[SCM] Samba Shared Repository - branch v4-0-stable updated

Karolin Seeger kseeger at samba.org
Mon Sep 15 02:47:32 MDT 2014


The branch, v4-0-stable has been updated
       via  f6fd102 VERSION: Disable git snapshots for the 4.0.22 release.
       via  5abb3ca WHATSNEW: Add release notes for Samba 4.0.22.
       via  a48e472 selftest: Fix selftest where pid is used uninitialized.
       via  836d1ec s3: smbd: vfs_dirsort module.
       via  d14c83e s3: winbindd: On new client connect, prune idle or hung connections older than "winbind request timeout"
       via  36f55df s3: winbindd: Add new parameter "winbind request timeout" set to 60 seconds with man page.
       via  bd576b8 dosmode: fix FSCTL_SET_SPARSE request validation
       via  9a1a13a smbd: Properly initialize mangle_hash
       via  77e7db9 Don't discard result of checking grouptype
       via  691fe9a docs: Fix typos in smb.conf (inherit acls)
       via  851b93d samba: Retain case sensitivity of cifs client
       via  2eb6bbd printing: reload printer shares on OpenPrinter
       via  668127f smbd: split printer reload processing
       via  051cd1d server: remove duplicate snum_is_shared_printer()
       via  1a2a342 smbd: only reprocess printer_list.tdb if it changed
       via  918f7db printing: return last change time with pcap_cache_loaded()
       via  a4b2289 printing: remove pcap_cache_add()
       via  bad147d printing: reload printer_list.tdb from in memory list
       via  a97c2db printing: only reload printer shares on client enum
       via  c82338f printing: traverse_read the printer list for share updates
       via  d3fb60a s3: smbd : SMB2 - fix SMB2_SEARCH when searching non wildcard string with a case-canonicalized share.
       via  8a2f945 s3: smbd - SMB[2|3]. Ensure a \ or / can't be found anywhere in a search path, not just at the start.
       via  9977aa9 s3: enforce a positive allocation_file_size for non-empty files (bug #10543)
       via  7ff8102 passdb: fix NT_STATUS_NO_SUCH_GROUP
       via  8c97d9a s3:libsmb: Set a max charge for SMB2 connections
       via  cad42ef s3: smbd: POSIX ACLs. Remove incorrect check for SECINFO_PROTECTED_DACL in incoming security_information flags in posix_get_nt_acl_common().
       via  9fadcf3 libcli/security: add better detection of SECINFO_[UN]PROTECTED_[D|S]ACL in get_sec_info()
       via  c0ddfc1 s3:smbd: mask security_information input values with SMB_SUPPORTED_SECINFO_FLAGS
       via  04916e0 security.idl: add SMB_SUPPORTED_SECINFO_FLAGS
       via  6db4a91 Fixed a memory leak in cli_set_mntpoint().
       via  624a52f lib: Remove unused nstrcpy
       via  796afb4 build: fix configure to honour --without-dmapi
       via  473ccb5 tests: dnsserver: Add a update test with name set to '.'
       via  e61ee11 s4-rpc: dnsserver: Allow . to be specified for @ record
       via  8dbf363 s3: net time - fix usage and core dump.
       via  2cac0df s3: xml-docs. Ensure users of 'net time' know the remote server must be specified with -S.
       via  fb49656 sys_poll_intr: fix timeout arithmetic
       via  6030045 lib: tevent: make TEVENT_SIG_INCREMENT atomic.
       via  03e9c64 VERSION: Bump version up to 4.0.22.
       via  13ccfd2 Merge tag 'samba-4.0.21' into v4-0-test
       via  00fe8eb VERSION: Bump version number up to 4.0.21...
      from  2ec2bd6 VERSION: Disable git snapshots for the 4.0.21 release.

