Re: smbtorture does not seem to want to fallback to *SMBSERVER
On Thu, 2003-03-06 at 11:09, Richard Sharpe wrote: > Hi, > > In running some tests at connectathon, I see two issues: > > 1. smbtorture does not fall back to using *SMBSERVER when setting up a >NetBIOS session. I think this would be worth adding. > > 2. smbtorture does not allow you to specify the port to connect on. >I have added code to support this. We really should move smbtorture to cli_full_connection() for all but the really weird tests... Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net signature.asc Description: This is a digitally signed message part
3.0a21: add a new group using ACL results in a new user in winbinddidmap
I am in an ADS domain. From a Windows client, create a file, add a group to the file using ACLs (new means the group is not in winbindd database yet), the group is mapped as a user in the winbindd_idmap.tdb. The group is not any special type, just a normal group (not local, not universal). Anyone knows about this problem? Thanks, Chere
RE: [Samba] number of groups of NT account causes authenticationproblems
Be careful. Just rebuilding the kernel with an increased NGROUPS_MAX
probably won't be sufficient.
To accommodate Windows users with lots (40-50) of group memberships, we
had to rebuild NetBSD with NGROUPS_MAX set to 128.
But we also had to rebuild userland, because anything that used
NGROUPS_MAX statically would break. That meant almost everything in
/sbin /usr/sbin and a lot of /bin and /usr/bin, not to mention libc.
It's a pretty Big Deal.
Ken
Ken Cross
Network Storage Solutions
Phone 865.675.4070 ext 31
[EMAIL PROTECTED]
> -Original Message-
> From:
> [EMAIL PROTECTED]
>
> [mailto:[EMAIL PROTECTED]
> amba.org] On Behalf Of Gopal Bhat
> Sent: Wednesday, March 05, 2003 9:25 PM
> To: Michael G. Noble; [EMAIL PROTECTED]
> Cc: samba; samba-technical
> Subject: Re: [Samba] number of groups of NT account causes
> authentication problems
>
>
> Finally, I found that this problem is due to limitation of
> Solaris OS.
> By default, the kernel parameter NGROUPS_MAX ( # getconf
> NGROUPS_MAX) is
> set to 16 (/usr/include/limits.h), which can be changed to a
> maximum of
> 32 by putting a line:
> set ngroups_max=32
> in /etc/system file and rebooting the server. If you do this,
> the server
> complains about some NFS problems:
> # dmesg | grep -i ngroups
> Mar 5 17:50:25 chevette unix: [ID 953839 kern.warning] WARNING:
> ngroups_max of 32 > 16, NFS AUTH_SYS will not work properly
>
> But again, the cap is raised to 32 from 16.
> To increase the parameter 'ngroups_max' beyond 32, one needs
> to modify
> the files '/usr/include/limits.h, /usr/include/sys/param.h',
> and rebuild
> the kernel. But there is no way to compile the new kernel on
> solaris by
> using this modified files. The 'boot -r' from the boot prom
> level will
> not recompile the kernel, it just loads the existing kernel using
> '/etc/system' parameters which are limited by the parameters set by
> '/usr/include/sys/param.h' during the original compilation.
>
> -Gopal
>
> Michael G. Noble wrote:
>
> >Solaris has a 15 member limit to groups. Since you are under that
> >limit, it should not be a problem. I have Samba running on an Ultra
> >60 with Solaris8, samba version 2.2.5. I have users who are members
> >of at least 14 groups and not having any problems accessing shared
> >folders.
> >
> >Mike
> >
> >On Tue, 2003-03-04 at 13:35, Gopal Bhat wrote:
> >
> >
> >>I am facing a strange problem related to authentication of NT users
> >>accessing the SAMBA server.
> >>Here are the details:
> >>Server: Solaris 9, SUN Ultra 60, SAMBA 2.2.7a with PAM and WINBIND
> >>Client: Windows XP, NT4.0, 2000
> >>
> >>Symptoms:
> >>Created a share \\server\test (UNIX: /export/SMB/test)
> with access to
> >>group 'TestGoup' where 'TestUser' is a member.
> >>'TestUser' is a member of 10 more groups along with
> 'TestGroup' (Total
> >>number of TestUser's group = 11)
> >>
> >>With the above settings 'TestUser' can't access the share
> >>'\\server\test', and the following message shows up in the
> Client.log:
> >>
> >>[2003/03/04 13:31:52, 0] smbd/sec_ctx.c:initialise_groups(244)
> >> Unable to initgroups. Error was Not owner
> >>[2003/03/04 13:31:52, 0] smbd/sec_ctx.c:initialise_groups(247)
> >> This is probably a problem with the account domain\testuser
> >>[2003/03/04 13:31:52, 0] smbd/service.c:make_connection(599)
> >> client (10.81.105.121) Can't change directory to /export/SMB/test
> >>(Permission denied)
> >>
> >>If I change the number of groups the user 'TestUser'
> belongs from 11
> >>to
> >>8 ('TestGroup' + 7 other groups), the user can access the share
> >>'\\server\test' without any problems.
> >>
> >>It looks like there is some limitation on number of NT group
> >>memberships
> >>'smbd' can handle.
> >>Note: 'wbinfo' returns all the right groups of the user without any
> >>problems.
> >>
> >>Is there anyone out there who is aware of this problem and knows a
> >>workaround/solution to this?
> >>I really appreciate any help from the prestigious SAMBA Team.
> >>
> >>Thanks,
> >>Gopal
> >>
> >>--
> >>To unsubscribe from this list go to the following URL and read the
> >>instructions: http://lists.samba.org/mailman/listinfo/samba
> >>
> >>
> >
> >
> >
> >
>
Re: [Samba] number of groups of NT account causes authenticationproblems
Finally, I found that this problem is due to limitation of Solaris OS.
By default, the kernel parameter NGROUPS_MAX ( # getconf NGROUPS_MAX) is
set to 16 (/usr/include/limits.h), which can be changed to a maximum of
32 by putting a line:
set ngroups_max=32
in /etc/system file and rebooting the server. If you do this, the server
complains about some NFS problems:
# dmesg | grep -i ngroups
Mar 5 17:50:25 chevette unix: [ID 953839 kern.warning] WARNING:
ngroups_max of 32 > 16, NFS AUTH_SYS will not work properly
But again, the cap is raised to 32 from 16.
To increase the parameter 'ngroups_max' beyond 32, one needs to modify
the files '/usr/include/limits.h, /usr/include/sys/param.h', and rebuild
the kernel. But there is no way to compile the new kernel on solaris by
using this modified files. The 'boot -r' from the boot prom level will
not recompile the kernel, it just loads the existing kernel using
'/etc/system' parameters which are limited by the parameters set by
'/usr/include/sys/param.h' during the original compilation.
-Gopal
Michael G. Noble wrote:
Solaris has a 15 member limit to groups. Since you are under that
limit, it should not be a problem. I have Samba running on an Ultra
60 with Solaris8, samba version 2.2.5. I have users who are members
of at least 14 groups and not having any problems accessing shared
folders.
Mike
On Tue, 2003-03-04 at 13:35, Gopal Bhat wrote:
I am facing a strange problem related to authentication of NT users
accessing the SAMBA server.
