[Pkg-samba-maint] [samba] 01/03: Imported Upstream version 4.0.9+dfsg
Ivo De Decker
idd-guest at alioth.debian.org
Tue Aug 20 21:04:31 UTC 2013
This is an automated email from the git hooks/post-receive script.
idd-guest pushed a commit to branch samba_4.0
in repository samba.
commit 086da186afc19b452196f8e474d3d6dfe2213748
Author: Ivo De Decker <ivo.dedecker at ugent.be>
Date: Tue Aug 20 22:40:45 2013 +0200
Imported Upstream version 4.0.9+dfsg
---
VERSION | 2 +-
WHATSNEW.txt | 114 ++++-
buildtools/wafsamba/samba_abi.py | 4 +-
docs-xml/manpages/pam_winbind.conf.5.xml | 39 +-
docs/manpages/dbwrap_tool.1 | 4 +-
docs/manpages/eventlogadm.8 | 4 +-
docs/manpages/findsmb.1 | 4 +-
docs/manpages/idmap_ad.8 | 4 +-
docs/manpages/idmap_autorid.8 | 4 +-
docs/manpages/idmap_hash.8 | 4 +-
docs/manpages/idmap_ldap.8 | 4 +-
docs/manpages/idmap_nss.8 | 4 +-
docs/manpages/idmap_rid.8 | 4 +-
docs/manpages/idmap_tdb.8 | 4 +-
docs/manpages/idmap_tdb2.8 | 4 +-
docs/manpages/libsmbclient.7 | 4 +-
docs/manpages/lmhosts.5 | 4 +-
docs/manpages/log2pcap.1 | 4 +-
docs/manpages/net.8 | 4 +-
docs/manpages/nmbd.8 | 4 +-
docs/manpages/nmblookup.1 | 4 +-
docs/manpages/ntlm_auth.1 | 4 +-
docs/manpages/pam_winbind.8 | 4 +-
docs/manpages/pam_winbind.conf.5 | 25 +-
docs/manpages/pdbedit.8 | 4 +-
docs/manpages/profiles.1 | 4 +-
docs/manpages/rpcclient.1 | 4 +-
docs/manpages/samba-tool.8 | 4 +-
docs/manpages/samba.7 | 4 +-
docs/manpages/samba.8 | 4 +-
docs/manpages/sharesec.1 | 4 +-
docs/manpages/smb.conf.5 | 4 +-
docs/manpages/smbcacls.1 | 4 +-
docs/manpages/smbclient.1 | 4 +-
docs/manpages/smbcontrol.1 | 4 +-
docs/manpages/smbcquotas.1 | 4 +-
docs/manpages/smbd.8 | 4 +-
docs/manpages/smbget.1 | 4 +-
docs/manpages/smbgetrc.5 | 4 +-
docs/manpages/smbpasswd.5 | 4 +-
docs/manpages/smbpasswd.8 | 4 +-
docs/manpages/smbspool.8 | 4 +-
docs/manpages/smbstatus.1 | 4 +-
docs/manpages/smbta-util.8 | 4 +-
docs/manpages/smbtar.1 | 4 +-
docs/manpages/smbtree.1 | 4 +-
docs/manpages/swat.8 | 4 +-
docs/manpages/testparm.1 | 4 +-
docs/manpages/vfs_acl_tdb.8 | 4 +-
docs/manpages/vfs_acl_xattr.8 | 4 +-
docs/manpages/vfs_aio_fork.8 | 4 +-
docs/manpages/vfs_aio_linux.8 | 4 +-
docs/manpages/vfs_aio_pthread.8 | 4 +-
docs/manpages/vfs_audit.8 | 4 +-
docs/manpages/vfs_cacheprime.8 | 4 +-
docs/manpages/vfs_cap.8 | 4 +-
docs/manpages/vfs_catia.8 | 4 +-
docs/manpages/vfs_commit.8 | 4 +-
docs/manpages/vfs_crossrename.8 | 4 +-
docs/manpages/vfs_default_quota.8 | 4 +-
docs/manpages/vfs_dirsort.8 | 4 +-
docs/manpages/vfs_extd_audit.8 | 4 +-
docs/manpages/vfs_fake_perms.8 | 4 +-
docs/manpages/vfs_fileid.8 | 4 +-
docs/manpages/vfs_full_audit.8 | 4 +-
docs/manpages/vfs_gpfs.8 | 4 +-
docs/manpages/vfs_media_harmony.8 | 4 +-
docs/manpages/vfs_netatalk.8 | 4 +-
docs/manpages/vfs_notify_fam.8 | 4 +-
docs/manpages/vfs_prealloc.8 | 4 +-
docs/manpages/vfs_preopen.8 | 4 +-
docs/manpages/vfs_readahead.8 | 4 +-
docs/manpages/vfs_readonly.8 | 4 +-
docs/manpages/vfs_recycle.8 | 4 +-
docs/manpages/vfs_scannedonly.8 | 4 +-
docs/manpages/vfs_shadow_copy.8 | 4 +-
docs/manpages/vfs_shadow_copy2.8 | 4 +-
docs/manpages/vfs_smb_traffic_analyzer.8 | 4 +-
docs/manpages/vfs_streams_depot.8 | 4 +-
docs/manpages/vfs_streams_xattr.8 | 4 +-
docs/manpages/vfs_time_audit.8 | 4 +-
docs/manpages/vfs_tsmsm.8 | 4 +-
docs/manpages/vfs_xattr_tdb.8 | 4 +-
docs/manpages/vfstest.1 | 4 +-
docs/manpages/wbinfo.1 | 4 +-
docs/manpages/winbind_krb5_locator.7 | 4 +-
docs/manpages/winbindd.8 | 4 +-
examples/pam_winbind/pam_winbind.conf | 3 +-
file_server/file_server.c | 9 +
lib/ldb-samba/ldb_wrap.c | 4 +-
lib/param/loadparm.c | 18 +-
lib/util/debug.c | 3 +
lib/util/debug.h | 5 +-
lib/util/util_process.c | 34 ++
lib/util/util_process.h | 35 ++
lib/util/wscript_build | 3 +-
libcli/util/errormap.c | 1 +
librpc/idl/security.idl | 3 +
nsswitch/wbinfo.c | 6 +-
selftest/knownfail | 1 +
source3/Makefile.in | 3 +-
source3/autoconf/librpc/gen_ndr/messaging.h | 2 +
source3/autoconf/librpc/gen_ndr/ndr_messaging.c | 1 +
source3/autoconf/librpc/gen_ndr/ndr_security.c | 3 +
source3/autoconf/librpc/gen_ndr/py_security.c | 3 +
source3/autoconf/librpc/gen_ndr/security.h | 3 +
source3/include/autoconf/version.h | 4 +-
source3/include/passdb.h | 18 +-
source3/include/proto.h | 2 +
source3/lib/conn_tdb.c | 22 +-
source3/lib/filename_util.c | 34 ++
source3/lib/sessionid_tdb.c | 15 +-
source3/libads/kerberos.c | 10 +
source3/librpc/idl/messaging.idl | 1 +
source3/locking/brlock.c | 152 ++++++-
source3/locking/proto.h | 10 +-
source3/locking/share_mode_lock.c | 119 ++++-
source3/modules/vfs_gpfs.c | 6 +
source3/modules/vfs_streams_xattr.c | 43 +-
source3/passdb/ABI/pdb-0.sigs | 2 +
source3/passdb/pdb_interface.c | 36 ++
source3/rpc_server/netlogon/srv_netlog_nt.c | 106 ++++-
source3/smbd/blocking.c | 2 +-
source3/smbd/close.c | 36 +-
source3/smbd/globals.h | 7 +
source3/smbd/nttrans.c | 95 ++--
source3/smbd/oplock_linux.c | 33 +-
source3/smbd/proto.h | 1 +
source3/smbd/scavenger.c | 531 +++++++++++++++++++++++
source3/smbd/scavenger.h | 31 ++
source3/smbd/server.c | 5 +
source3/smbd/smb2_create.c | 14 +-
source3/smbd/smbXsrv_open.c | 173 ++++++++
source3/smbd/trans2.c | 86 +++-
source3/utils/status.c | 24 +-
source3/winbindd/winbindd_pam.c | 31 ++
source3/wscript_build | 2 +
source4/dsdb/samdb/ldb_modules/ridalloc.c | 3 +-
source4/lib/socket/socket_unix.c | 8 +-
source4/rpc_server/dcerpc_server.c | 55 ++-
source4/rpc_server/dcerpc_server.h | 8 +-
source4/smbd/server.c | 7 +
source4/smbd/service_stream.c | 6 +-
source4/torture/raw/eas.c | 114 +++++
source4/winbind/wb_dom_info.c | 5 +-
source4/winbind/wb_init_domain.c | 38 +-
source4/winbind/wb_samba3_protocol.c | 5 +
source4/winbind/wb_server.c | 51 ++-
source4/winbind/wb_server.h | 10 +-
source4/winbind/wb_sid2domain.c | 14 +
150 files changed, 2246 insertions(+), 381 deletions(-)
diff --git a/VERSION b/VERSION
index 68f3383..be37c35 100644
--- a/VERSION
+++ b/VERSION
@@ -25,7 +25,7 @@
########################################################
SAMBA_VERSION_MAJOR=4
SAMBA_VERSION_MINOR=0
-SAMBA_VERSION_RELEASE=8
+SAMBA_VERSION_RELEASE=9
########################################################
# If a official release has a serious bug #
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index 503aff0..8847406 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,4 +1,114 @@
=============================
+ Release Notes for Samba 4.0.9
+ August 20, 2013
+ =============================
+
+
+This is is the latest stable release of Samba 4.0.
+
+Major enhancements in Samba 4.0.9 include:
+
+o Fix crash of Winbind after "ls -l /usr/local/samba/var/locks/sysvol"
+ (bug #9820).
+o Fix segmentation fault while reading incomplete session info (bug #10003).
+o smbd: Fix a 100% loop at shutdown time (bug #10013).
+
+
+Changes since 4.0.8:
+--------------------
+
+o Michael Adam <obnox at samba.org>
+ * BUG 9930: smbd: Cleanup disonnected durable handles.
+
+
+o Jeremy Allison <jra at samba.org>
+ * BUG 9992: Fix Windows error 0x800700FE when copying files with xattr names
+ containing ":".
+ * BUG 10064: Linux kernel oplock breaks can miss signals.
+
+
+o Andrew Bartlett <abartlet at samba.org>
+ * BUG 9820: Fix crash of Winbind after "ls -l
+ /usr/local/samba/var/locks/sysvol".
+ * BUG 10014: Fix excessive RID allocation.
+
+
+o Björn Baumbach <bb at sernet.de>
+ * BUG 10003: s3-lib: Fix segmentation fault while reading incomplete
+ session info.
+
+
+o Gregor Beck <gbeck at sernet.de>
+ * BUG 9678: Windows 8 Roaming profiles fail.
+ * BUG 9930: smbd: Cleanup disonnected durable handles.
+
+
+o Kai Blin <kai at samba.org>
+ * BUG 10015: Add debugclass for DNS server.
+
+
+o Alexander Bokovoy <ab at samba.org>
+ * BUG 9779: Add UPN enumeration to passdb internal API.
+
+
+o Günther Deschner <gd at samba.org>
+ * BUG 10043: Allow to change the default location for Kerberos credential
+ caches.
+ * BUG 10073: net ads join: Fix segmentation fault in
+ create_local_private_krb5_conf_for_domain.
+
+
+o Volker Lendecke <vl at samba.org>
+ * BUG 10013: smbd: Fix a 100% loop at shutdown time.
+
+
+o Stefan Metzmacher <metze at samba.org>
+ * BUG 9820: Fix crash of Winbind after "ls -l
+ /usr/local/samba/var/locks/sysvol".
+ * BUG 10003: s3-lib: Fix segmentation fault while reading incomplete
+ session info.
+ * BUG 10015: Fix/improve debug options.
+
+
+o Christof Schmitt <christof.schmitt at us.ibm.com>
+ * BUG 9970: vfs_streams_xattr: Do not attempt to write empty attribute
+ twice.
+
+
+o Andreas Schneider <asn at samba.org>
+ * BUG 9994: s3-winbind: Do not delete an existing valid credential cache.
+ * BUG 10073: net ads join: Fix segmentation fault in
+ create_local_private_krb5_conf_for_domain.
+
+
+o Ralph Wuerthner <ralphw at de.ibm.com>
+ * BUG 10064: Linux kernel oplock breaks can miss signals.
+
+
+######################################################################
+Reporting bugs & Development Discussion
+#######################################
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical IRC channel on irc.freenode.net.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored. All bug reports should
+be filed under the Samba 4.0 product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+======================================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+======================================================================
+
+
+Release notes for older releases follow:
+----------------------------------------
+
+ =============================
Release Notes for Samba 4.0.8
August 05, 2013
=============================
@@ -51,8 +161,8 @@ database (https://bugzilla.samba.org/).
======================================================================
-Release notes for older releases follow:
-----------------------------------------
+----------------------------------------------------------------------
+
=============================
Release Notes for Samba 4.0.7
diff --git a/buildtools/wafsamba/samba_abi.py b/buildtools/wafsamba/samba_abi.py
index 488dab8..76acd00 100644
--- a/buildtools/wafsamba/samba_abi.py
+++ b/buildtools/wafsamba/samba_abi.py
@@ -50,13 +50,15 @@ def parse_sigs(sigs, abi_match):
sa = s.split(':')
if abi_match:
matched = False
+ negative = False
for p in abi_match:
if p[0] == '!' and fnmatch.fnmatch(sa[0], p[1:]):
+ negative = True
break
elif fnmatch.fnmatch(sa[0], p):
matched = True
break
- if not matched:
+ if (not matched) and negative:
continue
Logs.debug("%s -> %s" % (sa[1], normalise_signature(sa[1])))
ret[sa[0]] = normalise_signature(sa[1])
diff --git a/docs-xml/manpages/pam_winbind.conf.5.xml b/docs-xml/manpages/pam_winbind.conf.5.xml
index 7098ff4..be7f684 100644
--- a/docs-xml/manpages/pam_winbind.conf.5.xml
+++ b/docs-xml/manpages/pam_winbind.conf.5.xml
@@ -106,16 +106,35 @@
<term>krb5_ccache_type = [type]</term>
<listitem><para>
- When pam_winbind is configured to try kerberos authentication
- by enabling the <parameter>krb5_auth</parameter> option, it can
- store the retrieved Ticket Granting Ticket (TGT) in a
- credential cache. The type of credential cache can be set with
- this option. Currently the only supported value is:
- <parameter>FILE</parameter>. In that case a credential cache in
- the form of /tmp/krb5cc_UID will be created, where UID is
- replaced with the numeric user id. Leave empty to just do
- kerberos authentication without having a ticket cache after the
- logon has succeeded. This setting is empty by default.
+ When pam_winbind is configured to try kerberos authentication by
+ enabling the <parameter>krb5_auth</parameter> option, it can
+ store the retrieved Ticket Granting Ticket (TGT) in a credential
+ cache. The type of credential cache can be controlled with this
+ option. The supported values are: <parameter>FILE</parameter>
+ and <parameter>DIR</parameter> (when the DIR type is supported
+ by the system's Kerberos library). In case of FILE a credential
+ cache in the form of /tmp/krb5cc_UID will be created - in case
+ of DIR it will be located under the /run/user/UID/krb5cc
+ directory. UID is replaced with the numeric user id.</para>
+
+ <para>It is also possible to define custom filepaths and use the "%u"
+ pattern in order to substitue the numeric user id.
+ Examples:</para>
+
+ <variablelist>
+ <varlistentry>
+ <term>krb5_ccache_type = DIR:/run/user/%u/krb5cc</term>
+ <listitem><para>This will create a credential cache file in the specified directory.</para></listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>krb5_ccache_type = FILE:/tmp/krb5cc_%u</term>
+ <listitem><para>This will create a credential cache file.</para></listitem>
+ </varlistentry>
+ </variablelist>
+
+ <para> Leave empty to just do kerberos authentication without
+ having a ticket cache after the logon has succeeded.
+ This setting is empty by default.
</para></listitem>
</varlistentry>
diff --git a/docs/manpages/dbwrap_tool.1 b/docs/manpages/dbwrap_tool.1
index 2596bcd..383c5d5 100644
--- a/docs/manpages/dbwrap_tool.1
+++ b/docs/manpages/dbwrap_tool.1
@@ -2,12 +2,12 @@
.\" Title: dbwrap_tool
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
-.\" Date: 08/02/2013
+.\" Date: 08/15/2013
.\" Manual: System Administration tools
.\" Source: Samba 4.0
.\" Language: English
.\"
-.TH "DBWRAP_TOOL" "1" "08/02/2013" "Samba 4\&.0" "System Administration tools"
+.TH "DBWRAP_TOOL" "1" "08/15/2013" "Samba 4\&.0" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff --git a/docs/manpages/eventlogadm.8 b/docs/manpages/eventlogadm.8
index 37a1d31..7e8017e 100644
--- a/docs/manpages/eventlogadm.8
+++ b/docs/manpages/eventlogadm.8
@@ -2,12 +2,12 @@
.\" Title: eventlogadm
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
-.\" Date: 08/02/2013
+.\" Date: 08/15/2013
.\" Manual: System Administration tools
.\" Source: Samba 4.0
.\" Language: English
.\"
-.TH "EVENTLOGADM" "8" "08/02/2013" "Samba 4\&.0" "System Administration tools"
+.TH "EVENTLOGADM" "8" "08/15/2013" "Samba 4\&.0" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff --git a/docs/manpages/findsmb.1 b/docs/manpages/findsmb.1
index 3a11ce3..d24a153 100644
--- a/docs/manpages/findsmb.1
+++ b/docs/manpages/findsmb.1
@@ -2,12 +2,12 @@
.\" Title: findsmb
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
-.\" Date: 08/02/2013
+.\" Date: 08/15/2013
.\" Manual: User Commands
.\" Source: Samba 4.0
.\" Language: English
.\"
-.TH "FINDSMB" "1" "08/02/2013" "Samba 4\&.0" "User Commands"
+.TH "FINDSMB" "1" "08/15/2013" "Samba 4\&.0" "User Commands"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff --git a/docs/manpages/idmap_ad.8 b/docs/manpages/idmap_ad.8
index b1a5a64..ac96a67 100644
--- a/docs/manpages/idmap_ad.8
+++ b/docs/manpages/idmap_ad.8
@@ -2,12 +2,12 @@
.\" Title: idmap_ad
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
-.\" Date: 08/02/2013
+.\" Date: 08/15/2013
.\" Manual: System Administration tools
.\" Source: Samba 4.0
.\" Language: English
.\"
-.TH "IDMAP_AD" "8" "08/02/2013" "Samba 4\&.0" "System Administration tools"
+.TH "IDMAP_AD" "8" "08/15/2013" "Samba 4\&.0" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff --git a/docs/manpages/idmap_autorid.8 b/docs/manpages/idmap_autorid.8
index a7b6248..d3cc55f 100644
--- a/docs/manpages/idmap_autorid.8
+++ b/docs/manpages/idmap_autorid.8
@@ -2,12 +2,12 @@
.\" Title: idmap_autorid
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
-.\" Date: 08/02/2013
+.\" Date: 08/15/2013
.\" Manual: System Administration tools
.\" Source: Samba 4.0
.\" Language: English
.\"
-.TH "IDMAP_AUTORID" "8" "08/02/2013" "Samba 4\&.0" "System Administration tools"
+.TH "IDMAP_AUTORID" "8" "08/15/2013" "Samba 4\&.0" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff --git a/docs/manpages/idmap_hash.8 b/docs/manpages/idmap_hash.8
index 57d684f..4623552 100644
--- a/docs/manpages/idmap_hash.8
+++ b/docs/manpages/idmap_hash.8
@@ -2,12 +2,12 @@
.\" Title: idmap_hash
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
-.\" Date: 08/02/2013
+.\" Date: 08/15/2013
.\" Manual: System Administration tools
.\" Source: Samba 4.0
.\" Language: English
.\"
-.TH "IDMAP_HASH" "8" "08/02/2013" "Samba 4\&.0" "System Administration tools"
+.TH "IDMAP_HASH" "8" "08/15/2013" "Samba 4\&.0" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff --git a/docs/manpages/idmap_ldap.8 b/docs/manpages/idmap_ldap.8
index 3dfab7a..213f668 100644
--- a/docs/manpages/idmap_ldap.8
+++ b/docs/manpages/idmap_ldap.8
@@ -2,12 +2,12 @@
.\" Title: idmap_ldap
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
-.\" Date: 08/02/2013
+.\" Date: 08/15/2013
.\" Manual: System Administration tools
.\" Source: Samba 4.0
.\" Language: English
.\"
-.TH "IDMAP_LDAP" "8" "08/02/2013" "Samba 4\&.0" "System Administration tools"
+.TH "IDMAP_LDAP" "8" "08/15/2013" "Samba 4\&.0" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff --git a/docs/manpages/idmap_nss.8 b/docs/manpages/idmap_nss.8
index dcf163e..b5a566e 100644
--- a/docs/manpages/idmap_nss.8
+++ b/docs/manpages/idmap_nss.8
@@ -2,12 +2,12 @@
.\" Title: idmap_nss
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
-.\" Date: 08/02/2013
+.\" Date: 08/15/2013
.\" Manual: System Administration tools
.\" Source: Samba 4.0
.\" Language: English
.\"
-.TH "IDMAP_NSS" "8" "08/02/2013" "Samba 4\&.0" "System Administration tools"
+.TH "IDMAP_NSS" "8" "08/15/2013" "Samba 4\&.0" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff --git a/docs/manpages/idmap_rid.8 b/docs/manpages/idmap_rid.8
index 135a92d..f86197f 100644
--- a/docs/manpages/idmap_rid.8
+++ b/docs/manpages/idmap_rid.8
@@ -2,12 +2,12 @@
.\" Title: idmap_rid
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
-.\" Date: 08/02/2013
+.\" Date: 08/15/2013
.\" Manual: System Administration tools
.\" Source: Samba 4.0
.\" Language: English
.\"
-.TH "IDMAP_RID" "8" "08/02/2013" "Samba 4\&.0" "System Administration tools"
+.TH "IDMAP_RID" "8" "08/15/2013" "Samba 4\&.0" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff --git a/docs/manpages/idmap_tdb.8 b/docs/manpages/idmap_tdb.8
index debba68..bebc478 100644
--- a/docs/manpages/idmap_tdb.8
+++ b/docs/manpages/idmap_tdb.8
@@ -2,12 +2,12 @@
.\" Title: idmap_tdb
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
-.\" Date: 08/02/2013
+.\" Date: 08/15/2013
.\" Manual: System Administration tools
.\" Source: Samba 4.0
.\" Language: English
.\"
-.TH "IDMAP_TDB" "8" "08/02/2013" "Samba 4\&.0" "System Administration tools"
+.TH "IDMAP_TDB" "8" "08/15/2013" "Samba 4\&.0" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff --git a/docs/manpages/idmap_tdb2.8 b/docs/manpages/idmap_tdb2.8
index a9f2af4..cb7975e 100644
--- a/docs/manpages/idmap_tdb2.8
+++ b/docs/manpages/idmap_tdb2.8
@@ -2,12 +2,12 @@
.\" Title: idmap_tdb2
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
-.\" Date: 08/02/2013
+.\" Date: 08/15/2013
.\" Manual: System Administration tools
.\" Source: Samba 4.0
.\" Language: English
.\"
-.TH "IDMAP_TDB2" "8" "08/02/2013" "Samba 4\&.0" "System Administration tools"
+.TH "IDMAP_TDB2" "8" "08/15/2013" "Samba 4\&.0" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff --git a/docs/manpages/libsmbclient.7 b/docs/manpages/libsmbclient.7
index 8096360..72142ad 100644
--- a/docs/manpages/libsmbclient.7
+++ b/docs/manpages/libsmbclient.7
@@ -2,12 +2,12 @@
.\" Title: libsmbclient
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
-.\" Date: 08/02/2013
+.\" Date: 08/15/2013
.\" Manual: 7
.\" Source: Samba 4.0
.\" Language: English
.\"
-.TH "LIBSMBCLIENT" "7" "08/02/2013" "Samba 4\&.0" "7"
+.TH "LIBSMBCLIENT" "7" "08/15/2013" "Samba 4\&.0" "7"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff --git a/docs/manpages/lmhosts.5 b/docs/manpages/lmhosts.5
index 79a247b..3bdffae 100644
--- a/docs/manpages/lmhosts.5
+++ b/docs/manpages/lmhosts.5
@@ -2,12 +2,12 @@
.\" Title: lmhosts
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
-.\" Date: 08/02/2013
+.\" Date: 08/15/2013
.\" Manual: File Formats and Conventions
.\" Source: Samba 4.0
.\" Language: English
.\"
-.TH "LMHOSTS" "5" "08/02/2013" "Samba 4\&.0" "File Formats and Conventions"
+.TH "LMHOSTS" "5" "08/15/2013" "Samba 4\&.0" "File Formats and Conventions"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff --git a/docs/manpages/log2pcap.1 b/docs/manpages/log2pcap.1
index f902c0e..49c25f4 100644
--- a/docs/manpages/log2pcap.1
+++ b/docs/manpages/log2pcap.1
@@ -2,12 +2,12 @@
.\" Title: log2pcap
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
-.\" Date: 08/02/2013
+.\" Date: 08/15/2013
.\" Manual: User Commands
.\" Source: Samba 4.0
.\" Language: English
.\"
-.TH "LOG2PCAP" "1" "08/02/2013" "Samba 4\&.0" "User Commands"
+.TH "LOG2PCAP" "1" "08/15/2013" "Samba 4\&.0" "User Commands"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff --git a/docs/manpages/net.8 b/docs/manpages/net.8
index 131edde..f4f09f8 100644
--- a/docs/manpages/net.8
+++ b/docs/manpages/net.8
@@ -2,12 +2,12 @@
.\" Title: net
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
-.\" Date: 08/02/2013
+.\" Date: 08/15/2013
.\" Manual: System Administration tools
.\" Source: Samba 4.0
.\" Language: English
.\"
-.TH "NET" "8" "08/02/2013" "Samba 4\&.0" "System Administration tools"
+.TH "NET" "8" "08/15/2013" "Samba 4\&.0" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff --git a/docs/manpages/nmbd.8 b/docs/manpages/nmbd.8
index 7ad4bc0..e57a3a6 100644
--- a/docs/manpages/nmbd.8
+++ b/docs/manpages/nmbd.8
@@ -2,12 +2,12 @@
.\" Title: nmbd
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
-.\" Date: 08/02/2013
+.\" Date: 08/15/2013
.\" Manual: System Administration tools
.\" Source: Samba 4.0
.\" Language: English
.\"
-.TH "NMBD" "8" "08/02/2013" "Samba 4\&.0" "System Administration tools"
+.TH "NMBD" "8" "08/15/2013" "Samba 4\&.0" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff --git a/docs/manpages/nmblookup.1 b/docs/manpages/nmblookup.1
index 86bd038..386dfff 100644
--- a/docs/manpages/nmblookup.1
+++ b/docs/manpages/nmblookup.1
@@ -2,12 +2,12 @@
.\" Title: nmblookup
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
-.\" Date: 08/02/2013
+.\" Date: 08/15/2013
.\" Manual: User Commands
.\" Source: Samba 4.0
.\" Language: English
.\"
-.TH "NMBLOOKUP" "1" "08/02/2013" "Samba 4\&.0" "User Commands"
+.TH "NMBLOOKUP" "1" "08/15/2013" "Samba 4\&.0" "User Commands"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff --git a/docs/manpages/ntlm_auth.1 b/docs/manpages/ntlm_auth.1
index 6dd1335..3434349 100644
--- a/docs/manpages/ntlm_auth.1
+++ b/docs/manpages/ntlm_auth.1
@@ -2,12 +2,12 @@
.\" Title: ntlm_auth
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
-.\" Date: 08/02/2013
+.\" Date: 08/15/2013
.\" Manual: User Commands
.\" Source: Samba 4.0
.\" Language: English
.\"
-.TH "NTLM_AUTH" "1" "08/02/2013" "Samba 4\&.0" "User Commands"
+.TH "NTLM_AUTH" "1" "08/15/2013" "Samba 4\&.0" "User Commands"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff --git a/docs/manpages/pam_winbind.8 b/docs/manpages/pam_winbind.8
index 9ceff57..94cf991 100644
--- a/docs/manpages/pam_winbind.8
+++ b/docs/manpages/pam_winbind.8
@@ -2,12 +2,12 @@
.\" Title: pam_winbind
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
-.\" Date: 08/02/2013
+.\" Date: 08/15/2013
.\" Manual: 8
.\" Source: Samba 4.0
.\" Language: English
.\"
-.TH "PAM_WINBIND" "8" "08/02/2013" "Samba 4\&.0" "8"
+.TH "PAM_WINBIND" "8" "08/15/2013" "Samba 4\&.0" "8"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff --git a/docs/manpages/pam_winbind.conf.5 b/docs/manpages/pam_winbind.conf.5
index 828f71f..a3d0640 100644
--- a/docs/manpages/pam_winbind.conf.5
+++ b/docs/manpages/pam_winbind.conf.5
@@ -2,12 +2,12 @@
.\" Title: pam_winbind.conf
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
-.\" Date: 08/02/2013
+.\" Date: 08/15/2013
.\" Manual: 5
.\" Source: Samba 4.0
.\" Language: English
.\"
-.TH "PAM_WINBIND\&.CONF" "5" "08/02/2013" "Samba 4\&.0" "5"
+.TH "PAM_WINBIND\&.CONF" "5" "08/15/2013" "Samba 4\&.0" "5"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
@@ -80,8 +80,25 @@ krb5_ccache_type = [type]
.RS 4
When pam_winbind is configured to try kerberos authentication by enabling the
\fIkrb5_auth\fR
-option, it can store the retrieved Ticket Granting Ticket (TGT) in a credential cache\&. The type of credential cache can be set with this option\&. Currently the only supported value is:
-\fIFILE\fR\&. In that case a credential cache in the form of /tmp/krb5cc_UID will be created, where UID is replaced with the numeric user id\&. Leave empty to just do kerberos authentication without having a ticket cache after the logon has succeeded\&. This setting is empty by default\&.
