[Pkg-samba-maint] Bug#1040519: bookworm-pu: package samba/2:4.17.9+dfsg-0+deb12u1
Michael Tokarev
mjt at tls.msk.ru
Fri Jul 7 08:03:07 BST 2023
Package: release.debian.org
Severity: normal
Tags: bookworm
User: release.debian.org at packages.debian.org
Usertags: pu
X-Debbugs-Cc: samba at packages.debian.org
Control: affects -1 + src:samba
[ Reason ]
Here's the next stable/bugfix release of samba, 4.17.9.
As has been the case with samba stable/bugfix releases, this
one is of an excellent quality, well tested and with all changes
well selected as well.
Usually in debian we patched previous stable samba release,
picking up just some changes from upstream. But I believe
every bit fixed by samba upstream project deserves to come
to debian, together with their version number, - there's no
reason for patching and especially for picking a subset of
changes from a well-selected and well-tested upstream bugfix
release.
As is usual for samba stable/bugfix releases again, this release
fixes a bunch of bugs which affects users of samba in one way or
another, despite the fact there's no corresponding bug reports
in debian. All bugs fixed in this release are linked to in the
new changelog entry. One of the patches has been already applied
in the previous debian release of samba, so that patch is removed
from d/patches.
[ Impact ]
The list of bugs fixed isn't large, but some of the bugs are
annoying and serious enough. For example,
https://bugzilla.samba.org/show_bug.cgi?id=15361 "wibindd
recurses into itself via rpcd_lsad" affects getpwnam() lookups
when nss_winbind is used, - it's quite severe issue.
(the patchset fixing it is also quite large).
[ Tests ]
This is samba upstream stable/bugfix release, which passes whole
upstream testsuite and wider testing by the users. The debian
package is running on my sites already, and passes my real-life
test scenarious.
[ Risks ]
The changes aren't trivial. And there's always risks. Still,
this release brings real fixes for real issues which is better
to fix anyway.
[ Checklist ]
[*] *all* changes are documented in the d/changelog
[*] I reviewed all changes and I approve them
[*] attach debdiff against the package in (old)stable
[*] the issue is verified as fixed in unstable
[ Changes ]
* new upstream stable/bugfix release, with the following fixes:
* https://bugzilla.samba.org/show_bug.cgi?id=14030
named crashes on DLZ zone update
(this was in debian in previous upload)
* https://bugzilla.samba.org/show_bug.cgi?id=15275
smbd_scavenger crashes when service smbd is stopped
* https://bugzilla.samba.org/show_bug.cgi?id=15361
winbind recurses into itself via rpcd_lsad
* https://bugzilla.samba.org/show_bug.cgi?id=15374
aes256 smb3 encryption algorithms are not allowed in smb3_sid_parse()
* https://bugzilla.samba.org/show_bug.cgi?id=15378
vfs_fruit might cause a failing open for delete
* https://bugzilla.samba.org/show_bug.cgi?id=15382
cli_list loops 100% CPU against pre-lanman2 servers
* https://bugzilla.samba.org/show_bug.cgi?id=15391
smbclient leaks fds with showacls
* https://bugzilla.samba.org/show_bug.cgi?id=15403
smbget memory leak if failed to download files recursively
* https://bugzilla.samba.org/show_bug.cgi?id=15404
Backport --pidl-developer fixes
* https://bugzilla.samba.org/show_bug.cgi?id=15413
winbindd gets stuck on NT_STATUS_RPC_SEC_PKG_ERROR
* remove dnsserver-rename-dns_name_equal.patch
(included upstream)
[ Other info ]
In the debdiff below, I filtered out *.[1-8] and *.[1-8].html -
these are auto-generated manpages which gets updated for the
current version number and release date, making the debdiff
really huge. In trixie I removed these generated manpages at
the dfsg-repack stage so it is not an issue anymore there,
but for bookworm it hasn't been done in time.
Each bug report linked to from the changelog has a patch(set)
fixing it in this (4.17) release, which are included in the
upstream tarball. To simplify review, it might be good idea
to take a look there. Also, each individual commit is available at
https://gitlab.com/samba-team/samba/-/commits/samba-4.17.9
(up to previous tag therem samba-4.17.8). The diff itself
between 4.17.8 and 4.17.9 is rather difficult to read as a whole,
while individual logical changes/commits are more manageable.
While at it, I'm asking about 2 more possible changes in this
package for bookworm, if it is okay with the release team to
have them or not. If yes, I'll prepare another upload with
them included.
First, I'd love to get rid of the autogenerated manpages in
the orig.tar.gz during the dfsg-repack stage, which has been
noticed too late in the bookworm release cycle. Upstream
ships auto-generated manpages (in man and html format) in the
source tarball, and the boilerplates in these manpages are
updated for each version number and the release date. During
build, the manpages are regenerated (actually this happens
sometimes only, the upstream build system is difficult to
follow; at least the patched manpages are regenerated). This
makes difference between different upstream releases huge,
and I have to filter the manpages to get it back into a
manageable size. So I'd love to add 3 patterns to d/copyright
filtering out docs/manpages/*.[1-8], ctdb/doc/*.[1-8] and
ctdb/doc/*.[1-8].html and regenerate +dfsg.orig.tar.gz.
This will make the diff even larger once, but will a) ensure
everything is rebuilt during the build process (and we don't
re-use stuff built by someone else), make subsequent diffs
small, but it does not affect the resulting binaries in any
way. This change is already included in samba package in
sid, and I verified it works the same way with 4.17 samba too.
And second, I had numerous requests to let samba work with
kernel-based keystore in context of kerberos. Initially it
was thought this requires switching from heimdal to mit-krb5
kerberos implementation (which isn't supported upstream for
running in ad-dc mode), but it turned out (again, too late
in the bookworm release cycle) heimdal also supports this for
a long time, the prob is that the samba configure procedure
for heimdal (heimdal is built from samba-shipped sources) just
does not enable it by mistake. In order to enable this, a
trivial patch for the build system and libkeyutils-dev build-
dependency are needed, 2 commits from 4.18 branch (sid/trixie):
https://salsa.debian.org/samba-team/samba/-/commit/1d25241e573ed2e2fe38ed168168e994d3104c69
https://salsa.debian.org/samba-team/samba/-/commit/8235a95ec450427acf0cd7ddfb3b91b6ebe15302
The talk is about #1023609 here, and I continue receiving requests
to enable it for bookworm too.
So, if such changes are possible during stable release cycle,
please let me know and I'll include them too on top of the
current bunch.
Thank you!
/mjt
diff -Nru --exclude '*.[1-8]' --exclude '*.[1-8].html' samba-4.17.8+dfsg/debian/changelog samba-4.17.9+dfsg/debian/changelog
--- samba-4.17.8+dfsg/debian/changelog 2023-05-24 22:54:43.000000000 +0300
+++ samba-4.17.9+dfsg/debian/changelog 2023-07-06 23:00:33.000000000 +0300
@@ -1,3 +1,32 @@
+samba (2:4.17.9+dfsg-0+deb12u1) bookworm-proposed-updates; urgency=medium
+
+ * new upstream stable/bugfix release, with the following fixes:
+ * https://bugzilla.samba.org/show_bug.cgi?id=14030
+ named crashes on DLZ zone update
+ (this was in debian in previous upload)
+ * https://bugzilla.samba.org/show_bug.cgi?id=15275
+ smbd_scavenger crashes when service smbd is stopped
+ * https://bugzilla.samba.org/show_bug.cgi?id=15361
+ winbind recurses into itself via rpcd_lsad
+ * https://bugzilla.samba.org/show_bug.cgi?id=15374
+ aes256 smb3 encryption algorithms are not allowed in smb3_sid_parse()
+ * https://bugzilla.samba.org/show_bug.cgi?id=15378
+ vfs_fruit might cause a failing open for delete
+ * https://bugzilla.samba.org/show_bug.cgi?id=15382
+ cli_list loops 100% CPU against pre-lanman2 servers
+ * https://bugzilla.samba.org/show_bug.cgi?id=15391
+ smbclient leaks fds with showacls
+ * https://bugzilla.samba.org/show_bug.cgi?id=15403
+ smbget memory leak if failed to download files recursively
+ * https://bugzilla.samba.org/show_bug.cgi?id=15404
+ Backport --pidl-developer fixes
+ * https://bugzilla.samba.org/show_bug.cgi?id=15413
+ winbindd gets stuck on NT_STATUS_RPC_SEC_PKG_ERROR
+ * remove dnsserver-rename-dns_name_equal.patch
+ (included upstream)
+
+ -- Michael Tokarev <mjt at tls.msk.ru> Thu, 06 Jul 2023 23:00:33 +0300
+
samba (2:4.17.8+dfsg-2) unstable; urgency=medium
* dnsserver-rename-dns_name_equal.patch
diff -Nru --exclude '*.[1-8]' --exclude '*.[1-8].html' samba-4.17.8+dfsg/debian/patches/dnsserver-rename-dns_name_equal.patch samba-4.17.9+dfsg/debian/patches/dnsserver-rename-dns_name_equal.patch
--- samba-4.17.8+dfsg/debian/patches/dnsserver-rename-dns_name_equal.patch 2023-05-24 22:54:43.000000000 +0300
+++ samba-4.17.9+dfsg/debian/patches/dnsserver-rename-dns_name_equal.patch 1970-01-01 03:00:00.000000000 +0300
@@ -1,255 +0,0 @@
-Commit-Id: fcecdfa8e5c651d4a27f8fcd5df6e9bce37ed8a7
-From: Samuel Cabrero <scabrero at samba.org>
-Date: Wed, 18 Jan 2023 17:25:29 +0100
-Subject: s4:dnsserver: Rename dns_name_equal() to samba_dns_name_equal()
-Bug-Debian: https://bugs.debian.org/1036587
-Bug-Debian: https://bugs.debian.org/927747
-Bug: https://bugzilla.samba.org/show_bug.cgi?id=14030
-
-This function already exists in bind9 but takes different arguments, so when
-the DLZ is loaded and this function is called bind crashes:
-
- named[1523]: samba_dlz: allowing update of signer=DESKTOP-8BUKMBK\$\@AFOREST.AD name=118.101.168.192.in-addr.arpa tcpaddr=192.168.101.118 type=PTR key=1264-ms-7.1-2ac9.9ef238e1-9747-11ed-9f95-525400dc6981/159/0
- named[1523]: samba_dlz: allowing update of signer=DESKTOP-8BUKMBK\$\@AFOREST.AD name=118.101.168.192.in-addr.arpa tcpaddr=192.168.101.118 type=PTR key=1264-ms-7.1-2ac9.9ef238e1-9747-11ed-9f95-525400dc6981/159/0
- named[1523]: client @0x7f26caa90f68 192.168.101.118#58223/key DESKTOP-8BUKMBK\$\@AFOREST.AD: updating zone '101.168.192.in-addr.arpa/NONE': deleting rrset at '118.101.168.192.in-addr.ar
- named[1523]: name.c:664: REQUIRE(((name1) != ((void *)0) && ((const isc__magic_t *)(name1))->magic == ((('D') << 24 | ('N') << 16 | ('S') << 8 | ('n'))))) failed, back trace
-
-Backtrace:
-
- #0 0x00007f2716c957ec in __pthread_kill_implementation () from /lib64/libc.so.6
- #1 0x00007f2716c42816 in raise () from /lib64/libc.so.6
- #2 0x00007f2716c2b81c in abort () from /lib64/libc.so.6
- #3 0x000055d4de847995 in assertion_failed (file=<optimized out>, line=<optimized out>,
- type=<optimized out>, cond=<optimized out>) at /usr/src/debug/bind-9.18.10/bin/named/main.c:237
- #4 0x00007f27176388fc in isc_assertion_failed (file=file at entry=0x7f27173b0df6 "name.c",
- line=line at entry=664, type=type at entry=isc_assertiontype_require,
- cond=cond at entry=0x7f27173b0268 "((name1) != ((void *)0) && ((const isc__magic_t *)(name1))->magic == ((('D') << 24 | ('N') << 16 | ('S') << 8 | ('n'))))")
- at /usr/src/debug/bind-9.18.10/lib/isc/assertions.c:48
- #5 0x00007f27172946f9 in dns_name_equal (name1=<optimized out>, name2=<optimized out>)
- at /usr/src/debug/bind-9.18.10/lib/dns/name.c:664
-
- **** Here bind's dns_name_equal() is called instead of samba's dns_name_equal() ****
-
- #6 0x00007f27077ad6f2 in dns_record_match (rec1=0x7f26f8042d70, rec2=0x7f26f8044d10)
- at ../../source4/dns_server/dnsserver_common.c:1346
- #7 0x00007f271404732c in b9_record_match (rec1=0x7f26f8042d70, rec2=0x7f26f8044d10)
- at ../../source4/dns_server/dlz_bind9.c:1830
- #8 0x00007f2714047daa in dlz_subrdataset (name=0x7f2706ff82f0 "118.101.168.192.in-addr.arpa",
- rdatastr=0x7f26c9c10000 "118.101.168.192.in-addr.arpa.\t1200\tIN\tPTR\tDESKTOP-8BUKMBK.aforest.ad.",
- dbdata=0x7f271003d300, version=0x7f26f8044b20) at ../../source4/dns_server/dlz_bind9.c:2077
- #9 0x000055d4de84afb4 in dlopen_dlz_subrdataset (name=0x7f2706ff82f0 "118.101.168.192.in-addr.arpa",
- rdatastr=<optimized out>, driverarg=<optimized out>, dbdata=0x7f270430f680, version=<optimized out>)
- at /usr/src/debug/bind-9.18.10/bin/named/dlz_dlopen_driver.c:483
- #10 0x00007f271738e734 in modrdataset.constprop.0 (db=0x7f2704291740, node=0x7f26c9c006e0,
- version=0x7f26f8044b20, rdataset=0x7f2706ff8830,
- mod_function=0x55d4de84af80 <dlopen_dlz_subrdataset>, options=<optimized out>)
- at /usr/src/debug/bind-9.18.10/lib/dns/sdlz.c:1107
- #11 0x00007f2717251855 in diff_apply (diff=diff at entry=0x7f2706ff8df0, db=db at entry=0x7f2704291740,
- ver=ver at entry=0x7f26f8044b20, warn=warn at entry=true) at /usr/src/debug/bind-9.18.10/lib/dns/diff.c:370
- #12 0x00007f2717251c8a in dns_diff_apply (diff=diff at entry=0x7f2706ff8df0, db=db at entry=0x7f2704291740,
- ver=ver at entry=0x7f26f8044b20) at /usr/src/debug/bind-9.18.10/lib/dns/diff.c:465
- #13 0x00007f2717d105aa in do_one_tuple (tuple=tuple at entry=0x7f2706ff8e50, db=db at entry=0x7f2704291740,
- ver=ver at entry=0x7f26f8044b20, diff=diff at entry=0x7f2706ff9400)
- at /usr/src/debug/bind-9.18.10/lib/ns/update.c:454
- #14 0x00007f2717d10fff in update_one_rr (rdata=0x7f2706ff8ee8, ttl=<optimized out>,
- name=<optimized out>, op=DNS_DIFFOP_DEL, diff=0x7f2706ff9400, ver=0x7f26f8044b20, db=0x7f2704291740)
- at /usr/src/debug/bind-9.18.10/lib/ns/update.c:505
- #15 delete_if_action (data=<optimized out>, rr=0x7f2706ff8ee0)
- at /usr/src/debug/bind-9.18.10/lib/ns/update.c:1427
- #16 0x00007f2717d10ccd in foreach_rr (db=0x7f2704291740, ver=<optimized out>, name=0x7f26caa61d00,
- type=<optimized out>, covers=<optimized out>,
- rr_action=rr_action at entry=0x7f2717d10f60 <delete_if_action>, rr_action_data=0x7f2706ff9280)
- at /usr/src/debug/bind-9.18.10/lib/ns/update.c:736
- #17 0x00007f2717d10e76 in delete_if (predicate=predicate at entry=0x7f2717d0fb10 <true_p>,
- db=<optimized out>, ver=<optimized out>, name=<optimized out>, type=<optimized out>,
- covers=<optimized out>, update_rr=0x7f2706ff94b0, diff=0x7f2706ff9400)
- at /usr/src/debug/bind-9.18.10/lib/ns/update.c:1454
- #18 0x00007f2717d1bccd in update_action (task=<optimized out>, event=<optimized out>)
- at /usr/src/debug/bind-9.18.10/lib/ns/update.c:3299
- #19 0x00007f271765eb4c in task_run (task=0x7f27155ccf00)
- at /usr/src/debug/bind-9.18.10/lib/isc/task.c:823
- #20 isc_task_run (task=0x7f27155ccf00) at /usr/src/debug/bind-9.18.10/lib/isc/task.c:904
- #21 0x00007f271762cb12 in isc__nm_async_task (worker=0x7f2716236560, ev0=0x7f26caa07000)
- at netmgr/netmgr.c:840
- #22 process_netievent (worker=worker at entry=0x7f2716236560, ievent=0x7f26caa07000) at netmgr/netmgr.c:918
- #23 0x00007f271762d197 in process_queue (worker=worker at entry=0x7f2716236560,
- type=type at entry=NETIEVENT_TASK) at netmgr/netmgr.c:1011
- #24 0x00007f271762d3b3 in process_all_queues (worker=0x7f2716236560) at netmgr/netmgr.c:765
- #25 async_cb (handle=0x7f27162368c0) at netmgr/netmgr.c:794
- #26 0x00007f2717c4cb0d in uv__async_io (loop=0x7f2716236570, w=<optimized out>, events=<optimized out>)
- at src/unix/async.c:163
- #27 0x00007f2717c6825d in uv__io_poll (loop=0x7f2716236570, timeout=<optimized out>)
- at src/unix/epoll.c:374
- #28 0x00007f2717c5247a in uv__io_poll (timeout=<optimized out>, loop=0x7f2716236570)
- at src/unix/udp.c:122
- #29 uv_run (loop=loop at entry=0x7f2716236570, mode=mode at entry=UV_RUN_DEFAULT) at src/unix/core.c:406
- #30 0x00007f271762d834 in nm_thread (worker0=0x7f2716236560) at netmgr/netmgr.c:696
- #31 0x00007f27176627f5 in isc__trampoline_run (arg=0x55d4dfe3ad70)
- at /usr/src/debug/bind-9.18.10/lib/isc/trampoline.c:189
- #32 0x00007f2716c9398d in start_thread () from /lib64/libc.so.6
- #33 0x00007f2716d19344 in clone () from /lib64/libc.so.6
-
-BUG: https://bugzilla.samba.org/show_bug.cgi?id=14030
-
-Signed-off-by: Samuel Cabrero <scabrero at samba.org>
-Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
-
-Autobuild-User(master): Samuel Cabrero <scabrero at samba.org>
-Autobuild-Date(master): Thu Jan 19 10:20:27 UTC 2023 on atb-devel-224
----
- source4/dns_server/dns_crypto.c | 2 +-
- source4/dns_server/dns_update.c | 4 ++--
- source4/dns_server/dnsserver_common.c | 21 +++++++++++++--------
- source4/dns_server/dnsserver_common.h | 2 +-
- source4/rpc_server/dnsserver/dnsutils.c | 2 +-
- source4/torture/dns/dlz_bind9.c | 8 ++++----
- 6 files changed, 22 insertions(+), 17 deletions(-)
-
-diff --git a/source4/dns_server/dns_crypto.c b/source4/dns_server/dns_crypto.c
-index 6d2b8648757..b38eb8b13bb 100644
---- a/source4/dns_server/dns_crypto.c
-+++ b/source4/dns_server/dns_crypto.c
-@@ -81,7 +81,7 @@ struct dns_server_tkey *dns_find_tkey(struct dns_server_tkey_store *store,
- if (tmp_key == NULL) {
- continue;
- }
-- if (dns_name_equal(name, tmp_key->name)) {
-+ if (samba_dns_name_equal(name, tmp_key->name)) {
- tkey = tmp_key;
- break;
- }
-diff --git a/source4/dns_server/dns_update.c b/source4/dns_server/dns_update.c
-index 2d5f353671e..7b87dc6c6e3 100644
---- a/source4/dns_server/dns_update.c
-+++ b/source4/dns_server/dns_update.c
-@@ -593,7 +593,7 @@ static WERROR handle_one_update(struct dns_server *dns,
- * work out if the node as a whole needs tombstoning.
