headers
Endi Sukma Dewata | 1 Dec 2009 03:26
Picon
Favicon

Re: [IPA] Disabling Heimdal service

Hi Stefan,

Attached are the patches that I've submitted recently. Please
use these files instead of the previous ones. I have modified
the last patch to use the static const kdc_tcp_stream_ops as
you suggested. I also do not include the patch #2 about copying
the examples into the installation directory for now.

These patches are available in this git branch:
http://github.com/endisd/samba/commits/development/

Thanks!

--
Endi S. Dewata

----- "Stefan (metze) Metzmacher" <metze <at> samba.org> wrote:

> You can just leave kdc_tcp_stream_ops as it is (static const)
> and use it for both, the name doesn't really matter.
Attachment (0001-s4-kdc-Disable-KDC-port-when-it-s-set-to-0.patch): application/mbox, 5721 bytes
Attachment (0003-s4-Create-default-modules-directory.patch): text/x-patch, 671 bytes
Attachment (0004-s4-kdc-Merged-kdc_add_kdc_socket-and-kdc_add_kpa.patch): application/mbox, 5802 bytes
Attachment (0005-s4-kdc-Merged-kdc_tcp_accept-and-kpasswdd_tcp_ac.patch): application/mbox, 4211 bytes
Permalink | Reply | 1 comment |
headers
Andrew Bartlett | 1 Dec 2009 04:34
Picon
Favicon

Re: [IPA] Disabling Heimdal service

On Mon, 2009-11-30 at 21:26 -0500, Endi Sukma Dewata wrote:
> Hi Stefan,
> 
> Attached are the patches that I've submitted recently. Please
> use these files instead of the previous ones. I have modified
> the last patch to use the static const kdc_tcp_stream_ops as
> you suggested. I also do not include the patch #2 about copying
> the examples into the installation directory for now.

I think you sent the wrong patches - I can't see any evidence of that in
the patches.

Andrew Bartlett

--

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Cisco Inc.
Permalink | Reply | 0 comments |
headers
Endi Sukma Dewata | 1 Dec 2009 05:52
Picon
Favicon

Re: [IPA] Disabling Heimdal service

Andrew,

You're right, I did a mistake during git reset. Attached should be
the correct one. Sorry about that. Thanks.

--
Endi S. Dewata

----- "Andrew Bartlett" <abartlet <at> samba.org> wrote:

> On Mon, 2009-11-30 at 21:26 -0500, Endi Sukma Dewata wrote:
> > Hi Stefan,
> > 
> > Attached are the patches that I've submitted recently. Please
> > use these files instead of the previous ones. I have modified
> > the last patch to use the static const kdc_tcp_stream_ops as
> > you suggested. I also do not include the patch #2 about copying
> > the examples into the installation directory for now.
> 
> I think you sent the wrong patches - I can't see any evidence of that
> in
> the patches.
> 
> Andrew Bartlett
> 
> -- 
> Andrew Bartlett                               
> http://samba.org/~abartlet/
> Authentication Developer, Samba Team           http://samba.org
> Samba Developer, Cisco Inc.
(Continue reading)

Permalink | Reply | 0 comments |
headers
Andrew Bartlett | 1 Dec 2009 06:18
Picon
Favicon

RFCs, Debian and Samba build dependencies

Jelmer,

I had to revert your commit to remove RFC files from Samba4 releases, as
it broke the build of our release tarballs - Heimdal uses python to
extract tables from the rfc files, and then uses them to build header
files. 

Can we work to see if we can find a solution that is acceptable to
Debian and does not break Samba to badly?

Thanks, 

Andrew Bartlett
--

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Cisco Inc.
Permalink | Reply | 17 comments |
headers
boyang | 1 Dec 2009 08:04
Picon
Favicon

Borken vuid_cache in connection_struct?

Hi, *:
     I think the vuid_cache is broken when dynamic share permission is
introduced. Please correct me if I am wrong. :-)
1). security = share.
    user A on share A, user B on share B, on the the same tcp connect.
    user A performs some user activity on share A(eg, open a file, write
to it and keep it open), then user B performs some user activity on
share B. Therefore, current user changed from user A to user B. Share
A's permission changes here to deny write access for user A. user A
tries to write to the opened file. have a look at what change_to_user()
does, current user is not user A and  will not find vuid_cache
entry(because share = security, vuid = -1 is not even cached), perform
access check from start, deny user A from write access.(bad, the second
write is expected to succeed).
2). security != share.
    user 1-33 performs user activity sequentialy on share A.
    user 1 performs something like this(open a file, write to it and
keep it open), then user 2-33 performs some user activity. current user
changes from 1 to 33, and vuid_cache is full when user 32 performs user
activity. Then user 33 performs user activity, vuid_cache for user 1
will be replace with user 33. user 1 tries to write to the file again,
have a look at what change_to_user() does. current_user is not user 1,
look up in the vuid_cache failed, do a access check from start, deny
user A from write access. (Bad, the second write is expected to succeed.)

