[SCM] Samba Shared Repository - branch v4-10-stable updated
Karolin Seeger
kseeger at samba.org
Mon Jul 8 10:52:47 UTC 2019
The branch, v4-10-stable has been updated
via 9c67187029b VERSION: Disable GIT_SNAPSHOT for the 4.10.6 release.
via 9f1a6fe7f27 WHATSNEW: Add release notes for Samba 4.10.6.
via 8052d52b26f ldb: Release ldb 1.5.5
via f8d504acb4c python/ntacls: use correct "state directory" smb.conf option instead of "state dir"
via 662d66dcd3c selftest: add test for samba-tool ntacl get/set --use-ntvfs --xattr-backend=tdb
via 1970eadd123 docs: Document DCEPRC binding string for rpcclient
via 9218655399f s3:client: Link smbspool_krb5_wrapper against krb5samba
via 48c47f5dbbb wafsamba: Use native waf timer
via d106f5eb971 s3:mdssvc: fix flex compilation error
via 7c80167e2af ctdb-scripts: Fix tcp_tw_recycle existence check
via 4f32284840d docs: Improve documentation of "lanman auth" and "ntlm auth" connection
via 47a96935df0 vfs_fruit: remove a now unnecessary include
via bdc257a1cba vfs_fruit: use VFS functions in ad_read_rsrc_adouble()
via 2d6a2080afb vfs_fruit: use fsp and remove syscalls from ad_convert_blank_rfork()
via 91ed0f8beb9 vfs_fruit: use VFS function in ad_convert_truncate()
via 28cdc4421c2 vfs_fruit: add VFS handle to ad_convert_truncate()
via fef47b90e54 vfs_fruit: use fsp and remove mmap in ad_convert_xattr()
via 7fc300d4655 vfs_fruit: remove use of mmap() from ad_convert_move_reso()
via d49df05e619 vfs_fruit: convert ad_open_rsrc() to open a proper fsp with SMB_VFS_CREATE_FILE()
via f5d1561c5b1 vfs_fruit: only do cross protocol locking on non-internal opens
via 9ebfd4f2e51 vfs_fruit: remove a layer of indirection
via f890c4fb86c vfs_fruit: pass VFS handle to ad_convert_move_reso()
via 8f49fbfdebb vfs_fruit: remove xattr code from the AppleDouble subsystem
via 7bd5ceea7d2 vfs_fruit: remove now unused AppleDouble code for resource fork in xattr
via cc1ff660b80 vfs_fruit: use stream code for resource fork size calculation in readdir_attr_rfork_size()
via d1164d9f374 vfs_fruit: use correct case FRUIT_RSRC_STREAM in readdir_attr_rfork_size()
via 8ceb0486446 vfs_fruit: ignore AppleDouble files in fruit_unlink()
via 30f25ed6214 vfs_fruit: add a missing else
via 8787ac7938c vfs_fruit: add and use is_adouble_file()
via 2b8eeb231e0 vfs_fruit: finally, remove ad_handle from struct adouble
via ef0522b3434 vfs_fruit: pass handle to ad_convert_delete_adfile()
via f2b796844b1 vfs_fruit: pass handle to ad_convert_finderinfo()
via 3ff1b960c5e vfs_fruit: pass handle to ad_convert_blank_rfork()
via 4e22296dc6c vfs_fruit: pass handle to ad_convert_xattr()
via 47e08c03ed8 vfs_fruit: indentation fix
via 03d1328e33b vfs_fruit: pass handle to ad_read_rsrc() and all the way down
via 9b4ad2a32a6 vfs_fruit: use proper VFS function in ad_read_meta()
via fd63fda7769 vfs_fruit: indentation fix
via 7a99bba9294 vfs_fruit: pass handle to ad_read_meta()
via 25ee7f97c6c vfs_fruit: pass handle to ad_read()
via ab9a428f335 vfs_fruit: pass handle to ad_set()
via 92bc9e3e11c vfs_fruit: pass handle to ad_fset()
via 730c24902d5 s3:auth: explicitly add BUILTIN\Guests to the guest token
via b312ceb5730 tests: add a test for guest authentication
via d8e33defa5a selftest: allow guest login in the ad_member_idmap_rid env
via 90a538f4689 s3:smbd: call reinit_guest_session_info() in the conf updated handler
via 7f6b171c3e9 s3:auth: add reinit_guest_session_info()
via 813856c1c4e dsdb:audit_log: avoid printing "... remote host [Unknown] SID [(NULL SID)] ..."
