Re: CVS update: sambaweb/devel
Please update Last Updated: too! Willi Mann Modified Files: roadmap-3.html Log Message: Update the roadmap (I did some documentation...) Revisions: roadmap-3.html 1.5 = 1.6 http://www.samba.org/cgi-bin/cvsweb/sambaweb/devel/roadmap-3.html?r1=1.5r2=1.6 --
Re: [SECURITY] Samba 2.2.8 available for download
Is 3.0 also vulnerable? Willi Mann From: Gerald (Jerry) Carter [EMAIL PROTECTED] To: [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: [SECURITY] Samba 2.2.8 available for download This release provides an important security fix outlined in the release notes that follow. This is the latest stable release of Samba and the version that all production Samba servers should be running for all current bug-fixes.
[PATCH] autogen.sh
Hi! This patch fixes autogen.sh on systems which have only autoconf-2.53 installed. It makes it simple to add other autoconf versions which might occur in the future (TESTAUTOCONF/HEADER var). I've only tested it on RedHat 7.3 with 3.0 branch, so please review it carefully before you apply it. Willi Mann --- autogen.sh 10 Feb 2003 17:31:25 - 1.1.2.2 +++ autogen.sh 17 Mar 2003 20:32:43 - @@ -2,29 +2,46 @@ # Run this script to build samba from CVS. -## first try the default names -AUTOHEADER=autoheader -AUTOCONF=autoconf - -if which $AUTOCONF /dev/null -then -: -else -echo $0: need autoconf 2.53 or later to build samba from CVS 2 -exit 1 -fi -## -## what version do we need? -## -if [ `$AUTOCONF --version | head -1 | cut -d. -f 2` -lt 53 ]; then +## insert all possible names +TESTAUTOHEADER=autoheader autoheader-2.53 +TESTAUTOCONF=autoconf autoconf-2.53 + +AUTOHEADERFOUND=0 +AUTOCONFFOUND=0 + - ## maybe it's installed under a different name (e.g. RedHat 7.3) +for i in $TESTAUTOHEADER; +do + if which $i /dev/null + then + if [ `$i --version | head -1 | cut -d. -f 2` -ge 53 ]; then + AUTOHEADER=$i + AUTOHEADERFOUND=1 + break; + fi; +fi; +done - AUTOCONF=autoconf-2.53 - AUTOHEADER=autoheader-2.53 +for i in $TESTAUTOCONF; +do +if which $i /dev/null +then + if [ `$i --version | head -1 | cut -d. -f 2` -ge 53 ]; then +AUTOCONF=$i +AUTOCONFFOUND=1 +break; + fi; +fi; +done; + +if [ $AUTOCONFFOUND == 0 -o $AUTOHEADERFOUND == 0 ]; then + +echo $0: need autoconf 2.53 or later to build samba from CVS 2 +exit 1 fi + echo $0: running $AUTOHEADER $AUTOHEADER || exit 1
Re: net rpc shutdown - how to poweroff
How do I disable NTLMSSP in Windows 2000? Thank you Willi Simo Sorce wrote: Thank you Willi, unfortuately the traces is encapsulated in an ntlmssp encrypted session so I cannot see anything. Can you kindly disable ntlmssp and redo the sniff from beginning? feel free to send the sniff only to me if you fear information disclosure. Simo. On Tue, 2002-12-31 at 00:38, Willi Mann wrote: Hi Simo! I've put the sniff and the script which produced the shutdown on my homepage: http://www.wm1.at/samba/wmisniff.bin http://www.wm1.at/samba/RemoteShutdown.vbs w2k Professional german (192.168.0.1, P4) has the sniffer and asks a w2k server german (192.168.0.254, WILLI) to do the shutdown. It only works if you have the same passwords on both of the two machines. Don't ask me about the sense of the for--next loop. Willi Simo Sorce wrote: On Mon, 2002-12-30 at 01:06, Willi Mann wrote: Hi Andrew! The existing net rpc shutdown function doesn't seem to be able to do a power off. It seems to be an implementation of the initiateSystemShutdown API-call, which is used in many freeware closed-source shutdown applications. I've played around with the flags in the current Samba-implementation with the following result: If one of the first 8 bits is set to 1 the machine reboots. The second 8 bits mark the forced shutdown but I haven't verified that it makes a difference to non-forced shutdowns. the 16bit flags we show in the source are really 2 booleans in the form of two bytes imho, I'm modifying the code in samba to behave this way. I made some test and I think you are right the rpc shutdown function is equivalent to InitiateSystemShutdownEx call on windows, so no power off possible, only the 2 booleans: force shutdown and reboot on shutdown. There is a way for a working remote power off. The WMI-framework provides a function called win32shutdown. This function is also used by the Management Console-Shutdown. It offers nearly all flags which are available in the ExitWindowsEx-function. It is completely different to the net rpc shutdown. I've modified a VBscript-example provided in the WMI-SDK to get the shortest possible shutdown-session and sniffed it. There are about 100 packets on the wire (incl. authentication, SYNs, RSTs, etc.) I'll try to work out more about that in the next few days. If you can send me the trace (ina aformate readable by ethereal) I'm interested at looking into it and see how it is done. Simo.
