[SCM] Samba Shared Repository - branch v4-3-test updated
Karolin Seeger
kseeger at samba.org
Thu Jul 7 09:23:25 UTC 2016
The branch, v4-3-test has been updated
via f4729ca Merge tag 'samba-4.3.11' into v4-3-test
via c7bc017 VERSION: Disable git snapshots for the 4.3.11 release.
via e716f76 WHATSNEW: Add release notes for Samba 4.3.11.
via ad8a3d9 CVE-2016-2019: s3:selftest: add regression tests for guest logins and mandatory signing
via 0390433 CVE-2016-2019: s3:libsmb: add comment regarding smbXcli_session_is_guest() with mandatory signing
via 559a130 CVE-2016-2019: libcli/smb: don't allow guest sessions if we require signing
via 4e3541e dcerpc.idl: remove unused DCERPC_NCACN_PAYLOAD_MAX_SIZE
via 6a0f9db s4:rpc_server: use a variable for the max total reassembled request payload
via bc2963a s4:librpc/rpc: allow a total reassembled response payload of 240 MBytes
via 2a8c919 dcerpc.idl: add DCERPC_NCACN_{REQUEST,RESPONSE}_DEFAULT_MAX_SIZE
via 851c186 VERSION: Bump version up to 4.3.11...
via 4e4a706 s3-winbind: Fix memory leak with each cached credential login
via ff9bd2d build: Enable NTVFS file server to be omitted
via 955f41e build: Build less of Samba when building --without-ntvfs-fileserver
from 58210c0 libutil: Support systemd 230
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-3-test
- Log -----------------------------------------------------------------
commit f4729ca1690b4ec1815152b180cd23dd31da8140
Merge: 4e4a706 c7bc017
Author: Karolin Seeger <kseeger at samba.org>
Date: Thu Jul 7 11:23:17 2016 +0200
Merge tag 'samba-4.3.11' into v4-3-test
samba: tag release samba-4.3.11
commit 4e4a706e0e65f61c5405b8d56853c25a58059f4e
Author: Andreas Schneider <asn at samba.org>
Date: Wed Jun 29 13:38:19 2016 +0200
s3-winbind: Fix memory leak with each cached credential login
When we allow offline logon and have a lot of logins, windbind will leak
4k of memory which each log in. On systems with heavy load this can grow
quickly and the OOM killer will kill Winbind.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11999
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Wed Jun 29 19:03:53 CEST 2016 on sn-devel-144
(cherry picked from commit 826f61960ec74deedc9d556a3b8fe04d9178dcd8)
commit ff9bd2dec99767b6da246a68f21521caa9a7a7eb
Author: Andrew Bartlett <abartlet at samba.org>
Date: Sat Oct 10 09:30:17 2015 +1300
build: Enable NTVFS file server to be omitted
We now only build it by default with --enable-sefltest, or otherwise
if requested.
The NTVFS file server still has features not present in the smbd file
server, such as a CIFS/SMB proxy, and a radically different design,
but it is also not undergoing any ongoing development so this keeps it
in a safe state for care and maintaince, with less of a security risk
if such an issue were to come up.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11991
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 71dcc76b70d8e249624f9bf057fc4fd3a44125e1)
commit 955f41eba432499856f41d825a54165f42634556
Author: Andrew Bartlett <abartlet at samba.org>
Date: Wed May 11 05:33:17 2016 +1200
build: Build less of Samba when building --without-ntvfs-fileserver
We would build, but not use, many components of the NTVFS file server
even when we asked not to. They would then consume disk, but not be
of any use
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11991
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
(cherry picked from commit 0b4c741b9c03d147ee5f56d027bacda75c1b5282)
-----------------------------------------------------------------------
Summary of changes:
WHATSNEW.txt | 77 +++++++++++++++++-
libcli/smb/smbXcli_base.c | 19 ++++-
python/pyglue.c | 11 +++
python/samba/__init__.py | 1 +
python/samba/netcmd/domain.py | 37 +++++++--
source3/libsmb/cliconnect.c | 3 +
source3/script/tests/test_smbclient_ntlm.sh | 4 +
source3/winbindd/winbindd_cache.c | 8 +-
source4/ntvfs/posix/posix_eadb.c | 81 ++++++++++---------
source4/ntvfs/posix/wscript_build | 61 +++++++-------
source4/ntvfs/wscript_build | 120 ++++++++++++++--------------
source4/rpc_server/common/server_info.c | 2 +-
source4/rpc_server/wkssvc/dcesrv_wkssvc.c | 1 -
source4/rpc_server/wscript_build | 18 +++--
source4/smb_server/service_smb.c | 4 +-
source4/smb_server/smb/wscript_build | 2 +-
source4/smb_server/smb2/wscript_build | 2 +-
source4/smb_server/wscript_build | 6 +-
source4/smbd/server.c | 4 -
source4/torture/rpc/rpc.c | 2 +-
source4/torture/wscript_build | 14 ++--
wscript | 22 +++++
22 files changed, 332 insertions(+), 167 deletions(-)
Changeset truncated at 500 lines:
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index 4bad9ab..0eccb25 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,4 +1,77 @@
==============================
+ Release Notes for Samba 4.3.11
+ July 07, 2016
+ ==============================
+
+
+This is a security release in order to address the following defect:
+
+o CVE-2016-2119 (Client side SMB2/3 required signing can be downgraded)
+
+=======
+Details
+=======
+
+o CVE-2016-2119:
+ It's possible for an attacker to downgrade the required signing for
+ an SMB2/3 client connection, by injecting the SMB2_SESSION_FLAG_IS_GUEST
+ or SMB2_SESSION_FLAG_IS_NULL flags.
