[Pkg-samba-maint] [samba] 01/04: Imported Upstream version 4.0.10+dfsg
Ivo De Decker
idd-guest at alioth.debian.org
Wed Oct 9 21:34:29 UTC 2013
This is an automated email from the git hooks/post-receive script.
idd-guest pushed a commit to branch samba_4.0
in repository samba.
commit 83e4e1a1726ad1918aafe21f9c1ff9ff05f911b8
Author: Ivo De Decker <ivo.dedecker at ugent.be>
Date: Wed Oct 9 22:11:09 2013 +0200
Imported Upstream version 4.0.10+dfsg
---
VERSION | 2 +-
WHATSNEW.txt | 135 +++++++++++++++++++-
buildtools/wafsamba/wscript | 5 +-
docs-xml/manpages/vfs_crossrename.8.xml | 20 +--
.../smbdotconf/protocol/aclallowexecutealways.xml | 26 ++++
docs-xml/smbdotconf/security/validusers.xml | 10 ++
docs/manpages/dbwrap_tool.1 | 4 +-
docs/manpages/eventlogadm.8 | 4 +-
docs/manpages/findsmb.1 | 4 +-
docs/manpages/idmap_ad.8 | 4 +-
docs/manpages/idmap_autorid.8 | 4 +-
docs/manpages/idmap_hash.8 | 4 +-
docs/manpages/idmap_ldap.8 | 4 +-
docs/manpages/idmap_nss.8 | 4 +-
docs/manpages/idmap_rid.8 | 4 +-
docs/manpages/idmap_tdb.8 | 4 +-
docs/manpages/idmap_tdb2.8 | 4 +-
docs/manpages/libsmbclient.7 | 4 +-
docs/manpages/lmhosts.5 | 4 +-
docs/manpages/log2pcap.1 | 4 +-
docs/manpages/net.8 | 4 +-
docs/manpages/nmbd.8 | 4 +-
docs/manpages/nmblookup.1 | 4 +-
docs/manpages/ntlm_auth.1 | 4 +-
docs/manpages/pam_winbind.8 | 4 +-
docs/manpages/pam_winbind.conf.5 | 4 +-
docs/manpages/pdbedit.8 | 4 +-
docs/manpages/profiles.1 | 4 +-
docs/manpages/rpcclient.1 | 4 +-
docs/manpages/samba-tool.8 | 4 +-
docs/manpages/samba.7 | 4 +-
docs/manpages/samba.8 | 4 +-
docs/manpages/sharesec.1 | 4 +-
docs/manpages/smb.conf.5 | 24 +++-
docs/manpages/smbcacls.1 | 4 +-
docs/manpages/smbclient.1 | 4 +-
docs/manpages/smbcontrol.1 | 4 +-
docs/manpages/smbcquotas.1 | 4 +-
docs/manpages/smbd.8 | 4 +-
docs/manpages/smbget.1 | 4 +-
docs/manpages/smbgetrc.5 | 4 +-
docs/manpages/smbpasswd.5 | 4 +-
docs/manpages/smbpasswd.8 | 4 +-
docs/manpages/smbspool.8 | 4 +-
docs/manpages/smbstatus.1 | 4 +-
docs/manpages/smbta-util.8 | 4 +-
docs/manpages/smbtar.1 | 4 +-
docs/manpages/smbtree.1 | 4 +-
docs/manpages/swat.8 | 4 +-
docs/manpages/testparm.1 | 4 +-
docs/manpages/vfs_acl_tdb.8 | 4 +-
docs/manpages/vfs_acl_xattr.8 | 4 +-
docs/manpages/vfs_aio_fork.8 | 4 +-
docs/manpages/vfs_aio_linux.8 | 4 +-
docs/manpages/vfs_aio_pthread.8 | 4 +-
docs/manpages/vfs_audit.8 | 4 +-
docs/manpages/vfs_cacheprime.8 | 4 +-
docs/manpages/vfs_cap.8 | 4 +-
docs/manpages/vfs_catia.8 | 4 +-
docs/manpages/vfs_commit.8 | 4 +-
docs/manpages/vfs_crossrename.8 | 36 +++---
docs/manpages/vfs_default_quota.8 | 4 +-
docs/manpages/vfs_dirsort.8 | 4 +-
docs/manpages/vfs_extd_audit.8 | 4 +-
docs/manpages/vfs_fake_perms.8 | 4 +-
docs/manpages/vfs_fileid.8 | 4 +-
docs/manpages/vfs_full_audit.8 | 4 +-
docs/manpages/vfs_gpfs.8 | 4 +-
docs/manpages/vfs_media_harmony.8 | 4 +-
docs/manpages/vfs_netatalk.8 | 4 +-
docs/manpages/vfs_notify_fam.8 | 4 +-
docs/manpages/vfs_prealloc.8 | 4 +-
docs/manpages/vfs_preopen.8 | 4 +-
docs/manpages/vfs_readahead.8 | 4 +-
docs/manpages/vfs_readonly.8 | 4 +-
docs/manpages/vfs_recycle.8 | 4 +-
docs/manpages/vfs_scannedonly.8 | 4 +-
docs/manpages/vfs_shadow_copy.8 | 4 +-
docs/manpages/vfs_shadow_copy2.8 | 4 +-
docs/manpages/vfs_smb_traffic_analyzer.8 | 4 +-
docs/manpages/vfs_streams_depot.8 | 4 +-
docs/manpages/vfs_streams_xattr.8 | 4 +-
docs/manpages/vfs_time_audit.8 | 4 +-
docs/manpages/vfs_tsmsm.8 | 4 +-
docs/manpages/vfs_xattr_tdb.8 | 4 +-
docs/manpages/vfstest.1 | 4 +-
docs/manpages/wbinfo.1 | 4 +-
docs/manpages/winbind_krb5_locator.7 | 4 +-
docs/manpages/winbindd.8 | 4 +-
lib/param/param_functions.c | 1 +
lib/param/param_table.c | 10 ++
lib/replace/wscript | 46 +++++--
nsswitch/wscript_build | 2 +-
python/pyglue.c | 45 ++++++-
python/samba/join.py | 73 ++++++++++-
python/samba/netcmd/dns.py | 18 ++-
python/samba/netcmd/fsmo.py | 14 +-
python/samba/provision/__init__.py | 6 +-
python/samba/provision/sambadns.py | 11 +-
selftest/target/Samba4.pm | 14 +-
source3/autoconf/lib/param/param_local.h | 1 +
source3/autoconf/lib/param/param_proto.h | 2 +
source3/autoconf/lib/param/s3_param.h | 1 +
source3/autoconf/librpc/gen_ndr/ndr_open_files.c | 11 +-
source3/autoconf/librpc/gen_ndr/open_files.h | 5 +-
source3/include/autoconf/version.h | 4 +-
source3/include/ntioctl.h | 1 +
source3/include/proto.h | 1 +
source3/include/smb.h | 3 +
source3/lib/gencache.c | 2 +-
source3/lib/system.c | 15 ++-
source3/lib/util.c | 6 +-
source3/librpc/idl/open_files.idl | 10 +-
source3/libsmb/dsgetdcname.c | 85 +++++++++---
source3/locking/locking.c | 47 ++++---
source3/locking/proto.h | 2 +-
source3/locking/share_mode_lock.c | 24 ++++
source3/modules/vfs_shadow_copy2.c | 3 -
source3/nmbd/nmbd.c | 14 +-
source3/param/loadparm.c | 1 +
source3/rpc_server/spoolss/srv_spoolss_nt.c | 2 +-
source3/selftest/tests.py | 1 +
source3/smbd/close.c | 10 +-
source3/smbd/dosmode.c | 5 +
source3/smbd/filename.c | 28 +++-
source3/smbd/globals.h | 2 +
source3/smbd/mangle_hash2.c | 20 ++-
source3/smbd/negprot.c | 9 +-
source3/smbd/nttrans.c | 6 +-
source3/smbd/open.c | 35 +++--
source3/smbd/posix_acls.c | 2 +-
source3/smbd/reply.c | 48 +++----
source3/smbd/scavenger.c | 9 +-
source3/smbd/server.c | 14 +-
source3/smbd/smb2_create.c | 3 +-
source3/smbd/smb2_find.c | 13 ++
source3/smbd/smb2_getinfo.c | 47 ++++++-
source3/smbd/smbd.h | 1 +
source3/smbd/trans2.c | 127 ++++++++++++++----
source3/torture/proto.h | 1 +
source3/torture/test_cleanup.c | 70 ++++++++++
source3/torture/torture.c | 1 +
source3/winbindd/winbindd.c | 23 +++-
source3/winbindd/winbindd_cm.c | 9 +-
source3/wscript | 9 +-
source3/wscript_build | 2 +-
source4/dsdb/schema/schema_syntax.c | 2 +-
source4/heimdal_build/wscript_build | 4 +-
source4/heimdal_build/wscript_configure | 4 +-
source4/libcli/dgram/dgramsocket.c | 2 +-
source4/scripting/bin/samba_upgradedns | 32 +++--
source4/selftest/tests.py | 3 +-
source4/setup/secrets_dns.ldif | 2 +-
source4/smbd/server.c | 13 +-
source4/torture/dns/dlz_bind9.c | 78 +++++++++++
source4/torture/winbind/winbind.c | 1 +
testprogs/blackbox/test_samba_upgradedns.sh | 37 ++++++
157 files changed, 1312 insertions(+), 423 deletions(-)
diff --git a/VERSION b/VERSION
index be37c35..5f5ae18 100644
--- a/VERSION
+++ b/VERSION
@@ -25,7 +25,7 @@
########################################################
SAMBA_VERSION_MAJOR=4
SAMBA_VERSION_MINOR=0
-SAMBA_VERSION_RELEASE=9
+SAMBA_VERSION_RELEASE=10
########################################################
# If a official release has a serious bug #
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index 8847406..3b9462b 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,3 +1,134 @@
+ ==============================
+ Release Notes for Samba 4.0.10
+ October 8, 2013
+ ==============================
+
+
+This is is the latest stable release of Samba 4.0.
+
+Major enhancements in Samba 4.0.10 include:
+
+o NetBIOS related samba process consumes 100% CPU (bug #10158).
+o smbd: Clean up share modes after hard crash (bug #10138).
+o Fix POSIX ACL mapping when setting DENY ACE's from Windows (bug #10162).
+
+To ease upgrades from Samba 3.6 and older, a new parameter called "acl allow
+execute always" has been introduced as a temporary workaround. Please see the
+smb.conf man page for details.
+
+
+Changes since 4.0.9:
+--------------------
+
+o Michael Adam <obnox at samba.org>
+ * BUG 10134: Ease file server upgrades from 3.6 and earlier with "acl allow
+ execute always".
+ * BUG 10169: Fix build error in scavenger.c.
+
+
+o Jeremy Allison <jra at samba.org>
+ * BUG 5917: Make Samba work on site with Read Only Domain Controller.
+ * BUG 9166: Starting smbd or nmbd with stdin from /dev/null results in
+ "EOF on stdin".
+ * BUG 10063: source3/lib/util.c:1493 leaking memory w/ pam_winbind.so /
+ winbind.
+ * BUG 10121: Masks incorrectly applied to UNIX extension permission changes.
+ * BUG 10139: Valid utf8 filenames cause "invalid conversion error"
+ messages.
+
+
+o Christian Ambach <ambi at samba.org>
+ * BUG #9911 - Build Samba 4.0.x on AIX with IBM XL C/C++.
+
+
+o Andrew Bartlett <abartlet at samba.org>
+ * BUG 8077: dsdb: Convert the full string from UTF16 to UTF8, including
+ embedded NULLs.
+ * BUG 9091: When replicating DNS for bind9_dlz we need to create the
+ server-DNS account remotely.
+ * BUG 9461: python-samba-tool fsmo: Do not give an error on a successful
+ role transfer.
+
+
+o Günther Deschner <gd at samba.org>
+ * BUG 9615: s3-winbindd: fix fallback to ncacn_np in cm_connect_lsat().
+ * BUG 9899: s3-winbindd: fix fallback to ncacn_np in cm_connect_lsat().
+ * BUG 10147: Better document potential implications of a globally used
+ "valid users".
+
+
+o Korobkin <korobkin+samba at gmail.com>
+ * BUG 10118: Samba is chatty about being unable to open a printer.
+
+
+o Amitay Isaacs <amitay at gmail.com>
+ * BUG 9599: samba-tool/dns: Pass on additional flags when creating zones.
+
+
+o Volker Lendecke <vl at samba.org>
+ * BUG 10086: smbd: Fix async echo handler forking.
+ * BUG 10106: Honour output buffer length set by the client for SMB2
+ GetInfo requests.
+ * BUG 10114: Dropbox (write-only-directory) case isn't handled correctly in
+ pathname lookup.
+ * BUG 10138: smbd: Clean up share modes after hard crash.
+
+
+o Daniel Liberman <danielvl at gmail.com>
+ * BUG 10162: Fix POSIX ACL mapping when setting DENY ACE's from Windows.
+
+
+o Stefan Metzmacher <metze at samba.org>
+ * BUG 9802: Move gencache.tdb to /var/cache/samba.
+ * BUG 10030: ::1 added to nameserver on join.
+
+
+o Matthieu Patou <mat at matws.net>
+ * BUG 10158: NetBIOS related samba process consumes 100% CPU.
+
+
+o Christof Schmitt <christof.schmitt at us.ibm.com>
+ * BUG 10137: vfs_shadow_copy2 does not display previous versions correctly
+ over SMB2.
+
+
+o Karolin Seeger <kseeger at samba.org>
+ * BUG 10076: docs: Fix variable list in man vfs_crossrename.
+
+
+o Richard Sharpe <realrichardsharpe at gmail.com>
+ * BUG 10097 - MacOSX 10.9 will not follow path-based DFS referrals handed
+ out by Samba.
+
+
+o Ralph Wuerthner <ralph.wuerthner at de.ibm.com>
+ * BUG 10106: Honour output buffer length set by the client for SMB2
+ GetInfo requests.
+
+
+######################################################################
+Reporting bugs & Development Discussion
+#######################################
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical IRC channel on irc.freenode.net.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored. All bug reports should
+be filed under the Samba 4.0 product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+======================================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+======================================================================
+
+
+Release notes for older releases follow:
+----------------------------------------
+
=============================
Release Notes for Samba 4.0.9
August 20, 2013
@@ -105,8 +236,8 @@ database (https://bugzilla.samba.org/).
======================================================================
-Release notes for older releases follow:
-----------------------------------------
+----------------------------------------------------------------------
+
=============================
Release Notes for Samba 4.0.8
diff --git a/buildtools/wafsamba/wscript b/buildtools/wafsamba/wscript
index 17aef27..fe2e515 100755
--- a/buildtools/wafsamba/wscript
+++ b/buildtools/wafsamba/wscript
@@ -82,6 +82,9 @@ def set_options(opt):
help='additional directory to search for gettext',
action='store', dest='gettext_location', default='/usr/local',
match = ['Checking for library intl', 'Checking for header libintl.h'])
+ opt.add_option('--without-gettext',
+ help=("Disable use of gettext"),
+ action="store_true", dest='disable_gettext', default=False)
gr = opt.option_group('developer options')
@@ -322,7 +325,7 @@ def configure(conf):
else:
conf.env.HAVE_LD_VERSION_SCRIPT = False
- if sys.platform == "aix5" or sys.platform == "aix6":
+ if sys.platform.startswith('aix'):
conf.DEFINE('_ALL_SOURCE', 1, add_to_cflags=True)
# Might not be needed if ALL_SOURCE is defined
# conf.DEFINE('_XOPEN_SOURCE', 600, add_to_cflags=True)
diff --git a/docs-xml/manpages/vfs_crossrename.8.xml b/docs-xml/manpages/vfs_crossrename.8.xml
index 898c2b3..3913596 100644
--- a/docs-xml/manpages/vfs_crossrename.8.xml
+++ b/docs-xml/manpages/vfs_crossrename.8.xml
@@ -37,28 +37,30 @@
NT_STATUS_NOT_SAME_DEVICE and the client has to move the file by
manual copy and delete operations. If the rename by copy is done by the
server this can be much more efficient. vfs_crossrename tries to do
- this server-side cross-device rename operation. There are however
- limitations that this module currently does not solve:
+ this server-side cross-device rename operation.
+ </para>
+
+ <para>There are however limitations that this module currently does not
+ solve:</para>
<variablelist>
<varlistentry>
- the ACLs of files are not preserved
+ <para>The ACLs of files are not preserved,</para>
</varlistentry>
<varlistentry>
- meta data in EAs are not preserved
+ <para>meta data in EAs are not preserved,</para>
</varlistentry>
<varlistentry>
- renames of whole subdirectories cannot be done recursively,
+ <para>renames of whole subdirectories cannot be done recursively,
in that case we still return STATUS_NOT_SAME_DEVICE and
- let the client decide what to do
+ let the client decide what to do,</para>
</varlistentry>
<varlistentry>
- rename operations of huge files can cause hangs on the
+ <para>rename operations of huge files can cause hangs on the
client because clients expect a rename operation to
- return fast
+ return fast.</para>
</varlistentry>
</variablelist>
- </para>
<para>This module is stackable.</para>
diff --git a/docs-xml/smbdotconf/protocol/aclallowexecutealways.xml b/docs-xml/smbdotconf/protocol/aclallowexecutealways.xml
new file mode 100644
index 0000000..49d2c48
--- /dev/null
+++ b/docs-xml/smbdotconf/protocol/aclallowexecutealways.xml
@@ -0,0 +1,26 @@
+<samba:parameter name="acl allow execute always"
+ context="S"
+ type="boolean"
+ advanced="1" wizard="1"
+ xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
+<description>
+ <para>
+ This boolean parameter controls the behaviour of <citerefentry><refentrytitle>smbd</refentrytitle>
+ <manvolnum>8</manvolnum></citerefentry> when receiving a protocol request of "open for execution"
+ from a Windows client.
+ With Samba 3.6 and older, the execution right in the ACL was not checked, so a client
+ could execute a file even if it did not have execute rights on the file. In Samba 4.0,
+ this has been fixed, so that by default, i.e. when this parameter is set to "False",
+ "open for execution" is now denied when execution permissions are not present.
+ </para>
+ <para>
+ If this parameter is set to "True", Samba does not check execute permissions on
+ "open for execution", thus re-establishing the behaviour of Samba 3.6.
+ This can be useful to smoothen upgrades from older Samba versions to 4.0 and newer.
+ This setting is not not meant to be used as a permanent setting, but as a temporary relief:
+ It is recommended to fix the permissions in the ACLs and reset this parameter to the
+ default after a certain transition period.
+ </para>
+</description>
+<value type="default">False</value>
+</samba:parameter>
diff --git a/docs-xml/smbdotconf/security/validusers.xml b/docs-xml/smbdotconf/security/validusers.xml
index 313739d..ec3e11e 100644
--- a/docs-xml/smbdotconf/security/validusers.xml
+++ b/docs-xml/smbdotconf/security/validusers.xml
@@ -19,6 +19,16 @@
The current servicename is substituted for <parameter moreinfo="none">%S</parameter>.
This is useful in the [homes] section.
</para>
+
+ <para><emphasis>Note: </emphasis>When used in the [global] section this
+ parameter may have unwanted side effects. For example: If samba is configured as a MASTER BROWSER (see
+ <parameter moreinfo="none">local master</parameter>,
+ <parameter moreinfo="none">os level</parameter>,
+ <parameter moreinfo="none">domain master</parameter>,
+ <parameter moreinfo="none">preferred master</parameter>) this option
+ will prevent workstations from being able to browse the network.