- */
- if (update->rr_type == DNS_QTYPE_ALL) {
-- if (dns_name_equal(update->name, zone->name)) {
-+ if (samba_dns_name_equal(update->name, zone->name)) {
- for (i = first; i < rcount; i++) {
-
- if (recs[i].wType == DNS_TYPE_SOA) {
-@@ -617,7 +617,7 @@ static WERROR handle_one_update(struct dns_server *dns,
- }
- }
-
-- } else if (dns_name_equal(update->name, zone->name)) {
-+ } else if (samba_dns_name_equal(update->name, zone->name)) {
-
- if (update->rr_type == DNS_QTYPE_SOA) {
- return WERR_OK;
-diff --git a/source4/dns_server/dnsserver_common.c b/source4/dns_server/dnsserver_common.c
-index 03f76d4a871..0481b0715c7 100644
---- a/source4/dns_server/dnsserver_common.c
-+++ b/source4/dns_server/dnsserver_common.c
-@@ -1331,7 +1331,8 @@ bool dns_record_match(struct dnsp_DnssrvRpcRecord *rec1,
- return memcmp(&rec1_in_addr6, &rec2_in_addr6, sizeof(rec1_in_addr6)) == 0;
- }
- case DNS_TYPE_CNAME:
-- return dns_name_equal(rec1->data.cname, rec2->data.cname);
-+ return samba_dns_name_equal(rec1->data.cname,
-+ rec2->data.cname);
- case DNS_TYPE_TXT:
- if (rec1->data.txt.count != rec2->data.txt.count) {
- return false;
-@@ -1343,23 +1344,27 @@ bool dns_record_match(struct dnsp_DnssrvRpcRecord *rec1,
- }
- return true;
- case DNS_TYPE_PTR:
-- return dns_name_equal(rec1->data.ptr, rec2->data.ptr);
-+ return samba_dns_name_equal(rec1->data.ptr, rec2->data.ptr);
- case DNS_TYPE_NS:
-- return dns_name_equal(rec1->data.ns, rec2->data.ns);
-+ return samba_dns_name_equal(rec1->data.ns, rec2->data.ns);
-
- case DNS_TYPE_SRV:
- return rec1->data.srv.wPriority == rec2->data.srv.wPriority &&
- rec1->data.srv.wWeight == rec2->data.srv.wWeight &&
- rec1->data.srv.wPort == rec2->data.srv.wPort &&
-- dns_name_equal(rec1->data.srv.nameTarget, rec2->data.srv.nameTarget);
-+ samba_dns_name_equal(rec1->data.srv.nameTarget,
-+ rec2->data.srv.nameTarget);
-
- case DNS_TYPE_MX:
- return rec1->data.mx.wPriority == rec2->data.mx.wPriority &&
-- dns_name_equal(rec1->data.mx.nameTarget, rec2->data.mx.nameTarget);
-+ samba_dns_name_equal(rec1->data.mx.nameTarget,
-+ rec2->data.mx.nameTarget);
-
- case DNS_TYPE_SOA:
-- return dns_name_equal(rec1->data.soa.mname, rec2->data.soa.mname) &&
-- dns_name_equal(rec1->data.soa.rname, rec2->data.soa.rname) &&
-+ return samba_dns_name_equal(rec1->data.soa.mname,
-+ rec2->data.soa.mname) &&
-+ samba_dns_name_equal(rec1->data.soa.rname,
-+ rec2->data.soa.rname) &&
- rec1->data.soa.serial == rec2->data.soa.serial &&
- rec1->data.soa.refresh == rec2->data.soa.refresh &&
- rec1->data.soa.retry == rec2->data.soa.retry &&
-@@ -1485,7 +1490,7 @@ exit:
- /*
- see if two DNS names are the same
- */
--bool dns_name_equal(const char *name1, const char *name2)
-+bool samba_dns_name_equal(const char *name1, const char *name2)
- {
- size_t len1 = strlen(name1);
- size_t len2 = strlen(name2);
-diff --git a/source4/dns_server/dnsserver_common.h b/source4/dns_server/dnsserver_common.h
-index c3ba369e3bf..a0c1065ae58 100644
---- a/source4/dns_server/dnsserver_common.h
-+++ b/source4/dns_server/dnsserver_common.h
-@@ -76,7 +76,7 @@ WERROR dns_common_name2dn(struct ldb_context *samdb,
- TALLOC_CTX *mem_ctx,
- const char *name,
- struct ldb_dn **_dn);
--bool dns_name_equal(const char *name1, const char *name2);
-+bool samba_dns_name_equal(const char *name1, const char *name2);
-
- bool dns_record_match(struct dnsp_DnssrvRpcRecord *rec1,
- struct dnsp_DnssrvRpcRecord *rec2);
-diff --git a/source4/rpc_server/dnsserver/dnsutils.c b/source4/rpc_server/dnsserver/dnsutils.c
-index 56b2690aa95..2c56946b0f6 100644
---- a/source4/rpc_server/dnsserver/dnsutils.c
-+++ b/source4/rpc_server/dnsserver/dnsutils.c
-@@ -311,7 +311,7 @@ struct dnsserver_zone *dnsserver_find_zone(struct dnsserver_zone *zones, const c
- struct dnsserver_zone *z = NULL;
-
- for (z = zones; z; z = z->next) {
-- if (dns_name_equal(zone_name, z->name)) {
-+ if (samba_dns_name_equal(zone_name, z->name)) {
- break;
- }
- }
-diff --git a/source4/torture/dns/dlz_bind9.c b/source4/torture/dns/dlz_bind9.c
-index 1f330106a98..f15671e370c 100644
---- a/source4/torture/dns/dlz_bind9.c
-+++ b/source4/torture/dns/dlz_bind9.c
-@@ -414,18 +414,18 @@ static bool dlz_bind9_putnamedrr_torture_hook(struct test_expected_rr *expected,
- } else if (strcmp(type, "cname") == 0 ||
- strcmp(type, "ptr") == 0 ||
- strcmp(type, "ns") == 0) {
-- if (! dns_name_equal(data, data2)) {
-+ if (!samba_dns_name_equal(data, data2)) {
- continue;
- }
- } else if (strcmp(type, "mx") == 0) {
- /*
-- * dns_name_equal works for MX records because
-- * the space in "10 example.com." is
-+ * samba_dns_name_equal works for MX records
-+ * because the space in "10 example.com." is
- * theoretically OK as a DNS character. And we
- * need it because dlz will add the trailing
- * dot.
- */
-- if (! dns_name_equal(data, data2)) {
-+ if (!samba_dns_name_equal(data, data2)) {
- continue;
- }
- } else if (strcmp(data, data2) != 0) {
---
-2.39.2
-
diff -Nru --exclude '*.[1-8]' --exclude '*.[1-8].html' samba-4.17.8+dfsg/debian/patches/series samba-4.17.9+dfsg/debian/patches/series
--- samba-4.17.8+dfsg/debian/patches/series 2023-05-24 22:53:18.000000000 +0300
+++ samba-4.17.9+dfsg/debian/patches/series 2023-07-06 22:59:43.000000000 +0300
@@ -23,4 +23,3 @@
meaningful-error-if-no-samba-ad-provision.patch
meaningful-error-if-no-python3-markdown.patch
ctdb-use-run-instead-of-var-run.patch
-dnsserver-rename-dns_name_equal.patch
diff -Nru --exclude '*.[1-8]' --exclude '*.[1-8].html' samba-4.17.8+dfsg/docs-xml/manpages/vfs_fruit.8.xml samba-4.17.9+dfsg/docs-xml/manpages/vfs_fruit.8.xml
--- samba-4.17.8+dfsg/docs-xml/manpages/vfs_fruit.8.xml 2022-08-08 17:15:39.004189300 +0300
+++ samba-4.17.9+dfsg/docs-xml/manpages/vfs_fruit.8.xml 2023-07-06 16:42:43.016797000 +0300
@@ -406,6 +406,19 @@
</listitem>
</varlistentry>
+ <varlistentry>
+ <term>fruit:convert_adouble = yes | no</term>
+ <listitem>
+ <para>Whether an attempt shall be made to convert ._ AppleDouble
+ sidecar files to native streams (xattrs when using
+ vfs_streams_xattr). The main use case for this conversion is
+ transparent migration from a server config without streams support
+ where the macOS client created those AppleDouble sidecar
+ files.</para>
+ <para>The default is <emphasis>yes</emphasis>.</para>
+ </listitem>
+ </varlistentry>
+
</variablelist>
</refsect1>
diff -Nru --exclude '*.[1-8]' --exclude '*.[1-8].html' samba-4.17.8+dfsg/libcli/named_pipe_auth/npa_tstream.c samba-4.17.9+dfsg/libcli/named_pipe_auth/npa_tstream.c
--- samba-4.17.8+dfsg/libcli/named_pipe_auth/npa_tstream.c 2022-08-08 17:15:39.184190800 +0300
+++ samba-4.17.9+dfsg/libcli/named_pipe_auth/npa_tstream.c 2023-07-06 16:42:43.016797000 +0300
@@ -73,7 +73,7 @@
int ret;
enum ndr_err_code ndr_err;
char *lower_case_npipe;
- struct named_pipe_auth_req_info5 *info5;
+ struct named_pipe_auth_req_info7 *info7;
req = tevent_req_create(mem_ctx, &state,
struct tstream_npa_connect_state);
@@ -119,39 +119,43 @@
goto post;
}
- state->auth_req.level = 5;
- info5 = &state->auth_req.info.info5;
+ state->auth_req.level = 7;
+ info7 = &state->auth_req.info.info7;
- info5->transport = transport;
- SMB_ASSERT(info5->transport == transport); /* Assert no overflow */
+ info7->transport = transport;
+ SMB_ASSERT(info7->transport == transport); /* Assert no overflow */
- info5->remote_client_name = remote_client_name_in;
- info5->remote_client_addr = tsocket_address_inet_addr_string(remote_client_addr,
- state);
- if (!info5->remote_client_addr) {
+ info7->remote_client_name = remote_client_name_in;
+ info7->remote_client_addr =
+ tsocket_address_inet_addr_string(remote_client_addr, state);
+ if (!info7->remote_client_addr) {
/* errno might be EINVAL */
tevent_req_error(req, errno);
goto post;
}
- info5->remote_client_port = tsocket_address_inet_port(remote_client_addr);
- if (!info5->remote_client_name) {
- info5->remote_client_name = info5->remote_client_addr;
+ info7->remote_client_port =
+ tsocket_address_inet_port(remote_client_addr);
+ if (!info7->remote_client_name) {
+ info7->remote_client_name = info7->remote_client_addr;
}
- info5->local_server_name = local_server_name_in;
- info5->local_server_addr = tsocket_address_inet_addr_string(local_server_addr,
- state);
- if (!info5->local_server_addr) {
+ info7->local_server_name = local_server_name_in;
+ info7->local_server_addr =
+ tsocket_address_inet_addr_string(local_server_addr, state);
+ if (!info7->local_server_addr) {
/* errno might be EINVAL */
tevent_req_error(req, errno);
goto post;
}
- info5->local_server_port = tsocket_address_inet_port(local_server_addr);
- if (!info5->local_server_name) {
- info5->local_server_name = info5->local_server_addr;
+ info7->local_server_port =
+ tsocket_address_inet_port(local_server_addr);
+ if (!info7->local_server_name) {
+ info7->local_server_name = info7->local_server_addr;
}
- info5->session_info = discard_const_p(struct auth_session_info_transport, session_info);
+ info7->session_info =
+ discard_const_p(struct auth_session_info_transport,
+ session_info);
if (DEBUGLVL(10)) {
NDR_PRINT_DEBUG(named_pipe_auth_req, &state->auth_req);
@@ -348,10 +352,10 @@
npas->unix_stream = talloc_move(stream, &state->unix_stream);
switch (state->auth_rep.level) {
- case 5:
- npas->file_type = state->auth_rep.info.info5.file_type;
- device_state = state->auth_rep.info.info5.device_state;
- allocation_size = state->auth_rep.info.info5.allocation_size;
+ case 7:
+ npas->file_type = state->auth_rep.info.info7.file_type;
+ device_state = state->auth_rep.info.info7.device_state;