+option, it can store the retrieved Ticket Granting Ticket (TGT) in a credential cache\&. The type of credential cache can be controlled with this option\&. The supported values are:
+\fIFILE\fR
+and
+\fIDIR\fR
+(when the DIR type is supported by the system\*(Aqs Kerberos library)\&. In case of FILE a credential cache in the form of /tmp/krb5cc_UID will be created \- in case of DIR it will be located under the /run/user/UID/krb5cc directory\&. UID is replaced with the numeric user id\&.
+.sp
+It is also possible to define custom filepaths and use the "%u" pattern in order to substitue the numeric user id\&. Examples:
+.PP
+krb5_ccache_type = DIR:/run/user/%u/krb5cc
+.RS 4
+This will create a credential cache file in the specified directory\&.
+.RE
+.PP
+krb5_ccache_type = FILE:/tmp/krb5cc_%u
+.RS 4
+This will create a credential cache file\&.
+.RE
+.sp
+Leave empty to just do kerberos authentication without having a ticket cache after the logon has succeeded\&. This setting is empty by default\&.
.RE
.PP
cached_login = yes|no
diff --git a/docs/manpages/pdbedit.8 b/docs/manpages/pdbedit.8
index fc606bc..9979d76 100644
--- a/docs/manpages/pdbedit.8
+++ b/docs/manpages/pdbedit.8
@@ -2,12 +2,12 @@
.\" Title: pdbedit
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
-.\" Date: 08/02/2013
+.\" Date: 08/15/2013
.\" Manual: System Administration tools
.\" Source: Samba 4.0
.\" Language: English
.\"
-.TH "PDBEDIT" "8" "08/02/2013" "Samba 4\&.0" "System Administration tools"
+.TH "PDBEDIT" "8" "08/15/2013" "Samba 4\&.0" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff --git a/docs/manpages/profiles.1 b/docs/manpages/profiles.1
index 1e9b3ed..22d6565 100644
--- a/docs/manpages/profiles.1
+++ b/docs/manpages/profiles.1
@@ -2,12 +2,12 @@
.\" Title: profiles
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
-.\" Date: 08/02/2013
+.\" Date: 08/15/2013
.\" Manual: User Commands
.\" Source: Samba 4.0
.\" Language: English
.\"
-.TH "PROFILES" "1" "08/02/2013" "Samba 4\&.0" "User Commands"
+.TH "PROFILES" "1" "08/15/2013" "Samba 4\&.0" "User Commands"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff --git a/docs/manpages/rpcclient.1 b/docs/manpages/rpcclient.1
index bf38818..68f9536 100644
--- a/docs/manpages/rpcclient.1
+++ b/docs/manpages/rpcclient.1
@@ -2,12 +2,12 @@
.\" Title: rpcclient
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
-.\" Date: 08/02/2013
+.\" Date: 08/15/2013
.\" Manual: User Commands
.\" Source: Samba 4.0
.\" Language: English
.\"
-.TH "RPCCLIENT" "1" "08/02/2013" "Samba 4\&.0" "User Commands"
+.TH "RPCCLIENT" "1" "08/15/2013" "Samba 4\&.0" "User Commands"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff --git a/docs/manpages/samba-tool.8 b/docs/manpages/samba-tool.8
index 8dcd27d..df44db4 100644
--- a/docs/manpages/samba-tool.8
+++ b/docs/manpages/samba-tool.8
@@ -2,12 +2,12 @@
.\" Title: samba-tool
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
-.\" Date: 08/02/2013
+.\" Date: 08/15/2013
.\" Manual: System Administration tools
.\" Source: Samba 4.0
.\" Language: English
.\"
-.TH "SAMBA\-TOOL" "8" "08/02/2013" "Samba 4\&.0" "System Administration tools"
+.TH "SAMBA\-TOOL" "8" "08/15/2013" "Samba 4\&.0" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff --git a/docs/manpages/samba.7 b/docs/manpages/samba.7
index 0d665db..96b8e47 100644
--- a/docs/manpages/samba.7
+++ b/docs/manpages/samba.7
@@ -2,12 +2,12 @@
.\" Title: samba
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
-.\" Date: 08/02/2013
+.\" Date: 08/15/2013
.\" Manual: Miscellanea
.\" Source: Samba 4.0
.\" Language: English
.\"
-.TH "SAMBA" "7" "08/02/2013" "Samba 4\&.0" "Miscellanea"
+.TH "SAMBA" "7" "08/15/2013" "Samba 4\&.0" "Miscellanea"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff --git a/docs/manpages/samba.8 b/docs/manpages/samba.8
index 548a427..b06ee52 100644
--- a/docs/manpages/samba.8
+++ b/docs/manpages/samba.8
@@ -2,12 +2,12 @@
.\" Title: samba
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
-.\" Date: 08/02/2013
+.\" Date: 08/15/2013
.\" Manual: System Administration tools
.\" Source: Samba 4.0
.\" Language: English
.\"
-.TH "SAMBA" "8" "08/02/2013" "Samba 4\&.0" "System Administration tools"
+.TH "SAMBA" "8" "08/15/2013" "Samba 4\&.0" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff --git a/docs/manpages/sharesec.1 b/docs/manpages/sharesec.1
index ce985e1..a7dd3b6 100644
--- a/docs/manpages/sharesec.1
+++ b/docs/manpages/sharesec.1
@@ -2,12 +2,12 @@
.\" Title: sharesec
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
-.\" Date: 08/02/2013
+.\" Date: 08/15/2013
.\" Manual: User Commands
.\" Source: Samba 4.0
.\" Language: English
.\"
-.TH "SHARESEC" "1" "08/02/2013" "Samba 4\&.0" "User Commands"
+.TH "SHARESEC" "1" "08/15/2013" "Samba 4\&.0" "User Commands"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff --git a/docs/manpages/smb.conf.5 b/docs/manpages/smb.conf.5
index c587720..bd5a2ce 100644
--- a/docs/manpages/smb.conf.5
+++ b/docs/manpages/smb.conf.5
@@ -2,12 +2,12 @@
.\" Title: smb.conf
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
-.\" Date: 08/02/2013
+.\" Date: 08/15/2013
.\" Manual: File Formats and Conventions
.\" Source: Samba 4.0
.\" Language: English
.\"
-.TH "SMB\&.CONF" "5" "08/02/2013" "Samba 4\&.0" "File Formats and Conventions"
+.TH "SMB\&.CONF" "5" "08/15/2013" "Samba 4\&.0" "File Formats and Conventions"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff --git a/docs/manpages/smbcacls.1 b/docs/manpages/smbcacls.1
index 8710fb8..caa0fc5 100644
--- a/docs/manpages/smbcacls.1
+++ b/docs/manpages/smbcacls.1
@@ -2,12 +2,12 @@
.\" Title: smbcacls
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
-.\" Date: 08/02/2013
+.\" Date: 08/15/2013
.\" Manual: User Commands
.\" Source: Samba 4.0
.\" Language: English
.\"
-.TH "SMBCACLS" "1" "08/02/2013" "Samba 4\&.0" "User Commands"
+.TH "SMBCACLS" "1" "08/15/2013" "Samba 4\&.0" "User Commands"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff --git a/docs/manpages/smbclient.1 b/docs/manpages/smbclient.1
index 1572831..0ea05c4 100644
--- a/docs/manpages/smbclient.1
+++ b/docs/manpages/smbclient.1
@@ -2,12 +2,12 @@
.\" Title: smbclient
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
-.\" Date: 08/02/2013
+.\" Date: 08/15/2013
.\" Manual: User Commands
.\" Source: Samba 4.0
.\" Language: English
.\"
-.TH "SMBCLIENT" "1" "08/02/2013" "Samba 4\&.0" "User Commands"
+.TH "SMBCLIENT" "1" "08/15/2013" "Samba 4\&.0" "User Commands"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff --git a/docs/manpages/smbcontrol.1 b/docs/manpages/smbcontrol.1
index bfcb02d..f9087cb 100644
--- a/docs/manpages/smbcontrol.1
+++ b/docs/manpages/smbcontrol.1
@@ -2,12 +2,12 @@
.\" Title: smbcontrol
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
-.\" Date: 08/02/2013
+.\" Date: 08/15/2013
.\" Manual: User Commands
.\" Source: Samba 4.0
.\" Language: English
.\"
-.TH "SMBCONTROL" "1" "08/02/2013" "Samba 4\&.0" "User Commands"
+.TH "SMBCONTROL" "1" "08/15/2013" "Samba 4\&.0" "User Commands"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff --git a/docs/manpages/smbcquotas.1 b/docs/manpages/smbcquotas.1
index 43286d3..302c876 100644
--- a/docs/manpages/smbcquotas.1
+++ b/docs/manpages/smbcquotas.1
@@ -2,12 +2,12 @@
.\" Title: smbcquotas
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
-.\" Date: 08/02/2013
+.\" Date: 08/15/2013
.\" Manual: User Commands
.\" Source: Samba 4.0
.\" Language: English
.\"
-.TH "SMBCQUOTAS" "1" "08/02/2013" "Samba 4\&.0" "User Commands"
+.TH "SMBCQUOTAS" "1" "08/15/2013" "Samba 4\&.0" "User Commands"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff --git a/docs/manpages/smbd.8 b/docs/manpages/smbd.8
index 6dce9a1..2d55ea5 100644
--- a/docs/manpages/smbd.8
+++ b/docs/manpages/smbd.8
@@ -2,12 +2,12 @@
.\" Title: smbd
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
-.\" Date: 08/02/2013
+.\" Date: 08/15/2013
.\" Manual: System Administration tools
.\" Source: Samba 4.0
.\" Language: English
.\"
-.TH "SMBD" "8" "08/02/2013" "Samba 4\&.0" "System Administration tools"
+.TH "SMBD" "8" "08/15/2013" "Samba 4\&.0" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff --git a/docs/manpages/smbget.1 b/docs/manpages/smbget.1
index 785a961..81f6112 100644
--- a/docs/manpages/smbget.1
+++ b/docs/manpages/smbget.1
@@ -2,12 +2,12 @@
.\" Title: smbget
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
-.\" Date: 08/02/2013
+.\" Date: 08/15/2013
.\" Manual: User Commands
.\" Source: Samba 4.0
.\" Language: English
.\"
-.TH "SMBGET" "1" "08/02/2013" "Samba 4\&.0" "User Commands"
+.TH "SMBGET" "1" "08/15/2013" "Samba 4\&.0" "User Commands"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff --git a/docs/manpages/smbgetrc.5 b/docs/manpages/smbgetrc.5
index 3566e95..ccf0d24 100644
--- a/docs/manpages/smbgetrc.5
+++ b/docs/manpages/smbgetrc.5
@@ -2,12 +2,12 @@
.\" Title: smbgetrc
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
-.\" Date: 08/02/2013
+.\" Date: 08/15/2013
.\" Manual: File Formats and Conventions
.\" Source: Samba 4.0
.\" Language: English
.\"
-.TH "SMBGETRC" "5" "08/02/2013" "Samba 4\&.0" "File Formats and Conventions"
+.TH "SMBGETRC" "5" "08/15/2013" "Samba 4\&.0" "File Formats and Conventions"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff --git a/docs/manpages/smbpasswd.5 b/docs/manpages/smbpasswd.5
index 7a8b55e..1ac4649 100644
--- a/docs/manpages/smbpasswd.5
+++ b/docs/manpages/smbpasswd.5
@@ -2,12 +2,12 @@
.\" Title: smbpasswd
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
-.\" Date: 08/02/2013
+.\" Date: 08/15/2013
.\" Manual: File Formats and Conventions
.\" Source: Samba 4.0
.\" Language: English
.\"
-.TH "SMBPASSWD" "5" "08/02/2013" "Samba 4\&.0" "File Formats and Conventions"
+.TH "SMBPASSWD" "5" "08/15/2013" "Samba 4\&.0" "File Formats and Conventions"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff --git a/docs/manpages/smbpasswd.8 b/docs/manpages/smbpasswd.8
index 3f24385..588e41c 100644
--- a/docs/manpages/smbpasswd.8
+++ b/docs/manpages/smbpasswd.8
@@ -2,12 +2,12 @@
.\" Title: smbpasswd
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
-.\" Date: 08/02/2013
+.\" Date: 08/15/2013
.\" Manual: System Administration tools
.\" Source: Samba 4.0
.\" Language: English
.\"
-.TH "SMBPASSWD" "8" "08/02/2013" "Samba 4\&.0" "System Administration tools"
+.TH "SMBPASSWD" "8" "08/15/2013" "Samba 4\&.0" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff --git a/docs/manpages/smbspool.8 b/docs/manpages/smbspool.8
index efc0bf0..1013aa6 100644
--- a/docs/manpages/smbspool.8
+++ b/docs/manpages/smbspool.8
@@ -2,12 +2,12 @@
.\" Title: smbspool
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
-.\" Date: 08/02/2013
+.\" Date: 08/15/2013
.\" Manual: System Administration tools
.\" Source: Samba 4.0
.\" Language: English
.\"
-.TH "SMBSPOOL" "8" "08/02/2013" "Samba 4\&.0" "System Administration tools"
+.TH "SMBSPOOL" "8" "08/15/2013" "Samba 4\&.0" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff --git a/docs/manpages/smbstatus.1 b/docs/manpages/smbstatus.1
index d7816e2..b582160 100644
--- a/docs/manpages/smbstatus.1
+++ b/docs/manpages/smbstatus.1
@@ -2,12 +2,12 @@
.\" Title: smbstatus
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
-.\" Date: 08/02/2013
+.\" Date: 08/15/2013
.\" Manual: User Commands
.\" Source: Samba 4.0
.\" Language: English
.\"
-.TH "SMBSTATUS" "1" "08/02/2013" "Samba 4\&.0" "User Commands"
+.TH "SMBSTATUS" "1" "08/15/2013" "Samba 4\&.0" "User Commands"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff --git a/docs/manpages/smbta-util.8 b/docs/manpages/smbta-util.8
index 6f46f71..4873637 100644
--- a/docs/manpages/smbta-util.8
+++ b/docs/manpages/smbta-util.8
@@ -2,12 +2,12 @@
.\" Title: smbta-util
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
-.\" Date: 08/02/2013
+.\" Date: 08/15/2013
.\" Manual: System Administration tools
.\" Source: Samba 4.0
.\" Language: English
.\"
-.TH "SMBTA\-UTIL" "8" "08/02/2013" "Samba 4\&.0" "System Administration tools"
+.TH "SMBTA\-UTIL" "8" "08/15/2013" "Samba 4\&.0" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff --git a/docs/manpages/smbtar.1 b/docs/manpages/smbtar.1
index 82a5adf..be7d60a 100644
--- a/docs/manpages/smbtar.1
+++ b/docs/manpages/smbtar.1
@@ -2,12 +2,12 @@
.\" Title: smbtar
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
-.\" Date: 08/02/2013
+.\" Date: 08/15/2013
.\" Manual: User Commands
.\" Source: Samba 4.0
.\" Language: English
.\"
-.TH "SMBTAR" "1" "08/02/2013" "Samba 4\&.0" "User Commands"
+.TH "SMBTAR" "1" "08/15/2013" "Samba 4\&.0" "User Commands"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff --git a/docs/manpages/smbtree.1 b/docs/manpages/smbtree.1
index 41d5b9d..a369c3a 100644
--- a/docs/manpages/smbtree.1
+++ b/docs/manpages/smbtree.1
@@ -2,12 +2,12 @@
.\" Title: smbtree
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
-.\" Date: 08/02/2013
+.\" Date: 08/15/2013
.\" Manual: User Commands
.\" Source: Samba 4.0
.\" Language: English
.\"
-.TH "SMBTREE" "1" "08/02/2013" "Samba 4\&.0" "User Commands"
+.TH "SMBTREE" "1" "08/15/2013" "Samba 4\&.0" "User Commands"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff --git a/docs/manpages/swat.8 b/docs/manpages/swat.8
index b55d234..aae05a5 100644
--- a/docs/manpages/swat.8
+++ b/docs/manpages/swat.8
@@ -2,12 +2,12 @@
.\" Title: swat
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
-.\" Date: 08/02/2013
+.\" Date: 08/15/2013
.\" Manual: System Administration tools
.\" Source: Samba 4.0
.\" Language: English
.\"
-.TH "SWAT" "8" "08/02/2013" "Samba 4\&.0" "System Administration tools"
+.TH "SWAT" "8" "08/15/2013" "Samba 4\&.0" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff --git a/docs/manpages/testparm.1 b/docs/manpages/testparm.1
index 0770c07..ec4861c 100644
--- a/docs/manpages/testparm.1
+++ b/docs/manpages/testparm.1
@@ -2,12 +2,12 @@
.\" Title: testparm
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
-.\" Date: 08/02/2013
+.\" Date: 08/15/2013
.\" Manual: User Commands
.\" Source: Samba 4.0
.\" Language: English
.\"
-.TH "TESTPARM" "1" "08/02/2013" "Samba 4\&.0" "User Commands"
+.TH "TESTPARM" "1" "08/15/2013" "Samba 4\&.0" "User Commands"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff --git a/docs/manpages/vfs_acl_tdb.8 b/docs/manpages/vfs_acl_tdb.8
index 7edd0e0..777e034 100644
--- a/docs/manpages/vfs_acl_tdb.8
+++ b/docs/manpages/vfs_acl_tdb.8
@@ -2,12 +2,12 @@
.\" Title: vfs_acl_tdb
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
-.\" Date: 08/02/2013
+.\" Date: 08/15/2013
.\" Manual: System Administration tools
.\" Source: Samba 4.0
.\" Language: English
.\"
-.TH "VFS_ACL_TDB" "8" "08/02/2013" "Samba 4\&.0" "System Administration tools"
+.TH "VFS_ACL_TDB" "8" "08/15/2013" "Samba 4\&.0" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff --git a/docs/manpages/vfs_acl_xattr.8 b/docs/manpages/vfs_acl_xattr.8
index 0e157ff..a2a36c4 100644
--- a/docs/manpages/vfs_acl_xattr.8
+++ b/docs/manpages/vfs_acl_xattr.8
@@ -2,12 +2,12 @@
.\" Title: vfs_acl_xattr
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
-.\" Date: 08/02/2013
+.\" Date: 08/15/2013
.\" Manual: System Administration tools
.\" Source: Samba 4.0
.\" Language: English
.\"
-.TH "VFS_ACL_XATTR" "8" "08/02/2013" "Samba 4\&.0" "System Administration tools"
+.TH "VFS_ACL_XATTR" "8" "08/15/2013" "Samba 4\&.0" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff --git a/docs/manpages/vfs_aio_fork.8 b/docs/manpages/vfs_aio_fork.8
index caf7304..67853f6 100644
--- a/docs/manpages/vfs_aio_fork.8
+++ b/docs/manpages/vfs_aio_fork.8
@@ -2,12 +2,12 @@
.\" Title: vfs_aio_fork
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
-.\" Date: 08/02/2013
+.\" Date: 08/15/2013
.\" Manual: System Administration tools
.\" Source: Samba 4.0
.\" Language: English
.\"
-.TH "VFS_AIO_FORK" "8" "08/02/2013" "Samba 4\&.0" "System Administration tools"
+.TH "VFS_AIO_FORK" "8" "08/15/2013" "Samba 4\&.0" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff --git a/docs/manpages/vfs_aio_linux.8 b/docs/manpages/vfs_aio_linux.8
index edbf301..79a8dc1 100644
--- a/docs/manpages/vfs_aio_linux.8
+++ b/docs/manpages/vfs_aio_linux.8
@@ -2,12 +2,12 @@
.\" Title: vfs_aio_linux
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
-.\" Date: 08/02/2013
+.\" Date: 08/15/2013
.\" Manual: System Administration tools
.\" Source: Samba 4.0
.\" Language: English
.\"
-.TH "VFS_AIO_LINUX" "8" "08/02/2013" "Samba 4\&.0" "System Administration tools"
+.TH "VFS_AIO_LINUX" "8" "08/15/2013" "Samba 4\&.0" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff --git a/docs/manpages/vfs_aio_pthread.8 b/docs/manpages/vfs_aio_pthread.8
index 83e41a6..9538eea 100644
--- a/docs/manpages/vfs_aio_pthread.8
+++ b/docs/manpages/vfs_aio_pthread.8
@@ -2,12 +2,12 @@
.\" Title: vfs_aio_pthread
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
-.\" Date: 08/02/2013
+.\" Date: 08/15/2013
.\" Manual: System Administration tools
.\" Source: Samba 4.0
.\" Language: English
.\"
-.TH "VFS_AIO_PTHREAD" "8" "08/02/2013" "Samba 4\&.0" "System Administration tools"
+.TH "VFS_AIO_PTHREAD" "8" "08/15/2013" "Samba 4\&.0" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff --git a/docs/manpages/vfs_audit.8 b/docs/manpages/vfs_audit.8
index b62a64a..6587756 100644
--- a/docs/manpages/vfs_audit.8
+++ b/docs/manpages/vfs_audit.8
@@ -2,12 +2,12 @@
.\" Title: vfs_audit
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
-.\" Date: 08/02/2013
+.\" Date: 08/15/2013
.\" Manual: System Administration tools
.\" Source: Samba 4.0
.\" Language: English
.\"
-.TH "VFS_AUDIT" "8" "08/02/2013" "Samba 4\&.0" "System Administration tools"
+.TH "VFS_AUDIT" "8" "08/15/2013" "Samba 4\&.0" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff --git a/docs/manpages/vfs_cacheprime.8 b/docs/manpages/vfs_cacheprime.8
index d52a631..14000d1 100644
--- a/docs/manpages/vfs_cacheprime.8
+++ b/docs/manpages/vfs_cacheprime.8
@@ -2,12 +2,12 @@
.\" Title: vfs_cacheprime
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
-.\" Date: 08/02/2013
+.\" Date: 08/15/2013
.\" Manual: System Administration tools
.\" Source: Samba 4.0
.\" Language: English
.\"
-.TH "VFS_CACHEPRIME" "8" "08/02/2013" "Samba 4\&.0" "System Administration tools"
+.TH "VFS_CACHEPRIME" "8" "08/15/2013" "Samba 4\&.0" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff --git a/docs/manpages/vfs_cap.8 b/docs/manpages/vfs_cap.8
index 96d68d6..db88931 100644
--- a/docs/manpages/vfs_cap.8
+++ b/docs/manpages/vfs_cap.8
@@ -2,12 +2,12 @@
.\" Title: vfs_cap
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
-.\" Date: 08/02/2013
+.\" Date: 08/15/2013
.\" Manual: System Administration tools
.\" Source: Samba 4.0
.\" Language: English
.\"
-.TH "VFS_CAP" "8" "08/02/2013" "Samba 4\&.0" "System Administration tools"
+.TH "VFS_CAP" "8" "08/15/2013" "Samba 4\&.0" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff --git a/docs/manpages/vfs_catia.8 b/docs/manpages/vfs_catia.8
index 751713a..faca02c 100644
--- a/docs/manpages/vfs_catia.8
+++ b/docs/manpages/vfs_catia.8
@@ -2,12 +2,12 @@
.\" Title: vfs_catia
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
-.\" Date: 08/02/2013
+.\" Date: 08/15/2013
.\" Manual: System Administration tools
.\" Source: Samba 4.0
.\" Language: English
.\"
-.TH "VFS_CATIA" "8" "08/02/2013" "Samba 4\&.0" "System Administration tools"
+.TH "VFS_CATIA" "8" "08/15/2013" "Samba 4\&.0" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff --git a/docs/manpages/vfs_commit.8 b/docs/manpages/vfs_commit.8
index d637f55..05beea1 100644
--- a/docs/manpages/vfs_commit.8
+++ b/docs/manpages/vfs_commit.8
@@ -2,12 +2,12 @@
.\" Title: vfs_commit
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
-.\" Date: 08/02/2013
+.\" Date: 08/15/2013
.\" Manual: System Administration tools
.\" Source: Samba 4.0
.\" Language: English
.\"
-.TH "VFS_COMMIT" "8" "08/02/2013" "Samba 4\&.0" "System Administration tools"
+.TH "VFS_COMMIT" "8" "08/15/2013" "Samba 4\&.0" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff --git a/docs/manpages/vfs_crossrename.8 b/docs/manpages/vfs_crossrename.8
index d74bc1c..5b3c238 100644
--- a/docs/manpages/vfs_crossrename.8
+++ b/docs/manpages/vfs_crossrename.8
@@ -2,12 +2,12 @@
.\" Title: vfs_crossrename
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
-.\" Date: 08/02/2013
+.\" Date: 08/15/2013
.\" Manual: System Administration tools
.\" Source: Samba 4.0
.\" Language: English
.\"
-.TH "VFS_CROSSRENAME" "8" "08/02/2013" "Samba 4\&.0" "System Administration tools"
+.TH "VFS_CROSSRENAME" "8" "08/15/2013" "Samba 4\&.0" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff --git a/docs/manpages/vfs_default_quota.8 b/docs/manpages/vfs_default_quota.8
index 363515f..faf013f 100644
--- a/docs/manpages/vfs_default_quota.8
+++ b/docs/manpages/vfs_default_quota.8
@@ -2,12 +2,12 @@
.\" Title: vfs_default_quota
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
-.\" Date: 08/02/2013
+.\" Date: 08/15/2013
.\" Manual: System Administration tools
.\" Source: Samba 4.0
.\" Language: English
.\"
-.TH "VFS_DEFAULT_QUOTA" "8" "08/02/2013" "Samba 4\&.0" "System Administration tools"