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-stable


- Log -----------------------------------------------------------------
-----------------------------------------------------------------------

Summary of changes:
 VERSION                                            |    2 +-
 WHATSNEW.txt                                       |  115 +++++++++++++++++++-
 docs-xml/manpages/net.8.xml                        |   15 ++-
 docs-xml/smbdotconf/security/inheritowner.xml      |    6 +-
 .../smbdotconf/winbind/winbindrequesttimeout.xml   |   16 +++
 lib/param/param_functions.c                        |    1 +
 lib/param/param_table.c                            |    9 ++
 lib/replace/replace.h                              |    5 +
 lib/replace/wscript                                |   25 +++++
 lib/tevent/tevent_signal.c                         |    6 +
 lib/util/select.c                                  |   14 ++-
 lib/util/string_wrappers.h                         |    5 -
 libcli/security/secdesc.c                          |   36 ++++---
 librpc/idl/security.idl                            |   18 +++
 python/samba/tests/dcerpc/dnsserver.py             |   41 +++++++-
 selftest/target/Samba.pm                           |    7 +-
 source3/include/proto.h                            |    1 +
 source3/libsmb/clidfs.c                            |    6 +-
 source3/libsmb/libsmb_server.c                     |    5 +
 source3/modules/vfs_default.c                      |   12 ++
 source3/modules/vfs_dirsort.c                      |    2 +-
 source3/param/loadparm.c                           |    1 +
 source3/passdb/pdb_samba_dsdb.c                    |    6 +-
 source3/printing/load.c                            |    4 +-
 source3/printing/pcap.c                            |   54 +++++-----
 source3/printing/pcap.h                            |   13 +--
 source3/printing/print_aix.c                       |   17 +++-
 source3/printing/print_iprint.c                    |   16 ++-
 source3/printing/print_standard.c                  |    8 +-
 source3/printing/print_svid.c                      |   11 ++-
 source3/printing/printer_list.c                    |   17 ++-
 source3/printing/printer_list.h                    |    4 +-
 source3/printing/queue_process.c                   |  102 +++++++++++++++++-
 source3/printing/spoolssd.c                        |   38 ++------
 source3/rpc_server/spoolss/srv_spoolss_nt.c        |   30 ++++--
 source3/rpc_server/srvsvc/srv_srvsvc_nt.c          |    1 +
 source3/smbd/dosmode.c                             |   13 +++
 source3/smbd/lanman.c                              |    1 +
 source3/smbd/mangle_hash.c                         |    4 +
 source3/smbd/negprot.c                             |    3 +-
 source3/smbd/nttrans.c                             |    7 +-
 source3/smbd/posix_acls.c                          |    2 +-
 source3/smbd/proto.h                               |    1 +
 source3/smbd/server.c                              |   20 ----
 source3/smbd/server_reload.c                       |   74 +++++--------
 source3/smbd/smb2_find.c                           |   41 ++++++-
 source3/smbd/smb2_getinfo.c                        |    3 +-
 source3/smbd/smb2_setinfo.c                        |    3 +-
 source3/utils/net_time.c                           |   30 ++++--
 source3/web/swat.c                                 |    4 +-
 source3/winbindd/winbindd.c                        |   36 ++++++
 source3/wscript                                    |   72 ++++++++-----
 source4/rpc_server/dnsserver/dcerpc_dnsserver.c    |    4 +-
 53 files changed, 722 insertions(+), 265 deletions(-)
 create mode 100644 docs-xml/smbdotconf/winbind/winbindrequesttimeout.xml


Changeset truncated at 500 lines:

diff --git a/VERSION b/VERSION
index 3950d21..bd69f93 100644
--- a/VERSION
+++ b/VERSION
@@ -25,7 +25,7 @@
 ########################################################
 SAMBA_VERSION_MAJOR=4
 SAMBA_VERSION_MINOR=0
-SAMBA_VERSION_RELEASE=21
+SAMBA_VERSION_RELEASE=22
 