+ allocation_size = state->auth_rep.info.info7.allocation_size;
break;
}
@@ -1084,7 +1088,7 @@
tevent_req_data(req, struct tstream_npa_accept_state);
struct named_pipe_auth_req *pipe_request;
struct named_pipe_auth_rep pipe_reply;
- struct named_pipe_auth_req_info5 i5;
+ struct named_pipe_auth_req_info7 i7;
enum ndr_err_code ndr_err;
DATA_BLOB in, out;
int err;
@@ -1147,53 +1151,59 @@
NDR_PRINT_DEBUG(named_pipe_auth_req, pipe_request);
}
- ZERO_STRUCT(i5);
+ ZERO_STRUCT(i7);
- if (pipe_request->level != 5) {
+ if (pipe_request->level != 7) {
DEBUG(0, ("Unknown level %u\n", pipe_request->level));
pipe_reply.level = 0;
pipe_reply.status = NT_STATUS_INVALID_LEVEL;
goto reply;
}
- pipe_reply.level = 5;
+ pipe_reply.level = 7;
pipe_reply.status = NT_STATUS_OK;
- pipe_reply.info.info5.file_type = state->file_type;
- pipe_reply.info.info5.device_state = state->device_state;
- pipe_reply.info.info5.allocation_size = state->alloc_size;
+ pipe_reply.info.info7.file_type = state->file_type;
+ pipe_reply.info.info7.device_state = state->device_state;
+ pipe_reply.info.info7.allocation_size = state->alloc_size;
- i5 = pipe_request->info.info5;
- if (i5.local_server_addr == NULL) {
+ i7 = pipe_request->info.info7;
+ if (i7.local_server_addr == NULL) {
pipe_reply.status = NT_STATUS_INVALID_ADDRESS;
DEBUG(2, ("Missing local server address\n"));
goto reply;
}
- if (i5.remote_client_addr == NULL) {
+ if (i7.remote_client_addr == NULL) {
pipe_reply.status = NT_STATUS_INVALID_ADDRESS;
DEBUG(2, ("Missing remote client address\n"));
goto reply;
}
- ret = tsocket_address_inet_from_strings(state, "ip",
- i5.local_server_addr,
- i5.local_server_port,
+ ret = tsocket_address_inet_from_strings(state,
+ "ip",
+ i7.local_server_addr,
+ i7.local_server_port,
&state->local_server_addr);
if (ret != 0) {
- DEBUG(2, ("Invalid local server address[%s:%u] - %s\n",
- i5.local_server_addr, i5.local_server_port,
- strerror(errno)));
+ DEBUG(2,
+ ("Invalid local server address[%s:%u] - %s\n",
+ i7.local_server_addr,
+ i7.local_server_port,
+ strerror(errno)));
pipe_reply.status = NT_STATUS_INVALID_ADDRESS;
goto reply;
}
- ret = tsocket_address_inet_from_strings(state, "ip",
- i5.remote_client_addr,
- i5.remote_client_port,
+ ret = tsocket_address_inet_from_strings(state,
+ "ip",
+ i7.remote_client_addr,
+ i7.remote_client_port,
&state->remote_client_addr);
if (ret != 0) {
- DEBUG(2, ("Invalid remote client address[%s:%u] - %s\n",
- i5.remote_client_addr, i5.remote_client_port,
- strerror(errno)));
+ DEBUG(2,
+ ("Invalid remote client address[%s:%u] - %s\n",
+ i7.remote_client_addr,
+ i7.remote_client_port,
+ strerror(errno)));
pipe_reply.status = NT_STATUS_INVALID_ADDRESS;
goto reply;
}
@@ -1249,14 +1259,15 @@
tevent_req_done(req);
}
-static struct named_pipe_auth_req_info5 *copy_npa_info5(
- TALLOC_CTX *mem_ctx, const struct named_pipe_auth_req_info5 *src)
+static struct named_pipe_auth_req_info7 *
+copy_npa_info7(TALLOC_CTX *mem_ctx,
+ const struct named_pipe_auth_req_info7 *src)
{
- struct named_pipe_auth_req_info5 *dst = NULL;
+ struct named_pipe_auth_req_info7 *dst = NULL;
DATA_BLOB blob;
enum ndr_err_code ndr_err;
- dst = talloc_zero(mem_ctx, struct named_pipe_auth_req_info5);
+ dst = talloc_zero(mem_ctx, struct named_pipe_auth_req_info7);
if (dst == NULL) {
return NULL;
}
@@ -1265,9 +1276,9 @@
&blob,
dst,
src,
- (ndr_push_flags_fn_t)ndr_push_named_pipe_auth_req_info5);
+ (ndr_push_flags_fn_t)ndr_push_named_pipe_auth_req_info7);
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
- DBG_WARNING("ndr_push_named_pipe_auth_req_info5 failed: %s\n",
+ DBG_WARNING("ndr_push_named_pipe_auth_req_info7 failed: %s\n",
ndr_errstr(ndr_err));
TALLOC_FREE(dst);
return NULL;
@@ -1277,10 +1288,10 @@
&blob,
dst,
dst,
- (ndr_pull_flags_fn_t)ndr_pull_named_pipe_auth_req_info5);
+ (ndr_pull_flags_fn_t)ndr_pull_named_pipe_auth_req_info7);
TALLOC_FREE(blob.data);
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
- DBG_WARNING("ndr_push_named_pipe_auth_req_info5 failed: %s\n",
+ DBG_WARNING("ndr_push_named_pipe_auth_req_info7 failed: %s\n",
ndr_errstr(ndr_err));
TALLOC_FREE(dst);
return NULL;
@@ -1294,7 +1305,7 @@
int *perrno,
TALLOC_CTX *mem_ctx,
struct tstream_context **stream,
- struct named_pipe_auth_req_info5 **info5,
+ struct named_pipe_auth_req_info7 **info7,
enum dcerpc_transport_t *transport,
struct tsocket_address **remote_client_addr,
char **_remote_client_name,
@@ -1305,7 +1316,8 @@
{
struct tstream_npa_accept_state *state =
tevent_req_data(req, struct tstream_npa_accept_state);
- struct named_pipe_auth_req_info5 *i5 = &state->pipe_request->info.info5;
+ struct named_pipe_auth_req_info7 *i7 =
+ &state->pipe_request->info.info7;
struct tstream_npa *npas;
int ret;
@@ -1346,24 +1358,24 @@
npas->unix_stream = state->plain;
npas->file_type = state->file_type;
- if (info5 != NULL) {
+ if (info7 != NULL) {
/*
- * Make a full copy of "info5" because further down we
+ * Make a full copy of "info7" because further down we
* talloc_move() away substructures from
* state->pipe_request.
*/
- struct named_pipe_auth_req_info5 *dst = copy_npa_info5(
- mem_ctx, i5);
+ struct named_pipe_auth_req_info7 *dst =
+ copy_npa_info7(mem_ctx, i7);
if (dst == NULL) {
*perrno = ENOMEM;
tevent_req_received(req);
return -1;
}
- *info5 = dst;
+ *info7 = dst;
}
if (transport != NULL) {
- *transport = i5->transport;
+ *transport = i7->transport;
}
if (remote_client_addr != NULL) {
*remote_client_addr = talloc_move(
@@ -1371,7 +1383,8 @@
}
if (_remote_client_name != NULL) {
*_remote_client_name = discard_const_p(
- char, talloc_move(mem_ctx, &i5->remote_client_name));
+ char,
+ talloc_move(mem_ctx, &i7->remote_client_name));
}
if (local_server_addr != NULL) {
*local_server_addr = talloc_move(
@@ -1379,10 +1392,11 @@
}
if (local_server_name != NULL) {
*local_server_name = discard_const_p(
- char, talloc_move(mem_ctx, &i5->local_server_name));
+ char,
+ talloc_move(mem_ctx, &i7->local_server_name));
}
if (session_info != NULL) {
- *session_info = talloc_move(mem_ctx, &i5->session_info);
+ *session_info = talloc_move(mem_ctx, &i7->session_info);
}
tevent_req_received(req);
diff -Nru --exclude '*.[1-8]' --exclude '*.[1-8].html' samba-4.17.8+dfsg/libcli/named_pipe_auth/npa_tstream.h samba-4.17.9+dfsg/libcli/named_pipe_auth/npa_tstream.h
--- samba-4.17.8+dfsg/libcli/named_pipe_auth/npa_tstream.h 2022-08-08 17:15:39.184190800 +0300
+++ samba-4.17.9+dfsg/libcli/named_pipe_auth/npa_tstream.h 2023-07-06 16:42:43.016797000 +0300
@@ -27,7 +27,7 @@
struct tevent_context;
struct auth_session_info_transport;
struct tsocket_address;
-struct named_pipe_auth_req_info5;
+struct named_pipe_auth_req_info7;
struct tevent_req *tstream_npa_connect_send(TALLOC_CTX *mem_ctx,
struct tevent_context *ev,
@@ -114,7 +114,7 @@
int *perrno,
TALLOC_CTX *mem_ctx,
struct tstream_context **stream,
- struct named_pipe_auth_req_info5 **info5,
+ struct named_pipe_auth_req_info7 **info7,
enum dcerpc_transport_t *transport,
struct tsocket_address **remote_client_addr,
char **_remote_client_name,
diff -Nru --exclude '*.[1-8]' --exclude '*.[1-8].html' samba-4.17.8+dfsg/libcli/security/dom_sid.h samba-4.17.9+dfsg/libcli/security/dom_sid.h
--- samba-4.17.8+dfsg/libcli/security/dom_sid.h 2022-08-08 17:15:39.184190800 +0300
+++ samba-4.17.9+dfsg/libcli/security/dom_sid.h 2023-07-06 16:42:43.016797000 +0300
@@ -66,6 +66,10 @@
extern const struct dom_sid global_sid_Unix_NFS_Other;
extern const struct dom_sid global_sid_Samba_SMB3;
+extern const struct dom_sid global_sid_Samba_NPA_Flags;
+#define SAMBA_NPA_FLAGS_NEED_IDLE 1
+#define SAMBA_NPA_FLAGS_WINBIND_OFF 2
+
enum lsa_SidType;
NTSTATUS dom_sid_lookup_predefined_name(const char *name,
diff -Nru --exclude '*.[1-8]' --exclude '*.[1-8].html' samba-4.17.8+dfsg/libcli/security/security_token.c samba-4.17.9+dfsg/libcli/security/security_token.c
--- samba-4.17.8+dfsg/libcli/security/security_token.c 2022-08-08 17:15:39.188190700 +0300
+++ samba-4.17.9+dfsg/libcli/security/security_token.c 2023-07-06 16:42:43.016797000 +0300
@@ -95,6 +95,42 @@
return false;
}
+size_t security_token_count_flag_sids(const struct security_token *token,
+ const struct dom_sid *prefix_sid,
+ size_t num_flags,
+ const struct dom_sid **_flag_sid)
+{
+ const size_t num_auths_expected = prefix_sid->num_auths + num_flags;
+ const struct dom_sid *found = NULL;
+ size_t num = 0;
+ uint32_t i;
+
+ SMB_ASSERT(num_auths_expected <= ARRAY_SIZE(prefix_sid->sub_auths));
+
+ for (i = 0; i < token->num_sids; i++) {
+ const struct dom_sid *sid = &token->sids[i];
+ int cmp;
+
+ if ((size_t)sid->num_auths != num_auths_expected) {
+ continue;
+ }
+
+ cmp = dom_sid_compare_domain(sid, prefix_sid);
+ if (cmp != 0) {
+ continue;
+ }
+
+ num += 1;
+ found = sid;
+ }
+
+ if ((num == 1) && (_flag_sid != NULL)) {
+ *_flag_sid = found;
+ }
+
+ return num;
+}
+
bool security_token_has_builtin_guests(const struct security_token *token)
{
return security_token_has_sid(token, &global_sid_Builtin_Guests);
diff -Nru --exclude '*.[1-8]' --exclude '*.[1-8].html' samba-4.17.8+dfsg/libcli/security/security_token.h samba-4.17.9+dfsg/libcli/security/security_token.h
--- samba-4.17.8+dfsg/libcli/security/security_token.h 2022-08-08 17:15:39.188190700 +0300
+++ samba-4.17.9+dfsg/libcli/security/security_token.h 2023-07-06 16:42:43.016797000 +0300
@@ -47,6 +47,15 @@
bool security_token_has_sid(const struct security_token *token, const struct dom_sid *sid);
+/*
+ * Return any of the domain sids found in the token matching "domain"
+ * in _domain_sid, makes most sense if you just found one.
