Michael Adam | 30 Jun 17:58 2015
Picon

[PATCH] smb encrypt - new value desired

Hi,

there is BUG https://bugzilla.samba.org/show_bug.cgi?id=11372
which addresses inconsistencies between settings of smb encrypt
in master and 4.2/4.1.

During discussion it was noticed that we do actually have not
enough settings for 'smb encrypt' to explicitly reflect all
that we need to achieve. We need:

- off      : ...
- enabled  : enable SMB3 encryption cap in negotiate
- desired  : enable cap and turn on data encryption
- required : enable cap, turn on data enc, and reject clients
             that don't support it

We are currently lacking 'desired'.

The attached patchset adds this value,
modifies the server to reflect the above table
and amends the manpage documentation to explain it.

Review / comments appreciated!

Thanks - Michael

From 166c616b82bb2999378acccf70ddf98846940fe5 Mon Sep 17 00:00:00 2001
From: Michael Adam <obnox <at> samba.org>
(Continue reading)

Volker Lendecke | 30 Jun 14:12 2015
Picon

[PATCH] libldap: Fix CID 1308982 Unchecked return value from library

Hi!

Review&push appreciated!

Thanks,

Volker

-- 
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-370000-0, fax: +49-551-370000-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.sernet.de, mailto:kontakt <at> sernet.de
From 1b65ce442907beb3997dcc5a31d9b298cd5c7a9b Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl <at> samba.org>
Date: Tue, 30 Jun 2015 14:10:50 +0200
Subject: [PATCH] libldap: Fix CID 1308982 Unchecked return value from library

Signed-off-by: Volker Lendecke <vl <at> samba.org>
---
 source4/libcli/ldap/ldap_client.c |    8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/source4/libcli/ldap/ldap_client.c b/source4/libcli/ldap/ldap_client.c
index e49df9e..68ebfcf 100644
--- a/source4/libcli/ldap/ldap_client.c
+++ b/source4/libcli/ldap/ldap_client.c
 <at>  <at>  -514,7 +514,13  <at>  <at>  static void ldap_connect_got_sock(struct composite_context *ctx,
(Continue reading)

Volker Lendecke | 30 Jun 12:08 2015
Picon

[PATCH] lib: Fix rundown of open_socket_out()

Hi!

Maybe another contributor to flaky builds.

Review&push appreciated!

Thanks,

Volker

-- 
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-370000-0, fax: +49-551-370000-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.sernet.de, mailto:kontakt <at> sernet.de
From 3371d14c5eaf36541745c06dfe7896e3790be2e2 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl <at> samba.org>
Date: Mon, 29 Jun 2015 19:00:55 +0200
Subject: [PATCH] lib: Fix rundown of open_socket_out()

Under valgrind I've seen the abort in async_connect_cleanup kick in. Yes, it's
good that we check these return codes!

Signed-off-by: Volker Lendecke <vl <at> samba.org>
---
 source3/lib/util_sock.c |   45 +++++++++++++++++++++++++++++++++------------
 1 file changed, 33 insertions(+), 12 deletions(-)

(Continue reading)

Guenther Deschner | 29 Jun 23:44 2015
Picon

[PATCHES] Some preparational work for witness/clusapi

Hi,

attached are some preparational patches from our work to implement the
witness protocol. Mostly testing and marshalling related.

Please review & push.

Thanks,
Guenther
--

-- 
Günther Deschner                    GPG-ID: 8EE11688
Red Hat                         gdeschner <at> redhat.com
Samba Team                              gd <at> samba.org
Attachment (witness.patch): application/mbox, 76 KiB
Guenther Deschner | 29 Jun 23:44 2015
Picon

[PATCH] update ntlmssp.idl

Hi,

attached a patch to update our ntlmssp.idl.

Please review&push.

Thanks,
Guenther
--

-- 
Günther Deschner                    GPG-ID: 8EE11688
Red Hat                         gdeschner <at> redhat.com
Samba Team                              gd <at> samba.org
Attachment (ntlmssp.patch): application/mbox, 1318 bytes
Guenther Deschner | 29 Jun 23:43 2015
Picon

[PATCH] protect against possible smb2 negprot segfault

Hi,

attached is a patch that we created while fixing some spurious crash
bugs in smb2 negprot failure paths.

