[SCM] SAMBA-CTDB repository - branch v3-6-ctdb updated - ff678a2a630c0fd390d141275dddf4bf012a1cd0
Michael Adam
obnox at samba.org
Wed Jun 1 07:33:25 MDT 2011
The branch, v3-6-ctdb has been updated
discards 3bd93db713761a85e395bde9838f08dda55e70f2 (commit)
discards 59ba8808ce04544fc03c0f32adc41e5040207e17 (commit)
discards 80cda3ae414d3907036158d8bdabf9ce33ff280a (commit)
discards e84fde73c98ddc82764846f02108e89b4d46836f (commit)
discards 145a1838a419fca5df1c621803e924cfac688012 (commit)
discards 2f220eaa5a9d272be55be895fc7cfb38e96e9931 (commit)
discards 40188520ac94fa3223508c712e9569073793de14 (commit)
discards fec7a241464e7c63e2fb343d75ab84ffcd9f2f8b (commit)
discards 458f2dbb1cefe228d1241460c50212cba4b432b3 (commit)
discards 2777cee0c2dd40d53f528246ef905e32af7536cf (commit)
discards 6ddfd0cea19df378c07e0c8f271fcea7fa853e41 (commit)
discards 0a6d6f13b3685bdb87ce3d27bf5547effc4b873f (commit)
discards 38d4fe721318ae27504252f4755a01459abc9479 (commit)
discards eedd1a4d942f8890816e744cec47099205965d8d (commit)
discards f986ac29389f3241573d21fa453c0cdd828c367b (commit)
discards d1ae74eef5b1b29df9548fc17514c1f44bf9523f (commit)
discards 33c1eb97416ffe46cacaa427bf3c6421278d8169 (commit)
discards 02d32789e356d849b031ce9abefaa3d929ad36c3 (commit)
discards 35d763c520fd19fe55e56735d59afb4033cf3a12 (commit)
discards ff7a9c1c5a0fd3900f13c7de55099ec8bbf3785c (commit)
discards 4d60f405ead504e9c58c233f54e02783f76a51bc (commit)
discards ca49cc169b858cb89445248a10706b6028f66ed1 (commit)
discards 1bd1868793536e1a5071dbdcfca0033304a03c20 (commit)
discards ee405aa63ec772ea1b18487aefe7d3c795be624a (commit)
discards dab0100d8e080a3a4f6152ced1f01bd03492b3b1 (commit)
discards 18240675f71db7ab1a34f9ecb5cbc58562823b2e (commit)
discards 1185b0c793afc4f6df7dfb07c3d1b888bd5f523c (commit)
discards 48a59e5c174531bb6e2db1086939080ddd3b3148 (commit)
discards e8c842f386d9fcb6a070291b3229163677331e7b (commit)
via ff678a2a630c0fd390d141275dddf4bf012a1cd0 (commit)
via 0677ccd7473be13da77b08da09a08ccc4bd945ad (commit)
via 0812a9495e603c89475bef9bcf5411b7345f7398 (commit)
via 3cc3c0f28dfaea7a2797d1a4d9d9047d220e5fbf (commit)
via 56c65109d6a6ab3956afa5695eb58d86fb3e4bb1 (commit)
via 65f0fe8e785015ebc8f7fdc1d2c4e3671f5b7f22 (commit)
via 9400559384185e0745bee2d670ee213bdefc685c (commit)
via c0fa28a8cf25bc12ff0cfc4d79c650f950cb9326 (commit)
via 138760d8d77d0e33ba0e65b04eeca18cf517636d (commit)
via a754a90e67f21fd3097c1af14845cd3e559723c7 (commit)
via 79fb8c3f5ef7694b630c000e9ebf98b386f97194 (commit)
via 2b7942a34bc173e19021d90999fd8f8f2f800cc6 (commit)
via 77fb593694c851fe3aa946853b58e1117dfb9468 (commit)
via 110e396b6532ac4d5c80b8e85d8c57416942cf44 (commit)
via 3a5ec4ff69cd6dba712c7d1d9c0f49e0a014297f (commit)
via b7bbd8f0e42e780f6f4d32c51e6d3c8bd6804c7c (commit)
via 4bf33af77273816818aa3820b7c16d5d7709e840 (commit)
via 6e7884782ee9bb3d8a14b3a651191c62a98b07e7 (commit)
via e70b908a81ed8eb62ba14fa348f5e906aab7d3d6 (commit)
via c36561935b797dca145f737431a846408a792895 (commit)
via 7c6c1805160432543320a62802d658cf5e04e144 (commit)
via 5cf42710fa4a38eb31c3ea1f3b626c8329534d20 (commit)
via 7ad9ad7e6c8c0d944cdb507bf0369d3c8e30262b (commit)
via 3fbef7b15d3899839090be7918a6483b04ed0237 (commit)
via a23cded6d4f2c0b45d62b96b95b888c1a50e7dce (commit)
via b6ad4689244ba6b27df743ce0101b96115fa6519 (commit)
via 095ce0d69b8e88b0163bf1fb875a9cc1572063e6 (commit)
via cc905a6a1c37729818de61a05d1e81dde469e69d (commit)
via dc74d1d8fae4c990fedbb3c1365a2176becad431 (commit)
via bb6d8fc1be2960eb806cca6a41015c3ca9c77f02 (commit)
via 735d668f591c0689eef54255546a595b7ff9645f (commit)
via 7e8b5e99cc1861dcca387a7efe64b54b90228d9d (commit)
via e842f1fb8705d11022790a977d7e91fcd2d9953d (commit)
via 53e5ff5702097d15e043a1a4c614bccdc8ab9615 (commit)
via 7e2972e1debcecd8558e6e9799bf47cee3050790 (commit)
via b90f3825dc98f7f81c931407054e6c915a49f5bf (commit)
via 4c6adfb9038b6c7ec76f794bb28c9b1f811caff2 (commit)
via c936bf4df36158be2560432c156044baf7e9b498 (commit)
via a2c9d8e68dc8647b8ff18e254fd9062c709e31ec (commit)
via 99f24e2e36a9f51c53caeff79d7ec2b4ca908051 (commit)
via e081382cd80786d0fda4e99d32c5706c147a821f (commit)
via 2e490ae208d31c4112b851eeaf346837f637fcd3 (commit)
via 3e3b85f2796166109ce9a72f797a3ca708e7d186 (commit)
via b747545fa4cd8985f4e06a08623d38205fa5d0cf (commit)
via 859d13141cd831488b60e413f7141514ae4464b5 (commit)
via 12c0c8bc79ec762f983be6955fe14f8561bf6bfd (commit)
via 4ae564df76c99a3866188dfb7e5a236188e97350 (commit)
via c173b7bc0bf1e93406b692b27e1987928e81b47c (commit)
via 7938753a2973f596bc4cfac7d7829faeb550e7c1 (commit)
via da3c01387dc0ae0be0de768b4240f164b0a96c25 (commit)
via 6fc56d402ecbb864f3b906f096ac9e2c77b9fbab (commit)
via 168522c1cbb7981e87cc05bf619f65867e5d3cb3 (commit)
via 0b45809109bfbb5bca7913091b465afbd1462103 (commit)
via 341694edc159b8b923ce4d5c22bebed6e1e7ad1b (commit)
via 9a01a1569359ab7d527c2a080fb7861a03a8fe12 (commit)
via bc602ad464291380d4dea007668d453439467cc4 (commit)
via ccab9efb653cfacdd357986f7a8a85c17df7abbb (commit)
via d4c8b92a29aa9dcc976185aeb35ead8e911aab9c (commit)
via 0f574d1a2fbc1b043c96b103bda1b74b1088fd5b (commit)
via 318c77ec46c3769d462bada130956d0081c48be2 (commit)
via e66e505db8e3e6c7938eb09dc55e080f7754ddd1 (commit)
via 9231770df9189701da7020c77ebd672942f25773 (commit)
via aba30a8d502f0a425672205734bfb91d4286fc14 (commit)
via 85468960ebdb3d813bd863e57f6dca6bab61bec2 (commit)
via 72e50d34eeac4cd72ec2f6b3609b5373f1f1ec15 (commit)
via ba6f63ca67fc9e0b2bfa54ccf2cf0b78c53db74b (commit)
via 6e89c230046f1b7300ba5f76dfbc81c57af69fe5 (commit)
via 7304370a2423230120a9ceebd1016966658f713f (commit)
via e3ff6f5bbe09913b45ea1aef613c8790b25a978c (commit)
via d54493b4b43cc0d299486e571d813f90a7b22059 (commit)
via ac6bb22a8c054e5949e07f563bf9fba46d22358d (commit)
via ade2fe7e8fc299e01ba13a08c95598eefa5b99b5 (commit)
via 75ce3de1eb2e7042c7a4ffcb6f0f6aa2a41c19b5 (commit)
via 8e95d3201adc546000ca29816c83aba6fab52b1a (commit)
via dc8b2979168c6688c647cdc39d321eb54bd0aa5b (commit)
via 4cf761bb5a030340625172a51212b11613efea02 (commit)