+ */
+size_t security_token_count_flag_sids(const struct security_token *token,
+ const struct dom_sid *prefix_sid,
+ size_t num_flags,
+ const struct dom_sid **_flag_sid);
+
bool security_token_has_builtin_guests(const struct security_token *token);
bool security_token_has_builtin_administrators(const struct security_token *token);
diff -Nru --exclude '*.[1-8]' --exclude '*.[1-8].html' samba-4.17.8+dfsg/libcli/security/util_sid.c samba-4.17.9+dfsg/libcli/security/util_sid.c
--- samba-4.17.8+dfsg/libcli/security/util_sid.c 2022-08-08 17:15:39.188190700 +0300
+++ samba-4.17.9+dfsg/libcli/security/util_sid.c 2023-07-06 16:42:43.016797000 +0300
@@ -162,6 +162,13 @@
const struct dom_sid global_sid_Samba_SMB3 =
{1, 1, {0,0,0,0,0,22}, {1397571891, }};
+const struct dom_sid global_sid_Samba_NPA_Flags = {1,
+ 1,
+ {0, 0, 0, 0, 0, 22},
+ {
+ 2041152804,
+ }};
+
/* Unused, left here for documentary purposes */
#if 0
#define SECURITY_NULL_SID_AUTHORITY 0
diff -Nru --exclude '*.[1-8]' --exclude '*.[1-8].html' samba-4.17.8+dfsg/librpc/idl/named_pipe_auth.idl samba-4.17.9+dfsg/librpc/idl/named_pipe_auth.idl
--- samba-4.17.8+dfsg/librpc/idl/named_pipe_auth.idl 2022-08-08 17:15:39.216190800 +0300
+++ samba-4.17.9+dfsg/librpc/idl/named_pipe_auth.idl 2023-07-06 16:42:43.016797000 +0300
@@ -21,11 +21,10 @@
[charset(DOS),string] uint8 *local_server_addr;
uint16 local_server_port;
auth_session_info_transport *session_info;
- boolean8 need_idle_server;
- } named_pipe_auth_req_info5;
+ } named_pipe_auth_req_info7;
typedef [switch_type(uint32)] union {
- [case(5)] named_pipe_auth_req_info5 info5;
+ [case(7)] named_pipe_auth_req_info7 info7;
} named_pipe_auth_req_info;
typedef [public,gensize] struct {
@@ -41,10 +40,10 @@
uint16 file_type;
uint16 device_state;
hyper allocation_size;
- } named_pipe_auth_rep_info5;
+ } named_pipe_auth_rep_info7;
typedef [switch_type(uint32)] union {
- [case(5)] named_pipe_auth_rep_info5 info5;
+ [case(7)] named_pipe_auth_rep_info7 info7;
} named_pipe_auth_rep_info;
typedef [public,gensize] struct {
diff -Nru --exclude '*.[1-8]' --exclude '*.[1-8].html' samba-4.17.8+dfsg/librpc/rpc/dcerpc_helper.c samba-4.17.9+dfsg/librpc/rpc/dcerpc_helper.c
--- samba-4.17.8+dfsg/librpc/rpc/dcerpc_helper.c 2022-08-08 17:15:39.232191000 +0300
+++ samba-4.17.9+dfsg/librpc/rpc/dcerpc_helper.c 2023-07-06 16:42:43.016797000 +0300
@@ -20,6 +20,7 @@
#include "librpc/gen_ndr/auth.h"
#include "lib/crypto/gnutls_helpers.h"
#include "libcli/security/dom_sid.h"
+#include "libcli/security/security_token.h"
#include "libcli/smb/smb2_constants.h"
#include "dcerpc_helper.h"
@@ -48,7 +49,12 @@
}
cipher = sid->sub_auths[3];
- if (cipher > SMB2_ENCRYPTION_AES128_GCM) {
+ if (cipher > 256) {
+ /*
+ * It is unlikely that we
+ * ever have more then 256
+ * encryption algorithms
+ */
return false;
}
@@ -75,23 +81,17 @@
uint16_t dialect = 0;
uint16_t encrypt = 0;
uint16_t cipher = 0;
- uint32_t i;
+ size_t num_smb3_sids;
bool ok;
- for (i = 0; i < token->num_sids; i++) {
- int cmp;
-
- /* There is only one SMB3 SID allowed! */
- cmp = dom_sid_compare_domain(&token->sids[i], &smb3_dom_sid);
- if (cmp == 0) {
- if (smb3_sid == NULL) {
- smb3_sid = &token->sids[i];
- } else {
- DBG_ERR("ERROR: The SMB3 SID has been detected "
- "multiple times\n");
- return false;
- }
- }
+ num_smb3_sids = security_token_count_flag_sids(token,
+ &smb3_dom_sid,
+ 3,
+ &smb3_sid);
+ if (num_smb3_sids > 1) {
+ DBG_ERR("ERROR: The SMB3 SID has been detected %zu times\n",
+ num_smb3_sids);
+ return false;
}
if (smb3_sid == NULL) {
diff -Nru --exclude '*.[1-8]' --exclude '*.[1-8].html' samba-4.17.8+dfsg/librpc/rpc/dcesrv_core.c samba-4.17.9+dfsg/librpc/rpc/dcesrv_core.c
--- samba-4.17.8+dfsg/librpc/rpc/dcesrv_core.c 2022-08-08 17:15:39.232191000 +0300
+++ samba-4.17.9+dfsg/librpc/rpc/dcesrv_core.c 2023-07-06 16:42:43.016797000 +0300
@@ -34,6 +34,7 @@
#include "librpc/gen_ndr/ndr_dcerpc.h"
#include "lib/util/tevent_ntstatus.h"
#include "system/network.h"
+#include "nsswitch/winbind_client.h"
/**
* @file
@@ -1838,6 +1839,7 @@
enum dcerpc_transport_t transport =
dcerpc_binding_get_transport(endpoint->ep_description);
struct ndr_pull *pull;
+ bool turn_winbind_on = false;
NTSTATUS status;
if (auth->auth_invalid) {
@@ -1953,8 +1955,23 @@
pull->data_size - pull->offset));
}
+ if (call->state_flags & DCESRV_CALL_STATE_FLAG_WINBIND_OFF) {
+ bool winbind_active = !winbind_env_set();
+ if (winbind_active) {
+ DBG_DEBUG("turning winbind off\n");
+ (void)winbind_off();
+ turn_winbind_on = true;
+ }
+ }
+
/* call the dispatch function */
status = call->context->iface->dispatch(call, call, call->r);
+
+ if (turn_winbind_on) {
+ DBG_DEBUG("turning winbind on\n");
+ (void)winbind_on();
+ }
+
if (!NT_STATUS_IS_OK(status)) {
DEBUG(5,("dcerpc fault in call %s:%02x - %s\n",
call->context->iface->name,
diff -Nru --exclude '*.[1-8]' --exclude '*.[1-8].html' samba-4.17.8+dfsg/librpc/rpc/dcesrv_core.h samba-4.17.9+dfsg/librpc/rpc/dcesrv_core.h
--- samba-4.17.8+dfsg/librpc/rpc/dcesrv_core.h 2022-08-08 17:15:39.232191000 +0300
+++ samba-4.17.9+dfsg/librpc/rpc/dcesrv_core.h 2023-07-06 16:42:43.016797000 +0300
@@ -125,6 +125,7 @@
#define DCESRV_CALL_STATE_FLAG_MAY_ASYNC (1<<1)
#define DCESRV_CALL_STATE_FLAG_MULTIPLEXED (1<<3)
#define DCESRV_CALL_STATE_FLAG_PROCESS_PENDING_CALL (1<<4)
+#define DCESRV_CALL_STATE_FLAG_WINBIND_OFF (1 << 5)
uint32_t state_flags;
/* the time the request arrived in the server */
diff -Nru --exclude '*.[1-8]' --exclude '*.[1-8].html' samba-4.17.8+dfsg/pidl/lib/Parse/Pidl/Samba4/Python.pm samba-4.17.9+dfsg/pidl/lib/Parse/Pidl/Samba4/Python.pm
--- samba-4.17.8+dfsg/pidl/lib/Parse/Pidl/Samba4/Python.pm 2022-08-08 17:15:39.248191000 +0300
+++ samba-4.17.9+dfsg/pidl/lib/Parse/Pidl/Samba4/Python.pm 2023-07-06 16:42:43.016797000 +0300
@@ -1747,7 +1747,7 @@
$self->pidl("}");
$self->pidl("if (test_var > uint_max) {");
$self->indent;
- $self->pidl("PyErr_Format(PyExc_OverflowError, \"Expected type %s within range 0 - %llu, got %llu\",\\");
+ $self->pidl("PyErr_Format(PyExc_OverflowError, \"Expected type %s within range 0 - %llu, got %llu\",");
$self->pidl(" PyLong_Type.tp_name, uint_max, test_var);");
$self->pidl($fail);
$self->deindent;
@@ -1756,7 +1756,7 @@
$self->deindent;
$self->pidl("} else {");
$self->indent;
- $self->pidl("PyErr_Format(PyExc_TypeError, \"Expected type %s\",\\");
+ $self->pidl("PyErr_Format(PyExc_TypeError, \"Expected type %s\",");
$self->pidl(" PyLong_Type.tp_name);");
$self->pidl($fail);
$self->deindent;
@@ -1786,7 +1786,7 @@
$self->pidl("}");
$self->pidl("if (test_var < int_min || test_var > int_max) {");
$self->indent;
- $self->pidl("PyErr_Format(PyExc_OverflowError, \"Expected type %s within range %lld - %lld, got %lld\",\\");
+ $self->pidl("PyErr_Format(PyExc_OverflowError, \"Expected type %s within range %lld - %lld, got %lld\",");
$self->pidl(" PyLong_Type.tp_name, int_min, int_max, test_var);");
$self->pidl($fail);
$self->deindent;
@@ -1795,7 +1795,7 @@
$self->deindent;
$self->pidl("} else {");
$self->indent;
- $self->pidl("PyErr_Format(PyExc_TypeError, \"Expected type %s\",\\");
+ $self->pidl("PyErr_Format(PyExc_TypeError, \"Expected type %s\",");
$self->pidl(" PyLong_Type.tp_name);");
$self->pidl($fail);
$self->deindent;
diff -Nru --exclude '*.[1-8]' --exclude '*.[1-8].html' samba-4.17.8+dfsg/selftest/selftesthelpers.py samba-4.17.9+dfsg/selftest/selftesthelpers.py
--- samba-4.17.8+dfsg/selftest/selftesthelpers.py 2022-08-08 17:15:39.320191600 +0300
+++ samba-4.17.9+dfsg/selftest/selftesthelpers.py 2023-07-06 16:42:43.016797000 +0300
@@ -226,3 +226,4 @@
smbcacls = binpath('smbcacls')
smbcontrol = binpath('smbcontrol')
smbstatus = binpath('smbstatus')
+timelimit = binpath('timelimit')
diff -Nru --exclude '*.[1-8]' --exclude '*.[1-8].html' samba-4.17.8+dfsg/source3/client/client.c samba-4.17.9+dfsg/source3/client/client.c
--- samba-4.17.8+dfsg/source3/client/client.c 2023-01-26 20:45:01.649668500 +0300
+++ samba-4.17.9+dfsg/source3/client/client.c 2023-07-06 16:42:43.020797000 +0300
@@ -626,6 +626,7 @@
display_sec_desc(sd);
}
TALLOC_FREE(sd);
+ cli_close(targetcli, fnum);
}
TALLOC_FREE(afname);
}
diff -Nru --exclude '*.[1-8]' --exclude '*.[1-8].html' samba-4.17.8+dfsg/source3/include/proto.h samba-4.17.9+dfsg/source3/include/proto.h
--- samba-4.17.8+dfsg/source3/include/proto.h 2022-08-23 17:45:49.516087300 +0300
+++ samba-4.17.9+dfsg/source3/include/proto.h 2023-07-06 16:42:43.020797000 +0300
@@ -445,6 +445,9 @@
struct dom_sid **user_sids,
uint32_t *num_user_sids,
bool include_user_group_rid);
+bool security_token_find_npa_flags(const struct security_token *token,
+ uint32_t *_flags);
+void security_token_del_npa_flags(struct security_token *token);
/* The following definitions come from lib/util_sock.c */
diff -Nru --exclude '*.[1-8]' --exclude '*.[1-8].html' samba-4.17.8+dfsg/source3/lib/adouble.c samba-4.17.9+dfsg/source3/lib/adouble.c
--- samba-4.17.8+dfsg/source3/lib/adouble.c 2022-08-08 17:29:11.353506600 +0300
+++ samba-4.17.9+dfsg/source3/lib/adouble.c 2023-07-06 16:42:43.020797000 +0300
@@ -1222,7 +1222,7 @@
NULL, /* dirfsp */
stream_name, /* fname */
FILE_GENERIC_WRITE, /* access_mask */
- FILE_SHARE_READ | FILE_SHARE_WRITE, /* share_access */
+ FILE_SHARE_READ | FILE_SHARE_WRITE | FILE_SHARE_DELETE, /* share_access */
FILE_OPEN_IF, /* create_disposition */
0, /* create_options */
0, /* file_attributes */
diff -Nru --exclude '*.[1-8]' --exclude '*.[1-8].html' samba-4.17.8+dfsg/source3/lib/util_sid.c samba-4.17.9+dfsg/source3/lib/util_sid.c
--- samba-4.17.8+dfsg/source3/lib/util_sid.c 2022-08-08 17:15:39.364192000 +0300
+++ samba-4.17.9+dfsg/source3/lib/util_sid.c 2023-07-06 16:42:43.020797000 +0300
@@ -173,3 +173,37 @@
return NT_STATUS_OK;
}
+
+bool security_token_find_npa_flags(const struct security_token *token,
+ uint32_t *_flags)
+{
+ const struct dom_sid *npa_flags_sid = NULL;
+ size_t num_npa_sids;
+
+ num_npa_sids =
+ security_token_count_flag_sids(token,
+ &global_sid_Samba_NPA_Flags,
+ 1,
+ &npa_flags_sid);
+ if (num_npa_sids != 1) {
+ return false;
+ }
+
+ sid_peek_rid(npa_flags_sid, _flags);
+ return true;
+}
+
+void security_token_del_npa_flags(struct security_token *token)
+{
+ const struct dom_sid *npa_flags_sid = NULL;
+ size_t num_npa_sids;
+
+ num_npa_sids =
+ security_token_count_flag_sids(token,
+ &global_sid_Samba_NPA_Flags,
+ 1,
+ &npa_flags_sid);
+ SMB_ASSERT(num_npa_sids == 1);
+
+ del_sid_from_array(npa_flags_sid, &token->sids, &token->num_sids);
+}
diff -Nru --exclude '*.[1-8]' --exclude '*.[1-8].html' samba-4.17.8+dfsg/source3/librpc/idl/rpc_host.idl samba-4.17.9+dfsg/source3/librpc/idl/rpc_host.idl
--- samba-4.17.8+dfsg/source3/librpc/idl/rpc_host.idl 2023-03-09 12:18:38.349811600 +0300
+++ samba-4.17.9+dfsg/source3/librpc/idl/rpc_host.idl 2023-07-06 16:42:43.020797000 +0300
@@ -31,7 +31,7 @@
/**
* @brief Auth info inherited from SMB
*/
- named_pipe_auth_req_info5 *npa_info5;
+ named_pipe_auth_req_info7 *npa_info7;
/**
* @brief Raw bind PDU
diff -Nru --exclude '*.[1-8]' --exclude '*.[1-8].html' samba-4.17.8+dfsg/source3/libsmb/clilist.c samba-4.17.9+dfsg/source3/libsmb/clilist.c
--- samba-4.17.8+dfsg/source3/libsmb/clilist.c 2022-08-08 17:15:39.380192000 +0300
+++ samba-4.17.9+dfsg/source3/libsmb/clilist.c 2023-07-06 16:42:43.020797000 +0300
@@ -537,6 +537,11 @@
return status;
}
+ if (state->dirlist == NULL) {
+ *pfinfo = NULL;
+ return NT_STATUS_OK;
+ }
+
num_received = talloc_array_length(state->dirlist) / DIR_STRUCT_SIZE;
finfo = talloc_array(mem_ctx, struct file_info, num_received);
@@ -563,6 +568,7 @@
return status;
}
}
+ TALLOC_FREE(state->dirlist);
*pfinfo = finfo;
return NT_STATUS_OK;
}
diff -Nru --exclude '*.[1-8]' --exclude '*.[1-8].html' samba-4.17.8+dfsg/source3/modules/vfs_fruit.c samba-4.17.9+dfsg/source3/modules/vfs_fruit.c
--- samba-4.17.8+dfsg/source3/modules/vfs_fruit.c 2022-10-19 15:14:56.024196000 +0300
+++ samba-4.17.9+dfsg/source3/modules/vfs_fruit.c 2023-07-06 16:42:43.020797000 +0300
@@ -131,6 +131,7 @@
const char *model;
bool time_machine;
off_t time_machine_max_size;
+ bool convert_adouble;
bool wipe_intentionally_left_blank_rfork;
bool delete_empty_adfiles;
@@ -381,6 +382,10 @@
config->time_machine_max_size = conv_str_size(tm_size_str);
}
+ config->convert_adouble = lp_parm_bool(
+ SNUM(handle->conn), FRUIT_PARAM_TYPE_NAME,
+ "convert_adouble", true);
+
config->wipe_intentionally_left_blank_rfork = lp_parm_bool(
SNUM(handle->conn), FRUIT_PARAM_TYPE_NAME,
"wipe_intentionally_left_blank_rfork", false);
@@ -1567,7 +1572,7 @@
S_ISDIR(fsp->base_fsp->fsp_name->st.st_ex_mode))
{
/* sorry, but directories don't have a resource fork */
- errno = EISDIR;
+ errno = ENOENT;
rc = -1;
goto exit;
}
@@ -3959,6 +3964,10 @@
struct fruit_config_data *config = NULL;
NTSTATUS status;
+ if (S_ISDIR(smb_fname->st.st_ex_mode)) {
+ return NT_STATUS_OK;
+ }
+
SMB_VFS_HANDLE_GET_DATA(handle, config, struct fruit_config_data,
return NT_STATUS_INTERNAL_ERROR);
@@ -4286,7 +4295,10 @@
SMB_VFS_HANDLE_GET_DATA(handle, config, struct fruit_config_data,
return NT_STATUS_UNSUCCESSFUL);
- if (is_apple_stream(smb_fname->stream_name) && !internal_open) {
+ if (is_apple_stream(smb_fname->stream_name) &&
+ !internal_open &&
+ config->convert_adouble)
+ {
uint32_t conv_flags = 0;
if (config->wipe_intentionally_left_blank_rfork) {
@@ -4301,8 +4313,8 @@
macos_string_replace_map,
conv_flags);
