diff -Nru samba-4.5.4+dfsg/auth/credentials/credentials_secrets.c samba-4.5.8+dfsg/auth/credentials/credentials_secrets.c
--- samba-4.5.4+dfsg/auth/credentials/credentials_secrets.c 2016-08-11 07:51:04.000000000 +0000
+++ samba-4.5.8+dfsg/auth/credentials/credentials_secrets.c 2017-03-09 09:21:43.000000000 +0000
@@ -39,7 +39,7 @@
#include "dbwrap/dbwrap.h"
#include "dbwrap/dbwrap_open.h"
#include "lib/util/util_tdb.h"
-
+#include "libds/common/roles.h"
/**
* Fill in credentials for the machine trust account, from the secrets database.
@@ -276,6 +276,8 @@
char *secrets_tdb_password = NULL;
char *secrets_tdb_old_password = NULL;
uint32_t secrets_tdb_secure_channel_type = SEC_CHAN_NULL;
+ int server_role = lpcfg_server_role(lp_ctx);
+ int security = lpcfg_security(lp_ctx);
char *keystr;
char *keystr_upper = NULL;
TALLOC_CTX *tmp_ctx = talloc_named(cred, 0, "cli_credentials_set_secrets from ldb");
@@ -354,13 +356,26 @@
}
if (secrets_tdb_password_more_recent) {
+ enum credentials_use_kerberos use_kerberos = CRED_DONT_USE_KERBEROS;
char *machine_account = talloc_asprintf(tmp_ctx, "%s$", lpcfg_netbios_name(lp_ctx));
cli_credentials_set_password(cred, secrets_tdb_password, CRED_SPECIFIED);
cli_credentials_set_old_password(cred, secrets_tdb_old_password, CRED_SPECIFIED);
cli_credentials_set_domain(cred, domain, CRED_SPECIFIED);
if (strequal(domain, lpcfg_workgroup(lp_ctx))) {
cli_credentials_set_realm(cred, lpcfg_realm(lp_ctx), CRED_SPECIFIED);
+
+ switch (server_role) {
+ case ROLE_DOMAIN_MEMBER:
+ if (security != SEC_ADS) {
+ break;
+ }
+ /* fall through */
+ case ROLE_ACTIVE_DIRECTORY_DC:
+ use_kerberos = CRED_AUTO_USE_KERBEROS;
+ break;
+ }
}
+ cli_credentials_set_kerberos_state(cred, use_kerberos);
cli_credentials_set_username(cred, machine_account, CRED_SPECIFIED);
cli_credentials_set_password_last_changed_time(cred, secrets_tdb_lct);
cli_credentials_set_secure_channel_type(cred, secrets_tdb_secure_channel_type);
diff -Nru samba-4.5.4+dfsg/ctdb/common/comm.c samba-4.5.8+dfsg/ctdb/common/comm.c
--- samba-4.5.4+dfsg/ctdb/common/comm.c 2016-08-11 07:51:04.000000000 +0000
+++ samba-4.5.8+dfsg/ctdb/common/comm.c 2017-03-09 09:21:43.000000000 +0000
@@ -251,14 +251,22 @@
* Write packets
*/
+struct comm_write_entry {
+ struct comm_context *comm;
+ struct tevent_queue_entry *qentry;
+ struct tevent_req *req;
+};
+
struct comm_write_state {
struct tevent_context *ev;
struct comm_context *comm;
+ struct comm_write_entry *entry;
struct tevent_req *subreq;
uint8_t *buf;
size_t buflen, nwritten;
};
+static int comm_write_entry_destructor(struct comm_write_entry *entry);
static void comm_write_trigger(struct tevent_req *req, void *private_data);
static void comm_write_done(struct tevent_req *subreq);
@@ -269,6 +277,7 @@
{
struct tevent_req *req;
struct comm_write_state *state;
+ struct comm_write_entry *entry;
req = tevent_req_create(mem_ctx, &state, struct comm_write_state);
if (req == NULL) {
@@ -280,15 +289,38 @@
state->buf = buf;
state->buflen = buflen;
- if (!tevent_queue_add_entry(comm->queue, ev, req,
- comm_write_trigger, NULL)) {
- talloc_free(req);
- return NULL;
+ entry = talloc_zero(state, struct comm_write_entry);
+ if (tevent_req_nomem(entry, req)) {
+ return tevent_req_post(req, ev);
+ }
+
+ entry->comm = comm;
+ entry->req = req;
+ entry->qentry = tevent_queue_add_entry(comm->queue, ev, req,
+ comm_write_trigger, NULL);
+ if (tevent_req_nomem(entry->qentry, req)) {
+ return tevent_req_post(req, ev);
}
+ state->entry = entry;
+ talloc_set_destructor(entry, comm_write_entry_destructor);
+
return req;
}
+static int comm_write_entry_destructor(struct comm_write_entry *entry)
+{
+ struct comm_context *comm = entry->comm;
+
+ if (comm->write_req == entry->req) {
+ comm->write_req = NULL;
+ TEVENT_FD_NOT_WRITEABLE(comm->fde);
+ }
+
+ TALLOC_FREE(entry->qentry);
+ return 0;
+}
+
static void comm_write_trigger(struct tevent_req *req, void *private_data)
{
struct comm_write_state *state = tevent_req_data(
@@ -333,6 +365,8 @@
}
state->nwritten = nwritten;
+ state->entry->qentry = NULL;
+ TALLOC_FREE(state->entry);
tevent_req_done(req);
}
@@ -382,8 +416,8 @@
struct comm_write_state *write_state;
if (comm->write_req == NULL) {
- /* This should never happen */
- abort();
+ TEVENT_FD_NOT_WRITEABLE(comm->fde);
+ return;
}
write_state = tevent_req_data(comm->write_req,
diff -Nru samba-4.5.4+dfsg/ctdb/config/events.d/10.interface samba-4.5.8+dfsg/ctdb/config/events.d/10.interface
--- samba-4.5.4+dfsg/ctdb/config/events.d/10.interface 2016-08-11 07:51:04.000000000 +0000
+++ samba-4.5.8+dfsg/ctdb/config/events.d/10.interface 2017-01-30 09:56:26.000000000 +0000
@@ -215,7 +215,7 @@
# 2) remove the IP from the old interface (and new interface, to be sure)
# 3) add the IP to the new interface
# 4) remove the firewall rule
- # 5) use ctdb gratiousarp to propagate the new mac address
+ # 5) use ctdb gratarp to propagate the new mac address
# 6) use netstat -tn to find existing connections, and tickle them
_oiface=$2
niface=$3
@@ -240,7 +240,7 @@
flush_route_cache
# propagate the new mac address
- $CTDB gratiousarp "$ip" "$niface"
+ $CTDB gratarp "$ip" "$niface"
# tickle all existing connections, so that dropped packets
# are retransmited and the tcp streams work
diff -Nru samba-4.5.4+dfsg/ctdb/config/events.d/13.per_ip_routing samba-4.5.8+dfsg/ctdb/config/events.d/13.per_ip_routing
--- samba-4.5.4+dfsg/ctdb/config/events.d/13.per_ip_routing 2016-08-11 07:51:04.000000000 +0000
+++ samba-4.5.8+dfsg/ctdb/config/events.d/13.per_ip_routing 2017-01-30 09:56:26.000000000 +0000
@@ -184,8 +184,8 @@
-v pre="$table_id_prefix" \
'/^#/ ||
!(min <= $1 && $1 <= max) &&
- !(index($2, pre) == 1)
- { print $0 }' "$rt_tables" >"$_tmp"
+ !(index($2, pre) == 1) {
+ print $0 }' "$rt_tables" >"$_tmp"
mv "$_tmp" "$rt_tables"
) 9>"$rt_tables_lock"
@@ -398,7 +398,7 @@
# flush our route cache
set_proc sys/net/ipv4/route/flush 1
- $CTDB gratiousarp "$ip" "$iface"
+ $CTDB gratarp "$ip" "$iface"
;;
updateip)
@@ -416,7 +416,7 @@
# flush our route cache
set_proc sys/net/ipv4/route/flush 1
- $CTDB gratiousarp "$ip" "$niface"
+ $CTDB gratarp "$ip" "$niface"
tickle_tcp_connections "$ip"
;;
diff -Nru samba-4.5.4+dfsg/ctdb/config/events.d/91.lvs samba-4.5.8+dfsg/ctdb/config/events.d/91.lvs
--- samba-4.5.4+dfsg/ctdb/config/events.d/91.lvs 2016-08-11 07:51:04.000000000 +0000
+++ samba-4.5.8+dfsg/ctdb/config/events.d/91.lvs 2017-01-30 09:56:26.000000000 +0000
@@ -110,7 +110,7 @@
ipvsadm -a -t "$CTDB_LVS_PUBLIC_IP" -r 127.0.0.1
ipvsadm -a -u "$CTDB_LVS_PUBLIC_IP" -r 127.0.0.1
- $CTDB gratiousarp \
+ $CTDB gratarp \
"$CTDB_LVS_PUBLIC_IP" "$CTDB_LVS_PUBLIC_IFACE" >/dev/null 2>&1
flush_route_cache
diff -Nru samba-4.5.4+dfsg/ctdb/config/statd-callout samba-4.5.8+dfsg/ctdb/config/statd-callout
--- samba-4.5.4+dfsg/ctdb/config/statd-callout 2016-12-05 08:18:44.000000000 +0000
+++ samba-4.5.8+dfsg/ctdb/config/statd-callout 2017-03-09 09:21:43.000000000 +0000
@@ -128,6 +128,7 @@
# where the lock manager will respond "strangely" immediately
# after restarting it, which causes clients to fail to reclaim
# their locks.
+ nfs_callout_init
"$CTDB_NFS_CALLOUT" "stop" "nlockmgr" >/dev/null 2>&1
sleep 2
"$CTDB_NFS_CALLOUT" "start" "nlockmgr" >/dev/null 2>&1
diff -Nru samba-4.5.4+dfsg/ctdb/doc/ctdb.1 samba-4.5.8+dfsg/ctdb/doc/ctdb.1
--- samba-4.5.4+dfsg/ctdb/doc/ctdb.1 2016-10-24 19:44:53.000000000 +0000
+++ samba-4.5.8+dfsg/ctdb/doc/ctdb.1 2017-01-30 10:15:39.000000000 +0000
@@ -2,12 +2,12 @@
.\" Title: ctdb
.\" Author:
.\" Generator: DocBook XSL Stylesheets v1.78.1
-.\" Date: 10/24/2016
+.\" Date: 01/30/2017
.\" Manual: CTDB - clustered TDB database
.\" Source: ctdb
.\" Language: English
.\"
-.TH "CTDB" "1" "10/24/2016" "ctdb" "CTDB \- clustered TDB database"
+.TH "CTDB" "1" "01/30/2017" "ctdb" "CTDB \- clustered TDB database"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
@@ -1227,9 +1227,9 @@
.SS "gettickles \fIIPADDR\fR"
.PP
Show TCP connections that are registered with CTDB to be "tickled" if there is a failover\&.
-.SS "gratiousarp \fIIPADDR\fR \fIINTERFACE\fR"
+.SS "gratarp \fIIPADDR\fR \fIINTERFACE\fR"
.PP
-Send out a gratious ARP for the specified interface through the specified interface\&. This command is mainly used by the ctdb eventscripts\&.
+Send out a gratuitous ARP for the specified interface through the specified interface\&. This command is mainly used by the ctdb eventscripts\&.
.SS "pdelete \fIDB\fR \fIKEY\fR"
.PP
Delete KEY from DB\&.
diff -Nru samba-4.5.4+dfsg/ctdb/doc/ctdb.1.html samba-4.5.8+dfsg/ctdb/doc/ctdb.1.html
--- samba-4.5.4+dfsg/ctdb/doc/ctdb.1.html 2016-10-24 19:44:53.000000000 +0000
+++ samba-4.5.8+dfsg/ctdb/doc/ctdb.1.html 2017-01-30 10:15:40.000000000 +0000
@@ -1,4 +1,4 @@
-
SEE ALSO
ctdbd(1),
onnode(1),
diff -Nru samba-4.5.4+dfsg/ctdb/doc/ctdb.1.xml samba-4.5.8+dfsg/ctdb/doc/ctdb.1.xml
--- samba-4.5.4+dfsg/ctdb/doc/ctdb.1.xml 2016-09-13 08:21:35.000000000 +0000
+++ samba-4.5.8+dfsg/ctdb/doc/ctdb.1.xml 2017-01-30 09:56:26.000000000 +0000
@@ -1353,9 +1353,9 @@
- gratiousarp IPADDR INTERFACE
+ gratarp IPADDR INTERFACE
- Send out a gratious ARP for the specified interface through
+ Send out a gratuitous ARP for the specified interface through
the specified interface. This command is mainly used by the
ctdb eventscripts.
diff -Nru samba-4.5.4+dfsg/ctdb/server/ctdb_lock.c samba-4.5.8+dfsg/ctdb/server/ctdb_lock.c
--- samba-4.5.4+dfsg/ctdb/server/ctdb_lock.c 2016-08-11 07:51:04.000000000 +0000
+++ samba-4.5.8+dfsg/ctdb/server/ctdb_lock.c 2017-01-30 09:56:26.000000000 +0000
@@ -192,7 +192,7 @@
lock_ctx->request->lctx = NULL;
}
if (lock_ctx->child > 0) {
- ctdb_kill(lock_ctx->ctdb, lock_ctx->child, SIGKILL);
+ ctdb_kill(lock_ctx->ctdb, lock_ctx->child, SIGTERM);
if (lock_ctx->type == LOCK_RECORD) {
DLIST_REMOVE(lock_ctx->ctdb_db->lock_current, lock_ctx);
} else {
@@ -672,7 +672,7 @@
ctdb_lock_timeout_handler,
(void *)lock_ctx);
if (lock_ctx->ttimer == NULL) {
- ctdb_kill(ctdb, lock_ctx->child, SIGKILL);
+ ctdb_kill(ctdb, lock_ctx->child, SIGTERM);
lock_ctx->child = -1;
close(lock_ctx->fd[0]);
return;
@@ -687,7 +687,7 @@
(void *)lock_ctx);
if (lock_ctx->tfd == NULL) {
TALLOC_FREE(lock_ctx->ttimer);
- ctdb_kill(ctdb, lock_ctx->child, SIGKILL);
+ ctdb_kill(ctdb, lock_ctx->child, SIGTERM);
lock_ctx->child = -1;
close(lock_ctx->fd[0]);
return;
diff -Nru samba-4.5.4+dfsg/ctdb/server/ctdb_lock_helper.c samba-4.5.8+dfsg/ctdb/server/ctdb_lock_helper.c
--- samba-4.5.4+dfsg/ctdb/server/ctdb_lock_helper.c 2016-12-05 08:18:44.000000000 +0000
+++ samba-4.5.8+dfsg/ctdb/server/ctdb_lock_helper.c 2017-01-30 09:56:26.000000000 +0000
@@ -20,8 +20,12 @@
#include "replace.h"
#include "system/filesys.h"
#include "system/network.h"
+#include "system/wait.h"
#include
+#include
+
+#include "lib/util/tevent_unix.h"
#include "ctdb_private.h"
@@ -30,6 +34,11 @@
static char *progname = NULL;
static bool realtime = true;
+struct lock_state {
+ struct tdb_context *tdb;
+ TDB_DATA key;
+};
+
static void set_priority(void)
{
const char *ptr;
@@ -72,7 +81,7 @@
fprintf(stderr, "\n");
fprintf(stderr, "Usage: %s RECORD \n",
progname);
- fprintf(stderr, " %s DB [ ...]\n",
+ fprintf(stderr, " %s DB \n",
progname);
}
@@ -93,10 +102,9 @@
return buffer;
}
-static int lock_record(const char *dbpath, const char *dbflags, const char *dbkey)
+static int lock_record(const char *dbpath, const char *dbflags,
+ const char *dbkey, struct lock_state *state)
{
- TDB_DATA key;
- struct tdb_context *tdb;
int tdb_flags;
/* No error checking since CTDB always passes sane values */
@@ -104,23 +112,25 @@
/* Convert hex key to key */
if (strcmp(dbkey, "NULL") == 0) {
- key.dptr = NULL;
- key.dsize = 0;
+ state->key.dptr = NULL;
+ state->key.dsize = 0;
} else {
- key.dptr = hex_decode_talloc(NULL, dbkey, &key.dsize);
+ state->key.dptr = hex_decode_talloc(NULL, dbkey,
+ &state->key.dsize);
}
- tdb = tdb_open(dbpath, 0, tdb_flags, O_RDWR, 0600);
- if (tdb == NULL) {
- fprintf(stderr, "%s: Error opening database %s\n", progname, dbpath);
+ state->tdb = tdb_open(dbpath, 0, tdb_flags, O_RDWR, 0600);
+ if (state->tdb == NULL) {
+ fprintf(stderr, "%s: Error opening database %s\n",
+ progname, dbpath);
return 1;
}
set_priority();
- if (tdb_chainlock(tdb, key) < 0) {
+ if (tdb_chainlock(state->tdb, state->key) < 0) {
fprintf(stderr, "%s: Error getting record lock (%s)\n",
- progname, tdb_errorstr(tdb));
+ progname, tdb_errorstr(state->tdb));
return 1;
}
@@ -130,26 +140,26 @@
}
-
-static int lock_db(const char *dbpath, const char *dbflags)
+static int lock_db(const char *dbpath, const char *dbflags,
+ struct lock_state *state)
{
- struct tdb_context *tdb;
int tdb_flags;
/* No error checking since CTDB always passes sane values */
tdb_flags = strtol(dbflags, NULL, 0);
- tdb = tdb_open(dbpath, 0, tdb_flags, O_RDWR, 0600);
- if (tdb == NULL) {
- fprintf(stderr, "%s: Error opening database %s\n", progname, dbpath);
+ state->tdb = tdb_open(dbpath, 0, tdb_flags, O_RDWR, 0600);
+ if (state->tdb == NULL) {
+ fprintf(stderr, "%s: Error opening database %s\n",
+ progname, dbpath);
return 1;
}
set_priority();
- if (tdb_lockall(tdb) < 0) {
+ if (tdb_lockall(state->tdb) < 0) {
fprintf(stderr, "%s: Error getting db lock (%s)\n",
- progname, tdb_errorstr(tdb));
+ progname, tdb_errorstr(state->tdb));
return 1;
}
@@ -158,13 +168,114 @@
return 0;
}
+struct wait_for_parent_state {
+ struct tevent_context *ev;
+ pid_t ppid;
+};
+
+static void wait_for_parent_check(struct tevent_req *subreq);
+
+static struct tevent_req *wait_for_parent_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ pid_t ppid)
+{
+ struct tevent_req *req, *subreq;
+ struct wait_for_parent_state *state;
+
+ req = tevent_req_create(mem_ctx, &state, struct wait_for_parent_state);
+ if (req == NULL) {
+ return NULL;
+ }
+
+ state->ev = ev;
+ state->ppid = ppid;
+
+ if (ppid == 1) {
+ tevent_req_done(req);
+ return tevent_req_post(req, ev);
+ }
+
+ subreq = tevent_wakeup_send(state, ev,
+ tevent_timeval_current_ofs(5,0));
+ if (tevent_req_nomem(subreq, req)) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(subreq, wait_for_parent_check, req);
+
+ return req;
+}
+
+static void wait_for_parent_check(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ struct wait_for_parent_state *state = tevent_req_data(
+ req, struct wait_for_parent_state);
+ bool status;
+
+ status = tevent_wakeup_recv(subreq);
+ TALLOC_FREE(subreq);
+ if (! status) {
+ /* Ignore error */
+ fprintf(stderr, "locking: tevent_wakeup_recv() failed\n");
+ }
+
+ if (kill(state->ppid, 0) == -1 && errno == ESRCH) {
+ tevent_req_done(req);
+ return;
+ }
+
+ subreq = tevent_wakeup_send(state, state->ev,
+ tevent_timeval_current_ofs(5,0));
+ if (tevent_req_nomem(subreq, req)) {
+ return;
+ }
+ tevent_req_set_callback(subreq, wait_for_parent_check, req);
+}
+
+static bool wait_for_parent_recv(struct tevent_req *req)
+{
+ if (tevent_req_is_unix_error(req, NULL)) {
+ return false;
+ }
+
+ return true;
+}
+
+static void cleanup(struct lock_state *state)
+{
+ if (state->tdb != NULL) {
+ if (state->key.dsize == 0) {
+ tdb_unlockall(state->tdb);
+ } else {
+ tdb_chainunlock(state->tdb, state->key);
+ }
+ tdb_close(state->tdb);
+ }
+}
+
+static void signal_handler(struct tevent_context *ev,
+ struct tevent_signal *se,
+ int signum, int count, void *siginfo,
+ void *private_data)
+{
+ struct lock_state *state = (struct lock_state *)private_data;
+
+ cleanup(state);
+ exit(0);
+}
int main(int argc, char *argv[])
{
+ struct tevent_context *ev;
+ struct tevent_signal *se;
+ struct tevent_req *req;
+ struct lock_state state = { 0 };
int write_fd, log_fd;
char result = 0;
int ppid;
const char *lock_type;
+ bool status;
reset_scheduler();
@@ -186,6 +297,20 @@
write_fd = atoi(argv[3]);
lock_type = argv[4];
+ ev = tevent_context_init(NULL);
+ if (ev == NULL) {
+ fprintf(stderr, "locking: tevent_context_init() failed\n");
+ exit(1);
+ }
+
+ se = tevent_add_signal(ev, ev, SIGTERM, 0,
+ signal_handler, &state);
+ if (se == NULL) {
+ fprintf(stderr, "locking: tevent_add_signal() failed\n");
+ talloc_free(ev);
+ exit(1);
+ }
+
if (strcmp(lock_type, "RECORD") == 0) {
if (argc != 8) {
fprintf(stderr, "%s: Invalid number of arguments (%d)\n",
@@ -193,20 +318,17 @@
usage();
exit(1);
}
- result = lock_record(argv[5], argv[6], argv[7]);
+ result = lock_record(argv[5], argv[6], argv[7], &state);
} else if (strcmp(lock_type, "DB") == 0) {
- int n;
-
- /* If there are no databases specified, no need for lock */
- if (argc > 5) {
- for (n=5; n+1/dev/null 2>&1
sleep 2
"$CTDB_NFS_CALLOUT" "start" "nlockmgr" >/dev/null 2>&1
diff -Nru samba-4.5.4+dfsg/ctdb/tests/eventscripts/stubs/ctdb samba-4.5.8+dfsg/ctdb/tests/eventscripts/stubs/ctdb
--- samba-4.5.4+dfsg/ctdb/tests/eventscripts/stubs/ctdb 2016-08-11 07:51:04.000000000 +0000
+++ samba-4.5.8+dfsg/ctdb/tests/eventscripts/stubs/ctdb 2017-01-30 09:56:26.000000000 +0000
@@ -445,7 +445,7 @@
echo "|${2:-monitor}|${_b}|${_code}|${_status}|${_d1}|${_d2}|${_err_out}|"
done
;;
- gratiousarp) : ;; # Do nothing for now
+ gratarp) : ;; # Do nothing for now
ip) ctdb_ip "$@" ;;
pnn|xpnn) ctdb_pnn ;;
enable) ctdb_enable "$@";;
diff -Nru samba-4.5.4+dfsg/ctdb/tests/src/comm_test.c samba-4.5.8+dfsg/ctdb/tests/src/comm_test.c
--- samba-4.5.4+dfsg/ctdb/tests/src/comm_test.c 2016-08-11 07:51:04.000000000 +0000
+++ samba-4.5.8+dfsg/ctdb/tests/src/comm_test.c 2017-03-09 09:21:43.000000000 +0000
@@ -26,7 +26,218 @@
#include "common/pkt_write.c"
#include "common/comm.c"
-static void dead_handler(void *private_data)
+/*
+ * Test read_handler and dead_handler
+ */
+
+static void test1_read_handler(uint8_t *buf, size_t buflen,
+ void *private_data)
+{
+ int *result = (int *)private_data;
+
+ *result = -1;
+}
+
+static void test1_dead_handler(void *private_data)
+{
+ int *result = (int *)private_data;
+
+ *result = 1;
+}
+
+static void test1(void)
+{
+ TALLOC_CTX *mem_ctx;
+ struct tevent_context *ev;
+ struct comm_context *comm;
+ int fd[2];
+ int result = 0;
+ uint32_t data[2];
+ int ret;
+ ssize_t n;
+
+ mem_ctx = talloc_new(NULL);
+ assert(mem_ctx != NULL);
+
+ ev = tevent_context_init(mem_ctx);
+ assert(ev != NULL);
+
+ ret = pipe(fd);
+ assert(ret == 0);
+
+ ret = comm_setup(ev, ev, fd[0], test1_read_handler, &result,
+ test1_dead_handler, &result, &comm);
+ assert(ret == 0);
+
+ data[0] = 2 * sizeof(uint32_t);
+ data[1] = 0;
+
+ n = write(fd[1], (void *)&data, data[0]);
+ assert(n == data[0]);
+
+ while (result == 0) {
+ tevent_loop_once(ev);
+ }
+
+ assert(result == -1);
+
+ result = 0;
+ close(fd[1]);
+
+ while (result == 0) {
+ tevent_loop_once(ev);
+ }
+
+ assert(result == 1);
+
+ talloc_free(mem_ctx);
+}
+
+/*
+ * Test that the tevent_req returned by comm_write_send() can be free'd.
+ */
+
+struct test2_state {
+ TALLOC_CTX *mem_ctx;
+ bool done;
+};
+
+static void test2_read_handler(uint8_t *buf, size_t buflen,
+ void *private_data)
+{
+ struct test2_state *state = (struct test2_state *)private_data;
+
+ TALLOC_FREE(state->mem_ctx);
+}
+
+static void test2_dead_handler(void *private_data)
+{
+ abort();
+}
+
+struct test2_write_state {
+ int count;
+};
+
+static void test2_write_done(struct tevent_req *subreq);
+
+static struct tevent_req *test2_write_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct comm_context *comm,
+ uint8_t *buf, size_t buflen)
+{
+ struct tevent_req *req, *subreq;
+ struct test2_write_state *state;
+ int i;
+
+ req = tevent_req_create(mem_ctx, &state, struct test2_write_state);
+ if (req == NULL) {
+ return NULL;
+ }
+
+ state->count = 0;
+
+ for (i=0; i<10; i++) {
+ subreq = comm_write_send(state, ev, comm, buf, buflen);
+ if (tevent_req_nomem(subreq, req)) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(subreq, test2_write_done, req);
+ }
+
+ return req;
+}
+
+static void test2_write_done(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ struct test2_write_state *state = tevent_req_data(
+ req, struct test2_write_state);
+ bool status;
+ int ret;
+
+ status = comm_write_recv(subreq, &ret);
+ TALLOC_FREE(subreq);
+ if (! status) {
+ tevent_req_error(req, ret);
+ return;
+ }
+
+ state->count += 1;
+
+ if (state->count == 10) {
+ tevent_req_done(req);
+ }
+}
+
+static void test2_timer_handler(struct tevent_context *ev,
+ struct tevent_timer *te,
+ struct timeval cur_time,
+ void *private_data)
+{
+ struct test2_state *state = (struct test2_state *)private_data;
+
+ state->done = true;
+}
+
+static void test2(void)
+{
+ TALLOC_CTX *mem_ctx;
+ struct tevent_context *ev;
+ struct comm_context *comm_reader, *comm_writer;
+ struct test2_state test2_state;
+ struct tevent_req *req;
+ struct tevent_timer *te;
+ int fd[2];
+ uint32_t data[2];
+ int ret;
+
+ mem_ctx = talloc_new(NULL);
+ assert(mem_ctx != NULL);
+
+ test2_state.mem_ctx = talloc_new(mem_ctx);
+ assert(test2_state.mem_ctx != NULL);
+
+ test2_state.done = false;
+
+ ev = tevent_context_init(mem_ctx);
+ assert(ev != NULL);
+
+ ret = pipe(fd);
+ assert(ret == 0);
+
+ ret = comm_setup(ev, ev, fd[0], test2_read_handler, &test2_state,
+ test2_dead_handler, NULL, &comm_reader);
+ assert(ret == 0);
+
+ ret = comm_setup(ev, ev, fd[1], NULL, NULL, test2_dead_handler, NULL,
+ &comm_writer);
+ assert(ret == 0);
+
+ data[0] = 2 * sizeof(uint32_t);
+ data[1] = 0;
+
+ req = test2_write_send(test2_state.mem_ctx, ev, comm_writer,
+ (uint8_t *)data, data[0]);
+ assert(req != NULL);
+
+ te = tevent_add_timer(ev, ev, tevent_timeval_current_ofs(5,0),
+ test2_timer_handler, &test2_state);
+ assert(te != NULL);
+
+ while (! test2_state.done) {
+ tevent_loop_once(ev);
+ }
+
+ talloc_free(mem_ctx);
+}
+
+/*
+ * Test that data is written and read correctly.
+ */
+
+static void test3_dead_handler(void *private_data)
{
int dead_data = *(int *)private_data;
@@ -34,14 +245,14 @@
if (dead_data == 1) {
/* reader */
- printf("writer closed pipe\n");
+ fprintf(stderr, "writer closed pipe\n");
} else {
/* writer */
- printf("reader closed pipe\n");
+ fprintf(stderr, "reader closed pipe\n");
}
}
-struct writer_state {
+struct test3_writer_state {
struct tevent_context *ev;
struct comm_context *comm;
uint8_t *buf;
@@ -49,15 +260,15 @@
int count, id;
};
-static void writer_next(struct tevent_req *subreq);
+static void test3_writer_next(struct tevent_req *subreq);
-static struct tevent_req *writer_send(TALLOC_CTX *mem_ctx,
- struct tevent_context *ev,
- struct comm_context *comm,
- size_t *pkt_size, int count)
+static struct tevent_req *test3_writer_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct comm_context *comm,
+ size_t *pkt_size, int count)
{
struct tevent_req *req, *subreq;
- struct writer_state *state;
+ struct test3_writer_state *state;
size_t max_size = 0, buflen;
int i;
@@ -67,7 +278,7 @@
}
}
- req = tevent_req_create(mem_ctx, &state, struct writer_state);
+ req = tevent_req_create(mem_ctx, &state, struct test3_writer_state);
if (req == NULL) {
return NULL;
}
@@ -95,16 +306,16 @@
return tevent_req_post(req, ev);
}
- tevent_req_set_callback(subreq, writer_next, req);
+ tevent_req_set_callback(subreq, test3_writer_next, req);
return req;
}
-static void writer_next(struct tevent_req *subreq)
+static void test3_writer_next(struct tevent_req *subreq)
{
struct tevent_req *req = tevent_req_callback_data(
subreq, struct tevent_req);
- struct writer_state *state = tevent_req_data(
- req, struct writer_state);
+ struct test3_writer_state *state = tevent_req_data(
+ req, struct test3_writer_state);
bool ret;
int err;
size_t buflen;
@@ -130,10 +341,10 @@
return;
}
- tevent_req_set_callback(subreq, writer_next, req);
+ tevent_req_set_callback(subreq, test3_writer_next, req);
}
-static void writer_recv(struct tevent_req *req, int *perr)
+static void test3_writer_recv(struct tevent_req *req, int *perr)
{
if (tevent_req_is_unix_error(req, perr)) {
return;
@@ -141,7 +352,7 @@
*perr = 0;
}
-static void writer(int fd, size_t *pkt_size, int count)
+static void test3_writer(int fd, size_t *pkt_size, int count)
{
TALLOC_CTX *mem_ctx;
struct tevent_context *ev;
@@ -157,31 +368,32 @@
assert(ev != NULL);
err = comm_setup(mem_ctx, ev, fd, NULL, NULL,
- dead_handler, &dead_data, &comm);
+ test3_dead_handler, &dead_data, &comm);
assert(err == 0);
assert(comm != NULL);
- req = writer_send(mem_ctx, ev, comm, pkt_size, count);
+ req = test3_writer_send(mem_ctx, ev, comm, pkt_size, count);
assert(req != NULL);
tevent_req_poll(req, ev);
- writer_recv(req, &err);
+ test3_writer_recv(req, &err);
assert(err == 0);
talloc_free(mem_ctx);
}
-struct reader_state {
+struct test3_reader_state {
size_t *pkt_size;
int count, received;
bool done;
};
-static void reader_handler(uint8_t *buf, size_t buflen, void *private_data)
+static void test3_reader_handler(uint8_t *buf, size_t buflen,
+ void *private_data)
{
- struct reader_state *state = talloc_get_type_abort(
- private_data, struct reader_state);
+ struct test3_reader_state *state = talloc_get_type_abort(
+ private_data, struct test3_reader_state);
assert(buflen == state->pkt_size[state->received]);
printf("%zi ", buflen);
@@ -193,12 +405,12 @@
}
}
-static void reader(int fd, size_t *pkt_size, int count)
+static void test3_reader(int fd, size_t *pkt_size, int count)
{
TALLOC_CTX *mem_ctx;
struct tevent_context *ev;
struct comm_context *comm;
- struct reader_state *state;
+ struct test3_reader_state *state;
int dead_data = 1;
int err;
@@ -208,7 +420,7 @@
ev = tevent_context_init(mem_ctx);
assert(ev != NULL);
- state = talloc_zero(mem_ctx, struct reader_state);
+ state = talloc_zero(mem_ctx, struct test3_reader_state);
assert(state != NULL);
state->pkt_size = pkt_size;
@@ -216,8 +428,8 @@
state->received = 0;
state->done = false;
- err = comm_setup(mem_ctx, ev, fd, reader_handler, state,
- dead_handler, &dead_data, &comm);
+ err = comm_setup(mem_ctx, ev, fd, test3_reader_handler, state,
+ test3_dead_handler, &dead_data, &comm);
assert(err == 0);
assert(comm != NULL);
@@ -228,7 +440,7 @@
talloc_free(mem_ctx);
}
-int main(void)
+static void test3(void)
{
int fd[2];
int ret;
@@ -237,7 +449,6 @@
200, 16384, 300, 32768, 400, 65536,
1024*1024 };
-
ret = pipe(fd);
assert(ret == 0);
@@ -247,14 +458,44 @@
if (pid == 0) {
/* Child process */
close(fd[0]);
- writer(fd[1], pkt_size, 13);
+ test3_writer(fd[1], pkt_size, 13);
close(fd[1]);
exit(0);
}
close(fd[1]);
- reader(fd[0], pkt_size, 13);
+ test3_reader(fd[0], pkt_size, 13);
close(fd[0]);
+}
+
+
+int main(int argc, const char **argv)
+{
+ int num;
+
+ if (argc != 2) {
+ fprintf(stderr, "%s \n", argv[0]);
+ exit(1);
+ }
+
+ num = atoi(argv[1]);
+
+ switch (num) {
+ case 1:
+ test1();
+ break;
+
+ case 2:
+ test2();
+ break;
+
+ case 3:
+ test3();
+ break;
+
+ default:
+ fprintf(stderr, "Unknown test number %s\n", argv[1]);
+ }
return 0;
}
diff -Nru samba-4.5.4+dfsg/ctdb/tests/src/test_mutex_raw.c samba-4.5.8+dfsg/ctdb/tests/src/test_mutex_raw.c
--- samba-4.5.4+dfsg/ctdb/tests/src/test_mutex_raw.c 1970-01-01 00:00:00.000000000 +0000
+++ samba-4.5.8+dfsg/ctdb/tests/src/test_mutex_raw.c 2017-03-09 09:21:43.000000000 +0000
@@ -0,0 +1,251 @@
+/*
+ Robust mutex test
+
+ Copyright (C) Amitay Isaacs 2016
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, see .
+*/
+
+/*
+ * Run this test as follows:
+ *
+ * 1. Running all processes at normal priority
+ *
+ * $ while true ; do ./bin/test_mutex_raw /tmp/foo 10 0 ; done
+ *
+ * 2. Running all processes at real-time priority
+ *
+ * # while true ; do ./bin/test_mutex_raw /tmp/foo 10 1 ; done
+ *
+ * The test will block after few iterations. At this time none of the
+ * child processes is holding the mutex.
+ *
+ * To check which process is holding a lock:
+ *
+ * $ ./bin/test_mutex_raw /tmp/foo debug
+ *
+ * If no pid is printed, then no process is holding the mutex.
+ */
+
+#include "replace.h"
+#include "system/filesys.h"
+#include "system/wait.h"
+#include "system/shmem.h"
+#include "system/threads.h"
+
+static void set_realtime(void)
+{
+ struct sched_param p;
+ int ret;
+
+ p.sched_priority = 1;
+
+ ret = sched_setscheduler(0, SCHED_FIFO, &p);
+ if (ret == -1) {
+ fprintf(stderr, "Failed to set scheduler to SCHED_FIFO\n");
+ }
+}
+
+static void high_priority(void)
+{
+ int ret;
+
+ ret = nice(-20);
+ if (ret == -1) {
+ fprintf(stderr, "Failed to set high priority\n");
+ }
+}
+
+static void run_child(const char *filename)
+{
+ pthread_mutex_t *mutex;
+ void *addr;
+ int ret, fd;
+
+ fd = open(filename, O_RDWR, 0600);
+ if (fd == -1) {
+ exit(1);
+ }
+
+ addr = mmap(NULL, sizeof(pthread_mutex_t), PROT_READ|PROT_WRITE,
+ MAP_SHARED|MAP_FILE, fd, 0);
+ if (addr == NULL) {
+ exit(2);
+ }
+
+ mutex = (pthread_mutex_t *)addr;
+
+again:
+ ret = pthread_mutex_lock(mutex);
+ if (ret == EOWNERDEAD) {
+ ret = pthread_mutex_consistent(mutex);
+ } else if (ret == EAGAIN) {
+ goto again;
+ }
+ if (ret != 0) {
+ fprintf(stderr, "pid %u lock failed, ret=%d\n", getpid(), ret);
+ exit(3);
+ }
+
+ fprintf(stderr, "pid %u locked\n", getpid());
+ kill(getpid(), SIGKILL);
+}
+
+#define PRIO_NORMAL 0
+#define PRIO_REALTIME 1
+#define PRIO_NICE_20 2
+
+int main(int argc, const char **argv)
+{
+ pthread_mutexattr_t ma;
+ pthread_mutex_t *mutex;
+ int fd, ret, i;
+ pid_t pid;
+ void *addr;
+ int num_children;
+ int priority = PRIO_NORMAL;
+
+ if (argc < 3 || argc > 4) {
+ fprintf(stderr, "Usage: %s [0|1|2]\n", argv[0]);
+ fprintf(stderr, " %s debug\n", argv[0]);
+ exit(1);
+ }
+
+ if (argc == 4) {
+ priority = atoi(argv[3]);
+ }
+
+ if (priority == PRIO_REALTIME) {
+ set_realtime();
+ } else if (priority == PRIO_NICE_20) {
+ high_priority();
+ }
+
+ fd = open(argv[1], O_CREAT|O_RDWR, 0600);
+ if (fd == -1) {
+ fprintf(stderr, "open failed\n");
+ exit(1);
+ }
+
+ ret = lseek(fd, 0, SEEK_SET);
+ if (ret != 0) {
+ fprintf(stderr, "lseek failed\n");
+ exit(1);
+ }
+
+ ret = ftruncate(fd, sizeof(pthread_mutex_t));
+ if (ret != 0) {
+ fprintf(stderr, "ftruncate failed\n");
+ exit(1);
+ }
+
+ addr = mmap(NULL, sizeof(pthread_mutex_t), PROT_READ|PROT_WRITE,
+ MAP_SHARED|MAP_FILE, fd, 0);
+ if (addr == NULL) {
+ fprintf(stderr, "mmap failed\n");
+ exit(1);
+ }
+
+ mutex = (pthread_mutex_t *)addr;
+
+ if (strcmp(argv[2], "debug") == 0) {
+ ret = pthread_mutex_trylock(mutex);
+ if (ret == EOWNERDEAD) {
+ ret = pthread_mutex_consistent(mutex);
+ if (ret == 0) {
+ pthread_mutex_unlock(mutex);
+ }
+ } else if (ret == EBUSY) {
+ printf("pid=%u\n", mutex->__data.__owner);
+ } else if (ret == 0) {
+ pthread_mutex_unlock(mutex);
+ }
+ exit(0);
+ }
+
+ ret = pthread_mutexattr_init(&ma);
+ if (ret != 0) {
+ fprintf(stderr, "pthread_mutexattr_init failed\n");
+ exit(1);
+ }
+
+ ret = pthread_mutexattr_settype(&ma, PTHREAD_MUTEX_ERRORCHECK);
+ if (ret != 0) {
+ fprintf(stderr, "pthread_mutexattr_settype failed\n");
+ exit(1);
+ }
+
+ ret = pthread_mutexattr_setpshared(&ma, PTHREAD_PROCESS_SHARED);
+ if (ret != 0) {
+ fprintf(stderr, "pthread_mutexattr_setpshared failed\n");
+ exit(1);
+ }
+
+ ret = pthread_mutexattr_setrobust(&ma, PTHREAD_MUTEX_ROBUST);
+ if (ret != 0) {
+ fprintf(stderr, "pthread_mutexattr_setrobust failed\n");
+ exit(1);
+ }
+
+ ret = pthread_mutex_init(mutex, &ma);
+ if (ret != 0) {
+ fprintf(stderr, "pthread_mutex_init failed\n");
+ exit(1);
+ }
+
+ ret = pthread_mutex_lock(mutex);
+ if (ret != 0) {
+ fprintf(stderr, "pthread_mutex_lock failed\n");
+ exit(1);
+ }
+
+ setpgid(0, 0);
+
+ fprintf(stderr, "Creating children\n");
+ num_children = atoi(argv[2]);
+
+ for (i=0; i Fri, 21 Apr 2017 07:33:25 -0400
+
samba (2:4.5.4+dfsg-1ubuntu2) zesty; urgency=medium
* d/control: add libcephfs-dev as b-d to build vfs_ceph
diff -Nru samba-4.5.4+dfsg/debian/patches/winbind_trusted_domains.patch samba-4.5.8+dfsg/debian/patches/winbind_trusted_domains.patch
--- samba-4.5.4+dfsg/debian/patches/winbind_trusted_domains.patch 2017-02-09 00:28:33.000000000 +0000
+++ samba-4.5.8+dfsg/debian/patches/winbind_trusted_domains.patch 2017-04-21 11:33:25.000000000 +0000
@@ -24,9 +24,11 @@
source3/winbindd/winbindd_cm.c | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)
---- a/source3/winbindd/winbindd_cm.c
-+++ b/source3/winbindd/winbindd_cm.c
-@@ -2860,7 +2860,8 @@
+Index: samba-4.5.8/source3/winbindd/winbindd_cm.c
+===================================================================
+--- samba-4.5.8.orig/source3/winbindd/winbindd_cm.c 2017-04-21 07:36:38.995912324 -0400
++++ samba-4.5.8/source3/winbindd/winbindd_cm.c 2017-04-21 07:36:38.991912282 -0400
+@@ -2871,7 +2871,8 @@
anonymous:
/* Finally fall back to anonymous. */
@@ -36,7 +38,7 @@
status = NT_STATUS_DOWNGRADE_DETECTED;
DEBUG(1, ("Unwilling to make SAMR connection to domain %s "
"without connection level security, "
-@@ -3159,7 +3160,8 @@
+@@ -3170,7 +3171,8 @@
anonymous:
@@ -46,9 +48,9 @@
result = NT_STATUS_DOWNGRADE_DETECTED;
DEBUG(1, ("Unwilling to make LSA connection to domain %s "
"without connection level security, "
-@@ -3340,7 +3342,8 @@
- * from this DC?