via 49acbea1378 ldb_kv: Skip @ records early in a search full scan
via d9fed540c36 samba-tool domain provision: Fix --interactive module in python3
via 8867c178a9b ldap server: generate correct referral schemes
via 207295b9523 ldap tests: test scheme for referrals
via fa1de54cd92 s3/vfs_glusterfs_fuse: Avoid using NAME_MAX directly
via 778448469bb s3/vfs_glusterfs: Avoid using NAME_MAX directly
via bb688404227 Revert "s3/vfs_glusterfs_fuse: Dynamically determine NAME_MAX"
via f830628c3aa Revert "s3/vfs_glusterfs: Dynamically determine NAME_MAX"
via 70e8344a043 VERSION: Bump version up to 4.10.6...
via 734d72bdc96 Merge tag 'samba-4.10.5' into v4-10-test
via 881793d52d9 vfs_fruit: change trigger points of AppleDouble conversion
via 436356f8d00 vfs_fruit: add a forward declaration for ad_get()
via 886ab13095e selftest: run vfs.fruit test against a share that deletes empty resource forks
via 0dfaa70427e s4:torture/vfs/fruit: ensure test_adouble_conversion_wo_xattr() uses a non-emtpy resourcefork
via 6dcec5e2536 s4:torture/vfs/fruit: ensure test_adouble_conversion() uses a non-emtpy resourcefork
via e0e1707d8fc registry: add a missing include
via 16f3a73c1a7 samba-tool dns: use bytes for inet_ntop
via 40ab50754d1 tests/samba-tool: test dns serverinfo/zoneinfo
via b78b7215658 docs: dfree command. Correct usage of dfree scripts.
via 024d287cb9a lib: util: Finally remove possibilities of using sys_popen() unsafely.
via 323fd6648e2 s3: lib: Rename all uses of file_pload_XXX -> file_ploadv_XXX.
via 482219feb09 s3: lib: Remove file_pload_send().
via bcfdd137649 s3: winbind: Convert idmap to use file_ploadv_send().
via 8f690bbc632 s3: lib: Add file_ploadv_send().
via 681627eb0ef lib: util: Remove file_pload()
via 1e94a68dcd6 s3: lib: Remove file_lines_pload().
via 7bf8d14dbca s3: smbd: Convert sysquotas.c code to use file_lines_ploadv().
via 4912e62ab03 s3: smbd: Convert print_svid code to use file_lines_ploadv().
via c477e2a57aa s3: smbd: Convert dfree code to use file_lines_ploadv().
via 0f093e6bed1 s3: lib: util: Add file_lines_ploadv().
via 59bf36ee256 lib: util: Add file_ploadv().
via 7ce66c8ba7a lib: popen: Prepare to remove sys_popen().
via 21b99870445 s3:util: Move static file_pload() function to lib/util
via d1cb288bda2 s3:util: Move popen wrappers to lib/util
via ebe505e7cf7 smbd: Fix a panic
via bec45189777 smbtorture: Add a test to make smbd panic
via 9f7fc364715 smbd: Enable "smbd:suicide mode" for smb2
via def08d36e5b s3: winbind: Fix crash when invoking winbind idmap scripts.