via eb15457258ad7a54d5a3c4431be8307331e3a6e3 (commit)
via d68dbed16939a4ba04435f7dad490d0a9fa60bdb (commit)
via 881d39ca03588994c2f9e3e49db23470984d58e5 (commit)
via 24f54eb90f18cb876cf1c49a56e399a946758363 (commit)
from 3bd93db713761a85e395bde9838f08dda55e70f2 (commit)
http://gitweb.samba.org/?p=obnox/samba-ctdb.git;a=shortlog;h=v3-6-ctdb
- Log -----------------------------------------------------------------
commit ff678a2a630c0fd390d141275dddf4bf012a1cd0
Author: Michael Adam <obnox at samba.org>
Date: Wed Mar 30 16:40:48 2011 +0200
v3-6-ctdb: VERSION bump vendor patch level to 12
commit 0677ccd7473be13da77b08da09a08ccc4bd945ad
Author: Volker Lendecke <vl at samba.org>
Date: Mon May 16 11:40:46 2011 +0200
v3-6-ctdb: VERSION bump vendor patch level to 11
commit 0812a9495e603c89475bef9bcf5411b7345f7398
Author: Volker Lendecke <vl at samba.org>
Date: Wed Apr 27 14:23:51 2011 +0200
v3-6-ctdb: VERSION bump vendor patch level to 10
commit 3cc3c0f28dfaea7a2797d1a4d9d9047d220e5fbf
Author: Volker Lendecke <vl at samba.org>
Date: Mon Apr 18 11:44:13 2011 +0200
v3-6-ctdb: VERSION bump vendor patch level to 9
commit 56c65109d6a6ab3956afa5695eb58d86fb3e4bb1
Author: Volker Lendecke <vl at samba.org>
Date: Fri Mar 5 16:10:49 2010 +0100
v3-6-ctdb: packaging(RHEL-CTDB): package the gpfs_prefetch vfs module
commit 65f0fe8e785015ebc8f7fdc1d2c4e3671f5b7f22
Author: Volker Lendecke <vl at samba.org>
Date: Fri Jan 21 14:07:15 2011 +0100
v3-6-ctdb: s3:vfs: Add a gpfs_prefetch module.
This can not go upstream yet because it uses the gpfs_fcntl call
from the non-GPL libgpfs.
commit 9400559384185e0745bee2d670ee213bdefc685c
Author: Michael Adam <obnox at samba.org>
Date: Wed Mar 30 16:40:48 2011 +0200
v3-6-ctdb: VERSION bump vendor patch level to 8
commit c0fa28a8cf25bc12ff0cfc4d79c650f950cb9326
Author: Michael Adam <obnox at samba.org>
Date: Fri Apr 8 00:18:11 2011 +0200
v3-6-ctdb: packaging(RHEL-CTDB): package the shadow_copy3 module
commit 138760d8d77d0e33ba0e65b04eeca18cf517636d
Author: Volker Lendecke <vl at samba.org>
Date: Mon Apr 4 13:21:40 2011 +0200
v3-6-ctdb: s3: add a shadow_copy3 vfs module
(new version of the shadow_copy3 module supporting independent filesets)
commit a754a90e67f21fd3097c1af14845cd3e559723c7
Author: Volker Lendecke <vl at samba.org>
Date: Wed Mar 30 16:40:48 2011 +0200
v3-6-ctdb: VERSION bump vendor patch level to 7
commit 79fb8c3f5ef7694b630c000e9ebf98b386f97194
Author: Volker Lendecke <vl at samba.org>
Date: Tue Mar 29 12:49:40 2011 +0200
v3-6-ctdb: VERSION bump vendor patch level to 6
commit 2b7942a34bc173e19021d90999fd8f8f2f800cc6
Author: Michael Adam <obnox at samba.org>
Date: Thu Feb 10 00:37:30 2011 +0100
v3-6-ctdb: VERSION bump vendor patch level to 5
commit 77fb593694c851fe3aa946853b58e1117dfb9468
Author: Michael Adam <obnox at samba.org>
Date: Thu Feb 10 00:37:30 2011 +0100
v3-6-ctdb: VERSION bump vendor patch level to 4
commit 110e396b6532ac4d5c80b8e85d8c57416942cf44
Author: Michael Adam <obnox at samba.org>
Date: Thu Feb 10 00:37:30 2011 +0100
v3-6-ctdb: VERSION bump vendor patch level to 3
commit 3a5ec4ff69cd6dba712c7d1d9c0f49e0a014297f
Author: Michael Adam <obnox at samba.org>
Date: Thu Feb 10 00:37:30 2011 +0100
v3-6-ctdb: VERSION bump vendor patch level to 2
commit b7bbd8f0e42e780f6f4d32c51e6d3c8bd6804c7c
Author: Volker Lendecke <vl at samba.org>
Date: Mon Dec 15 00:16:56 2008 +0100
v3-6-ctdb: s3: Add the "net groupfilter" command
This is the start of a bad hack for even worse systems: Many Unix systems still
have the NGROUPS problem: A user can not be member of more than a very limited
number of groups. Solaris for example limits this to 16 by default. Many
Windows environments have a *LOT* more groups per user, some even go to
hundreds. Whether that is efficient is debatable, but it's there.
This patch implements the
"net groupfilter"
command with the "addsid", "delsid" and "list" subcommands. If any SIDs are
present according to "net groupfilter list" (they are stored in secrets.tdb),
then only the SIDs in that list are converted to GIDs for a user at login time.
This gives the Administrator the possibility to define a set of groups that are
used on the Unix box, making sure that no user is in more than NGROUPS of those
at a time.
This patch is incomplete in the sense that winbind is not aware of this, only
smbd. So it is kind of an emergency hack for smbd-only machines.
Volker
Signed-off-by: Michael Adam <obnox at samba.org>
commit 4bf33af77273816818aa3820b7c16d5d7709e840
Author: Andrew Tridgell <tridge at samba.org>
Date: Mon Apr 21 18:41:32 2008 +0200
v3-6-ctdb: apply patch from v3-0-ctdb to special case root in libnss_winbind
This is needed to ensure the administrator can login to a node even
when ctdbd and winbindd are stuck
commit 6e7884782ee9bb3d8a14b3a651191c62a98b07e7
Author: Michael Adam <obnox at samba.org>
Date: Tue Jan 18 13:19:55 2011 +0100
v3-6-ctdb: add README.v3-6-ctdb
commit e70b908a81ed8eb62ba14fa348f5e906aab7d3d6
Author: Michael Adam <obnox at samba.org>
Date: Tue Jun 23 16:41:38 2009 +0200
v3-6-ctdb: VERSION: add vendor-suffix "ctdb" and vendor-patch level "1"
Michael
following the versioning scheme of the v3-2-ctdb branch
Michael
commit c36561935b797dca145f737431a846408a792895
Author: Michael Adam <obnox at samba.org>
Date: Wed Apr 8 19:28:52 2009 +0200
v3-6-ctdb: VERSION: set version to non-snapshot..
commit 7c6c1805160432543320a62802d658cf5e04e144
Author: Michael Adam <obnox at samba.org>
Date: Fri May 27 12:25:47 2011 +0200
v3-6-ctdb: Revert "VERSION: Bump version up to 3.6.0rc2."
base version of our build is still 3.6.0rc1
This reverts commit 24f54eb90f18cb876cf1c49a56e399a946758363.
commit 5cf42710fa4a38eb31c3ea1f3b626c8329534d20
Author: Michael Adam <obnox at samba.org>
Date: Fri May 27 12:35:49 2011 +0200
packaging(RHEL-CTDB): Revert "add BuildRequires to ctdb-devel >= 1.2.25"
This reverts commit a16520b6939cb6d87f5818db0ac3ded228053cee.
There is also a 1.0.114 based branch that has the required capabilities.
