[SCM] Samba Shared Repository - branch v4-1-stable updated
Karolin Seeger
kseeger at samba.org
Tue May 12 13:04:16 MDT 2015
The branch, v4-1-stable has been updated
via 1a121d1 WHATSNEW: Add release notes for Samba 4.1.18.
via a9ca30c s3: nmbd: Don't set work_changed = True inside update_server_ttl().
via 91e7c41 s3: nmbd: Ensure we only set work_changed = true if we modify the record.
via bbde543 vfs: kernel_flock and named streams
via 050f831 s3: smbd: Incorrect file size returned in the response of "FILE_SUPERSEDE Create"
via c850922 s4: rpc: Refactor dcesrv_alter() function into setup and send steps.
via f8ef498 Add DCERPC flag to call unbind hooks without destroying the connection itself upon termination of a connection with outstanding pending calls.
via 8b78cc3 s4:rpc_server: Add multiplex state to dcerpc flags and control over multiplex PFC flag in bind_ack and and dcesrv_alter replies
via 2e0df25 Make sure we initialize conn to NULL, because a routine we call may give an error and not touch conn, and then we get an error when trying to TALLOC_FREE it.
via 08dd42c s3:smbd: update comment to correctly reflect MS-SMB2
via bfde0f0 s3:smbd: missing tevent_req_nterror
via 9329307 spoolss: purge the printer name cache on name change
via 1cd5d85 s3: libsmbclient: After getting attribute server, ensure main srv pointer is still valid.
via 05284b8 s3: Fix fsctl_validate_neg_info to pass MS compliance suite.
via 8628ae2 s3: Refactor smbd_smb2_request_process_negprot
via fc4bdf5 s3-passdb: Fix 'force user' with winbind default domain
via c2ea207 s4-process_model: Do not close random fds while forking.
via ef714b3 s3: libsmbclient: Add missing talloc stackframe.
via 58deb20 s4:auth/gensec_gssapi: let gensec_gssapi_update() return NT_STATUS_LOGON_FAILURE for unknown errors
via af95423 s3: client - "client use spnego principal = yes" code checks wrong name.
via 2f46746 docs: Mark 'client use spnego principal' as deprecated and also a bad idea.
via c9a9483 s3:winbind:grent: don't stop group enumeration when a group has no gid
via f5e3b94 s3: lib: libsmbclient: If reusing a server struct, check every cli->timout miliseconds if it's still valid before use.
via b417ef0 s3: libcli: smb1: Ensure we correctly finish a tevent req if the writev fails in the SMB1 case.
via 9e395c9 s3: lib: ntlmssp: If NTLMSSP_NEGOTIATE_TARGET_INFO isn't set, cope with servers that don't send the 2 unused fields.
via 2355e2d s4: lib: auth: If NTLMSSP_NEGOTIATE_TARGET_INFO isn't set, cope with servers that don't send the 2 unused fields.
via f9fd1dc docs/idmap_rid: remove deprecated base_rid from example
via f244eaa talloc: version 2.1.2
via 75d7179 talloc: fix _talloc_total_limit_size prototype
via 763a569 lib: talloc: Test suite for the new destructor reparent logic.
via f635357 lib: talloc: Allow destructors to reparent the object they're called on.
via 2a4ca9d lib: talloc: Fix bug when calling a destructor.
via 1c2f26b talloc:build: improve detection of srcdir
via 2a59ff1 talloc: version 2.1.1
via 38aeda4 talloc/tests: avoid some unused variable warnings
via 21e38ad talloc: fix compiler warning
via 43049ba talloc: check for TALLOC_GET_TYPE_ABORT_NOOP
via 32035b0 talloc: avoid a function call in TALLOC_FREE() if possible.
via 19a86f6 talloc: inline talloc_get_name()
via 7e2707e talloc: inline more static functions
via b77c479 talloc: Tune talloc_vasprintf
via 7af07a5 talloc: Update flags in pytalloc-util pkgconfig file
via 4992a53 Add a basic guide on pytalloc.
via 88c9bff talloc: Add a warning to talloc_reference() documentation.
via 2aa1291 talloc: Test the pooled object
via 0f88b87 talloc: Add talloc_pooled_object
via 62abe79 talloc: Allow nested pools.
