[SCM] Samba Shared Repository - branch v4-1-test updated
Karolin Seeger
kseeger at samba.org
Tue Jul 2 05:08:03 MDT 2013
The branch, v4-1-test has been updated
via bef3fc8 tsocket: Pass the full port number to getaddrinfo().
via 3d20d20 smbtorture: Make cracksname easier to debug by outputing the offered format
via 74dd365 Fix a missing parenthesis in the LDAP search request
via af41eb6 docs-xml/manpages/smbclient.1.xml: fix case of -T flag in example.
via 59462f2 winbindd and nmbd don't set their umask to zero on startup like smbd does.
via 011dc52 sharesec: Document --view-all
via 4da8984 sharesec: Document -v/--view
via 780e2b0 sharesec: Implement --view-all
via 4ee73fd s3:smbd/close remove filesystem lock before removing sharemode
via 935992f s3:smbd/close use common exit path
via 245b5ff s3:lib add mapping for ETXTBSY
via 526f0df s3-ctdb: Fix auto-enabling of CTDB readonly support
via c9924eb s3:smbd/aio mark file as modified in the SMB2 case
via e65c532 nsswitch: fix a comment
via 48ae86f heimdal_build: Add missing dep on samba4kgetcred
via 7bf8fc7 torture: Add tests for LDAP substring search with no strings provided
via 70cb7fd libcli/ldap: Cope with substring match with no chunks in ldap_push_filter
via 4ca9639 ldb: bump version to allow a depencency on the substring crash fix
via 1a279f7 ldb: Cope with substring match with no chunks in ldb_filter_from_tree
via 32d0b75 Note how vfs_gpfs uses the "acl map full control" parameter.
via 056e636 Add missing documentation for vfs_zfsacl.
via b00d9d2 Use existing "acl map full control" parameter to control the adding of the DELETE_CHILD parameter on NFSv4/ZFS/GPFS file ACE's.
via 398ee49 s3/smbclient: fix incorrect command tab completions
via d544d17 build: Remove the struct MD5Context conf file check.
via 9b88166 lsa4: Fix a set but unused variable warning
via 0ee8650 ldb: Ensure not to segfault on a filter such as (mail=)
via bbe09b3 Add missing SMB2/SMB3 share capability flag define
via 06e5401 lsa4: Fix a set but unused variable warning
via 7d5daaa lsa4: Remove an unused variable
via 2448fe3 lsa4: Remove an unused variable
via 720b4d3 lsa4: Remove an unused variable
via 6c49f90 Fix glusterfs backend crash found at the Microsoft interop event.
via b96cea4 Fix some blank line endings
via d2642cb dns: Fix CID 1034969 Uninitialized scalar variable
via ad86e2a s3:passdb/pdb_util make pdb_create_builtin consider whether backend deals with BUILTIN
via 2d2d13e s3:passdb add a gid argument to pdb_create_builtin_alias
via 212baed s3:utils/net_sam make use of pdb_create_builtin helper function
via df41835 s3:passdb expose pdb_create_builtin function
via 6a048b4 s3:passdb/pdb_tdb add parameter to control handling of BUILTIN
via 324b3cc s3:passdb/pdb_ldap remove an unnecessary check
via 01e094b s3:passdb/pdb_ldap make the module handle well-known
via 987de8a s3:passdb make pdb_sid_to_id honor backend responsibilities
via 55dd9e6 s3:passdb/pdb_samba_dsdb make the module handle well-known
via 56df37d s3:lib/util_sid_passdb make use of pdb_is_responsible_for_* functions
via 0ad38d7 s3:passdb add pdb_*_is_responsible_for* functions
via 9eb67f2 s3:passdb add idmap control functions
via 0ad89c3 s3:passdb/samba_dsdb fix some compiler warnings
via e211b5c s3:passdb/samba_dsdb fix a compiler warning
via e17bc56 s3:utils/net_lookup fix a format-error
via 88c72fc s4-winbind: Add special case for BUILTIN domain
via d4091c5 Fix bug #9166 - Starting smbd or nmbd with stdin from /dev/null results in "EOF on stdin"
via fc13489 build: Build with system md5.h on OpenIndiana
via 5c4772e Re-add umask(0) code removed by commit 3a7c2777ee0de37d758fe81d67d6836a8354825e
via fcc43cf Fix xx_path() - return check from mkdir() is incorrect.