Here are the details:
Server: Solaris 9, SUN Ultra 60, SAMBA 2.2.7a with PAM and WINBIND
Client: Windows XP, NT4.0, 2000
Symptoms:
Created a share \\server\test (UNIX: /export/SMB/test) with access to
group 'TestGoup' where 'TestUser' is a member.
'TestUser' is a member of 10 more groups along with 'TestGroup' (Total
number of TestUser's group = 11)
With the above settings 'TestUser' can't access the share
'\\server\test', and the following message shows up in the Client.log:
[2003/03/04 13:31:52, 0] smbd/sec_ctx.c:initialise_groups(244)
Unable to initgroups. Error was Not owner
[2003/03/04 13:31:52, 0] smbd/sec_ctx.c:initialise_groups(247)
This is probably a problem with the account domain\testuser
[2003/03/04 13:31:52, 0] smbd/service.c:make_connection(599)
client (10.81.105.121) Can't change directory to /export/SMB/test
(Permission denied)
If I change the number of groups the user 'TestUser' belongs from 11 to
8 ('TestGroup' + 7 other groups), the user can access the share
'\\server\test' without any problems.
It looks like there is some limitation on number of NT group memberships
'smbd' can handle.
Note: 'wbinfo' returns all the right groups of the user without any
problems.
Is there anyone out there who is aware of this problem and knows a
workaround/solution to this?
I really appreciate any help from the prestigious SAMBA Team.
Thanks,
Gopal
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
smbtorture does not seem to want to fallback to *SMBSERVER
Hi, In running some tests at connectathon, I see two issues: 1. smbtorture does not fall back to using *SMBSERVER when setting up a NetBIOS session. I think this would be worth adding. 2. smbtorture does not allow you to specify the port to connect on. I have added code to support this. Regards - Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org, sharpe[at]ethereal.com, http://www.richardsharpe.com
Re: Detecting Windows OS Version through Samba
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 5 Mar 2003, Simo Sorce wrote: > I cannot remember how it works out which OS is on the other side or how > accurate it is. it's based on flags set during the negprot and sessetup request. cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.0 (GNU/Linux) Comment: For info see http://quantumlab.net/pine_privacy_guard/ iD8DBQE+Znr2IR7qMdg1EfYRAhtXAJ9ToIcf0haFPMhEPnaeH4SA/ON0XwCg3l/m oZ8HEXRZt1CnYT8kb66c6v8= =lryd -END PGP SIGNATURE-
RE: 3.0a21 and HEAD: only primary group of a domain user is set onsmbd
On Thu, 2003-03-06 at 08:17, Ken Cross wrote: > > > > Ken's patch is not required for posix users of winbind (ie > > the NSS subsystem). It is required if you want (for a custom > > user interface) to know all the members of a particular > > group, but I'm not sure it's the right way to do it. (I > > think a custom winbind command would do better). > > > > I'm not being argumentative (really!), but the *main* reason for my > patch is that it will give you consistent information whether you've > joined an NT domain or an AD. That is, all the group members will be > returned from WINBINDD_GETGRGID or WINBINDD_GETGRNAM either way. So, wouldn't that mean that the 'correct' approach would be to strip such users from the RPC groups? :-) Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net signature.asc Description: This is a digitally signed message part
RE: 3.0a21 and HEAD: only primary group of a domain user is set onsmbd
> > Ken's patch is not required for posix users of winbind (ie > the NSS subsystem). It is required if you want (for a custom > user interface) to know all the members of a particular > group, but I'm not sure it's the right way to do it. (I > think a custom winbind command would do better). > I'm not being argumentative (really!), but the *main* reason for my patch is that it will give you consistent information whether you've joined an NT domain or an AD. That is, all the group members will be returned from WINBINDD_GETGRGID or WINBINDD_GETGRNAM either way. Ken Ken Cross Network Storage Solutions Phone 865.675.4070 ext 31 [EMAIL PROTECTED]
Re: 3.0a21 and HEAD: only primary group of a domain user is set onsmbd
On Thu, 2003-03-06 at 05:38, Chere Zhou wrote: > Do you mean that I probably will need both your change and Ken's patch? Ken's patch is not required for posix users of winbind (ie the NSS subsystem). It is required if you want (for a custom user interface) to know all the members of a particular group, but I'm not sure it's the right way to do it. (I think a custom winbind command would do better). > Now I remember that I checked on SAMBA_3_0 but not HEAD, as I thought they > should be pretty similar. I will check HEAD out. Thanks A. Bertlett. Most of the time they are, it's just new developments that I'm sometimes slow to merge (often because I don't get all the bugs out the first time I commit :-) > Chere > > > On Tuesday 04 March 2003 11:52 pm, Andrew Bartlett wrote: > > On Wed, 2003-03-05 at 14:38, Ken Cross wrote: > > > The behavior you're seeing is because LDAP is being used to get the > > > group membership rather that RPC. > > > > > > Last month I posted a patch to fix this, but to my knowledge it hasn't > > > been incorporated. (I'm not bitching, just explaining...) > > > > Your patch fixed a slightly different issue, this issue was fixed in > > HEAD recently. > > > > Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net signature.asc Description: This is a digitally signed message part
Re: [Samba] number of groups of NT account causes authenticationproblems
Is there anyway to increase this limit of 15? Using /etc/system or any
other configuration file/parameter?
I will post this question on SUN BigAdmin also, if I am able to find an
answer, it will be great.
Thanks!
Michael G. Noble wrote:
Solaris has a 15 member limit to groups. Since you are under that
limit, it should not be a problem. I have Samba running on an Ultra
60 with Solaris8, samba version 2.2.5. I have users who are members
of at least 14 groups and not having any problems accessing shared
folders.
Mike
On Tue, 2003-03-04 at 13:35, Gopal Bhat wrote:
I am facing a strange problem related to authentication of NT users
accessing the SAMBA server.
Here are the details:
Server: Solaris 9, SUN Ultra 60, SAMBA 2.2.7a with PAM and WINBIND
Client: Windows XP, NT4.0, 2000
Symptoms:
Created a share \\server\test (UNIX: /export/SMB/test) with access to
group 'TestGoup' where 'TestUser' is a member.
'TestUser' is a member of 10 more groups along with 'TestGroup' (Total
number of TestUser's group = 11)
With the above settings 'TestUser' can't access the share
'\\server\test', and the following message shows up in the Client.log:
[2003/03/04 13:31:52, 0] smbd/sec_ctx.c:initialise_groups(244)
Unable to initgroups. Error was Not owner
[2003/03/04 13:31:52, 0] smbd/sec_ctx.c:initialise_groups(247)
This is probably a problem with the account domain\testuser
[2003/03/04 13:31:52, 0] smbd/service.c:make_connection(599)
client (10.81.105.121) Can't change directory to /export/SMB/test
(Permission denied)
If I change the number of groups the user 'TestUser' belongs from 11 to
8 ('TestGroup' + 7 other groups), the user can access the share
'\\server\test' without any problems.
It looks like there is some limitation on number of NT group memberships
'smbd' can handle.
Note: 'wbinfo' returns all the right groups of the user without any
problems.
Is there anyone out there who is aware of this problem and knows a
workaround/solution to this?
I really appreciate any help from the prestigious SAMBA Team.
