount the dropbox share which shows up in the users home directory. If you are interested, I can supply you my notes to try it out yourself. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4: rfc2307 compatibility with Samba3
On 15/08/12 10:39, Rowland Penny wrote: On 15/08/12 08:02, steve wrote: On 15/08/12 06:51, Gémes Géza wrote: 2012-08-14 23:15 keltezéssel, steve írta: On 12/08/12 17:45, Gémes Géza wrote: 2012-08-12 16:26 keltezéssel, steve írta: On 12/08/12 15:28, Gémes Géza wrote: 2012-08-12 09:31 keltezéssel, steve írta: On 08/11/2012 01:10 PM, Andrew Bartlett wrote: On Sat, 2012-08-11 at 11:21 +0200, Helmut Hullen wrote: What is wrong with Vbox? Is Xen any smaller or faster? Both smaller and faster (http://www.phoronix.com/scan.php?page=articleitem=ubuntu_1110_xenkvmnum=1), and unlike vbox both kvm and xen provide a way to boot your virtual machine at the boot of the host. Hi Thanks for the link. Unfortunately Vbox is the only VM which has 32bit support. The others need 64bit, which we don't have:( I'll ask on the openSUSE list to see if there is any workaround. Cheers, Steve Hello Steve, you seem to be working on the same thing as I am, using Samba4 as a domain controller. I initially tried your set up and found the problems that you have, this is where we seem to have forked off in different directions. You seem to be chasing using Winbind and NFS, whilst I went with Winbind and Pam_mount. I am only using one server running samba4, with Pam-mount I can mount any users unixhomedir (wherever that may be) from the server onto the clients (like windows profiles) via the use of groups and can also mount the dropbox share which shows up in the users home directory. If you are interested, I can supply you my notes to try it out yourself. Hi Rowland We ditched winbind totally in favour of the (much faster and predictable) nss-pam-ldapd. That coupled with NFS4 gets the job done albeit unofficially. Yes, thanks for the offer. We'd be interested to see/compare any alternatives. On a different note, we've only just discovered that s3fs is not yet ready as a fileserver and we have to split off from the DC and use a separate 3.6 box as the filer. Cheers, Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4: rfc2307 compatibility with Samba3
On 12/08/12 17:45, Gémes Géza wrote: 2012-08-12 16:26 keltezéssel, steve írta: On 12/08/12 15:28, Gémes Géza wrote: 2012-08-12 09:31 keltezéssel, steve írta: On 08/11/2012 01:10 PM, Andrew Bartlett wrote: On Sat, 2012-08-11 at 11:21 +0200, Helmut Hullen wrote: Hallo, Andrew, Du meintest am 11.08.12: In Samba3, I have full rfc2307 compliance via winbind where all attributes can be obtained from AD. In Samba4 I only have partial rfc2307 compatibility with: idmap_ldb:use rfc2307 = yes uidNumber and gidNumber can be obtained from AD but uinxHomeDirectory and loginShell are missing. [...] At this stage, we still don't recommend combining file server and DC functions. By separating these functions onto different (virtual) servers, you can avoid this issue. Sorry - that sounds ugly. I prefer using samba as a combined system for SOHO (especially for schools). And working with several servers (especially virtual servers) is not attractive for someone who looks for the server as a second or third job, beneath his/her main job. I would rather advertise a narrower, known to work set of functionality than to promise broader features than we know works well in production experience. In particular, we know about the limitations that Steve mentions, and we know the workaround: don't mix the file server and AD DC. Andrew Bartlett Hi Does this mean having one Samba4 machine as the DC and another Samba4 (e.g. Vbox) machine joined to it as a member to act as fileserver? Cheers, Steve If you don't want to use the second box interactively yes, if you intend to login there, or have home directories served from there better install Samba3.6 on it. Regards Geza Hi Geza, hi everyone OK, conclusion. I have a single box with s4 DC. The same same box with a Vbox guest running S3.6, and NFS. The S4 DC becomes a NFS client when I mount the shares from the Vbox guest on it. I create users and their home directories on the DC. Files are served from the S3 Vbox guest. The DC has no shares apart from [global], [netlogon] and [sysvol]. The s3 guest carries all the shares I would normally add after the 3 default DC shares. Instead of using the hostname of the DC when I mount shares on remote clients, I use the hostname of the S3 Guest. How am I doing so far? Cheers, Steve Hi, IMHO what you've written could be a short HOWTO for using Samba4 in a network Geza, How do I tell xp and 7 clients to look at the virtual s3.6 machine as fileserver? Cheers, Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba4 DC with Samba3 file-server howto