+
+ This means that the attacker can impersonate a server being connected to by
+ Samba, and return malicious results.
+
+ The primary concern is with winbindd, as it uses DCERPC over SMB2 when talking
+ to domain controllers as a member server, and trusted domains as a domain
+ controller. These DCE/RPC connections were intended to protected by the
+ combination of "client ipc signing" and
+ "client ipc max protocol" in their effective default settings
+ ("mandatory" and "SMB3_11").
+
+ Additionally, management tools like net, samba-tool and rpcclient use DCERPC
+ over SMB2/3 connections.
+
+ By default, other tools in Samba are unprotected, but rarely they are
+ configured to use smb signing, via the "client signing" parameter (the default
+ is "if_required"). Even more rarely the "client max protocol" is set to SMB2,
+ rather than the NT1 default.
+
+ If both these conditions are met, then this issue would also apply to these
+ other tools, including command line tools like smbcacls, smbcquota, smbclient,
+ smbget and applications using libsmbclient.
+
+
+Changes since 4.3.10:
+--------------------
+
+o Stefan Metzmacher <metze at samba.org>
+ * BUG 11860: CVE-2016-2119: Fix client side SMB2 signing downgrade.
+ * BUG 11948: Total dcerpc response payload more than 0x400000.
+
+
+#######################################
+Reporting bugs & Development Discussion
+#######################################
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical IRC channel on irc.freenode.net.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored. All bug reports should
+be filed under the "Samba 4.1 and newer" product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+======================================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+======================================================================
+
+
+Release notes for older releases follow:
+----------------------------------------
+
+ ==============================
Release Notes for Samba 4.3.10
June 15, 2016
==============================
@@ -96,8 +169,8 @@ database (https://bugzilla.samba.org/).
======================================================================
-Release notes for older releases follow:
-----------------------------------------
+----------------------------------------------------------------------
+
=============================
Release Notes for Samba 4.3.9
diff --git a/libcli/smb/smbXcli_base.c b/libcli/smb/smbXcli_base.c
index 419a2c0..4039e86 100644
--- a/libcli/smb/smbXcli_base.c
+++ b/libcli/smb/smbXcli_base.c
@@ -5313,6 +5313,10 @@ bool smbXcli_session_is_guest(struct smbXcli_session *session)
return false;
}
+ if (session->conn->mandatory_signing) {
+ return false;
+ }
+
if (session->conn->protocol >= PROTOCOL_SMB2_02) {
if (session->smb2->session_flags & SMB2_SESSION_FLAG_IS_GUEST) {
return true;
@@ -5567,7 +5571,7 @@ NTSTATUS smb2cli_session_set_session_key(struct smbXcli_session *session,
const struct iovec *recv_iov)
{
struct smbXcli_conn *conn = session->conn;
- uint16_t no_sign_flags;
+ uint16_t no_sign_flags = 0;
uint8_t session_key[16];
bool check_signature = true;
uint32_t hdr_flags;
@@ -5592,7 +5596,18 @@ NTSTATUS smb2cli_session_set_session_key(struct smbXcli_session *session,
return NT_STATUS_INVALID_PARAMETER_MIX;
}
- no_sign_flags = SMB2_SESSION_FLAG_IS_GUEST | SMB2_SESSION_FLAG_IS_NULL;
+ if (!conn->mandatory_signing) {
+ /*
+ * only allow guest sessions without
+ * mandatory signing.