Thanks,
Gopal
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] number of groups of NT account causes authenticationproblems
Solaris has a 15 member limit to groups. Since you are under that
limit, it should not be a problem. I have Samba running on an Ultra
60 with Solaris8, samba version 2.2.5. I have users who are members
of at least 14 groups and not having any problems accessing shared
folders.
Mike
On Tue, 2003-03-04 at 13:35, Gopal Bhat wrote:
> I am facing a strange problem related to authentication of NT users
> accessing the SAMBA server.
> Here are the details:
> Server: Solaris 9, SUN Ultra 60, SAMBA 2.2.7a with PAM and WINBIND
> Client: Windows XP, NT4.0, 2000
>
> Symptoms:
> Created a share \\server\test (UNIX: /export/SMB/test) with access to
> group 'TestGoup' where 'TestUser' is a member.
> 'TestUser' is a member of 10 more groups along with 'TestGroup' (Total
> number of TestUser's group = 11)
>
> With the above settings 'TestUser' can't access the share
> '\\server\test', and the following message shows up in the Client.log:
>
> [2003/03/04 13:31:52, 0] smbd/sec_ctx.c:initialise_groups(244)
> Unable to initgroups. Error was Not owner
> [2003/03/04 13:31:52, 0] smbd/sec_ctx.c:initialise_groups(247)
> This is probably a problem with the account domain\testuser
> [2003/03/04 13:31:52, 0] smbd/service.c:make_connection(599)
> client (10.81.105.121) Can't change directory to /export/SMB/test
> (Permission denied)
>
> If I change the number of groups the user 'TestUser' belongs from 11 to
> 8 ('TestGroup' + 7 other groups), the user can access the share
> '\\server\test' without any problems.
>
> It looks like there is some limitation on number of NT group memberships
> 'smbd' can handle.
> Note: 'wbinfo' returns all the right groups of the user without any
> problems.
>
> Is there anyone out there who is aware of this problem and knows a
> workaround/solution to this?
> I really appreciate any help from the prestigious SAMBA Team.
>
> Thanks,
> Gopal
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: http://lists.samba.org/mailman/listinfo/samba
tcontest in Samba-head's torture code
Hi, Herb came across an oddity at Connectathon. He was running the head torture tests against a WinNT 4 sp3 box and a WinNT4 sp6 box. The tcontest fails against that platform. In looking at the code and a trace, it connects to a share, opens a file, and writes to that file. It then connects with a tcon&X to the same share and then writes to the already opened file, expecting the write to fail. However, it succeeds! Does anyone know what this test is supposed to be testing? The comments are very poor, but the intent seems clear. Just don't know why? Regards - Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org, sharpe[at]ethereal.com, http://www.richardsharpe.com
Re: Detecting Windows OS Version through Samba
On Wed, 5 Mar 2003, Agis Andreou wrote: > Thanks, > could you please mail it to me, their server > http://www.apostols.org/projectz/queso/ > seems to be down at the moment. > Will it distinguish windows flavours? Hmmm, doesn't nmap do a better job? Regards - Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org, sharpe[at]ethereal.com, http://www.richardsharpe.com
Re: Detecting Windows OS Version through Samba
On Wed, Mar 05, 2003 at 08:22:48PM +0200, Agis Andreou wrote about 'Re: Detecting Windows OS Version through Samba': > Thanks, > could you please mail it to me, Sorry, I don't have the sources here. > their server > http://www.apostols.org/projectz/queso/ > seems to be down at the moment. > Will it distinguish windows flavours? I think it's possible - not sure though. Jelmer > agis. > Jelmer Vernooij wrote: > >On Wed, Mar 05, 2003 at 06:57:04PM +0100, Simo Sorce wrote about 'Re: > >Detecting Windows OS Version through Samba': > >>On Wed, 2003-03-05 at 18:52, Agis Andreou wrote: > >>>Hello everyone, > >>>I have a samba server and several wannabe clients on a different subnet. > >>>Is there a way to determine their windows os version through the network, > >>>(without actually asking their owners or trying to physicaly locate the > >>>hosts)? > >>>if i am not mistaken the info i'm looking for is exposed at least during > >>>the browser election proccess, > >>>but that is not enough since i am on a different subnet. NetBIOS is open > >>>to those machines. > >>>Is there a cmd line utility or source code for solaris/bsd/linux or > >>>windows that can be used for that purpose? > >You can also try to use the queso tool. > >Jelmer -- Jelmer Vernooij <[EMAIL PROTECTED]> - http://nl.linux.org/~jelmer/ 19:40:17 up 7 days, 5:52, 30 users, load average: 0.20, 0.14, 0.10
Re: 3.0a21 and HEAD: only primary group of a domain user is set onsmbd
Do you mean that I probably will need both your change and Ken's patch? Now I remember that I checked on SAMBA_3_0 but not HEAD, as I thought they should be pretty similar. I will check HEAD out. Thanks A. Bertlett. Chere On Tuesday 04 March 2003 11:52 pm, Andrew Bartlett wrote: > On Wed, 2003-03-05 at 14:38, Ken Cross wrote: > > The behavior you're seeing is because LDAP is being used to get the > > group membership rather that RPC. > > > > Last month I posted a patch to fix this, but to my knowledge it hasn't > > been incorporated. (I'm not bitching, just explaining...) > > Your patch fixed a slightly different issue, this issue was fixed in > HEAD recently. > > Andrew Bartlett
RE: [Samba] Samba-3.0alpha22 available on samba.org mirrors . . .installation problems(?)