Hi I have a Samba4 DC (hh30.hh3.site, 192.168.1.30) and a Samba3 VM on the same box (hh33.hh3.site, 192.168.1.33). How do I tell XP and 7 clients to look at the S4 DC for authentication and the S3 fileserver for files? It already does the authentication bit OK. It's mainly the second part of the question as to how to instruct the m$ boxes to look at the file-server rather than the DC for files. Cheers, Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4 DC with Samba3 file-server howto
2012-08-15 13:02 keltezéssel, steve írta: Hi I have a Samba4 DC (hh30.hh3.site, 192.168.1.30) and a Samba3 VM on the same box (hh33.hh3.site, 192.168.1.33). How do I tell XP and 7 clients to look at the S4 DC for authentication and the S3 fileserver for files? It already does the authentication bit OK. It's mainly the second part of the question as to how to instruct the m$ boxes to look at the file-server rather than the DC for files. Cheers, Steve Hi, It depends on what you mean by having to look at. On way is to write some logon scripts, by which they would map the shares as drives (of course that suppose to have the Samba3 boxes joined to the AD of Samba4). If you intend to share some home directories, then create the home share on Samba3 and specify the homepath for each user as \\samba3servershostname\%USERNAME% and a homedrive according to your taste (I had chosen U: (about 10 years ago (Samba 2.2.something))). If you want to redirect some folders (e.g. Documents, Desktop, etc.) you can do that by firing up the group policy editor and specifying the redirects there. Regards Geza -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Domain Admin cannot access files
Hi I just joined a Samba 3.6.3 machine as a file server for a Samba4 domain. Normal users can login and reach the shares apart from the domain Administrator. After Administrator has logged in, any attempt to reach the file server results in a username and password prompt. Supplying the correct information still will not allow share access for Administrator. Using s3fs under Samba4, Administrator is allowed full access without being asked for a password. What am I missing? Cheers, Steve [global] workgroup = MARINA realm = hh3.site security = ADS [home] path = /home2/MARINA read only = No [staff] path = /home2/staff read only = No -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Delete pending after open in M.Office
Hello! I have so strange issue with Office files (and may be not only Office). I can't delete file which I just closed. For example, I create new xlsx file, open it, close it and delete it - no any errors, but after refresh list of files - file back. If I try to access this file via smbclient - message NT_STATUS_DELETE_PENDING. And only if I'm restart smb - file removed from local filesystem. Samba 3.6.7. I played with different options alot, but no luck. Maybe someone has already experienced this? -- Dmitry -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4 DC with Samba3 file-server howto
On 15/08/12 17:47, Gémes Géza wrote: 2012-08-15 13:02 keltezéssel, steve írta: Hi I have a Samba4 DC (hh30.hh3.site, 192.168.1.30) and a Samba3 VM on the same box (hh33.hh3.site, 192.168.1.33). How do I tell XP and 7 clients to look at the S4 DC for authentication and the S3 fileserver for files? It already does the authentication bit OK. It's mainly the second part of the question as to how to instruct the m$ boxes to look at the file-server rather than the DC for files. Cheers, Steve Hi, It depends on what you mean by having to look at. On way is to write some logon scripts, by which they would map the shares as drives (of course that suppose to have the Samba3 boxes joined to the AD of Samba4). If you intend to share some home directories, then create the home share on Samba3 and specify the homepath for each user as \\samba3servershostname\%USERNAME% and a homedrive according to your taste (I had chosen U: (about 10 years ago (Samba 2.2.something))). If you want to redirect some folders (e.g. Documents, Desktop, etc.) you can do that by firing up the group policy editor and specifying the redirects there. Regards Geza Hi Geza Thanks for the clue. I specified homeDrive: Z: homeDirectory: \\hh32\home\user profilePath: \\hh32\profiles\user Is that what you mean? If so, it works. That's great for users, but Administrator can't access the shares. He always gets a logon prompt. Even with the correct username and password he still cannot access any share on \\hh32 Anyway, great news for the users. Need to get Administrator sorted out. Cheers and thanks again, Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4 DC with Samba3 file-server howto