 ########################################################
 # If a official release has a serious bug              #
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index 58e3986..9201406 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,4 +1,115 @@
                    ==============================
+                   Release Notes for Samba 4.0.22
+                         September 15, 2014
+                   ==============================
+
+
+This is the latest stable release of Samba 4.0.
+
+Major enhancements in Samba 4.0.22 include:
+
+o  New parameter "winbind request timeout" has been added (bug #3204). Please
+   see smb.conf man page for details.
+
+
+Changes since 4.1.21:
+---------------------
+
+o   Michael Adam <obnox at samba.org>
+    * BUG 10369: build: Fix configure to honour '--without-dmapi'.
+
+
+o   Jeremy Allison <jra at samba.org>
+    * BUG 3204: s3: winbindd: On new client connect, prune idle or hung
+      connections older than "winbind request timeout". Add new parameter
+      "winbind request timeout".
+    * BUG 10640: lib: tevent: make TEVENT_SIG_INCREMENT atomic.
+    * BUG 10650: Make "case sensitive = True" option working with
+      "max protocol = SMB2" or higher in large directories.
+    * BUG 10728: 'net time': Fix usage and core dump.
+    * BUG 10773: s3: smbd: POSIX ACLs. Remove incorrect check for
+      SECINFO_PROTECTED_DACL in incoming security_information flags in
+      posix_get_nt_acl_common().
+    * BUG 10794: vfs_dirsort: Fix an off-by-one error that can
+      cause uninitialized memory read.
+
+
+o   Björn Baumbach <bb at sernet.de>
+    * BUG 10543: s3: Enforce a positive allocation_file_size for non-empty
+      files.
+
+
+o   David Disseldorp <ddiss at samba.org>
+    * BUG 10652: Samba 4 consuming a lot of CPU when re-reading printcap info.
+    * BUG 10787: dosmode: Fix FSCTL_SET_SPARSE request validation.
+
+
+o   Amitay Isaacs <amitay at gmail.com>
+    * BUG 10742: s4-rpc: dnsserver: Allow . to be specified for @ record.
+
+
+o   Daniel Kobras <d.kobras at science-computing.de>
+    * BUG 10731: sys_poll_intr: Fix timeout arithmetic.
+
+
+o   Ross Lagerwall <rosslagerwall at gmail.com>
+    * BUG 10778: s3:libsmb: Set a max charge for SMB2 connections.
+
+
+o   Volker Lendecke <vl at samba.org>
+    * BUG 10758: lib: Remove unused nstrcpy.
+    * BUG 10782: smbd: Properly initialize mangle_hash.
+
+
+o   Stefan Metzmacher <metze at samba.org>
+    * BUG 10773: libcli/security: Add better detection of
+      SECINFO_[UN]PROTECTED_[D|S]ACL in get_sec_info().
+
+
+o   Marc Muehlfeld <mmuehlfeld at samba.org>
+    * BUG 10761: docs: Fix typos in smb.conf (inherit acls).
+
+
+o   Shirish Pargaonkar <spargaonkar at suse.com>
+    * BUG 10755: samba: Retain case sensitivity of cifs client.
+
+
+o   Arvid Requate <requate at univention.de>
+    * BUG 9570: passdb: Fix NT_STATUS_NO_SUCH_GROUP.
+
+
+o   Har Gagan Sahai <SHarGagan at novell.com>
+    * BUG 10759: Fix a memory leak in cli_set_mntpoint().
+
+
+o   Roel van Meer <roel at 1afa.com>
+    * BUG 10777: Don't discard result of checking grouptype.
+
+
+######################################################################
+Reporting bugs & Development Discussion
+#######################################
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical IRC channel on irc.freenode.net.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored.  All bug reports should
+be filed under the Samba 4.0 product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+======================================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+======================================================================
+
+
+Release notes for older releases follow:
+----------------------------------------
+
+                   ==============================
                    Release Notes for Samba 4.0.21
                            August 1, 2014
                    ==============================
@@ -44,8 +155,8 @@ database (https://bugzilla.samba.org/).
 ======================================================================
 
 
-Release notes for older releases follow:
-----------------------------------------
+----------------------------------------------------------------------
+
 