via 1a70518 talloc: Add a separate pool size
via 8497337 talloc: Put pool-specific data before the chunk
via 4e36c2f talloc: Introduce __talloc_with_prefix
via a6a4ec7 talloc: Decouple the dual use of chunk->pool
via 133b1c6 Fix valgrind errors with memmove and talloc pools.
via 834b7ea Add simple limited pool tests to test_memlimit().
via 105a903 Remove talloc_memlimit_update(). No longer used.
via 595a97e Inside _talloc_realloc(), keep track of size changes over malloc/realloc/free.
via a1e788b Don't call talloc_memlimit_update() inside _talloc_realloc() when we're just manipulating pool members.
via a0b5d06 Fix a conditional check. (size - tc->size > 0) is always true if size and tc->size are unsigned.
via 2d9ed12 In _talloc_steal_internal(), correctly decrement the memory limit in the source, and increment in the destination.
via 833b365 Inside _talloc_free_internal(), always call talloc_memlimit_update_on_free() before we free the real memory.
via b1a0927 Update memory limits when we call free() on a pool.
via f905053 Change __talloc() to only call talloc_memlimit_check()/talloc_memlimit_grow() on actual malloc allocation.
via 9a11cc5 Change _talloc_total_mem_internal() to ignore memory allocated from a pool when calculating limit size.
via 622fecb Remove magic TC_HDR_SIZE handling inside talloc_memlimit_check().
via fd0122c Start to fix talloc memlimits with talloc pools.
via 6d0843d3 s3-winbind: Fix chached user group lookup of trusted domains.
via 88e22cd spoolss: retrieve published printer GUID if not in registry
via 40a9097 printing: rework nt_printer_guid_store to return errors
via f59d71e printing: add nt_printer_guid_retrieve() helper
via 27c65e0 printing: split out printer DN and GUID retrieval
via 359d054 doc-xml: Add 'sharesec' reference to 'access based share enum'
via 09a62da smbd: Stop using vfs_Chdir after SMB_VFS_DISCONNECT.
via d2c9373 Merge tag 'samba-4.1.17' into v4-1-test
via 3bc159d doc:man:vfs_glusterfs: improve the configuration section.
via daf5852 doc:man:vfs_glusterfs: improve and update description.
via 0fa83fe doc:man:vfs_glusterfs: remove extra % signs.
via 630db2f debug: Set close-on-exec for the main log file FD
via dd89495 VERSION: Bump version up to 4.1.18.
via 87c7063 VERSION: Disable git snapshots for the 4.1.17 release.
via 563010d WHATSNEW: Add release notes for Samba 4.1.17.
via 4a312e2 s3-netlogon: Make sure we do not deference a NULL pointer.
via 2b037f7 CVE-2015-0240: s3: netlogon: Ensure we don't call talloc_free on an uninitialized pointer.
via 99fe2d6 s3: smbclient: Allinfo leaves the file handle open.
via 1872ddc printing/cups: pack requested-attributes with IPP_TAG_KEYWORD
via fe52bd4 s3:smb2_server: protect against integer wrap with "smb2 max credits = 65535"
via df2ec47 s3:smb2_server: always try to grant the credits the client just consumed
via b8a38af dsdb: Add tokenGroupsGlobalAndUniversal, tokenGroups, tokenGroupsNoGCAcceptable
via 7ef12e4 Revert "dsdb: Add tokenGroupsGlobalAndUniversal, tokenGroups, tokenGroupsNoGCAcceptable"
via 8d6a64d s3-pam_smbpass: Fix memory leak in pam_sm_authenticate().
via 553ac4f utils: Fix 'net time' segfault.
via 8648ebf cli_connect_nb_send: don't segfault on host == NULL.
via 549d320 vfs_glusterfs: Add comments to the pipe(2) code.
via 33cef98 vfs: Fix a typo
via 1e58c87 vfs:glusterfs: whitespace fix.
via bff63a0 vfs_glusterfs: Replace eventfd with pipes, for AIO use
via 478851d vfs/glusterfs: Change xattr key to match gluster key.
via be67c85 vfs_glusterfs: Implement AIO support
via efa4c88 vfs_glusterfs: Change sys_get_acl_file/fd to return ACLs corresponding to mode bits when there are no ACLs set.
via 238b052 vfs_glusterfs: Set connectpath as snapdir-entry-path.
via 7eebeaa vfs_glusterfs: Remember the connect path too for reopening.