If building against an insufficient version, the configure will fail.
commit 7ad9ad7e6c8c0d944cdb507bf0369d3c8e30262b
Author: Christian Ambach <ambi at samba.org>
Date: Thu May 19 18:58:25 2011 +0200
packaging(RHEL-CTDB): align configure.rpm to the spec file
Signed-off-by: Michael Adam <obnox at samba.org>
commit 3fbef7b15d3899839090be7918a6483b04ed0237
Author: Michael Adam <obnox at samba.org>
Date: Wed May 18 10:35:42 2011 +0200
packaging(RHEL-CTDB): honour rpm build target options handed in to makerpms.sh
This allows to call e.g. "makerpms.sh -bs" to only build the source rpm.
commit a23cded6d4f2c0b45d62b96b95b888c1a50e7dce
Author: Michael Adam <obnox at samba.org>
Date: Fri May 6 17:22:06 2011 +0200
packaging(RHEL-CTDB): adapt configure.rpm
commit b6ad4689244ba6b27df743ce0101b96115fa6519
Author: Michael Adam <obnox at samba.org>
Date: Fri May 6 17:21:10 2011 +0200
packaging(RHEL-CTDB): enforce building of libtdb and libtalloc
commit 095ce0d69b8e88b0163bf1fb875a9cc1572063e6
Author: Michael Adam <obnox at samba.org>
Date: Fri May 6 12:29:10 2011 +0200
packaging(RHEL-CTDB): build libtdb and libtalloc packages ourselves
and add appropriate dependencies to the samba-common package.
It should also be possible to run with appropriate system talloc
and tdb packages.
commit cc905a6a1c37729818de61a05d1e81dde469e69d
Author: Michael Adam <obnox at samba.org>
Date: Fri May 6 18:36:38 2011 +0200
packaging(RHEL-CTDB): update configure.rpm (--disable-smbtorture4)
commit dc74d1d8fae4c990fedbb3c1365a2176becad431
Author: Michael Adam <obnox at samba.org>
Date: Fri May 6 18:35:55 2011 +0200
packaging(RHEL-CTDB): disable smbtorture4 in the rpm build
commit bb6d8fc1be2960eb806cca6a41015c3ca9c77f02
Author: Michael Adam <obnox at samba.org>
Date: Fri May 6 12:03:52 2011 +0200
packaging(RHEL-CTDB): Remove the packaging of the winbind-32bit compat package
commit 735d668f591c0689eef54255546a595b7ff9645f
Author: Volker Lendecke <vl at samba.org>
Date: Wed Apr 27 10:25:05 2011 +0200
packaging(RHEL-CTDB): create the rpm directories
In RHEL6, rpms are built in /root/rpmbuild, and those directories do not
necessarily exist.
commit 7e8b5e99cc1861dcca387a7efe64b54b90228d9d
Author: Gregor Beck <gbeck at sernet.de>
Date: Mon May 30 09:31:21 2011 +0200
s3:net: registry export: close key after recursion returns
Signed-off-by: Michael Adam <obnox at samba.org>
commit e842f1fb8705d11022790a977d7e91fcd2d9953d
Author: Michael Adam <obnox at samba.org>
Date: Mon May 30 16:54:47 2011 +0200
s3:net registry: polish output of net registry enumerate[_recursive]
so that net registry enumerate output is as before, and
net registry enumerate_recursive is formatted more nicely
commit 53e5ff5702097d15e043a1a4c614bccdc8ab9615
Author: Gregor Beck <gbeck at sernet.de>
Date: Mon May 30 10:24:16 2011 +0200
s3:net: registry: use recursive implementation for enumerate
Signed-off-by: Michael Adam <obnox at samba.org>
commit 7e2972e1debcecd8558e6e9799bf47cee3050790
Author: Gregor Beck <gbeck at sernet.de>
Date: Mon May 30 08:58:34 2011 +0200
s3:net: registry: add new command enumerate_recursive
Signed-off-by: Michael Adam <obnox at samba.org>
commit b90f3825dc98f7f81c931407054e6c915a49f5bf
Author: Gregor Beck <gbeck at sernet.de>
Date: Mon May 23 14:45:57 2011 +0200
s3:nfs4_acls: pass ACE_FLAG_INHERITED_ACE down from the client
Signed-off-by: Michael Adam <obnox at samba.org>
commit 4c6adfb9038b6c7ec76f794bb28c9b1f811caff2
Author: Gregor Beck <gbeck at sernet.de>
Date: Mon May 23 14:27:11 2011 +0200
s3:nfs4_acls: pass ACE_FLAG_INHERITED_ACE up to the client
Signed-off-by: Michael Adam <obnox at samba.org>
commit c936bf4df36158be2560432c156044baf7e9b498
Author: Gregor Beck <gbeck at sernet.de>
Date: Thu May 26 10:15:56 2011 +0200
s3:smbcacls: fix parsing of multiple flags
Signed-off-by: Michael Adam <obnox at samba.org>
commit a2c9d8e68dc8647b8ff18e254fd9062c709e31ec
Author: Volker Lendecke <vl at samba.org>
Date: Fri May 20 13:07:17 2011 +0200
s3: Fork the echo handler only after SMB1 negprot is done
This enables activating the echo responder also if SMB2 is enabled, albeit it
will only be used for SMB1 at this moment.
commit 99f24e2e36a9f51c53caeff79d7ec2b4ca908051
Author: Volker Lendecke <vl at samba.org>
Date: Wed May 4 17:45:34 2011 +0200
s3-torture: Add a test for notify upon read&x
This makes sure that when a file is brought online by a read call
we notify the client for FILE_NOTIFY_CHANGE_ATTRIBUTES.
commit e081382cd80786d0fda4e99d32c5706c147a821f
Author: Michael Adam <obnox at samba.org>
Date: Tue May 17 14:30:13 2011 +0200
s3:torture: remove a file accidentially committed with 3b2fe4728d6d916508b677e696ecad88f8b7b9fd
commit 2e490ae208d31c4112b851eeaf346837f637fcd3
Author: Jeremy Allison <jra at samba.org>
Date: Thu May 26 16:48:42 2011 -0700
Fix bug #6911 - Kerberos authentication from vista to samba fails when security blob size is greater than 16 kB
We were not correctly checking the output of asn1_start_tag().
asn1_start_tag() returns -1 and sets data->has_error if the
remaining blob size is too short to contain the tag length.
We were checking data->has_error and returning NT_STATUS_OK
(to allow the second asn.1 parse to fail in that case). We
should not be checking data->has_error in this case, but
falling through to the code that already checks the length.
Thanks to Jim for reproducing this for me. We don't get bitten
by this as we announce a max buffer size of 16k, greater than
Windows's 4k, which means that most krb5 spnego packets already
fit.
Jeremy.
commit 3e3b85f2796166109ce9a72f797a3ca708e7d186
Author: Benjamin Brunner <bbrunner at suse.de>
Date: Fri May 27 12:39:41 2011 +0200
s3-docs: Fix some typos.
This patch is a manpage update addressing the typos and mistakes in the vfs_smb_traffic_analyzer manpage and the smbta-util manpage, which have been brought up in these threads on samba-technical: http://lists.samba.org/archive/samba-technical/2011-May/077801.html http://lists.samba.org/archive/samba-technical/2011-May/077800.html http://lists.samba.org/archive/samba-technical/2011-May/077753.html
I have seen Volker already fixed the typos in
127d417e8ebc967572df7a75b342897a6a8fb71e , but I haven't found
"Ultimatively" in any dictionary, so this patch just removes the
word completely.
Thanks to Samba-JP oota <ribbon at samba.gr.jp> for reporting.
The last 2 patches address bug #8178 (Collection of manpage updates for SMB
Traffic Analyzer).
commit b747545fa4cd8985f4e06a08623d38205fa5d0cf
Author: Volker Lendecke <vl at samba.org>
Date: Fri May 27 08:42:30 2011 +0200
s3: Fix a typo
Thanks to Samba-JP oota <ribbon at samba.gr.jp>
(cherry picked from commit 127d417e8ebc967572df7a75b342897a6a8fb71e)
commit 859d13141cd831488b60e413f7141514ae4464b5
Author: Jeremy Allison <jra at samba.org>
Date: Tue May 24 12:47:31 2011 -0700
Fix our asn.1 parser to handle negative numbers.