+.TH "VFS_DEFAULT_QUOTA" "8" "08/15/2013" "Samba 4\&.0" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff --git a/docs/manpages/vfs_dirsort.8 b/docs/manpages/vfs_dirsort.8
index 6332ec8..d05ebfa 100644
--- a/docs/manpages/vfs_dirsort.8
+++ b/docs/manpages/vfs_dirsort.8
@@ -2,12 +2,12 @@
.\" Title: vfs_dirsort
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
-.\" Date: 08/02/2013
+.\" Date: 08/15/2013
.\" Manual: System Administration tools
.\" Source: Samba 4.0
.\" Language: English
.\"
-.TH "VFS_DIRSORT" "8" "08/02/2013" "Samba 4\&.0" "System Administration tools"
+.TH "VFS_DIRSORT" "8" "08/15/2013" "Samba 4\&.0" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff --git a/docs/manpages/vfs_extd_audit.8 b/docs/manpages/vfs_extd_audit.8
index 5b6ab0a..32b4dfe 100644
--- a/docs/manpages/vfs_extd_audit.8
+++ b/docs/manpages/vfs_extd_audit.8
@@ -2,12 +2,12 @@
.\" Title: vfs_extd_audit
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
-.\" Date: 08/02/2013
+.\" Date: 08/15/2013
.\" Manual: System Administration tools
.\" Source: Samba 4.0
.\" Language: English
.\"
-.TH "VFS_EXTD_AUDIT" "8" "08/02/2013" "Samba 4\&.0" "System Administration tools"
+.TH "VFS_EXTD_AUDIT" "8" "08/15/2013" "Samba 4\&.0" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff --git a/docs/manpages/vfs_fake_perms.8 b/docs/manpages/vfs_fake_perms.8
index 59549fb..0a93d89 100644
--- a/docs/manpages/vfs_fake_perms.8
+++ b/docs/manpages/vfs_fake_perms.8
@@ -2,12 +2,12 @@
.\" Title: vfs_fake_perms
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
-.\" Date: 08/02/2013
+.\" Date: 08/15/2013
.\" Manual: System Administration tools
.\" Source: Samba 4.0
.\" Language: English
.\"
-.TH "VFS_FAKE_PERMS" "8" "08/02/2013" "Samba 4\&.0" "System Administration tools"
+.TH "VFS_FAKE_PERMS" "8" "08/15/2013" "Samba 4\&.0" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff --git a/docs/manpages/vfs_fileid.8 b/docs/manpages/vfs_fileid.8
index 9732e56..577b3a9 100644
--- a/docs/manpages/vfs_fileid.8
+++ b/docs/manpages/vfs_fileid.8
@@ -2,12 +2,12 @@
.\" Title: vfs_fileid
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
-.\" Date: 08/02/2013
+.\" Date: 08/15/2013
.\" Manual: System Administration tools
.\" Source: Samba 4.0
.\" Language: English
.\"
-.TH "VFS_FILEID" "8" "08/02/2013" "Samba 4\&.0" "System Administration tools"
+.TH "VFS_FILEID" "8" "08/15/2013" "Samba 4\&.0" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff --git a/docs/manpages/vfs_full_audit.8 b/docs/manpages/vfs_full_audit.8
index 50125b3..5775182 100644
--- a/docs/manpages/vfs_full_audit.8
+++ b/docs/manpages/vfs_full_audit.8
@@ -2,12 +2,12 @@
.\" Title: vfs_full_audit
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
-.\" Date: 08/02/2013
+.\" Date: 08/15/2013
.\" Manual: System Administration tools
.\" Source: Samba 4.0
.\" Language: English
.\"
-.TH "VFS_FULL_AUDIT" "8" "08/02/2013" "Samba 4\&.0" "System Administration tools"
+.TH "VFS_FULL_AUDIT" "8" "08/15/2013" "Samba 4\&.0" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff --git a/docs/manpages/vfs_gpfs.8 b/docs/manpages/vfs_gpfs.8
index fcf2180..4c2cbe0 100644
--- a/docs/manpages/vfs_gpfs.8
+++ b/docs/manpages/vfs_gpfs.8
@@ -2,12 +2,12 @@
.\" Title: vfs_gpfs
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
-.\" Date: 08/02/2013
+.\" Date: 08/15/2013
.\" Manual: System Administration tools
.\" Source: Samba 4.0
.\" Language: English
.\"
-.TH "VFS_GPFS" "8" "08/02/2013" "Samba 4\&.0" "System Administration tools"
+.TH "VFS_GPFS" "8" "08/15/2013" "Samba 4\&.0" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff --git a/docs/manpages/vfs_media_harmony.8 b/docs/manpages/vfs_media_harmony.8
index e780b9a..2798fca 100644
--- a/docs/manpages/vfs_media_harmony.8
+++ b/docs/manpages/vfs_media_harmony.8
@@ -2,12 +2,12 @@
.\" Title: vfs_media_harmony
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
-.\" Date: 08/02/2013
+.\" Date: 08/15/2013
.\" Manual: System Administration tools
.\" Source: Samba 4.0
.\" Language: English
.\"
-.TH "VFS_MEDIA_HARMONY" "8" "08/02/2013" "Samba 4\&.0" "System Administration tools"
+.TH "VFS_MEDIA_HARMONY" "8" "08/15/2013" "Samba 4\&.0" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff --git a/docs/manpages/vfs_netatalk.8 b/docs/manpages/vfs_netatalk.8
index 0f67fa9..33f9e29 100644
--- a/docs/manpages/vfs_netatalk.8
+++ b/docs/manpages/vfs_netatalk.8
@@ -2,12 +2,12 @@
.\" Title: vfs_netatalk
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
-.\" Date: 08/02/2013
+.\" Date: 08/15/2013
.\" Manual: System Administration tools
.\" Source: Samba 4.0
.\" Language: English
.\"
-.TH "VFS_NETATALK" "8" "08/02/2013" "Samba 4\&.0" "System Administration tools"
+.TH "VFS_NETATALK" "8" "08/15/2013" "Samba 4\&.0" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff --git a/docs/manpages/vfs_notify_fam.8 b/docs/manpages/vfs_notify_fam.8
index 76da780..c80b37d 100644
--- a/docs/manpages/vfs_notify_fam.8
+++ b/docs/manpages/vfs_notify_fam.8
@@ -2,12 +2,12 @@
.\" Title: vfs_notify_fam
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
-.\" Date: 08/02/2013
+.\" Date: 08/15/2013
.\" Manual: System Administration tools
.\" Source: Samba 4.0
.\" Language: English
.\"
-.TH "VFS_NOTIFY_FAM" "8" "08/02/2013" "Samba 4\&.0" "System Administration tools"
+.TH "VFS_NOTIFY_FAM" "8" "08/15/2013" "Samba 4\&.0" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff --git a/docs/manpages/vfs_prealloc.8 b/docs/manpages/vfs_prealloc.8
index c80ff69..5cbde05 100644
--- a/docs/manpages/vfs_prealloc.8
+++ b/docs/manpages/vfs_prealloc.8
@@ -2,12 +2,12 @@
.\" Title: vfs_prealloc
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
-.\" Date: 08/02/2013
+.\" Date: 08/15/2013
.\" Manual: System Administration tools
.\" Source: Samba 4.0
.\" Language: English
.\"
-.TH "VFS_PREALLOC" "8" "08/02/2013" "Samba 4\&.0" "System Administration tools"
+.TH "VFS_PREALLOC" "8" "08/15/2013" "Samba 4\&.0" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff --git a/docs/manpages/vfs_preopen.8 b/docs/manpages/vfs_preopen.8
index 4cbb940..87215e9 100644
--- a/docs/manpages/vfs_preopen.8
+++ b/docs/manpages/vfs_preopen.8
@@ -2,12 +2,12 @@
.\" Title: vfs_preopen
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
-.\" Date: 08/02/2013
+.\" Date: 08/15/2013
.\" Manual: System Administration tools
.\" Source: Samba 4.0
.\" Language: English
.\"
-.TH "VFS_PREOPEN" "8" "08/02/2013" "Samba 4\&.0" "System Administration tools"
+.TH "VFS_PREOPEN" "8" "08/15/2013" "Samba 4\&.0" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff --git a/docs/manpages/vfs_readahead.8 b/docs/manpages/vfs_readahead.8
index bcecaa5..021c28f 100644
--- a/docs/manpages/vfs_readahead.8
+++ b/docs/manpages/vfs_readahead.8
@@ -2,12 +2,12 @@
.\" Title: vfs_readahead
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
-.\" Date: 08/02/2013
+.\" Date: 08/15/2013
.\" Manual: System Administration tools
.\" Source: Samba 4.0
.\" Language: English
.\"
-.TH "VFS_READAHEAD" "8" "08/02/2013" "Samba 4\&.0" "System Administration tools"
+.TH "VFS_READAHEAD" "8" "08/15/2013" "Samba 4\&.0" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff --git a/docs/manpages/vfs_readonly.8 b/docs/manpages/vfs_readonly.8
index e441b52..a6a096f 100644
--- a/docs/manpages/vfs_readonly.8
+++ b/docs/manpages/vfs_readonly.8
@@ -2,12 +2,12 @@
.\" Title: vfs_readonly
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
-.\" Date: 08/02/2013
+.\" Date: 08/15/2013
.\" Manual: System Administration tools
.\" Source: Samba 4.0
.\" Language: English
.\"
-.TH "VFS_READONLY" "8" "08/02/2013" "Samba 4\&.0" "System Administration tools"
+.TH "VFS_READONLY" "8" "08/15/2013" "Samba 4\&.0" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff --git a/docs/manpages/vfs_recycle.8 b/docs/manpages/vfs_recycle.8
index 924252e..fa4da1d 100644
--- a/docs/manpages/vfs_recycle.8
+++ b/docs/manpages/vfs_recycle.8
@@ -2,12 +2,12 @@
.\" Title: vfs_recycle
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
-.\" Date: 08/02/2013
+.\" Date: 08/15/2013
.\" Manual: System Administration tools
.\" Source: Samba 4.0
.\" Language: English
.\"
-.TH "VFS_RECYCLE" "8" "08/02/2013" "Samba 4\&.0" "System Administration tools"
+.TH "VFS_RECYCLE" "8" "08/15/2013" "Samba 4\&.0" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff --git a/docs/manpages/vfs_scannedonly.8 b/docs/manpages/vfs_scannedonly.8
index 26ea889..f1805ff 100644
--- a/docs/manpages/vfs_scannedonly.8
+++ b/docs/manpages/vfs_scannedonly.8
@@ -2,12 +2,12 @@
.\" Title: vfs_scannedonly
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
-.\" Date: 08/02/2013
+.\" Date: 08/15/2013
.\" Manual: System Administration tools
.\" Source: Samba 4.0
.\" Language: English
.\"
-.TH "VFS_SCANNEDONLY" "8" "08/02/2013" "Samba 4\&.0" "System Administration tools"
+.TH "VFS_SCANNEDONLY" "8" "08/15/2013" "Samba 4\&.0" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff --git a/docs/manpages/vfs_shadow_copy.8 b/docs/manpages/vfs_shadow_copy.8
index 9a65bfa..5f1850f 100644
--- a/docs/manpages/vfs_shadow_copy.8
+++ b/docs/manpages/vfs_shadow_copy.8
@@ -2,12 +2,12 @@
.\" Title: vfs_shadow_copy
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
-.\" Date: 08/02/2013
+.\" Date: 08/15/2013
.\" Manual: System Administration tools
.\" Source: Samba 4.0
.\" Language: English
.\"
-.TH "VFS_SHADOW_COPY" "8" "08/02/2013" "Samba 4\&.0" "System Administration tools"
+.TH "VFS_SHADOW_COPY" "8" "08/15/2013" "Samba 4\&.0" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff --git a/docs/manpages/vfs_shadow_copy2.8 b/docs/manpages/vfs_shadow_copy2.8
index 0f9f581..1dbf04c 100644
--- a/docs/manpages/vfs_shadow_copy2.8
+++ b/docs/manpages/vfs_shadow_copy2.8
@@ -2,12 +2,12 @@
.\" Title: vfs_shadow_copy2
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
-.\" Date: 08/02/2013
+.\" Date: 08/15/2013
.\" Manual: System Administration tools
.\" Source: Samba 4.0
.\" Language: English
.\"
-.TH "VFS_SHADOW_COPY2" "8" "08/02/2013" "Samba 4\&.0" "System Administration tools"
+.TH "VFS_SHADOW_COPY2" "8" "08/15/2013" "Samba 4\&.0" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff --git a/docs/manpages/vfs_smb_traffic_analyzer.8 b/docs/manpages/vfs_smb_traffic_analyzer.8
index f46a20a..c8b4caa 100644
--- a/docs/manpages/vfs_smb_traffic_analyzer.8
+++ b/docs/manpages/vfs_smb_traffic_analyzer.8
@@ -2,12 +2,12 @@
.\" Title: smb_traffic_analyzer
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
-.\" Date: 08/02/2013
+.\" Date: 08/15/2013
.\" Manual: System Administration tools
.\" Source: Samba 4.0
.\" Language: English
.\"
-.TH "SMB_TRAFFIC_ANALYZER" "8" "08/02/2013" "Samba 4\&.0" "System Administration tools"
+.TH "SMB_TRAFFIC_ANALYZER" "8" "08/15/2013" "Samba 4\&.0" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff --git a/docs/manpages/vfs_streams_depot.8 b/docs/manpages/vfs_streams_depot.8
index 425cd64..fa2a09e 100644
--- a/docs/manpages/vfs_streams_depot.8
+++ b/docs/manpages/vfs_streams_depot.8
@@ -2,12 +2,12 @@
.\" Title: vfs_streams_depot
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
-.\" Date: 08/02/2013
+.\" Date: 08/15/2013
.\" Manual: System Administration tools
.\" Source: Samba 4.0
.\" Language: English
.\"
-.TH "VFS_STREAMS_DEPOT" "8" "08/02/2013" "Samba 4\&.0" "System Administration tools"
+.TH "VFS_STREAMS_DEPOT" "8" "08/15/2013" "Samba 4\&.0" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff --git a/docs/manpages/vfs_streams_xattr.8 b/docs/manpages/vfs_streams_xattr.8
index 9524bd1..ed76ef1 100644
--- a/docs/manpages/vfs_streams_xattr.8
+++ b/docs/manpages/vfs_streams_xattr.8
@@ -2,12 +2,12 @@
.\" Title: vfs_streams_xattr
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
-.\" Date: 08/02/2013
+.\" Date: 08/15/2013
.\" Manual: System Administration tools
.\" Source: Samba 4.0
.\" Language: English
.\"
-.TH "VFS_STREAMS_XATTR" "8" "08/02/2013" "Samba 4\&.0" "System Administration tools"
+.TH "VFS_STREAMS_XATTR" "8" "08/15/2013" "Samba 4\&.0" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff --git a/docs/manpages/vfs_time_audit.8 b/docs/manpages/vfs_time_audit.8
index 7e2e17c..a028dde 100644
--- a/docs/manpages/vfs_time_audit.8
+++ b/docs/manpages/vfs_time_audit.8
@@ -2,12 +2,12 @@
.\" Title: vfs_time_audit
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
-.\" Date: 08/02/2013
+.\" Date: 08/15/2013
.\" Manual: System Administration tools
.\" Source: Samba 4.0
.\" Language: English
.\"
-.TH "VFS_TIME_AUDIT" "8" "08/02/2013" "Samba 4\&.0" "System Administration tools"
+.TH "VFS_TIME_AUDIT" "8" "08/15/2013" "Samba 4\&.0" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff --git a/docs/manpages/vfs_tsmsm.8 b/docs/manpages/vfs_tsmsm.8
index b81d60d..e64ad93 100644
--- a/docs/manpages/vfs_tsmsm.8
+++ b/docs/manpages/vfs_tsmsm.8
@@ -2,12 +2,12 @@
.\" Title: vfs_tsmsm
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
-.\" Date: 08/02/2013
+.\" Date: 08/15/2013
.\" Manual: System Administration tools
.\" Source: Samba 4.0
.\" Language: English
.\"
-.TH "VFS_TSMSM" "8" "08/02/2013" "Samba 4\&.0" "System Administration tools"
+.TH "VFS_TSMSM" "8" "08/15/2013" "Samba 4\&.0" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff --git a/docs/manpages/vfs_xattr_tdb.8 b/docs/manpages/vfs_xattr_tdb.8
index e5f1f3a..72925ba 100644
--- a/docs/manpages/vfs_xattr_tdb.8
+++ b/docs/manpages/vfs_xattr_tdb.8
@@ -2,12 +2,12 @@
.\" Title: vfs_xattr_tdb
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
-.\" Date: 08/02/2013
+.\" Date: 08/15/2013
.\" Manual: System Administration tools
.\" Source: Samba 4.0
.\" Language: English
.\"
-.TH "VFS_XATTR_TDB" "8" "08/02/2013" "Samba 4\&.0" "System Administration tools"
+.TH "VFS_XATTR_TDB" "8" "08/15/2013" "Samba 4\&.0" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff --git a/docs/manpages/vfstest.1 b/docs/manpages/vfstest.1
index afd00a9..422a5e4 100644
--- a/docs/manpages/vfstest.1
+++ b/docs/manpages/vfstest.1
@@ -2,12 +2,12 @@
.\" Title: vfstest
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
-.\" Date: 08/02/2013
+.\" Date: 08/15/2013
.\" Manual: User Commands
.\" Source: Samba 4.0
.\" Language: English
.\"
-.TH "VFSTEST" "1" "08/02/2013" "Samba 4\&.0" "User Commands"
+.TH "VFSTEST" "1" "08/15/2013" "Samba 4\&.0" "User Commands"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff --git a/docs/manpages/wbinfo.1 b/docs/manpages/wbinfo.1
index 6ec2e08..694af4f 100644
--- a/docs/manpages/wbinfo.1
+++ b/docs/manpages/wbinfo.1
@@ -2,12 +2,12 @@
.\" Title: wbinfo
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
-.\" Date: 08/02/2013
+.\" Date: 08/15/2013
.\" Manual: User Commands
.\" Source: Samba 4.0
.\" Language: English
.\"
-.TH "WBINFO" "1" "08/02/2013" "Samba 4\&.0" "User Commands"
+.TH "WBINFO" "1" "08/15/2013" "Samba 4\&.0" "User Commands"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff --git a/docs/manpages/winbind_krb5_locator.7 b/docs/manpages/winbind_krb5_locator.7
index b6a2e87..2ec3a95 100644
--- a/docs/manpages/winbind_krb5_locator.7
+++ b/docs/manpages/winbind_krb5_locator.7
@@ -2,12 +2,12 @@
.\" Title: winbind_krb5_locator
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
-.\" Date: 08/02/2013
+.\" Date: 08/15/2013
.\" Manual: 7
.\" Source: Samba 4.0
.\" Language: English
.\"
-.TH "WINBIND_KRB5_LOCATOR" "7" "08/02/2013" "Samba 4\&.0" "7"
+.TH "WINBIND_KRB5_LOCATOR" "7" "08/15/2013" "Samba 4\&.0" "7"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff --git a/docs/manpages/winbindd.8 b/docs/manpages/winbindd.8
index 1a0ac50..14c1d83 100644
--- a/docs/manpages/winbindd.8
+++ b/docs/manpages/winbindd.8
@@ -2,12 +2,12 @@
.\" Title: winbindd
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
-.\" Date: 08/02/2013
+.\" Date: 08/15/2013
.\" Manual: System Administration tools
.\" Source: Samba 4.0
.\" Language: English
.\"
-.TH "WINBINDD" "8" "08/02/2013" "Samba 4\&.0" "System Administration tools"
+.TH "WINBINDD" "8" "08/15/2013" "Samba 4\&.0" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff --git a/examples/pam_winbind/pam_winbind.conf b/examples/pam_winbind/pam_winbind.conf
index dd0b112..87bc388 100644
--- a/examples/pam_winbind/pam_winbind.conf
+++ b/examples/pam_winbind/pam_winbind.conf
@@ -3,6 +3,7 @@
#
# /etc/security/pam_winbind.conf
#
+# For more details see man pam_winbind.conf(5)
[global]
@@ -19,7 +20,7 @@
# authenticate using kerberos
;krb5_auth = no
-# when using kerberos, request a "FILE" krb5 credential cache type
+# when using kerberos, request a "FILE" or "DIR" krb5 credential cache type
# (leave empty to just do krb5 authentication but not have a ticket
# afterwards)
;krb5_ccache_type =
diff --git a/file_server/file_server.c b/file_server/file_server.c
index 430782c..43618f5 100644
--- a/file_server/file_server.c
+++ b/file_server/file_server.c
@@ -28,6 +28,7 @@
#include "source4/smbd/process_model.h"
#include "file_server/file_server.h"
#include "dynconfig.h"
+#include "nsswitch/winbind_client.h"
/*
called if smbd exits
@@ -64,6 +65,8 @@ static void s3fs_task_init(struct task_server *task)
smbd_path = talloc_asprintf(task, "%s/smbd", dyn_SBINDIR);
smbd_cmd[0] = smbd_path;
+ /* the child should be able to call through nss_winbind */
+ (void)winbind_on();
/* start it as a child process */
subreq = samba_runcmd_send(task, task->event_ctx, timeval_zero(), 1, 0,
smbd_cmd,
@@ -71,6 +74,12 @@ static void s3fs_task_init(struct task_server *task)
"--foreground",
debug_get_output_is_stdout()?"--log-stdout":NULL,
NULL);
+ /* the parent should not be able to call through nss_winbind */
+ if (!winbind_off()) {
+ DEBUG(0,("Failed to re-disable recursive winbindd calls after forking smbd\n"));
+ task_server_terminate(task, "Failed to re-disable recursive winbindd calls", true);
+ return;
+ }
if (subreq == NULL) {
DEBUG(0, ("Failed to start smbd as child daemon\n"));
task_server_terminate(task, "Failed to startup s3fs smb task", true);
diff --git a/lib/ldb-samba/ldb_wrap.c b/lib/ldb-samba/ldb_wrap.c
index 028bd6f..65956ef 100644
--- a/lib/ldb-samba/ldb_wrap.c
+++ b/lib/ldb-samba/ldb_wrap.c
@@ -37,6 +37,8 @@
#include "../lib/util/dlinklist.h"
#include <tdb.h>
+#define DBGC_CLASS DBGC_LDB
+
/*
this is used to catch debug messages from ldb
*/
@@ -58,7 +60,7 @@ static void ldb_wrap_debug(void *context, enum ldb_debug_level level,
samba_level = 2;
break;
case LDB_DEBUG_TRACE:
- samba_level = 5;
+ samba_level = 10;
break;
};
diff --git a/lib/param/loadparm.c b/lib/param/loadparm.c
index b2e4218..aa4589d 100644
--- a/lib/param/loadparm.c
+++ b/lib/param/loadparm.c
@@ -2080,6 +2080,15 @@ struct loadparm_context *loadparm_init(TALLOC_CTX *mem_ctx)
lpcfg_do_global_parameter(lp_ctx, "log level", "0");
+ lpcfg_do_global_parameter(lp_ctx, "syslog", "1");
+ lpcfg_do_global_parameter(lp_ctx, "syslog only", "No");
+ lpcfg_do_global_parameter(lp_ctx, "debug timestamp", "Yes");
+ lpcfg_do_global_parameter(lp_ctx, "debug prefix timestamp", "No");
+ lpcfg_do_global_parameter(lp_ctx, "debug hires timestamp", "Yes");
+ lpcfg_do_global_parameter(lp_ctx, "debug pid", "No");
+ lpcfg_do_global_parameter(lp_ctx, "debug uid", "No");
+ lpcfg_do_global_parameter(lp_ctx, "debug class", "No");
+
lpcfg_do_global_parameter(lp_ctx, "share backend", "classic");
lpcfg_do_global_parameter(lp_ctx, "server role", "auto");
@@ -2302,7 +2311,14 @@ static bool lpcfg_update(struct loadparm_context *lp_ctx)
ZERO_STRUCT(settings);
/* Add any more debug-related smb.conf parameters created in
* future here */
- settings.timestamp_logs = true;
+ settings.syslog = lp_ctx->globals->syslog;
+ settings.syslog_only = lp_ctx->globals->bSyslogOnly;
+ settings.timestamp_logs = lp_ctx->globals->bTimestampLogs;
+ settings.debug_prefix_timestamp = lp_ctx->globals->bDebugPrefixTimestamp;
+ settings.debug_hires_timestamp = lp_ctx->globals->bDebugHiresTimestamp;
+ settings.debug_pid = lp_ctx->globals->bDebugPid;
+ settings.debug_uid = lp_ctx->globals->bDebugUid;
+ settings.debug_class = lp_ctx->globals->bDebugClass;
debug_set_settings(&settings);
/* FIXME: This is a bit of a hack, but we can't use a global, since
diff --git a/lib/util/debug.c b/lib/util/debug.c
index 7509f90..a46b275 100644
--- a/lib/util/debug.c
+++ b/lib/util/debug.c
@@ -176,6 +176,9 @@ static const char *default_classname_table[] = {
"msdfs", /* DBGC_MSDFS */
"dmapi", /* DBGC_DMAPI */
"registry", /* DBGC_REGISTRY */
+ "scavenger", /* DBGC_SCAVENGER */
+ "dns", /* DBGC_DNS */
+ "ldb", /* DBGC_LDB */
NULL
};
diff --git a/lib/util/debug.h b/lib/util/debug.h
index 2566418..bd7056e 100644
--- a/lib/util/debug.h
+++ b/lib/util/debug.h
@@ -79,9 +79,12 @@ bool dbghdr( int level, const char *location, const char *func);
#define DBGC_MSDFS 17
#define DBGC_DMAPI 18
#define DBGC_REGISTRY 19
+#define DBGC_SCAVENGER 20
+#define DBGC_DNS 21
+#define DBGC_LDB 22
/* Always ensure this is updated when new fixed classes area added, to ensure the array in debug.c is the right size */
-#define DBGC_MAX_FIXED 19
+#define DBGC_MAX_FIXED 22
/* So you can define DBGC_CLASS before including debug.h */
#ifndef DBGC_CLASS
diff --git a/lib/util/util_process.c b/lib/util/util_process.c
new file mode 100644
index 0000000..6036e27
--- /dev/null
+++ b/lib/util/util_process.c
@@ -0,0 +1,34 @@
+/*
+ * Unix SMB/CIFS implementation.