via 95a9146 vfs_glusterfs: In vfs_gluster_sys_acl_get_file/fd, reduce the number of getxattr calls.
via f7a9ec5 libsmb: provide authinfo domain for encrypted session referrals
via 34704a6 libsmb: provide authinfo domain for DFS referral auth
via 333eac4 libsmb: reuse connections derived from DFS referrals
via c4e46cd VERSION: Bump version up to 4.1.17.
via af5c876 Merge tag 'samba-4.1.16' into v4-1-test
via 1c6bcc0 smbd: Fix CID 1063259 Uninitialized scalar variable
via 5bbf2df s3-libads: Fix a possible segfault in kerberos_fetch_pac().
via e968af8 spoolss: clear PrinterInfo on GetPrinter error
via fd9daf3 spoolss: clear info on GetPrinterDriverDirectory error
via fcbeb46 spoolss: clear info on GetPrintProcessorDirectory error
via 50a72f0 spoolss: clear FormInfo on GetForm error
via 1719bda spoolss: clear DriverInfo on GetPrinterDriver2 error
via a9dab56 spoolss: clear JobInfo on GetJob error
via c5cff32 vfs: Add glusterfs manpage.
via ecb145c net: Fix sam addgroupmem
via 333d257 dsdb: Add tokenGroupsGlobalAndUniversal, tokenGroups, tokenGroupsNoGCAcceptable
via 2baeba4 s3-util: Fix authentication with long hostnames.
via 9f52de7 VERSION: Bump version up to 4.1.16...
from 492c673 VERSION: Disable git snapshots for the 4.1.17 release.
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-1-stable
- Log -----------------------------------------------------------------
-----------------------------------------------------------------------
Summary of changes:
VERSION | 2 +-
WHATSNEW.txt | 135 ++++-
auth/ntlmssp/ntlmssp_client.c | 40 +-
docs-xml/manpages/idmap_rid.8.xml | 3 -
docs-xml/manpages/vfs_glusterfs.8.xml | 170 ++++++
.../smbdotconf/security/accessbasedshareenum.xml | 5 +-
.../security/clientusepsnegoprincipal.xml | 7 +
docs-xml/wscript_build | 1 +
lib/param/param_table.c | 2 +-
...oc-util-2.0.6.sigs => pytalloc-util-2.1.0.sigs} | 0
...oc-util-2.0.6.sigs => pytalloc-util-2.1.1.sigs} | 0
...oc-util-2.0.6.sigs => pytalloc-util-2.1.2.sigs} | 0
.../ABI/{talloc-2.0.8.sigs => talloc-2.1.0.sigs} | 1 +
.../ABI/{talloc-2.0.8.sigs => talloc-2.1.1.sigs} | 1 +
.../ABI/{talloc-2.0.8.sigs => talloc-2.1.2.sigs} | 1 +
lib/talloc/pytalloc-util.pc.in | 4 +-
lib/talloc/pytalloc.h | 3 +
lib/talloc/pytalloc_guide.txt | 153 ++++++
lib/talloc/talloc.c | 610 ++++++++++++++-------
lib/talloc/talloc.h | 54 +-
lib/talloc/testsuite.c | 184 +++++++
lib/talloc/wscript | 4 +-
lib/util/debug.c | 3 +
libcli/smb/smbXcli_base.c | 1 +
source3/client/client.c | 1 +
source3/include/libsmb_internal.h | 1 +
source3/include/nt_printing.h | 6 +
source3/lib/util.c | 4 +-
source3/libads/authdata.c | 8 +-
source3/libsmb/cliconnect.c | 24 +-
source3/libsmb/clidfs.c | 118 +++-
source3/libsmb/libsmb_server.c | 16 +
source3/libsmb/libsmb_stat.c | 8 +
source3/libsmb/libsmb_xattr.c | 41 ++
source3/libsmb/ntlmssp.c | 38 +-
source3/modules/vfs_default.c | 8 +-
source3/modules/vfs_glusterfs.c | 365 ++++++++++--
source3/modules/vfs_gpfs.c | 10 +
source3/nmbd/nmbd_incomingdgrams.c | 22 +-
source3/nmbd/nmbd_serverlistdb.c | 5 -
source3/pam_smbpass/pam_smb_auth.c | 11 +-
source3/passdb/lookup_sid.c | 24 +
source3/printing/nt_printing_ads.c | 312 ++++++++---
source3/printing/print_cups.c | 2 +-
source3/rpc_server/spoolss/srv_spoolss_nt.c | 104 +++-