Autobuild-User: Jeremy Allison <jra at samba.org>
Autobuild-Date: Tue May 24 22:57:16 CEST 2011 on sn-devel-104
(cherry picked from commit e719dfd4dc178f001a5f804fb1ac4e587574415f)
Fix bug #8163 (asn.1 library does not correctly read negative integers).
commit 12c0c8bc79ec762f983be6955fe14f8561bf6bfd
Author: Holger Hetterich <hhetter at novell.com>
Date: Sun Feb 20 11:32:39 2011 +0100
Actually make use of the SMBTA_SUBRELEASE define in smb_traffic_analyzer.h. This will allow to introduce new features or fixes into the protocol after the 3.6.0 release. The client software is designed to take care for the subrelease number.
Fix bug #8154 (Actually make use of SMBTA subversion numbers).
commit 4ae564df76c99a3866188dfb7e5a236188e97350
Author: Jeremy Allison <jra at samba.org>
Date: Mon May 23 17:14:47 2011 -0700
Fix bug #7054 - X account flag does not work when pwdlastset is 0.
Don't allow pass_last_set_time to be set to zero (which means
"user must change password on next logon") if user object doesn't
allow password change.
Don't automatically allow user object password change if
"user must change password on next logon" is set.
Jim please check.
Jeremy.
commit c173b7bc0bf1e93406b692b27e1987928e81b47c
Author: Andrew Bartlett <abartlet at samba.org>
Date: Wed May 18 11:53:34 2011 +1000
s3-testparm Warn about incorrect use of 'password server'
The last 5 patches address bug #8151 (deprecate security parameters for 3.6).
commit 7938753a2973f596bc4cfac7d7829faeb550e7c1
Author: Andrew Bartlett <abartlet at samba.org>
Date: Mon May 23 10:42:57 2011 +1000
s3-param Depricate 'password server = foo:12389' syntax
This was originally intended to allow the LDAP port on a DC to be
varied, but makes little sense to change one port when in an
environment where krb5, ldap, smb and potentially DCE/RPC over TCP are
involved.
Andrew Bartlett
commit da3c01387dc0ae0be0de768b4240f164b0a96c25
Author: Andrew Bartlett <abartlet at samba.org>
Date: Fri May 13 17:55:41 2011 +0200
s3-param Deprecate a number of security parameters for 3.6
This follows up on the agreement on the samba-technical list in Jan
2011 to deprecate these options, and to possibly remove these in the
4.0 release after user feedback.
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet at samba.org>
Autobuild-Date: Fri May 13 19:51:41 CEST 2011 on sn-devel-104
commit 6fc56d402ecbb864f3b906f096ac9e2c77b9fbab
Author: Andrew Bartlett <abartlet at samba.org>
Date: Mon May 23 10:42:40 2011 +1000
docs: Clarify the 'security=server' fails for NTLMv2
commit 168522c1cbb7981e87cc05bf619f65867e5d3cb3
Author: Andrew Bartlett <abartlet at samba.org>
Date: Mon May 23 10:20:47 2011 +1000
docs: Rewrite 'password server' documentation
I think this new version is more clear.
Andrew Bartlett
commit 0b45809109bfbb5bca7913091b465afbd1462103
Author: Jeremy Allison <jra at samba.org>
Date: Mon May 23 10:57:56 2011 -0700
Fix bug #8150 - Ban 'dos charset = utf8'
commit 341694edc159b8b923ce4d5c22bebed6e1e7ad1b
Author: Volker Lendecke <vl at samba.org>
Date: Thu May 26 11:40:21 2011 +0200
s3: Document "async smb echo handler"
Autobuild-User: Volker Lendecke <vlendec at samba.org>
Autobuild-Date: Thu May 26 12:50:55 CEST 2011 on sn-devel-104
(cherry picked from commit 875e29ba830b269faf8ca7ff7cd7fc95c0c18f28)
Fix bug #7571 (Documentation on new "async smb echo handler" parameter is
missing).
commit 9a01a1569359ab7d527c2a080fb7861a03a8fe12
Author: Karolin Seeger <kseeger at samba.org>
Date: Mon May 23 21:41:27 2011 +0200
WHATSNEW: Start adding changes since rc1.
Karolin
commit bc602ad464291380d4dea007668d453439467cc4
Author: Jeremy Allison <jra at samba.org>
Date: Fri May 20 12:27:02 2011 -0700
Fix bug #8157 - std_pcap_cache_reload() fails to parse a cups printcap file correctly.
The parsing code made some strange assumptions about what is a printer
name, and what is a comment.
commit ccab9efb653cfacdd357986f7a8a85c17df7abbb
Author: Jeremy Allison <jra at samba.org>
Date: Fri May 20 14:43:50 2011 -0700
Patch for bug #8156 - net ads join fails to use the user's kerberos ticket.
If kerberos_get_realm_from_hostname() or kerberos_get_default_realm_from_ccache() fails due to
a misconfigured krb5.conf, try the "realm =" from smb.conf as a fallcback before going back to
NTLMSSP (which we'll do anyway).
commit d4c8b92a29aa9dcc976185aeb35ead8e911aab9c
Author: Volker Lendecke <vl at samba.org>
Date: Mon May 23 12:21:17 2011 +0200
s3: Remove two false references to cli->inbuf (cherry picked from commit b1a7bdb93c7fda54a29284f1691de1dc4f3bbf6b)
Fix bug #8159 (Memory corruption in fetching cli->server_domain from the
server.).
commit 0f574d1a2fbc1b043c96b103bda1b74b1088fd5b
Author: Volker Lendecke <vl at samba.org>
Date: Mon May 23 15:36:20 2011 +0200
s3: Fix a leftover from fstring removal in cli_state
Jeremy, please check!
(cherry picked from commit 9514f96856ccf822b683b5362fd2eb4a4e9e418a)
commit 318c77ec46c3769d462bada130956d0081c48be2
Author: Jeremy Allison <jra at samba.org>
Date: Thu May 19 16:39:18 2011 -0700
Fix bug 8133 - strange behavior for the file (whose filename first character is period ) in SMB2 case.
When doing SMB2 renames, we need to match all filetypes (no attributes field in the SMB2 call).
By default a file starting with a period is returned as FILE_ATTRIBUTE_HIDDEN in Samba.
Autobuild-User: Jeremy Allison <jra at samba.org>
Autobuild-Date: Fri May 20 19:26:04 CEST 2011 on sn-devel-104
commit e66e505db8e3e6c7938eb09dc55e080f7754ddd1
Author: Jeremy Allison <jra at samba.org>
Date: Thu May 19 16:38:11 2011 -0700
Optimization. If the attributes passed to can_rename() include both FILE_ATTRIBUTE_HIDDEN and FILE_ATTRIBUTE_SYSTEM then there's no point in reading the source DOS attribute, as we're not going to deny the rename on attribute match.
commit 9231770df9189701da7020c77ebd672942f25773
Author: Holger Hetterich <hhetter at novell.com>
Date: Wed May 18 15:24:23 2011 +0200
Make protocol version 2 the default protocol, and only run on version 1 if V1 is explcitly given as a module option.
I haven't received a single line of feedback on protocol v1
for at least 1 1/2 years, whereas protocol v2 has an active
userbase and more people developing around it.
This patch includes a manpage update, describing the new
version handling, as well as documenting the recent changes
making the module transfer the IP address of the client machine
as submitted with
464c69609aa7e582f484c1d357b7c6d3eb2bcbe3.
Bug #8148 (Default to protocol version 2 for SMB Traffic Analyzer in Samba
3.6.0).
commit aba30a8d502f0a425672205734bfb91d4286fc14
Author: Andreas Schneider <asn at samba.org>
Date: Wed May 18 12:10:42 2011 +0200
s3-epmapper: Fixed endpoint registration.
Autobuild-User: Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date: Fri May 20 12:03:18 CEST 2011 on sn-devel-104
(cherry picked from commit 7ab9e26b601e4e51736ce6eace46e6588fa1148f)
Fix bug #8155 (Registering only named pipes on EPM for a service doesn't work).
commit 85468960ebdb3d813bd863e57f6dca6bab61bec2
Author: Jeremy Allison <jra at samba.org>
Date: Thu May 19 12:32:15 2011 -0700
Fix bug 8153 found when building on an IPv6-only system by Kai Blin.
When building on IPv6-only, doing:
hints.ai_family = AF_INET;
getaddrinfo("0.0.0.0", NULL, &hints, &ppres)
fails as AF_INET is unavailable on an IPv6-only system. This
causes us to fallback to our replacement getaddrinfo code
which is IPv4-only.