- */
+@@ -3365,7 +3367,8 @@
+ TALLOC_FREE(netlogon_creds);
+
if (!(conn->netlogon_flags & NETLOGON_NEG_AUTHENTICATED_RPC)) {
- if (lp_winbind_sealed_pipes() || lp_require_strong_key()) {
+ if ((lp_winbind_sealed_pipes() || lp_require_strong_key()) &&
diff -Nru samba-4.5.4+dfsg/docs/manpages/cifsdd.8 samba-4.5.8+dfsg/docs/manpages/cifsdd.8
--- samba-4.5.4+dfsg/docs/manpages/cifsdd.8 2017-01-17 20:01:50.000000000 +0000
+++ samba-4.5.8+dfsg/docs/manpages/cifsdd.8 2017-03-31 06:29:39.000000000 +0000
@@ -2,12 +2,12 @@
.\" Title: cifsdd
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.78.1
-.\" Date: 01/17/2017
+.\" Date: 03/31/2017
.\" Manual: System Administration tools
.\" Source: Samba 4.5
.\" Language: English
.\"
-.TH "CIFSDD" "8" "01/17/2017" "Samba 4\&.5" "System Administration tools"
+.TH "CIFSDD" "8" "03/31/2017" "Samba 4\&.5" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -Nru samba-4.5.4+dfsg/docs/manpages/dbwrap_tool.1 samba-4.5.8+dfsg/docs/manpages/dbwrap_tool.1
--- samba-4.5.4+dfsg/docs/manpages/dbwrap_tool.1 2017-01-17 20:01:50.000000000 +0000
+++ samba-4.5.8+dfsg/docs/manpages/dbwrap_tool.1 2017-03-31 06:29:39.000000000 +0000
@@ -2,12 +2,12 @@
.\" Title: dbwrap_tool
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.78.1
-.\" Date: 01/17/2017
+.\" Date: 03/31/2017
.\" Manual: System Administration tools
.\" Source: Samba 4.5
.\" Language: English
.\"
-.TH "DBWRAP_TOOL" "1" "01/17/2017" "Samba 4\&.5" "System Administration tools"
+.TH "DBWRAP_TOOL" "1" "03/31/2017" "Samba 4\&.5" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -Nru samba-4.5.4+dfsg/docs/manpages/eventlogadm.8 samba-4.5.8+dfsg/docs/manpages/eventlogadm.8
--- samba-4.5.4+dfsg/docs/manpages/eventlogadm.8 2017-01-17 20:01:50.000000000 +0000
+++ samba-4.5.8+dfsg/docs/manpages/eventlogadm.8 2017-03-31 06:29:39.000000000 +0000
@@ -2,12 +2,12 @@
.\" Title: eventlogadm
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.78.1
-.\" Date: 01/17/2017
+.\" Date: 03/31/2017
.\" Manual: System Administration tools
.\" Source: Samba 4.5
.\" Language: English
.\"
-.TH "EVENTLOGADM" "8" "01/17/2017" "Samba 4\&.5" "System Administration tools"
+.TH "EVENTLOGADM" "8" "03/31/2017" "Samba 4\&.5" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -Nru samba-4.5.4+dfsg/docs/manpages/findsmb.1 samba-4.5.8+dfsg/docs/manpages/findsmb.1
--- samba-4.5.4+dfsg/docs/manpages/findsmb.1 2017-01-17 20:01:50.000000000 +0000
+++ samba-4.5.8+dfsg/docs/manpages/findsmb.1 2017-03-31 06:29:40.000000000 +0000
@@ -2,12 +2,12 @@
.\" Title: findsmb
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.78.1
-.\" Date: 01/17/2017
+.\" Date: 03/31/2017
.\" Manual: User Commands
.\" Source: Samba 4.5
.\" Language: English
.\"
-.TH "FINDSMB" "1" "01/17/2017" "Samba 4\&.5" "User Commands"
+.TH "FINDSMB" "1" "03/31/2017" "Samba 4\&.5" "User Commands"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -Nru samba-4.5.4+dfsg/docs/manpages/idmap_ad.8 samba-4.5.8+dfsg/docs/manpages/idmap_ad.8
--- samba-4.5.4+dfsg/docs/manpages/idmap_ad.8 2017-01-17 20:01:51.000000000 +0000
+++ samba-4.5.8+dfsg/docs/manpages/idmap_ad.8 2017-03-31 06:29:40.000000000 +0000
@@ -2,12 +2,12 @@
.\" Title: idmap_ad
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.78.1
-.\" Date: 01/17/2017
+.\" Date: 03/31/2017
.\" Manual: System Administration tools
.\" Source: Samba 4.5
.\" Language: English
.\"
-.TH "IDMAP_AD" "8" "01/17/2017" "Samba 4\&.5" "System Administration tools"
+.TH "IDMAP_AD" "8" "03/31/2017" "Samba 4\&.5" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -Nru samba-4.5.4+dfsg/docs/manpages/idmap_autorid.8 samba-4.5.8+dfsg/docs/manpages/idmap_autorid.8
--- samba-4.5.4+dfsg/docs/manpages/idmap_autorid.8 2017-01-17 20:01:51.000000000 +0000
+++ samba-4.5.8+dfsg/docs/manpages/idmap_autorid.8 2017-03-31 06:29:40.000000000 +0000
@@ -2,12 +2,12 @@
.\" Title: idmap_autorid
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.78.1
-.\" Date: 01/17/2017
+.\" Date: 03/31/2017
.\" Manual: System Administration tools
.\" Source: Samba 4.5
.\" Language: English
.\"
-.TH "IDMAP_AUTORID" "8" "01/17/2017" "Samba 4\&.5" "System Administration tools"
+.TH "IDMAP_AUTORID" "8" "03/31/2017" "Samba 4\&.5" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -Nru samba-4.5.4+dfsg/docs/manpages/idmap_hash.8 samba-4.5.8+dfsg/docs/manpages/idmap_hash.8
--- samba-4.5.4+dfsg/docs/manpages/idmap_hash.8 2017-01-17 20:01:51.000000000 +0000
+++ samba-4.5.8+dfsg/docs/manpages/idmap_hash.8 2017-03-31 06:29:40.000000000 +0000
@@ -2,12 +2,12 @@
.\" Title: idmap_hash
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.78.1
-.\" Date: 01/17/2017
+.\" Date: 03/31/2017
.\" Manual: System Administration tools
.\" Source: Samba 4.5
.\" Language: English
.\"
-.TH "IDMAP_HASH" "8" "01/17/2017" "Samba 4\&.5" "System Administration tools"
+.TH "IDMAP_HASH" "8" "03/31/2017" "Samba 4\&.5" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -Nru samba-4.5.4+dfsg/docs/manpages/idmap_ldap.8 samba-4.5.8+dfsg/docs/manpages/idmap_ldap.8
--- samba-4.5.4+dfsg/docs/manpages/idmap_ldap.8 2017-01-17 20:01:51.000000000 +0000
+++ samba-4.5.8+dfsg/docs/manpages/idmap_ldap.8 2017-03-31 06:29:41.000000000 +0000
@@ -2,12 +2,12 @@
.\" Title: idmap_ldap
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.78.1
-.\" Date: 01/17/2017
+.\" Date: 03/31/2017
.\" Manual: System Administration tools
.\" Source: Samba 4.5
.\" Language: English
.\"
-.TH "IDMAP_LDAP" "8" "01/17/2017" "Samba 4\&.5" "System Administration tools"
+.TH "IDMAP_LDAP" "8" "03/31/2017" "Samba 4\&.5" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -Nru samba-4.5.4+dfsg/docs/manpages/idmap_nss.8 samba-4.5.8+dfsg/docs/manpages/idmap_nss.8
--- samba-4.5.4+dfsg/docs/manpages/idmap_nss.8 2017-01-17 20:01:52.000000000 +0000
+++ samba-4.5.8+dfsg/docs/manpages/idmap_nss.8 2017-03-31 06:29:41.000000000 +0000
@@ -2,12 +2,12 @@
.\" Title: idmap_nss
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.78.1
-.\" Date: 01/17/2017
+.\" Date: 03/31/2017
.\" Manual: System Administration tools
.\" Source: Samba 4.5
.\" Language: English
.\"
-.TH "IDMAP_NSS" "8" "01/17/2017" "Samba 4\&.5" "System Administration tools"
+.TH "IDMAP_NSS" "8" "03/31/2017" "Samba 4\&.5" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -Nru samba-4.5.4+dfsg/docs/manpages/idmap_rfc2307.8 samba-4.5.8+dfsg/docs/manpages/idmap_rfc2307.8
--- samba-4.5.4+dfsg/docs/manpages/idmap_rfc2307.8 2017-01-17 20:01:52.000000000 +0000
+++ samba-4.5.8+dfsg/docs/manpages/idmap_rfc2307.8 2017-03-31 06:29:41.000000000 +0000
@@ -2,12 +2,12 @@
.\" Title: idmap_rfc2307
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.78.1
-.\" Date: 01/17/2017
+.\" Date: 03/31/2017
.\" Manual: System Administration tools
.\" Source: Samba 4.5
.\" Language: English
.\"
-.TH "IDMAP_RFC2307" "8" "01/17/2017" "Samba 4\&.5" "System Administration tools"
+.TH "IDMAP_RFC2307" "8" "03/31/2017" "Samba 4\&.5" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -Nru samba-4.5.4+dfsg/docs/manpages/idmap_rid.8 samba-4.5.8+dfsg/docs/manpages/idmap_rid.8
--- samba-4.5.4+dfsg/docs/manpages/idmap_rid.8 2017-01-17 20:01:52.000000000 +0000
+++ samba-4.5.8+dfsg/docs/manpages/idmap_rid.8 2017-03-31 06:29:41.000000000 +0000
@@ -2,12 +2,12 @@
.\" Title: idmap_rid
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.78.1
-.\" Date: 01/17/2017
+.\" Date: 03/31/2017
.\" Manual: System Administration tools
.\" Source: Samba 4.5
.\" Language: English
.\"
-.TH "IDMAP_RID" "8" "01/17/2017" "Samba 4\&.5" "System Administration tools"
+.TH "IDMAP_RID" "8" "03/31/2017" "Samba 4\&.5" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -Nru samba-4.5.4+dfsg/docs/manpages/idmap_script.8 samba-4.5.8+dfsg/docs/manpages/idmap_script.8
--- samba-4.5.4+dfsg/docs/manpages/idmap_script.8 2017-01-17 20:01:52.000000000 +0000
+++ samba-4.5.8+dfsg/docs/manpages/idmap_script.8 2017-03-31 06:29:41.000000000 +0000
@@ -2,12 +2,12 @@
.\" Title: idmap_script
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.78.1
-.\" Date: 01/17/2017
+.\" Date: 03/31/2017
.\" Manual: System Administration tools
.\" Source: Samba 4.5
.\" Language: English
.\"
-.TH "IDMAP_SCRIPT" "8" "01/17/2017" "Samba 4\&.5" "System Administration tools"
+.TH "IDMAP_SCRIPT" "8" "03/31/2017" "Samba 4\&.5" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -Nru samba-4.5.4+dfsg/docs/manpages/idmap_tdb2.8 samba-4.5.8+dfsg/docs/manpages/idmap_tdb2.8
--- samba-4.5.4+dfsg/docs/manpages/idmap_tdb2.8 2017-01-17 20:01:53.000000000 +0000
+++ samba-4.5.8+dfsg/docs/manpages/idmap_tdb2.8 2017-03-31 06:29:42.000000000 +0000
@@ -2,12 +2,12 @@
.\" Title: idmap_tdb2
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.78.1
-.\" Date: 01/17/2017
+.\" Date: 03/31/2017
.\" Manual: System Administration tools
.\" Source: Samba 4.5
.\" Language: English
.\"
-.TH "IDMAP_TDB2" "8" "01/17/2017" "Samba 4\&.5" "System Administration tools"
+.TH "IDMAP_TDB2" "8" "03/31/2017" "Samba 4\&.5" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -Nru samba-4.5.4+dfsg/docs/manpages/idmap_tdb.8 samba-4.5.8+dfsg/docs/manpages/idmap_tdb.8
--- samba-4.5.4+dfsg/docs/manpages/idmap_tdb.8 2017-01-17 20:01:52.000000000 +0000
+++ samba-4.5.8+dfsg/docs/manpages/idmap_tdb.8 2017-03-31 06:29:42.000000000 +0000
@@ -2,12 +2,12 @@
.\" Title: idmap_tdb
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.78.1
-.\" Date: 01/17/2017
+.\" Date: 03/31/2017
.\" Manual: System Administration tools
.\" Source: Samba 4.5
.\" Language: English
.\"
-.TH "IDMAP_TDB" "8" "01/17/2017" "Samba 4\&.5" "System Administration tools"
+.TH "IDMAP_TDB" "8" "03/31/2017" "Samba 4\&.5" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -Nru samba-4.5.4+dfsg/docs/manpages/libsmbclient.7 samba-4.5.8+dfsg/docs/manpages/libsmbclient.7
--- samba-4.5.4+dfsg/docs/manpages/libsmbclient.7 2017-01-17 20:01:53.000000000 +0000
+++ samba-4.5.8+dfsg/docs/manpages/libsmbclient.7 2017-03-31 06:29:42.000000000 +0000
@@ -2,12 +2,12 @@
.\" Title: libsmbclient
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.78.1
-.\" Date: 01/17/2017
+.\" Date: 03/31/2017
.\" Manual: 7
.\" Source: Samba 4.5
.\" Language: English
.\"
-.TH "LIBSMBCLIENT" "7" "01/17/2017" "Samba 4\&.5" "7"
+.TH "LIBSMBCLIENT" "7" "03/31/2017" "Samba 4\&.5" "7"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -Nru samba-4.5.4+dfsg/docs/manpages/lmhosts.5 samba-4.5.8+dfsg/docs/manpages/lmhosts.5
--- samba-4.5.4+dfsg/docs/manpages/lmhosts.5 2017-01-17 20:01:53.000000000 +0000
+++ samba-4.5.8+dfsg/docs/manpages/lmhosts.5 2017-03-31 06:29:42.000000000 +0000
@@ -2,12 +2,12 @@
.\" Title: lmhosts
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.78.1
-.\" Date: 01/17/2017
+.\" Date: 03/31/2017
.\" Manual: File Formats and Conventions
.\" Source: Samba 4.5
.\" Language: English
.\"
-.TH "LMHOSTS" "5" "01/17/2017" "Samba 4\&.5" "File Formats and Conventions"
+.TH "LMHOSTS" "5" "03/31/2017" "Samba 4\&.5" "File Formats and Conventions"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -Nru samba-4.5.4+dfsg/docs/manpages/log2pcap.1 samba-4.5.8+dfsg/docs/manpages/log2pcap.1
--- samba-4.5.4+dfsg/docs/manpages/log2pcap.1 2017-01-17 20:01:53.000000000 +0000
+++ samba-4.5.8+dfsg/docs/manpages/log2pcap.1 2017-03-31 06:29:43.000000000 +0000
@@ -2,12 +2,12 @@
.\" Title: log2pcap
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.78.1
-.\" Date: 01/17/2017
+.\" Date: 03/31/2017
.\" Manual: User Commands
.\" Source: Samba 4.5
.\" Language: English
.\"
-.TH "LOG2PCAP" "1" "01/17/2017" "Samba 4\&.5" "User Commands"
+.TH "LOG2PCAP" "1" "03/31/2017" "Samba 4\&.5" "User Commands"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -Nru samba-4.5.4+dfsg/docs/manpages/net.8 samba-4.5.8+dfsg/docs/manpages/net.8
--- samba-4.5.4+dfsg/docs/manpages/net.8 2017-01-17 20:01:54.000000000 +0000
+++ samba-4.5.8+dfsg/docs/manpages/net.8 2017-03-31 06:29:43.000000000 +0000
@@ -2,12 +2,12 @@
.\" Title: net
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.78.1
-.\" Date: 01/17/2017
+.\" Date: 03/31/2017
.\" Manual: System Administration tools
.\" Source: Samba 4.5
.\" Language: English
.\"
-.TH "NET" "8" "01/17/2017" "Samba 4\&.5" "System Administration tools"
+.TH "NET" "8" "03/31/2017" "Samba 4\&.5" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -Nru samba-4.5.4+dfsg/docs/manpages/nmbd.8 samba-4.5.8+dfsg/docs/manpages/nmbd.8
--- samba-4.5.4+dfsg/docs/manpages/nmbd.8 2017-01-17 20:01:54.000000000 +0000
+++ samba-4.5.8+dfsg/docs/manpages/nmbd.8 2017-03-31 06:29:43.000000000 +0000
@@ -2,12 +2,12 @@
.\" Title: nmbd
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.78.1
-.\" Date: 01/17/2017
+.\" Date: 03/31/2017
.\" Manual: System Administration tools
.\" Source: Samba 4.5
.\" Language: English
.\"
-.TH "NMBD" "8" "01/17/2017" "Samba 4\&.5" "System Administration tools"
+.TH "NMBD" "8" "03/31/2017" "Samba 4\&.5" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -Nru samba-4.5.4+dfsg/docs/manpages/nmblookup.1 samba-4.5.8+dfsg/docs/manpages/nmblookup.1
--- samba-4.5.4+dfsg/docs/manpages/nmblookup.1 2017-01-17 20:01:54.000000000 +0000
+++ samba-4.5.8+dfsg/docs/manpages/nmblookup.1 2017-03-31 06:29:44.000000000 +0000
@@ -2,12 +2,12 @@
.\" Title: nmblookup
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.78.1
-.\" Date: 01/17/2017
+.\" Date: 03/31/2017
.\" Manual: User Commands
.\" Source: Samba 4.5
.\" Language: English
.\"
-.TH "NMBLOOKUP" "1" "01/17/2017" "Samba 4\&.5" "User Commands"
+.TH "NMBLOOKUP" "1" "03/31/2017" "Samba 4\&.5" "User Commands"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -Nru samba-4.5.4+dfsg/docs/manpages/ntlm_auth.1 samba-4.5.8+dfsg/docs/manpages/ntlm_auth.1
--- samba-4.5.4+dfsg/docs/manpages/ntlm_auth.1 2017-01-17 20:01:55.000000000 +0000
+++ samba-4.5.8+dfsg/docs/manpages/ntlm_auth.1 2017-03-31 06:29:44.000000000 +0000
@@ -2,12 +2,12 @@
.\" Title: ntlm_auth
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.78.1
-.\" Date: 01/17/2017
+.\" Date: 03/31/2017
.\" Manual: User Commands
.\" Source: Samba 4.5
.\" Language: English
.\"
-.TH "NTLM_AUTH" "1" "01/17/2017" "Samba 4\&.5" "User Commands"
+.TH "NTLM_AUTH" "1" "03/31/2017" "Samba 4\&.5" "User Commands"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -Nru samba-4.5.4+dfsg/docs/manpages/pam_winbind.8 samba-4.5.8+dfsg/docs/manpages/pam_winbind.8
--- samba-4.5.4+dfsg/docs/manpages/pam_winbind.8 2017-01-17 20:01:55.000000000 +0000
+++ samba-4.5.8+dfsg/docs/manpages/pam_winbind.8 2017-03-31 06:29:44.000000000 +0000
@@ -2,12 +2,12 @@
.\" Title: pam_winbind
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.78.1
-.\" Date: 01/17/2017
+.\" Date: 03/31/2017
.\" Manual: 8
.\" Source: Samba 4.5
.\" Language: English
.\"
-.TH "PAM_WINBIND" "8" "01/17/2017" "Samba 4\&.5" "8"
+.TH "PAM_WINBIND" "8" "03/31/2017" "Samba 4\&.5" "8"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -Nru samba-4.5.4+dfsg/docs/manpages/pam_winbind.conf.5 samba-4.5.8+dfsg/docs/manpages/pam_winbind.conf.5
--- samba-4.5.4+dfsg/docs/manpages/pam_winbind.conf.5 2017-01-17 20:01:55.000000000 +0000
+++ samba-4.5.8+dfsg/docs/manpages/pam_winbind.conf.5 2017-03-31 06:29:44.000000000 +0000
@@ -2,12 +2,12 @@
.\" Title: pam_winbind.conf
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.78.1
-.\" Date: 01/17/2017
+.\" Date: 03/31/2017
.\" Manual: 5
.\" Source: Samba 4.5
.\" Language: English
.\"
-.TH "PAM_WINBIND\&.CONF" "5" "01/17/2017" "Samba 4\&.5" "5"
+.TH "PAM_WINBIND\&.CONF" "5" "03/31/2017" "Samba 4\&.5" "5"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -Nru samba-4.5.4+dfsg/docs/manpages/pdbedit.8 samba-4.5.8+dfsg/docs/manpages/pdbedit.8
--- samba-4.5.4+dfsg/docs/manpages/pdbedit.8 2017-01-17 20:01:55.000000000 +0000
+++ samba-4.5.8+dfsg/docs/manpages/pdbedit.8 2017-03-31 06:29:44.000000000 +0000
@@ -2,12 +2,12 @@
.\" Title: pdbedit
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.78.1
-.\" Date: 01/17/2017
+.\" Date: 03/31/2017
.\" Manual: System Administration tools
.\" Source: Samba 4.5
.\" Language: English
.\"
-.TH "PDBEDIT" "8" "01/17/2017" "Samba 4\&.5" "System Administration tools"
+.TH "PDBEDIT" "8" "03/31/2017" "Samba 4\&.5" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -Nru samba-4.5.4+dfsg/docs/manpages/profiles.1 samba-4.5.8+dfsg/docs/manpages/profiles.1
--- samba-4.5.4+dfsg/docs/manpages/profiles.1 2017-01-17 20:01:56.000000000 +0000
+++ samba-4.5.8+dfsg/docs/manpages/profiles.1 2017-03-31 06:29:45.000000000 +0000
@@ -2,12 +2,12 @@
.\" Title: profiles
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.78.1
-.\" Date: 01/17/2017
+.\" Date: 03/31/2017
.\" Manual: User Commands
.\" Source: Samba 4.5
.\" Language: English
.\"
-.TH "PROFILES" "1" "01/17/2017" "Samba 4\&.5" "User Commands"
+.TH "PROFILES" "1" "03/31/2017" "Samba 4\&.5" "User Commands"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -Nru samba-4.5.4+dfsg/docs/manpages/rpcclient.1 samba-4.5.8+dfsg/docs/manpages/rpcclient.1
--- samba-4.5.4+dfsg/docs/manpages/rpcclient.1 2017-01-17 20:01:56.000000000 +0000
+++ samba-4.5.8+dfsg/docs/manpages/rpcclient.1 2017-03-31 06:29:45.000000000 +0000
@@ -2,12 +2,12 @@
.\" Title: rpcclient
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.78.1
-.\" Date: 01/17/2017
+.\" Date: 03/31/2017
.\" Manual: User Commands
.\" Source: Samba 4.5
.\" Language: English
.\"
-.TH "RPCCLIENT" "1" "01/17/2017" "Samba 4\&.5" "User Commands"
+.TH "RPCCLIENT" "1" "03/31/2017" "Samba 4\&.5" "User Commands"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -Nru samba-4.5.4+dfsg/docs/manpages/samba.7 samba-4.5.8+dfsg/docs/manpages/samba.7
--- samba-4.5.4+dfsg/docs/manpages/samba.7 2017-01-17 20:01:57.000000000 +0000
+++ samba-4.5.8+dfsg/docs/manpages/samba.7 2017-03-31 06:29:46.000000000 +0000
@@ -2,12 +2,12 @@
.\" Title: samba
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.78.1
-.\" Date: 01/17/2017
+.\" Date: 03/31/2017
.\" Manual: Miscellanea
.\" Source: Samba 4.5
.\" Language: English
.\"
-.TH "SAMBA" "7" "01/17/2017" "Samba 4\&.5" "Miscellanea"
+.TH "SAMBA" "7" "03/31/2017" "Samba 4\&.5" "Miscellanea"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -Nru samba-4.5.4+dfsg/docs/manpages/samba.8 samba-4.5.8+dfsg/docs/manpages/samba.8
--- samba-4.5.4+dfsg/docs/manpages/samba.8 2017-01-17 20:01:57.000000000 +0000
+++ samba-4.5.8+dfsg/docs/manpages/samba.8 2017-03-31 06:29:46.000000000 +0000
@@ -2,12 +2,12 @@
.\" Title: samba
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.78.1
-.\" Date: 01/17/2017
+.\" Date: 03/31/2017
.\" Manual: System Administration tools
.\" Source: Samba 4.5
.\" Language: English
.\"
-.TH "SAMBA" "8" "01/17/2017" "Samba 4\&.5" "System Administration tools"
+.TH "SAMBA" "8" "03/31/2017" "Samba 4\&.5" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -Nru samba-4.5.4+dfsg/docs/manpages/samba-regedit.8 samba-4.5.8+dfsg/docs/manpages/samba-regedit.8
--- samba-4.5.4+dfsg/docs/manpages/samba-regedit.8 2017-01-17 20:01:56.000000000 +0000
+++ samba-4.5.8+dfsg/docs/manpages/samba-regedit.8 2017-03-31 06:29:45.000000000 +0000
@@ -2,12 +2,12 @@
.\" Title: samba-regedit
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.78.1
-.\" Date: 01/17/2017
+.\" Date: 03/31/2017
.\" Manual: System Administration tools
.\" Source: Samba 4.5
.\" Language: English
.\"
-.TH "SAMBA\-REGEDIT" "8" "01/17/2017" "Samba 4\&.5" "System Administration tools"
+.TH "SAMBA\-REGEDIT" "8" "03/31/2017" "Samba 4\&.5" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -Nru samba-4.5.4+dfsg/docs/manpages/samba-tool.8 samba-4.5.8+dfsg/docs/manpages/samba-tool.8
--- samba-4.5.4+dfsg/docs/manpages/samba-tool.8 2017-01-17 20:01:56.000000000 +0000
+++ samba-4.5.8+dfsg/docs/manpages/samba-tool.8 2017-03-31 06:29:45.000000000 +0000
@@ -2,12 +2,12 @@
.\" Title: samba-tool
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.78.1
-.\" Date: 01/17/2017
+.\" Date: 03/31/2017
.\" Manual: System Administration tools
.\" Source: Samba 4.5
.\" Language: English
.\"
-.TH "SAMBA\-TOOL" "8" "01/17/2017" "Samba 4\&.5" "System Administration tools"
+.TH "SAMBA\-TOOL" "8" "03/31/2017" "Samba 4\&.5" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -Nru samba-4.5.4+dfsg/docs/manpages/sharesec.1 samba-4.5.8+dfsg/docs/manpages/sharesec.1
--- samba-4.5.4+dfsg/docs/manpages/sharesec.1 2017-01-17 20:01:57.000000000 +0000
+++ samba-4.5.8+dfsg/docs/manpages/sharesec.1 2017-03-31 06:29:46.000000000 +0000
@@ -2,12 +2,12 @@
.\" Title: sharesec
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.78.1
-.\" Date: 01/17/2017
+.\" Date: 03/31/2017
.\" Manual: User Commands
.\" Source: Samba 4.5
.\" Language: English
.\"
-.TH "SHARESEC" "1" "01/17/2017" "Samba 4\&.5" "User Commands"
+.TH "SHARESEC" "1" "03/31/2017" "Samba 4\&.5" "User Commands"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -Nru samba-4.5.4+dfsg/docs/manpages/smbcacls.1 samba-4.5.8+dfsg/docs/manpages/smbcacls.1
--- samba-4.5.4+dfsg/docs/manpages/smbcacls.1 2017-01-17 20:02:01.000000000 +0000
+++ samba-4.5.8+dfsg/docs/manpages/smbcacls.1 2017-03-31 06:29:50.000000000 +0000
@@ -2,12 +2,12 @@
.\" Title: smbcacls
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.78.1
-.\" Date: 01/17/2017
+.\" Date: 03/31/2017
.\" Manual: User Commands
.\" Source: Samba 4.5
.\" Language: English
.\"
-.TH "SMBCACLS" "1" "01/17/2017" "Samba 4\&.5" "User Commands"
+.TH "SMBCACLS" "1" "03/31/2017" "Samba 4\&.5" "User Commands"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -Nru samba-4.5.4+dfsg/docs/manpages/smbclient.1 samba-4.5.8+dfsg/docs/manpages/smbclient.1
--- samba-4.5.4+dfsg/docs/manpages/smbclient.1 2017-01-17 20:02:01.000000000 +0000
+++ samba-4.5.8+dfsg/docs/manpages/smbclient.1 2017-03-31 06:29:50.000000000 +0000
@@ -2,12 +2,12 @@
.\" Title: smbclient
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.78.1
-.\" Date: 01/17/2017
+.\" Date: 03/31/2017
.\" Manual: User Commands
.\" Source: Samba 4.5
.\" Language: English
.\"
-.TH "SMBCLIENT" "1" "01/17/2017" "Samba 4\&.5" "User Commands"
+.TH "SMBCLIENT" "1" "03/31/2017" "Samba 4\&.5" "User Commands"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -Nru samba-4.5.4+dfsg/docs/manpages/smb.conf.5 samba-4.5.8+dfsg/docs/manpages/smb.conf.5
--- samba-4.5.4+dfsg/docs/manpages/smb.conf.5 2017-01-17 20:02:00.000000000 +0000
+++ samba-4.5.8+dfsg/docs/manpages/smb.conf.5 2017-03-31 06:29:49.000000000 +0000
@@ -2,12 +2,12 @@
.\" Title: smb.conf
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.78.1
-.\" Date: 01/17/2017
+.\" Date: 03/31/2017
.\" Manual: File Formats and Conventions
.\" Source: Samba 4.5
.\" Language: English
.\"
-.TH "SMB\&.CONF" "5" "01/17/2017" "Samba 4\&.5" "File Formats and Conventions"
+.TH "SMB\&.CONF" "5" "03/31/2017" "Samba 4\&.5" "File Formats and Conventions"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
@@ -10473,7 +10473,9 @@
.\}
Setting it to
\fIoff\fR
-globally will completely disable the encryption feature\&.
+globally will completely disable the encryption feature for all connections\&. Setting
+\fIsmb encrypt = required\fR
+for individual shares (while it\*(Aqs globally off) will deny access to this shares for all clients\&.
.RE
.sp
.RS 4
diff -Nru samba-4.5.4+dfsg/docs/manpages/smbcontrol.1 samba-4.5.8+dfsg/docs/manpages/smbcontrol.1
--- samba-4.5.4+dfsg/docs/manpages/smbcontrol.1 2017-01-17 20:02:01.000000000 +0000
+++ samba-4.5.8+dfsg/docs/manpages/smbcontrol.1 2017-03-31 06:29:50.000000000 +0000
@@ -2,12 +2,12 @@
.\" Title: smbcontrol
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.78.1
-.\" Date: 01/17/2017
+.\" Date: 03/31/2017
.\" Manual: User Commands
.\" Source: Samba 4.5
.\" Language: English
.\"
-.TH "SMBCONTROL" "1" "01/17/2017" "Samba 4\&.5" "User Commands"
+.TH "SMBCONTROL" "1" "03/31/2017" "Samba 4\&.5" "User Commands"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -Nru samba-4.5.4+dfsg/docs/manpages/smbcquotas.1 samba-4.5.8+dfsg/docs/manpages/smbcquotas.1
--- samba-4.5.4+dfsg/docs/manpages/smbcquotas.1 2017-01-17 20:02:01.000000000 +0000
+++ samba-4.5.8+dfsg/docs/manpages/smbcquotas.1 2017-03-31 06:29:50.000000000 +0000
@@ -2,12 +2,12 @@
.\" Title: smbcquotas
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.78.1
-.\" Date: 01/17/2017
+.\" Date: 03/31/2017
.\" Manual: User Commands
.\" Source: Samba 4.5
.\" Language: English
.\"
-.TH "SMBCQUOTAS" "1" "01/17/2017" "Samba 4\&.5" "User Commands"
+.TH "SMBCQUOTAS" "1" "03/31/2017" "Samba 4\&.5" "User Commands"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -Nru samba-4.5.4+dfsg/docs/manpages/smbd.8 samba-4.5.8+dfsg/docs/manpages/smbd.8
--- samba-4.5.4+dfsg/docs/manpages/smbd.8 2017-01-17 20:02:02.000000000 +0000
+++ samba-4.5.8+dfsg/docs/manpages/smbd.8 2017-03-31 06:29:51.000000000 +0000
@@ -2,12 +2,12 @@
.\" Title: smbd
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.78.1
-.\" Date: 01/17/2017
+.\" Date: 03/31/2017
.\" Manual: System Administration tools
.\" Source: Samba 4.5
.\" Language: English
.\"
-.TH "SMBD" "8" "01/17/2017" "Samba 4\&.5" "System Administration tools"
+.TH "SMBD" "8" "03/31/2017" "Samba 4\&.5" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -Nru samba-4.5.4+dfsg/docs/manpages/smbget.1 samba-4.5.8+dfsg/docs/manpages/smbget.1
--- samba-4.5.4+dfsg/docs/manpages/smbget.1 2017-01-17 20:02:02.000000000 +0000
+++ samba-4.5.8+dfsg/docs/manpages/smbget.1 2017-03-31 06:29:51.000000000 +0000
@@ -2,12 +2,12 @@
.\" Title: smbget
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.78.1
-.\" Date: 01/17/2017
+.\" Date: 03/31/2017
.\" Manual: User Commands
.\" Source: Samba 4.5
.\" Language: English
.\"
-.TH "SMBGET" "1" "01/17/2017" "Samba 4\&.5" "User Commands"
+.TH "SMBGET" "1" "03/31/2017" "Samba 4\&.5" "User Commands"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -Nru samba-4.5.4+dfsg/docs/manpages/smbgetrc.5 samba-4.5.8+dfsg/docs/manpages/smbgetrc.5
--- samba-4.5.4+dfsg/docs/manpages/smbgetrc.5 2017-01-17 20:02:02.000000000 +0000
+++ samba-4.5.8+dfsg/docs/manpages/smbgetrc.5 2017-03-31 06:29:51.000000000 +0000
@@ -2,12 +2,12 @@
.\" Title: smbgetrc
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.78.1
-.\" Date: 01/17/2017
+.\" Date: 03/31/2017
.\" Manual: File Formats and Conventions
.\" Source: Samba 4.5
.\" Language: English
.\"
-.TH "SMBGETRC" "5" "01/17/2017" "Samba 4\&.5" "File Formats and Conventions"
+.TH "SMBGETRC" "5" "03/31/2017" "Samba 4\&.5" "File Formats and Conventions"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -Nru samba-4.5.4+dfsg/docs/manpages/smbpasswd.5 samba-4.5.8+dfsg/docs/manpages/smbpasswd.5
--- samba-4.5.4+dfsg/docs/manpages/smbpasswd.5 2017-01-17 20:02:02.000000000 +0000
+++ samba-4.5.8+dfsg/docs/manpages/smbpasswd.5 2017-03-31 06:29:51.000000000 +0000
@@ -2,12 +2,12 @@
.\" Title: smbpasswd
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.78.1
-.\" Date: 01/17/2017
+.\" Date: 03/31/2017
.\" Manual: File Formats and Conventions
.\" Source: Samba 4.5
.\" Language: English
.\"
-.TH "SMBPASSWD" "5" "01/17/2017" "Samba 4\&.5" "File Formats and Conventions"
+.TH "SMBPASSWD" "5" "03/31/2017" "Samba 4\&.5" "File Formats and Conventions"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -Nru samba-4.5.4+dfsg/docs/manpages/smbpasswd.8 samba-4.5.8+dfsg/docs/manpages/smbpasswd.8
--- samba-4.5.4+dfsg/docs/manpages/smbpasswd.8 2017-01-17 20:02:03.000000000 +0000
+++ samba-4.5.8+dfsg/docs/manpages/smbpasswd.8 2017-03-31 06:29:52.000000000 +0000
@@ -2,12 +2,12 @@
.\" Title: smbpasswd
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.78.1
-.\" Date: 01/17/2017
+.\" Date: 03/31/2017
.\" Manual: System Administration tools
.\" Source: Samba 4.5
.\" Language: English
.\"
-.TH "SMBPASSWD" "8" "01/17/2017" "Samba 4\&.5" "System Administration tools"
+.TH "SMBPASSWD" "8" "03/31/2017" "Samba 4\&.5" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -Nru samba-4.5.4+dfsg/docs/manpages/smbspool.8 samba-4.5.8+dfsg/docs/manpages/smbspool.8
--- samba-4.5.4+dfsg/docs/manpages/smbspool.8 2017-01-17 20:02:03.000000000 +0000
+++ samba-4.5.8+dfsg/docs/manpages/smbspool.8 2017-03-31 06:29:52.000000000 +0000
@@ -2,12 +2,12 @@
.\" Title: smbspool
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.78.1
-.\" Date: 01/17/2017
+.\" Date: 03/31/2017
.\" Manual: System Administration tools
.\" Source: Samba 4.5
.\" Language: English
.\"
-.TH "SMBSPOOL" "8" "01/17/2017" "Samba 4\&.5" "System Administration tools"
+.TH "SMBSPOOL" "8" "03/31/2017" "Samba 4\&.5" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -Nru samba-4.5.4+dfsg/docs/manpages/smbspool_krb5_wrapper.8 samba-4.5.8+dfsg/docs/manpages/smbspool_krb5_wrapper.8
--- samba-4.5.4+dfsg/docs/manpages/smbspool_krb5_wrapper.8 2017-01-17 20:02:03.000000000 +0000
+++ samba-4.5.8+dfsg/docs/manpages/smbspool_krb5_wrapper.8 2017-03-31 06:29:52.000000000 +0000
@@ -2,12 +2,12 @@
.\" Title: smbspool_krb5_wrapper
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.78.1
-.\" Date: 01/17/2017
+.\" Date: 03/31/2017
.\" Manual: System Administration tools
.\" Source: Samba 4.5
.\" Language: English
.\"
-.TH "SMBSPOOL_KRB5_WRAPPE" "8" "01/17/2017" "Samba 4\&.5" "System Administration tools"
+.TH "SMBSPOOL_KRB5_WRAPPE" "8" "03/31/2017" "Samba 4\&.5" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -Nru samba-4.5.4+dfsg/docs/manpages/smbstatus.1 samba-4.5.8+dfsg/docs/manpages/smbstatus.1
--- samba-4.5.4+dfsg/docs/manpages/smbstatus.1 2017-01-17 20:02:03.000000000 +0000
+++ samba-4.5.8+dfsg/docs/manpages/smbstatus.1 2017-03-31 06:29:52.000000000 +0000
@@ -2,12 +2,12 @@
.\" Title: smbstatus
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.78.1
-.\" Date: 01/17/2017
+.\" Date: 03/31/2017
.\" Manual: User Commands
.\" Source: Samba 4.5
.\" Language: English
.\"
-.TH "SMBSTATUS" "1" "01/17/2017" "Samba 4\&.5" "User Commands"
+.TH "SMBSTATUS" "1" "03/31/2017" "Samba 4\&.5" "User Commands"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -Nru samba-4.5.4+dfsg/docs/manpages/smbtar.1 samba-4.5.8+dfsg/docs/manpages/smbtar.1
--- samba-4.5.4+dfsg/docs/manpages/smbtar.1 2017-01-17 20:02:03.000000000 +0000
+++ samba-4.5.8+dfsg/docs/manpages/smbtar.1 2017-03-31 06:29:52.000000000 +0000
@@ -2,12 +2,12 @@
.\" Title: smbtar
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.78.1
-.\" Date: 01/17/2017
+.\" Date: 03/31/2017
.\" Manual: User Commands
.\" Source: Samba 4.5
.\" Language: English
.\"
-.TH "SMBTAR" "1" "01/17/2017" "Samba 4\&.5" "User Commands"
+.TH "SMBTAR" "1" "03/31/2017" "Samba 4\&.5" "User Commands"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -Nru samba-4.5.4+dfsg/docs/manpages/smbtree.1 samba-4.5.8+dfsg/docs/manpages/smbtree.1
--- samba-4.5.4+dfsg/docs/manpages/smbtree.1 2017-01-17 20:02:04.000000000 +0000
+++ samba-4.5.8+dfsg/docs/manpages/smbtree.1 2017-03-31 06:29:53.000000000 +0000
@@ -2,12 +2,12 @@
.\" Title: smbtree
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.78.1
-.\" Date: 01/17/2017
+.\" Date: 03/31/2017
.\" Manual: User Commands
.\" Source: Samba 4.5
.\" Language: English
.\"
-.TH "SMBTREE" "1" "01/17/2017" "Samba 4\&.5" "User Commands"
+.TH "SMBTREE" "1" "03/31/2017" "Samba 4\&.5" "User Commands"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -Nru samba-4.5.4+dfsg/docs/manpages/testparm.1 samba-4.5.8+dfsg/docs/manpages/testparm.1
--- samba-4.5.4+dfsg/docs/manpages/testparm.1 2017-01-17 20:02:04.000000000 +0000
+++ samba-4.5.8+dfsg/docs/manpages/testparm.1 2017-03-31 06:29:53.000000000 +0000
@@ -2,12 +2,12 @@
.\" Title: testparm
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.78.1
-.\" Date: 01/17/2017
+.\" Date: 03/31/2017
.\" Manual: User Commands
.\" Source: Samba 4.5
.\" Language: English
.\"
-.TH "TESTPARM" "1" "01/17/2017" "Samba 4\&.5" "User Commands"
+.TH "TESTPARM" "1" "03/31/2017" "Samba 4\&.5" "User Commands"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -Nru samba-4.5.4+dfsg/docs/manpages/vfs_acl_tdb.8 samba-4.5.8+dfsg/docs/manpages/vfs_acl_tdb.8
--- samba-4.5.4+dfsg/docs/manpages/vfs_acl_tdb.8 2017-01-17 20:02:04.000000000 +0000
+++ samba-4.5.8+dfsg/docs/manpages/vfs_acl_tdb.8 2017-03-31 06:29:53.000000000 +0000
@@ -2,12 +2,12 @@
.\" Title: vfs_acl_tdb
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.78.1
-.\" Date: 01/17/2017
+.\" Date: 03/31/2017
.\" Manual: System Administration tools
.\" Source: Samba 4.5
.\" Language: English
.\"
-.TH "VFS_ACL_TDB" "8" "01/17/2017" "Samba 4\&.5" "System Administration tools"
+.TH "VFS_ACL_TDB" "8" "03/31/2017" "Samba 4\&.5" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -Nru samba-4.5.4+dfsg/docs/manpages/vfs_acl_xattr.8 samba-4.5.8+dfsg/docs/manpages/vfs_acl_xattr.8
--- samba-4.5.4+dfsg/docs/manpages/vfs_acl_xattr.8 2017-01-17 20:02:04.000000000 +0000
+++ samba-4.5.8+dfsg/docs/manpages/vfs_acl_xattr.8 2017-03-31 06:29:53.000000000 +0000
@@ -2,12 +2,12 @@
.\" Title: vfs_acl_xattr
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.78.1
-.\" Date: 01/17/2017
+.\" Date: 03/31/2017
.\" Manual: System Administration tools
.\" Source: Samba 4.5
.\" Language: English
.\"
-.TH "VFS_ACL_XATTR" "8" "01/17/2017" "Samba 4\&.5" "System Administration tools"
+.TH "VFS_ACL_XATTR" "8" "03/31/2017" "Samba 4\&.5" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -Nru samba-4.5.4+dfsg/docs/manpages/vfs_aio_fork.8 samba-4.5.8+dfsg/docs/manpages/vfs_aio_fork.8
--- samba-4.5.4+dfsg/docs/manpages/vfs_aio_fork.8 2017-01-17 20:02:05.000000000 +0000
+++ samba-4.5.8+dfsg/docs/manpages/vfs_aio_fork.8 2017-03-31 06:29:54.000000000 +0000
@@ -2,12 +2,12 @@
.\" Title: vfs_aio_fork
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.78.1
-.\" Date: 01/17/2017
+.\" Date: 03/31/2017
.\" Manual: System Administration tools
.\" Source: Samba 4.5
.\" Language: English
.\"
-.TH "VFS_AIO_FORK" "8" "01/17/2017" "Samba 4\&.5" "System Administration tools"
+.TH "VFS_AIO_FORK" "8" "03/31/2017" "Samba 4\&.5" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -Nru samba-4.5.4+dfsg/docs/manpages/vfs_aio_linux.8 samba-4.5.8+dfsg/docs/manpages/vfs_aio_linux.8
--- samba-4.5.4+dfsg/docs/manpages/vfs_aio_linux.8 2017-01-17 20:02:05.000000000 +0000
+++ samba-4.5.8+dfsg/docs/manpages/vfs_aio_linux.8 2017-03-31 06:29:54.000000000 +0000
@@ -2,12 +2,12 @@
.\" Title: vfs_aio_linux
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.78.1
-.\" Date: 01/17/2017
+.\" Date: 03/31/2017
.\" Manual: System Administration tools
.\" Source: Samba 4.5
.\" Language: English
.\"
-.TH "VFS_AIO_LINUX" "8" "01/17/2017" "Samba 4\&.5" "System Administration tools"
+.TH "VFS_AIO_LINUX" "8" "03/31/2017" "Samba 4\&.5" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -Nru samba-4.5.4+dfsg/docs/manpages/vfs_aio_pthread.8 samba-4.5.8+dfsg/docs/manpages/vfs_aio_pthread.8
--- samba-4.5.4+dfsg/docs/manpages/vfs_aio_pthread.8 2017-01-17 20:02:05.000000000 +0000
+++ samba-4.5.8+dfsg/docs/manpages/vfs_aio_pthread.8 2017-03-31 06:29:54.000000000 +0000
@@ -2,12 +2,12 @@
.\" Title: vfs_aio_pthread
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.78.1
-.\" Date: 01/17/2017
+.\" Date: 03/31/2017
.\" Manual: System Administration tools
.\" Source: Samba 4.5
.\" Language: English
.\"
-.TH "VFS_AIO_PTHREAD" "8" "01/17/2017" "Samba 4\&.5" "System Administration tools"
+.TH "VFS_AIO_PTHREAD" "8" "03/31/2017" "Samba 4\&.5" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -Nru samba-4.5.4+dfsg/docs/manpages/vfs_audit.8 samba-4.5.8+dfsg/docs/manpages/vfs_audit.8
--- samba-4.5.4+dfsg/docs/manpages/vfs_audit.8 2017-01-17 20:02:05.000000000 +0000
+++ samba-4.5.8+dfsg/docs/manpages/vfs_audit.8 2017-03-31 06:29:54.000000000 +0000
@@ -2,12 +2,12 @@
.\" Title: vfs_audit
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.78.1
-.\" Date: 01/17/2017
+.\" Date: 03/31/2017
.\" Manual: System Administration tools
.\" Source: Samba 4.5
.\" Language: English
.\"
-.TH "VFS_AUDIT" "8" "01/17/2017" "Samba 4\&.5" "System Administration tools"
+.TH "VFS_AUDIT" "8" "03/31/2017" "Samba 4\&.5" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -Nru samba-4.5.4+dfsg/docs/manpages/vfs_btrfs.8 samba-4.5.8+dfsg/docs/manpages/vfs_btrfs.8
--- samba-4.5.4+dfsg/docs/manpages/vfs_btrfs.8 2017-01-17 20:02:05.000000000 +0000
+++ samba-4.5.8+dfsg/docs/manpages/vfs_btrfs.8 2017-03-31 06:29:54.000000000 +0000
@@ -2,12 +2,12 @@
.\" Title: vfs_btrfs
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.78.1
-.\" Date: 01/17/2017
+.\" Date: 03/31/2017
.\" Manual: System Administration tools
.\" Source: Samba 4.5
.\" Language: English
.\"
-.TH "VFS_BTRFS" "8" "01/17/2017" "Samba 4\&.5" "System Administration tools"
+.TH "VFS_BTRFS" "8" "03/31/2017" "Samba 4\&.5" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -Nru samba-4.5.4+dfsg/docs/manpages/vfs_cacheprime.8 samba-4.5.8+dfsg/docs/manpages/vfs_cacheprime.8
--- samba-4.5.4+dfsg/docs/manpages/vfs_cacheprime.8 2017-01-17 20:02:06.000000000 +0000
+++ samba-4.5.8+dfsg/docs/manpages/vfs_cacheprime.8 2017-03-31 06:29:55.000000000 +0000
@@ -2,12 +2,12 @@
.\" Title: vfs_cacheprime
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.78.1
-.\" Date: 01/17/2017
+.\" Date: 03/31/2017
.\" Manual: System Administration tools
.\" Source: Samba 4.5
.\" Language: English
.\"
-.TH "VFS_CACHEPRIME" "8" "01/17/2017" "Samba 4\&.5" "System Administration tools"
+.TH "VFS_CACHEPRIME" "8" "03/31/2017" "Samba 4\&.5" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -Nru samba-4.5.4+dfsg/docs/manpages/vfs_cap.8 samba-4.5.8+dfsg/docs/manpages/vfs_cap.8
--- samba-4.5.4+dfsg/docs/manpages/vfs_cap.8 2017-01-17 20:02:06.000000000 +0000
+++ samba-4.5.8+dfsg/docs/manpages/vfs_cap.8 2017-03-31 06:29:55.000000000 +0000
@@ -2,12 +2,12 @@
.\" Title: vfs_cap
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.78.1
-.\" Date: 01/17/2017
+.\" Date: 03/31/2017
.\" Manual: System Administration tools
.\" Source: Samba 4.5
.\" Language: English
.\"
-.TH "VFS_CAP" "8" "01/17/2017" "Samba 4\&.5" "System Administration tools"
+.TH "VFS_CAP" "8" "03/31/2017" "Samba 4\&.5" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -Nru samba-4.5.4+dfsg/docs/manpages/vfs_catia.8 samba-4.5.8+dfsg/docs/manpages/vfs_catia.8
--- samba-4.5.4+dfsg/docs/manpages/vfs_catia.8 2017-01-17 20:02:06.000000000 +0000
+++ samba-4.5.8+dfsg/docs/manpages/vfs_catia.8 2017-03-31 06:29:55.000000000 +0000
@@ -2,12 +2,12 @@
.\" Title: vfs_catia
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.78.1
-.\" Date: 01/17/2017
+.\" Date: 03/31/2017
.\" Manual: System Administration tools
.\" Source: Samba 4.5
.\" Language: English
.\"
-.TH "VFS_CATIA" "8" "01/17/2017" "Samba 4\&.5" "System Administration tools"
+.TH "VFS_CATIA" "8" "03/31/2017" "Samba 4\&.5" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -Nru samba-4.5.4+dfsg/docs/manpages/vfs_ceph.8 samba-4.5.8+dfsg/docs/manpages/vfs_ceph.8
--- samba-4.5.4+dfsg/docs/manpages/vfs_ceph.8 2017-01-17 20:02:06.000000000 +0000
+++ samba-4.5.8+dfsg/docs/manpages/vfs_ceph.8 2017-03-31 06:29:55.000000000 +0000
@@ -2,12 +2,12 @@
.\" Title: vfs_ceph
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.78.1
-.\" Date: 01/17/2017
+.\" Date: 03/31/2017
.\" Manual: System Administration tools
.\" Source: Samba 4.5
.\" Language: English
.\"
-.TH "VFS_CEPH" "8" "01/17/2017" "Samba 4\&.5" "System Administration tools"
+.TH "VFS_CEPH" "8" "03/31/2017" "Samba 4\&.5" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -Nru samba-4.5.4+dfsg/docs/manpages/vfs_commit.8 samba-4.5.8+dfsg/docs/manpages/vfs_commit.8
--- samba-4.5.4+dfsg/docs/manpages/vfs_commit.8 2017-01-17 20:02:07.000000000 +0000
+++ samba-4.5.8+dfsg/docs/manpages/vfs_commit.8 2017-03-31 06:29:56.000000000 +0000
@@ -2,12 +2,12 @@
.\" Title: vfs_commit
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.78.1
-.\" Date: 01/17/2017
+.\" Date: 03/31/2017
.\" Manual: System Administration tools
.\" Source: Samba 4.5
.\" Language: English
.\"
-.TH "VFS_COMMIT" "8" "01/17/2017" "Samba 4\&.5" "System Administration tools"
+.TH "VFS_COMMIT" "8" "03/31/2017" "Samba 4\&.5" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -Nru samba-4.5.4+dfsg/docs/manpages/vfs_crossrename.8 samba-4.5.8+dfsg/docs/manpages/vfs_crossrename.8
--- samba-4.5.4+dfsg/docs/manpages/vfs_crossrename.8 2017-01-17 20:02:07.000000000 +0000
+++ samba-4.5.8+dfsg/docs/manpages/vfs_crossrename.8 2017-03-31 06:29:56.000000000 +0000
@@ -2,12 +2,12 @@
.\" Title: vfs_crossrename
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.78.1
-.\" Date: 01/17/2017
+.\" Date: 03/31/2017
.\" Manual: System Administration tools
.\" Source: Samba 4.5
.\" Language: English
.\"
-.TH "VFS_CROSSRENAME" "8" "01/17/2017" "Samba 4\&.5" "System Administration tools"
+.TH "VFS_CROSSRENAME" "8" "03/31/2017" "Samba 4\&.5" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -Nru samba-4.5.4+dfsg/docs/manpages/vfs_default_quota.8 samba-4.5.8+dfsg/docs/manpages/vfs_default_quota.8
--- samba-4.5.4+dfsg/docs/manpages/vfs_default_quota.8 2017-01-17 20:02:07.000000000 +0000
+++ samba-4.5.8+dfsg/docs/manpages/vfs_default_quota.8 2017-03-31 06:29:56.000000000 +0000
@@ -2,12 +2,12 @@
.\" Title: vfs_default_quota
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.78.1
-.\" Date: 01/17/2017
+.\" Date: 03/31/2017
.\" Manual: System Administration tools
.\" Source: Samba 4.5
.\" Language: English
.\"
-.TH "VFS_DEFAULT_QUOTA" "8" "01/17/2017" "Samba 4\&.5" "System Administration tools"
+.TH "VFS_DEFAULT_QUOTA" "8" "03/31/2017" "Samba 4\&.5" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -Nru samba-4.5.4+dfsg/docs/manpages/vfs_dirsort.8 samba-4.5.8+dfsg/docs/manpages/vfs_dirsort.8
--- samba-4.5.4+dfsg/docs/manpages/vfs_dirsort.8 2017-01-17 20:02:07.000000000 +0000
+++ samba-4.5.8+dfsg/docs/manpages/vfs_dirsort.8 2017-03-31 06:29:56.000000000 +0000
@@ -2,12 +2,12 @@
.\" Title: vfs_dirsort
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.78.1
-.\" Date: 01/17/2017
+.\" Date: 03/31/2017
.\" Manual: System Administration tools
.\" Source: Samba 4.5
.\" Language: English
.\"
-.TH "VFS_DIRSORT" "8" "01/17/2017" "Samba 4\&.5" "System Administration tools"
+.TH "VFS_DIRSORT" "8" "03/31/2017" "Samba 4\&.5" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -Nru samba-4.5.4+dfsg/docs/manpages/vfs_extd_audit.8 samba-4.5.8+dfsg/docs/manpages/vfs_extd_audit.8
--- samba-4.5.4+dfsg/docs/manpages/vfs_extd_audit.8 2017-01-17 20:02:07.000000000 +0000
+++ samba-4.5.8+dfsg/docs/manpages/vfs_extd_audit.8 2017-03-31 06:29:56.000000000 +0000
@@ -2,12 +2,12 @@
.\" Title: vfs_extd_audit
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.78.1
-.\" Date: 01/17/2017
+.\" Date: 03/31/2017
.\" Manual: System Administration tools
.\" Source: Samba 4.5
.\" Language: English
.\"
-.TH "VFS_EXTD_AUDIT" "8" "01/17/2017" "Samba 4\&.5" "System Administration tools"
+.TH "VFS_EXTD_AUDIT" "8" "03/31/2017" "Samba 4\&.5" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -Nru samba-4.5.4+dfsg/docs/manpages/vfs_fake_perms.8 samba-4.5.8+dfsg/docs/manpages/vfs_fake_perms.8
--- samba-4.5.4+dfsg/docs/manpages/vfs_fake_perms.8 2017-01-17 20:02:08.000000000 +0000
+++ samba-4.5.8+dfsg/docs/manpages/vfs_fake_perms.8 2017-03-31 06:29:57.000000000 +0000
@@ -2,12 +2,12 @@
.\" Title: vfs_fake_perms
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.78.1
-.\" Date: 01/17/2017
+.\" Date: 03/31/2017
.\" Manual: System Administration tools
.\" Source: Samba 4.5
.\" Language: English
.\"
-.TH "VFS_FAKE_PERMS" "8" "01/17/2017" "Samba 4\&.5" "System Administration tools"
+.TH "VFS_FAKE_PERMS" "8" "03/31/2017" "Samba 4\&.5" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -Nru samba-4.5.4+dfsg/docs/manpages/vfs_fileid.8 samba-4.5.8+dfsg/docs/manpages/vfs_fileid.8
--- samba-4.5.4+dfsg/docs/manpages/vfs_fileid.8 2017-01-17 20:02:08.000000000 +0000
+++ samba-4.5.8+dfsg/docs/manpages/vfs_fileid.8 2017-03-31 06:29:57.000000000 +0000
@@ -2,12 +2,12 @@
.\" Title: vfs_fileid
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.78.1
-.\" Date: 01/17/2017
+.\" Date: 03/31/2017
.\" Manual: System Administration tools
.\" Source: Samba 4.5
.\" Language: English
.\"
-.TH "VFS_FILEID" "8" "01/17/2017" "Samba 4\&.5" "System Administration tools"
+.TH "VFS_FILEID" "8" "03/31/2017" "Samba 4\&.5" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -Nru samba-4.5.4+dfsg/docs/manpages/vfs_fruit.8 samba-4.5.8+dfsg/docs/manpages/vfs_fruit.8
--- samba-4.5.4+dfsg/docs/manpages/vfs_fruit.8 2017-01-17 20:02:08.000000000 +0000
+++ samba-4.5.8+dfsg/docs/manpages/vfs_fruit.8 2017-03-31 06:29:57.000000000 +0000
@@ -2,12 +2,12 @@
.\" Title: vfs_fruit
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.78.1
-.\" Date: 01/17/2017
+.\" Date: 03/31/2017
.\" Manual: System Administration tools
.\" Source: Samba 4.5
.\" Language: English
.\"
-.TH "VFS_FRUIT" "8" "01/17/2017" "Samba 4\&.5" "System Administration tools"
+.TH "VFS_FRUIT" "8" "03/31/2017" "Samba 4\&.5" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
@@ -306,7 +306,17 @@
.PP
fruit:veto_appledouble = yes | no
.RS 4
-Whether \&._ AppleDouble files are vetoed which prevents the client from seing and accessing internal AppleDouble files created by vfs_fruit itself for the purpose of storing a Mac resource fork\&.
+\fINote:\fR
+this option only applies when
+\fIfruit:resource\fR
+is set to
+\fIfile\fR
+(the default)\&.
+.sp
+When
+\fIfruit:resource\fR
+is set to
+\fIfile\fR, vfs_fruit may create \&._ AppleDouble files\&. This options controls whether these \&._ AppleDouble files are vetoed which prevents the client from accessing them\&.
.sp
Vetoing \&._ files may break some applications, eg extracting Mac ZIP archives from Mac clients failes, because they contain \&._ files\&. Setting this option to false will fix this, but the abstraction leak of exposing the internally created \&._ files may have other unknown side effects\&.