if (ret != 0) {
- DBG_ERR("ad_convert() failed\n");
- return NT_STATUS_UNSUCCESSFUL;
+ DBG_ERR("ad_convert(\"%s\") failed\n",
+ smb_fname_str_dbg(smb_fname));
}
}
@@ -4400,20 +4412,22 @@
DBG_DEBUG("Path [%s]\n", fsp_str_dbg(fsp));
- if (config->wipe_intentionally_left_blank_rfork) {
- conv_flags |= AD_CONV_WIPE_BLANK;
- }
- if (config->delete_empty_adfiles) {
- conv_flags |= AD_CONV_DELETE;
- }
+ if (config->convert_adouble) {
+ if (config->wipe_intentionally_left_blank_rfork) {
+ conv_flags |= AD_CONV_WIPE_BLANK;
+ }
+ if (config->delete_empty_adfiles) {
+ conv_flags |= AD_CONV_DELETE;
+ }
- ret = ad_convert(handle,
- fsp->fsp_name,
- macos_string_replace_map,
- conv_flags);
- if (ret != 0) {
- DBG_ERR("ad_convert() failed\n");
- return NT_STATUS_UNSUCCESSFUL;
+ ret = ad_convert(handle,
+ fsp->fsp_name,
+ macos_string_replace_map,
+ conv_flags);
+ if (ret != 0) {
+ DBG_ERR("ad_convert(\"%s\") failed\n",
+ fsp_str_dbg(fsp));
+ }
}
*pattr_data = talloc_zero(mem_ctx, struct readdir_attr_data);
diff -Nru --exclude '*.[1-8]' --exclude '*.[1-8].html' samba-4.17.8+dfsg/source3/rpc_client/local_np.c samba-4.17.9+dfsg/source3/rpc_client/local_np.c
--- samba-4.17.8+dfsg/source3/rpc_client/local_np.c 2023-03-09 12:18:38.349811600 +0300
+++ samba-4.17.9+dfsg/source3/rpc_client/local_np.c 2023-07-06 16:42:43.020797000 +0300
@@ -24,6 +24,9 @@
#include "libcli/named_pipe_auth/tstream_u32_read.h"
#include "lib/util/tevent_unix.h"
#include "auth/auth_util.h"
+#include "libcli/security/dom_sid.h"
+#include "libcli/security/security_token.h"
+#include "nsswitch/winbind_client.h"
/**
* @file local_np.c
@@ -272,18 +275,17 @@
tevent_req_error(req, ndr_map_error2errno(ndr_err));
return;
}
- if (state->npa_rep->level != 5) {
- DBG_DEBUG("npa level = %"PRIu32", expected 5\n",
+ if (state->npa_rep->level != 7) {
+ DBG_DEBUG("npa level = %" PRIu32 ", expected 7\n",
state->npa_rep->level);
tevent_req_error(req, EIO);
return;
}
- ret = tstream_npa_existing_stream(
- state,
- &state->transport,
- state->npa_rep->info.info5.file_type,
- &state->npa_stream);
+ ret = tstream_npa_existing_stream(state,
+ &state->transport,
+ state->npa_rep->info.info7.file_type,
+ &state->npa_stream);
if (ret == -1) {
ret = errno;
DBG_DEBUG("tstream_npa_existing_stream failed: %s\n",
@@ -496,9 +498,15 @@
{
struct tevent_req *req = NULL, *subreq = NULL;
struct local_np_connect_state *state = NULL;
- struct named_pipe_auth_req_info5 *i5 = NULL;
+ struct named_pipe_auth_req_info7 *i7 = NULL;
const char *socket_dir = NULL;
char *lower_case_pipename = NULL;
+ struct dom_sid npa_sid = global_sid_Samba_NPA_Flags;
+ uint32_t npa_flags = 0;
+ struct security_token *token = NULL;
+ NTSTATUS status;
+ size_t num_npa_sids;
+ bool ok;
req = tevent_req_create(
mem_ctx, &state, struct local_np_connect_state);
@@ -507,6 +515,19 @@
}
state->ev = ev;
+ num_npa_sids =
+ security_token_count_flag_sids(session_info->security_token,
+ &npa_sid,
+ 1,
+ NULL);
+ if (num_npa_sids != 0) {
+ DBG_ERR("ERROR: %zu NPA Flags SIDs have already been "
+ "detected in the security token!\n",
+ num_npa_sids);
+ tevent_req_error(req, EACCES);
+ return tevent_req_post(req, ev);
+ }
+
socket_dir = lp_parm_const_string(
GLOBAL_SECTION_SNUM, "external_rpc_pipe", "socket_dir",
lp_ncalrpc_dir());
@@ -532,14 +553,14 @@
if (tevent_req_nomem(state->npa_req, req)) {
return tevent_req_post(req, ev);
}
- state->npa_req->level = 5;
+ state->npa_req->level = 7;
- i5 = &state->npa_req->info.info5;
+ i7 = &state->npa_req->info.info7;
- i5->transport = transport;
+ i7->transport = transport;
/* we don't have "int" in IDL, make sure we don't overflow */
- SMB_ASSERT(i5->transport == transport);
+ SMB_ASSERT(i7->transport == transport);
if (remote_client_name == NULL) {
remote_client_name = get_myname(state->npa_req);
@@ -548,7 +569,7 @@
return tevent_req_post(req, ev);
}
}
- i5->remote_client_name = remote_client_name;
+ i7->remote_client_name = remote_client_name;
if (remote_client_addr == NULL) {
struct tsocket_address *addr = NULL;
@@ -560,18 +581,19 @@
}
remote_client_addr = addr;
}
- i5->remote_client_addr = tsocket_address_inet_addr_string(
- remote_client_addr, state->npa_req);
- if (i5->remote_client_addr == NULL) {
+ i7->remote_client_addr =
+ tsocket_address_inet_addr_string(remote_client_addr,
+ state->npa_req);
+ if (i7->remote_client_addr == NULL) {
tevent_req_error(req, errno);
return tevent_req_post(req, ev);
}
- i5->remote_client_port = tsocket_address_inet_port(remote_client_addr);
+ i7->remote_client_port = tsocket_address_inet_port(remote_client_addr);
if (local_server_name == NULL) {
local_server_name = remote_client_name;
}
- i5->local_server_name = local_server_name;
+ i7->local_server_name = local_server_name;
if (local_server_addr == NULL) {
struct tsocket_address *addr = NULL;
@@ -583,27 +605,52 @@
}
local_server_addr = addr;
}
- i5->local_server_addr = tsocket_address_inet_addr_string(
- local_server_addr, state->npa_req);
- if (i5->local_server_addr == NULL) {
+ i7->local_server_addr =
+ tsocket_address_inet_addr_string(local_server_addr,
+ state->npa_req);
+ if (i7->local_server_addr == NULL) {
tevent_req_error(req, errno);
return tevent_req_post(req, ev);
}
- i5->local_server_port = tsocket_address_inet_port(local_server_addr);
+ i7->local_server_port = tsocket_address_inet_port(local_server_addr);
- i5->session_info = talloc_zero(
- state->npa_req, struct auth_session_info_transport);
- if (tevent_req_nomem(i5->session_info, req)) {
+ i7->session_info = talloc_zero(state->npa_req,
+ struct auth_session_info_transport);
+ if (tevent_req_nomem(i7->session_info, req)) {
return tevent_req_post(req, ev);
}
- i5->session_info->session_info = copy_session_info(
- i5->session_info, session_info);
- if (tevent_req_nomem(i5->session_info->session_info, req)) {
+ i7->session_info->session_info =
+ copy_session_info(i7->session_info, session_info);
+ if (tevent_req_nomem(i7->session_info->session_info, req)) {
return tevent_req_post(req, ev);
}
- i5->need_idle_server = need_idle_server;
+ if (need_idle_server) {
+ npa_flags |= SAMBA_NPA_FLAGS_NEED_IDLE;
+ }
+
+ ok = winbind_env_set();
+ if (ok) {
+ npa_flags |= SAMBA_NPA_FLAGS_WINBIND_OFF;
+ }
+
+ ok = sid_append_rid(&npa_sid, npa_flags);
+ if (!ok) {
+ tevent_req_error(req, EINVAL);
+ return tevent_req_post(req, ev);
+ }
+
+ token = i7->session_info->session_info->security_token;
+
+ status = add_sid_to_array_unique(token,
+ &npa_sid,
+ &token->sids,
+ &token->num_sids);
+ if (!NT_STATUS_IS_OK(status)) {
+ tevent_req_oom(req);
+ return tevent_req_post(req, ev);
+ }
subreq = np_sock_connect_send(
state, state->ev, state->socketpath, state->npa_req);
diff -Nru --exclude '*.[1-8]' --exclude '*.[1-8].html' samba-4.17.8+dfsg/source3/rpc_server/rpc_host.c samba-4.17.9+dfsg/source3/rpc_server/rpc_host.c
--- samba-4.17.8+dfsg/source3/rpc_server/rpc_host.c 2023-03-09 12:18:38.353811000 +0300
+++ samba-4.17.9+dfsg/source3/rpc_server/rpc_host.c 2023-07-06 16:42:43.020797000 +0300
@@ -68,6 +68,8 @@
#include "librpc/gen_ndr/ndr_epmapper.h"
#include "librpc/gen_ndr/ndr_epmapper_c.h"
#include "nsswitch/winbind_client.h"
+#include "libcli/security/dom_sid.h"
+#include "libcli/security/security_token.h"
extern bool override_logfile;
@@ -200,7 +202,7 @@
* between RPC servers: netlogon requires samr, everybody
* requires winreg. And if a deep call in netlogon asks for a
* samr connection, this must never end up in the same
- * process. named_pipe_auth_req_info5->need_idle_server is set
+ * process. named_pipe_auth_req_info7->need_idle_server is set
* in those cases.
*/
struct rpc_work_process *workers;
@@ -728,14 +730,14 @@
* anonymous session info.
*/
-static NTSTATUS rpc_host_generate_npa_info5_from_sock(
+static NTSTATUS rpc_host_generate_npa_info7_from_sock(
TALLOC_CTX *mem_ctx,
enum dcerpc_transport_t transport,
int sock,
const struct samba_sockaddr *peer_addr,
- struct named_pipe_auth_req_info5 **pinfo5)
+ struct named_pipe_auth_req_info7 **pinfo7)
{
- struct named_pipe_auth_req_info5 *info5 = NULL;
+ struct named_pipe_auth_req_info7 *info7 = NULL;
struct samba_sockaddr local_addr = {
.sa_socklen = sizeof(struct sockaddr_storage),
};
@@ -758,26 +760,28 @@
tsocket_address_to_name_fn = (transport == NCACN_IP_TCP) ?
tsocket_address_inet_addr_string : tsocket_address_unix_path;
- info5 = talloc_zero(mem_ctx, struct named_pipe_auth_req_info5);
- if (info5 == NULL) {
+ info7 = talloc_zero(mem_ctx, struct named_pipe_auth_req_info7);
+ if (info7 == NULL) {
goto fail;
}
- info5->session_info = talloc_zero(
- info5, struct auth_session_info_transport);
- if (info5->session_info == NULL) {
+ info7->session_info =
+ talloc_zero(info7, struct auth_session_info_transport);
+ if (info7->session_info == NULL) {
goto fail;
}
status = make_session_info_anonymous(
- info5->session_info, &info5->session_info->session_info);
+ info7->session_info,
+ &info7->session_info->session_info);
if (!NT_STATUS_IS_OK(status)) {
DBG_DEBUG("make_session_info_anonymous failed: %s\n",
nt_errstr(status));
goto fail;
}
- ret = tsocket_address_bsd_from_samba_sockaddr(
- info5, peer_addr, &taddr);
+ ret = tsocket_address_bsd_from_samba_sockaddr(info7,
+ peer_addr,
+ &taddr);
if (ret == -1) {
status = map_nt_error_from_unix(errno);
DBG_DEBUG("tsocket_address_bsd_from_samba_sockaddr failed: "
@@ -785,22 +789,22 @@
strerror(errno));
goto fail;
}
- remote_client_addr = tsocket_address_to_name_fn(taddr, info5);
+ remote_client_addr = tsocket_address_to_name_fn(taddr, info7);
if (remote_client_addr == NULL) {
DBG_DEBUG("tsocket_address_to_name_fn failed\n");
goto nomem;
}
TALLOC_FREE(taddr);
- remote_client_name = talloc_strdup(info5, remote_client_addr);
+ remote_client_name = talloc_strdup(info7, remote_client_addr);
if (remote_client_name == NULL) {
DBG_DEBUG("talloc_strdup failed\n");
goto nomem;
}
if (transport == NCACN_IP_TCP) {
- bool ok = samba_sockaddr_get_port(
- peer_addr, &info5->remote_client_port);
+ bool ok = samba_sockaddr_get_port(peer_addr,
+ &info7->remote_client_port);
if (!ok) {
DBG_DEBUG("samba_sockaddr_get_port failed\n");
status = NT_STATUS_INVALID_PARAMETER;
@@ -815,8 +819,9 @@
goto fail;
}
- ret = tsocket_address_bsd_from_samba_sockaddr(
- info5, &local_addr, &taddr);
+ ret = tsocket_address_bsd_from_samba_sockaddr(info7,
+ &local_addr,
+ &taddr);
if (ret == -1) {
status = map_nt_error_from_unix(errno);
DBG_DEBUG("tsocket_address_bsd_from_samba_sockaddr failed: "
@@ -824,22 +829,22 @@
strerror(errno));
goto fail;
}
- local_server_addr = tsocket_address_to_name_fn(taddr, info5);
+ local_server_addr = tsocket_address_to_name_fn(taddr, info7);
if (local_server_addr == NULL) {
DBG_DEBUG("tsocket_address_to_name_fn failed\n");
goto nomem;
}
TALLOC_FREE(taddr);
- local_server_name = talloc_strdup(info5, local_server_addr);
+ local_server_name = talloc_strdup(info7, local_server_addr);
if (local_server_name == NULL) {
DBG_DEBUG("talloc_strdup failed\n");
goto nomem;
}
if (transport == NCACN_IP_TCP) {
- bool ok = samba_sockaddr_get_port(
- &local_addr, &info5->local_server_port);
+ bool ok = samba_sockaddr_get_port(&local_addr,
+ &info7->local_server_port);
if (!ok) {
DBG_DEBUG("samba_sockaddr_get_port failed\n");
status = NT_STATUS_INVALID_PARAMETER;
@@ -868,22 +873,24 @@
TALLOC_FREE(remote_client_name);
ret = tsocket_address_unix_from_path(
- info5, AS_SYSTEM_MAGIC_PATH_TOKEN, &taddr);
+ info7,
+ AS_SYSTEM_MAGIC_PATH_TOKEN,
+ &taddr);
if (ret == -1) {
DBG_DEBUG("tsocket_address_unix_from_path "
"failed\n");
goto nomem;
}
- remote_client_addr = tsocket_address_unix_path(
- taddr, info5);
+ remote_client_addr =
+ tsocket_address_unix_path(taddr, info7);
if (remote_client_addr == NULL) {
DBG_DEBUG("tsocket_address_unix_path "
"failed\n");
goto nomem;
}
- remote_client_name = talloc_strdup(
- info5, remote_client_addr);
+ remote_client_name =
+ talloc_strdup(info7, remote_client_addr);
if (remote_client_name == NULL) {
DBG_DEBUG("talloc_strdup failed\n");
goto nomem;
@@ -891,18 +898,18 @@
}
}
- info5->remote_client_addr = remote_client_addr;
- info5->remote_client_name = remote_client_name;
- info5->local_server_addr = local_server_addr;
- info5->local_server_name = local_server_name;
+ info7->remote_client_addr = remote_client_addr;
+ info7->remote_client_name = remote_client_name;
+ info7->local_server_addr = local_server_addr;
+ info7->local_server_name = local_server_name;
- *pinfo5 = info5;
+ *pinfo7 = info7;
return NT_STATUS_OK;
nomem:
status = NT_STATUS_NO_MEMORY;
fail:
- TALLOC_FREE(info5);
+ TALLOC_FREE(info7);
return status;
}
@@ -991,12 +998,12 @@
return req;
}
- status = rpc_host_generate_npa_info5_from_sock(
+ status = rpc_host_generate_npa_info7_from_sock(
state->client,
transport,
state->sock,
peer_addr,
- &state->client->npa_info5);
+ &state->client->npa_info7);
if (!NT_STATUS_IS_OK(status)) {
tevent_req_oom(req);
return tevent_req_post(req, ev);
@@ -1028,27 +1035,26 @@
subreq, struct tevent_req);
struct rpc_host_bind_read_state *state = tevent_req_data(
req, struct rpc_host_bind_read_state);
- struct named_pipe_auth_req_info5 *info5 = NULL;
+ struct named_pipe_auth_req_info7 *info7 = NULL;
int ret, err;
- ret = tstream_npa_accept_existing_recv(
- subreq,
- &err,
- state,
- &state->npa_stream,
- &info5,
- NULL, /* transport */
- NULL, /* remote_client_addr */
- NULL, /* remote_client_name */
- NULL, /* local_server_addr */
- NULL, /* local_server_name */