+ *
+ * Process utils.
+ *
+ * Copyright (c) 2013 Andreas Schneider <asn at samba.org>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "util_process.h"
+
+#ifdef HAVE_SYS_PRCTL_H
+#include <sys/prctl.h>
+#endif
+
+int prctl_set_comment(const char *comment)
+{
+#if defined(HAVE_PRCTL) && defined(PR_SET_NAME)
+ return prctl(PR_SET_NAME, (unsigned long) comment, 0, 0, 0);
+#endif
+ return 0;
+}
diff --git a/lib/util/util_process.h b/lib/util/util_process.h
new file mode 100644
index 0000000..6e1ef07
--- /dev/null
+++ b/lib/util/util_process.h
@@ -0,0 +1,35 @@
+/*
+ * Unix SMB/CIFS implementation.
+ *
+ * Process utils.
+ *
+ * Copyright (c) 2013 Andreas Schneider <asn at samba.org>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef _SAMBA_UTIL_PROCESS_H
+#define _SAMBA_UTIL_PROCESS_H
+
+/**
+ * @brief Set the process comment name.
+ *
+ * @param[in] comment The comment to set which shouldn't be longer than 16
+ * 16 characters (including \0).
+ *
+ * @return -1 on error, 0 on success.
+ */
+int prctl_set_comment(const char *comment);
+
+#endif
diff --git a/lib/util/wscript_build b/lib/util/wscript_build
index ddaf90f..27c9ec7 100755
--- a/lib/util/wscript_build
+++ b/lib/util/wscript_build
@@ -7,7 +7,8 @@ bld.SAMBA_LIBRARY('samba-util',
signal.c system.c params.c util.c util_id.c util_net.c
util_strlist.c util_paths.c idtree.c debug.c fault.c base64.c
util_str.c util_str_common.c substitute.c ms_fnmatch.c
- server_id.c dprintf.c parmlist.c bitmap.c pidfile.c''',
+ server_id.c dprintf.c parmlist.c bitmap.c pidfile.c
+ util_process.c''',
deps='DYNCONFIG',
public_deps='talloc execinfo uid_wrapper pthread LIBCRYPTO charset util_setid',
public_headers='debug.h attr.h byteorder.h data_blob.h memory.h safe_string.h time.h talloc_stack.h xfile.h dlinklist.h samba_util.h string_wrappers.h',
diff --git a/libcli/util/errormap.c b/libcli/util/errormap.c
index 714e62c..3870619 100644
--- a/libcli/util/errormap.c
+++ b/libcli/util/errormap.c
@@ -54,6 +54,7 @@ static const struct {
*/
{ERRDOS, ERRmoredata, STATUS_BUFFER_OVERFLOW},
{ERRDOS, ERRnofiles, STATUS_NO_MORE_FILES},
+ {ERRDOS, ERRbadfile, STATUS_INVALID_EA_NAME},
{ERRDOS, ERRnofiles, NT_STATUS_NO_MORE_ENTRIES},
{ERRDOS, ERRgeneral, NT_STATUS_UNSUCCESSFUL},
{ERRDOS, ERRbadfunc, NT_STATUS_NOT_IMPLEMENTED},
diff --git a/librpc/idl/security.idl b/librpc/idl/security.idl
index 33085c4..4f0e900 100644
--- a/librpc/idl/security.idl
+++ b/librpc/idl/security.idl
@@ -600,6 +600,9 @@ interface security
SECINFO_DACL = 0x00000004,
SECINFO_SACL = 0x00000008,
SECINFO_LABEL = 0x00000010,
+ SECINFO_ATTRIBUTE = 0x00000020,
+ SECINFO_SCOPE = 0x00000040,
+ SECINFO_BACKUP = 0x00010000,
SECINFO_UNPROTECTED_SACL = 0x10000000,
SECINFO_UNPROTECTED_DACL = 0x20000000,
SECINFO_PROTECTED_SACL = 0x40000000,
diff --git a/nsswitch/wbinfo.c b/nsswitch/wbinfo.c
index 762382c..abe4844 100644
--- a/nsswitch/wbinfo.c
+++ b/nsswitch/wbinfo.c
@@ -2071,6 +2071,7 @@ int main(int argc, char **argv, char **envp)
bool use_lanman = false;
char *logoff_user = getenv("USER");
int logoff_uid = geteuid();
+ const char *opt_krb5ccname = "FILE";
struct poptOption long_options[] = {
POPT_AUTOHELP
@@ -2152,6 +2153,7 @@ int main(int argc, char **argv, char **envp)
{ "krb5auth", 'K', POPT_ARG_STRING, &string_arg, 'K', "authenticate user using Kerberos", "user%password" },
/* destroys wbinfo --help output */
/* "user%password,DOM\\user%password,user at EXAMPLE.COM,EXAMPLE.COM\\user%password" }, */
+ { "krb5ccname", 0, POPT_ARG_STRING, &opt_krb5ccname, '0', "authenticate user using Kerberos and specific credential cache type", "krb5ccname" },
#endif
{ "separator", 0, POPT_ARG_NONE, 0, OPT_SEPARATOR, "Get the active winbind separator", NULL },
{ "verbose", 0, POPT_ARG_NONE, 0, OPT_VERBOSE, "Print additional information per command", NULL },
@@ -2521,13 +2523,13 @@ int main(int argc, char **argv, char **envp)
WBFLAG_PAM_INFO3_TEXT |
WBFLAG_PAM_CONTACT_TRUSTDOM;
- if (!wbinfo_auth_krb5(string_arg, "FILE",
+ if (!wbinfo_auth_krb5(string_arg, opt_krb5ccname,
flags)) {
d_fprintf(stderr,
"Could not authenticate user "
"[%s] with Kerberos "
"(ccache: %s)\n", string_arg,
- "FILE");
+ opt_krb5ccname);
goto done;
}
break;
diff --git a/selftest/knownfail b/selftest/knownfail
index 262b889..d249a25 100644
--- a/selftest/knownfail
+++ b/selftest/knownfail
@@ -65,6 +65,7 @@
^samba4.raw.session.expire1
^samba4.raw.rename.*.osxrename
^samba4.raw.rename.*.directory rename
+^samba4.raw.eas
^samba4.rpc.winreg.*security
^samba4.local.registry.(dir|ldb).check hive security
^samba4.local.registry.local.security
diff --git a/source3/Makefile.in b/source3/Makefile.in
index c7c6250..96727fc 100644
--- a/source3/Makefile.in
+++ b/source3/Makefile.in
@@ -431,7 +431,7 @@ UTIL_OBJ = ../lib/util/rbtree.o ../lib/util/signal.o ../lib/util/time.o \
../lib/util/genrand.o ../lib/util/util_net.o \
../lib/util/become_daemon.o ../lib/util/system.o \
../lib/util/tevent_unix.o ../lib/util/tevent_ntstatus.o \
- ../lib/util/tevent_werror.o \
+ ../lib/util/tevent_werror.o ../lib/util/util_process.o\
lib/tevent_barrier.o \
../lib/util/smb_threads.o ../lib/util/util_id.o \
../lib/util/blocking.o ../lib/util/rfc1738.o \
@@ -986,6 +986,7 @@ SMBD_OBJ_SRV = smbd/server_reload.o \
smbd/smbXsrv_tcon.o \
smbd/smbXsrv_open.o \
smbd/durable.o \
+ smbd/scavenger.o \
$(MANGLE_OBJ) @VFS_STATIC@
SMBD_OBJ_BASE = $(PARAM_WITHOUT_REG_OBJ) $(SMBD_OBJ_SRV) $(LIBSMB_OBJ) \
diff --git a/source3/autoconf/librpc/gen_ndr/messaging.h b/source3/autoconf/librpc/gen_ndr/messaging.h
index b082a39..e8f45b7 100644
--- a/source3/autoconf/librpc/gen_ndr/messaging.h
+++ b/source3/autoconf/librpc/gen_ndr/messaging.h
@@ -58,6 +58,7 @@ enum messaging_type
MSG_SMB_BRL_VALIDATE=(int)(0x0311),
MSG_SMB_CLOSE_FILE=(int)(0x0313),
MSG_SMB_NOTIFY_CLEANUP=(int)(0x0314),
+ MSG_SMB_SCAVENGER=(int)(0x0315),
MSG_WINBIND_FINISHED=(int)(0x0401),
MSG_WINBIND_FORGET_STATE=(int)(0x0402),
MSG_WINBIND_ONLINE=(int)(0x0403),
@@ -118,6 +119,7 @@ enum messaging_type
#define MSG_SMB_BRL_VALIDATE ( 0x0311 )
#define MSG_SMB_CLOSE_FILE ( 0x0313 )
#define MSG_SMB_NOTIFY_CLEANUP ( 0x0314 )
+#define MSG_SMB_SCAVENGER ( 0x0315 )
#define MSG_WINBIND_FINISHED ( 0x0401 )
#define MSG_WINBIND_FORGET_STATE ( 0x0402 )
#define MSG_WINBIND_ONLINE ( 0x0403 )
diff --git a/source3/autoconf/librpc/gen_ndr/ndr_messaging.c b/source3/autoconf/librpc/gen_ndr/ndr_messaging.c
index 60d004e..fa2d087 100644
--- a/source3/autoconf/librpc/gen_ndr/ndr_messaging.c
+++ b/source3/autoconf/librpc/gen_ndr/ndr_messaging.c
@@ -66,6 +66,7 @@ _PUBLIC_ void ndr_print_messaging_type(struct ndr_print *ndr, const char *name,
case MSG_SMB_BRL_VALIDATE: val = "MSG_SMB_BRL_VALIDATE"; break;
case MSG_SMB_CLOSE_FILE: val = "MSG_SMB_CLOSE_FILE"; break;
case MSG_SMB_NOTIFY_CLEANUP: val = "MSG_SMB_NOTIFY_CLEANUP"; break;
+ case MSG_SMB_SCAVENGER: val = "MSG_SMB_SCAVENGER"; break;
case MSG_WINBIND_FINISHED: val = "MSG_WINBIND_FINISHED"; break;
case MSG_WINBIND_FORGET_STATE: val = "MSG_WINBIND_FORGET_STATE"; break;
case MSG_WINBIND_ONLINE: val = "MSG_WINBIND_ONLINE"; break;
diff --git a/source3/autoconf/librpc/gen_ndr/ndr_security.c b/source3/autoconf/librpc/gen_ndr/ndr_security.c
index 55eefd7..f594657 100644
--- a/source3/autoconf/librpc/gen_ndr/ndr_security.c
+++ b/source3/autoconf/librpc/gen_ndr/ndr_security.c
@@ -1126,6 +1126,9 @@ _PUBLIC_ void ndr_print_security_secinfo(struct ndr_print *ndr, const char *name
ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "SECINFO_DACL", SECINFO_DACL, r);
ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "SECINFO_SACL", SECINFO_SACL, r);
ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "SECINFO_LABEL", SECINFO_LABEL, r);
+ ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "SECINFO_ATTRIBUTE", SECINFO_ATTRIBUTE, r);
+ ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "SECINFO_SCOPE", SECINFO_SCOPE, r);
+ ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "SECINFO_BACKUP", SECINFO_BACKUP, r);
ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "SECINFO_UNPROTECTED_SACL", SECINFO_UNPROTECTED_SACL, r);
ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "SECINFO_UNPROTECTED_DACL", SECINFO_UNPROTECTED_DACL, r);
ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "SECINFO_PROTECTED_SACL", SECINFO_PROTECTED_SACL, r);
diff --git a/source3/autoconf/librpc/gen_ndr/py_security.c b/source3/autoconf/librpc/gen_ndr/py_security.c
index ec01ddb..f1fc683 100644
--- a/source3/autoconf/librpc/gen_ndr/py_security.c
+++ b/source3/autoconf/librpc/gen_ndr/py_security.c
@@ -2120,6 +2120,7 @@ void initsecurity(void)
PyModule_AddObject(m, "SID_BUILTIN_RAS_SERVERS", PyString_FromString("S-1-5-32-553"));
PyModule_AddObject(m, "GUID_DRS_VALIDATE_SPN", PyString_FromString("f3a64788-5306-11d1-a9c5-0000f80367c1"));
PyModule_AddObject(m, "SID_NT_DIALUP", PyString_FromString("S-1-5-1"));
+ PyModule_AddObject(m, "SECINFO_BACKUP", PyInt_FromLong(SECINFO_BACKUP));
PyModule_AddObject(m, "SID_BUILTIN_DISTRIBUTED_COM_USERS", PyString_FromString("S-1-5-32-562"));
PyModule_AddObject(m, "BUILTIN_RID_BACKUP_OPERATORS", PyInt_FromLong(551));
PyModule_AddObject(m, "SEC_RIGHTS_FILE_READ", PyInt_FromLong(SEC_STD_READ_CONTROL|SEC_STD_SYNCHRONIZE|SEC_FILE_READ_DATA|SEC_FILE_READ_ATTRIBUTE|SEC_FILE_READ_EA));
@@ -2192,6 +2193,7 @@ void initsecurity(void)
PyModule_AddObject(m, "SID_NT_INTERACTIVE", PyString_FromString("S-1-5-4"));
PyModule_AddObject(m, "SID_BUILTIN_POWER_USERS", PyString_FromString("S-1-5-32-547"));
PyModule_AddObject(m, "BUILTIN_RID_CERT_SERV_DCOM_ACCESS", PyInt_FromLong(574));
+ PyModule_AddObject(m, "SECINFO_ATTRIBUTE", PyInt_FromLong(SECINFO_ATTRIBUTE));
PyModule_AddObject(m, "SEC_PRIV_INCREASE_BASE_PRIORITY", PyInt_FromLong(SEC_PRIV_INCREASE_BASE_PRIORITY));
PyModule_AddObject(m, "SEC_FILE_READ_EA", PyInt_FromLong(0x00000008));
PyModule_AddObject(m, "SID_WORLD_DOMAIN", PyString_FromString("S-1-1"));
@@ -2249,6 +2251,7 @@ void initsecurity(void)
PyModule_AddObject(m, "SID_NT_NETWORK", PyString_FromString("S-1-5-2"));
PyModule_AddObject(m, "SEC_DESC_SERVER_SECURITY", PyInt_FromLong(SEC_DESC_SERVER_SECURITY));
PyModule_AddObject(m, "BUILTIN_RID_USERS", PyInt_FromLong(545));
+ PyModule_AddObject(m, "SECINFO_SCOPE", PyInt_FromLong(SECINFO_SCOPE));
PyModule_AddObject(m, "SID_NT_THIS_ORGANISATION", PyString_FromString("S-1-5-15"));
PyModule_AddObject(m, "SEC_ADS_DELETE_TREE", PyInt_FromLong(0x00000040));
PyModule_AddObject(m, "GUID_DRS_REPL_SYNCRONIZE", PyString_FromString("1131f6ab-9c07-11d1-f79f-00c04fc2dcd2"));
diff --git a/source3/autoconf/librpc/gen_ndr/security.h b/source3/autoconf/librpc/gen_ndr/security.h
index 9fe5676..03e05ab 100644
--- a/source3/autoconf/librpc/gen_ndr/security.h
+++ b/source3/autoconf/librpc/gen_ndr/security.h
@@ -468,6 +468,9 @@ struct security_unix_token {
#define SECINFO_DACL ( 0x00000004 )
#define SECINFO_SACL ( 0x00000008 )
#define SECINFO_LABEL ( 0x00000010 )
+#define SECINFO_ATTRIBUTE ( 0x00000020 )
+#define SECINFO_SCOPE ( 0x00000040 )
+#define SECINFO_BACKUP ( 0x00010000 )
#define SECINFO_UNPROTECTED_SACL ( 0x10000000 )
#define SECINFO_UNPROTECTED_DACL ( 0x20000000 )
#define SECINFO_PROTECTED_SACL ( 0x40000000 )
diff --git a/source3/include/autoconf/version.h b/source3/include/autoconf/version.h
index 2c10150..e131369 100644
--- a/source3/include/autoconf/version.h
+++ b/source3/include/autoconf/version.h
@@ -1,8 +1,8 @@
/* Autogenerated by script/mkversion.sh */
#define SAMBA_VERSION_MAJOR 4
#define SAMBA_VERSION_MINOR 0
-#define SAMBA_VERSION_RELEASE 8
-#define SAMBA_VERSION_OFFICIAL_STRING "4.0.8"
+#define SAMBA_VERSION_RELEASE 9
+#define SAMBA_VERSION_OFFICIAL_STRING "4.0.9"
#ifdef SAMBA_VERSION_VENDOR_FUNCTION
# define SAMBA_VERSION_STRING SAMBA_VERSION_VENDOR_FUNCTION
#else /* SAMBA_VERSION_VENDOR_FUNCTION */
diff --git a/source3/include/passdb.h b/source3/include/passdb.h
index 908631d..5e5a7bf 100644
--- a/source3/include/passdb.h
+++ b/source3/include/passdb.h
@@ -412,9 +412,10 @@ enum pdb_policy_type {
* Changed to 18, pdb_rid_algorithm -> pdb_capabilities
* Changed to 19, removed uid_to_rid
* Changed to 20, pdb_secret calls
+ * Changed to 21, set/enum_upn_suffixes. AB.
*/
-#define PASSDB_INTERFACE_VERSION 20
+#define PASSDB_INTERFACE_VERSION 21
struct pdb_methods
{
@@ -614,6 +615,15 @@ struct pdb_methods
NTSTATUS (*delete_secret)(struct pdb_methods *methods,
const char *secret_name);
+ NTSTATUS (*enum_upn_suffixes)(struct pdb_methods *methods,
+ TALLOC_CTX *mem_ctx,
+ uint32_t *num_suffixes,
+ char ***suffixes);
+
+ NTSTATUS (*set_upn_suffixes)(struct pdb_methods *methods,
+ uint32_t num_suffixes,
+ const char **suffixes);
+
void *private_data; /* Private data of some kind */
void (*free_private_data)(void **);
@@ -911,6 +921,12 @@ NTSTATUS pdb_delete_secret(const char *secret_name);
bool pdb_sid_to_id_unix_users_and_groups(const struct dom_sid *sid,
struct unixid *id);
+NTSTATUS pdb_enum_upn_suffixes(TALLOC_CTX *mem_ctx,
+ uint32_t *num_suffixes,
+ char ***suffixes);
+
+NTSTATUS pdb_set_upn_suffixes(uint32_t num_suffixes,
+ const char **suffixes);
/* The following definitions come from passdb/pdb_util.c */
diff --git a/source3/include/proto.h b/source3/include/proto.h
index 6856dd7..5f34193 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -1612,6 +1612,8 @@ NTSTATUS copy_smb_filename(TALLOC_CTX *ctx,
struct smb_filename **smb_fname_out);
bool is_ntfs_stream_smb_fname(const struct smb_filename *smb_fname);
bool is_ntfs_default_stream_smb_fname(const struct smb_filename *smb_fname);
+bool is_invalid_windows_ea_name(const char *name);
+bool ea_list_has_invalid_name(struct ea_list *ea_list);
/* The following definitions come from lib/dummyroot.c */
diff --git a/source3/lib/conn_tdb.c b/source3/lib/conn_tdb.c
index a7e7cf0..b218831 100644
--- a/source3/lib/conn_tdb.c
+++ b/source3/lib/conn_tdb.c
@@ -53,8 +53,13 @@ static int collect_sessions_fn(struct smbXsrv_session_global0 *global,
uint32_t id = global->session_global_id;
struct connections_forall_session sess;
- sess.uid = global->auth_session_info->unix_token->uid;
- sess.gid = global->auth_session_info->unix_token->gid;
+ if (global->auth_session_info == NULL) {
+ sess.uid = -1;
+ sess.gid = -1;
+ } else {
+ sess.uid = global->auth_session_info->unix_token->uid;
+ sess.gid = global->auth_session_info->unix_token->gid;
+ }
strncpy(sess.machine, global->channels[0].remote_name, sizeof(sess.machine));
strncpy(sess.addr, global->channels[0].remote_address, sizeof(sess.addr));
@@ -86,6 +91,19 @@ static int traverse_tcon_fn(struct smbXsrv_tcon_global0 *global,
TDB_DATA val = tdb_null;
+ /*
+ * Note: that share_name is defined as array without a pointer.
+ * that's why it's always a valid pointer here.
+ */
+ if (strlen(global->share_name) == 0) {
+ /*
+ * when a smbXsrv_tcon is created it's created
+ * with emtpy share_name first in order to allocate
+ * an id, before filling in the details.
+ */
+ return 0;
+ }
+
status = dbwrap_fetch(state->session_by_pid, state,
make_tdb_data((void*)&sess_id, sizeof(sess_id)),
&val);
diff --git a/source3/lib/filename_util.c b/source3/lib/filename_util.c
index 9a6ab2b..89bd413 100644
--- a/source3/lib/filename_util.c
+++ b/source3/lib/filename_util.c
@@ -232,3 +232,37 @@ bool is_ntfs_default_stream_smb_fname(const struct smb_filename *smb_fname)
return strcasecmp_m(smb_fname->stream_name, "::$DATA") == 0;
}
+
+/****************************************************************************
+ Filter out Windows invalid EA names (list probed from Windows 2012).
+****************************************************************************/
+
+static char bad_ea_name_chars[] = "\"*+,/:;<=>?[\\]|";
+
+bool is_invalid_windows_ea_name(const char *name)
+{
+ int i;
+ /* EA name is pulled as ascii so we can examine
+ individual bytes here. */
+ for (i = 0; name[i] != 0; i++) {
+ int val = (name[i] & 0xff);
+ if (val < ' ' || strchr(bad_ea_name_chars, val)) {
+ return true;
+ }
+ }
+ return false;
+}
+
+bool ea_list_has_invalid_name(struct ea_list *ea_list)
+{
+ if (lp_posix_pathnames()) {
+ return false;
+ }
+
+ for (;ea_list; ea_list = ea_list->next) {
+ if (is_invalid_windows_ea_name(ea_list->ea.name)) {
+ return true;
+ }
+ }
+ return false;
+}
diff --git a/source3/lib/sessionid_tdb.c b/source3/lib/sessionid_tdb.c
index 045b3d2..7a19611 100644
--- a/source3/lib/sessionid_tdb.c
+++ b/source3/lib/sessionid_tdb.c
@@ -38,16 +38,21 @@ static int sessionid_traverse_read_fn(struct smbXsrv_session_global0 *global,
(struct sessionid_traverse_read_state *)private_data;
struct auth_session_info *session_info = global->auth_session_info;
struct sessionid session = {
- .uid = session_info->unix_token->uid,
- .gid = session_info->unix_token->gid,
+ .uid = -1,
+ .gid = -1,
.id_num = global->session_global_id,
.connect_start = nt_time_to_unix(global->creation_time),
.pid = global->channels[0].server_id,
};
- strncpy(session.username,
- session_info->unix_info->unix_name,
- sizeof(fstring)-1);
+ if (session_info != NULL) {
+ session.uid = session_info->unix_token->uid;
+ session.gid = session_info->unix_token->gid;
+ strncpy(session.username,
+ session_info->unix_info->unix_name,
+ sizeof(fstring)-1);
+ }
+
strncpy(session.remote_machine,
global->channels[0].remote_name,
sizeof(fstring)-1);
diff --git a/source3/libads/kerberos.c b/source3/libads/kerberos.c
index 50a409c..cac3474 100644
--- a/source3/libads/kerberos.c
+++ b/source3/libads/kerberos.c
@@ -838,6 +838,16 @@ bool create_local_private_krb5_conf_for_domain(const char *realm,
return false;
}
+ if (realm == NULL) {
+ DEBUG(0, ("No realm has been specified! Do you really want to "
+ "join an Active Directory server?\n"));
+ return false;
+ }
+
+ if (domain == NULL || pss == NULL || kdc_name == NULL) {
+ return false;
+ }
+
dname = lock_path("smb_krb5");
if (!dname) {
return false;
diff --git a/source3/librpc/idl/messaging.idl b/source3/librpc/idl/messaging.idl
index df1f321..c262889 100644
--- a/source3/librpc/idl/messaging.idl
+++ b/source3/librpc/idl/messaging.idl
@@ -87,6 +87,7 @@ interface messaging
/* Trigger a notify cleanup run */
MSG_SMB_NOTIFY_CLEANUP = 0x0314,
+ MSG_SMB_SCAVENGER = 0x0315,
/* winbind messages */
MSG_WINBIND_FINISHED = 0x0401,
diff --git a/source3/locking/brlock.c b/source3/locking/brlock.c
index b7abaa9..0654209 100644
--- a/source3/locking/brlock.c
+++ b/source3/locking/brlock.c
@@ -32,6 +32,7 @@
#include "dbwrap/dbwrap_open.h"
#include "serverid.h"
#include "messages.h"
+#include "util_tdb.h"
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_LOCKING
@@ -1595,7 +1596,11 @@ bool brl_reconnect_disconnected(struct files_struct *fsp)
return false;
}
- /* we want to validate ourself */
+ /*
+ * When reconnecting, we do not want to validate the brlock entries
+ * and thereby remove our own (disconnected) entries but reactivate
+ * them instead.