via 4406c829558 s3:loadparm: Ensure to truncate FS Volume Label at multibyte boundary
via 643c75aa2d1 s4 dsdb: fix use after free in samldb_rename_search_base_callback
via 6946f0690af s4 dsdb/repl_meta_data: fix use after free in dsdb_audit_add_ldb_value
via b6b9f49c25d s4 dsdb/repl_meta_data: allocate new extended DNs during ADD on a better context
via 2e1b093ebff s3:smbspool: Use NTSTATUS return codes
via 57f1c2d45a5 s3:smbspool: Add debug messages to kerberos_ccache_is_valid()
via d95b2ecab78 s3:smbspool: Always try to authenticate using Kerberos
via b8abd04cd64 s3:smbspool: Print the filename we failed to open
via 4f3cb35623a s3:smbspool: Fallback to default ccache if KRB5CCNAME is not set
via 1e4d726dae1 s3:smbspool: Use %u format specifier to print uid
via 97c1b4d8808 s3:smbspool: Add debug for finding KRB5CCNAME
via 819b364f889 s3:smbspool: Print the principal we use to authenticate with
via 65bc340af6a s3:smbspool: Add the 'lp' group to the users groups
via 79d0ad8b7da python/ntacls: we only need security.SEC_STD_READ_CONTROL in order to get the ACL
via 36830a4e98d dsdb:samdb: schemainfo update with relax control
via d2d8caf45bc python/provision: use provision and relax controls for schema provision
via b97bba87d1e s4:provision: split out provision_self_join_modify_schema.ldif
via 1711b155676 ldapcmp: ignore 'schemaInfo' if two domains are compared
via 4ebeef8ef95 samdb: test for schemainfo update with relax control
via 183d21bdc92 drsuapi.idl: add DRSUAPI_ATTID_schemaInfo
via 7f1d37ab5bb dsdb/repl: we need to replicate the whole schema before we can apply it
via 5508e9c8cb4 Merge tag 'samba-4.10.4' into v4-10-test
via 827b5423c0f VERSION: Bump version up to 4.10.5...
via d3cfdd71997 VERSION: Disable GIT_SNAPSHOT for the 4.10.4 release.
from 0953917629b VERSION: Disable GIT_SNAPSHOT for the 4.10.5 release.
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-10-stable
- Log -----------------------------------------------------------------
-----------------------------------------------------------------------
Summary of changes:
VERSION | 2 +-
WHATSNEW.txt | 111 +++-
buildtools/wafsamba/samba_deps.py | 25 +-
ctdb/config/nfs-linux-kernel-callout | 4 +-
docs-xml/manpages/rpcclient.1.xml | 74 ++-
docs-xml/smbdotconf/misc/dfreecommand.xml | 6 +-
docs-xml/smbdotconf/security/lanmanauth.xml | 14 +-
docs-xml/smbdotconf/security/ntlmauth.xml | 9 +-
lib/ldb/ABI/{ldb-1.5.1.sigs => ldb-1.5.5.sigs} | 0
...yldb-util-1.1.10.sigs => pyldb-util-1.5.5.sigs} | 0
...-util-1.1.10.sigs => pyldb-util.py3-1.5.5.sigs} | 0
lib/ldb/include/ldb_module.h | 5 +
lib/ldb/ldb_key_value/ldb_kv.c | 12 +-
lib/ldb/ldb_key_value/ldb_kv.h | 7 +-
lib/ldb/ldb_key_value/ldb_kv_index.c | 14 +-
lib/ldb/ldb_key_value/ldb_kv_search.c | 19 +-
lib/ldb/wscript | 2 +-
lib/util/samba_util.h | 5 +
{source3/lib => lib/util}/sys_popen.c | 106 +---
{source3/lib => lib/util}/sys_popen.h | 2 +-
lib/util/util_file.c | 48 ++
lib/util/wscript_build | 4 +-
librpc/binding-strings.txt | 53 +-
librpc/idl/drsuapi.idl | 1 +
python/samba/netcmd/dns.py | 5 +-
python/samba/netcmd/domain.py | 1 +
python/samba/netcmd/ldapcmp.py | 2 +-
python/samba/ntacls.py | 6 +-
python/samba/provision/__init__.py | 25 +-
python/samba/tests/ldap_referrals.py | 91 +++
python/samba/tests/samba_tool/dnscmd.py | 26 +
selftest/knownfail | 1 +
selftest/target/Samba3.pm | 1 +
source3/auth/auth_util.c | 26 +
source3/auth/proto.h | 1 +
source3/client/smbspool.c | 323 ++++++----
source3/client/smbspool_krb5_wrapper.c | 101 ++-
source3/lib/sysquotas.c | 126 +++-
source3/lib/util_file.c | 94 +--
source3/lib/util_file.h | 10 +-
source3/modules/vfs_fruit.c | 550 ++++++++---------