via d924da9 docs/vfs_catia: rework man page
via 8ac17ff docs/vfs_catia: remove space-char mapping recommendation
via 8d75965 vfs_catia: use translate direction enum instead of int
via 4cd7e1d vfs_streams_xattr: Do not attempt to write empty attribute twice
via 9f25ad4 librpc: Shorten dcerpc_binding_handle_call a bit
via 7982d2a librpc: Use tevent_req_poll_ntstatus
via 20bede7 libsmbclient: Fix typos
via fffb701 tsocket: Add some const
via cf86f3e gencache: Simplify gencache_init a bit
via c71d6ec genrand: Slightly simplify do_reseed
via dd0e38b tevent: Fix Coverity ID 989236 Operands don't affect result
via f1781ad dsdb: remove a wrong comment in dsdb_check_access_on_dn_internal()
via 122214b dsdb: don't allow a missing nTSecurityDescriptor in dsdb_get_sd_from_ldb_message()
via 5959aff dsdb: use AS_SYSTEM | SHOW_RECYCLED for access check searches
via afb2bcc s4:smb_server: call irpc_add_name() at startup (bug #9905)
via 12d9728 s4:rpc_server: call irpc_add_name() at startup (bug #9905)
via a1aeeee s4:ldap_server: call irpc_add_name() at startup (bug #9905)
via 6c8cccc dsdb repl_meta_data: Use dsdb_request_add_controls()
from 5c488cf Initialize the file descriptor in the files_struct before trying to close it. Otherwise, if one of the SETXATTR calls had failed, the close() call will return EBADF.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-1-test
- Log -----------------------------------------------------------------
commit bef3fc8527114adbaecaf6a7bbf17d49e598bf60
Author: Andreas Schneider <asn at samba.org>
Date: Mon Jul 1 17:05:33 2013 +0200
tsocket: Pass the full port number to getaddrinfo().
The code stripped port numbers above 9999 down to 4 digits.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Mon Jul 1 21:10:53 CEST 2013 on sn-devel-104
Autobuild-User(v4-1-test): Karolin Seeger <kseeger at samba.org>
Autobuild-Date(v4-1-test): Tue Jul 2 13:07:35 CEST 2013 on sn-devel-104
-----------------------------------------------------------------------
Summary of changes:
auth/credentials/credentials_ntlm.c | 2 +-
auth/ntlmssp/ntlmssp_server.c | 2 +-
auth/ntlmssp/ntlmssp_sign.c | 2 +-
docs-xml/manpages/sharesec.1.xml | 15 +
docs-xml/manpages/smbclient.1.xml | 2 +-
docs-xml/manpages/vfs_catia.8.xml | 77 ++--
docs-xml/manpages/vfs_gpfs.8.xml | 10 +
docs-xml/manpages/vfs_zfsacl.8.xml | 160 ++++++
lib/crypto/hmacmd5.c | 4 +-
lib/crypto/hmacmd5.h | 2 +-
lib/crypto/md5.c | 6 +-
lib/crypto/md5test.c | 2 +-
lib/crypto/wscript_build | 2 +-
lib/ldb/ABI/{ldb-1.1.14.sigs => ldb-1.1.16.sigs} | 0
...ldb-util-1.1.10.sigs => pyldb-util-1.1.16.sigs} | 0
lib/ldb/common/ldb_match.c | 5 +
lib/ldb/common/ldb_parse.c | 2 +-
lib/ldb/wscript | 2 +-
lib/tevent/tevent_poll.c | 2 +-
lib/tevent/tevent_signal.c | 8 +-
lib/tsocket/tsocket.h | 4 +-
lib/tsocket/tsocket_bsd.c | 4 +-
lib/util/genrand.c | 24 +-
libcli/auth/credentials.c | 2 +-
libcli/auth/schannel_sign.c | 2 +-
libcli/auth/smbencrypt.c | 8 +-
libcli/drsuapi/repl_decrypt.c | 4 +-
libcli/ldap/ldap_message.c | 41 +-
libcli/smb/smb2_constants.h | 1 +
libcli/smb/smb_signing.c | 2 +-
librpc/rpc/binding_handle.c | 22 +-
nsswitch/pam_winbind.h | 2 +-
source3/client/client.c | 16 +-