Re: net rpc shutdown - how to poweroff
Hi Simo! I've put the sniff and the script which produced the shutdown on my homepage: http://www.wm1.at/samba/wmisniff.bin http://www.wm1.at/samba/RemoteShutdown.vbs w2k Professional german (192.168.0.1, P4) has the sniffer and asks a w2k server german (192.168.0.254, WILLI) to do the shutdown. It only works if you have the same passwords on both of the two machines. Don't ask me about the sense of the for--next loop. Willi Simo Sorce wrote: On Mon, 2002-12-30 at 01:06, Willi Mann wrote: Hi Andrew! The existing net rpc shutdown function doesn't seem to be able to do a power off. It seems to be an implementation of the initiateSystemShutdown API-call, which is used in many freeware closed-source shutdown applications. I've played around with the flags in the current Samba-implementation with the following result: If one of the first 8 bits is set to 1 the machine reboots. The second 8 bits mark the forced shutdown but I haven't verified that it makes a difference to non-forced shutdowns. the 16bit flags we show in the source are really 2 booleans in the form of two bytes imho, I'm modifying the code in samba to behave this way. I made some test and I think you are right the rpc shutdown function is equivalent to InitiateSystemShutdownEx call on windows, so no power off possible, only the 2 booleans: force shutdown and reboot on shutdown. There is a way for a working remote power off. The WMI-framework provides a function called win32shutdown. This function is also used by the Management Console-Shutdown. It offers nearly all flags which are available in the ExitWindowsEx-function. It is completely different to the net rpc shutdown. I've modified a VBscript-example provided in the WMI-SDK to get the shortest possible shutdown-session and sniffed it. There are about 100 packets on the wire (incl. authentication, SYNs, RSTs, etc.) I'll try to work out more about that in the next few days. If you can send me the trace (ina aformate readable by ethereal) I'm interested at looking into it and see how it is done. Simo.
Re: net rpc shutdown - how to poweroff
Hi Andrew! The existing net rpc shutdown function doesn't seem to be able to do a power off. It seems to be an implementation of the initiateSystemShutdown API-call, which is used in many freeware closed-source shutdown applications. I've played around with the flags in the current Samba-implementation with the following result: If one of the first 8 bits is set to 1 the machine reboots. The second 8 bits mark the forced shutdown but I haven't verified that it makes a difference to non-forced shutdowns. There is a way for a working remote power off. The WMI-framework provides a function called win32shutdown. This function is also used by the Management Console-Shutdown. It offers nearly all flags which are available in the ExitWindowsEx-function. It is completely different to the net rpc shutdown. I've modified a VBscript-example provided in the WMI-SDK to get the shortest possible shutdown-session and sniffed it. There are about 100 packets on the wire (incl. authentication, SYNs, RSTs, etc.) I'll try to work out more about that in the next few days. My biggest problem is that I'm not familiar enough with the SAMBA source code and the SMB/RPC-calls and this is my first attempt to work on a network program. Willi Mann Andrew Bartlett wrote: On Tue, 2002-12-17 at 06:37, Willi Mann wrote: Thanks for your fast answer but that's not the problem. rpc shutdown with windows2000 offers you four possibilities what you want to do: -logoff current user -shutdown (which really shuts down w2k but doesn't power off) -reboot -power off (if supported) (which does what I want) and three methods how to deal with applications, which block the process: -never -when no reaction -always Window: my computer administration properties extended shutdown The windows api also knows these different methods (look for exitwindowsex on m$dn). My problem is that remote shutdown from windows 2000 machines (german) only works if the remote machine is in the same domain. The samba net rpc shutdown command doesn't depend on that detail. However, it doesn't solve my problem because I want to power off the machines to avoid disk damage (8 hours but not more for class C drives says an Austrian IBM branch) but that command doesn't offer you that different ways shutdown methods. Grab a sniffer, and figure out what Win2k does that Samba does not do. Then see if you can come out with a patch - there just might be a few more flags in there we didn't know about. Andrew Bartlett
[PATCH] and question - net rpc shutdown
Hi!
This patch corrects a problem with the default comment for net rpc
shutdown.
(diff against 3.0)
My power off - problem persists because net rpc shutdown is similar to
InitiateSystemShutdown, which is not able to power off the computer. In
my research I've found out that powering off needs a Remote API call (if
my interpretations of the data on the wire are correct). Is there any
function in Samba which can send a remote API call?