+ </para>
+
</description>
<related>invalid users</related>
diff --git a/docs/manpages/dbwrap_tool.1 b/docs/manpages/dbwrap_tool.1
index 383c5d5..339a778 100644
--- a/docs/manpages/dbwrap_tool.1
+++ b/docs/manpages/dbwrap_tool.1
@@ -2,12 +2,12 @@
.\" Title: dbwrap_tool
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
-.\" Date: 08/15/2013
+.\" Date: 10/07/2013
.\" Manual: System Administration tools
.\" Source: Samba 4.0
.\" Language: English
.\"
-.TH "DBWRAP_TOOL" "1" "08/15/2013" "Samba 4\&.0" "System Administration tools"
+.TH "DBWRAP_TOOL" "1" "10/07/2013" "Samba 4\&.0" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff --git a/docs/manpages/eventlogadm.8 b/docs/manpages/eventlogadm.8
index 7e8017e..ed7ae1c 100644
--- a/docs/manpages/eventlogadm.8
+++ b/docs/manpages/eventlogadm.8
@@ -2,12 +2,12 @@
.\" Title: eventlogadm
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
-.\" Date: 08/15/2013
+.\" Date: 10/07/2013
.\" Manual: System Administration tools
.\" Source: Samba 4.0
.\" Language: English
.\"
-.TH "EVENTLOGADM" "8" "08/15/2013" "Samba 4\&.0" "System Administration tools"
+.TH "EVENTLOGADM" "8" "10/07/2013" "Samba 4\&.0" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff --git a/docs/manpages/findsmb.1 b/docs/manpages/findsmb.1
index d24a153..d93d339 100644
--- a/docs/manpages/findsmb.1
+++ b/docs/manpages/findsmb.1
@@ -2,12 +2,12 @@
.\" Title: findsmb
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
-.\" Date: 08/15/2013
+.\" Date: 10/07/2013
.\" Manual: User Commands
.\" Source: Samba 4.0
.\" Language: English
.\"
-.TH "FINDSMB" "1" "08/15/2013" "Samba 4\&.0" "User Commands"
+.TH "FINDSMB" "1" "10/07/2013" "Samba 4\&.0" "User Commands"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff --git a/docs/manpages/idmap_ad.8 b/docs/manpages/idmap_ad.8
index ac96a67..810ec53 100644
--- a/docs/manpages/idmap_ad.8
+++ b/docs/manpages/idmap_ad.8
@@ -2,12 +2,12 @@
.\" Title: idmap_ad
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
-.\" Date: 08/15/2013
+.\" Date: 10/07/2013
.\" Manual: System Administration tools
.\" Source: Samba 4.0
.\" Language: English
.\"
-.TH "IDMAP_AD" "8" "08/15/2013" "Samba 4\&.0" "System Administration tools"
+.TH "IDMAP_AD" "8" "10/07/2013" "Samba 4\&.0" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff --git a/docs/manpages/idmap_autorid.8 b/docs/manpages/idmap_autorid.8
index d3cc55f..e05d2ef 100644
--- a/docs/manpages/idmap_autorid.8
+++ b/docs/manpages/idmap_autorid.8
@@ -2,12 +2,12 @@
.\" Title: idmap_autorid
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
-.\" Date: 08/15/2013
+.\" Date: 10/07/2013
.\" Manual: System Administration tools
.\" Source: Samba 4.0
.\" Language: English
.\"
-.TH "IDMAP_AUTORID" "8" "08/15/2013" "Samba 4\&.0" "System Administration tools"
+.TH "IDMAP_AUTORID" "8" "10/07/2013" "Samba 4\&.0" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff --git a/docs/manpages/idmap_hash.8 b/docs/manpages/idmap_hash.8
index 4623552..d217901 100644
--- a/docs/manpages/idmap_hash.8
+++ b/docs/manpages/idmap_hash.8
@@ -2,12 +2,12 @@
.\" Title: idmap_hash
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
-.\" Date: 08/15/2013
+.\" Date: 10/07/2013
.\" Manual: System Administration tools
.\" Source: Samba 4.0
.\" Language: English
.\"
-.TH "IDMAP_HASH" "8" "08/15/2013" "Samba 4\&.0" "System Administration tools"
+.TH "IDMAP_HASH" "8" "10/07/2013" "Samba 4\&.0" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff --git a/docs/manpages/idmap_ldap.8 b/docs/manpages/idmap_ldap.8
index 213f668..585976f 100644
--- a/docs/manpages/idmap_ldap.8
+++ b/docs/manpages/idmap_ldap.8
@@ -2,12 +2,12 @@
.\" Title: idmap_ldap
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
-.\" Date: 08/15/2013
+.\" Date: 10/07/2013
.\" Manual: System Administration tools
.\" Source: Samba 4.0
.\" Language: English
.\"
-.TH "IDMAP_LDAP" "8" "08/15/2013" "Samba 4\&.0" "System Administration tools"
+.TH "IDMAP_LDAP" "8" "10/07/2013" "Samba 4\&.0" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff --git a/docs/manpages/idmap_nss.8 b/docs/manpages/idmap_nss.8
index b5a566e..609d52d 100644
--- a/docs/manpages/idmap_nss.8
+++ b/docs/manpages/idmap_nss.8
@@ -2,12 +2,12 @@
.\" Title: idmap_nss
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
-.\" Date: 08/15/2013
+.\" Date: 10/07/2013
.\" Manual: System Administration tools
.\" Source: Samba 4.0
.\" Language: English
.\"
-.TH "IDMAP_NSS" "8" "08/15/2013" "Samba 4\&.0" "System Administration tools"
+.TH "IDMAP_NSS" "8" "10/07/2013" "Samba 4\&.0" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff --git a/docs/manpages/idmap_rid.8 b/docs/manpages/idmap_rid.8
index f86197f..3834c4a 100644
--- a/docs/manpages/idmap_rid.8
+++ b/docs/manpages/idmap_rid.8
@@ -2,12 +2,12 @@
.\" Title: idmap_rid
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
-.\" Date: 08/15/2013
+.\" Date: 10/07/2013
.\" Manual: System Administration tools
.\" Source: Samba 4.0
.\" Language: English
.\"
-.TH "IDMAP_RID" "8" "08/15/2013" "Samba 4\&.0" "System Administration tools"
+.TH "IDMAP_RID" "8" "10/07/2013" "Samba 4\&.0" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff --git a/docs/manpages/idmap_tdb.8 b/docs/manpages/idmap_tdb.8
index bebc478..cbd0395 100644
--- a/docs/manpages/idmap_tdb.8
+++ b/docs/manpages/idmap_tdb.8
@@ -2,12 +2,12 @@
.\" Title: idmap_tdb
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
-.\" Date: 08/15/2013
+.\" Date: 10/07/2013
.\" Manual: System Administration tools
.\" Source: Samba 4.0
.\" Language: English
.\"
-.TH "IDMAP_TDB" "8" "08/15/2013" "Samba 4\&.0" "System Administration tools"
+.TH "IDMAP_TDB" "8" "10/07/2013" "Samba 4\&.0" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff --git a/docs/manpages/idmap_tdb2.8 b/docs/manpages/idmap_tdb2.8
index cb7975e..6557574 100644
--- a/docs/manpages/idmap_tdb2.8
+++ b/docs/manpages/idmap_tdb2.8
@@ -2,12 +2,12 @@
.\" Title: idmap_tdb2
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
-.\" Date: 08/15/2013
+.\" Date: 10/07/2013
.\" Manual: System Administration tools
.\" Source: Samba 4.0
.\" Language: English
.\"
-.TH "IDMAP_TDB2" "8" "08/15/2013" "Samba 4\&.0" "System Administration tools"
+.TH "IDMAP_TDB2" "8" "10/07/2013" "Samba 4\&.0" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff --git a/docs/manpages/libsmbclient.7 b/docs/manpages/libsmbclient.7
index 72142ad..0f449f2 100644
--- a/docs/manpages/libsmbclient.7
+++ b/docs/manpages/libsmbclient.7
@@ -2,12 +2,12 @@
.\" Title: libsmbclient
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
-.\" Date: 08/15/2013
+.\" Date: 10/07/2013
.\" Manual: 7
.\" Source: Samba 4.0
.\" Language: English
.\"
-.TH "LIBSMBCLIENT" "7" "08/15/2013" "Samba 4\&.0" "7"
+.TH "LIBSMBCLIENT" "7" "10/07/2013" "Samba 4\&.0" "7"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff --git a/docs/manpages/lmhosts.5 b/docs/manpages/lmhosts.5
index 3bdffae..3eb9bbc 100644
--- a/docs/manpages/lmhosts.5
+++ b/docs/manpages/lmhosts.5
@@ -2,12 +2,12 @@
.\" Title: lmhosts
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
-.\" Date: 08/15/2013
+.\" Date: 10/07/2013
.\" Manual: File Formats and Conventions
.\" Source: Samba 4.0
.\" Language: English
.\"
-.TH "LMHOSTS" "5" "08/15/2013" "Samba 4\&.0" "File Formats and Conventions"
+.TH "LMHOSTS" "5" "10/07/2013" "Samba 4\&.0" "File Formats and Conventions"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff --git a/docs/manpages/log2pcap.1 b/docs/manpages/log2pcap.1
index 49c25f4..7a510f3 100644
--- a/docs/manpages/log2pcap.1
+++ b/docs/manpages/log2pcap.1
@@ -2,12 +2,12 @@
.\" Title: log2pcap
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
-.\" Date: 08/15/2013
+.\" Date: 10/07/2013
.\" Manual: User Commands
.\" Source: Samba 4.0
.\" Language: English
.\"
-.TH "LOG2PCAP" "1" "08/15/2013" "Samba 4\&.0" "User Commands"
+.TH "LOG2PCAP" "1" "10/07/2013" "Samba 4\&.0" "User Commands"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff --git a/docs/manpages/net.8 b/docs/manpages/net.8
index f4f09f8..4299cb1 100644
--- a/docs/manpages/net.8
+++ b/docs/manpages/net.8
@@ -2,12 +2,12 @@
.\" Title: net
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
-.\" Date: 08/15/2013
+.\" Date: 10/07/2013
.\" Manual: System Administration tools
.\" Source: Samba 4.0
.\" Language: English
.\"
-.TH "NET" "8" "08/15/2013" "Samba 4\&.0" "System Administration tools"
+.TH "NET" "8" "10/07/2013" "Samba 4\&.0" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff --git a/docs/manpages/nmbd.8 b/docs/manpages/nmbd.8
index e57a3a6..00fd8d1 100644
--- a/docs/manpages/nmbd.8
+++ b/docs/manpages/nmbd.8
@@ -2,12 +2,12 @@
.\" Title: nmbd
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
-.\" Date: 08/15/2013
+.\" Date: 10/07/2013
.\" Manual: System Administration tools
.\" Source: Samba 4.0
.\" Language: English
.\"
-.TH "NMBD" "8" "08/15/2013" "Samba 4\&.0" "System Administration tools"
+.TH "NMBD" "8" "10/07/2013" "Samba 4\&.0" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff --git a/docs/manpages/nmblookup.1 b/docs/manpages/nmblookup.1
index 386dfff..965b7cf 100644
--- a/docs/manpages/nmblookup.1
+++ b/docs/manpages/nmblookup.1
@@ -2,12 +2,12 @@
.\" Title: nmblookup
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
-.\" Date: 08/15/2013
+.\" Date: 10/07/2013
.\" Manual: User Commands
.\" Source: Samba 4.0
.\" Language: English
.\"
-.TH "NMBLOOKUP" "1" "08/15/2013" "Samba 4\&.0" "User Commands"
+.TH "NMBLOOKUP" "1" "10/07/2013" "Samba 4\&.0" "User Commands"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff --git a/docs/manpages/ntlm_auth.1 b/docs/manpages/ntlm_auth.1
index 3434349..a0a561a 100644
--- a/docs/manpages/ntlm_auth.1
+++ b/docs/manpages/ntlm_auth.1
@@ -2,12 +2,12 @@
.\" Title: ntlm_auth
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
-.\" Date: 08/15/2013
+.\" Date: 10/07/2013
.\" Manual: User Commands
.\" Source: Samba 4.0
.\" Language: English
.\"
-.TH "NTLM_AUTH" "1" "08/15/2013" "Samba 4\&.0" "User Commands"
+.TH "NTLM_AUTH" "1" "10/07/2013" "Samba 4\&.0" "User Commands"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff --git a/docs/manpages/pam_winbind.8 b/docs/manpages/pam_winbind.8
index 94cf991..72459d6 100644
--- a/docs/manpages/pam_winbind.8
+++ b/docs/manpages/pam_winbind.8
@@ -2,12 +2,12 @@
.\" Title: pam_winbind
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
-.\" Date: 08/15/2013
+.\" Date: 10/07/2013
.\" Manual: 8
.\" Source: Samba 4.0
.\" Language: English
.\"
-.TH "PAM_WINBIND" "8" "08/15/2013" "Samba 4\&.0" "8"
+.TH "PAM_WINBIND" "8" "10/07/2013" "Samba 4\&.0" "8"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff --git a/docs/manpages/pam_winbind.conf.5 b/docs/manpages/pam_winbind.conf.5
index a3d0640..9fc91a5 100644
--- a/docs/manpages/pam_winbind.conf.5
+++ b/docs/manpages/pam_winbind.conf.5
@@ -2,12 +2,12 @@
.\" Title: pam_winbind.conf
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
-.\" Date: 08/15/2013
+.\" Date: 10/07/2013
.\" Manual: 5
.\" Source: Samba 4.0
.\" Language: English
.\"
-.TH "PAM_WINBIND\&.CONF" "5" "08/15/2013" "Samba 4\&.0" "5"
+.TH "PAM_WINBIND\&.CONF" "5" "10/07/2013" "Samba 4\&.0" "5"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff --git a/docs/manpages/pdbedit.8 b/docs/manpages/pdbedit.8
index 9979d76..6d2103b 100644
--- a/docs/manpages/pdbedit.8
+++ b/docs/manpages/pdbedit.8
@@ -2,12 +2,12 @@
.\" Title: pdbedit
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
-.\" Date: 08/15/2013
+.\" Date: 10/07/2013
.\" Manual: System Administration tools
.\" Source: Samba 4.0
.\" Language: English
.\"
-.TH "PDBEDIT" "8" "08/15/2013" "Samba 4\&.0" "System Administration tools"
+.TH "PDBEDIT" "8" "10/07/2013" "Samba 4\&.0" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff --git a/docs/manpages/profiles.1 b/docs/manpages/profiles.1
index 22d6565..d9039de 100644
--- a/docs/manpages/profiles.1
+++ b/docs/manpages/profiles.1
@@ -2,12 +2,12 @@
.\" Title: profiles
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
-.\" Date: 08/15/2013
+.\" Date: 10/07/2013
.\" Manual: User Commands
.\" Source: Samba 4.0
.\" Language: English
.\"
-.TH "PROFILES" "1" "08/15/2013" "Samba 4\&.0" "User Commands"
+.TH "PROFILES" "1" "10/07/2013" "Samba 4\&.0" "User Commands"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff --git a/docs/manpages/rpcclient.1 b/docs/manpages/rpcclient.1
index 68f9536..10422c2 100644
--- a/docs/manpages/rpcclient.1
+++ b/docs/manpages/rpcclient.1
@@ -2,12 +2,12 @@
.\" Title: rpcclient
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
-.\" Date: 08/15/2013
+.\" Date: 10/07/2013
.\" Manual: User Commands
.\" Source: Samba 4.0
.\" Language: English
.\"
-.TH "RPCCLIENT" "1" "08/15/2013" "Samba 4\&.0" "User Commands"
+.TH "RPCCLIENT" "1" "10/07/2013" "Samba 4\&.0" "User Commands"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff --git a/docs/manpages/samba-tool.8 b/docs/manpages/samba-tool.8
index df44db4..288c575 100644
--- a/docs/manpages/samba-tool.8
+++ b/docs/manpages/samba-tool.8
@@ -2,12 +2,12 @@
.\" Title: samba-tool
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
-.\" Date: 08/15/2013
+.\" Date: 10/07/2013
.\" Manual: System Administration tools
.\" Source: Samba 4.0
.\" Language: English
.\"
-.TH "SAMBA\-TOOL" "8" "08/15/2013" "Samba 4\&.0" "System Administration tools"
+.TH "SAMBA\-TOOL" "8" "10/07/2013" "Samba 4\&.0" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff --git a/docs/manpages/samba.7 b/docs/manpages/samba.7
index 96b8e47..bdcd135 100644
--- a/docs/manpages/samba.7
+++ b/docs/manpages/samba.7
@@ -2,12 +2,12 @@
.\" Title: samba
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
-.\" Date: 08/15/2013
+.\" Date: 10/07/2013
.\" Manual: Miscellanea
.\" Source: Samba 4.0
.\" Language: English
.\"
-.TH "SAMBA" "7" "08/15/2013" "Samba 4\&.0" "Miscellanea"
+.TH "SAMBA" "7" "10/07/2013" "Samba 4\&.0" "Miscellanea"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff --git a/docs/manpages/samba.8 b/docs/manpages/samba.8
index b06ee52..dab52b2 100644
--- a/docs/manpages/samba.8
+++ b/docs/manpages/samba.8
@@ -2,12 +2,12 @@
.\" Title: samba
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
-.\" Date: 08/15/2013
+.\" Date: 10/07/2013
.\" Manual: System Administration tools
.\" Source: Samba 4.0
.\" Language: English
.\"
-.TH "SAMBA" "8" "08/15/2013" "Samba 4\&.0" "System Administration tools"
+.TH "SAMBA" "8" "10/07/2013" "Samba 4\&.0" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff --git a/docs/manpages/sharesec.1 b/docs/manpages/sharesec.1
index a7dd3b6..f259e6d 100644
--- a/docs/manpages/sharesec.1
+++ b/docs/manpages/sharesec.1
@@ -2,12 +2,12 @@
.\" Title: sharesec
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
-.\" Date: 08/15/2013
+.\" Date: 10/07/2013
.\" Manual: User Commands
.\" Source: Samba 4.0
.\" Language: English
.\"
-.TH "SHARESEC" "1" "08/15/2013" "Samba 4\&.0" "User Commands"
+.TH "SHARESEC" "1" "10/07/2013" "Samba 4\&.0" "User Commands"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff --git a/docs/manpages/smb.conf.5 b/docs/manpages/smb.conf.5
index bd5a2ce..7d2bf06 100644
--- a/docs/manpages/smb.conf.5
+++ b/docs/manpages/smb.conf.5
@@ -2,12 +2,12 @@
.\" Title: smb.conf
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
-.\" Date: 08/15/2013
+.\" Date: 10/07/2013
.\" Manual: File Formats and Conventions
.\" Source: Samba 4.0
.\" Language: English
.\"
-.TH "SMB\&.CONF" "5" "08/15/2013" "Samba 4\&.0" "File Formats and Conventions"
+.TH "SMB\&.CONF" "5" "10/07/2013" "Samba 4\&.0" "File Formats and Conventions"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
@@ -702,6 +702,20 @@ Default:
\fI\fIaccess based share enum\fR\fR\fI = \fR\fIno\fR\fI \fR
.RE
+acl allow execute always (S)
+.\" acl allow execute always
+.PP
+.RS 4
+This boolean parameter controls the behaviour of
+\fBsmbd\fR(8)
+when receiving a protocol request of "open for execution" from a Windows client\&. With Samba 3\&.6 and older, the execution right in the ACL was not checked, so a client could execute a file even if it did not have execute rights on the file\&. In Samba 4\&.0, this has been fixed, so that by default, i\&.e\&. when this parameter is set to "False", "open for execution" is now denied when execution permissions are not present\&.
+.sp
+If this parameter is set to "True", Samba does not check execute permissions on "open for execution", thus re\-establishing the behaviour of Samba 3\&.6\&. This can be useful to smoothen upgrades from older Samba versions to 4\&.0 and newer\&. This setting is not not meant to be used as a permanent setting, but as a temporary relief: It is recommended to fix the permissions in the ACLs and reset this parameter to the default after a certain transition period\&.
+.sp
+Default:
+\fI\fIacl allow execute always\fR\fR\fI = \fR\fIFalse\fR\fI \fR
+.RE
+
acl check permissions (S)
.\" acl check permissions
.PP
@@ -10586,6 +10600,12 @@ list then access is denied for that user\&.
The current servicename is substituted for
\fI%S\fR\&. This is useful in the [homes] section\&.
.sp
+\fINote: \fRWhen used in the [global] section this parameter may have unwanted side effects\&. For example: If samba is configured as a MASTER BROWSER (see
+\fIlocal master\fR,
+\fIos level\fR,
+\fIdomain master\fR,
+\fIpreferred master\fR) this option will prevent workstations from being able to browse the network\&.
+.sp
Default:
\fI\fIvalid users\fR\fR\fI = \fR\fI # No valid users list (anyone can login) \fR\fI \fR
.sp
diff --git a/docs/manpages/smbcacls.1 b/docs/manpages/smbcacls.1
index caa0fc5..115c2d0 100644
--- a/docs/manpages/smbcacls.1
+++ b/docs/manpages/smbcacls.1
@@ -2,12 +2,12 @@
.\" Title: smbcacls
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
-.\" Date: 08/15/2013
+.\" Date: 10/07/2013
.\" Manual: User Commands
.\" Source: Samba 4.0
.\" Language: English
.\"
-.TH "SMBCACLS" "1" "08/15/2013" "Samba 4\&.0" "User Commands"
+.TH "SMBCACLS" "1" "10/07/2013" "Samba 4\&.0" "User Commands"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff --git a/docs/manpages/smbclient.1 b/docs/manpages/smbclient.1
index 0ea05c4..57825e5 100644
--- a/docs/manpages/smbclient.1
+++ b/docs/manpages/smbclient.1
@@ -2,12 +2,12 @@
.\" Title: smbclient
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
-.\" Date: 08/15/2013
+.\" Date: 10/07/2013
.\" Manual: User Commands
.\" Source: Samba 4.0
.\" Language: English
.\"
-.TH "SMBCLIENT" "1" "08/15/2013" "Samba 4\&.0" "User Commands"
+.TH "SMBCLIENT" "1" "10/07/2013" "Samba 4\&.0" "User Commands"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff --git a/docs/manpages/smbcontrol.1 b/docs/manpages/smbcontrol.1
index f9087cb..4bbc9d7 100644
--- a/docs/manpages/smbcontrol.1
+++ b/docs/manpages/smbcontrol.1
@@ -2,12 +2,12 @@
.\" Title: smbcontrol
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
-.\" Date: 08/15/2013
+.\" Date: 10/07/2013
.\" Manual: User Commands
.\" Source: Samba 4.0
.\" Language: English
.\"
-.TH "SMBCONTROL" "1" "08/15/2013" "Samba 4\&.0" "User Commands"
+.TH "SMBCONTROL" "1" "10/07/2013" "Samba 4\&.0" "User Commands"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff --git a/docs/manpages/smbcquotas.1 b/docs/manpages/smbcquotas.1
index 302c876..39eb278 100644
--- a/docs/manpages/smbcquotas.1
+++ b/docs/manpages/smbcquotas.1
@@ -2,12 +2,12 @@
.\" Title: smbcquotas
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
-.\" Date: 08/15/2013
+.\" Date: 10/07/2013
.\" Manual: User Commands
.\" Source: Samba 4.0
.\" Language: English
.\"
-.TH "SMBCQUOTAS" "1" "08/15/2013" "Samba 4\&.0" "User Commands"
+.TH "SMBCQUOTAS" "1" "10/07/2013" "Samba 4\&.0" "User Commands"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff --git a/docs/manpages/smbd.8 b/docs/manpages/smbd.8
index 2d55ea5..33a1038 100644
--- a/docs/manpages/smbd.8
+++ b/docs/manpages/smbd.8
@@ -2,12 +2,12 @@
.\" Title: smbd
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
-.\" Date: 08/15/2013
+.\" Date: 10/07/2013
.\" Manual: System Administration tools
.\" Source: Samba 4.0
.\" Language: English
.\"
-.TH "SMBD" "8" "08/15/2013" "Samba 4\&.0" "System Administration tools"
+.TH "SMBD" "8" "10/07/2013" "Samba 4\&.0" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff --git a/docs/manpages/smbget.1 b/docs/manpages/smbget.1
index 81f6112..31ef770 100644
--- a/docs/manpages/smbget.1
+++ b/docs/manpages/smbget.1
@@ -2,12 +2,12 @@
.\" Title: smbget
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
-.\" Date: 08/15/2013
+.\" Date: 10/07/2013
.\" Manual: User Commands
.\" Source: Samba 4.0
.\" Language: English
.\"
-.TH "SMBGET" "1" "08/15/2013" "Samba 4\&.0" "User Commands"
+.TH "SMBGET" "1" "10/07/2013" "Samba 4\&.0" "User Commands"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff --git a/docs/manpages/smbgetrc.5 b/docs/manpages/smbgetrc.5
index ccf0d24..09a3796 100644
--- a/docs/manpages/smbgetrc.5
+++ b/docs/manpages/smbgetrc.5
@@ -2,12 +2,12 @@
.\" Title: smbgetrc
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
-.\" Date: 08/15/2013
+.\" Date: 10/07/2013
.\" Manual: File Formats and Conventions
.\" Source: Samba 4.0
.\" Language: English
.\"
-.TH "SMBGETRC" "5" "08/15/2013" "Samba 4\&.0" "File Formats and Conventions"
+.TH "SMBGETRC" "5" "10/07/2013" "Samba 4\&.0" "File Formats and Conventions"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff --git a/docs/manpages/smbpasswd.5 b/docs/manpages/smbpasswd.5
index 1ac4649..ab42878 100644
--- a/docs/manpages/smbpasswd.5
+++ b/docs/manpages/smbpasswd.5
@@ -2,12 +2,12 @@
.\" Title: smbpasswd
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
-.\" Date: 08/15/2013
+.\" Date: 10/07/2013
.\" Manual: File Formats and Conventions
.\" Source: Samba 4.0
.\" Language: English
.\"
-.TH "SMBPASSWD" "5" "08/15/2013" "Samba 4\&.0" "File Formats and Conventions"
+.TH "SMBPASSWD" "5" "10/07/2013" "Samba 4\&.0" "File Formats and Conventions"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff --git a/docs/manpages/smbpasswd.8 b/docs/manpages/smbpasswd.8
index 588e41c..5fe7f26 100644
--- a/docs/manpages/smbpasswd.8
+++ b/docs/manpages/smbpasswd.8
@@ -2,12 +2,12 @@
.\" Title: smbpasswd
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
-.\" Date: 08/15/2013
+.\" Date: 10/07/2013
.\" Manual: System Administration tools
.\" Source: Samba 4.0
.\" Language: English
.\"
-.TH "SMBPASSWD" "8" "08/15/2013" "Samba 4\&.0" "System Administration tools"
+.TH "SMBPASSWD" "8" "10/07/2013" "Samba 4\&.0" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff --git a/docs/manpages/smbspool.8 b/docs/manpages/smbspool.8
index 1013aa6..d21f7d9 100644
--- a/docs/manpages/smbspool.8
+++ b/docs/manpages/smbspool.8
@@ -2,12 +2,12 @@
.\" Title: smbspool
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
-.\" Date: 08/15/2013
+.\" Date: 10/07/2013
.\" Manual: System Administration tools
.\" Source: Samba 4.0
.\" Language: English
.\"
-.TH "SMBSPOOL" "8" "08/15/2013" "Samba 4\&.0" "System Administration tools"
+.TH "SMBSPOOL" "8" "10/07/2013" "Samba 4\&.0" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff --git a/docs/manpages/smbstatus.1 b/docs/manpages/smbstatus.1
index b582160..83a1c23 100644
--- a/docs/manpages/smbstatus.1
+++ b/docs/manpages/smbstatus.1
@@ -2,12 +2,12 @@
.\" Title: smbstatus
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
-.\" Date: 08/15/2013
+.\" Date: 10/07/2013
.\" Manual: User Commands
.\" Source: Samba 4.0
.\" Language: English
.\"
-.TH "SMBSTATUS" "1" "08/15/2013" "Samba 4\&.0" "User Commands"
+.TH "SMBSTATUS" "1" "10/07/2013" "Samba 4\&.0" "User Commands"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff --git a/docs/manpages/smbta-util.8 b/docs/manpages/smbta-util.8
index 4873637..fa8174c 100644
--- a/docs/manpages/smbta-util.8
+++ b/docs/manpages/smbta-util.8
@@ -2,12 +2,12 @@
.\" Title: smbta-util
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
-.\" Date: 08/15/2013
+.\" Date: 10/07/2013
.\" Manual: System Administration tools
.\" Source: Samba 4.0
.\" Language: English
.\"
-.TH "SMBTA\-UTIL" "8" "08/15/2013" "Samba 4\&.0" "System Administration tools"
+.TH "SMBTA\-UTIL" "8" "10/07/2013" "Samba 4\&.0" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff --git a/docs/manpages/smbtar.1 b/docs/manpages/smbtar.1
index be7d60a..ef704a3 100644
--- a/docs/manpages/smbtar.1
+++ b/docs/manpages/smbtar.1
@@ -2,12 +2,12 @@
.\" Title: smbtar
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
-.\" Date: 08/15/2013
+.\" Date: 10/07/2013
.\" Manual: User Commands
.\" Source: Samba 4.0
.\" Language: English
.\"
-.TH "SMBTAR" "1" "08/15/2013" "Samba 4\&.0" "User Commands"
+.TH "SMBTAR" "1" "10/07/2013" "Samba 4\&.0" "User Commands"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff --git a/docs/manpages/smbtree.1 b/docs/manpages/smbtree.1
index a369c3a..17c3568 100644
--- a/docs/manpages/smbtree.1
+++ b/docs/manpages/smbtree.1
@@ -2,12 +2,12 @@
.\" Title: smbtree
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
-.\" Date: 08/15/2013
+.\" Date: 10/07/2013
.\" Manual: User Commands
.\" Source: Samba 4.0
.\" Language: English
.\"
-.TH "SMBTREE" "1" "08/15/2013" "Samba 4\&.0" "User Commands"
+.TH "SMBTREE" "1" "10/07/2013" "Samba 4\&.0" "User Commands"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff --git a/docs/manpages/swat.8 b/docs/manpages/swat.8
index aae05a5..dcc2f6f 100644
--- a/docs/manpages/swat.8
+++ b/docs/manpages/swat.8
@@ -2,12 +2,12 @@
.\" Title: swat
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
-.\" Date: 08/15/2013
+.\" Date: 10/07/2013
.\" Manual: System Administration tools
.\" Source: Samba 4.0
.\" Language: English
.\"
-.TH "SWAT" "8" "08/15/2013" "Samba 4\&.0" "System Administration tools"
+.TH "SWAT" "8" "10/07/2013" "Samba 4\&.0" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff --git a/docs/manpages/testparm.1 b/docs/manpages/testparm.1
index ec4861c..95b7d87 100644
--- a/docs/manpages/testparm.1
+++ b/docs/manpages/testparm.1
@@ -2,12 +2,12 @@
.\" Title: testparm
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
-.\" Date: 08/15/2013
+.\" Date: 10/07/2013
.\" Manual: User Commands
.\" Source: Samba 4.0
.\" Language: English
.\"
-.TH "TESTPARM" "1" "08/15/2013" "Samba 4\&.0" "User Commands"
+.TH "TESTPARM" "1" "10/07/2013" "Samba 4\&.0" "User Commands"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff --git a/docs/manpages/vfs_acl_tdb.8 b/docs/manpages/vfs_acl_tdb.8
index 777e034..174f040 100644
--- a/docs/manpages/vfs_acl_tdb.8
+++ b/docs/manpages/vfs_acl_tdb.8
@@ -2,12 +2,12 @@
.\" Title: vfs_acl_tdb
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
-.\" Date: 08/15/2013
+.\" Date: 10/07/2013
.\" Manual: System Administration tools
.\" Source: Samba 4.0
.\" Language: English
.\"
-.TH "VFS_ACL_TDB" "8" "08/15/2013" "Samba 4\&.0" "System Administration tools"
+.TH "VFS_ACL_TDB" "8" "10/07/2013" "Samba 4\&.0" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff --git a/docs/manpages/vfs_acl_xattr.8 b/docs/manpages/vfs_acl_xattr.8
index a2a36c4..b5f0e8e 100644
--- a/docs/manpages/vfs_acl_xattr.8
+++ b/docs/manpages/vfs_acl_xattr.8
@@ -2,12 +2,12 @@
.\" Title: vfs_acl_xattr
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
-.\" Date: 08/15/2013
+.\" Date: 10/07/2013
.\" Manual: System Administration tools
.\" Source: Samba 4.0
.\" Language: English
.\"
-.TH "VFS_ACL_XATTR" "8" "08/15/2013" "Samba 4\&.0" "System Administration tools"
+.TH "VFS_ACL_XATTR" "8" "10/07/2013" "Samba 4\&.0" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff --git a/docs/manpages/vfs_aio_fork.8 b/docs/manpages/vfs_aio_fork.8
index 67853f6..f64d312 100644
--- a/docs/manpages/vfs_aio_fork.8
+++ b/docs/manpages/vfs_aio_fork.8
@@ -2,12 +2,12 @@
.\" Title: vfs_aio_fork
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
-.\" Date: 08/15/2013
+.\" Date: 10/07/2013
.\" Manual: System Administration tools
.\" Source: Samba 4.0
.\" Language: English
.\"
-.TH "VFS_AIO_FORK" "8" "08/15/2013" "Samba 4\&.0" "System Administration tools"
+.TH "VFS_AIO_FORK" "8" "10/07/2013" "Samba 4\&.0" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff --git a/docs/manpages/vfs_aio_linux.8 b/docs/manpages/vfs_aio_linux.8
index 79a8dc1..80f668d 100644
--- a/docs/manpages/vfs_aio_linux.8
+++ b/docs/manpages/vfs_aio_linux.8
@@ -2,12 +2,12 @@
.\" Title: vfs_aio_linux
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
-.\" Date: 08/15/2013
+.\" Date: 10/07/2013
.\" Manual: System Administration tools
.\" Source: Samba 4.0
.\" Language: English
.\"
-.TH "VFS_AIO_LINUX" "8" "08/15/2013" "Samba 4\&.0" "System Administration tools"
+.TH "VFS_AIO_LINUX" "8" "10/07/2013" "Samba 4\&.0" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff --git a/docs/manpages/vfs_aio_pthread.8 b/docs/manpages/vfs_aio_pthread.8
index 9538eea..cbad727 100644
--- a/docs/manpages/vfs_aio_pthread.8
+++ b/docs/manpages/vfs_aio_pthread.8
@@ -2,12 +2,12 @@
.\" Title: vfs_aio_pthread
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
-.\" Date: 08/15/2013
+.\" Date: 10/07/2013
.\" Manual: System Administration tools
.\" Source: Samba 4.0
.\" Language: English
.\"
-.TH "VFS_AIO_PTHREAD" "8" "08/15/2013" "Samba 4\&.0" "System Administration tools"
+.TH "VFS_AIO_PTHREAD" "8" "10/07/2013" "Samba 4\&.0" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff --git a/docs/manpages/vfs_audit.8 b/docs/manpages/vfs_audit.8
index 6587756..522320a 100644
--- a/docs/manpages/vfs_audit.8
+++ b/docs/manpages/vfs_audit.8
@@ -2,12 +2,12 @@
.\" Title: vfs_audit
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
-.\" Date: 08/15/2013
+.\" Date: 10/07/2013
.\" Manual: System Administration tools
.\" Source: Samba 4.0
.\" Language: English
.\"
-.TH "VFS_AUDIT" "8" "08/15/2013" "Samba 4\&.0" "System Administration tools"
+.TH "VFS_AUDIT" "8" "10/07/2013" "Samba 4\&.0" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff --git a/docs/manpages/vfs_cacheprime.8 b/docs/manpages/vfs_cacheprime.8
index 14000d1..7185a15 100644
--- a/docs/manpages/vfs_cacheprime.8
+++ b/docs/manpages/vfs_cacheprime.8
@@ -2,12 +2,12 @@
.\" Title: vfs_cacheprime
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
-.\" Date: 08/15/2013
+.\" Date: 10/07/2013
.\" Manual: System Administration tools
.\" Source: Samba 4.0
.\" Language: English
.\"
-.TH "VFS_CACHEPRIME" "8" "08/15/2013" "Samba 4\&.0" "System Administration tools"
+.TH "VFS_CACHEPRIME" "8" "10/07/2013" "Samba 4\&.0" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff --git a/docs/manpages/vfs_cap.8 b/docs/manpages/vfs_cap.8
index db88931..b76f599 100644
--- a/docs/manpages/vfs_cap.8
+++ b/docs/manpages/vfs_cap.8
@@ -2,12 +2,12 @@
.\" Title: vfs_cap
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
-.\" Date: 08/15/2013
+.\" Date: 10/07/2013
.\" Manual: System Administration tools
.\" Source: Samba 4.0
.\" Language: English
.\"
-.TH "VFS_CAP" "8" "08/15/2013" "Samba 4\&.0" "System Administration tools"
+.TH "VFS_CAP" "8" "10/07/2013" "Samba 4\&.0" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff --git a/docs/manpages/vfs_catia.8 b/docs/manpages/vfs_catia.8
index faca02c..4f86086 100644
--- a/docs/manpages/vfs_catia.8
+++ b/docs/manpages/vfs_catia.8
@@ -2,12 +2,12 @@
.\" Title: vfs_catia
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
-.\" Date: 08/15/2013
+.\" Date: 10/07/2013
.\" Manual: System Administration tools
.\" Source: Samba 4.0
.\" Language: English
.\"
-.TH "VFS_CATIA" "8" "08/15/2013" "Samba 4\&.0" "System Administration tools"
+.TH "VFS_CATIA" "8" "10/07/2013" "Samba 4\&.0" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff --git a/docs/manpages/vfs_commit.8 b/docs/manpages/vfs_commit.8
index 05beea1..dc1c31c 100644
--- a/docs/manpages/vfs_commit.8
+++ b/docs/manpages/vfs_commit.8
@@ -2,12 +2,12 @@
.\" Title: vfs_commit
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
-.\" Date: 08/15/2013
+.\" Date: 10/07/2013
.\" Manual: System Administration tools
.\" Source: Samba 4.0
.\" Language: English
.\"
-.TH "VFS_COMMIT" "8" "08/15/2013" "Samba 4\&.0" "System Administration tools"
+.TH "VFS_COMMIT" "8" "10/07/2013" "Samba 4\&.0" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff --git a/docs/manpages/vfs_crossrename.8 b/docs/manpages/vfs_crossrename.8
index 5b3c238..381911e 100644
--- a/docs/manpages/vfs_crossrename.8
+++ b/docs/manpages/vfs_crossrename.8
@@ -2,12 +2,12 @@
.\" Title: vfs_crossrename
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
-.\" Date: 08/15/2013
+.\" Date: 10/07/2013
.\" Manual: System Administration tools
.\" Source: Samba 4.0
.\" Language: English
.\"
-.TH "VFS_CROSSRENAME" "8" "08/15/2013" "Samba 4\&.0" "System Administration tools"
+.TH "VFS_CROSSRENAME" "8" "10/07/2013" "Samba 4\&.0" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
@@ -40,31 +40,29 @@ suite\&.