.sp
diff -Nru samba-4.5.4+dfsg/docs/manpages/vfs_full_audit.8 samba-4.5.8+dfsg/docs/manpages/vfs_full_audit.8
--- samba-4.5.4+dfsg/docs/manpages/vfs_full_audit.8 2017-01-17 20:02:08.000000000 +0000
+++ samba-4.5.8+dfsg/docs/manpages/vfs_full_audit.8 2017-03-31 06:29:57.000000000 +0000
@@ -2,12 +2,12 @@
.\" Title: vfs_full_audit
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.78.1
-.\" Date: 01/17/2017
+.\" Date: 03/31/2017
.\" Manual: System Administration tools
.\" Source: Samba 4.5
.\" Language: English
.\"
-.TH "VFS_FULL_AUDIT" "8" "01/17/2017" "Samba 4\&.5" "System Administration tools"
+.TH "VFS_FULL_AUDIT" "8" "03/31/2017" "Samba 4\&.5" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -Nru samba-4.5.4+dfsg/docs/manpages/vfs_glusterfs.8 samba-4.5.8+dfsg/docs/manpages/vfs_glusterfs.8
--- samba-4.5.4+dfsg/docs/manpages/vfs_glusterfs.8 2017-01-17 20:02:09.000000000 +0000
+++ samba-4.5.8+dfsg/docs/manpages/vfs_glusterfs.8 2017-03-31 06:29:58.000000000 +0000
@@ -2,12 +2,12 @@
.\" Title: vfs_glusterfs
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.78.1
-.\" Date: 01/17/2017
+.\" Date: 03/31/2017
.\" Manual: System Administration tools
.\" Source: Samba 4.5
.\" Language: English
.\"
-.TH "VFS_GLUSTERFS" "8" "01/17/2017" "Samba 4\&.5" "System Administration tools"
+.TH "VFS_GLUSTERFS" "8" "03/31/2017" "Samba 4\&.5" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -Nru samba-4.5.4+dfsg/docs/manpages/vfs_gpfs.8 samba-4.5.8+dfsg/docs/manpages/vfs_gpfs.8
--- samba-4.5.4+dfsg/docs/manpages/vfs_gpfs.8 2017-01-17 20:02:09.000000000 +0000
+++ samba-4.5.8+dfsg/docs/manpages/vfs_gpfs.8 2017-03-31 06:29:58.000000000 +0000
@@ -2,12 +2,12 @@
.\" Title: vfs_gpfs
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.78.1
-.\" Date: 01/17/2017
+.\" Date: 03/31/2017
.\" Manual: System Administration tools
.\" Source: Samba 4.5
.\" Language: English
.\"
-.TH "VFS_GPFS" "8" "01/17/2017" "Samba 4\&.5" "System Administration tools"
+.TH "VFS_GPFS" "8" "03/31/2017" "Samba 4\&.5" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -Nru samba-4.5.4+dfsg/docs/manpages/vfs_linux_xfs_sgid.8 samba-4.5.8+dfsg/docs/manpages/vfs_linux_xfs_sgid.8
--- samba-4.5.4+dfsg/docs/manpages/vfs_linux_xfs_sgid.8 2017-01-17 20:02:09.000000000 +0000
+++ samba-4.5.8+dfsg/docs/manpages/vfs_linux_xfs_sgid.8 2017-03-31 06:29:58.000000000 +0000
@@ -2,12 +2,12 @@
.\" Title: vfs_syncops
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.78.1
-.\" Date: 01/17/2017
+.\" Date: 03/31/2017
.\" Manual: System Administration tools
.\" Source: Samba 4.5
.\" Language: English
.\"
-.TH "VFS_SYNCOPS" "8" "01/17/2017" "Samba 4\&.5" "System Administration tools"
+.TH "VFS_SYNCOPS" "8" "03/31/2017" "Samba 4\&.5" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -Nru samba-4.5.4+dfsg/docs/manpages/vfs_media_harmony.8 samba-4.5.8+dfsg/docs/manpages/vfs_media_harmony.8
--- samba-4.5.4+dfsg/docs/manpages/vfs_media_harmony.8 2017-01-17 20:02:09.000000000 +0000
+++ samba-4.5.8+dfsg/docs/manpages/vfs_media_harmony.8 2017-03-31 06:29:58.000000000 +0000
@@ -2,12 +2,12 @@
.\" Title: vfs_media_harmony
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.78.1
-.\" Date: 01/17/2017
+.\" Date: 03/31/2017
.\" Manual: System Administration tools
.\" Source: Samba 4.5
.\" Language: English
.\"
-.TH "VFS_MEDIA_HARMONY" "8" "01/17/2017" "Samba 4\&.5" "System Administration tools"
+.TH "VFS_MEDIA_HARMONY" "8" "03/31/2017" "Samba 4\&.5" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -Nru samba-4.5.4+dfsg/docs/manpages/vfs_netatalk.8 samba-4.5.8+dfsg/docs/manpages/vfs_netatalk.8
--- samba-4.5.4+dfsg/docs/manpages/vfs_netatalk.8 2017-01-17 20:02:09.000000000 +0000
+++ samba-4.5.8+dfsg/docs/manpages/vfs_netatalk.8 2017-03-31 06:29:58.000000000 +0000
@@ -2,12 +2,12 @@
.\" Title: vfs_netatalk
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.78.1
-.\" Date: 01/17/2017
+.\" Date: 03/31/2017
.\" Manual: System Administration tools
.\" Source: Samba 4.5
.\" Language: English
.\"
-.TH "VFS_NETATALK" "8" "01/17/2017" "Samba 4\&.5" "System Administration tools"
+.TH "VFS_NETATALK" "8" "03/31/2017" "Samba 4\&.5" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -Nru samba-4.5.4+dfsg/docs/manpages/vfs_offline.8 samba-4.5.8+dfsg/docs/manpages/vfs_offline.8
--- samba-4.5.4+dfsg/docs/manpages/vfs_offline.8 2017-01-17 20:02:10.000000000 +0000
+++ samba-4.5.8+dfsg/docs/manpages/vfs_offline.8 2017-03-31 06:29:59.000000000 +0000
@@ -2,12 +2,12 @@
.\" Title: vfs_offline
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.78.1
-.\" Date: 01/17/2017
+.\" Date: 03/31/2017
.\" Manual: System Administration tools
.\" Source: Samba 4.5
.\" Language: English
.\"
-.TH "VFS_OFFLINE" "8" "01/17/2017" "Samba 4\&.5" "System Administration tools"
+.TH "VFS_OFFLINE" "8" "03/31/2017" "Samba 4\&.5" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -Nru samba-4.5.4+dfsg/docs/manpages/vfs_prealloc.8 samba-4.5.8+dfsg/docs/manpages/vfs_prealloc.8
--- samba-4.5.4+dfsg/docs/manpages/vfs_prealloc.8 2017-01-17 20:02:10.000000000 +0000
+++ samba-4.5.8+dfsg/docs/manpages/vfs_prealloc.8 2017-03-31 06:29:59.000000000 +0000
@@ -2,12 +2,12 @@
.\" Title: vfs_prealloc
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.78.1
-.\" Date: 01/17/2017
+.\" Date: 03/31/2017
.\" Manual: System Administration tools
.\" Source: Samba 4.5
.\" Language: English
.\"
-.TH "VFS_PREALLOC" "8" "01/17/2017" "Samba 4\&.5" "System Administration tools"
+.TH "VFS_PREALLOC" "8" "03/31/2017" "Samba 4\&.5" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -Nru samba-4.5.4+dfsg/docs/manpages/vfs_preopen.8 samba-4.5.8+dfsg/docs/manpages/vfs_preopen.8
--- samba-4.5.4+dfsg/docs/manpages/vfs_preopen.8 2017-01-17 20:02:10.000000000 +0000
+++ samba-4.5.8+dfsg/docs/manpages/vfs_preopen.8 2017-03-31 06:29:59.000000000 +0000
@@ -2,12 +2,12 @@
.\" Title: vfs_preopen
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.78.1
-.\" Date: 01/17/2017
+.\" Date: 03/31/2017
.\" Manual: System Administration tools
.\" Source: Samba 4.5
.\" Language: English
.\"
-.TH "VFS_PREOPEN" "8" "01/17/2017" "Samba 4\&.5" "System Administration tools"
+.TH "VFS_PREOPEN" "8" "03/31/2017" "Samba 4\&.5" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -Nru samba-4.5.4+dfsg/docs/manpages/vfs_readahead.8 samba-4.5.8+dfsg/docs/manpages/vfs_readahead.8
--- samba-4.5.4+dfsg/docs/manpages/vfs_readahead.8 2017-01-17 20:02:10.000000000 +0000
+++ samba-4.5.8+dfsg/docs/manpages/vfs_readahead.8 2017-03-31 06:29:59.000000000 +0000
@@ -2,12 +2,12 @@
.\" Title: vfs_readahead
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.78.1
-.\" Date: 01/17/2017
+.\" Date: 03/31/2017
.\" Manual: System Administration tools
.\" Source: Samba 4.5
.\" Language: English
.\"
-.TH "VFS_READAHEAD" "8" "01/17/2017" "Samba 4\&.5" "System Administration tools"
+.TH "VFS_READAHEAD" "8" "03/31/2017" "Samba 4\&.5" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -Nru samba-4.5.4+dfsg/docs/manpages/vfs_readonly.8 samba-4.5.8+dfsg/docs/manpages/vfs_readonly.8
--- samba-4.5.4+dfsg/docs/manpages/vfs_readonly.8 2017-01-17 20:02:11.000000000 +0000
+++ samba-4.5.8+dfsg/docs/manpages/vfs_readonly.8 2017-03-31 06:30:00.000000000 +0000
@@ -2,12 +2,12 @@
.\" Title: vfs_readonly
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.78.1
-.\" Date: 01/17/2017
+.\" Date: 03/31/2017
.\" Manual: System Administration tools
.\" Source: Samba 4.5
.\" Language: English
.\"
-.TH "VFS_READONLY" "8" "01/17/2017" "Samba 4\&.5" "System Administration tools"
+.TH "VFS_READONLY" "8" "03/31/2017" "Samba 4\&.5" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -Nru samba-4.5.4+dfsg/docs/manpages/vfs_recycle.8 samba-4.5.8+dfsg/docs/manpages/vfs_recycle.8
--- samba-4.5.4+dfsg/docs/manpages/vfs_recycle.8 2017-01-17 20:02:11.000000000 +0000
+++ samba-4.5.8+dfsg/docs/manpages/vfs_recycle.8 2017-03-31 06:30:00.000000000 +0000
@@ -2,12 +2,12 @@
.\" Title: vfs_recycle
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.78.1
-.\" Date: 01/17/2017
+.\" Date: 03/31/2017
.\" Manual: System Administration tools
.\" Source: Samba 4.5
.\" Language: English
.\"
-.TH "VFS_RECYCLE" "8" "01/17/2017" "Samba 4\&.5" "System Administration tools"
+.TH "VFS_RECYCLE" "8" "03/31/2017" "Samba 4\&.5" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -Nru samba-4.5.4+dfsg/docs/manpages/vfs_shadow_copy2.8 samba-4.5.8+dfsg/docs/manpages/vfs_shadow_copy2.8
--- samba-4.5.4+dfsg/docs/manpages/vfs_shadow_copy2.8 2017-01-17 20:02:11.000000000 +0000
+++ samba-4.5.8+dfsg/docs/manpages/vfs_shadow_copy2.8 2017-03-31 06:30:00.000000000 +0000
@@ -2,12 +2,12 @@
.\" Title: vfs_shadow_copy2
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.78.1
-.\" Date: 01/17/2017
+.\" Date: 03/31/2017
.\" Manual: System Administration tools
.\" Source: Samba 4.5
.\" Language: English
.\"
-.TH "VFS_SHADOW_COPY2" "8" "01/17/2017" "Samba 4\&.5" "System Administration tools"
+.TH "VFS_SHADOW_COPY2" "8" "03/31/2017" "Samba 4\&.5" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -Nru samba-4.5.4+dfsg/docs/manpages/vfs_shadow_copy.8 samba-4.5.8+dfsg/docs/manpages/vfs_shadow_copy.8
--- samba-4.5.4+dfsg/docs/manpages/vfs_shadow_copy.8 2017-01-17 20:02:11.000000000 +0000
+++ samba-4.5.8+dfsg/docs/manpages/vfs_shadow_copy.8 2017-03-31 06:30:00.000000000 +0000
@@ -2,12 +2,12 @@
.\" Title: vfs_shadow_copy
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.78.1
-.\" Date: 01/17/2017
+.\" Date: 03/31/2017
.\" Manual: System Administration tools
.\" Source: Samba 4.5
.\" Language: English
.\"
-.TH "VFS_SHADOW_COPY" "8" "01/17/2017" "Samba 4\&.5" "System Administration tools"
+.TH "VFS_SHADOW_COPY" "8" "03/31/2017" "Samba 4\&.5" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -Nru samba-4.5.4+dfsg/docs/manpages/vfs_shell_snap.8 samba-4.5.8+dfsg/docs/manpages/vfs_shell_snap.8
--- samba-4.5.4+dfsg/docs/manpages/vfs_shell_snap.8 2017-01-17 20:02:11.000000000 +0000
+++ samba-4.5.8+dfsg/docs/manpages/vfs_shell_snap.8 2017-03-31 06:30:00.000000000 +0000
@@ -2,12 +2,12 @@
.\" Title: vfs_shell_snap
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.78.1
-.\" Date: 01/17/2017
+.\" Date: 03/31/2017
.\" Manual: System Administration tools
.\" Source: Samba 4.5
.\" Language: English
.\"
-.TH "VFS_SHELL_SNAP" "8" "01/17/2017" "Samba 4\&.5" "System Administration tools"
+.TH "VFS_SHELL_SNAP" "8" "03/31/2017" "Samba 4\&.5" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -Nru samba-4.5.4+dfsg/docs/manpages/vfs_snapper.8 samba-4.5.8+dfsg/docs/manpages/vfs_snapper.8
--- samba-4.5.4+dfsg/docs/manpages/vfs_snapper.8 2017-01-17 20:02:12.000000000 +0000
+++ samba-4.5.8+dfsg/docs/manpages/vfs_snapper.8 2017-03-31 06:30:01.000000000 +0000
@@ -2,12 +2,12 @@
.\" Title: vfs_snapper
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.78.1
-.\" Date: 01/17/2017
+.\" Date: 03/31/2017
.\" Manual: System Administration tools
.\" Source: Samba 4.5
.\" Language: English
.\"
-.TH "VFS_SNAPPER" "8" "01/17/2017" "Samba 4\&.5" "System Administration tools"
+.TH "VFS_SNAPPER" "8" "03/31/2017" "Samba 4\&.5" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -Nru samba-4.5.4+dfsg/docs/manpages/vfs_streams_depot.8 samba-4.5.8+dfsg/docs/manpages/vfs_streams_depot.8
--- samba-4.5.4+dfsg/docs/manpages/vfs_streams_depot.8 2017-01-17 20:02:12.000000000 +0000
+++ samba-4.5.8+dfsg/docs/manpages/vfs_streams_depot.8 2017-03-31 06:30:01.000000000 +0000
@@ -2,12 +2,12 @@
.\" Title: vfs_streams_depot
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.78.1
-.\" Date: 01/17/2017
+.\" Date: 03/31/2017
.\" Manual: System Administration tools
.\" Source: Samba 4.5
.\" Language: English
.\"
-.TH "VFS_STREAMS_DEPOT" "8" "01/17/2017" "Samba 4\&.5" "System Administration tools"
+.TH "VFS_STREAMS_DEPOT" "8" "03/31/2017" "Samba 4\&.5" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -Nru samba-4.5.4+dfsg/docs/manpages/vfs_streams_xattr.8 samba-4.5.8+dfsg/docs/manpages/vfs_streams_xattr.8
--- samba-4.5.4+dfsg/docs/manpages/vfs_streams_xattr.8 2017-01-17 20:02:12.000000000 +0000
+++ samba-4.5.8+dfsg/docs/manpages/vfs_streams_xattr.8 2017-03-31 06:30:01.000000000 +0000
@@ -2,12 +2,12 @@
.\" Title: vfs_streams_xattr
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.78.1
-.\" Date: 01/17/2017
+.\" Date: 03/31/2017
.\" Manual: System Administration tools
.\" Source: Samba 4.5
.\" Language: English
.\"
-.TH "VFS_STREAMS_XATTR" "8" "01/17/2017" "Samba 4\&.5" "System Administration tools"
+.TH "VFS_STREAMS_XATTR" "8" "03/31/2017" "Samba 4\&.5" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -Nru samba-4.5.4+dfsg/docs/manpages/vfs_syncops.8 samba-4.5.8+dfsg/docs/manpages/vfs_syncops.8
--- samba-4.5.4+dfsg/docs/manpages/vfs_syncops.8 2017-01-17 20:02:12.000000000 +0000
+++ samba-4.5.8+dfsg/docs/manpages/vfs_syncops.8 2017-03-31 06:30:01.000000000 +0000
@@ -2,12 +2,12 @@
.\" Title: vfs_syncops
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.78.1
-.\" Date: 01/17/2017
+.\" Date: 03/31/2017
.\" Manual: System Administration tools
.\" Source: Samba 4.5
.\" Language: English
.\"
-.TH "VFS_SYNCOPS" "8" "01/17/2017" "Samba 4\&.5" "System Administration tools"
+.TH "VFS_SYNCOPS" "8" "03/31/2017" "Samba 4\&.5" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -Nru samba-4.5.4+dfsg/docs/manpages/vfstest.1 samba-4.5.8+dfsg/docs/manpages/vfstest.1
--- samba-4.5.4+dfsg/docs/manpages/vfstest.1 2017-01-17 20:02:14.000000000 +0000
+++ samba-4.5.8+dfsg/docs/manpages/vfstest.1 2017-03-31 06:30:03.000000000 +0000
@@ -2,12 +2,12 @@
.\" Title: vfstest
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.78.1
-.\" Date: 01/17/2017
+.\" Date: 03/31/2017
.\" Manual: User Commands
.\" Source: Samba 4.5
.\" Language: English
.\"
-.TH "VFSTEST" "1" "01/17/2017" "Samba 4\&.5" "User Commands"
+.TH "VFSTEST" "1" "03/31/2017" "Samba 4\&.5" "User Commands"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -Nru samba-4.5.4+dfsg/docs/manpages/vfs_time_audit.8 samba-4.5.8+dfsg/docs/manpages/vfs_time_audit.8
--- samba-4.5.4+dfsg/docs/manpages/vfs_time_audit.8 2017-01-17 20:02:13.000000000 +0000
+++ samba-4.5.8+dfsg/docs/manpages/vfs_time_audit.8 2017-03-31 06:30:02.000000000 +0000
@@ -2,12 +2,12 @@
.\" Title: vfs_time_audit
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.78.1
-.\" Date: 01/17/2017
+.\" Date: 03/31/2017
.\" Manual: System Administration tools
.\" Source: Samba 4.5
.\" Language: English
.\"
-.TH "VFS_TIME_AUDIT" "8" "01/17/2017" "Samba 4\&.5" "System Administration tools"
+.TH "VFS_TIME_AUDIT" "8" "03/31/2017" "Samba 4\&.5" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -Nru samba-4.5.4+dfsg/docs/manpages/vfs_tsmsm.8 samba-4.5.8+dfsg/docs/manpages/vfs_tsmsm.8
--- samba-4.5.4+dfsg/docs/manpages/vfs_tsmsm.8 2017-01-17 20:02:13.000000000 +0000
+++ samba-4.5.8+dfsg/docs/manpages/vfs_tsmsm.8 2017-03-31 06:30:02.000000000 +0000
@@ -2,12 +2,12 @@
.\" Title: vfs_tsmsm
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.78.1
-.\" Date: 01/17/2017
+.\" Date: 03/31/2017
.\" Manual: System Administration tools
.\" Source: Samba 4.5
.\" Language: English
.\"
-.TH "VFS_TSMSM" "8" "01/17/2017" "Samba 4\&.5" "System Administration tools"
+.TH "VFS_TSMSM" "8" "03/31/2017" "Samba 4\&.5" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -Nru samba-4.5.4+dfsg/docs/manpages/vfs_unityed_media.8 samba-4.5.8+dfsg/docs/manpages/vfs_unityed_media.8
--- samba-4.5.4+dfsg/docs/manpages/vfs_unityed_media.8 2017-01-17 20:02:13.000000000 +0000
+++ samba-4.5.8+dfsg/docs/manpages/vfs_unityed_media.8 2017-03-31 06:30:02.000000000 +0000
@@ -2,12 +2,12 @@
.\" Title: vfs_unityed_media
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.78.1
-.\" Date: 01/17/2017
+.\" Date: 03/31/2017
.\" Manual: System Administration tools
.\" Source: Samba 4.5
.\" Language: English
.\"
-.TH "VFS_UNITYED_MEDIA" "8" "01/17/2017" "Samba 4\&.5" "System Administration tools"
+.TH "VFS_UNITYED_MEDIA" "8" "03/31/2017" "Samba 4\&.5" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -Nru samba-4.5.4+dfsg/docs/manpages/vfs_worm.8 samba-4.5.8+dfsg/docs/manpages/vfs_worm.8
--- samba-4.5.4+dfsg/docs/manpages/vfs_worm.8 2017-01-17 20:02:13.000000000 +0000
+++ samba-4.5.8+dfsg/docs/manpages/vfs_worm.8 2017-03-31 06:30:02.000000000 +0000
@@ -2,12 +2,12 @@
.\" Title: vfs_worm
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.78.1
-.\" Date: 01/17/2017
+.\" Date: 03/31/2017
.\" Manual: System Administration tools
.\" Source: Samba 4.5
.\" Language: English
.\"
-.TH "VFS_WORM" "8" "01/17/2017" "Samba 4\&.5" "System Administration tools"
+.TH "VFS_WORM" "8" "03/31/2017" "Samba 4\&.5" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -Nru samba-4.5.4+dfsg/docs/manpages/vfs_xattr_tdb.8 samba-4.5.8+dfsg/docs/manpages/vfs_xattr_tdb.8
--- samba-4.5.4+dfsg/docs/manpages/vfs_xattr_tdb.8 2017-01-17 20:02:13.000000000 +0000
+++ samba-4.5.8+dfsg/docs/manpages/vfs_xattr_tdb.8 2017-03-31 06:30:03.000000000 +0000
@@ -2,12 +2,12 @@
.\" Title: vfs_xattr_tdb
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.78.1
-.\" Date: 01/17/2017
+.\" Date: 03/31/2017
.\" Manual: System Administration tools
.\" Source: Samba 4.5
.\" Language: English
.\"
-.TH "VFS_XATTR_TDB" "8" "01/17/2017" "Samba 4\&.5" "System Administration tools"
+.TH "VFS_XATTR_TDB" "8" "03/31/2017" "Samba 4\&.5" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -Nru samba-4.5.4+dfsg/docs/manpages/vfs_zfsacl.8 samba-4.5.8+dfsg/docs/manpages/vfs_zfsacl.8
--- samba-4.5.4+dfsg/docs/manpages/vfs_zfsacl.8 2017-01-17 20:02:14.000000000 +0000
+++ samba-4.5.8+dfsg/docs/manpages/vfs_zfsacl.8 2017-03-31 06:30:03.000000000 +0000
@@ -2,12 +2,12 @@
.\" Title: vfs_zfsacl
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.78.1
-.\" Date: 01/17/2017
+.\" Date: 03/31/2017
.\" Manual: System Administration tools
.\" Source: Samba 4.5
.\" Language: English
.\"
-.TH "VFS_ZFSACL" "8" "01/17/2017" "Samba 4\&.5" "System Administration tools"
+.TH "VFS_ZFSACL" "8" "03/31/2017" "Samba 4\&.5" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -Nru samba-4.5.4+dfsg/docs/manpages/wbinfo.1 samba-4.5.8+dfsg/docs/manpages/wbinfo.1
--- samba-4.5.4+dfsg/docs/manpages/wbinfo.1 2017-01-17 20:02:14.000000000 +0000
+++ samba-4.5.8+dfsg/docs/manpages/wbinfo.1 2017-03-31 06:30:03.000000000 +0000
@@ -2,12 +2,12 @@
.\" Title: wbinfo
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.78.1
-.\" Date: 01/17/2017
+.\" Date: 03/31/2017
.\" Manual: User Commands
.\" Source: Samba 4.5
.\" Language: English
.\"
-.TH "WBINFO" "1" "01/17/2017" "Samba 4\&.5" "User Commands"
+.TH "WBINFO" "1" "03/31/2017" "Samba 4\&.5" "User Commands"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -Nru samba-4.5.4+dfsg/docs/manpages/winbindd.8 samba-4.5.8+dfsg/docs/manpages/winbindd.8
--- samba-4.5.4+dfsg/docs/manpages/winbindd.8 2017-01-17 20:02:15.000000000 +0000
+++ samba-4.5.8+dfsg/docs/manpages/winbindd.8 2017-03-31 06:30:04.000000000 +0000
@@ -2,12 +2,12 @@
.\" Title: winbindd
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.78.1
-.\" Date: 01/17/2017
+.\" Date: 03/31/2017
.\" Manual: System Administration tools
.\" Source: Samba 4.5
.\" Language: English
.\"
-.TH "WINBINDD" "8" "01/17/2017" "Samba 4\&.5" "System Administration tools"
+.TH "WINBINDD" "8" "03/31/2017" "Samba 4\&.5" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -Nru samba-4.5.4+dfsg/docs/manpages/winbind_krb5_locator.7 samba-4.5.8+dfsg/docs/manpages/winbind_krb5_locator.7
--- samba-4.5.4+dfsg/docs/manpages/winbind_krb5_locator.7 2017-01-17 20:02:14.000000000 +0000
+++ samba-4.5.8+dfsg/docs/manpages/winbind_krb5_locator.7 2017-03-31 06:30:03.000000000 +0000
@@ -2,12 +2,12 @@
.\" Title: winbind_krb5_locator
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.78.1
-.\" Date: 01/17/2017
+.\" Date: 03/31/2017
.\" Manual: 7
.\" Source: Samba 4.5
.\" Language: English
.\"
-.TH "WINBIND_KRB5_LOCATOR" "7" "01/17/2017" "Samba 4\&.5" "7"
+.TH "WINBIND_KRB5_LOCATOR" "7" "03/31/2017" "Samba 4\&.5" "7"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -Nru samba-4.5.4+dfsg/docs-xml/manpages/vfs_fruit.8.xml samba-4.5.8+dfsg/docs-xml/manpages/vfs_fruit.8.xml
--- samba-4.5.4+dfsg/docs-xml/manpages/vfs_fruit.8.xml 2017-01-17 19:55:44.000000000 +0000
+++ samba-4.5.8+dfsg/docs-xml/manpages/vfs_fruit.8.xml 2017-03-09 09:21:43.000000000 +0000
@@ -235,10 +235,14 @@
fruit:veto_appledouble = yes | no
- Whether ._ AppleDouble files are vetoed which
- prevents the client from seing and accessing internal
- AppleDouble files created by vfs_fruit itself for the
- purpose of storing a Mac resource fork.
+ Note: this option only applies when
+ fruit:resource is set to
+ file (the default).
+
+ When fruit:resource is set to
+ file, vfs_fruit may create ._ AppleDouble
+ files. This options controls whether these ._ AppleDouble files
+ are vetoed which prevents the client from accessing them.
Vetoing ._ files may break some applications, eg
extracting Mac ZIP archives from Mac clients failes,
because they contain ._ files. Setting this option to
diff -Nru samba-4.5.4+dfsg/docs-xml/smbdotconf/security/smbencrypt.xml samba-4.5.8+dfsg/docs-xml/smbdotconf/security/smbencrypt.xml
--- samba-4.5.4+dfsg/docs-xml/smbdotconf/security/smbencrypt.xml 2016-08-11 07:51:04.000000000 +0000
+++ samba-4.5.8+dfsg/docs-xml/smbdotconf/security/smbencrypt.xml 2017-03-09 09:21:43.000000000 +0000
@@ -180,7 +180,11 @@
Setting it to off globally will
- completely disable the encryption feature.
+ completely disable the encryption feature for all
+ connections. Setting smb encrypt =
+ required for individual shares (while it's
+ globally off) will deny access to this shares for all
+ clients.
diff -Nru samba-4.5.4+dfsg/lib/krb5_wrap/krb5_samba.c samba-4.5.8+dfsg/lib/krb5_wrap/krb5_samba.c
--- samba-4.5.4+dfsg/lib/krb5_wrap/krb5_samba.c 2016-08-11 07:51:04.000000000 +0000
+++ samba-4.5.8+dfsg/lib/krb5_wrap/krb5_samba.c 2017-03-09 09:21:43.000000000 +0000
@@ -24,6 +24,7 @@
#include "system/filesys.h"
#include "krb5_samba.h"
#include "lib/util/asn1.h"
+#include "lib/crypto/crypto.h"
#ifdef HAVE_COM_ERR_H
#include
@@ -202,6 +203,42 @@
return -1;
}
+ if ((int)enctype == (int)ENCTYPE_ARCFOUR_HMAC) {
+ TALLOC_CTX *frame = talloc_stackframe();
+ uint8_t *utf16 = NULL;
+ size_t utf16_size = 0;
+ uint8_t nt_hash[16];
+ bool ok;
+
+ ok = convert_string_talloc(frame, CH_UNIX, CH_UTF16LE,
+ password->data, password->length,
+ (void **)&utf16, &utf16_size);
+ if (!ok) {
+ if (errno == 0) {
+ errno = EINVAL;
+ }
+ ret = errno;
+ TALLOC_FREE(frame);
+ return ret;
+ }
+
+ mdfour(nt_hash, utf16, utf16_size);
+ memset(utf16, 0, utf16_size);
+ ret = smb_krb5_keyblock_init_contents(context,
+ ENCTYPE_ARCFOUR_HMAC,
+ nt_hash,
+ sizeof(nt_hash),
+ key);
+ ZERO_STRUCT(nt_hash);
+ if (ret != 0) {
+ TALLOC_FREE(frame);
+ return ret;
+ }
+
+ TALLOC_FREE(frame);
+ return 0;
+ }
+
#if defined(HAVE_KRB5_PRINCIPAL2SALT) && defined(HAVE_KRB5_C_STRING_TO_KEY)
{/* MIT */
krb5_data _salt;
diff -Nru samba-4.5.4+dfsg/lib/ldb-samba/ldb_ildap.c samba-4.5.8+dfsg/lib/ldb-samba/ldb_ildap.c
--- samba-4.5.4+dfsg/lib/ldb-samba/ldb_ildap.c 2016-08-11 07:51:04.000000000 +0000
+++ samba-4.5.8+dfsg/lib/ldb-samba/ldb_ildap.c 2017-03-09 09:21:43.000000000 +0000
@@ -863,6 +863,7 @@
return LDB_SUCCESS;
failed:
+ ldb_set_errstring(ldb, ldap_errstr(ildb->ldap, module, status));
talloc_free(module);
if (NT_STATUS_IS_LDAP(status)) {
return NT_STATUS_LDAP_CODE(status);
diff -Nru samba-4.5.4+dfsg/lib/torture/torture.h samba-4.5.8+dfsg/lib/torture/torture.h
--- samba-4.5.4+dfsg/lib/torture/torture.h 2017-01-17 19:55:44.000000000 +0000
+++ samba-4.5.8+dfsg/lib/torture/torture.h 2017-03-09 09:21:43.000000000 +0000
@@ -362,7 +362,7 @@
if (memcmp(__got, __expected, len) != 0) { \
torture_result(torture_ctx, TORTURE_FAIL, \
__location__": "#got" of len %d did not match "#expected": %s", (int)len, cmt); \
- return false; \
+ ret = false; \
goto label; \
} \
} while(0)
diff -Nru samba-4.5.4+dfsg/lib/util/genrand_util.c samba-4.5.8+dfsg/lib/util/genrand_util.c
--- samba-4.5.4+dfsg/lib/util/genrand_util.c 2016-08-11 07:51:04.000000000 +0000
+++ samba-4.5.8+dfsg/lib/util/genrand_util.c 2017-03-09 09:21:43.000000000 +0000
@@ -210,7 +210,7 @@
}
/**
- * Generate a random text password.
+ * Generate a random text password (based on printable ascii characters).
*/
_PUBLIC_ char *generate_random_password(TALLOC_CTX *mem_ctx, size_t min, size_t max)
@@ -258,6 +258,172 @@
}
/**
+ * Generate a random machine password (based on random utf16 characters,
+ * converted to utf8). min must be at least 14, max must be at most 255.
+ *
+ * If 'unix charset' is not utf8, the password consist of random ascii
+ * values!
+ */
+
+_PUBLIC_ char *generate_random_machine_password(TALLOC_CTX *mem_ctx, size_t min, size_t max)
+{
+ TALLOC_CTX *frame = NULL;
+ struct generate_random_machine_password_state {
+ uint8_t password_buffer[256 * 2];
+ uint8_t tmp;
+ } *state;
+ char *new_pw = NULL;
+ size_t len = max;
+ char *utf8_pw = NULL;
+ size_t utf8_len = 0;
+ char *unix_pw = NULL;
+ size_t unix_len = 0;
+ size_t diff;
+ size_t i;
+ bool ok;
+ int cmp;
+
+ if (max > 255) {
+ errno = EINVAL;
+ return NULL;
+ }
+
+ if (min < 14) {
+ errno = EINVAL;
+ return NULL;
+ }
+
+ if (min > max) {
+ errno = EINVAL;
+ return NULL;
+ }
+
+ frame = talloc_stackframe_pool(2048);
+ state = talloc_zero(frame, struct generate_random_machine_password_state);
+
+ diff = max - min;
+
+ if (diff > 0) {
+ size_t tmp;
+
+ generate_random_buffer((uint8_t *)&tmp, sizeof(tmp));
+
+ tmp %= diff;
+
+ len = min + tmp;
+ }
+
+ /*
+ * Create a random machine account password
+ * We create a random buffer and convert that to utf8.
+ * This is similar to what windows is doing.
+ *
+ * In future we may store the raw random buffer,
+ * but for now we need to pass the password as
+ * char pointer through some layers.
+ *
+ * As most kerberos keys are derived from the
+ * utf8 password we need to fallback to
+ * ASCII passwords if "unix charset" is not utf8.
+ */
+ generate_secret_buffer(state->password_buffer, len * 2);
+ for (i = 0; i < len; i++) {
+ size_t idx = i*2;
+ uint16_t c;
+
+ /*
+ * both MIT krb5 and HEIMDAL only
+ * handle codepoints up to 0xffff.
+ *
+ * It means we need to avoid
+ * 0xD800 - 0xDBFF (high surrogate)
+ * and
+ * 0xDC00 - 0xDFFF (low surrogate)
+ * in the random utf16 data.
+ *
+ * 55296 0xD800 0154000 0b1101100000000000
+ * 57343 0xDFFF 0157777 0b1101111111111111
+ * 8192 0x2000 020000 0b10000000000000
+ *
+ * The above values show that we can check
+ * for 0xD800 and just add 0x2000 to avoid
+ * the surrogate ranges.
+ *
+ * The rest will be handled by CH_UTF16MUNGED
+ * see utf16_munged_pull().
+ */
+ c = SVAL(state->password_buffer, idx);
+ if (c & 0xD800) {
+ c |= 0x2000;
+ }
+ SSVAL(state->password_buffer, idx, c);
+ }
+ ok = convert_string_talloc(frame,
+ CH_UTF16MUNGED, CH_UTF8,
+ state->password_buffer, len * 2,
+ (void *)&utf8_pw, &utf8_len);
+ if (!ok) {
+ DEBUG(0, ("%s: convert_string_talloc() failed\n",
+ __func__));
+ TALLOC_FREE(frame);
+ return NULL;
+ }
+
+ ok = convert_string_talloc(frame,
+ CH_UTF16MUNGED, CH_UNIX,
+ state->password_buffer, len * 2,
+ (void *)&unix_pw, &unix_len);
+ if (!ok) {
+ goto ascii_fallback;
+ }
+
+ if (utf8_len != unix_len) {
+ goto ascii_fallback;
+ }
+
+ cmp = memcmp((const uint8_t *)utf8_pw,
+ (const uint8_t *)unix_pw,
+ utf8_len);
+ if (cmp != 0) {
+ goto ascii_fallback;
+ }
+
+ new_pw = talloc_strdup(mem_ctx, utf8_pw);
+ if (new_pw == NULL) {
+ TALLOC_FREE(frame);
+ return NULL;
+ }
+ talloc_set_name_const(new_pw, __func__);
+ TALLOC_FREE(frame);
+ return new_pw;
+
+ascii_fallback:
+ for (i = 0; i < len; i++) {
+ /*
+ * truncate to ascii
+ */
+ state->tmp = state->password_buffer[i] & 0x7f;
+ if (state->tmp == 0) {
+ state->tmp = state->password_buffer[i] >> 1;
+ }
+ if (state->tmp == 0) {
+ state->tmp = 0x01;
+ }
+ state->password_buffer[i] = state->tmp;
+ }
+ state->password_buffer[i] = '\0';
+
+ new_pw = talloc_strdup(mem_ctx, (const char *)state->password_buffer);
+ if (new_pw == NULL) {
+ TALLOC_FREE(frame);
+ return NULL;
+ }
+ talloc_set_name_const(new_pw, __func__);
+ TALLOC_FREE(frame);
+ return new_pw;
+}
+
+/**
* Generate an array of unique text strings all of the same length.
* The returned string will be allocated.
* Returns NULL if the number of unique combinations cannot be created.
diff -Nru samba-4.5.4+dfsg/lib/util/samba_util.h samba-4.5.8+dfsg/lib/util/samba_util.h
--- samba-4.5.4+dfsg/lib/util/samba_util.h 2016-08-11 07:51:04.000000000 +0000
+++ samba-4.5.8+dfsg/lib/util/samba_util.h 2017-03-09 09:21:43.000000000 +0000
@@ -103,11 +103,41 @@
_PUBLIC_ bool check_password_quality(const char *s);
/**
- * Generate a random text password.
+ * Generate a random text password (based on printable ascii characters).
+ * This function is designed to provide a password that
+ * meats the complexity requirements of UF_NORMAL_ACCOUNT objects
+ * and they should be human readable and writeable on any keyboard layout.
+ *
+ * Characters used are:
+ * ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+_-#.,@$%&!?:;<=>()[]~
*/
_PUBLIC_ char *generate_random_password(TALLOC_CTX *mem_ctx, size_t min, size_t max);
/**
+ * Generate a random machine password
+ *
+ * min and max are the number of utf16 characters used
+ * to generate on utf8 compatible password.
+ *
+ * Note: if 'unix charset' is not 'utf8' (the default)
+ * then each utf16 character is only filled with
+ * values from 0x01 to 0x7f (ascii values without 0x00).
+ * This is important as the password neets to be
+ * a valid value as utf8 string and at the same time
+ * a valid value in the 'unix charset'.
+ *
+ * If 'unix charset' is 'utf8' (the default) then
+ * each utf16 character is a random value from 0x0000
+ * 0xFFFF (exluding the surrogate ranges from 0xD800-0xDFFF)
+ * while the translation from CH_UTF16MUNGED
+ * to CH_UTF8 replaces invalid values (see utf16_munged_pull()).
+ *
+ * Note: these passwords may not pass the complexity requirements
+ * for UF_NORMAL_ACCOUNT objects (except krbtgt accounts).
+ */
+_PUBLIC_ char *generate_random_machine_password(TALLOC_CTX *mem_ctx, size_t min, size_t max);
+
+/**
Use the random number generator to generate a random string.
**/
_PUBLIC_ char *generate_random_str_list(TALLOC_CTX *mem_ctx, size_t len, const char *list);
diff -Nru samba-4.5.4+dfsg/libcli/auth/netlogon_creds_cli.c samba-4.5.8+dfsg/libcli/auth/netlogon_creds_cli.c
--- samba-4.5.4+dfsg/libcli/auth/netlogon_creds_cli.c 2016-08-11 07:51:04.000000000 +0000
+++ samba-4.5.8+dfsg/libcli/auth/netlogon_creds_cli.c 2017-03-09 09:21:43.000000000 +0000
@@ -484,6 +484,14 @@
return NT_STATUS_OK;
}
+char *netlogon_creds_cli_debug_string(
+ const struct netlogon_creds_cli_context *context,
+ TALLOC_CTX *mem_ctx)
+{
+ return talloc_asprintf(mem_ctx, "netlogon_creds_cli:%s",
+ context->db.key_name);
+}
+
enum dcerpc_AuthLevel netlogon_creds_cli_auth_level(
struct netlogon_creds_cli_context *context)
{
@@ -1747,7 +1755,11 @@
/*
* netr_ServerPasswordSet
*/
- E_md4hash(new_password, state->samr_password.hash);
+ ok = E_md4hash(new_password, state->samr_password.hash);
+ if (!ok) {
+ tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER_MIX);
+ return tevent_req_post(req, ev);
+ }
/*
* netr_ServerPasswordSet2
@@ -2075,11 +2087,24 @@
/*
* the read only credentials before we started the operation
+ * used for netr_LogonSamLogonEx() if required (validation_level = 3).
*/
struct netlogon_creds_CredentialState *ro_creds;
+ /*
+ * The (locked) credentials used for the credential chain
+ * used for netr_LogonSamLogonWithFlags() or
+ * netr_LogonSamLogonWith().
+ */
struct netlogon_creds_CredentialState *lk_creds;
+ /*
+ * While we have locked the global credentials (lk_creds above)
+ * we operate an a temporary copy, because a server
+ * may not support netr_LogonSamLogonWithFlags() and
+ * didn't process our netr_Authenticator, so we need to
+ * restart from lk_creds.
+ */
struct netlogon_creds_CredentialState tmp_creds;
struct netr_Authenticator req_auth;
struct netr_Authenticator rep_auth;
@@ -2311,7 +2336,7 @@
return;
}
- netlogon_creds_encrypt_samlogon_logon(state->ro_creds,
+ netlogon_creds_encrypt_samlogon_logon(&state->tmp_creds,
state->logon_level,
state->logon);
@@ -2414,8 +2439,10 @@
/*
* We got a race, lets retry with on authenticator
* protection.
+ *
+ * netlogon_creds_cli_LogonSamLogon_start()
+ * will TALLOC_FREE(state->ro_creds);
*/
- TALLOC_FREE(state->ro_creds);
state->try_logon_ex = false;
netlogon_creds_cli_LogonSamLogon_start(req);
return;
diff -Nru samba-4.5.4+dfsg/libcli/auth/netlogon_creds_cli.h samba-4.5.8+dfsg/libcli/auth/netlogon_creds_cli.h
--- samba-4.5.4+dfsg/libcli/auth/netlogon_creds_cli.h 2016-08-11 07:51:04.000000000 +0000
+++ samba-4.5.8+dfsg/libcli/auth/netlogon_creds_cli.h 2017-03-09 09:21:43.000000000 +0000
@@ -52,6 +52,10 @@
TALLOC_CTX *mem_ctx,
struct netlogon_creds_cli_context **_context);
+char *netlogon_creds_cli_debug_string(
+ const struct netlogon_creds_cli_context *context,
+ TALLOC_CTX *mem_ctx);
+
enum dcerpc_AuthLevel netlogon_creds_cli_auth_level(
struct netlogon_creds_cli_context *context);
diff -Nru samba-4.5.4+dfsg/librpc/rpc/dcerpc_error.c samba-4.5.8+dfsg/librpc/rpc/dcerpc_error.c
--- samba-4.5.4+dfsg/librpc/rpc/dcerpc_error.c 2016-08-11 07:51:04.000000000 +0000
+++ samba-4.5.8+dfsg/librpc/rpc/dcerpc_error.c 2017-03-09 09:21:43.000000000 +0000
@@ -50,12 +50,10 @@
_FAULT_STR(DCERPC_NCA_S_FAULT_INT_DIV_BY_ZERO, NT_STATUS_RPC_FP_DIV_ZERO),
_FAULT_STR(DCERPC_NCA_S_FAULT_INT_OVERFLOW, NT_STATUS_RPC_FP_OVERFLOW),
/*
- * What's the difference between NT_STATUS_RPC_INVALID_TAG
- * and NT_STATUS_RPC_PROCNUM_OUT_OF_RANGE ???
- *
- * Our callers expect NT_STATUS_RPC_PROCNUM_OUT_OF_RANGE.
+ * Our callers expect NT_STATUS_RPC_ENUM_VALUE_OUT_OF_RANGE
+ * instead of NT_STATUS_RPC_INVALID_TAG.
*/
- _FAULT_STR(DCERPC_NCA_S_FAULT_INVALID_TAG, NT_STATUS_RPC_PROCNUM_OUT_OF_RANGE),
+ _FAULT_STR(DCERPC_NCA_S_FAULT_INVALID_TAG, NT_STATUS_RPC_ENUM_VALUE_OUT_OF_RANGE),
_FAULT_STR(DCERPC_NCA_S_FAULT_INVALID_TAG, NT_STATUS_RPC_INVALID_TAG),
_FAULT_STR(DCERPC_NCA_S_FAULT_INVALID_BOUND, NT_STATUS_RPC_INVALID_BOUND),
_FAULT_STR(DCERPC_NCA_S_FAULT_RPC_VERSION_MISMATCH, NT_STATUS_RPC_PROTOCOL_ERROR),
diff -Nru samba-4.5.4+dfsg/python/pyglue.c samba-4.5.8+dfsg/python/pyglue.c
--- samba-4.5.4+dfsg/python/pyglue.c 2016-12-05 08:18:44.000000000 +0000
+++ samba-4.5.8+dfsg/python/pyglue.c 2017-03-09 09:21:43.000000000 +0000
@@ -60,6 +60,23 @@
return ret;
}
+static PyObject *py_generate_random_machine_password(PyObject *self, PyObject *args)
+{
+ int min, max;
+ PyObject *ret;
+ char *retstr;
+ if (!PyArg_ParseTuple(args, "ii", &min, &max))
+ return NULL;
+
+ retstr = generate_random_machine_password(NULL, min, max);
+ if (retstr == NULL) {
+ return NULL;
+ }
+ ret = PyUnicode_FromString(retstr);
+ talloc_free(retstr);
+ return ret;
+}
+
static PyObject *py_unix2nttime(PyObject *self, PyObject *args)
{
time_t t;
@@ -261,7 +278,14 @@
"Generate random string with specified length." },
{ "generate_random_password", (PyCFunction)py_generate_random_password,
METH_VARARGS, "generate_random_password(min, max) -> string\n"
- "Generate random password with a length >= min and <= max." },
+ "Generate random password (based on printable ascii characters) "
+ "with a length >= min and <= max." },
+ { "generate_random_machine_password", (PyCFunction)py_generate_random_machine_password,
+ METH_VARARGS, "generate_random_machine_password(min, max) -> string\n"
+ "Generate random password "
+ "(based on random utf16 characters converted to utf8 or "
+ "random ascii characters if 'unix charset' is not 'utf8')"
+ "with a length >= min (at least 14) and <= max (at most 255)." },
{ "unix2nttime", (PyCFunction)py_unix2nttime, METH_VARARGS,
"unix2nttime(timestamp) -> nttime" },
{ "nttime2unix", (PyCFunction)py_nttime2unix, METH_VARARGS,
diff -Nru samba-4.5.4+dfsg/python/samba/dbchecker.py samba-4.5.8+dfsg/python/samba/dbchecker.py
--- samba-4.5.4+dfsg/python/samba/dbchecker.py 2016-12-05 08:18:44.000000000 +0000
+++ samba-4.5.8+dfsg/python/samba/dbchecker.py 2017-03-09 09:21:43.000000000 +0000
@@ -59,6 +59,7 @@
self.fix_all_string_dn_component_mismatch = False
self.fix_all_GUID_dn_component_mismatch = False
self.fix_all_SID_dn_component_mismatch = False
+ self.fix_all_old_dn_string_component_mismatch = False
self.fix_all_metadata = False
self.fix_time_metadata = False
self.fix_undead_linked_attributes = False
@@ -574,6 +575,23 @@
"Failed to fix %s on attribute %s" % (errstr, attrname)):
self.report("Fixed %s on attribute %s" % (errstr, attrname))
+ def err_dn_string_component_old(self, dn, attrname, val, dsdb_dn, correct_dn):
+ """handle a DN string being incorrect"""
+ self.report("NOTE: old (due to rename or delete) DN string component for %s in object %s - %s" % (attrname, dn, val))
+ dsdb_dn.dn = correct_dn
+
+ if not self.confirm_all('Change DN to %s?' % str(dsdb_dn),
+ 'fix_all_old_dn_string_component_mismatch'):
+ self.report("Not fixing old string component")
+ return
+ m = ldb.Message()
+ m.dn = dn
+ m['old_value'] = ldb.MessageElement(val, ldb.FLAG_MOD_DELETE, attrname)
+ m['new_value'] = ldb.MessageElement(str(dsdb_dn), ldb.FLAG_MOD_ADD, attrname)
+ if self.do_modify(m, ["show_recycled:1"],
+ "Failed to fix old DN string on attribute %s" % (attrname)):
+ self.report("Fixed old DN string on attribute %s" % (attrname))
+
def err_dn_component_target_mismatch(self, dn, attrname, val, dsdb_dn, correct_dn, mismatch_type):
"""handle a DN string being incorrect"""
self.report("ERROR: incorrect DN %s component for %s in object %s - %s" % (mismatch_type, attrname, dn, val))
@@ -627,10 +645,9 @@
self.report("Not fixing missing backlink %s" % backlink_name)
return
m = ldb.Message()
- m.dn = obj.dn
- m['old_value'] = ldb.MessageElement(val, ldb.FLAG_MOD_DELETE, attrname)
- m['new_value'] = ldb.MessageElement(val, ldb.FLAG_MOD_ADD, attrname)
- if self.do_modify(m, ["show_recycled:1"],
+ m.dn = target_dn
+ m['new_value'] = ldb.MessageElement(val, ldb.FLAG_MOD_ADD, backlink_name)
+ if self.do_modify(m, ["show_recycled:1", "relax:0"],
"Failed to fix missing backlink %s" % backlink_name):
self.report("Fixed missing backlink %s" % (backlink_name))
@@ -914,12 +931,16 @@
if rmd_flags & 1:
continue
- # check the DN matches in string form
- if str(res[0].dn) != str(dsdb_dn.dn):
- error_count += 1
- self.err_dn_component_target_mismatch(obj.dn, attrname, val, dsdb_dn,
- res[0].dn, "string")
- continue
+ # assert the DN matches in string form, where a reverse
+ # link exists, otherwise (below) offer to fix it as a non-error.
+ # The string form is essentially only kept for forensics,
+ # as we always re-resolve by GUID in normal operations.
+ if reverse_link_name is not None:
+ if str(res[0].dn) != str(dsdb_dn.dn):
+ error_count += 1
+ self.err_dn_component_target_mismatch(obj.dn, attrname, val, dsdb_dn,
+ res[0].dn, "string")
+ continue
if res[0].dn.get_extended_component("GUID") != dsdb_dn.dn.get_extended_component("GUID"):
error_count += 1
@@ -933,9 +954,18 @@
res[0].dn, "SID")
continue
+ # Now we have checked the GUID and SID, offer to fix old
+ # DN strings as a non-error (for forward links with no
+ # backlink). Samba does not maintain this string
+ # otherwise, so we don't increment error_count.
+ if reverse_link_name is None:
+ if str(res[0].dn) != str(dsdb_dn.dn):
+ self.err_dn_string_component_old(obj.dn, attrname, val, dsdb_dn,
+ res[0].dn)
+ continue
- # check the reverse_link is correct if there should be one
- if reverse_link_name is not None:
+ else:
+ # check the reverse_link is correct if there should be one
match_count = 0
if reverse_link_name in res[0]:
for v in res[0][reverse_link_name]:
@@ -943,12 +973,16 @@
if v_guid == obj_guid:
match_count += 1
if match_count != 1:
- if target_is_deleted:
- error_count += 1
- if linkID & 1:
- self.err_missing_backlink(obj, attrname, val, reverse_link_name, dsdb_dn.dn)
- else:
- self.err_orphaned_backlink(obj, attrname, val, reverse_link_name, dsdb_dn.dn)
+ error_count += 1
+ if linkID & 1:
+ # Backlink exists, but forward link does not
+ # Delete the hanging backlink
+ self.err_orphaned_backlink(obj, attrname, val, reverse_link_name, dsdb_dn.dn)
+ else:
+ # Forward link exists, but backlink does not
+ # Add the missing backlink (if the target object is not Deleted Objects?)
+ if not target_is_deleted:
+ self.err_missing_backlink(obj, attrname, obj.dn.extended_str(), reverse_link_name, dsdb_dn.dn)
continue
diff -Nru samba-4.5.4+dfsg/python/samba/__init__.py samba-4.5.8+dfsg/python/samba/__init__.py
--- samba-4.5.4+dfsg/python/samba/__init__.py 2016-12-05 08:18:44.000000000 +0000
+++ samba-4.5.8+dfsg/python/samba/__init__.py 2017-03-09 09:21:43.000000000 +0000
@@ -396,6 +396,7 @@
nttime2unix = _glue.nttime2unix
unix2nttime = _glue.unix2nttime
generate_random_password = _glue.generate_random_password
+generate_random_machine_password = _glue.generate_random_machine_password
strcasecmp_m = _glue.strcasecmp_m
strstr_m = _glue.strstr_m
is_ntvfs_fileserver_built = _glue.is_ntvfs_fileserver_built
diff -Nru samba-4.5.4+dfsg/python/samba/join.py samba-4.5.8+dfsg/python/samba/join.py
--- samba-4.5.4+dfsg/python/samba/join.py 2016-10-24 19:37:30.000000000 +0000
+++ samba-4.5.8+dfsg/python/samba/join.py 2017-03-09 09:21:43.000000000 +0000
@@ -104,7 +104,7 @@
if machinepass is not None:
ctx.acct_pass = machinepass
else:
- ctx.acct_pass = samba.generate_random_password(32, 40)
+ ctx.acct_pass = samba.generate_random_machine_password(128, 255)
ctx.dnsdomain = ctx.samdb.domain_dns_name()
if clone_only:
@@ -667,7 +667,7 @@
pass
ctx.net.set_password(account_name=ctx.samname,
domain_name=ctx.domain_name,
- newpassword=ctx.acct_pass)
+ newpassword=ctx.acct_pass.encode('utf-8'))
res = ctx.samdb.search(base=ctx.acct_dn, scope=ldb.SCOPE_BASE,
attrs=["msDS-KeyVersionNumber"])
@@ -691,7 +691,7 @@
{"DNSDOMAIN": ctx.dnsdomain,
"DOMAINDN": ctx.base_dn,
"HOSTNAME" : ctx.myname,
- "DNSPASS_B64": b64encode(ctx.dnspass),
+ "DNSPASS_B64": b64encode(ctx.dnspass.encode('utf-16-le')),
"DNSNAME" : ctx.dnshostname}))
for changetype, msg in recs:
assert changetype == ldb.CHANGETYPE_NONE
@@ -863,7 +863,7 @@
repl_creds.guess(ctx.lp)
repl_creds.set_kerberos_state(DONT_USE_KERBEROS)
repl_creds.set_username(ctx.samname)
- repl_creds.set_password(ctx.acct_pass)
+ repl_creds.set_password(ctx.acct_pass.encode('utf-8'))
else:
repl_creds = ctx.creds
@@ -1314,7 +1314,8 @@
ctx.domsid = security.random_sid()
ctx.acct_dn = None
ctx.dnshostname = "%s.%s" % (ctx.myname.lower(), ctx.dnsdomain)
- ctx.trustdom_pass = samba.generate_random_password(128, 128)
+ # Windows uses 240 bytes as UTF16 so we do
+ ctx.trustdom_pass = samba.generate_random_machine_password(120, 120)
ctx.userAccountControl = samba.dsdb.UF_SERVER_TRUST_ACCOUNT | samba.dsdb.UF_TRUSTED_FOR_DELEGATION
diff -Nru samba-4.5.4+dfsg/python/samba/netcmd/domain.py samba-4.5.8+dfsg/python/samba/netcmd/domain.py
--- samba-4.5.4+dfsg/python/samba/netcmd/domain.py 2016-10-24 19:37:30.000000000 +0000
+++ samba-4.5.8+dfsg/python/samba/netcmd/domain.py 2017-03-09 09:21:43.000000000 +0000
@@ -2254,33 +2254,14 @@
# needs to pass the NL_PASSWORD_VERSION structure within the
# 512 bytes and a 2 bytes confounder is required.
#
- def random_trust_secret(length, use_aes_keys=True):
- secret = [0] * length
-
- pw1 = samba.generate_random_password(length/2, length/2)
- if not use_aes_keys:
- # With arcfour-hmac-md5 we have to use valid utf16
- # in order to generate the correct pre-auth key
- # based on a utf8 password.
- #
- # We can remove this once our client libraries
- # support using the correct NTHASH.