source3/modules/vfs_glusterfs.c | 41 +-
source3/modules/vfs_glusterfs_fuse.c | 34 +-
source3/param/loadparm.c | 38 +-
source3/printing/print_svid.c | 29 +-
source3/registry/tests/test_regfio.c | 1 +
source3/rpc_server/mdssvc/sparql_lexer.l | 12 +-
source3/script/tests/test_guest_auth.sh | 103 ++++
source3/selftest/tests.py | 6 +
source3/smbd/dfree.c | 35 +-
source3/smbd/open.c | 13 +-
source3/smbd/server.c | 6 +
source3/smbd/smb2_server.c | 12 +
source3/winbindd/idmap_script.c | 81 ++-
source3/winbindd/idmap_tdb2.c | 22 +-
source3/wscript_build | 2 +-
source4/dsdb/repl/drepl_out_helpers.c | 174 +++++-
source4/dsdb/samdb/ldb_modules/audit_log.c | 4 +-
source4/dsdb/samdb/ldb_modules/partition.c | 16 +-
source4/dsdb/samdb/ldb_modules/repl_meta_data.c | 38 +-
source4/dsdb/samdb/ldb_modules/samldb.c | 3 +-
source4/dsdb/tests/python/dsdb_schema_info.py | 15 +-
source4/ldap_server/ldap_backend.c | 18 +
source4/ldap_server/ldap_server.c | 1 +
source4/ldap_server/ldap_server.h | 6 +
source4/selftest/tests.py | 11 +-
.../setup/provision_self_join_modify_config.ldif | 5 -
.../setup/provision_self_join_modify_schema.ldif | 4 +
source4/torture/smb2/oplock.c | 75 +++
source4/torture/vfs/fruit.c | 686 ++++++++++++++++++++-
testprogs/blackbox/test_samba-tool_ntacl.sh | 21 +
71 files changed, 2546 insertions(+), 878 deletions(-)
copy lib/ldb/ABI/{ldb-1.5.1.sigs => ldb-1.5.5.sigs} (100%)
copy lib/ldb/ABI/{pyldb-util-1.1.10.sigs => pyldb-util-1.5.5.sigs} (100%)
copy lib/ldb/ABI/{pyldb-util-1.1.10.sigs => pyldb-util.py3-1.5.5.sigs} (100%)
rename {source3/lib => lib/util}/sys_popen.c (64%)
rename {source3/lib => lib/util}/sys_popen.h (95%)
create mode 100644 python/samba/tests/ldap_referrals.py
create mode 100755 source3/script/tests/test_guest_auth.sh
create mode 100644 source4/setup/provision_self_join_modify_schema.ldif
Changeset truncated at 500 lines:
diff --git a/VERSION b/VERSION
index 73c35f8f66c..abb34d0334c 100644
--- a/VERSION
+++ b/VERSION
@@ -25,7 +25,7 @@
########################################################
SAMBA_VERSION_MAJOR=4
SAMBA_VERSION_MINOR=10
-SAMBA_VERSION_RELEASE=5
+SAMBA_VERSION_RELEASE=6
########################################################
# If a official release has a serious bug #
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index 8339bbf958a..3118e034ba7 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,4 +1,111 @@
==============================
+ Release Notes for Samba 4.10.6
+ July 8, 2019
+ ==============================
+
+
+This is the latest stable release of the Samba 4.10 release series.
+
+
+Changes since 4.10.5:
+---------------------
+
+o Jeremy Allison <jra at samba.org>
+ * BUG 13956: s3: winbind: Fix crash when invoking winbind idmap scripts.
+ * BUG 13964: smbd does not correctly parse arguments passed to dfree and
+ quota scripts.
+
+o Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
+ * BUG 13965: samba-tool dns: use bytes for inet_ntop.
+
+o Andrew Bartlett <abartlet at samba.org>
+ * BUG 13828: samba-tool domain provision: Fix --interactive module in
+ python3.
+ * BUG 13893: ldb_kv: Skip @ records early in a search full scan.
+ * BUG 13981: docs: Improve documentation of "lanman auth" and "ntlm auth"
+ connection.
+
+o Björn Baumbach <bb at sernet.de>
+ * BUG 14002: python/ntacls: Use correct "state directory" smb.conf option
+ instead of "state dir".
+
+o Ralph Boehme <slow at samba.org>
+ * BUG 13840: registry: Add a missing include.
+ * BUG 13944: Fix SMB guest authentication.
+ * BUG 13958: AppleDouble conversion breaks Resourceforks.
+ * BUG 13968: vfs_fruit makes direct use of syscalls like mmap() and pread().
+ * BUG 13987: s3:mdssvc: Fix flex compilation error.