Hello, I upgraded from 3.0alpha21 to alpha22 using rpm -Uvh samba-3.0alpha22*.i386.rpm and can no longer attach to any share. During the install I saw the message: "Moving tdb files in /var/lock/samba/*.tdb to /var/cache/samba/*.tdb", which is odd, since there is no /var/lock/samba directory to move anything from! Now, the smbstatus command produces the message: "/var/cache/samba/connections.tdb not initialised This is normal if an SMB client has never connected to your server. Failed to open byte range locking database ERROR: Failed to initialise locking database Can't initialise locking module - exiting" There is no 'connections.tdb' file in /var/cache/samba, and, since attempts to browse to the public shares from a pc produce a '\\sambaserver is not accessible The network path was not found' error, presumably no client ever will. Is there some way to initialise the connections.tdb file, or something else I'm failing to do? OS is RedHat 7.3, security=server, no changes to smb.conf since alpha21, which was working fine! -Ken _ Ken Innes Chief Information Officer EKOS Research Associates Inc. 99 Metcalfe St., Suite 1100 Ottawa, Ontario K1P 6L7 www.ekos.com > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Behalf Of > Gerald (Jerry) Carter > Sent: Wednesday, March 05, 2003 10:32 AM > To: [EMAIL PROTECTED]; [EMAIL PROTECTED] > Subject: [Samba] Samba-3.0alpha22 available on samba.org mirrors > > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > We've just posted another snapshot of the SAMBA_3_0 cvs tree > for download. This is a non-production release provided for > testing only. > > The source code can be downloaded from : > > http://download.samba.org/samba/ftp/alpha/ > > The uncompressed tarball and patch file have been signed > using GnuPG. The Samba public key is available at > > http://download.samba.org/samba/ftp/samba-pubkey.asc > > Binary packages for RedHat have been released and can be > found at > > http://download.samba.org/samba/ftp/Binary_Packages/ > > Others will be available as they are submitted by volunteers. > > A simplified version of the CVS log of updates since 3.0alpha21 > can be found in the the download directory under the name > ChangeLog-3.0alpha21-alpha22. The release notes follow. > > As always, all bugs are our responsibility. > > --Enjoy > The Samba Team > > - > > WHATS NEW IN Samba 3.0 alpha22 >4th March 2003 > == > > This is a pre-release of Samba 3.0. This is NOT a stable release. > Use at your own risk. > > The purpose of this alpha release is to get wider testing of the major > new pieces of code in the current Samba 3.0 development tree. We have > officially ceased development on the 2.2.x release of Samba and are > concentrating on Samba 3.0. To reduce the time before the final Samba 3.0 > release we need as many people as possible to start testing these alpha > releases, and hopefully giving us some high quality feedback on what needs > fixing. > > Note that Samba 3.0 is not feature complete yet. There is a more > coding we have planned, but unless we get what we have done already more > widely tested we will have a hard time doing a stable release in a > reasonable time frame. > > Major new features: > - --- > > - - Active Directory support. This release is able to join a ADS realm > as a member server and authenticate users using LDAP/kerberos. > > - - Unicode support. Samba will now negotiate UNICODE on the wire and > internally there is now a much better infrastructure for multi-byte > and UNICODE character sets. > > - - New authentication system. The internal authentication system has > been almost completely rewritten. Most of the changes are internal, > but the new auth system is also very configurable. > > - - new filename mangling system. The filename mangling system has been > completely rewritten. An internal database now stores mangling maps > persistently. This needs lots of testing. > > - - new "net" command. A new "net" command has been added. It is > somewhat similar to the "net" command in windows. Eventually we plan > to replace a bunch of other utilities (such as smbpasswd) with > subcommands in "net", at the moment only a few things are > implemented. > > - - Samba now negotiates NT-style status32 codes on the wire. This > improves error handling a lot. > > - - better w2k printing support including publishing printer > attributes in active directory > > - - new loadable RPC modules > > - - new dual-daemon winbindd support for better performance > > - - support for migrating from a Windows NT 4.0 domain > > - - support for establishing trust relationships with Windows NT 4.0 >
Re: Detecting Windows OS Version through Samba
Thanks, could you please mail it to me, their server http://www.apostols.org/projectz/queso/ seems to be down at the moment. Will it distinguish windows flavours? agis. Jelmer Vernooij wrote: On Wed, Mar 05, 2003 at 06:57:04PM +0100, Simo Sorce wrote about 'Re: Detecting Windows OS Version through Samba': On Wed, 2003-03-05 at 18:52, Agis Andreou wrote: Hello everyone, I have a samba server and several wannabe clients on a different subnet. Is there a way to determine their windows os version through the network, (without actually asking their owners or trying to physicaly locate the hosts)? if i am not mistaken the info i'm looking for is exposed at least during the browser election proccess, but that is not enough since i am on a different subnet. NetBIOS is open to those machines. Is there a cmd line utility or source code for solaris/bsd/linux or windows that can be used for that purpose? You can also try to use the queso tool. Jelmer
Re: Detecting Windows OS Version through Samba
On Wed, Mar 05, 2003 at 06:57:04PM +0100, Simo Sorce wrote about 'Re: Detecting Windows OS Version through Samba': > On Wed, 2003-03-05 at 18:52, Agis Andreou wrote: > > Hello everyone, > > I have a samba server and several wannabe clients on a different subnet. > > Is there a way to determine their windows os version through the network, > > (without actually asking their owners or trying to physicaly locate the > > hosts)? > > if i am not mistaken the info i'm looking for is exposed at least during > > the browser election proccess, > > but that is not enough since i am on a different subnet. NetBIOS is open > > to those machines. > > Is there a cmd line utility or source code for solaris/bsd/linux or > > windows that can be used for that purpose? You can also try to use the queso tool. Jelmer -- Jelmer Vernooij <[EMAIL PROTECTED]> Pending (unfinished) patches http://samba.org/~jelmer/diffs.php
Re: Detecting Windows OS Version through Samba
We have a specific exapansion variable that may be used inside smb.conf to be replaced by remote OS signature, I cannot remember how it works out which OS is on the other side or how accurate it is. Look into smb.conf and search for %a Simo. On Wed, 2003-03-05 at 18:52, Agis Andreou wrote: > Hello everyone, > > I have a samba server and several wannabe clients on a different subnet. > Is there a way to determine their windows os version through the network, > (without actually asking their owners or trying to physicaly locate the > hosts)? > > if i am not mistaken the info i'm looking for is exposed at least during > the browser election proccess, > but that is not enough since i am on a different subnet. NetBIOS is open > to those machines. > > Is there a cmd line utility or source code for solaris/bsd/linux or > windows that can be used for that purpose? > > thanx, > Agis -- Simo Sorce - [EMAIL PROTECTED] Xsec s.r.l. via Durando 10 Ed. G - 20158 - Milano tel. +39 02 2399 7130 - fax: +39 02 700 442 399 signature.asc Description: This is a digitally signed message part
Detecting Windows OS Version through Samba
Hello everyone, I have a samba server and several wannabe clients on a different subnet. Is there a way to determine their windows os version through the network, (without actually asking their owners or trying to physicaly locate the hosts)? if i am not mistaken the info i'm looking for is exposed at least during the browser election proccess, but that is not enough since i am on a different subnet. NetBIOS is open to those machines. Is there a cmd line utility or source code for solaris/bsd/linux or windows that can be used for that purpose? thanx, Agis
VFS related.
Hi, I'm was trying to port my VFS module over *BSD.
I had some problems and I want to share the results with you:
1. On OpenBSD 3.1 in dynamic module symbols are mangled with "_" in front of name of
the function so
sym_dlsym(handle, "vfs_init") don't work but
sym_dlsym(handle, "_vfs_init") is ok.
I resolved this by forcing the compiler to generate vfs_init instead of _vfs_init:
extern struct vfs_ops* rav_vfs_init(int*, struct vfs_ops *) asm ("vfs_init");
before function definition.
I prefer that samba during configuring time to see how the name are mangled and to
add '_' in OpenBSD case, or
to try dlopen twice: one for and if this fails for _.
2. On NetBSD 1.6 (GENERIC) because I'm using some functions from smbd (in order to
send messages to the client who access an infected file)
I've got this error:
[2003/03/05 19:39:46, 3]
/usr/pkgsrc/net/samba/work/samba-2.2.6/source/smbd/vfs.c:vfs_init_custom(138)
Initialising custom vfs hooks from /usr/local/lib/rav/ravsamba.so
[2003/03/05 19:39:46, 0]
/usr/pkgsrc/net/samba/work/samba-2.2.6/source/smbd/vfs.c:vfs_init_custom(143)
Error opening /usr/local/lib/rav/ravsamba.so: /usr/local/lib/rav/ravsamba.so:
Undefined PLT symbol "dbgtext"
(reloc type = 7, symnum = 75)
[2003/03/05 19:39:46, 0]
/usr/pkgsrc/net/samba/work/samba-2.2.6/source/smbd/vfs.c:smbd_vfs_init(188)
smbd_vfs_init: vfs_init_custom failed
The problem resides in the default configuration of ld.elf_so.