source3/groupdb/mapping.c | 34 +-
source3/include/libsmb_internal.h | 31 +-
source3/include/libsmbclient.h | 342 ++++++------
source3/include/passdb.h | 17 +-
source3/lib/errmap_unix.c | 3 +
source3/lib/gencache.c | 29 +-
source3/lib/util.c | 11 +-
source3/lib/util_sid_passdb.c | 49 ++-
source3/lib/util_sock.c | 9 +-
source3/libsmb/libsmb_cache.c | 22 +-
source3/libsmb/libsmb_compat.c | 16 +-
source3/libsmb/libsmb_context.c | 6 +-
source3/libsmb/libsmb_file.c | 14 +-
source3/libsmb/libsmb_misc.c | 10 +-
source3/libsmb/libsmb_path.c | 6 +-
source3/libsmb/libsmb_printjob.c | 4 +-
source3/libsmb/libsmb_server.c | 18 +-
source3/libsmb/libsmb_setget.c | 6 +-
source3/libsmb/libsmb_stat.c | 6 +-
source3/libsmb/ntlmssp.c | 2 +-
source3/modules/nfs4_acls.c | 19 +-
source3/modules/vfs_catia.c | 2 +-
source3/modules/vfs_glusterfs.c | 6 +-
source3/modules/vfs_streams_xattr.c | 44 +-
source3/nmbd/nmbd.c | 20 +-
source3/passdb/ABI/pdb-0.sigs | 8 +-
source3/passdb/pdb_interface.c | 81 +++
source3/passdb/pdb_ldap.c | 11 +-
source3/passdb/pdb_samba_dsdb.c | 13 +-
source3/passdb/pdb_tdb.c | 10 +
source3/passdb/pdb_util.c | 43 ++-
source3/rpc_client/init_samr.c | 2 +-
source3/smbd/aio.c | 2 +
source3/smbd/close.c | 20 +-
source3/smbd/server.c | 14 +-
source3/utils/net_lookup.c | 2 +-
source3/utils/net_sam.c | 2 +-
source3/utils/sharesec.c | 35 ++-
source3/winbindd/winbindd.c | 21 +-
source3/wscript | 28 +
source4/dsdb/common/dsdb_access.c | 19 +-
source4/dsdb/samdb/ldb_modules/password_hash.c | 2 +-
source4/dsdb/samdb/ldb_modules/repl_meta_data.c | 19 +-
source4/heimdal_build/wscript_build | 2 +-
source4/ldap_server/ldap_server.c | 3 +
source4/libcli/raw/smb_signing.c | 4 +-
source4/libnet/libnet_passwd.c | 4 +-
source4/ntp_signd/ntp_signd.c | 2 +-
source4/rpc_server/dnsserver/dnsutils.c | 2 +-
source4/rpc_server/drsuapi/dcesrv_drsuapi.c | 2 +-
source4/rpc_server/lsa/dcesrv_lsa.c | 604 ++++++++++----------
source4/rpc_server/samr/samr_password.c | 2 +-
source4/rpc_server/service_rpc.c | 1 +
source4/smb_server/service_smb.c | 1 +
source4/smbd/server.c | 17 +-
source4/torture/ldap/basic.c | 110 ++++
source4/torture/ntp/ntp_signd.c | 2 +-
source4/torture/rpc/drsuapi_cracknames.c | 67 ++-
source4/torture/rpc/samba3rpc.c | 2 +-
source4/torture/rpc/samlogon.c | 2 +-
source4/torture/rpc/samr.c | 8 +-
source4/winbind/wb_dom_info.c | 5 +-
source4/winbind/wb_init_domain.c | 38 +-
source4/winbind/wb_sid2domain.c | 14 +
97 files changed, 1518 insertions(+), 869 deletions(-)
create mode 100644 docs-xml/manpages/vfs_zfsacl.8.xml
copy lib/ldb/ABI/{ldb-1.1.14.sigs => ldb-1.1.16.sigs} (100%)
copy lib/ldb/ABI/{pyldb-util-1.1.10.sigs => pyldb-util-1.1.16.sigs} (100%)
Changeset truncated at 500 lines:
diff --git a/auth/credentials/credentials_ntlm.c b/auth/credentials/credentials_ntlm.c
index 2d6d6f6..8f143bf 100644
--- a/auth/credentials/credentials_ntlm.c
+++ b/auth/credentials/credentials_ntlm.c
@@ -110,7 +110,7 @@ _PUBLIC_ NTSTATUS cli_credentials_get_ntlm_response(struct cli_credentials *cred
/* LM Key is incompatible... */
*flags &= ~CLI_CRED_LANMAN_AUTH;
} else if (*flags & CLI_CRED_NTLM2) {
- struct MD5Context md5_session_nonce_ctx;