- NULL); /* session_info */
+ ret = tstream_npa_accept_existing_recv(subreq,
+ &err,
+ state,
+ &state->npa_stream,
+ &info7,
+ NULL, /* transport */
+ NULL, /* remote_client_addr */
+ NULL, /* remote_client_name */
+ NULL, /* local_server_addr */
+ NULL, /* local_server_name */
+ NULL); /* session_info */
if (ret == -1) {
tevent_req_error(req, err);
return;
}
- state->client->npa_info5 = talloc_move(state->client, &info5);
+ state->client->npa_info7 = talloc_move(state->client, &info7);
subreq = dcerpc_read_ncacn_packet_send(
state, state->ev, state->npa_stream);
@@ -1321,8 +1327,17 @@
worker = rpc_host_find_worker(server);
}
} else {
+ struct auth_session_info_transport *session_info =
+ pending_client->client->npa_info7->session_info;
+ uint32_t flags = 0;
+ bool found;
+
+ found = security_token_find_npa_flags(
+ session_info->session_info->security_token,
+ &flags);
+
/* fresh assoc group requested */
- if (pending_client->client->npa_info5->need_idle_server != 0) {
+ if (found & (flags & SAMBA_NPA_FLAGS_NEED_IDLE)) {
worker = rpc_host_find_idle_worker(server);
} else {
worker = rpc_host_find_worker(server);
diff -Nru --exclude '*.[1-8]' --exclude '*.[1-8].html' samba-4.17.8+dfsg/source3/rpc_server/rpc_worker.c samba-4.17.9+dfsg/source3/rpc_server/rpc_worker.c
--- samba-4.17.8+dfsg/source3/rpc_server/rpc_worker.c 2023-03-09 12:18:38.353811000 +0300
+++ samba-4.17.9+dfsg/source3/rpc_server/rpc_worker.c 2023-07-06 16:42:43.020797000 +0300
@@ -42,6 +42,8 @@
#include "nsswitch/winbind_client.h"
#include "source3/include/messages.h"
#include "libcli/security/security_token.h"
+#include "libcli/security/dom_sid.h"
+#include "source3/include/proto.h"
/*
* This is the generic code that becomes the
@@ -170,7 +172,7 @@
int sock)
{
struct dcesrv_context *dce_ctx = worker->dce_ctx;
- struct named_pipe_auth_req_info5 *info5 = client->npa_info5;
+ struct named_pipe_auth_req_info7 *info7 = client->npa_info7;
struct tsocket_address *remote_client_addr = NULL;
struct tsocket_address *local_server_addr = NULL;
struct dcerpc_binding *b = NULL;
@@ -181,6 +183,9 @@
struct dcesrv_connection *dcesrv_conn = NULL;
DATA_BLOB buffer = { .data = NULL };
struct ncacn_packet *pkt = NULL;
+ struct security_token *token = NULL;
+ uint32_t npa_flags, state_flags;
+ bool found_npa_flags;
NTSTATUS status;
int ret;
@@ -259,87 +264,85 @@
};
if (transport == NCALRPC) {
- ret = tsocket_address_unix_from_path(
- ncacn_conn,
- info5->remote_client_addr,
- &remote_client_addr);
+ ret = tsocket_address_unix_from_path(ncacn_conn,
+ info7->remote_client_addr,
+ &remote_client_addr);
if (ret == -1) {
DBG_DEBUG("tsocket_address_unix_from_path"
"(%s) failed: %s\n",
- info5->remote_client_addr,
+ info7->remote_client_addr,
strerror(errno));
goto fail;
}
- ncacn_conn->remote_client_name = talloc_strdup(
- ncacn_conn, info5->remote_client_name);
+ ncacn_conn->remote_client_name =
+ talloc_strdup(ncacn_conn, info7->remote_client_name);
if (ncacn_conn->remote_client_name == NULL) {
DBG_DEBUG("talloc_strdup(%s) failed\n",
- info5->remote_client_name);
+ info7->remote_client_name);
goto fail;
}
- ret = tsocket_address_unix_from_path(
- ncacn_conn,
- info5->local_server_addr,
- &local_server_addr);
+ ret = tsocket_address_unix_from_path(ncacn_conn,
+ info7->local_server_addr,
+ &local_server_addr);
if (ret == -1) {
DBG_DEBUG("tsocket_address_unix_from_path"
"(%s) failed: %s\n",
- info5->local_server_addr,
+ info7->local_server_addr,
strerror(errno));
goto fail;
}
- ncacn_conn->local_server_name = talloc_strdup(
- ncacn_conn, info5->local_server_name);
+ ncacn_conn->local_server_name =
+ talloc_strdup(ncacn_conn, info7->local_server_name);
if (ncacn_conn->local_server_name == NULL) {
DBG_DEBUG("talloc_strdup(%s) failed\n",
- info5->local_server_name);
+ info7->local_server_name);
goto fail;
}
} else {
ret = tsocket_address_inet_from_strings(
ncacn_conn,
"ip",
- info5->remote_client_addr,
- info5->remote_client_port,
+ info7->remote_client_addr,
+ info7->remote_client_port,
&remote_client_addr);
if (ret == -1) {
DBG_DEBUG("tsocket_address_inet_from_strings"
- "(%s, %"PRIu16") failed: %s\n",
- info5->remote_client_addr,
- info5->remote_client_port,
+ "(%s, %" PRIu16 ") failed: %s\n",
+ info7->remote_client_addr,
+ info7->remote_client_port,
strerror(errno));
goto fail;
}
- ncacn_conn->remote_client_name = talloc_strdup(
- ncacn_conn, info5->remote_client_name);
+ ncacn_conn->remote_client_name =
+ talloc_strdup(ncacn_conn, info7->remote_client_name);
if (ncacn_conn->remote_client_name == NULL) {
DBG_DEBUG("talloc_strdup(%s) failed\n",
- info5->remote_client_name);
+ info7->remote_client_name);
goto fail;
}
ret = tsocket_address_inet_from_strings(
ncacn_conn,
"ip",
- info5->local_server_addr,
- info5->local_server_port,
+ info7->local_server_addr,
+ info7->local_server_port,
&local_server_addr);
if (ret == -1) {
DBG_DEBUG("tsocket_address_inet_from_strings"
- "(%s, %"PRIu16") failed: %s\n",
- info5->local_server_addr,
- info5->local_server_port,
+ "(%s, %" PRIu16 ") failed: %s\n",
+ info7->local_server_addr,
+ info7->local_server_port,
strerror(errno));
goto fail;
}
- ncacn_conn->local_server_name = talloc_strdup(
- ncacn_conn, info5->local_server_name);
+ ncacn_conn->local_server_name =
+ talloc_strdup(ncacn_conn, info7->local_server_name);
if (ncacn_conn->local_server_name == NULL) {
DBG_DEBUG("talloc_strdup(%s) failed\n",
- info5->local_server_name);
+ info7->local_server_name);
goto fail;
}
}
@@ -361,10 +364,10 @@
* socket that the client connected to, passed in from
* samba-dcerpcd via the binding. For NCACN_NP (root
* only by unix permissions) we got a
- * named_pipe_auth_req_info5 where the transport can
+ * named_pipe_auth_req_info7 where the transport can
* be overridden.
*/
- transport = info5->transport;
+ transport = info7->transport;
} else {
ret = tstream_bsd_existing_socket(
ncacn_conn, sock, &tstream);
@@ -376,24 +379,41 @@
}
sock = -1;
- if (security_token_is_system(
- info5->session_info->session_info->security_token) &&
- (transport != NCALRPC)) {
+ token = info7->session_info->session_info->security_token;
+
+ if (security_token_is_system(token) && (transport != NCALRPC)) {
DBG_DEBUG("System token only allowed on NCALRPC\n");
goto fail;
}
+ state_flags = DCESRV_CALL_STATE_FLAG_MAY_ASYNC;
+
+ found_npa_flags = security_token_find_npa_flags(token, &npa_flags);
+ if (found_npa_flags) {
+ if (npa_flags & SAMBA_NPA_FLAGS_WINBIND_OFF) {
+ state_flags |=
+ DCESRV_CALL_STATE_FLAG_WINBIND_OFF;
+ }
+
+ /*
+ * Delete the flags so that we don't bail in
+ * local_np_connect_send() on subsequent
+ * connects. Once we connect to another RPC service, a
+ * new flags sid will be added if required.
+ */
+ security_token_del_npa_flags(token);
+ }
+
ncacn_conn->p.msg_ctx = global_messaging_context();
ncacn_conn->p.transport = transport;
- status = dcesrv_endpoint_connect(
- dce_ctx,
- ncacn_conn,
- ep,
- info5->session_info->session_info,
- global_event_context(),
- DCESRV_CALL_STATE_FLAG_MAY_ASYNC,
- &dcesrv_conn);
+ status = dcesrv_endpoint_connect(dce_ctx,
+ ncacn_conn,
+ ep,
+ info7->session_info->session_info,
+ global_event_context(),
+ state_flags,
+ &dcesrv_conn);
if (!NT_STATUS_IS_OK(status)) {
DBG_DEBUG("Failed to connect to endpoint: %s\n",
nt_errstr(status));
diff -Nru --exclude '*.[1-8]' --exclude '*.[1-8].html' samba-4.17.8+dfsg/source3/script/tests/test_old_dirlisting.sh samba-4.17.9+dfsg/source3/script/tests/test_old_dirlisting.sh
--- samba-4.17.8+dfsg/source3/script/tests/test_old_dirlisting.sh 1970-01-01 03:00:00.000000000 +0300
+++ samba-4.17.9+dfsg/source3/script/tests/test_old_dirlisting.sh 2023-07-06 16:42:43.020797000 +0300
@@ -0,0 +1,28 @@
+#!/bin/sh
+# This tests listing directories using the SMBSearch call family
+
+if [ $# -lt 2 ]; then
+ cat <<EOF
+Usage: $0 TIMELIMIT SMBCLIENT
+EOF
+ exit 1
+fi
+
+TIMELIMIT="$1"
+shift
+SMBCLIENT="$VALGRIND $1"
+shift
+
+incdir=$(dirname $0)/../../../testprogs/blackbox
+. $incdir/subunit.sh
+
+# Make sure we don't loop 100% CPU. A normal dir listing should return
+# in less than 3 seconds. At the point of this commit smbclient -c dir
+# | wc returns 43 lines, so checking for 100 lines should be well
+# enough.
+
+count=$($TIMELIMIT 3 $SMBCLIENT //"$SERVER_IP"/tmpguest -m LANMAN1 -U% \
+ -c dir | wc -l)
+
+testit "listing shares with LANMAN1" test ${count} -le 100 ||
+ failed=$((failed + 1))
diff -Nru --exclude '*.[1-8]' --exclude '*.[1-8].html' samba-4.17.8+dfsg/source3/selftest/tests.py samba-4.17.9+dfsg/source3/selftest/tests.py
--- samba-4.17.8+dfsg/source3/selftest/tests.py 2023-03-09 12:18:38.353811000 +0300
+++ samba-4.17.9+dfsg/source3/selftest/tests.py 2023-07-06 16:42:43.024796700 +0300
@@ -33,6 +33,7 @@
from selftesthelpers import smbtorture4_options
from selftesthelpers import smbcontrol
from selftesthelpers import smbstatus
+from selftesthelpers import timelimit
smbtorture4_options.extend([
'--option=torture:sharedelay=100000',
'--option=torture:writetimeupdatedelay=500000',
@@ -690,6 +691,11 @@
'$SERVER', 'fruit_resource_stream', '$USERNAME', '$PASSWORD',
'$LOCAL_PATH/fruit_resource_stream', smbclient3])
+plantestsuite("samba3.blackbox.smbclient_old_dir", "fileserver_smb1",
+ [os.path.join(samba3srcdir,
+ "script/tests/test_old_dirlisting.sh"),
+ timelimit, smbclient3])
+
for env in ["fileserver:local"]:
plantestsuite("samba3.blackbox.net_usershare", env, [os.path.join(samba3srcdir, "script/tests/test_net_usershare.sh"), '$SERVER', '$SERVER_IP', '$USERNAME', '$PASSWORD', smbclient3])
diff -Nru --exclude '*.[1-8]' --exclude '*.[1-8].html' samba-4.17.8+dfsg/source3/smbd/scavenger.c samba-4.17.9+dfsg/source3/smbd/scavenger.c
--- samba-4.17.8+dfsg/source3/smbd/scavenger.c 2022-08-08 17:15:39.480193000 +0300
+++ samba-4.17.9+dfsg/source3/smbd/scavenger.c 2023-07-06 16:42:43.024796700 +0300
@@ -104,7 +104,7 @@
server_id_str_buf(*state->scavenger_id, &tmp1),
server_id_str_buf(state->parent_id, &tmp2)));
- exit_server("smbd_scavenger_parent_dead");
+ exit_server_cleanly("smbd_scavenger_parent_dead");
}
static void scavenger_sig_term_handler(struct tevent_context *ev,
diff -Nru --exclude '*.[1-8]' --exclude '*.[1-8].html' samba-4.17.8+dfsg/source3/smbd/smb2_pipes.c samba-4.17.9+dfsg/source3/smbd/smb2_pipes.c
--- samba-4.17.8+dfsg/source3/smbd/smb2_pipes.c 2022-08-08 17:15:39.488193000 +0300
+++ samba-4.17.9+dfsg/source3/smbd/smb2_pipes.c 2023-07-06 16:42:43.024796700 +0300
@@ -78,7 +78,7 @@
uint16_t srv_smb_encrypt = DCERPC_SMB_ENCRYPTION_REQUIRED;
uint16_t cipher = xconn->smb2.server.cipher;
struct dom_sid smb3_sid = global_sid_Samba_SMB3;
- uint32_t i;
+ size_t num_smb3_sids;
bool ok;
session_info = copy_session_info(fsp, conn->session_info);
@@ -94,17 +94,16 @@
*
* Make sure we don't have a SMB3 SID in the security token!
*/
- for (i = 0; i < security_token->num_sids; i++) {
- int cmp;
-
- cmp = dom_sid_compare_domain(&security_token->sids[i],
- &smb3_sid);
- if (cmp == 0) {
- DBG_ERR("ERROR: An SMB3 SID has already been "
- "detected in the security token!\n");
- file_free(smb_req, fsp);
- return NT_STATUS_ACCESS_DENIED;
- }
+ num_smb3_sids = security_token_count_flag_sids(security_token,
+ &smb3_sid,
+ 3,
+ NULL);
+ if (num_smb3_sids != 0) {
+ DBG_ERR("ERROR: %zu SMB3 SIDs have already been "
+ "detected in the security token!\n",
+ num_smb3_sids);
+ file_free(smb_req, fsp);
+ return NT_STATUS_ACCESS_DENIED;
}
ok = sid_append_rid(&smb3_sid, dialect);
diff -Nru --exclude '*.[1-8]' --exclude '*.[1-8].html' samba-4.17.8+dfsg/source3/utils/smbget.c samba-4.17.9+dfsg/source3/utils/smbget.c
--- samba-4.17.8+dfsg/source3/utils/smbget.c 2022-08-08 17:15:39.516193200 +0300
+++ samba-4.17.9+dfsg/source3/utils/smbget.c 2023-07-06 16:42:43.024796700 +0300
@@ -264,6 +264,7 @@
if (!ok) {
fprintf(stderr, "Failed to download %s: %s\n",
newname, strerror(errno));
+ free(newname);
free(tmpname);
return false;
}
diff -Nru --exclude '*.[1-8]' --exclude '*.[1-8].html' samba-4.17.8+dfsg/source3/winbindd/winbindd_cache.c samba-4.17.9+dfsg/source3/winbindd/winbindd_cache.c
--- samba-4.17.8+dfsg/source3/winbindd/winbindd_cache.c 2022-08-08 17:15:39.524193300 +0300
+++ samba-4.17.9+dfsg/source3/winbindd/winbindd_cache.c 2023-07-06 16:42:43.024796700 +0300
@@ -1508,6 +1508,7 @@
DEBUG(3, ("query_user_list: returned 0x%08x, "
"retrying\n", NT_STATUS_V(status)));
}
+ reset_cm_connection_on_error(domain, NULL, status);
if (NT_STATUS_EQUAL(status, NT_STATUS_UNSUCCESSFUL)) {
DEBUG(3, ("query_user_list: flushing "
"connection cache\n"));
diff -Nru --exclude '*.[1-8]' --exclude '*.[1-8].html' samba-4.17.8+dfsg/source3/winbindd/winbindd_msrpc.c samba-4.17.9+dfsg/source3/winbindd/winbindd_msrpc.c
--- samba-4.17.8+dfsg/source3/winbindd/winbindd_msrpc.c 2022-08-08 17:15:39.528193200 +0300
+++ samba-4.17.9+dfsg/source3/winbindd/winbindd_msrpc.c 2023-07-06 16:42:43.024796700 +0300
@@ -954,16 +954,13 @@
/* And restore our original timeout. */
dcerpc_binding_handle_set_timeout(b, orig_timeout);
- if (NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED) ||
- NT_STATUS_EQUAL(status, NT_STATUS_RPC_SEC_PKG_ERROR) ||
- NT_STATUS_EQUAL(status, NT_STATUS_NETWORK_ACCESS_DENIED)) {
+ if (reset_cm_connection_on_error(domain, b, status)) {
/*
* This can happen if the schannel key is not
* valid anymore, we need to invalidate the
* all connections to the dc and reestablish
* a netlogon connection first.