- return string_to_byte_array(pw1.encode('utf-16-le'))
-
- # We mix characters from generate_random_password
- # with random numbers from random.randint()
- for i in range(len(secret)):
- if len(pw1) > i:
- secret[i] = ord(pw1[i])
- else:
- secret[i] = random.randint(0, 255)
-
- return secret
+ def random_trust_secret(length):
+ pw = samba.generate_random_machine_password(length/2, length/2)
+ return string_to_byte_array(pw.encode('utf-16-le'))
if local_trust_info.trust_direction & lsa.LSA_TRUST_DIRECTION_INBOUND:
- incoming_secret = random_trust_secret(240, use_aes_keys=use_aes_keys)
+ incoming_secret = random_trust_secret(240)
if local_trust_info.trust_direction & lsa.LSA_TRUST_DIRECTION_OUTBOUND:
- outgoing_secret = random_trust_secret(240, use_aes_keys=use_aes_keys)
+ outgoing_secret = random_trust_secret(240)
remote_policy_access |= lsa.LSA_POLICY_TRUST_ADMIN
remote_policy_access |= lsa.LSA_POLICY_CREATE_SECRET
diff -Nru samba-4.5.4+dfsg/python/samba/netcmd/user.py samba-4.5.8+dfsg/python/samba/netcmd/user.py
--- samba-4.5.4+dfsg/python/samba/netcmd/user.py 2016-08-11 07:51:04.000000000 +0000
+++ samba-4.5.8+dfsg/python/samba/netcmd/user.py 2017-03-09 09:21:43.000000000 +0000
@@ -670,7 +670,7 @@
self.outf.write("Sorry, passwords do not match.\n")
try:
- net.change_password(password)
+ net.change_password(password.encode('utf-8'))
except Exception, msg:
# FIXME: catch more specific exception
raise CommandError("Failed to change password : %s" % msg)
diff -Nru samba-4.5.4+dfsg/python/samba/provision/__init__.py samba-4.5.8+dfsg/python/samba/provision/__init__.py
--- samba-4.5.4+dfsg/python/samba/provision/__init__.py 2016-08-11 07:51:04.000000000 +0000
+++ samba-4.5.8+dfsg/python/samba/provision/__init__.py 2017-03-09 09:21:43.000000000 +0000
@@ -877,7 +877,7 @@
msg["msDS-KeyVersionNumber"] = [str(key_version_number)]
msg["privateKeytab"] = ["secrets.keytab"]
- msg["secret"] = [machinepass]
+ msg["secret"] = [machinepass.encode('utf-8')]
msg["samAccountName"] = ["%s$" % netbiosname]
msg["secureChannelType"] = [str(secure_channel_type)]
if domainsid is not None:
@@ -1768,9 +1768,9 @@
invocationid = str(uuid.uuid4())
if krbtgtpass is None:
- krbtgtpass = samba.generate_random_password(128, 255)
+ krbtgtpass = samba.generate_random_machine_password(128, 255)
if machinepass is None:
- machinepass = samba.generate_random_password(128, 255)
+ machinepass = samba.generate_random_machine_password(128, 255)
if dnspass is None:
dnspass = samba.generate_random_password(128, 255)
diff -Nru samba-4.5.4+dfsg/python/samba/provision/sambadns.py samba-4.5.8+dfsg/python/samba/provision/sambadns.py
--- samba-4.5.4+dfsg/python/samba/provision/sambadns.py 2016-12-05 08:18:44.000000000 +0000
+++ samba-4.5.8+dfsg/python/samba/provision/sambadns.py 2017-03-09 09:21:43.000000000 +0000
@@ -661,7 +661,7 @@
"REALM": realm,
"DNSDOMAIN": dnsdomain,
"DNS_KEYTAB": dns_keytab_path,
- "DNSPASS_B64": b64encode(dnspass),
+ "DNSPASS_B64": b64encode(dnspass.encode('utf-8')),
"KEY_VERSION_NUMBER": str(key_version_number),
"HOSTNAME": names.hostname,
"DNSNAME" : '%s.%s' % (
diff -Nru samba-4.5.4+dfsg/python/samba/samdb.py samba-4.5.8+dfsg/python/samba/samdb.py
--- samba-4.5.4+dfsg/python/samba/samdb.py 2016-12-05 08:18:44.000000000 +0000
+++ samba-4.5.8+dfsg/python/samba/samdb.py 2017-03-09 09:21:43.000000000 +0000
@@ -503,7 +503,7 @@
if len(res) > 1:
raise Exception('Matched %u multiple users with filter "%s"' % (len(res), search_filter))
user_dn = res[0].dn
- pw = unicode('"' + password + '"', 'utf-8').encode('utf-16-le')
+ pw = unicode('"' + password.encode('utf-8') + '"', 'utf-8').encode('utf-16-le')
setpw = """
dn: %s
changetype: modify
diff -Nru samba-4.5.4+dfsg/python/samba/upgradehelpers.py samba-4.5.8+dfsg/python/samba/upgradehelpers.py
--- samba-4.5.4+dfsg/python/samba/upgradehelpers.py 2016-08-11 07:51:04.000000000 +0000
+++ samba-4.5.8+dfsg/python/samba/upgradehelpers.py 2017-03-09 09:21:43.000000000 +0000
@@ -573,7 +573,7 @@
assert(len(res) == 1)
msg = ldb.Message(res[0].dn)
- machinepass = samba.generate_random_password(128, 255)
+ machinepass = samba.generate_random_machine_password(128, 255)
mputf16 = machinepass.encode('utf-16-le')
msg["clearTextPassword"] = ldb.MessageElement(mputf16,
ldb.FLAG_MOD_REPLACE,
@@ -648,7 +648,7 @@
assert(len(res) == 1)
msg = ldb.Message(res[0].dn)
- machinepass = samba.generate_random_password(128, 255)
+ machinepass = samba.generate_random_machine_password(128, 255)
mputf16 = machinepass.encode('utf-16-le')
msg["clearTextPassword"] = ldb.MessageElement(mputf16,
ldb.FLAG_MOD_REPLACE,
diff -Nru samba-4.5.4+dfsg/script/release.sh samba-4.5.8+dfsg/script/release.sh
--- samba-4.5.4+dfsg/script/release.sh 2016-12-05 08:18:44.000000000 +0000
+++ samba-4.5.8+dfsg/script/release.sh 2017-01-30 09:56:26.000000000 +0000
@@ -830,7 +830,8 @@
top=$(cat ${TMPDIR}/WHATSNEW.txt | wc -l)
}
local skip=$(cat ${TMPDIR}/WHATSNEW.txt | grep -n '^[^ ]' | head -1 | cut -d ':' -f1)
- local bottom=$(expr ${top} - \( ${skip} - 1 \))
+ local headlimit=$(expr ${top} - 1 )
+ local taillimit=$(expr ${headlimit} - \( ${skip} - 1 \))
cat "announce.${tagname}.quotation.txt"
echo ""
@@ -838,7 +839,7 @@
echo "Release Announcements"
echo "---------------------"
echo ""
- head -${top} ${TMPDIR}/WHATSNEW.txt | tail -${bottom}
+ head -${headlimit} ${TMPDIR}/WHATSNEW.txt | tail -${taillimit}
echo ""
echo "================"
echo "Download Details"
diff -Nru samba-4.5.4+dfsg/selftest/skip samba-4.5.8+dfsg/selftest/skip
--- samba-4.5.4+dfsg/selftest/skip 2017-01-17 19:55:44.000000000 +0000
+++ samba-4.5.8+dfsg/selftest/skip 2017-03-09 09:21:43.000000000 +0000
@@ -48,6 +48,7 @@
^samba3.smbtorture_s3.plain\(ad_dc_ntvfs\).POSIX-SYMLINK-EA # Fails against the s4 ntvfs server
^samba3.smbtorture_s3.plain\(ad_dc_ntvfs\).POSIX-OFD-LOCK # Fails against the s4 ntvfs server
^samba3.smbtorture_s3.plain\(ad_dc_ntvfs\).POSIX-STREAM-DELETE # Fails against the s4 ntvfs server
+^samba3.smbtorture_s3.plain\(ad_dc_ntvfs\).WINDOWS-BAD-SYMLINK # Fails against the s4 ntvfs server
^samba3.smbtorture_s3.plain\(ad_dc_ntvfs\).RENAME-ACCESS # Fails against the s4 ntvfs server
^samba3.smbtorture_s3.plain\(ad_dc_ntvfs\).OWNER-RIGHTS # Don't test against the s4 ntvfs server anymore
^samba3.smbtorture_s3.plain\(ad_dc_ntvfs\).PIDHIGH # Fails against the s4 ntvfs server
diff -Nru samba-4.5.4+dfsg/selftest/target/Samba3.pm samba-4.5.8+dfsg/selftest/target/Samba3.pm
--- samba-4.5.4+dfsg/selftest/target/Samba3.pm 2017-01-17 19:55:44.000000000 +0000
+++ samba-4.5.8+dfsg/selftest/target/Samba3.pm 2017-03-31 06:25:18.000000000 +0000
@@ -554,6 +554,7 @@
ntlm auth = yes
vfs objects = xattr_tdb streams_depot time_audit full_audit
change notify = no
+ smb encrypt = off
full_audit:syslog = no
full_audit:success = none
@@ -571,6 +572,11 @@
store dos attributes = yes
hide files = /hidefile/
hide dot files = yes
+
+[enc_desired]
+ path = $prefix_abs/share
+ vfs objects =
+ smb encrypt = desired
";
my $vars = $self->provision($path,
@@ -757,6 +763,8 @@
security = ads
username map = $prefix/lib/username.map
server signing = required
+ server min protocol = SMB3_00
+ client max protocol = SMB3
";
my $ret = $self->provision($prefix,
@@ -1199,6 +1207,9 @@
my $shadow_shrdir="$shadow_basedir/share";
push(@dirs,$shadow_shrdir);
+ my $nosymlinks_shrdir="$shrdir/nosymlinks";
+ push(@dirs,$nosymlinks_shrdir);
+
# this gets autocreated by winbindd
my $wbsockdir="$prefix_abs/winbindd";
my $wbsockprivdir="$lockdir/winbindd_privileged";
@@ -1610,7 +1621,7 @@
path = $shrdir
vfs objects = catia fruit streams_xattr acl_xattr
ea support = yes
- fruit:resource = file
+ fruit:ressource = file
fruit:metadata = netatalk
fruit:locking = netatalk
fruit:encoding = native
@@ -1812,6 +1823,10 @@
copy = tmp
acl_xattr:ignore system acls = yes
acl_xattr:default acl style = posix
+[nosymlinks]
+ copy = tmp
+ path = $nosymlinks_shrdir
+ follow symlinks = no
[acl_xattr_ign_sysacl_windows]
copy = tmp
acl_xattr:ignore system acls = yes
diff -Nru samba-4.5.4+dfsg/selftest/target/Samba4.pm samba-4.5.8+dfsg/selftest/target/Samba4.pm
--- samba-4.5.4+dfsg/selftest/target/Samba4.pm 2017-01-17 19:55:44.000000000 +0000
+++ samba-4.5.8+dfsg/selftest/target/Samba4.pm 2017-01-30 09:56:26.000000000 +0000
@@ -910,7 +910,7 @@
path = $ctx->{share}
vfs objects = catia fruit streams_xattr acl_xattr
ea support = yes
- fruit:resource = file
+ fruit:ressource = file
fruit:metadata = netatalk
fruit:locking = netatalk
fruit:encoding = native
diff -Nru samba-4.5.4+dfsg/source3/include/proto.h samba-4.5.8+dfsg/source3/include/proto.h
--- samba-4.5.4+dfsg/source3/include/proto.h 2016-09-13 08:21:35.000000000 +0000
+++ samba-4.5.8+dfsg/source3/include/proto.h 2017-03-09 09:21:43.000000000 +0000
@@ -880,6 +880,9 @@
struct netlogon_creds_cli_context;
struct messaging_context;
struct dcerpc_binding_handle;
+char *trust_pw_new_value(TALLOC_CTX *mem_ctx,
+ enum netr_SchannelType sec_channel_type,
+ int security);
NTSTATUS trust_pw_change(struct netlogon_creds_cli_context *context,
struct messaging_context *msg_ctx,
struct dcerpc_binding_handle *b,
diff -Nru samba-4.5.4+dfsg/source3/include/smb.h samba-4.5.8+dfsg/source3/include/smb.h
--- samba-4.5.4+dfsg/source3/include/smb.h 2016-08-11 07:51:04.000000000 +0000
+++ samba-4.5.8+dfsg/source3/include/smb.h 2017-03-09 09:21:43.000000000 +0000
@@ -733,12 +733,6 @@
#define SAFE_NETBIOS_CHARS ". -_"
-/* The maximum length of a trust account password.
- Used when we randomly create it, 15 char passwords
- exceed NT4's max password length */
-
-#define DEFAULT_TRUST_ACCOUNT_PASSWORD_LENGTH 14
-
#define PORT_NONE 0
#ifndef LDAP_PORT
#define LDAP_PORT 389
diff -Nru samba-4.5.4+dfsg/source3/lib/util_path.c samba-4.5.8+dfsg/source3/lib/util_path.c
--- samba-4.5.4+dfsg/source3/lib/util_path.c 2016-08-11 07:51:04.000000000 +0000
+++ samba-4.5.8+dfsg/source3/lib/util_path.c 2017-03-09 09:21:43.000000000 +0000
@@ -93,3 +93,142 @@
{
return xx_path(name, lp_cache_directory());
}
+
+/**
+ * @brief Removes any invalid path components in an absolute POSIX path.
+ *
+ * @param ctx Talloc context to return string.
+ *
+ * @param abs_path Absolute path string to process.
+ *
+ * @retval Pointer to a talloc'ed string containing the absolute full path.
+ **/
+
+char *canonicalize_absolute_path(TALLOC_CTX *ctx, const char *abs_path)
+{
+ char *destname;
+ char *d;
+ const char *s = abs_path;
+ bool start_of_name_component = true;
+
+ /* Allocate for strlen + '\0' + possible leading '/' */
+ destname = (char *)talloc_size(ctx, strlen(abs_path) + 2);
+ if (destname == NULL) {
+ return NULL;
+ }
+ d = destname;
+
+ *d++ = '/'; /* Always start with root. */
+
+ while (*s) {
+ if (*s == '/') {
+ /* Eat multiple '/' */
+ while (*s == '/') {
+ s++;
+ }
+ if ((d > destname + 1) && (*s != '\0')) {
+ *d++ = '/';
+ }
+ start_of_name_component = true;
+ continue;
+ }
+
+ if (start_of_name_component) {
+ if ((s[0] == '.') && (s[1] == '.') &&
+ (s[2] == '/' || s[2] == '\0')) {
+ /* Uh oh - "/../" or "/..\0" ! */
+
+ /* Go past the .. leaving us on the / or '\0' */
+ s += 2;
+
+ /* If we just added a '/' - delete it */
+ if ((d > destname) && (*(d-1) == '/')) {
+ *(d-1) = '\0';
+ d--;
+ }
+
+ /*
+ * Are we at the start ?
+ * Can't go back further if so.
+ */
+ if (d <= destname) {
+ *d++ = '/'; /* Can't delete root */
+ continue;
+ }
+ /* Go back one level... */
+ /*
+ * Decrement d first as d points to
+ * the *next* char to write into.
+ */
+ for (d--; d > destname; d--) {
+ if (*d == '/') {
+ break;
+ }
+ }
+
+ /*
+ * Are we at the start ?
+ * Can't go back further if so.
+ */
+ if (d <= destname) {
+ *d++ = '/'; /* Can't delete root */
+ continue;
+ }
+
+ /*
+ * We're still at the start of a name
+ * component, just the previous one.
+ */
+ continue;
+ } else if ((s[0] == '.') &&
+ ((s[1] == '\0') || s[1] == '/')) {
+ /*
+ * Component of pathname can't be "." only.
+ * Skip the '.' .
+ */
+ if (s[1] == '/') {
+ s += 2;
+ } else {
+ s++;
+ }
+ continue;
+ }
+ }
+
+ if (!(*s & 0x80)) {
+ *d++ = *s++;
+ } else {
+ size_t siz;
+ /* Get the size of the next MB character. */
+ next_codepoint(s,&siz);
+ switch(siz) {
+ case 5:
+ *d++ = *s++;
+ /*fall through*/
+ case 4:
+ *d++ = *s++;
+ /*fall through*/
+ case 3:
+ *d++ = *s++;
+ /*fall through*/
+ case 2:
+ *d++ = *s++;
+ /*fall through*/
+ case 1:
+ *d++ = *s++;
+ break;
+ default:
+ break;
+ }
+ }
+ start_of_name_component = false;
+ }
+ *d = '\0';
+
+ /* And must not end in '/' */
+ if (d > destname + 1 && (*(d-1) == '/')) {
+ *(d-1) = '\0';
+ }
+
+ return destname;
+}
diff -Nru samba-4.5.4+dfsg/source3/lib/util_path.h samba-4.5.8+dfsg/source3/lib/util_path.h
--- samba-4.5.4+dfsg/source3/lib/util_path.h 2016-08-11 07:51:04.000000000 +0000
+++ samba-4.5.8+dfsg/source3/lib/util_path.h 2017-03-09 09:21:43.000000000 +0000
@@ -27,5 +27,6 @@
char *lock_path(const char *name);
char *state_path(const char *name);
char *cache_path(const char *name);
+char *canonicalize_absolute_path(TALLOC_CTX *ctx, const char *abs_path);
#endif
diff -Nru samba-4.5.4+dfsg/source3/libads/sasl.c samba-4.5.8+dfsg/source3/libads/sasl.c
--- samba-4.5.4+dfsg/source3/libads/sasl.c 2016-10-24 19:37:30.000000000 +0000
+++ samba-4.5.8+dfsg/source3/libads/sasl.c 2017-03-09 09:21:43.000000000 +0000
@@ -703,6 +703,7 @@
#ifdef HAVE_KRB5
bool got_kerberos_mechanism = False;
#endif
+ const char *mech = NULL;
rc = ldap_sasl_bind_s(ads->ldap.ld, NULL, "GSS-SPNEGO", NULL, NULL, NULL, &scred);
@@ -749,6 +750,8 @@
if (!(ads->auth.flags & ADS_AUTH_DISABLE_KERBEROS) &&
got_kerberos_mechanism)
{
+ mech = "KRB5";
+
if (ads->auth.password == NULL ||
ads->auth.password[0] == '\0')
{
@@ -775,7 +778,11 @@
blob);
if (!ADS_ERR_OK(status)) {
DEBUG(0,("kinit succeeded but "
- "ads_sasl_spnego_gensec_bind(KRB5) failed: %s\n",
+ "ads_sasl_spnego_gensec_bind(KRB5) failed: "
+ "for %s/%s user[%s] realm[%s]: %s\n",
+ p.service, p.hostname,
+ ads->auth.user_name,
+ ads->auth.realm,
ads_errstr(status)));
}
}
@@ -785,17 +792,33 @@
!(ads->auth.flags & ADS_AUTH_ALLOW_NTLMSSP)) {
goto done;
}
+
+ DEBUG(1,("ads_sasl_spnego_gensec_bind(KRB5) failed for %s/%s "
+ "with user[%s] realm[%s]: %s, fallback to NTLMSSP\n",
+ p.service, p.hostname,
+ ads->auth.user_name,
+ ads->auth.realm,
+ ads_errstr(status)));
}
#endif
/* lets do NTLMSSP ... this has the big advantage that we don't need
to sync clocks, and we don't rely on special versions of the krb5
library for HMAC_MD4 encryption */
+ mech = "NTLMSSP";
status = ads_sasl_spnego_gensec_bind(ads, "GSS-SPNEGO",
CRED_DONT_USE_KERBEROS,
p.service, p.hostname,
data_blob_null);
done:
+ if (!ADS_ERR_OK(status)) {
+ DEBUG(1,("ads_sasl_spnego_gensec_bind(%s) failed for %s/%s "
+ "with user[%s] realm=[%s]: %s\n", mech,
+ p.service, p.hostname,
+ ads->auth.user_name,
+ ads->auth.realm,
+ ads_errstr(status)));
+ }
ads_free_service_principal(&p);
TALLOC_FREE(frame);
if (blob.data != NULL) {
diff -Nru samba-4.5.4+dfsg/source3/libads/util.c samba-4.5.8+dfsg/source3/libads/util.c
--- samba-4.5.4+dfsg/source3/libads/util.c 2016-08-11 07:51:04.000000000 +0000
+++ samba-4.5.8+dfsg/source3/libads/util.c 2017-03-09 09:21:43.000000000 +0000
@@ -35,9 +35,12 @@
return ADS_ERROR_SYSTEM(ENOENT);
}
- new_password = generate_random_password(talloc_tos(),
- DEFAULT_TRUST_ACCOUNT_PASSWORD_LENGTH,
- DEFAULT_TRUST_ACCOUNT_PASSWORD_LENGTH);
+ new_password = trust_pw_new_value(talloc_tos(), SEC_CHAN_WKSTA, SEC_ADS);
+ if (new_password == NULL) {
+ ret = ADS_ERROR_SYSTEM(errno);
+ DEBUG(1,("Failed to generate machine password\n"));
+ goto failed;
+ }
ret = kerberos_set_password(ads->auth.kdc_server, host_principal, password, host_principal, new_password, ads->auth.time_offset);
diff -Nru samba-4.5.4+dfsg/source3/libnet/libnet_join.c samba-4.5.8+dfsg/source3/libnet/libnet_join.c
--- samba-4.5.4+dfsg/source3/libnet/libnet_join.c 2016-09-13 08:21:35.000000000 +0000
+++ samba-4.5.8+dfsg/source3/libnet/libnet_join.c 2017-03-09 09:21:43.000000000 +0000
@@ -1138,9 +1138,11 @@
}
if (!r->in.machine_password) {
- r->in.machine_password = generate_random_password(mem_ctx,
- DEFAULT_TRUST_ACCOUNT_PASSWORD_LENGTH,
- DEFAULT_TRUST_ACCOUNT_PASSWORD_LENGTH);
+ int security = r->in.ads ? SEC_ADS : SEC_DOMAIN;
+
+ r->in.machine_password = trust_pw_new_value(mem_ctx,
+ r->in.secure_channel_type,
+ security);
if (r->in.machine_password == NULL) {
TALLOC_FREE(frame);
return NT_STATUS_NO_MEMORY;
@@ -1233,9 +1235,11 @@
}
if (!r->in.machine_password) {
- r->in.machine_password = generate_random_password(mem_ctx,
- DEFAULT_TRUST_ACCOUNT_PASSWORD_LENGTH,
- DEFAULT_TRUST_ACCOUNT_PASSWORD_LENGTH);
+ int security = r->in.ads ? SEC_ADS : SEC_DOMAIN;
+
+ r->in.machine_password = trust_pw_new_value(mem_ctx,
+ r->in.secure_channel_type,
+ security);
NT_STATUS_HAVE_NO_MEMORY(r->in.machine_password);
}
diff -Nru samba-4.5.4+dfsg/source3/librpc/rpc/dcerpc.h samba-4.5.8+dfsg/source3/librpc/rpc/dcerpc.h
--- samba-4.5.4+dfsg/source3/librpc/rpc/dcerpc.h 2016-08-11 07:51:04.000000000 +0000
+++ samba-4.5.8+dfsg/source3/librpc/rpc/dcerpc.h 2017-03-09 09:21:43.000000000 +0000
@@ -61,8 +61,7 @@
DATA_BLOB *blob);
NTSTATUS dcerpc_pull_ncacn_packet(TALLOC_CTX *mem_ctx,
const DATA_BLOB *blob,
- struct ncacn_packet *r,
- bool bigendian);
+ struct ncacn_packet *r);
NTSTATUS dcerpc_push_dcerpc_auth(TALLOC_CTX *mem_ctx,
enum dcerpc_AuthType auth_type,
enum dcerpc_AuthLevel auth_level,
diff -Nru samba-4.5.4+dfsg/source3/librpc/rpc/dcerpc_helpers.c samba-4.5.8+dfsg/source3/librpc/rpc/dcerpc_helpers.c
--- samba-4.5.4+dfsg/source3/librpc/rpc/dcerpc_helpers.c 2016-08-11 07:51:04.000000000 +0000
+++ samba-4.5.8+dfsg/source3/librpc/rpc/dcerpc_helpers.c 2017-03-09 09:21:43.000000000 +0000
@@ -88,14 +88,12 @@
* elements
* @param blob The blob of data to decode
* @param r An empty ncacn_packet, must not be NULL
-* @param bigendian Whether the packet is bignedian encoded
*
* @return a NTSTATUS error code
*/
NTSTATUS dcerpc_pull_ncacn_packet(TALLOC_CTX *mem_ctx,
const DATA_BLOB *blob,
- struct ncacn_packet *r,
- bool bigendian)
+ struct ncacn_packet *r)
{
enum ndr_err_code ndr_err;
struct ndr_pull *ndr;
@@ -104,11 +102,12 @@
if (!ndr) {
return NT_STATUS_NO_MEMORY;
}
- if (bigendian) {
+
+ if (!(CVAL(ndr->data, DCERPC_DREP_OFFSET) & DCERPC_DREP_LE)) {
ndr->flags |= LIBNDR_FLAG_BIGENDIAN;
}
- if (CVAL(blob->data, DCERPC_PFC_OFFSET) & DCERPC_PFC_FLAG_OBJECT_UUID) {
+ if (CVAL(ndr->data, DCERPC_PFC_OFFSET) & DCERPC_PFC_FLAG_OBJECT_UUID) {
ndr->flags |= LIBNDR_FLAG_OBJECT_PRESENT;
}
diff -Nru samba-4.5.4+dfsg/source3/libsmb/trusts_util.c samba-4.5.8+dfsg/source3/libsmb/trusts_util.c
--- samba-4.5.4+dfsg/source3/libsmb/trusts_util.c 2016-08-11 07:51:04.000000000 +0000
+++ samba-4.5.8+dfsg/source3/libsmb/trusts_util.c 2017-03-09 09:21:43.000000000 +0000
@@ -47,6 +47,62 @@
return 0;
}
+char *trust_pw_new_value(TALLOC_CTX *mem_ctx,
+ enum netr_SchannelType sec_channel_type,
+ int security)
+{
+ /*
+ * use secure defaults.
+ */
+ size_t min = 128;
+ size_t max = 255;
+
+ switch (sec_channel_type) {
+ case SEC_CHAN_WKSTA:
+ case SEC_CHAN_BDC:
+ if (security == SEC_DOMAIN) {
+ /*
+ * The maximum length of a trust account password.
+ * Used when we randomly create it, 15 char passwords
+ * exceed NT4's max password length.
+ */
+ min = 14;
+ max = 14;
+ }
+ break;
+ case SEC_CHAN_DNS_DOMAIN:
+ /*
+ * new_len * 2 = 498 bytes is the largest possible length
+ * NL_PASSWORD_VERSION consumes the rest of the possible 512 bytes
+ * and a confounder with at least 2 bytes is required.
+ *
+ * Windows uses new_len = 120 => 240 bytes (utf16)
+ */
+ min = 120;
+ max = 120;
+ break;
+ /* fall through */
+ case SEC_CHAN_DOMAIN:
+ /*
+ * The maximum length of a trust account password.
+ * Used when we randomly create it, 15 char passwords
+ * exceed NT4's max password length.
+ */
+ min = 14;
+ max = 14;
+ break;
+ default:
+ break;
+ }
+
+ /*
+ * Create a random machine account password
+ * We create a random buffer and convert that to utf8.
+ * This is similar to what windows is doing.
+ */
+ return generate_random_machine_password(mem_ctx, min, max);
+}
+
NTSTATUS trust_pw_change(struct netlogon_creds_cli_context *context,
struct messaging_context *msg_ctx,
struct dcerpc_binding_handle *b,
@@ -54,6 +110,7 @@
bool force)
{
TALLOC_CTX *frame = talloc_stackframe();
+ const char *context_name = NULL;
struct trust_pw_change_state *state;
struct cli_credentials *creds = NULL;
const struct samr_Password *current_nt_hash = NULL;
@@ -65,10 +122,7 @@
struct timeval g_timeout = { 0, };
int timeout = 0;
struct timeval tv = { 0, };
- size_t new_len = DEFAULT_TRUST_ACCOUNT_PASSWORD_LENGTH;
- uint8_t new_password_buffer[256 * 2] = { 0, };
char *new_trust_passwd = NULL;
- size_t len = 0;
uint32_t new_version = 0;
uint32_t *new_trust_version = NULL;
NTSTATUS status;
@@ -134,16 +188,6 @@
case SEC_CHAN_BDC:
break;
case SEC_CHAN_DNS_DOMAIN:
- /*
- * new_len * 2 = 498 bytes is the largest possible length
- * NL_PASSWORD_VERSION consumes the rest of the possible 512 bytes
- * and a confounder with at least 2 bytes is required.
- *
- * Windows uses new_len = 120 => 240 bytes.
- */
- new_len = 120;
-
- /* fall through */
case SEC_CHAN_DOMAIN:
status = pdb_get_trusted_domain(frame, domain, &td);
if (!NT_STATUS_IS_OK(status)) {
@@ -181,19 +225,21 @@
return NT_STATUS_OK;
}
+ context_name = netlogon_creds_cli_debug_string(context, talloc_tos());
+ if (context_name == NULL) {
+ TALLOC_FREE(frame);
+ return NT_STATUS_NO_MEMORY;
+ }
+
/*
* Create a random machine account password
* We create a random buffer and convert that to utf8.
* This is similar to what windows is doing.
*/
- generate_secret_buffer(new_password_buffer, new_len * 2);
- ok = convert_string_talloc(frame,
- CH_UTF16MUNGED, CH_UTF8,
- new_password_buffer, new_len * 2,
- (void *)&new_trust_passwd, &len);
- ZERO_STRUCT(new_password_buffer);
- if (!ok) {
- DEBUG(0, ("convert_string_talloc failed\n"));
+ new_trust_passwd = trust_pw_new_value(frame, sec_channel_type,
+ lp_security());
+ if (new_trust_passwd == NULL) {
+ DEBUG(0, ("trust_pw_new_value() failed\n"));
TALLOC_FREE(frame);
return NT_STATUS_NO_MEMORY;
}
@@ -215,12 +261,16 @@
*current_nt_hash,
previous_nt_hash);
if (!NT_STATUS_IS_OK(status)) {
- DEBUG(0, ("netlogon_creds_cli_auth for domain %s - %s!\n",
- domain, nt_errstr(status)));
+ DEBUG(0, ("netlogon_creds_cli_auth(%s) failed for old password - %s!\n",
+ context_name, nt_errstr(status)));
TALLOC_FREE(frame);
return status;
}
+ DEBUG(0,("%s : %s(%s): Verified old password remotely using %s\n",
+ current_timestring(talloc_tos(), false),
+ __func__, domain, context_name));
+
/*
* Return the result of trying to write the new password
* back into the trust account file.
@@ -260,22 +310,57 @@
break;
}
- DEBUG(1,("%s : %s(%s): Changed password locally\n",
+ DEBUG(0,("%s : %s(%s): Changed password locally\n",
current_timestring(talloc_tos(), false), __func__, domain));
status = netlogon_creds_cli_ServerPasswordSet(context, b,
new_trust_passwd,
new_trust_version);
if (!NT_STATUS_IS_OK(status)) {
- DEBUG(0,("%s : %s(%s) remote password change set failed - %s\n",
- current_timestring(talloc_tos(), false), __func__,
- domain, nt_errstr(status)));
+ DEBUG(0,("%s : %s(%s) remote password change set with %s failed - %s\n",
+ current_timestring(talloc_tos(), false),
+ __func__, domain, context_name,
+ nt_errstr(status)));
TALLOC_FREE(frame);
return status;
}
- DEBUG(1,("%s : %s(%s): Changed password remotely.\n",
- current_timestring(talloc_tos(), false), __func__, domain));
+ DEBUG(0,("%s : %s(%s): Changed password remotely using %s\n",
+ current_timestring(talloc_tos(), false),
+ __func__, domain, context_name));
+
+ ok = cli_credentials_set_password(creds, new_trust_passwd, CRED_SPECIFIED);
+ if (!ok) {
+ DEBUG(0, ("cli_credentials_set_password failed for domain %s!\n",
+ domain));
+ TALLOC_FREE(frame);
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ current_nt_hash = cli_credentials_get_nt_hash(creds, frame);
+ if (current_nt_hash == NULL) {
+ DEBUG(0, ("cli_credentials_get_nt_hash failed for domain %s!\n",
+ domain));
+ TALLOC_FREE(frame);
+ return NT_STATUS_TRUSTED_RELATIONSHIP_FAILURE;
+ }
+
+ /*
+ * Now we verify the new password.
+ */
+ status = netlogon_creds_cli_auth(context, b,
+ *current_nt_hash,
+ NULL); /* previous_nt_hash */
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(0, ("netlogon_creds_cli_auth(%s) failed for new password - %s!\n",
+ context_name, nt_errstr(status)));
+ TALLOC_FREE(frame);
+ return status;
+ }
+
+ DEBUG(0,("%s : %s(%s): Verified new password remotely using %s\n",
+ current_timestring(talloc_tos(), false),
+ __func__, domain, context_name));
TALLOC_FREE(frame);
return NT_STATUS_OK;
diff -Nru samba-4.5.4+dfsg/source3/modules/vfs_catia.c samba-4.5.8+dfsg/source3/modules/vfs_catia.c
--- samba-4.5.4+dfsg/source3/modules/vfs_catia.c 2017-01-17 19:55:44.000000000 +0000
+++ samba-4.5.8+dfsg/source3/modules/vfs_catia.c 2017-03-09 09:21:43.000000000 +0000
@@ -4,13 +4,13 @@
* Implement a fixed mapping of forbidden NT characters in filenames that are
* used a lot by the CAD package Catia.
*
- * Yes, this a BAD BAD UGLY INCOMPLETE hack, but it helps quite some people
- * out there. Catia V4 on AIX uses characters like "<*$ a *lot*, all forbidden
- * under Windows...
+ * Catia V4 on AIX uses characters like "<*$ a *lot*, all forbidden under
+ * Windows...
*
* Copyright (C) Volker Lendecke, 2005
* Copyright (C) Aravind Srinivasan, 2009
* Copyright (C) Guenter Kukkukk, 2013
+ * Copyright (C) Ralph Boehme, 2017
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -29,6 +29,8 @@
#include "includes.h"
#include "smbd/smbd.h"
+#include "lib/util/tevent_unix.h"
+#include "lib/util/tevent_ntstatus.h"
static int vfs_catia_debug_level = DBGC_VFS;
@@ -52,6 +54,15 @@
struct char_mappings **mappings;
};
+struct catia_cache {
+ bool is_fsp_ext;
+ const struct catia_cache * const *busy;
+ char *orig_fname;
+ char *fname;
+ char *orig_base_fname;
+ char *base_fname;
+};
+
struct share_mapping_entry *srt_head = NULL;
static bool build_table(struct char_mappings **cmaps, int value)
@@ -353,30 +364,305 @@
return ret;
}
+#define CATIA_DEBUG_CC(lvl, cc, fsp) \
+ catia_debug_cc((lvl), (cc), (fsp), __location__);
+
+static void catia_debug_cc(int lvl,
+ struct catia_cache *cc,
+ files_struct *fsp,
+ const char *location)
+{
+ DEBUG(lvl, ("%s: cc [0x%p] cc->busy [0x%p] "
+ "is_fsp_ext [%s] "
+ "fsp [0x%p] fsp name [%s] "
+ "orig_fname [%s] "
+ "fname [%s] "
+ "orig_base_fname [%s] "
+ "base_fname [%s]\n",
+ location,
+ cc, cc->busy,
+ cc->is_fsp_ext ? "yes" : "no",
+ fsp, fsp_str_dbg(fsp),
+ cc->orig_fname, cc->fname,
+ cc->orig_base_fname, cc->base_fname));
+}
+
+static void catia_free_cc(struct catia_cache **_cc,
+ vfs_handle_struct *handle,
+ files_struct *fsp)
+{
+ struct catia_cache *cc = *_cc;
+
+ if (cc->is_fsp_ext) {
+ VFS_REMOVE_FSP_EXTENSION(handle, fsp);
+ cc = NULL;
+ } else {
+ TALLOC_FREE(cc);
+ }
+
+ *_cc = NULL;
+}
+
+static struct catia_cache *catia_validate_and_apply_cc(
+ vfs_handle_struct *handle,
+ files_struct *fsp,
+ const struct catia_cache * const *busy,
+ bool *make_tmp_cache)
+{
+ struct catia_cache *cc = NULL;
+
+ *make_tmp_cache = false;
+
+ cc = (struct catia_cache *)VFS_FETCH_FSP_EXTENSION(handle, fsp);
+ if (cc == NULL) {
+ return NULL;
+ }
+
+ if (cc->busy != NULL) {
+ if (cc->busy == busy) {
+ /* This should never happen */
+ CATIA_DEBUG_CC(0, cc, fsp);
+ smb_panic(__location__);
+ }
+
+ /*
+ * Recursion. Validate names, the names in the fsp's should be
+ * the translated names we had set.
+ */
+
+ if ((cc->fname != fsp->fsp_name->base_name)
+ ||
+ ((fsp->base_fsp != NULL) &&
+ (cc->base_fname != fsp->base_fsp->fsp_name->base_name)))
+ {
+ CATIA_DEBUG_CC(10, cc, fsp);
+
+ /*
+ * Names changed. Setting don't expose the cache on the
+ * fsp and ask the caller to create a temporary cache.
+ */
+ *make_tmp_cache = true;
+ return NULL;
+ }
+
+ /*
+ * Ok, a validated cache while in a recursion, just let the
+ * caller detect that cc->busy is != busy and there's
+ * nothing else to do.
+ */
+ CATIA_DEBUG_CC(10, cc, fsp);
+ return cc;
+ }
+
+ /* Not in a recursion */
+
+ if ((cc->orig_fname != fsp->fsp_name->base_name)
+ ||
+ ((fsp->base_fsp != NULL) &&
+ (cc->orig_base_fname != fsp->base_fsp->fsp_name->base_name)))
+ {
+ /*
+ * fsp names changed, this can happen in an rename op.
+ * Trigger recreation as a full fledged fsp extension.
+ */
+
+ CATIA_DEBUG_CC(10, cc, fsp);
+ catia_free_cc(&cc, handle, fsp);
+ return NULL;
+ }
+
+
+ /*
+ * Ok, we found a valid cache entry, no recursion. Just set translated
+ * names from the cache and mark the cc as busy.
+ */
+ fsp->fsp_name->base_name = cc->fname;
+ if (fsp->base_fsp != NULL) {
+ fsp->base_fsp->fsp_name->base_name = cc->base_fname;
+ }
+
+ cc->busy = busy;
+ CATIA_DEBUG_CC(10, cc, fsp);
+ return cc;
+}
+
+#define CATIA_FETCH_FSP_PRE_NEXT(mem_ctx, handle, fsp, _cc) \
+ catia_fetch_fsp_pre_next((mem_ctx), (handle), (fsp), (_cc), __func__);
+
+static int catia_fetch_fsp_pre_next(TALLOC_CTX *mem_ctx,
+ vfs_handle_struct *handle,
+ files_struct *fsp,
+ struct catia_cache **_cc,
+ const char *function)
+{
+ const struct catia_cache * const *busy =
+ (const struct catia_cache * const *)_cc;
+ struct catia_cache *cc = NULL;
+ NTSTATUS status;
+ bool make_tmp_cache = false;
+
+ *_cc = NULL;
+
+ DBG_DEBUG("Called from [%s]\n", function);
+
+ cc = catia_validate_and_apply_cc(handle,
+ fsp,
+ busy,
+ &make_tmp_cache);
+ if (cc != NULL) {
+ if (cc->busy != busy) {
+ return 0;
+ }
+ *_cc = cc;
+ return 0;
+ }
+
+ if (!make_tmp_cache) {
+ cc = (struct catia_cache *)VFS_ADD_FSP_EXTENSION(
+ handle, fsp, struct catia_cache, NULL);
+ if (cc == NULL) {
+ return -1;
+ }
+ *cc = (struct catia_cache) {
+ .is_fsp_ext = true,
+ };
+
+ mem_ctx = VFS_MEMCTX_FSP_EXTENSION(handle, fsp);
+ if (mem_ctx == NULL) {
+ DBG_ERR("VFS_MEMCTX_FSP_EXTENSION failed\n");
+ catia_free_cc(&cc, handle, fsp);
+ return -1;
+ }
+ } else {
+ cc = talloc_zero(mem_ctx, struct catia_cache);
+ if (cc == NULL) {
+ return -1;
+ }
+ mem_ctx = cc;
+ }
+
+
+ status = catia_string_replace_allocate(handle->conn,
+ fsp->fsp_name->base_name,
+ &cc->fname,
+ vfs_translate_to_unix);
+ if (!NT_STATUS_IS_OK(status)) {
+ catia_free_cc(&cc, handle, fsp);
+ errno = map_errno_from_nt_status(status);
+ return -1;
+ }
+ talloc_steal(mem_ctx, cc->fname);
+
+ if (fsp->base_fsp != NULL) {
+ status = catia_string_replace_allocate(
+ handle->conn,
+ fsp->base_fsp->fsp_name->base_name,
+ &cc->base_fname,
+ vfs_translate_to_unix);
+ if (!NT_STATUS_IS_OK(status)) {
+ catia_free_cc(&cc, handle, fsp);
+ errno = map_errno_from_nt_status(status);
+ return -1;
+ }
+ talloc_steal(mem_ctx, cc->base_fname);
+ }
+
+ cc->orig_fname = fsp->fsp_name->base_name;
+ fsp->fsp_name->base_name = cc->fname;
+
+ if (fsp->base_fsp != NULL) {
+ cc->orig_base_fname = fsp->base_fsp->fsp_name->base_name;
+ fsp->base_fsp->fsp_name->base_name = cc->base_fname;
+ }
+
+ cc->busy = busy;
+ CATIA_DEBUG_CC(10, cc, fsp);
+
+ *_cc = cc;
+
+ return 0;
+}
+
+#define CATIA_FETCH_FSP_POST_NEXT(_cc, fsp) do { \
+ int saved_errno = errno; \
+ catia_fetch_fsp_post_next((_cc), (fsp), __func__); \
+ errno = saved_errno; \
+} while(0)
+
+static void catia_fetch_fsp_post_next(struct catia_cache **_cc,
+ files_struct *fsp,
+ const char *function)
+{
+ const struct catia_cache * const *busy =
+ (const struct catia_cache * const *)_cc;
+ struct catia_cache *cc = *_cc;
+
+ DBG_DEBUG("Called from [%s]\n", function);
+
+ if (cc == NULL) {
+ /*
+ * This can happen when recursing in the VFS on the fsp when the
+ * pre_next func noticed the recursion and set out cc pointer to
+ * NULL.