+
+o Günther Deschner <gd at samba.org>
+ * BUG 13872: s3/vfs_glusterfs[_fuse]: Avoid using NAME_MAX directly:
+
+o Aaron Haslett <aaronhaslett at catalyst.net.nz>
+ * BUG 13799: dsdb:samdb: schemainfo update with relax control.
+
+o Aliaksei Karaliou <akaraliou at panasas.com>
+ * BUG 13964: s3:util: Move static file_pload() function to lib/util.
+
+o Volker Lendecke <vl at samba.org>
+ * BUG 13957: smbd: Fix a panic.
+
+o Gary Lockyer <gary at catalyst.net.nz>
+ * BUG 12478: ldap server: Generate correct referral schemes.
+ * BUG 13941: s4 dsdb/repl_meta_data: fix use after free in
+ dsdb_audit_add_ldb_value.
+ * BUG 13942: s4 dsdb: Fix use after free in
+ samldb_rename_search_base_callback.
+
+o Stefan Metzmacher <metze at samba.org>
+ * BUG 12204: dsdb/repl: we need to replicate the whole schema before we can
+ apply it.
+ * BUG 12478: ldb: Release ldb 1.5.5
+ * BUG 13713: Schema replication fails if link crosses chunk boundary
+ backwards.
+ * BUG 13799: 'samba-tool domain schemaupgrade' uses relax control and skips
+ the schemaInfo update provision.
+ * BUG 13916: dsdb_audit: avoid printing "... remote host [Unknown]
+ SID [(NULL SID)] ..."
+ * BUG 13917: python/ntacls: We only need security.SEC_STD_READ_CONTROL in
+ order to get the ACL.
+
+o Shyamsunder Rathi <shyam.rathi at nutanix.com>
+ * BUG 13947: s3:loadparm: Ensure to truncate FS Volume Label at multibyte
+ boundary.
+
+o Andreas Schneider <asn at samba.org>
+ * BUG 13939: Using Kerberos credentials to print using spoolss doesn't work.
+
+o Lukas Slebodnik <lslebodn at fedoraproject.org>
+ * BUG 13998: wafsamba: Use native waf timer.
+
+o Rafael David Tinoco <rafaeldtinoco at ubuntu.com>
+ * BUG 13984: ctdb-scripts: Fix tcp_tw_recycle existence check.
+
+
+#######################################
+Reporting bugs & Development Discussion
+#######################################
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical IRC channel on irc.freenode.net.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored. All bug reports should
+be filed under the "Samba 4.1 and newer" product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+======================================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+======================================================================
+
+
+Release notes for older releases follow:
+----------------------------------------
+
+ ==============================
Release Notes for Samba 4.10.5
June 19, 2019
==============================
@@ -55,8 +162,8 @@ database (https://bugzilla.samba.org/).
======================================================================
-Release notes for older releases follow:
-----------------------------------------
+----------------------------------------------------------------------
+
==============================
Release Notes for Samba 4.10.4
diff --git a/buildtools/wafsamba/samba_deps.py b/buildtools/wafsamba/samba_deps.py
index f8c38809bd2..03c37079a8c 100644
--- a/buildtools/wafsamba/samba_deps.py
+++ b/buildtools/wafsamba/samba_deps.py
@@ -1,6 +1,6 @@
# Samba automatic dependency handling and project rules
-import os, sys, re, time
+import os, sys, re
from waflib import Build, Options, Logs, Utils, Errors
from waflib.Logs import debug
@@ -1102,8 +1102,7 @@ def check_project_rules(bld):
if not force_project_rules and load_samba_deps(bld, tgt_list):
return
- global tstart
- tstart = time.clock()
+ timer = Utils.Timer()
bld.new_rules = True
Logs.info("Checking project rules ...")