+ */
fsp->lockdb_clean = true;
br_lck = brl_get_locks(talloc_tos(), fsp);
@@ -1650,22 +1655,62 @@ bool brl_reconnect_disconnected(struct files_struct *fsp)
/****************************************************************************
Ensure this set of lock entries is valid.
****************************************************************************/
-static bool validate_lock_entries(unsigned int *pnum_entries, struct lock_struct **pplocks)
+static bool validate_lock_entries(unsigned int *pnum_entries, struct lock_struct **pplocks,
+ bool keep_disconnected)
{
unsigned int i;
unsigned int num_valid_entries = 0;
struct lock_struct *locks = *pplocks;
+ TALLOC_CTX *frame = talloc_stackframe();
+ struct server_id *ids;
+ bool *exists;
+
+ ids = talloc_array(frame, struct server_id, *pnum_entries);
+ if (ids == NULL) {
+ DEBUG(0, ("validate_lock_entries: "
+ "talloc_array(struct server_id, %u) failed\n",
+ *pnum_entries));
+ talloc_free(frame);
+ return false;
+ }
+
+ exists = talloc_array(frame, bool, *pnum_entries);
+ if (exists == NULL) {
+ DEBUG(0, ("validate_lock_entries: "
+ "talloc_array(bool, %u) failed\n",
+ *pnum_entries));
+ talloc_free(frame);
+ return false;
+ }
for (i = 0; i < *pnum_entries; i++) {
- struct lock_struct *lock_data = &locks[i];
- if (!serverid_exists(&lock_data->context.pid)) {
- /* This process no longer exists - mark this
- entry as invalid by zeroing it. */
- ZERO_STRUCTP(lock_data);
- } else {
+ ids[i] = locks[i].context.pid;
+ }
+
+ if (!serverids_exist(ids, *pnum_entries, exists)) {
+ DEBUG(3, ("validate_lock_entries: serverids_exists failed\n"));
+ talloc_free(frame);
+ return false;
+ }
+
+ for (i = 0; i < *pnum_entries; i++) {
+ if (exists[i]) {
num_valid_entries++;
+ continue;
}
+
+ if (keep_disconnected &&
+ server_id_is_disconnected(&ids[i]))
+ {
+ num_valid_entries++;
+ continue;
+ }
+
+ /* This process no longer exists - mark this
+ entry as invalid by zeroing it. */
+ ZERO_STRUCTP(&locks[i]);
}
+ TALLOC_FREE(frame);
if (num_valid_entries != *pnum_entries) {
struct lock_struct *new_lock_data = NULL;
@@ -1739,7 +1784,7 @@ static int brl_traverse_fn(struct db_record *rec, void *state)
/* Ensure the lock db is clean of entries from invalid processes. */
- if (!validate_lock_entries(&num_locks, &locks)) {
+ if (!validate_lock_entries(&num_locks, &locks, true)) {
SAFE_FREE(locks);
return -1; /* Terminate traversal */
}
@@ -1927,12 +1972,21 @@ static struct byte_range_lock *brl_get_locks_internal(TALLOC_CTX *mem_ctx,
if (!fsp->lockdb_clean) {
int orig_num_locks = br_lck->num_locks;
- /* This is the first time we've accessed this. */
- /* Go through and ensure all entries exist - remove any that don't. */
- /* Makes the lockdb self cleaning at low cost. */
+ /*
+ * This is the first time we access the byte range lock
+ * record with this fsp. Go through and ensure all entries
+ * are valid - remove any that don't.
+ * This makes the lockdb self cleaning at low cost.
+ *
+ * Note: Disconnected entries belong to disconnected
+ * durable handles. So at this point, we have a new
+ * handle on the file and the disconnected durable has
+ * already been closed (we are not a durable reconnect).
+ * So we need to clean the disconnected brl entry.
+ */
if (!validate_lock_entries(&br_lck->num_locks,
- &br_lck->lock_data)) {
+ &br_lck->lock_data, false)) {
SAFE_FREE(br_lck->lock_data);
TALLOC_FREE(br_lck);
return NULL;
@@ -2099,3 +2153,75 @@ void brl_revalidate(struct messaging_context *msg_ctx,
TALLOC_FREE(state);
return;
}
+
+bool brl_cleanup_disconnected(struct file_id fid, uint64_t open_persistent_id)
+{
+ bool ret = false;
+ TALLOC_CTX *frame = talloc_stackframe();
+ TDB_DATA key, val;
+ struct db_record *rec;
+ struct lock_struct *lock;
+ unsigned n, num;
+ NTSTATUS status;
+
+ key = make_tdb_data((void*)&fid, sizeof(fid));
+
+ rec = dbwrap_fetch_locked(brlock_db, frame, key);
+ if (rec == NULL) {
+ DEBUG(5, ("brl_cleanup_disconnected: failed to fetch record "
+ "for file %s\n", file_id_string(frame, &fid)));
+ goto done;
+ }
+
+ val = dbwrap_record_get_value(rec);
+ lock = (struct lock_struct*)val.dptr;
+ num = val.dsize / sizeof(struct lock_struct);
+ if (lock == NULL) {
+ DEBUG(10, ("brl_cleanup_disconnected: no byte range locks for "
+ "file %s\n", file_id_string(frame, &fid)));
+ ret = true;
+ goto done;
+ }
+
+ for (n=0; n<num; n++) {
+ struct lock_context *ctx = &lock[n].context;
+
+ if (!server_id_is_disconnected(&ctx->pid)) {
+ DEBUG(5, ("brl_cleanup_disconnected: byte range lock "
+ "%s used by server %s, do not cleanup\n",
+ file_id_string(frame, &fid),
+ server_id_str(frame, &ctx->pid)));
+ goto done;
+ }
+
+ if (ctx->smblctx != open_persistent_id) {
+ DEBUG(5, ("brl_cleanup_disconnected: byte range lock "
+ "%s expected smblctx %llu but found %llu"
+ ", do not cleanup\n",
+ file_id_string(frame, &fid),
+ (unsigned long long)open_persistent_id,
+ (unsigned long long)ctx->smblctx));
+ goto done;
+ }
+ }
+
+ status = dbwrap_record_delete(rec);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(5, ("brl_cleanup_disconnected: failed to delete record "
+ "for file %s from %s, open %llu: %s\n",
+ file_id_string(frame, &fid), dbwrap_name(brlock_db),
+ (unsigned long long)open_persistent_id,
+ nt_errstr(status)));
+ goto done;
+ }
+
+ DEBUG(10, ("brl_cleanup_disconnected: "
+ "file %s cleaned up %u entries from open %llu\n",
+ file_id_string(frame, &fid), num,
+ (unsigned long long)open_persistent_id));
+
+ ret = true;
+done:
+ talloc_free(frame);
+ return ret;
+}
diff --git a/source3/locking/proto.h b/source3/locking/proto.h
index c170c73..bb7255d 100644
--- a/source3/locking/proto.h
+++ b/source3/locking/proto.h
@@ -97,6 +97,7 @@ void brl_revalidate(struct messaging_context *msg_ctx,
uint32_t msg_type,
struct server_id server_id,
DATA_BLOB *data);
+bool brl_cleanup_disconnected(struct file_id fid, uint64_t open_persistent_id);
/* The following definitions come from locking/locking.c */
@@ -149,15 +150,15 @@ bool locking_init_readonly(void);
bool locking_end(void);
char *share_mode_str(TALLOC_CTX *ctx, int num, const struct share_mode_entry *e);
struct share_mode_lock *get_existing_share_mode_lock(TALLOC_CTX *mem_ctx,
- const struct file_id id);
+ struct file_id id);
struct share_mode_lock *get_share_mode_lock(
TALLOC_CTX *mem_ctx,
- const struct file_id id,
+ struct file_id id,
const char *servicepath,
const struct smb_filename *smb_fname,
const struct timespec *old_write_time);
struct share_mode_lock *fetch_share_mode_unlocked(TALLOC_CTX *mem_ctx,
- const struct file_id id);
+ struct file_id id);
bool rename_share_filename(struct messaging_context *msg_ctx,
struct share_mode_lock *lck,
const char *servicepath,
@@ -201,6 +202,9 @@ bool set_write_time(struct file_id fileid, struct timespec write_time);
int share_mode_forall(void (*fn)(const struct share_mode_entry *, const char *,
const char *, void *),
void *private_data);
+bool share_mode_cleanup_disconnected(struct file_id id,
+ uint64_t open_persistent_id);
+
/* The following definitions come from locking/posix.c */
diff --git a/source3/locking/share_mode_lock.c b/source3/locking/share_mode_lock.c
index a82c44e..266be65 100644
--- a/source3/locking/share_mode_lock.c
+++ b/source3/locking/share_mode_lock.c
@@ -104,10 +104,9 @@ bool locking_end(void)
Form a static locking key for a dev/inode pair.
******************************************************************/
-static TDB_DATA locking_key(const struct file_id *id, struct file_id *tmp)
+static TDB_DATA locking_key(const struct file_id *id)
{
- *tmp = *id;
- return make_tdb_data((const uint8_t *)tmp, sizeof(*tmp));
+ return make_tdb_data((const uint8_t *)id, sizeof(*id));
}
/*******************************************************************
@@ -133,7 +132,8 @@ static struct share_mode_data *parse_share_modes(TALLOC_CTX *mem_ctx,
ndr_err = ndr_pull_struct_blob(
&blob, d, d, (ndr_pull_flags_fn_t)ndr_pull_share_mode_data);
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
- DEBUG(1, ("ndr_pull_share_mode_lock failed\n"));
+ DEBUG(1, ("ndr_pull_share_mode_lock failed: %s\n",
+ ndr_errstr(ndr_err)));
goto fail;
}
@@ -286,15 +286,14 @@ fail:
********************************************************************/
static struct share_mode_lock *get_share_mode_lock_internal(
- TALLOC_CTX *mem_ctx, const struct file_id id,
+ TALLOC_CTX *mem_ctx, struct file_id id,
const char *servicepath, const struct smb_filename *smb_fname,
const struct timespec *old_write_time)
{
struct share_mode_lock *lck;
struct share_mode_data *d;
- struct file_id tmp;
struct db_record *rec;
- TDB_DATA key = locking_key(&id, &tmp);
+ TDB_DATA key = locking_key(&id);
TDB_DATA value;
rec = dbwrap_fetch_locked(lock_db, mem_ctx, key);
@@ -351,7 +350,7 @@ static int the_lock_destructor(struct share_mode_lock *l)
struct share_mode_lock *get_share_mode_lock(
TALLOC_CTX *mem_ctx,
- const struct file_id id,
+ struct file_id id,
const char *servicepath,
const struct smb_filename *smb_fname,
const struct timespec *old_write_time)
@@ -395,11 +394,10 @@ fail:
********************************************************************/
struct share_mode_lock *fetch_share_mode_unlocked(TALLOC_CTX *mem_ctx,
- const struct file_id id)
+ struct file_id id)
{
struct share_mode_lock *lck;
- struct file_id tmp;
- TDB_DATA key = locking_key(&id, &tmp);
+ TDB_DATA key = locking_key(&id);
TDB_DATA data;
NTSTATUS status;
@@ -502,3 +500,102 @@ int share_mode_forall(void (*fn)(const struct share_mode_entry *, const char *,
return count;
}
}
+
+bool share_mode_cleanup_disconnected(struct file_id fid,
+ uint64_t open_persistent_id)
+{
+ bool ret = false;
+ TALLOC_CTX *frame = talloc_stackframe();
+ unsigned n;
+ struct share_mode_data *data;
+ struct share_mode_lock *lck;
+ bool ok;
+
+ lck = get_existing_share_mode_lock(frame, fid);
+ if (lck == NULL) {
+ DEBUG(5, ("share_mode_cleanup_disconnected: "
+ "Could not fetch share mode entry for %s\n",
+ file_id_string(frame, &fid)));
+ goto done;
+ }
+ data = lck->data;
+
+ for (n=0; n < data->num_share_modes; n++) {
+ struct share_mode_entry *entry = &data->share_modes[n];
+
+ if (!server_id_is_disconnected(&entry->pid)) {
+ DEBUG(5, ("share_mode_cleanup_disconnected: "
+ "file (file-id='%s', servicepath='%s', "
+ "base_name='%s%s%s') "
+ "is used by server %s ==> do not cleanup\n",
+ file_id_string(frame, &fid),
+ data->servicepath,
+ data->base_name,
+ (data->stream_name == NULL)
+ ? "" : "', stream_name='",
+ (data->stream_name == NULL)
+ ? "" : data->stream_name,
+ server_id_str(frame, &entry->pid)));
+ goto done;
+ }
+ if (open_persistent_id != entry->share_file_id) {
+ DEBUG(5, ("share_mode_cleanup_disconnected: "
+ "entry for file "
+ "(file-id='%s', servicepath='%s', "
+ "base_name='%s%s%s') "
+ "has share_file_id %llu but expected %llu"
+ "==> do not cleanup\n",
+ file_id_string(frame, &fid),
+ data->servicepath,
+ data->base_name,
+ (data->stream_name == NULL)
+ ? "" : "', stream_name='",
+ (data->stream_name == NULL)
+ ? "" : data->stream_name,
+ (unsigned long long)entry->share_file_id,
+ (unsigned long long)open_persistent_id));
+ goto done;
+ }
+ }
+
+ ok = brl_cleanup_disconnected(fid, open_persistent_id);
+ if (!ok) {
+ DEBUG(10, ("share_mode_cleanup_disconnected: "
+ "failed to clean up byte range locks associated "
+ "with file (file-id='%s', servicepath='%s', "
+ "base_name='%s%s%s') and open_persistent_id %llu "
+ "==> do not cleanup\n",
+ file_id_string(frame, &fid),
+ data->servicepath,
+ data->base_name,
+ (data->stream_name == NULL)
+ ? "" : "', stream_name='",
+ (data->stream_name == NULL)
+ ? "" : data->stream_name,
+ (unsigned long long)open_persistent_id));
+ goto done;
+ }
+
+ DEBUG(10, ("share_mode_cleanup_disconnected: "
+ "cleaning up %u entries for file "
+ "(file-id='%s', servicepath='%s', "
+ "base_name='%s%s%s') "
+ "from open_persistent_id %llu\n",
+ data->num_share_modes,
+ file_id_string(frame, &fid),
+ data->servicepath,
+ data->base_name,
+ (data->stream_name == NULL)
+ ? "" : "', stream_name='",
+ (data->stream_name == NULL)
+ ? "" : data->stream_name,
+ (unsigned long long)open_persistent_id));
+
+ data->num_share_modes = 0;
+ data->modified = true;
+
+ ret = true;
+done:
+ talloc_free(frame);
+ return ret;
+}
diff --git a/source3/modules/vfs_gpfs.c b/source3/modules/vfs_gpfs.c
index a28d4a2..90c4375 100644
--- a/source3/modules/vfs_gpfs.c
+++ b/source3/modules/vfs_gpfs.c
@@ -107,7 +107,13 @@ static int vfs_gpfs_setlease(vfs_handle_struct *handle, files_struct *fsp,
START_PROFILE(syscall_linux_setlease);
if (config->leases) {
+ /*
+ * Ensure the lease owner is root to allow
+ * correct delivery of lease-break signals.
+ */
+ become_root();
ret = set_gpfs_lease(fsp->fh->fd,leasetype);
+ unbecome_root();
}
END_PROFILE(syscall_linux_setlease);
diff --git a/source3/modules/vfs_streams_xattr.c b/source3/modules/vfs_streams_xattr.c
index dd1135d..6650021 100644
--- a/source3/modules/vfs_streams_xattr.c
+++ b/source3/modules/vfs_streams_xattr.c
@@ -367,8 +367,8 @@ static int streams_xattr_open(vfs_handle_struct *handle,
int baseflags;
int hostfd = -1;
- DEBUG(10, ("streams_xattr_open called for %s\n",
- smb_fname_str_dbg(smb_fname)));
+ DEBUG(10, ("streams_xattr_open called for %s with flags 0x%x\n",
+ smb_fname_str_dbg(smb_fname), flags));
if (!is_ntfs_stream_smb_fname(smb_fname)) {
return SMB_VFS_NEXT_OPEN(handle, smb_fname, fsp, flags, mode);
@@ -452,40 +452,20 @@ static int streams_xattr_open(vfs_handle_struct *handle,
goto fail;
}
- if (!NT_STATUS_IS_OK(status)) {
+ if ((!NT_STATUS_IS_OK(status) && (flags & O_CREAT)) ||
+ (flags & O_TRUNC)) {
/*
- * The attribute does not exist
+ * The attribute does not exist or needs to be truncated
*/
- if (flags & O_CREAT) {
- /*
- * Darn, xattrs need at least 1 byte
- */
- char null = '\0';
+ /*
+ * Darn, xattrs need at least 1 byte
+ */
+ char null = '\0';
- DEBUG(10, ("creating attribute %s on file %s\n",
- xattr_name, smb_fname->base_name));
+ DEBUG(10, ("creating or truncating attribute %s on file %s\n",
+ xattr_name, smb_fname->base_name));
- if (fsp->base_fsp->fh->fd != -1) {
- if (SMB_VFS_FSETXATTR(
- fsp->base_fsp, xattr_name,
- &null, sizeof(null),
- flags & O_EXCL ? XATTR_CREATE : 0) == -1) {
- goto fail;
- }
- } else {
- if (SMB_VFS_SETXATTR(
- handle->conn, smb_fname->base_name,
- xattr_name, &null, sizeof(null),
- flags & O_EXCL ? XATTR_CREATE : 0) == -1) {
- goto fail;
- }
- }
- }
- }
-
- if (flags & O_TRUNC) {
- char null = '\0';
if (fsp->base_fsp->fh->fd != -1) {
if (SMB_VFS_FSETXATTR(
fsp->base_fsp, xattr_name,
@@ -532,6 +512,7 @@ static int streams_xattr_open(vfs_handle_struct *handle,
* BUGBUGBUG -- we would need to call fd_close_posix here, but
* we don't have a full fsp yet
*/
+ fsp->fh->fd = hostfd;
SMB_VFS_CLOSE(fsp);
}
diff --git a/source3/passdb/ABI/pdb-0.sigs b/source3/passdb/ABI/pdb-0.sigs
index 4108b9a..51810ef 100644
--- a/source3/passdb/ABI/pdb-0.sigs
+++ b/source3/passdb/ABI/pdb-0.sigs
@@ -112,6 +112,7 @@ pdb_enum_group_members: NTSTATUS (TALLOC_CTX *, const struct dom_sid *, uint32_t
pdb_enum_group_memberships: NTSTATUS (TALLOC_CTX *, struct samu *, struct dom_sid **, gid_t **, uint32_t *)
pdb_enum_trusted_domains: NTSTATUS (TALLOC_CTX *, uint32_t *, struct pdb_trusted_domain ***)
pdb_enum_trusteddoms: NTSTATUS (TALLOC_CTX *, uint32_t *, struct trustdom_info ***)
+pdb_enum_upn_suffixes: NTSTATUS (TALLOC_CTX *, uint32_t *, char ***)
pdb_find_backend_entry: struct pdb_init_function_entry *(const char *)
pdb_get_account_policy: bool (enum pdb_policy_type, uint32_t *)
pdb_get_acct_ctrl: uint32_t (const struct samu *)
@@ -230,6 +231,7 @@ pdb_set_trusted_domain: NTSTATUS (const char *, const struct pdb_trusted_domain
pdb_set_trusteddom_pw: bool (const char *, const char *, const struct dom_sid *)
pdb_set_unix_primary_group: NTSTATUS (TALLOC_CTX *, struct samu *)
pdb_set_unknown_6: bool (struct samu *, uint32_t, enum pdb_value_state)
+pdb_set_upn_suffixes: NTSTATUS (uint32_t, const char **)
pdb_set_user_sid: bool (struct samu *, const struct dom_sid *, enum pdb_value_state)
pdb_set_user_sid_from_rid: bool (struct samu *, uint32_t, enum pdb_value_state)
pdb_set_user_sid_from_string: bool (struct samu *, const char *, enum pdb_value_state)
diff --git a/source3/passdb/pdb_interface.c b/source3/passdb/pdb_interface.c
index 775f8a3..36dde6f 100644
--- a/source3/passdb/pdb_interface.c
+++ b/source3/passdb/pdb_interface.c
@@ -2340,6 +2340,39 @@ static struct pdb_domain_info *pdb_default_get_domain_info(
return NULL;
}
+/*****************************************************************
+ UPN suffixes
+ *****************************************************************/
+static NTSTATUS pdb_default_enum_upn_suffixes(struct pdb_methods *pdb,
+ TALLOC_CTX *mem_ctx,
+ uint32_t *num_suffixes,
+ char ***suffixes)
+{
+ return NT_STATUS_NOT_IMPLEMENTED;
+}
+
+static NTSTATUS pdb_default_set_upn_suffixes(struct pdb_methods *pdb,
+ uint32_t num_suffixes,
+ const char **suffixes)
+{
+ return NT_STATUS_NOT_IMPLEMENTED;
+}
+
+NTSTATUS pdb_enum_upn_suffixes(TALLOC_CTX *mem_ctx,
+ uint32_t *num_suffixes,
+ char ***suffixes)
+{
+ struct pdb_methods *pdb = pdb_get_methods();
+ return pdb->enum_upn_suffixes(pdb, mem_ctx, num_suffixes, suffixes);
+}
+
+NTSTATUS pdb_set_upn_suffixes(uint32_t num_suffixes,
+ const char **suffixes)
+{
+ struct pdb_methods *pdb = pdb_get_methods();
+ return pdb->set_upn_suffixes(pdb, num_suffixes, suffixes);
+}
+
/*******************************************************************
secret methods
*******************************************************************/
@@ -2487,5 +2520,8 @@ NTSTATUS make_pdb_method( struct pdb_methods **methods )
(*methods)->set_secret = pdb_default_set_secret;
(*methods)->delete_secret = pdb_default_delete_secret;
+ (*methods)->enum_upn_suffixes = pdb_default_enum_upn_suffixes;
+ (*methods)->set_upn_suffixes = pdb_default_set_upn_suffixes;
+
return NT_STATUS_OK;
}
diff --git a/source3/rpc_server/netlogon/srv_netlog_nt.c b/source3/rpc_server/netlogon/srv_netlog_nt.c
index 9b50655..c45f33f 100644
--- a/source3/rpc_server/netlogon/srv_netlog_nt.c
+++ b/source3/rpc_server/netlogon/srv_netlog_nt.c
@@ -2309,22 +2309,16 @@ NTSTATUS _netr_ServerTrustPasswordsGet(struct pipes_struct *p,
/****************************************************************
****************************************************************/
-WERROR _netr_DsRGetForestTrustInformation(struct pipes_struct *p,
- struct netr_DsRGetForestTrustInformation *r)
-{
- p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
- return WERR_NOT_SUPPORTED;
-}
-
-/****************************************************************
-****************************************************************/
-
static NTSTATUS fill_forest_trust_array(TALLOC_CTX *mem_ctx,
struct lsa_ForestTrustInformation *info)
{
struct lsa_ForestTrustRecord *e;
struct pdb_domain_info *dom_info;
struct lsa_ForestTrustDomainInfo *domain_info;
+ char **upn_suffixes = NULL;
+ uint32_t num_suffixes = 0;
+ uint32_t i = 0;
+ NTSTATUS status;
dom_info = pdb_get_domain_info(mem_ctx);
if (dom_info == NULL) {
@@ -2332,7 +2326,15 @@ static NTSTATUS fill_forest_trust_array(TALLOC_CTX *mem_ctx,
}
info->count = 2;
- info->entries = talloc_array(info, struct lsa_ForestTrustRecord *, 2);
+
+ become_root();
+ status = pdb_enum_upn_suffixes(info, &num_suffixes, &upn_suffixes);
+ unbecome_root();
+ if (NT_STATUS_IS_OK(status) && (num_suffixes > 0)) {
+ info->count += num_suffixes;
+ }
+
+ info->entries = talloc_array(info, struct lsa_ForestTrustRecord *, info->count);
if (info->entries == NULL) {
return NT_STATUS_NO_MEMORY;
}
@@ -2350,6 +2352,21 @@ static NTSTATUS fill_forest_trust_array(TALLOC_CTX *mem_ctx,
info->entries[0] = e;
+ if (num_suffixes > 0) {
+ for (i = 0; i < num_suffixes ; i++) {
+ e = talloc(info, struct lsa_ForestTrustRecord);
+ if (e == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ e->flags = 0;
+ e->type = LSA_FOREST_TRUST_TOP_LEVEL_NAME;
+ e->time = 0; /* so far always 0 in traces. */
+ e->forest_trust_data.top_level_name.string = upn_suffixes[i];
+ info->entries[1 + i] = e;
+ }
+ }
+
e = talloc(info, struct lsa_ForestTrustRecord);
if (e == NULL) {
return NT_STATUS_NO_MEMORY;
@@ -2368,12 +2385,76 @@ static NTSTATUS fill_forest_trust_array(TALLOC_CTX *mem_ctx,
domain_info->netbios_domain_name.string = talloc_steal(info,
dom_info->name);
- info->entries[1] = e;
+ info->entries[info->count - 1] = e;
return NT_STATUS_OK;
}
/****************************************************************
+****************************************************************/
+
+WERROR _netr_DsRGetForestTrustInformation(struct pipes_struct *p,
+ struct netr_DsRGetForestTrustInformation *r)
+{
+ NTSTATUS status;
+ struct lsa_ForestTrustInformation *info, **info_ptr;
+
+ if (!(p->pipe_bound && (p->auth.auth_type != DCERPC_AUTH_TYPE_NONE)
+ && (p->auth.auth_level != DCERPC_AUTH_LEVEL_NONE))) {
+ p->fault_state = DCERPC_FAULT_ACCESS_DENIED;
+ return WERR_ACCESS_DENIED;
+ }
+
+ if (r->in.flags & (~DS_GFTI_UPDATE_TDO)) {
+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
+ return WERR_INVALID_FLAGS;
+ }
+
+ if ((r->in.flags & DS_GFTI_UPDATE_TDO) && (lp_server_role() != ROLE_DOMAIN_PDC)) {
+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
+ return WERR_NERR_NOTPRIMARY;
+ }
+
+ if ((r->in.trusted_domain_name == NULL) && (r->in.flags & DS_GFTI_UPDATE_TDO)) {
+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
+ return WERR_INVALID_PARAMETER;
+ }
+
+ /* retrieve forest trust information and stop further processing */
+ if (r->in.trusted_domain_name == NULL) {
+ info_ptr = talloc(p->mem_ctx, struct lsa_ForestTrustInformation *);
+ if (info_ptr == NULL) {
+ p->fault_state = DCERPC_FAULT_CANT_PERFORM;
+ return WERR_NOMEM;
+ }
+ info = talloc_zero(info_ptr, struct lsa_ForestTrustInformation);
+ if (info == NULL) {
+ p->fault_state = DCERPC_FAULT_CANT_PERFORM;
+ return WERR_NOMEM;
+ }
+
+ /* Fill forest trust information and expand UPN suffixes list */
+ status = fill_forest_trust_array(p->mem_ctx, info);
+ if (!NT_STATUS_IS_OK(status)) {
+ p->fault_state = DCERPC_FAULT_CANT_PERFORM;
+ return WERR_NOMEM;
+ }
+
+ *info_ptr = info;
+ r->out.forest_trust_info = info_ptr;
+
+ return WERR_OK;
+
+ }
+
+ /* TODO: implement remaining parts of DsrGetForestTrustInformation (opnum 43)
+ * when trusted_domain_name is not NULL */
+
+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
+ return WERR_NOT_SUPPORTED;
+}
+
+/****************************************************************
_netr_GetForestTrustInformation
****************************************************************/
@@ -2417,6 +2498,7 @@ NTSTATUS _netr_GetForestTrustInformation(struct pipes_struct *p,
return NT_STATUS_NO_MEMORY;
}
+ /* Fill forest trust information, do expand UPN suffixes list */
status = fill_forest_trust_array(p->mem_ctx, info);
if (!NT_STATUS_IS_OK(status)) {
return status;
diff --git a/source3/smbd/blocking.c b/source3/smbd/blocking.c
index 95d6c33..100944c 100644
--- a/source3/smbd/blocking.c
+++ b/source3/smbd/blocking.c
@@ -563,7 +563,7 @@ static bool process_trans2(struct blocking_lock_record *blr)
SSVAL(params,0,0);
/* Fake up max_data_bytes here - we know it fits. */
- send_trans2_replies(blr->fsp->conn, blr->req, params, 2, NULL, 0, 0xffff);
+ send_trans2_replies(blr->fsp->conn, blr->req, NT_STATUS_OK, params, 2, NULL, 0, 0xffff);
return True;
}
diff --git a/source3/smbd/close.c b/source3/smbd/close.c
index 9b988e0..e5b1fb7 100644
--- a/source3/smbd/close.c
+++ b/source3/smbd/close.c
@@ -24,6 +24,7 @@
#include "printing.h"
#include "smbd/smbd.h"
#include "smbd/globals.h"
+#include "smbd/scavenger.h"
#include "fake_file.h"
#include "transfer_file.h"
#include "auth.h"
@@ -739,9 +740,12 @@ static NTSTATUS close_normal_file(struct smb_request *req, files_struct *fsp,
while (fsp->num_aio_requests != 0) {
/*
* The destructor of the req will remove
- * itself from the fsp
+ * itself from the fsp.