You might want to include in your VFS documentation the need to export the environment
variable LD_BIND_NOW before starting smbd daemon
on NetBSD.
Regards,
Tudore.
documentation omission: add printer command
The "add printer command" program can output a single line of text, which Samba will set as the port the new printer is connected to. From my reading of the code, if this line /isn't/ output, Samba won't reload its printer shares. Cheers, Waider. -- [EMAIL PROTECTED] / Yes, it /is/ very personal of me. "It doesn't corner well. It doesn't have to. It just warps space until the street is facing the right way." - Blair P. Houghton
Re: [PATCH] draft: better string overflow checking (was: memorycorruption in SAMBA_3_0)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wed, 5 Mar 2003, Martin Pool wrote: > I was thinking about Andrew's fstring-overflow patch from a few weeks > ago: for developer builds, it touches the last byte of a string buffer > to check that it's as long as it should be. > > This should be reasonably helpful in catching string overflows on the > heap, but not so good on the stack, because the program can probably > write arbitrarily far past stack variables without trapping, even > under Valgrind. Writing a \0 in there will damage *something* and > probably make the program crash, but it won't be very obvious. I > think this might have been what Jerry saw the other day. This looks good Martin. Would be much easier to catch when we write past the end. You've got my vote. cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.0 (GNU/Linux) Comment: For info see http://quantumlab.net/pine_privacy_guard/ iD8DBQE+ZiIzIR7qMdg1EfYRAs/0AKDJRVt1giqVvWCdEAns40uaDD9bjACg7pxw pkOgMnGRHXrSvqwGsRh5+Ts= =MnXj -END PGP SIGNATURE-
RE: mount points / free disk space / dfree command
> -Original Message- > From: David Lee [mailto:[EMAIL PROTECTED] > Sent: Wednesday, March 05, 2003 6:30 AM > > On Tue, 4 Mar 2003, Panko, Kevin wrote: > > > I'm not sure I understand exactly what you want. But there is the > potential, at least in the future, for doing more than simply a "df". When an exported directory has mount points under it, samba cannot tell the client the correct amount of free space available. Let's say we have a smb.conf as: [data] path = /data And let's say /data contains two directories, disk1 and disk2, which are mount points for separate disks. Now samba will report the total/free disk space on [data] as the space on the filesystem where /data itself is mounted (let's say the root filesystem). If disk1 is FULL, and the root filesystem is not, the clients will think the disk is not full, and yet writes attempted to \data\disk1\ will fail. That is what I am trying to avoid. > Did you see my reply of Feb 24th, which mentioned what samba > can already > do if quotas are present (and, implicitly, applicable to a > filesystem)? Yes, but this solves a different problem than mine. > Want simple "df"-like functionality? Present, as the default. > Want to call an external program? Present as "dfree command". I have > never used it. I suspect it cannot do quota-like per-user stuff, nor > per-subdirectory stuff. The dfree command is only useful for platforms where samba does not have a builtin way to determine free disk space. My platform is Solaris. To refer back to my example situation, when I tried using "dfree command" I saw that samba only calls the external program for /data, never for /data/disk1. I was hoping to mount the share on windows, then "cd" to disk1, and run "dir," but the dfree program never gets told about the client's current dir. Samba itself doesn't get told either. > I could well envisage something conceptually similar to > "dfree command", > but more flexible, to allow use of username and current-directory: That's exactly what I could use, but current-directory is a client side concept that samba does not know. Right? Kevin Panko
Samba-3.0alpha22 available on samba.org mirrors
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 We've just posted another snapshot of the SAMBA_3_0 cvs tree for download. This is a non-production release provided for testing only. The source code can be downloaded from : http://download.samba.org/samba/ftp/alpha/ The uncompressed tarball and patch file have been signed using GnuPG. The Samba public key is available at http://download.samba.org/samba/ftp/samba-pubkey.asc Binary packages for RedHat have been released and can be found at http://download.samba.org/samba/ftp/Binary_Packages/ Others will be available as they are submitted by volunteers. A simplified version of the CVS log of updates since 3.0alpha21 can be found in the the download directory under the name ChangeLog-3.0alpha21-alpha22. The release notes follow. As always, all bugs are our responsibility. --Enjoy The Samba Team - WHATS NEW IN Samba 3.0 alpha22 4th March 2003 == This is a pre-release of Samba 3.0. This is NOT a stable release. Use at your own risk. The purpose of this alpha release is to get wider testing of the major new pieces of code in the current Samba 3.0 development tree. We have officially ceased development on the 2.2.x release of Samba and are concentrating on Samba 3.0. To reduce the time before the final Samba 3.0 release we need as many people as possible to start testing these alpha releases, and hopefully giving us some high quality feedback on what needs fixing. Note that Samba 3.0 is not feature complete yet. There is a more coding we have planned, but unless we get what we have done already more widely tested we will have a hard time doing a stable release in a reasonable time frame. Major new features: - --- - - Active Directory support. This release is able to join a ADS realm as a member server and authenticate users using LDAP/kerberos. - - Unicode support. Samba will now negotiate UNICODE on the wire and internally there is now a much better infrastructure for multi-byte and UNICODE character sets. - - New authentication system. The internal authentication system has been almost completely rewritten. Most of the changes are internal, but the new auth system is also very configurable. - - new filename mangling system. The filename mangling system has been completely rewritten. An internal database now stores mangling maps persistently. This needs lots of testing. - - new "net" command. A new "net" command has been added. It is somewhat similar to the "net" command in windows. Eventually we plan to replace a bunch of other utilities (such as smbpasswd) with subcommands in "net", at the moment only a few things are implemented. - - Samba now negotiates NT-style status32 codes on the wire. This improves error handling a lot. - - better w2k printing support including publishing printer attributes in active directory - - new loadable RPC modules - - new dual-daemon winbindd support for better performance - - support for migrating from a Windows NT 4.0 domain - - support for establishing trust relationships with Windows NT 4.0 domain controllers Plus lots of other changes! Reporting bugs & Development Discussion - --- Please discuss this release on the samba-technical mailing list or by joining the #samba-technical IRC channel on irc.freenode.net. If you do report problems then please try to send high quality feedback. If you don't provide vital information to help us track down the problem then you will probably be ignored. Changes in alpha22: - --- Added Parameters * client NTLMv2 auth * client lanman auth * client signing * client use spnego * max reported print jobs * msdfs proxy See cvs log for SAMBA_3_0 for complete details. There are many smaller numerous changes that would clutter the release notes. 1) remove the global_myname string and replace with wrapper function global_myname() 2) create vfs/ and pdb/ subdirectories for library installs 3) Fixup of ordered cleanup of get_dc_list() 4) Added more autoconf tests for Stratus VOS 5) Fixed nasty bug where file writes with start offsets in the range 0x8000 -> 0x would fail as they were being cast from IVAL (uint32) to SMB_OFF_T (off_t or off64_t, both *signed* types). The sign extension would cause the offset to be treated as negative. 6) Add support to automatically retrieve the dns host name and domain name of an AD server 7) Add support for PRINTER_INFO_7 and publishing printer attributes in active directory 8) Fix for 64 bit issues with oplocks and allocation size 9) Remove assert(count ==1) for multi-homed PDCs when resolving DOMAIN<0x1b> 10) Ensure that
RE: number of groups of NT account causes authentication problems
Hi Richard, et al;
Can't speak for Solaris, but HP-UX has a 20 group membership limit
for HP-UX users. From man setgroups: must be no more than NGROUPS_MAX,
as defined in . Same applies to initgroups.