As we're only trying to detect a specific AIX bug here,
broaden the tests to find that bug, and also test for
working getaddrinfo in an IPv6-only safe way.
commit 72e50d34eeac4cd72ec2f6b3609b5373f1f1ec15
Author: Christian Ambach <ambi at samba.org>
Date: Thu May 19 18:13:40 2011 +0200
Fix Bug 8152 - smbd crash in release_ip()
release_ip() needs the private_data, but it was never saved away
to feed it into release_ip() later
Autobuild-User: Christian Ambach <ambi at samba.org>
Autobuild-Date: Thu May 19 21:21:14 CEST 2011 on sn-devel-104
(cherry picked from commit 642c6ba2b9c581bacfcb9a6cb4c5c95d446263ce)
commit ba6f63ca67fc9e0b2bfa54ccf2cf0b78c53db74b
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue May 17 10:32:38 2011 +0200
s3:rpc_server: create lp_ncalrpc_dir() with 0755 before lp_ncalrpc_dir()/np with 0700
metze
Autobuild-User: Stefan Metzmacher <metze at samba.org>
Autobuild-Date: Tue May 17 13:01:14 CEST 2011 on sn-devel-104
(cherry picked from commit cb227d6d1492247d8aff03807cac0b7266202a38)
The last 2 patches address bug #8141 (wrong permissions on lp_ncalrpc_dir()).
commit 6e89c230046f1b7300ba5f76dfbc81c57af69fe5
Author: Andrew Bartlett <abartlet at samba.org>
Date: Sun May 8 10:29:27 2011 +0200
ncalrpc: Force ncalrpc dir to be mode 755 in all users
This allows this directory to be shared between Samba3 and Samba4 in a
Franky-style setup easily.
Andrew Bartlett
(cherry picked from commit aae9353ecf56323b63da66aa84d8a0a4f219d94d)
commit 7304370a2423230120a9ceebd1016966658f713f
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue May 17 08:50:45 2011 +0200
talloc: splitout _talloc_free_children_internal()
metze
Autobuild-User: Stefan Metzmacher <metze at samba.org>
Autobuild-Date: Tue May 17 10:49:13 CEST 2011 on sn-devel-104
(cherry picked from commit df2cb2f672569e5d113fe2e77fdc1ee16c8b646d)
The last 9 patches address bug #8140 (talloc: valgrind false positives and other
backports).
commit e3ff6f5bbe09913b45ea1aef613c8790b25a978c
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Apr 8 12:30:46 2011 +0200
talloc: fixed a use after free error in talloc_free_children()
This is similar to commit 6f51a1f45bf4de062cce7a562477e8140630a53d.
metze
(cherry picked from commit 38633c9f0b7f86673f08903999583ad5b62c3548)
commit d54493b4b43cc0d299486e571d813f90a7b22059
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Apr 8 12:27:05 2011 +0200
talloc: use _talloc_free_internal() in talloc_free_children()
metze
(cherry picked from commit f3b855d2ff9576715afe50d75678829c6bc0842d)
commit ac6bb22a8c054e5949e07f563bf9fba46d22358d
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon May 16 19:25:47 2011 +0200
talloc: test talloc_steal out of a talloc_pool
metze
Autobuild-User: Stefan Metzmacher <metze at samba.org>
Autobuild-Date: Tue May 17 09:43:01 CEST 2011 on sn-devel-104
(cherry picked from commit 37b2130ed9612a7334888ecd2fee26b0b45ac271)
commit ade2fe7e8fc299e01ba13a08c95598eefa5b99b5
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue May 17 08:20:13 2011 +0200
talloc: add memset() calls to test_pool()
This way we the pool based valgrind code.
metze
(cherry picked from commit 16cc52cf70a9918843f9761baf483338c80bf1d0)
commit 75ce3de1eb2e7042c7a4ffcb6f0f6aa2a41c19b5
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue May 17 08:19:04 2011 +0200
talloc: setup the new 'tc' before TC_UNDEFINE_GROW_CHUNK() _talloc_realloc()
metze
(cherry picked from commit c281f2fc1a359d0d3b91b94438f11bb7c88170b5)
commit 8e95d3201adc546000ca29816c83aba6fab52b1a
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon May 16 20:15:59 2011 +0200
talloc: make really sure only optimize realloc if there's only one pool chunk
*talloc_pool_objectcount(pool_tc) == 2 doesn't mean the one of the objects
is the pool itself! So we better check for == 1 and calculate the chunk count.
metze
(cherry picked from commit 7102105c8954627dc30a851327cf2642ac0783d5)
commit dc8b2979168c6688c647cdc39d321eb54bd0aa5b
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon May 16 20:23:13 2011 +0200
talloc: make use of _talloc_free_poolmem() in _talloc_realloc()
This should follow the same logic...
metze
(cherry picked from commit 14b662ee4f278764b9dfd620851e908d29f29fc4)
commit 4cf761bb5a030340625172a51212b11613efea02
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon May 16 19:06:07 2011 +0200
talloc: split the handling of FLAG_POOL/FLAG_POOLMEM in _talloc_free_internal
The optimization of the object_count == 1 case should only happen
for when we're not destroying the pool itself. And it should only
happen if the pool itself is still valid.
If the pool isn't valid (it has TALLOC_FLAG_FREE),
object_count == 1 does not mean that the pool is the last object,
which can happen if you use talloc_steal/move() on memory
from the pool and then free the pool itself.
Thanks to Volker for noticing this!
metze
(cherry picked from commit 2d514be1ed3b8245157a0a51186ec7f9db828202)
commit eb15457258ad7a54d5a3c4431be8307331e3a6e3
Author: Sumit Bose <sbose at redhat.com>
Date: Tue May 17 08:58:50 2011 +0200
Fix typos in LDAP schema files
Reported by: John Danks <john.danks at gmail.com>
Signed-off-by: Günther Deschner <gd at samba.org>
Autobuild-User: Günther Deschner <gd at samba.org>
Autobuild-Date: Tue May 17 11:56:08 CEST 2011 on sn-devel-104
Fix bug #8142 (typo in several LDAP schema files).
commit d68dbed16939a4ba04435f7dad490d0a9fa60bdb
Author: Jeremy Allison <jra at samba.org>
Date: Tue May 17 16:18:51 2011 -0700
Fix bug #8144 - touch /mnt/newfile fails to set timestamp with CIFS client.
The extra checks added for Windows correctness in our metadata changing paths
to ensure the file handle has been opened with the correct access mask to
allow FILE_WRITE_ATTRIBUTES etc. caused problems with the POSIX open code.
The old POSIX open code maped O_RDONLY into FILE_READ, O_WRONLY into FILE_WRITE,
and O_RDWR into FILE_READ|FILE_WRITE. This patch extends the mapping to add
FILE_WRITE_ATTRIBUTES, FILE_READ_ATTRIBUTES and FILE_WRITE_EA, FILE_READ_EA to
allow POSIX opens to set these values.
commit 881d39ca03588994c2f9e3e49db23470984d58e5
Author: Karolin Seeger <kseeger at samba.org>
Date: Tue May 17 21:13:15 2011 +0200
WHATSNEW: Start release notes.
Karolin
commit 24f54eb90f18cb876cf1c49a56e399a946758363
Author: Karolin Seeger <kseeger at samba.org>
Date: Tue May 17 21:10:39 2011 +0200
VERSION: Bump version up to 3.6.0rc2.