On 15/08/12 18:24, steve wrote: On 15/08/12 17:47, Gémes Géza wrote: 2012-08-15 13:02 keltezéssel, steve írta: Hi I have a Samba4 DC (hh30.hh3.site, 192.168.1.30) and a Samba3 VM on the same box (hh33.hh3.site, 192.168.1.33). How do I tell XP and 7 clients to look at the S4 DC for authentication and the S3 fileserver for files? It already does the authentication bit OK. It's mainly the second part of the question as to how to instruct the m$ boxes to look at the file-server rather than the DC for files. Cheers, Steve Hi, It depends on what you mean by having to look at. On way is to write some logon scripts, by which they would map the shares as drives (of course that suppose to have the Samba3 boxes joined to the AD of Samba4). If you intend to share some home directories, then create the home share on Samba3 and specify the homepath for each user as \\samba3servershostname\%USERNAME% and a homedrive according to your taste (I had chosen U: (about 10 years ago (Samba 2.2.something))). If you want to redirect some folders (e.g. Documents, Desktop, etc.) you can do that by firing up the group policy editor and specifying the redirects there. Regards Geza Hi Geza Thanks for the clue. I specified homeDrive: Z: homeDirectory: \\hh32\home\user profilePath: \\hh32\profiles\user Is that what you mean? If so, it works. That's great for users, but Administrator can't access the shares. He always gets a logon prompt. Even with the correct username and password he still cannot access any share on \\hh32 Anyway, great news for the users. Need to get Administrator sorted out. Cheers and thanks again, Steve Could this be that Administrator is not a member of the groups that are allowed access? Rowland -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Domain Admin cannot access files
2012-08-15 18:59 keltezéssel, steve írta: Hi I just joined a Samba 3.6.3 machine as a file server for a Samba4 domain. Normal users can login and reach the shares apart from the domain Administrator. After Administrator has logged in, any attempt to reach the file server results in a username and password prompt. Supplying the correct information still will not allow share access for Administrator. Using s3fs under Samba4, Administrator is allowed full access without being asked for a password. What am I missing? Cheers, Steve [global] workgroup = MARINA realm = hh3.site security = ADS [home] path = /home2/MARINA read only = No [staff] path = /home2/staff read only = No IF this is a Samba3 config file, you DO NOT need to specify a path for a [homes] share. That way (a correctly configured Samba3 box (HERE COMES winbind into PLAY!)) will give each user its own home share. I've pasted a default [homes] section from an ubuntu 12.04 box (I'm using it only for running winbind on it to allow login of domain users, no samba running on that box), as you can see it is still commented out: ;[homes] ; comment = Home Directories ; browseable = no # By default, the home directories are exported read-only. Change the # next parameter to 'no' if you want to be able to write to them. ; read only = yes # File creation mask is set to 0700 for security reasons. If you want to # create files with group=rw permissions, set next parameter to 0775. ; create mask = 0700 # Directory creation mask is set to 0700 for security reasons. If you want to # create dirs. with group=rw permissions, set next parameter to 0775. ; directory mask = 0700 # By default, \\server\username shares can be connected to by anyone # with access to the samba server. Un-comment the following parameter # to make sure that only username can connect to \\server\username # The following parameter makes sure that only username can connect # # This might need tweaking when using external authentication schemes ; valid users = %S Regards Geza Gemes -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Domain Admin cannot access files