So Solaris may have some limit as well
Hope this helps,
Don
> -Original Message-
> From: Richard Sharpe [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, March 04, 2003 22:08
> To: Gopal Bhat
> Cc: samba; samba-technical
> Subject: Re: number of groups of NT account causes authentication
> problems
>
>
> On Tue, 4 Mar 2003, Gopal Bhat wrote:
>
> > Hi,
> > I did more experiments with this problem and found that
> 'SMBD' fails to
> > authenticate when the Number of Groups an NT user belongs
> grows more
> > than 14 (i.e. 15 or more).
> > Thanks,
> > Gopal
>
> I can't have a look until tomorrow, but I wonder, is it possible that
> Solaris 9 has a restriction that the user cannot be in more that 14
> groups? I would think not, but will find it difficult to test tonight.
>
> Besides, I can probably only test on Solaris 8.
>
> If that is not the problem, then I would have to look at the
> code that
> does setgroups and test on our platform.
>
> > Gopal Bhat wrote:
> >
> > > I am facing a strange problem related to authentication
> of NT users
> > > accessing the SAMBA server.
> > > Here are the details:
> > > Server: Solaris 9, SUN Ultra 60, SAMBA 2.2.7a with PAM
> and WINBIND
> > > Client: Windows XP, NT4.0, 2000
> > >
> > > Symptoms:
> > > Created a share \\server\test (UNIX: /export/SMB/test)
> with access to
> > > group 'TestGoup' where 'TestUser' is a member.
> > > 'TestUser' is a member of 14 more groups along with
> 'TestGroup' (Total
> > > number of TestUser's group = 15)
> > >
> > > With the above settings 'TestUser' can't access the share
> > > '\\server\test', and the following message shows up in
> the Client.log:
> > >
> > > [2003/03/04 13:31:52, 0] smbd/sec_ctx.c:initialise_groups(244)
> > > Unable to initgroups. Error was Not owner
> > > [2003/03/04 13:31:52, 0] smbd/sec_ctx.c:initialise_groups(247)
> > > This is probably a problem with the account domain\testuser
> > > [2003/03/04 13:31:52, 0] smbd/service.c:make_connection(599)
> > > client (10.81.105.121) Can't change directory to /export/SMB/test
> > > (Permission denied)
> > >
> > > If I change the number of groups the user 'TestUser'
> belongs from 15
> > > to 8 ('TestGroup' + 7 other groups), the user can access
> the share
> > > '\\server\test' without any problems.
> > >
> > > It looks like there is some limitation on number of NT group
> > > memberships 'smbd' can handle. Note: 'wbinfo' returns
> all the right
> > > groups of the user without any problems.
> > >
> > > Is there anyone out there who is aware of this problem
> and knows a
> > > workaround/solution to this?
> > > I really appreciate any help from the prestigious SAMBA Team.
> > >
> > > Thanks,
> > > Gopal
> > >
> >
> >
>
> --
> Regards
> -
> Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org,
> sharpe[at]ethereal.com, http://www.richardsharpe.com
>
Re: quota group
On Wed, 5 Mar 2003, Andrew Bartlett wrote: > [...] > If you can repatch this against HEAD, and check with metze (Stefan > (metze) Metzmacher <[EMAIL PROTECTED]>) on how this might conflict with > his work in this area. In particular, it might work out best that metze > picks this up into his patch. (He is working on being able to modify > the quota from an Windows client!). > > Either way, this certainly is a very nice idea! Is this the time to bite the bullet or take the bull by the horns? (Substitute other metaphors to taste...) In the devel/TODO there is a suggested "coding project": Rewriting Samba's current filesystem quota support as a VFS module. There has also just been another thread from someone requesting some sort of directory-dependent result from "df"-like functionality. Is now the time to extract the handling of "df" (default), "quota", "dfree command" into a generalised VFS structure, reimplementing those mechanisms in such a framework? Or maybe this is already being addressed? We can probably assist with testing and coding Solaris/quota, although we can no longer help with Solaris/Veritas/quota, as we no longer have such a server. -- : David LeeI.T. Service : : Systems Programmer Computer Centre : : University of Durham : : http://www.dur.ac.uk/t.d.lee/South Road: : Durham: : Phone: +44 191 374 2882 U.K. :
Re: quota group
At 21.55 05/03/2003 +1100, Andrew Bartlett wrote: On Wed, 2003-03-05 at 20:32, Massimo Del Sarto wrote: > I use samba on redhat linux (7.1) > For default in redhat each user has also his own group. > > I created a new group for each samba share that I defined so I can control > which users can access to the shares, but if I use the user quota I can't > control the quota on this shares. > Using a group quota I can assign separate quota to each share (the shares > are on the same HD partition): > - each user has a quota on the home share > - each "not home" share has its own quota > > The only problem is that I can't see the quota in windows box. So I > modified the smbd/quotas.c to read the quota group associated to the group > of the file/directory if the user quota result is 0 (zero). I added a > parameter to the function get_smb_linux_* to get an user or a group quota. Wouldn't it be better to report the smaller of the two quotas? I forgotten: - All user have umask set to 002; - In (not home) share I sgid the directory with "chmod 2770 " and assign a group at this directory (chgrp ). - In the smb.conf I use "inherit permissions = Yes" in the share definition. So each files that are created are forced to have the same group of the parent directory In the home directory the files have the gid equal to the uid. In not home (share) directory the files have the gid equal to the group that i created for this share. The result of user quota is 0 (zero) because the user quota are set to 0 (No limit in the user quota) so I can't report a value of 0. Only the group quota is set to a value > 0 My patch is tested only in rehat 7.1 and work only on linux. A "lot" of work must done to extended my idea to all the O.S. Can Stefan Metzmacher do this work and insert in on own patch? Massimo > I attach the output of the commnad: > diff -u -r samba-2.2.7a/source/smbd/quotas.c > samba-2.2.7amds/source/smbd/quotas.c > > > --- samba-2.2.7a/source/smbd/quotas.c Wed Dec 11 10:17:40 2002 > +++ samba-2.2.7amds/source/smbd/quotas.cTue Mar 4 09:43:05 2003 > @@ -66,13 +66,18 @@ >Abstract out the XFS Quota Manager quota get call. > / > > -static int get_smb_linux_xfs_quota(char *path, uid_t euser_id, > LINUX_SMB_DISK_QUOTA *dp) > +static int get_smb_linux_xfs_quota(char *path, uid_t euser_id, > LINUX_SMB_DISK_QUOTA *dp, char type ) Make this a BOOL for type 'group_quota' or even better an enum with values 'USER_QUOTA, GROUP_QUOTA'. If you can repatch this against HEAD, and check with metze (Stefan (metze) Metzmacher <[EMAIL PROTECTED]>) on how this might conflict with his work in this area. In particular, it might work out best that metze picks this up into his patch. (He is working on being able to modify the quota from an Windows client!). Either way, this certainly is a very nice idea! Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net -- Ing. Massimo Del Sarto Capo Ufficio CED IRCCS Fondazione Stella Marishttp://www.inpe.unipi.it Tel. +39 050 886268Fax. +39 050 32214 --
Re: more rpcclient bughunting: PRINTER_ALL_ACCESS vs MAXIMUM_ALLOWED_ACCESS
On March 5, [EMAIL PROTECTED] said:
>
> I've checked in a fix. It's odd that MAXIMUM_ALLOWED_ACCESS doesn't
> do what it's supposed to in this case. Are you running the setdriver
> against a NT or Samba server?
