[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via e8e5afd krb5samba: Add smb_krb5_make_pac_checksum. via 7f9e4d7 s4-auth: Use smb_krb5_make_pac_checksum. via 3ef95a0 krb5samba: Add krb5_free_checksum_contents wrapper from 470cfb3 lib/util: Map 0x7fffLL as 0x7fffLL in time conversion http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit e8e5afd4d4038043f1125c5e2afc41e9e87ebfde Author: Andreas Schneider a...@samba.org Date: Thu May 3 17:10:27 2012 +0200 krb5samba: Add smb_krb5_make_pac_checksum. Signed-off-by: Simo Sorce i...@samba.org Autobuild-User: Simo Sorce i...@samba.org Autobuild-Date: Tue May 8 08:30:52 CEST 2012 on sn-devel-104 commit 7f9e4d70b9a2db7400791fbfef284dd63e79f078 Author: Andreas Schneider a...@samba.org Date: Thu May 3 17:10:53 2012 +0200 s4-auth: Use smb_krb5_make_pac_checksum. Signed-off-by: Simo Sorce i...@samba.org commit 3ef95a0b59fa2a9ec5d01398d702bd107f290422 Author: Simo Sorce i...@samba.org Date: Fri May 4 11:02:48 2012 -0400 krb5samba: Add krb5_free_checksum_contents wrapper --- Summary of changes: lib/krb5_wrap/krb5_samba.c | 83 +++ lib/krb5_wrap/krb5_samba.h | 14 + source3/configure.in|2 + source4/auth/kerberos/kerberos_pac.c| 78 + source4/heimdal_build/wscript_configure |2 + wscript_configure_krb5 |3 +- 6 files changed, 127 insertions(+), 55 deletions(-) Changeset truncated at 500 lines: diff --git a/lib/krb5_wrap/krb5_samba.c b/lib/krb5_wrap/krb5_samba.c index ddebdd8..16c6901 100644 --- a/lib/krb5_wrap/krb5_samba.c +++ b/lib/krb5_wrap/krb5_samba.c @@ -2175,6 +2175,89 @@ krb5_error_code smb_krb5_cc_get_lifetime(krb5_context context, } #endif /* HAVE_KRB5_CC_GET_LIFETIME */ +#if !defined(HAVE_KRB5_FREE_CHECKSUM_CONTENTS) defined(HAVE_FREE_CHECKSUM) +void smb_krb5_free_checksum_contents(krb5_context ctx, krb5_checksum *cksum) +{ + free_Checksum(cksum); +} +#endif + +krb5_error_code smb_krb5_make_pac_checksum(TALLOC_CTX *mem_ctx, + DATA_BLOB *pac_data, + krb5_context context, + const krb5_keyblock *keyblock, + uint32_t *sig_type, + DATA_BLOB *sig_blob) +{ + krb5_error_code ret; + krb5_checksum cksum; +#if defined(HAVE_KRB5_CRYPTO_INIT) defined(HAVE_KRB5_CREATE_CHECKSUM) + krb5_crypto crypto; + + + ret = krb5_crypto_init(context, + keyblock, + 0, + crypto); + if (ret) { + DEBUG(0,(krb5_crypto_init() failed: %s\n, + smb_get_krb5_error_message(context, ret, mem_ctx))); + return ret; + } + ret = krb5_create_checksum(context, + crypto, + KRB5_KU_OTHER_CKSUM, + 0, + pac_data-data, + pac_data-length, + cksum); + if (ret) { + DEBUG(2, (PAC Verification failed: %s\n, + smb_get_krb5_error_message(context, ret, mem_ctx))); + } + + krb5_crypto_destroy(context, crypto); + + if (ret) { + return ret; + } + + *sig_type = cksum.cksumtype; + *sig_blob = data_blob_talloc(mem_ctx, + cksum.checksum.data, + cksum.checksum.length); +#elif defined(HAVE_KRB5_C_MAKE_CHECKSUM) + krb5_data input; + + input.data = (char *)pac_data-data; + input.length = pac_data-length; + + ret = krb5_c_make_checksum(context, + 0, + keyblock, + KRB5_KEYUSAGE_APP_DATA_CKSUM, + input, + cksum); + if (ret) { + DEBUG(2, (PAC Verification failed: %s\n, + smb_get_krb5_error_message(context, ret, mem_ctx))); + return ret; + } + + *sig_type = cksum.checksum_type; + *sig_blob = data_blob_talloc(mem_ctx, + cksum.contents, + cksum.length); + +#else +#error krb5_create_checksum or krb5_c_make_checksum not available +#endif /* HAVE_KRB5_C_MAKE_CHECKSUM */ + smb_krb5_free_checksum_contents(context, cksum); + + return 0; +} + + /*
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 2ae02ef s3:vfs/shadow_copy2 fix some compiler warnings via 617b636 s3:vfs/shadow_copy2 make descending sort order the default via a7df061 docs:autorid document ignore builtin parameter via 0bedec7 s3:winbindd/autorid add ignore builtin parameter via da97234 docs:autorid document read-only parameter via 2997f2f s3:winbindd/autorid add support for read-only mode via 6bda0f6 docs:autorid document how well-known SIDs will be mapped via 920e3e3 s3:winbindd/autorid preallocate well-known SIDs from e8e5afd krb5samba: Add smb_krb5_make_pac_checksum. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 2ae02efabd5151c849ea079851607e7f45cf7a6f Author: Christian Ambach a...@samba.org Date: Tue May 8 09:15:12 2012 +0200 s3:vfs/shadow_copy2 fix some compiler warnings about unused variables Autobuild-User: Christian Ambach a...@samba.org Autobuild-Date: Tue May 8 11:15:07 CEST 2012 on sn-devel-104 commit 617b63658b02957422359a76fd8b8e4748d228ee Author: Christian Ambach a...@samba.org Date: Tue May 8 09:11:36 2012 +0200 s3:vfs/shadow_copy2 make descending sort order the default otherwise Explorer won't work correctly when trying to restore a folder commit a7df061ddfc9cdb8ea41cf770ce9c28523246d45 Author: Christian Ambach a...@samba.org Date: Mon May 7 19:17:18 2012 +0200 docs:autorid document ignore builtin parameter commit 0bedec7abea5f8dea5d6bd1fbb600f7beebabef9 Author: Christian Ambach a...@samba.org Date: Mon May 7 19:14:56 2012 +0200 s3:winbindd/autorid add ignore builtin parameter BUILTIN should be handled by passdb, however if passdb does not know about a SID, autorid creates a range for BUILTIN and does deterministic mapping make it possible to turn off this behavior commit da9723478321565fc552cced964d3e72c69f634b Author: Christian Ambach a...@samba.org Date: Mon May 7 19:02:23 2012 +0200 docs:autorid document read-only parameter commit 2997f2fe807cde8d22eaf4f253f9a64a8aca833a Author: Christian Ambach a...@samba.org Date: Mon May 7 14:19:26 2012 +0200 s3:winbindd/autorid add support for read-only mode make it possible to set read-only = yes for the backend so users can replicate an autorid.tdb to another server to use the same mappings without risking that updates are done on both sides commit 6bda0f6f88d381c93d1a46b46ad7fce7bed2d2de Author: Christian Ambach a...@samba.org Date: Mon May 7 19:08:10 2012 +0200 docs:autorid document how well-known SIDs will be mapped they consume space of the allocation pool and a list of most known well-known SIDs is preallocated to create a deterministic mapping commit 920e3e301d066d1307f2ca7f21248891e484842e Author: Christian Ambach a...