Karolin
-----------------------------------------------------------------------
Summary of changes:
WHATSNEW.txt | 50 ++++-
docs-xml/manpages-3/smbta-util.8.xml | 8 +-
docs-xml/manpages-3/vfs_smb_traffic_analyzer.8.xml | 12 +-
docs-xml/smbdotconf/logon/enableprivileges.xml | 2 +-
docs-xml/smbdotconf/misc/asyncsmbechohandler.xml | 15 ++
docs-xml/smbdotconf/protocol/usespnego.xml | 2 +-
docs-xml/smbdotconf/security/passwordlevel.xml | 2 +-
docs-xml/smbdotconf/security/passwordserver.xml | 106 +++++-----
docs-xml/smbdotconf/security/security.xml | 145 +++++++-------
docs-xml/smbdotconf/security/username.xml | 2 +-
examples/LDAP/samba-nds.schema | 2 +-
examples/LDAP/samba-schema-FDS.ldif | 2 +-
examples/LDAP/samba-schema-netscapeds5.x | 2 +-
examples/LDAP/samba.schema | 4 +-
examples/LDAP/samba.schema.oc.IBM-DS | 2 +-
lib/replace/libreplace_network.m4 | 19 ++-
lib/talloc/talloc.c | 216 +++++++++++---------
lib/talloc/testsuite.c | 86 ++++++++
lib/util/asn1.c | 9 +
packaging/RHEL-CTDB/configure.rpm | 2 +-
packaging/RHEL-CTDB/samba.spec.tmpl | 3 +-
source3/VERSION | 2 +-
source3/lib/ctdbd_conn.c | 5 +
source3/libsmb/cliconnect.c | 50 ++++--
source3/modules/nfs4_acls.c | 6 +
source3/modules/nfs4_acls.h | 3 +-
source3/modules/vfs_smb_traffic_analyzer.c | 22 ++-
source3/modules/vfs_smb_traffic_analyzer.h | 2 +-
source3/param/loadparm.c | 61 +++++-
source3/passdb/pdb_get_set.c | 3 +-
source3/printing/print_standard.c | 13 +-
source3/rpc_server/rpc_ep_setup.c | 8 +-
source3/rpc_server/rpc_server.c | 15 ++-
source3/rpc_server/samr/srv_samr_util.c | 11 +-
source3/smbd/negprot.c | 5 +
source3/smbd/process.c | 12 +-
source3/smbd/proto.h | 1 +
source3/smbd/reply.c | 13 +-
source3/smbd/sesssetup.c | 28 +++-
source3/smbd/trans2.c | 30 ++-
source3/utils/net_registry.c | 139 +++++++++++---
source3/utils/smbcacls.c | 7 +-
source3/utils/testparm.c | 21 ++-
source4/smbd/service_named_pipe.c | 7 +
44 files changed, 795 insertions(+), 360 deletions(-)
create mode 100644 docs-xml/smbdotconf/misc/asyncsmbechohandler.xml
Changeset truncated at 500 lines:
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index 5626691..3481c74 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,10 +1,10 @@
================================
- Release Notes for Samba 3.6.0rc1
- May 17, 2011
+ Release Notes for Samba 3.6.0rc2
+ June 7, 2011
================================
-This is the first release candidate of Samba 3.6.0. This is *not*
+This is the second release candidate of Samba 3.6.0. This is *not*
intended for production environments and is designed for testing
purposes only. Please report any defects via the Samba bug reporting
system at https://bugzilla.samba.org/.
@@ -166,10 +166,10 @@ endpoint mapper is like a DNS server but for ports. If you want to talk to a
certain RPC service over TCP/IP, you just ask the endpoint mapper on which
port it is running. Then you can connect to the service and make sure that it
is running.
+
The code is deactivated by default, because it needs more testing and it
-doesn't scale yet. We will work on these limitations and hopefully release it
-with pre3. If you want to enable and test the endpoint mapper you can set
-"rpc_server:epmapper = daemon" in the smb.conf file.
+doesn't scale yet. If you want to enable and test the endpoint mapper
+you can set "rpc_server:epmapper = daemon" in the smb.conf file.
Internal restructuring
@@ -252,6 +252,44 @@ o Andreas Schneider <asn at samba.org>
* Add an Endpoint Mapper daemon.
+Changes since 3.6.0rc1
+----------------------
+
+o Jeremy Allison <jra at samba.org>
+ * BUG 8133: Fix strange behavior for the file (whose filename first
+ character is period ) in SMB2 case.
+ * BUG 8144: Fix setting timestamp when touching files with CIFS clients.
+ * BUG 8153: Fix setting up getaddrinfo on IPv6-only machines.
+ * BUG 8156: Fix 'net ads join' using the user's Kerberos ticket.
+ * BUG 8157: Fix parsing a cups printcap file.
+
+
+o Christian Ambach <ambi at samba.org>
+ * BUG 8152: Fix smbd crash in release_ip().
+
+
+o Sumit Bose <sbose at redhat.com>
+ * BUG 8142: Fix typos in LDAP schema files.
+
+
+o Holger Hetterich <hhetter at novell.com>
+ * BUG 8148: Default to protocol version 2 for SMB Traffic Analyzer.
+
+
+o Stefan Metzmacher <metze at samba.org>
+ * BUG 8140: talloc: Fix Valgrind false positives and other backports.
+ * BUG 8141: Fix wrong permissions on lp_ncalrpc_dir().
+
+
+o Andreas Schneider <asn at samba.org>
+ * BUG 8155: Fix registering only named pipes on EPM for a service.
+
+
+o Volker Lendecke <vl at samba.org>
+ * BUG 8159: Fix memory corruption in fetching cli->server_domain from the
+ server.
+
+
Changes since 3.6.0pre3
-----------------------
diff --git a/docs-xml/manpages-3/smbta-util.8.xml b/docs-xml/manpages-3/smbta-util.8.xml
index 6e53aaa..3a88f7b 100644
--- a/docs-xml/manpages-3/smbta-util.8.xml
+++ b/docs-xml/manpages-3/smbta-util.8.xml
@@ -25,7 +25,7 @@
<cmdsynopsis>
<command>smbta-util</command>
<arg rep="repeat" choice="opt">
- <replaceable>COMMANDS</replaceable>
+ <replaceable>OPTIONS</replaceable>
</arg>
</cmdsynopsis>
@@ -36,7 +36,7 @@
<para>This tool is part of the
<citerefentry><refentrytitle>samba</refentrytitle>
- <manvolnum>1</manvolnum></citerefentry> suite.</para>
+ <manvolnum>7</manvolnum></citerefentry> suite.</para>
<para><command>smbta-util</command> is a tool to ease the
configuration of the vfs_smb_traffic_analyzer module regarding
@@ -52,7 +52,7 @@
<refsect1>
- <title>COMMANDS</title>
+ <title>OPTIONS</title>
<variablelist>
@@ -103,7 +103,7 @@
<refsect1>
<title>VERSION</title>
- <para>This man page is correct for version 3.4 of the Samba suite.</para>
+ <para>This man page is correct for version 3.6 of the Samba suite.</para>
</refsect1>
<refsect1>
diff --git a/docs-xml/manpages-3/vfs_smb_traffic_analyzer.8.xml b/docs-xml/manpages-3/vfs_smb_traffic_analyzer.8.xml
index 882ee6a..605e096 100644
--- a/docs-xml/manpages-3/vfs_smb_traffic_analyzer.8.xml
+++ b/docs-xml/manpages-3/vfs_smb_traffic_analyzer.8.xml
@@ -45,6 +45,8 @@
protocol, supporting only a small list of VFS operations, and had
several drawbacks. The protocol version 2 is a try to solve the
problems version 1 had while at the same time adding new features.
+ With the release of Samba 3.6.0, the module will run protocol version 2
+ by default.
</para>
</refsect1>
@@ -77,6 +79,7 @@
<listitem><para><command>SHARE</command> - the name of the share on which the VFS operation occured</para></listitem>
<listitem><para><command>FILENAME</command> - the name of the file that was used by the VFS operation</para></listitem>
<listitem><para><command>TIMESTAMP</command> - a timestamp, formatted as "yyyy-mm-dd hh-mm-ss.ms" indicating when the VFS operation occured</para></listitem>
+ <listitem><para><command>IP</command> - The IP Address (v4 or v6) of the client machine that initiated the VFS operation.</para></listitem>
</itemizedlist>
</para>
@@ -136,7 +139,7 @@
The module now can identify itself against the receiver with a sub-release number, where
the receiver may run with a different sub-release number than the module. However, as
long as both run on the V2.x protocol, the receiver will not crash, even if the module
- uses features only implemented in the newer subrelease. Ultimativly, if the module uses
+ uses features only implemented in the newer subrelease. If the module uses
a new feature from a newer subrelease, and the receiver runs an older protocol, it is just
ignoring the functionality. Of course it is best to have both the receiver and the module
running the same subrelease of the protocol.
@@ -224,9 +227,9 @@
<varlistentry>
<term>smb_traffic_analyzer:protocol_version = STRING</term>
<listitem>
- <para>If STRING matches to V1 or is not given at all, the module
- will use version 1 of the protocol. If STRING matches to "V2"
- the module will use version 2 of the protocol.
+ <para>If STRING matches to V1, the module will use version 1 of the
+ protocol. If STRING is not given, the module will use version 2 of the
+ protocol, which is the default.