+ */
+ return;
+ }
+
+ if (cc->busy != busy) {
+ CATIA_DEBUG_CC(0, cc, fsp);
+ smb_panic(__location__);
+ return;
+ }
+
+ cc->busy = NULL;
+ *_cc = NULL;
+
+ fsp->fsp_name->base_name = cc->orig_fname;
+ if (fsp->base_fsp != NULL) {
+ fsp->base_fsp->fsp_name->base_name = cc->orig_base_fname;
+ }
+
+ CATIA_DEBUG_CC(10, cc, fsp);
+
+ if (!cc->is_fsp_ext) {
+ TALLOC_FREE(cc);
+ }
+
+ return;
+}
+
static int catia_open(vfs_handle_struct *handle,
struct smb_filename *smb_fname,
files_struct *fsp,
int flags,
mode_t mode)
{
- char *name_mapped = NULL;
- char *tmp_base_name;
- int ret;
+ struct catia_cache *cc = NULL;
+ char *orig_smb_fname = smb_fname->base_name;
+ char *mapped_smb_fname = NULL;
NTSTATUS status;
+ int ret;
- tmp_base_name = smb_fname->base_name;
status = catia_string_replace_allocate(handle->conn,
- smb_fname->base_name,
- &name_mapped, vfs_translate_to_unix);
+ smb_fname->base_name,
+ &mapped_smb_fname,
+ vfs_translate_to_unix);
if (!NT_STATUS_IS_OK(status)) {
- errno = map_errno_from_nt_status(status);
return -1;
}
- smb_fname->base_name = name_mapped;
+ ret = CATIA_FETCH_FSP_PRE_NEXT(talloc_tos(), handle, fsp, &cc);
+ if (ret != 0) {
+ TALLOC_FREE(mapped_smb_fname);
+ return ret;
+ }
+
+ smb_fname->base_name = mapped_smb_fname;
ret = SMB_VFS_NEXT_OPEN(handle, smb_fname, fsp, flags, mode);
- smb_fname->base_name = tmp_base_name;
- TALLOC_FREE(name_mapped);
+ smb_fname->base_name = orig_smb_fname;
+
+ TALLOC_FREE(mapped_smb_fname);
+ CATIA_FETCH_FSP_POST_NEXT(&cc, fsp);
return ret;
}
@@ -1118,48 +1404,17 @@
files_struct *fsp,
SMB_STRUCT_STAT *sbuf)
{
- char *fname = NULL;
- char *tmp_fname = NULL;
- char *base_fname = NULL;
- char *tmp_base_fname = NULL;
- int ret = -1;
- NTSTATUS status;
-
- status = catia_string_replace_allocate(handle->conn,
- fsp->fsp_name->base_name,
- &fname, vfs_translate_to_unix);
- if (!NT_STATUS_IS_OK(status)) {
- errno = map_errno_from_nt_status(status);
- goto done;
- }
-
- if (fsp->base_fsp != NULL) {
- status = catia_string_replace_allocate(
- handle->conn,
- fsp->base_fsp->fsp_name->base_name,
- &base_fname, vfs_translate_to_unix);
- if (!NT_STATUS_IS_OK(status)) {
- errno = map_errno_from_nt_status(status);
- goto done;
- }
+ struct catia_cache *cc = NULL;
+ int ret;
- tmp_base_fname = fsp->base_fsp->fsp_name->base_name;
- fsp->base_fsp->fsp_name->base_name = base_fname;
+ ret = CATIA_FETCH_FSP_PRE_NEXT(talloc_tos(), handle, fsp, &cc);
+ if (ret != 0) {
+ return ret;
}
- tmp_fname = fsp->fsp_name->base_name;
- fsp->fsp_name->base_name = fname;
-
ret = SMB_VFS_NEXT_FSTAT(handle, fsp, sbuf);
- fsp->fsp_name->base_name = tmp_fname;
- if (fsp->base_fsp != NULL) {
- fsp->base_fsp->fsp_name->base_name = tmp_base_fname;
- }
-
-done:
- TALLOC_FREE(fname);
- TALLOC_FREE(base_fname);
+ CATIA_FETCH_FSP_POST_NEXT(&cc, fsp);
return ret;
}
@@ -1168,148 +1423,57 @@
files_struct *fsp, void *data,
size_t n, off_t offset)
{
- char *fname = NULL;
- char *tmp_fname = NULL;
- char *base_fname = NULL;
- char *tmp_base_fname = NULL;
- int ret = -1;
- NTSTATUS status;
-
- status = catia_string_replace_allocate(handle->conn,
- fsp->fsp_name->base_name,
- &fname, vfs_translate_to_unix);
- if (!NT_STATUS_IS_OK(status)) {
- errno = map_errno_from_nt_status(status);
- goto done;
- }
-
- if (fsp->base_fsp != NULL) {
- status = catia_string_replace_allocate(
- handle->conn,
- fsp->base_fsp->fsp_name->base_name,
- &base_fname, vfs_translate_to_unix);
- if (!NT_STATUS_IS_OK(status)) {
- errno = map_errno_from_nt_status(status);
- goto done;
- }
+ struct catia_cache *cc = NULL;
+ ssize_t result;
+ int ret;
- tmp_base_fname = fsp->base_fsp->fsp_name->base_name;
- fsp->base_fsp->fsp_name->base_name = base_fname;
+ ret = CATIA_FETCH_FSP_PRE_NEXT(talloc_tos(), handle, fsp, &cc);
+ if (ret != 0) {
+ return ret;
}
- tmp_fname = fsp->fsp_name->base_name;
- fsp->fsp_name->base_name = fname;
+ result = SMB_VFS_NEXT_PREAD(handle, fsp, data, n, offset);
- ret = SMB_VFS_NEXT_PREAD(handle, fsp, data, n, offset);
+ CATIA_FETCH_FSP_POST_NEXT(&cc, fsp);
- fsp->fsp_name->base_name = tmp_fname;
- if (fsp->base_fsp != NULL) {
- fsp->base_fsp->fsp_name->base_name = tmp_base_fname;
- }
-
-done:
- TALLOC_FREE(fname);
- TALLOC_FREE(base_fname);
-
- return ret;
+ return result;
}
static ssize_t catia_pwrite(vfs_handle_struct *handle,
files_struct *fsp, const void *data,
size_t n, off_t offset)
{
- char *fname = NULL;
- char *tmp_fname = NULL;
- char *base_fname = NULL;
- char *tmp_base_fname = NULL;
- int ret = -1;
- NTSTATUS status;
-
- status = catia_string_replace_allocate(handle->conn,
- fsp->fsp_name->base_name,
- &fname, vfs_translate_to_unix);
- if (!NT_STATUS_IS_OK(status)) {
- errno = map_errno_from_nt_status(status);
- goto done;
- }
-
- if (fsp->base_fsp != NULL) {
- status = catia_string_replace_allocate(
- handle->conn,
- fsp->base_fsp->fsp_name->base_name,
- &base_fname, vfs_translate_to_unix);
- if (!NT_STATUS_IS_OK(status)) {
- errno = map_errno_from_nt_status(status);
- goto done;
- }
+ struct catia_cache *cc = NULL;
+ ssize_t result;
+ int ret;
- tmp_base_fname = fsp->base_fsp->fsp_name->base_name;
- fsp->base_fsp->fsp_name->base_name = base_fname;
+ ret = CATIA_FETCH_FSP_PRE_NEXT(talloc_tos(), handle, fsp, &cc);
+ if (ret != 0) {
+ return ret;
}
- tmp_fname = fsp->fsp_name->base_name;
- fsp->fsp_name->base_name = fname;
-
- ret = SMB_VFS_NEXT_PWRITE(handle, fsp, data, n, offset);
-
- fsp->fsp_name->base_name = tmp_fname;
- if (fsp->base_fsp != NULL) {
- fsp->base_fsp->fsp_name->base_name = tmp_base_fname;
- }
+ result = SMB_VFS_NEXT_PWRITE(handle, fsp, data, n, offset);
-done:
- TALLOC_FREE(fname);
- TALLOC_FREE(base_fname);
+ CATIA_FETCH_FSP_POST_NEXT(&cc, fsp);
- return ret;
+ return result;
}
static int catia_ftruncate(struct vfs_handle_struct *handle,
struct files_struct *fsp,
off_t offset)
{
- char *fname = NULL;
- char *tmp_fname = NULL;
- char *base_fname = NULL;
- char *tmp_base_fname = NULL;
- int ret = -1;
- NTSTATUS status;
-
- status = catia_string_replace_allocate(handle->conn,
- fsp->fsp_name->base_name,
- &fname, vfs_translate_to_unix);
- if (!NT_STATUS_IS_OK(status)) {
- errno = map_errno_from_nt_status(status);
- goto done;
- }
-
- if (fsp->base_fsp != NULL) {
- status = catia_string_replace_allocate(
- handle->conn,
- fsp->base_fsp->fsp_name->base_name,
- &base_fname, vfs_translate_to_unix);
- if (!NT_STATUS_IS_OK(status)) {
- errno = map_errno_from_nt_status(status);
- goto done;
- }
+ struct catia_cache *cc = NULL;
+ int ret;
- tmp_base_fname = fsp->base_fsp->fsp_name->base_name;
- fsp->base_fsp->fsp_name->base_name = base_fname;
+ ret = CATIA_FETCH_FSP_PRE_NEXT(talloc_tos(), handle, fsp, &cc);
+ if (ret != 0) {
+ return ret;
}
- tmp_fname = fsp->fsp_name->base_name;
- fsp->fsp_name->base_name = fname;
-
ret = SMB_VFS_NEXT_FTRUNCATE(handle, fsp, offset);
- fsp->fsp_name->base_name = tmp_fname;
- if (fsp->base_fsp != NULL) {
- fsp->base_fsp->fsp_name->base_name = tmp_base_fname;
- }
-
-done:
- TALLOC_FREE(fname);
- TALLOC_FREE(base_fname);
+ CATIA_FETCH_FSP_POST_NEXT(&cc, fsp);
return ret;
}
@@ -1320,733 +1484,773 @@
off_t offset,
off_t len)
{
- char *fname = NULL;
- char *tmp_fname = NULL;
- char *base_fname = NULL;
- char *tmp_base_fname = NULL;
- int ret = -1;
- NTSTATUS status;
-
- status = catia_string_replace_allocate(handle->conn,
- fsp->fsp_name->base_name,
- &fname, vfs_translate_to_unix);
- if (!NT_STATUS_IS_OK(status)) {
- errno = map_errno_from_nt_status(status);
- goto done;
- }
-
- if (fsp->base_fsp != NULL) {
- status = catia_string_replace_allocate(
- handle->conn,
- fsp->base_fsp->fsp_name->base_name,
- &base_fname, vfs_translate_to_unix);
- if (!NT_STATUS_IS_OK(status)) {
- errno = map_errno_from_nt_status(status);
- goto done;
- }
+ struct catia_cache *cc = NULL;
+ int ret;
- tmp_base_fname = fsp->base_fsp->fsp_name->base_name;
- fsp->base_fsp->fsp_name->base_name = base_fname;
+ ret = CATIA_FETCH_FSP_PRE_NEXT(talloc_tos(), handle, fsp, &cc);
+ if (ret != 0) {
+ return ret;
}
- tmp_fname = fsp->fsp_name->base_name;
- fsp->fsp_name->base_name = fname;
-
ret = SMB_VFS_NEXT_FALLOCATE(handle, fsp, mode, offset, len);
- fsp->fsp_name->base_name = tmp_fname;
- if (fsp->base_fsp != NULL) {
- fsp->base_fsp->fsp_name->base_name = tmp_base_fname;
- }
-
-done:
- TALLOC_FREE(fname);
- TALLOC_FREE(base_fname);
+ CATIA_FETCH_FSP_POST_NEXT(&cc, fsp);
return ret;
}
-static ssize_t catia_fgetxattr(struct vfs_handle_struct *handle, struct files_struct *fsp, const char *name, void *value, size_t size)
+static ssize_t catia_fgetxattr(struct vfs_handle_struct *handle,
+ struct files_struct *fsp,
+ const char *name,
+ void *value,
+ size_t size)
{
- char *fname = NULL;
- char *tmp_fname = NULL;
- char *base_fname = NULL;
- char *tmp_base_fname = NULL;
- ssize_t result = -1;
+ char *mapped_xattr_name = NULL;
NTSTATUS status;
+ ssize_t result;
status = catia_string_replace_allocate(handle->conn,
- fsp->fsp_name->base_name,
- &fname, vfs_translate_to_unix);
+ name, &mapped_xattr_name,
+ vfs_translate_to_unix);
if (!NT_STATUS_IS_OK(status)) {
errno = map_errno_from_nt_status(status);
- goto done;
+ return -1;
}
- if (fsp->base_fsp != NULL) {
- status = catia_string_replace_allocate(
- handle->conn,
- fsp->base_fsp->fsp_name->base_name,
- &base_fname, vfs_translate_to_unix);
- if (!NT_STATUS_IS_OK(status)) {
- errno = map_errno_from_nt_status(status);
- goto done;
- }
+ result = SMB_VFS_NEXT_FGETXATTR(handle, fsp, mapped_xattr_name,
+ value, size);
- tmp_base_fname = fsp->base_fsp->fsp_name->base_name;
- fsp->base_fsp->fsp_name->base_name = base_fname;
- }
+ TALLOC_FREE(mapped_xattr_name);
- tmp_fname = fsp->fsp_name->base_name;
- fsp->fsp_name->base_name = fname;
+ return result;
+}
- result = SMB_VFS_NEXT_FGETXATTR(handle, fsp, name, value, size);
+static ssize_t catia_flistxattr(struct vfs_handle_struct *handle,
+ struct files_struct *fsp,
+ char *list,
+ size_t size)
+{
+ struct catia_cache *cc = NULL;
+ ssize_t result;
+ int ret;
- fsp->fsp_name->base_name = tmp_fname;
- if (fsp->base_fsp != NULL) {
- fsp->base_fsp->fsp_name->base_name = tmp_base_fname;
+ ret = CATIA_FETCH_FSP_PRE_NEXT(talloc_tos(), handle, fsp, &cc);
+ if (ret != 0) {
+ return ret;
}
-done:
- TALLOC_FREE(fname);
- TALLOC_FREE(base_fname);
+ result = SMB_VFS_NEXT_FLISTXATTR(handle, fsp, list, size);
+
+ CATIA_FETCH_FSP_POST_NEXT(&cc, fsp);
return result;
}
-static ssize_t catia_flistxattr(struct vfs_handle_struct *handle, struct files_struct *fsp, char *list, size_t size)
+static int catia_fremovexattr(struct vfs_handle_struct *handle,
+ struct files_struct *fsp,
+ const char *name)
{
- char *fname = NULL;
- char *tmp_fname = NULL;
- char *base_fname = NULL;
- char *tmp_base_fname = NULL;
- ssize_t result = -1;
+ char *mapped_name = NULL;
NTSTATUS status;
+ int ret;
status = catia_string_replace_allocate(handle->conn,
- fsp->fsp_name->base_name,
- &fname, vfs_translate_to_unix);
+ name, &mapped_name, vfs_translate_to_unix);
if (!NT_STATUS_IS_OK(status)) {
errno = map_errno_from_nt_status(status);
- goto done;
+ return -1;
}
- if (fsp->base_fsp != NULL) {
- status = catia_string_replace_allocate(
- handle->conn,
- fsp->base_fsp->fsp_name->base_name,
- &base_fname, vfs_translate_to_unix);
- if (!NT_STATUS_IS_OK(status)) {
- errno = map_errno_from_nt_status(status);
- goto done;
- }
+ ret = SMB_VFS_NEXT_FREMOVEXATTR(handle, fsp, mapped_name);
- tmp_base_fname = fsp->base_fsp->fsp_name->base_name;
- fsp->base_fsp->fsp_name->base_name = base_fname;
- }
+ TALLOC_FREE(mapped_name);
- tmp_fname = fsp->fsp_name->base_name;
- fsp->fsp_name->base_name = fname;
+ return ret;
+}
- result = SMB_VFS_NEXT_FLISTXATTR(handle, fsp, list, size);
+static int catia_fsetxattr(struct vfs_handle_struct *handle,
+ struct files_struct *fsp,
+ const char *name,
+ const void *value,
+ size_t size,
+ int flags)
+{
+ char *mapped_xattr_name = NULL;
+ NTSTATUS status;
+ int ret;
- fsp->fsp_name->base_name = tmp_fname;
- if (fsp->base_fsp != NULL) {
- fsp->base_fsp->fsp_name->base_name = tmp_base_fname;
+ status = catia_string_replace_allocate(
+ handle->conn, name, &mapped_xattr_name, vfs_translate_to_unix);
+ if (!NT_STATUS_IS_OK(status)) {
+ errno = map_errno_from_nt_status(status);
+ return -1;
}
-done:
- TALLOC_FREE(fname);
- TALLOC_FREE(base_fname);
+ ret = SMB_VFS_NEXT_FSETXATTR(handle, fsp, mapped_xattr_name,
+ value, size, flags);
- return result;
+ TALLOC_FREE(mapped_xattr_name);
+
+ return ret;
}
-static int catia_fremovexattr(struct vfs_handle_struct *handle, struct files_struct *fsp, const char *name)
+static SMB_ACL_T catia_sys_acl_get_fd(vfs_handle_struct *handle,
+ files_struct *fsp,
+ TALLOC_CTX *mem_ctx)
{
- char *fname = NULL;
- char *tmp_fname = NULL;
- char *base_fname = NULL;
- char *tmp_base_fname = NULL;
- int ret = -1;
- NTSTATUS status;
+ struct catia_cache *cc = NULL;
+ struct smb_acl_t *result = NULL;
+ int ret;
- status = catia_string_replace_allocate(handle->conn,
- fsp->fsp_name->base_name,
- &fname, vfs_translate_to_unix);
- if (!NT_STATUS_IS_OK(status)) {
- errno = map_errno_from_nt_status(status);
- goto done;
+ ret = CATIA_FETCH_FSP_PRE_NEXT(talloc_tos(), handle, fsp, &cc);
+ if (ret != 0) {
+ return NULL;
}
- if (fsp->base_fsp != NULL) {
- status = catia_string_replace_allocate(
- handle->conn,
- fsp->base_fsp->fsp_name->base_name,
- &base_fname, vfs_translate_to_unix);
- if (!NT_STATUS_IS_OK(status)) {
- errno = map_errno_from_nt_status(status);
- goto done;
- }
+ result = SMB_VFS_NEXT_SYS_ACL_GET_FD(handle, fsp, mem_ctx);
- tmp_base_fname = fsp->base_fsp->fsp_name->base_name;
- fsp->base_fsp->fsp_name->base_name = base_fname;
- }
+ CATIA_FETCH_FSP_POST_NEXT(&cc, fsp);
- tmp_fname = fsp->fsp_name->base_name;
- fsp->fsp_name->base_name = fname;
+ return result;
+}
- ret = SMB_VFS_NEXT_FREMOVEXATTR(handle, fsp, name);
+static int catia_sys_acl_blob_get_fd(vfs_handle_struct *handle,
+ files_struct *fsp,
+ TALLOC_CTX *mem_ctx,
+ char **blob_description,
+ DATA_BLOB *blob)
+{
+ struct catia_cache *cc = NULL;
+ int ret;
- fsp->fsp_name->base_name = tmp_fname;
- if (fsp->base_fsp != NULL) {
- fsp->base_fsp->fsp_name->base_name = tmp_base_fname;
+ ret = CATIA_FETCH_FSP_PRE_NEXT(talloc_tos(), handle, fsp, &cc);
+ if (ret != 0) {
+ return ret;
}
-done:
- TALLOC_FREE(fname);
- TALLOC_FREE(base_fname);
+ ret = SMB_VFS_NEXT_SYS_ACL_BLOB_GET_FD(handle, fsp, mem_ctx,
+ blob_description, blob);
+
+ CATIA_FETCH_FSP_POST_NEXT(&cc, fsp);
return ret;
}
-static int catia_fsetxattr(struct vfs_handle_struct *handle, struct files_struct *fsp, const char *name, const void *value, size_t size, int flags)
+static int catia_sys_acl_set_fd(vfs_handle_struct *handle,
+ files_struct *fsp,
+ SMB_ACL_T theacl)
{
- char *fname = NULL;
- char *tmp_fname = NULL;
- char *base_fname = NULL;
- char *tmp_base_fname = NULL;
- int ret = -1;
- NTSTATUS status;
+ struct catia_cache *cc = NULL;
+ int ret;
- status = catia_string_replace_allocate(handle->conn,
- fsp->fsp_name->base_name,
- &fname, vfs_translate_to_unix);
- if (!NT_STATUS_IS_OK(status)) {
- errno = map_errno_from_nt_status(status);
- goto done;
+ ret = CATIA_FETCH_FSP_PRE_NEXT(talloc_tos(), handle, fsp, &cc);
+ if (ret != 0) {
+ return ret;
}
- if (fsp->base_fsp != NULL) {
- status = catia_string_replace_allocate(
- handle->conn,
- fsp->base_fsp->fsp_name->base_name,
- &base_fname, vfs_translate_to_unix);
- if (!NT_STATUS_IS_OK(status)) {
- errno = map_errno_from_nt_status(status);
- goto done;
- }
+ ret = SMB_VFS_NEXT_SYS_ACL_SET_FD(handle, fsp, theacl);
- tmp_base_fname = fsp->base_fsp->fsp_name->base_name;
- fsp->base_fsp->fsp_name->base_name = base_fname;
- }
+ CATIA_FETCH_FSP_POST_NEXT(&cc, fsp);
- tmp_fname = fsp->fsp_name->base_name;
- fsp->fsp_name->base_name = fname;
+ return ret;
+}
- ret = SMB_VFS_NEXT_FSETXATTR(handle, fsp, name, value, size, flags);
+static int catia_fchmod_acl(vfs_handle_struct *handle,
+ files_struct *fsp,
+ mode_t mode)
+{
+ struct catia_cache *cc = NULL;
+ int ret;
- fsp->fsp_name->base_name = tmp_fname;
- if (fsp->base_fsp != NULL) {
- fsp->base_fsp->fsp_name->base_name = tmp_base_fname;
+ ret = CATIA_FETCH_FSP_PRE_NEXT(talloc_tos(), handle, fsp, &cc);
+ if (ret != 0) {
+ return ret;
}
-done:
- TALLOC_FREE(fname);
- TALLOC_FREE(base_fname);
+ ret = SMB_VFS_NEXT_FCHMOD_ACL(handle, fsp, mode);
+
+ CATIA_FETCH_FSP_POST_NEXT(&cc, fsp);
return ret;
}
-static SMB_ACL_T catia_sys_acl_get_fd(vfs_handle_struct *handle,
- files_struct *fsp,
- TALLOC_CTX *mem_ctx)
+static NTSTATUS catia_fget_nt_acl(vfs_handle_struct *handle,
+ files_struct *fsp,
+ uint32_t security_info,
+ TALLOC_CTX *mem_ctx,
+ struct security_descriptor **ppdesc)
{
- struct smb_acl_t *result = NULL;
- char *fname = NULL;
- char *tmp_fname = NULL;
- char *base_fname = NULL;
- char *tmp_base_fname = NULL;
+ struct catia_cache *cc = NULL;
NTSTATUS status;
+ int ret;
- status = catia_string_replace_allocate(handle->conn,
- fsp->fsp_name->base_name,
- &fname, vfs_translate_to_unix);
- if (!NT_STATUS_IS_OK(status)) {
- errno = map_errno_from_nt_status(status);
- goto done;
+ ret = CATIA_FETCH_FSP_PRE_NEXT(talloc_tos(), handle, fsp, &cc);
+ if (ret != 0) {
+ return map_nt_error_from_unix(errno);
}
- if (fsp->base_fsp != NULL) {
- status = catia_string_replace_allocate(
- handle->conn,
- fsp->base_fsp->fsp_name->base_name,
- &base_fname, vfs_translate_to_unix);
- if (!NT_STATUS_IS_OK(status)) {
- errno = map_errno_from_nt_status(status);
- goto done;
- }
+ status = SMB_VFS_NEXT_FGET_NT_ACL(handle, fsp, security_info,
+ mem_ctx, ppdesc);
- tmp_base_fname = fsp->base_fsp->fsp_name->base_name;
- fsp->base_fsp->fsp_name->base_name = base_fname;
+ CATIA_FETCH_FSP_POST_NEXT(&cc, fsp);
+
+ return status;
+}
+
+static NTSTATUS catia_fset_nt_acl(vfs_handle_struct *handle,
+ files_struct *fsp,
+ uint32_t security_info_sent,
+ const struct security_descriptor *psd)
+{
+ struct catia_cache *cc = NULL;
+ NTSTATUS status;
+ int ret;
+
+ ret = CATIA_FETCH_FSP_PRE_NEXT(talloc_tos(), handle, fsp, &cc);
+ if (ret != 0) {
+ return map_nt_error_from_unix(errno);
}
- tmp_fname = fsp->fsp_name->base_name;
- fsp->fsp_name->base_name = fname;
+ status = SMB_VFS_NEXT_FSET_NT_ACL(handle, fsp, security_info_sent, psd);
- result = SMB_VFS_NEXT_SYS_ACL_GET_FD(handle, fsp, mem_ctx);
+ CATIA_FETCH_FSP_POST_NEXT(&cc, fsp);
- fsp->fsp_name->base_name = tmp_fname;
- if (fsp->base_fsp != NULL) {
- fsp->base_fsp->fsp_name->base_name = tmp_base_fname;
+ return status;
+}
+
+static NTSTATUS catia_fset_dos_attributes(struct vfs_handle_struct *handle,
+ struct files_struct *fsp,
+ uint32_t dosmode)
+{
+ struct catia_cache *cc = NULL;
+ NTSTATUS status;
+ int ret;
+
+ ret = CATIA_FETCH_FSP_PRE_NEXT(talloc_tos(), handle, fsp, &cc);
+ if (ret != 0) {
+ return map_nt_error_from_unix(errno);
}
-done:
- TALLOC_FREE(fname);
- TALLOC_FREE(base_fname);
+ status = SMB_VFS_NEXT_FSET_DOS_ATTRIBUTES(handle, fsp, dosmode);
- return result;
+ CATIA_FETCH_FSP_POST_NEXT(&cc, fsp);
+
+ return status;
}
-static int catia_sys_acl_blob_get_fd(vfs_handle_struct *handle,
- files_struct *fsp,
- TALLOC_CTX *mem_ctx,
- char **blob_description,
- DATA_BLOB *blob)
+static NTSTATUS catia_fget_dos_attributes(struct vfs_handle_struct *handle,
+ struct files_struct *fsp,
+ uint32_t *dosmode)
{
- char *fname = NULL;
- char *tmp_fname = NULL;
- char *base_fname = NULL;
- char *tmp_base_fname = NULL;
- int ret = -1;
+ struct catia_cache *cc = NULL;
NTSTATUS status;
+ int ret;
- status = catia_string_replace_allocate(handle->conn,
- fsp->fsp_name->base_name,
- &fname, vfs_translate_to_unix);
- if (!NT_STATUS_IS_OK(status)) {
- errno = map_errno_from_nt_status(status);
- goto done;
+ ret = CATIA_FETCH_FSP_PRE_NEXT(talloc_tos(), handle, fsp, &cc);
+ if (ret != 0) {
+ return map_nt_error_from_unix(errno);
}
- if (fsp->base_fsp != NULL) {
- status = catia_string_replace_allocate(
- handle->conn,
- fsp->base_fsp->fsp_name->base_name,
- &base_fname, vfs_translate_to_unix);
- if (!NT_STATUS_IS_OK(status)) {
- errno = map_errno_from_nt_status(status);
- goto done;
- }
+ status = SMB_VFS_NEXT_FGET_DOS_ATTRIBUTES(handle, fsp, dosmode);
+
+ CATIA_FETCH_FSP_POST_NEXT(&cc, fsp);
+
+ return status;
+}
- tmp_base_fname = fsp->base_fsp->fsp_name->base_name;
- fsp->base_fsp->fsp_name->base_name = base_fname;
+static int catia_fchown(vfs_handle_struct *handle,
+ files_struct *fsp,
+ uid_t uid,
+ gid_t gid)
+{
+ struct catia_cache *cc = NULL;
+ int ret;
+
+ ret = CATIA_FETCH_FSP_PRE_NEXT(talloc_tos(), handle, fsp, &cc);
+ if (ret != 0) {
+ return ret;
}
- tmp_fname = fsp->fsp_name->base_name;
- fsp->fsp_name->base_name = fname;
+ ret = SMB_VFS_NEXT_FCHOWN(handle, fsp, uid, gid);
- ret = SMB_VFS_NEXT_SYS_ACL_BLOB_GET_FD(handle, fsp, mem_ctx,
- blob_description, blob);
+ CATIA_FETCH_FSP_POST_NEXT(&cc, fsp);
- fsp->fsp_name->base_name = tmp_fname;
- if (fsp->base_fsp != NULL) {
- fsp->base_fsp->fsp_name->base_name = tmp_base_fname;
+ return ret;
+}
+
+static int catia_fchmod(vfs_handle_struct *handle,
+ files_struct *fsp,
+ mode_t mode)
+{
+ struct catia_cache *cc = NULL;
+ int ret;
+
+ ret = CATIA_FETCH_FSP_PRE_NEXT(talloc_tos(), handle, fsp, &cc);
+ if (ret != 0) {
+ return ret;
}
-done:
- TALLOC_FREE(fname);
- TALLOC_FREE(base_fname);
+ ret = SMB_VFS_NEXT_FCHMOD(handle, fsp, mode);
+
+ CATIA_FETCH_FSP_POST_NEXT(&cc, fsp);
return ret;
}
-static int catia_sys_acl_set_fd(vfs_handle_struct *handle, files_struct *fsp, SMB_ACL_T theacl)
+struct catia_pread_state {
+ ssize_t ret;
+ struct vfs_aio_state vfs_aio_state;
+ struct files_struct *fsp;
+ struct catia_cache *cc;
+};
+
+static void catia_pread_done(struct tevent_req *subreq);
+
+static struct tevent_req *catia_pread_send(struct vfs_handle_struct *handle,
+ TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct files_struct *fsp,
+ void *data,
+ size_t n,
+ off_t offset)
{
- char *fname = NULL;
- char *tmp_fname = NULL;
- char *base_fname = NULL;
- char *tmp_base_fname = NULL;
- int ret = -1;
- NTSTATUS status;
+ struct tevent_req *req = NULL, *subreq = NULL;
+ struct catia_pread_state *state = NULL;
+ int ret;
- status = catia_string_replace_allocate(handle->conn,
- fsp->fsp_name->base_name,
- &fname, vfs_translate_to_unix);
- if (!NT_STATUS_IS_OK(status)) {
- errno = map_errno_from_nt_status(status);
- goto done;
+ req = tevent_req_create(mem_ctx, &state,
+ struct catia_pread_state);
+ if (req == NULL) {
+ return NULL;
}
+ state->fsp = fsp;
- if (fsp->base_fsp != NULL) {
- status = catia_string_replace_allocate(
- handle->conn,
- fsp->base_fsp->fsp_name->base_name,
- &base_fname, vfs_translate_to_unix);
- if (!NT_STATUS_IS_OK(status)) {
- errno = map_errno_from_nt_status(status);
- goto done;
- }
+ ret = CATIA_FETCH_FSP_PRE_NEXT(state, handle, fsp, &state->cc);
+ if (ret != 0) {
+ tevent_req_error(req, errno);
+ return tevent_req_post(req, ev);
+ }
- tmp_base_fname = fsp->base_fsp->fsp_name->base_name;
- fsp->base_fsp->fsp_name->base_name = base_fname;
+ subreq = SMB_VFS_NEXT_PREAD_SEND(state, ev, handle, fsp, data,
+ n, offset);
+ if (tevent_req_nomem(subreq, req)) {
+ return tevent_req_post(req, ev);
}
+ tevent_req_set_callback(subreq, catia_pread_done, req);
- tmp_fname = fsp->fsp_name->base_name;
- fsp->fsp_name->base_name = fname;
+ return req;
+}
- ret = SMB_VFS_NEXT_SYS_ACL_SET_FD(handle, fsp, theacl);
+static void catia_pread_done(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ struct catia_pread_state *state = tevent_req_data(
+ req, struct catia_pread_state);
- fsp->fsp_name->base_name = tmp_fname;
- if (fsp->base_fsp != NULL) {
- fsp->base_fsp->fsp_name->base_name = tmp_base_fname;
- }
+ state->ret = SMB_VFS_PREAD_RECV(subreq, &state->vfs_aio_state);
+ TALLOC_FREE(subreq);
-done:
- TALLOC_FREE(fname);
- TALLOC_FREE(base_fname);
+ CATIA_FETCH_FSP_POST_NEXT(&state->cc, state->fsp);
- return ret;
+ tevent_req_done(req);
}
-static int catia_fchmod_acl(vfs_handle_struct *handle, files_struct *fsp, mode_t mode)
+static ssize_t catia_pread_recv(struct tevent_req *req,
+ struct vfs_aio_state *vfs_aio_state)
{
- char *fname = NULL;
- char *tmp_fname = NULL;
- char *base_fname = NULL;
- char *tmp_base_fname = NULL;
- int ret = -1;
- NTSTATUS status;
+ struct catia_pread_state *state = tevent_req_data(
+ req, struct catia_pread_state);
- status = catia_string_replace_allocate(handle->conn,
- fsp->fsp_name->base_name,
- &fname, vfs_translate_to_unix);
- if (!NT_STATUS_IS_OK(status)) {
- errno = map_errno_from_nt_status(status);
- goto done;
+ if (tevent_req_is_unix_error(req, &vfs_aio_state->error)) {
+ return -1;
}
- if (fsp->base_fsp != NULL) {
- status = catia_string_replace_allocate(
- handle->conn,
- fsp->base_fsp->fsp_name->base_name,
- &base_fname, vfs_translate_to_unix);
- if (!NT_STATUS_IS_OK(status)) {
- errno = map_errno_from_nt_status(status);
- goto done;
- }
+ *vfs_aio_state = state->vfs_aio_state;
+ return state->ret;
+}
- tmp_base_fname = fsp->base_fsp->fsp_name->base_name;
- fsp->base_fsp->fsp_name->base_name = base_fname;
- }
+struct catia_pwrite_state {
+ ssize_t ret;
+ struct vfs_aio_state vfs_aio_state;
+ struct files_struct *fsp;
+ struct catia_cache *cc;
+};
- tmp_fname = fsp->fsp_name->base_name;
- fsp->fsp_name->base_name = fname;
+static void catia_pwrite_done(struct tevent_req *subreq);
- ret = SMB_VFS_NEXT_FCHMOD_ACL(handle, fsp, mode);
+static struct tevent_req *catia_pwrite_send(struct vfs_handle_struct *handle,
+ TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct files_struct *fsp,
+ const void *data,
+ size_t n,
+ off_t offset)
+{
+ struct tevent_req *req = NULL, *subreq = NULL;
+ struct catia_pwrite_state *state = NULL;
+ int ret;
- fsp->fsp_name->base_name = tmp_fname;
- if (fsp->base_fsp != NULL) {
- fsp->base_fsp->fsp_name->base_name = tmp_base_fname;
+ req = tevent_req_create(mem_ctx, &state,
+ struct catia_pwrite_state);
+ if (req == NULL) {
+ return NULL;
+ }
+ state->fsp = fsp;
+
+ ret = CATIA_FETCH_FSP_PRE_NEXT(state, handle, fsp, &state->cc);
+ if (ret != 0) {
+ tevent_req_error(req, errno);
+ return tevent_req_post(req, ev);
}
-done:
- TALLOC_FREE(fname);
- TALLOC_FREE(base_fname);
+ subreq = SMB_VFS_NEXT_PWRITE_SEND(state, ev, handle, fsp, data,
+ n, offset);
+ if (tevent_req_nomem(subreq, req)) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(subreq, catia_pwrite_done, req);
- return ret;
+ return req;
}
-static NTSTATUS catia_fget_nt_acl(vfs_handle_struct *handle,
- files_struct *fsp,
- uint32_t security_info,
- TALLOC_CTX *mem_ctx,
- struct security_descriptor **ppdesc)
+static void catia_pwrite_done(struct tevent_req *subreq)
{
- char *fname = NULL;
- char *tmp_fname = NULL;
- char *base_fname = NULL;
- char *tmp_base_fname = NULL;
- NTSTATUS status;
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ struct catia_pwrite_state *state = tevent_req_data(
+ req, struct catia_pwrite_state);
- status = catia_string_replace_allocate(handle->conn,
- fsp->fsp_name->base_name,
- &fname, vfs_translate_to_unix);
- if (!NT_STATUS_IS_OK(status)) {
- errno = map_errno_from_nt_status(status);
- goto done;
+ state->ret = SMB_VFS_PWRITE_RECV(subreq, &state->vfs_aio_state);
+ TALLOC_FREE(subreq);
+
+ CATIA_FETCH_FSP_POST_NEXT(&state->cc, state->fsp);
+
+ tevent_req_done(req);
+}
+
+static ssize_t catia_pwrite_recv(struct tevent_req *req,
+ struct vfs_aio_state *vfs_aio_state)
+{
+ struct catia_pwrite_state *state = tevent_req_data(
+ req, struct catia_pwrite_state);
+
+ if (tevent_req_is_unix_error(req, &vfs_aio_state->error)) {
+ return -1;
}
- if (fsp->base_fsp != NULL) {
- status = catia_string_replace_allocate(
- handle->conn,
- fsp->base_fsp->fsp_name->base_name,
- &base_fname, vfs_translate_to_unix);
- if (!NT_STATUS_IS_OK(status)) {
- errno = map_errno_from_nt_status(status);
- goto done;
- }
+ *vfs_aio_state = state->vfs_aio_state;
+ return state->ret;
+}
+
+static off_t catia_lseek(vfs_handle_struct *handle,
+ files_struct *fsp,
+ off_t offset,
+ int whence)
+{
+ struct catia_cache *cc = NULL;
+ ssize_t result;
+ int ret;
- tmp_base_fname = fsp->base_fsp->fsp_name->base_name;
- fsp->base_fsp->fsp_name->base_name = base_fname;
+ ret = CATIA_FETCH_FSP_PRE_NEXT(talloc_tos(), handle, fsp, &cc);
+ if (ret != 0) {
+ return -1;
}
- tmp_fname = fsp->fsp_name->base_name;
- fsp->fsp_name->base_name = fname;
+ result = SMB_VFS_NEXT_LSEEK(handle, fsp, offset, whence);
- status = SMB_VFS_NEXT_FGET_NT_ACL(handle, fsp, security_info, mem_ctx, ppdesc);
+ CATIA_FETCH_FSP_POST_NEXT(&cc, fsp);
- fsp->fsp_name->base_name = tmp_fname;
- if (fsp->base_fsp != NULL) {
- fsp->base_fsp->fsp_name->base_name = tmp_base_fname;
+ return result;
+}
+
+static int catia_fsync(vfs_handle_struct *handle, files_struct *fsp)
+{
+ struct catia_cache *cc = NULL;
+ int ret;
+
+ ret = CATIA_FETCH_FSP_PRE_NEXT(talloc_tos(), handle, fsp, &cc);
+ if (ret != 0) {
+ return -1;
}
-done:
- TALLOC_FREE(fname);
- TALLOC_FREE(base_fname);
+ ret = SMB_VFS_NEXT_FSYNC(handle, fsp);
- return status;
+ CATIA_FETCH_FSP_POST_NEXT(&cc, fsp);
+
+ return ret;
}
-static NTSTATUS catia_fset_nt_acl(vfs_handle_struct *handle, files_struct *fsp, uint32_t security_info_sent, const struct security_descriptor *psd)
+struct catia_fsync_state {
+ int ret;
+ struct vfs_aio_state vfs_aio_state;
+ struct files_struct *fsp;
+ struct catia_cache *cc;
+};
+
+static void catia_fsync_done(struct tevent_req *subreq);
+
+static struct tevent_req *catia_fsync_send(struct vfs_handle_struct *handle,
+ TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct files_struct *fsp)
{
- char *fname = NULL;
- char *tmp_fname = NULL;
- char *base_fname = NULL;
- char *tmp_base_fname = NULL;
- NTSTATUS status;
+ struct tevent_req *req = NULL, *subreq = NULL;
+ struct catia_fsync_state *state = NULL;
+ int ret;
- status = catia_string_replace_allocate(handle->conn,
- fsp->fsp_name->base_name,
- &fname, vfs_translate_to_unix);
- if (!NT_STATUS_IS_OK(status)) {
- errno = map_errno_from_nt_status(status);
- goto done;
+ req = tevent_req_create(mem_ctx, &state,
+ struct catia_fsync_state);
+ if (req == NULL) {
+ return NULL;
}
+ state->fsp = fsp;
- if (fsp->base_fsp != NULL) {
- status = catia_string_replace_allocate(
- handle->conn,
- fsp->base_fsp->fsp_name->base_name,
- &base_fname, vfs_translate_to_unix);
- if (!NT_STATUS_IS_OK(status)) {
- errno = map_errno_from_nt_status(status);
- goto done;
- }
+ ret = CATIA_FETCH_FSP_PRE_NEXT(state, handle, fsp, &state->cc);
+ if (ret != 0) {
+ tevent_req_error(req, errno);
+ return tevent_req_post(req, ev);
+ }
- tmp_base_fname = fsp->base_fsp->fsp_name->base_name;
- fsp->base_fsp->fsp_name->base_name = base_fname;
+ subreq = SMB_VFS_NEXT_FSYNC_SEND(state, ev, handle, fsp);
+ if (tevent_req_nomem(subreq, req)) {
+ return tevent_req_post(req, ev);
}
+ tevent_req_set_callback(subreq, catia_fsync_done, req);
- tmp_fname = fsp->fsp_name->base_name;
- fsp->fsp_name->base_name = fname;
+ return req;
+}
- status = SMB_VFS_NEXT_FSET_NT_ACL(handle, fsp, security_info_sent, psd);
+static void catia_fsync_done(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ struct catia_fsync_state *state = tevent_req_data(
+ req, struct catia_fsync_state);
- fsp->fsp_name->base_name = tmp_fname;
- if (fsp->base_fsp != NULL) {
- fsp->base_fsp->fsp_name->base_name = tmp_base_fname;
- }
+ state->ret = SMB_VFS_FSYNC_RECV(subreq, &state->vfs_aio_state);
+ TALLOC_FREE(subreq);
-done:
- TALLOC_FREE(fname);
- TALLOC_FREE(base_fname);
+ CATIA_FETCH_FSP_POST_NEXT(&state->cc, state->fsp);
- return status;
+ tevent_req_done(req);
}
-static NTSTATUS catia_fset_dos_attributes(struct vfs_handle_struct *handle,
- struct files_struct *fsp,
- uint32_t dosmode)
+static int catia_fsync_recv(struct tevent_req *req,
+ struct vfs_aio_state *vfs_aio_state)
{
- char *fname = NULL;
- char *tmp_fname = NULL;
- char *base_fname = NULL;
- char *tmp_base_fname = NULL;
- NTSTATUS status;
+ struct catia_fsync_state *state = tevent_req_data(
+ req, struct catia_fsync_state);
- status = catia_string_replace_allocate(handle->conn,
- fsp->fsp_name->base_name,
- &fname, vfs_translate_to_unix);
- if (!NT_STATUS_IS_OK(status)) {
- errno = map_errno_from_nt_status(status);
- goto done;
+ if (tevent_req_is_unix_error(req, &vfs_aio_state->error)) {
+ return -1;
}
- if (fsp->base_fsp != NULL) {
- status = catia_string_replace_allocate(
- handle->conn,
- fsp->base_fsp->fsp_name->base_name,
- &base_fname, vfs_translate_to_unix);
- if (!NT_STATUS_IS_OK(status)) {
- errno = map_errno_from_nt_status(status);
- goto done;
- }
+ *vfs_aio_state = state->vfs_aio_state;
+ return state->ret;
+}
+
+static bool catia_lock(vfs_handle_struct *handle,
+ files_struct *fsp,
+ int op,
+ off_t offset,
+ off_t count,
+ int type)
+{
+ struct catia_cache *cc = NULL;
+ bool ok;
+ int ret;
- tmp_base_fname = fsp->base_fsp->fsp_name->base_name;
- fsp->base_fsp->fsp_name->base_name = base_fname;
+ ret = CATIA_FETCH_FSP_PRE_NEXT(talloc_tos(), handle, fsp, &cc);
+ if (ret != 0) {
+ return -1;
}
- tmp_fname = fsp->fsp_name->base_name;
- fsp->fsp_name->base_name = fname;
+ ok = SMB_VFS_NEXT_LOCK(handle, fsp, op, offset, count, type);
- status = SMB_VFS_NEXT_FSET_DOS_ATTRIBUTES(handle, fsp, dosmode);
+ CATIA_FETCH_FSP_POST_NEXT(&cc, fsp);
- fsp->fsp_name->base_name = tmp_fname;
- if (fsp->base_fsp != NULL) {
- fsp->base_fsp->fsp_name->base_name = tmp_base_fname;
+ return ok;
+}
+
+static int catia_kernel_flock(struct vfs_handle_struct *handle,
+ struct files_struct *fsp,
+ uint32_t share_mode,
+ uint32_t access_mask)
+{
+ struct catia_cache *cc = NULL;
+ int ret;
+
+ ret = CATIA_FETCH_FSP_PRE_NEXT(talloc_tos(), handle, fsp, &cc);
+ if (ret != 0) {
+ return -1;
}
-done:
- TALLOC_FREE(fname);
- TALLOC_FREE(base_fname);
+ ret = SMB_VFS_NEXT_KERNEL_FLOCK(handle, fsp, share_mode, access_mask);
- return status;
+ CATIA_FETCH_FSP_POST_NEXT(&cc, fsp);
+
+ return ret;
}
-static NTSTATUS catia_fget_dos_attributes(struct vfs_handle_struct *handle,
- struct files_struct *fsp,
- uint32_t *dosmode)
+static int catia_linux_setlease(vfs_handle_struct *handle,
+ files_struct *fsp,
+ int leasetype)
{
- char *fname = NULL;
- char *tmp_fname = NULL;
- char *base_fname = NULL;
- char *tmp_base_fname = NULL;
- NTSTATUS status;
+ struct catia_cache *cc = NULL;
+ int ret;
- status = catia_string_replace_allocate(handle->conn,
- fsp->fsp_name->base_name,
- &fname, vfs_translate_to_unix);
- if (!NT_STATUS_IS_OK(status)) {
- errno = map_errno_from_nt_status(status);
- goto done;
+ ret = CATIA_FETCH_FSP_PRE_NEXT(talloc_tos(), handle, fsp, &cc);
+ if (ret != 0) {
+ return -1;
}
- if (fsp->base_fsp != NULL) {
- status = catia_string_replace_allocate(
- handle->conn,
- fsp->base_fsp->fsp_name->base_name,
- &base_fname, vfs_translate_to_unix);
- if (!NT_STATUS_IS_OK(status)) {
- errno = map_errno_from_nt_status(status);
- goto done;
- }
+ ret = SMB_VFS_NEXT_LINUX_SETLEASE(handle, fsp, leasetype);
- tmp_base_fname = fsp->base_fsp->fsp_name->base_name;
- fsp->base_fsp->fsp_name->base_name = base_fname;
- }
+ CATIA_FETCH_FSP_POST_NEXT(&cc, fsp);
- tmp_fname = fsp->fsp_name->base_name;
- fsp->fsp_name->base_name = fname;
+ return ret;
+}
- status = SMB_VFS_NEXT_FGET_DOS_ATTRIBUTES(handle, fsp, dosmode);
+static bool catia_getlock(vfs_handle_struct *handle,
+ files_struct *fsp,
+ off_t *poffset,
+ off_t *pcount,
+ int *ptype,
+ pid_t *ppid)
+{
+ struct catia_cache *cc = NULL;
+ int ret;
+ bool ok;
- fsp->fsp_name->base_name = tmp_fname;
- if (fsp->base_fsp != NULL) {
- fsp->base_fsp->fsp_name->base_name = tmp_base_fname;
+ ret = CATIA_FETCH_FSP_PRE_NEXT(talloc_tos(), handle, fsp, &cc);
+ if (ret != 0) {
+ return -1;
}
-done:
- TALLOC_FREE(fname);
- TALLOC_FREE(base_fname);
+ ok = SMB_VFS_NEXT_GETLOCK(handle, fsp, poffset, pcount, ptype, ppid);
- return status;
+ CATIA_FETCH_FSP_POST_NEXT(&cc, fsp);
+
+ return ok;
}
-static int catia_fchown(vfs_handle_struct *handle, files_struct *fsp, uid_t uid, gid_t gid)
+static bool catia_strict_lock(struct vfs_handle_struct *handle,
+ struct files_struct *fsp,
+ struct lock_struct *plock)
{
- char *fname = NULL;
- char *tmp_fname = NULL;
- char *base_fname = NULL;
- char *tmp_base_fname = NULL;
- int ret = -1;
- NTSTATUS status;
+ struct catia_cache *cc = NULL;
+ int ret;
+ bool ok;
- status = catia_string_replace_allocate(handle->conn,
- fsp->fsp_name->base_name,
- &fname, vfs_translate_to_unix);
- if (!NT_STATUS_IS_OK(status)) {
- errno = map_errno_from_nt_status(status);
- goto done;
+ ret = CATIA_FETCH_FSP_PRE_NEXT(talloc_tos(), handle, fsp, &cc);
+ if (ret != 0) {
+ return -1;
}
- if (fsp->base_fsp != NULL) {
- status = catia_string_replace_allocate(
- handle->conn,
- fsp->base_fsp->fsp_name->base_name,
- &base_fname, vfs_translate_to_unix);
- if (!NT_STATUS_IS_OK(status)) {
- errno = map_errno_from_nt_status(status);
- goto done;
- }
+ ok = SMB_VFS_NEXT_STRICT_LOCK(handle, fsp, plock);
- tmp_base_fname = fsp->base_fsp->fsp_name->base_name;
- fsp->base_fsp->fsp_name->base_name = base_fname;
- }
+ CATIA_FETCH_FSP_POST_NEXT(&cc, fsp);
- tmp_fname = fsp->fsp_name->base_name;
- fsp->fsp_name->base_name = fname;
+ return ok;
+}
- ret = SMB_VFS_NEXT_FCHOWN(handle, fsp, uid, gid);
+static void catia_strict_unlock(struct vfs_handle_struct *handle,
+ struct files_struct *fsp,
+ struct lock_struct *plock)
+{
+ struct catia_cache *cc = NULL;
+ int ret;
- fsp->fsp_name->base_name = tmp_fname;
- if (fsp->base_fsp != NULL) {
- fsp->base_fsp->fsp_name->base_name = tmp_base_fname;
+ ret = CATIA_FETCH_FSP_PRE_NEXT(talloc_tos(), handle, fsp, &cc);
+ if (ret != 0) {
+ smb_panic("CATIA_FETCH_FSP_PRE_NEXT failed\n");
}
-done:
- TALLOC_FREE(fname);
- TALLOC_FREE(base_fname);
+ SMB_VFS_NEXT_STRICT_UNLOCK(handle, fsp, plock);
- return ret;
+ CATIA_FETCH_FSP_POST_NEXT(&cc, fsp);
}
-static int catia_fchmod(vfs_handle_struct *handle, files_struct *fsp, mode_t mode)
+static NTSTATUS catia_fsctl(struct vfs_handle_struct *handle,
+ struct files_struct *fsp,
+ TALLOC_CTX *ctx,
+ uint32_t function,
+ uint16_t req_flags,
+ const uint8_t *_in_data,
+ uint32_t in_len,
+ uint8_t **_out_data,
+ uint32_t max_out_len,
+ uint32_t *out_len)
{
- char *fname = NULL;
- char *tmp_fname = NULL;
- char *base_fname = NULL;
- char *tmp_base_fname = NULL;
- int ret = -1;
- NTSTATUS status;
+ NTSTATUS result;
+ struct catia_cache *cc = NULL;
+ int ret;
- status = catia_string_replace_allocate(handle->conn,
- fsp->fsp_name->base_name,
- &fname, vfs_translate_to_unix);
- if (!NT_STATUS_IS_OK(status)) {
- errno = map_errno_from_nt_status(status);
- goto done;
+ ret = CATIA_FETCH_FSP_PRE_NEXT(talloc_tos(), handle, fsp, &cc);
+ if (ret != 0) {
+ return map_nt_error_from_unix(errno);
}
- if (fsp->base_fsp != NULL) {
- status = catia_string_replace_allocate(
- handle->conn,
- fsp->base_fsp->fsp_name->base_name,
- &base_fname, vfs_translate_to_unix);
- if (!NT_STATUS_IS_OK(status)) {
- errno = map_errno_from_nt_status(status);
- goto done;
- }
+ result = SMB_VFS_NEXT_FSCTL(handle,
+ fsp,
+ ctx,
+ function,
+ req_flags,
+ _in_data,
+ in_len,
+ _out_data,
+ max_out_len,
+ out_len);
+
+ CATIA_FETCH_FSP_POST_NEXT(&cc, fsp);
+
+ return result;
+}
- tmp_base_fname = fsp->base_fsp->fsp_name->base_name;
- fsp->base_fsp->fsp_name->base_name = base_fname;
+static NTSTATUS catia_get_compression(vfs_handle_struct *handle,
+ TALLOC_CTX *mem_ctx,
+ struct files_struct *fsp,
+ struct smb_filename *smb_fname,
+ uint16_t *_compression_fmt)
+{
+ NTSTATUS result;
+ struct catia_cache *cc = NULL;
+ int ret;
+
+ ret = CATIA_FETCH_FSP_PRE_NEXT(talloc_tos(), handle, fsp, &cc);
+ if (ret != 0) {
+ return map_nt_error_from_unix(errno);
}
- tmp_fname = fsp->fsp_name->base_name;
- fsp->fsp_name->base_name = fname;
+ result = SMB_VFS_NEXT_GET_COMPRESSION(handle, mem_ctx, fsp, smb_fname,
+ _compression_fmt);
- ret = SMB_VFS_NEXT_FCHMOD(handle, fsp, mode);
+ CATIA_FETCH_FSP_POST_NEXT(&cc, fsp);
- fsp->fsp_name->base_name = tmp_fname;
- if (fsp->base_fsp != NULL) {
- fsp->base_fsp->fsp_name->base_name = tmp_base_fname;
+ return result;
+}
+
+static NTSTATUS catia_set_compression(vfs_handle_struct *handle,
+ TALLOC_CTX *mem_ctx,
+ struct files_struct *fsp,
+ uint16_t compression_fmt)
+{
+ NTSTATUS result;
+ struct catia_cache *cc = NULL;
+ int ret;
+
+ ret = CATIA_FETCH_FSP_PRE_NEXT(talloc_tos(), handle, fsp, &cc);
+ if (ret != 0) {
+ return map_nt_error_from_unix(errno);
}
-done:
- TALLOC_FREE(fname);
- TALLOC_FREE(base_fname);
+ result = SMB_VFS_NEXT_SET_COMPRESSION(handle, mem_ctx, fsp,
+ compression_fmt);
- return ret;
+ CATIA_FETCH_FSP_POST_NEXT(&cc, fsp);
+
+ return result;
}
static NTSTATUS catia_readdir_attr(struct vfs_handle_struct *handle,
@@ -2145,54 +2349,81 @@
}
static struct vfs_fn_pointers vfs_catia_fns = {
+ /* Directory operations */
.mkdir_fn = catia_mkdir,
.rmdir_fn = catia_rmdir,
.opendir_fn = catia_opendir,
+ .readdir_attr_fn = catia_readdir_attr,
+
+ /* File operations */
.open_fn = catia_open,
+ .pread_fn = catia_pread,
+ .pread_send_fn = catia_pread_send,
+ .pread_recv_fn = catia_pread_recv,
+ .pwrite_fn = catia_pwrite,
+ .pwrite_send_fn = catia_pwrite_send,
+ .pwrite_recv_fn = catia_pwrite_recv,
+ .lseek_fn = catia_lseek,
.rename_fn = catia_rename,
+ .fsync_fn = catia_fsync,
+ .fsync_send_fn = catia_fsync_send,
+ .fsync_recv_fn = catia_fsync_recv,
.stat_fn = catia_stat,
+ .fstat_fn = catia_fstat,
.lstat_fn = catia_lstat,
.unlink_fn = catia_unlink,
+ .chmod_fn = catia_chmod,
+ .fchmod_fn = catia_fchmod,
.chown_fn = catia_chown,
+ .fchown_fn = catia_fchown,
.lchown_fn = catia_lchown,
- .chmod_fn = catia_chmod,
.chdir_fn = catia_chdir,
.ntimes_fn = catia_ntimes,
+ .ftruncate_fn = catia_ftruncate,
+ .fallocate_fn = catia_fallocate,
+ .lock_fn = catia_lock,
+ .kernel_flock_fn = catia_kernel_flock,
+ .linux_setlease_fn = catia_linux_setlease,
+ .getlock_fn = catia_getlock,
.realpath_fn = catia_realpath,
.chflags_fn = catia_chflags,
.streaminfo_fn = catia_streaminfo,
+ .strict_lock_fn = catia_strict_lock,
+ .strict_unlock_fn = catia_strict_unlock,
.translate_name_fn = catia_translate_name,
+ .fsctl_fn = catia_fsctl,
+ .get_dos_attributes_fn = catia_get_dos_attributes,
+ .set_dos_attributes_fn = catia_set_dos_attributes,
+ .fset_dos_attributes_fn = catia_fset_dos_attributes,
+ .fget_dos_attributes_fn = catia_fget_dos_attributes,
+ .get_compression_fn = catia_get_compression,
+ .set_compression_fn = catia_set_compression,
+
+ /* NT ACL operations. */
.get_nt_acl_fn = catia_get_nt_acl,
+ .fget_nt_acl_fn = catia_fget_nt_acl,
+ .fset_nt_acl_fn = catia_fset_nt_acl,
+
+ /* POSIX ACL operations. */
.chmod_acl_fn = catia_chmod_acl,
+ .fchmod_acl_fn = catia_fchmod_acl,
+
.sys_acl_get_file_fn = catia_sys_acl_get_file,
+ .sys_acl_get_fd_fn = catia_sys_acl_get_fd,
+ .sys_acl_blob_get_fd_fn = catia_sys_acl_blob_get_fd,
.sys_acl_set_file_fn = catia_sys_acl_set_file,
+ .sys_acl_set_fd_fn = catia_sys_acl_set_fd,
.sys_acl_delete_def_file_fn = catia_sys_acl_delete_def_file,
+
+ /* EA operations. */
.getxattr_fn = catia_getxattr,
.listxattr_fn = catia_listxattr,
.removexattr_fn = catia_removexattr,
.setxattr_fn = catia_setxattr,
- .pread_fn = catia_pread,
- .pwrite_fn = catia_pwrite,
- .fstat_fn = catia_fstat,
- .ftruncate_fn = catia_ftruncate,
- .fallocate_fn = catia_fallocate,
.fgetxattr_fn = catia_fgetxattr,
.flistxattr_fn = catia_flistxattr,
.fremovexattr_fn = catia_fremovexattr,
.fsetxattr_fn = catia_fsetxattr,
- .sys_acl_get_fd_fn = catia_sys_acl_get_fd,
- .sys_acl_blob_get_fd_fn = catia_sys_acl_blob_get_fd,
- .sys_acl_set_fd_fn = catia_sys_acl_set_fd,
- .fchmod_acl_fn = catia_fchmod_acl,
- .fget_nt_acl_fn = catia_fget_nt_acl,
- .fset_nt_acl_fn = catia_fset_nt_acl,
- .get_dos_attributes_fn = catia_get_dos_attributes,
- .set_dos_attributes_fn = catia_set_dos_attributes,
- .fset_dos_attributes_fn = catia_fset_dos_attributes,
- .fget_dos_attributes_fn = catia_fget_dos_attributes,
- .fchown_fn = catia_fchown,
- .fchmod_fn = catia_fchmod,
- .readdir_attr_fn = catia_readdir_attr,
};
static_decl_vfs;
diff -Nru samba-4.5.4+dfsg/source3/modules/vfs_default.c samba-4.5.8+dfsg/source3/modules/vfs_default.c
--- samba-4.5.4+dfsg/source3/modules/vfs_default.c 2016-09-13 08:21:35.000000000 +0000
+++ samba-4.5.8+dfsg/source3/modules/vfs_default.c 2017-01-30 09:56:26.000000000 +0000
@@ -1537,7 +1537,7 @@
saved_errno = errno;
}
- SMB_VFS_STRICT_UNLOCK(src_fsp->conn, src_fsp, &lck);
+ SMB_VFS_STRICT_UNLOCK(dest_fsp->conn, dest_fsp, &lck);
if (ret == -1) {
errno = saved_errno;
diff -Nru samba-4.5.4+dfsg/source3/modules/vfs_dirsort.c samba-4.5.8+dfsg/source3/modules/vfs_dirsort.c
--- samba-4.5.4+dfsg/source3/modules/vfs_dirsort.c 2016-08-11 07:51:04.000000000 +0000
+++ samba-4.5.8+dfsg/source3/modules/vfs_dirsort.c 2017-03-09 09:21:43.000000000 +0000
@@ -65,8 +65,10 @@
static bool open_and_sort_dir(vfs_handle_struct *handle,
struct dirsort_privates *data)
{
- unsigned int i = 0;
- unsigned int total_count = 0;
+ uint32_t total_count = 0;
+ /* This should be enough for most use cases */
+ uint32_t dirent_allocated = 64;
+ struct dirent *dp;
data->number_of_entries = 0;
@@ -74,38 +76,51 @@
return false;
}
- while (SMB_VFS_NEXT_READDIR(handle, data->source_directory, NULL)
- != NULL) {
- total_count++;
- }
-
- if (total_count == 0) {
+ dp = SMB_VFS_NEXT_READDIR(handle, data->source_directory, NULL);
+ if (dp == NULL) {
return false;
}
- /* Open the underlying directory and count the number of entries
- Skip back to the beginning as we'll read it again */
- SMB_VFS_NEXT_REWINDDIR(handle, data->source_directory);
-
/* Set up an array and read the directory entries into it */
TALLOC_FREE(data->directory_list); /* destroy previous cache if needed */
data->directory_list = talloc_zero_array(data,
- struct dirent,
- total_count);
- if (!data->directory_list) {
+ struct dirent,
+ dirent_allocated);
+ if (data->directory_list == NULL) {
return false;
}
- for (i = 0; i < total_count; i++) {
- struct dirent *dp = SMB_VFS_NEXT_READDIR(handle,
- data->source_directory,
- NULL);
- if (dp == NULL) {
- break;
+
+ do {
+ if (total_count >= dirent_allocated) {
+ struct dirent *dlist;
+
+ /*
+ * Be memory friendly.
+ *
+ * We should not double the amount of memory. With a lot
+ * of files we reach easily 50MB, and doubling will
+ * get much bigger just for a few files more.
+ *
+ * For 200k files this means 50 memory reallocations.
+ */
+ dirent_allocated += 4096;
+
+ dlist = talloc_realloc(data,
+ data->directory_list,
+ struct dirent,
+ dirent_allocated);
+ if (dlist == NULL) {
+ break;
+ }
+ data->directory_list = dlist;
}
- data->directory_list[i] = *dp;
- }
+ data->directory_list[total_count] = *dp;
+
+ total_count++;
+ dp = SMB_VFS_NEXT_READDIR(handle, data->source_directory, NULL);
+ } while (dp != NULL);
- data->number_of_entries = i;
+ data->number_of_entries = total_count;
/* Sort the directory entries by name */
TYPESAFE_QSORT(data->directory_list, data->number_of_entries, compare_dirent);
@@ -138,6 +153,10 @@
return NULL;
}
+ if (ISDOT(data->smb_fname->base_name)) {
+ data->smb_fname->base_name = vfs_GetWd(data, handle->conn);
+ }
+
/* Open the underlying directory and count the number of entries */
data->source_directory = SMB_VFS_NEXT_OPENDIR(handle, smb_fname, mask,
attr);
diff -Nru samba-4.5.4+dfsg/source3/modules/vfs_fruit.c samba-4.5.8+dfsg/source3/modules/vfs_fruit.c
--- samba-4.5.4+dfsg/source3/modules/vfs_fruit.c 2017-01-17 19:55:44.000000000 +0000
+++ samba-4.5.8+dfsg/source3/modules/vfs_fruit.c 2017-03-09 09:21:43.000000000 +0000
@@ -68,7 +68,7 @@
*
* The AFP_Resource stream is stored in an AppleDouble file prepending
* "._" to the filename. On Solaris with ZFS the stream is optionally
- * stored in an EA "org.netatalk.resource".