*/
- invalidate_cm_connection(domain);
domain->can_do_ncacn_ip_tcp = domain->active_directory;
if (!retried) {
retried = true;
@@ -1033,16 +1030,13 @@
/* And restore our original timeout. */
dcerpc_binding_handle_set_timeout(b, orig_timeout);
- if (NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED) ||
- NT_STATUS_EQUAL(status, NT_STATUS_RPC_SEC_PKG_ERROR) ||
- NT_STATUS_EQUAL(status, NT_STATUS_NETWORK_ACCESS_DENIED)) {
+ if (reset_cm_connection_on_error(domain, b, status)) {
/*
* This can happen if the schannel key is not
* valid anymore, we need to invalidate the
* all connections to the dc and reestablish
* a netlogon connection first.
*/
- invalidate_cm_connection(domain);
if (!retried) {
retried = true;
goto connect;
diff -Nru --exclude '*.[1-8]' --exclude '*.[1-8].html' samba-4.17.8+dfsg/source3/winbindd/winbindd_pam.c samba-4.17.9+dfsg/source3/winbindd/winbindd_pam.c
--- samba-4.17.8+dfsg/source3/winbindd/winbindd_pam.c 2022-08-08 17:29:11.377506700 +0300
+++ samba-4.17.9+dfsg/source3/winbindd/winbindd_pam.c 2023-07-06 16:42:43.024796700 +0300
@@ -1637,6 +1637,7 @@
int attempts = 0;
int netr_attempts = 0;
bool retry = false;
+ bool valid_result = false;
NTSTATUS result;
enum netr_LogonInfoClass logon_type_i;
enum netr_LogonInfoClass logon_type_n;
@@ -1649,6 +1650,15 @@
struct rpc_pipe_client *netlogon_pipe;
struct netlogon_creds_cli_context *netlogon_creds_ctx = NULL;
+ /*
+ * We should always reset authoritative to 1
+ * before calling a server again.
+ *
+ * Otherwise we could treat a local problem as
+ * non-authoritative.
+ */
+ *authoritative = 1;
+
retry = false;
result = cm_connect_netlogon_secure(domain, &netlogon_pipe,
@@ -1669,6 +1679,8 @@
"(error: %s, attempts: %d)\n",
nt_errstr(result), netr_attempts));
+ reset_cm_connection_on_error(domain, NULL, result);
+
/* After the first retry always close the connection */
if (netr_attempts > 0) {
DEBUG(3, ("This is again a problem for this "
@@ -1791,26 +1803,22 @@
might not yet have noticed that the DC has killed
our connection. */
- if (!rpccli_is_connected(netlogon_pipe)) {
- retry = true;
+ retry = reset_cm_connection_on_error(domain,
+ netlogon_pipe->binding_handle,
+ result);
+ if (retry) {
+ DBG_PREFIX(attempts > 1 ? DBGLVL_NOTICE : DBGLVL_INFO, (
+ "This is problem %d for this "
+ "particular call,"
+ "DOMAIN[%s] DC[%s] - %s\n",
+ attempts,
+ domain->name,
+ domain->dcname,
+ nt_errstr(result)));
continue;
}
- /* if we get access denied, a possible cause was that we had
- an open connection to the DC, but someone changed our
- machine account password out from underneath us using 'net
- rpc changetrustpw' */
-
- if ( NT_STATUS_EQUAL(result, NT_STATUS_ACCESS_DENIED) ) {
- DEBUG(1,("winbind_samlogon_retry_loop: sam_logon returned "
- "ACCESS_DENIED. Maybe the DC has Restrict "
- "NTLM set or the trust account "
- "password was changed and we didn't know it. "
- "Killing connections to domain %s\n",
- domainname));
- invalidate_cm_connection(domain);
- retry = true;
- }
+ valid_result = true;
if (NT_STATUS_EQUAL(result, NT_STATUS_RPC_PROCNUM_OUT_OF_RANGE)) {
/*
@@ -1836,14 +1844,25 @@
break;
}
- } while ( (attempts < 2) && retry );
+ } while ( (attempts < 3) && retry );
- if (NT_STATUS_EQUAL(result, NT_STATUS_IO_TIMEOUT)) {
- DEBUG(3,("winbind_samlogon_retry_loop: sam_network_logon(ex) "
- "returned NT_STATUS_IO_TIMEOUT after the retry. "
- "Killing connections to domain %s\n",
- domainname));
- invalidate_cm_connection(domain);
+ if (!valid_result) {
+ /*
+ * This matches what windows does. In a chain of transitive
+ * trusts the ACCESS_DENIED/authoritative=0 is not propagated
+ * instead of NT_STATUS_NO_LOGON_SERVERS/authoritative=1 is
+ * passed along the chain if there's no other DC is available.
+ */
+ DBG_WARNING("Mapping %s/authoritative=%u to "
+ "NT_STATUS_NO_LOGON_SERVERS/authoritative=1 for"
+ "USERNAME[%s] USERDOMAIN[%s] REMOTE-DOMAIN[%s] \n",
+ nt_errstr(result),
+ *authoritative,
+ username,
+ domainname,
+ domain->name);
+ *authoritative = 1;
+ return NT_STATUS_NO_LOGON_SERVERS;
}
if (!NT_STATUS_IS_OK(result)) {
diff -Nru --exclude '*.[1-8]' --exclude '*.[1-8].html' samba-4.17.8+dfsg/source4/dns_server/dns_crypto.c samba-4.17.9+dfsg/source4/dns_server/dns_crypto.c
--- samba-4.17.8+dfsg/source4/dns_server/dns_crypto.c 2022-08-08 17:15:39.540193300 +0300
+++ samba-4.17.9+dfsg/source4/dns_server/dns_crypto.c 2023-07-06 16:42:43.028796400 +0300
@@ -81,7 +81,7 @@
if (tmp_key == NULL) {
continue;
}
- if (dns_name_equal(name, tmp_key->name)) {
+ if (samba_dns_name_equal(name, tmp_key->name)) {
tkey = tmp_key;
break;
}
diff -Nru --exclude '*.[1-8]' --exclude '*.[1-8].html' samba-4.17.8+dfsg/source4/dns_server/dnsserver_common.c samba-4.17.9+dfsg/source4/dns_server/dnsserver_common.c
--- samba-4.17.8+dfsg/source4/dns_server/dnsserver_common.c 2022-08-08 17:15:39.544193300 +0300
+++ samba-4.17.9+dfsg/source4/dns_server/dnsserver_common.c 2023-07-06 16:42:43.032796100 +0300
@@ -1331,7 +1331,8 @@
return memcmp(&rec1_in_addr6, &rec2_in_addr6, sizeof(rec1_in_addr6)) == 0;
}
case DNS_TYPE_CNAME:
- return dns_name_equal(rec1->data.cname, rec2->data.cname);
+ return samba_dns_name_equal(rec1->data.cname,
+ rec2->data.cname);
case DNS_TYPE_TXT:
if (rec1->data.txt.count != rec2->data.txt.count) {
return false;
@@ -1343,23 +1344,27 @@
}
return true;
case DNS_TYPE_PTR:
- return dns_name_equal(rec1->data.ptr, rec2->data.ptr);
+ return samba_dns_name_equal(rec1->data.ptr, rec2->data.ptr);
case DNS_TYPE_NS:
- return dns_name_equal(rec1->data.ns, rec2->data.ns);
+ return samba_dns_name_equal(rec1->data.ns, rec2->data.ns);
case DNS_TYPE_SRV:
return rec1->data.srv.wPriority == rec2->data.srv.wPriority &&
rec1->data.srv.wWeight == rec2->data.srv.wWeight &&
rec1->data.srv.wPort == rec2->data.srv.wPort &&
- dns_name_equal(rec1->data.srv.nameTarget, rec2->data.srv.nameTarget);
+ samba_dns_name_equal(rec1->data.srv.nameTarget,
+ rec2->data.srv.nameTarget);
case DNS_TYPE_MX:
return rec1->data.mx.wPriority == rec2->data.mx.wPriority &&
- dns_name_equal(rec1->data.mx.nameTarget, rec2->data.mx.nameTarget);
+ samba_dns_name_equal(rec1->data.mx.nameTarget,
+ rec2->data.mx.nameTarget);
case DNS_TYPE_SOA:
- return dns_name_equal(rec1->data.soa.mname, rec2->data.soa.mname) &&
- dns_name_equal(rec1->data.soa.rname, rec2->data.soa.rname) &&
+ return samba_dns_name_equal(rec1->data.soa.mname,
+ rec2->data.soa.mname) &&
+ samba_dns_name_equal(rec1->data.soa.rname,
+ rec2->data.soa.rname) &&
rec1->data.soa.serial == rec2->data.soa.serial &&
rec1->data.soa.refresh == rec2->data.soa.refresh &&
rec1->data.soa.retry == rec2->data.soa.retry &&
@@ -1485,7 +1490,7 @@
/*
see if two DNS names are the same
*/
-bool dns_name_equal(const char *name1, const char *name2)
+bool samba_dns_name_equal(const char *name1, const char *name2)
{
size_t len1 = strlen(name1);
size_t len2 = strlen(name2);
diff -Nru --exclude '*.[1-8]' --exclude '*.[1-8].html' samba-4.17.8+dfsg/source4/dns_server/dnsserver_common.h samba-4.17.9+dfsg/source4/dns_server/dnsserver_common.h
--- samba-4.17.8+dfsg/source4/dns_server/dnsserver_common.h 2022-08-08 17:15:39.544193300 +0300
+++ samba-4.17.9+dfsg/source4/dns_server/dnsserver_common.h 2023-07-06 16:42:43.032796100 +0300
@@ -76,7 +76,7 @@
TALLOC_CTX *mem_ctx,
const char *name,
struct ldb_dn **_dn);
-bool dns_name_equal(const char *name1, const char *name2);
+bool samba_dns_name_equal(const char *name1, const char *name2);
bool dns_record_match(struct dnsp_DnssrvRpcRecord *rec1,
struct dnsp_DnssrvRpcRecord *rec2);
diff -Nru --exclude '*.[1-8]' --exclude '*.[1-8].html' samba-4.17.8+dfsg/source4/dns_server/dns_update.c samba-4.17.9+dfsg/source4/dns_server/dns_update.c
--- samba-4.17.8+dfsg/source4/dns_server/dns_update.c 2022-08-08 17:15:39.544193300 +0300
+++ samba-4.17.9+dfsg/source4/dns_server/dns_update.c 2023-07-06 16:42:43.032796100 +0300
@@ -593,7 +593,7 @@
* work out if the node as a whole needs tombstoning.
*/
if (update->rr_type == DNS_QTYPE_ALL) {
- if (dns_name_equal(update->name, zone->name)) {
+ if (samba_dns_name_equal(update->name, zone->name)) {
for (i = first; i < rcount; i++) {
if (recs[i].wType == DNS_TYPE_SOA) {
@@ -617,7 +617,7 @@
}
}
- } else if (dns_name_equal(update->name, zone->name)) {
+ } else if (samba_dns_name_equal(update->name, zone->name)) {
if (update->rr_type == DNS_QTYPE_SOA) {
return WERR_OK;
diff -Nru --exclude '*.[1-8]' --exclude '*.[1-8].html' samba-4.17.8+dfsg/source4/rpc_server/dnsserver/dnsutils.c samba-4.17.9+dfsg/source4/rpc_server/dnsserver/dnsutils.c
--- samba-4.17.8+dfsg/source4/rpc_server/dnsserver/dnsutils.c 2022-08-08 17:15:39.636194000 +0300
+++ samba-4.17.9+dfsg/source4/rpc_server/dnsserver/dnsutils.c 2023-07-06 16:42:43.032796100 +0300
@@ -311,7 +311,7 @@
struct dnsserver_zone *z = NULL;
for (z = zones; z; z = z->next) {
- if (dns_name_equal(zone_name, z->name)) {
+ if (samba_dns_name_equal(zone_name, z->name)) {
break;
}
}
diff -Nru --exclude '*.[1-8]' --exclude '*.[1-8].html' samba-4.17.8+dfsg/source4/torture/dns/dlz_bind9.c samba-4.17.9+dfsg/source4/torture/dns/dlz_bind9.c
--- samba-4.17.8+dfsg/source4/torture/dns/dlz_bind9.c 2022-08-08 17:15:40.440200000 +0300
+++ samba-4.17.9+dfsg/source4/torture/dns/dlz_bind9.c 2023-07-06 16:42:43.036795900 +0300
@@ -414,18 +414,18 @@
} else if (strcmp(type, "cname") == 0 ||
strcmp(type, "ptr") == 0 ||
strcmp(type, "ns") == 0) {
- if (! dns_name_equal(data, data2)) {
+ if (!samba_dns_name_equal(data, data2)) {
continue;
}
} else if (strcmp(type, "mx") == 0) {
/*
- * dns_name_equal works for MX records because
- * the space in "10 example.com." is
+ * samba_dns_name_equal works for MX records
+ * because the space in "10 example.com." is
* theoretically OK as a DNS character. And we
* need it because dlz will add the trailing
* dot.
*/
- if (! dns_name_equal(data, data2)) {
+ if (!samba_dns_name_equal(data, data2)) {
continue;
}
} else if (strcmp(data, data2) != 0) {
diff -Nru --exclude '*.[1-8]' --exclude '*.[1-8].html' samba-4.17.8+dfsg/source4/torture/vfs/fruit.c samba-4.17.9+dfsg/source4/torture/vfs/fruit.c
--- samba-4.17.8+dfsg/source4/torture/vfs/fruit.c 2022-10-19 15:14:56.044196000 +0300
+++ samba-4.17.9+dfsg/source4/torture/vfs/fruit.c 2023-07-06 16:42:43.036795900 +0300
@@ -7018,6 +7018,959 @@
}
/*
+-------------------------------------------------------------------------------
+MagicNumber: 00051607 : AppleDouble
+Version : 00020000 : Version 2
+Filler : 4D 61 63 20 4F 53 20 58 20 20 20 20 20 20 20 20 : Mac OS X
+Num. of ent: 0002 : 2
+
+-------------------------------------------------------------------------------
+Entry ID : 00000009 : Finder Info
+Offset : 00000032 : 50
+Length : 00000EB0 : 3760
+
+-DInfo-----:
+Rect top : 0000 : 0
+Rect left : 0000 : 0
+Rect bottom: 0000 : 0
+Rect right : 0000 : 0
+isAlias : 0
+Invisible : 0
+hasBundle : 0
+nameLocked : 0
+Stationery : 0
+CustomIcon : 0
+Reserved : 0
+Inited : 1
+NoINITS : 0
+Shared : 0
+SwitchLaunc: 0
+Hidden Ext : 0
+color : 000 : none
+isOnDesk : 0
+Location v : 0000 : 0
+Location h : 0000 : 0
+View : 0000 : ..
+
+-DXInfo----:
+Scroll v : 0000 : 0
+Scroll h : 0000 : 0
+Rsvd|OpnChn: 00000000 : 0
+AreInvalid : 0
+unknown bit: 0
+unknown bit: 0
+unknown bit: 0
+unknown bit: 0
+unknown bit: 0
+unknown bit: 0
+CustomBadge: 0
+ObjctIsBusy: 0
+unknown bit: 0
+unknown bit: 0
+unknown bit: 0
+unknown bit: 0
+RoutingInfo: 0
+unknown bit: 0
+unknown bit: 0
+Comment : 0000 : ..
+PutAway : 00000000 : 0
+
+-EA--------:
+pad : 0000 : ..
+magic : 41545452 : ATTR
+debug_tag : 0081714C : 8483148
+total_size : 00000EE2 : 3810
+data_start : 00000098 : 152
+data_length: 00000039 : 57
+reserved[0]: 00000000 : ....
+reserved[1]: 00000000 : ....