+ MD5_CTX md5_session_nonce_ctx;
uint8_t session_nonce[16];
uint8_t session_nonce_hash[16];
uint8_t user_session_key[16];
diff --git a/auth/ntlmssp/ntlmssp_server.c b/auth/ntlmssp/ntlmssp_server.c
index 442bd5d..57179e1 100644
--- a/auth/ntlmssp/ntlmssp_server.c
+++ b/auth/ntlmssp/ntlmssp_server.c
@@ -369,7 +369,7 @@ static NTSTATUS ntlmssp_server_preauth(struct gensec_security *gensec_security,
*/
if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_NTLM2) {
if (ntlmssp_state->nt_resp.length == 24 && ntlmssp_state->lm_resp.length == 24) {
- struct MD5Context md5_session_nonce_ctx;
+ MD5_CTX md5_session_nonce_ctx;
state->doing_ntlm2 = true;
memcpy(state->session_nonce, ntlmssp_state->internal_chal.data, 8);
diff --git a/auth/ntlmssp/ntlmssp_sign.c b/auth/ntlmssp/ntlmssp_sign.c
index 4d07a81..c0be914 100644
--- a/auth/ntlmssp/ntlmssp_sign.c
+++ b/auth/ntlmssp/ntlmssp_sign.c
@@ -51,7 +51,7 @@ static void calc_ntlmv2_key(uint8_t subkey[16],
DATA_BLOB session_key,
const char *constant)
{
- struct MD5Context ctx3;
+ MD5_CTX ctx3;
MD5Init(&ctx3);
MD5Update(&ctx3, session_key.data, session_key.length);
MD5Update(&ctx3, (const uint8_t *)constant, strlen(constant)+1);
diff --git a/docs-xml/manpages/sharesec.1.xml b/docs-xml/manpages/sharesec.1.xml
index 5cd4a48..b983408 100644
--- a/docs-xml/manpages/sharesec.1.xml
+++ b/docs-xml/manpages/sharesec.1.xml
@@ -26,6 +26,7 @@
<arg choice="opt">-R, --replace=ACLs</arg>
<arg choice="opt">-D, --delete</arg>
<arg choice="opt">-v, --view</arg>
+ <arg choice="opt">--view-all</arg>
<arg choice="opt">-M, --machine-sid</arg>
<arg choice="opt">-F, --force</arg>
<arg choice="opt">-d, --debuglevel=DEBUGLEVEL</arg>
@@ -98,6 +99,20 @@
</para></listitem>
</varlistentry>
+ <varlistentry>
+ <term>-v|--view</term>
+ <listitem><para>
+ List a share acl
+ </para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>--view-all</term>
+ <listitem><para>
+ List all share acls
+ </para></listitem>
+ </varlistentry>
+
&stdarg.help;
&stdarg.server.debug;
&popt.common.samba;
diff --git a/docs-xml/manpages/smbclient.1.xml b/docs-xml/manpages/smbclient.1.xml
index d7a017c..328fd50 100644
--- a/docs-xml/manpages/smbclient.1.xml
+++ b/docs-xml/manpages/smbclient.1.xml
@@ -446,7 +446,7 @@
<para>Create the same tar file as above, but now use
a DOS path name. </para>
- <para><command>smbclient //mypc/myshare "" -N -tc backup.tar
+ <para><command>smbclient //mypc/myshare "" -N -Tc backup.tar
users\edocs </command></para>
<para>Create a tar file of the files listed in the file <filename>tarlist</filename>.</para>
diff --git a/docs-xml/manpages/vfs_catia.8.xml b/docs-xml/manpages/vfs_catia.8.xml
index b18dc48..02a9473 100644
--- a/docs-xml/manpages/vfs_catia.8.xml
+++ b/docs-xml/manpages/vfs_catia.8.xml
@@ -37,35 +37,38 @@
<para>This module is stackable.</para>
- <para>Up to samba version 3.4.x a fixed character mapping was used.
- The invalid windows characters \ / : * ? " < > | and the blank
- character were mapped in a hardcoded way.
+ <para>The parameter "catia:mappings" specifies the mapping on a
+ per-character basis, see below.
</para>
+</refsect1>
- <para>Starting with samba-3.5.0 a more flexible mapping was introduced.