+ * stored in an EA "org.netatalk.ressource".
*
*
* Extended Attributes
@@ -94,6 +94,11 @@
static int vfs_fruit_debug_level = DBGC_VFS;
+static struct global_fruit_config {
+ bool nego_aapl; /* client negotiated AAPL */
+
+} global_fruit_config;
+
#undef DBGC_CLASS
#define DBGC_CLASS vfs_fruit_debug_level
@@ -126,7 +131,6 @@
enum fruit_locking locking;
enum fruit_encoding encoding;
bool use_aapl; /* config from smb.conf */
- bool nego_aapl; /* client negotiated AAPL */
bool use_copyfile;
bool readdir_attr_enabled;
bool unix_info_enabled;
@@ -378,7 +382,7 @@
{0, 0, 0}
};
-/* AppleDouble resource fork file (the ones prefixed by "._") */
+/* AppleDouble ressource fork file (the ones prefixed by "._") */
static const
struct ad_entry_order entry_order_dot_und[ADEID_NUM_DOT_UND + 1] = {
{ADEID_FINDERI, ADEDOFF_FINDERI_DOT_UND, ADEDLEN_FINDERI},
@@ -387,8 +391,8 @@
};
/*
- * Fake AppleDouble entry oder for resource fork xattr. The xattr
- * isn't an AppleDouble file, it simply contains the resource data,
+ * Fake AppleDouble entry oder for ressource fork xattr. The xattr
+ * isn't an AppleDouble file, it simply contains the ressource data,
* but in order to be able to use some API calls like ad_getentryoff()
* we build a fake/helper struct adouble with this entry order struct.
*/
@@ -1433,9 +1437,11 @@
switch (ad->ad_type) {
case ADOUBLE_META:
- rc = SMB_VFS_FSETXATTR(fsp, AFPINFO_EA_NETATALK,
- ad->ad_data,
- AD_DATASZ_XATTR, 0);
+ rc = SMB_VFS_NEXT_FSETXATTR(ad->ad_handle,
+ fsp,
+ AFPINFO_EA_NETATALK,
+ ad->ad_data,
+ AD_DATASZ_XATTR, 0);
break;
case ADOUBLE_RSRC:
@@ -1551,9 +1557,12 @@
}
config->encoding = (enum fruit_encoding)enumval;
- config->veto_appledouble = lp_parm_bool(
- SNUM(handle->conn), FRUIT_PARAM_TYPE_NAME,
- "veto_appledouble", true);
+ if (config->rsrc == FRUIT_RSRC_ADFILE) {
+ config->veto_appledouble = lp_parm_bool(SNUM(handle->conn),
+ FRUIT_PARAM_TYPE_NAME,
+ "veto_appledouble",
+ true);
+ }
config->use_aapl = lp_parm_bool(
-1, FRUIT_PARAM_TYPE_NAME, "aapl", true);
@@ -2211,7 +2220,7 @@
SMB2_CREATE_TAG_AAPL,
blob);
if (NT_STATUS_IS_OK(status)) {
- config->nego_aapl = true;
+ global_fruit_config.nego_aapl = true;
}
return status;
@@ -2640,29 +2649,23 @@
written = SMB_VFS_NEXT_PWRITE(handle, fsp, afpinfo_buf,
AFP_INFO_SIZE, 0);
+ fsp->fh->fd = -1;
if (written != AFP_INFO_SIZE) {
DBG_ERR("bad write [%zd/%d]\n", written, AFP_INFO_SIZE);
rc = -1;
goto fail;
}
- /* Reset fd, set above just for SMB_VFS_NEXT_PWRITE() */
- fsp->fh->fd = -1;
-
rc = 0;
+
fail:
DBG_DEBUG("rc=%d, fd=%d\n", rc, hostfd);
if (rc != 0) {
int saved_errno = errno;
if (hostfd >= 0) {
- /*
- * BUGBUGBUG -- we would need to call
- * fd_close_posix here, but we don't have a
- * full fsp yet
- */
fsp->fh->fd = hostfd;
- SMB_VFS_CLOSE(fsp);
+ SMB_VFS_NEXT_CLOSE(handle, fsp);
}
hostfd = -1;
errno = saved_errno;
@@ -2706,8 +2709,8 @@
baseflags &= ~O_EXCL;
baseflags &= ~O_CREAT;
- hostfd = SMB_VFS_OPEN(handle->conn, smb_fname_base, fsp,
- baseflags, mode);
+ hostfd = SMB_VFS_NEXT_OPEN(handle, smb_fname_base, fsp,
+ baseflags, mode);
/*
* It is legit to open a stream on a directory, but the base
@@ -2716,8 +2719,8 @@
if ((hostfd == -1) && (errno == EISDIR)) {
baseflags &= ~O_ACCMODE;
baseflags |= O_RDONLY;
- hostfd = SMB_VFS_OPEN(handle->conn, smb_fname_base, fsp,
- baseflags, mode);
+ hostfd = SMB_VFS_NEXT_OPEN(handle, smb_fname_base, fsp,
+ baseflags, mode);
}
TALLOC_FREE(smb_fname_base);
@@ -2761,7 +2764,7 @@
* full fsp yet
*/
fsp->fh->fd = hostfd;
- SMB_VFS_CLOSE(fsp);
+ SMB_VFS_NEXT_CLOSE(handle, fsp);
}
hostfd = -1;
errno = saved_errno;
@@ -2827,15 +2830,9 @@
SMB_VFS_HANDLE_GET_DATA(handle, config,
struct fruit_config_data, return -1);
- if (!(flags & O_CREAT) && !VALID_STAT(smb_fname->st)) {
- rc = SMB_VFS_NEXT_STAT(handle, smb_fname);
- if (rc != 0) {
- rc = -1;
- goto exit;
- }
- }
-
- if (VALID_STAT(smb_fname->st) && S_ISDIR(smb_fname->st.st_ex_mode)) {
+ if ((!(flags & O_CREAT)) &&
+ S_ISDIR(fsp->base_fsp->fsp_name->st.st_ex_mode))
+ {
/* sorry, but directories don't habe a resource fork */
rc = -1;
goto exit;
@@ -2865,8 +2862,8 @@
flags |= O_RDWR;
}
- hostfd = SMB_VFS_OPEN(handle->conn, smb_fname_base, fsp,
- flags, mode);
+ hostfd = SMB_VFS_NEXT_OPEN(handle, smb_fname_base, fsp,
+ flags, mode);
if (hostfd == -1) {
rc = -1;
goto exit;
@@ -3230,7 +3227,12 @@
const struct smb_filename *smb_fname,
bool force_unlink)
{
- /* Nothing to do here, removing the file will remove the xattr */
+ /*
+ * OS X ignores resource fork stream delete requests, so nothing to do
+ * here. Removing the file will remove the xattr anyway, so we don't
+ * have to take care of removing 0 byte resource forks that could be
+ * left behind.
+ */
return 0;
}
@@ -4236,15 +4238,11 @@
static int fruit_fstat_meta(vfs_handle_struct *handle,
files_struct *fsp,
- SMB_STRUCT_STAT *sbuf)
+ SMB_STRUCT_STAT *sbuf,
+ struct fio *fio)
{
- struct fio *fio = (struct fio *)VFS_FETCH_FSP_EXTENSION(handle, fsp);
int ret;
- if (fio == NULL) {
- return SMB_VFS_NEXT_FSTAT(handle, fsp, sbuf);
- }
-
DBG_DEBUG("Path [%s]\n", fsp_str_dbg(fsp));
switch (fio->config->meta) {
@@ -4310,9 +4308,8 @@
}
static int fruit_fstat_rsrc(vfs_handle_struct *handle, files_struct *fsp,
- SMB_STRUCT_STAT *sbuf)
+ SMB_STRUCT_STAT *sbuf, struct fio *fio)
{
- struct fio *fio = (struct fio *)VFS_FETCH_FSP_EXTENSION(handle, fsp);
int ret;
switch (fio->config->rsrc) {
@@ -4349,9 +4346,9 @@
DBG_DEBUG("Path [%s]\n", fsp_str_dbg(fsp));
if (fio->type == ADOUBLE_META) {
- rc = fruit_fstat_meta(handle, fsp, sbuf);
+ rc = fruit_fstat_meta(handle, fsp, sbuf, fio);
} else {
- rc = fruit_fstat_rsrc(handle, fsp, sbuf);
+ rc = fruit_fstat_rsrc(handle, fsp, sbuf, fio);
}
if (rc == 0) {
@@ -4435,6 +4432,13 @@
int i;
bool ok;
+ /* Remove the Netatalk xattr from the list */
+ ok = del_fruit_stream(mem_ctx, pnum_streams, pstreams,
+ ":" NETATALK_META_XATTR ":$DATA");
+ if (!ok) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
/*
* Check if there's a AFPINFO_STREAM from the VFS streams
* backend and if yes, remove it from the list
@@ -4476,13 +4480,6 @@
return NT_STATUS_NO_MEMORY;
}
- /* Remove the Netatalk xattr from the list */
- ok = del_fruit_stream(mem_ctx, pnum_streams, pstreams,
- ":" NETATALK_META_XATTR ":$DATA");
- if (!ok) {
- return NT_STATUS_NO_MEMORY;
- }
-
return NT_STATUS_OK;
}
@@ -4563,9 +4560,33 @@
unsigned int *pnum_streams,
struct stream_struct **pstreams)
{
+ struct stream_struct *stream = *pstreams;
+ unsigned int num_streams = *pnum_streams;
struct adouble *ad = NULL;
bool ok;
size_t rlen;
+ int i;
+
+ /*
+ * Check if there's a AFPRESOURCE_STREAM from the VFS streams backend
+ * and if yes, remove it from the list
+ */
+ for (i = 0; i < num_streams; i++) {
+ if (strequal_m(stream[i].name, AFPRESOURCE_STREAM)) {
+ break;
+ }
+ }
+
+ if (i < num_streams) {
+ DBG_WARNING("Unexpected AFPRESOURCE_STREAM on [%s]\n",
+ smb_fname_str_dbg(smb_fname));
+
+ ok = del_fruit_stream(mem_ctx, pnum_streams, pstreams,
+ AFPRESOURCE_STREAM);
+ if (!ok) {
+ return NT_STATUS_INTERNAL_ERROR;
+ }
+ }
ad = ad_get(talloc_tos(), handle, smb_fname->base_name,
ADOUBLE_RSRC);
@@ -4730,7 +4751,10 @@
return SMB_VFS_FREMOVEXATTR(fsp, AFPRESOURCE_EA_NETATALK);
}
+#ifdef HAVE_ATTROPEN
return SMB_VFS_NEXT_FTRUNCATE(handle, fsp, offset);
+#endif
+ return 0;
}
static int fruit_ftruncate_rsrc_adouble(struct vfs_handle_struct *handle,
@@ -4898,7 +4922,7 @@
fsp = *result;
- if (config->nego_aapl) {
+ if (global_fruit_config.nego_aapl) {
if (config->copyfile_enabled) {
/*
* Set a flag in the fsp. Gets used in
@@ -4975,7 +4999,7 @@
struct fruit_config_data,
return NT_STATUS_UNSUCCESSFUL);
- if (!config->use_aapl) {
+ if (!global_fruit_config.nego_aapl) {
return SMB_VFS_NEXT_READDIR_ATTR(handle, fname, mem_ctx, pattr_data);
}
diff -Nru samba-4.5.4+dfsg/source3/modules/vfs_shadow_copy2.c samba-4.5.8+dfsg/source3/modules/vfs_shadow_copy2.c
--- samba-4.5.4+dfsg/source3/modules/vfs_shadow_copy2.c 2016-09-13 08:21:35.000000000 +0000
+++ samba-4.5.8+dfsg/source3/modules/vfs_shadow_copy2.c 2017-03-09 09:21:43.000000000 +0000
@@ -35,6 +35,7 @@
#include "system/filesys.h"
#include "include/ntioctl.h"
#include "util_tdb.h"
+#include "lib/util_path.h"
struct shadow_copy2_config {
char *gmt_format;
@@ -74,6 +75,11 @@
struct shadow_copy2_private {
struct shadow_copy2_config *config;
struct shadow_copy2_snaplist_info *snaps;
+ char *shadow_cwd; /* Absolute $cwd path. */
+ /* Absolute connectpath - can vary depending on $cwd. */
+ char *shadow_connectpath;
+ /* malloc'ed realpath return. */
+ char *shadow_realpath;
};
static int shadow_copy2_get_shadow_copy_data(
@@ -404,79 +410,254 @@
return result;
}
+static char *make_path_absolute(TALLOC_CTX *mem_ctx,
+ struct shadow_copy2_private *priv,
+ const char *name)
+{
+ char *newpath = NULL;
+ char *abs_path = NULL;
+
+ if (name[0] != '/') {
+ newpath = talloc_asprintf(mem_ctx,
+ "%s/%s",
+ priv->shadow_cwd,
+ name);
+ if (newpath == NULL) {
+ return NULL;
+ }
+ name = newpath;
+ }
+ abs_path = canonicalize_absolute_path(mem_ctx, name);
+ TALLOC_FREE(newpath);
+ return abs_path;
+}
+
+/* Return a $cwd-relative path. */
+static bool make_relative_path(const char *cwd, char *abs_path)
+{
+ size_t cwd_len = strlen(cwd);
+ size_t abs_len = strlen(abs_path);
+
+ if (abs_len < cwd_len) {
+ return false;
+ }
+ if (memcmp(abs_path, cwd, cwd_len) != 0) {
+ return false;
+ }
+ if (abs_path[cwd_len] != '/' && abs_path[cwd_len] != '\0') {
+ return false;
+ }
+ if (abs_path[cwd_len] == '/') {
+ cwd_len++;
+ }
+ memmove(abs_path, &abs_path[cwd_len], abs_len + 1 - cwd_len);
+ return true;
+}
+
+static bool shadow_copy2_snapshot_to_gmt(vfs_handle_struct *handle,
+ const char *name,
+ char *gmt, size_t gmt_len);
+
+/*
+ * Check if an incoming filename is already a snapshot converted pathname.
+ *
+ * If so, it returns the pathname truncated at the snapshot point which
+ * will be used as the connectpath.
+ */
+
+static int check_for_converted_path(TALLOC_CTX *mem_ctx,
+ struct vfs_handle_struct *handle,
+ struct shadow_copy2_private *priv,
+ char *abs_path,
+ bool *ppath_already_converted,
+ char **pconnectpath)
+{
+ size_t snapdirlen = 0;
+ char *p = strstr_m(abs_path, priv->config->snapdir);
+ char *q = NULL;
+ char *connect_path = NULL;
+ char snapshot[GMT_NAME_LEN+1];
+
+ *ppath_already_converted = false;
+
+ if (p == NULL) {
+ /* Must at least contain shadow:snapdir. */
+ return 0;
+ }
+
+ if (priv->config->snapdir[0] == '/' &&
+ p != abs_path) {
+ /* Absolute shadow:snapdir must be at the start. */
+ return 0;
+ }
+
+ snapdirlen = strlen(priv->config->snapdir);
+ if (p[snapdirlen] != '/') {
+ /* shadow:snapdir must end as a separate component. */
+ return 0;
+ }
+
+ if (p > abs_path && p[-1] != '/') {
+ /* shadow:snapdir must start as a separate component. */
+ return 0;
+ }
+
+ p += snapdirlen;
+ p++; /* Move past the / */
+
+ /*
+ * Need to return up to the next path
+ * component after the time.
+ * This will be used as the connectpath.
+ */
+ q = strchr(p, '/');
+ if (q == NULL) {
+ /*
+ * No next path component.
+ * Use entire string.
+ */
+ connect_path = talloc_strdup(mem_ctx,
+ abs_path);
+ } else {
+ connect_path = talloc_strndup(mem_ctx,
+ abs_path,
+ q - abs_path);
+ }
+ if (connect_path == NULL) {
+ return ENOMEM;
+ }
+
+ /*
+ * Point p at the same offset in connect_path as
+ * it is in abs_path.
+ */
+
+ p = &connect_path[p - abs_path];
+
+ /*
+ * Now ensure there is a time string at p.
+ * The SMB-format @GMT-token string is returned
+ * in snapshot.
+ */
+
+ if (!shadow_copy2_snapshot_to_gmt(handle,
+ p,
+ snapshot,
+ sizeof(snapshot))) {
+ TALLOC_FREE(connect_path);
+ return 0;
+ }
+
+ if (pconnectpath != NULL) {
+ *pconnectpath = connect_path;
+ }
+
+ *ppath_already_converted = true;
+
+ DBG_DEBUG("path |%s| is already converted. "
+ "connect path = |%s|\n",
+ abs_path,
+ connect_path);
+
+ return 0;
+}
+
/**
- * Strip a snapshot component from a filename as
- * handed in via the smb layer.
- * Returns the parsed timestamp and the stripped filename.
+ * This function does two things.
+ *
+ * 1). Checks if an incoming filename is already a
+ * snapshot converted pathname.
+ * If so, it returns the pathname truncated
+ * at the snapshot point which will be used
+ * as the connectpath, and then does an early return.
+ *
+ * 2). Checks if an incoming filename contains an
+ * SMB-layer @GMT- style timestamp.
+ * If so, it strips the timestamp, and returns
+ * both the timestamp and the stripped path
+ * (making it cwd-relative).
*/
-static bool shadow_copy2_strip_snapshot(TALLOC_CTX *mem_ctx,
+
+static bool shadow_copy2_strip_snapshot_internal(TALLOC_CTX *mem_ctx,
struct vfs_handle_struct *handle,
- const char *name,
+ const char *orig_name,
time_t *ptimestamp,
- char **pstripped)
+ char **pstripped,
+ char **psnappath)
{
struct tm tm;
- time_t timestamp;
+ time_t timestamp = 0;
const char *p;
char *q;
- char *stripped;
+ char *stripped = NULL;
size_t rest_len, dst_len;
struct shadow_copy2_private *priv;
- const char *snapdir;
- ssize_t snapdirlen;
ptrdiff_t len_before_gmt;
+ const char *name = orig_name;
+ char *abs_path = NULL;
+ bool ret = true;
+ bool already_converted = false;
+ int err = 0;
SMB_VFS_HANDLE_GET_DATA(handle, priv, struct shadow_copy2_private,
return false);
DEBUG(10, (__location__ ": enter path '%s'\n", name));
+ abs_path = make_path_absolute(mem_ctx, priv, name);
+ if (abs_path == NULL) {
+ ret = false;
+ goto out;
+ }
+ name = abs_path;
+
+ DEBUG(10, (__location__ ": abs path '%s'\n", name));
+
+ err = check_for_converted_path(mem_ctx,
+ handle,
+ priv,
+ abs_path,
+ &already_converted,
+ psnappath);
+ if (err != 0) {
+ /* error in conversion. */
+ ret = false;
+ goto out;
+ }
+
+ if (already_converted) {
+ goto out;
+ }
+
+ /*
+ * From here we're only looking to strip an
+ * SMB-layer @GMT- token.
+ */
+
p = strstr_m(name, "@GMT-");
if (p == NULL) {
DEBUG(11, ("@GMT not found\n"));
- goto no_snapshot;
+ goto out;
}
if ((p > name) && (p[-1] != '/')) {
/* the GMT-token does not start a path-component */
DEBUG(10, ("not at start, p=%p, name=%p, p[-1]=%d\n",
p, name, (int)p[-1]));
- goto no_snapshot;
+ goto out;
}
- /*
- * Figure out whether we got an already converted string. One
- * case where this happens is in a smb2 create call with the
- * mxac create blob set. We do the get_acl call on
- * fsp->fsp_name, which is already converted. We are converted
- * if we got a file name of the form ".snapshots/@GMT-",
- * i.e. ".snapshots/" precedes "p".
- */
-
- snapdir = lp_parm_const_string(SNUM(handle->conn), "shadow", "snapdir",
- ".snapshots");
- snapdirlen = strlen(snapdir);
len_before_gmt = p - name;
- if ((len_before_gmt >= (snapdirlen + 1)) && (p[-1] == '/')) {
- const char *parent_snapdir = p - (snapdirlen+1);
-
- DEBUG(10, ("parent_snapdir = %s\n", parent_snapdir));
-
- if (strncmp(parent_snapdir, snapdir, snapdirlen) == 0) {
- DEBUG(10, ("name=%s is already converted\n", name));
- goto no_snapshot;
- }
- }
q = strptime(p, GMT_FORMAT, &tm);
if (q == NULL) {
DEBUG(10, ("strptime failed\n"));
- goto no_snapshot;
+ goto out;
}
tm.tm_isdst = -1;
timestamp = timegm(&tm);
if (timestamp == (time_t)-1) {
DEBUG(10, ("timestamp==-1\n"));
- goto no_snapshot;
+ goto out;
}
if (q[0] == '\0') {
/*
@@ -496,12 +677,24 @@
stripped = talloc_strndup(mem_ctx, name,
len_before_gmt);
if (stripped == NULL) {
- return false;
+ ret = false;
+ goto out;
+ }
+ if (orig_name[0] != '/') {
+ if (make_relative_path(priv->shadow_cwd,
+ stripped) == false) {
+ DEBUG(10, (__location__ ": path '%s' "
+ "doesn't start with cwd '%s\n",
+ stripped, priv->shadow_cwd));
+ ret = false;
+ errno = ENOENT;
+ goto out;
+ }
}
*pstripped = stripped;
}
*ptimestamp = timestamp;
- return true;
+ goto out;
}
if (q[0] != '/') {
/*
@@ -509,75 +702,18 @@
* component continues after the gmt-token.
*/
DEBUG(10, ("q[0] = %d\n", (int)q[0]));
- goto no_snapshot;
+ goto out;
}
q += 1;
rest_len = strlen(q);
dst_len = len_before_gmt + rest_len;
- if (priv->config->snapdirseverywhere) {
- char *insert;
- bool have_insert;
- insert = shadow_copy2_insert_string(talloc_tos(), handle,
- timestamp);
- if (insert == NULL) {
- errno = ENOMEM;
- return false;
- }
-
- DEBUG(10, (__location__ ": snapdirseverywhere mode.\n"
- "path '%s'.\n"
- "insert string '%s'\n", name, insert));
-
- have_insert = (strstr(name, insert+1) != NULL);
- DEBUG(10, ("have_insert=%d, name=%s, insert+1=%s\n",
- (int)have_insert, name, insert+1));
- if (have_insert) {
- DEBUG(10, (__location__ ": insert string '%s' found in "
- "path '%s' found in snapdirseverywhere mode "
- "==> already converted\n", insert, name));
- TALLOC_FREE(insert);
- goto no_snapshot;
- }
- TALLOC_FREE(insert);
- } else {
- char *snapshot_path;
- char *s;
-
- snapshot_path = shadow_copy2_snapshot_path(talloc_tos(),
- handle,
- timestamp);
- if (snapshot_path == NULL) {
- errno = ENOMEM;
- return false;
- }
-
- DEBUG(10, (__location__ " path: '%s'.\n"
- "snapshot path: '%s'\n", name, snapshot_path));
-
- s = strstr(name, snapshot_path);
- if (s == name) {
- /*
- * this starts with "snapshot_basepath/GMT-Token"
- * so it is already a converted absolute
- * path. Don't process further.
- */
- DEBUG(10, (__location__ ": path '%s' starts with "
- "snapshot path '%s' (not in "
- "snapdirseverywhere mode) ==> "
- "already converted\n", name, snapshot_path));
- talloc_free(snapshot_path);
- goto no_snapshot;
- }
- talloc_free(snapshot_path);
- }
-
if (pstripped != NULL) {
stripped = talloc_array(mem_ctx, char, dst_len+1);
if (stripped == NULL) {
- errno = ENOMEM;
- return false;
+ ret = false;
+ goto out;
}
if (p > name) {
memcpy(stripped, name, len_before_gmt);
@@ -586,13 +722,39 @@
memcpy(stripped + len_before_gmt, q, rest_len);
}
stripped[dst_len] = '\0';
+ if (orig_name[0] != '/') {
+ if (make_relative_path(priv->shadow_cwd,
+ stripped) == false) {
+ DEBUG(10, (__location__ ": path '%s' "
+ "doesn't start with cwd '%s\n",
+ stripped, priv->shadow_cwd));
+ ret = false;
+ errno = ENOENT;
+ goto out;
+ }
+ }
*pstripped = stripped;
}
*ptimestamp = timestamp;
- return true;
-no_snapshot:
- *ptimestamp = 0;
- return true;
+ ret = true;
+
+ out:
+ TALLOC_FREE(abs_path);
+ return ret;
+}
+
+static bool shadow_copy2_strip_snapshot(TALLOC_CTX *mem_ctx,
+ struct vfs_handle_struct *handle,
+ const char *orig_name,
+ time_t *ptimestamp,
+ char **pstripped)
+{
+ return shadow_copy2_strip_snapshot_internal(mem_ctx,
+ handle,
+ orig_name,
+ ptimestamp,
+ pstripped,
+ NULL);
}
static char *shadow_copy2_find_mount_point(TALLOC_CTX *mem_ctx,
@@ -646,7 +808,8 @@
char *insert = NULL;
char *converted = NULL;
size_t insertlen, connectlen = 0;
- int i, saved_errno;
+ int saved_errno = 0;
+ int i;
size_t min_offset;
struct shadow_copy2_config *config;
struct shadow_copy2_private *priv;
@@ -832,12 +995,16 @@
errno = ENOENT;
}
fail:
- saved_errno = errno;
+ if (result == NULL) {
+ saved_errno = errno;
+ }
TALLOC_FREE(converted);
TALLOC_FREE(insert);
TALLOC_FREE(slashes);
TALLOC_FREE(path);
- errno = saved_errno;
+ if (saved_errno != 0) {
+ errno = saved_errno;
+ }
return result;
}
@@ -893,10 +1060,10 @@
const char *mask,
uint32_t attr)
{
- time_t timestamp;
- char *stripped;
+ time_t timestamp = 0;
+ char *stripped = NULL;
DIR *ret;
- int saved_errno;
+ int saved_errno = 0;
char *conv;
struct smb_filename *conv_smb_fname = NULL;
@@ -925,10 +1092,14 @@
return NULL;
}
ret = SMB_VFS_NEXT_OPENDIR(handle, conv_smb_fname, mask, attr);
- saved_errno = errno;
+ if (ret == NULL) {
+ saved_errno = errno;
+ }
TALLOC_FREE(conv);
TALLOC_FREE(conv_smb_fname);
- errno = saved_errno;
+ if (saved_errno != 0) {
+ errno = saved_errno;
+ }
return ret;
}
@@ -936,16 +1107,19 @@
const struct smb_filename *smb_fname_src,
const struct smb_filename *smb_fname_dst)
{
- time_t timestamp_src, timestamp_dst;
+ time_t timestamp_src = 0;
+ time_t timestamp_dst = 0;
+ char *snappath_src = NULL;
+ char *snappath_dst = NULL;
- if (!shadow_copy2_strip_snapshot(talloc_tos(), handle,
+ if (!shadow_copy2_strip_snapshot_internal(talloc_tos(), handle,
smb_fname_src->base_name,
- ×tamp_src, NULL)) {
+ ×tamp_src, NULL, &snappath_src)) {
return -1;
}
- if (!shadow_copy2_strip_snapshot(talloc_tos(), handle,
+ if (!shadow_copy2_strip_snapshot_internal(talloc_tos(), handle,
smb_fname_dst->base_name,
- ×tamp_dst, NULL)) {
+ ×tamp_dst, NULL, &snappath_dst)) {
return -1;
}
if (timestamp_src != 0) {
@@ -956,55 +1130,88 @@
errno = EROFS;
return -1;
}
+ /*
+ * Don't allow rename on already converted paths.
+ */
+ if (snappath_src != NULL) {
+ errno = EXDEV;
+ return -1;
+ }
+ if (snappath_dst != NULL) {
+ errno = EROFS;
+ return -1;
+ }
return SMB_VFS_NEXT_RENAME(handle, smb_fname_src, smb_fname_dst);
}
static int shadow_copy2_symlink(vfs_handle_struct *handle,
const char *oldname, const char *newname)
{
- time_t timestamp_old, timestamp_new;
+ time_t timestamp_old = 0;
+ time_t timestamp_new = 0;
+ char *snappath_old = NULL;
+ char *snappath_new = NULL;
- if (!shadow_copy2_strip_snapshot(talloc_tos(), handle, oldname,
- ×tamp_old, NULL)) {
+ if (!shadow_copy2_strip_snapshot_internal(talloc_tos(), handle, oldname,
+ ×tamp_old, NULL, &snappath_old)) {
return -1;
}
- if (!shadow_copy2_strip_snapshot(talloc_tos(), handle, newname,
- ×tamp_new, NULL)) {
+ if (!shadow_copy2_strip_snapshot_internal(talloc_tos(), handle, newname,
+ ×tamp_new, NULL, &snappath_new)) {
return -1;
}
if ((timestamp_old != 0) || (timestamp_new != 0)) {
errno = EROFS;
return -1;
}
+ /*
+ * Don't allow symlinks on already converted paths.
+ */
+ if ((snappath_old != NULL) || (snappath_new != NULL)) {
+ errno = EROFS;
+ return -1;
+ }
return SMB_VFS_NEXT_SYMLINK(handle, oldname, newname);
}
static int shadow_copy2_link(vfs_handle_struct *handle,
const char *oldname, const char *newname)
{
- time_t timestamp_old, timestamp_new;
+ time_t timestamp_old = 0;
+ time_t timestamp_new = 0;
+ char *snappath_old = NULL;
+ char *snappath_new = NULL;
- if (!shadow_copy2_strip_snapshot(talloc_tos(), handle, oldname,
- ×tamp_old, NULL)) {
+ if (!shadow_copy2_strip_snapshot_internal(talloc_tos(), handle, oldname,
+ ×tamp_old, NULL, &snappath_old)) {
return -1;
}
- if (!shadow_copy2_strip_snapshot(talloc_tos(), handle, newname,
- ×tamp_new, NULL)) {
+ if (!shadow_copy2_strip_snapshot_internal(talloc_tos(), handle, newname,
+ ×tamp_new, NULL, &snappath_new)) {
return -1;
}
if ((timestamp_old != 0) || (timestamp_new != 0)) {
errno = EROFS;
return -1;
}
+ /*
+ * Don't allow links on already converted paths.
+ */
+ if ((snappath_old != NULL) || (snappath_new != NULL)) {
+ errno = EROFS;
+ return -1;
+ }
return SMB_VFS_NEXT_LINK(handle, oldname, newname);
}
static int shadow_copy2_stat(vfs_handle_struct *handle,
struct smb_filename *smb_fname)
{
- time_t timestamp;
- char *stripped, *tmp;
- int ret, saved_errno;
+ time_t timestamp = 0;
+ char *stripped = NULL;
+ char *tmp;
+ int saved_errno = 0;
+ int ret;
if (!shadow_copy2_strip_snapshot(talloc_tos(), handle,
smb_fname->base_name,
@@ -1026,7 +1233,9 @@
}
ret = SMB_VFS_NEXT_STAT(handle, smb_fname);
- saved_errno = errno;
+ if (ret == -1) {
+ saved_errno = errno;
+ }
TALLOC_FREE(smb_fname->base_name);
smb_fname->base_name = tmp;
@@ -1034,16 +1243,20 @@
if (ret == 0) {
convert_sbuf(handle, smb_fname->base_name, &smb_fname->st);
}
- errno = saved_errno;
+ if (saved_errno != 0) {
+ errno = saved_errno;
+ }
return ret;
}
static int shadow_copy2_lstat(vfs_handle_struct *handle,
struct smb_filename *smb_fname)
{
- time_t timestamp;
- char *stripped, *tmp;
- int ret, saved_errno;
+ time_t timestamp = 0;
+ char *stripped = NULL;
+ char *tmp;
+ int saved_errno = 0;
+ int ret;
if (!shadow_copy2_strip_snapshot(talloc_tos(), handle,
smb_fname->base_name,
@@ -1065,7 +1278,9 @@
}
ret = SMB_VFS_NEXT_LSTAT(handle, smb_fname);
- saved_errno = errno;
+ if (ret == -1) {
+ saved_errno = errno;
+ }
TALLOC_FREE(smb_fname->base_name);
smb_fname->base_name = tmp;
@@ -1073,14 +1288,16 @@
if (ret == 0) {
convert_sbuf(handle, smb_fname->base_name, &smb_fname->st);
}
- errno = saved_errno;
+ if (saved_errno != 0) {
+ errno = saved_errno;
+ }
return ret;
}
static int shadow_copy2_fstat(vfs_handle_struct *handle, files_struct *fsp,
SMB_STRUCT_STAT *sbuf)
{
- time_t timestamp;
+ time_t timestamp = 0;
int ret;
ret = SMB_VFS_NEXT_FSTAT(handle, fsp, sbuf);
@@ -1102,9 +1319,11 @@
struct smb_filename *smb_fname, files_struct *fsp,
int flags, mode_t mode)
{
- time_t timestamp;
- char *stripped, *tmp;
- int ret, saved_errno;
+ time_t timestamp = 0;
+ char *stripped = NULL;
+ char *tmp;
+ int saved_errno = 0;
+ int ret;
if (!shadow_copy2_strip_snapshot(talloc_tos(), handle,
smb_fname->base_name,
@@ -1126,21 +1345,26 @@
}
ret = SMB_VFS_NEXT_OPEN(handle, smb_fname, fsp, flags, mode);
- saved_errno = errno;
+ if (ret == -1) {
+ saved_errno = errno;
+ }
TALLOC_FREE(smb_fname->base_name);
smb_fname->base_name = tmp;
- errno = saved_errno;
+ if (saved_errno != 0) {
+ errno = saved_errno;
+ }
return ret;
}
static int shadow_copy2_unlink(vfs_handle_struct *handle,
const struct smb_filename *smb_fname)
{
- time_t timestamp;
- char *stripped;
- int ret, saved_errno;
+ time_t timestamp = 0;
+ char *stripped = NULL;
+ int saved_errno = 0;
+ int ret;
struct smb_filename *conv;
if (!shadow_copy2_strip_snapshot(talloc_tos(), handle,
@@ -1163,9 +1387,13 @@
return -1;
}
ret = SMB_VFS_NEXT_UNLINK(handle, conv);
- saved_errno = errno;
+ if (ret == -1) {
+ saved_errno = errno;
+ }
TALLOC_FREE(conv);
- errno = saved_errno;
+ if (saved_errno != 0) {
+ errno = saved_errno;
+ }
return ret;
}
@@ -1173,9 +1401,10 @@
const struct smb_filename *smb_fname,
mode_t mode)
{
- time_t timestamp;
+ time_t timestamp = 0;
char *stripped = NULL;
- int ret, saved_errno;
+ int saved_errno = 0;
+ int ret;
char *conv = NULL;
struct smb_filename *conv_smb_fname;
@@ -1207,10 +1436,14 @@
}
ret = SMB_VFS_NEXT_CHMOD(handle, conv_smb_fname, mode);
- saved_errno = errno;
+ if (ret == -1) {
+ saved_errno = errno;
+ }
TALLOC_FREE(conv);
TALLOC_FREE(conv_smb_fname);
- errno = saved_errno;
+ if (saved_errno != 0) {
+ errno = saved_errno;
+ }
return ret;
}
@@ -1219,9 +1452,10 @@
uid_t uid,
gid_t gid)
{
- time_t timestamp;
- char *stripped;
- int ret, saved_errno;
+ time_t timestamp = 0;
+ char *stripped = NULL;
+ int saved_errno = 0;
+ int ret;
char *conv = NULL;
struct smb_filename *conv_smb_fname = NULL;
@@ -1251,37 +1485,96 @@
return -1;
}
ret = SMB_VFS_NEXT_CHOWN(handle, conv_smb_fname, uid, gid);
- saved_errno = errno;
+ if (ret == -1) {
+ saved_errno = errno;
+ }
TALLOC_FREE(conv);
TALLOC_FREE(conv_smb_fname);
- errno = saved_errno;
+ if (saved_errno != 0) {
+ errno = saved_errno;
+ }
return ret;
}
+static void store_cwd_data(vfs_handle_struct *handle,
+ const char *connectpath)
+{
+ struct shadow_copy2_private *priv = NULL;
+ char *cwd = NULL;
+
+ SMB_VFS_HANDLE_GET_DATA(handle, priv, struct shadow_copy2_private,
+ return);
+
+ TALLOC_FREE(priv->shadow_cwd);
+ cwd = SMB_VFS_NEXT_GETWD(handle);
+ if (cwd == NULL) {
+ smb_panic("getwd failed\n");
+ }
+ DBG_DEBUG("shadow cwd = %s\n", cwd);
+ priv->shadow_cwd = talloc_strdup(priv, cwd);
+ SAFE_FREE(cwd);
+ if (priv->shadow_cwd == NULL) {
+ smb_panic("talloc failed\n");
+ }
+ TALLOC_FREE(priv->shadow_connectpath);
+ if (connectpath) {
+ DBG_DEBUG("shadow conectpath = %s\n", connectpath);
+ priv->shadow_connectpath = talloc_strdup(priv, connectpath);
+ if (priv->shadow_connectpath == NULL) {
+ smb_panic("talloc failed\n");
+ }
+ }
+}
+
static int shadow_copy2_chdir(vfs_handle_struct *handle,
const char *fname)
{
- time_t timestamp;
- char *stripped;
- int ret, saved_errno;
- char *conv;
+ time_t timestamp = 0;
+ char *stripped = NULL;
+ char *snappath = NULL;
+ int ret = -1;
+ int saved_errno = 0;
+ char *conv = NULL;
+ size_t rootpath_len = 0;
- if (!shadow_copy2_strip_snapshot(talloc_tos(), handle, fname,
- ×tamp, &stripped)) {
+ if (!shadow_copy2_strip_snapshot_internal(talloc_tos(), handle, fname,
+ ×tamp, &stripped, &snappath)) {
return -1;
}
- if (timestamp == 0) {
- return SMB_VFS_NEXT_CHDIR(handle, fname);
+ if (stripped != NULL) {
+ conv = shadow_copy2_do_convert(talloc_tos(),
+ handle,
+ stripped,
+ timestamp,
+ &rootpath_len);
+ TALLOC_FREE(stripped);
+ if (conv == NULL) {
+ return -1;
+ }
+ fname = conv;
}
- conv = shadow_copy2_convert(talloc_tos(), handle, stripped, timestamp);
- TALLOC_FREE(stripped);
- if (conv == NULL) {
- return -1;
+
+ ret = SMB_VFS_NEXT_CHDIR(handle, fname);
+ if (ret == -1) {
+ saved_errno = errno;
}
- ret = SMB_VFS_NEXT_CHDIR(handle, conv);
- saved_errno = errno;
+
+ if (ret == 0) {
+ if (conv != NULL && rootpath_len != 0) {
+ conv[rootpath_len] = '\0';
+ } else if (snappath != 0) {
+ TALLOC_FREE(conv);
+ conv = snappath;
+ }
+ store_cwd_data(handle, conv);
+ }
+
+ TALLOC_FREE(stripped);
TALLOC_FREE(conv);
- errno = saved_errno;
+
+ if (saved_errno != 0) {
+ errno = saved_errno;
+ }
return ret;
}
@@ -1289,9 +1582,10 @@
const struct smb_filename *smb_fname,
struct smb_file_time *ft)
{
- time_t timestamp;
- char *stripped;
- int ret, saved_errno;
+ time_t timestamp = 0;
+ char *stripped = NULL;
+ int saved_errno = 0;
+ int ret;
struct smb_filename *conv;
if (!shadow_copy2_strip_snapshot(talloc_tos(), handle,
@@ -1314,18 +1608,23 @@
return -1;
}
ret = SMB_VFS_NEXT_NTIMES(handle, conv, ft);
- saved_errno = errno;
+ if (ret == -1) {
+ saved_errno = errno;
+ }
TALLOC_FREE(conv);
- errno = saved_errno;
+ if (saved_errno != 0) {
+ errno = saved_errno;
+ }
return ret;
}
static int shadow_copy2_readlink(vfs_handle_struct *handle,
const char *fname, char *buf, size_t bufsiz)
{
- time_t timestamp;
- char *stripped;
- int ret, saved_errno;
+ time_t timestamp = 0;
+ char *stripped = NULL;
+ int saved_errno = 0;
+ int ret;
char *conv;
if (!shadow_copy2_strip_snapshot(talloc_tos(), handle, fname,
@@ -1341,18 +1640,23 @@
return -1;
}
ret = SMB_VFS_NEXT_READLINK(handle, conv, buf, bufsiz);
- saved_errno = errno;
+ if (ret == -1) {
+ saved_errno = errno;
+ }
TALLOC_FREE(conv);
- errno = saved_errno;
+ if (saved_errno != 0) {
+ errno = saved_errno;
+ }
return ret;
}
static int shadow_copy2_mknod(vfs_handle_struct *handle,
const char *fname, mode_t mode, SMB_DEV_T dev)
{
- time_t timestamp;
- char *stripped;
- int ret, saved_errno;
+ time_t timestamp = 0;
+ char *stripped = NULL;
+ int saved_errno = 0;
+ int ret;
char *conv;
if (!shadow_copy2_strip_snapshot(talloc_tos(), handle, fname,
@@ -1368,20 +1672,24 @@
return -1;
}
ret = SMB_VFS_NEXT_MKNOD(handle, conv, mode, dev);
- saved_errno = errno;
+ if (ret == -1) {
+ saved_errno = errno;
+ }
TALLOC_FREE(conv);
- errno = saved_errno;
+ if (saved_errno != 0) {
+ errno = saved_errno;
+ }
return ret;
}
static char *shadow_copy2_realpath(vfs_handle_struct *handle,
const char *fname)
{
- time_t timestamp;
+ time_t timestamp = 0;
char *stripped = NULL;
char *tmp = NULL;
char *result = NULL;
- int saved_errno;
+ int saved_errno = 0;
if (!shadow_copy2_strip_snapshot(talloc_tos(), handle, fname,
×tamp, &stripped)) {
@@ -1399,10 +1707,14 @@
result = SMB_VFS_NEXT_REALPATH(handle, tmp);
done:
- saved_errno = errno;
+ if (result == NULL) {
+ saved_errno = errno;
+ }
TALLOC_FREE(tmp);
TALLOC_FREE(stripped);
- errno = saved_errno;
+ if (saved_errno != 0) {
+ errno = saved_errno;
+ }
return result;
}
@@ -1805,8 +2117,8 @@
TALLOC_CTX *mem_ctx,
struct security_descriptor **ppdesc)
{
- time_t timestamp;
- char *stripped;
+ time_t timestamp = 0;
+ char *stripped = NULL;
NTSTATUS status;
char *conv;
struct smb_filename *smb_fname = NULL;
@@ -1849,8 +2161,8 @@
TALLOC_CTX *mem_ctx,
struct security_descriptor **ppdesc)
{
- time_t timestamp;
- char *stripped;
+ time_t timestamp = 0;
+ char *stripped = NULL;
NTSTATUS status;
char *conv;
struct smb_filename *conv_smb_fname = NULL;
@@ -1891,9 +2203,10 @@
const struct smb_filename *smb_fname,
mode_t mode)
{
- time_t timestamp;
- char *stripped;
- int ret, saved_errno;
+ time_t timestamp = 0;
+ char *stripped = NULL;
+ int saved_errno = 0;
+ int ret;
char *conv;
struct smb_filename *conv_smb_fname = NULL;
@@ -1922,19 +2235,24 @@
return -1;
}
ret = SMB_VFS_NEXT_MKDIR(handle, conv_smb_fname, mode);
- saved_errno = errno;
+ if (ret == -1) {
+ saved_errno = errno;
+ }
TALLOC_FREE(conv);
TALLOC_FREE(conv_smb_fname);
- errno = saved_errno;
+ if (saved_errno != 0) {
+ errno = saved_errno;
+ }
return ret;
}
static int shadow_copy2_rmdir(vfs_handle_struct *handle,
const struct smb_filename *smb_fname)
{
- time_t timestamp;
- char *stripped;
- int ret, saved_errno;
+ time_t timestamp = 0;
+ char *stripped = NULL;
+ int saved_errno = 0;
+ int ret;
char *conv;
struct smb_filename *conv_smb_fname = NULL;
@@ -1963,19 +2281,24 @@
return -1;
}
ret = SMB_VFS_NEXT_RMDIR(handle, conv_smb_fname);
- saved_errno = errno;
+ if (ret == -1) {
+ saved_errno = errno;
+ }
TALLOC_FREE(conv_smb_fname);
TALLOC_FREE(conv);
- errno = saved_errno;
+ if (saved_errno != 0) {
+ errno = saved_errno;
+ }
return ret;
}
static int shadow_copy2_chflags(vfs_handle_struct *handle, const char *fname,
unsigned int flags)
{
- time_t timestamp;
- char *stripped;
- int ret, saved_errno;
+ time_t timestamp = 0;
+ char *stripped = NULL;
+ int saved_errno = 0;
+ int ret;
char *conv;
if (!shadow_copy2_strip_snapshot(talloc_tos(), handle, fname,
@@ -1991,9 +2314,13 @@
return -1;
}
ret = SMB_VFS_NEXT_CHFLAGS(handle, conv, flags);
- saved_errno = errno;
+ if (ret == -1) {
+ saved_errno = errno;
+ }
TALLOC_FREE(conv);
- errno = saved_errno;
+ if (saved_errno != 0) {
+ errno = saved_errno;
+ }
return ret;
}
@@ -2001,10 +2328,10 @@
const char *fname, const char *aname,
void *value, size_t size)
{
- time_t timestamp;
- char *stripped;
+ time_t timestamp = 0;
+ char *stripped = NULL;
ssize_t ret;
- int saved_errno;
+ int saved_errno = 0;
char *conv;
if (!shadow_copy2_strip_snapshot(talloc_tos(), handle, fname,
@@ -2021,9 +2348,13 @@
return -1;
}
ret = SMB_VFS_NEXT_GETXATTR(handle, conv, aname, value, size);
- saved_errno = errno;
+ if (ret == -1) {
+ saved_errno = errno;
+ }
TALLOC_FREE(conv);
- errno = saved_errno;
+ if (saved_errno != 0) {
+ errno = saved_errno;
+ }
return ret;
}
@@ -2031,10 +2362,10 @@
const char *fname,
char *list, size_t size)
{
- time_t timestamp;
- char *stripped;
+ time_t timestamp = 0;
+ char *stripped = NULL;
ssize_t ret;
- int saved_errno;
+ int saved_errno = 0;
char *conv;
if (!shadow_copy2_strip_snapshot(talloc_tos(), handle, fname,
@@ -2050,18 +2381,23 @@
return -1;
}
ret = SMB_VFS_NEXT_LISTXATTR(handle, conv, list, size);
- saved_errno = errno;
+ if (ret == -1) {
+ saved_errno = errno;
+ }
TALLOC_FREE(conv);
- errno = saved_errno;
+ if (saved_errno != 0) {
+ errno = saved_errno;
+ }
return ret;
}
static int shadow_copy2_removexattr(vfs_handle_struct *handle,
const char *fname, const char *aname)
{
- time_t timestamp;
- char *stripped;
- int ret, saved_errno;
+ time_t timestamp = 0;
+ char *stripped = NULL;
+ int saved_errno = 0;
+ int ret;
char *conv;
if (!shadow_copy2_strip_snapshot(talloc_tos(), handle, fname,
@@ -2077,9 +2413,13 @@
return -1;
}
ret = SMB_VFS_NEXT_REMOVEXATTR(handle, conv, aname);
- saved_errno = errno;
+ if (ret == -1) {
+ saved_errno = errno;
+ }
TALLOC_FREE(conv);
- errno = saved_errno;
+ if (saved_errno != 0) {
+ errno = saved_errno;
+ }
return ret;
}
@@ -2088,10 +2428,10 @@
const char *aname, const void *value,
size_t size, int flags)
{
- time_t timestamp;
- char *stripped;
+ time_t timestamp = 0;
+ char *stripped = NULL;
ssize_t ret;
- int saved_errno;
+ int saved_errno = 0;
char *conv;
if (!shadow_copy2_strip_snapshot(talloc_tos(), handle, fname,
@@ -2108,9 +2448,13 @@
return -1;
}
ret = SMB_VFS_NEXT_SETXATTR(handle, conv, aname, value, size, flags);
- saved_errno = errno;
+ if (ret == -1) {
+ saved_errno = errno;
+ }
TALLOC_FREE(conv);
- errno = saved_errno;
+ if (saved_errno != 0) {
+ errno = saved_errno;
+ }
return ret;
}
@@ -2118,10 +2462,10 @@
const struct smb_filename *smb_fname,
mode_t mode)
{
- time_t timestamp;
- char *stripped;
+ time_t timestamp = 0;
+ char *stripped = NULL;
ssize_t ret;
- int saved_errno;
+ int saved_errno = 0;
char *conv = NULL;
struct smb_filename *conv_smb_fname = NULL;
@@ -2151,10 +2495,14 @@
return -1;
}
ret = SMB_VFS_NEXT_CHMOD_ACL(handle, conv_smb_fname, mode);
- saved_errno = errno;
+ if (ret == -1) {
+ saved_errno = errno;
+ }
TALLOC_FREE(conv);
TALLOC_FREE(conv_smb_fname);
- errno = saved_errno;
+ if (saved_errno != 0) {
+ errno = saved_errno;
+ }
return ret;
}
@@ -2164,10 +2512,10 @@
TALLOC_CTX *mem_ctx,
char **found_name)
{
- time_t timestamp;
- char *stripped;
+ time_t timestamp = 0;
+ char *stripped = NULL;
ssize_t ret;
- int saved_errno;
+ int saved_errno = 0;
char *conv;
DEBUG(10, ("shadow_copy2_get_real_filename called for path=[%s], "
@@ -2194,25 +2542,39 @@
ret = SMB_VFS_NEXT_GET_REAL_FILENAME(handle, conv, name,
mem_ctx, found_name);
DEBUG(10, ("NEXT_REAL_FILE_NAME returned %d\n", (int)ret));
- saved_errno = errno;
+ if (ret == -1) {
+ saved_errno = errno;
+ }
TALLOC_FREE(conv);
- errno = saved_errno;
+ if (saved_errno != 0) {
+ errno = saved_errno;
+ }
return ret;
}
static const char *shadow_copy2_connectpath(struct vfs_handle_struct *handle,
const char *fname)
{
- time_t timestamp;
+ time_t timestamp = 0;
char *stripped = NULL;
char *tmp = NULL;
char *result = NULL;
char *parent_dir = NULL;
- int saved_errno;
+ int saved_errno = 0;
size_t rootpath_len = 0;
+ struct shadow_copy2_private *priv = NULL;
+
+ SMB_VFS_HANDLE_GET_DATA(handle, priv, struct shadow_copy2_private,
+ return NULL);
DBG_DEBUG("Calc connect path for [%s]\n", fname);
+ if (priv->shadow_connectpath != NULL) {
+ DBG_DEBUG("cached connect path is [%s]\n",
+ priv->shadow_connectpath);
+ return priv->shadow_connectpath;
+ }
+
if (!shadow_copy2_strip_snapshot(talloc_tos(), handle, fname,
×tamp, &stripped)) {
goto done;
@@ -2263,14 +2625,25 @@
goto done;
}
+ /*
+ * SMB_VFS_NEXT_REALPATH returns a malloc'ed string.
+ * Don't leak memory.