@samba.org Date: Fri May 4 17:56:26 2012 +0200 s3:winbindd/autorid preallocate well-known SIDs preallocate the list of well-known SIDs that Win2008R2 reports to be groups and that are on the list in KB243330 This will allow for deterministic mapping of these SIDs, even if they are stored in the allocation pool as this is the first thing that autorid will allocate from the pool during module initialization --- Summary of changes: docs-xml/manpages-3/idmap_autorid.8.xml | 18 +- source3/modules/vfs_shadow_copy2.c |9 +-- source3/winbindd/idmap_autorid.c| 99 +-- 3 files changed, 114 insertions(+), 12 deletions(-) Changeset truncated at 500 lines: diff --git a/docs-xml/manpages-3/idmap_autorid.8.xml b/docs-xml/manpages-3/idmap_autorid.8.xml index e563cdd..498ef68 100644 --- a/docs-xml/manpages-3/idmap_autorid.8.xml +++ b/docs-xml/manpages-3/idmap_autorid.8.xml @@ -52,7 +52,11 @@ plan accordingly for your expected number of users in a domain with safety margins. /para - paraOne range will be used for local users and groups. + paraOne range will be used for local users and groups and for + non-domain well-known SIDs like Everyone (S-1-1-0) or Creator Owner (S-1-3-0). + A chosen list of well-known SIDs will be preallocated on first start + to create deterministic mappings for those./para + para Thus the number of local users and groups that can be created is limited by this option as well. If you plan to create a large amount of local users or groups, you will need set this parameter accordingly. @@ -60,6 +64,18 @@ paraThe default value is 10./para
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via e42e87d s3-docs: Fix several typos. via d8acdd0 s3-docs: overrided - overridden from 2ae02ef s3:vfs/shadow_copy2 fix some compiler warnings http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit e42e87d5449f68d249aa3b96bf73e4bae20c2772 Author: Karolin Seeger ksee...@samba.org Date: Tue May 8 12:01:28 2012 +0200 s3-docs: Fix several typos. Part of a fix for bug #7938. Based on a patch provided by John Bradshaw j...@johnbradshaw.org. Karolin Autobuild-User: Karolin Seeger ksee...@samba.org Autobuild-Date: Tue May 8 13:56:32 CEST 2012 on sn-devel-104 commit d8acdd020a4dc28bef20f156c89a0262c9f82df5 Author: Karolin Seeger ksee...@samba.org Date: Tue May 8 11:05:37 2012 +0200 s3-docs: overrided - overridden Fix typo. Part of a fix for bug #7938. Based on a patch provided by John Bradshaw j...@johnbradshaw.org. --- Summary of changes: docs-xml/Samba3-ByExample/SBE-MakingHappyUsers.xml |2 +- docs-xml/Samba3-Developers-Guide/unix-smb.xml |2 +- docs-xml/Samba3-HOWTO/TOSHARG-AccessControls.xml |2 +- docs-xml/Samba3-HOWTO/TOSHARG-TDBFiles.xml |2 +- docs-xml/Samba3-HOWTO/TOSHARG-VFS.xml |2 +- docs-xml/manpages-3/idmap_nss.8.xml|2 +- docs-xml/manpages-3/ldbadd.1.xml |2 +- docs-xml/manpages-3/ldbdel.1.xml |2 +- docs-xml/manpages-3/ldbmodify.1.xml|2 +- docs-xml/manpages-3/ldbrename.1.xml|2 +- docs-xml/manpages-3/ldbsearch.1.xml|4 ++-- docs-xml/manpages-3/libsmbclient.7.xml |2 +- docs-xml/manpages-3/net.8.xml |2 +- docs-xml/manpages-3/ntlm_auth.1.xml| 12 ++-- docs-xml/manpages-3/pdbedit.8.xml | 20 ++-- docs-xml/manpages-3/rpcclient.1.xml|2 +- docs-xml/manpages-3/smbclient.1.xml|6 +++--- docs-xml/manpages-3/smbcontrol.1.xml |2 +- docs-xml/manpages-3/smbcquotas.1.xml |2 +- docs-xml/manpages-3/smbd.8.xml |8 docs-xml/manpages-3/tdbbackup.8.xml|4 ++-- docs-xml/manpages-3/testparm.1.xml |2 +- docs-xml/manpages-3/vfs_readonly.8.xml |2 +- docs-xml/manpages-3/vfs_shadow_copy2.8.xml |2 +- docs-xml/manpages-3/vfs_smb_traffic_analyzer.8.xml |6 +++--- docs-xml/smbdotconf/filename/maxstatcachesize.xml |2 +- docs-xml/using_samba/ch07.xml |2 +- 27 files changed, 50 insertions(+), 50 deletions(-) Changeset truncated at 500 lines: diff --git a/docs-xml/Samba3-ByExample/SBE-MakingHappyUsers.xml b/docs-xml/Samba3-ByExample/SBE-MakingHappyUsers.xml index 9ea5004..3cacc71 100644 --- a/docs-xml/Samba3-ByExample/SBE-MakingHappyUsers.xml +++ b/docs-xml/Samba3-ByExample/SBE-MakingHappyUsers.xml @@ -3881,7 +3881,7 @@ HKEY_LOCAL_MACHINE\Default\Software\Microsoft\Windows\ Note: If MS Outlook has been configured to use an IMAP account configuration there may be problems following these instructions. Feedback from users suggests that where IMAP is used the PST file is used to store rules and filters. When the PST store is relocated it appears to break - MS Outlook's Send/Receive button. If anyone has sucessfully relocated PST files where IMAP is + MS Outlook's Send/Receive button. If anyone has successfully relocated PST files where IMAP is used please email literalj...@samba.org/literal with useful tips and suggestions so that this warning can be removed or modified. /para/step diff --git a/docs-xml/Samba3-Developers-Guide/unix-smb.xml b/docs-xml/Samba3-Developers-Guide/unix-smb.xml index b700dfc..ae6bdcd 100644 --- a/docs-xml/Samba3-Developers-Guide/unix-smb.xml +++ b/docs-xml/Samba3-Developers-Guide/unix-smb.xml @@ -299,7 +299,7 @@ doesn't support them all. Samba currently supports up to the NT LM 0.12 protocol, which is the one preferred by Win95 and WinNT3.5. Luckily this protocol level has a capabilities field which specifies which super-duper new-fangled -options the server suports. This helps to make the implementation of +options the server supports. This helps to make the implementation of this protocol level much easier. /para diff --git a/docs-xml/Samba3-HOWTO/TOSHARG-AccessControls.xml b/docs-xml/Samba3-HOWTO/TOSHARG-AccessControls.xml index 0a50698..6096975 100644 --- a/docs-xml/Samba3-HOWTO/TOSHARG-AccessControls.xml +++ b/docs-xml/Samba3-HOWTO/TOSHARG-AccessControls.xml @@ -1380,7 +1380,7 @@ mystic:/home/hannibal
[SCM] Samba Shared Repository - branch v3-6-test updated
The branch, v3-6-test has been updated via 9fd8692 s3/ldap: remove outdated netscape ds 5 schema file from 50973b9 Fix bug #8877 - Syslog broken owing to mistyping of debug_settings.syslog. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test - Log - commit 9fd8692a9d066f4e469eb0668ae1f0c8b2c8db6c Author: Björn Jacke b...@sernet.de Date: Tue May 8 14:10:51 2012 +0200 s3/ldap: remove outdated netscape ds 5 schema file remove outdated netscape ds 5 schema file and put a README there pointing to the FDS schema file instead. This fixes bug #8869 (commit b31f773ae1640313dc1ba86b334e9bbb9cb31bd6 in master) --- Summary of changes: examples/LDAP/samba-schema-netscapeds5.x| 77 --- examples/LDAP/samba-schema-netscapeds5.x.README |2 + 2 files changed, 2 insertions(+), 77 deletions(-) delete mode 100644 examples/LDAP/samba-schema-netscapeds5.x create mode 100644 examples/LDAP/samba-schema-netscapeds5.x.README Changeset truncated at 500 lines: diff --git a/examples/LDAP/samba-schema-netscapeds5.x b/examples/LDAP/samba-schema-netscapeds5.x deleted file mode 100644 index 55c2aff..000 --- a/examples/LDAP/samba-schema-netscapeds5.x +++ /dev/null @@ -1,77 +0,0 @@ -## -## Darren Chew darren.chew at vicscouts dot asn dot au -## Andre Fiebach andre dot fiebach at stud dot uni-rostock dot de -## Thomas Mueller 12.04.2003, thomas.muel...