.PP
The
vfs_crossrename
-VFS module allows server side rename operations even if source and target are on different physical devices\&. A "move" in Explorer is usually a rename operation if it is inside of a single share or device\&. Usually such a rename operation returns NT_STATUS_NOT_SAME_DEVICE and the client has to move the file by manual copy and delete operations\&. If the rename by copy is done by the server this can be much more efficient\&. vfs_crossrename tries to do this server\-side cross\-device re [...]
+VFS module allows server side rename operations even if source and target are on different physical devices\&. A "move" in Explorer is usually a rename operation if it is inside of a single share or device\&. Usually such a rename operation returns NT_STATUS_NOT_SAME_DEVICE and the client has to move the file by manual copy and delete operations\&. If the rename by copy is done by the server this can be much more efficient\&. vfs_crossrename tries to do this server\-side cross\-device re [...]
+.PP
+There are however limitations that this module currently does not solve:
.PP
.RS 4
-
- the ACLs of files are not preserved
- .RE
+.PP
+The ACLs of files are not preserved,
+.RE
.PP
.RS 4
-
- meta data in EAs are not preserved
- .RE
+.PP
+meta data in EAs are not preserved,
+.RE
.PP
.RS 4
-
- renames of whole subdirectories cannot be done recursively,
- in that case we still return STATUS_NOT_SAME_DEVICE and
- let the client decide what to do
- .RE
+.PP
+renames of whole subdirectories cannot be done recursively, in that case we still return STATUS_NOT_SAME_DEVICE and let the client decide what to do,
+.RE
.PP
.RS 4
-
- rename operations of huge files can cause hangs on the
- client because clients expect a rename operation to
- return fast
- .RE
+.PP
+rename operations of huge files can cause hangs on the client because clients expect a rename operation to return fast\&.
+.RE
.PP
This module is stackable\&.
.SH "OPTIONS"
diff --git a/docs/manpages/vfs_default_quota.8 b/docs/manpages/vfs_default_quota.8
index faf013f..5802d3a 100644
--- a/docs/manpages/vfs_default_quota.8
+++ b/docs/manpages/vfs_default_quota.8
@@ -2,12 +2,12 @@
.\" Title: vfs_default_quota
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
-.\" Date: 08/15/2013
+.\" Date: 10/07/2013
.\" Manual: System Administration tools
.\" Source: Samba 4.0
.\" Language: English
.\"
-.TH "VFS_DEFAULT_QUOTA" "8" "08/15/2013" "Samba 4\&.0" "System Administration tools"
+.TH "VFS_DEFAULT_QUOTA" "8" "10/07/2013" "Samba 4\&.0" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff --git a/docs/manpages/vfs_dirsort.8 b/docs/manpages/vfs_dirsort.8
index d05ebfa..7e96753 100644
--- a/docs/manpages/vfs_dirsort.8
+++ b/docs/manpages/vfs_dirsort.8
@@ -2,12 +2,12 @@
.\" Title: vfs_dirsort
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
-.\" Date: 08/15/2013
+.\" Date: 10/07/2013
.\" Manual: System Administration tools
.\" Source: Samba 4.0
.\" Language: English
.\"
-.TH "VFS_DIRSORT" "8" "08/15/2013" "Samba 4\&.0" "System Administration tools"
+.TH "VFS_DIRSORT" "8" "10/07/2013" "Samba 4\&.0" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff --git a/docs/manpages/vfs_extd_audit.8 b/docs/manpages/vfs_extd_audit.8
index 32b4dfe..8ea2b07 100644
--- a/docs/manpages/vfs_extd_audit.8
+++ b/docs/manpages/vfs_extd_audit.8
@@ -2,12 +2,12 @@
.\" Title: vfs_extd_audit
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
-.\" Date: 08/15/2013
+.\" Date: 10/07/2013
.\" Manual: System Administration tools
.\" Source: Samba 4.0
.\" Language: English
.\"
-.TH "VFS_EXTD_AUDIT" "8" "08/15/2013" "Samba 4\&.0" "System Administration tools"
+.TH "VFS_EXTD_AUDIT" "8" "10/07/2013" "Samba 4\&.0" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff --git a/docs/manpages/vfs_fake_perms.8 b/docs/manpages/vfs_fake_perms.8
index 0a93d89..31dd81a 100644
--- a/docs/manpages/vfs_fake_perms.8
+++ b/docs/manpages/vfs_fake_perms.8
@@ -2,12 +2,12 @@
.\" Title: vfs_fake_perms
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
-.\" Date: 08/15/2013
+.\" Date: 10/07/2013
.\" Manual: System Administration tools
.\" Source: Samba 4.0
.\" Language: English
.\"
-.TH "VFS_FAKE_PERMS" "8" "08/15/2013" "Samba 4\&.0" "System Administration tools"
+.TH "VFS_FAKE_PERMS" "8" "10/07/2013" "Samba 4\&.0" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff --git a/docs/manpages/vfs_fileid.8 b/docs/manpages/vfs_fileid.8
index 577b3a9..5bdcc80 100644
--- a/docs/manpages/vfs_fileid.8
+++ b/docs/manpages/vfs_fileid.8
@@ -2,12 +2,12 @@
.\" Title: vfs_fileid
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
-.\" Date: 08/15/2013
+.\" Date: 10/07/2013
.\" Manual: System Administration tools
.\" Source: Samba 4.0
.\" Language: English
.\"
-.TH "VFS_FILEID" "8" "08/15/2013" "Samba 4\&.0" "System Administration tools"
+.TH "VFS_FILEID" "8" "10/07/2013" "Samba 4\&.0" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff --git a/docs/manpages/vfs_full_audit.8 b/docs/manpages/vfs_full_audit.8
index 5775182..ceb7cfe 100644
--- a/docs/manpages/vfs_full_audit.8
+++ b/docs/manpages/vfs_full_audit.8
@@ -2,12 +2,12 @@
.\" Title: vfs_full_audit
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
-.\" Date: 08/15/2013
+.\" Date: 10/07/2013
.\" Manual: System Administration tools
.\" Source: Samba 4.0
.\" Language: English
.\"
-.TH "VFS_FULL_AUDIT" "8" "08/15/2013" "Samba 4\&.0" "System Administration tools"
+.TH "VFS_FULL_AUDIT" "8" "10/07/2013" "Samba 4\&.0" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff --git a/docs/manpages/vfs_gpfs.8 b/docs/manpages/vfs_gpfs.8
index 4c2cbe0..2906ad9 100644
--- a/docs/manpages/vfs_gpfs.8
+++ b/docs/manpages/vfs_gpfs.8
@@ -2,12 +2,12 @@
.\" Title: vfs_gpfs
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
-.\" Date: 08/15/2013
+.\" Date: 10/07/2013
.\" Manual: System Administration tools
.\" Source: Samba 4.0
.\" Language: English
.\"
-.TH "VFS_GPFS" "8" "08/15/2013" "Samba 4\&.0" "System Administration tools"
+.TH "VFS_GPFS" "8" "10/07/2013" "Samba 4\&.0" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff --git a/docs/manpages/vfs_media_harmony.8 b/docs/manpages/vfs_media_harmony.8
index 2798fca..2a3f6b9 100644
--- a/docs/manpages/vfs_media_harmony.8
+++ b/docs/manpages/vfs_media_harmony.8
@@ -2,12 +2,12 @@
.\" Title: vfs_media_harmony
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
-.\" Date: 08/15/2013
+.\" Date: 10/07/2013
.\" Manual: System Administration tools
.\" Source: Samba 4.0
.\" Language: English
.\"
-.TH "VFS_MEDIA_HARMONY" "8" "08/15/2013" "Samba 4\&.0" "System Administration tools"
+.TH "VFS_MEDIA_HARMONY" "8" "10/07/2013" "Samba 4\&.0" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff --git a/docs/manpages/vfs_netatalk.8 b/docs/manpages/vfs_netatalk.8
index 33f9e29..1b7e06b 100644
--- a/docs/manpages/vfs_netatalk.8
+++ b/docs/manpages/vfs_netatalk.8
@@ -2,12 +2,12 @@
.\" Title: vfs_netatalk
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
-.\" Date: 08/15/2013
+.\" Date: 10/07/2013
.\" Manual: System Administration tools
.\" Source: Samba 4.0
.\" Language: English
.\"
-.TH "VFS_NETATALK" "8" "08/15/2013" "Samba 4\&.0" "System Administration tools"
+.TH "VFS_NETATALK" "8" "10/07/2013" "Samba 4\&.0" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff --git a/docs/manpages/vfs_notify_fam.8 b/docs/manpages/vfs_notify_fam.8
index c80b37d..b9219c2 100644
--- a/docs/manpages/vfs_notify_fam.8
+++ b/docs/manpages/vfs_notify_fam.8
@@ -2,12 +2,12 @@
.\" Title: vfs_notify_fam
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
-.\" Date: 08/15/2013
+.\" Date: 10/07/2013
.\" Manual: System Administration tools
.\" Source: Samba 4.0
.\" Language: English
.\"
-.TH "VFS_NOTIFY_FAM" "8" "08/15/2013" "Samba 4\&.0" "System Administration tools"
+.TH "VFS_NOTIFY_FAM" "8" "10/07/2013" "Samba 4\&.0" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff --git a/docs/manpages/vfs_prealloc.8 b/docs/manpages/vfs_prealloc.8
index 5cbde05..3c9f0ad 100644
--- a/docs/manpages/vfs_prealloc.8
+++ b/docs/manpages/vfs_prealloc.8
@@ -2,12 +2,12 @@
.\" Title: vfs_prealloc
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
-.\" Date: 08/15/2013
+.\" Date: 10/07/2013
.\" Manual: System Administration tools
.\" Source: Samba 4.0
.\" Language: English
.\"
-.TH "VFS_PREALLOC" "8" "08/15/2013" "Samba 4\&.0" "System Administration tools"
+.TH "VFS_PREALLOC" "8" "10/07/2013" "Samba 4\&.0" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff --git a/docs/manpages/vfs_preopen.8 b/docs/manpages/vfs_preopen.8
index 87215e9..ec987cb 100644
--- a/docs/manpages/vfs_preopen.8
+++ b/docs/manpages/vfs_preopen.8
@@ -2,12 +2,12 @@
.\" Title: vfs_preopen
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
-.\" Date: 08/15/2013
+.\" Date: 10/07/2013
.\" Manual: System Administration tools
.\" Source: Samba 4.0
.\" Language: English
.\"
-.TH "VFS_PREOPEN" "8" "08/15/2013" "Samba 4\&.0" "System Administration tools"
+.TH "VFS_PREOPEN" "8" "10/07/2013" "Samba 4\&.0" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff --git a/docs/manpages/vfs_readahead.8 b/docs/manpages/vfs_readahead.8
index 021c28f..fac5ad8 100644
--- a/docs/manpages/vfs_readahead.8
+++ b/docs/manpages/vfs_readahead.8
@@ -2,12 +2,12 @@
.\" Title: vfs_readahead
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
-.\" Date: 08/15/2013
+.\" Date: 10/07/2013
.\" Manual: System Administration tools
.\" Source: Samba 4.0
.\" Language: English
.\"
-.TH "VFS_READAHEAD" "8" "08/15/2013" "Samba 4\&.0" "System Administration tools"
+.TH "VFS_READAHEAD" "8" "10/07/2013" "Samba 4\&.0" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff --git a/docs/manpages/vfs_readonly.8 b/docs/manpages/vfs_readonly.8
index a6a096f..49dc9c9 100644
--- a/docs/manpages/vfs_readonly.8
+++ b/docs/manpages/vfs_readonly.8
@@ -2,12 +2,12 @@
.\" Title: vfs_readonly
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
-.\" Date: 08/15/2013
+.\" Date: 10/07/2013
.\" Manual: System Administration tools
.\" Source: Samba 4.0
.\" Language: English
.\"
-.TH "VFS_READONLY" "8" "08/15/2013" "Samba 4\&.0" "System Administration tools"
+.TH "VFS_READONLY" "8" "10/07/2013" "Samba 4\&.0" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff --git a/docs/manpages/vfs_recycle.8 b/docs/manpages/vfs_recycle.8
index fa4da1d..0d6f55b 100644
--- a/docs/manpages/vfs_recycle.8
+++ b/docs/manpages/vfs_recycle.8
@@ -2,12 +2,12 @@
.\" Title: vfs_recycle
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
-.\" Date: 08/15/2013
+.\" Date: 10/07/2013
.\" Manual: System Administration tools
.\" Source: Samba 4.0
.\" Language: English
.\"
-.TH "VFS_RECYCLE" "8" "08/15/2013" "Samba 4\&.0" "System Administration tools"
+.TH "VFS_RECYCLE" "8" "10/07/2013" "Samba 4\&.0" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff --git a/docs/manpages/vfs_scannedonly.8 b/docs/manpages/vfs_scannedonly.8
index f1805ff..8b55897 100644
--- a/docs/manpages/vfs_scannedonly.8
+++ b/docs/manpages/vfs_scannedonly.8
@@ -2,12 +2,12 @@
.\" Title: vfs_scannedonly
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
-.\" Date: 08/15/2013
+.\" Date: 10/07/2013
.\" Manual: System Administration tools
.\" Source: Samba 4.0
.\" Language: English
.\"
-.TH "VFS_SCANNEDONLY" "8" "08/15/2013" "Samba 4\&.0" "System Administration tools"
+.TH "VFS_SCANNEDONLY" "8" "10/07/2013" "Samba 4\&.0" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff --git a/docs/manpages/vfs_shadow_copy.8 b/docs/manpages/vfs_shadow_copy.8
index 5f1850f..59c2d05 100644
--- a/docs/manpages/vfs_shadow_copy.8
+++ b/docs/manpages/vfs_shadow_copy.8
@@ -2,12 +2,12 @@
.\" Title: vfs_shadow_copy
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
-.\" Date: 08/15/2013
+.\" Date: 10/07/2013
.\" Manual: System Administration tools
.\" Source: Samba 4.0
.\" Language: English
.\"
-.TH "VFS_SHADOW_COPY" "8" "08/15/2013" "Samba 4\&.0" "System Administration tools"
+.TH "VFS_SHADOW_COPY" "8" "10/07/2013" "Samba 4\&.0" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff --git a/docs/manpages/vfs_shadow_copy2.8 b/docs/manpages/vfs_shadow_copy2.8
index 1dbf04c..2af0f6d 100644
--- a/docs/manpages/vfs_shadow_copy2.8
+++ b/docs/manpages/vfs_shadow_copy2.8
@@ -2,12 +2,12 @@
.\" Title: vfs_shadow_copy2
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
-.\" Date: 08/15/2013
+.\" Date: 10/07/2013
.\" Manual: System Administration tools
.\" Source: Samba 4.0
.\" Language: English
.\"
-.TH "VFS_SHADOW_COPY2" "8" "08/15/2013" "Samba 4\&.0" "System Administration tools"
+.TH "VFS_SHADOW_COPY2" "8" "10/07/2013" "Samba 4\&.0" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff --git a/docs/manpages/vfs_smb_traffic_analyzer.8 b/docs/manpages/vfs_smb_traffic_analyzer.8
index c8b4caa..2f8c793 100644
--- a/docs/manpages/vfs_smb_traffic_analyzer.8
+++ b/docs/manpages/vfs_smb_traffic_analyzer.8
@@ -2,12 +2,12 @@
.\" Title: smb_traffic_analyzer
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
-.\" Date: 08/15/2013
+.\" Date: 10/07/2013
.\" Manual: System Administration tools
.\" Source: Samba 4.0
.\" Language: English
.\"
-.TH "SMB_TRAFFIC_ANALYZER" "8" "08/15/2013" "Samba 4\&.0" "System Administration tools"
+.TH "SMB_TRAFFIC_ANALYZER" "8" "10/07/2013" "Samba 4\&.0" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff --git a/docs/manpages/vfs_streams_depot.8 b/docs/manpages/vfs_streams_depot.8
index fa2a09e..10bf407 100644
--- a/docs/manpages/vfs_streams_depot.8
+++ b/docs/manpages/vfs_streams_depot.8
@@ -2,12 +2,12 @@
.\" Title: vfs_streams_depot
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
-.\" Date: 08/15/2013
+.\" Date: 10/07/2013
.\" Manual: System Administration tools
.\" Source: Samba 4.0
.\" Language: English
.\"
-.TH "VFS_STREAMS_DEPOT" "8" "08/15/2013" "Samba 4\&.0" "System Administration tools"
+.TH "VFS_STREAMS_DEPOT" "8" "10/07/2013" "Samba 4\&.0" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff --git a/docs/manpages/vfs_streams_xattr.8 b/docs/manpages/vfs_streams_xattr.8
index ed76ef1..2490433 100644
--- a/docs/manpages/vfs_streams_xattr.8
+++ b/docs/manpages/vfs_streams_xattr.8
@@ -2,12 +2,12 @@
.\" Title: vfs_streams_xattr
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
-.\" Date: 08/15/2013
+.\" Date: 10/07/2013
.\" Manual: System Administration tools
.\" Source: Samba 4.0
.\" Language: English
.\"
-.TH "VFS_STREAMS_XATTR" "8" "08/15/2013" "Samba 4\&.0" "System Administration tools"
+.TH "VFS_STREAMS_XATTR" "8" "10/07/2013" "Samba 4\&.0" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff --git a/docs/manpages/vfs_time_audit.8 b/docs/manpages/vfs_time_audit.8
index a028dde..2430507 100644
--- a/docs/manpages/vfs_time_audit.8
+++ b/docs/manpages/vfs_time_audit.8
@@ -2,12 +2,12 @@
.\" Title: vfs_time_audit
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
-.\" Date: 08/15/2013
+.\" Date: 10/07/2013
.\" Manual: System Administration tools
.\" Source: Samba 4.0
.\" Language: English
.\"
-.TH "VFS_TIME_AUDIT" "8" "08/15/2013" "Samba 4\&.0" "System Administration tools"
+.TH "VFS_TIME_AUDIT" "8" "10/07/2013" "Samba 4\&.0" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff --git a/docs/manpages/vfs_tsmsm.8 b/docs/manpages/vfs_tsmsm.8
index e64ad93..9924249 100644
--- a/docs/manpages/vfs_tsmsm.8
+++ b/docs/manpages/vfs_tsmsm.8
@@ -2,12 +2,12 @@
.\" Title: vfs_tsmsm
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
-.\" Date: 08/15/2013
+.\" Date: 10/07/2013
.\" Manual: System Administration tools
.\" Source: Samba 4.0
.\" Language: English
.\"
-.TH "VFS_TSMSM" "8" "08/15/2013" "Samba 4\&.0" "System Administration tools"
+.TH "VFS_TSMSM" "8" "10/07/2013" "Samba 4\&.0" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff --git a/docs/manpages/vfs_xattr_tdb.8 b/docs/manpages/vfs_xattr_tdb.8
index 72925ba..c96a733 100644
--- a/docs/manpages/vfs_xattr_tdb.8
+++ b/docs/manpages/vfs_xattr_tdb.8
@@ -2,12 +2,12 @@
.\" Title: vfs_xattr_tdb
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
-.\" Date: 08/15/2013
+.\" Date: 10/07/2013
.\" Manual: System Administration tools
.\" Source: Samba 4.0
.\" Language: English
.\"
-.TH "VFS_XATTR_TDB" "8" "08/15/2013" "Samba 4\&.0" "System Administration tools"
+.TH "VFS_XATTR_TDB" "8" "10/07/2013" "Samba 4\&.0" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff --git a/docs/manpages/vfstest.1 b/docs/manpages/vfstest.1
index 422a5e4..3acfa1c 100644
--- a/docs/manpages/vfstest.1
+++ b/docs/manpages/vfstest.1
@@ -2,12 +2,12 @@
.\" Title: vfstest
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
-.\" Date: 08/15/2013
+.\" Date: 10/07/2013
.\" Manual: User Commands
.\" Source: Samba 4.0
.\" Language: English
.\"
-.TH "VFSTEST" "1" "08/15/2013" "Samba 4\&.0" "User Commands"
+.TH "VFSTEST" "1" "10/07/2013" "Samba 4\&.0" "User Commands"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff --git a/docs/manpages/wbinfo.1 b/docs/manpages/wbinfo.1
index 694af4f..20ef381 100644
--- a/docs/manpages/wbinfo.1
+++ b/docs/manpages/wbinfo.1
@@ -2,12 +2,12 @@
.\" Title: wbinfo
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
-.\" Date: 08/15/2013
+.\" Date: 10/07/2013
.\" Manual: User Commands
.\" Source: Samba 4.0
.\" Language: English
.\"
-.TH "WBINFO" "1" "08/15/2013" "Samba 4\&.0" "User Commands"
+.TH "WBINFO" "1" "10/07/2013" "Samba 4\&.0" "User Commands"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff --git a/docs/manpages/winbind_krb5_locator.7 b/docs/manpages/winbind_krb5_locator.7
index 2ec3a95..50ec23b 100644
--- a/docs/manpages/winbind_krb5_locator.7
+++ b/docs/manpages/winbind_krb5_locator.7
@@ -2,12 +2,12 @@
.\" Title: winbind_krb5_locator
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
-.\" Date: 08/15/2013
+.\" Date: 10/07/2013
.\" Manual: 7
.\" Source: Samba 4.0
.\" Language: English
.\"
-.TH "WINBIND_KRB5_LOCATOR" "7" "08/15/2013" "Samba 4\&.0" "7"
+.TH "WINBIND_KRB5_LOCATOR" "7" "10/07/2013" "Samba 4\&.0" "7"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff --git a/docs/manpages/winbindd.8 b/docs/manpages/winbindd.8
index 14c1d83..5ab00df 100644
--- a/docs/manpages/winbindd.8
+++ b/docs/manpages/winbindd.8
@@ -2,12 +2,12 @@
.\" Title: winbindd
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
-.\" Date: 08/15/2013
+.\" Date: 10/07/2013
.\" Manual: System Administration tools
.\" Source: Samba 4.0
.\" Language: English
.\"
-.TH "WINBINDD" "8" "08/15/2013" "Samba 4\&.0" "System Administration tools"
+.TH "WINBINDD" "8" "10/07/2013" "Samba 4\&.0" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff --git a/lib/param/param_functions.c b/lib/param/param_functions.c
index 94652fa..35e199f 100644
--- a/lib/param/param_functions.c
+++ b/lib/param/param_functions.c
@@ -134,6 +134,7 @@ FN_LOCAL_BOOL(afs_share, bAfs_Share)
FN_LOCAL_BOOL(acl_check_permissions, bAclCheckPermissions)
FN_LOCAL_BOOL(acl_group_control, bAclGroupControl)
FN_LOCAL_BOOL(acl_map_full_control, bAclMapFullControl)
+FN_LOCAL_BOOL(acl_allow_execute_always, bAclAllowExecuteAlways)
FN_LOCAL_INTEGER(defaultcase, iDefaultCase)
FN_LOCAL_INTEGER(minprintspace, iMinPrintSpace)
FN_LOCAL_INTEGER(printing, iPrinting)
diff --git a/lib/param/param_table.c b/lib/param/param_table.c
index a73cd96..5b78eae 100644
--- a/lib/param/param_table.c
+++ b/lib/param/param_table.c
@@ -920,6 +920,16 @@ static struct parm_struct parm_table[] = {
.flags = FLAG_ADVANCED | FLAG_GLOBAL | FLAG_SHARE,
},
{
+ .label = "acl allow execute always",
+ .type = P_BOOL,
+ .p_class = P_LOCAL,
+ .offset = LOCAL_VAR(bAclAllowExecuteAlways),
+ .special = NULL,
+ .enum_list = NULL,
+ .flags = FLAG_ADVANCED | FLAG_GLOBAL | FLAG_SHARE,
+ },
+
+ {
.label = "create mask",
.type = P_OCTAL,
.p_class = P_LOCAL,
diff --git a/lib/replace/wscript b/lib/replace/wscript
index 951b791..e4d8b6b 100644
--- a/lib/replace/wscript
+++ b/lib/replace/wscript
@@ -85,7 +85,7 @@ struct foo bar = { .y = 'X', .x = 1 };
sys/sockio.h sys/un.h''', together=True)
conf.CHECK_HEADERS('sys/uio.h ifaddrs.h direct.h dirent.h')
conf.CHECK_HEADERS('windows.h winsock2.h ws2tcpip.h')
- conf.CHECK_HEADERS('libintl.h errno.h')
+ conf.CHECK_HEADERS('errno.h')
conf.CHECK_HEADERS('gcrypt.h getopt.h iconv.h')
conf.CHECK_HEADERS('sys/inotify.h memory.h nss.h sasl/sasl.h')
conf.CHECK_HEADERS('security/pam_appl.h zlib.h asm/unistd.h')
@@ -346,17 +346,41 @@ removeea setea
headers='netinet/in.h arpa/nameser.h resolv.h')
- if not conf.CHECK_FUNCS_IN('gettext', 'intl', checklibc=True, headers='libintl.h'):
- # Some hosts need lib iconv for linking with lib intl
- # So we try with flags just in case it helps.