+ *
+ * If we try an authentication with username != ""
+ * and the server let us in without verifying the
+ * password we don't have a negotiated session key
+ * for signing.
+ */
+ no_sign_flags = SMB2_SESSION_FLAG_IS_GUEST;
+ }
if (session->smb2->session_flags & no_sign_flags) {
session->smb2->should_sign = false;
diff --git a/python/pyglue.c b/python/pyglue.c
index 3fc6e38..81244a2 100644
--- a/python/pyglue.c
+++ b/python/pyglue.c
@@ -121,6 +121,15 @@ static PyObject *py_get_debug_level(PyObject *self)
return PyInt_FromLong(DEBUGLEVEL);
}
+static PyObject *py_is_ntvfs_fileserver_built(PyObject *self)
+{
+#ifdef WITH_NTVFS_FILESERVER
+ Py_RETURN_TRUE;
+#else
+ Py_RETURN_FALSE;
+#endif
+}
+
/*
return the list of interface IPs we have configured
takes an loadparm context, returns a list of IPs in string form
@@ -267,6 +276,8 @@ static PyMethodDef py_misc_methods[] = {
"(for testing) compare two strings using Samba's strcasecmp_m()"},
{ "strstr_m", (PyCFunction)py_strstr_m, METH_VARARGS,
"(for testing) find one string in another with Samba's strstr_m()"},
+ { "is_ntvfs_fileserver_built", (PyCFunction)py_is_ntvfs_fileserver_built, METH_NOARGS,
+ "is the NTVFS file server built in this installation?" },
{ NULL }
};
diff --git a/python/samba/__init__.py b/python/samba/__init__.py
index aaf335c..7cfbc4c 100644
--- a/python/samba/__init__.py
+++ b/python/samba/__init__.py
@@ -398,3 +398,4 @@ unix2nttime = _glue.unix2nttime
generate_random_password = _glue.generate_random_password
strcasecmp_m = _glue.strcasecmp_m
strstr_m = _glue.strstr_m
+is_ntvfs_fileserver_built = _glue.is_ntvfs_fileserver_built
diff --git a/python/samba/netcmd/domain.py b/python/samba/netcmd/domain.py
index 119e8b2..780d615 100644
--- a/python/samba/netcmd/domain.py
+++ b/python/samba/netcmd/domain.py
@@ -224,7 +224,7 @@ class cmd_domain_provision(Command):
Option("--ol-mmr-urls", type="string", metavar="LDAPSERVER",
help="List of LDAP-URLS [ ldap://<FQHN>:<PORT>/ (where <PORT> has to be different than 389!) ] separated with comma (\",\") for use with OpenLDAP-MMR (Multi-Master-Replication), e.g.: \"ldap://s4dc1:9000,ldap://s4dc2:9000\""),
Option("--use-xattrs", type="choice", choices=["yes", "no", "auto"], help="Define if we should use the native fs capabilities or a tdb file for storing attributes likes ntacl, auto tries to make an inteligent guess based on the user rights and system capabilities", default="auto"),
- Option("--use-ntvfs", action="store_true", help="Use NTVFS for the fileserver (default = no)"),
+
Option("--use-rfc2307", action="store_true", help="Use AD to store posix attributes (default = no)"),
]
@@ -239,9 +239,16 @@ class cmd_domain_provision(Command):
Option("--ldap-backend-nosync", help="Configure LDAP backend not to call fsync() (for performance in test environments)", action="store_true"),
]
+ ntvfs_options = [
+ Option("--use-ntvfs", action="store_true", help="Use NTVFS for the fileserver (default = no)"),
+ ]
+
if os.getenv('TEST_LDAP', "no") == "yes":
takes_options.extend(openldap_options)
+ if samba.is_ntvfs_fileserver_built():
+ takes_options.extend(ntvfs_options)
+
takes_args = []
def run(self, sambaopts=None, versionopts=None,
@@ -490,8 +497,6 @@ class cmd_domain_dcpromo(Command):
action="store_true"),
Option("--machinepass", type=str, metavar="PASSWORD",
help="choose machine password (otherwise random)"),
- Option("--use-ntvfs", help="Use NTVFS for the fileserver (default = no)",
- action="store_true"),
Option("--dns-backend", type="choice", metavar="NAMESERVER-BACKEND",
choices=["SAMBA_INTERNAL", "BIND9_DLZ", "NONE"],
help="The DNS server backend. SAMBA_INTERNAL is the builtin name server (default), "
@@ -502,6 +507,14 @@ class cmd_domain_dcpromo(Command):
Option("--verbose", help="Be verbose", action="store_true")
]
+ ntvfs_options = [
+ Option("--use-ntvfs", action="store_true", help="Use NTVFS for the fileserver (default = no)"),
+ ]
+
+ if samba.is_ntvfs_fileserver_built():
+ takes_options.extend(ntvfs_options)
+
+
takes_args = ["domain", "role?"]