Please review & push.

Thanks,
Guenther
--

-- 
Günther Deschner                    GPG-ID: 8EE11688
Red Hat                         gdeschner <at> redhat.com
Samba Team                              gd <at> samba.org
Attachment (smbd.patch): application/mbox, 2384 bytes
Uri Simchoni | 29 Jun 22:24 2015
Picon

[PATCH] fix DC search order during domain join

This is a fix to domain controller lookup in "net ads join". The fix
lets net utility give a hint to dsgetdcname() as to the type of domain
name (flat or dns), thus avoiding needless fallback from dns to
netbios and fixing site-aware to site-less fallback.

Before this fix, a failure with on-site dns falls back to netbios
first. If netbios is enabled, we waste time. If netbios is disabled,
the resulting error code is not NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND,
site-less search is not carried out. So a site with RODC cannot be
joined.

Review appreciated.
Thanks,
Uri.
Attachment (join.patch): application/octet-stream, 5722 bytes
Steve French | 29 Jun 19:22 2015
Picon

CIFS Unix Extensions - hardlinks (not symlinks) fail against master

In testing Sachin's DFS patch, I noticed an unrelated server bug -
cifs posix extension hardlinks seem broken against master

/mnt# ln -s file-in-test-target symlink-target ; ln
file-in-test-target hardlink-target
ln: failed to create hard link ‘hardlink-target’ =>
‘file-in-test-target’: Permission denied

Wireshark trace shows CIFS SetInfo Level 515 fails with access denied,
level 513 (with same kind of payload) works.
--

-- 
Thanks,

Steve

mathias dufresne | 29 Jun 11:39 2015
Picon

[Samba] Trigger an arbitrary command on user password change

Hi all,

Is there something to trigger an arbitrary command on user password change?
This would be useful to keep Samba4's password synchronized with others
user databases.

Perhaps there is something else which would help us to keep password
synchronized with others DB...

Kindly regards,

mathias

运帅 | 29 Jun 08:47 2015

how to use kerberos authentication to samba4 file server

Hi Folks,

I am looking for some help from you,  thanks in advance.

I am building samba4 file server with "--without-ad-dc" option, and add the file server as a domain member.
as I already have an Active Directory Domain Controller in place(with window2008).

the problem I am encountered is:
after adding the file server as a domain member, I donot know how to use kerberos authentication to access
the file server.
when build samba4, it hints will select embedded Heimdal build. but there arenot kerberos tools, such as
kstash, kadmin, kinit, klist and so on
How can I use kerberos authentication as samba3?

Thanks
Steve French | 27 Jun 00:26 2015
Picon

Re: [PATCH] OS X SMB2 AAPL copyfile extension

This reminds me that we really need to map the DUPLICATE_EXTENTS call
to Samba (at least on btrfs, but if other fs support it that would
also be helpful) - it is preferable to copy chunk in some cases and I
now have patches for cifs.ko for DUPLICATE_EXTENTS (and the normal
CopyChunk, not the apple extension, has been in a while), but I need
to know whether we could map it to SMB3 (and SMB3.02) not just SMB3.11
since it simply depends on File System Attribute
FILE_SUPPORTS_BLOCK_REFCOUNTING

so we can call DUPLICATE_EXTENTS for fast file copy if and only if
FILE_SUPPORTS_BLOCK_REFCOUNTING is returned in the File System
Attributes by Samba - but I would prefer not to make it dialect
specific (for Samba and cifs.ko) unless someone has a strong argument
for making fastest file copy dependent on something other than that
flag.

On Wed, Jun 17, 2015 at 3:49 AM, Ralph Böhme <rb <at> sernet.de> wrote:
> Hi all,
>
> attached is a patchset, reviewed my metze, that implements Apple's
> copyfile style copy_chunk semantics.
>
> Shamelessly c/p from the bugreport [1] I had created for this:
>
>   OS X SMB server and client use a special copychunk semantic that is
>   triggered by a chunk count of zero.
>
>   In response to this request, the server must copy the whole file at
>   once and also copy all attached file metadata.
>
(Continue reading)


Gmane