- oldflags = conf.env['LDFLAGS_INTL']
- conf.env['LDFLAGS_INTL'] = "-liconv"
- if not conf.CHECK_LIB('intl'):
- conf.env['LDFLAGS_INTL'] = oldflags
+ conf.env.intl_libs=''
+ if not Options.options.disable_gettext:
+ conf.CHECK_HEADERS('libintl.h')
+ conf.CHECK_LIB('intl')
+ # *textdomain functions are not strictly necessary
+ conf.CHECK_FUNCS_IN('bindtextdomain textdomain bind_textdomain_codeset',
+ '', checklibc=True, headers='libintl.h')
+ # gettext and dgettext must exist
+ # on some systems (the ones with glibc, those are in libc)
+ if conf.CHECK_FUNCS_IN('dgettext gettext', '', checklibc=True, headers='libintl.h'):
+ # save for dependency definitions
+ conf.env.intl_libs=''
+ # others (e.g. FreeBSD) have seperate libintl
+ elif conf.CHECK_FUNCS_IN('dgettext gettext', 'intl', checklibc=False, headers='libintl.h'):
+ # save for dependency definitions
+ conf.env.intl_libs='intl'
+ # recheck with libintl
+ conf.CHECK_FUNCS_IN('bindtextdomain textdomain bind_textdomain_codeset',
+ 'intl', checklibc=False, headers='libintl.h')
else:
- conf.CHECK_FUNCS_IN('gettext', 'intl', checklibc=True, headers='libintl.h')
+ # Some hosts need lib iconv for linking with lib intl
+ # So we try with flags just in case it helps.
+ oldflags = conf.env['EXTRA_LDFLAGS'];
+ conf.env['EXTRA_LDFLAGS'].extend("-liconv")
+ conf.CHECK_FUNCS_IN('dgettext gettext bindtextdomain textdomain bind_textdomain_codeset',
+ 'intl', checklibc=False, headers='libintl.h')
+ conf.env['EXTRA_LDFLAGS'] = oldflags
+ if conf.env['HAVE_GETTEXT'] and conf.env['HAVE_DGETTEXT']:
+ # save for dependency definitions
+ conf.env.intl_libs='iconv intl'
+ else:
+ conf.fatal('library gettext not found, try specifying the path to ' +
+ 'it with --with-gettext=</path/to/gettext> or ' +
+ '--without-gettext to build without''')
- conf.CHECK_FUNCS_IN('dgettext gettext', 'intl', headers='libintl.h')
conf.CHECK_FUNCS_IN('pthread_create', 'pthread', checklibc=True, headers='pthread.h')
conf.CHECK_FUNCS_IN('crypt', 'crypt', checklibc=True)
@@ -622,6 +646,8 @@ def build(bld):
target='stdbool.h',
enabled = not bld.CONFIG_SET('HAVE_STDBOOL_H'))
+ bld.SAMBA_SUBSYSTEM('samba_intl', source='', use_global_deps=False,deps=bld.env.intl_libs)
+
def dist():
'''makes a tarball for distribution'''
samba_dist.dist()
diff --git a/nsswitch/wscript_build b/nsswitch/wscript_build
index a7d6489..55ba776 100644
--- a/nsswitch/wscript_build
+++ b/nsswitch/wscript_build
@@ -81,7 +81,7 @@ elif (host_os.rfind('aix') > -1):
if bld.CONFIG_SET('WITH_PAM_MODULES') and bld.CONFIG_SET('HAVE_PAM_START'):
bld.SAMBA_LIBRARY('pamwinbind',
source='pam_winbind.c',
- deps='intl talloc wbclient winbind-client iniparser pam',
+ deps='talloc wbclient winbind-client iniparser pam samba_intl',
cflags='-DLOCALEDIR=\"%s/locale\"' % bld.env.DATADIR,
realname='pam_winbind.so',
install_path='${PAMMODULESDIR}'
diff --git a/python/pyglue.c b/python/pyglue.c
index c21de46..802153a 100644
--- a/python/pyglue.c
+++ b/python/pyglue.c
@@ -164,18 +164,59 @@ static PyObject *py_interface_ips(PyObject *self, PyObject *args)
/* first count how many are not loopback addresses */
for (ifcount = i = 0; i<count; i++) {
const char *ip = iface_list_n_ip(ifaces, i);
- if (!(!all_interfaces && iface_list_same_net(ip, "127.0.0.1", "255.0.0.0"))) {
+
+ if (all_interfaces) {
ifcount++;
+ continue;
+ }
+
+ if (iface_list_same_net(ip, "127.0.0.1", "255.0.0.0")) {
+ continue;
+ }
+
+ if (iface_list_same_net(ip, "169.254.0.0", "255.255.0.0")) {
+ continue;
}
+
+ if (iface_list_same_net(ip, "::1", "ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff")) {
+ continue;
+ }
+
+ if (iface_list_same_net(ip, "fe80::", "ffff:ffff:ffff:ffff::")) {
+ continue;
+ }
+
+ ifcount++;
}
pylist = PyList_New(ifcount);
for (ifcount = i = 0; i<count; i++) {
const char *ip = iface_list_n_ip(ifaces, i);
- if (!(!all_interfaces && iface_list_same_net(ip, "127.0.0.1", "255.0.0.0"))) {
+
+ if (all_interfaces) {
PyList_SetItem(pylist, ifcount, PyString_FromString(ip));
ifcount++;
+ continue;
+ }
+
+ if (iface_list_same_net(ip, "127.0.0.1", "255.0.0.0")) {
+ continue;
+ }
+
+ if (iface_list_same_net(ip, "169.254.0.0", "255.255.0.0")) {
+ continue;
}
+
+ if (iface_list_same_net(ip, "::1", "ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff")) {
+ continue;
+ }
+
+ if (iface_list_same_net(ip, "fe80::", "ffff:ffff:ffff:ffff::")) {
+ continue;
+ }
+
+ PyList_SetItem(pylist, ifcount, PyString_FromString(ip));
+ ifcount++;
}
talloc_free(tmp_ctx);
return pylist;
diff --git a/python/samba/join.py b/python/samba/join.py
index c55c22c..b2f4da4 100644
--- a/python/samba/join.py
+++ b/python/samba/join.py
@@ -26,9 +26,12 @@ from samba.ndr import ndr_pack
from samba.dcerpc import security, drsuapi, misc, nbt, lsa, drsblobs
from samba.credentials import Credentials, DONT_USE_KERBEROS
from samba.provision import secretsdb_self_join, provision, provision_fill, FILL_DRS, FILL_SUBDOMAIN
+from samba.provision.common import setup_path
from samba.schema import Schema
from samba.net import Net
from samba.provision.sambadns import setup_bind9_dns
+from samba import read_and_sub_file
+from base64 import b64encode
import logging
import talloc
import random
@@ -179,6 +182,19 @@ class dc_join(object):
attrs=["msDS-krbTgtLink"])
if res:
ctx.del_noerror(res[0].dn, recursive=True)
+
+ res = ctx.samdb.search(base=ctx.samdb.get_default_basedn(),
+ expression='(&(sAMAccountName=%s)(servicePrincipalName=%s))' % (ldb.binary_encode("dns-%s" % ctx.myname), ldb.binary_encode("dns/%s" % ctx.dnshostname)),
+ attrs=[])
+ if res:
+ ctx.del_noerror(res[0].dn, recursive=True)
+
+ res = ctx.samdb.search(base=ctx.samdb.get_default_basedn(),
+ expression='(sAMAccountName=%s)' % ldb.binary_encode("dns-%s" % ctx.myname),
+ attrs=[])
+ if res:
+ raise RuntimeError("Not removing account %s which looks like a Samba DNS service account but does not have servicePrincipalName=%s" % (ldb.binary_encode("dns-%s" % ctx.myname), ldb.binary_encode("dns/%s" % ctx.dnshostname)))
+
if ctx.connection_dn is not None:
ctx.del_noerror(ctx.connection_dn)
if ctx.krbtgt_dn is not None:
@@ -579,6 +595,56 @@ class dc_join(object):
"userAccountControl")
ctx.samdb.modify(m)
+ if ctx.dns_backend.startswith("BIND9_"):
+ ctx.dnspass = samba.generate_random_password(128, 255)
+
+ recs = ctx.samdb.parse_ldif(read_and_sub_file(setup_path("provision_dns_add_samba.ldif"),
+ {"DNSDOMAIN": ctx.dnsdomain,
+ "DOMAINDN": ctx.base_dn,
+ "HOSTNAME" : ctx.myname,
+ "DNSPASS_B64": b64encode(ctx.dnspass),
+ "DNSNAME" : ctx.dnshostname}))
+ for changetype, msg in recs:
+ assert changetype == ldb.CHANGETYPE_NONE
+ print "Adding DNS account %s with dns/ SPN" % msg["dn"]
+
+ # Remove dns password (we will set it as a modify, as we can't do clearTextPassword over LDAP)
+ del msg["clearTextPassword"]
+ # Remove isCriticalSystemObject for similar reasons, it cannot be set over LDAP
+ del msg["isCriticalSystemObject"]
+ try:
+ ctx.samdb.add(msg)
+ dns_acct_dn = msg["dn"]
+ except ldb.LdbError, (num, _):
+ if num != ldb.ERR_ENTRY_ALREADY_EXISTS:
+ raise
+
+ # The account password set operation should normally be done over
+ # LDAP. Windows 2000 DCs however allow this only with SSL
+ # connections which are hard to set up and otherwise refuse with
+ # ERR_UNWILLING_TO_PERFORM. In this case we fall back to libnet
+ # over SAMR.
+ print "Setting account password for %s" % ctx.samname
+ try:
+ ctx.samdb.setpassword("(&(objectClass=user)(samAccountName=dns-%s))"
+ % ldb.binary_encode(ctx.myname),
+ ctx.dnspass,
+ force_change_at_next_login=False,
+ username=ctx.samname)
+ except ldb.LdbError, (num, _):
+ if num != ldb.ERR_UNWILLING_TO_PERFORM:
+ pass
+ ctx.net.set_password(account_name="dns-" % ctx.myname,
+ domain_name=ctx.domain_name,
+ newpassword=ctx.dnspass)
+
+ res = ctx.samdb.search(base=dns_acct_dn, scope=ldb.SCOPE_BASE,
+ attrs=["msDS-KeyVersionNumber"])
+ if "msDS-KeyVersionNumber" in res[0]:
+ ctx.dns_key_version_number = int(res[0]["msDS-KeyVersionNumber"][0])
+ else:
+ ctx.dns_key_version_number = None
+
def join_add_objects2(ctx):
"""add the various objects needed for the join, for subdomains post replication"""
@@ -861,13 +927,12 @@ class dc_join(object):
key_version_number=ctx.key_version_number)
if ctx.dns_backend.startswith("BIND9_"):
- dnspass = samba.generate_random_password(128, 255)
-
setup_bind9_dns(ctx.local_samdb, secrets_ldb, security.dom_sid(ctx.domsid),
ctx.names, ctx.paths, ctx.lp, logger,
dns_backend=ctx.dns_backend,
- dnspass=dnspass, os_level=ctx.behavior_version,
- targetdir=ctx.targetdir)
+ dnspass=ctx.dnspass, os_level=ctx.behavior_version,
+ targetdir=ctx.targetdir,
+ key_version_number=ctx.dns_key_version_number)
def join_setup_trusts(ctx):
"""provision the local SAM."""
diff --git a/python/samba/netcmd/dns.py b/python/samba/netcmd/dns.py
index c00d17a..6cfaa68 100644
--- a/python/samba/netcmd/dns.py
+++ b/python/samba/netcmd/dns.py
@@ -852,28 +852,40 @@ class cmd_zonecreate(Command):
zone_create_info = dnsserver.DNS_RPC_ZONE_CREATE_INFO_W2K()
zone_create_info.pszZoneName = zone
zone_create_info.dwZoneType = dnsp.DNS_ZONE_TYPE_PRIMARY
- zone_create_info.fAllowUpdate = dnsp.DNS_ZONE_UPDATE_SECURE
zone_create_info.fAging = 0
+ zone_create_info.fDsIntegrated = 1
+ zone_create_info.fLoadExisting = 1
elif client_version == dnsserver.DNS_CLIENT_VERSION_DOTNET:
typeid = dnsserver.DNSSRV_TYPEID_ZONE_CREATE_DOTNET
zone_create_info = dnsserver.DNS_RPC_ZONE_CREATE_INFO_DOTNET()
zone_create_info.pszZoneName = zone
zone_create_info.dwZoneType = dnsp.DNS_ZONE_TYPE_PRIMARY
- zone_create_info.fAllowUpdate = dnsp.DNS_ZONE_UPDATE_SECURE
zone_create_info.fAging = 0
+ zone_create_info.fDsIntegrated = 1
+ zone_create_info.fLoadExisting = 1
zone_create_info.dwDpFlags = dnsserver.DNS_DP_DOMAIN_DEFAULT
else:
typeid = dnsserver.DNSSRV_TYPEID_ZONE_CREATE
zone_create_info = dnsserver.DNS_RPC_ZONE_CREATE_INFO_LONGHORN()
zone_create_info.pszZoneName = zone
zone_create_info.dwZoneType = dnsp.DNS_ZONE_TYPE_PRIMARY
- zone_create_info.fAllowUpdate = dnsp.DNS_ZONE_UPDATE_SECURE
zone_create_info.fAging = 0
+ zone_create_info.fDsIntegrated = 1
+ zone_create_info.fLoadExisting = 1
zone_create_info.dwDpFlags = dnsserver.DNS_DP_DOMAIN_DEFAULT
res = dns_conn.DnssrvOperation2(client_version, 0, server, None,
0, 'ZoneCreate', typeid,
zone_create_info)
+
+ typeid = dnsserver.DNSSRV_TYPEID_NAME_AND_PARAM
+ name_and_param = dnsserver.DNS_RPC_NAME_AND_PARAM()
+ name_and_param.pszNodeName = 'AllowUpdate'
+ name_and_param.dwParam = dnsp.DNS_ZONE_UPDATE_SECURE
+
+ res = dns_conn.DnssrvOperation2(client_version, 0, server, zone,
+ 0, 'ResetDwordProperty', typeid,
+ name_and_param)
self.outf.write('Zone %s created successfully\n' % zone)
diff --git a/python/samba/netcmd/fsmo.py b/python/samba/netcmd/fsmo.py
index c938c91..02721f9 100644
--- a/python/samba/netcmd/fsmo.py
+++ b/python/samba/netcmd/fsmo.py
@@ -124,22 +124,22 @@ all=all of the above"""),
self.message("Attempting transfer...")
try:
transfer_role(self.outf, role, samdb)
+ self.outf.write("FSMO seize was not required, as transfer of '%s' role was successful\n" % role)
+ return
except CommandError:
#transfer failed, use the big axe...
self.message("Transfer unsuccessful, seizing...")
- m["fSMORoleOwner"]= ldb.MessageElement(
- serviceName, ldb.FLAG_MOD_REPLACE,
- "fSMORoleOwner")
else:
self.message("Will not attempt transfer, seizing...")
- m["fSMORoleOwner"]= ldb.MessageElement(
- serviceName, ldb.FLAG_MOD_REPLACE,
- "fSMORoleOwner")
+
+ m["fSMORoleOwner"]= ldb.MessageElement(
+ serviceName, ldb.FLAG_MOD_REPLACE,
+ "fSMORoleOwner")
try:
samdb.modify(m)
except LdbError, (num, msg):
raise CommandError("Failed to initiate role seize of '%s' role: %s" % (role, msg))
- self.outf.write("FSMO transfer of '%s' role successful\n" % role)
+ self.outf.write("FSMO seize of '%s' role successful\n" % role)
def run(self, force=None, H=None, role=None,
credopts=None, sambaopts=None, versionopts=None):
diff --git a/python/samba/provision/__init__.py b/python/samba/provision/__init__.py
index f13b7d1..e0b3d22 100644
--- a/python/samba/provision/__init__.py
+++ b/python/samba/provision/__init__.py
@@ -1695,12 +1695,12 @@ def interface_ips_v4(lp):
return ret
-def interface_ips_v6(lp, linklocal=False):
+def interface_ips_v6(lp):
"""return only IPv6 IPs"""
ips = samba.interface_ips(lp, False)
ret = []
for i in ips:
- if i.find(':') != -1 and (linklocal or i.find('%') == -1):
+ if i.find(':') != -1:
ret.append(i)
return ret
@@ -1997,7 +1997,7 @@ def provision(logger, session_info, credentials, smbconf=None,
if hostip6 is None:
logger.info("Looking up IPv6 addresses")
- hostips = interface_ips_v6(lp, linklocal=False)
+ hostips = interface_ips_v6(lp)
if hostips:
hostip6 = hostips[0]
if len(hostips) > 1:
diff --git a/python/samba/provision/sambadns.py b/python/samba/provision/sambadns.py
index a5a45cf..4acc24b 100644
--- a/python/samba/provision/sambadns.py
+++ b/python/samba/provision/sambadns.py
@@ -620,7 +620,7 @@ def add_dc_msdcs_records(samdb, forestdn, prefix, site, dnsforest, hostname,
def secretsdb_setup_dns(secretsdb, names, private_dir, realm,
- dnsdomain, dns_keytab_path, dnspass):
+ dnsdomain, dns_keytab_path, dnspass, key_version_number):
"""Add DNS specific bits to a secrets database.