@christ-wasser.de -## Richard Renard rren...@idealx.com 2005-01-28 -## - added support for MungedDial, BadPasswordCount, BadPasswordTime, PasswordHistory, LogonHours -## TAKEDA Yasuma yas...@osstech.co.jp 2008-11-06 -## - added sambaTrustedDomainPassword objectClasses -## - in Sun One 5.2 copy it as 99samba-schema-netscapeds5.ldif -## -## Samba 3.2 schema file for Netscape DS 5.x -## -## INSTALL-DIRECTORY/slapd-your_name/config/schema/samba-schema-netscapeds5.ldif - -# Sun One DS do not load the schema without this lines -# André Fiebach af...@uni-rostock.de -dn: cn=schema -objectClass: top -objectClass: ldapSubentry -objectClass: subschema -cn: schema -aci: (target=ldap:///cn=schema;)(targetattr !=aci)(version 3.0;acl anonymo - us, no acis; allow (read, search, compare) userdn = ldap:///anyone;;) -aci: (targetattr = *)(version 3.0; acl Configuration Administrator; allow - (all) userdn = ldap:///uid=admin,ou=Administrators, ou=TopologyManagement, - o=NetscapeRoot;) -aci: (targetattr = *)(version 3.0; acl Local Directory Administrators Group - ; allow (all) groupdn = ldap:///cn=Directory Administrators, dc=samba,dc=org;) -aci: (targetattr = *)(version 3.0; acl SIE Group; allow (all)groupdn = ld - ap:///cn=slapd-sambaldap, cn=iPlanet Directory Server, cn=Server Group, cn=iPlanetDirectory.samba.org, ou=samba.org, o=NetscapeRoot;) - -objectClasses: ( 1.3.6.1.4.1.7165.2.2.6 NAME 'sambaSamAccount' SUP top AUXILIARY DESC 'Samba 3.0 Auxilary SAM Account' MUST ( uid $ sambaSID ) MAY ( cn $ sambaLMPassword $ sambaNTPassword $ sambaPwdLastSet $ sambaLogonTime $ sambaLogoffTime $ sambaKickoffTime $ sambaPwdCanChange $ sambaPwdMustChange $ sambaAcctFlags $ displayName $ sambaHomePath $ sambaHomeDrive $ sambaLogonScript $ sambaProfilePath $ description $ sambaUserWorkstations $ sambaPrimaryGroupSID $ sambaDomainName $ sambaMungedDial $ sambaBadPasswordCount $ sambaBadPasswordTime $ sambaPasswordHistory $ sambaLogonHours) X-ORIGIN 'user defined' ) -objectClasses: ( 1.3.6.1.4.1.7165.2.2.4 NAME 'sambaGroupMapping' SUP top AUXILIARY DESC 'Samba Group Mapping' MUST ( gidNumber $ sambaSID $ sambaGroupType ) MAY ( displayName $ description ) X-ORIGIN 'user defined' ) -objectClasses: ( 1.3.6.1.4.1.7165.2.2.5 NAME 'sambaDomain' SUP top STRUCTURAL DESC 'Samba Domain Information' MUST ( sambaDomainName $ sambaSID ) MAY ( sambaNextRid $ sambaNextGroupRid $ sambaNextUserRid $ sambaAlgorithmicRidBase ) X-ORIGIN 'user defined' ) -objectClasses: ( 1.3.6.1.4.1.7165.2.2.7 NAME 'sambaUnixIdPool' SUP top AUXILIARY DESC 'Pool for allocating UNIX uids/gids' MUST ( uidNumber $ gidNumber ) X-ORIGIN 'user defined' ) -objectClasses: ( 1.3.6.1.4.1.7165.2.2.8 NAME 'sambaIdmapEntry' SUP top AUXILIARY DESC 'Mapping from a SID to an ID' MUST ( sambaSID ) MAY ( uidNumber $ gidNumber ) X-ORIGIN 'user defined' ) -objectClasses: ( 1.3.6.1.4.1.7165.2.2.9 NAME 'sambaSidEntry' SUP top STRUCTURAL DESC 'Structural Class for a SID' MUST ( sambaSID ) X-ORIGIN 'user defined' ) -objectClasses: ( 1.3.6.1.4.1.7165.2.2.15 NAME 'sambaTrustedDomainPassword' SUP top STRUCTURAL DESC 'Samba Trusted Domain Password' MUST ( sambaDomainName $ sambaSID $ sambaClearTextPassword $ sambaPwdLastSet ) MAY ( sambaPreviousClearTextPassword ) X-ORIGIN 'user defined')
[SCM] Samba Shared Repository - branch v3-5-test updated
The branch, v3-5-test has been updated via 353d743 s3/ldap: remove outdated netscape ds 5 schema file from 6692bd5 Fix bug #8831 - Inconsistent (with manpage) command-line switch for help in smbtree http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test - Log - commit 353d7436468247ad20c006480a134caaccf0228c Author: Björn Jacke b...@sernet.de Date: Tue May 8 14:23:33 2012 +0200 s3/ldap: remove outdated netscape ds 5 schema file remove outdated netscape ds 5 schema file and put a README there pointing to the FDS schema file instead. This fixes bug #8869 (commit b31f773ae1640313dc1ba86b334e9bbb9cb31bd6 in master) (commit 9fd8692a9d066f4e469eb0668ae1f0c8b2c8db6c in v3-6-test) --- Summary of changes: examples/LDAP/samba-schema-netscapeds5.x| 67 --- examples/LDAP/samba-schema-netscapeds5.x.README |2 + 2 files changed, 2 insertions(+), 67 deletions(-) delete mode 100644 examples/LDAP/samba-schema-netscapeds5.x create mode 100644 examples/LDAP/samba-schema-netscapeds5.x.README Changeset truncated at 500 lines: diff --git a/examples/LDAP/samba-schema-netscapeds5.x b/examples/LDAP/samba-schema-netscapeds5.x deleted file mode 100644 index 8125adc..000 --- a/examples/LDAP/samba-schema-netscapeds5.x +++ /dev/null @@ -1,67 +0,0 @@ -## -## Darren Chew darren.chew at vicscouts dot asn dot au -## Andre Fiebach andre dot fiebach at stud dot uni-rostock dot de -## Thomas Mueller 12.04.2003, thomas.muel...@christ-wasser.de -## Richard Renard rren...@idealx.com 2005-01-28 -## - added support for MungedDial, BadPasswordCount, BadPasswordTime, PasswordHistory, LogonHours -## TAKEDA Yasuma yas...@osstech.co.jp 2008-11-06 -## - added sambaTrustedDomainPassword objectClasses -## - in Sun One 5.2 copy it as 99samba-schema-netscapeds5.ldif -## -## Samba 3.2 schema file for Netscape DS 5.x -## -## INSTALL-DIRECTORY/slapd-your_name/config/schema/samba-schema-netscapeds5.ldif - -# Sun One DS do not load the schema without this lines -# André Fiebach af...@uni-rostock.de -dn: cn=schema -objectClass: top -objectClass: ldapSubentry -objectClass: subschema -cn: schema -aci: (target=ldap:///cn=schema;)(targetattr !