                    ==============================
                    Release Notes for Samba 4.0.20
diff --git a/docs-xml/manpages/net.8.xml b/docs-xml/manpages/net.8.xml
index bd46cff..f048819 100644
--- a/docs-xml/manpages/net.8.xml
+++ b/docs-xml/manpages/net.8.xml
@@ -166,7 +166,8 @@ YOU HAVE BEEN WARNED.
 <title>TIME</title>
 
 <para>Without any options, the <command>NET TIME</command> command 
-displays the time on the remote server.
+displays the time on the remote server. The remote server must be
+specified with the -S option.
 </para>
 
 </refsect3>
@@ -174,21 +175,27 @@ displays the time on the remote server.
 <refsect3>
 <title>TIME SYSTEM</title>
 
-<para>Displays the time on the remote server in a format ready for <command>/bin/date</command>.</para>
+<para>Displays the time on the remote server in a format ready for <command>/bin/date</command>.
+The remote server must be specified with the -S option.
+</para>
 
 </refsect3>
 
 <refsect3>
 <title>TIME SET</title>
 <para>Tries to set the date and time of the local server to that on 
-the remote server using <command>/bin/date</command>. </para>
+the remote server using <command>/bin/date</command>.
+The remote server must be specified with the -S option.
+</para>
 
 </refsect3>
 
 <refsect3>
 <title>TIME ZONE</title>
 
-<para>Displays the timezone in hours from GMT on the remote computer.</para>
+<para>Displays the timezone in hours from GMT on the remote server.
+The remote server must be specified with the -S option.
+</para>
 
 </refsect3>
 </refsect2>
diff --git a/docs-xml/smbdotconf/security/inheritowner.xml b/docs-xml/smbdotconf/security/inheritowner.xml
index ba4fc61..0ed8285 100644
--- a/docs-xml/smbdotconf/security/inheritowner.xml
+++ b/docs-xml/smbdotconf/security/inheritowner.xml
@@ -10,9 +10,9 @@
 	by the ownership of the parent directory.</para>
 	
 	<para>Common scenarios where this behavior is useful is in 
-	implementing drop-boxes where users can create and edit files but not 
-	delete them and to ensure that newly create files in a user's
-	roaming profile directory are actually owner by the user.</para>
+	implementing drop-boxes, where users can create and edit files but
+	not delete them and ensuring that newly created files in a user's
+	roaming profile directory are actually owned by the user.</para>
 </description>
 
 <related>inherit permissions</related>
diff --git a/docs-xml/smbdotconf/winbind/winbindrequesttimeout.xml b/docs-xml/smbdotconf/winbind/winbindrequesttimeout.xml
new file mode 100644
index 0000000..3220871
--- /dev/null
+++ b/docs-xml/smbdotconf/winbind/winbindrequesttimeout.xml
@@ -0,0 +1,16 @@
+<samba:parameter name="winbind request timeout"
+                 context="G"
+				 type="integer"
+                 advanced="1" developer="1"
+                 xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
+<description>
+	<para>This parameter specifies the number of
+	seconds the <citerefentry><refentrytitle>winbindd</refentrytitle>
+	<manvolnum>8</manvolnum></citerefentry> daemon will wait before
+	disconnecting either a client connection with no outstanding
+	requests (idle) or a client connection with a request that has
+	remained outstanding (hung) for longer than this number of seconds.</para>
+</description>
+
+<value type="default">60</value>
+</samba:parameter>
diff --git a/lib/param/param_functions.c b/lib/param/param_functions.c
index 35e199f..41b44b6 100644
--- a/lib/param/param_functions.c
+++ b/lib/param/param_functions.c
@@ -344,6 +344,7 @@ FN_GLOBAL_INTEGER(winbind_cache_time, winbind_cache_time)
 FN_GLOBAL_INTEGER(winbind_expand_groups, winbind_expand_groups)
 FN_GLOBAL_INTEGER(winbind_max_clients, winbind_max_clients)
 FN_GLOBAL_INTEGER(winbind_reconnect_delay, winbind_reconnect_delay)
+FN_GLOBAL_INTEGER(winbind_request_timeout, winbind_request_timeout)
 FN_GLOBAL_LIST(auth_methods, AuthMethods)
 FN_GLOBAL_LIST(cluster_addresses, szClusterAddresses)
 FN_GLOBAL_LIST(dcerpc_endpoint_servers, dcerpc_ep_servers)
diff --git a/lib/param/param_table.c b/lib/param/param_table.c
index 5b78eae..0916023 100644
--- a/lib/param/param_table.c
+++ b/lib/param/param_table.c
@@ -4034,6 +4034,15 @@ static struct parm_struct parm_table[] = {
 		.flags		= FLAG_ADVANCED,
 	},
 	{
+		.label		= "winbind request timeout",
+		.type		= P_INTEGER,
+		.p_class	= P_GLOBAL,
+		.offset		= GLOBAL_VAR(winbind_request_timeout),
+		.special	= NULL,
+		.enum_list	= NULL,
+		.flags		= FLAG_ADVANCED,
+	},
+	{
 		.label		= "winbind max clients",
 		.type		= P_INTEGER,
 		.p_class	= P_GLOBAL,
diff --git a/lib/replace/replace.h b/lib/replace/replace.h
index 674a2b4..6dbb4f0 100644
--- a/lib/replace/replace.h
+++ b/lib/replace/replace.h
@@ -871,4 +871,9 @@ int usleep(useconds_t);
 void rep_setproctitle(const char *fmt, ...) PRINTF_ATTRIBUTE(1, 2);
 #endif
 