:param secretsdb: Ldb Handle to the secrets database
@@ -632,11 +632,15 @@ def secretsdb_setup_dns(secretsdb, names, private_dir, realm,
except OSError:
pass
+ if key_version_number is None:
+ key_version_number = 1
+
setup_ldb(secretsdb, setup_path("secrets_dns.ldif"), {
"REALM": realm,
"DNSDOMAIN": dnsdomain,
"DNS_KEYTAB": dns_keytab_path,
"DNSPASS_B64": b64encode(dnspass),
+ "KEY_VERSION_NUMBER": str(key_version_number),
"HOSTNAME": names.hostname,
"DNSNAME" : '%s.%s' % (
names.netbiosname.lower(), names.dnsdomain.lower())
@@ -1074,7 +1078,7 @@ def setup_ad_dns(samdb, secretsdb, domainsid, names, paths, lp, logger,
def setup_bind9_dns(samdb, secretsdb, domainsid, names, paths, lp, logger,
dns_backend, os_level, site=None, dnspass=None, hostip=None,
- hostip6=None, targetdir=None):
+ hostip6=None, targetdir=None, key_version_number=None):
"""Provision DNS information (assuming BIND9 backend in DC role)
:param samdb: LDB object connected to sam.ldb file
@@ -1107,7 +1111,8 @@ def setup_bind9_dns(samdb, secretsdb, domainsid, names, paths, lp, logger,
secretsdb_setup_dns(secretsdb, names,
paths.private_dir, realm=names.realm,
dnsdomain=names.dnsdomain,
- dns_keytab_path=paths.dns_keytab, dnspass=dnspass)
+ dns_keytab_path=paths.dns_keytab, dnspass=dnspass,
+ key_version_number=key_version_number)
create_dns_dir(logger, paths)
diff --git a/selftest/target/Samba4.pm b/selftest/target/Samba4.pm
index c8e71c8..9fd2d40 100644
--- a/selftest/target/Samba4.pm
+++ b/selftest/target/Samba4.pm
@@ -875,7 +875,7 @@ sub provision_member($$$)
$cmd .= "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" ";
$cmd .= "$samba_tool domain join $ret->{CONFIGURATION} $dcvars->{REALM} member";
$cmd .= " -U$dcvars->{DC_USERNAME}\%$dcvars->{DC_PASSWORD}";
- $cmd .= " --machinepass=machine$ret->{password}";
+ $cmd .= " --machinepass=machine$ret->{PASSWORD}";
unless (system($cmd) == 0) {
warn("Join failed\n$cmd");
@@ -943,7 +943,7 @@ sub provision_rpc_proxy($$$)
$cmd .= "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" ";
$cmd .= "$samba_tool domain join $ret->{CONFIGURATION} $dcvars->{REALM} member";
$cmd .= " -U$dcvars->{DC_USERNAME}\%$dcvars->{DC_PASSWORD}";
- $cmd .= " --machinepass=machine$ret->{password}";
+ $cmd .= " --machinepass=machine$ret->{PASSWORD}";
unless (system($cmd) == 0) {
warn("Join failed\n$cmd");
@@ -1030,7 +1030,7 @@ sub provision_promoted_dc($$$)
$cmd .= "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" ";
$cmd .= "$samba_tool domain join $ret->{CONFIGURATION} $dcvars->{REALM} MEMBER --realm=$dcvars->{REALM}";
$cmd .= " -U$dcvars->{DC_USERNAME}\%$dcvars->{DC_PASSWORD}";
- $cmd .= " --machinepass=machine$ret->{password}";
+ $cmd .= " --machinepass=machine$ret->{PASSWORD}";
unless (system($cmd) == 0) {
warn("Join failed\n$cmd");
@@ -1043,7 +1043,7 @@ sub provision_promoted_dc($$$)
$cmd .= "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" ";
$cmd .= "$samba_tool domain dcpromo $ret->{CONFIGURATION} $dcvars->{REALM} DC --realm=$dcvars->{REALM}";
$cmd .= " -U$dcvars->{DC_USERNAME}\%$dcvars->{DC_PASSWORD}";
- $cmd .= " --machinepass=machine$ret->{password} --use-ntvfs";
+ $cmd .= " --machinepass=machine$ret->{PASSWORD} --use-ntvfs --dns-backend=BIND9_DLZ";
unless (system($cmd) == 0) {
warn("Join failed\n$cmd");
@@ -1104,7 +1104,7 @@ sub provision_vampire_dc($$$)
$cmd .= "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" ";
$cmd .= "$samba_tool domain join $ret->{CONFIGURATION} $dcvars->{REALM} DC --realm=$dcvars->{REALM}";
$cmd .= " -U$dcvars->{DC_USERNAME}\%$dcvars->{DC_PASSWORD} --domain-critical-only";
- $cmd .= " --machinepass=machine$ret->{password} --use-ntvfs";
+ $cmd .= " --machinepass=machine$ret->{PASSWORD} --use-ntvfs";
unless (system($cmd) == 0) {
warn("Join failed\n$cmd");
@@ -1169,7 +1169,7 @@ sub provision_subdom_dc($$$)
$cmd .= "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" ";
$cmd .= "$samba_tool domain join $ret->{CONFIGURATION} $ctx->{realm} subdomain ";
$cmd .= "--parent-domain=$dcvars->{REALM} -U$dcvars->{DC_USERNAME}\@$dcvars->{REALM}\%$dcvars->{DC_PASSWORD}";
- $cmd .= " --machinepass=machine$ret->{password} --use-ntvfs";
+ $cmd .= " --machinepass=machine$ret->{PASSWORD} --use-ntvfs";
unless (system($cmd) == 0) {
warn("Join failed\n$cmd");
@@ -1494,7 +1494,7 @@ sub provision_chgdcpass($$)
"chgdcpassword.samba.example.com",
"2008",
"chgDCpass1",
- undef, "server services = -dns", "",
+ undef, "", "",
$extra_provision_options);
return undef unless(defined $ret);
diff --git a/source3/autoconf/lib/param/param_local.h b/source3/autoconf/lib/param/param_local.h
index c4a5785..89eb6c3 100644
--- a/source3/autoconf/lib/param/param_local.h
+++ b/source3/autoconf/lib/param/param_local.h
@@ -115,6 +115,7 @@ struct loadparm_service
bool bAclCheckPermissions;
bool bAclGroupControl;
bool bAclMapFullControl;
+ bool bAclAllowExecuteAlways;
int iDefaultCase;
int iMinPrintSpace;
int iPrinting;
diff --git a/source3/autoconf/lib/param/param_proto.h b/source3/autoconf/lib/param/param_proto.h
index 3567d52..a274e44 100644
--- a/source3/autoconf/lib/param/param_proto.h
+++ b/source3/autoconf/lib/param/param_proto.h
@@ -485,6 +485,8 @@ bool lpcfg_acl_group_control(struct loadparm_service *, struct loadparm_service
bool lpcfg_acl_group_control(struct loadparm_service *, struct loadparm_service *);
bool lpcfg_acl_map_full_control(struct loadparm_service *, struct loadparm_service *);
bool lpcfg_acl_map_full_control(struct loadparm_service *, struct loadparm_service *);
+bool lpcfg_acl_allow_execute_always(struct loadparm_service *, struct loadparm_service *);
+bool lpcfg_acl_allow_execute_always(struct loadparm_service *, struct loadparm_service *);
int lpcfg_defaultcase(struct loadparm_service *, struct loadparm_service *);
int lpcfg_defaultcase(struct loadparm_service *, struct loadparm_service *);
int lpcfg_minprintspace(struct loadparm_service *, struct loadparm_service *);
diff --git a/source3/autoconf/lib/param/s3_param.h b/source3/autoconf/lib/param/s3_param.h
index e53a80a..470fdf2 100644
--- a/source3/autoconf/lib/param/s3_param.h
+++ b/source3/autoconf/lib/param/s3_param.h
@@ -120,6 +120,7 @@ struct loadparm_s3_helpers
bool (*acl_check_permissions)(void);
bool (*acl_group_control)(void);
bool (*acl_map_full_control)(void);
+ bool (*acl_allow_execute_always)(void);
int (*defaultcase)(void);
int (*minprintspace)(void);
int (*printing)(void);
diff --git a/source3/autoconf/librpc/gen_ndr/ndr_open_files.c b/source3/autoconf/librpc/gen_ndr/ndr_open_files.c
index 9aabcd7..605e112 100644
--- a/source3/autoconf/librpc/gen_ndr/ndr_open_files.c
+++ b/source3/autoconf/librpc/gen_ndr/ndr_open_files.c
@@ -23,6 +23,7 @@ _PUBLIC_ enum ndr_err_code ndr_push_share_mode_entry(struct ndr_push *ndr, int n
NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->uid));
NDR_CHECK(ndr_push_uint16(ndr, NDR_SCALARS, r->flags));
NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->name_hash));
+ /* [skip] 'r->stale' */
NDR_CHECK(ndr_push_trailer_align(ndr, 8));
}
if (ndr_flags & NDR_BUFFERS) {
@@ -48,6 +49,7 @@ _PUBLIC_ enum ndr_err_code ndr_pull_share_mode_entry(struct ndr_pull *ndr, int n
NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->uid));
NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->flags));
NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->name_hash));
+ /* [skip] '&r->stale' */
NDR_CHECK(ndr_pull_trailer_align(ndr, 8));
}
if (ndr_flags & NDR_BUFFERS) {
@@ -73,6 +75,7 @@ _PUBLIC_ void ndr_print_share_mode_entry(struct ndr_print *ndr, const char *name
ndr_print_uint32(ndr, "uid", r->uid);
ndr_print_uint16(ndr, "flags", r->flags);
ndr_print_uint32(ndr, "name_hash", r->name_hash);
+ ndr_print_uint8(ndr, "stale", r->stale);
ndr->depth--;
}
@@ -182,8 +185,8 @@ _PUBLIC_ enum ndr_err_code ndr_push_share_mode_data(struct ndr_push *ndr, int nd
}
NDR_CHECK(ndr_push_timespec(ndr, NDR_SCALARS, &r->old_write_time));
NDR_CHECK(ndr_push_timespec(ndr, NDR_SCALARS, &r->changed_write_time));
- NDR_CHECK(ndr_push_uint8(ndr, NDR_SCALARS, r->fresh));
- NDR_CHECK(ndr_push_uint8(ndr, NDR_SCALARS, r->modified));
+ /* [skip] 'r->fresh' */
+ /* [skip] 'r->modified' */
NDR_CHECK(ndr_push_uint3264(ndr, NDR_SCALARS, 0));
/* [ignore] 'record' */
NDR_CHECK(ndr_push_trailer_align(ndr, 8));
@@ -285,8 +288,8 @@ _PUBLIC_ enum ndr_err_code ndr_pull_share_mode_data(struct ndr_pull *ndr, int nd
NDR_PULL_SET_MEM_CTX(ndr, _mem_save_delete_tokens_0, 0);
NDR_CHECK(ndr_pull_timespec(ndr, NDR_SCALARS, &r->old_write_time));
NDR_CHECK(ndr_pull_timespec(ndr, NDR_SCALARS, &r->changed_write_time));
- NDR_CHECK(ndr_pull_uint8(ndr, NDR_SCALARS, &r->fresh));
- NDR_CHECK(ndr_pull_uint8(ndr, NDR_SCALARS, &r->modified));
+ /* [skip] '&r->fresh' */
+ /* [skip] '&r->modified' */
NDR_CHECK(ndr_pull_uint3264(ndr, NDR_SCALARS, &_ptr_record));
_ptr_record = 0;
if (_ptr_record) {
diff --git a/source3/autoconf/librpc/gen_ndr/open_files.h b/source3/autoconf/librpc/gen_ndr/open_files.h
index 9bc7c5b..ac10916 100644
--- a/source3/autoconf/librpc/gen_ndr/open_files.h
+++ b/source3/autoconf/librpc/gen_ndr/open_files.h
@@ -28,6 +28,7 @@ struct share_mode_entry {
uint32_t uid;
uint16_t flags;
uint32_t name_hash;
+ uint8_t stale;/* [skip] */
}/* [public] */;
struct delete_token {
@@ -47,8 +48,8 @@ struct share_mode_data {
struct delete_token *delete_tokens;/* [size_is(num_delete_tokens)] */
struct timespec old_write_time;
struct timespec changed_write_time;
- uint8_t fresh;
- uint8_t modified;
+ uint8_t fresh;/* [skip] */
+ uint8_t modified;/* [skip] */
struct db_record *record;/* [ignore] */
}/* [public] */;
diff --git a/source3/include/autoconf/version.h b/source3/include/autoconf/version.h
index e131369..73367b8 100644
--- a/source3/include/autoconf/version.h
+++ b/source3/include/autoconf/version.h
@@ -1,8 +1,8 @@
/* Autogenerated by script/mkversion.sh */
#define SAMBA_VERSION_MAJOR 4
#define SAMBA_VERSION_MINOR 0
-#define SAMBA_VERSION_RELEASE 9
-#define SAMBA_VERSION_OFFICIAL_STRING "4.0.9"
+#define SAMBA_VERSION_RELEASE 10
+#define SAMBA_VERSION_OFFICIAL_STRING "4.0.10"
#ifdef SAMBA_VERSION_VENDOR_FUNCTION
# define SAMBA_VERSION_STRING SAMBA_VERSION_VENDOR_FUNCTION
#else /* SAMBA_VERSION_VENDOR_FUNCTION */
diff --git a/source3/include/ntioctl.h b/source3/include/ntioctl.h
index e09e1c8..65bed64 100644
--- a/source3/include/ntioctl.h
+++ b/source3/include/ntioctl.h
@@ -26,6 +26,7 @@
#define IO_REPARSE_TAG_MOUNT_POINT 0xA0000003
#define IO_REPARSE_TAG_HSM 0xC0000004
#define IO_REPARSE_TAG_SIS 0x80000007
+#define IO_REPARSE_TAG_DFS 0x8000000A
/* For FSCTL_GET_SHADOW_COPY_DATA ...*/
diff --git a/source3/include/proto.h b/source3/include/proto.h
index 5f34193..0defbc9 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -1326,6 +1326,7 @@ bool lp_afs_share(int );
bool lp_acl_check_permissions(int );
bool lp_acl_group_control(int );
bool lp_acl_map_full_control(int );
+bool lp_acl_allow_execute_always(int);
bool lp_durable_handles(int);
int lp_create_mask(int );
int lp_force_create_mode(int );
diff --git a/source3/include/smb.h b/source3/include/smb.h
index 2aa2ab3..568ba54 100644
--- a/source3/include/smb.h
+++ b/source3/include/smb.h
@@ -567,6 +567,9 @@ Offset Data length.
#define NOTIFY_ACTION_REMOVED_STREAM 7
#define NOTIFY_ACTION_MODIFIED_STREAM 8
+/* timestamp format used in "previous versions" */
+#define GMT_NAME_LEN 24 /* length of a @GMT- name */
+#define GMT_FORMAT "@GMT-%Y.%m.%d-%H.%M.%S"
/* where to find the base of the SMB packet proper */
#define smb_base(buf) (((const char *)(buf))+4)
diff --git a/source3/lib/gencache.c b/source3/lib/gencache.c
index 95b4811..da779c9 100644
--- a/source3/lib/gencache.c
+++ b/source3/lib/gencache.c
@@ -63,7 +63,7 @@ static bool gencache_init(void)
/* skip file open if it's already opened */
if (cache) return True;
- cache_fname = lock_path("gencache.tdb");
+ cache_fname = cache_path("gencache.tdb");
DEBUG(5, ("Opening cache file at %s\n", cache_fname));
diff --git a/source3/lib/system.c b/source3/lib/system.c
index 8dbf7dc..8252e4f 100644
--- a/source3/lib/system.c
+++ b/source3/lib/system.c
@@ -228,7 +228,10 @@ static struct timespec get_atimespec(const struct stat *pst)
return ret;
#else
#if defined(HAVE_STRUCT_STAT_ST_MTIM_TV_NSEC)
- return pst->st_atim;
+ struct timespec ret;
+ ret.tv_sec = pst->st_atim.tv_sec;
+ ret.tv_nsec = pst->st_atim.tv_nsec;
+ return ret;
#elif defined(HAVE_STRUCT_STAT_ST_MTIMENSEC)
struct timespec ret;
ret.tv_sec = pst->st_atime;
@@ -263,7 +266,10 @@ static struct timespec get_mtimespec(const struct stat *pst)
return ret;
#else
#if defined(HAVE_STRUCT_STAT_ST_MTIM_TV_NSEC)
- return pst->st_mtim;
+ struct timespec ret;
+ ret.tv_sec = pst->st_mtim.tv_sec;
+ ret.tv_nsec = pst->st_mtim.tv_nsec;
+ return ret;
#elif defined(HAVE_STRUCT_STAT_ST_MTIMENSEC)
struct timespec ret;
ret.tv_sec = pst->st_mtime;
@@ -298,7 +304,10 @@ static struct timespec get_ctimespec(const struct stat *pst)
return ret;
#else
#if defined(HAVE_STRUCT_STAT_ST_MTIM_TV_NSEC)
- return pst->st_ctim;
+ struct timespec ret;
+ ret.tv_sec = pst->st_ctim.tv_sec;
+ ret.tv_nsec = pst->st_ctim.tv_nsec;
+ return ret;
#elif defined(HAVE_STRUCT_STAT_ST_MTIMENSEC)
struct timespec ret;
ret.tv_sec = pst->st_ctime;
diff --git a/source3/lib/util.c b/source3/lib/util.c
index 5ffce58..d543c7f 100644
--- a/source3/lib/util.c
+++ b/source3/lib/util.c
@@ -1487,10 +1487,12 @@ char *myhostname(void)
char *myhostname_upper(void)
{
- char *name;
static char *ret;
if (ret == NULL) {
- name = get_myname(talloc_tos());
+ char *name = get_myname(NULL);
+ if (name == NULL) {
+ return NULL;
+ }
ret = strupper_talloc(NULL, name);
talloc_free(name);
}
diff --git a/source3/librpc/idl/open_files.idl b/source3/librpc/idl/open_files.idl
index fa87bc7..686bc02 100644
--- a/source3/librpc/idl/open_files.idl
+++ b/source3/librpc/idl/open_files.idl
@@ -23,6 +23,12 @@ interface open_files
uint32 uid;
uint16 flags;
uint32 name_hash;
+
+ /*
+ * In-memory flag indicating a non-existing pid. We don't want
+ * to store this share_mode_entry on disk.
+ */
+ [skip] boolean8 stale;
} share_mode_entry;
typedef [public] struct {
@@ -42,8 +48,8 @@ interface open_files
[size_is(num_delete_tokens)] delete_token delete_tokens[];
timespec old_write_time;
timespec changed_write_time;
- uint8 fresh;
- uint8 modified;
+ [skip] boolean8 fresh;
+ [skip] boolean8 modified;
[ignore] db_record *record;
} share_mode_data;
diff --git a/source3/libsmb/dsgetdcname.c b/source3/libsmb/dsgetdcname.c
index 028a31b..6818b01 100644
--- a/source3/libsmb/dsgetdcname.c
+++ b/source3/libsmb/dsgetdcname.c
@@ -320,7 +320,6 @@ static NTSTATUS dsgetdcname_cache_fetch(TALLOC_CTX *mem_ctx,
const char *domain_name,
const struct GUID *domain_guid,
uint32_t flags,
- const char *site_name,
struct netr_DsRGetDCNameInfo **info_p)
{
char *key;
@@ -393,7 +392,7 @@ static NTSTATUS dsgetdcname_cached(TALLOC_CTX *mem_ctx,
NTSTATUS status;
status = dsgetdcname_cache_fetch(mem_ctx, domain_name, domain_guid,
- flags, site_name, info);
+ flags, info);
if (!NT_STATUS_IS_OK(status)
&& !NT_STATUS_EQUAL(status, NT_STATUS_NOT_FOUND)) {
DEBUG(10,("dsgetdcname_cached: cache fetch failed with: %s\n",
@@ -1094,12 +1093,10 @@ static bool is_closest_site(struct netr_DsRGetDCNameInfo *info)
}
/********************************************************************
- dsgetdcname.
-
- This will be the only public function here.
+ Internal dsgetdcname.
********************************************************************/
-NTSTATUS dsgetdcname(TALLOC_CTX *mem_ctx,
+static NTSTATUS dsgetdcname_internal(TALLOC_CTX *mem_ctx,
struct messaging_context *msg_ctx,
const char *domain_name,
const struct GUID *domain_guid,
@@ -1109,15 +1106,14 @@ NTSTATUS dsgetdcname(TALLOC_CTX *mem_ctx,
{
NTSTATUS status = NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND;
struct netr_DsRGetDCNameInfo *myinfo = NULL;
- char *query_site = NULL;
bool first = true;
struct netr_DsRGetDCNameInfo *first_info = NULL;
- DEBUG(10,("dsgetdcname: domain_name: %s, "
+ DEBUG(10,("dsgetdcname_internal: domain_name: %s, "
"domain_guid: %s, site_name: %s, flags: 0x%08x\n",
domain_name,
domain_guid ? GUID_string(mem_ctx, domain_guid) : "(null)",
- site_name, flags));
+ site_name ? site_name : "(null)", flags));
*info = NULL;
@@ -1126,18 +1122,12 @@ NTSTATUS dsgetdcname(TALLOC_CTX *mem_ctx,
return NT_STATUS_INVALID_PARAMETER;
}
- if ((site_name == NULL) || (site_name[0] == '\0')) {
- query_site = sitename_fetch(domain_name);
- } else {
- query_site = SMB_STRDUP(site_name);
- }
-
if (flags & DS_FORCE_REDISCOVERY) {
goto rediscover;
}
status = dsgetdcname_cached(mem_ctx, msg_ctx, domain_name, domain_guid,
- flags, query_site, &myinfo);
+ flags, site_name, &myinfo);
if (NT_STATUS_IS_OK(status)) {
goto done;
}
@@ -1148,12 +1138,10 @@ NTSTATUS dsgetdcname(TALLOC_CTX *mem_ctx,
rediscover:
status = dsgetdcname_rediscover(mem_ctx, msg_ctx, domain_name,
- domain_guid, flags, query_site,
+ domain_guid, flags, site_name,
&myinfo);
done:
- SAFE_FREE(query_site);
-
if (!NT_STATUS_IS_OK(status)) {
if (!first) {
*info = first_info;
@@ -1168,10 +1156,67 @@ NTSTATUS dsgetdcname(TALLOC_CTX *mem_ctx,
first = false;
first_info = myinfo;
/* TODO: may use the next_closest_site here */
- query_site = SMB_STRDUP(myinfo->client_site_name);
+ site_name = myinfo->client_site_name;
goto rediscover;
}
*info = myinfo;
return NT_STATUS_OK;
}
+
+/********************************************************************
+ dsgetdcname.
+
+ This will be the only public function here.
+********************************************************************/
+
+NTSTATUS dsgetdcname(TALLOC_CTX *mem_ctx,
+ struct messaging_context *msg_ctx,
+ const char *domain_name,
+ const struct GUID *domain_guid,
+ const char *site_name,
+ uint32_t flags,
+ struct netr_DsRGetDCNameInfo **info)
+{
+ NTSTATUS status;
+ const char *query_site = NULL;
+ char *ptr_to_free = NULL;
+ bool retry_query_with_null = false;
+
+ if ((site_name == NULL) || (site_name[0] == '\0')) {
+ ptr_to_free = sitename_fetch(domain_name);
+ if (ptr_to_free != NULL) {
+ retry_query_with_null = true;
+ }
+ query_site = ptr_to_free;
+ } else {
+ query_site = site_name;
+ }
+
+ status = dsgetdcname_internal(mem_ctx,
+ msg_ctx,
+ domain_name,
+ domain_guid,
+ query_site,
+ flags,
+ info);
+
+ SAFE_FREE(ptr_to_free);
+
+ if (!NT_STATUS_EQUAL(status, NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND)) {
+ return status;
+ }
+
+ /* Should we try again with site_name == NULL ? */
+ if (retry_query_with_null) {
+ status = dsgetdcname_internal(mem_ctx,
+ msg_ctx,
+ domain_name,
+ domain_guid,
+ NULL,
+ flags,
+ info);
+ }
+
+ return status;
+}
diff --git a/source3/locking/locking.c b/source3/locking/locking.c
index a7fc50c..be2c92d 100644
--- a/source3/locking/locking.c
+++ b/source3/locking/locking.c
@@ -617,6 +617,10 @@ bool is_valid_share_mode_entry(const struct share_mode_entry *e)
{
int num_props = 0;
+ if (e->stale) {
+ return false;
+ }
+
num_props += ((e->op_type == NO_OPLOCK) ? 1 : 0);
num_props += (EXCLUSIVE_OPLOCK_TYPE(e->op_type) ? 1 : 0);
num_props += (LEVEL_II_OPLOCK_TYPE(e->op_type) ? 1 : 0);
@@ -635,40 +639,53 @@ bool is_deferred_open_entry(const struct share_mode_entry *e)
/*
* In case d->share_modes[i] conflicts with something or otherwise is
* being used, we need to make sure the corresponding process still
- * exists. This routine checks it and potentially removes the entry
- * from d->share_modes. Modifies d->num_share_modes, watch out in
- * routines iterating over that array.
+ * exists.
*/
-bool share_mode_stale_pid(struct share_mode_data *d, unsigned i)
+bool share_mode_stale_pid(struct share_mode_data *d, unsigned idx)
{
struct share_mode_entry *e;
- if (i > d->num_share_modes) {
+ if (idx > d->num_share_modes) {
DEBUG(1, ("Asking for index %u, only %u around\n",
- i, (unsigned)d->num_share_modes));
+ idx, (unsigned)d->num_share_modes));
return false;
}
- e = &d->share_modes[i];
+ e = &d->share_modes[idx];
if (serverid_exists(&e->pid)) {
DEBUG(10, ("PID %s (index %u out of %u) still exists\n",
- procid_str_static(&e->pid), i,
+ procid_str_static(&e->pid), idx,
(unsigned)d->num_share_modes));
return false;
}
DEBUG(10, ("PID %s (index %u out of %u) does not exist anymore\n",
- procid_str_static(&e->pid), i,
+ procid_str_static(&e->pid), idx,
(unsigned)d->num_share_modes));
- *e = d->share_modes[d->num_share_modes-1];
- d->num_share_modes -= 1;
- if (d->num_share_modes == 0 &&
- d->num_delete_tokens) {
+ e->stale = true;
+
+ if (d->num_delete_tokens != 0) {
+ uint32_t i, num_stale;
+
/*
* We cannot have any delete tokens
* if there are no valid share modes.
*/
- TALLOC_FREE(d->delete_tokens);
- d->num_delete_tokens = 0;
+
+ num_stale = 0;
+
+ for (i=0; i<d->num_share_modes; i++) {
+ if (d->share_modes[i].stale) {
+ num_stale += 1;
+ }
+ }
+
+ if (num_stale == d->num_share_modes) {
+ /*
+ * No non-stale share mode found
+ */
+ TALLOC_FREE(d->delete_tokens);
+ d->num_delete_tokens = 0;
+ }
}
d->modified = true;
diff --git a/source3/locking/proto.h b/source3/locking/proto.h
index bb7255d..47d9b80 100644
--- a/source3/locking/proto.h
+++ b/source3/locking/proto.h
@@ -171,7 +171,7 @@ void get_file_infos(struct file_id id,
struct timespec *write_time);
bool is_valid_share_mode_entry(const struct share_mode_entry *e);
bool is_deferred_open_entry(const struct share_mode_entry *e);
-bool share_mode_stale_pid(struct share_mode_data *d, unsigned i);
+bool share_mode_stale_pid(struct share_mode_data *d, unsigned idx);
void set_share_mode(struct share_mode_lock *lck, files_struct *fsp,
uid_t uid, uint64_t mid, uint16 op_type);
void add_deferred_open(struct share_mode_lock *lck, uint64_t mid,
diff --git a/source3/locking/share_mode_lock.c b/source3/locking/share_mode_lock.c
index 266be65..6782f59 100644
--- a/source3/locking/share_mode_lock.c
+++ b/source3/locking/share_mode_lock.c
@@ -118,6 +118,7 @@ static struct share_mode_data *parse_share_modes(TALLOC_CTX *mem_ctx,
{
struct share_mode_data *d;
enum ndr_err_code ndr_err;
+ uint32_t i;
DATA_BLOB blob;
d = talloc(mem_ctx, struct share_mode_data);
@@ -137,6 +138,14 @@ static struct share_mode_data *parse_share_modes(TALLOC_CTX *mem_ctx,
goto fail;
}
+ /*
+ * Initialize the values that are [skip] in the idl. The NDR code does
+ * not initialize them.