Running against Samba HEAD, but just one sec...
Right, here's the summary of what I've found:
Samba HEAD -> Samba HEAD (rpcclient setdriver)
* Asking for Maximum allowed access doesn't give you printer admin
rights
Samba HEAD -> NT4 SP6 (rpcclient setdriver)
* Asking for Maximum allowed access /does/ give you printer admin
rights, even though the printer admin bitfield isn't set.
NT4 SP6 to Samba HEAD (Opening the Printers folder)
* First request is for
Write Owner | Write DAC | Read Control | Delete
Server Enum | Server Admin
* Second request appears to be the same in terms of requested access;
something else might differ, but nothing immediately obvious.
* Third request asks for
Read Control
Server Enum
I set up a Printer Operator account to test this with, and it
succeeded on the first request (Server Admin), as does a Domain
Admin account. Finally, I removed the Printer Operator account from
"Printer Operators" but left it in "printer admins" on the samba
server, and it still succeeded at the first request. So I'm not sure
when the Printer Admin bit gets used, but it's not when you open the
Printers folder.
I don't right now have an easy way to test NT<->NT /and/ capture the
bits; however, I think it's obvious from the above that Samba should
be responding to a MAXIMUM_ALLOWED_ACCESS request with
PRINTER_ACCESS_ADMINISTER rights. As it stands, it's going to get
punted:
srv_spoolss_nt.c:1577
==
/* Deny any object specific bits that don't apply to print
servers (i.e printer and job specific bits) */
printer_default->access_required &= SPECIFIC_RIGHTS_MASK;
if (printer_default->access_required &
~(SERVER_ACCESS_ADMINISTER | SERVER_ACCESS_ENUMERATE)) {
DEBUG(3, ("access DENIED for non-printserver bits"));
close_printer_handle(p, handle);
return WERR_ACCESS_DENIED;
}
==
Cheers,
Waider.
--
[EMAIL PROTECTED] / Yes, it /is/ very personal of me.
"Your broker is a half-naked blue-and-orange crypto-anarchist?"
- Neal Stephenson / The Great Simoleon Caper
RE: mount points / free disk space / dfree command
On Tue, 4 Mar 2003, Panko, Kevin wrote: > I went and read some of the CIFS spec[1], and it seems to me that the > QUERY_FS_INFO trans2 request only includes an identifier for the current > connection. Given this information, samba can only attempt to determine the > amount of space on the root of the share. This explains why using the dfree > command did not give me any different numbers than not using it. I'm not sure I understand exactly what you want. But there is the potential, at least in the future, for doing more than simply a "df". Did you see my reply of Feb 24th, which mentioned what samba can already do if quotas are present (and, implicitly, applicable to a filesystem)? And how this might be generalised? (By coincidence, another thread has just started about "group quota".) > If I really understand what is going on here, then what we would have to do > is create a new share for each mounted device. That would be hard because > the root that is exported happens to be an automounter directory, which > changes. Want simple "df"-like functionality? Present, as the default. Want to use user quotas? Present, with appropriate compilation and UN*X-host quota configuration. Want to use group quotas? Not yet present; but a recent thread discusses a possibility. Want to call an external program? Present as "dfree command". I have never used it. I suspect it cannot do quota-like per-user stuff, nor per-subdirectory stuff. I could well envisage something conceptually similar to "dfree command", but more flexible, to allow use of username and current-directory: 1. yet another "smb.conf" option. Like "dfree command" (calling external program). This could be hacked up reasonably quickly, but is a "dirty" solution, expecially in view of current herculean efforts to clean the Samba code. 2. Generalise (and re-implement) the existing stuff (df, "dfree command", quota) as VFS modules, allowing sites to write their own modules. This would take longer to do, but would be much cleaner, and aligns well with future development. Summary: What you want may not be there right now. But I think it could be added if designed reasonably carefully, and in context of the "bigger picture". Hope that helps (a little, at least!). -- : David LeeI.T. Service : : Systems Programmer Computer Centre : : University of Durham : : http://www.dur.ac.uk/t.d.lee/South Road: : Durham: : Phone: +44 191 374 2882 U.K. :
Re: [PATCH] draft: better string overflow checking (was: memorycorruption in SAMBA_3_0)
On Wed, 2003-03-05 at 16:11, Martin Pool wrote:
> I was thinking about Andrew's fstring-overflow patch from a few weeks
> ago: for developer builds, it touches the last byte of a string buffer
> to check that it's as long as it should be.
>
> This should be reasonably helpful in catching string overflows on the
> heap, but not so good on the stack, because the program can probably
> write arbitrarily far past stack variables without trapping, even
> under Valgrind. Writing a \0 in there will damage *something* and
> probably make the program crash, but it won't be very obvious. I
> think this might have been what Jerry saw the other day.
>
> I think this patch is better: it thoroughly clobbers the contents of
> string buffers to make any fstring/pstring/dynamic confusion obvious.
>
> Here is an example that is caught in developer builds with this patch,
> but is hard to catch otherwise:
>
> #include "includes.h"
>
> int main(void)
> {
> fstring dest;
>
> pstrcpy(dest, "hello");
>
> return 0;
> }
>
> This fails with an obvious message under gdb:
>
> #0 0xf1f1f1f1 in ?? ()
> Cannot access memory at address 0xf1f1f1f1
>
> Please don't apply this yet because I want to see if it catches any
> bugs, but I'd love to hear comments.
This will (compared to other checks) slow things down, as we keep
filling out those pstrings, but I think it's a great idea - and will
catch bugs!