</para>
</listitem>
</varlistentry>
@@ -241,7 +244,6 @@
<smbconfsection name="[example_share]"/>
<smbconfoption name="path">/data/example</smbconfoption>
<smbconfoption name="vfs_objects">smb_traffic_analyzer</smbconfoption>
- <smbconfoption name="smb_traffic_analyzer:protocol_version">V2</smbconfoption>
<smbconfoption name="smb_traffic_analyzer:host">examplehost</smbconfoption>
<smbconfoption name="smb_traffic_analyzer:port">3491</smbconfoption>
</programlisting>
diff --git a/docs-xml/smbdotconf/logon/enableprivileges.xml b/docs-xml/smbdotconf/logon/enableprivileges.xml
index 3e958e0..0fbc504 100644
--- a/docs-xml/smbdotconf/logon/enableprivileges.xml
+++ b/docs-xml/smbdotconf/logon/enableprivileges.xml
@@ -5,7 +5,7 @@
xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
<description>
<para>
- This parameter controls whether or not smbd will honor privileges assigned to specific SIDs via either
+ This deprecated parameter controls whether or not smbd will honor privileges assigned to specific SIDs via either
<command>net rpc rights</command> or one of the Windows user and group manager tools. This parameter is
enabled by default. It can be disabled to prevent members of the Domain Admins group from being able to
assign privileges to users or groups which can then result in certain smbd operations running as root that
diff --git a/docs-xml/smbdotconf/misc/asyncsmbechohandler.xml b/docs-xml/smbdotconf/misc/asyncsmbechohandler.xml
new file mode 100644
index 0000000..d10dac9
--- /dev/null
+++ b/docs-xml/smbdotconf/misc/asyncsmbechohandler.xml
@@ -0,0 +1,15 @@
+<samba:parameter name="async smb echo handler"
+ context="G"
+ type="boolean"
+ advanced="1"
+ xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
+<description>
+ <para>This parameter specifies whether Samba should fork the
+ async smb echo handler. It can be beneficial if your file
+ system can block syscalls for a very long time. In some
+ circumstances, it prolongs the timeout that Windows uses to
+ determine whether a connection is dead.
+ </para>
+</description>
+<value type="default">no</value>
+</samba:parameter>
diff --git a/docs-xml/smbdotconf/protocol/usespnego.xml b/docs-xml/smbdotconf/protocol/usespnego.xml
index 8fb559c..c975c9b 100644
--- a/docs-xml/smbdotconf/protocol/usespnego.xml
+++ b/docs-xml/smbdotconf/protocol/usespnego.xml
@@ -4,7 +4,7 @@
developer="1"
xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
<description>
- <para>This variable controls controls whether samba will try
+ <para>This deprecated variable controls controls whether samba will try
to use Simple and Protected NEGOciation (as specified by rfc2478) with
WindowsXP and Windows2000 clients to agree upon an authentication mechanism.
</para>
diff --git a/docs-xml/smbdotconf/security/passwordlevel.xml b/docs-xml/smbdotconf/security/passwordlevel.xml
index 1da11e4..754bbdf 100644
--- a/docs-xml/smbdotconf/security/passwordlevel.xml
+++ b/docs-xml/smbdotconf/security/passwordlevel.xml
@@ -13,7 +13,7 @@
text passwords even when NT LM 0.12 selected by the protocol
negotiation request/response.</para>
- <para>This parameter defines the maximum number of characters
+ <para>This deprecated parameter defines the maximum number of characters
that may be upper case in passwords.</para>
<para>For example, say the password given was "FRED". If <parameter moreinfo="none">
diff --git a/docs-xml/smbdotconf/security/passwordserver.xml b/docs-xml/smbdotconf/security/passwordserver.xml
index 0e92af9..0aa3b51 100644
--- a/docs-xml/smbdotconf/security/passwordserver.xml
+++ b/docs-xml/smbdotconf/security/passwordserver.xml
@@ -10,54 +10,24 @@
it is possible to get Samba
to do all its username/password validation using a specific remote server.</para>
- <para>This option sets the name or IP address of the password server to use.
- New syntax has been added to support defining the port to use when connecting
- to the server the case of an ADS realm. To define a port other than the
- default LDAP port of 389, add the port number using a colon after the
- name or IP address (e.g. 192.168.1.100:389). If you do not specify a port,
- Samba will use the standard LDAP port of tcp/389. Note that port numbers
- have no effect on password servers for Windows NT 4.0 domains or netbios
- connections.</para>
-
- <para>If parameter is a name, it is looked up using the
- parameter <smbconfoption name="name resolve order"/> and so may resolved
- by any method and order described in that parameter.</para>
-
- <para>The password server must be a machine capable of using
- the "LM1.2X002" or the "NT LM 0.12" protocol, and it must be in
- user level security mode.</para>
-
- <note><para>Using a password server means your UNIX box (running
- Samba) is only as secure as your password server. <emphasis>DO NOT
- CHOOSE A PASSWORD SERVER THAT YOU DON'T COMPLETELY TRUST</emphasis>.
- </para></note>
-
- <para>Never point a Samba server at itself for password serving.
- This will cause a loop and could lock up your Samba server!</para>
-
- <para>The name of the password server takes the standard
- substitutions, but probably the only useful one is <parameter moreinfo="none">%m
- </parameter>, which means the Samba server will use the incoming
- client as the password server. If you use this then you better
- trust your clients, and you had better restrict them with hosts allow!</para>
-
<para>If the <parameter moreinfo="none">security</parameter> parameter is set to
- <constant>domain</constant> or <constant>ads</constant>, then the list of machines in this
- option must be a list of Primary or Backup Domain controllers for the
- Domain or the character '*', as the Samba server is effectively
- in that domain, and will use cryptographically authenticated RPC calls
- to authenticate the user logging on. The advantage of using <command moreinfo="none">
- security = domain</command> is that if you list several hosts in the
- <parameter moreinfo="none">password server</parameter> option then <command moreinfo="none">smbd
- </command> will try each in turn till it finds one that responds. This
- is useful in case your primary server goes down.</para>
+ <constant>domain</constant> or <constant>ads</constant>, then this option
+ <emphasis>should not</emphasis> be used, as the default '*' indicates to Samba
+ to determine the best DC to contact dynamically, just as all other hosts in an
+ AD domain do. This allows the domain to be maintained without modification to
+ the smb.conf file. The cryptograpic protection on the authenticated RPC calls
+ used to verify passwords ensures that this default is safe.</para>
- <para>If the <parameter moreinfo="none">password server</parameter> option is set
- to the character '*', then Samba will attempt to auto-locate the
- Primary or Backup Domain controllers to authenticate against by
- doing a query for the name <constant>WORKGROUP<1C></constant>
- and then contacting each server returned in the list of IP
- addresses from the name resolution source. </para>
+ <para><emphasis>It is strongly recommended that you use the
+ default of '*'</emphasis>, however if in your particular
+ environment you have reason to specify a particular DC list, then
+ the list of machines in this option must be a list of names or IP
+ addresses of Domain controllers for the Domain. If you use the
+ default of '*', or list several hosts in the <parameter
+ moreinfo="none">password server</parameter> option then <command
+ moreinfo="none">smbd </command> will try each in turn till it
+ finds one that responds. This is useful in case your primary
+ server goes down.</para>
<para>If the list of servers contains both names/IP's and the '*'
character, the list is treated as a list of preferred
@@ -65,10 +35,12 @@
will be added to the list as well. Samba will not attempt to optimize
this list by locating the closest DC.</para>
+ <para>If parameter is a name, it is looked up using the
+ parameter <smbconfoption name="name resolve order"/> and so may resolved
+ by any method and order described in that parameter.</para>
+
<para>If the <parameter moreinfo="none">security</parameter> parameter is
- set to <constant>server</constant>, then there are different
- restrictions that <command moreinfo="none">security = domain</command> doesn't
- suffer from:</para>
+ set to <constant>server</constant>, these additional restrictions apply:</para>
<itemizedlist>
<listitem>
@@ -82,12 +54,42 @@
</listitem>
<listitem>
- <para>If you are using a Windows NT server as your
- password server then you will have to ensure that your users
+ <para>You will have to ensure that your users
are able to login from the Samba server, as when in <command moreinfo="none">
security = server</command> mode the network logon will appear to
- come from there rather than from the users workstation.</para>
+ come from the Samba server rather than from the users workstation.</para>
+ </listitem>
+
+ <listitem>
+ <para>The client must not select NTLMv2 authentication.</para>
</listitem>
+
+ <listitem>
+ <para>The password server must be a machine capable of using
+ the "LM1.2X002" or the "NT LM 0.12" protocol, and it must be in
+ user level security mode.</para>
+ </listitem>
+
+ <listitem>
+ <para>Using a password server means your UNIX box (running
+ Samba) is only as secure as (a host masqurading as) your password server. <emphasis>DO NOT
+ CHOOSE A PASSWORD SERVER THAT YOU DON'T COMPLETELY TRUST</emphasis>.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>Never point a Samba server at itself for password serving.