- The new parameter "catia:mappings" now specifies the mapping on a char by char
- basis using the notation: unix hex char 0x.. : windows hex char 0x..
- Multiple character mappings are separated by a comma.
- </para>
+<refsect1>
+ <title>OPTIONS</title>
+ <variablelist>
+ <varlistentry>
+ <term>catia:mappings = SERVER_HEX_CHAR:CLIENT_HEX_CHAR
+ </term>
+ <listitem>
+ <para>SERVER_HEX_CHAR specifies a 0x prefixed hexedecimal
+ character code that, when included in a Samba server-side
+ filename, will be mapped to CLIENT_HEX_CHAR for the CIFS
+ client.</para>
+ <para>The same mapping occurs in the opposite direction.
+ Multiple character mappings are separated by a comma.</para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
</refsect1>
+
<refsect1>
<title>EXAMPLES</title>
- <para>Samba versions up to 3.4.x:</para>
- <para>Map Catia filenames on the [CAD] share:</para>
-
-<programlisting>
- <smbconfsection name="[CAD]"/>
- <smbconfoption name="path">/data/cad</smbconfoption>
- <smbconfoption name="vfs objects">catia</smbconfoption>
-</programlisting>
-
- <para>Samba versions 3.5.0 and later:</para>
- <para>Map Catia filenames on the [CAD] share:</para>
+ <para>Map server-side quotation-marks (") to client-side diaeresis
+ (¨) on filenames in the [CAD] share:</para>
<programlisting>
<smbconfsection name="[CAD]"/>
@@ -74,25 +77,29 @@
<smbconfoption name="catia:mappings">0x22:0xa8</smbconfoption>
</programlisting>
- <para>To get the full formerly fixed mappings:</para>
+ <para>Perform comprehensive mapping of common Catia filename characters:</para>
<programlisting>
<smbconfsection name="[CAD]"/>
<smbconfoption name="path">/data/cad</smbconfoption>
<smbconfoption name="vfs objects">catia</smbconfoption>
- <smbconfoption name="catia:mappings">0x22:0xa8,0x2a:0xa4,0x2f:0xf8,0x3a:0xf7,0x3c:0xab,0x3e:0xbb,0x3f:0xbf,0x5c:0xff,0x7c:0xa6,0x20:0xb1</smbconfoption>
+ <smbconfoption name="catia:mappings">0x22:0xa8,0x2a:0xa4,0x2f:0xf8,0x3a:0xf7,0x3c:0xab,0x3e:0xbb,0x3f:0xbf,0x5c:0xff,0x7c:0xa6</smbconfoption>
</programlisting>
- <para>Unix filename to be translated (Note that the path delimiter "/" is not used here):
+ <para>Server-side filename to be translated (Note that the path delimiter "/" is not used here):
</para>
- <para>a\a:a*a?a"a<a>a|a a</para>
+ <para>a\a:a*a?a"a<a>a|a</para>
- <para>Resulting windows filename:</para>
+ <para>Resulting filename, as seen by the client:</para>
- <para>aÿa÷a¤a¿a¨a«a»a¦a±a
+ <para>aÿa÷a¤a¿a¨a«a»a¦a
</para>
+</refsect1>
- <para>Note that the character mapping must work in BOTH directions
- (unix -> windows and windows -> unix) to get unique and existing file names!
+<refsect1>
+ <title>CAVEATS</title>
+
+ <para>Character mapping must work in BOTH directions (server ->
+ client and client -> server) to get unique and existing file names!
</para>
<para>A NOT working example:</para>
@@ -104,20 +111,20 @@
<smbconfoption name="catia:mappings">0x3a:0x5f</smbconfoption>
</programlisting>
- <para>Here the colon ":" is mapped to the underscore "_".</para>
- <para>Assuming a unix filename "a:should_work", which is well translated
- to windows as "a_should_work".</para>
- <para>BUT the reverse mapping from windows "a_should_work" to unix
- will result in "a:should:work" - something like "file not found"
- will be returned.
- </para>
+ <para>Here the colon ":" is mapped to the underscore "_".</para>
+ <para>Assuming a server-side filename "a:should_work", which is
+ translated to "a_should_work" for the client.</para>
+ <para>BUT the reverse mapping from client "a_should_work" to server
+ will result in "a:should:work" - something like "file not found"
+ will be returned.