+/* Needed for Solaris atomic_add_XX functions. */
+#if defined(HAVE_SYS_ATOMIC_H)
+#include <sys/atomic.h>
+#endif
+
 #endif /* _LIBREPLACE_REPLACE_H */
diff --git a/lib/replace/wscript b/lib/replace/wscript
index 61a25ec..59aa2d1 100644
--- a/lib/replace/wscript
+++ b/lib/replace/wscript
@@ -102,6 +102,7 @@ struct foo bar = { .y = 'X', .x = 1 };
     conf.CHECK_HEADERS('sys/extattr.h sys/ea.h sys/proplist.h sys/cdefs.h')
     conf.CHECK_HEADERS('utmp.h utmpx.h lastlog.h malloc.h')
     conf.CHECK_HEADERS('syscall.h sys/syscall.h inttypes.h')
+    conf.CHECK_HEADERS('sys/atomic.h')
 
     conf.CHECK_CODE('''
                     #include <unistd.h>
@@ -209,6 +210,30 @@ struct foo bar = { .y = 'X', .x = 1 };
                        msg="Checking whether we have ucontext_t",
                        headers='signal.h sys/ucontext.h')
 
+    # Check for atomic builtins. */
+    conf.CHECK_CODE('''
+                    int main(void) {
+                        int i;
+                        (void)__sync_fetch_and_add(&i, 1);
+                        return 0;
+                    }
+                    ''',
+                    'HAVE___SYNC_FETCH_AND_ADD',
+                    msg='Checking for __sync_fetch_and_add compiler builtin')
+
+    conf.CHECK_CODE('''
+                    #include <stdint.h>
+                    #include <sys/atomic.h>
+                    int main(void) {
+                        int32_t i;
+                        atomic_add_32(&i, 1);
+                        return 0;
+                    }
+                    ''',
+                    'HAVE_ATOMIC_ADD_32',
+                    headers='stdint.h sys/atomic.h',
+                    msg='Checking for atomic_add_32 compiler builtin')
+
     # these may be builtins, so we need the link=False strategy
     conf.CHECK_FUNCS('strdup memmem printf memset memcpy memmove strcpy strncpy bzero', link=False)
 
diff --git a/lib/tevent/tevent_signal.c b/lib/tevent/tevent_signal.c
index b5a56ef..6cddc77 100644
--- a/lib/tevent/tevent_signal.c
+++ b/lib/tevent/tevent_signal.c
@@ -42,7 +42,13 @@ struct tevent_sigcounter {
 	uint32_t seen;
 };
 