+ */
+ SAFE_FREE(priv->shadow_realpath);
+ priv->shadow_realpath = result;
+
DBG_DEBUG("connect path is [%s]\n", result);
done:
- saved_errno = errno;
+ if (result == NULL) {
+ saved_errno = errno;
+ }
TALLOC_FREE(tmp);
TALLOC_FREE(stripped);
TALLOC_FREE(parent_dir);
- errno = saved_errno;
+ if (saved_errno != 0) {
+ errno = saved_errno;
+ }
return result;
}
@@ -2278,10 +2651,10 @@
const char *path, uint64_t *bsize,
uint64_t *dfree, uint64_t *dsize)
{
- time_t timestamp;
- char *stripped;
+ time_t timestamp = 0;
+ char *stripped = NULL;
ssize_t ret;
- int saved_errno;
+ int saved_errno = 0;
char *conv;
if (!shadow_copy2_strip_snapshot(talloc_tos(), handle, path,
@@ -2301,9 +2674,13 @@
ret = SMB_VFS_NEXT_DISK_FREE(handle, conv, bsize, dfree, dsize);
- saved_errno = errno;
+ if (ret == -1) {
+ saved_errno = errno;
+ }
TALLOC_FREE(conv);
- errno = saved_errno;
+ if (saved_errno != 0) {
+ errno = saved_errno;
+ }
return ret;
}
@@ -2312,10 +2689,10 @@
enum SMB_QUOTA_TYPE qtype, unid_t id,
SMB_DISK_QUOTA *dq)
{
- time_t timestamp;
- char *stripped;
+ time_t timestamp = 0;
+ char *stripped = NULL;
int ret;
- int saved_errno;
+ int saved_errno = 0;
char *conv;
if (!shadow_copy2_strip_snapshot(talloc_tos(), handle, path, ×tamp,
@@ -2334,13 +2711,23 @@
ret = SMB_VFS_NEXT_GET_QUOTA(handle, conv, qtype, id, dq);
- saved_errno = errno;
+ if (ret == -1) {
+ saved_errno = errno;
+ }
TALLOC_FREE(conv);
- errno = saved_errno;
+ if (saved_errno != 0) {
+ errno = saved_errno;
+ }
return ret;
}
+static int shadow_copy2_private_destructor(struct shadow_copy2_private *priv)
+{
+ SAFE_FREE(priv->shadow_realpath);
+ return 0;
+}
+
static int shadow_copy2_connect(struct vfs_handle_struct *handle,
const char *service, const char *user)
{
@@ -2372,6 +2759,8 @@
return -1;
}
+ talloc_set_destructor(priv, shadow_copy2_private_destructor);
+
priv->snaps = talloc_zero(priv, struct shadow_copy2_snaplist_info);
if (priv->snaps == NULL) {
DBG_ERR("talloc_zero() failed\n");
@@ -2398,6 +2787,15 @@
return -1;
}
+ /* config->gmt_format must not contain a path separator. */
+ if (strchr(config->gmt_format, '/') != NULL) {
+ DEBUG(0, ("shadow:format %s must not contain a /"
+ "character. Unable to initialize module.\n",
+ config->gmt_format));
+ errno = EINVAL;
+ return -1;
+ }
+
config->use_sscanf = lp_parm_bool(SNUM(handle->conn),
"shadow", "sscanf", false);
@@ -2582,7 +2980,7 @@
}
if (config->rel_connectpath == NULL &&
- strlen(basedir) != strlen(handle->conn->connectpath)) {
+ strlen(basedir) < strlen(handle->conn->connectpath)) {
config->rel_connectpath = talloc_strdup(config,
handle->conn->connectpath + strlen(basedir));
if (config->rel_connectpath == NULL) {
@@ -2620,6 +3018,11 @@
}
}
+ trim_string(config->mount_point, NULL, "/");
+ trim_string(config->rel_connectpath, "/", "/");
+ trim_string(config->snapdir, NULL, "/");
+ trim_string(config->snapshot_basepath, NULL, "/");
+
DEBUG(10, ("shadow_copy2_connect: configuration:\n"
" share root: '%s'\n"
" mountpoint: '%s'\n"
diff -Nru samba-4.5.4+dfsg/source3/modules/vfs_streams_xattr.c samba-4.5.8+dfsg/source3/modules/vfs_streams_xattr.c
--- samba-4.5.4+dfsg/source3/modules/vfs_streams_xattr.c 2017-01-17 19:55:44.000000000 +0000
+++ samba-4.5.8+dfsg/source3/modules/vfs_streams_xattr.c 2017-03-09 09:21:43.000000000 +0000
@@ -264,7 +264,7 @@
return -1;
}
- sbuf->st_ex_size = get_xattr_size(handle->conn, fsp->base_fsp,
+ sbuf->st_ex_size = get_xattr_size(handle->conn, fsp,
io->base, io->xattr_name);
if (sbuf->st_ex_size == -1) {
return -1;
@@ -399,6 +399,7 @@
char *xattr_name = NULL;
int baseflags;
int hostfd = -1;
+ int ret;
DEBUG(10, ("streams_xattr_open called for %s with flags 0x%x\n",
smb_fname_str_dbg(smb_fname), flags));
@@ -410,7 +411,6 @@
/* If the default stream is requested, just open the base file. */
if (is_ntfs_default_stream_smb_fname(smb_fname)) {
char *tmp_stream_name;
- int ret;
tmp_stream_name = smb_fname->stream_name;
smb_fname->stream_name = NULL;
@@ -449,8 +449,8 @@
baseflags &= ~O_EXCL;
baseflags &= ~O_CREAT;
- hostfd = SMB_VFS_OPEN(handle->conn, smb_fname_base, fsp,
- baseflags, mode);
+ hostfd = SMB_VFS_NEXT_OPEN(handle, smb_fname_base, fsp,
+ baseflags, mode);
/* It is legit to open a stream on a directory, but the base
* fd has to be read-only.
@@ -458,8 +458,8 @@
if ((hostfd == -1) && (errno == EISDIR)) {
baseflags &= ~O_ACCMODE;
baseflags |= O_RDONLY;
- hostfd = SMB_VFS_OPEN(handle->conn, smb_fname_base, fsp, baseflags,
- mode);
+ hostfd = SMB_VFS_NEXT_OPEN(handle, smb_fname_base, fsp, baseflags,
+ mode);
}
TALLOC_FREE(smb_fname_base);
@@ -500,20 +500,13 @@
DEBUG(10, ("creating or truncating attribute %s on file %s\n",
xattr_name, smb_fname->base_name));
- if (fsp->base_fsp->fh->fd != -1) {
- if (SMB_VFS_FSETXATTR(
- fsp->base_fsp, xattr_name,
+ fsp->fh->fd = hostfd;
+ ret = SMB_VFS_FSETXATTR(fsp, xattr_name,
&null, sizeof(null),
- flags & O_EXCL ? XATTR_CREATE : 0) == -1) {
- goto fail;
- }
- } else {
- if (SMB_VFS_SETXATTR(
- handle->conn, smb_fname->base_name,
- xattr_name, &null, sizeof(null),
- flags & O_EXCL ? XATTR_CREATE : 0) == -1) {
- goto fail;
- }
+ flags & O_EXCL ? XATTR_CREATE : 0);
+ fsp->fh->fd = -1;
+ if (ret != 0) {
+ goto fail;
}
}
@@ -527,8 +520,15 @@
sio->xattr_name = talloc_strdup(VFS_MEMCTX_FSP_EXTENSION(handle, fsp),
xattr_name);
+ /*
+ * so->base needs to be a copy of fsp->fsp_name->base_name,
+ * making it identical to streams_xattr_recheck(). If the
+ * open is changing directories, fsp->fsp_name->base_name
+ * will be the full path from the share root, whilst
+ * smb_fname will be relative to the $cwd.
+ */
sio->base = talloc_strdup(VFS_MEMCTX_FSP_EXTENSION(handle, fsp),
- smb_fname->base_name);
+ fsp->fsp_name->base_name);
sio->fsp_name_ptr = fsp->fsp_name;
sio->handle = handle;
sio->fsp = fsp;
@@ -547,7 +547,7 @@
* we don't have a full fsp yet
*/
fsp->fh->fd = hostfd;
- SMB_VFS_CLOSE(fsp);
+ SMB_VFS_NEXT_CLOSE(handle, fsp);
}
return -1;
@@ -961,7 +961,7 @@
return -1;
}
- status = get_ea_value(talloc_tos(), handle->conn, fsp->base_fsp,
+ status = get_ea_value(talloc_tos(), handle->conn, fsp,
sio->base, sio->xattr_name, &ea);
if (!NT_STATUS_IS_OK(status)) {
return -1;
@@ -985,13 +985,13 @@
memcpy(ea.value.data + offset, data, n);
- if (fsp->base_fsp->fh->fd != -1) {
- ret = SMB_VFS_FSETXATTR(fsp->base_fsp,
+ if (fsp->fh->fd != -1) {
+ ret = SMB_VFS_FSETXATTR(fsp,
sio->xattr_name,
ea.value.data, ea.value.length, 0);
} else {
ret = SMB_VFS_SETXATTR(fsp->conn,
- fsp->base_fsp->fsp_name->base_name,
+ fsp->fsp_name->base_name,
sio->xattr_name,
ea.value.data, ea.value.length, 0);
}
@@ -1025,7 +1025,7 @@
return -1;
}
- status = get_ea_value(talloc_tos(), handle->conn, fsp->base_fsp,
+ status = get_ea_value(talloc_tos(), handle->conn, fsp,
sio->base, sio->xattr_name, &ea);
if (!NT_STATUS_IS_OK(status)) {
return -1;
@@ -1070,7 +1070,7 @@
return -1;
}
- status = get_ea_value(talloc_tos(), handle->conn, fsp->base_fsp,
+ status = get_ea_value(talloc_tos(), handle->conn, fsp,
sio->base, sio->xattr_name, &ea);
if (!NT_STATUS_IS_OK(status)) {
return -1;
@@ -1095,13 +1095,13 @@
ea.value.length = offset + 1;
ea.value.data[offset] = 0;
- if (fsp->base_fsp->fh->fd != -1) {
- ret = SMB_VFS_FSETXATTR(fsp->base_fsp,
+ if (fsp->fh->fd != -1) {
+ ret = SMB_VFS_FSETXATTR(fsp,
sio->xattr_name,
ea.value.data, ea.value.length, 0);
} else {
ret = SMB_VFS_SETXATTR(fsp->conn,
- fsp->base_fsp->fsp_name->base_name,
+ fsp->fsp_name->base_name,
sio->xattr_name,
ea.value.data, ea.value.length, 0);
}
diff -Nru samba-4.5.4+dfsg/source3/passdb/passdb.c samba-4.5.8+dfsg/source3/passdb/passdb.c
--- samba-4.5.4+dfsg/source3/passdb/passdb.c 2016-08-11 07:51:04.000000000 +0000
+++ samba-4.5.8+dfsg/source3/passdb/passdb.c 2017-03-09 09:21:43.000000000 +0000
@@ -2621,6 +2621,19 @@
status = NT_STATUS_NO_MEMORY;
goto fail;
}
+
+ /*
+ * It's not possible to use NTLMSSP with a domain trust account.
+ */
+ cli_credentials_set_kerberos_state(creds, CRED_MUST_USE_KERBEROS);
+ } else {
+ /*
+ * We can't use kerberos against an NT4 domain.
+ *
+ * We should have a mode that also disallows NTLMSSP here,
+ * as only NETLOGON SCHANNEL is possible.
+ */
+ cli_credentials_set_kerberos_state(creds, CRED_DONT_USE_KERBEROS);
}
ok = cli_credentials_set_username(creds, account_name, CRED_SPECIFIED);
@@ -2635,6 +2648,10 @@
status = NT_STATUS_NO_MEMORY;
goto fail;
}
+ /*
+ * We currently can't do kerberos just with an NTHASH.
+ */
+ cli_credentials_set_kerberos_state(creds, CRED_DONT_USE_KERBEROS);
goto done;
}
diff -Nru samba-4.5.4+dfsg/source3/rpc_client/cli_pipe.c samba-4.5.8+dfsg/source3/rpc_client/cli_pipe.c
--- samba-4.5.4+dfsg/source3/rpc_client/cli_pipe.c 2016-08-11 07:51:04.000000000 +0000
+++ samba-4.5.8+dfsg/source3/rpc_client/cli_pipe.c 2017-03-09 09:21:43.000000000 +0000
@@ -948,8 +948,7 @@
status = dcerpc_pull_ncacn_packet(state->pkt,
&state->incoming_frag,
- state->pkt,
- !state->endianess);
+ state->pkt);
if (!NT_STATUS_IS_OK(status)) {
/*
* TODO: do a real async disconnect ...
diff -Nru samba-4.5.4+dfsg/source3/rpc_server/mdssvc/sparql_mapping.c samba-4.5.8+dfsg/source3/rpc_server/mdssvc/sparql_mapping.c
--- samba-4.5.4+dfsg/source3/rpc_server/mdssvc/sparql_mapping.c 2016-08-11 07:51:04.000000000 +0000
+++ samba-4.5.8+dfsg/source3/rpc_server/mdssvc/sparql_mapping.c 2017-03-09 09:21:43.000000000 +0000
@@ -133,6 +133,11 @@
.type = ssmt_type,
.sparql_attr = NULL,
},
+ {
+ .spotlight_attr = "kMDItemContentType",
+ .type = ssmt_type,
+ .sparql_attr = NULL,
+ },
/* Image metadata */
{
diff -Nru samba-4.5.4+dfsg/source3/rpc_server/rpc_service_setup.c samba-4.5.8+dfsg/source3/rpc_server/rpc_service_setup.c
--- samba-4.5.4+dfsg/source3/rpc_server/rpc_service_setup.c 2016-09-13 08:21:35.000000000 +0000
+++ samba-4.5.8+dfsg/source3/rpc_server/rpc_service_setup.c 2017-03-09 09:21:43.000000000 +0000
@@ -535,18 +535,15 @@
/* Initialize shared modules */
mod_init_fns = load_samba_modules(tmp_ctx, "rpc");
- if (mod_init_fns == NULL) {
- if (errno != ENOENT) {
- /*
- * ENOENT means the directory doesn't exist
- * which can happen if all modules are
- * static. So ENOENT is ok, everything else is
- * not ok.
- */
- DBG_ERR("Loading shared RPC modules failed [%s]\n",
- strerror(errno));
- ok = false;
- }
+ if ((mod_init_fns == NULL) && (errno != ENOENT)) {
+ /*
+ * ENOENT means the directory doesn't exist which can happen if
+ * all modules are static. So ENOENT is ok, everything else is
+ * not ok.
+ */
+ DBG_ERR("Loading shared RPC modules failed [%s]\n",
+ strerror(errno));
+ ok = false;
goto done;
}
diff -Nru samba-4.5.4+dfsg/source3/rpc_server/wscript_build samba-4.5.8+dfsg/source3/rpc_server/wscript_build
--- samba-4.5.4+dfsg/source3/rpc_server/wscript_build 2016-08-11 07:51:04.000000000 +0000
+++ samba-4.5.8+dfsg/source3/rpc_server/wscript_build 2017-03-09 09:21:43.000000000 +0000
@@ -39,6 +39,10 @@
NDR_NAMED_PIPE_AUTH
''')
+bld.SAMBA3_SUBSYSTEM('RPC_MODULES',
+ source='rpc_modules.c',
+ deps='samba-util')
+
### RPC_SERVICES
bld.SAMBA3_SUBSYSTEM('RPC_DSSETUP',
source='''dssetup/srv_dssetup_nt.c
@@ -150,11 +154,12 @@
deps='samba-util')
bld.SAMBA3_SUBSYSTEM('RPC_SERVICE',
- source='rpc_service_setup.c rpc_modules.c',
+ source='rpc_service_setup.c',
deps='''
rpc
RPC_SERVER
RPC_SERVER_REGISTER
+ RPC_MODULES
RPC_SAMR
RPC_LSARPC
RPC_WINREG
@@ -192,6 +197,6 @@
deps='samba-util')
bld.SAMBA3_SUBSYSTEM('MDSSD',
- source='mdssd.c rpc_modules.c',
- deps='RPC_SOCK_HELPER samba-util',
+ source='mdssd.c',
+ deps='RPC_SOCK_HELPER RPC_MODULES samba-util',
enabled=bld.env.with_spotlight)
diff -Nru samba-4.5.4+dfsg/source3/script/tests/test_smbclient_encryption_off.sh samba-4.5.8+dfsg/source3/script/tests/test_smbclient_encryption_off.sh
--- samba-4.5.4+dfsg/source3/script/tests/test_smbclient_encryption_off.sh 1970-01-01 00:00:00.000000000 +0000
+++ samba-4.5.8+dfsg/source3/script/tests/test_smbclient_encryption_off.sh 2017-03-09 09:21:43.000000000 +0000
@@ -0,0 +1,65 @@
+#!/bin/sh
+
+if [ $# -lt 4 ]; then
+cat < $tmpfile < $tmpfile < $tmpfile <conn = conn;
- dirp->name_cache_size = lp_directory_name_cache_size(SNUM(conn));
+ dirp->dir = SMB_VFS_OPENDIR(conn, smb_dname, mask, attr);
- dirp->dir_smb_fname = cp_smb_filename(dirp, smb_dname);
- if (!dirp->dir_smb_fname) {
- errno = ENOMEM;
+ if (!dirp->dir) {
+ DEBUG(5,("OpenDir: Can't open %s. %s\n",
+ smb_dname->base_name,
+ strerror(errno) ));
goto fail;
}
+ dirp->conn = conn;
+ dirp->name_cache_size = lp_directory_name_cache_size(SNUM(conn));
+
if (sconn && !sconn->using_smb2) {
sconn->searches.dirhandles_open++;
}
talloc_set_destructor(dirp, smb_Dir_destructor);
- dirp->dir = SMB_VFS_OPENDIR(conn, dirp->dir_smb_fname, mask, attr);
-
- if (!dirp->dir) {
- DEBUG(5,("OpenDir: Can't open %s. %s\n",
- dirp->dir_smb_fname->base_name,
- strerror(errno) ));
- goto fail;
- }
-
return dirp;
fail:
@@ -1672,6 +1667,87 @@
return NULL;
}
+/****************************************************************************
+ Open a directory handle by pathname, ensuring it's under the share path.
+****************************************************************************/
+
+static struct smb_Dir *open_dir_safely(TALLOC_CTX *ctx,
+ connection_struct *conn,
+ const struct smb_filename *smb_dname,
+ const char *wcard,
+ uint32_t attr)
+{
+ struct smb_Dir *dir_hnd = NULL;
+ struct smb_filename *smb_fname_cwd = NULL;
+ char *saved_dir = vfs_GetWd(ctx, conn);
+ NTSTATUS status;
+
+ if (saved_dir == NULL) {
+ return NULL;
+ }
+
+ if (vfs_ChDir(conn, smb_dname->base_name) == -1) {
+ goto out;
+ }
+
+ smb_fname_cwd = synthetic_smb_fname(talloc_tos(),
+ ".",
+ NULL,
+ NULL,
+ smb_dname->flags);
+ if (smb_fname_cwd == NULL) {
+ goto out;
+ }
+
+ /*
+ * Now the directory is pinned, use
+ * REALPATH to ensure we can access it.
+ */
+ status = check_name(conn, ".");
+ if (!NT_STATUS_IS_OK(status)) {
+ goto out;
+ }
+
+ dir_hnd = OpenDir_internal(ctx,
+ conn,
+ smb_fname_cwd,
+ wcard,
+ attr);
+
+ if (dir_hnd == NULL) {
+ goto out;
+ }
+
+ /*
+ * OpenDir_internal only gets "." as the dir name.
+ * Store the real dir name here.
+ */
+
+ dir_hnd->dir_smb_fname = cp_smb_filename(dir_hnd, smb_dname);
+ if (!dir_hnd->dir_smb_fname) {
+ TALLOC_FREE(dir_hnd);
+ errno = ENOMEM;
+ }
+
+ out:
+
+ vfs_ChDir(conn, saved_dir);
+ TALLOC_FREE(saved_dir);
+ return dir_hnd;
+}
+
+struct smb_Dir *OpenDir(TALLOC_CTX *mem_ctx, connection_struct *conn,
+ const struct smb_filename *smb_dname,
+ const char *mask,
+ uint32_t attr)
+{
+ return open_dir_safely(mem_ctx,
+ conn,
+ smb_dname,
+ mask,
+ attr);
+}
+
/*******************************************************************
Open a directory from an fsp.
********************************************************************/
@@ -1685,7 +1761,17 @@
struct smbd_server_connection *sconn = conn->sconn;
if (!dirp) {
- return NULL;
+ goto fail;
+ }
+
+ if (!fsp->is_directory) {
+ errno = EBADF;
+ goto fail;
+ }
+
+ if (fsp->fh->fd == -1) {
+ errno = EBADF;
+ goto fail;
}
dirp->conn = conn;
@@ -1697,40 +1783,33 @@
goto fail;
}
- if (sconn && !sconn->using_smb2) {
- sconn->searches.dirhandles_open++;
- }
- talloc_set_destructor(dirp, smb_Dir_destructor);
-
- if (fsp->is_directory && fsp->fh->fd != -1) {
- dirp->dir = SMB_VFS_FDOPENDIR(fsp, mask, attr);
- if (dirp->dir != NULL) {
- dirp->fsp = fsp;
- } else {
- DEBUG(10,("OpenDir_fsp: SMB_VFS_FDOPENDIR on %s returned "
- "NULL (%s)\n",
- dirp->dir_smb_fname->base_name,
- strerror(errno)));
- if (errno != ENOSYS) {
- return NULL;
- }
+ dirp->dir = SMB_VFS_FDOPENDIR(fsp, mask, attr);
+ if (dirp->dir != NULL) {
+ dirp->fsp = fsp;
+ } else {
+ DEBUG(10,("OpenDir_fsp: SMB_VFS_FDOPENDIR on %s returned "
+ "NULL (%s)\n",
+ dirp->dir_smb_fname->base_name,
+ strerror(errno)));
+ if (errno != ENOSYS) {
+ goto fail;
}
}
if (dirp->dir == NULL) {
- /* FDOPENDIR didn't work. Use OPENDIR instead. */
- dirp->dir = SMB_VFS_OPENDIR(conn,
- dirp->dir_smb_fname,
+ /* FDOPENDIR is not supported. Use OPENDIR instead. */
+ TALLOC_FREE(dirp);
+ return open_dir_safely(mem_ctx,
+ conn,
+ fsp->fsp_name,
mask,
attr);
}
- if (!dirp->dir) {
- DEBUG(5,("OpenDir_fsp: Can't open %s. %s\n",
- dirp->dir_smb_fname->base_name,
- strerror(errno) ));
- goto fail;
+ if (sconn && !sconn->using_smb2) {
+ sconn->searches.dirhandles_open++;
}
+ talloc_set_destructor(dirp, smb_Dir_destructor);
return dirp;
diff -Nru samba-4.5.4+dfsg/source3/smbd/filename.c samba-4.5.8+dfsg/source3/smbd/filename.c
--- samba-4.5.4+dfsg/source3/smbd/filename.c 2016-12-05 08:18:44.000000000 +0000
+++ samba-4.5.8+dfsg/source3/smbd/filename.c 2017-03-31 06:25:18.000000000 +0000
@@ -220,6 +220,148 @@
return NT_STATUS_OK;
}
+/*
+ * Re-order a known good @GMT-token path.
+ */
+
+static NTSTATUS rearrange_snapshot_path(struct smb_filename *smb_fname,
+ char *startp,
+ char *endp)
+{
+ size_t endlen = 0;
+ size_t gmt_len = endp - startp;
+ char gmt_store[gmt_len + 1];
+ char *parent = NULL;
+ const char *last_component = NULL;
+ char *newstr;
+ bool ret;
+
+ DBG_DEBUG("|%s| -> ", smb_fname->base_name);
+
+ /* Save off the @GMT-token. */
+ memcpy(gmt_store, startp, gmt_len);
+ gmt_store[gmt_len] = '\0';
+
+ if (*endp == '/') {
+ /* Remove any trailing '/' */
+ endp++;
+ }
+
+ if (*endp == '\0') {
+ /*
+ * @GMT-token was at end of path.
+ * Remove any preceeding '/'
+ */
+ if (startp > smb_fname->base_name && startp[-1] == '/') {
+ startp--;
+ }
+ }
+
+ /* Remove @GMT-token from the path. */
+ endlen = strlen(endp);
+ memmove(startp, endp, endlen + 1);
+
+ /* Split the remaining path into components. */
+ ret = parent_dirname(smb_fname,
+ smb_fname->base_name,
+ &parent,
+ &last_component);
+ if (ret == false) {
+ /* Must terminate debug with \n */
+ DBG_DEBUG("NT_STATUS_NO_MEMORY\n");
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ if (ISDOT(parent)) {
+ if (last_component[0] == '\0') {
+ newstr = talloc_strdup(smb_fname,
+ gmt_store);
+ } else {
+ newstr = talloc_asprintf(smb_fname,
+ "%s/%s",
+ gmt_store,
+ last_component);
+ }
+ } else {
+ newstr = talloc_asprintf(smb_fname,
+ "%s/%s/%s",
+ gmt_store,
+ parent,
+ last_component);
+ }
+
+ TALLOC_FREE(parent);
+ TALLOC_FREE(smb_fname->base_name);
+ smb_fname->base_name = newstr;
+
+ DBG_DEBUG("|%s|\n", newstr);
+
+ return NT_STATUS_OK;
+}
+
+/*
+ * Canonicalize any incoming pathname potentially containining
+ * a @GMT-token into a path that looks like:
+ *
+ * @GMT-YYYY-MM-DD-HH-MM-SS/path/name/components/last_component
+ *
+ * Leaves single path @GMT-token -component alone:
+ *
+ * @GMT-YYYY-MM-DD-HH-MM-SS -> @GMT-YYYY-MM-DD-HH-MM-SS
+ *
+ * Eventually when struct smb_filename is updated and the VFS
+ * ABI is changed this will remove the @GMT-YYYY-MM-DD-HH-MM-SS
+ * and store in the struct smb_filename as a struct timeval field
+ * instead.
+ */
+
+static NTSTATUS canonicalize_snapshot_path(struct smb_filename *smb_fname)
+{
+ char *startp = strchr_m(smb_fname->base_name, '@');
+ char *endp = NULL;
+ struct tm tm;
+
+ if (startp == NULL) {
+ /* No @ */
+ return NT_STATUS_OK;
+ }
+
+ startp = strstr_m(startp, "@GMT-");
+ if (startp == NULL) {
+ /* No @ */
+ return NT_STATUS_OK;
+ }
+
+ if ((startp > smb_fname->base_name) && (startp[-1] != '/')) {
+ /* the GMT-token does not start a path-component */
+ return NT_STATUS_OK;
+ }
+
+ endp = strptime(startp, GMT_FORMAT, &tm);
+ if (endp == NULL) {
+ /* Not a valid timestring. */
+ return NT_STATUS_OK;
+ }
+
+ if ( endp[0] == '\0') {
+ return rearrange_snapshot_path(smb_fname,
+ startp,
+ endp);
+ }
+
+ if (endp[0] != '/') {
+ /*
+ * It is not a complete path component, i.e. the path
+ * component continues after the gmt-token.
+ */
+ return NT_STATUS_OK;
+ }
+
+ return rearrange_snapshot_path(smb_fname,
+ startp,
+ endp);
+}
+
/****************************************************************************
This routine is called to convert names from the dos namespace to unix
namespace. It needs to handle any case conversions, mangling, format changes,
@@ -356,6 +498,14 @@
goto err;
}
+ /* Canonicalize any @GMT- paths. */
+ if (posix_pathnames == false) {
+ status = canonicalize_snapshot_path(smb_fname);
+ if (!NT_STATUS_IS_OK(status)) {
+ goto err;
+ }
+ }
+
/*
* Large directory fix normalization. If we're case sensitive, and
* the case preserving parameters are set to "no", normalize the case of
@@ -1092,7 +1242,7 @@
}
if (!lp_widelinks(SNUM(conn)) || !lp_follow_symlinks(SNUM(conn))) {
- status = check_reduced_name(conn,name);
+ status = check_reduced_name(conn, NULL, name);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(5,("check_name: name %s failed with %s\n",name,
nt_errstr(status)));
diff -Nru samba-4.5.4+dfsg/source3/smbd/negprot.c samba-4.5.8+dfsg/source3/smbd/negprot.c
--- samba-4.5.4+dfsg/source3/smbd/negprot.c 2016-08-11 07:51:04.000000000 +0000
+++ samba-4.5.8+dfsg/source3/smbd/negprot.c 2017-03-09 09:21:43.000000000 +0000
@@ -544,6 +544,8 @@
struct smbXsrv_connection *xconn = req->xconn;
struct smbd_server_connection *sconn = req->sconn;
bool signing_required = true;
+ int max_proto;
+ int min_proto;
START_PROFILE(SMBnegprot);
@@ -688,11 +690,28 @@
FLAG_MSG_GENERAL|FLAG_MSG_SMBD
|FLAG_MSG_PRINT_GENERAL);
+ /*
+ * Anything higher than PROTOCOL_SMB2_10 still
+ * needs to go via "SMB 2.???", which is marked
+ * as PROTOCOL_SMB2_10.
+ *
+ * The real negotiation happens via reply_smb20ff()
+ * using SMB2 Negotiation.
+ */
+ max_proto = lp_server_max_protocol();
+ if (max_proto > PROTOCOL_SMB2_10) {
+ max_proto = PROTOCOL_SMB2_10;
+ }
+ min_proto = lp_server_min_protocol();
+ if (min_proto > PROTOCOL_SMB2_10) {
+ min_proto = PROTOCOL_SMB2_10;
+ }
+
/* Check for protocols, most desirable first */
for (protocol = 0; supported_protocols[protocol].proto_name; protocol++) {
i = 0;
- if ((supported_protocols[protocol].protocol_level <= lp_server_max_protocol()) &&
- (supported_protocols[protocol].protocol_level >= lp_server_min_protocol()))
+ if ((supported_protocols[protocol].protocol_level <= max_proto) &&
+ (supported_protocols[protocol].protocol_level >= min_proto))
while (i < num_cliprotos) {
if (strequal(cliprotos[i],supported_protocols[protocol].proto_name)) {
choice = i;
diff -Nru samba-4.5.4+dfsg/source3/smbd/open.c samba-4.5.8+dfsg/source3/smbd/open.c
--- samba-4.5.4+dfsg/source3/smbd/open.c 2017-01-17 19:55:44.000000000 +0000
+++ samba-4.5.8+dfsg/source3/smbd/open.c 2017-03-31 06:25:18.000000000 +0000
@@ -355,6 +355,269 @@
}
/****************************************************************************
+ Handle differing symlink errno's
+****************************************************************************/
+
+static int link_errno_convert(int err)
+{
+#if defined(ENOTSUP) && defined(OSF1)
+ /* handle special Tru64 errno */
+ if (err == ENOTSUP) {
+ err = ELOOP;
+ }
+#endif /* ENOTSUP */
+#ifdef EFTYPE
+ /* fix broken NetBSD errno */
+ if (err == EFTYPE) {
+ err = ELOOP;
+ }
+#endif /* EFTYPE */
+ /* fix broken FreeBSD errno */
+ if (err == EMLINK) {
+ err = ELOOP;
+ }
+ return err;
+}
+
+static int non_widelink_open(struct connection_struct *conn,
+ const char *conn_rootdir,
+ files_struct *fsp,
+ struct smb_filename *smb_fname,
+ int flags,
+ mode_t mode,
+ unsigned int link_depth);
+
+/****************************************************************************
+ Follow a symlink in userspace.
+****************************************************************************/
+
+static int process_symlink_open(struct connection_struct *conn,
+ const char *conn_rootdir,
+ files_struct *fsp,
+ struct smb_filename *smb_fname,
+ int flags,
+ mode_t mode,
+ unsigned int link_depth)
+{
+ int fd = -1;
+ char *link_target = NULL;
+ int link_len = -1;
+ char *oldwd = NULL;
+ size_t rootdir_len = 0;
+ char *resolved_name = NULL;
+ bool matched = false;
+ int saved_errno = 0;
+
+ /*
+ * Ensure we don't get stuck in a symlink loop.
+ */
+ link_depth++;
+ if (link_depth >= 20) {
+ errno = ELOOP;
+ goto out;
+ }
+
+ /* Allocate space for the link target. */
+ link_target = talloc_array(talloc_tos(), char, PATH_MAX);
+ if (link_target == NULL) {
+ errno = ENOMEM;
+ goto out;
+ }
+
+ /* Read the link target. */
+ link_len = SMB_VFS_READLINK(conn,
+ smb_fname->base_name,
+ link_target,
+ PATH_MAX - 1);
+ if (link_len == -1) {
+ goto out;
+ }
+
+ /* Ensure it's at least null terminated. */
+ link_target[link_len] = '\0';
+
+ /* Convert to an absolute path. */
+ resolved_name = SMB_VFS_REALPATH(conn, link_target);
+ if (resolved_name == NULL) {
+ goto out;
+ }
+
+ /*
+ * We know conn_rootdir starts with '/' and
+ * does not end in '/'. FIXME ! Should we
+ * smb_assert this ?
+ */
+ rootdir_len = strlen(conn_rootdir);
+
+ matched = (strncmp(conn_rootdir, resolved_name, rootdir_len) == 0);
+ if (!matched) {
+ errno = EACCES;
+ goto out;
+ }
+
+ /*
+ * Turn into a path relative to the share root.
+ */
+ if (resolved_name[rootdir_len] == '\0') {
+ /* Link to the root of the share. */
+ smb_fname->base_name = talloc_strdup(talloc_tos(), ".");
+ if (smb_fname->base_name == NULL) {
+ errno = ENOMEM;
+ goto out;
+ }
+ } else if (resolved_name[rootdir_len] == '/') {
+ smb_fname->base_name = &resolved_name[rootdir_len+1];
+ } else {
+ errno = EACCES;
+ goto out;
+ }
+
+ oldwd = vfs_GetWd(talloc_tos(), conn);
+ if (oldwd == NULL) {
+ goto out;
+ }
+
+ /* Ensure we operate from the root of the share. */
+ if (vfs_ChDir(conn, conn_rootdir) == -1) {
+ goto out;
+ }
+
+ /* And do it all again.. */
+ fd = non_widelink_open(conn,
+ conn_rootdir,
+ fsp,
+ smb_fname,
+ flags,
+ mode,
+ link_depth);
+ if (fd == -1) {
+ saved_errno = errno;
+ }
+
+ out:
+
+ SAFE_FREE(resolved_name);
+ TALLOC_FREE(link_target);
+ if (oldwd != NULL) {
+ int ret = vfs_ChDir(conn, oldwd);
+ if (ret == -1) {
+ smb_panic("unable to get back to old directory\n");
+ }
+ TALLOC_FREE(oldwd);
+ }
+ if (saved_errno != 0) {
+ errno = saved_errno;
+ }
+ return fd;
+}
+
+/****************************************************************************
+ Non-widelink open.
+****************************************************************************/
+
+static int non_widelink_open(struct connection_struct *conn,
+ const char *conn_rootdir,
+ files_struct *fsp,
+ struct smb_filename *smb_fname,
+ int flags,
+ mode_t mode,
+ unsigned int link_depth)
+{
+ NTSTATUS status;
+ int fd = -1;
+ struct smb_filename *smb_fname_rel = NULL;
+ int saved_errno = 0;
+ char *oldwd = NULL;
+ char *parent_dir = NULL;
+ const char *final_component = NULL;
+
+ if (!parent_dirname(talloc_tos(),
+ smb_fname->base_name,
+ &parent_dir,
+ &final_component)) {
+ goto out;
+ }
+
+ oldwd = vfs_GetWd(talloc_tos(), conn);
+ if (oldwd == NULL) {
+ goto out;
+ }
+
+ /* Pin parent directory in place. */
+ if (vfs_ChDir(conn, parent_dir) == -1) {
+ goto out;
+ }
+
+ /* Ensure the relative path is below the share. */
+ status = check_reduced_name(conn, parent_dir, final_component);
+ if (!NT_STATUS_IS_OK(status)) {
+ saved_errno = map_errno_from_nt_status(status);
+ goto out;
+ }
+
+ smb_fname_rel = synthetic_smb_fname(talloc_tos(),
+ final_component,
+ smb_fname->stream_name,
+ &smb_fname->st,
+ smb_fname->flags);
+
+ flags |= O_NOFOLLOW;
+
+ {
+ struct smb_filename *tmp_name = fsp->fsp_name;
+ fsp->fsp_name = smb_fname_rel;
+ fd = SMB_VFS_OPEN(conn, smb_fname_rel, fsp, flags, mode);
+ fsp->fsp_name = tmp_name;
+ }
+
+ if (fd == -1) {
+ saved_errno = link_errno_convert(errno);
+ if (saved_errno == ELOOP) {
+ if (fsp->posix_flags & FSP_POSIX_FLAGS_OPEN) {
+ /* Never follow symlinks on posix open. */
+ goto out;
+ }
+ if (!lp_follow_symlinks(SNUM(conn))) {
+ /* Explicitly no symlinks. */
+ goto out;
+ }
+ /*
+ * We have a symlink. Follow in userspace
+ * to ensure it's under the share definition.
+ */
+ fd = process_symlink_open(conn,
+ conn_rootdir,
+ fsp,
+ smb_fname_rel,
+ flags,
+ mode,
+ link_depth);
+ if (fd == -1) {
+ saved_errno =
+ link_errno_convert(errno);
+ }
+ }
+ }
+
+ out:
+
+ TALLOC_FREE(parent_dir);
+ TALLOC_FREE(smb_fname_rel);
+
+ if (oldwd != NULL) {
+ int ret = vfs_ChDir(conn, oldwd);
+ if (ret == -1) {
+ smb_panic("unable to get back to old directory\n");
+ }
+ TALLOC_FREE(oldwd);
+ }
+ if (saved_errno != 0) {
+ errno = saved_errno;
+ }
+ return fd;
+}
+
+/****************************************************************************
fd support routines - attempt to do a dos_open.
****************************************************************************/
@@ -366,8 +629,7 @@
struct smb_filename *smb_fname = fsp->fsp_name;
NTSTATUS status = NT_STATUS_OK;
-#ifdef O_NOFOLLOW
- /*
+ /*
* Never follow symlinks on a POSIX client. The
* client should be doing this.
*/
@@ -375,29 +637,31 @@
if ((fsp->posix_flags & FSP_POSIX_FLAGS_OPEN) || !lp_follow_symlinks(SNUM(conn))) {
flags |= O_NOFOLLOW;
}
-#endif
- fsp->fh->fd = SMB_VFS_OPEN(conn, smb_fname, fsp, flags, mode);
- if (fsp->fh->fd == -1) {
- int posix_errno = errno;
-#ifdef O_NOFOLLOW
-#if defined(ENOTSUP) && defined(OSF1)
- /* handle special Tru64 errno */
- if (errno == ENOTSUP) {
- posix_errno = ELOOP;
- }
-#endif /* ENOTSUP */
-#ifdef EFTYPE
- /* fix broken NetBSD errno */
- if (errno == EFTYPE) {
- posix_errno = ELOOP;
- }
-#endif /* EFTYPE */
- /* fix broken FreeBSD errno */
- if (errno == EMLINK) {
- posix_errno = ELOOP;
+ /* Ensure path is below share definition. */
+ if (!lp_widelinks(SNUM(conn))) {
+ const char *conn_rootdir = SMB_VFS_CONNECTPATH(conn,
+ smb_fname->base_name);
+ if (conn_rootdir == NULL) {
+ return NT_STATUS_NO_MEMORY;
}
-#endif /* O_NOFOLLOW */
+ /*
+ * Only follow symlinks within a share
+ * definition.
+ */
+ fsp->fh->fd = non_widelink_open(conn,
+ conn_rootdir,
+ fsp,
+ smb_fname,
+ flags,
+ mode,
+ 0);
+ } else {
+ fsp->fh->fd = SMB_VFS_OPEN(conn, smb_fname, fsp, flags, mode);
+ }
+
+ if (fsp->fh->fd == -1) {
+ int posix_errno = link_errno_convert(errno);
status = map_nt_error_from_unix(posix_errno);
if (errno == EMFILE) {
static time_t last_warned = 0L;
@@ -639,7 +903,9 @@
bool *file_created)
{
NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
+ NTSTATUS retry_status;
bool file_existed = VALID_STAT(fsp->fsp_name->st);
+ int curr_flags;
*file_created = false;
@@ -671,59 +937,65 @@
* we can never call O_CREAT without O_EXCL. So if
* we think the file existed, try without O_CREAT|O_EXCL.
* If we think the file didn't exist, try with
- * O_CREAT|O_EXCL. Keep bouncing between these two
- * requests until either the file is created, or
- * opened. Either way, we keep going until we get
- * a returnable result (error, or open/create).
+ * O_CREAT|O_EXCL.
+ *
+ * The big problem here is dangling symlinks. Opening
+ * without O_NOFOLLOW means both bad symlink
+ * and missing path return -1, ENOENT from open(). As POSIX
+ * is pathname based it's not possible to tell
+ * the difference between these two cases in a
+ * non-racy way, so change to try only two attempts before
+ * giving up.
+ *
+ * We don't have this problem for the O_NOFOLLOW
+ * case as it just returns NT_STATUS_OBJECT_PATH_NOT_FOUND
+ * mapped from the ELOOP POSIX error.
*/
- while(1) {
- int curr_flags = flags;
+ curr_flags = flags;
- if (file_existed) {
- /* Just try open, do not create. */
- curr_flags &= ~(O_CREAT);
- status = fd_open(conn, fsp, curr_flags, mode);
- if (NT_STATUS_EQUAL(status,
- NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
- /*
- * Someone deleted it in the meantime.
- * Retry with O_EXCL.
- */
- file_existed = false;
- DEBUG(10,("fd_open_atomic: file %s existed. "
- "Retry.\n",
- smb_fname_str_dbg(fsp->fsp_name)));
- continue;
- }
- } else {
- /* Try create exclusively, fail if it exists. */
- curr_flags |= O_EXCL;
- status = fd_open(conn, fsp, curr_flags, mode);
- if (NT_STATUS_EQUAL(status,
- NT_STATUS_OBJECT_NAME_COLLISION)) {
- /*
- * Someone created it in the meantime.
- * Retry without O_CREAT.
- */
- file_existed = true;
- DEBUG(10,("fd_open_atomic: file %s "
- "did not exist. Retry.\n",
- smb_fname_str_dbg(fsp->fsp_name)));
- continue;
- }
- if (NT_STATUS_IS_OK(status)) {
- /*
- * Here we've opened with O_CREAT|O_EXCL
- * and got success. We *know* we created
- * this file.
- */
- *file_created = true;
- }
+ if (file_existed) {
+ curr_flags &= ~(O_CREAT);
+ retry_status = NT_STATUS_OBJECT_NAME_NOT_FOUND;
+ } else {
+ curr_flags |= O_EXCL;
+ retry_status = NT_STATUS_OBJECT_NAME_COLLISION;
+ }
+
+ status = fd_open(conn, fsp, curr_flags, mode);
+ if (NT_STATUS_IS_OK(status)) {
+ if (!file_existed) {
+ *file_created = true;
}
- /* Create is done, or failed. */
- break;
+ return NT_STATUS_OK;
+ }
+ if (!NT_STATUS_EQUAL(status, retry_status)) {
+ return status;
}
+
+ curr_flags = flags;
+
+ /*
+ * Keep file_existed up to date for clarity.
+ */
+ if (NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
+ file_existed = false;
+ curr_flags |= O_EXCL;
+ DBG_DEBUG("file %s did not exist. Retry.\n",
+ smb_fname_str_dbg(fsp->fsp_name));
+ } else {
+ file_existed = true;
+ curr_flags &= ~(O_CREAT);
+ DBG_DEBUG("file %s existed. Retry.\n",
+ smb_fname_str_dbg(fsp->fsp_name));
+ }
+
+ status = fd_open(conn, fsp, curr_flags, mode);
+
+ if (NT_STATUS_IS_OK(status) && (!file_existed)) {
+ *file_created = true;
+ }
+
return status;
}
@@ -2274,6 +2546,12 @@
uint32_t orig_access_mask = access_mask;
uint32_t rejected_share_access;
+ if (access_mask & SEC_MASK_INVALID) {
+ DBG_DEBUG("access_mask [%8x] contains invalid bits\n",
+ access_mask);
+ return NT_STATUS_ACCESS_DENIED;
+ }
+
/*
* Convert GENERIC bits to specific bits.
*/
diff -Nru samba-4.5.4+dfsg/source3/smbd/posix_acls.c samba-4.5.8+dfsg/source3/smbd/posix_acls.c
--- samba-4.5.4+dfsg/source3/smbd/posix_acls.c 2016-08-11 07:51:04.000000000 +0000
+++ samba-4.5.8+dfsg/source3/smbd/posix_acls.c 2017-03-09 09:21:43.000000000 +0000
@@ -2700,9 +2700,9 @@
.attr = ALLOW_ACE,
.trustee = sid,
.unix_ug = unix_ug,
- .owner_type = owner_type,
- .ace_flags = get_pai_flags(pal, ace, is_default_acl)
+ .owner_type = owner_type
};
+ ace->ace_flags = get_pai_flags(pal, ace, is_default_acl);
DLIST_ADD(l_head, ace);
}
diff -Nru samba-4.5.4+dfsg/source3/smbd/proto.h samba-4.5.8+dfsg/source3/smbd/proto.h
--- samba-4.5.4+dfsg/source3/smbd/proto.h 2017-01-17 19:55:44.000000000 +0000
+++ samba-4.5.8+dfsg/source3/smbd/proto.h 2017-03-31 06:25:18.000000000 +0000
@@ -1227,7 +1227,9 @@
SMB_STRUCT_STAT *sbuf, char **talloced);
int vfs_ChDir(connection_struct *conn, const char *path);
char *vfs_GetWd(TALLOC_CTX *ctx, connection_struct *conn);
-NTSTATUS check_reduced_name(connection_struct *conn, const char *fname);
+NTSTATUS check_reduced_name(connection_struct *conn,
+ const char *cwd_name,
+ const char *fname);
NTSTATUS check_reduced_name_with_privilege(connection_struct *conn,
const char *fname,
struct smb_request *smbreq);
diff -Nru samba-4.5.4+dfsg/source3/smbd/service.c samba-4.5.8+dfsg/source3/smbd/service.c
--- samba-4.5.4+dfsg/source3/smbd/service.c 2016-08-11 07:51:04.000000000 +0000
+++ samba-4.5.8+dfsg/source3/smbd/service.c 2017-03-09 09:21:43.000000000 +0000
@@ -31,6 +31,7 @@
#include "lib/param/loadparm.h"
#include "messages.h"
#include "lib/afs/afs_funcs.h"
+#include "lib/util_path.h"
static bool canonicalize_connect_path(connection_struct *conn)
{
@@ -47,118 +48,20 @@
/****************************************************************************
Ensure when setting connectpath it is a canonicalized (no ./ // or ../)
absolute path stating in / and not ending in /.
- Observent people will notice a similarity between this and check_path_syntax :-).
****************************************************************************/
bool set_conn_connectpath(connection_struct *conn, const char *connectpath)
{
char *destname;
- char *d;
- const char *s = connectpath;
- bool start_of_name_component = true;
if (connectpath == NULL || connectpath[0] == '\0') {
return false;
}
- /* Allocate for strlen + '\0' + possible leading '/' */
- destname = (char *)talloc_size(conn, strlen(connectpath) + 2);
- if (!destname) {
+ destname = canonicalize_absolute_path(conn, connectpath);
+ if (destname == NULL) {
return false;
}
- d = destname;
-
- *d++ = '/'; /* Always start with root. */
-
- while (*s) {
- if (*s == '/') {
- /* Eat multiple '/' */
- while (*s == '/') {
- s++;
- }
- if ((d > destname + 1) && (*s != '\0')) {
- *d++ = '/';
- }
- start_of_name_component = True;
- continue;
- }
-
- if (start_of_name_component) {
- if ((s[0] == '.') && (s[1] == '.') && (s[2] == '/' || s[2] == '\0')) {
- /* Uh oh - "/../" or "/..\0" ! */
-
- /* Go past the ../ or .. */
- if (s[2] == '/') {
- s += 3;
- } else {
- s += 2; /* Go past the .. */
- }
-
- /* If we just added a '/' - delete it */
- if ((d > destname) && (*(d-1) == '/')) {
- *(d-1) = '\0';
- d--;
- }
-
- /* Are we at the start ? Can't go back further if so. */
- if (d <= destname) {
- *d++ = '/'; /* Can't delete root */
- continue;
- }
- /* Go back one level... */
- /* Decrement d first as d points to the *next* char to write into. */
- for (d--; d > destname; d--) {
- if (*d == '/') {
- break;
- }
- }
- /* We're still at the start of a name component, just the previous one. */
- continue;
- } else if ((s[0] == '.') && ((s[1] == '\0') || s[1] == '/')) {
- /* Component of pathname can't be "." only - skip the '.' . */
- if (s[1] == '/') {
- s += 2;
- } else {
- s++;
- }
- continue;
- }
- }
-
- if (!(*s & 0x80)) {
- *d++ = *s++;
- } else {
- size_t siz;
- /* Get the size of the next MB character. */
- next_codepoint(s,&siz);
- switch(siz) {
- case 5:
- *d++ = *s++;
- /*fall through*/
- case 4:
- *d++ = *s++;
- /*fall through*/
- case 3:
- *d++ = *s++;
- /*fall through*/
- case 2:
- *d++ = *s++;
- /*fall through*/
- case 1:
- *d++ = *s++;
- break;
- default:
- break;
- }
- }
- start_of_name_component = false;
- }
- *d = '\0';
-
- /* And must not end in '/' */
- if (d > destname + 1 && (*(d-1) == '/')) {
- *(d-1) = '\0';
- }
DEBUG(10,("set_conn_connectpath: service %s, connectpath = %s\n",
lp_servicename(talloc_tos(), SNUM(conn)), destname ));
@@ -623,6 +526,18 @@
conn->short_case_preserve = lp_short_preserve_case(snum);
conn->encrypt_level = lp_smb_encrypt(snum);
+ if (conn->encrypt_level > SMB_SIGNING_OFF) {
+ if (lp_smb_encrypt(-1) == SMB_SIGNING_OFF) {
+ if (conn->encrypt_level == SMB_SIGNING_REQUIRED) {
+ DBG_ERR("Service [%s] requires encryption, but "
+ "it is disabled globally!\n",
+ lp_servicename(talloc_tos(), snum));
+ status = NT_STATUS_ACCESS_DENIED;
+ goto err_root_exit;
+ }
+ conn->encrypt_level = SMB_SIGNING_OFF;
+ }
+ }
conn->veto_list = NULL;
conn->hide_list = NULL;
diff -Nru samba-4.5.4+dfsg/source3/smbd/smb2_negprot.c samba-4.5.8+dfsg/source3/smbd/smb2_negprot.c
--- samba-4.5.4+dfsg/source3/smbd/smb2_negprot.c 2016-08-11 07:51:04.000000000 +0000
+++ samba-4.5.8+dfsg/source3/smbd/smb2_negprot.c 2017-03-09 09:21:43.000000000 +0000
@@ -441,7 +441,7 @@
req->preauth = &req->xconn->smb2.preauth;
}
- if (in_cipher != NULL) {
+ if ((capabilities & SMB2_CAP_ENCRYPTION) && (in_cipher != NULL)) {
size_t needed = 2;
uint16_t cipher_count;
const uint8_t *p;
diff -Nru samba-4.5.4+dfsg/source3/smbd/smb2_query_directory.c samba-4.5.8+dfsg/source3/smbd/smb2_query_directory.c
--- samba-4.5.4+dfsg/source3/smbd/smb2_query_directory.c 2016-08-11 07:51:04.000000000 +0000
+++ samba-4.5.8+dfsg/source3/smbd/smb2_query_directory.c 2017-03-22 09:48:05.000000000 +0000
@@ -24,6 +24,7 @@
#include "../libcli/smb/smb_common.h"
#include "trans2.h"
#include "../lib/util/tevent_ntstatus.h"
+#include "system/filesys.h"
static struct tevent_req *smbd_smb2_query_directory_send(TALLOC_CTX *mem_ctx,
struct tevent_context *ev,
@@ -322,7 +323,23 @@
}
if (in_flags & SMB2_CONTINUE_FLAG_REOPEN) {
+ int flags;
+
dptr_CloseDir(fsp);
+
+ /*
+ * dptr_CloseDir() will close and invalidate the fsp's file
+ * descriptor, we have to reopen it.
+ */
+
+ flags = O_RDONLY;
+#ifdef O_DIRECTORY
+ flags |= O_DIRECTORY;
+#endif
+ status = fd_open(conn, fsp, flags, 0);
+ if (tevent_req_nterror(req, status)) {
+ return tevent_req_post(req, ev);
+ }
}
if (!smbreq->posix_pathnames) {
diff -Nru samba-4.5.4+dfsg/source3/smbd/smb2_server.c samba-4.5.8+dfsg/source3/smbd/smb2_server.c
--- samba-4.5.4+dfsg/source3/smbd/smb2_server.c 2016-08-11 07:51:04.000000000 +0000
+++ samba-4.5.8+dfsg/source3/smbd/smb2_server.c 2017-03-09 09:21:43.000000000 +0000
@@ -3566,6 +3566,7 @@
int ret;
int err;
bool retry;
+ NTSTATUS status;
if (xconn->smb2.send_queue == NULL) {
TEVENT_FD_NOT_WRITEABLE(xconn->transport.fde);
@@ -3577,11 +3578,12 @@
bool ok;
if (e->sendfile_header != NULL) {
- NTSTATUS status = NT_STATUS_INTERNAL_ERROR;
size_t size = 0;
size_t i = 0;
uint8_t *buf;
+ status = NT_STATUS_INTERNAL_ERROR;
+
for (i=0; i < e->count; i++) {
size += e->vector[i].iov_len;
}
@@ -3653,6 +3655,16 @@
talloc_free(e->mem_ctx);
}
+ /*
+ * Restart reads if we were blocked on
+ * draining the send queue.