+ */
+
+ for (i=0; i<d->num_share_modes; i++) {
+ d->share_modes[i].stale = false;
+ }
d->modified = false;
d->fresh = false;
@@ -159,12 +168,27 @@ static TDB_DATA unparse_share_modes(struct share_mode_data *d)
{
DATA_BLOB blob;
enum ndr_err_code ndr_err;
+ uint32_t i;
if (DEBUGLEVEL >= 10) {
DEBUG(10, ("unparse_share_modes:\n"));
NDR_PRINT_DEBUG(share_mode_data, d);
}
+ i = 0;
+ while (i < d->num_share_modes) {
+ if (d->share_modes[i].stale) {
+ /*
+ * Remove the stale entries before storing
+ */
+ struct share_mode_entry *m = d->share_modes;
+ m[i] = m[d->num_share_modes-1];
+ d->num_share_modes -= 1;
+ } else {
+ i += 1;
+ }
+ }
+
if (d->num_share_modes == 0) {
DEBUG(10, ("No used share mode found\n"));
return make_tdb_data(NULL, 0);
diff --git a/source3/modules/vfs_shadow_copy2.c b/source3/modules/vfs_shadow_copy2.c
index 1cf8e37..e96eb02 100644
--- a/source3/modules/vfs_shadow_copy2.c
+++ b/source3/modules/vfs_shadow_copy2.c
@@ -107,9 +107,6 @@
#include <ccan/hash/hash.h>
#include "util_tdb.h"
-#define GMT_NAME_LEN 24 /* length of a @GMT- name */
-#define GMT_FORMAT "@GMT-%Y.%m.%d-%H.%M.%S"
-
static bool shadow_copy2_find_slashes(TALLOC_CTX *mem_ctx, const char *str,
size_t **poffsets,
unsigned *pnum_offsets)
diff --git a/source3/nmbd/nmbd.c b/source3/nmbd/nmbd.c
index d4df202..196b582 100644
--- a/source3/nmbd/nmbd.c
+++ b/source3/nmbd/nmbd.c
@@ -130,8 +130,20 @@ static bool nmbd_setup_stdin_handler(struct messaging_context *msg, bool foregro
/* if we are running in the foreground then look for
EOF on stdin, and exit if it happens. This allows
us to die if the parent process dies
+ Only do this on a pipe or socket, no other device.
*/
- tevent_add_fd(nmbd_event_context(), nmbd_event_context(), 0, TEVENT_FD_READ, nmbd_stdin_handler, msg);
+ struct stat st;
+ if (fstat(0, &st) != 0) {
+ return false;
+ }
+ if (S_ISFIFO(st.st_mode) || S_ISSOCK(st.st_mode)) {
+ tevent_add_fd(nmbd_event_context(),
+ nmbd_event_context(),
+ 0,
+ TEVENT_FD_READ,
+ nmbd_stdin_handler,
+ msg);
+ }
}
return true;
diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c
index e09c2bf..2e05bac 100644
--- a/source3/param/loadparm.c
+++ b/source3/param/loadparm.c
@@ -264,6 +264,7 @@ static struct loadparm_service sDefault =
.bAclCheckPermissions = true,
.bAclMapFullControl = true,
.bAclGroupControl = false,
+ .bAclAllowExecuteAlways = false,
.bChangeNotify = true,
.bKernelChangeNotify = true,
.iallocation_roundup_size = SMB_ROUNDUP_ALLOCATION_SIZE,
diff --git a/source3/rpc_server/spoolss/srv_spoolss_nt.c b/source3/rpc_server/spoolss/srv_spoolss_nt.c
index 9691cf7..9ecf191 100644
--- a/source3/rpc_server/spoolss/srv_spoolss_nt.c
+++ b/source3/rpc_server/spoolss/srv_spoolss_nt.c
@@ -1730,7 +1730,7 @@ WERROR _spoolss_OpenPrinterEx(struct pipes_struct *p,
result = open_printer_hnd(p, r->out.handle, r->in.printername, 0);
if (!W_ERROR_IS_OK(result)) {
- DEBUG(0,("_spoolss_OpenPrinterEx: Cannot open a printer handle "
+ DEBUG(3,("_spoolss_OpenPrinterEx: Cannot open a printer handle "
"for printer %s\n", r->in.printername));
ZERO_STRUCTP(r->out.handle);
return result;
diff --git a/source3/selftest/tests.py b/source3/selftest/tests.py
index 4453c4d..c293e6d 100755
--- a/source3/selftest/tests.py
+++ b/source3/selftest/tests.py
@@ -63,6 +63,7 @@ tests = ["FDPASS", "LOCK1", "LOCK2", "LOCK3", "LOCK4", "LOCK5", "LOCK6", "LOCK7"
"SMB2-SESSION-REAUTH", "SMB2-SESSION-RECONNECT",
"CLEANUP1",
"CLEANUP2",
+ "CLEANUP4",
"BAD-NBT-SESSION"]
for t in tests:
diff --git a/source3/smbd/close.c b/source3/smbd/close.c
index e5b1fb7..4adcc61 100644
--- a/source3/smbd/close.c
+++ b/source3/smbd/close.c
@@ -204,10 +204,14 @@ static void notify_deferred_opens(struct smbd_server_connection *sconn,
num_deferred = 0;
for (i=0; i<lck->data->num_share_modes; i++) {
struct share_mode_entry *e = &lck->data->share_modes[i];
- if (is_deferred_open_entry(e)) {
- deferred[num_deferred] = *e;
- num_deferred += 1;
+ if (!is_deferred_open_entry(e)) {
+ continue;
+ }
+ if (share_mode_stale_pid(lck->data, i)) {
+ continue;
}
+ deferred[num_deferred] = *e;
+ num_deferred += 1;
}
/*
diff --git a/source3/smbd/dosmode.c b/source3/smbd/dosmode.c
index 3152631..677b18c 100644
--- a/source3/smbd/dosmode.c
+++ b/source3/smbd/dosmode.c
@@ -495,6 +495,11 @@ uint32 dos_mode_msdfs(connection_struct *conn,
result = filter_mode_by_protocol(result);
+ /*
+ * Add in that it is a reparse point
+ */
+ result |= FILE_ATTRIBUTE_REPARSE_POINT;
+
DEBUG(8,("dos_mode_msdfs returning "));
if (result & FILE_ATTRIBUTE_HIDDEN) DEBUG(8, ("h"));
diff --git a/source3/smbd/filename.c b/source3/smbd/filename.c
index 9b05de3..fc96550 100644
--- a/source3/smbd/filename.c
+++ b/source3/smbd/filename.c
@@ -718,12 +718,30 @@ NTSTATUS unix_convert(TALLOC_CTX *ctx,
/*
* ENOENT/EACCESS are the only valid errors
- * here. EACCESS needs handling here for
- * "dropboxes", i.e. directories where users
- * can only put stuff with permission -wx.
+ * here.
*/
- if ((errno != 0) && (errno != ENOENT)
- && (errno != EACCES)) {
+
+ if (errno == EACCES) {
+ if (ucf_flags & UCF_CREATING_FILE) {
+ /*
+ * This is the dropbox
+ * behaviour. A dropbox is a
+ * directory with only -wx
+ * permissions, so
+ * get_real_filename fails
+ * with EACCESS, it needs to
+ * list the directory. We
+ * nevertheless want to allow
+ * users creating a file.
+ */
+ status = NT_STATUS_OBJECT_PATH_NOT_FOUND;
+ } else {
+ status = NT_STATUS_ACCESS_DENIED;
+ }
+ goto fail;
+ }
+
+ if ((errno != 0) && (errno != ENOENT)) {
/*
* ENOTDIR and ELOOP both map to
* NT_STATUS_OBJECT_PATH_NOT_FOUND
diff --git a/source3/smbd/globals.h b/source3/smbd/globals.h
index b1f69c8..c7badbc 100644
--- a/source3/smbd/globals.h
+++ b/source3/smbd/globals.h
@@ -138,6 +138,7 @@ NTSTATUS smbd_do_qfilepathinfo(connection_struct *conn,
char *lock_data,
uint16_t flags2,
unsigned int max_data_bytes,
+ size_t *fixed_portion,
char **ppdata,
unsigned int *pdata_size);
@@ -155,6 +156,7 @@ NTSTATUS smbd_do_qfsinfo(connection_struct *conn,
uint16_t info_level,
uint16_t flags2,
unsigned int max_data_bytes,
+ size_t *fixed_portion,
struct smb_filename *smb_fname,
char **ppdata,
int *ret_data_len);
diff --git a/source3/smbd/mangle_hash2.c b/source3/smbd/mangle_hash2.c
index 655c727..c2910f8 100644
--- a/source3/smbd/mangle_hash2.c
+++ b/source3/smbd/mangle_hash2.c
@@ -626,21 +626,17 @@ static bool is_legal_name(const char *name)
while (*name) {
if (((unsigned int)name[0]) > 128 && (name[1] != 0)) {
/* Possible start of mb character. */
- char mbc[2];
size_t size = 0;
+ (void)next_codepoint(name, &size);
/*
- * Note that if CH_UNIX is utf8 a string may be 3
- * bytes, but this is ok as mb utf8 characters don't
- * contain embedded ascii bytes. We are really checking
- * for mb UNIX asian characters like Japanese (SJIS) here.
- * JRA.
+ * Note that we're only looking for multibyte
+ * encoding here. No encoding with a length > 1
+ * contains invalid characters.
*/
- if (convert_string(CH_UNIX, CH_UTF16LE, name, 2, mbc, 2, &size)) {
- if (size == 2) {
- /* Was a good mb string. */
- name += 2;
- continue;
- }
+ if (size > 1) {
+ /* Was a mb string. */
+ name += size;
+ continue;
}
}
diff --git a/source3/smbd/negprot.c b/source3/smbd/negprot.c
index cfe0983..315bd89 100644
--- a/source3/smbd/negprot.c
+++ b/source3/smbd/negprot.c
@@ -497,6 +497,7 @@ static const struct {
void reply_negprot(struct smb_request *req)
{
int choice= -1;
+ int chosen_level = -1;
int protocol;
const char *p;
int arch = ARCH_ALL;
@@ -653,8 +654,10 @@ void reply_negprot(struct smb_request *req)
if ((supported_protocols[protocol].protocol_level <= lp_srv_maxprotocol()) &&
(supported_protocols[protocol].protocol_level >= lp_srv_minprotocol()))
while (i < num_cliprotos) {
- if (strequal(cliprotos[i],supported_protocols[protocol].proto_name))
+ if (strequal(cliprotos[i],supported_protocols[protocol].proto_name)) {
choice = i;
+ chosen_level = supported_protocols[protocol].protocol_level;
+ }
i++;
}
if(choice != -1)
@@ -675,14 +678,14 @@ void reply_negprot(struct smb_request *req)
DEBUG( 5, ( "negprot index=%d\n", choice ) );
if ((lp_server_signing() == SMB_SIGNING_REQUIRED)
- && (get_Protocol() < PROTOCOL_NT1)) {
+ && (chosen_level < PROTOCOL_NT1)) {
exit_server_cleanly("SMB signing is required and "
"client negotiated a downlevel protocol");
}
TALLOC_FREE(cliprotos);
- if (lp_async_smb_echo_handler() && (get_Protocol() < PROTOCOL_SMB2_02) &&
+ if (lp_async_smb_echo_handler() && (chosen_level < PROTOCOL_SMB2_02) &&
!fork_echo_handler(sconn)) {
exit_server("Failed to fork echo handler");
}
diff --git a/source3/smbd/nttrans.c b/source3/smbd/nttrans.c
index ee0deb8..b7dfa8c 100644
--- a/source3/smbd/nttrans.c
+++ b/source3/smbd/nttrans.c
@@ -538,7 +538,8 @@ void reply_ntcreate_and_X(struct smb_request *req)
conn,
req->flags2 & FLAGS2_DFS_PATHNAMES,
fname,
- 0,
+ (create_disposition == FILE_CREATE)
+ ? UCF_CREATING_FILE : 0,
NULL,
&smb_fname);
@@ -1117,7 +1118,8 @@ static void call_nt_transact_create(connection_struct *conn,
conn,
req->flags2 & FLAGS2_DFS_PATHNAMES,
fname,
- 0,
+ (create_disposition == FILE_CREATE)
+ ? UCF_CREATING_FILE : 0,
NULL,
&smb_fname);
diff --git a/source3/smbd/open.c b/source3/smbd/open.c
index 16ca34a..a1b4e43 100644
--- a/source3/smbd/open.c
+++ b/source3/smbd/open.c
@@ -74,6 +74,7 @@ NTSTATUS smbd_check_access_rights(struct connection_struct *conn,
struct security_descriptor *sd = NULL;
uint32_t rejected_share_access;
uint32_t rejected_mask = access_mask;
+ uint32_t do_not_check_mask = 0;
rejected_share_access = access_mask & ~(conn->share_access);
@@ -141,10 +142,23 @@ NTSTATUS smbd_check_access_rights(struct connection_struct *conn,
* se_file_access_check() also takes care of
* owner WRITE_DAC and READ_CONTROL.
*/
+ do_not_check_mask = FILE_READ_ATTRIBUTES;
+
+ /*
+ * Samba 3.6 and earlier granted execute access even
+ * if the ACL did not contain execute rights.
+ * Samba 4.0 is more correct and checks it.
+ * The compatibilty mode allows to skip this check
+ * to smoothen upgrades.
+ */
+ if (lp_acl_allow_execute_always(SNUM(conn))) {
+ do_not_check_mask |= FILE_EXECUTE;
+ }
+
status = se_file_access_check(sd,
get_current_nttok(conn),
false,
- (access_mask & ~FILE_READ_ATTRIBUTES),
+ (access_mask & ~do_not_check_mask),
&rejected_mask);
DEBUG(10,("smbd_check_access_rights: file %s requesting "
@@ -1243,19 +1257,20 @@ static void find_oplock_types(files_struct *fsp,
}
for (i=0; i<lck->data->num_share_modes; i++) {
- if (!is_valid_share_mode_entry(&lck->data->share_modes[i])) {
+ struct share_mode_entry *e = &lck->data->share_modes[i];
+
+ if (!is_valid_share_mode_entry(e)) {
continue;
}
- if (lck->data->share_modes[i].op_type == NO_OPLOCK &&
- is_stat_open(lck->data->share_modes[i].access_mask)) {
+ if (e->op_type == NO_OPLOCK && is_stat_open(e->access_mask)) {
/* We ignore stat opens in the table - they
always have NO_OPLOCK and never get or
cause breaks. JRA. */
continue;
}
- if (BATCH_OPLOCK_TYPE(lck->data->share_modes[i].op_type)) {
+ if (BATCH_OPLOCK_TYPE(e->op_type)) {
/* batch - can only be one. */
if (share_mode_stale_pid(lck->data, i)) {
DEBUG(10, ("Found stale batch oplock\n"));
@@ -1264,10 +1279,10 @@ static void find_oplock_types(files_struct *fsp,
if (*pp_ex_or_batch || *pp_batch || *got_level2 || *got_no_oplock) {
smb_panic("Bad batch oplock entry.");
}
- *pp_batch = &lck->data->share_modes[i];
+ *pp_batch = e;
}
- if (EXCLUSIVE_OPLOCK_TYPE(lck->data->share_modes[i].op_type)) {
+ if (EXCLUSIVE_OPLOCK_TYPE(e->op_type)) {
if (share_mode_stale_pid(lck->data, i)) {
DEBUG(10, ("Found stale duplicate oplock\n"));
continue;
@@ -1276,10 +1291,10 @@ static void find_oplock_types(files_struct *fsp,
if (*pp_ex_or_batch || *got_level2 || *got_no_oplock) {
smb_panic("Bad exclusive or batch oplock entry.");
}
- *pp_ex_or_batch = &lck->data->share_modes[i];
+ *pp_ex_or_batch = e;
}
- if (LEVEL_II_OPLOCK_TYPE(lck->data->share_modes[i].op_type)) {
+ if (LEVEL_II_OPLOCK_TYPE(e->op_type)) {
if (*pp_batch || *pp_ex_or_batch) {
if (share_mode_stale_pid(lck->data, i)) {
DEBUG(10, ("Found stale LevelII "
@@ -1291,7 +1306,7 @@ static void find_oplock_types(files_struct *fsp,
*got_level2 = true;
}
- if (lck->data->share_modes[i].op_type == NO_OPLOCK) {
+ if (e->op_type == NO_OPLOCK) {
if (*pp_batch || *pp_ex_or_batch) {
if (share_mode_stale_pid(lck->data, i)) {
DEBUG(10, ("Found stale NO_OPLOCK "
diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c
index 3ff34fc..713ad50 100644
--- a/source3/smbd/posix_acls.c
+++ b/source3/smbd/posix_acls.c
@@ -1807,7 +1807,7 @@ static bool add_current_ace_to_acl(files_struct *fsp, struct security_ace *psa,
if (current_ace->attr == ALLOW_ACE)
*got_file_allow = True;
- if ((current_ace->attr == DENY_ACE) && got_file_allow) {
+ if ((current_ace->attr == DENY_ACE) && *got_file_allow) {
DEBUG(0,("add_current_ace_to_acl: malformed "
"ACL in file ACL ! Deny entry after "
"Allow entry. Failing to set on file "
diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c
index 3b2a493..2d729ec 100644
--- a/source3/smbd/reply.c
+++ b/source3/smbd/reply.c
@@ -1905,11 +1905,20 @@ void reply_open(struct smb_request *req)
goto out;
}
+ if (!map_open_params_to_ntcreate(fname, deny_mode,
+ OPENX_FILE_EXISTS_OPEN, &access_mask,
+ &share_mode, &create_disposition,
+ &create_options, &private_flags)) {
+ reply_force_doserror(req, ERRDOS, ERRbadaccess);
+ goto out;
+ }
+
status = filename_convert(ctx,
conn,
req->flags2 & FLAGS2_DFS_PATHNAMES,
fname,
- 0,
+ (create_disposition == FILE_CREATE)
+ ? UCF_CREATING_FILE : 0,
NULL,
&smb_fname);
if (!NT_STATUS_IS_OK(status)) {
@@ -1923,14 +1932,6 @@ void reply_open(struct smb_request *req)
goto out;
}
- if (!map_open_params_to_ntcreate(smb_fname->base_name, deny_mode,
- OPENX_FILE_EXISTS_OPEN, &access_mask,
- &share_mode, &create_disposition,
- &create_options, &private_flags)) {
- reply_force_doserror(req, ERRDOS, ERRbadaccess);
- goto out;
- }
-
status = SMB_VFS_CREATE_FILE(
conn, /* conn */
req, /* req */
@@ -2080,11 +2081,22 @@ void reply_open_and_X(struct smb_request *req)
goto out;
}
+ if (!map_open_params_to_ntcreate(fname, deny_mode,
+ smb_ofun,
+ &access_mask, &share_mode,
+ &create_disposition,
+ &create_options,
+ &private_flags)) {
+ reply_force_doserror(req, ERRDOS, ERRbadaccess);
+ goto out;
+ }
+
status = filename_convert(ctx,
conn,
req->flags2 & FLAGS2_DFS_PATHNAMES,
fname,
- 0,
+ (create_disposition == FILE_CREATE)
+ ? UCF_CREATING_FILE : 0,
NULL,
&smb_fname);
if (!NT_STATUS_IS_OK(status)) {
@@ -2098,16 +2110,6 @@ void reply_open_and_X(struct smb_request *req)
goto out;
}
- if (!map_open_params_to_ntcreate(smb_fname->base_name, deny_mode,
- smb_ofun,
- &access_mask, &share_mode,
- &create_disposition,
- &create_options,
- &private_flags)) {
- reply_force_doserror(req, ERRDOS, ERRbadaccess);
- goto out;
- }
-
status = SMB_VFS_CREATE_FILE(
conn, /* conn */
req, /* req */
@@ -2327,7 +2329,7 @@ void reply_mknew(struct smb_request *req)
conn,
req->flags2 & FLAGS2_DFS_PATHNAMES,
fname,
- 0,
+ UCF_CREATING_FILE,
NULL,
&smb_fname);
if (!NT_STATUS_IS_OK(status)) {
@@ -2468,7 +2470,7 @@ void reply_ctemp(struct smb_request *req)
status = filename_convert(ctx, conn,
req->flags2 & FLAGS2_DFS_PATHNAMES,
fname,
- 0,
+ UCF_CREATING_FILE,
NULL,
&smb_fname);
if (!NT_STATUS_IS_OK(status)) {
@@ -5827,7 +5829,7 @@ void reply_mkdir(struct smb_request *req)
status = filename_convert(ctx, conn,
req->flags2 & FLAGS2_DFS_PATHNAMES,
directory,
- 0,
+ UCF_CREATING_FILE,
NULL,
&smb_dname);
if (!NT_STATUS_IS_OK(status)) {
diff --git a/source3/smbd/scavenger.c b/source3/smbd/scavenger.c
index fe4e56e..e6e2878 100644
--- a/source3/smbd/scavenger.c
+++ b/source3/smbd/scavenger.c
@@ -480,16 +480,17 @@ static void scavenger_timer(struct tevent_context *ev,
ctx->msg.open_persistent_id);
if (!ok) {
DEBUG(2, ("Failed to cleanup share modes and byte range locks "
- "for file %s open %lu\n",
+ "for file %s open %llu\n",
file_id_string_tos(&ctx->msg.file_id),
- ctx->msg.open_persistent_id));
+ (unsigned long long)ctx->msg.open_persistent_id));
}
status = smbXsrv_open_cleanup(ctx->msg.open_persistent_id);
if (!NT_STATUS_IS_OK(status)) {
- DEBUG(2, ("Failed to cleanup open global for file %s open %lu:"
+ DEBUG(2, ("Failed to cleanup open global for file %s open %llu:"
" %s\n", file_id_string_tos(&ctx->msg.file_id),
- ctx->msg.open_persistent_id, nt_errstr(status)));
+ (unsigned long long)ctx->msg.open_persistent_id,
+ nt_errstr(status)));
}
}
diff --git a/source3/smbd/server.c b/source3/smbd/server.c
index e9bf9c9..a86fa48 100644
--- a/source3/smbd/server.c
+++ b/source3/smbd/server.c
@@ -1561,8 +1561,20 @@ extern void build_options(bool screen);
/* if we are running in the foreground then look for
EOF on stdin, and exit if it happens. This allows
us to die if the parent process dies
+ Only do this on a pipe or socket, no other device.
*/
- tevent_add_fd(ev_ctx, parent, 0, TEVENT_FD_READ, smbd_stdin_handler, NULL);
+ struct stat st;
+ if (fstat(0, &st) != 0) {
+ return false;
+ }
+ if (S_ISFIFO(st.st_mode) || S_ISSOCK(st.st_mode)) {
+ tevent_add_fd(ev_ctx,
+ parent,
+ 0,
+ TEVENT_FD_READ,
+ smbd_stdin_handler,
+ NULL);
+ }
}
smbd_parent_loop(ev_ctx, parent);
diff --git a/source3/smbd/smb2_create.c b/source3/smbd/smb2_create.c
index edbd50f..c4d4991 100644
--- a/source3/smbd/smb2_create.c
+++ b/source3/smbd/smb2_create.c
@@ -871,7 +871,8 @@ static struct tevent_req *smbd_smb2_create_send(TALLOC_CTX *mem_ctx,
smb1req->conn,
smb1req->flags2 & FLAGS2_DFS_PATHNAMES,
fname,
- 0, /* unix_convert flags */
+ (in_create_disposition == FILE_CREATE) ?
+ UCF_CREATING_FILE : 0,
NULL, /* ppath_contains_wcards */
&smb_fname);
if (!NT_STATUS_IS_OK(status)) {
diff --git a/source3/smbd/smb2_find.c b/source3/smbd/smb2_find.c
index c2c0559..c39a35d 100644
--- a/source3/smbd/smb2_find.c
+++ b/source3/smbd/smb2_find.c
@@ -224,6 +224,8 @@ static struct tevent_req *smbd_smb2_find_send(TALLOC_CTX *mem_ctx,
uint32_t dirtype = FILE_ATTRIBUTE_HIDDEN | FILE_ATTRIBUTE_SYSTEM | FILE_ATTRIBUTE_DIRECTORY;
bool dont_descend = false;
bool ask_sharemode = true;
+ struct tm tm;
+ char *p;
req = tevent_req_create(mem_ctx, &state,
struct smbd_smb2_find_state);
@@ -259,6 +261,17 @@ static struct tevent_req *smbd_smb2_find_send(TALLOC_CTX *mem_ctx,
return tevent_req_post(req, ev);
}
+ p = strptime(in_file_name, GMT_FORMAT, &tm);
+ if ((p != NULL) && (*p =='\0')) {
+ /*
+ * Bogus find that asks for a shadow copy timestamp as a
+ * directory. The correct response is that it does not exist as
+ * a directory.