+ </para>
</refsect1>
<refsect1>
<title>VERSION</title>
- <para>This man page is correct for all versions up to 4.0.3 of the Samba suite.
+ <para>This man page is correct for Samba versions from 3.5.0 to 4.0.6.
</para>
</refsect1>
diff --git a/docs-xml/manpages/vfs_gpfs.8.xml b/docs-xml/manpages/vfs_gpfs.8.xml
index 7f560ca..d1243a9 100644
--- a/docs-xml/manpages/vfs_gpfs.8.xml
+++ b/docs-xml/manpages/vfs_gpfs.8.xml
@@ -48,6 +48,16 @@
are the responsibility of the underlying filesystem than of Samba.
</para>
+ <para>This module makes use of the smb.conf parameter
+ <smbconfoption name="acl map full control">acl map full control</smbconfoption>
+ When set to yes (the default), this parameter will add in the FILE_DELETE_CHILD
+ bit on a returned ACE entry for a file (not a directory) that already
+ contains all file permissions except for FILE_DELETE and FILE_DELETE_CHILD.
+ This can prevent Windows applications that request GENERIC_ALL access
+ from getting ACCESS_DENIED errors when running against a filesystem
+ with NFSv4 compatible ACLs.
+ </para>
+
<para>This module is stackable.</para>
<para>Since Samba 4.0 all options are per share options.</para>
diff --git a/docs-xml/manpages/vfs_zfsacl.8.xml b/docs-xml/manpages/vfs_zfsacl.8.xml
new file mode 100644
index 0000000..f56af1b
--- /dev/null
+++ b/docs-xml/manpages/vfs_zfsacl.8.xml
@@ -0,0 +1,160 @@
+<?xml version="1.0" encoding="iso-8859-1"?>
+<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc">
+<refentry id="vfs_zfsacl.8">
+
+<refmeta>
+ <refentrytitle>vfs_zfsacl</refentrytitle>
+ <manvolnum>8</manvolnum>
+ <refmiscinfo class="source">Samba</refmiscinfo>
+ <refmiscinfo class="manual">System Administration tools</refmiscinfo>
+ <refmiscinfo class="version">4.0</refmiscinfo>
+</refmeta>
+
+
+<refnamediv>
+ <refname>vfs_zfsacl</refname>
+ <refpurpose>ZFS ACL samba module</refpurpose>
+</refnamediv>
+
+<refsynopsisdiv>
+ <cmdsynopsis>
+ <command>vfs objects = zfsacl</command>
+ </cmdsynopsis>
+</refsynopsisdiv>
+
+<refsect1>
+ <title>DESCRIPTION</title>
+
+ <para>This VFS module is part of the
+ <citerefentry><refentrytitle>samba</refentrytitle>
+ <manvolnum>7</manvolnum></citerefentry> suite.</para>
+
+ <para>The <command>zfsacl</command> VFS module is the home
+ for all ACL extensions that Samba requires for proper integration
+ with ZFS.
+ </para>
+
+ <para>Currently the zfsacl vfs module provides extensions in following areas :
+ <itemizedlist>
+ <listitem><para>NFSv4 ACL Interfaces with configurable options for ZFS</para></listitem>
+ </itemizedlist>
+ </para>
+
+ <para><command>NOTE:</command>This module follows the posix-acl behaviour
+ and hence allows permission stealing via chown. Samba might allow at a later
+ point in time, to restrict the chown via this module as such restrictions
+ are the responsibility of the underlying filesystem than of Samba.
+ </para>
+
+ <para>This module makes use of the smb.conf parameter
+ <smbconfoption name="acl map full control">acl map full control</smbconfoption>
+ When set to yes (the default), this parameter will add in the FILE_DELETE_CHILD
+ bit on a returned ACE entry for a file (not a directory) that already
+ contains all file permissions except for FILE_DELETE and FILE_DELETE_CHILD.
+ This can prevent Windows applications that request GENERIC_ALL access
+ from getting ACCESS_DENIED errors when running against a filesystem
+ with NFSv4 compatible ACLs.
+ </para>
+
+ <para>This module is stackable.</para>
+
+ <para>Since Samba 4.0 all options are per share options.</para>
+
+</refsect1>
+
+
+<refsect1>
+ <title>OPTIONS</title>
+
+ <variablelist>
+
+ <varlistentry>
+
+ <term>nfs4:mode = [ simple | special ]</term>
+ <listitem>
+ <para>
+ Controls substitution of special IDs (OWNER@ and GROUP@) on ZFS.