+ * Don't use TALLOC_FREE here, this will overwrite
+ * what the destructor just wrote into
+ * aio_requests[0].
*/
- TALLOC_FREE(fsp->aio_requests[0]);
+ talloc_free(fsp->aio_requests[0]);
}
}
@@ -769,10 +773,33 @@ static NTSTATUS close_normal_file(struct smb_request *req, files_struct *fsp,
fsp->op,
&new_cookie);
if (NT_STATUS_IS_OK(tmp)) {
+ struct timeval tv;
+ NTTIME now;
+
+ if (req != NULL) {
+ tv = req->request_time;
+ } else {
+ tv = timeval_current();
+ }
+ now = timeval_to_nttime(&tv);
+
data_blob_free(&fsp->op->global->backend_cookie);
fsp->op->global->backend_cookie = new_cookie;
- tmp = smbXsrv_open_update(fsp->op);
+ fsp->op->compat = NULL;
+ tmp = smbXsrv_open_close(fsp->op, now);
+ if (!NT_STATUS_IS_OK(tmp)) {
+ DEBUG(1, ("Failed to update smbXsrv_open "
+ "record when disconnecting durable "
+ "handle for file %s: %s - "
+ "proceeding with normal close\n",
+ fsp_str_dbg(fsp), nt_errstr(tmp)));
+ }
+ scavenger_schedule_disconnected(fsp);
+ } else {
+ DEBUG(1, ("Failed to disconnect durable handle for "
+ "file %s: %s - proceeding with normal "
+ "close\n", fsp_str_dbg(fsp), nt_errstr(tmp)));
}
if (!NT_STATUS_IS_OK(tmp)) {
is_durable = false;
@@ -785,6 +812,9 @@ static NTSTATUS close_normal_file(struct smb_request *req, files_struct *fsp,
* a durable handle and closed the underlying file.
* In all other cases, we proceed with a genuine close.
*/
+ DEBUG(10, ("%s disconnected durable handle for file %s\n",
+ conn->session_info->unix_info->unix_name,
+ fsp_str_dbg(fsp)));
file_free(req, fsp);
return NT_STATUS_OK;
}
diff --git a/source3/smbd/globals.h b/source3/smbd/globals.h
index 1182ae9..b1f69c8 100644
--- a/source3/smbd/globals.h
+++ b/source3/smbd/globals.h
@@ -457,6 +457,13 @@ NTSTATUS smb2srv_open_recreate(struct smbXsrv_connection *conn,
struct GUID create_guid,
NTTIME now,
struct smbXsrv_open **_open);
+struct smbXsrv_open_global0;
+NTSTATUS smbXsrv_open_global_traverse(
+ int (*fn)(struct smbXsrv_open_global0 *, void *),
+ void *private_data);
+
+NTSTATUS smbXsrv_open_cleanup(uint64_t persistent_id);
+
struct smbd_smb2_request {
struct smbd_smb2_request *prev, *next;
diff --git a/source3/smbd/nttrans.c b/source3/smbd/nttrans.c
index f70fb36..ee0deb8 100644
--- a/source3/smbd/nttrans.c
+++ b/source3/smbd/nttrans.c
@@ -889,13 +889,8 @@ NTSTATUS set_sd(files_struct *fsp, struct security_descriptor *psd,
/* Ensure we have at least one thing set. */
if ((security_info_sent & (SECINFO_OWNER|SECINFO_GROUP|SECINFO_DACL|SECINFO_SACL)) == 0) {
- if (security_info_sent & SECINFO_LABEL) {
- /* Only consider SECINFO_LABEL if no other
- bits are set. Just like W2K3 we don't
- store this. */
- return NT_STATUS_OK;
- }
- return NT_STATUS_INVALID_PARAMETER;
+ /* Just like W2K3 */
+ return NT_STATUS_OK;
}
/* Ensure we have the rights to do this. */
@@ -1102,6 +1097,43 @@ static void call_nt_transact_create(connection_struct *conn,
*/
create_options &= ~NTCREATEX_OPTIONS_MUST_IGNORE_MASK;
+ srvstr_get_path(ctx, params, req->flags2, &fname,
+ params+53, parameter_count-53,
+ STR_TERMINATE, &status);
+ if (!NT_STATUS_IS_OK(status)) {
+ reply_nterror(req, status);
+ goto out;
+ }
+
+ if (file_attributes & FILE_FLAG_POSIX_SEMANTICS) {
+ case_state = set_posix_case_semantics(ctx, conn);
+ if (!case_state) {
+ reply_nterror(req, NT_STATUS_NO_MEMORY);
+ goto out;
+ }
+ }
+
+ status = filename_convert(ctx,
+ conn,
+ req->flags2 & FLAGS2_DFS_PATHNAMES,
+ fname,
+ 0,
+ NULL,
+ &smb_fname);
+
+ TALLOC_FREE(case_state);
+
+ if (!NT_STATUS_IS_OK(status)) {
+ if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
+ reply_botherror(req,
+ NT_STATUS_PATH_NOT_COVERED,
+ ERRSRV, ERRbadpath);
+ goto out;
+ }
+ reply_nterror(req, status);
+ goto out;
+ }
+
/* Ensure the data_len is correct for the sd and ea values given. */
if ((ea_len + sd_len > data_count)
|| (ea_len > data_count) || (sd_len > data_count)
@@ -1152,43 +1184,26 @@ static void call_nt_transact_create(connection_struct *conn,
reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
goto out;
}
- }
- srvstr_get_path(ctx, params, req->flags2, &fname,
- params+53, parameter_count-53,
- STR_TERMINATE, &status);
- if (!NT_STATUS_IS_OK(status)) {
- reply_nterror(req, status);
- goto out;
- }
-
- if (file_attributes & FILE_FLAG_POSIX_SEMANTICS) {
- case_state = set_posix_case_semantics(ctx, conn);
- if (!case_state) {
- reply_nterror(req, NT_STATUS_NO_MEMORY);
- goto out;
- }
- }
-
- status = filename_convert(ctx,
- conn,
- req->flags2 & FLAGS2_DFS_PATHNAMES,
- fname,
- 0,
- NULL,
- &smb_fname);
-
- TALLOC_FREE(case_state);
+ if (ea_list_has_invalid_name(ea_list)) {
+ /* Realloc the size of parameters and data we will return */
+ if (flags & EXTENDED_RESPONSE_REQUIRED) {
+ /* Extended response is 32 more byyes. */
+ param_len = 101;
+ } else {
+ param_len = 69;
+ }
+ params = nttrans_realloc(ppparams, param_len);
+ if(params == NULL) {
+ reply_nterror(req, NT_STATUS_NO_MEMORY);
+ goto out;
+ }
- if (!NT_STATUS_IS_OK(status)) {
- if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
- reply_botherror(req,
- NT_STATUS_PATH_NOT_COVERED,
- ERRSRV, ERRbadpath);
+ memset(params, '\0', param_len);
+ send_nt_replies(conn, req, STATUS_INVALID_EA_NAME,
+ params, param_len, NULL, 0);
goto out;
}
- reply_nterror(req, status);
- goto out;
}
oplock_request = (flags & REQUEST_OPLOCK) ? EXCLUSIVE_OPLOCK : 0;
diff --git a/source3/smbd/oplock_linux.c b/source3/smbd/oplock_linux.c
index 7fa9b7c..dd772bf 100644
--- a/source3/smbd/oplock_linux.c
+++ b/source3/smbd/oplock_linux.c
@@ -75,26 +75,33 @@ int linux_set_lease_sighandler(int fd)
int linux_setlease(int fd, int leasetype)
{
int ret;
+ int saved_errno;
+
+ /*
+ * Ensure the lease owner is root to allow
+ * correct delivery of lease-break signals.
+ */
+
+ become_root();
/* First set the signal handler. */
if (linux_set_lease_sighandler(fd) == -1) {
- return -1;
+ saved_errno = errno;
+ ret = -1;
+ goto out;
}
ret = fcntl(fd, F_SETLEASE, leasetype);
- if (ret == -1 && errno == EACCES) {
- set_effective_capability(LEASE_CAPABILITY);
- /*
- * Bug 8974 - work around Linux kernel bug
- * https://bugzilla.kernel.org/show_bug.cgi?id=43336.
- * "fcntl(F_SETLEASE) resets signal number when
- * called multiple times"
- */
- if (linux_set_lease_sighandler(fd) == -1) {
- return -1;
- }
- ret = fcntl(fd, F_SETLEASE, leasetype);
+ if (ret == -1) {
+ saved_errno = errno;
}
+ out:
+
+ unbecome_root();
+
+ if (ret == -1) {
+ errno = saved_errno;
+ }
return ret;
}
diff --git a/source3/smbd/proto.h b/source3/smbd/proto.h
index 319e20e..b4f4501 100644
--- a/source3/smbd/proto.h
+++ b/source3/smbd/proto.h
@@ -1061,6 +1061,7 @@ NTSTATUS set_ea(connection_struct *conn, files_struct *fsp,
struct ea_list *read_ea_list_entry(TALLOC_CTX *ctx, const char *pdata, size_t data_size, size_t *pbytes_used);
void send_trans2_replies(connection_struct *conn,
struct smb_request *req,
+ NTSTATUS status,
const char *params,
int paramsize,
const char *pdata,
diff --git a/source3/smbd/scavenger.c b/source3/smbd/scavenger.c
new file mode 100644
index 0000000..fe4e56e
--- /dev/null
+++ b/source3/smbd/scavenger.c
@@ -0,0 +1,531 @@
+/*
+ Unix SMB/CIFS implementation.
+ smbd scavenger daemon
+
+ Copyright (C) Gregor Beck 2013
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+
+#include "messages.h"
+#include "serverid.h"
+#include "smbd/globals.h"
+#include "smbd/scavenger.h"
+#include "locking/proto.h"
+#include "lib/util/util_process.h"
+
+#undef DBGC_CLASS
+#define DBGC_CLASS DBGC_SCAVENGER
+
+struct smbd_scavenger_state {
+ struct tevent_context *ev;
+ struct messaging_context *msg;
+ struct server_id parent_id;
+ struct server_id *scavenger_id;
+ bool am_scavenger;
+};
+
+static struct smbd_scavenger_state *smbd_scavenger_state = NULL;
+
+struct scavenger_message {
+ struct file_id file_id;
+ uint64_t open_persistent_id;
+ NTTIME until;
+};
+
+static int smbd_scavenger_main(struct smbd_scavenger_state *state)
+{
+ DEBUG(10, ("scavenger: %s started, parent: %s\n",
+ server_id_str(talloc_tos(), state->scavenger_id),
+ server_id_str(talloc_tos(), &state->parent_id)));
+
+ while (true) {
+ TALLOC_CTX *frame = talloc_stackframe();
+ int ret;
+
+ ret = tevent_loop_once(state->ev);
+ if (ret != 0) {
+ DEBUG(2, ("tevent_loop_once failed: %s\n",
+ strerror(errno)));
+ TALLOC_FREE(frame);
+ return 1;
+ }
+
+ DEBUG(10, ("scavenger: %s event loop iteration\n",
+ server_id_str(talloc_tos(), state->scavenger_id)));
+ TALLOC_FREE(frame);
+ }
+
+ return 0;
+}
+
+static void smbd_scavenger_done(struct tevent_context *event_ctx, struct tevent_fd *fde,
+ uint16_t flags, void *private_data)
+{
+ struct smbd_scavenger_state *state = talloc_get_type_abort(
+ private_data, struct smbd_scavenger_state);
+
+ DEBUG(2, ("scavenger: %s died\n",
+ server_id_str(talloc_tos(), state->scavenger_id)));
+
+ TALLOC_FREE(state->scavenger_id);
+}
+
+static void smbd_scavenger_parent_dead(struct tevent_context *event_ctx,
+ struct tevent_fd *fde,
+ uint16_t flags, void *private_data)
+{
+ struct smbd_scavenger_state *state = talloc_get_type_abort(
+ private_data, struct smbd_scavenger_state);
+
+ DEBUG(2, ("scavenger: %s parent %s died\n",
+ server_id_str(talloc_tos(), state->scavenger_id),
+ server_id_str(talloc_tos(), &state->parent_id)));
+
+ exit_server("smbd_scavenger_parent_dead");
+}
+
+static void scavenger_sig_term_handler(struct tevent_context *ev,
+ struct tevent_signal *se,
+ int signum,
+ int count,
+ void *siginfo,
+ void *private_data)
+{
+ exit_server_cleanly("termination signal");
+}
+
+static void scavenger_setup_sig_term_handler(struct tevent_context *ev_ctx)
+{
+ struct tevent_signal *se;
+
+ se = tevent_add_signal(ev_ctx,
+ ev_ctx,
+ SIGTERM, 0,
+ scavenger_sig_term_handler,
+ NULL);
+ if (se == NULL) {
+ exit_server("failed to setup SIGTERM handler");
+ }
+}
+
+static bool smbd_scavenger_running(struct smbd_scavenger_state *state)
+{
+ if (state->scavenger_id == NULL) {
+ return false;
+ }
+
+ return serverid_exists(state->scavenger_id);
+}
+
+static int smbd_scavenger_server_id_destructor(struct server_id *id)
+{
+ serverid_deregister(*id);
+ return 0;
+}
+
+static bool scavenger_say_hello(int fd, struct server_id self)
+{
+ const uint8_t *msg = (const uint8_t *)&self;
+ size_t remaining = sizeof(self);
+ size_t ofs = 0;
+
+ while (remaining > 0) {
+ ssize_t ret;
+
+ ret = sys_write(fd, msg + ofs, remaining);
+ if (ret == -1) {
+ DEBUG(2, ("Failed to write to pipe: %s\n",
+ strerror(errno)));
+ return false;
+ }
+ remaining -= ret;
+ }
+
+ DEBUG(4, ("scavenger_say_hello: self[%s]\n",
+ server_id_str(talloc_tos(), &self)));
+ return true;
+}
+
+static bool scavenger_wait_hello(int fd, struct server_id *child)
+{
+ uint8_t *msg = (uint8_t *)child;
+ size_t remaining = sizeof(*child);
+ size_t ofs = 0;
+
+ while (remaining > 0) {
+ ssize_t ret;
+
+ ret = sys_read(fd, msg + ofs, remaining);
+ if (ret == -1) {
+ DEBUG(2, ("Failed to read from pipe: %s\n",
+ strerror(errno)));
+ return false;
+ }
+ remaining -= ret;
+ }
+
+ DEBUG(4, ("scavenger_say_hello: child[%s]\n",
+ server_id_str(talloc_tos(), child)));
+ return true;
+}
+
+static bool smbd_scavenger_start(struct smbd_scavenger_state *state)
+{
+ struct server_id self = messaging_server_id(state->msg);
+ struct tevent_fd *fde = NULL;
+ int fds[2];
+ int ret;
+ uint64_t unique_id;
+ bool ok;
+
+ SMB_ASSERT(server_id_equal(&state->parent_id, &self));
+
+ if (smbd_scavenger_running(state)) {
+ DEBUG(10, ("scavenger %s already running\n",
+ server_id_str(talloc_tos(),
+ state->scavenger_id)));
+ return true;
+ }
+
+ if (state->scavenger_id != NULL) {
+ DEBUG(10, ("scavenger zombie %s, cleaning up\n",
+ server_id_str(talloc_tos(),
+ state->scavenger_id)));
+ TALLOC_FREE(state->scavenger_id);
+ }
+
+ state->scavenger_id = talloc_zero(state, struct server_id);
+ if (state->scavenger_id == NULL) {
+ DEBUG(2, ("Out of memory\n"));
+ goto fail;
+ }
+ talloc_set_destructor(state->scavenger_id,
+ smbd_scavenger_server_id_destructor);
+
+ ret = socketpair(AF_UNIX, SOCK_STREAM, 0, fds);
+ if (ret == -1) {
+ DEBUG(2, ("socketpair failed: %s", strerror(errno)));
+ goto fail;
+ }
+
+ smb_set_close_on_exec(fds[0]);
+ smb_set_close_on_exec(fds[1]);
+
+ unique_id = serverid_get_random_unique_id();
+
+ ret = fork();
+ if (ret == -1) {
+ int err = errno;
+ close(fds[0]);
+ close(fds[1]);
+ DEBUG(0, ("fork failed: %s", strerror(err)));
+ goto fail;
+ }
+
+ if (ret == 0) {
+ /* child */
+
+ NTSTATUS status;
+
+ close(fds[0]);
+
+ am_parent = NULL;
+
+ set_my_unique_id(unique_id);
+
+ status = reinit_after_fork(state->msg, state->ev, true);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(2, ("reinit_after_fork failed: %s\n",
+ nt_errstr(status)));
+ exit_server("reinit_after_fork failed");
+ return false;
+ }
+
+ prctl_set_comment("smbd-scavenger");
+
+ state->am_scavenger = true;
+ *state->scavenger_id = messaging_server_id(state->msg);
+
+ scavenger_setup_sig_term_handler(state->ev);
+
+ serverid_register(*state->scavenger_id, FLAG_MSG_GENERAL);
+
+ ok = scavenger_say_hello(fds[1], *state->scavenger_id);
+ if (!ok) {
+ DEBUG(2, ("scavenger_say_hello failed\n"));
+ exit_server("scavenger_say_hello failed");
+ return false;
+ }
+
+ fde = tevent_add_fd(state->ev, state->scavenger_id,
+ fds[1], TEVENT_FD_READ,
+ smbd_scavenger_parent_dead, state);
+ if (fde == NULL) {
+ DEBUG(2, ("tevent_add_fd(smbd_scavenger_parent_dead) "
+ "failed\n"));
+ exit_server("tevent_add_fd(smbd_scavenger_parent_dead) "
+ "failed");
+ return false;
+ }
+ tevent_fd_set_auto_close(fde);
+
+ ret = smbd_scavenger_main(state);
+
+ DEBUG(10, ("scavenger ended: %d\n", ret));
+ exit_server_cleanly("scavenger ended");
+ return false;
+ }
+
+ /* parent */
+ close(fds[1]);
+
+ ok = scavenger_wait_hello(fds[0], state->scavenger_id);
+ if (!ok) {
+ close(fds[0]);
+ goto fail;
+ }
+
+ fde = tevent_add_fd(state->ev, state->scavenger_id,
+ fds[0], TEVENT_FD_READ,
+ smbd_scavenger_done, state);
+ if (fde == NULL) {
+ close(fds[0]);
+ goto fail;
+ }
+ tevent_fd_set_auto_close(fde);
+
+ return true;
+fail:
+ TALLOC_FREE(state->scavenger_id);
+ return false;
+}
+
+static void scavenger_add_timer(struct smbd_scavenger_state *state,
+ struct scavenger_message *msg);
+
+static void smbd_scavenger_msg(struct messaging_context *msg_ctx,
+ void *private_data,
+ uint32_t msg_type,
+ struct server_id src,
+ DATA_BLOB *data)
+{
+ struct smbd_scavenger_state *state =
+ talloc_get_type_abort(private_data,
+ struct smbd_scavenger_state);
+ TALLOC_CTX *frame = talloc_stackframe();
+ struct server_id self = messaging_server_id(msg_ctx);
+ struct scavenger_message *msg = NULL;
+
+ DEBUG(10, ("smbd_scavenger_msg: %s got message from %s\n",
+ server_id_str(talloc_tos(), &self),
+ server_id_str(talloc_tos(), &src)));
+
+ if (server_id_equal(&state->parent_id, &self)) {
+ NTSTATUS status;
+
+ if (!smbd_scavenger_running(state) &&
+ !smbd_scavenger_start(state))
+ {
+ DEBUG(2, ("Failed to start scavenger\n"));
+ goto done;
+ }
+ DEBUG(10, ("forwarding message to scavenger\n"));
+
+ status = messaging_send(msg_ctx,
+ *state->scavenger_id, msg_type, data);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(2, ("forwarding message to scavenger failed: "
+ "%s\n", nt_errstr(status)));
+ goto done;
+ }
+ goto done;
+ }
+
+ if (!state->am_scavenger) {
+ DEBUG(10, ("im not the scavenger: ignore message\n"));
+ goto done;
+ }
+
+ if (!server_id_equal(&state->parent_id, &src)) {
+ DEBUG(10, ("scavenger: ignore spurious message\n"));
+ goto done;
+ }
+
+ DEBUG(10, ("scavenger: got a message\n"));
+ msg = (struct scavenger_message*)data->data;
+ scavenger_add_timer(state, msg);
+done:
+ talloc_free(frame);
+}
+
+bool smbd_scavenger_init(TALLOC_CTX *mem_ctx,
+ struct messaging_context *msg,
+ struct tevent_context *ev)
+{
+ struct smbd_scavenger_state *state;
+ NTSTATUS status;
+
+ if (smbd_scavenger_state) {
+ DEBUG(10, ("smbd_scavenger_init called again\n"));
+ return true;
+ }
+
+ state = talloc_zero(mem_ctx, struct smbd_scavenger_state);
+ if (state == NULL) {
+ DEBUG(2, ("Out of memory\n"));
+ return false;
+ }
+
+ state->msg = msg;
+ state->ev = ev;
+ state->parent_id = messaging_server_id(msg);
+
+ status = messaging_register(msg, state, MSG_SMB_SCAVENGER,
+ smbd_scavenger_msg);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(2, ("failed to register message handler: %s\n",
+ nt_errstr(status)));
+ goto fail;
+ }
+
+ smbd_scavenger_state = state;
+ return true;
+fail:
+ talloc_free(state);
+ return false;
+}
+
+void scavenger_schedule_disconnected(struct files_struct *fsp)
+{
+ NTSTATUS status;
+ struct server_id self = messaging_server_id(fsp->conn->sconn->msg_ctx);
+ struct timeval disconnect_time, until;
+ uint64_t timeout_usec;
+ struct scavenger_message msg;
+ DATA_BLOB msg_blob;
+
+ nttime_to_timeval(&disconnect_time, fsp->op->global->disconnect_time);
+ timeout_usec = 1000 * fsp->op->global->durable_timeout_msec;
+ until = timeval_add(&disconnect_time,
+ timeout_usec / 1000000,
+ timeout_usec % 1000000);
+
+ ZERO_STRUCT(msg);
+ msg.file_id = fsp->file_id;
+ msg.open_persistent_id = fsp->op->global->open_persistent_id;
+ msg.until = timeval_to_nttime(&until);
+
+ DEBUG(10, ("smbd: %s mark file %s as disconnected at %s with timeout "
+ "at %s in %fs\n",
+ server_id_str(talloc_tos(), &self),
+ file_id_string_tos(&fsp->file_id),
+ timeval_string(talloc_tos(), &disconnect_time, true),
+ timeval_string(talloc_tos(), &until, true),
+ fsp->op->global->durable_timeout_msec/1000.0));
+
+ SMB_ASSERT(server_id_is_disconnected(&fsp->op->global->server_id));
+ SMB_ASSERT(!server_id_equal(&self, &smbd_scavenger_state->parent_id));
+ SMB_ASSERT(!smbd_scavenger_state->am_scavenger);
+
+ msg_blob = data_blob_const(&msg, sizeof(msg));
+ DEBUG(10, ("send message to scavenger\n"));
+
+ status = messaging_send(smbd_scavenger_state->msg,
+ smbd_scavenger_state->parent_id,
+ MSG_SMB_SCAVENGER,
+ &msg_blob);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(2, ("Failed to send message to parent smbd %s "
+ "from %s: %s\n",
+ server_id_str(talloc_tos(),
+ &smbd_scavenger_state->parent_id),
+ server_id_str(talloc_tos(), &self),
+ nt_errstr(status)));
+ }
+}
+
+struct scavenger_timer_context {
+ struct smbd_scavenger_state *state;
+ struct scavenger_message msg;
+};
+
+static void scavenger_timer(struct tevent_context *ev,
+ struct tevent_timer *te,
+ struct timeval t, void *data)
+{
+ struct scavenger_timer_context *ctx =
+ talloc_get_type_abort(data, struct scavenger_timer_context);
+ NTSTATUS status;
+ bool ok;
+
+ DEBUG(10, ("scavenger: do cleanup for file %s at %s\n",
+ file_id_string_tos(&ctx->msg.file_id),
+ timeval_string(talloc_tos(), &t, true)));
+
+ ok = share_mode_cleanup_disconnected(ctx->msg.file_id,
+ ctx->msg.open_persistent_id);
+ if (!ok) {
+ DEBUG(2, ("Failed to cleanup share modes and byte range locks "
+ "for file %s open %lu\n",
+ file_id_string_tos(&ctx->msg.file_id),
+ ctx->msg.open_persistent_id));
+ }
+
+ status = smbXsrv_open_cleanup(ctx->msg.open_persistent_id);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(2, ("Failed to cleanup open global for file %s open %lu:"
+ " %s\n", file_id_string_tos(&ctx->msg.file_id),
+ ctx->msg.open_persistent_id, nt_errstr(status)));
+ }
+}
+
+static void scavenger_add_timer(struct smbd_scavenger_state *state,
+ struct scavenger_message *msg)
+{
+ struct tevent_timer *te;
+ struct scavenger_timer_context *ctx;
+ struct timeval until;
+
+ nttime_to_timeval(&until, msg->until);
+
+ DEBUG(10, ("scavenger: schedule file %s for cleanup at %s\n",
+ file_id_string_tos(&msg->file_id),
+ timeval_string(talloc_tos(), &until, true)));
+
+ ctx = talloc_zero(state, struct scavenger_timer_context);
+ if (ctx == NULL) {
+ DEBUG(2, ("Failed to talloc_zero(scavenger_timer_context)\n"));
+ return;
+ }
+
+ ctx->state = state;
+ ctx->msg = *msg;
+
+ te = tevent_add_timer(state->ev,
+ state,
+ until,
+ scavenger_timer,
+ ctx);
+ if (te == NULL) {
+ DEBUG(2, ("Failed to add scavenger_timer event\n"));
+ talloc_free(ctx);
+ return;
+ }
+
+ /* delete context after handler was running */
+ talloc_steal(te, ctx);
+}
diff --git a/source3/smbd/scavenger.h b/source3/smbd/scavenger.h
new file mode 100644
index 0000000..966c80d
--- /dev/null
+++ b/source3/smbd/scavenger.h
@@ -0,0 +1,31 @@
+/*
+ Unix SMB/CIFS implementation.