source3/smbd/aio.c | 12 +-
source3/smbd/globals.h | 3 +
source3/smbd/open.c | 9 +
source3/smbd/process.c | 1 +
source3/smbd/service.c | 6 +-
source3/smbd/smb2_ioctl_network_fs.c | 28 +-
source3/smbd/smb2_negprot.c | 114 ++--
source3/smbd/smb2_server.c | 22 +-
source3/utils/net_dns.c | 2 +-
source3/utils/net_sam.c | 8 +-
source3/utils/net_time.c | 21 +-
source3/winbindd/wb_lookupusergroups.c | 11 +
source3/winbindd/wb_next_grent.c | 51 +-
source4/auth/gensec/gensec_gssapi.c | 4 +-
source4/dsdb/samdb/ldb_modules/operational.c | 66 ++-
source4/dsdb/tests/python/token_group.py | 351 +++++++++++-
source4/rpc_server/dcerpc_server.c | 128 +++--
source4/rpc_server/dcerpc_server.h | 2 +
source4/smbd/process_standard.c | 12 +-
64 files changed, 2754 insertions(+), 609 deletions(-)
create mode 100644 docs-xml/manpages/vfs_glusterfs.8.xml
copy lib/talloc/ABI/{pytalloc-util-2.0.6.sigs => pytalloc-util-2.1.0.sigs} (100%)
copy lib/talloc/ABI/{pytalloc-util-2.0.6.sigs => pytalloc-util-2.1.1.sigs} (100%)
copy lib/talloc/ABI/{pytalloc-util-2.0.6.sigs => pytalloc-util-2.1.2.sigs} (100%)
copy lib/talloc/ABI/{talloc-2.0.8.sigs => talloc-2.1.0.sigs} (97%)
copy lib/talloc/ABI/{talloc-2.0.8.sigs => talloc-2.1.1.sigs} (97%)
copy lib/talloc/ABI/{talloc-2.0.8.sigs => talloc-2.1.2.sigs} (97%)
create mode 100644 lib/talloc/pytalloc_guide.txt
Changeset truncated at 500 lines:
diff --git a/VERSION b/VERSION
index 8876650..5237bce 100644
--- a/VERSION
+++ b/VERSION
@@ -25,7 +25,7 @@
########################################################
SAMBA_VERSION_MAJOR=4
SAMBA_VERSION_MINOR=1
-SAMBA_VERSION_RELEASE=17
+SAMBA_VERSION_RELEASE=18
########################################################
# If a official release has a serious bug #
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index 48ebdf9..a67c16a 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,4 +1,135 @@
==============================
+ Release Notes for Samba 4.1.18
+ May 12, 2015
+ ==============================
+
+
+This is the latest stable release of Samba 4.1.
+
+
+Changes since 4.1.17:
+---------------------
+
+o Michael Adam <obnox at samba.org>
+ * BUG 8905: s3:winbind:grent: Don't stop group enumeration when a group has
+ no gid.
+ * BUG 11058: cli_connect_nb_send: don't segfault on host == NULL.
+ * BUG 11117: vfs_glusterfs manpage corrections.
+ * BUG 11143: s3-winbind: Fix chached user group lookup of trusted domains.
+
+
+o Jeremy Allison <jra at samba.org>
+ * BUG 10016: Fix NTLM authentication.
+ * BUG 10888: s3: client - "client use spnego principal = yes" code checks
+ wrong name.
+ * BUG 11079: s3: lib: libsmbclient: If reusing a server struct, check every
+ cli->timout miliseconds if it's still valid before use.
+ * BUG 11094: s3: smbclient: Allinfo leaves the file handle open.
+ * BUG 11144: Fix memory leak in SMB2 notify handling.
+ * BUG 11173: s3: libcli: smb1: Ensure we correctly finish a tevent req if
+ the writev fails in the SMB1 case.
+ * BUG 11177: s3: libsmbclient: Add missing talloc stackframe.
+ * BUG 11186: s3: libsmbclient: After getting attribute server, ensure main
+ srv pointer is still valid.
+ * BUG 11187: s3: Mac OS X 10.10.x fails validate negotiate request to 4.1.x.