def run(self, domain, role=None, sambaopts=None, credopts=None,
@@ -569,8 +582,6 @@ class cmd_domain_join(Command):
help="choose machine password (otherwise random)"),
Option("--adminpass", type="string", metavar="PASSWORD",
help="choose adminstrator password when joining as a subdomain (otherwise random)"),
- Option("--use-ntvfs", help="Use NTVFS for the fileserver (default = no)",
- action="store_true"),
Option("--dns-backend", type="choice", metavar="NAMESERVER-BACKEND",
choices=["SAMBA_INTERNAL", "BIND9_DLZ", "NONE"],
help="The DNS server backend. SAMBA_INTERNAL is the builtin name server (default), "
@@ -581,6 +592,13 @@ class cmd_domain_join(Command):
Option("--verbose", help="Be verbose", action="store_true")
]
+ ntvfs_options = [
+ Option("--use-ntvfs", help="Use NTVFS for the fileserver (default = no)",
+ action="store_true")
+ ]
+ if samba.is_ntvfs_fileserver_built():
+ takes_options.extend(ntvfs_options)
+
takes_args = ["domain", "role?"]
def run(self, domain, role=None, sambaopts=None, credopts=None,
@@ -1358,8 +1376,6 @@ class cmd_domain_classicupgrade(Command):
Option("--verbose", help="Be verbose", action="store_true"),
Option("--use-xattrs", type="choice", choices=["yes","no","auto"], metavar="[yes|no|auto]",
help="Define if we should use the native fs capabilities or a tdb file for storing attributes likes ntacl, auto tries to make an inteligent guess based on the user rights and system capabilities", default="auto"),
- Option("--use-ntvfs", help="Use NTVFS for the fileserver (default = no)",
- action="store_true"),
Option("--dns-backend", type="choice", metavar="NAMESERVER-BACKEND",
choices=["SAMBA_INTERNAL", "BIND9_FLATFILE", "BIND9_DLZ", "NONE"],
help="The DNS server backend. SAMBA_INTERNAL is the builtin name server (default), "
@@ -1369,6 +1385,13 @@ class cmd_domain_classicupgrade(Command):
default="SAMBA_INTERNAL")
]
+ ntvfs_options = [
+ Option("--use-ntvfs", help="Use NTVFS for the fileserver (default = no)",
+ action="store_true")
+ ]
+ if samba.is_ntvfs_fileserver_built():
+ takes_options.extend(ntvfs_options)
+
takes_args = ["smbconf"]
def run(self, smbconf=None, targetdir=None, dbdir=None, testparm=None,
diff --git a/source3/libsmb/cliconnect.c b/source3/libsmb/cliconnect.c
index ea92c8f..ebba8f2 100644
--- a/source3/libsmb/cliconnect.c
+++ b/source3/libsmb/cliconnect.c
@@ -1588,6 +1588,9 @@ static void cli_session_setup_gensec_remote_done(struct tevent_req *subreq)
* have a negotiated session key.
*
* So just pretend we are completely done.
+ *
+ * Note that smbXcli_session_is_guest()
+ * always returns false if we require signing.