+ */
+ tevent_req_nterror(req, NT_STATUS_NO_SUCH_FILE);
+ return tevent_req_post(req, ev);
+ }
+
if (in_output_buffer_length > smb2req->sconn->smb2.max_trans) {
DEBUG(2,("smbd_smb2_find_send: "
"client ignored max trans:%s: 0x%08X: 0x%08X\n",
diff --git a/source3/smbd/smb2_getinfo.c b/source3/smbd/smb2_getinfo.c
index 5616c84..449aeb3 100644
--- a/source3/smbd/smb2_getinfo.c
+++ b/source3/smbd/smb2_getinfo.c
@@ -159,7 +159,10 @@ static void smbd_smb2_request_getinfo_done(struct tevent_req *subreq)
return;
}
- if (!NT_STATUS_IS_OK(call_status)) {
+ /* some GetInfo responses set STATUS_BUFFER_OVERFLOW and return partial,
+ but valid data */
+ if (!(NT_STATUS_IS_OK(call_status) ||
+ NT_STATUS_EQUAL(call_status, STATUS_BUFFER_OVERFLOW))) {
/* Return a specific error with data. */
error = smbd_smb2_request_error_ex(req,
call_status,
@@ -194,7 +197,7 @@ static void smbd_smb2_request_getinfo_done(struct tevent_req *subreq)
outdyn = out_output_buffer;
- error = smbd_smb2_request_done(req, outbody, &outdyn);
+ error = smbd_smb2_request_done_ex(req, call_status, outbody, &outdyn, __location__);
if (!NT_STATUS_IS_OK(error)) {
smbd_server_connection_terminate(req->sconn,
nt_errstr(error));
@@ -279,7 +282,7 @@ static struct tevent_req *smbd_smb2_getinfo_send(TALLOC_CTX *mem_ctx,
}
switch (in_info_type) {
- case 0x01:/* SMB2_GETINFO_FILE */
+ case SMB2_GETINFO_FILE:
{
uint16_t file_info_level;
char *data = NULL;
@@ -290,6 +293,7 @@ static struct tevent_req *smbd_smb2_getinfo_send(TALLOC_CTX *mem_ctx,
struct ea_list *ea_list = NULL;
int lock_data_count = 0;
char *lock_data = NULL;
+ size_t fixed_portion;
ZERO_STRUCT(write_time_ts);
@@ -377,6 +381,7 @@ static struct tevent_req *smbd_smb2_getinfo_send(TALLOC_CTX *mem_ctx,
lock_data,
STR_UNICODE,
in_output_buffer_length,
+ &fixed_portion,
&data,
&data_size);
if (!NT_STATUS_IS_OK(status)) {
@@ -387,6 +392,12 @@ static struct tevent_req *smbd_smb2_getinfo_send(TALLOC_CTX *mem_ctx,
tevent_req_nterror(req, status);
return tevent_req_post(req, ev);
}
+ if (in_output_buffer_length < fixed_portion) {
+ SAFE_FREE(data);
+ tevent_req_nterror(
+ req, NT_STATUS_INFO_LENGTH_MISMATCH);
+ return tevent_req_post(req, ev);
+ }
if (data_size > 0) {
state->out_output_buffer = data_blob_talloc(state,
data,
@@ -395,16 +406,22 @@ static struct tevent_req *smbd_smb2_getinfo_send(TALLOC_CTX *mem_ctx,
if (tevent_req_nomem(state->out_output_buffer.data, req)) {
return tevent_req_post(req, ev);
}
+ if (data_size > in_output_buffer_length) {
+ state->out_output_buffer.length =
+ in_output_buffer_length;
+ status = STATUS_BUFFER_OVERFLOW;
+ }
}
SAFE_FREE(data);
break;
}
- case 0x02:/* SMB2_GETINFO_FS */
+ case SMB2_GETINFO_FS:
{
uint16_t file_info_level;
char *data = NULL;
int data_size = 0;
+ size_t fixed_portion;
/* the levels directly map to the passthru levels */
file_info_level = in_file_info_class + 1000;
@@ -413,10 +430,14 @@ static struct tevent_req *smbd_smb2_getinfo_send(TALLOC_CTX *mem_ctx,
file_info_level,
STR_UNICODE,
in_output_buffer_length,
+ &fixed_portion,
fsp->fsp_name,
&data,
&data_size);
- if (!NT_STATUS_IS_OK(status)) {
+ /* some responses set STATUS_BUFFER_OVERFLOW and return
+ partial, but valid data */
+ if (!(NT_STATUS_IS_OK(status) ||
+ NT_STATUS_EQUAL(status, STATUS_BUFFER_OVERFLOW))) {
SAFE_FREE(data);
if (NT_STATUS_EQUAL(status, NT_STATUS_INVALID_LEVEL)) {
status = NT_STATUS_INVALID_INFO_CLASS;
@@ -424,6 +445,12 @@ static struct tevent_req *smbd_smb2_getinfo_send(TALLOC_CTX *mem_ctx,
tevent_req_nterror(req, status);
return tevent_req_post(req, ev);
}
+ if (in_output_buffer_length < fixed_portion) {
+ SAFE_FREE(data);
+ tevent_req_nterror(
+ req, NT_STATUS_INFO_LENGTH_MISMATCH);
+ return tevent_req_post(req, ev);
+ }
if (data_size > 0) {
state->out_output_buffer = data_blob_talloc(state,
data,
@@ -432,12 +459,17 @@ static struct tevent_req *smbd_smb2_getinfo_send(TALLOC_CTX *mem_ctx,
if (tevent_req_nomem(state->out_output_buffer.data, req)) {
return tevent_req_post(req, ev);
}
+ if (data_size > in_output_buffer_length) {
+ state->out_output_buffer.length =
+ in_output_buffer_length;
+ status = STATUS_BUFFER_OVERFLOW;
+ }
}
SAFE_FREE(data);
break;
}
- case 0x03:/* SMB2_GETINFO_SEC */
+ case SMB2_GETINFO_SECURITY:
{
uint8_t *p_marshalled_sd = NULL;
size_t sd_size = 0;
@@ -483,7 +515,7 @@ static struct tevent_req *smbd_smb2_getinfo_send(TALLOC_CTX *mem_ctx,
break;
}
- case 0x04: /* SMB2_0_INFO_QUOTA */
+ case SMB2_GETINFO_QUOTA:
tevent_req_nterror(req, NT_STATUS_NOT_SUPPORTED);
return tevent_req_post(req, ev);
@@ -498,6 +530,7 @@ static struct tevent_req *smbd_smb2_getinfo_send(TALLOC_CTX *mem_ctx,
return tevent_req_post(req, ev);
}
+ state->status = status;
tevent_req_done(req);
return tevent_req_post(req, ev);
}
diff --git a/source3/smbd/smbd.h b/source3/smbd/smbd.h
index a5b211a..e769157 100644
--- a/source3/smbd/smbd.h
+++ b/source3/smbd/smbd.h
@@ -73,5 +73,6 @@ struct trans_state {
#define UCF_COND_ALLOW_WCARD_LCOMP 0x00000004
#define UCF_POSIX_PATHNAMES 0x00000008
#define UCF_UNIX_NAME_LOOKUP 0x00000010
+#define UCF_CREATING_FILE 0x00000020
#endif /* _SMBD_SMBD_H */
diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c
index 6500040..f23192e 100644
--- a/source3/smbd/trans2.c
+++ b/source3/smbd/trans2.c
@@ -24,6 +24,7 @@
*/
#include "includes.h"
+#include "ntioctl.h"
#include "system/filesys.h"
#include "version.h"
#include "smbd/smbd.h"
@@ -1450,20 +1451,22 @@ static NTSTATUS unix_perms_from_wire( connection_struct *conn,
ret |= ((perms & UNIX_SET_UID ) ? S_ISUID : 0);
#endif
- switch (ptype) {
- case PERM_NEW_FILE:
- case PERM_EXISTING_FILE:
- /* Apply mode mask */
+ if (ptype == PERM_NEW_FILE) {
+ /*
+ * "create mask"/"force create mode" are
+ * only applied to new files, not existing ones.
+ */
ret &= lp_create_mask(SNUM(conn));
/* Add in force bits */
ret |= lp_force_create_mode(SNUM(conn));
- break;
- case PERM_NEW_DIR:
- case PERM_EXISTING_DIR:
+ } else if (ptype == PERM_NEW_DIR) {
+ /*
+ * "directory mask"/"force directory mode" are
+ * only applied to new directories, not existing ones.
+ */
ret &= lp_dir_mask(SNUM(conn));
/* Add in force bits */
ret |= lp_force_dir_mode(SNUM(conn));
- break;
}
*ret_perms = ret;
@@ -1876,12 +1879,14 @@ static bool smbd_marshall_dir_entry(TALLOC_CTX *ctx,
SOFF_T(p,0,allocation_size); p += 8;
SIVAL(p,0,mode); p += 4;
q = p; p += 4; /* q is placeholder for name length. */
- {
+ if (mode & FILE_ATTRIBUTE_REPARSE_POINT) {
+ SIVAL(p, 0, IO_REPARSE_TAG_DFS);
+ } else {
unsigned int ea_size = estimate_ea_size(conn, NULL,
smb_fname);
SIVAL(p,0,ea_size); /* Extended attributes */
- p += 4;
}
+ p += 4;
/* Clear the short name buffer. This is
* IMPORTANT as not doing so will trigger
* a Win2k client bug. JRA.
@@ -2053,12 +2058,14 @@ static bool smbd_marshall_dir_entry(TALLOC_CTX *ctx,
SOFF_T(p,0,allocation_size); p += 8;
SIVAL(p,0,mode); p += 4;
q = p; p += 4; /* q is placeholder for name length. */
- {
+ if (mode & FILE_ATTRIBUTE_REPARSE_POINT) {
+ SIVAL(p, 0, IO_REPARSE_TAG_DFS);
+ } else {
unsigned int ea_size = estimate_ea_size(conn, NULL,
smb_fname);
SIVAL(p,0,ea_size); /* Extended attributes */
- p +=4;
}
+ p += 4;
SIVAL(p,0,0); p += 4; /* Unknown - reserved ? */
SBVAL(p,0,file_index); p += 8;
len = srvstr_push(base_data, flags2, p,
@@ -2099,12 +2106,14 @@ static bool smbd_marshall_dir_entry(TALLOC_CTX *ctx,
SOFF_T(p,0,allocation_size); p += 8;
SIVAL(p,0,mode); p += 4;
q = p; p += 4; /* q is placeholder for name length */
- {
+ if (mode & FILE_ATTRIBUTE_REPARSE_POINT) {
+ SIVAL(p, 0, IO_REPARSE_TAG_DFS);
+ } else {
unsigned int ea_size = estimate_ea_size(conn, NULL,
smb_fname);
SIVAL(p,0,ea_size); /* Extended attributes */
- p +=4;
}
+ p += 4;
/* Clear the short name buffer. This is
* IMPORTANT as not doing so will trigger
* a Win2k client bug. JRA.
@@ -3108,6 +3117,7 @@ NTSTATUS smbd_do_qfsinfo(connection_struct *conn,
uint16_t info_level,
uint16_t flags2,
unsigned int max_data_bytes,
+ size_t *fixed_portion,
struct smb_filename *fname,
char **ppdata,
int *ret_data_len)
@@ -3121,6 +3131,7 @@ NTSTATUS smbd_do_qfsinfo(connection_struct *conn,
uint32 additional_flags = 0;
struct smb_filename smb_fname;
SMB_STRUCT_STAT st;
+ NTSTATUS status = NT_STATUS_OK;
if (fname == NULL || fname->base_name == NULL) {
filename = ".";
@@ -3159,6 +3170,8 @@ NTSTATUS smbd_do_qfsinfo(connection_struct *conn,
memset((char *)pdata,'\0',max_data_bytes + DIR_ENTRY_SAFETY_MARGIN);
end_data = pdata + max_data_bytes + DIR_ENTRY_SAFETY_MARGIN - 1;
+ *fixed_portion = 0;
+
switch (info_level) {
case SMB_INFO_ALLOCATION:
{
@@ -3251,6 +3264,13 @@ cBytesSector=%u, cUnitTotal=%u, cUnitAvail=%d\n", (unsigned int)st.st_ex_dev, (u
STR_UNICODE);
SIVAL(pdata,8,len);
data_len = 12 + len;
+ if (max_data_bytes >= 16 && data_len > max_data_bytes) {
+ /* the client only requested a portion of the
+ file system name */
+ data_len = max_data_bytes;
+ status = STATUS_BUFFER_OVERFLOW;
+ }
+ *fixed_portion = 16;
break;
case SMB_QUERY_FS_LABEL_INFO:
@@ -3281,6 +3301,13 @@ cBytesSector=%u, cUnitTotal=%u, cUnitAvail=%d\n", (unsigned int)st.st_ex_dev, (u
DEBUG(5,("smbd_do_qfsinfo : SMB_QUERY_FS_VOLUME_INFO namelen = %d, vol=%s serv=%s\n",
(int)strlen(vname),vname,
lp_servicename(talloc_tos(), snum)));
+ if (max_data_bytes >= 24 && data_len > max_data_bytes) {
+ /* the client only requested a portion of the
+ volume label */
+ data_len = max_data_bytes;
+ status = STATUS_BUFFER_OVERFLOW;
+ }
+ *fixed_portion = 24;
break;
case SMB_QUERY_FS_SIZE_INFO:
@@ -3313,6 +3340,7 @@ cBytesSector=%u, cUnitTotal=%u, cUnitAvail=%d\n", (unsigned int)bsize, (unsigned
SBIG_UINT(pdata,8,dfree);
SIVAL(pdata,16,sectors_per_unit);
SIVAL(pdata,20,bytes_per_sector);
+ *fixed_portion = 24;
break;
}
@@ -3346,6 +3374,7 @@ cBytesSector=%u, cUnitTotal=%u, cUnitAvail=%d\n", (unsigned int)bsize, (unsigned
SBIG_UINT(pdata,16,dfree); /* Actual available allocation units. */
SIVAL(pdata,24,sectors_per_unit); /* Sectors per allocation unit. */
SIVAL(pdata,28,bytes_per_sector); /* Bytes per sector. */
+ *fixed_portion = 32;
break;
}
@@ -3360,6 +3389,7 @@ cBytesSector=%u, cUnitTotal=%u, cUnitAvail=%d\n", (unsigned int)bsize, (unsigned
data_len = 8;
SIVAL(pdata,0,FILE_DEVICE_DISK); /* dev type */
SIVAL(pdata,4,characteristics);
+ *fixed_portion = 8;
break;
}
@@ -3652,7 +3682,7 @@ cBytesSector=%u, cUnitTotal=%u, cUnitAvail=%d\n", (unsigned int)bsize, (unsigned
}
*ret_data_len = data_len;
- return NT_STATUS_OK;
+ return status;
}
/****************************************************************************
@@ -3668,6 +3698,7 @@ static void call_trans2qfsinfo(connection_struct *conn,
char *params = *pparams;
uint16_t info_level;
int data_len = 0;
+ size_t fixed_portion;
NTSTATUS status;
if (total_params < 2) {
@@ -3693,6 +3724,7 @@ static void call_trans2qfsinfo(connection_struct *conn,
info_level,
req->flags2,
max_data_bytes,
+ &fixed_portion,
NULL,
ppdata, &data_len);
if (!NT_STATUS_IS_OK(status)) {
@@ -4256,6 +4288,10 @@ static NTSTATUS marshall_stream_info(unsigned int num_streams,
unsigned int i;
unsigned int ofs = 0;
+ if (max_data_bytes < 32) {
+ return NT_STATUS_INFO_LENGTH_MISMATCH;
+ }
+
for (i = 0; i < num_streams; i++) {
unsigned int next_offset;
size_t namelen;
@@ -4407,6 +4443,7 @@ NTSTATUS smbd_do_qfilepathinfo(connection_struct *conn,
char *lock_data,
uint16_t flags2,
unsigned int max_data_bytes,
+ size_t *fixed_portion,
char **ppdata,
unsigned int *pdata_size)
{
@@ -4543,6 +4580,8 @@ NTSTATUS smbd_do_qfilepathinfo(connection_struct *conn,
BasicFileInformationTest. -tpot */
file_index = get_FileIndex(conn, psbuf);
+ *fixed_portion = 0;
+
switch (info_level) {
case SMB_INFO_STANDARD:
DEBUG(10,("smbd_do_qfilepathinfo: SMB_INFO_STANDARD\n"));
@@ -4689,6 +4728,7 @@ NTSTATUS smbd_do_qfilepathinfo(connection_struct *conn,
DEBUG(5,("write: %s ", ctime(&mtime)));
DEBUG(5,("change: %s ", ctime(&c_time)));
DEBUG(5,("mode: %x\n", mode));
+ *fixed_portion = data_size;
break;
case SMB_FILE_STANDARD_INFORMATION:
@@ -4702,6 +4742,7 @@ NTSTATUS smbd_do_qfilepathinfo(connection_struct *conn,
SCVAL(pdata,20,delete_pending?1:0);
SCVAL(pdata,21,(mode&FILE_ATTRIBUTE_DIRECTORY)?1:0);
SSVAL(pdata,22,0); /* Padding. */
+ *fixed_portion = 24;
break;
case SMB_FILE_EA_INFORMATION:
@@ -4711,6 +4752,7 @@ NTSTATUS smbd_do_qfilepathinfo(connection_struct *conn,
estimate_ea_size(conn, fsp, smb_fname);
DEBUG(10,("smbd_do_qfilepathinfo: SMB_FILE_EA_INFORMATION\n"));
data_size = 4;
+ *fixed_portion = 4;
SIVAL(pdata,0,ea_size);
break;
}
@@ -4732,6 +4774,7 @@ NTSTATUS smbd_do_qfilepathinfo(connection_struct *conn,
STR_UNICODE);
data_size = 4 + len;
SIVAL(pdata,0,len);
+ *fixed_portion = 8;
break;
}
@@ -4795,6 +4838,7 @@ NTSTATUS smbd_do_qfilepathinfo(connection_struct *conn,
SIVAL(pdata,0,len);
pdata += 4 + len;
data_size = PTR_DIFF(pdata,(*ppdata));
+ *fixed_portion = 10;
break;
}
@@ -4832,6 +4876,7 @@ NTSTATUS smbd_do_qfilepathinfo(connection_struct *conn,
SIVAL(pdata,0,len);
pdata += 4 + len;
data_size = PTR_DIFF(pdata,(*ppdata));
+ *fixed_portion = 104;
break;
}
case SMB_FILE_INTERNAL_INFORMATION:
@@ -4839,12 +4884,14 @@ NTSTATUS smbd_do_qfilepathinfo(connection_struct *conn,
DEBUG(10,("smbd_do_qfilepathinfo: SMB_FILE_INTERNAL_INFORMATION\n"));
SBVAL(pdata, 0, file_index);
data_size = 8;
+ *fixed_portion = 8;
break;
case SMB_FILE_ACCESS_INFORMATION:
DEBUG(10,("smbd_do_qfilepathinfo: SMB_FILE_ACCESS_INFORMATION\n"));
SIVAL(pdata, 0, access_mask);
data_size = 4;
+ *fixed_portion = 4;
break;
case SMB_FILE_NAME_INFORMATION:
@@ -4862,24 +4909,28 @@ NTSTATUS smbd_do_qfilepathinfo(connection_struct *conn,
DEBUG(10,("smbd_do_qfilepathinfo: SMB_FILE_DISPOSITION_INFORMATION\n"));
data_size = 1;
SCVAL(pdata,0,delete_pending);
+ *fixed_portion = 1;
break;
case SMB_FILE_POSITION_INFORMATION:
DEBUG(10,("smbd_do_qfilepathinfo: SMB_FILE_POSITION_INFORMATION\n"));
data_size = 8;
SOFF_T(pdata,0,pos);
+ *fixed_portion = 8;
break;
case SMB_FILE_MODE_INFORMATION:
DEBUG(10,("smbd_do_qfilepathinfo: SMB_FILE_MODE_INFORMATION\n"));
SIVAL(pdata,0,mode);
data_size = 4;
+ *fixed_portion = 4;
break;
case SMB_FILE_ALIGNMENT_INFORMATION:
DEBUG(10,("smbd_do_qfilepathinfo: SMB_FILE_ALIGNMENT_INFORMATION\n"));
SIVAL(pdata,0,0); /* No alignment needed. */
data_size = 4;
+ *fixed_portion = 4;
break;
/*
@@ -4924,6 +4975,8 @@ NTSTATUS smbd_do_qfilepathinfo(connection_struct *conn,
TALLOC_FREE(streams);
+ *fixed_portion = 32;
+
break;
}
case SMB_QUERY_COMPRESSION_INFO:
@@ -4933,6 +4986,7 @@ NTSTATUS smbd_do_qfilepathinfo(connection_struct *conn,
SIVAL(pdata,8,0); /* ??? */
SIVAL(pdata,12,0); /* ??? */
data_size = 16;
+ *fixed_portion = 16;
break;
case SMB_FILE_NETWORK_OPEN_INFORMATION:
@@ -4946,6 +5000,7 @@ NTSTATUS smbd_do_qfilepathinfo(connection_struct *conn,
SIVAL(pdata,48,mode);
SIVAL(pdata,52,0); /* ??? */
data_size = 56;
+ *fixed_portion = 56;
break;
case SMB_FILE_ATTRIBUTE_TAG_INFORMATION:
@@ -4953,6 +5008,7 @@ NTSTATUS smbd_do_qfilepathinfo(connection_struct *conn,
SIVAL(pdata,0,mode);
SIVAL(pdata,4,0);
data_size = 8;
+ *fixed_portion = 8;
break;
/*
@@ -5226,6 +5282,7 @@ static void call_trans2qfilepathinfo(connection_struct *conn,
struct ea_list *ea_list = NULL;
int lock_data_count = 0;
char *lock_data = NULL;
+ size_t fixed_portion;
NTSTATUS status = NT_STATUS_OK;
if (!params) {
@@ -5588,11 +5645,16 @@ total_data=%u (should be %u)\n", (unsigned int)total_data, (unsigned int)IVAL(pd
ea_list,
lock_data_count, lock_data,
req->flags2, max_data_bytes,
+ &fixed_portion,
ppdata, &data_size);
if (!NT_STATUS_IS_OK(status)) {
reply_nterror(req, status);
return;
}
+ if (fixed_portion > max_data_bytes) {
+ reply_nterror(req, NT_STATUS_INFO_LENGTH_MISMATCH);
+ return;
+ }
send_trans2_replies(conn, req, NT_STATUS_OK, params, param_size, *ppdata, data_size,
max_data_bytes);
@@ -7145,11 +7207,18 @@ static NTSTATUS smb_set_file_unix_basic(connection_struct *conn,
*/
if (raw_unixmode != SMB_MODE_NO_CHANGE) {
+ int ret;
+
DEBUG(10,("smb_set_file_unix_basic: SMB_SET_FILE_UNIX_BASIC "
"setting mode 0%o for file %s\n",
(unsigned int)unixmode,
smb_fname_str_dbg(smb_fname)));
- if (SMB_VFS_CHMOD(conn, smb_fname->base_name, unixmode) != 0) {
+ if (fsp && fsp->fh->fd != -1) {
+ ret = SMB_VFS_FCHMOD(fsp, unixmode);
+ } else {
+ ret = SMB_VFS_CHMOD(conn, smb_fname->base_name, unixmode);
+ }
+ if (ret != 0) {
return map_nt_error_from_unix(errno);
}
}
@@ -7167,12 +7236,15 @@ static NTSTATUS smb_set_file_unix_basic(connection_struct *conn,
(unsigned int)set_owner,
smb_fname_str_dbg(smb_fname)));
- if (S_ISLNK(sbuf.st_ex_mode)) {
+ if (fsp && fsp->fh->fd != -1) {
+ ret = SMB_VFS_FCHOWN(fsp, set_owner, (gid_t)-1);
+ } else {
+ /*
+ * UNIX extensions calls must always operate
+ * on symlinks.
+ */
ret = SMB_VFS_LCHOWN(conn, smb_fname->base_name,
set_owner, (gid_t)-1);
- } else {
- ret = SMB_VFS_CHOWN(conn, smb_fname->base_name,
- set_owner, (gid_t)-1);
}
if (ret != 0) {
@@ -7190,12 +7262,23 @@ static NTSTATUS smb_set_file_unix_basic(connection_struct *conn,
if ((set_grp != (uid_t)SMB_GID_NO_CHANGE) &&
(sbuf.st_ex_gid != set_grp)) {
+ int ret;
+
DEBUG(10,("smb_set_file_unix_basic: SMB_SET_FILE_UNIX_BASIC "
"changing group %u for file %s\n",
(unsigned int)set_owner,
smb_fname_str_dbg(smb_fname)));
- if (SMB_VFS_CHOWN(conn, smb_fname->base_name, (uid_t)-1,
- set_grp) != 0) {
+ if (fsp && fsp->fh->fd != -1) {
+ ret = SMB_VFS_FCHOWN(fsp, set_owner, (gid_t)-1);
+ } else {
+ /*
+ * UNIX extensions calls must always operate
+ * on symlinks.
+ */
+ ret = SMB_VFS_LCHOWN(conn, smb_fname->base_name, (uid_t)-1,
+ set_grp);
+ }
+ if (ret != 0) {
status = map_nt_error_from_unix(errno);
if (delete_on_fail) {
SMB_VFS_UNLINK(conn, smb_fname);
diff --git a/source3/torture/proto.h b/source3/torture/proto.h
index 0c6fc70..dde28ef 100644
--- a/source3/torture/proto.h
+++ b/source3/torture/proto.h
@@ -104,6 +104,7 @@ bool run_local_sprintf_append(int dummy);
bool run_cleanup1(int dummy);
bool run_cleanup2(int dummy);
bool run_cleanup3(int dummy);
+bool run_cleanup4(int dummy);
bool run_ctdb_conn(int dummy);
bool run_msg_test(int dummy);
bool run_notify_bench2(int dummy);
diff --git a/source3/torture/test_cleanup.c b/source3/torture/test_cleanup.c
index d9dce40..319a55f 100644
--- a/source3/torture/test_cleanup.c
+++ b/source3/torture/test_cleanup.c
@@ -329,3 +329,73 @@ bool run_cleanup3(int dummy)
return true;
}
+
+bool run_cleanup4(int dummy)
+{
+ struct cli_state *cli1, *cli2;
+ const char *fname = "\\cleanup4";
+ uint16_t fnum1, fnum2;
+ NTSTATUS status;
+
+ printf("CLEANUP4: Checking that a conflicting share mode is cleaned "
+ "up\n");
+
+ if (!torture_open_connection(&cli1, 0)) {
+ return false;
+ }
+ if (!torture_open_connection(&cli2, 0)) {
+ return false;
+ }
+
+ status = cli_ntcreate(
+ cli1, fname, 0,
+ FILE_GENERIC_READ|DELETE_ACCESS,
+ FILE_ATTRIBUTE_NORMAL,
+ FILE_SHARE_READ|FILE_SHARE_DELETE,
+ FILE_OVERWRITE_IF, 0, 0, &fnum1);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("creating file failed: %s\n",
+ nt_errstr(status));
+ return false;
+ }
+
+ status = cli_ntcreate(
+ cli2, fname, 0,
+ FILE_GENERIC_READ|DELETE_ACCESS,
+ FILE_ATTRIBUTE_NORMAL,
+ FILE_SHARE_READ|FILE_SHARE_DELETE,
+ FILE_OPEN, 0, 0, &fnum2);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("opening file 1st time failed: %s\n",
+ nt_errstr(status));
+ return false;
+ }
+
+ status = smbXcli_conn_samba_suicide(cli1->conn, 1);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("smbXcli_conn_samba_suicide failed: %s\n",
+ nt_errstr(status));
+ return false;
+ }
+
+ /*
+ * The next open will conflict with both opens above. The first open
+ * above will be correctly cleaned up. A bug in smbd iterating over
+ * the share mode array made it skip the share conflict check for the
+ * second open. Trigger this bug.