+ * BUG 11236: s4: rpc: Refactor dcesrv_alter() function into setup and send
+ steps.
+ * BUG 11240: s3: smbd: Incorrect file size returned in the response of
+ "FILE_SUPERSEDE Create".
+ * BUG 11254: s3: nmbd: Don't set work_changed = True inside
+ update_server_ttl().
+
+
+o Andrew Bartlett <abartlet at samba.org>
+ * BUG 11100: debug: Set close-on-exec for the main log file FD.
+
+
+o Ralph Boehme <slow at samba.org>
+ * BUG 11224: s3:smbd: Missing tevent_req_nterror.
+ * BUG 11243: vfs: kernel_flock and named streams.
+
+
+o Ira Cooper <ira at samba.org>
+ * BUG 11069: vfs_glusterfs: Add comments to the pipe(2) code.
+ * BUG 11115: smbd: Stop using vfs_Chdir after SMB_VFS_DISCONNECT.
+
+
+o Günther Deschner <gd at samba.org>
+ * BUG 10240: vfs: Add glusterfs manpage.
+
+
+o David Disseldorp <ddiss at samba.org>
+ * BUG 10808: printing/cups: Pack requested-attributes with IPP_TAG_KEYWORD.
+ * BUG 11018: smbd can't find the GUID for a printer in the registry and
+ fails to publish printers.
+ * BUG 11059: libsmb: Provide authinfo domain for encrypted session
+ referrals.
+ * BUG 11169: docs/idmap_rid: Remove deprecated base_rid from example.
+ * BUG 11210: spoolss: Purge the printer name cache on name change.
+
+
+o Julien Kerihuel <j.kerihuel at openchange.org>
+ * BUG 11225: s4:rpc_server: Add multiplex state to dcerpc flags and control
+ over multiplex PFC flag in bind_ack and and dcesrv_alter replies.
+ * BUG 11226: Fix terminate connection behavior for asynchronous endpoint
+ with PUSH notification flavors.
+
+
+o Volker Lendecke <vl at samba.org>
+ * BUG 11041: smbd: Fix CID 1063259 Uninitialized scalar variable.
+ * BUG 11051: net: Fix 'net sam addgroupmem'.
+
+
+o Stefan Metzmacher <metze at samba.org>
+ * BUG 9702: s3:smb2_server: protect against integer wrap with "smb2 max
+ credits = 65535".
+ * BUG 11144: Fix memory leak in SMB2 notify handling.
+ * BUG 11164: s4:auth/gensec_gssapi: let gensec_gssapi_update() return
+ NT_STATUS_LOGON_FAILURE for unknown errors.
+
+
+o Andreas Schneider <asn at samba.org>
+ * BUG 10984: spoolss: Clear PrinterInfo on GetPrinter error.
+ * BUG 11008: s3-util: Fix authentication with long hostnames.
+ * BUG 11037: s3-libads: Fix a possible segfault in kerberos_fetch_pac().
+ * BUG 11058: utils: Fix 'net time' segfault.
+ * BUG 11066: s3-pam_smbpass: Fix memory leak in pam_sm_authenticate().
+ * BUG 11127: doc-xml: Add 'sharesec' reference to 'access based share enum'.
+ * BUG 11180: s4-process_model: Do not close random fds while forking.
+ * BUG 11185: s3-passdb: Fix 'force user' with winbind default domain.
+
+
+o Richard Sharpe <rsharpe at nutanix.com>
+ * BUG 11234: Fix crash in 'net ads dns gethostbyname' with an error in TALLOC_FREE
+ if you enter invalid values.
+
+
+#######################################
+Reporting bugs & Development Discussion
+#######################################
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical IRC channel on irc.freenode.net.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored. All bug reports should
+be filed under the Samba 4.1 product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+======================================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+======================================================================
+
+
+Release notes for older releases follow:
+----------------------------------------
+
+======================================================================
+
+ ==============================
Release Notes for Samba 4.1.17
February 23, 2015
==============================
@@ -51,10 +182,8 @@ database (https://bugzilla.samba.org/).