+ */
+
+ status = smbd_smb2_request_next_incoming(xconn);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+
return NT_STATUS_OK;
}
diff -Nru samba-4.5.4+dfsg/source3/smbd/smb2_tcon.c samba-4.5.8+dfsg/source3/smbd/smb2_tcon.c
--- samba-4.5.4+dfsg/source3/smbd/smb2_tcon.c 2016-08-11 07:51:04.000000000 +0000
+++ samba-4.5.8+dfsg/source3/smbd/smb2_tcon.c 2017-03-09 09:21:43.000000000 +0000
@@ -268,7 +268,8 @@
}
if ((lp_smb_encrypt(snum) >= SMB_SIGNING_DESIRED) &&
- (conn->smb2.client.capabilities & SMB2_CAP_ENCRYPTION)) {
+ (conn->smb2.server.cipher != 0))
+ {
encryption_desired = true;
}
diff -Nru samba-4.5.4+dfsg/source3/smbd/vfs.c samba-4.5.8+dfsg/source3/smbd/vfs.c
--- samba-4.5.4+dfsg/source3/smbd/vfs.c 2016-09-13 08:21:35.000000000 +0000
+++ samba-4.5.8+dfsg/source3/smbd/vfs.c 2017-03-31 06:25:18.000000000 +0000
@@ -1179,11 +1179,20 @@
/*******************************************************************
Reduce a file name, removing .. elements and checking that
it is below dir in the heirachy. This uses realpath.
+
+ If cwd_name == NULL then fname is a client given path relative
+ to the root path of the share.
+
+ If cwd_name != NULL then fname is a client given path relative
+ to cwd_name. cwd_name is relative to the root path of the share.
********************************************************************/
-NTSTATUS check_reduced_name(connection_struct *conn, const char *fname)
+NTSTATUS check_reduced_name(connection_struct *conn,
+ const char *cwd_name,
+ const char *fname)
{
char *resolved_name = NULL;
+ char *new_fname = NULL;
bool allow_symlinks = true;
bool allow_widelinks = false;
@@ -1307,8 +1316,11 @@
/* fname can't have changed in resolved_path. */
const char *p = &resolved_name[rootdir_len];
- /* *p can be '\0' if fname was "." */
- if (*p == '\0' && ISDOT(fname)) {
+ /*
+ * UNIX filesystem semantics, names consisting
+ * only of "." or ".." CANNOT be symlinks.
+ */
+ if (ISDOT(fname) || ISDOTDOT(fname)) {
goto out;
}
@@ -1322,11 +1334,32 @@
}
p++;
+
+ /*
+ * If cwd_name is present and not ".",
+ * then fname is relative to that, not
+ * the root of the share. Make sure the
+ * path we check is the one the client
+ * sent (cwd_name+fname).
+ */
+ if (cwd_name != NULL && !ISDOT(cwd_name)) {
+ new_fname = talloc_asprintf(talloc_tos(),
+ "%s/%s",
+ cwd_name,
+ fname);
+ if (new_fname == NULL) {
+ SAFE_FREE(resolved_name);
+ return NT_STATUS_NO_MEMORY;
+ }
+ fname = new_fname;
+ }
+
if (strcmp(fname, p)!=0) {
DEBUG(2, ("check_reduced_name: Bad access "
"attempt: %s is a symlink to %s\n",
fname, p));
SAFE_FREE(resolved_name);
+ TALLOC_FREE(new_fname);
return NT_STATUS_ACCESS_DENIED;
}
}
@@ -1336,6 +1369,7 @@
DBG_INFO("%s reduced to %s\n", fname, resolved_name);
SAFE_FREE(resolved_name);
+ TALLOC_FREE(new_fname);
return NT_STATUS_OK;
}
diff -Nru samba-4.5.4+dfsg/source3/torture/torture.c samba-4.5.8+dfsg/source3/torture/torture.c
--- samba-4.5.4+dfsg/source3/torture/torture.c 2017-01-17 19:55:44.000000000 +0000
+++ samba-4.5.8+dfsg/source3/torture/torture.c 2017-03-09 09:21:43.000000000 +0000
@@ -9501,6 +9501,106 @@
return success;
}
+/*
+ Test Windows open on a bad POSIX symlink.
+ */
+static bool run_symlink_open_test(int dummy)
+{
+ static struct cli_state *cli;
+ const char *fname = "non_existant_file";
+ const char *sname = "dangling_symlink";
+ uint16_t fnum = (uint16_t)-1;
+ bool correct = false;
+ NTSTATUS status;
+ TALLOC_CTX *frame = NULL;
+
+ frame = talloc_stackframe();
+
+ printf("Starting Windows bad symlink open test\n");
+
+ if (!torture_open_connection(&cli, 0)) {
+ TALLOC_FREE(frame);
+ return false;
+ }
+
+ smbXcli_conn_set_sockopt(cli->conn, sockops);
+
+ status = torture_setup_unix_extensions(cli);
+ if (!NT_STATUS_IS_OK(status)) {
+ TALLOC_FREE(frame);
+ return false;
+ }
+
+ /* Ensure nothing exists. */
+ cli_setatr(cli, fname, 0, 0);
+ cli_posix_unlink(cli, fname);
+ cli_setatr(cli, sname, 0, 0);
+ cli_posix_unlink(cli, sname);
+
+ /* Create a symlink pointing nowhere. */
+ status = cli_posix_symlink(cli, fname, sname);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("cli_posix_symlink of %s -> %s failed (%s)\n",
+ sname,
+ fname,
+ nt_errstr(status));
+ goto out;
+ }
+
+ /* Now ensure that a Windows open doesn't hang. */
+ status = cli_ntcreate(cli,
+ sname,
+ 0,
+ FILE_READ_DATA|FILE_WRITE_DATA,
+ 0,
+ FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE,
+ FILE_OPEN_IF,
+ 0x0,
+ 0x0,
+ &fnum,
+ NULL);
+
+ /*
+ * We get either NT_STATUS_OBJECT_NAME_NOT_FOUND or
+ * NT_STATUS_OBJECT_PATH_NOT_FOUND depending on if
+ * we use O_NOFOLLOW on the server or not.
+ */
+ if (NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND) ||
+ NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_PATH_NOT_FOUND))
+ {
+ correct = true;
+ } else {
+ printf("cli_ntcreate of %s returned %s - should return"
+ " either (%s) or (%s)\n",
+ sname,
+ nt_errstr(status),
+ nt_errstr(NT_STATUS_OBJECT_NAME_NOT_FOUND),
+ nt_errstr(NT_STATUS_OBJECT_PATH_NOT_FOUND));
+ goto out;
+ }
+
+ correct = true;
+
+ out:
+
+ if (fnum != (uint16_t)-1) {
+ cli_close(cli, fnum);
+ fnum = (uint16_t)-1;
+ }
+
+ cli_setatr(cli, sname, 0, 0);
+ cli_posix_unlink(cli, sname);
+ cli_setatr(cli, fname, 0, 0);
+ cli_posix_unlink(cli, fname);
+
+ if (!torture_close_connection(cli)) {
+ correct = false;
+ }
+
+ TALLOC_FREE(frame);
+ return correct;
+}
+
static bool run_local_substitute(int dummy)
{
bool ok = true;
@@ -10878,6 +10978,49 @@
return true;
}
+static bool run_local_canonicalize_path(int dummy)
+{
+ const char *src[] = {
+ "/foo/..",
+ "/..",
+ "/foo/bar/../baz",
+ "/foo/././",
+ "/../foo",
+ ".././././",
+ ".././././../../../boo",
+ "./..",
+ NULL
+ };
+ const char *dst[] = {
+ "/",
+ "/",
+ "/foo/baz",
+ "/foo",
+ "/foo",
+ "/",
+ "/boo",
+ "/",
+ NULL
+ };
+ unsigned int i;
+
+ for (i = 0; src[i] != NULL; i++) {
+ char *d = canonicalize_absolute_path(talloc_tos(), src[i]);
+ if (d == NULL) {
+ perror("talloc fail\n");
+ return false;
+ }
+ if (strcmp(d, dst[i]) != 0) {
+ d_fprintf(stderr,
+ "canonicalize missmatch %s -> %s != %s",
+ src[i], d, dst[i]);
+ return false;
+ }
+ talloc_free(d);
+ }
+ return true;
+}
+
static double create_procs(bool (*fn)(int), bool *result)
{
int i, status;
@@ -11020,6 +11163,7 @@
{"POSIX-SYMLINK-EA", run_ea_symlink_test, 0},
{"POSIX-STREAM-DELETE", run_posix_stream_delete, 0},
{"POSIX-OFD-LOCK", run_posix_ofd_lock_test, 0},
+ {"WINDOWS-BAD-SYMLINK", run_symlink_open_test, 0},
{"CASE-INSENSITIVE-CREATE", run_case_insensitive_create, 0},
{"ASYNC-ECHO", run_async_echo, 0},
{ "UID-REGRESSION-TEST", run_uid_regression_test, 0},
@@ -11112,6 +11256,7 @@
{ "local-tdb-writer", run_local_tdb_writer, 0 },
{ "LOCAL-DBWRAP-CTDB", run_local_dbwrap_ctdb, 0 },
{ "LOCAL-BENCH-PTHREADPOOL", run_bench_pthreadpool, 0 },
+ { "LOCAL-CANONICALIZE-PATH", run_local_canonicalize_path, 0 },
{ "qpathinfo-bufsize", run_qpathinfo_bufsize, 0 },
{NULL, NULL, 0}};
diff -Nru samba-4.5.4+dfsg/source3/utils/net_rpc_trust.c samba-4.5.8+dfsg/source3/utils/net_rpc_trust.c
--- samba-4.5.4+dfsg/source3/utils/net_rpc_trust.c 2016-08-11 07:51:04.000000000 +0000
+++ samba-4.5.8+dfsg/source3/utils/net_rpc_trust.c 2017-03-09 09:21:43.000000000 +0000
@@ -518,9 +518,9 @@
}
DEBUG(0, ("Using random trust password.\n"));
- trust_pw = generate_random_password(mem_ctx,
- DEFAULT_TRUST_ACCOUNT_PASSWORD_LENGTH,
- DEFAULT_TRUST_ACCOUNT_PASSWORD_LENGTH);
+ trust_pw = trust_pw_new_value(mem_ctx,
+ SEC_CHAN_DOMAIN,
+ SEC_DOMAIN);
if (trust_pw == NULL) {
DEBUG(0, ("generate_random_password failed.\n"));
goto done;
diff -Nru samba-4.5.4+dfsg/source3/winbindd/idmap_ad.c samba-4.5.8+dfsg/source3/winbindd/idmap_ad.c
--- samba-4.5.4+dfsg/source3/winbindd/idmap_ad.c 2016-10-24 19:37:30.000000000 +0000
+++ samba-4.5.8+dfsg/source3/winbindd/idmap_ad.c 2017-03-09 09:21:43.000000000 +0000
@@ -22,7 +22,7 @@
#include "idmap.h"
#include "tldap_gensec_bind.h"
#include "tldap_util.h"
-#include "secrets.h"
+#include "passdb.h"
#include "lib/param/param.h"
#include "utils/net.h"
#include "auth/gensec/gensec.h"
@@ -243,7 +243,6 @@
const char *domname,
struct tldap_context **pld)
{
- struct db_context *db_ctx;
struct netr_DsRGetDCNameInfo *dcinfo;
struct sockaddr_storage dcaddr;
struct cli_credentials *creds;
@@ -294,11 +293,19 @@
return NT_STATUS_NO_MEMORY;
}
- creds = cli_credentials_init(dcinfo);
- if (creds == NULL) {
- DBG_DEBUG("cli_credentials_init failed\n");
+ /*
+ * Here we use or own machine account as
+ * we run as domain member.
+ */
+ status = pdb_get_trust_credentials(lp_workgroup(),
+ lp_realm(),
+ dcinfo,
+ &creds);
+ if (!NT_STATUS_IS_OK(status)) {
+ DBG_DEBUG("pdb_get_trust_credentials() failed - %s\n",
+ nt_errstr(status));
TALLOC_FREE(dcinfo);
- return NT_STATUS_NO_MEMORY;
+ return status;
}
lp_ctx = loadparm_init_s3(dcinfo, loadparm_s3_helpers());
@@ -308,23 +315,6 @@
return NT_STATUS_NO_MEMORY;
}
- cli_credentials_set_conf(creds, lp_ctx);
-
- db_ctx = secrets_db_ctx();
- if (db_ctx == NULL) {
- DBG_DEBUG("Failed to open secrets.tdb.\n");
- return NT_STATUS_INTERNAL_ERROR;
- }
-
- status = cli_credentials_set_machine_account_db_ctx(creds, lp_ctx,
- db_ctx);
- if (!NT_STATUS_IS_OK(status)) {
- DBG_DEBUG("cli_credentials_set_machine_account "
- "failed: %s\n", nt_errstr(status));
- TALLOC_FREE(dcinfo);
- return status;
- }
-
rc = tldap_gensec_bind(ld, creds, "ldap", dcinfo->dc_unc, NULL, lp_ctx,
GENSEC_FEATURE_SIGN | GENSEC_FEATURE_SEAL);
if (!TLDAP_RC_IS_SUCCESS(rc)) {
diff -Nru samba-4.5.4+dfsg/source3/winbindd/winbindd_ads.c samba-4.5.8+dfsg/source3/winbindd/winbindd_ads.c
--- samba-4.5.4+dfsg/source3/winbindd/winbindd_ads.c 2016-08-11 07:51:04.000000000 +0000
+++ samba-4.5.8+dfsg/source3/winbindd/winbindd_ads.c 2017-03-09 09:21:43.000000000 +0000
@@ -119,6 +119,8 @@
ads->auth.renewable = renewable;
ads->auth.password = password;
+ ads->auth.flags |= ADS_AUTH_ALLOW_NTLMSSP;
+
ads->auth.realm = SMB_STRDUP(auth_realm);
if (!strupper_m(ads->auth.realm)) {
ads_destroy(&ads);
@@ -1700,6 +1702,14 @@
}
TALLOC_FREE(parent);
+ /*
+ * We need to pass the modified properties
+ * to the caller.
+ */
+ trust->trust_flags = d.domain_flags;
+ trust->trust_type = d.domain_type;
+ trust->trust_attributes = d.domain_trust_attribs;
+
wcache_tdc_add_domain( &d );
ret_count++;
}
diff -Nru samba-4.5.4+dfsg/source3/winbindd/winbindd_cm.c samba-4.5.8+dfsg/source3/winbindd/winbindd_cm.c
--- samba-4.5.4+dfsg/source3/winbindd/winbindd_cm.c 2016-08-11 07:51:04.000000000 +0000
+++ samba-4.5.8+dfsg/source3/winbindd/winbindd_cm.c 2017-03-09 09:21:43.000000000 +0000
@@ -903,7 +903,6 @@
struct cli_credentials *creds;
NTSTATUS status;
bool force_machine_account = false;
- bool ok;
/* If we are a DC and this is not our own domain */
@@ -937,24 +936,7 @@
goto ipc_fallback;
}
- if (domain->primary && lp_security() == SEC_ADS) {
- cli_credentials_set_kerberos_state(creds,
- CRED_AUTO_USE_KERBEROS);
- } else if (domain->active_directory) {
- cli_credentials_set_kerberos_state(creds,
- CRED_MUST_USE_KERBEROS);
- } else {
- cli_credentials_set_kerberos_state(creds,
- CRED_DONT_USE_KERBEROS);
- }
-
- /*
- * When we contact our own domain and get a list of the trusted domain
- * we have the information if we are able to contact the DC with
- * with our machine account password.
- */
- ok = winbindd_can_contact_domain(domain);
- if (!ok) {
+ if (creds_domain != domain) {
/*
* We can only use schannel against a direct trust
*/
@@ -1002,6 +984,8 @@
struct named_mutex *mutex;
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
+ NTSTATUS tmp_status;
+ NTSTATUS tcon_status = NT_STATUS_NETWORK_NAME_DELETED;
enum smb_signing_setting smb_sign_client_connections = lp_client_ipc_signing();
@@ -1103,6 +1087,10 @@
}
}
+ if (cli_credentials_is_anonymous(creds)) {
+ goto anon_fallback;
+ }
+
krb5_state = cli_credentials_get_kerberos_state(creds);
machine_krb5_principal = cli_credentials_get_principal(creds,
@@ -1138,8 +1126,10 @@
goto session_setup_done;
}
- DEBUG(4,("failed kerberos session setup with %s\n",
- nt_errstr(result)));
+ DEBUG(1, ("Failed to use kerberos connecting to %s from %s "
+ "with kerberos principal [%s]\n",
+ controller, lp_netbios_name(),
+ machine_krb5_principal));
}
if (krb5_state != CRED_MUST_USE_KERBEROS) {
@@ -1157,10 +1147,15 @@
machine_password,
strlen(machine_password)+1,
machine_domain);
- }
- if (NT_STATUS_IS_OK(result)) {
- goto session_setup_done;
+ if (NT_STATUS_IS_OK(result)) {
+ goto session_setup_done;
+ }
+
+ DEBUG(1, ("Failed to use NTLMSSP connecting to %s from %s "
+ "with username [%s]\\[%s]\n",
+ controller, lp_netbios_name(),
+ machine_domain, machine_account));
}
/*
@@ -1174,10 +1169,6 @@
|| NT_STATUS_EQUAL(result, NT_STATUS_NO_LOGON_SERVERS)
|| NT_STATUS_EQUAL(result, NT_STATUS_LOGON_FAILURE))
{
- if (cli_credentials_is_anonymous(creds)) {
- goto done;
- }
-
if (!cm_is_ipc_credentials(creds)) {
goto ipc_fallback;
}
@@ -1189,19 +1180,22 @@
goto anon_fallback;
}
- DEBUG(4, ("authenticated session setup failed with %s\n",
- nt_errstr(result)));
+ DEBUG(1, ("authenticated session setup to %s using %s failed with %s\n",
+ controller,
+ cli_credentials_get_unparsed_name(creds, talloc_tos()),
+ nt_errstr(result)));
goto done;
ipc_fallback:
- result = cm_get_ipc_credentials(talloc_tos(), &creds);
- if (!NT_STATUS_IS_OK(result)) {
+ TALLOC_FREE(creds);
+ tmp_status = cm_get_ipc_credentials(talloc_tos(), &creds);
+ if (!NT_STATUS_IS_OK(tmp_status)) {
+ result = tmp_status;
goto done;
}
if (cli_credentials_is_anonymous(creds)) {
- TALLOC_FREE(creds);
goto anon_fallback;
}
@@ -1228,6 +1222,11 @@
goto session_setup_done;
}
+ DEBUG(1, ("Failed to use NTLMSSP connecting to %s from %s "
+ "with username "
+ "[%s]\\[%s]\n", controller, lp_netbios_name(),
+ machine_domain, machine_account));
+
/*
* If we are not going to validiate the conneciton
* with SMB signing, then allow us to fall back to
@@ -1242,19 +1241,22 @@
goto anon_fallback;
}
- DEBUG(4, ("authenticated session setup failed with %s\n",
- nt_errstr(result)));
+ DEBUG(1, ("authenticated session setup to %s using %s failed with %s\n",
+ controller,
+ cli_credentials_get_unparsed_name(creds, talloc_tos()),
+ nt_errstr(result)));
goto done;
anon_fallback:
+ TALLOC_FREE(creds);
if (smb_sign_client_connections == SMB_SIGNING_REQUIRED) {
goto done;
}
/* Fall back to anonymous connection, this might fail later */
- DEBUG(10,("cm_prepare_connection: falling back to anonymous "
+ DEBUG(5,("cm_prepare_connection: falling back to anonymous "
"connection for DC %s\n",
controller ));
@@ -1266,6 +1268,9 @@
goto session_setup_done;
}
+ DEBUG(1, ("anonymous session setup to %s failed with %s\n",
+ controller, nt_errstr(result)));
+
/* We can't session setup */
goto done;
@@ -1283,11 +1288,11 @@
}
result = cli_tree_connect(*cli, "IPC$", "IPC", "", 0);
-
if (!NT_STATUS_IS_OK(result)) {
DEBUG(1,("failed tcon_X with %s\n", nt_errstr(result)));
goto done;
}
+ tcon_status = result;
/* cache the server name for later connections */
@@ -1306,7 +1311,13 @@
done:
TALLOC_FREE(mutex);
+ if (NT_STATUS_IS_OK(result)) {
+ result = tcon_status;
+ }
+
if (!NT_STATUS_IS_OK(result)) {
+ DEBUG(1, ("Failed to prepare SMB connection to %s: %s\n",
+ controller, nt_errstr(result)));
winbind_add_failed_connection_entry(domain, controller, result);
if ((*cli) != NULL) {
cli_shutdown(*cli);
@@ -3293,9 +3304,28 @@
sec_chan_type = cli_credentials_get_secure_channel_type(creds);
if (sec_chan_type == SEC_CHAN_NULL) {
- DBG_WARNING("get_secure_channel_type gave SEC_CHAN_NULL for %s\n",
- domain->name);
- return NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
+ if (transport == NCACN_IP_TCP) {
+ DBG_NOTICE("get_secure_channel_type gave SEC_CHAN_NULL for %s, "
+ " deny NCACN_IP_TCP and let the caller fallback to NCACN_NP.\n",
+ domain->name);
+ return NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
+ }
+
+ DBG_NOTICE("get_secure_channel_type gave SEC_CHAN_NULL for %s, "
+ "fallback to noauth on NCACN_NP.\n",
+ domain->name);
+
+ result = cli_rpc_pipe_open_noauth_transport(conn->cli,
+ transport,
+ &ndr_table_netlogon,
+ &conn->netlogon_pipe);
+ if (!NT_STATUS_IS_OK(result)) {
+ invalidate_cm_connection(domain);
+ return result;
+ }
+
+ *cli = conn->netlogon_pipe;
+ return NT_STATUS_OK;
}
result = rpccli_create_netlogon_creds_with_creds(creds,
@@ -3334,11 +3364,6 @@
conn->netlogon_flags = netlogon_creds->negotiate_flags;
TALLOC_FREE(netlogon_creds);
- /*
- * FIXME: Document in which case we are not able to contact
- * a DC without schannel. Which information do we try to get
- * from this DC?
- */
if (!(conn->netlogon_flags & NETLOGON_NEG_AUTHENTICATED_RPC)) {
if (lp_winbind_sealed_pipes() || lp_require_strong_key()) {
result = NT_STATUS_DOWNGRADE_DETECTED;
diff -Nru samba-4.5.4+dfsg/source3/winbindd/winbindd_util.c samba-4.5.8+dfsg/source3/winbindd/winbindd_util.c
--- samba-4.5.4+dfsg/source3/winbindd/winbindd_util.c 2016-10-24 19:37:30.000000000 +0000
+++ samba-4.5.8+dfsg/source3/winbindd/winbindd_util.c 2017-03-09 09:21:43.000000000 +0000
@@ -345,6 +345,20 @@
char *p;
struct winbindd_tdc_domain trust_params = {0};
ptrdiff_t extra_len;
+ bool within_forest = false;
+
+ /*
+ * Only when we enumerate our primary domain
+ * or our forest root domain, we should keep
+ * the NETR_TRUST_FLAG_IN_FOREST flag, in
+ * all other cases we need to clear it as the domain
+ * is not part of our forest.
+ */
+ if (state->domain->primary) {
+ within_forest = true;
+ } else if (domain_is_forest_root(state->domain)) {
+ within_forest = true;
+ }
res = wb_domain_request_recv(req, state, &response, &err);
if ((res == -1) || (response->result != WINBINDD_OK)) {
@@ -430,6 +444,14 @@
trust_params.trust_attribs = (uint32_t)strtoul(q, NULL, 10);
+ if (!within_forest) {
+ trust_params.trust_flags &= ~NETR_TRUST_FLAG_IN_FOREST;
+ }
+
+ if (!state->domain->primary) {
+ trust_params.trust_flags &= ~NETR_TRUST_FLAG_PRIMARY;
+ }
+
/*
* We always call add_trusted_domain() cause on an existing
* domain structure, it will update the SID if necessary.
diff -Nru samba-4.5.4+dfsg/source3/wscript_build samba-4.5.8+dfsg/source3/wscript_build
--- samba-4.5.4+dfsg/source3/wscript_build 2016-10-24 19:37:30.000000000 +0000
+++ samba-4.5.8+dfsg/source3/wscript_build 2017-03-09 09:21:43.000000000 +0000
@@ -455,7 +455,7 @@
libads/ldap_schema.c
libads/util.c
libads/ndr.c''',
- deps='cli-ldap-common krb5samba ldap lber KRBCLIENT param LIBNMB libsmb DCUTIL smbldap',
+ deps='cli-ldap-common krb5samba ldap lber KRBCLIENT param LIBNMB libsmb DCUTIL smbldap trusts_util',
private_library=True)
bld.SAMBA3_SUBSYSTEM('LIBADS_SERVER',
diff -Nru samba-4.5.4+dfsg/source4/dsdb/samdb/ldb_modules/password_hash.c samba-4.5.8+dfsg/source4/dsdb/samdb/ldb_modules/password_hash.c
--- samba-4.5.4+dfsg/source4/dsdb/samdb/ldb_modules/password_hash.c 2016-08-11 07:51:04.000000000 +0000
+++ samba-4.5.8+dfsg/source4/dsdb/samdb/ldb_modules/password_hash.c 2017-03-09 09:21:43.000000000 +0000
@@ -35,6 +35,7 @@
#include "includes.h"
#include "ldb_module.h"
#include "libcli/auth/libcli_auth.h"
+#include "libcli/security/dom_sid.h"
#include "system/kerberos.h"
#include "auth/kerberos/kerberos.h"
#include "dsdb/samdb/samdb.h"
@@ -125,6 +126,7 @@
const char *sAMAccountName;
const char *user_principal_name;
bool is_computer;
+ bool is_krbtgt;
uint32_t restrictions;
} u;
@@ -2793,6 +2795,8 @@
ldb_get_opaque(ldb, "loadparm"), struct loadparm_context);
int ret;
const struct ldb_message *info_msg = NULL;
+ struct dom_sid *account_sid = NULL;
+ int rodc_krbtgt = 0;
ZERO_STRUCTP(io);
@@ -2837,6 +2841,26 @@
"userPrincipalName", NULL);
io->u.is_computer = ldb_msg_check_string_attribute(info_msg, "objectClass", "computer");
+ /* Ensure it has an objectSID too */
+ account_sid = samdb_result_dom_sid(ac, info_msg, "objectSid");
+ if (account_sid != NULL) {
+ NTSTATUS status;
+ uint32_t rid = 0;
+
+ status = dom_sid_split_rid(account_sid, account_sid, NULL, &rid);
+ if (NT_STATUS_IS_OK(status)) {
+ if (rid == DOMAIN_RID_KRBTGT) {
+ io->u.is_krbtgt = true;
+ }
+ }
+ }
+
+ rodc_krbtgt = ldb_msg_find_attr_as_int(info_msg,
+ "msDS-SecondaryKrbTgtNumber", 0);
+ if (rodc_krbtgt != 0) {
+ io->u.is_krbtgt = true;
+ }
+
if (io->u.sAMAccountName == NULL) {
ldb_asprintf_errstring(ldb,
"setup_io: sAMAccountName attribute is missing on %s for attempted password set/change",
@@ -2867,6 +2891,12 @@
& (UF_INTERDOMAIN_TRUST_ACCOUNT | UF_WORKSTATION_TRUST_ACCOUNT
| UF_SERVER_TRUST_ACCOUNT));
+ if (io->u.is_krbtgt) {
+ io->u.restrictions = 0;
+ io->ac->status->domain_data.pwdHistoryLength =
+ MAX(io->ac->status->domain_data.pwdHistoryLength, 3);
+ }
+
if (ac->userPassword) {
ret = msg_find_old_and_new_pwd_val(client_msg, "userPassword",
ac->req->operation,
@@ -3172,6 +3202,59 @@
return ldb_operr(ldb);
}
+ if (io->u.is_krbtgt) {
+ size_t min = 196;
+ size_t max = 255;
+ size_t diff = max - min;
+ size_t len = max;
+ struct ldb_val *krbtgt_utf16 = NULL;
+
+ if (!ac->pwd_reset) {
+ return dsdb_module_werror(ac->module,
+ LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS,
+ WERR_DS_ATT_ALREADY_EXISTS,
+ "Password change on krbtgt not permitted!");
+ }
+
+ if (io->n.cleartext_utf16 == NULL) {
+ return dsdb_module_werror(ac->module,
+ LDB_ERR_UNWILLING_TO_PERFORM,
+ WERR_DS_INVALID_ATTRIBUTE_SYNTAX,
+ "Password reset on krbtgt requires UTF16!");
+ }
+
+ /*
+ * Instead of taking the callers value,
+ * we just generate a new random value here.
+ *
+ * Include null termination in the array.
+ */
+ if (diff > 0) {
+ size_t tmp;
+
+ generate_random_buffer((uint8_t *)&tmp, sizeof(tmp));
+
+ tmp %= diff;
+
+ len = min + tmp;
+ }
+
+ krbtgt_utf16 = talloc_zero(io->ac, struct ldb_val);
+ if (krbtgt_utf16 == NULL) {
+ return ldb_oom(ldb);
+ }
+
+ *krbtgt_utf16 = data_blob_talloc_zero(krbtgt_utf16,
+ (len+1)*2);
+ if (krbtgt_utf16->data == NULL) {
+ return ldb_oom(ldb);
+ }
+ krbtgt_utf16->length = len * 2;
+ generate_secret_buffer(krbtgt_utf16->data,
+ krbtgt_utf16->length);
+ io->n.cleartext_utf16 = krbtgt_utf16;
+ }
+
if (existing_msg != NULL) {
NTSTATUS status;
@@ -4055,6 +4138,7 @@
"badPasswordTime",
"badPwdCount",
"lockoutTime",
+ "msDS-SecondaryKrbTgtNumber",
NULL };
struct ldb_request *search_req;
int ret;
diff -Nru samba-4.5.4+dfsg/source4/dsdb/samdb/ldb_modules/repl_meta_data.c samba-4.5.8+dfsg/source4/dsdb/samdb/ldb_modules/repl_meta_data.c
--- samba-4.5.4+dfsg/source4/dsdb/samdb/ldb_modules/repl_meta_data.c 2016-10-24 19:37:30.000000000 +0000
+++ samba-4.5.8+dfsg/source4/dsdb/samdb/ldb_modules/repl_meta_data.c 2017-03-09 09:21:43.000000000 +0000
@@ -1446,15 +1446,21 @@
NTTIME now,
bool is_schema_nc)
{
+ const char *rdn_name = ldb_dn_get_rdn_name(msg->dn);
+ const struct dsdb_attribute *rdn_attr =
+ dsdb_attribute_by_lDAPDisplayName(ar->schema, rdn_name);
+ const char *attr_name = rdn_attr != NULL ?
+ rdn_attr->lDAPDisplayName :
+ rdn_name;
struct ldb_message_element new_el = {
.flags = LDB_FLAG_MOD_REPLACE,
- .name = ldb_dn_get_rdn_name(msg->dn),
+ .name = attr_name,
.num_values = 1,
.values = discard_const_p(struct ldb_val, rdn_new)
};
struct ldb_message_element old_el = {
.flags = LDB_FLAG_MOD_REPLACE,
- .name = ldb_dn_get_rdn_name(msg->dn),
+ .name = attr_name,
.num_values = rdn_old ? 1 : 0,
.values = discard_const_p(struct ldb_val, rdn_old)
};
diff -Nru samba-4.5.4+dfsg/source4/dsdb/samdb/ldb_modules/samba_dsdb.c samba-4.5.8+dfsg/source4/dsdb/samdb/ldb_modules/samba_dsdb.c
--- samba-4.5.4+dfsg/source4/dsdb/samdb/ldb_modules/samba_dsdb.c 2016-08-11 07:51:04.000000000 +0000
+++ samba-4.5.8+dfsg/source4/dsdb/samdb/ldb_modules/samba_dsdb.c 2017-03-09 09:21:43.000000000 +0000
@@ -231,7 +231,7 @@
static int samba_dsdb_init(struct ldb_module *module)
{
struct ldb_context *ldb = ldb_module_get_ctx(module);
- int ret, len, i;
+ int ret, len, i, j;
TALLOC_CTX *tmp_ctx = talloc_new(module);
struct ldb_result *res;
struct ldb_message *rootdse_msg = NULL, *partition_msg;
@@ -317,11 +317,15 @@
static const char *openldap_backend_modules[] = {
"dsdb_flags_ignore", "entryuuid", "simple_dn", NULL };
- static const char *samba_dsdb_attrs[] = { "backendType", NULL };
+ static const char *samba_dsdb_attrs[] = { "backendType",
+ SAMBA_COMPATIBLE_FEATURES_ATTR,
+ SAMBA_REQUIRED_FEATURES_ATTR, NULL };
static const char *partition_attrs[] = { "ldapBackend", NULL };
const char *backendType, *backendUrl;
bool use_sasl_external = false;
+ const char *current_supportedFeatures[] = {};
+
if (!tmp_ctx) {
return ldb_oom(ldb);
}
@@ -357,7 +361,77 @@
if (ret == LDB_ERR_NO_SUCH_OBJECT) {
backendType = "ldb";
} else if (ret == LDB_SUCCESS) {
+ struct ldb_message_element *requiredFeatures;
+ struct ldb_message_element *old_compatibleFeatures;
+
backendType = ldb_msg_find_attr_as_string(res->msgs[0], "backendType", "ldb");
+
+ requiredFeatures = ldb_msg_find_element(res->msgs[0], SAMBA_REQUIRED_FEATURES_ATTR);
+ if (requiredFeatures != NULL) {
+ ldb_set_errstring(ldb, "This Samba database was created with "
+ "a newer Samba version and is marked with "
+ "requiredFeatures in @SAMBA_DSDB. "
+ "This database can not safely be read by this Samba version");
+ return LDB_ERR_OPERATIONS_ERROR;
+ }
+
+ old_compatibleFeatures = ldb_msg_find_element(res->msgs[0],
+ SAMBA_COMPATIBLE_FEATURES_ATTR);
+
+ if (old_compatibleFeatures) {
+ struct ldb_message *features_msg;
+ struct ldb_message_element *features_el;
+
+ features_msg = ldb_msg_new(res);
+ if (features_msg == NULL) {
+ return ldb_module_operr(module);
+ }
+ features_msg->dn = samba_dsdb_dn;
+
+ ldb_msg_add_empty(features_msg, SAMBA_COMPATIBLE_FEATURES_ATTR,
+ LDB_FLAG_MOD_DELETE, &features_el);
+
+ for (i = 0;
+ old_compatibleFeatures && i < old_compatibleFeatures->num_values;
+ i++) {
+ for (j = 0;
+ j < ARRAY_SIZE(current_supportedFeatures); j++) {
+ if (strcmp((char *)old_compatibleFeatures->values[i].data,
+ current_supportedFeatures[j]) == 0) {
+ break;
+ }
+ }
+ if (j == ARRAY_SIZE(current_supportedFeatures)) {
+ /*
+ * Add to list of features to remove
+ * (rather than all features)
+ */
+ ret = ldb_msg_add_value(features_msg, SAMBA_COMPATIBLE_FEATURES_ATTR,
+ &old_compatibleFeatures->values[i],
+ NULL);
+ if (ret != LDB_SUCCESS) {
+ return ret;
+ }
+ }
+ }
+ if (features_el->num_values > 0) {
+ /* Delete by list */
+ ret = ldb_next_start_trans(module);
+ if (ret != LDB_SUCCESS) {
+ return ret;
+ }
+ ret = dsdb_module_modify(module, features_msg, DSDB_FLAG_NEXT_MODULE, NULL);
+ if (ret != LDB_SUCCESS) {
+ ldb_next_del_trans(module);
+ return ret;
+ }
+ ret = ldb_next_end_trans(module);
+ if (ret != LDB_SUCCESS) {
+ return ret;
+ }
+ }
+ }
+
} else {
talloc_free(tmp_ctx);
return ret;
diff -Nru samba-4.5.4+dfsg/source4/dsdb/samdb/ldb_modules/samldb.c samba-4.5.8+dfsg/source4/dsdb/samdb/ldb_modules/samldb.c
--- samba-4.5.4+dfsg/source4/dsdb/samdb/ldb_modules/samldb.c 2016-12-05 08:18:44.000000000 +0000
+++ samba-4.5.8+dfsg/source4/dsdb/samdb/ldb_modules/samldb.c 2017-03-09 09:21:43.000000000 +0000
@@ -386,7 +386,6 @@
struct ldb_context *ldb = ldb_module_get_ctx(ac->module);
uint32_t krbtgt_number, i_start, i;
int ret;
- char *newpass;
struct ldb_val newpass_utf16;
/* find a unused msDC-SecondaryKrbTgtNumber */
@@ -432,21 +431,17 @@
return ldb_operr(ldb);
}
- newpass = generate_random_password(ac->msg, 128, 255);
- if (newpass == NULL) {
- return ldb_operr(ldb);
- }
-
- if (!convert_string_talloc(ac,
- CH_UNIX, CH_UTF16,
- newpass, strlen(newpass),
- (void *)&newpass_utf16.data,
- &newpass_utf16.length)) {
- ldb_asprintf_errstring(ldb,
- "samldb_rodc_add: "
- "failed to generate UTF16 password from random password");
- return LDB_ERR_OPERATIONS_ERROR;
- }
+ newpass_utf16 = data_blob_talloc_zero(ac->module, 256);
+ if (newpass_utf16.data == NULL) {
+ return ldb_oom(ldb);
+ }
+ /*
+ * Note that the password_hash module will ignore
+ * this value and use it's own generate_secret_buffer()
+ * that's why we can just use generate_random_buffer()
+ * here.
+ */
+ generate_random_buffer(newpass_utf16.data, newpass_utf16.length);
ret = ldb_msg_add_steal_value(ac->msg, "clearTextPassword", &newpass_utf16);
if (ret != LDB_SUCCESS) {
return ldb_operr(ldb);
diff -Nru samba-4.5.4+dfsg/source4/dsdb/samdb/samdb.h samba-4.5.8+dfsg/source4/dsdb/samdb/samdb.h
--- samba-4.5.4+dfsg/source4/dsdb/samdb/samdb.h 2016-12-05 08:18:44.000000000 +0000
+++ samba-4.5.8+dfsg/source4/dsdb/samdb/samdb.h 2017-03-09 09:21:43.000000000 +0000
@@ -314,4 +314,6 @@
*/
#define DSDB_FLAG_INTERNAL_FORCE_META_DATA 0x10000
+#define SAMBA_COMPATIBLE_FEATURES_ATTR "compatibleFeatures"
+#define SAMBA_REQUIRED_FEATURES_ATTR "requiredFeatures"
#endif /* __SAMDB_H__ */
diff -Nru samba-4.5.4+dfsg/source4/ldap_server/ldap_bind.c samba-4.5.8+dfsg/source4/ldap_server/ldap_bind.c
--- samba-4.5.4+dfsg/source4/ldap_server/ldap_bind.c 2016-08-11 07:51:05.000000000 +0000
+++ samba-4.5.8+dfsg/source4/ldap_server/ldap_bind.c 2017-03-09 09:21:43.000000000 +0000
@@ -29,6 +29,37 @@
#include "param/param.h"
#include "../lib/util/tevent_ntstatus.h"
+static char *ldapsrv_bind_error_msg(TALLOC_CTX *mem_ctx,
+ HRESULT hresult,
+ uint32_t DSID,
+ NTSTATUS status)
+{
+ WERROR werr;
+ char *msg = NULL;
+
+ status = nt_status_squash(status);
+ werr = ntstatus_to_werror(status);
+
+ /*
+ * There are 4 lower case hex digits following 'v' at the end,
+ * but different Windows Versions return different values:
+ *
+ * Windows 2008R2 uses 'v1db1'
+ * Windows 2012R2 uses 'v2580'
+ *
+ * We just match Windows 2008R2 as that's what was referenced
+ * in https://bugzilla.samba.org/show_bug.cgi?id=9048
+ */
+ msg = talloc_asprintf(mem_ctx, "%08X: LdapErr: DSID-%08X, comment: "
+ "AcceptSecurityContext error, data %x, v1db1",
+ (unsigned)HRES_ERROR_V(hresult),
+ (unsigned)DSID,
+ (unsigned)W_ERROR_V(werr));
+
+ return msg;
+}
+
+
static NTSTATUS ldapsrv_BindSimple(struct ldapsrv_call *call)
{
struct ldap_BindRequest *req = &call->request->r.BindRequest;
@@ -95,7 +126,8 @@
status = nt_status_squash(status);
result = LDAP_INVALID_CREDENTIALS;
- errstr = talloc_asprintf(reply, "Simple Bind Failed: %s", nt_errstr(status));
+ errstr = ldapsrv_bind_error_msg(reply, HRES_SEC_E_INVALID_TOKEN,
+ 0x0C0903A9, status);
}
do_reply:
@@ -346,7 +378,8 @@
status = nt_status_squash(status);
if (result == 0) {
result = LDAP_INVALID_CREDENTIALS;
- errstr = talloc_asprintf(reply, "SASL:[%s]: %s", req->creds.SASL.mechanism, nt_errstr(status));
+ errstr = ldapsrv_bind_error_msg(reply, HRES_SEC_E_LOGON_DENIED,
+ 0x0C0904DC, status);
}
talloc_unlink(conn, conn->gensec);
conn->gensec = NULL;
diff -Nru samba-4.5.4+dfsg/source4/libcli/raw/smb.h samba-4.5.8+dfsg/source4/libcli/raw/smb.h
--- samba-4.5.4+dfsg/source4/libcli/raw/smb.h 2016-08-11 07:51:05.000000000 +0000
+++ samba-4.5.8+dfsg/source4/libcli/raw/smb.h 2017-03-09 09:21:43.000000000 +0000
@@ -297,13 +297,6 @@
#define UID_FIELD_INVALID 0
-/* The maximum length of a trust account password.
- Used when we randomly create it, 15 char passwords
- exceed NT4's max password length */
-
-#define DEFAULT_TRUST_ACCOUNT_PASSWORD_LENGTH 14
-
-
/*
filesystem attribute bits
*/
diff -Nru samba-4.5.4+dfsg/source4/libnet/libnet_vampire.c samba-4.5.8+dfsg/source4/libnet/libnet_vampire.c
--- samba-4.5.4+dfsg/source4/libnet/libnet_vampire.c 2016-12-05 08:18:44.000000000 +0000
+++ samba-4.5.8+dfsg/source4/libnet/libnet_vampire.c 2017-03-09 09:21:43.000000000 +0000
@@ -160,7 +160,7 @@
settings.realm = s->realm;
settings.domain = s->domain_name;
settings.server_dn_str = p->dest_dsa->server_dn_str;
- settings.machine_password = generate_random_password(s, 16, 255);
+ settings.machine_password = generate_random_machine_password(s, 128, 255);
settings.targetdir = s->targetdir;
settings.use_ntvfs = true;
status = provision_bare(s, s->lp_ctx, &settings, &result);
diff -Nru samba-4.5.4+dfsg/source4/scripting/bin/renamedc samba-4.5.8+dfsg/source4/scripting/bin/renamedc
--- samba-4.5.4+dfsg/source4/scripting/bin/renamedc 2016-08-11 07:51:05.000000000 +0000
+++ samba-4.5.8+dfsg/source4/scripting/bin/renamedc 2017-03-09 09:21:43.000000000 +0000
@@ -95,7 +95,7 @@
# Then change password and samaccountname and dnshostname
msg = ldb.Message(newdn)
- machinepass = samba.generate_random_password(128, 255)
+ machinepass = samba.generate_random_machine_password(128, 255)
mputf16 = machinepass.encode('utf-16-le')
account = "%s$" % opts.newname.upper()
diff -Nru samba-4.5.4+dfsg/source4/selftest/tests.py samba-4.5.8+dfsg/source4/selftest/tests.py
--- samba-4.5.4+dfsg/source4/selftest/tests.py 2016-12-05 08:18:44.000000000 +0000
+++ samba-4.5.8+dfsg/source4/selftest/tests.py 2017-03-09 09:21:43.000000000 +0000
@@ -625,6 +625,11 @@
plantestsuite("samba4.blackbox.samba3dump", "none", [os.path.join(samba4srcdir, "selftest/test_samba3dump.sh")])
plantestsuite("samba4.blackbox.upgrade", "none", ["PYTHON=%s" % python, os.path.join(samba4srcdir, "setup/tests/blackbox_s3upgrade.sh"), '$PREFIX/provision'])
plantestsuite("samba4.blackbox.provision.py", "none", ["PYTHON=%s" % python, os.path.join(samba4srcdir, "setup/tests/blackbox_provision.sh"), '$PREFIX/provision'])
+plantestsuite("samba4.blackbox.supported_features", "none",
+ ["PYTHON=%s" % python,
+ os.path.join(samba4srcdir,
+ "setup/tests/blackbox_supported_features.sh"),
+ '$PREFIX/provision'])
plantestsuite("samba4.blackbox.upgradeprovision.current", "none", ["PYTHON=%s" % python, os.path.join(samba4srcdir, "setup/tests/blackbox_upgradeprovision.sh"), '$PREFIX/provision'])
plantestsuite("samba4.blackbox.setpassword.py", "none", ["PYTHON=%s" % python, os.path.join(samba4srcdir, "setup/tests/blackbox_setpassword.sh"), '$PREFIX/provision'])
plantestsuite("samba4.blackbox.newuser.py", "none", ["PYTHON=%s" % python, os.path.join(samba4srcdir, "setup/tests/blackbox_newuser.sh"), '$PREFIX/provision'])
diff -Nru samba-4.5.4+dfsg/source4/setup/tests/blackbox_supported_features.sh samba-4.5.8+dfsg/source4/setup/tests/blackbox_supported_features.sh
--- samba-4.5.4+dfsg/source4/setup/tests/blackbox_supported_features.sh 1970-01-01 00:00:00.000000000 +0000
+++ samba-4.5.8+dfsg/source4/setup/tests/blackbox_supported_features.sh 2017-03-09 09:21:43.000000000 +0000
@@ -0,0 +1,86 @@
+#!/bin/sh
+
+if [ $# -lt 1 ]; then
+cat <
+ * BUG 12721: Fix regression with "follow symlinks = no".
+
+
+#######################################
+Reporting bugs & Development Discussion
+#######################################
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical IRC channel on irc.freenode.net.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored. All bug reports should
+be filed under the Samba 4.1 and newer product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+======================================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+======================================================================
+
+
+Release notes for older releases follow:
+----------------------------------------
+
+ =============================
+ Release Notes for Samba 4.5.7
+ March 23, 2017
+ =============================
+
+
+This is a security release in order to address the following defect:
+
+o CVE-2017-2619 (Symlink race allows access outside share definition)
+
+=======
+Details
+=======
+
+o CVE-2017-2619:
+ All versions of Samba prior to 4.6.1, 4.5.7, 4.4.11 are vulnerable to
+ a malicious client using a symlink race to allow access to areas of
+ the server file system not exported under the share definition.
+
+ Samba uses the realpath() system call to ensure when a client requests
+ access to a pathname that it is under the exported share path on the
+ server file system.
+
+ Clients that have write access to the exported part of the file system
+ via SMB1 unix extensions or NFS to create symlinks can race the server
+ by renaming a realpath() checked path and then creating a symlink. If
+ the client wins the race it can cause the server to access the new
+ symlink target after the exported share path check has been done. This
+ new symlink target can point to anywhere on the server file system.
+
+ This is a difficult race to win, but theoretically possible. Note that
+ the proof of concept code supplied wins the race reliably only when
+ the server is slowed down using the strace utility running on the
+ server. Exploitation of this bug has not been seen in the wild.
+
+
+Changes since 4.5.6:
+--------------------
+
+o Jeremy Allison
+ * BUG 12496: CVE-2017-2619: Symlink race permits opening files outside share
+ directory.
+
+o Ralph Boehme
+ * BUG 12496: CVE-2017-2619: Symlink race permits opening files outside share
+ directory.
+
+
+#######################################
+Reporting bugs & Development Discussion
+#######################################
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical IRC channel on irc.freenode.net.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored. All bug reports should
+be filed under the Samba 4.1 and newer product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+======================================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+======================================================================
+
+
+----------------------------------------------------------------------
+
+
+ =============================
+ Release Notes for Samba 4.5.6
+ March 9, 2017
+ =============================
+
+
+This is the latest stable release of the Samba 4.5 release series.
+
+
+Changes since 4.5.5:
+--------------------
+
+o Jeremy Allison
+ * BUG 12499: s3: vfs: dirsort doesn't handle opendir of "." correctly.
+ * BUG 12531: vfs_shadow_copy2 doesn't cope with server changing directories.
+ * BUG 12546: vfs_streams_xattr doesn't cope with server changing directories.
+ * BUG 12572: s3: smbd: Don't loop infinitely on bad-symlink resolution.
+ * BUG 12608: s3: smbd: Restart reading the incoming SMB2 fd when the send
+ queue is drained.
+
+o Andrew Bartlett
+ * BUG 12573: Samba < 4.7 does not know about compatibleFeatures and
+ requiredFeatures.
+
+o Ralph Boehme
+ * BUG 12184: s3/rpc_server: Shared rpc modules loading.
+ * BUG 12427: vfs_fruit doesn't work with fruit:metadata=stream.
+ * BUG 12520: Ensure global "smb encrypt = off" is effective.
+ * BUG 12524: s3/rpc_server: move rpc_modules.c to its own subsystem.
+ * BUG 12536: s3/smbd: check for invalid access_mask
+ smbd_calculate_access_mask().
+ * BUG 12541: vfs_fruit: checks wrong AAPL config state and so always uses
+ readdirattr.
+ * BUG 12545: s3/rpc_server/mdssvc: add attribute "kMDItemContentType".
+ * BUG 12591: vfs_streams_xattr: use fsp, not base_fsp.
+ * BUG 12604: vfs_fruit: Enabling AAPL extensions must be a global switch.
+
+o Amitay Isaacs
+ * BUG 12469: ctdb-tests: Use replace headers instead of system headers.
+ * BUG 12547: ctdb-build: Install CTDB tests correctly from toplevel.
+ * BUG 12580: ctdb-common: Fix use-after-free error in comm_fd_handler().
+
+o Volker Lendecke
+ * BUG 12551: smbd: Fix "map acl inherit" = yes.
+
+o Stefan Metzmacher
+ * BUG 9048: s4:ldap_server: Match Windows in the error messages of failing
+ LDAP Bind requests.
+ * BUG 11830: s3:winbindd: Try a NETLOGON connection with noauth over NCACN_NP
+ against trusted domains.
+ * BUG 12262: 'net ads testjoin' and smb access fails after winbindd changed the
+ trust password.
+ * BUG 12399: s4:repl_meta_data: Normalize rdn attribute name via the schema.
+ * BUG 12540: s3:smbd: Allow "server min protocol = SMB3_00" to go via "SMB
+ 2.???" negprot.
+ * BUG 12581: smbclient fails on bad endianess when listing shares from
+ Solaris kernel SMB server on SPARC.
+ * BUG 12585: librpc/rpc: fix regression in
+ NT_STATUS_RPC_ENUM_VALUE_OUT_OF_RANGE error mapping.
+ * BUG 12586: libcli/auth: Use the correct creds value against servers without
+ LogonSamLogonEx.
+ * BUG 12587: winbindd child segfaults on connect to an NT4 domain.
+ * BUG 12588: cm_prepare_connection may return NT_STATUS_OK without a valid
+ connection.
+ * BUG 12598: winbindd (as member) requires Kerberos against trusted ad
+ domain, while it shouldn't.
+ * BUG 12605: s3:winbindd: Fix endless forest trust scan.
+
+o Garming Sam
+ * BUG 12577: dbcheck-links: Test that dbcheck against one-way links does not
+ error.
+ * BUG 12600: dbchecker: Stop ignoring linked cases where both objects are
+ alive.
+
+o Andreas Schneider
+ * BUG 12571: s3-vfs: Only walk the directory once in open_and_sort_dir().
+
+o Martin Schwenke
+ * BUG 12589: ctdb-scripts: Initialise CTDB_NFS_CALLOUT in statd-callout.
+
+o Uri Simchoni
+ * BUG 12529: waf: backport finding of pkg-config.
+
+
+#######################################
+Reporting bugs & Development Discussion
+#######################################
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical IRC channel on irc.freenode.net.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored. All bug reports should
+be filed under the Samba 4.1 and newer product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+======================================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+======================================================================
+
+
+----------------------------------------------------------------------
+
+
+ =============================
+ Release Notes for Samba 4.5.5
+ January 30, 2017
+ =============================
+
+
+This is the latest stable release of the Samba 4.5 release series.
+
+Samba 4.5.4 erroneously included a rewrite of the vfs_fruit module.
+This patchset will be reverted with this release, because it needs to pass the
+review process first. If you are using the vfs_fruit module, please do not use
+Samba 4.5.4.
+
+Changes since 4.5.4:
+--------------------
+
+o Amitay Isaacs
+ * BUG 12469: ctdb-locking: Explicitly unlock record/db in lock helper.
+
+o Björn Jacke
+ * BUG 12535: vfs_default: Unlock the right file in copy chunk.
+
+o Martin Schwenke
+ * BUG 12512: ctdb-scripts: Fix remaining uses of "ctdb gratiousarp".
+ * BUG 12516: ctdb-scripts: /etc/iproute2/rt_tables gets populated with multiple
+ 'default' entries.
+
+
+#######################################
+Reporting bugs & Development Discussion
+#######################################
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical IRC channel on irc.freenode.net.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored. All bug reports should
+be filed under the Samba 4.1 and newer product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+======================================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+======================================================================
+
+
+----------------------------------------------------------------------
+
+
+ =============================
Release Notes for Samba 4.5.4
January 18, 2017
=============================
@@ -68,8 +338,8 @@
======================================================================
-Release notes for older releases follow:
-----------------------------------------
+----------------------------------------------------------------------
+
=============================
Release Notes for Samba 4.5.3