@@ -1112,26 +1111,26 @@ def check_project_rules(bld):
expand_subsystem_deps(bld)
- debug("deps: expand_subsystem_deps: %f" % (time.clock() - tstart))
+ debug("deps: expand_subsystem_deps: %s" % str(timer))
replace_grouping_libraries(bld, tgt_list)
- debug("deps: replace_grouping_libraries: %f" % (time.clock() - tstart))
+ debug("deps: replace_grouping_libraries: %s" % str(timer))
build_direct_deps(bld, tgt_list)
- debug("deps: build_direct_deps: %f" % (time.clock() - tstart))
+ debug("deps: build_direct_deps: %s" % str(timer))
break_dependency_loops(bld, tgt_list)
- debug("deps: break_dependency_loops: %f" % (time.clock() - tstart))
+ debug("deps: break_dependency_loops: %s" % str(timer))
if Options.options.SHOWDEPS:
show_dependencies(bld, Options.options.SHOWDEPS, set())
calculate_final_deps(bld, tgt_list, loops)
- debug("deps: calculate_final_deps: %f" % (time.clock() - tstart))
+ debug("deps: calculate_final_deps: %s" % str(timer))
if Options.options.SHOW_DUPLICATES:
show_object_duplicates(bld, tgt_list)
@@ -1140,7 +1139,7 @@ def check_project_rules(bld):
for f in [ build_dependencies, build_includes, add_init_functions ]:
debug('deps: project rules checking %s', f)
for t in tgt_list: f(t)
- debug("deps: %s: %f" % (f, time.clock() - tstart))
+ debug("deps: %s: %s" % (f, str(timer)))
debug('deps: project rules stage1 completed')
@@ -1148,17 +1147,17 @@ def check_project_rules(bld):
Logs.error("Duplicate sources present - aborting")
sys.exit(1)
- debug("deps: check_duplicate_sources: %f" % (time.clock() - tstart))
+ debug("deps: check_duplicate_sources: %s" % str(timer))
if not bld.check_group_ordering(tgt_list):
Logs.error("Bad group ordering - aborting")
sys.exit(1)
- debug("deps: check_group_ordering: %f" % (time.clock() - tstart))
+ debug("deps: check_group_ordering: %s" % str(timer))
show_final_deps(bld, tgt_list)
- debug("deps: show_final_deps: %f" % (time.clock() - tstart))
+ debug("deps: show_final_deps: %s" % str(timer))
debug('deps: project rules checking completed - %u targets checked',
len(tgt_list))
@@ -1166,7 +1165,7 @@ def check_project_rules(bld):
if not bld.is_install:
save_samba_deps(bld, tgt_list)
- debug("deps: save_samba_deps: %f" % (time.clock() - tstart))
+ debug("deps: save_samba_deps: %s" % str(timer))
Logs.info("Project rules pass")
diff --git a/ctdb/config/nfs-linux-kernel-callout b/ctdb/config/nfs-linux-kernel-callout
index 3d1dc63c590..12ed17c6d9e 100755
--- a/ctdb/config/nfs-linux-kernel-callout
+++ b/ctdb/config/nfs-linux-kernel-callout
@@ -281,8 +281,8 @@ nfs_startup ()
basic_stop "nfs" || true
basic_start "nfs"
_f="${PROCFS_PATH}/sys/net/ipv4/tcp_tw_recycle"
- if [ "$_f" ] ; then
- echo 1 >"$_f"
+ if [ -f "$_f" ] ; then
+ echo 1 >"$_f"
fi
}
diff --git a/docs-xml/manpages/rpcclient.1.xml b/docs-xml/manpages/rpcclient.1.xml
index 1e167f8437c..93983ad8388 100644
--- a/docs-xml/manpages/rpcclient.1.xml
+++ b/docs-xml/manpages/rpcclient.1.xml
@@ -29,7 +29,7 @@
<arg choice="opt">-U username[%password]</arg>
<arg choice="opt">-W workgroup</arg>
<arg choice="opt">-I destinationIP</arg>
- <arg choice="req">server</arg>
+ <arg choice="req">BINDING-STRING|HOST</arg>
</cmdsynopsis>
</refsynopsisdiv>
@@ -52,12 +52,72 @@
<variablelist>
<varlistentry>
- <term>server</term>
- <listitem><para>NetBIOS name of Server to which to connect.