=aci)(version 3.0;acl anonymo - us, no acis; allow (read, search, compare) userdn = ldap:///anyone;;) -aci: (targetattr = *)(version 3.0; acl Configuration Administrator; allow - (all) userdn = ldap:///uid=admin,ou=Administrators, ou=TopologyManagement, - o=NetscapeRoot;) -aci: (targetattr = *)(version 3.0; acl Local Directory Administrators Group - ; allow (all) groupdn = ldap:///cn=Directory Administrators, dc=samba,dc=org;) -aci: (targetattr = *)(version 3.0; acl SIE Group; allow (all)groupdn = ld - ap:///cn=slapd-sambaldap, cn=iPlanet Directory Server, cn=Server Group, cn=iPlanetDirectory.samba.org, ou=samba.org, o=NetscapeRoot;) - -objectClasses: ( 1.3.6.1.4.1.7165.2.2.6 NAME 'sambaSamAccount' SUP top AUXILIARY DESC 'Samba 3.0 Auxilary SAM Account' MUST ( uid $ sambaSID ) MAY ( cn $ sambaLMPassword $ sambaNTPassword $ sambaPwdLastSet $ sambaLogonTime $ sambaLogoffTime $ sambaKickoffTime $ sambaPwdCanChange $ sambaPwdMustChange $ sambaAcctFlags $ displayName $ sambaHomePath $ sambaHomeDrive $ sambaLogonScript $ sambaProfilePath $ description $ sambaUserWorkstations $ sambaPrimaryGroupSID $ sambaDomainName $ sambaMungedDial $ sambaBadPasswordCount $ sambaBadPasswordTime $ sambaPasswordHistory $ sambaLogonHours) X-ORIGIN 'user defined' ) -objectClasses: ( 1.3.6.1.4.1.7165.2.2.4 NAME 'sambaGroupMapping' SUP top AUXILIARY DESC 'Samba Group Mapping' MUST ( gidNumber $ sambaSID $ sambaGroupType ) MAY ( displayName $ description ) X-ORIGIN 'user defined' ) -objectClasses: ( 1.3.6.1.4.1.7165.2.2.5 NAME 'sambaDomain' SUP top STRUCTURAL DESC 'Samba Domain Information' MUST ( sambaDomainName $ sambaSID ) MAY ( sambaNextRid $ sambaNextGroupRid $ sambaNextUserRid $ sambaAlgorithmicRidBase ) X-ORIGIN 'user defined' ) -objectClasses: ( 1.3.6.1.4.1.7165.2.2.7 NAME 'sambaUnixIdPool' SUP top AUXILIARY DESC 'Pool for allocating UNIX uids/gids' MUST ( uidNumber $ gidNumber ) X-ORIGIN 'user defined' ) -objectClasses: ( 1.3.6.1.4.1.7165.2.2.8 NAME 'sambaIdmapEntry' SUP top AUXILIARY DESC 'Mapping from a SID to an ID' MUST ( sambaSID ) MAY ( uidNumber $ gidNumber ) X-ORIGIN 'user defined' ) -objectClasses: ( 1.3.6.1.4.1.7165.2.2.9 NAME 'sambaSidEntry' SUP top STRUCTURAL DESC 'Structural Class for a SID' MUST ( sambaSID ) X-ORIGIN 'user defined' ) -objectClasses: ( 1.3.6.1.4.1.7165.2.2.15 NAME 'sambaTrustedDomainPassword' SUP top STRUCTURAL DESC 'Samba Trusted Domain Password' MUST ( sambaDomainName $ sambaSID $ sambaClearTextPassword $
[SCM] Samba Shared Repository - branch v3-6-test updated
The branch, v3-6-test has been updated via 3522cbb s3-docs: Fix several typos. via 6b48902 s3-docs: overrided - overridden from 9fd8692 s3/ldap: remove outdated netscape ds 5 schema file http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test - Log - commit 3522cbb537069286b55264bfdd5484c278d76181 Author: Karolin Seeger ksee...@samba.org Date: Tue May 8 12:01:28 2012 +0200 s3-docs: Fix several typos. Part of a fix for bug #7938. Based on a patch provided by John Bradshaw j...@johnbradshaw.org. Karolin commit 6b4890246ddbd606484e7247bea86c238cc0a057 Author: Karolin Seeger ksee...@samba.org Date: Tue May 8 11:05:37 2012 +0200 s3-docs: overrided - overridden Fix typo. Part of a fix for bug #7938. Based on a patch provided by John Bradshaw j...@johnbradshaw.org. --- Summary of changes: docs-xml/Samba3-ByExample/SBE-MakingHappyUsers.xml |2 +- docs-xml/Samba3-Developers-Guide/unix-smb.xml |2 +- docs-xml/Samba3-HOWTO/TOSHARG-AccessControls.xml |2 +- docs-xml/Samba3-HOWTO/TOSHARG-TDBFiles.xml |2 +- docs-xml/Samba3-HOWTO/TOSHARG-VFS.xml |2 +- docs-xml/manpages-3/idmap_nss.8.xml|2 +- docs-xml/manpages-3/libsmbclient.7.xml |2 +- docs-xml/manpages-3/net.8.xml |2 +- docs-xml/manpages-3/ntlm_auth.1.xml| 12 ++-- docs-xml/manpages-3/pdbedit.8.xml | 20 ++-- docs-xml/manpages-3/smbclient.1.xml|6 +++--- docs-xml/manpages-3/smbcontrol.1.xml |2 +- docs-xml/manpages-3/smbcquotas.1.xml |2 +- docs-xml/manpages-3/smbd.8.xml |8 docs-xml/manpages-3/tdbbackup.8.xml|4 ++-- docs-xml/manpages-3/testparm.1.xml |2 +- docs-xml/manpages-3/vfs_readonly.8.xml |2 +- docs-xml/manpages-3/vfs_shadow_copy2.8.xml |2 +- docs-xml/manpages-3/vfs_smb_traffic_analyzer.8.xml |6 +++--- docs-xml/smbdotconf/filename/maxstatcachesize.xml |2 +- docs-xml/using_samba/ch07.xml |2 +- 21 files changed, 43 insertions(+), 43 deletions(-) Changeset truncated at 500 lines: diff --git a/docs-xml/Samba3-ByExample/SBE-MakingHappyUsers.xml b/docs-xml/Samba3-ByExample/SBE-MakingHappyUsers.xml index 9ea5004..3cacc71 100644 --- a/docs-xml/Samba3-ByExample/SBE-MakingHappyUsers.xml +++ b/docs-xml/Samba3-ByExample/SBE-MakingHappyUsers.xml @@ -3881,7 +3881,7 @@ HKEY_LOCAL_MACHINE\Default\Software\Microsoft\Windows\ Note: If MS Outlook has been configured to use an IMAP account configuration there may be problems following these instructions. Feedback from users suggests that where IMAP is used the PST file is used to store rules and filters. When the PST store is relocated it appears to break - MS Outlook's Send/Receive button. If anyone has sucessfully relocated PST files where IMAP is + MS Outlook's Send/Receive button. If anyone has successfully relocated PST files where IMAP is used please email literalj...@samba.org/literal with useful tips and suggestions so that this warning can be removed or modified. /para/step diff --git a/docs-xml/Samba3-Developers-Guide/unix-smb.xml b/docs-xml/Samba3-Developers-Guide/unix-smb.xml index b700dfc..ae6bdcd 100644 --- a/docs-xml/Samba3-Developers-Guide/unix-smb.xml +++ b/docs-xml/Samba3-Developers-Guide/unix-smb.xml @@ -299,7 +299,7 @@ doesn't support them all. Samba currently supports up to the NT LM 0.12 protocol, which is the one preferred by Win95 and WinNT3.5. Luckily this protocol level has a capabilities field which specifies which super-duper new-fangled -options the server suports. This helps to make the implementation of +options the server supports. This helps to make the implementation of this protocol level much easier. /para diff --git a/docs-xml/Samba3-HOWTO/TOSHARG-AccessControls.xml b/docs-xml/Samba3-HOWTO/TOSHARG-AccessControls.xml index 0a50698..6096975 100644 --- a/docs-xml/Samba3-HOWTO/TOSHARG-AccessControls.xml +++ b/docs-xml/Samba3-HOWTO/TOSHARG-AccessControls.xml @@ -1380,7 +1380,7 @@ mystic:/home/hannibal rm filename Samba has to deal with the complicated matter of handling the challenge of the Windows ACL that implements emphasisinheritance/emphasis, a concept not anticipated by POSIX ACLs as implemented in UNIX file systems. Samba provides support for emphasismasks/emphasis - that permit normal ugo and ACLs functionality to be overrided. This further complicates + that permit normal ugo and ACLs functionality to be overridden. This further
[SCM] Samba Shared Repository - branch v3-5-test updated