Thanks
Willi
Index: utils/net.c
===
RCS file: /cvsroot/samba/source/utils/net.c,v
retrieving revision 1.43.2.8
diff -u -r1.43.2.8 net.c
--- utils/net.c 12 Nov 2002 23:20:49 - 1.43.2.8
+++ utils/net.c 23 Dec 2002 18:45:15 -
@@ -68,6 +68,7 @@
int opt_port = 0;
int opt_maxusers = -1;
char *opt_comment = ;
+BOOL opt_comment_specified = False;
int opt_flags = -1;
int opt_jobid = 0;
int opt_timeout = 0;
@@ -446,7 +447,7 @@
{myname, 'n', POPT_ARG_STRING, opt_requester_name},
{conf,'s', POPT_ARG_STRING, servicesf},
{server, 'S', POPT_ARG_STRING, opt_host},
- {comment, 'C', POPT_ARG_STRING, opt_comment},
+ {comment, 'C', POPT_ARG_STRING, opt_comment,'C'},
{maxusers,'M', POPT_ARG_INT,opt_maxusers},
{flags, 'F', POPT_ARG_INT,opt_flags},
{jobid, 'j', POPT_ARG_INT,opt_jobid},
@@ -487,6 +488,9 @@
*p = 0;
opt_password = p+1;
}
+ break;
+ case 'C':
+ opt_comment_specified = True;
break;
default:
d_printf(\nInvalid option %c (%d)\n,
(char)opt, opt);
Index: utils/net.h
===
RCS file: /cvsroot/samba/source/utils/net.h,v
retrieving revision 1.7.2.1
diff -u -r1.7.2.1 net.h
--- utils/net.h 15 Jul 2002 10:35:23 - 1.7.2.1
+++ utils/net.h 23 Dec 2002 18:45:25 -
@@ -38,6 +38,7 @@
extern int opt_maxusers;
extern char *opt_comment;
+extern BOOL opt_comment_specified;
extern int opt_flags;
extern char *opt_comment;
Index: utils/net_rpc.c
===
RCS file: /cvsroot/samba/source/utils/net_rpc.c,v
retrieving revision 1.14.2.10
diff -u -r1.14.2.10 net_rpc.c
--- utils/net_rpc.c 20 Dec 2002 20:21:31 - 1.14.2.10
+++ utils/net_rpc.c 23 Dec 2002 18:45:34 -
@@ -1478,7 +1478,7 @@
if (force) {
flgs |= REG_FORCE_SHUTDOWN;
}
- if (opt_comment) {
+ if (opt_comment_specified) {
msg = opt_comment;
}
if (opt_timeout) {
Re: [PATCH] and question - net rpc shutdown
Richard Sharpe wrote: On Mon, 23 Dec 2002, Willi Mann wrote: Hi! This patch corrects a problem with the default comment for net rpc shutdown. (diff against 3.0) My power off - problem persists because net rpc shutdown is similar to InitiateSystemShutdown, which is not able to power off the computer. In my research I've found out that powering off needs a Remote API call (if my interpretations of the data on the wire are correct). Is there any function in Samba which can send a remote API call? Do you mean a RAP call? The net function does them. Regards - Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org, sharpe[at]ethereal.com, http://www.richardsharpe.com The function I'd need is the ExitWindowsEx winapi function. I don't think that rap provides what I need. If you want to help me, there are the links to the initial messages of my problem: http://lists.samba.org/pipermail/samba-technical/2002-December/041366.html http://lists.samba.org/pipermail/samba-technical/2002-December/041369.html One mistake is in that postings: The shutdown method provided in w2k works if the local and the remote user have the same usernames and passwords, it is not requrired that they are in the same domain. Thanks Willi Mann
net rpc shutdown - how to poweroff
Hi! Is there any possibility to not only shut down but to power off a remote (w2k) machine with the net rpc shutdown command? I'd really need it because some users tend to be too lazy to power off their machines. Please help me. Willi
Re: [Samba] strange behavior maybe dependent on valid users
Thank you, but could you document that like: Note: If you use valid users in the global section, include the guest account because that's is needed, e.g., to accept LMB queries. in the smb.conf man page? WM Andrew Bartlett wrote: Willi Mann wrote: Hi! My problem: I have a network with many workgroups and my samba server 3.0alpha21cvs is the only member of one of that workgroups. If I went to the network neighborhood and tried to open the workgroup of my samba server I got an error message saying that the workgroup mygroup was not available. So I minimized the settings in the global section of my smb.conf and I was able to open mygroup. I reactivated the most important options like interfaces and hosts allow, which didn't seem to be the problem. But when I reactivated valid users containing 4 users, I was not able to browse mygroup any more. So, is it possible, that the ability to open a workgroup with only one samba server depends on the value of valid users? Do you have any other ideas, how to solve that problem? A *global* 'valid users' will need to include the guest account, as this is how some of these operations are conducted. Andrew Bartlett -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] strange behavior maybe dependent on valid users
Hi! My problem: I have a network with many workgroups and my samba server 3.0alpha21cvs is the only member of one of that workgroups. If I went to the network neighborhood and tried to open the workgroup of my samba server I got an error message saying that the workgroup mygroup was not available. So I minimized the settings in the global section of my smb.conf and I was able to open mygroup. I reactivated the most important options like interfaces and hosts allow, which didn't seem to be the problem. But when I reactivated valid users containing 4 users, I was not able to browse mygroup any more. So, is it possible, that the ability to open a workgroup with only one samba server depends on the value of valid users? Do you have any other ideas, how to solve that problem? Thanks Willi Mann -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