======================================================================
-Release notes for older releases follow:
-----------------------------------------
+----------------------------------------------------------------------
-======================================================================
==============================
Release Notes for Samba 4.1.16
diff --git a/auth/ntlmssp/ntlmssp_client.c b/auth/ntlmssp/ntlmssp_client.c
index fc66a8d..c168244 100644
--- a/auth/ntlmssp/ntlmssp_client.c
+++ b/auth/ntlmssp/ntlmssp_client.c
@@ -131,12 +131,13 @@ NTSTATUS ntlmssp_client_challenge(struct gensec_security *gensec_security,
talloc_get_type_abort(gensec_security->private_data,
struct gensec_ntlmssp_context);
struct ntlmssp_state *ntlmssp_state = gensec_ntlmssp->ntlmssp_state;
- uint32_t chal_flags, ntlmssp_command, unkn1, unkn2;
+ uint32_t chal_flags, ntlmssp_command, unkn1 = 0, unkn2 = 0;
DATA_BLOB server_domain_blob;
DATA_BLOB challenge_blob;
DATA_BLOB target_info = data_blob(NULL, 0);
char *server_domain;
const char *chal_parse_string;
+ const char *chal_parse_string_short = NULL;
const char *auth_gen_string;
DATA_BLOB lm_response = data_blob(NULL, 0);
DATA_BLOB nt_response = data_blob(NULL, 0);
@@ -177,6 +178,7 @@ NTSTATUS ntlmssp_client_challenge(struct gensec_security *gensec_security,
chal_parse_string = "CdUdbddB";
} else {
chal_parse_string = "CdUdbdd";
+ chal_parse_string_short = "CdUdb";
}
auth_gen_string = "CdBBUUUBd";
} else {
@@ -184,6 +186,7 @@ NTSTATUS ntlmssp_client_challenge(struct gensec_security *gensec_security,
chal_parse_string = "CdAdbddB";
} else {
chal_parse_string = "CdAdbdd";
+ chal_parse_string_short = "CdAdb";
}
auth_gen_string = "CdBBAAABd";
@@ -198,10 +201,39 @@ NTSTATUS ntlmssp_client_challenge(struct gensec_security *gensec_security,
&challenge_blob, 8,
&unkn1, &unkn2,
&target_info)) {
+
+ bool ok = false;
+
DEBUG(1, ("Failed to parse the NTLMSSP Challenge: (#2)\n"));
- dump_data(2, in.data, in.length);
- talloc_free(mem_ctx);
- return NT_STATUS_INVALID_PARAMETER;
+
+ if (chal_parse_string_short != NULL) {
+ /*
+ * In the case where NTLMSSP_NEGOTIATE_TARGET_INFO
+ * is not used, some NTLMSSP servers don't return
+ * the unused unkn1 and unkn2 fields.
+ * See bug:
+ * https://bugzilla.samba.org/show_bug.cgi?id=10016
+ * for packet traces.
+ * Try and parse again without them.
+ */
+ ok = msrpc_parse(mem_ctx,
+ &in, chal_parse_string_short,
+ "NTLMSSP",
+ &ntlmssp_command,
+ &server_domain,
+ &chal_flags,
+ &challenge_blob, 8);
+ if (!ok) {
+ DEBUG(1, ("Failed to short parse "
+ "the NTLMSSP Challenge: (#2)\n"));
+ }
+ }
+
+ if (!ok) {
+ dump_data(2, in.data, in.length);
+ talloc_free(mem_ctx);
+ return NT_STATUS_INVALID_PARAMETER;
+ }
}
if (chal_flags & NTLMSSP_TARGET_TYPE_SERVER) {
diff --git a/docs-xml/manpages/idmap_rid.8.xml b/docs-xml/manpages/idmap_rid.8.xml
index 9b96b8e..5a0ed1f 100644
--- a/docs-xml/manpages/idmap_rid.8.xml
+++ b/docs-xml/manpages/idmap_rid.8.xml
@@ -65,8 +65,6 @@
This means SIDs with a RID less than the base rid are filtered.
The default is not to restrict the allowed rids at all,
i.e. a base_rid value of 0.
- A good value for the base_rid can be 1000, since user
- RIDs by default start at 1000 (512 hexadecimal).
</para>
<para>
Use of this parameter is deprecated.