+ The use of mode simple is recommended.
+ In this mode only non inheriting ACL entries for the file owner
+ and group are mapped to special IDs.
+ </para>
+
+ <para>The following MODEs are understood by the module:</para>
+ <itemizedlist>
+ <listitem><para><command>simple(default)</command> - use OWNER@ and GROUP@ special IDs for non inheriting ACEs only.</para></listitem>
+ <listitem><para><command>special(deprecated)</command> - use OWNER@ and GROUP@ special IDs in ACEs for all file owner and group ACEs.</para></listitem>
+ </itemizedlist>
+ </listitem>
+
+ </varlistentry>
+
+
+ <varlistentry>
+ <term>nfs4:acedup = [dontcare|reject|ignore|merge]</term>
+ <listitem>
+ <para>
+ This parameter configures how Samba handles duplicate ACEs encountered in ZFS ACLs.
+ ZFS allows/creates duplicate ACE for different bits for same ID.
+ </para>
+
+ <para>Following is the behaviour of Samba for different values :</para>
+ <itemizedlist>
+ <listitem><para><command>dontcare (default)</command> - copy the ACEs as they come</para></listitem>
+ <listitem><para><command>reject</command> - stop operation and exit with error on ACL set op</para></listitem>
+ <listitem><para><command>ignore</command> - don't include the second matching ACE</para></listitem>
+ <listitem><para><command>merge</command> - bitwise OR the 2 ace.flag fields and 2 ace.mask fields of the 2 duplicate ACEs into 1 ACE</para></listitem>
+ </itemizedlist>
+ </listitem>
+ </varlistentry>
+
+
+ <varlistentry>
+ <term>nfs4:chown = [yes|no]</term>
+ <listitem>
+ <para>This parameter allows enabling or disabling the chown supported
+ by the underlying filesystem. This parameter should be enabled with
+ care as it might leave your system insecure.</para>
+ <para>Some filesystems allow chown as a) giving b) stealing. It is the latter
+ that is considered a risk.</para>
+
+ <para>Following is the behaviour of Samba for different values : </para>
+ <itemizedlist>
+ <listitem><para><command>yes</command> - Enable chown if as supported by the under filesystem</para></listitem>
+ <listitem><para><command>no (default)</command> - Disable chown</para></listitem>
+ </itemizedlist>
+ </listitem>
+ </varlistentry>
+
+ </variablelist>
+</refsect1>
+
+<refsect1>
+ <title>EXAMPLES</title>
+
+ <para>A ZFS mount can be exported via Samba as follows :</para>
+
+<programlisting>
+ <smbconfsection name="[samba_zfs_share]"/>
+ <smbconfoption name="vfs objects">zfsacl</smbconfoption>
+ <smbconfoption name="path">/test/zfs_mount</smbconfoption>
+ <smbconfoption name="nfs4: mode">special</smbconfoption>
+ <smbconfoption name="nfs4: acedup">merge</smbconfoption>
+</programlisting>
+</refsect1>
+
+<refsect1>
+ <title>VERSION</title>
+ <para>This man page is correct for version 4.0.x of the Samba suite.
+ </para>
+</refsect1>
+
+<refsect1>
+ <title>AUTHOR</title>
+
+ <para>The original Samba software and related utilities
+ were created by Andrew Tridgell. Samba is now developed
+ by the Samba Team as an Open Source project similar
+ to the way the Linux kernel is developed.</para>
+</refsect1>
+
+</refentry>
diff --git a/lib/crypto/hmacmd5.c b/lib/crypto/hmacmd5.c
index cfbd428..882788c 100644
--- a/lib/crypto/hmacmd5.c
+++ b/lib/crypto/hmacmd5.c
@@ -36,7 +36,7 @@ _PUBLIC_ void hmac_md5_init_rfc2104(const uint8_t *key, int key_len, HMACMD5Cont
/* if key is longer than 64 bytes reset it to key=MD5(key) */
if (key_len > 64)
{
- struct MD5Context tctx;
+ MD5_CTX tctx;
MD5Init(&tctx);
MD5Update(&tctx, key, key_len);
@@ -91,7 +91,7 @@ _PUBLIC_ void hmac_md5_update(const uint8_t *text, int text_len, HMACMD5Context
***********************************************************************/
_PUBLIC_ void hmac_md5_final(uint8_t *digest, HMACMD5Context *ctx)
{
- struct MD5Context ctx_o;
+ MD5_CTX ctx_o;
MD5Final(digest, &ctx->ctx);
diff --git a/lib/crypto/hmacmd5.h b/lib/crypto/hmacmd5.h
index 91b8ca5..aa43d24 100644
--- a/lib/crypto/hmacmd5.h
+++ b/lib/crypto/hmacmd5.h
@@ -25,7 +25,7 @@
typedef struct
{
- struct MD5Context ctx;
+ MD5_CTX ctx;
uint8_t k_ipad[65];
uint8_t k_opad[65];
diff --git a/lib/crypto/md5.c b/lib/crypto/md5.c
index 0324744..b834c91 100644
--- a/lib/crypto/md5.c
+++ b/lib/crypto/md5.c
@@ -43,7 +43,7 @@ static void byteReverse(uint8_t *buf, unsigned int longs)
* Start MD5 accumulation. Set bit count to 0 and buffer to mysterious
* initialization constants.