The branch, v3-5-test has been updated via 8b266d1 s3-docs: overrided - overridden from 353d743 s3/ldap: remove outdated netscape ds 5 schema file http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test - Log - commit 8b266d110d77b2204a29c00f7f57e62fe801cbfc Author: Karolin Seeger ksee...@samba.org Date: Tue May 8 11:05:37 2012 +0200 s3-docs: overrided - overridden Fix typo. Part of a fix for bug #7938. Based on a patch provided by John Bradshaw j...@johnbradshaw.org. (cherry picked from commit 6b4890246ddbd606484e7247bea86c238cc0a057) --- Summary of changes: docs-xml/Samba3-HOWTO/TOSHARG-AccessControls.xml |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/docs-xml/Samba3-HOWTO/TOSHARG-AccessControls.xml b/docs-xml/Samba3-HOWTO/TOSHARG-AccessControls.xml index ea68594..a97ffbf 100644 --- a/docs-xml/Samba3-HOWTO/TOSHARG-AccessControls.xml +++ b/docs-xml/Samba3-HOWTO/TOSHARG-AccessControls.xml @@ -1380,7 +1380,7 @@ mystic:/home/hannibal rm filename Samba has to deal with the complicated matter of handling the challenge of the Windows ACL that implements emphasisinheritance/emphasis, a concept not anticipated by POSIX ACLs as implemented in UNIX file systems. Samba provides support for emphasismasks/emphasis - that permit normal ugo and ACLs functionality to be overrided. This further complicates + that permit normal ugo and ACLs functionality to be overridden. This further complicates the way in which Windows ACLs must be implemented. /para -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-6-test updated
The branch, v3-6-test has been updated via d2f4164 s3-VFS: Fix building out-of-tree modules. from 3522cbb s3-docs: Fix several typos. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test - Log - commit d2f4164e3db2c341ff3a1b35a68f691848c9a859 Author: Richard Sharpe realrichardsha...@gmail.com Date: Tue May 8 14:53:10 2012 +0200 s3-VFS: Fix building out-of-tree modules. Fix bug #8822 (VFS module init function name has to be manually changed depending on build environment). --- Summary of changes: examples/VFS/Makefile.in |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/examples/VFS/Makefile.in b/examples/VFS/Makefile.in index 8fe414a..98d259f 100644 --- a/examples/VFS/Makefile.in +++ b/examples/VFS/Makefile.in @@ -36,7 +36,7 @@ default: $(patsubst %.c,%.$(SHLIBEXT),$(wildcard *.c)) %.$(OBJEXT): %.c @echo Compiling $ - @$(CC) $(FLAGS) -c $ + @$(CC) $(FLAGS) -c $ -D$*_init=init_samba_module install: default -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-5-test updated
The branch, v3-5-test has been updated via ca9538b s3-VFS: Fix building out-of-tree modules. from 8b266d1 s3-docs: overrided - overridden http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test - Log - commit ca9538bcd8ac153ab7d9bc21dab01d702d13c554 Author: Richard Sharpe realrichardsha...@gmail.com Date: Tue May 8 14:53:10 2012 +0200 s3-VFS: Fix building out-of-tree modules. Fix bug #8822 (VFS module init function name has to be manually changed depending on build environment). (cherry picked from commit d2f4164e3db2c341ff3a1b35a68f691848c9a859) --- Summary of changes: examples/VFS/Makefile.in |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/examples/VFS/Makefile.in b/examples/VFS/Makefile.in index 8fe414a..98d259f 100644 --- a/examples/VFS/Makefile.in +++ b/examples/VFS/Makefile.in @@ -36,7 +36,7 @@ default: $(patsubst %.c,%.$(SHLIBEXT),$(wildcard *.c)) %.$(OBJEXT): %.c @echo Compiling $ - @$(CC) $(FLAGS) -c $ + @$(CC) $(FLAGS) -c $ -D$*_init=init_samba_module install: default -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via f01c6cf s4 dns: unify error handling when bailing out via 7420698 s4 dns: Add TSIG and TKEY records to idl from e42e87d s3-docs: Fix several typos. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit f01c6cf707087141fe244a1d90c5cdcb69322820 Author: Kai Blin k...@samba.org Date: Wed Mar 28 12:19:51 2012 +0200 s4 dns: unify error handling when bailing out Autobuild-User: Kai Blin k...@samba.org Autobuild-Date: Tue May 8 15:48:25 CEST 2012 on sn-devel-104 commit 74206984daa9c707a38675df88d6bbe660d876bc Author: Kai Blin k...@samba.org Date: Tue Mar 13 08:04:14 2012 +0100 s4 dns: Add TSIG and TKEY records to idl --- Summary of changes: librpc/idl/dns.idl | 67 -- source4/dns_server/dns_server.c | 23 ++--- 2 files changed, 67 insertions(+), 23 deletions(-) Changeset truncated at 500 lines: diff --git a/librpc/idl/dns.idl b/librpc/idl/dns.idl index e012162..a92c418 100644 --- a/librpc/idl/dns.idl +++ b/librpc/idl/dns.idl @@ -46,17 +46,23 @@ interface dns /* rcode values */ typedef [public] enum { - DNS_RCODE_OK = 0x0, - DNS_RCODE_FORMERR = 0x1, - DNS_RCODE_SERVFAIL = 0x2, - DNS_RCODE_NXDOMAIN = 0x3, - DNS_RCODE_NOTIMP = 0x4, - DNS_RCODE_REFUSED = 0x5, - DNS_RCODE_YXDOMAIN = 0x6, - DNS_RCODE_YXRRSET = 0x7, - DNS_RCODE_NXRRSET = 0x8, - DNS_RCODE_NOTAUTH = 0x9, - DNS_RCODE_NOTZONE = 0xA + DNS_RCODE_OK = 0x00, + DNS_RCODE_FORMERR = 0x01, + DNS_RCODE_SERVFAIL = 0x02, + DNS_RCODE_NXDOMAIN = 0x03, + DNS_RCODE_NOTIMP = 0x04, + DNS_RCODE_REFUSED = 0x05, + DNS_RCODE_YXDOMAIN = 0x06, + DNS_RCODE_YXRRSET = 0x07, + DNS_RCODE_NXRRSET = 0x08, + DNS_RCODE_NOTAUTH = 0x09, + DNS_RCODE_NOTZONE = 0x0A, + DNS_RCODE_BADSIG = 0x10, + DNS_RCODE_BADKEY = 0x11, + DNS_RCODE_BADTIME = 0x12, + DNS_RCODE_BADMODE = 0x13, + DNS_RCODE_BADNAME = 0x14, + DNS_RCODE_BADALG = 0x15 } dns_rcode; typedef [public,enum16bit] enum { @@ -105,12 +111,24 @@ interface dns DNS_QTYPE_NSEC = 0x002F, DNS_QTYPE_DNSKEY = 0x0030, DNS_QTYPE_DHCID = 0x0031, + DNS_QTYPE_TKEY = 0x00F9, + DNS_QTYPE_TSIG = 0x00FA, DNS_QTYPE_AXFR = 0x00FC, DNS_QTYPE_MAILB = 0x00FD, DNS_QTYPE_MAILA = 0x00FE, DNS_QTYPE_ALL= 0x00FF } dns_qtype; + typedef [public,enum16bit] enum { + DNS_TKEY_MODE_NULL = 0x, + DNS_TKEY_MODE_SERVER = 0x0001, + DNS_TKEY_MODE_DH = 0x0002, + DNS_TKEY_MODE_GSSAPI = 0x0003, + DNS_TKEY_MODE_CLIENT = 0x0004, + DNS_TKEY_MODE_DELETE = 0x0005, + DNS_TKEY_MODE_LAST = 0x + } dns_tkey_mode; + typedef [public] struct { dns_string name; dns_qtype question_type; @@ -149,6 +167,31 @@ interface dns dns_string target; } dns_srv_record; + typedef [public] struct { + dns_string algorithm; + uint32 inception; + uint32 expiration; + dns_tkey_mode mode; + uint16 error; + uint16 key_size; + uint8 key_data[key_size]; + uint16 other_size; + uint8 other_data[other_size]; + } dns_tkey_record; + + typedef [public] struct { + dns_string algorithm_name; + uint16 time_prefix; /* 0 until February 2106*/ + uint32 time; + uint16 fudge; + uint16 mac_size; + uint8 mac[mac_size]; + uint16 original_id; + uint16 error; + uint16 other_size; + uint8 other_data[other_size]; + } dns_tsig_record; + typedef [nodiscriminant,public,flag(NDR_NOALIGN)] union { [case(DNS_QTYPE_A)] ipv4address ipv4_record; [case(DNS_QTYPE_NS)]dns_string ns_record; @@ -159,6 +202,8 @@ interface dns [case(DNS_QTYPE_TXT)] dns_txt_record txt_record; [case(DNS_QTYPE_)] ipv6address ipv6_record; [case(DNS_QTYPE_SRV)]