+#if defined(HAVE___SYNC_FETCH_AND_ADD)
+#define TEVENT_SIG_INCREMENT(s) __sync_fetch_and_add(&((s).count), 1)
+#elif defined(HAVE_ATOMIC_ADD_32)
+#define TEVENT_SIG_INCREMENT(s) atomic_add_32(&((s).count), 1)
+#else
 #define TEVENT_SIG_INCREMENT(s) (s).count++
+#endif
 #define TEVENT_SIG_SEEN(s, n) (s).seen += (n)
 #define TEVENT_SIG_PENDING(s) ((s).seen != (s).count)
 
diff --git a/lib/util/select.c b/lib/util/select.c
index 5e66344..99cd772 100644
--- a/lib/util/select.c
+++ b/lib/util/select.c
@@ -42,9 +42,19 @@ int sys_poll_intr(struct pollfd *fds, int num_fds, int timeout)
 		if (errno != EINTR) {
 			break;
 		}
+		/* Infinite timeout, no need to adjust. */
+		if (timeout < 0) {
+			continue;
+		}
 		clock_gettime_mono(&now);
-		elapsed = nsec_time_diff(&now, &start);
-		timeout = (orig_timeout - elapsed) / 1000000;
+		elapsed = nsec_time_diff(&now, &start) / 1000000;
+		timeout = orig_timeout - elapsed;
+		/* Unlikely, but might happen eg. when getting traced.
+		 * Make sure we're not hanging in this case.
+		 */
+		if (timeout < 0) {
+			timeout = 0;
+		}
 	};
 	return ret;
 }
diff --git a/lib/util/string_wrappers.h b/lib/util/string_wrappers.h
index 243fafc..fcc088c 100644
--- a/lib/util/string_wrappers.h
+++ b/lib/util/string_wrappers.h
@@ -43,11 +43,6 @@ do { \
 	const char *_fstrcat_src = (const char *)(s); \
 	strlcat((d),_fstrcat_src ? _fstrcat_src : "",sizeof(fstring)); \
 } while (0)
-#define nstrcpy(d,s) \
-do { \
-	const char *_nstrcpy_src = (const char *)(s); \
-	strlcpy((d),_nstrcpy_src ? _nstrcpy_src : "",sizeof(fstring)); \
-} while (0)
 #define unstrcpy(d,s) \
 do { \
 	const char *_unstrcpy_src = (const char *)(s); \
diff --git a/libcli/security/secdesc.c b/libcli/security/secdesc.c
index 10d068c..d02b144 100644
--- a/libcli/security/secdesc.c
+++ b/libcli/security/secdesc.c
@@ -24,13 +24,6 @@
 #include "librpc/gen_ndr/ndr_security.h"
 #include "libcli/security/security.h"
 
-#define ALL_SECURITY_INFORMATION (SECINFO_OWNER|SECINFO_GROUP|\
-					SECINFO_DACL|SECINFO_SACL|\
-					SECINFO_UNPROTECTED_SACL|\
-					SECINFO_UNPROTECTED_DACL|\
-					SECINFO_PROTECTED_SACL|\
-					SECINFO_PROTECTED_DACL)
-
 /* Map generic permissions to file object specific permissions */
 
 const struct generic_mapping file_generic_mapping = {
@@ -46,21 +39,32 @@ const struct generic_mapping file_generic_mapping = {
 
 uint32_t get_sec_info(const struct security_descriptor *sd)
 {
-	uint32_t sec_info = ALL_SECURITY_INFORMATION;
+	uint32_t sec_info = 0;
 
 	SMB_ASSERT(sd);
 