@@ -114,7 +112,6 @@
idmap config TRUSTED : backend = rid
idmap config TRUSTED : range = 50000 - 99999
- idmap config TRUSTED : base_rid = 1000
</programlisting>
</refsect1>
diff --git a/docs-xml/manpages/vfs_glusterfs.8.xml b/docs-xml/manpages/vfs_glusterfs.8.xml
new file mode 100644
index 0000000..c0c320c
--- /dev/null
+++ b/docs-xml/manpages/vfs_glusterfs.8.xml
@@ -0,0 +1,170 @@
+<?xml version="1.0" encoding="iso-8859-1"?>
+<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc">
+<refentry id="vfs_glusterfs.8">
+
+<refmeta>
+ <refentrytitle>vfs_glusterfs</refentrytitle>
+ <manvolnum>8</manvolnum>
+ <refmiscinfo class="source">Samba</refmiscinfo>
+ <refmiscinfo class="manual">System Administration tools</refmiscinfo>
+ <refmiscinfo class="version">4.2</refmiscinfo>
+</refmeta>
+
+
+<refnamediv>
+ <refname>vfs_glusterfs</refname>
+ <refpurpose>
+ Utilize features provided by GlusterFS
+ </refpurpose>
+</refnamediv>
+
+<refsynopsisdiv>
+ <cmdsynopsis>
+ <command>vfs objects = glusterfs</command>
+ </cmdsynopsis>
+</refsynopsisdiv>
+
+<refsect1>
+ <title>DESCRIPTION</title>
+
+ <para>This VFS module is part of the
+ <citerefentry><refentrytitle>samba</refentrytitle>
+ <manvolnum>8</manvolnum></citerefentry> suite.</para>
+
+ <para>
+ GlusterFS
+ (<ulink url="http://www.gluster.org/">http://www.gluster.org</ulink>)
+ is an Open Source clustered file system capable of scaling to
+ several peta-bytes. With its FUSE based native client,
+ GlusterFS is available as a POSIX compliant file system and can
+ hence be shared by Samba without additional steps.
+ </para>
+
+ <para>
+ The <command>vfs_glusterfs</command> VFS module provides an
+ alternative, and superior way to access a Gluster filesystem
+ from Samba for sharing. It does not require a Gluster FUSE mount
+ but directly accesses the GlusterFS daemon through its library
+ <command>libgfapi</command>, thereby omitting the expensive
+ kernel-userspace context switches and taking advantage of some
+ of the more advanced features of GlusterFS.
+ </para>
+
+ <para>
+ This module can be combined with other modules, but it
+ should be the last module in the <command>vfs objects</command>
+ list. Modules added to this list to the right of the glusterfs
+ entry may not have any effect at all.
+ </para>
+</refsect1>
+
+<refsect1>
+ <title>CONFIGURATION</title>
+
+ <para>
+ A basic configuration looks like this.
+ </para>
+
+ <programlisting>
+ <smbconfsection name="[share]"/>
+ <smbconfoption name="vfs objects">glusterfs</smbconfoption>
+ <smbconfoption name="path">/relative/base/path</smbconfoption>
+ <smbconfoption name="glusterfs:volume">gv0</smbconfoption>
+ <smbconfoption name="kernel share modes">no</smbconfoption>
+ </programlisting>
+
+ <para>
+ Note that since <command>vfs_glusterfs</command> does not
+ require a Gluster mount, the share <command>path</command> is
+ treated differently than for other shares: It is interpreted as
+ the base path of the share relative to the gluster volume used.
+ Because this is usually not at the same time a system path, in a
+ ctdb cluster setup where ctdb manages Samba, you need to set
+ <command>CTDB_SAMBA_SKIP_SHARE_CHECK=yes</command> in ctdb's
+ configuration file. Otherwise ctdb will not get healthy.
+ </para>
+
+ <para>
+ Note that currently kernel share modes have to be disabled
+ in a share running with the glusterfs vfs module for file
+ serving to work properly.
+ </para>
+</refsect1>
+
+<refsect1>
+ <title>OPTIONS</title>
+
+ <variablelist>
+
+ <varlistentry>
+ <term>glusterfs:logfile = path</term>
+ <listitem>
+ <para>
+ Defines whether and where to store a vfs_glusterfs specific
+ logfile. Client variable substitution is supported (i.e.
+ %M, %m, %I), hence per client log file can be specified.
+ </para>
+ <para>
+ Example: glusterfs:logfile =
+ /var/log/samba/glusterfs-vol2.%M.log
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>glusterfs:loglevel = 0-9</term>
+ <listitem>
+ <para>
+ Defines the level of logging, with higher numbers corresponding to more verbosity.
+ 0 - No logs; 9 - Trace log level; 7 being the info log level is preferred.