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 4cc04a2 s3-docs: Fix bug #7930. via 3c95ff0 s3-po: Fix typo in comment. via 48d57d7 s3-net: Fix typo in comment. from f01c6cf s4 dns: unify error handling when bailing out http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 4cc04a29247a0c4b3de9884890364a5712534073 Author: Karolin Seeger ksee...@samba.org Date: Tue May 8 16:33:07 2012 +0200 s3-docs: Fix bug #7930. Add hint that setting profile acls = yes on normal shares can cause trouble. Karolin Autobuild-User: Karolin Seeger ksee...@samba.org Autobuild-Date: Tue May 8 18:47:59 CEST 2012 on sn-devel-104 commit 3c95ff0e5512ec0cc9f85003aba498e651ae3b90 Author: Karolin Seeger ksee...@samba.org Date: Tue May 8 16:03:18 2012 +0200 s3-po: Fix typo in comment. Karolin commit 48d57d7636959ffbf9a4829604a2f7f6968a5caa Author: Karolin Seeger ksee...@samba.org Date: Tue May 8 16:01:14 2012 +0200 s3-net: Fix typo in comment. Karolin --- Summary of changes: docs-xml/smbdotconf/protocol/profileacls.xml |8 +++- source3/locale/net/de.po |2 +- source3/utils/net_ads.c |2 +- 3 files changed, 9 insertions(+), 3 deletions(-) Changeset truncated at 500 lines: diff --git a/docs-xml/smbdotconf/protocol/profileacls.xml b/docs-xml/smbdotconf/protocol/profileacls.xml index 1c6f0c9..be89753 100644 --- a/docs-xml/smbdotconf/protocol/profileacls.xml +++ b/docs-xml/smbdotconf/protocol/profileacls.xml @@ -25,7 +25,7 @@ every returned ACL. This will allow any Windows 2000 or XP workstation user to access the profile. /para - + para Note that if you have multiple users logging on to a workstation then in order to prevent them from being able to access @@ -35,6 +35,12 @@ workstation profile code and has an ACL restricting entry to the directory tree to the owning user. /para + + para + Note that this parameter should be set to yes on dedicated profile shares only. + On other shares, it might cause incorrect file ownerships. + /para + /description value type=defaultno/value diff --git a/source3/locale/net/de.po b/source3/locale/net/de.po index 15e5bbf..4b40ef0 100644 --- a/source3/locale/net/de.po +++ b/source3/locale/net/de.po @@ -904,7 +904,7 @@ msgstr msgid Disabled account for '%s' in realm '%s'\n msgstr -#. Based on what we requseted, we shouldn't get here, but if +#. Based on what we requested, we shouldn't get here, but if #. we did, it means the secrets were removed, and therefore #. we have left the domain #: ../../utils/net_ads.c:1006 diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index 381393e..0ccb328 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -1018,7 +1018,7 @@ static int net_ads_leave(struct net_context *c, int argc, const char **argv) goto done; } - /* Based on what we requseted, we shouldn't get here, but if + /* Based on what we requested, we shouldn't get here, but if we did, it means the secrets were removed, and therefore we have left the domain */ d_fprintf(stderr, _(Machine '%s' Left domain '%s'\n), -- Samba Shared Repository
autobuild: intermittent test failure detected
The autobuild test system has detected an intermittent failing test in the current master tree. The autobuild log of the failure is available here: http://git.samba.org/autobuild.flakey/2012-05-08-1959/flakey.log The samba3 build logs are available here: http://git.samba.org/autobuild.flakey/2012-05-08-1959/samba3.stderr http://git.samba.org/autobuild.flakey/2012-05-08-1959/samba3.stdout The source4 build logs are available here: http://git.samba.org/autobuild.flakey/2012-05-08-1959/samba4.stderr http://git.samba.org/autobuild.flakey/2012-05-08-1959/samba4.stdout The top commit at the time of the failure was: commit f01c6cf707087141fe244a1d90c5cdcb69322820 Author: Kai Blin k...@samba.org Date: Wed Mar 28 12:19:51 2012 +0200 s4 dns: unify error handling when bailing out Autobuild-User: Kai Blin k...@samba.org Autobuild-Date: Tue May 8 15:48:25 CEST 2012 on sn-devel-104
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via d36aecc s4:libcli:raw: fix a comment typo in smb_setfileinfo() via 6713ebf s4:torture: add a new smb2.session.reauth5 test: rename after reauth to anon - fails via 35009eb s4:torture: add a new smb2.session.reauth4 test: setting security descriptor after reauth to anon - works from 4cc04a2 s3-docs: Fix bug #7930. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit d36aecc9c5211ce1c4cd76380e3a9a966d248bce Author: Michael Adam ob...@samba.org Date: Tue May 8 16:46:03 2012 +0200 s4:libcli:raw: fix a comment typo in smb_setfileinfo() Autobuild-User: Michael Adam ob...@samba.org Autobuild-Date: Tue May 8 20:45:16 CEST 2012 on sn-devel-104 commit 6713ebfd6059fbad0cf0bceeccf8f5d5c83eb3a7 Author: Michael Adam ob...@samba.org Date: Tue May 8 16:45:10 2012 +0200 s4:torture: add a new smb2.session.reauth5 test: rename after reauth to anon - fails commit 35009eb3a964b3728c11c93fed8eaee9a0adc97f Author: Michael Adam ob...@samba.org Date: Tue May 8 16:44:06 2012 +0200 s4:torture: add a new smb2.session.reauth4 test: setting security descriptor after reauth to anon - works --- Summary of changes: source4/libcli/raw/interfaces.h |2 +- source4/torture/smb2/session.c | 350 +++ 2 files changed, 351 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/libcli/raw/interfaces.h b/source4/libcli/raw/interfaces.h index 1f913b7..05dea50 100644 --- a/source4/libcli/raw/interfaces.h +++ b/source4/libcli/raw/interfaces.h @@ -1140,7 +1140,7 @@ union smb_setfileinfo { } in; } unix_link, unix_hlink; - /* RAW_FILEINFO_SET_SEC_DESC */ + /* RAW_SFILEINFO_SEC_DESC */ struct { enum smb_setfileinfo_level level; struct { diff --git a/source4/torture/smb2/session.c b/source4/torture/smb2/session.c index 8386241..1f27222 100644 --- a/source4/torture/smb2/session.c +++ b/source4/torture/smb2/session.c @@ -27,6 +27,7 @@ #include ../libcli/smb/smbXcli_base.h #include lib/cmdline/popt_common.h #include auth/credentials/credentials.h +#include libcli/security/security.h #define CHECK_VAL(v, correct) do { \ @@ -380,6 +381,353 @@ done: return ret; } +/** + * test setting security descriptor after reauth. + */ +bool test_session_reauth4(struct torture_context *tctx, struct smb2_tree *tree) +{ + NTSTATUS status; + TALLOC_CTX *mem_ctx = talloc_new(tctx); + char fname[256]; + struct smb2_handle _h1; + struct smb2_handle *h1 = NULL; + struct smb2_create io1; + bool ret = true; + union smb_fileinfo qfinfo; + union smb_setfileinfo