On 15/08/12 22:10, Gémes Géza wrote: 2012-08-15 18:59 keltezéssel, steve írta: Hi I just joined a Samba 3.6.3 machine as a file server for a Samba4 domain. Normal users can login and reach the shares apart from the domain Administrator. After Administrator has logged in, any attempt to reach the file server results in a username and password prompt. Supplying the correct information still will not allow share access for Administrator. Using s3fs under Samba4, Administrator is allowed full access without being asked for a password. What am I missing? Cheers, Steve [global] workgroup = MARINA realm = hh3.site security = ADS [home] path = /home2/MARINA read only = No [staff] path = /home2/staff read only = No IF this is a Samba3 config file, you DO NOT need to specify a path for a [homes] share. That way (a correctly configured Samba3 box (HERE COMES winbind into PLAY!)) will give each user its own home share. I've pasted a default [homes] section from an ubuntu 12.04 box (I'm using it only for running winbind on it to allow login of domain users, no samba running on that box), as you can see it is still commented out: ;[homes] ; comment = Home Directories ; browseable = no # By default, the home directories are exported read-only. Change the # next parameter to 'no' if you want to be able to write to them. ; read only = yes # File creation mask is set to 0700 for security reasons. If you want to # create files with group=rw permissions, set next parameter to 0775. ; create mask = 0700 # Directory creation mask is set to 0700 for security reasons. If you want to # create dirs. with group=rw permissions, set next parameter to 0775. ; directory mask = 0700 # By default, \\server\username shares can be connected to by anyone # with access to the samba server. Un-comment the following parameter # to make sure that only username can connect to \\server\username # The following parameter makes sure that only username can connect # # This might need tweaking when using external authentication schemes ; valid users = %S Regards Geza Gemes He is not exporting the samba homes share, he is exporting a share called [home], that is why he needs the path statement. Administrator on my samba4 server is a member of: Group Policy Creator Owners Enterprise Admins Schema Admins Domain Admins So unless your shares are owned by Administrator or one of his groups or are set xx7, I do not think he should be able to get into the shares. Rowland -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via d2d5fb1 libcli/smb: verify decrypted SMB2 pdus correctly via 7a7e9b1 libcli/smb: fix parsing of compounded messages within a SMB2_TRANSFORM pdu via 84f6b0f libcli/smb: fix smb2cli_req_compound_submit for multiple encrypted messages via b596a11 s3:smb2_server: do calculations based on SMBD_SMB2_NUM_IOV_PER_REQ in smbd_smb2_request_validate() via 7ffee47 libcli/smb: all flags except SMB2_HDR_FLAG_ASYNC should be cleared in a cancel request. from 24b1143 s3-sysacls: Remove sys_acl_free_qualifier() as it is a no-op http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit d2d5fb1abfcb9d21fe2742d53de00c7638fad14d Author: Stefan Metzmacher me...@samba.org Date: Tue Aug 14 09:35:59 2012 +0200 libcli/smb: verify decrypted SMB2 pdus correctly We need to make sure we got a encrypted response if we asked for it. If we don't get a encrypted response, we use a similar logic as with signing to propagated wellknown errors to the higher layer and set state-smb2.signing_skipped = true. metze Autobuild-User(master): Stefan Metzmacher me...@samba.org Autobuild-Date(master): Wed Aug 15 16:26:26 CEST 2012 on sn-devel-104 commit 7a7e9b1c76f3967cc8cdae34e5d64759305e592a Author: Stefan Metzmacher me...@samba.org Date: Tue Aug 14 09:33:01 2012 +0200 libcli/smb: fix parsing of compounded messages within a SMB2_TRANSFORM pdu One SMB2_TRANSFORM pdu wraps multiple SMB2 pdus. We inject the SMB2_TRANSFORM header to each response which was wrapped inside. This allows the next layer to verify if the SMB2 pdu was encrypted. metze commit 84f6b0f962a9106e0c108cdcd5eb5a1599cd8097 Author: Stefan Metzmacher me...@samba.org Date: Tue Aug 14 09:30:43 2012 +0200 libcli/smb: fix smb2cli_req_compound_submit for multiple encrypted messages There should be only one SMB2_TRANSFORM header for all compound requests. metze commit b596a116fd006bdc78bccef4dc5b9c9ad2807365 Author: Stefan Metzmacher me...@samba.org Date: Wed Aug 15 14:43:40 2012 +0200 s3:smb2_server: do calculations based on SMBD_SMB2_NUM_IOV_PER_REQ in smbd_smb2_request_validate() metze commit 7ffee47bc6cc2039a32a527e19e4a76c257fc6b0 Author: Stefan Metzmacher me...