+ */
+
+ status = cli_ntcreate(
+ cli2, fname, 0,
+ FILE_GENERIC_WRITE|DELETE_ACCESS,
+ FILE_ATTRIBUTE_NORMAL,
+ FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE,
+ FILE_OPEN, 0, 0, &fnum2);
+ if (!NT_STATUS_EQUAL(status, NT_STATUS_SHARING_VIOLATION)) {
+ printf("opening file 2nd time returned: %s\n",
+ nt_errstr(status));
+ return false;
+ }
+
+ return true;
+}
diff --git a/source3/torture/torture.c b/source3/torture/torture.c
index 21dcf9b..107106c 100644
--- a/source3/torture/torture.c
+++ b/source3/torture/torture.c
@@ -9508,6 +9508,7 @@ static struct {
{ "CLEANUP1", run_cleanup1 },
{ "CLEANUP2", run_cleanup2 },
{ "CLEANUP3", run_cleanup3 },
+ { "CLEANUP4", run_cleanup4 },
{ "LOCAL-SUBSTITUTE", run_local_substitute, 0},
{ "LOCAL-GENCACHE", run_local_gencache, 0},
{ "LOCAL-TALLOC-DICT", run_local_talloc_dict, 0},
diff --git a/source3/winbindd/winbindd.c b/source3/winbindd/winbindd.c
index eab62a7..21cc5f2 100644
--- a/source3/winbindd/winbindd.c
+++ b/source3/winbindd/winbindd.c
@@ -1,4 +1,4 @@
-/*
+/*
Unix SMB/CIFS implementation.
Winbind daemon for ntdom nss module
@@ -216,7 +216,7 @@ static void winbindd_stdin_handler(struct tevent_context *ev,
char c;
if (read(0, &c, 1) != 1) {
bool *is_parent = talloc_get_type_abort(private_data, bool);
-
+
/* we have reached EOF on stdin, which means the
parent has exited. Shutdown the server */
DEBUG(0,("EOF on stdin (is_parent=%d)\n",
@@ -278,20 +278,33 @@ bool winbindd_setup_stdin_handler(bool parent, bool foreground)
bool *is_parent;
if (foreground) {
+ struct stat st;
+
is_parent = talloc(winbind_event_context(), bool);
if (!is_parent) {
return false;
}
-
+
*is_parent = parent;
/* if we are running in the foreground then look for
EOF on stdin, and exit if it happens. This allows
us to die if the parent process dies
+ Only do this on a pipe or socket, no other device.
*/
- tevent_add_fd(winbind_event_context(), is_parent, 0, TEVENT_FD_READ, winbindd_stdin_handler, is_parent);
+ if (fstat(0, &st) != 0) {
+ return false;
+ }
+ if (S_ISFIFO(st.st_mode) || S_ISSOCK(st.st_mode)) {
+ tevent_add_fd(winbind_event_context(),
+ is_parent,
+ 0,
+ TEVENT_FD_READ,
+ winbindd_stdin_handler,
+ is_parent);
+ }
}
-
+
return true;
}
diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbindd_cm.c
index 38c2f7d..e7b0d93 100644
--- a/source3/winbindd/winbindd_cm.c
+++ b/source3/winbindd/winbindd_cm.c
@@ -2586,11 +2586,16 @@ NTSTATUS cm_connect_lsat(struct winbindd_domain *domain,
invalidate_cm_connection(&domain->conn);
status = cm_connect_lsa_tcp(domain, mem_ctx, cli);
}
- if (!NT_STATUS_IS_OK(status)) {
+ if (NT_STATUS_IS_OK(status)) {
return status;
}
- return NT_STATUS_OK;
+ /*
+ * we tried twice to connect via ncan_ip_tcp and schannel and
+ * failed - maybe it is a trusted domain we can't connect to ?
+ * do not try tcp next time - gd
+ */
+ domain->can_do_ncacn_ip_tcp = false;
}
status = cm_connect_lsa(domain, mem_ctx, cli, lsa_policy);
diff --git a/source3/wscript b/source3/wscript
index 00432c4..1a862d2 100644
--- a/source3/wscript
+++ b/source3/wscript
@@ -94,7 +94,6 @@ def configure(conf):
conf.CHECK_FUNCS('memalign posix_memalign hstrerror')
conf.CHECK_FUNCS('shmget')
conf.CHECK_FUNCS_IN('shm_open', 'rt', checklibc=True)
- conf.CHECK_FUNCS('gettext dgettext bindtextdomain textdomain bind_textdomain_codeset')
#FIXME: for some reason this one still fails
conf.CHECK_FUNCS_IN('yp_get_default_domain', 'nsl')
conf.CHECK_FUNCS_IN('dn_expand _dn_expand __dn_expand', 'resolv')
@@ -327,8 +326,8 @@ if (0) {
conf.CHECK_FUNCS('''
_acl __acl atexit
-bindtextdomain _chdir __chdir chflags chmod _close __close _closedir
-__closedir crypt16 devnm dgettext dirfd
+ _chdir __chdir chflags chmod _close __close _closedir
+__closedir crypt16 devnm dirfd
DNSServiceRegister _dup __dup _dup2 __dup2 endmntent execl
_facl __facl _fchdir
__fchdir fchmod fchown _fcntl __fcntl fcvt fcvtl fdatasync
@@ -337,7 +336,7 @@ fsetxattr _fstat __fstat fsync
futimens futimes __fxstat getauthuid
getcwd _getcwd __getcwd getdents __getdents getdirentries
getgrent getgrnam getgrouplist getgrset getmntent getpagesize
-getpwanam getpwent_r getrlimit gettext
+getpwanam getpwent_r getrlimit
glob grantpt hstrerror initgroups innetgr
llseek _llseek __llseek _lseek __lseek
_lstat __lstat lutimes
@@ -353,7 +352,7 @@ setmntent setpgid setpriv setsid setuidx
shmget shm_open sigaction sigblock sigprocmask sigset
_stat __stat statvfs
strcasecmp strchr strpbrk strsignal strtol strupr sysconf sysctl sysctlbyname
-__sys_llseek syslog _telldir __telldir textdomain timegm
+__sys_llseek syslog _telldir __telldir timegm
utimensat vsyslog _write __write __xstat
''')
diff --git a/source3/wscript_build b/source3/wscript_build
index 9997194..924bde7 100755
--- a/source3/wscript_build
+++ b/source3/wscript_build
@@ -1287,7 +1287,7 @@ bld.SAMBA3_BINARY('net',
talloc
netapi
addns
- intl
+ samba_intl
popt_samba3
pdb
libsmb
diff --git a/source4/dsdb/schema/schema_syntax.c b/source4/dsdb/schema/schema_syntax.c
index 459ec47..30796b7 100644
--- a/source4/dsdb/schema/schema_syntax.c
+++ b/source4/dsdb/schema/schema_syntax.c
@@ -1529,7 +1529,7 @@ static WERROR dsdb_syntax_UNICODE_drsuapi_to_ldb(const struct dsdb_syntax_ctx *c
return WERR_FOOBAR;
}
- out->values[i] = data_blob_string_const(str);
+ out->values[i] = data_blob_const(str, converted_size);
}
return WERR_OK;
diff --git a/source4/heimdal_build/wscript_build b/source4/heimdal_build/wscript_build
index d9fc9e3..082b1d0 100644
--- a/source4/heimdal_build/wscript_build
+++ b/source4/heimdal_build/wscript_build
@@ -670,7 +670,7 @@ if not bld.CONFIG_SET("USING_SYSTEM_KRB5"):
HEIMDAL_LIBRARY('krb5', KRB5_SOURCE,
version_script='lib/krb5/version-script.map',
includes='../heimdal/lib/krb5 ../heimdal/lib/asn1 ../heimdal/include',
- deps='roken wind asn1 hx509 hcrypto intl com_err HEIMDAL_CONFIG heimbase execinfo',
+ deps='roken wind asn1 hx509 hcrypto com_err HEIMDAL_CONFIG heimbase execinfo samba_intl',
vnum='26.0.0',
)
KRB5_PROTO_SOURCE = KRB5_SOURCE + ['lib/krb5/expand_path.c', 'lib/krb5/plugin.c', 'lib/krb5/context.c']
@@ -894,7 +894,7 @@ if not bld.CONFIG_SET('USING_SYSTEM_COM_ERR'):
HEIMDAL_LIBRARY('com_err',
'lib/com_err/com_err.c lib/com_err/error.c',
includes='../heimdal/lib/com_err',
- deps='roken intl',
+ deps='roken samba_intl',
vnum='0.25',
version_script='lib/com_err/version-script.map',
)
diff --git a/source4/heimdal_build/wscript_configure b/source4/heimdal_build/wscript_configure
index 2bb465a..bed63d6 100755
--- a/source4/heimdal_build/wscript_configure
+++ b/source4/heimdal_build/wscript_configure
@@ -19,7 +19,7 @@ conf.CHECK_HEADERS('ifaddrs.h')
conf.CHECK_HEADERS('''crypt.h errno.h inttypes.h netdb.h signal.h sys/bswap.h
sys/file.h sys/stropts.h sys/timeb.h sys/times.h sys/uio.h sys/un.h
sys/utsname.h time.h timezone.h ttyname.h netinet/in.h
- netinet/in6.h netinet6/in6.h libintl.h''')
+ netinet/in6.h netinet6/in6.h''')
conf.CHECK_HEADERS('curses.h term.h termcap.h', together=True)
@@ -42,8 +42,6 @@ conf.CHECK_FUNCS_IN('''getnameinfo sendmsg socket getipnodebyname gethostent get
'socket nsl',
checklibc=True)
-conf.CHECK_FUNCS_IN('dgettext gettext', 'intl', headers='libintl.h')
-
conf.CHECK_FUNCS('iruserok')
conf.CHECK_FUNCS('bswap16')
diff --git a/source4/libcli/dgram/dgramsocket.c b/source4/libcli/dgram/dgramsocket.c
index 3f06dc7..cd6d3e4 100644
--- a/source4/libcli/dgram/dgramsocket.c
+++ b/source4/libcli/dgram/dgramsocket.c
@@ -48,7 +48,7 @@ static void dgm_socket_recv(struct nbt_dgram_socket *dgmsock)
}
blob = data_blob_talloc(tmp_ctx, NULL, dsize);
- if (blob.data == NULL) {
+ if ((dsize != 0) && (blob.data == NULL)) {
talloc_free(tmp_ctx);
return;
}
diff --git a/source4/scripting/bin/samba_upgradedns b/source4/scripting/bin/samba_upgradedns
index 3c30090..6b208c9 100755
--- a/source4/scripting/bin/samba_upgradedns
+++ b/source4/scripting/bin/samba_upgradedns
@@ -284,7 +284,7 @@ if __name__ == '__main__':
expression='(sAMAccountName=DnsAdmins)',
attrs=['objectSid'])
dnsadmins_sid = ndr_unpack(security.dom_sid, msg[0]['objectSid'][0])
- except Exception, e:
+ except IndexError:
logger.info("Adding DNS accounts")
add_dns_accounts(ldbs.sam, domaindn)
dnsadmins_sid = get_dnsadmins_sid(ldbs.sam, domaindn)
@@ -314,7 +314,7 @@ if __name__ == '__main__':
msg = ldbs.sam.search(base=names.configdn, scope=ldb.SCOPE_DEFAULT,
expression=expression, attrs=['nCName'])
ncname = msg[0]['nCName'][0]
- except Exception, e:
+ except IndexError:
logger.info("Creating DNS partitions")
logger.info("Looking up IPv4 addresses")
@@ -331,7 +331,7 @@ if __name__ == '__main__':
logger.debug("IPv4 addresses: %s" % hostip)
logger.info("Looking up IPv6 addresses")
- hostip6 = interface_ips_v6(lp, linklocal=False)
+ hostip6 = interface_ips_v6(lp)
if not hostip6:
hostip6 = None
else:
@@ -415,16 +415,17 @@ if __name__ == '__main__':
dn = 'samAccountName=dns-%s,CN=Principals' % hostname
msg = ldbs.secrets.search(expression='(dn=%s)' % dn, attrs=['secret'])
dnssecret = msg[0]['secret'][0]
- except Exception:
+ except IndexError:
+
logger.info("Adding dns-%s account" % hostname)
try:
msg = ldbs.sam.search(base=domaindn, scope=ldb.SCOPE_DEFAULT,
expression='(sAMAccountName=dns-%s)' % (hostname),
- attrs=['clearTextPassword'])
+ attrs=[])
dn = msg[0].dn
ldbs.sam.delete(dn)
- except Exception:
+ except IndexError:
pass
dnspass = samba.generate_random_password(128, 255)
@@ -436,10 +437,19 @@ if __name__ == '__main__':
"DNSNAME" : dnsname }
)
+ res = ldbs.sam.search(base=domaindn, scope=ldb.SCOPE_DEFAULT,
+ expression='(sAMAccountName=dns-%s)' % (hostname),
+ attrs=["msDS-KeyVersionNumber"])
+ if "msDS-KeyVersionNumber" in res[0]:
+ dns_key_version_number = int(res[0]["msDS-KeyVersionNumber"][0])
+ else:
+ dns_key_version_number = None
+
secretsdb_setup_dns(ldbs.secrets, names,
paths.private_dir, realm=names.realm,
dnsdomain=names.dnsdomain,
- dns_keytab_path=paths.dns_keytab, dnspass=dnspass)
+ dns_keytab_path=paths.dns_keytab, dnspass=dnspass,
+ key_version_number=dns_key_version_number)
else:
logger.info("dns-%s account already exists" % hostname)
@@ -463,9 +473,9 @@ if __name__ == '__main__':
# Check if dns-HOSTNAME account exists and delete it if required
try:
dn_str = 'samAccountName=dns-%s,CN=Principals' % hostname
- msg = ldbs.secrets.search(expression='(dn=%s)' % dn_str, attrs=['secret'])
+ msg = ldbs.secrets.search(expression='(dn=%s)' % dn_str, attrs=[])
dn = msg[0].dn
- except Exception:
+ except IndexError:
dn = None
if dn is not None:
@@ -477,9 +487,9 @@ if __name__ == '__main__':
try:
msg = ldbs.sam.search(base=domaindn, scope=ldb.SCOPE_DEFAULT,
expression='(sAMAccountName=dns-%s)' % (hostname),
- attrs=['clearTextPassword'])
+ attrs=[])
dn = msg[0].dn
- except Exception:
+ except IndexError:
dn = None
if dn is not None:
diff --git a/source4/selftest/tests.py b/source4/selftest/tests.py
index a469432..6552b35 100755
--- a/source4/selftest/tests.py
+++ b/source4/selftest/tests.py
@@ -283,7 +283,7 @@ for t in smbtorture4_testsuites("dns_internal."):
# Local tests
for t in smbtorture4_testsuites("dlz_bind9."):
#The dlz_bind9 tests needs to look at the DNS database
- plansmbtorture4testsuite(t, "chgdcpass:local", "ncalrpc:localhost")
+ plansmbtorture4testsuite(t, "chgdcpass:local", ["ncalrpc:$SERVER", '-U$USERNAME%$PASSWORD'])
planpythontestsuite("s3dc", "samba.tests.libsmb_samba_internal");
@@ -312,6 +312,7 @@ plantestsuite("samba4.blackbox.rfc2307_mapping(dc:local)", "dc:local", [os.path.
plantestsuite("samba4.blackbox.wbinfo(dc:local)", "dc:local", [os.path.join(samba4srcdir, "../nsswitch/tests/test_wbinfo.sh"), '$DOMAIN', '$USERNAME', '$PASSWORD', "dc"])
plantestsuite("samba4.blackbox.wbinfo(s4member:local)", "s4member:local", [os.path.join(samba4srcdir, "../nsswitch/tests/test_wbinfo.sh"), '$DOMAIN', '$DC_USERNAME', '$DC_PASSWORD', "s4member"])
plantestsuite("samba4.blackbox.chgdcpass", "chgdcpass", [os.path.join(bbdir, "test_chgdcpass.sh"), '$SERVER', "CHGDCPASS\$", '$REALM', '$DOMAIN', '$PREFIX', "aes256-cts-hmac-sha1-96", '$SELFTEST_PREFIX/chgdcpass', smbclient4])
+plantestsuite("samba4.blackbox.samba_upgradedns(chgdcpass:local)", "chgdcpass:local", [os.path.join(bbdir, "test_samba_upgradedns.sh"), '$SERVER', '$REALM', '$PREFIX', '$SELFTEST_PREFIX/chgdcpass'])
plantestsuite_loadlist("samba4.rpc.echo against NetBIOS alias", "dc", [valgrindify(smbtorture4), "$LISTOPT", 'ncacn_np:$NETBIOSALIAS', '-U$DOMAIN/$USERNAME%$PASSWORD', 'rpc.echo'])
# Tests using the "Simple" NTVFS backend
diff --git a/source4/setup/secrets_dns.ldif b/source4/setup/secrets_dns.ldif
index 67fd66b..192c06d 100644
--- a/source4/setup/secrets_dns.ldif
+++ b/source4/setup/secrets_dns.ldif
@@ -5,7 +5,7 @@ objectClass: secret
objectClass: kerberosSecret
realm: ${REALM}
servicePrincipalName: DNS/${DNSNAME}
-msDS-KeyVersionNumber: 1
+msDS-KeyVersionNumber: ${KEY_VERSION_NUMBER}
privateKeytab: ${DNS_KEYTAB}
secret:: ${DNSPASS_B64}
samAccountName: dns-${HOSTNAME}
diff --git a/source4/smbd/server.c b/source4/smbd/server.c
index 17b6ce5..8a9de48 100644
--- a/source4/smbd/server.c
+++ b/source4/smbd/server.c
@@ -303,6 +303,7 @@ static int binary_smbd_main(const char *binary_name, int argc, const char *argv[
NTSTATUS status;
const char *model = "standard";
int max_runtime = 0;
+ struct stat st;
enum {
OPT_DAEMON = 1000,
OPT_INTERACTIVE,
@@ -447,9 +448,15 @@ static int binary_smbd_main(const char *binary_name, int argc, const char *argv[
#ifdef SIGTTIN
signal(SIGTTIN, SIG_IGN);
#endif
- tevent_add_fd(event_ctx, event_ctx, 0, stdin_event_flags,
- server_stdin_handler,
- discard_const(binary_name));
+
+ if (S_ISFIFO(st.st_mode) || S_ISSOCK(st.st_mode)) {
+ tevent_add_fd(event_ctx,
+ event_ctx,
+ 0,
+ stdin_event_flags,
+ server_stdin_handler,
+ discard_const(binary_name));
+ }
if (max_runtime) {
DEBUG(0,("Called with maxruntime %d - current ts %llu\n",
diff --git a/source4/torture/dns/dlz_bind9.c b/source4/torture/dns/dlz_bind9.c
index 18d65a3..d7d1736 100644
--- a/source4/torture/dns/dlz_bind9.c
+++ b/source4/torture/dns/dlz_bind9.c
@@ -26,6 +26,9 @@
#include "dsdb/samdb/samdb.h"
#include "dsdb/common/util.h"
#include "auth/session.h"
+#include "auth/gensec/gensec.h"
+#include "auth/credentials/credentials.h"
+#include "lib/cmdline/popt_common.h"
struct torture_context *tctx_static;
@@ -121,7 +124,80 @@ static bool test_dlz_bind9_configure(struct torture_context *tctx)
return true;
}
+/*
+ * Test that a ticket obtained for the DNS service will be accepted on the Samba DLZ side
+ *
+ */
+static bool test_dlz_bind9_gensec(struct torture_context *tctx, const char *mech)
+{
+ NTSTATUS status;
+
+ struct gensec_security *gensec_client_context;
+
+ DATA_BLOB client_to_server, server_to_client;
+
+ void *dbdata;
+ const char *argv[] = {
+ "samba_dlz",
+ "-H",
+ lpcfg_private_path(tctx, tctx->lp_ctx, "dns/sam.ldb"),
+ NULL
+ };
+ tctx_static = tctx;
+ torture_assert_int_equal(tctx, dlz_create("samba_dlz", 3, discard_const_p(char *, argv), &dbdata,
+ "log", dlz_bind9_log_wrapper,
+ "writeable_zone", dlz_bind9_writeable_zone_hook, NULL),
+ ISC_R_SUCCESS,
+ "Failed to create samba_dlz");
+
+ torture_assert_int_equal(tctx, dlz_configure((void*)tctx, dbdata),
+ ISC_R_SUCCESS,
+ "Failed to configure samba_dlz");
+
+ status = gensec_client_start(tctx, &gensec_client_context,
+ lpcfg_gensec_settings(tctx, tctx->lp_ctx));
+ torture_assert_ntstatus_ok(tctx, status, "gensec_client_start (client) failed");
+
+ status = gensec_set_target_hostname(gensec_client_context, torture_setting_string(tctx, "host", NULL));
+ torture_assert_ntstatus_ok(tctx, status, "gensec_set_target_hostname (client) failed");
+
+ status = gensec_set_credentials(gensec_client_context, cmdline_credentials);
+ torture_assert_ntstatus_ok(tctx, status, "gensec_set_credentials (client) failed");
+
+ status = gensec_start_mech_by_sasl_name(gensec_client_context, mech);
+ torture_assert_ntstatus_ok(tctx, status, "gensec_start_mech_by_sasl_name (client) failed");
+
+ server_to_client = data_blob(NULL, 0);
+
+ /* Do one step of the client-server update dance */
+ status = gensec_update(gensec_client_context, tctx, tctx->ev, server_to_client, &client_to_server);
+ if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {;
+ torture_assert_ntstatus_ok(tctx, status, "gensec_update (client) failed");
+ }
+
+ torture_assert_int_equal(tctx, dlz_ssumatch(cli_credentials_get_username(cmdline_credentials),
+ lpcfg_dnsdomain(tctx->lp_ctx),
+ "127.0.0.1", "type", "key",
+ client_to_server.length,
+ client_to_server.data,
+ dbdata),
+ ISC_R_SUCCESS,
+ "Failed to check key for update rights samba_dlz");
+ dlz_destroy(dbdata);
+
+ return true;
+}
+
+static bool test_dlz_bind9_gssapi(struct torture_context *tctx)
+{
+ return test_dlz_bind9_gensec(tctx, "GSSAPI");
+}
+
+static bool test_dlz_bind9_spnego(struct torture_context *tctx)
+{
+ return test_dlz_bind9_gensec(tctx, "GSS-SPNEGO");
+}
static struct torture_suite *dlz_bind9_suite(TALLOC_CTX *ctx)
{
@@ -132,6 +208,8 @@ static struct torture_suite *dlz_bind9_suite(TALLOC_CTX *ctx)
torture_suite_add_simple_test(suite, "version", test_dlz_bind9_version);
torture_suite_add_simple_test(suite, "create", test_dlz_bind9_create);
torture_suite_add_simple_test(suite, "configure", test_dlz_bind9_configure);
+ torture_suite_add_simple_test(suite, "gssapi", test_dlz_bind9_gssapi);
+ torture_suite_add_simple_test(suite, "spnego", test_dlz_bind9_spnego);
return suite;
}
diff --git a/source4/torture/winbind/winbind.c b/source4/torture/winbind/winbind.c
index 5956834..65382a9 100644
--- a/source4/torture/winbind/winbind.c
+++ b/source4/torture/winbind/winbind.c
@@ -201,6 +201,7 @@ static bool torture_winbind_pac(struct torture_context *tctx)
torture_assert_ntstatus_ok(tctx, status, "gensec_client_start (client) failed");
status = gensec_set_target_hostname(gensec_client_context, cli_credentials_get_workstation(cmdline_credentials));
+ torture_assert_ntstatus_ok(tctx, status, "gensec_set_target_hostname (client) failed");
status = gensec_set_credentials(gensec_client_context, cmdline_credentials);
torture_assert_ntstatus_ok(tctx, status, "gensec_set_credentials (client) failed");
diff --git a/testprogs/blackbox/test_samba_upgradedns.sh b/testprogs/blackbox/test_samba_upgradedns.sh
new file mode 100755
index 0000000..a080f73
--- /dev/null
+++ b/testprogs/blackbox/test_samba_upgradedns.sh
@@ -0,0 +1,37 @@
+#!/bin/sh
+# Blackbox tests for the samba_upgradedns
+# Copyright (C) 2006-2007 Jelmer Vernooij <jelmer at samba.org>
+# Copyright (C) 2006-2012 Andrew Bartlett <abartlet at samba.org>
+
+if [ $# -lt 4 ]; then
+cat <<EOF
+Usage: test_samba_upgradedns.sh SERVER REALM PREFIX PROVDIR
+EOF
+exit 1;
+fi
+
+SERVER=$1
+REALM=$2
+PREFIX=$3
+PROVDIR=$4
+shift 4
+failed=0
+
+samba4bindir="$BINDIR"
+samba4srcdir="$SRCDIR/source4"
+samba4kinit="$samba4bindir/samba4kinit"
+
+. `dirname $0`/subunit.sh
+
+testit "run samba_upgradedns converting to bind9 DLZ" $samba4srcdir/scripting/bin/samba_upgradedns --dns-backend=BIND9_DLZ -s $PROVDIR/etc/smb.conf || failed=`expr $failed + 1`
+
+testit "run samba_upgradedns converting to internal" $samba4srcdir/scripting/bin/samba_upgradedns --dns-backend=SAMBA_INTERNAL -s $PROVDIR/etc/smb.conf || failed=`expr $failed + 1`
+
+testit "run samba_upgradedns converting to internal (2nd time)" $samba4srcdir/scripting/bin/samba_upgradedns --dns-backend=SAMBA_INTERNAL -s $PROVDIR/etc/smb.conf || failed=`expr $failed + 1`
+
+testit "run samba_upgradedns converting to bind9 DLZ (2nd time)" $samba4srcdir/scripting/bin/samba_upgradedns --dns-backend=BIND9_DLZ -s $PROVDIR/etc/smb.conf || failed=`expr $failed + 1`
+
+testit "run samba_upgradedns converting to bind9 DLZ (3rd time)" $samba4srcdir/scripting/bin/samba_upgradedns --dns-backend=BIND9_DLZ -s $PROVDIR/etc/smb.conf || failed=`expr $failed + 1`
+
+
+exit $failed
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-samba/samba.git
More information about the Pkg-samba-maint
mailing list