+reserved[2]: 00000000 : ....
+flags : 0000 : ..
+num_attrs : 0001 : 1
+-EA ENTRY--:
+offset : 00000098 : 152
+length : 00000039 : 57
+flags : 0000 : ..
+namelen : 15 : 21
+-EA NAME---: 0 1 2 3 4 5 6 7 8 9 A B C D E F : (ASCII)
+00000000 : 63 6F 6D 2E 61 70 70 6C 65 2E 71 75 61 72 61 6E : com.apple.quaran
+00000010 : 74 69 6E 65 00 : tine.
+-EA VALUE--: 0 1 2 3 4 5 6 7 8 9 A B C D E F : (ASCII)
+00000000 : 30 30 38 31 3B 36 32 65 61 33 37 66 64 3B 43 68 : 0081;62ea37fd;Ch
+00000010 : 72 6F 6D 65 3B 42 35 39 46 42 39 45 44 2D 35 41 : rome;B59FB9ED-5A
+00000020 : 32 39 2D 34 45 35 42 2D 38 35 36 43 2D 37 45 44 : 29-4E5B-856C-7ED
+00000030 : 30 45 46 45 41 37 30 41 43 : 0EFEA70AC
+
+-RAW DUMP--: 0 1 2 3 4 5 6 7 8 9 A B C D E F : (ASCII)
+00000000 : 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 : ................
+00000010 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000020 : 00 00 41 54 54 52 00 81 71 4C 00 00 0E E2 00 00 : ..ATTR..qL......
+00000030 : 00 98 00 00 00 39 00 00 00 00 00 00 00 00 00 00 : .....9..........
+00000040 : 00 00 00 00 00 01 00 00 00 98 00 00 00 39 00 00 : .............9..
+00000050 : 15 63 6F 6D 2E 61 70 70 6C 65 2E 71 75 61 72 61 : .com.apple.quara
+00000060 : 6E 74 69 6E 65 00 30 30 38 31 3B 36 32 65 61 33 : ntine.0081;62ea3
+00000070 : 37 66 64 3B 43 68 72 6F 6D 65 3B 42 35 39 46 42 : 7fd;Chrome;B59FB
+00000080 : 39 45 44 2D 35 41 32 39 2D 34 45 35 42 2D 38 35 : 9ED-5A29-4E5B-85
+00000090 : 36 43 2D 37 45 44 30 45 46 45 41 37 30 41 43 00 : 6C-7ED0EFEA70AC.
+000000A0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+000000B0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+000000C0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+000000D0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+000000E0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+000000F0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000100 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000110 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000120 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000130 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000140 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000150 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000160 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000170 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000180 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000190 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+000001A0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+000001B0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+000001C0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+000001D0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+000001E0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+000001F0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000200 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000210 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000220 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000230 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000240 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000250 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000260 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000270 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000280 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000290 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+000002A0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+000002B0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+000002C0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+000002D0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+000002E0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+000002F0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000300 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000310 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000320 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000330 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000340 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000350 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000360 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000370 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000380 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000390 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+000003A0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+000003B0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+000003C0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+000003D0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+000003E0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+000003F0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000400 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000410 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000420 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000430 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000440 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000450 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000460 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000470 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000480 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000490 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+000004A0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+000004B0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+000004C0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+000004D0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+000004E0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+000004F0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000500 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000510 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000520 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000530 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000540 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000550 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000560 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000570 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000580 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000590 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+000005A0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+000005B0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+000005C0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+000005D0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+000005E0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+000005F0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000600 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000610 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000620 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000630 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000640 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000650 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000660 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000670 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000680 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000690 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+000006A0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+000006B0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+000006C0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+000006D0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+000006E0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+000006F0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000700 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000710 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000720 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000730 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000740 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000750 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000760 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000770 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000780 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000790 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+000007A0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+000007B0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+000007C0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+000007D0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+000007E0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+000007F0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000800 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000810 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000820 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000830 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000840 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000850 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000860 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000870 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000880 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000890 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+000008A0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+000008B0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+000008C0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+000008D0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+000008E0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+000008F0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000900 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000910 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000920 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000930 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000940 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000950 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000960 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000970 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000980 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000990 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+000009A0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+000009B0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+000009C0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+000009D0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+000009E0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+000009F0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000A00 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000A10 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000A20 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000A30 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000A40 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000A50 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000A60 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000A70 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000A80 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000A90 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000AA0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000AB0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000AC0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000AD0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000AE0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000AF0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000B00 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000B10 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000B20 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000B30 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000B40 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000B50 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000B60 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000B70 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000B80 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000B90 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000BA0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000BB0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000BC0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000BD0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000BE0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000BF0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000C00 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000C10 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000C20 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000C30 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000C40 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000C50 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000C60 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000C70 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000C80 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000C90 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000CA0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000CB0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000CC0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000CD0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000CE0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000CF0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000D00 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000D10 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000D20 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000D30 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000D40 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000D50 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000D60 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000D70 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000D80 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000D90 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000DA0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000DB0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000DC0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000DD0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000DE0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000DF0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000E00 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000E10 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000E20 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000E30 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000E40 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000E50 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000E60 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000E70 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000E80 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000E90 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000EA0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+
+-------------------------------------------------------------------------------
+Entry ID : 00000002 : Resource Fork
+Offset : 00000EE2 : 3810
+Length : 0000011E : 286
+
+-RAW DUMP--: 0 1 2 3 4 5 6 7 8 9 A B C D E F : (ASCII)
+00000000 : 00 00 01 00 00 00 01 00 00 00 00 00 00 00 00 1E : ................
+00000010 : 54 68 69 73 20 72 65 73 6F 75 72 63 65 20 66 6F : This resource fo
+00000020 : 72 6B 20 69 6E 74 65 6E 74 69 6F 6E 61 6C 6C 79 : rk intentionally
+00000030 : 20 6C 65 66 74 20 62 6C 61 6E 6B 20 20 20 00 00 : left blank ..
+00000040 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000050 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000060 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000070 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000080 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000090 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+000000A0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+000000B0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+000000C0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+000000D0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+000000E0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+000000F0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................
+00000100 : 00 00 01 00 00 00 01 00 00 00 00 00 00 00 00 1E : ................
+00000110 : 00 00 00 00 00 00 00 00 00 1C 00 1E FF FF : ..............
+*/
+
+static char osx_adouble_dir_w_xattr[] = {
+ 0x00, 0x05, 0x16, 0x07, 0x00, 0x02, 0x00, 0x00,
+ 0x4d, 0x61, 0x63, 0x20, 0x4f, 0x53, 0x20, 0x58,
+ 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+ 0x00, 0x02, 0x00, 0x00, 0x00, 0x09, 0x00, 0x00,
+ 0x00, 0x32, 0x00, 0x00, 0x0e, 0xb0, 0x00, 0x00,
+ 0x00, 0x02, 0x00, 0x00, 0x0e, 0xe2, 0x00, 0x00,
+ 0x01, 0x1e, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x41, 0x54, 0x54, 0x52,
+ 0x00, 0x81, 0x71, 0x4c, 0x00, 0x00, 0x0e, 0xe2,
+ 0x00, 0x00, 0x00, 0x98, 0x00, 0x00, 0x00, 0x39,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
+ 0x00, 0x00, 0x00, 0x98, 0x00, 0x00, 0x00, 0x39,
+ 0x00, 0x00, 0x15, 0x63, 0x6f, 0x6d, 0x2e, 0x61,
+ 0x70, 0x70, 0x6c, 0x65, 0x2e, 0x71, 0x75, 0x61,
+ 0x72, 0x61, 0x6e, 0x74, 0x69, 0x6e, 0x65, 0x00,
+ 0x30, 0x30, 0x38, 0x31, 0x3b, 0x36, 0x32, 0x65,
+ 0x61, 0x33, 0x37, 0x66, 0x64, 0x3b, 0x43, 0x68,
+ 0x72, 0x6f, 0x6d, 0x65, 0x3b, 0x42, 0x35, 0x39,
+ 0x46, 0x42, 0x39, 0x45, 0x44, 0x2d, 0x35, 0x41,
+ 0x32, 0x39, 0x2d, 0x34, 0x45, 0x35, 0x42, 0x2d,
+ 0x38, 0x35, 0x36, 0x43, 0x2d, 0x37, 0x45, 0x44,
+ 0x30, 0x45, 0x46, 0x45, 0x41, 0x37, 0x30, 0x41,
+ 0x43, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00,
+ 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x1e, 0x54, 0x68, 0x69, 0x73, 0x20, 0x72,
+ 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x20,
+ 0x66, 0x6f, 0x72, 0x6b, 0x20, 0x69, 0x6e, 0x74,
+ 0x65, 0x6e, 0x74, 0x69, 0x6f, 0x6e, 0x61, 0x6c,
+ 0x6c, 0x79, 0x20, 0x6c, 0x65, 0x66, 0x74, 0x20,
+ 0x62, 0x6c, 0x61, 0x6e, 0x6b, 0x20, 0x20, 0x20,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00,
+ 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x1e, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x1c, 0x00, 0x1e, 0xff, 0xff
+};
+
+static bool test_delete_trigger_convert_sharing_violation(
+ struct torture_context *tctx,
+ struct smb2_tree *tree1)
+{
+ TALLOC_CTX *mem_ctx = talloc_new(tctx);
+ const char *dirname = BASEDIR "\\dir";
+ const char *adname = BASEDIR "\\._dir";
+ struct smb2_handle testdirh;
+ struct smb2_create create;
+ AfpInfo *info = NULL;
+ bool ret = true;
+ NTSTATUS status;
+
+ smb2_deltree(tree1, BASEDIR);
+
+ status = torture_smb2_testdir(tree1, BASEDIR, &testdirh);
+ torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+ "torture_smb2_testdir failed\n");
+ smb2_util_close(tree1, testdirh);
+
+ status = torture_smb2_testdir(tree1, dirname, &testdirh);
+ torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+ "torture_smb2_testdir failed\n");
+ smb2_util_close(tree1, testdirh);
+
+ ret = torture_setup_file(tctx, tree1, adname, false);
+ torture_assert_goto(tctx, ret == true, ret, done,
+ "torture_setup_file failed\n");
+
+ ret = write_stream(tree1, __location__, tctx, mem_ctx,
+ adname, NULL, 0,
+ sizeof(osx_adouble_dir_w_xattr),
+ osx_adouble_dir_w_xattr);
+ torture_assert_goto(tctx, ret == true, ret, done,
+ "write_stream failed\n");
+
+ /*
+ * 1) Create a non-empty AFP_AfpInfo stream
+ */
+
+ info = torture_afpinfo_new(mem_ctx);
+ torture_assert_goto(tctx, info != NULL, ret, done, "torture_afpinfo_new failed");
+
+ /* Set "Inited" flag (any other would do too) */
+ info->afpi_FinderInfo[8] = 0x01;
+
+ ret = torture_write_afpinfo(tree1, tctx, mem_ctx, dirname, info);
+ torture_assert_goto(tctx, ret == true, ret, done, "torture_write_afpinfo failed");
+
+ ret = write_stream(tree1, __location__, tctx, mem_ctx,
+ adname, NULL, 0,
+ sizeof(osx_adouble_dir_w_xattr),
+ osx_adouble_dir_w_xattr);
+ torture_assert_goto(tctx, ret == true, ret, done,
+ "write_stream failed\n");
+
+ /*
+ * 2) Create a second stream
+ */
+
+ ret = write_stream(tree1, __location__, tctx, mem_ctx,
+ dirname, ":org.samba.boom", 0,
+ strlen("boom"),
+ "boom");
+ torture_assert_goto(tctx, ret == true, ret, done,
+ "write_stream failed\n");
+
+ create = (struct smb2_create) {
+ .in.desired_access = SEC_STD_DELETE,
+ .in.create_options = NTCREATEX_OPTIONS_DIRECTORY,
+ .in.file_attributes = FILE_ATTRIBUTE_DIRECTORY,
+ .in.share_access = NTCREATEX_SHARE_ACCESS_READ,
+ .in.create_disposition = NTCREATEX_DISP_OPEN,
+ .in.impersonation_level = SMB2_IMPERSONATION_ANONYMOUS,
+ .in.fname = dirname,
+ };
+
+ status = smb2_create(tree1, tctx, &create);
+ torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+ "smb2_create failed\n");
+
+ status = smb2_util_close(tree1, create.out.file.handle);
+ torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+ "smb2_util_close failed");
+
+done:
+ smb2_deltree(tree1, BASEDIR);
+ talloc_free(mem_ctx);
+ return ret;
+}
+
+/*
* Note: This test depends on "vfs objects = catia fruit streams_xattr". For
* some tests torture must be run on the host it tests and takes an additional
* argument with the local path to the share:
@@ -7063,6 +8016,7 @@
torture_suite_add_1smb2_test(suite, "OS X AppleDouble file conversion without embedded xattr", test_adouble_conversion_wo_xattr);
torture_suite_add_1smb2_test(suite, "empty_stream", test_empty_stream);
torture_suite_add_1smb2_test(suite, "writing_afpinfo", test_writing_afpinfo);
+ torture_suite_add_1smb2_test(suite, "delete_trigger_convert_sharing_violation", test_delete_trigger_convert_sharing_violation);
return suite;
}
diff -Nru --exclude '*.[1-8]' --exclude '*.[1-8].html' samba-4.17.8+dfsg/VERSION samba-4.17.9+dfsg/VERSION
--- samba-4.17.8+dfsg/VERSION 2023-05-11 10:07:19.562420600 +0300
+++ samba-4.17.9+dfsg/VERSION 2023-07-06 16:42:43.012797400 +0300
@@ -25,7 +25,7 @@
########################################################
SAMBA_VERSION_MAJOR=4
SAMBA_VERSION_MINOR=17
-SAMBA_VERSION_RELEASE=8
+SAMBA_VERSION_RELEASE=9
########################################################
# If a official release has a serious bug #
diff -Nru --exclude '*.[1-8]' --exclude '*.[1-8].html' samba-4.17.8+dfsg/WHATSNEW.txt samba-4.17.9+dfsg/WHATSNEW.txt
--- samba-4.17.8+dfsg/WHATSNEW.txt 2023-05-11 10:07:19.562420600 +0300
+++ samba-4.17.9+dfsg/WHATSNEW.txt 2023-07-06 16:42:43.012797400 +0300
@@ -1,4 +1,63 @@
==============================
+ Release Notes for Samba 4.17.9
+ July 06, 2023
+ ==============================
+
+
+This is the latest stable release of the Samba 4.17 release series.
+
+
+Changes since 4.17.8
+--------------------
+
+o Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
+ * BUG 15404: Backport --pidl-developer fixes.
+
+o Ralph Boehme <slow at samba.org>
+ * BUG 15275: smbd_scavenger crashes when service smbd is stopped.
+ * BUG 15378: vfs_fruit might cause a failing open for delete.
+
+o Samuel Cabrero <scabrero at samba.org>
+ * BUG 14030: named crashes on DLZ zone update.
+
+o Volker Lendecke <vl at samba.org>
+ * BUG 15361: winbind recurses into itself via rpcd_lsad.
+ * BUG 15382: cli_list loops 100% CPU against pre-lanman2 servers.
+ * BUG 15391: smbclient leaks fds with showacls.
+
+o Stefan Metzmacher <metze at samba.org>
+ * BUG 15374: aes256 smb3 encryption algorithms are not allowed in
+ smb3_sid_parse().
+ * BUG 15413: winbindd gets stuck on NT_STATUS_RPC_SEC_PKG_ERROR.
+
+o Jones Syue <jonessyue at qnap.com>
+ * BUG 15403: smbget memory leak if failed to download files recursively.
+
+
+#######################################
+Reporting bugs & Development Discussion
+#######################################
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical:matrix.org matrix room, or
+#samba-technical IRC channel on irc.libera.chat.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored. All bug reports should
+be filed under the Samba 4.1 and newer product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+======================================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+======================================================================
+
+
+Release notes for older releases follow:
+----------------------------------------
+ ==============================
Release Notes for Samba 4.17.8
May 11, 2023
==============================
@@ -75,8 +134,7 @@
======================================================================
-Release notes for older releases follow:
-----------------------------------------
+----------------------------------------------------------------------
==============================
Release Notes for Samba 4.17.7
March 29, 2023
More information about the Pkg-samba-maint
mailing list