*/
state->blob_in = data_blob_null;
state->local_ready = true;
diff --git a/source3/script/tests/test_smbclient_ntlm.sh b/source3/script/tests/test_smbclient_ntlm.sh
index b8fc564..33a927f 100755
--- a/source3/script/tests/test_smbclient_ntlm.sh
+++ b/source3/script/tests/test_smbclient_ntlm.sh
@@ -37,4 +37,8 @@ else
testit "smbclient baduser.badpassword.NT1NEW.guest" $SMBCLIENT //$SERVER/IPC\$ $CONFIGURATION -Ubaduser%badpassword -mNT1 -c quit $ADDARGS
testit "smbclient baduser.badpassword.SMB3.guest" $SMBCLIENT //$SERVER/IPC\$ $CONFIGURATION -Ubaduser%badpassword -mSMB3 -c quit $ADDARGS
+
+ testit_expect_failure "smbclient baduser.badpassword.NT1OLD.signfail" $SMBCLIENT //$SERVER/IPC\$ $CONFIGURATION -Ubaduser%badpassword -mNT1 --option=clientusespnego=no --option=clientntlmv2auth=no --signing=required -c quit $ADDARGS
+ testit_expect_failure "smbclient baduser.badpassword.NT1NEW.signfail" $SMBCLIENT //$SERVER/IPC\$ $CONFIGURATION -Ubaduser%badpassword -mNT1 --signing=required -c quit $ADDARGS
+ testit_expect_failure "smbclient baduser.badpassword.SMB3.signfail" $SMBCLIENT //$SERVER/IPC\$ $CONFIGURATION -Ubaduser%badpassword -mSMB3 --signing=required -c quit $ADDARGS
fi
diff --git a/source3/winbindd/winbindd_cache.c b/source3/winbindd/winbindd_cache.c
index 3562217..ef6dc87 100644
--- a/source3/winbindd/winbindd_cache.c
+++ b/source3/winbindd/winbindd_cache.c
@@ -3471,7 +3471,7 @@ NTSTATUS wcache_remove_oldest_cached_creds(struct winbindd_domain *domain, const
struct winbind_cache *cache = get_cache(domain);
NTSTATUS status;
int ret;
- struct cred_list *cred, *oldest = NULL;
+ struct cred_list *cred, *next, *oldest = NULL;
if (!cache->tdb) {
return NT_STATUS_INTERNAL_DB_ERROR;
@@ -3540,7 +3540,11 @@ NTSTATUS wcache_remove_oldest_cached_creds(struct winbindd_domain *domain, const
status = NT_STATUS_UNSUCCESSFUL;
}
done:
- SAFE_FREE(wcache_cred_list);
+ for (cred = wcache_cred_list; cred; cred = next) {
+ next = cred->next;
+ DLIST_REMOVE(wcache_cred_list, cred);
+ SAFE_FREE(cred);
+ }
SAFE_FREE(oldest);
return status;
diff --git a/source4/ntvfs/posix/posix_eadb.c b/source4/ntvfs/posix/posix_eadb.c
index 31c565c..e08597c 100644
--- a/source4/ntvfs/posix/posix_eadb.c
+++ b/source4/ntvfs/posix/posix_eadb.c
@@ -21,7 +21,9 @@
#include "includes.h"
#include "lib/tdb_wrap/tdb_wrap.h"
+#ifdef WITH_NTVFS_FILESERVER
#include "vfs_posix.h"
+#endif
#include "posix_eadb.h"
#define XATTR_LIST_ATTR ".xattr_list"
@@ -143,17 +145,6 @@ NTSTATUS pull_xattr_blob_tdb_raw(struct tdb_wrap *ea_tdb,
return NT_STATUS_OK;
}
-NTSTATUS pull_xattr_blob_tdb(struct pvfs_state *pvfs_state,
- TALLOC_CTX *mem_ctx,
- const char *attr_name,
- const char *fname,
- int fd,
- size_t estimated_size,
- DATA_BLOB *blob)
-{
- return pull_xattr_blob_tdb_raw(pvfs_state->ea_db,mem_ctx,attr_name,fname,fd,estimated_size,blob);
-}
-
/*
push a xattr as a blob, using ea_tdb
*/
@@ -199,14 +190,6 @@ done:
talloc_free(mem_ctx);
return status;
}
-NTSTATUS push_xattr_blob_tdb(struct pvfs_state *pvfs_state,
- const char *attr_name,
- const char *fname,
- int fd,
- const DATA_BLOB *blob)
-{
- return push_xattr_blob_tdb_raw(pvfs_state->ea_db, attr_name, fname, fd, blob);
-}
/*