+ smbd scavenger daemon
+
+ Copyright (C) Gregor Beck 2013
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#ifndef _SCAVENGER_H_
+#define _SCAVENGER_H_
+
+
+bool smbd_scavenger_init(TALLOC_CTX *mem_ctx,
+ struct messaging_context *msg,
+ struct tevent_context *ev);
+
+void scavenger_schedule_disconnected(struct files_struct *fsp);
+
+#endif
diff --git a/source3/smbd/server.c b/source3/smbd/server.c
index 7113eae..e9bf9c9 100644
--- a/source3/smbd/server.c
+++ b/source3/smbd/server.c
@@ -45,6 +45,7 @@
#include "lib/conn_tdb.h"
#include "../lib/util/pidfile.h"
#include "lib/smbd_shim.h"
+#include "scavenger.h"
struct smbd_open_socket;
struct smbd_child_pid;
@@ -1419,6 +1420,10 @@ extern void build_options(bool screen);
exit(1);
}
+ if (!smbd_scavenger_init(NULL, msg_ctx, ev_ctx)) {
+ exit(1);
+ }
+
if (!serverid_parent_init(ev_ctx)) {
exit(1);
}
diff --git a/source3/smbd/smb2_create.c b/source3/smbd/smb2_create.c
index ae0cdb3..edbd50f 100644
--- a/source3/smbd/smb2_create.c
+++ b/source3/smbd/smb2_create.c
@@ -583,6 +583,11 @@ static struct tevent_req *smbd_smb2_create_send(TALLOC_CTX *mem_ctx,
tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER);
return tevent_req_post(req, ev);
}
+
+ if (ea_list_has_invalid_name(ea_list)) {
+ tevent_req_nterror(req, STATUS_INVALID_EA_NAME);
+ return tevent_req_post(req, ev);
+ }
}
if (mxac) {
@@ -839,11 +844,10 @@ static struct tevent_req *smbd_smb2_create_send(TALLOC_CTX *mem_ctx,
op->status = NT_STATUS_OK;
op->global->disconnect_time = 0;
- status = smbXsrv_open_update(op);
- if (!NT_STATUS_IS_OK(status)) {
- tevent_req_nterror(req, status);
- return tevent_req_post(req, ev);
- }
+ /* save the timout for later update */
+ durable_timeout_msec = op->global->durable_timeout_msec;
+
+ update_open = true;
info = FILE_WAS_OPENED;
} else {
diff --git a/source3/smbd/smbXsrv_open.c b/source3/smbd/smbXsrv_open.c
index c1754e8..27dd50c 100644
--- a/source3/smbd/smbXsrv_open.c
+++ b/source3/smbd/smbXsrv_open.c
@@ -1078,6 +1078,7 @@ NTSTATUS smbXsrv_open_close(struct smbXsrv_open *op, NTTIME now)
op->db_rec = NULL;
if (op->compat) {
+ op->compat->op = NULL;
file_free(NULL, op->compat);
op->compat = NULL;
}
@@ -1276,3 +1277,175 @@ NTSTATUS smb2srv_open_recreate(struct smbXsrv_connection *conn,
*_open = op;
return NT_STATUS_OK;
}
+
+
+static NTSTATUS smbXsrv_open_global_parse_record(TALLOC_CTX *mem_ctx,
+ struct db_record *rec,
+ struct smbXsrv_open_global0 **global)
+{
+ TDB_DATA key = dbwrap_record_get_key(rec);
+ TDB_DATA val = dbwrap_record_get_value(rec);
+ DATA_BLOB blob = data_blob_const(val.dptr, val.dsize);
+ struct smbXsrv_open_globalB global_blob;
+ enum ndr_err_code ndr_err;
+ NTSTATUS status;
+ TALLOC_CTX *frame = talloc_stackframe();
+
+ ndr_err = ndr_pull_struct_blob(&blob, frame, &global_blob,
+ (ndr_pull_flags_fn_t)ndr_pull_smbXsrv_open_globalB);
+ if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+ DEBUG(1,("Invalid record in smbXsrv_open_global.tdb:"
+ "key '%s' ndr_pull_struct_blob - %s\n",
+ hex_encode_talloc(frame, key.dptr, key.dsize),
+ ndr_errstr(ndr_err)));
+ status = ndr_map_error2ntstatus(ndr_err);
+ goto done;
+ }
+
+ if (global_blob.version != SMBXSRV_VERSION_0) {
+ status = NT_STATUS_INTERNAL_DB_CORRUPTION;
+ DEBUG(1,("Invalid record in smbXsrv_open_global.tdb:"
+ "key '%s' unsuported version - %d - %s\n",
+ hex_encode_talloc(frame, key.dptr, key.dsize),
+ (int)global_blob.version,
+ nt_errstr(status)));
+ goto done;
+ }
+
+ *global = talloc_move(mem_ctx, &global_blob.info.info0);
+ status = NT_STATUS_OK;
+done:
+ talloc_free(frame);
+ return status;
+}
+
+struct smbXsrv_open_global_traverse_state {
+ int (*fn)(struct smbXsrv_open_global0 *, void *);
+ void *private_data;
+};
+
+static int smbXsrv_open_global_traverse_fn(struct db_record *rec, void *data)
+{
+ struct smbXsrv_open_global_traverse_state *state =
+ (struct smbXsrv_open_global_traverse_state*)data;
+ struct smbXsrv_open_global0 *global = NULL;
+ NTSTATUS status;
+ int ret = -1;
+
+ status = smbXsrv_open_global_parse_record(talloc_tos(), rec, &global);
+ if (!NT_STATUS_IS_OK(status)) {
+ return -1;
+ }
+
+ global->db_rec = rec;
+ ret = state->fn(global, state->private_data);
+ talloc_free(global);
+ return ret;
+}
+
+NTSTATUS smbXsrv_open_global_traverse(
+ int (*fn)(struct smbXsrv_open_global0 *, void *),
+ void *private_data)
+{
+
+ NTSTATUS status;
+ int count = 0;
+ struct smbXsrv_open_global_traverse_state state = {
+ .fn = fn,
+ .private_data = private_data,
+ };
+
+ become_root();
+ status = smbXsrv_open_global_init();
+ if (!NT_STATUS_IS_OK(status)) {
+ unbecome_root();
+ DEBUG(0, ("Failed to initialize open_global: %s\n",
+ nt_errstr(status)));
+ return status;
+ }
+
+ status = dbwrap_traverse_read(smbXsrv_open_global_db_ctx,
+ smbXsrv_open_global_traverse_fn,
+ &state,
+ &count);
+ unbecome_root();
+
+ return status;
+}
+
+NTSTATUS smbXsrv_open_cleanup(uint64_t persistent_id)
+{
+ NTSTATUS status;
+ TALLOC_CTX *frame = talloc_stackframe();
+ struct smbXsrv_open_global0 *op = NULL;
+ uint8_t key_buf[SMBXSRV_OPEN_GLOBAL_TDB_KEY_SIZE];
+ TDB_DATA key;
+ struct db_record *rec;
+ bool delete_open = false;
+ uint32_t global_id = persistent_id & UINT32_MAX;
+
+ key = smbXsrv_open_global_id_to_key(global_id, key_buf);
+ rec = dbwrap_fetch_locked(smbXsrv_open_global_db_ctx, frame, key);
+ if (rec == NULL) {
+ status = NT_STATUS_NOT_FOUND;
+ DEBUG(1, ("smbXsrv_open_cleanup[global: 0x%08x] "
+ "failed to fetch record from %s - %s\n",
+ global_id, dbwrap_name(smbXsrv_open_global_db_ctx),
+ nt_errstr(status)));
+ goto done;
+ }
+
+ status = smbXsrv_open_global_parse_record(talloc_tos(), rec, &op);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(1, ("smbXsrv_open_cleanup[global: 0x%08x] "
+ "failed to read record: %s\n",
+ global_id, nt_errstr(status)));
+ goto done;
+ }
+
+ if (server_id_is_disconnected(&op->server_id)) {
+ struct timeval now, disconnect_time;
+ int64_t tdiff;
+ now = timeval_current();
+ nttime_to_timeval(&disconnect_time, op->disconnect_time);
+ tdiff = usec_time_diff(&now, &disconnect_time);
+ delete_open = (tdiff >= 1000*op->durable_timeout_msec);
+
+ DEBUG(10, ("smbXsrv_open_cleanup[global: 0x%08x] "
+ "disconnected at [%s] %us ago with "
+ "timeout of %us -%s reached\n",
+ global_id,
+ nt_time_string(frame, op->disconnect_time),
+ (unsigned)(tdiff/1000000),
+ op->durable_timeout_msec / 1000,
+ delete_open ? "" : " not"));
+ } else if (!serverid_exists(&op->server_id)) {
+ DEBUG(10, ("smbXsrv_open_cleanup[global: 0x%08x] "
+ "server[%s] does not exist\n",
+ global_id, server_id_str(frame, &op->server_id)));
+ delete_open = true;
+ }
+
+ if (!delete_open) {
+ goto done;
+ }
+
+ status = dbwrap_record_delete(rec);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(1, ("smbXsrv_open_cleanup[global: 0x%08x] "
+ "failed to delete record"
+ "from %s: %s\n", global_id,
+ dbwrap_name(smbXsrv_open_global_db_ctx),
+ nt_errstr(status)));
+ goto done;
+ }
+
+ DEBUG(10, ("smbXsrv_open_cleanup[global: 0x%08x] "
+ "delete record from %s\n",
+ global_id,
+ dbwrap_name(smbXsrv_open_global_db_ctx)));
+
+done:
+ talloc_free(frame);
+ return status;
+}
diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c
index c129946..6500040 100644
--- a/source3/smbd/trans2.c
+++ b/source3/smbd/trans2.c
@@ -344,6 +344,15 @@ static NTSTATUS get_ea_list_from_file_path(TALLOC_CTX *mem_ctx, connection_struc
|| samba_private_attr_name(names[i]))
continue;
+ /*
+ * Filter out any underlying POSIX EA names
+ * that a Windows client can't handle.
+ */
+ if (!lp_posix_pathnames() &&
+ is_invalid_windows_ea_name(names[i])) {
+ continue;
+ }
+
listp = talloc(mem_ctx, struct ea_list);
if (listp == NULL) {
return NT_STATUS_NO_MEMORY;
@@ -622,6 +631,15 @@ NTSTATUS set_ea(connection_struct *conn, files_struct *fsp,
return NT_STATUS_INVALID_PARAMETER;
}
+ /*
+ * Filter out invalid Windows EA names - before
+ * we set *any* of them.
+ */
+
+ if (ea_list_has_invalid_name(ea_list)) {
+ return STATUS_INVALID_EA_NAME;
+ }
+
fname = smb_fname->base_name;
for (;ea_list; ea_list = ea_list->next) {
@@ -877,6 +895,7 @@ static struct ea_list *ea_list_union(struct ea_list *name_list, struct ea_list *
void send_trans2_replies(connection_struct *conn,
struct smb_request *req,
+ NTSTATUS status,
const char *params,
int paramsize,
const char *pdata,
@@ -917,6 +936,14 @@ void send_trans2_replies(connection_struct *conn,
if(params_to_send == 0 && data_to_send == 0) {
reply_outbuf(req, 10, 0);
+ if (NT_STATUS_V(status)) {
+ uint8_t eclass;
+ uint32_t ecode;
+ ntstatus_to_dos(status, &eclass, &ecode);
+ error_packet_set((char *)req->outbuf,
+ eclass, ecode, status,
+ __LINE__,__FILE__);
+ }
show_msg((char *)req->outbuf);
if (!srv_send_smb(sconn,
(char *)req->outbuf,
@@ -1047,6 +1074,13 @@ void send_trans2_replies(connection_struct *conn,
ERRDOS,ERRbufferoverflow,
STATUS_BUFFER_OVERFLOW,
__LINE__,__FILE__);
+ } else if (NT_STATUS_V(status)) {
+ uint8_t eclass;
+ uint32_t ecode;
+ ntstatus_to_dos(status, &eclass, &ecode);
+ error_packet_set((char *)req->outbuf,
+ eclass, ecode, status,
+ __LINE__,__FILE__);
}
/* Send the packet */
@@ -1218,6 +1252,20 @@ static void call_trans2open(connection_struct *conn,
reply_nterror(req, NT_STATUS_EAS_NOT_SUPPORTED);
goto out;
}
+
+ if (ea_list_has_invalid_name(ea_list)) {
+ int param_len = 30;
+ *pparams = (char *)SMB_REALLOC(*pparams, param_len);
+ if(*pparams == NULL ) {
+ reply_nterror(req, NT_STATUS_NO_MEMORY);
+ goto out;
+ }
+ params = *pparams;
+ memset(params, '\0', param_len);
+ send_trans2_replies(conn, req, STATUS_INVALID_EA_NAME,
+ params, param_len, NULL, 0, max_data_bytes);
+ goto out;
+ }
}
status = SMB_VFS_CREATE_FILE(
@@ -1293,7 +1341,7 @@ static void call_trans2open(connection_struct *conn,
}
/* Send the required number of replies */
- send_trans2_replies(conn, req, params, 30, *ppdata, 0, max_data_bytes);
+ send_trans2_replies(conn, req, NT_STATUS_OK, params, 30, *ppdata, 0, max_data_bytes);
out:
TALLOC_FREE(smb_fname);
}
@@ -2657,7 +2705,7 @@ total_data=%u (should be %u)\n", (unsigned int)total_data, (unsigned int)IVAL(pd
SSVAL(params,6,0); /* Never an EA error */
SSVAL(params,8,last_entry_off);
- send_trans2_replies(conn, req, params, 10, pdata, PTR_DIFF(p,pdata),
+ send_trans2_replies(conn, req, NT_STATUS_OK, params, 10, pdata, PTR_DIFF(p,pdata),
max_data_bytes);
if ((! *directory) && dptr_path(sconn, dptr_num)) {
@@ -3008,7 +3056,7 @@ total_data=%u (should be %u)\n", (unsigned int)total_data, (unsigned int)IVAL(pd
SSVAL(params,4,0); /* Never an EA error */
SSVAL(params,6,last_entry_off);
- send_trans2_replies(conn, req, params, 8, pdata, PTR_DIFF(p,pdata),
+ send_trans2_replies(conn, req, NT_STATUS_OK, params, 8, pdata, PTR_DIFF(p,pdata),
max_data_bytes);
return;
@@ -3652,7 +3700,7 @@ static void call_trans2qfsinfo(connection_struct *conn,
return;
}
- send_trans2_replies(conn, req, params, 0, *ppdata, data_len,
+ send_trans2_replies(conn, req, NT_STATUS_OK, params, 0, *ppdata, data_len,
max_data_bytes);
DEBUG( 4, ( "%s info_level = %d\n",
@@ -3808,6 +3856,7 @@ static void call_trans2setfsinfo(connection_struct *conn,
}
send_trans2_replies(conn, req,
+ NT_STATUS_OK,
*pparams,
param_len,
*ppdata,
@@ -4340,7 +4389,7 @@ static void call_trans2qpipeinfo(connection_struct *conn,
return;
}
- send_trans2_replies(conn, req, params, param_size, *ppdata, data_size,
+ send_trans2_replies(conn, req, NT_STATUS_OK, params, param_size, *ppdata, data_size,
max_data_bytes);
return;
@@ -5545,7 +5594,7 @@ total_data=%u (should be %u)\n", (unsigned int)total_data, (unsigned int)IVAL(pd
return;
}
- send_trans2_replies(conn, req, params, param_size, *ppdata, data_size,
+ send_trans2_replies(conn, req, NT_STATUS_OK, params, param_size, *ppdata, data_size,
max_data_bytes);
return;
@@ -8110,7 +8159,7 @@ static void call_trans2setfilepathinfo(connection_struct *conn,
fsp_str_dbg(fsp)));
SSVAL(params,0,0);
- send_trans2_replies(conn, req, params, 2,
+ send_trans2_replies(conn, req, NT_STATUS_OK, params, 2,
*ppdata, 0,
max_data_bytes);
return;
@@ -8233,11 +8282,20 @@ static void call_trans2setfilepathinfo(connection_struct *conn,
return;
}
- reply_nterror(req, status);
+ /*
+ * Invalid EA name needs to return 2 param bytes,
+ * not a zero-length error packet.
+ */
+ if (NT_STATUS_EQUAL(status, STATUS_INVALID_EA_NAME)) {
+ send_trans2_replies(conn, req, status, params, 2, NULL, 0,
+ max_data_bytes);
+ } else {
+ reply_nterror(req, status);
+ }
return;
}
- send_trans2_replies(conn, req, params, 2, *ppdata, data_return_size,
+ send_trans2_replies(conn, req, NT_STATUS_OK, params, 2, *ppdata, data_return_size,
max_data_bytes);
return;
@@ -8362,7 +8420,7 @@ static void call_trans2mkdir(connection_struct *conn, struct smb_request *req,
SSVAL(params,0,0);
- send_trans2_replies(conn, req, params, 2, *ppdata, 0, max_data_bytes);
+ send_trans2_replies(conn, req, NT_STATUS_OK, params, 2, *ppdata, 0, max_data_bytes);
out:
TALLOC_FREE(smb_dname);
@@ -8417,7 +8475,7 @@ static void call_trans2findnotifyfirst(connection_struct *conn,
if(fnf_handle == 0)
fnf_handle = 257;
- send_trans2_replies(conn, req, params, 6, *ppdata, 0, max_data_bytes);
+ send_trans2_replies(conn, req, NT_STATUS_OK, params, 6, *ppdata, 0, max_data_bytes);
return;
}
@@ -8448,7 +8506,7 @@ static void call_trans2findnotifynext(connection_struct *conn,
SSVAL(params,0,0); /* No changes */
SSVAL(params,2,0); /* No EA errors */
- send_trans2_replies(conn, req, params, 4, *ppdata, 0, max_data_bytes);
+ send_trans2_replies(conn, req, NT_STATUS_OK, params, 4, *ppdata, 0, max_data_bytes);
return;
}
@@ -8498,7 +8556,7 @@ static void call_trans2getdfsreferral(connection_struct *conn,
SSVAL((discard_const_p(uint8_t, req->inbuf)), smb_flg2,
SVAL(req->inbuf,smb_flg2) | FLAGS2_DFS_PATHNAMES);
- send_trans2_replies(conn, req,0,0,*ppdata,reply_size, max_data_bytes);
+ send_trans2_replies(conn, req, NT_STATUS_OK, 0,0,*ppdata,reply_size, max_data_bytes);
return;
}
@@ -8547,7 +8605,7 @@ static void call_trans2ioctl(connection_struct *conn,
srvstr_push(pdata, req->flags2, pdata+18,
lp_servicename(talloc_tos(), SNUM(conn)), 13,
STR_ASCII|STR_TERMINATE); /* Service name */
- send_trans2_replies(conn, req, *pparams, 0, *ppdata, 32,
+ send_trans2_replies(conn, req, NT_STATUS_OK, *pparams, 0, *ppdata, 32,
max_data_bytes);
return;
}
diff --git a/source3/utils/status.c b/source3/utils/status.c
index 0cb46a5..4e823da 100644
--- a/source3/utils/status.c
+++ b/source3/utils/status.c
@@ -277,13 +277,29 @@ static int traverse_sessionid(const char *key, struct sessionid *session,
Ucrit_addPid(session->pid);
- fstr_sprintf(uid_str, "%u", (unsigned int)session->uid);
- fstr_sprintf(gid_str, "%u", (unsigned int)session->gid);
+ fstrcpy(uid_str, "-1");
+
+ if (session->uid != -1) {
+ if (numeric_only) {
+ fstr_sprintf(uid_str, "%u", (unsigned int)session->uid);
+ } else {
+ fstrcpy(uid_str, uidtoname(session->uid));
+ }
+ }
+
+ fstrcpy(gid_str, "-1");
+
+ if (session->gid != -1) {
+ if (numeric_only) {
+ fstr_sprintf(gid_str, "%u", (unsigned int)session->gid);
+ } else {
+ fstrcpy(gid_str, gidtoname(session->gid));
+ }
+ }
d_printf("%-7s %-12s %-12s %-12s (%s)\n",
procid_str_static(&session->pid),
- numeric_only ? uid_str : uidtoname(session->uid),
- numeric_only ? gid_str : gidtoname(session->gid),
+ uid_str, gid_str,
session->remote_machine, session->hostname);
return 0;
diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winbindd_pam.c
index b23d421..6fbad72 100644
--- a/source3/winbindd/winbindd_pam.c
+++ b/source3/winbindd/winbindd_pam.c
@@ -492,6 +492,29 @@ static const char *generate_krb5_ccache(TALLOC_CTX *mem_ctx,
gen_cc = talloc_asprintf(
mem_ctx, "WRFILE:/tmp/krb5cc_%d", uid);
}
+ if (strequal(type, "DIR")) {
+ gen_cc = talloc_asprintf(
+ mem_ctx, "DIR:/run/user/%d/krb5cc", uid);
+ }
+
+ if (strnequal(type, "FILE:/", 6) ||
+ strnequal(type, "WRFILE:/", 8) ||
+ strnequal(type, "DIR:/", 5)) {
+
+ /* we allow only one "%u" substitution */
+
+ char *p;
+
+ p = strchr(type, '%');
+ if (p != NULL) {
+
+ p++;
+
+ if (p != NULL && *p == 'u' && strchr(p, '%') == NULL) {
+ gen_cc = talloc_asprintf(mem_ctx, type, uid);
+ }
+ }
+ }
}
*user_ccache_file = gen_cc;
@@ -677,6 +700,14 @@ static NTSTATUS winbindd_raw_kerberos_login(TALLOC_CTX *mem_ctx,
return NT_STATUS_OK;
failed:
+ /*
+ * Do not delete an existing valid credential cache, if the user
+ * e.g. enters a wrong password
+ */
+ if ((strequal(krb5_cc_type, "FILE") || strequal(krb5_cc_type, "WRFILE"))
+ && user_ccache_file != NULL) {
+ return result;
+ }
/* we could have created a new credential cache with a valid tgt in it
* but we werent able to get or verify the service ticket for this
diff --git a/source3/wscript_build b/source3/wscript_build
index 55d8bbd..9997194 100755
--- a/source3/wscript_build
+++ b/source3/wscript_build
@@ -382,6 +382,7 @@ SMBD_SRC_SRV = '''smbd/server_reload.c smbd/files.c smbd/connection.c
smbd/smbXsrv_open.c
smbd/server_exit.c
smbd/durable.c
+ smbd/scavenger.c
${MANGLE_SRC}'''
SMBD_SRC_BASE = '''${SMBD_SRC_SRV}
@@ -716,6 +717,7 @@ ldapsam_pdb_match = ['!priv2ld', '!smbldap_search_domain_info',
'!get_attr_list']
private_pdb_match.append('!pdb_nds_*')
private_pdb_match.append('!pdb_init_ldapsam')
+private_pdb_match.append('!pdb_ldapsam_init*')
private_pdb_match = private_pdb_match + ldapsam_pdb_match
private_pdb_match = private_pdb_match + map(lambda x: '!pdb_%s_init' % x, static_pdb_match)
diff --git a/source4/dsdb/samdb/ldb_modules/ridalloc.c b/source4/dsdb/samdb/ldb_modules/ridalloc.c
index d0266ed..3b4f73d 100644
--- a/source4/dsdb/samdb/ldb_modules/ridalloc.c
+++ b/source4/dsdb/samdb/ldb_modules/ridalloc.c
@@ -605,7 +605,8 @@ int ridalloc_allocate_rid(struct ldb_module *module, uint32_t *rid, struct ldb_r
/*
* if we are half-exhausted then try to get a new pool.