Recommendations:
   We use two linked lists to watch on share's permission. the entry
looks like vuid_cache. One list is used to record information about
share(read_only, admin_users, server_info) when the first call to
change_to_user(), ie, when user performs first user acitivty, record
(Continue reading)

Permalink | Reply | 0 comments |
headers
Christian Perrier | 1 Dec 2009 07:10
Picon
Favicon
Gravatar

Re: RFCs, Debian and Samba build dependencies

Quoting Andrew Bartlett (abartlet <at> samba.org):
> Jelmer,
> 
> I had to revert your commit to remove RFC files from Samba4 releases, as
> it broke the build of our release tarballs - Heimdal uses python to
> extract tables from the rfc files, and then uses them to build header
> files. 
> 
> Can we work to see if we can find a solution that is acceptable to
> Debian and does not break Samba to badly?

Please find below the text of the original bug report we got about
this (we got a similar bug report for samba 3, as it carries some
samba4 sources).

It proposes 3 solutions:
1) ask the author of the RFC to relicense it under a free license
2) repackage upstream sources without the offending documents
3) move the package to non free.

1) seems out of question as it would certainly require hairy
discussions with RFC authors while.....I'm not sure we (samba pkg
maintainers) are freeness-junkies enough to sustain it (IIRC I voted
against the resolutions that were attempting to make non modificable
documentation non free because I think this is more or less shooting
self in feet).

2) was possible but we preferred working directly with upstream (as
one of us is part of upstream) to remove the supposedly unmandatory
documents
(Continue reading)

Permalink | Reply | 16 comments |
headers
Yinon Yamin | 1 Dec 2009 08:28
Favicon

Netapi for testjoin

Hello everyone,

I am trying to write a small utility that can join, unjoin and testjoin
to a DC.

For the join / unjoin I used the netapi  NetJoinDomain / NetunjoinDomain
and it seems to work well.

The question is which API should I use in order to implement the
testjoin predicate. 

The "testjoin " should return TRUE iff the host is already joined to the
DC. (same functionality as the "net testjoin").

Thanks in advance, 

Yinon
Permalink | Reply | 3 comments |
headers
Karolin Seeger | 1 Dec 2009 08:36
Picon
Favicon

Re: RFCs, Debian and Samba build dependencies

Hi Christian,

On Tue, Dec 01, 2009 at 07:10:19AM +0100, Christian Perrier wrote:
> Please find below the text of the original bug report we got about
> this (we got a similar bug report for samba 3, as it carries some
> samba4 sources).

the RFCs are removed by the create-tarball script for s3. So this
shouldn't be a problem in s3 tarballs any longer.

Cheers,
Karolin

--

-- 
Samba			http://www.samba.org
SerNet			http://www.sernet.de
sambaXP			http://www.sambaxp.org
Permalink | Reply | 12 comments |
headers
Volker Lendecke | 1 Dec 2009 08:50
Picon
Favicon

Re: [SCM] Samba Shared Repository - branch master updated

On Mon, Nov 30, 2009 at 06:25:20PM -0600, Günther Deschner wrote:
> The branch, master has been updated
>        via  ea20678... s3-build: taise tdb version when building against system libtdb library.
>       from  6dd6000... s3:add split_tokens, a cmdline tool to test next_token_talloc()
> 
> http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
> 
> 
> - Log -----------------------------------------------------------------
> commit ea20678c55fee9f4586630cdb5fe7f35457d309a
> Author: Günther Deschner <gd <at> samba.org>
> Date:   Tue Dec 1 01:22:44 2009 +0100
> 
>     s3-build: taise tdb version when building against system libtdb library.
>     
>     Try to fix the build on "buildsamba02". At least fixes the build on fedora12
>     with libtdb-devel-1.1.5-2.fc12.x86_64 installed.
>     
>     Volker, please check.

Did the patch I sent to you yesterday night not work for
you?

Volker
Permalink | Reply | 0 comments |
headers
Andrew Bartlett | 1 Dec 2009 11:05
Picon
Favicon

Re: RFCs, Debian and Samba build dependencies

On Tue, 2009-12-01 at 08:36 +0100, Karolin Seeger wrote:
> Hi Christian,
> 
> On Tue, Dec 01, 2009 at 07:10:19AM +0100, Christian Perrier wrote:
> > Please find below the text of the original bug report we got about
> > this (we got a similar bug report for samba 3, as it carries some
> > samba4 sources).
> 
> the RFCs are removed by the create-tarball script for s3. So this
> shouldn't be a problem in s3 tarballs any longer.

Fortunately we are now agreed to remove source4 entirely from Samba 3.5
releases, so it should not be a problem that it won't build without
them :-)

Andrew Bartlett

--

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Cisco Inc.
Permalink | Reply | 1 comment |

Gmane