@samba.org Date: Wed Aug 15 14:17:25 2012 +0200 libcli/smb: all flags except SMB2_HDR_FLAG_ASYNC should be cleared in a cancel request. metze --- Summary of changes: libcli/smb/smbXcli_base.c | 230 ++- source3/smbd/smb2_server.c |6 +- 2 files changed, 163 insertions(+), 73 deletions(-) Changeset truncated at 500 lines: diff --git a/libcli/smb/smbXcli_base.c b/libcli/smb/smbXcli_base.c index dad869c..45da5fd 100644 --- a/libcli/smb/smbXcli_base.c +++ b/libcli/smb/smbXcli_base.c @@ -243,6 +243,7 @@ struct smbXcli_req_state { bool should_sign; bool should_encrypt; + uint64_t encryption_session_id; bool signing_skipped; bool notify_async; @@ -2422,6 +2423,12 @@ static bool smb2cli_req_cancel(struct tevent_req *req) } substate = tevent_req_data(subreq, struct smbXcli_req_state); + /* +* clear everything but the SMB2_HDR_FLAG_ASYNC flag +* e.g. if SMB2_HDR_FLAG_CHAINED is set we get INVALID_PARAMETER back +*/ + flags = SMB2_HDR_FLAG_ASYNC; + if (flags SMB2_HDR_FLAG_ASYNC) { mid = 0; } @@ -2595,14 +2602,17 @@ NTSTATUS smb2cli_req_compound_submit(struct tevent_req **reqs, struct tevent_req *subreq; struct iovec *iov; int i, num_iov, nbt_len; + int tf_iov = -1; + const DATA_BLOB *encryption_key = NULL; + uint64_t encryption_session_id = 0; /* -* 1 for the nbt length -* per request: TRANSFORM, HDR, fixed, dyn, padding +* 1 for the nbt length, optional TRANSFORM +* per request: HDR, fixed, dyn, padding * -1 because the last one does not need padding */ - iov = talloc_array(reqs[0], struct iovec, 1 + 5*num_reqs - 1); + iov = talloc_array(reqs[0], struct iovec, 1 + 1 + 4*num_reqs - 1); if (iov == NULL) { return NT_STATUS_NO_MEMORY; } @@ -2610,8 +2620,65 @@ NTSTATUS smb2cli_req_compound_submit(struct tevent_req **reqs, num_iov = 1; nbt_len = 0; + /* +* the session of the first request that requires encryption +* specifies the encryption key. +*/ + for (i=0; inum_reqs; i++) { + if (!tevent_req_is_in_progress(reqs[i])) { + return NT_STATUS_INTERNAL_ERROR; + } + + state =
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 65976d6 s3-vfs: Set errno in xattr emulation via cc3bdaa s3-vfs: Avoid loops in VFS modules: call _NEXT functions in xattr emulation via 898c5e1 s3-vfs: ensure we strictly free the talloc_stackframe via f9b9433 s4-selftest: Fix test name for samba.tests.dcerpc.bare via fd42bc1 librpc/idl: Make smb_acl_t public so we can pull/push it as a blob from d2d5fb1 libcli/smb: verify decrypted SMB2 pdus correctly http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 65976d680acd48aa9f59664f715fa9ce40185955 Author: Andrew Bartlett abart...@samba.org Date: Wed Aug 15 22:22:26 2012 +1000 s3-vfs: Set errno in xattr emulation The caller may check this errno. Andrew Bartlett Autobuild-User(master): Andrew Bartlett abart...@samba.org Autobuild-Date(master): Wed Aug 15 18:05:33 CEST 2012 on sn-devel-104 commit cc3bdaaf0a5586e0f840466719f9f8387c5cddd0 Author: Andrew Bartlett abart...@samba.org Date: Wed Aug 15 22:21:48 2012 +1000 s3-vfs: Avoid loops in VFS modules: call _NEXT functions in xattr emulation We need to call the next module in the stack otherwise we will loop if the stat call is in turn implemented in terms of extended attribute lookup. Andrew Bartlett commit 898c5e140ddca47eac9e2150fb571d6eac3ed7d2 Author: Andrew Bartlett abart...@samba.org Date: Wed Aug 15 21:22:18 2012 +1000 s3-vfs: ensure we strictly free the talloc_stackframe We must do this when leaving the function or else in development, we will panic. Andrew Bartlett commit f9b9433b752a663cdfda03967bd969cac5cf16bf Author: Andrew Bartlett abart...@samba.org Date: Wed Aug 15 20:33:46 2012 +1000 s4-selftest: Fix test name for samba.tests.dcerpc.bare commit fd42bc1846929d163cdf25a0e66feba16bffc442 Author: Andrew Bartlett abart...@samba.org Date: Wed Aug 15 20:33:27 2012 +1000 librpc/idl: Make smb_acl_t public so we can pull/push it as a blob --- Summary of changes: librpc/idl/smb_acl.idl |2 +- source3/modules/vfs_posix_eadb.c |9 +++-- source3/modules/vfs_xattr_tdb.c| 16 +--- source3/modules/wscript_build |9 + .../scripting/python/samba/tests/dcerpc/bare.py|2 +- 5 files changed, 27 insertions(+), 11 deletions(-) Changeset truncated at 500 lines: diff --git a/librpc/idl/smb_acl.idl b/librpc/idl/smb_acl.idl index 9586958..856312f 100644 --- a/librpc/idl/smb_acl.idl +++ b/librpc/idl/smb_acl.idl @@ -48,7 +48,7 @@ interface smb_acl gid_t gid; } smb_acl_entry; - typedef struct { + [public] typedef struct { int size; int count; int next; diff --git a/source3/modules/vfs_posix_eadb.c b/source3/modules/vfs_posix_eadb.c index e1b90ff..fff7c11 100644 --- a/source3/modules/vfs_posix_eadb.c +++ b/source3/modules/vfs_posix_eadb.c @@ -52,6 +52,11 @@ static ssize_t posix_eadb_getattr(struct tdb_wrap *db_ctx, status = pull_xattr_blob_tdb_raw(db_ctx, talloc_tos(), name, fname, fd, size, blob); + if (NT_STATUS_EQUAL(status, NT_STATUS_NOT_FOUND)) { + errno = ENOATTR; + return -1; + } + if (!NT_STATUS_IS_OK(status)) { DEBUG(10, (posix_eadb_fetch_attrs failed: %s\n, nt_errstr(status))); @@ -293,9 +298,9 @@ static int posix_eadb_unlink(vfs_handle_struct *handle, } if (lp_posix_pathnames()) { - ret = SMB_VFS_LSTAT(handle-conn, smb_fname_tmp); + ret = SMB_VFS_NEXT_LSTAT(handle, smb_fname_tmp); } else { - ret = SMB_VFS_STAT(handle-conn, smb_fname_tmp); + ret = SMB_VFS_NEXT_STAT(handle, smb_fname_tmp); } if (ret == -1) { goto out; diff --git a/source3/modules/vfs_xattr_tdb.c b/source3/modules/vfs_xattr_tdb.c index 0352539..719ac0c 100644 --- a/source3/modules/vfs_xattr_tdb.c +++ b/source3/modules/vfs_xattr_tdb.c @@ -50,6 +50,7 @@ static ssize_t xattr_tdb_getxattr(struct vfs_handle_struct *handle, xattr_size = xattr_tdb_getattr(db, frame, id, name, blob); if (xattr_size 0) { + errno = ENOATTR; TALLOC_FREE(frame); return -1; } @@ -74,9 +75,9 @@ static ssize_t xattr_tdb_fgetxattr(struct vfs_handle_struct *handle, DATA_BLOB blob; TALLOC_CTX *frame = talloc_stackframe(); - SMB_VFS_HANDLE_GET_DATA(handle, db, struct db_context, return -1); + SMB_VFS_HANDLE_GET_DATA(handle, db, struct db_context, TALLOC_FREE(frame); return -1); - if (SMB_VFS_FSTAT(fsp, sbuf) == -1) { +
[SCM] Samba Shared Repository - branch v3-6-test updated
The branch, v3-6-test has been updated via 68aedaf Revert s3:auth make sure the primary group sid is usable from d80fbbe s3: Fix a crash in reply_lockingX_error http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test - Log - commit 68aedaf59787971cd9520cef3a345d99da079ca3 Author: Andrew Bartlett abart...@samba.org Date: Sun Jul 15 12:22:44 2012 +1000 Revert s3:auth make sure the primary group sid is usable This reverts commit 00089fd74af740f832573d904312854e494a869e. The issue with this patch, which I did sign off on, is that for the domain member case, we already know that the SID is reasonable and valid, and we indeed rely on that, because we keep it as an additonal group anyway. The primary group is not so special that we need to do extra validation. Calling this function may put a user into the domain 'domain users' group, even if they are not in that group to start with. Andrew Bartlett Fix bug #9066 - Domain Users incorrectly added as addition group on domain members. --- Summary of changes: source3/auth/auth_util.c | 43 +-- 1 files changed, 13 insertions(+), 30 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c index c7e266a..cb1d319 100644 --- a/source3/auth/auth_util.c +++ b/source3/auth/auth_util.c @@ -1250,11 +1250,11 @@ NTSTATUS make_server_info_info3(TALLOC_CTX *mem_ctx, char *found_username = NULL; const char *nt_domain; const char *nt_username; + struct dom_sid user_sid; + struct dom_sid group_sid; bool username_was_mapped; struct passwd *pwd; struct auth_serversupplied_info *result; - struct dom_sid *group_sid; - struct netr_SamInfo3 *i3; /* Here is where we should check the list of @@ -1262,6 +1262,15 @@ NTSTATUS make_server_info_info3(TALLOC_CTX *mem_ctx, matches. */ + if (!sid_compose(user_sid, info3-base.domain_sid, info3-base.rid)) { + return NT_STATUS_INVALID_PARAMETER; + } + + if (!sid_compose(group_sid, info3-base.domain_sid, +info3-base.primary_gid)) { + return NT_STATUS_INVALID_PARAMETER; + } + nt_username = talloc_strdup(mem_ctx, info3-base.account_name.string); if (!nt_username) { /* If the server didn't give us one, just use the one we sent @@ -1313,43 +1322,17 @@ NTSTATUS make_server_info_info3(TALLOC_CTX *mem_ctx, } /* copy in the info3 */ - result-info3 = i3 = copy_netr_SamInfo3(result, info3); + result-info3 = copy_netr_SamInfo3(result, info3); if (result-info3 == NULL) { TALLOC_FREE(result); return NT_STATUS_NO_MEMORY; } /* Fill in the unix info we found on the way */ + result-utok.uid = pwd-pw_uid; result-utok.gid = pwd-pw_gid; - /* We can't just trust that the primary group sid sent us is something -* we can really use. Obtain the useable sid, and store the original -* one as an additional group if it had to be replaced */ - nt_status = get_primary_group_sid(mem_ctx, found_username, - pwd, group_sid); - if (!NT_STATUS_IS_OK(nt_status)) { - TALLOC_FREE(result); - return nt_status; - } - - /* store and check if it is the same we got originally */ - sid_peek_rid(group_sid, i3-base.primary_gid); - if (i3-base.primary_gid != info3-base.primary_gid) { - uint32_t n = i3-base.groups.count; - /* not the same, store the original as an additional group */ - i3-base.groups.rids = - talloc_realloc(i3, i3-base.groups.rids, - struct samr_RidWithAttribute, n + 1); - if (i3-base.groups.rids == NULL) { - TALLOC_FREE(result); - return NT_STATUS_NO_MEMORY; - } - i3-base.groups.rids[n].rid = info3-base.primary_gid; - i3-base.groups.rids[n].attributes = SE_GROUP_ENABLED; - i3-base.groups.count = n + 1; - } - /* ensure we are never given NULL session keys */ if (memcmp(info3-base.key.key, zeros, sizeof(zeros)) == 0) { -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-6-test updated