@@ -234,17 +217,6 @@ NTSTATUS delete_posix_eadb_raw(struct tdb_wrap *ea_tdb, const char *attr_name,
/*
- delete a xattr
-*/
-NTSTATUS delete_posix_eadb(struct pvfs_state *pvfs_state, const char *attr_name,
- const char *fname, int fd)
-{
- return delete_posix_eadb_raw(pvfs_state->ea_db,
- attr_name, fname, fd);
-}
-
-
-/*
delete all xattrs for a file
*/
NTSTATUS unlink_posix_eadb_raw(struct tdb_wrap *ea_tdb, const char *fname, int fd)
@@ -271,14 +243,6 @@ NTSTATUS unlink_posix_eadb_raw(struct tdb_wrap *ea_tdb, const char *fname, int f
}
/*
- delete all xattrs for a file
-*/
-NTSTATUS unlink_posix_eadb(struct pvfs_state *pvfs_state, const char *fname)
-{
- return unlink_posix_eadb_raw(pvfs_state->ea_db, fname, -1);
-}
-
-/*
list all xattrs for a file
*/
NTSTATUS list_posix_eadb_raw(struct tdb_wrap *ea_tdb, TALLOC_CTX *mem_ctx,
@@ -288,3 +252,44 @@ NTSTATUS list_posix_eadb_raw(struct tdb_wrap *ea_tdb, TALLOC_CTX *mem_ctx,
return pull_xattr_blob_tdb_raw(ea_tdb, mem_ctx, XATTR_LIST_ATTR,
fname, fd, 100, list);
}
+
+#ifdef WITH_NTVFS_FILESERVER
+NTSTATUS pull_xattr_blob_tdb(struct pvfs_state *pvfs_state,
+ TALLOC_CTX *mem_ctx,
+ const char *attr_name,
+ const char *fname,
+ int fd,
+ size_t estimated_size,
+ DATA_BLOB *blob)
+{
+ return pull_xattr_blob_tdb_raw(pvfs_state->ea_db,mem_ctx,attr_name,fname,fd,estimated_size,blob);
+}
+
+NTSTATUS push_xattr_blob_tdb(struct pvfs_state *pvfs_state,
+ const char *attr_name,
+ const char *fname,
+ int fd,
+ const DATA_BLOB *blob)
+{
+ return push_xattr_blob_tdb_raw(pvfs_state->ea_db, attr_name, fname, fd, blob);
+}
+
+/*
+ delete a xattr
+*/
+NTSTATUS delete_posix_eadb(struct pvfs_state *pvfs_state, const char *attr_name,
+ const char *fname, int fd)
+{
+ return delete_posix_eadb_raw(pvfs_state->ea_db,
+ attr_name, fname, fd);
+}
+
+/*
+ delete all xattrs for a file
+*/
+NTSTATUS unlink_posix_eadb(struct pvfs_state *pvfs_state, const char *fname)
+{
+ return unlink_posix_eadb_raw(pvfs_state->ea_db, fname, -1);
+}
+
+#endif
diff --git a/source4/ntvfs/posix/wscript_build b/source4/ntvfs/posix/wscript_build
index 06fea0b..a07da33 100644
--- a/source4/ntvfs/posix/wscript_build
+++ b/source4/ntvfs/posix/wscript_build
@@ -1,43 +1,44 @@
#!/usr/bin/env python
-bld.SAMBA_SUBSYSTEM('pvfs_acl',
- source='pvfs_acl.c',
- autoproto='vfs_acl_proto.h',
- deps='events samba-modules',
- )
+if bld.CONFIG_SET('WITH_NTVFS_FILESERVER'):
+ bld.SAMBA_SUBSYSTEM('pvfs_acl',
+ source='pvfs_acl.c',
+ autoproto='vfs_acl_proto.h',
+ deps='events samba-modules',
+ )
-bld.SAMBA_MODULE('pvfs_acl_xattr',
- source='pvfs_acl_xattr.c',
- subsystem='pvfs_acl',
- init_function='pvfs_acl_xattr_init',
- deps='NDR_XATTR events'
- )
+ bld.SAMBA_MODULE('pvfs_acl_xattr',
+ source='pvfs_acl_xattr.c',
+ subsystem='pvfs_acl',
+ init_function='pvfs_acl_xattr_init',
+ deps='NDR_XATTR events'
+ )
-bld.SAMBA_MODULE('pvfs_acl_nfs4',
- source='pvfs_acl_nfs4.c',
- subsystem='pvfs_acl',
- init_function='pvfs_acl_nfs4_init',
- deps='NDR_NFS4ACL samdb events'
- )
+ bld.SAMBA_MODULE('pvfs_acl_nfs4',
+ source='pvfs_acl_nfs4.c',
+ subsystem='pvfs_acl',
+ init_function='pvfs_acl_nfs4_init',
+ deps='NDR_NFS4ACL samdb events'
+ )
--
Samba Shared Repository
More information about the samba-cvs
mailing list