+ This will cause a loop and could lock up your Samba server!</para>
+ </listitem>
+
+ <listitem>
+ <para>The name of the password server takes the standard
+ substitutions, but probably the only useful one is <parameter moreinfo="none">%m
+ </parameter>, which means the Samba server will use the incoming
+ client as the password server. If you use this then you better
+ trust your clients, and you had better restrict them with hosts allow!</para>
+ </listitem>
+
</itemizedlist>
</description>
diff --git a/docs-xml/smbdotconf/security/security.xml b/docs-xml/smbdotconf/security/security.xml
index 514ea54..ed71f95 100644
--- a/docs-xml/smbdotconf/security/security.xml
+++ b/docs-xml/smbdotconf/security/security.xml
@@ -22,32 +22,18 @@
the most common setting needed when talking to Windows 98 and
Windows NT.</para>
- <para>The alternatives are <command moreinfo="none">security = share</command>,
- <command moreinfo="none">security = server</command> or <command moreinfo="none">security = domain
- </command>.</para>
+ <para>The alternatives are
+ <command moreinfo="none">security = ads</command> or <command moreinfo="none">security = domain
+ </command>, which support joining Samba to a Windows domain, along with <command moreinfo="none">security = share</command> and <command moreinfo="none">security = server</command>, both of which are deprecated.</para>
<para>In versions of Samba prior to 2.0.0, the default was
<command moreinfo="none">security = share</command> mainly because that was
the only option at one stage.</para>
- <para>There is a bug in WfWg that has relevance to this
- setting. When in user or server level security a WfWg client
- will totally ignore the username and password you type in the "connect
- drive" dialog box. This makes it very difficult (if not impossible)
- to connect to a Samba service as anyone except the user that
- you are logged into WfWg as.</para>
-
- <para>If your PCs use usernames that are the same as their
- usernames on the UNIX machine then you will want to use
- <command moreinfo="none">security = user</command>. If you mostly use usernames
- that don't exist on the UNIX box then use <command moreinfo="none">security =
- share</command>.</para>
-
- <para>You should also use <command moreinfo="none">security = share</command> if you
+ <para>You should use <command moreinfo="none">security = user</command> and
+ <smbconfoption name="map to guest"/> if you
want to mainly setup shares without a password (guest shares). This
- is commonly used for a shared printer server. It is more difficult
- to setup guest shares with <command moreinfo="none">security = user</command>, see
- the <smbconfoption name="map to guest"/> parameter for details.</para>
+ is commonly used for a shared printer server. </para>
<para>It is possible to use <command moreinfo="none">smbd</command> in a <emphasis>
hybrid mode</emphasis> where it is offers both user and share
@@ -56,7 +42,62 @@
<para>The different settings will now be explained.</para>
+ <para><anchor id="SECURITYEQUALSUSER"/><emphasis>SECURITY = USER</emphasis></para>
+
+ <para>This is the default security setting in Samba.
+ With user-level security a client must first "log-on" with a
+ valid username and password (which can be mapped using the <smbconfoption name="username map"/>
+ parameter). Encrypted passwords (see the <smbconfoption name="encrypted passwords"/> parameter) can also
+ be used in this security mode. Parameters such as <smbconfoption name="user"/> and <smbconfoption
+ name="guest only"/> if set are then applied and
+ may change the UNIX user to use on this connection, but only after
+ the user has been successfully authenticated.</para>
+
+ <para><emphasis>Note</emphasis> that the name of the resource being
+ requested is <emphasis>not</emphasis> sent to the server until after
+ the server has successfully authenticated the client. This is why
+ guest shares don't work in user level security without allowing
+ the server to automatically map unknown users into the <smbconfoption name="guest account"/>.
+ See the <smbconfoption name="map to guest"/> parameter for details on doing this.</para>
+
+ <para>See also the section <link linkend="VALIDATIONSECT">NOTE ABOUT USERNAME/PASSWORD VALIDATION</link>.</para>
+
+ <para><anchor id="SECURITYEQUALSDOMAIN"/><emphasis>SECURITY = DOMAIN</emphasis></para>
+
+ <para>This mode will only work correctly if <citerefentry><refentrytitle>net</refentrytitle>
+ <manvolnum>8</manvolnum></citerefentry> has been used to add this
+ machine into a Windows NT Domain. It expects the <smbconfoption name="encrypted passwords"/>
+ parameter to be set to <constant>yes</constant>. In this
+ mode Samba will try to validate the username/password by passing
+ it to a Windows NT Primary or Backup Domain Controller, in exactly
+ the same way that a Windows NT Server would do.</para>
+
+ <para><emphasis>Note</emphasis> that a valid UNIX user must still
+ exist as well as the account on the Domain Controller to allow
+ Samba to have a valid UNIX account to map file access to.</para>
+
+ <para><emphasis>Note</emphasis> that from the client's point
+ of view <command moreinfo="none">security = domain</command> is the same
+ as <command moreinfo="none">security = user</command>. It only
+ affects how the server deals with the authentication,
+ it does not in any way affect what the client sees.</para>
+
+ <para><emphasis>Note</emphasis> that the name of the resource being
+ requested is <emphasis>not</emphasis> sent to the server until after
+ the server has successfully authenticated the client. This is why
+ guest shares don't work in user level security without allowing
+ the server to automatically map unknown users into the <smbconfoption name="guest account"/>.
+ See the <smbconfoption name="map to guest"/> parameter for details on doing this.</para>
+
+ <para>See also the section <link linkend="VALIDATIONSECT">
+ NOTE ABOUT USERNAME/PASSWORD VALIDATION</link>.</para>
+
+ <para>See also the <smbconfoption name="password server"/> parameter and
+ the <smbconfoption name="encrypted passwords"/> parameter.</para>
+
<para><anchor id="SECURITYEQUALSSHARE"/><emphasis>SECURITY = SHARE</emphasis></para>
+
+ <note><para>This option is deprecated as it is incompatible with SMB2</para></note>
<para>When clients connect to a share level security server, they
need not log onto the server with a valid username and password before
@@ -135,63 +176,10 @@
<para>See also the section <link linkend="VALIDATIONSECT">
NOTE ABOUT USERNAME/PASSWORD VALIDATION</link>.</para>
- <para><anchor id="SECURITYEQUALSUSER"/><emphasis>SECURITY = USER</emphasis></para>
-
- <para>This is the default security setting in Samba 3.0.
- With user-level security a client must first "log-on" with a
- valid username and password (which can be mapped using the <smbconfoption name="username map"/>
- parameter). Encrypted passwords (see the <smbconfoption name="encrypted passwords"/> parameter) can also
- be used in this security mode. Parameters such as <smbconfoption name="user"/> and <smbconfoption
- name="guest only"/> if set are then applied and
- may change the UNIX user to use on this connection, but only after
- the user has been successfully authenticated.</para>
-
- <para><emphasis>Note</emphasis> that the name of the resource being
- requested is <emphasis>not</emphasis> sent to the server until after
- the server has successfully authenticated the client. This is why
- guest shares don't work in user level security without allowing
- the server to automatically map unknown users into the <smbconfoption name="guest account"/>.
- See the <smbconfoption name="map to guest"/> parameter for details on doing this.</para>
-
- <para>See also the section <link linkend="VALIDATIONSECT">NOTE ABOUT USERNAME/PASSWORD VALIDATION</link>.</para>
-
- <para><anchor id="SECURITYEQUALSDOMAIN"/><emphasis>SECURITY = DOMAIN</emphasis></para>
-
- <para>This mode will only work correctly if <citerefentry><refentrytitle>net</refentrytitle>
- <manvolnum>8</manvolnum></citerefentry> has been used to add this
- machine into a Windows NT Domain. It expects the <smbconfoption name="encrypted passwords"/>
--
SAMBA-CTDB repository
More information about the samba-cvs
mailing list