+ </para>
+ <para>
+ If this option is not defined with an explicit loglevel,
+ the glusterfs default is used (currently loglevel 7).
+ </para>
+ </listitem>
+ </varlistentry>
+
+
+ <varlistentry>
+ <term>glusterfs:volfile_server = servername</term>
+ <listitem>
+ <para>
+ Defines which volfile server to use, defaults to
+ localhost.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>glusterfs:volume = volumename</term>
+ <listitem>
+ <para>
+ Defines the glusterfs volumename to use for this share.
+ </para>
+ </listitem>
+
+ </varlistentry>
+ </variablelist>
+
+</refsect1>
+
+<refsect1>
+ <title>VERSION</title>
+
+ <para>
+ This man page is correct for version 4.2.0 of the Samba suite.
+ </para>
+</refsect1>
+
+<refsect1>
+ <title>AUTHOR</title>
+
+ <para>The original Samba software and related utilities
+ were created by Andrew Tridgell. Samba is now developed
+ by the Samba Team as an Open Source project similar
+ to the way the Linux kernel is developed.</para>
+
+</refsect1>
+
+</refentry>
diff --git a/docs-xml/smbdotconf/security/accessbasedshareenum.xml b/docs-xml/smbdotconf/security/accessbasedshareenum.xml
index 8b94648..66932d0 100644
--- a/docs-xml/smbdotconf/security/accessbasedshareenum.xml
+++ b/docs-xml/smbdotconf/security/accessbasedshareenum.xml
@@ -7,7 +7,10 @@
<para>If this parameter is <constant>yes</constant> for a
service, then the share hosted by the service will only be visible
to users who have read or write access to the share during share
- enumeration (for example net view \\sambaserver). This has
+ enumeration (for example net view \\sambaserver). The share ACLs
+ which allow or deny the access to the share can be modified using
+ for example the <command moreinfo="none">sharesec</command> command
+ or using the appropriate Windows tools. This has
parallels to access based enumeration, the main difference being
that only share permissions are evaluated, and security
descriptors on files contained on the share are not used in
diff --git a/docs-xml/smbdotconf/security/clientusepsnegoprincipal.xml b/docs-xml/smbdotconf/security/clientusepsnegoprincipal.xml
index 6ec1eb1..792a738 100644
--- a/docs-xml/smbdotconf/security/clientusepsnegoprincipal.xml
+++ b/docs-xml/smbdotconf/security/clientusepsnegoprincipal.xml
@@ -14,6 +14,10 @@
servers known only by IP address. Kerberos relies on names, so
ordinarily cannot function in this situation. </para>
+ <para>This is a VERY BAD IDEA for security reasons, and so this
+ parameter SHOULD NOT BE USED. It will be removed in a future
+ version of Samba.</para>
+
<para>If disabled, Samba will use the name used to look up the
server when asking the KDC for a ticket. This avoids situations
where a server may impersonate another, soliciting authentication
@@ -23,6 +27,9 @@
<para>Note that Windows XP SP2 and later versions already follow
this behaviour, and Windows Vista and later servers no longer
supply this 'rfc4178 hint' principal on the server side.</para>
+
+ <para>This parameter is deprecated in Samba 4.2.1 and will be removed
+ (along with the functionality) in a later release of Samba.</para>
</description>
<value type="default">no</value>
</samba:parameter>
diff --git a/docs-xml/wscript_build b/docs-xml/wscript_build
index 7af0f68..fa8fc4d 100644
--- a/docs-xml/wscript_build
+++ b/docs-xml/wscript_build
@@ -61,6 +61,7 @@ manpages='''
manpages/vfs_fake_perms.8
manpages/vfs_fileid.8
manpages/vfs_full_audit.8
+ manpages/vfs_glusterfs.8
manpages/vfs_gpfs.8
manpages/vfs_linux_xfs_sgid.8
manpages/vfs_media_harmony.8
diff --git a/lib/param/param_table.c b/lib/param/param_table.c
index 8e3f952..d590bd1 100644
--- a/lib/param/param_table.c
+++ b/lib/param/param_table.c
@@ -739,7 +739,7 @@ static struct parm_struct parm_table[] = {
.offset = GLOBAL_VAR(client_use_spnego_principal),
.special = NULL,
--
Samba Shared Repository
More information about the samba-cvs
mailing list