sfinfo; + struct cli_credentials *anon_creds = NULL; + uint32_t secinfo_flags = SECINFO_OWNER + | SECINFO_GROUP + | SECINFO_DACL + | SECINFO_PROTECTED_DACL + | SECINFO_UNPROTECTED_DACL; + struct security_descriptor *sd1, *sd2, sd3; + struct security_ace ace; + struct dom_sid *extra_sid; + + /* Add some random component to the file name. */ + snprintf(fname, 256, session_reauth4_%s.dat, +generate_random_str(tctx, 8)); + + smb2_util_unlink(tree, fname); + + smb2_oplock_create_share(io1, fname, +smb2_util_share_access(), +smb2_util_oplock_level(b)); + + status = smb2_create(tree, mem_ctx, io1); + CHECK_STATUS(status, NT_STATUS_OK); + _h1 = io1.out.file.handle; + h1 = _h1; + CHECK_CREATED(io1, CREATED, FILE_ATTRIBUTE_ARCHIVE); + CHECK_VAL(io1.out.oplock_level, smb2_util_oplock_level(b)); + + /* get the security descriptor */ + + ZERO_STRUCT(qfinfo); + + qfinfo.query_secdesc.level = RAW_FILEINFO_SEC_DESC; + qfinfo.query_secdesc.in.file.handle = _h1; + qfinfo.query_secdesc.in.secinfo_flags = secinfo_flags; + + status = smb2_getinfo_file(tree, mem_ctx, qfinfo); + CHECK_STATUS(status, NT_STATUS_OK); + + sd1 = qfinfo.query_secdesc.out.sd; + + /* re-authenticate as anonymous */ + + anon_creds = cli_credentials_init_anon(mem_ctx); + torture_assert(tctx, (anon_creds != NULL), talloc error); + + status = smb2_session_setup_spnego(tree-session, + anon_creds, + 0 /* previous_session_id */); + CHECK_STATUS(status, NT_STATUS_OK); + + /* give full access on the file to anonymous */ + + extra_sid = dom_sid_parse_talloc(tctx, SID_NT_ANONYMOUS); + + ZERO_STRUCT(ace); + ace.type =
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 088436d s3:winbindd:autorid check that transaction start did work via 09494ed s3:smbd fix some compiler warnings via e8c2f81 s3:vfs/gpfs: Have inherited deny ACE's show up in ACLs from d36aecc s4:libcli:raw: fix a comment typo in smb_setfileinfo() http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 088436dff3fb12ec0b82f15fa971a48d798bd9b6 Author: Christian Ambach a...@samba.org Date: Tue May 8 17:16:49 2012 +0200 s3:winbindd:autorid check that transaction start did work this fixes Coverity #700172 CHECKED_RETURN Autobuild-User: Christian Ambach a...@samba.org Autobuild-Date: Wed May 9 00:27:08 CEST 2012 on sn-devel-104 commit 09494ed6133fd4d71161969249adf187732e2709 Author: Christian Ambach a...@samba.org Date: Tue May 8 16:03:13 2012 +0200 s3:smbd fix some compiler warnings commit e8c2f81ef3e44fdd31047582f933276a48192e89 Author: Alexander Werth alexander.we...@de.ibm.com Date: Fri Jan 20 19:17:21 2012 +0100 s3:vfs/gpfs: Have inherited deny ACE's show up in ACLs Don't use the mode for the get_acl call that surpresses inherited deny ACE's. This is now possible since the inherited ACE flag exists now in GPFS and Samba. --- Summary of changes: source3/modules/vfs_gpfs.c |4 ++-- source3/smbd/notify_internal.c |4 ++-- source3/winbindd/idmap_autorid.c |6 +- 3 files changed, 9 insertions(+), 5 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/modules/vfs_gpfs.c b/source3/modules/vfs_gpfs.c index 80f6d6e..4b0f9eb 100644 --- a/source3/modules/vfs_gpfs.c +++ b/source3/modules/vfs_gpfs.c @@ -232,7 +232,7 @@ static struct gpfs_acl *gpfs_getacl_alloc(const char *fname, gpfs_aclType_t type acl-acl_version = 0; acl-acl_type = type; - ret = smbd_gpfs_getacl((char *)fname, GPFS_GETACL_STRUCT | GPFS_ACL_SAMBA, acl); + ret = smbd_gpfs_getacl((char *)fname, GPFS_GETACL_STRUCT, acl); if ((ret != 0) (errno == ENOSPC)) { struct gpfs_acl *new_acl = (struct gpfs_acl *)TALLOC_SIZE( mem_ctx, acl-acl_len + sizeof(struct gpfs_acl)); @@ -247,7 +247,7 @@ static struct gpfs_acl *gpfs_getacl_alloc(const char *fname, gpfs_aclType_t type new_acl-acl_type = acl-acl_type; acl = new_acl; - ret = smbd_gpfs_getacl((char *)fname, GPFS_GETACL_STRUCT | GPFS_ACL_SAMBA, acl); + ret = smbd_gpfs_getacl((char *)fname, GPFS_GETACL_STRUCT, acl); } if (ret != 0) { diff --git a/source3/smbd/notify_internal.c b/source3/smbd/notify_internal.c index aa02e32..9af3b45 100644 --- a/source3/smbd/notify_internal.c +++ b/source3/smbd/notify_internal.c @@ -513,8 +513,8 @@ static void notify_trigger_index_parser(TDB_DATA key, TDB_DATA data, static int vnn_cmp(const void *p1, const void *p2) { - uint32_t *vnn1 = (uint32_t *)p1; - uint32_t *vnn2 = (uint32_t *)p2; + const uint32_t *vnn1 = (const uint32_t *)p1; + const uint32_t *vnn2 = (const uint32_t *)p2; if (*vnn1 *vnn2) { return -1; diff --git a/source3/winbindd/idmap_autorid.c b/source3/winbindd/idmap_autorid.c index 08dcc65..df63fa9 100644 --- a/source3/winbindd/idmap_autorid.c +++ b/source3/winbindd/idmap_autorid.c @@ -435,7 +435,11 @@ static NTSTATUS idmap_autorid_map_sid_to_id(struct idmap_domain *dom, sid_string_dbg(map-sid))); /* create new mapping */ - dbwrap_transaction_start(ctx-db); + res = dbwrap_transaction_start(ctx-db); + if (res != 0) { + DEBUG(2, (transaction_start failed\n)); + return NT_STATUS_INTERNAL_DB_CORRUPTION; + } ret = idmap_tdb_common_new_mapping(dom, map); -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 9a01661 Revert selftest: mark ^samba4.raw.context.session1 as flapping, the test was wrong via 49dbd38 s4:smb_server/smb: only create a new session with vuid == 0 via 865e9c4 s4:torture/raw/context: test a session setup with a given invalid vuid via d7c9da8 selftest: mark ^samba4.raw.context.session1 as flapping, the test was wrong via aee52a2 s3:libsmb: remove unused var in smb2cli_set_info_done from 088436d s3:winbindd:autorid check that transaction start did work http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 9a016613dbc32a5b76043b0c582ee50e495002c0 Author: Stefan Metzmacher me...@samba.org Date: Mon May 7 17:01:08 2012 +0200 Revert selftest: mark ^samba4.raw.context.session1 as flapping, the test was wrong This reverts commit 794a9da38fbd88eb3d358d453cc5d21998604caa. The test is fixed now. metze Autobuild-User: Stefan Metzmacher me...@samba.org Autobuild-Date: Wed May 9 02:53:24 CEST 2012 on sn-devel-104 commit 49dbd380477f9987d2511ca3111af50f2bdd2859 Author: Stefan Metzmacher me...@samba.org Date: Sun May 6 21:09:47 2012 +0200 s4:smb_server/smb: only create a new session with vuid == 0 metze commit 865e9c45606e59e111470bbdb35943d8fceff814 Author: Stefan Metzmacher me...