- The server can be any SMB/CIFS server. The name is
- resolved using the <smbconfoption name="name resolve order"/> line from <citerefentry><refentrytitle>smb.conf</refentrytitle>
- <manvolnum>5</manvolnum></citerefentry>.</para></listitem>
- </varlistentry>
+ <term>BINDING-STRING|HOST</term>
+ <listitem>
+ <para>When connecting to a dcerpc service you need to
+ specify a binding string.</para>
+
+ <para>The format is:</para>
+
+ <para>TRANSPORT:host[options]</para>
+
+ <para>where TRANSPORT is either ncacn_np (named pipes) for SMB or
+ ncacn_ip_tcp for DCERPC over TCP/IP.</para>
+
+ <para>"host" is an IP or hostname or netbios name. If the binding
+ string identifies the server side of an endpoint, "host" may be
+ an empty string. See below for more details.</para>
+
+ <para>"options" can include a SMB pipe name if using the ncacn_np
+ transport or a TCP port number if using the ncacn_ip_tcp transport,
+ otherwise they will be auto-determined.</para>
+
+ <para>Examples:</para>
+
+ <itemizedlist>
+ <listitem><para><parameter moreinfo="none">ncacn_ip_tcp:samba.example.com[1024]</parameter></para></listitem>
+ <listitem><para><parameter moreinfo="none">ncacn_ip_tcp:samba.example.com[sign,seal,krb5]</parameter></para></listitem>
+ <listitem><para><parameter moreinfo="none">ncacn_ip_tcp:samba.example.com[sign,spnego]</parameter></para></listitem>
+ <listitem><para><parameter moreinfo="none">ncacn_np:samba.example.com</parameter></para></listitem>
+ <listitem><para><parameter moreinfo="none">ncacn_np:samba.example.com[samr]</parameter></para></listitem>
+ <listitem><para><parameter moreinfo="none">ncacn_np:samba.example.com[samr,sign,print]</parameter></para></listitem>
+ <listitem><para><parameter moreinfo="none">ncalrpc:/path/to/unix/socket</parameter></para></listitem>
+ <listitem><para><parameter moreinfo="none">//SAMBA</parameter></para></listitem>
+ </itemizedlist>
+
+ <para>The supported transports are:</para>
+
+ <itemizedlist>
+ <listitem><para><parameter moreinfo="none">ncacn_np</parameter> - Connect using named pipes</para></listitem>
+ <listitem><para><parameter moreinfo="none">ncacn_ip_tcp</parameter> - Connect over TCP/IP</para></listitem>
+ <listitem><para><parameter moreinfo="none">ncalrpc</parameter> - Connect over local RPC (unix sockets)</para></listitem>
+ </itemizedlist>
+
+ <para>The supported options are:</para>
+
+ <itemizedlist>
+ <listitem><para><parameter moreinfo="none">sign</parameter> - Use RPC integrety autentication level</para></listitem>
+ <listitem><para><parameter moreinfo="none">seal</parameter> - Enable RPC privacy (encryption) autentication level</para></listitem>
+ <listitem><para><parameter moreinfo="none">connect</parameter> - Use RPC connect level authentication (auth, but no sign or seal)</para></listitem>
+ <listitem><para><parameter moreinfo="none">packet</parameter> - Use RPC packet authentication level</para></listitem>
+
+ <listitem><para><parameter moreinfo="none">spnego</parameter> - Use SPNEGO instead of NTLMSSP authentication</para></listitem>
+ <listitem><para><parameter moreinfo="none">ntlm</parameter> - Use plain NTLM instead of SPNEGO or NTLMSSP</para></listitem>
+ <listitem><para><parameter moreinfo="none">krb5</parameter> - Use Kerberos instead of NTLMSSP authentication</para></listitem>
+ <listitem><para><parameter moreinfo="none">schannel</parameter> - Create a schannel connection</para></listitem>
+
+ <listitem><para><parameter moreinfo="none">smb1</parameter> - Use SMB1 for named pipes</para></listitem>
+ <listitem><para><parameter moreinfo="none">smb2</parameter> - Use SMB2/3 for named pipes</para></listitem>
+
+ <listitem><para><parameter moreinfo="none">validate</parameter> - Enable the NDR validator</para></listitem>
+ <listitem><para><parameter moreinfo="none">print</parameter> - Enable debug output of packets</para></listitem>
+ <listitem><para><parameter moreinfo="none">padcheck</parameter> - Check reply data for non-zero pad bytes</para></listitem>
+ <listitem><para><parameter moreinfo="none">bigendian</parameter> - Use big endian for RPC</para></listitem>
+ <listitem><para><parameter moreinfo="none">ndr64</parameter> - Use NDR64 for RPC</para></listitem>
+ </itemizedlist>
+
+ </listitem>
+ </varlistentry>
<varlistentry>
diff --git a/docs-xml/smbdotconf/misc/dfreecommand.xml b/docs-xml/smbdotconf/misc/dfreecommand.xml
index a678bb44adf..a1eed4948a6 100644
--- a/docs-xml/smbdotconf/misc/dfreecommand.xml
+++ b/docs-xml/smbdotconf/misc/dfreecommand.xml
@@ -40,14 +40,16 @@
Where the script dfree (which must be made executable) could be:
<programlisting format="linespecific">
#!/bin/sh
-df $1 | tail -1 | awk '{print $(NF-4),$(NF-2)}'
+df "$1" | tail -1 | awk '{print $(NF-4),$(NF-2)}'
</programlisting>
or perhaps (on Sys V based systems):
<programlisting format="linespecific">
#!/bin/sh
-/usr/bin/df -k $1 | tail -1 | awk '{print $3" "$5}'
+/usr/bin/df -k "$1" | tail -1 | awk '{print $3" "$5}'
</programlisting>
Note that you may have to replace the command names with full path names on some systems.