*/
- if (nridset.next_rid > (prev_pool_hi + prev_pool_lo)/2) {
+ if (nridset.next_rid > (prev_pool_hi + prev_pool_lo)/2 &&
+ nridset.alloc_pool == nridset.prev_pool) {
/*
* if we are the RID Manager,
* we can get a new pool localy.
diff --git a/source4/lib/socket/socket_unix.c b/source4/lib/socket/socket_unix.c
index 0774b12..6876e39 100644
--- a/source4/lib/socket/socket_unix.c
+++ b/source4/lib/socket/socket_unix.c
@@ -323,7 +323,7 @@ static char *unixdom_get_peer_name(struct socket_context *sock, TALLOC_CTX *mem_
static struct socket_address *unixdom_get_peer_addr(struct socket_context *sock, TALLOC_CTX *mem_ctx)
{
- struct sockaddr_in *peer_addr;
+ struct sockaddr_un *peer_addr;
socklen_t len = sizeof(*peer_addr);
struct socket_address *peer;
int ret;
@@ -334,7 +334,7 @@ static struct socket_address *unixdom_get_peer_addr(struct socket_context *sock,
}
peer->family = sock->backend_name;
- peer_addr = talloc(peer, struct sockaddr_in);
+ peer_addr = talloc(peer, struct sockaddr_un);
if (!peer_addr) {
talloc_free(peer);
return NULL;
@@ -362,7 +362,7 @@ static struct socket_address *unixdom_get_peer_addr(struct socket_context *sock,
static struct socket_address *unixdom_get_my_addr(struct socket_context *sock, TALLOC_CTX *mem_ctx)
{
- struct sockaddr_in *local_addr;
+ struct sockaddr_un *local_addr;
socklen_t len = sizeof(*local_addr);
struct socket_address *local;
int ret;
@@ -373,7 +373,7 @@ static struct socket_address *unixdom_get_my_addr(struct socket_context *sock, T
}
local->family = sock->backend_name;
- local_addr = talloc(local, struct sockaddr_in);
+ local_addr = talloc(local, struct sockaddr_un);
if (!local_addr) {
talloc_free(local);
return NULL;
diff --git a/source4/rpc_server/dcerpc_server.c b/source4/rpc_server/dcerpc_server.c
index 389cbe3..10e711b 100644
--- a/source4/rpc_server/dcerpc_server.c
+++ b/source4/rpc_server/dcerpc_server.c
@@ -386,6 +386,8 @@ _PUBLIC_ NTSTATUS dcesrv_endpoint_connect(struct dcesrv_context *dce_ctx,
return NT_STATUS_NO_MEMORY;
}
+ p->prev = NULL;
+ p->next = NULL;
p->dce_ctx = dce_ctx;
p->endpoint = ep;
p->contexts = NULL;
@@ -402,7 +404,7 @@ _PUBLIC_ NTSTATUS dcesrv_endpoint_connect(struct dcesrv_context *dce_ctx,
p->event_ctx = event_ctx;
p->msg_ctx = msg_ctx;
p->server_id = server_id;
- p->processing = false;
+ p->terminate = NULL;
p->state_flags = state_flags;
ZERO_STRUCT(p->transport);
@@ -1143,6 +1145,7 @@ _PUBLIC_ NTSTATUS dcesrv_init_context(TALLOC_CTX *mem_ctx,
dce_ctx->lp_ctx = lp_ctx;
dce_ctx->assoc_groups_idr = idr_init(dce_ctx);
NT_STATUS_HAVE_NO_MEMORY(dce_ctx->assoc_groups_idr);
+ dce_ctx->broken_connections = NULL;
for (i=0;endpoint_servers[i];i++) {
const struct dcesrv_endpoint_server *ep_server;
@@ -1269,12 +1272,45 @@ const struct dcesrv_critical_sizes *dcerpc_module_version(void)
static void dcesrv_terminate_connection(struct dcesrv_connection *dce_conn, const char *reason)
{
+ struct dcesrv_context *dce_ctx = dce_conn->dce_ctx;
struct stream_connection *srv_conn;
srv_conn = talloc_get_type(dce_conn->transport.private_data,
struct stream_connection);
- stream_terminate_connection(srv_conn, reason);
+ if (dce_conn->pending_call_list == NULL) {
+ char *full_reason = talloc_asprintf(dce_conn, "dcesrv: %s", reason);
+
+ DLIST_REMOVE(dce_ctx->broken_connections, dce_conn);
+ stream_terminate_connection(srv_conn, full_reason ? full_reason : reason);
+ return;
+ }
+
+ if (dce_conn->terminate != NULL) {
+ return;
+ }
+
+ DEBUG(3,("dcesrv: terminating connection due to '%s' defered due to pending calls\n",
+ reason));
+ dce_conn->terminate = talloc_strdup(dce_conn, reason);
+ if (dce_conn->terminate == NULL) {
+ dce_conn->terminate = "dcesrv: defered terminating connection - no memory";
+ }
+ DLIST_ADD_END(dce_ctx->broken_connections, dce_conn, NULL);
}
+
+static void dcesrv_cleanup_broken_connections(struct dcesrv_context *dce_ctx)
+{
+ struct dcesrv_connection *cur, *next;
+
+ next = dce_ctx->broken_connections;
+ while (next != NULL) {
+ cur = next;
+ next = cur->next;
+
+ dcesrv_terminate_connection(cur, cur->terminate);
+ }
+}
+
/* We need this include to be able to compile on some plateforms
* (ie. freebsd 7.2) as it seems that <sys/uio.h> is not included
* correctly.
@@ -1386,6 +1422,8 @@ static void dcesrv_sock_accept(struct stream_connection *srv_conn)
struct tevent_req *subreq;
struct loadparm_context *lp_ctx = dcesrv_sock->dcesrv_ctx->lp_ctx;
+ dcesrv_cleanup_broken_connections(dcesrv_sock->dcesrv_ctx);
+
if (!srv_conn->session_info) {
status = auth_anonymous_session_info(srv_conn,
lp_ctx,
@@ -1473,10 +1511,23 @@ static void dcesrv_read_fragment_done(struct tevent_req *subreq)
{
struct dcesrv_connection *dce_conn = tevent_req_callback_data(subreq,
struct dcesrv_connection);
+ struct dcesrv_context *dce_ctx = dce_conn->dce_ctx;
struct ncacn_packet *pkt;
DATA_BLOB buffer;
NTSTATUS status;
+ if (dce_conn->terminate) {
+ /*
+ * if the current connection is broken
+ * we need to clean it up before any other connection
+ */
+ dcesrv_terminate_connection(dce_conn, dce_conn->terminate);
+ dcesrv_cleanup_broken_connections(dce_ctx);
+ return;
+ }
+
+ dcesrv_cleanup_broken_connections(dce_ctx);
+
status = dcerpc_read_ncacn_packet_recv(subreq, dce_conn,
&pkt, &buffer);
TALLOC_FREE(subreq);
diff --git a/source4/rpc_server/dcerpc_server.h b/source4/rpc_server/dcerpc_server.h
index 4fcb5c5..66fe51e 100644
--- a/source4/rpc_server/dcerpc_server.h
+++ b/source4/rpc_server/dcerpc_server.h
@@ -170,6 +170,9 @@ struct dcesrv_connection_context {
/* the state associated with a dcerpc server connection */
struct dcesrv_connection {
+ /* for the broken_connections DLIST */
+ struct dcesrv_connection *prev, *next;
+
/* the top level context for this server */
struct dcesrv_context *dce_ctx;
@@ -208,7 +211,8 @@ struct dcesrv_connection {
/* the transport level session key */
DATA_BLOB transport_session_key;
- bool processing;
+ /* is this connection pending termination? If so, why? */
+ const char *terminate;
const char *packet_log_dir;
@@ -288,6 +292,8 @@ struct dcesrv_context {
struct loadparm_context *lp_ctx;
struct idr_context *assoc_groups_idr;
+
+ struct dcesrv_connection *broken_connections;
};
/* this structure is used by modules to determine the size of some critical types */
diff --git a/source4/smbd/server.c b/source4/smbd/server.c
index b3d8ae5..17b6ce5 100644
--- a/source4/smbd/server.c
+++ b/source4/smbd/server.c
@@ -43,6 +43,7 @@
#include "cluster/cluster.h"
#include "dynconfig/dynconfig.h"
#include "lib/util/samba_modules.h"
+#include "nsswitch/winbind_client.h"
/*
recursively delete a directory tree
@@ -402,6 +403,12 @@ static int binary_smbd_main(const char *binary_name, int argc, const char *argv[
}
}
+ /* make sure we won't go through nss_winbind */
+ if (!winbind_off()) {
+ DEBUG(0,("Failed to disable recusive winbindd calls. Exiting.\n"));
+ exit(1);
+ }
+
gensec_init(); /* FIXME: */
ntptr_init(); /* FIXME: maybe run this in the initialization function
diff --git a/source4/smbd/service_stream.c b/source4/smbd/service_stream.c
index 22c4c04..74bb477 100644
--- a/source4/smbd/service_stream.c
+++ b/source4/smbd/service_stream.c
@@ -60,7 +60,11 @@ void stream_terminate_connection(struct stream_connection *srv_conn, const char
if (!reason) reason = "unknown reason";
- DEBUG(3,("Terminating connection - '%s'\n", reason));
+ if (srv_conn->processing) {
+ DEBUG(3,("Terminating connection deferred - '%s'\n", reason));
+ } else {
+ DEBUG(3,("Terminating connection - '%s'\n", reason));
+ }
srv_conn->terminate = reason;
diff --git a/source4/torture/raw/eas.c b/source4/torture/raw/eas.c
index a0ba06f..95a55d1 100644
--- a/source4/torture/raw/eas.c
+++ b/source4/torture/raw/eas.c
@@ -42,6 +42,8 @@ static bool check_ea(struct smbcli_state *cli,
return NT_STATUS_IS_OK(status);
}
+static char bad_ea_chars[] = "\"*+,/:;<=>?[\\]|";
+
static bool test_eas(struct smbcli_state *cli, struct torture_context *tctx)
{
NTSTATUS status;
@@ -49,6 +51,8 @@ static bool test_eas(struct smbcli_state *cli, struct torture_context *tctx)
union smb_open io;
const char *fname = BASEDIR "\\ea.txt";
bool ret = true;
+ char bad_ea_name[6];
+ int i;
int fnum = -1;
torture_comment(tctx, "TESTING SETFILEINFO EA_SET\n");
@@ -131,6 +135,59 @@ static bool test_eas(struct smbcli_state *cli, struct torture_context *tctx)
ret &= check_ea(cli, fname, "EAONE", NULL);
ret &= check_ea(cli, fname, "SECONDEA", NULL);
+ /* Check EA name containing colon. All EA's set
+ must be ignored, not just the one with the bad
+ name. */
+
+ torture_comment(tctx, "Adding bad EA name\n");
+ setfile.generic.level = RAW_SFILEINFO_EA_SET;
+ setfile.generic.in.file.fnum = fnum;
+ setfile.ea_set.in.num_eas = 3;
+ setfile.ea_set.in.eas = talloc_array(tctx, struct ea_struct, 3);
+ setfile.ea_set.in.eas[0].flags = 0;
+ setfile.ea_set.in.eas[0].name.s = "EAONE";
+ setfile.ea_set.in.eas[0].value = data_blob_string_const("VALUE1");
+ setfile.ea_set.in.eas[1].flags = 0;
+ setfile.ea_set.in.eas[1].name.s = "SECOND:EA";
+ setfile.ea_set.in.eas[1].value = data_blob_string_const("ValueTwo");
+ setfile.ea_set.in.eas[2].flags = 0;
+ setfile.ea_set.in.eas[2].name.s = "THIRDEA";
+ setfile.ea_set.in.eas[2].value = data_blob_string_const("ValueThree");
+
+ status = smb_raw_setfileinfo(cli->tree, &setfile);
+ CHECK_STATUS(status, STATUS_INVALID_EA_NAME);
+
+ ret &= check_ea(cli, fname, "EAONE", NULL);
+ ret &= check_ea(cli, fname, "THIRDEA", NULL);
+
+ setfile.generic.level = RAW_SFILEINFO_EA_SET;
+ setfile.generic.in.file.fnum = fnum;
+ setfile.ea_set.in.num_eas = 1;
+ setfile.ea_set.in.eas = talloc_array(tctx, struct ea_struct, 1);
+ setfile.ea_set.in.eas[0].flags = 0;
+ strlcpy(bad_ea_name, "TEST_X", sizeof(bad_ea_name));
+ setfile.ea_set.in.eas[0].name.s = bad_ea_name;
+
+ torture_comment(tctx, "Testing bad EA name range.\n");
+
+ for (i = 1; i < 256; i++) {
+ setfile.ea_set.in.eas[0].value = data_blob_string_const("VALUE1");
+ bad_ea_name[5] = (char)i;
+ torture_comment(tctx, "Testing bad EA name %d.\n", i);
+ status = smb_raw_setfileinfo(cli->tree, &setfile);
+ if (i < 32 || strchr(bad_ea_chars, i)) {
+ CHECK_STATUS(status, STATUS_INVALID_EA_NAME);
+ } else {
+ CHECK_STATUS(status, NT_STATUS_OK);
+
+ /* Now delete the EA we just set to make
+ sure we don't run out of room. */
+ setfile.ea_set.in.eas[0].value = data_blob(NULL, 0);
+ status = smb_raw_setfileinfo(cli->tree, &setfile);
+ CHECK_STATUS(status, NT_STATUS_OK);
+ }
+ }
+
done:
smbcli_close(cli->tree, fnum);
return ret;
@@ -365,6 +422,7 @@ static bool test_nttrans_create(struct smbcli_state *cli, struct torture_context
NTSTATUS status;
union smb_open io;
const char *fname = BASEDIR "\\ea2.txt";
+ const char *fname_bad = BASEDIR "\\ea2_bad.txt";
bool ret = true;
int fnum = -1;
struct ea_struct eas[3];
@@ -434,6 +492,62 @@ static bool test_nttrans_create(struct smbcli_state *cli, struct torture_context
ret &= check_ea(cli, fname, "and 3rd", "final value");
ret &= check_ea(cli, fname, "Fourth EA", NULL);
+ torture_comment(tctx, "TESTING NTTRANS CREATE WITH BAD EA NAMES\n");
+
+ io.generic.level = RAW_OPEN_NTTRANS_CREATE;
+ io.ntcreatex.in.root_fid.fnum = 0;
+ io.ntcreatex.in.flags = 0;
+ io.ntcreatex.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
+ io.ntcreatex.in.create_options = 0;
+ io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
+ io.ntcreatex.in.share_access =
+ NTCREATEX_SHARE_ACCESS_READ |
+ NTCREATEX_SHARE_ACCESS_WRITE;
+ io.ntcreatex.in.alloc_size = 0;
+ io.ntcreatex.in.open_disposition = NTCREATEX_DISP_CREATE;
+ io.ntcreatex.in.impersonation = NTCREATEX_IMPERSONATION_ANONYMOUS;
+ io.ntcreatex.in.security_flags = 0;
+ io.ntcreatex.in.fname = fname_bad;
+
+ ea_list.num_eas = 3;
+ ea_list.eas = eas;
+
+ eas[0].flags = 0;
+ eas[0].name.s = "1st EA";
+ eas[0].value = data_blob_string_const("Value One");
+
+ eas[1].flags = 0;
+ eas[1].name.s = "2nd:BAD:EA";
+ eas[1].value = data_blob_string_const("Second Value");
+
+ eas[2].flags = 0;
+ eas[2].name.s = "and 3rd";
+ eas[2].value = data_blob_string_const("final value");
+
+ io.ntcreatex.in.ea_list = &ea_list;
+ io.ntcreatex.in.sec_desc = NULL;
+
+ status = smb_raw_open(cli->tree, tctx, &io);
+ CHECK_STATUS(status, STATUS_INVALID_EA_NAME);
+
+ /* File must not exist. */
+ io.generic.level = RAW_OPEN_NTCREATEX;
+ io.ntcreatex.in.root_fid.fnum = 0;
+ io.ntcreatex.in.flags = 0;
+ io.ntcreatex.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
+ io.ntcreatex.in.create_options = 0;
+ io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
+ io.ntcreatex.in.share_access =
+ NTCREATEX_SHARE_ACCESS_READ |
+ NTCREATEX_SHARE_ACCESS_WRITE;
+ io.ntcreatex.in.alloc_size = 0;
+ io.ntcreatex.in.open_disposition = NTCREATEX_DISP_OPEN;
+ io.ntcreatex.in.impersonation = NTCREATEX_IMPERSONATION_ANONYMOUS;
+ io.ntcreatex.in.security_flags = 0;
+ io.ntcreatex.in.fname = fname_bad;
+ status = smb_raw_open(cli->tree, tctx, &io);
+ CHECK_STATUS(status, NT_STATUS_OBJECT_NAME_NOT_FOUND);
+
done:
smbcli_close(cli->tree, fnum);
return ret;
diff --git a/source4/winbind/wb_dom_info.c b/source4/winbind/wb_dom_info.c
index e2b5def..8c08c73 100644
--- a/source4/winbind/wb_dom_info.c
+++ b/source4/winbind/wb_dom_info.c
@@ -67,9 +67,10 @@ struct composite_context *wb_get_dom_info_send(TALLOC_CTX *mem_ctx,
state->info->sid = dom_sid_dup(state->info, sid);
if (state->info->sid == NULL) goto failed;
- if ((lpcfg_server_role(service->task->lp_ctx) != ROLE_DOMAIN_MEMBER) &&
+ if (dom_sid_equal(sid, &global_sid_Builtin) ||
+ ((lpcfg_server_role(service->task->lp_ctx) != ROLE_DOMAIN_MEMBER) &&
dom_sid_equal(sid, service->primary_sid) &&
- service->sec_channel_type != SEC_CHAN_RODC) {
+ service->sec_channel_type != SEC_CHAN_RODC)) {
struct interface *ifaces = NULL;
load_interface_list(state, service->task->lp_ctx, &ifaces);
diff --git a/source4/winbind/wb_init_domain.c b/source4/winbind/wb_init_domain.c
index 70dbaa9..db5eb1d 100644
--- a/source4/winbind/wb_init_domain.c
+++ b/source4/winbind/wb_init_domain.c
@@ -369,24 +369,26 @@ static void init_domain_recv_queryinfo(struct tevent_req *subreq)
state->ctx->status = state->queryinfo.out.result;
if (!composite_is_ok(state->ctx)) return;
- dominfo = &(*state->queryinfo.out.info)->account_domain;
-
- if (strcasecmp(state->domain->info->name, dominfo->name.string) != 0) {
- DEBUG(2, ("Expected domain name %s, DC %s said %s\n",
- state->domain->info->name,
- dcerpc_server_name(state->domain->libnet_ctx->lsa.pipe),
- dominfo->name.string));
- composite_error(state->ctx, NT_STATUS_INVALID_DOMAIN_STATE);
- return;
- }
-
- if (!dom_sid_equal(state->domain->info->sid, dominfo->sid)) {
- DEBUG(2, ("Expected domain sid %s, DC %s said %s\n",
- dom_sid_string(state, state->domain->info->sid),
- dcerpc_server_name(state->domain->libnet_ctx->lsa.pipe),
- dom_sid_string(state, dominfo->sid)));
- composite_error(state->ctx, NT_STATUS_INVALID_DOMAIN_STATE);
- return;
+ if (!dom_sid_equal(state->domain->info->sid, &global_sid_Builtin)) {
+ dominfo = &(*state->queryinfo.out.info)->account_domain;
+
+ if (strcasecmp(state->domain->info->name, dominfo->name.string) != 0) {
+ DEBUG(2, ("Expected domain name %s, DC %s said %s\n",
+ state->domain->info->name,
+ dcerpc_server_name(state->domain->libnet_ctx->lsa.pipe),
+ dominfo->name.string));
+ composite_error(state->ctx, NT_STATUS_INVALID_DOMAIN_STATE);
+ return;
+ }
+
+ if (!dom_sid_equal(state->domain->info->sid, dominfo->sid)) {
+ DEBUG(2, ("Expected domain sid %s, DC %s said %s\n",
+ dom_sid_string(state, state->domain->info->sid),
+ dcerpc_server_name(state->domain->libnet_ctx->lsa.pipe),
+ dom_sid_string(state, dominfo->sid)));
+ composite_error(state->ctx, NT_STATUS_INVALID_DOMAIN_STATE);
+ return;
+ }
}
state->domain->samr_binding = init_domain_binding(state, &ndr_table_samr);
diff --git a/source4/winbind/wb_samba3_protocol.c b/source4/winbind/wb_samba3_protocol.c
index 2846e9c..1b78c99 100644
--- a/source4/winbind/wb_samba3_protocol.c
+++ b/source4/winbind/wb_samba3_protocol.c
@@ -297,6 +297,8 @@ NTSTATUS wbsrv_samba3_send_reply(struct wbsrv_samba3_call *call)
struct tevent_req *subreq;
NTSTATUS status;
+ call->wbconn->pending_calls--;
+
status = wbsrv_samba3_push_reply(call);
NT_STATUS_NOT_OK_RETURN(status);
@@ -355,9 +357,12 @@ NTSTATUS wbsrv_samba3_process(struct wbsrv_samba3_call *call)
return status;
}
+ call->wbconn->pending_calls++;
+
status = wbsrv_samba3_handle_call(call);
if (!NT_STATUS_IS_OK(status)) {
+ call->wbconn->pending_calls--;
talloc_free(call);
return status;
}
diff --git a/source4/winbind/wb_server.c b/source4/winbind/wb_server.c
index 3392353..33adb76 100644
--- a/source4/winbind/wb_server.c
+++ b/source4/winbind/wb_server.c
@@ -28,19 +28,66 @@
#include "libcli/util/tstream.h"
#include "param/param.h"
#include "param/secrets.h"
+#include "lib/util/dlinklist.h"
void wbsrv_terminate_connection(struct wbsrv_connection *wbconn, const char *reason)
{
- stream_terminate_connection(wbconn->conn, reason);
+ struct wbsrv_service *service = wbconn->listen_socket->service;
+
+ if (wbconn->pending_calls == 0) {
+ char *full_reason = talloc_asprintf(wbconn, "wbsrv: %s", reason);
+
+ DLIST_REMOVE(service->broken_connections, wbconn);
+ stream_terminate_connection(wbconn->conn, full_reason ? full_reason : reason);
+ return;
+ }
+
+ if (wbconn->terminate != NULL) {
+ return;
+ }
+
+ DEBUG(3,("wbsrv: terminating connection due to '%s' defered due to %d pending calls\n",
+ reason, wbconn->pending_calls));
+ wbconn->terminate = talloc_strdup(wbconn, reason);
+ if (wbconn->terminate == NULL) {
+ wbconn->terminate = "wbsrv: defered terminating connection - no memory";
+ }
+ DLIST_ADD_END(service->broken_connections, wbconn, NULL);
+}
+
+static void wbsrv_cleanup_broken_connections(struct wbsrv_service *s)
+{
+ struct wbsrv_connection *cur, *next;
+
+ next = s->broken_connections;
+ while (next != NULL) {
+ cur = next;
+ next = cur->next;
+
+ wbsrv_terminate_connection(cur, cur->terminate);
+ }
}
static void wbsrv_call_loop(struct tevent_req *subreq)
{
struct wbsrv_connection *wbsrv_conn = tevent_req_callback_data(subreq,
struct wbsrv_connection);
+ struct wbsrv_service *service = wbsrv_conn->listen_socket->service;
struct wbsrv_samba3_call *call;
NTSTATUS status;
+ if (wbsrv_conn->terminate) {
+ /*
+ * if the current connection is broken
+ * we need to clean it up before any other connection
+ */
+ wbsrv_terminate_connection(wbsrv_conn, wbsrv_conn->terminate);
+ wbsrv_cleanup_broken_connections(service);
+ return;
+ }
+
+ wbsrv_cleanup_broken_connections(service);
+
call = talloc_zero(wbsrv_conn, struct wbsrv_samba3_call);
if (call == NULL) {
wbsrv_terminate_connection(wbsrv_conn, "wbsrv_call_loop: "
@@ -112,6 +159,8 @@ static void wbsrv_accept(struct stream_connection *conn)
struct tevent_req *subreq;
int rc;
+ wbsrv_cleanup_broken_connections(wbsrv_socket->service);
+
wbsrv_conn = talloc_zero(conn, struct wbsrv_connection);
if (wbsrv_conn == NULL) {
stream_terminate_connection(conn, "wbsrv_accept: out of memory");
diff --git a/source4/winbind/wb_server.h b/source4/winbind/wb_server.h
index 9b03004..26c404d 100644
--- a/source4/winbind/wb_server.h
+++ b/source4/winbind/wb_server.h
@@ -34,6 +34,8 @@ struct wbsrv_service {
struct idmap_context *idmap_ctx;
const char *priv_pipe_dir;
const char *pipe_dir;
+
+ struct wbsrv_connection *broken_connections;
};
struct wbsrv_samconn {
@@ -85,6 +87,9 @@ struct wbsrv_listen_socket {
state of an open winbind connection
*/
struct wbsrv_connection {
+ /* for the broken_connections DLIST */
+ struct wbsrv_connection *prev, *next;
+
/* stream connection we belong to */
struct stream_connection *conn;
@@ -94,9 +99,12 @@ struct wbsrv_connection {
/* storage for protocol specific data */
void *protocol_private_data;
- /* how many calls are pending */
+ /* how many calls are pending (do not terminate the connection with calls pending a reply) */
uint32_t pending_calls;
+ /* is this connection pending termination? If so, why? */
+ const char *terminate;
+
struct tstream_context *tstream;
struct tevent_queue *send_queue;
diff --git a/source4/winbind/wb_sid2domain.c b/source4/winbind/wb_sid2domain.c
index 637fe1d..172a6d0 100644
--- a/source4/winbind/wb_sid2domain.c
+++ b/source4/winbind/wb_sid2domain.c
@@ -98,6 +98,20 @@ static struct tevent_req *_wb_sid2domain_send(TALLOC_CTX *mem_ctx,
return req;
}
+ if (dom_sid_equal(&global_sid_Builtin, sid) ||
+ dom_sid_in_domain(&global_sid_Builtin, sid)) {
+ ctx = wb_get_dom_info_send(state, service,
+ "BUILTIN", NULL,
+ &global_sid_Builtin);
+ if (tevent_req_nomem(ctx, req)) {
+ return tevent_req_post(req, ev);
+ }
+ ctx->async.fn = wb_sid2domain_recv_dom_info;
+ ctx->async.private_data = req;
+
+ return req;
+ }
+
ctx = wb_cmd_lookupsid_send(state, service, &state->sid);
if (tevent_req_nomem(ctx, req)) {
return tevent_req_post(req, ev);
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-samba/samba.git
More information about the Pkg-samba-maint
mailing list