The branch, v3-6-test has been updated via 5c0a169 s3-auth Use correct RID for domain guests primary group from 68aedaf Revert s3:auth make sure the primary group sid is usable http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test - Log - commit 5c0a169275ccf046190a0d08d93fc37e6b9bcf75 Author: Andrew Bartlett abart...@samba.org Date: Sun Jul 15 14:38:18 2012 +1000 s3-auth Use correct RID for domain guests primary group This was incorrect in commit 9dd7e7fc2d6d1aa7f3c3b741ac134e087ce808fd as the RID was from the BUILTIN domain, but this creates a guest account token for the real domain. Andrew Bartlett Autobuild-User(master): Andrew Bartlett abart...@samba.org Autobuild-Date(master): Thu Jul 19 05:56:28 CEST 2012 on sn-devel-104 Fix bug #9067 - Domain Guest have wrong primary group RID. --- Summary of changes: source3/auth/auth_util.c |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c index cb1d319..fc93641 100644 --- a/source3/auth/auth_util.c +++ b/source3/auth/auth_util.c @@ -734,7 +734,7 @@ static NTSTATUS get_guest_info3(TALLOC_CTX *mem_ctx, info3-base.rid = DOMAIN_RID_GUEST; /* Primary gid */ - info3-base.primary_gid = BUILTIN_RID_GUESTS; + info3-base.primary_gid = DOMAIN_RID_GUESTS; TALLOC_FREE(pwd); return NT_STATUS_OK; -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-6-test updated
The branch, v3-6-test has been updated via 10d2193 Fix smbclient/tarmode panic on connecting to Windows 2000 clients. from 5c0a169 s3-auth Use correct RID for domain guests primary group http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test - Log - commit 10d21935d69579f381f85cdd19883f57b8030fef Author: Salvador I. Gonzalez sgonza...@codejunkie.net Date: Sat Aug 11 13:46:41 2012 -0400 Fix smbclient/tarmode panic on connecting to Windows 2000 clients. 'Freed frame ../source3/libsmb/clilist.c:934, expected ../source3/client/clitar.c:821' Cause: (strequal(finfo-name,..) || strequal(finfo-name,.)) evaluates to true, do_tar returns without freeing ctx Fix bug #9088 - [PATCH] Freed frame ../source3/libsmb/clilist.c:934, expected ../source3/client/clitar.c:821. --- Summary of changes: source3/client/clitar.c | 27 +++ 1 files changed, 19 insertions(+), 8 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/client/clitar.c b/source3/client/clitar.c index b658688..9a40c3e 100644 --- a/source3/client/clitar.c +++ b/source3/client/clitar.c @@ -837,8 +837,10 @@ static NTSTATUS do_tar(struct cli_state *cli_state, struct file_info *finfo, TALLOC_CTX *ctx = talloc_stackframe(); NTSTATUS status = NT_STATUS_OK; - if (strequal(finfo-name,..) || strequal(finfo-name,.)) - return NT_STATUS_OK; + if (strequal(finfo-name,..) || strequal(finfo-name,.)) { + status = NT_STATUS_OK; + goto cleanup; + } /* Is it on the exclude list ? */ if (!tar_excl clipn) { @@ -851,7 +853,8 @@ static NTSTATUS do_tar(struct cli_state *cli_state, struct file_info *finfo, client_get_cur_dir(), finfo-name); if (!exclaim) { - return NT_STATUS_NO_MEMORY; + status = NT_STATUS_NO_MEMORY; + goto cleanup; } DEBUG(5, (...tar_re_search: %d\n, tar_re_search)); @@ -860,7 +863,8 @@ static NTSTATUS do_tar(struct cli_state *cli_state, struct file_info *finfo, (tar_re_search mask_match_list(exclaim, cliplist, clipn, True))) { DEBUG(3,(Skipping file %s\n, exclaim)); TALLOC_FREE(exclaim); - return NT_STATUS_OK; + status = NT_STATUS_OK; + goto cleanup; } TALLOC_FREE(exclaim); } @@ -872,7 +876,8 @@ static NTSTATUS do_tar(struct cli_state *cli_state, struct file_info *finfo, saved_curdir = talloc_strdup(ctx, client_get_cur_dir()); if (!saved_curdir) { - return NT_STATUS_NO_MEMORY; + status = NT_STATUS_NO_MEMORY; + goto cleanup; } DEBUG(5, (strlen(cur_dir)=%d, \ @@ -885,7 +890,8 @@ strlen(finfo-name)=%d\nname=%s,cur_dir=%s\n, client_get_cur_dir(), finfo-name); if (!new_cd) { - return NT_STATUS_NO_MEMORY; + status = NT_STATUS_NO_MEMORY; + goto cleanup; } client_set_cur_dir(new_cd); @@ -904,7 +910,8 @@ strlen(finfo-name)=%d\nname=%s,cur_dir=%s\n, %s*, client_get_cur_dir()); if (!mtar_mask) { - return NT_STATUS_NO_MEMORY; + status = NT_STATUS_NO_MEMORY; + goto cleanup; } DEBUG(5, (Doing list with mtar_mask: %s\n, mtar_mask)); do_list(mtar_mask, attribute, do_tar, False, True); @@ -918,11 +925,15 @@ strlen(finfo-name)=%d\nname=%s,cur_dir=%s\n, client_get_cur_dir(), finfo-name); if (!rname) { - return NT_STATUS_NO_MEMORY; + status = NT_STATUS_NO_MEMORY; + goto cleanup; } status = do_atar(rname,finfo-name,finfo); TALLOC_FREE(rname); } + + cleanup: + TALLOC_FREE(ctx); return status; } -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 97e7c3b s3-selftest: convert xattr-tdb-1 vfstest driver into a subunit test via 748d8f5 s3-selftest: convert stream_depot vfstest driver into a subunit test via 08baa11 fix printf warning in net connections via 31980cf s3:utils: remove standalone cclean tool via 37ed821 s3:doc manpage for net connections cleanup via 1c2bae0 s3:net add command connections cleanup from 65976d6 s3-vfs: Set errno in xattr emulation http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 97e7c3b8bd84edd69f6344249b24ae64e2a8b0fe Author: Andrew Bartlett abart...@samba.org Date: Thu Aug 16 08:55:43 2012 +1000 s3-selftest: convert xattr-tdb-1 vfstest driver into a subunit test We don't use the simple smb.conf because we need to override all the paths for this to work as non-root without a panic, so we use the s3dc environment, which already loads this module. Andrew Bartlett Autobuild-User(master): Andrew Bartlett abart...@samba.org Autobuild-Date(master): Thu Aug 16 02:55:19 CEST 2012 on sn-devel-104 commit 748d8f5310501bb585c9be1b261554ec690a3132 Author: Andrew Bartlett abart...@samba.org Date: Thu Aug 16 08:37:54 2012 +1000 s3-selftest: convert stream_depot vfstest driver into a subunit test This gives us our first automated coverage of the vfstest binary. We don't use the simple smb.conf because we need to override all the paths for this to work as non-root without a panic, so we use the s3dc environment, which already loads this module. Andrew Bartlett commit 08baa11ab869551f61dc7a7d363587b70582ffeb Author: Andrew Bartlett abart...@samba.org Date: Thu Aug 16 07:47:57 2012 +1000 fix printf warning in net connections commit 31980cf5cb9fd6238d1ed096e885410e85d5ac00 Author: Gregor Beck gb...@sernet.de Date: Fri Jul 13 15:31:16 2012 +0200 s3:utils: remove standalone cclean tool Signed-off-by: Andrew Bartlett abart...@samba.org commit 37ed821798a0c141efe01096f3669f8fb9a62928 Author: Gregor Beck gb...@sernet.de Date: Mon Jul 16 15:10:46 2012 +0200 s3:doc manpage for net connections cleanup Signed-off-by: Andrew Bartlett abart...@samba.org commit 1c2bae062d202c69d5b92b634f6b9ced3ea2a0ba Author: Gregor Beck gb...@sernet.de Date: Mon Jul 16 09:34:15 2012 +0200 s3:net add command connections cleanup Signed-off-by: Andrew Bartlett abart...@samba.org --- Summary of changes: docs-xml/manpages-3/net.8.xml | 39 +++ packaging/RHEL-CTDB/samba.spec.tmpl |1 - source3/Makefile.in | 14 +-- source3/script/tests/stream-depot/run.sh | 37 ++- source3/script/tests/stream-depot/smb.conf|5 - source3/script/tests/xattr-tdb-1/run.sh | 55 +- source3/script/tests/xattr-tdb-1/smb.conf |5 - source3/selftest/tests.py |5 + source3/utils/net.c |7 ++ source3/utils/{cclean.c = net_connections.c} | 144 ++--- source3/utils/net_proto.h |4 + source3/wscript_build | 14 +--- 12 files changed, 196 insertions(+), 134 deletions(-) delete mode 100644 source3/script/tests/stream-depot/smb.conf delete mode 100644 source3/script/tests/xattr-tdb-1/smb.conf rename source3/utils/{cclean.c = net_connections.c} (64%) Changeset truncated at 500 lines: diff --git a/docs-xml/manpages-3/net.8.xml b/docs-xml/manpages-3/net.8.xml index c85f87f..7a7ca6d 100644 --- a/docs-xml/manpages-3/net.8.xml +++ b/docs-xml/manpages-3/net.8.xml @@ -2112,6 +2112,45 @@ string./member /refsect2 refsect2 +titleCONNECTIONS/title +para +Manipulate Samba's connections database. +/para + +paraThe registry commands are: +simplelist +membernet connections cleanup - Remove orphaned entries from the connections database./member +/simplelist +/para + +refsect3 + titleCONNECTIONS CLEANUP [-avT]/title + para Remove orphaned entries from the connections database. This may be necessary if restarting smbd isn't an option. + variablelist +varlistentryterm-a|--auto/term +listitempara + Noninteractive mode, don't ask. +/para/listitem +/varlistentry + +varlistentryterm-v|--verbose/term + listitempara + Produce more output. + /para/listitem +/varlistentry + +varlistentryterm-T|--test/term + listitempara + Dry run, show what changes would be made but don't touch anything. + /para/listitem +/varlistentry + /variablelist + /para +/refsect3 + +/refsect2 + +refsect2 titleEVENTLOG/title paraStarting with version 3.4.0 net can read, dump, import and export native diff --git a/packaging/RHEL-CTDB/samba.spec.tmpl