Andrew Bartlett
--
Andrew Bartlett [EMAIL PROTECTED]
Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED]
Student Network Administrator, Hawker College [EMAIL PROTECTED]
http://samba.org http://build.samba.org http://hawkerc.net
signature.asc
Description: This is a digitally signed message part
Re: quota group
On Wed, 2003-03-05 at 20:32, Massimo Del Sarto wrote: > I use samba on redhat linux (7.1) > For default in redhat each user has also his own group. > > I created a new group for each samba share that I defined so I can control > which users can access to the shares, but if I use the user quota I can't > control the quota on this shares. > Using a group quota I can assign separate quota to each share (the shares > are on the same HD partition): > - each user has a quota on the home share > - each "not home" share has its own quota > > The only problem is that I can't see the quota in windows box. So I > modified the smbd/quotas.c to read the quota group associated to the group > of the file/directory if the user quota result is 0 (zero). I added a > parameter to the function get_smb_linux_* to get an user or a group quota. Wouldn't it be better to report the smaller of the two quotas? > I attach the output of the commnad: > diff -u -r samba-2.2.7a/source/smbd/quotas.c > samba-2.2.7amds/source/smbd/quotas.c > > > --- samba-2.2.7a/source/smbd/quotas.c Wed Dec 11 10:17:40 2002 > +++ samba-2.2.7amds/source/smbd/quotas.cTue Mar 4 09:43:05 2003 > @@ -66,13 +66,18 @@ >Abstract out the XFS Quota Manager quota get call. > / > > -static int get_smb_linux_xfs_quota(char *path, uid_t euser_id, > LINUX_SMB_DISK_QUOTA *dp) > +static int get_smb_linux_xfs_quota(char *path, uid_t euser_id, > LINUX_SMB_DISK_QUOTA *dp, char type ) Make this a BOOL for type 'group_quota' or even better an enum with values 'USER_QUOTA, GROUP_QUOTA'. If you can repatch this against HEAD, and check with metze (Stefan (metze) Metzmacher <[EMAIL PROTECTED]>) on how this might conflict with his work in this area. In particular, it might work out best that metze picks this up into his patch. (He is working on being able to modify the quota from an Windows client!). Either way, this certainly is a very nice idea! Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net signature.asc Description: This is a digitally signed message part
quota group
I use samba on redhat linux (7.1)
For default in redhat each user has also his own group.
I created a new group for each samba share that I defined so I can control
which users can access to the shares, but if I use the user quota I can't
control the quota on this shares.
Using a group quota I can assign separate quota to each share (the shares
are on the same HD partition):
- each user has a quota on the home share
- each "not home" share has its own quota
The only problem is that I can't see the quota in windows box. So I
modified the smbd/quotas.c to read the quota group associated to the group
of the file/directory if the user quota result is 0 (zero). I added a
parameter to the function get_smb_linux_* to get an user or a group quota.
I attach the output of the commnad:
diff -u -r samba-2.2.7a/source/smbd/quotas.c
samba-2.2.7amds/source/smbd/quotas.c
--- samba-2.2.7a/source/smbd/quotas.c Wed Dec 11 10:17:40 2002
+++ samba-2.2.7amds/source/smbd/quotas.cTue Mar 4 09:43:05 2003
@@ -66,13 +66,18 @@
Abstract out the XFS Quota Manager quota get call.
/
-static int get_smb_linux_xfs_quota(char *path, uid_t euser_id,
LINUX_SMB_DISK_QUOTA *dp)
+static int get_smb_linux_xfs_quota(char *path, uid_t euser_id,
LINUX_SMB_DISK_QUOTA *dp, char type )
{
int ret = -1;
struct fs_disk_quota D;
ZERO_STRUCT(D);
- if ((ret = quotactl(QCMD(Q_XGETQUOTA,USRQUOTA), path, euser_id,
(caddr_t)&D)))
+ if ( type == 'g' ) {
+ ret = quotactl(QCMD(Q_XGETQUOTA,GRPQUOTA), path,
euser_id, (caddr_t)&D);
+ } else {
+ ret = quotactl(QCMD(Q_XGETQUOTA,USRQUOTA), path,
euser_id, (caddr_t)&D);
+ }
+ if (ret)
return ret;
dp->bsize = (SMB_BIG_UINT)512;
@@ -89,7 +94,7 @@
Abstract out the old and new Linux quota get calls.
/
-static int get_smb_linux_v1_quota(char *path, uid_t euser_id,
LINUX_SMB_DISK_QUOTA *dp)
+static int get_smb_linux_v1_quota(char *path, uid_t euser_id,
LINUX_SMB_DISK_QUOTA *dp, char type )
{
struct v1_kern_dqblk D;
int ret;
@@ -97,7 +102,12 @@
ZERO_STRUCT(D);
dp->bsize = (SMB_BIG_UINT)QUOTABLOCK_SIZE;
- if ((ret = quotactl(QCMD(Q_V1_GETQUOTA,USRQUOTA), path, euser_id,
(caddr_t)&D)))
+ if ( type == 'g' ) {
+ ret = quotactl(QCMD(Q_V1_GETQUOTA,GRPQUOTA), path,
euser_id, (caddr_t)&D);
+ } else {
+ ret = quotactl(QCMD(Q_V1_GETQUOTA,USRQUOTA), path,
euser_id, (caddr_t)&D);
+ }
+if (ret)
return -1;
dp->softlimit = (SMB_BIG_UINT)D.dqb_bsoftlimit;
@@ -110,7 +120,7 @@
return 0;
}
-static int get_smb_linux_v2_quota(char *path, uid_t euser_id,
LINUX_SMB_DISK_QUOTA *dp)
+static int get_smb_linux_v2_quota(char *path, uid_t euser_id,
LINUX_SMB_DISK_QUOTA *dp, char type )
{
struct v2_kern_dqblk D;
int ret;
@@ -118,7 +128,12 @@
ZERO_STRUCT(D);
dp->bsize = (SMB_BIG_UINT)QUOTABLOCK_SIZE;
- if ((ret = quotactl(QCMD(Q_V2_GETQUOTA,USRQUOTA), path, euser_id,
(caddr_t)&D)))
+ if ( type == 'g' ) {
+ ret = quotactl(QCMD(Q_V2_GETQUOTA,GRPQUOTA), path,
euser_id, (caddr_t)&D);
+ } else {
+ ret = quotactl(QCMD(Q_V2_GETQUOTA,USRQUOTA), path,
euser_id, (caddr_t)&D);
+ }
+if (ret)
return -1;
dp->softlimit = (SMB_BIG_UINT)D.dqb_bsoftlimit;
@@ -135,7 +150,7 @@
Brand-new generic quota interface.
/
-static int get_smb_linux_gen_quota(char *path, uid_t euser_id,
LINUX_SMB_DISK_QUOTA *dp)
+static int get_smb_linux_gen_quota(char *path, uid_t euser_id,
LINUX_SMB_DISK_QUOTA *dp, char type )
{
struct if_dqblk D;
int ret;
@@ -143,7 +158,12 @@
ZERO_STRUCT(D);
dp->bsize = (SMB_BIG_UINT)QUOTABLOCK_SIZE;
- if ((ret = quotactl(QCMD(Q_GETQUOTA,USRQUOTA), path, euser_id,
(caddr_t)&D)))
+ if ( type == 'g' ) {
+ ret = quotactl(QCMD(Q_GETQUOTA,GRPQUOTA), path, euser_id,
(caddr_t)&D);
+ } else {
+ ret = quotactl(QCMD(Q_GETQUOTA,USRQUOTA), path, euser_id,
(caddr_t)&D);
+ }
+ if (ret)
return -1;
dp->softlimit = (SMB_BIG_UINT)D.dqb_bsoftlimit;
@@ -170,6 +190,7 @@
SMB_DEV_T devno;
int found;
uid_t euser_id;
+ gid_t fgrp_id;
euser_id = geteuid();
@@ -179,6 +200,7 @@
return(False) ;
devno = S.st_dev ;
+ fgrp_id = S.st_gid;
fp = setmntent(MOUNTED,"r");
found = False ;
@@ -202,15 +224,31 @@
set_effective_uid(0);
if (strcmp(mnt->mnt_type, "xfs")) {
- r=get_smb_linux_gen_quota(mnt->mnt_fsname, euser_id, &D);
+