@samba.org Date: Tue May 1 13:33:14 2012 +0200 s4:torture/raw/context: test a session setup with a given invalid vuid On a session setup with EXTENDED_SECURITY we'll get ERRSRV:ERRbaduid, while a session setup without EXTENDED_SECURITY ignores the given vuid. Before this test was doing a reauth of a given vuid, which works for newer Windows versions, but Windows 2000 gives INVALID_PARAMETER. metze commit d7c9da8b89a48f76155f9cc2ac4d03a99a324397 Author: Stefan Metzmacher me...@samba.org Date: Mon May 7 12:32:28 2012 +0200 selftest: mark ^samba4.raw.context.session1 as flapping, the test was wrong metze commit aee52a25386ff2830ee4c89443978fca42dd2b49 Author: Stefan Metzmacher me...@samba.org Date: Mon May 7 12:33:45 2012 +0200 s3:libsmb: remove unused var in smb2cli_set_info_done --- Summary of changes: source3/libsmb/smb2cli_set_info.c |3 -- source4/smb_server/session.c|9 ++ source4/smb_server/smb/sesssetup.c | 12 +++-- source4/smb_server/smb2/sesssetup.c |5 source4/torture/raw/context.c | 46 ++- 5 files changed, 46 insertions(+), 29 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/libsmb/smb2cli_set_info.c b/source3/libsmb/smb2cli_set_info.c index 2ffb3ec..bd59535 100644 --- a/source3/libsmb/smb2cli_set_info.c +++ b/source3/libsmb/smb2cli_set_info.c @@ -105,9 +105,6 @@ static void smb2cli_set_info_done(struct tevent_req *subreq) struct tevent_req *req = tevent_req_callback_data(subreq, struct tevent_req); - struct smb2cli_set_info_state *state = - tevent_req_data(req, - struct smb2cli_set_info_state); NTSTATUS status; static const struct smb2cli_req_expected_response expected[] = { { diff --git a/source4/smb_server/session.c b/source4/smb_server/session.c index 3cb6576..aa8d752 100644 --- a/source4/smb_server/session.c +++ b/source4/smb_server/session.c @@ -85,12 +85,9 @@ struct smbsrv_session *smbsrv_session_find_sesssetup(struct smbsrv_connection *s p = idr_find(smb_conn-sessions.idtree_vuid, vuid); if (!p) return NULL; - /* only return an unfinished session */ - sess = talloc_get_type(p, struct smbsrv_session); - if (sess !sess-session_info) { - return sess; - } - return NULL; + sess = talloc_get_type_abort(p, struct smbsrv_session); + + return sess; } /* diff --git a/source4/smb_server/smb/sesssetup.c b/source4/smb_server/smb/sesssetup.c index 57460fa..b26c128 100644 --- a/source4/smb_server/smb/sesssetup.c +++ b/source4/smb_server/smb/sesssetup.c @@ -435,8 +435,7 @@ static void sesssetup_spnego(struct smbsrv_request *req, union smb_sesssetup *se vuid = SVAL(req-in.hdr,HDR_UID); /* lookup an existing session */ - smb_sess = smbsrv_session_find_sesssetup(req-smb_conn, vuid); - if (!smb_sess) { + if (vuid == 0) { struct gensec_security *gensec_ctx; status = samba_server_gensec_start(req, @@ -466,10 +465,17 @@ static void sesssetup_spnego(struct smbsrv_request *req, union smb_sesssetup *se status = NT_STATUS_INSUFFICIENT_RESOURCES; goto failed; } + } else { + smb_sess = smbsrv_session_find_sesssetup(req-smb_conn, vuid);
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via e09f057 s3-lib/sysacls: Do not include an embedded via fc4c06f s3-lib: Add const to sys_acl_to_text via 9ef47b8 s3-vfs: Show the invalid ACL when we say it is invalid for set via ad11b90 s3-lib: Fix indentation in sys_acl_to_text() from 9a01661 Revert selftest: mark ^samba4.raw.context.session1 as flapping, the test was wrong http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit e09f05731d734090a31b97082bcbb3933380bf76 Author: Andrew Bartlett abart...@samba.org Date: Tue May 8 23:39:35 2012 +1000 s3-lib/sysacls: Do not include an embedded \0 between ACL entries in sys_acl_to_text() This makes it possible to print the entire string again. Andrew Bartlett Autobuild-User: Andrew Bartlett abart...@samba.org Autobuild-Date: Wed May 9 06:07:06 CEST 2012 on sn-devel-104 commit fc4c06f284d88b6c1997768dd448e2dac80739cb Author: Andrew Bartlett abart...@samba.org Date: Tue May 8 14:11:27 2012 +1000 s3-lib: Add const to sys_acl_to_text commit 9ef47b8fe3a8e1d940946ae611b807fa2cbd5b70 Author: Andrew Bartlett abart...@samba.org Date: Tue May 8 14:02:27 2012 +1000 s3-vfs: Show the invalid ACL when we say it is invalid for set commit ad11b90eb6fa3c12b4aaa065e62122d6af78aff2 Author: Andrew Bartlett abart...@samba.org Date: Tue May 8 14:02:07 2012 +1000 s3-lib: Fix indentation in sys_acl_to_text() --- Summary of changes: source3/include/proto.h|2 +- source3/lib/sysacls.c | 11 ++- source3/modules/vfs_posixacl.c |6 -- 3 files changed, 11 insertions(+), 8 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/include/proto.h b/source3/include/proto.h index 686b230..d45ec88 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -270,7 +270,7 @@ void *sys_acl_get_qualifier(SMB_ACL_ENTRY_T entry_d); int sys_acl_clear_perms(SMB_ACL_PERMSET_T permset_d); int sys_acl_add_perm(SMB_ACL_PERMSET_T permset_d, SMB_ACL_PERM_T perm); int sys_acl_get_perm(SMB_ACL_PERMSET_T permset_d, SMB_ACL_PERM_T perm); -char *sys_acl_to_text(SMB_ACL_T acl_d, ssize_t *len_p); +char *sys_acl_to_text(const struct smb_acl_t *acl_d, ssize_t *len_p); SMB_ACL_T sys_acl_init(int count); int sys_acl_create_entry(SMB_ACL_T *acl_p, SMB_ACL_ENTRY_T *entry_p); int sys_acl_set_tag_type(SMB_ACL_ENTRY_T entry_d, SMB_ACL_TAG_T tag_type); diff --git a/source3/lib/sysacls.c b/source3/lib/sysacls.c index fad717b..592aef6 100644 --- a/source3/lib/sysacls.c +++ b/source3/lib/sysacls.c @@ -148,7 +148,7 @@ int sys_acl_get_perm(SMB_ACL_PERMSET_T permset_d, SMB_ACL_PERM_T perm) return *permset_d perm; } -char *sys_acl_to_text(SMB_ACL_T acl_d, ssize_t *len_p) +char *sys_acl_to_text(const struct smb_acl_t *acl_d, ssize_t *len_p) { int i; int len, maxlen; @@ -233,13 +233,14 @@ char *sys_acl_to_text(SMB_ACL_T acl_d, ssize_t *len_p) if ((len + nbytes) maxlen) { maxlen += nbytes + 20 * (acl_d-count - i); if ((text = (char *)SMB_REALLOC(text, maxlen)) == NULL) { - errno = ENOMEM; + errno = ENOMEM; return NULL; + } } - } - slprintf(text[len], nbytes-1, %s:%s:%s\n, tag, id, perms); - len += nbytes - 1; + + slprintf(text[len], nbytes, %s:%s:%s\n, tag, id, perms); + len += (nbytes - 1); } if (len_p) diff --git a/source3/modules/vfs_posixacl.c b/source3/modules/vfs_posixacl.c index 4640991..d304f6f 100644 --- a/source3/modules/vfs_posixacl.c +++ b/source3/modules/vfs_posixacl.c @@ -347,8 +347,10 @@ static acl_t smb_acl_to_posix(const struct smb_acl_t *acl) } if (acl_valid(result) != 0) { - DEBUG(0, (smb_acl_to_posix: ACL is invalid for set (%s)\n, - strerror(errno))); + char *acl_string = sys_acl_to_text(acl, NULL); + DEBUG(0, (smb_acl_to_posix: ACL %s is invalid for set (%s)\n, + acl_string, strerror(errno))); + SAFE_FREE(acl_string); goto fail; } -- Samba Shared Repository