*/
-_PUBLIC_ void MD5Init(struct MD5Context *ctx)
+_PUBLIC_ void MD5Init(MD5_CTX *ctx)
{
ctx->buf[0] = 0x67452301;
ctx->buf[1] = 0xefcdab89;
@@ -58,7 +58,7 @@ _PUBLIC_ void MD5Init(struct MD5Context *ctx)
* Update context to reflect the concatenation of another buffer full
* of bytes.
*/
-_PUBLIC_ void MD5Update(struct MD5Context *ctx, const uint8_t *buf, size_t len)
+_PUBLIC_ void MD5Update(MD5_CTX *ctx, const uint8_t *buf, size_t len)
{
register uint32_t t;
@@ -106,7 +106,7 @@ _PUBLIC_ void MD5Update(struct MD5Context *ctx, const uint8_t *buf, size_t len)
* Final wrapup - pad to 64-byte boundary with the bit pattern
* 1 0* (64-bit count of bits processed, MSB-first)
*/
-_PUBLIC_ void MD5Final(uint8_t digest[16], struct MD5Context *ctx)
+_PUBLIC_ void MD5Final(uint8_t digest[16], MD5_CTX *ctx)
{
unsigned int count;
uint8_t *p;
diff --git a/lib/crypto/md5test.c b/lib/crypto/md5test.c
index 38626c3..f58e131 100644
--- a/lib/crypto/md5test.c
+++ b/lib/crypto/md5test.c
@@ -65,7 +65,7 @@ bool torture_local_crypto_md5(struct torture_context *torture)
};
for (i=0; i < ARRAY_SIZE(testarray); i++) {
- struct MD5Context ctx;
+ MD5_CTX ctx;
uint8_t md5[16];
int e;
diff --git a/lib/crypto/wscript_build b/lib/crypto/wscript_build
index e056f65..a1f29ae 100644
--- a/lib/crypto/wscript_build
+++ b/lib/crypto/wscript_build
@@ -8,7 +8,7 @@ elif bld.CONFIG_SET('HAVE_SYS_MD5_H') and bld.CONFIG_SET('HAVE_LIBMD5'):
extra_deps += ' md5'
elif bld.CONFIG_SET('HAVE_SYS_MD5_H') and bld.CONFIG_SET('HAVE_LIBMD'):
extra_deps += ' md'
-elif not bld.CONFIG_SET('HAVE_COMMONCRYPTO_COMMONDIGEST_H'):
+elif not bld.CONFIG_SET('HAVE_SYS_MD5_H') and not bld.CONFIG_SET('HAVE_COMMONCRYPTO_COMMONDIGEST_H'):
extra_source += ' md5.c'
bld.SAMBA_SUBSYSTEM('LIBCRYPTO',
diff --git a/lib/ldb/ABI/ldb-1.1.14.sigs b/lib/ldb/ABI/ldb-1.1.16.sigs
similarity index 100%
copy from lib/ldb/ABI/ldb-1.1.14.sigs
copy to lib/ldb/ABI/ldb-1.1.16.sigs
diff --git a/lib/ldb/ABI/pyldb-util-1.1.10.sigs b/lib/ldb/ABI/pyldb-util-1.1.16.sigs
similarity index 100%
copy from lib/ldb/ABI/pyldb-util-1.1.10.sigs
--
Samba Shared Repository
More information about the samba-cvs
mailing list