-	if (sd->owner_sid == NULL) {
-		sec_info &= ~SECINFO_OWNER;
+	if (sd->owner_sid != NULL) {
+		sec_info |= SECINFO_OWNER;
+	}
+	if (sd->group_sid != NULL) {
+		sec_info |= SECINFO_GROUP;
 	}
-	if (sd->group_sid == NULL) {
-		sec_info &= ~SECINFO_GROUP;
+	if (sd->sacl != NULL) {
+		sec_info |= SECINFO_SACL;
 	}
-	if (sd->sacl == NULL) {
-		sec_info &= ~SECINFO_SACL;
+	if (sd->dacl != NULL) {
+		sec_info |= SECINFO_DACL;
+	}
+
+	if (sd->type & SEC_DESC_SACL_PROTECTED) {
+		sec_info |= SECINFO_PROTECTED_SACL;
+	} else if (sd->type & SEC_DESC_SACL_AUTO_INHERITED) {
+		sec_info |= SECINFO_UNPROTECTED_SACL;
 	}
-	if (sd->dacl == NULL) {
-		sec_info &= ~SECINFO_DACL;
+	if (sd->type & SEC_DESC_DACL_PROTECTED) {
+		sec_info |= SECINFO_PROTECTED_DACL;
+	} else if (sd->type & SEC_DESC_DACL_AUTO_INHERITED) {
+		sec_info |= SECINFO_UNPROTECTED_DACL;
 	}
 
 	return sec_info;
diff --git a/librpc/idl/security.idl b/librpc/idl/security.idl
index 4f0e900..d886b51 100644
--- a/librpc/idl/security.idl
+++ b/librpc/idl/security.idl
@@ -609,6 +609,24 @@ interface security
 		SECINFO_PROTECTED_DACL	     = 0x80000000
 	} security_secinfo;
 
+	/*
+	 * a SMB server should only support the following flags
+	 * and ignore all others.
+	 *
+	 * See AdditionalInformation in [MS-SMB2] 2.2.37 SMB2 QUERY_INFO Request
+	 * and 2.2.39 SMB2 SET_INFO Request.
+	 */
+	const int SMB_SUPPORTED_SECINFO_FLAGS = (
+		SECINFO_OWNER		|
+		SECINFO_GROUP		|
+		SECINFO_DACL		|
+		SECINFO_SACL		|
+		SECINFO_LABEL		|
+		SECINFO_ATTRIBUTE	|
+		SECINFO_SCOPE		|
+		SECINFO_BACKUP 		|
+		0);
+
 	typedef [public,bitmap32bit] bitmap {
 		KERB_ENCTYPE_DES_CBC_CRC             = 0x00000001,
 		KERB_ENCTYPE_DES_CBC_MD5             = 0x00000002,
diff --git a/python/samba/tests/dcerpc/dnsserver.py b/python/samba/tests/dcerpc/dnsserver.py
index 59d6eee..e2c6667 100644
--- a/python/samba/tests/dcerpc/dnsserver.py
+++ b/python/samba/tests/dcerpc/dnsserver.py
@@ -19,7 +19,7 @@
 
 from samba.dcerpc import dnsp, dnsserver
 from samba.tests import RpcInterfaceTestCase, env_get_var_value
-from samba.netcmd.dns import ARecord
+from samba.netcmd.dns import ARecord, NSRecord
 
 class DnsserverTests(RpcInterfaceTestCase):
 
@@ -239,3 +239,42 @@ class DnsserverTests(RpcInterfaceTestCase):
                                         select_flags,
                                         None,
                                         None)
+
+    def test_updaterecords2_soa(self):
+        client_version = dnsserver.DNS_CLIENT_VERSION_LONGHORN
+        record_type = dnsp.DNS_TYPE_NS
+        select_flags = (dnsserver.DNS_RPC_VIEW_AUTHORITY_DATA |
+                        dnsserver.DNS_RPC_VIEW_NO_CHILDREN)
+
+        nameserver = 'ns.example.local'
+        rec = NSRecord(nameserver)
+
+        # Add record
+        add_rec_buf = dnsserver.DNS_RPC_RECORD_BUF()
+        add_rec_buf.rec = rec
+        self.conn.DnssrvUpdateRecord2(client_version,
+                                        0,
+                                        self.server,
+                                        self.zone,


-- 
Samba Shared Repository


More information about the samba-cvs mailing list