+ Also note the arguments passed into the script should be quoted inside the script in case they
+ contain special characters such as spaces or newlines.
</para>
<para>
diff --git a/docs-xml/smbdotconf/security/lanmanauth.xml b/docs-xml/smbdotconf/security/lanmanauth.xml
index a9e4f88b89f..97f2fb04dcb 100644
--- a/docs-xml/smbdotconf/security/lanmanauth.xml
+++ b/docs-xml/smbdotconf/security/lanmanauth.xml
@@ -24,16 +24,18 @@
auth is re-enabled later on.
</para>
- <para>Unlike the <command moreinfo="none">encrypt
- passwords</command> option, this parameter cannot alter client
+ <para>Unlike the <parameter moreinfo="none">encrypt
+ passwords</parameter> option, this parameter cannot alter client
behaviour, and the LANMAN response will still be sent over the
network. See the <command moreinfo="none">client lanman
auth</command> to disable this for Samba's clients (such as smbclient)</para>
- <para>If this option, and <command moreinfo="none">ntlm
- auth</command> are both disabled, then only NTLMv2 logins will be
- permited. Not all clients support NTLMv2, and most will require
- special configuration to use it.</para>
+ <para>This parameter is overriden by <parameter moreinfo="none">ntlm
+ auth</parameter>, so unless that it is also set to
+ <constant>ntlmv1-permitted</constant> or <constant>yes</constant>,
+ then only NTLMv2 logins will be permited and no LM hash will be
+ stored. All modern clients support NTLMv2, and but some older
+ clients require special configuration to use it.</para>
</description>
<value type="default">no</value>
diff --git a/docs-xml/smbdotconf/security/ntlmauth.xml b/docs-xml/smbdotconf/security/ntlmauth.xml
index dceae44d81b..dd5dbaea117 100644
--- a/docs-xml/smbdotconf/security/ntlmauth.xml
+++ b/docs-xml/smbdotconf/security/ntlmauth.xml
@@ -19,11 +19,9 @@
control NTLM authentiation for domain users, this must option must
be configured on each DC.</para>
- <para>By default with <command moreinfo="none">lanman
- auth</command> set to <constant>no</constant> and
- <command moreinfo="none">ntlm auth</command> set to
+ <para>By default with <command moreinfo="none">ntlm auth</command> set to
<constant>ntlmv2-only</constant> only NTLMv2 logins will be
- permited. Most clients support NTLMv2 by default, but some older
+ permited. All modern clients support NTLMv2 by default, but some older
clients will require special configuration to use it.</para>
<para>The primary user of NTLMv1 is MSCHAPv2 for VPNs and 802.1x.</para>
@@ -35,6 +33,9 @@
<para><constant>ntlmv1-permitted</constant>
(alias <constant>yes</constant>) - Allow NTLMv1 and above for all clients.</para>
+ <para>This is the required setting for to enable the <parameter
+ moreinfo="none">lanman auth</parameter> parameter.</para>
+
</listitem>
<listitem>
diff --git a/lib/ldb/ABI/ldb-1.5.1.sigs b/lib/ldb/ABI/ldb-1.5.5.sigs
similarity index 100%
copy from lib/ldb/ABI/ldb-1.5.1.sigs
copy to lib/ldb/ABI/ldb-1.5.5.sigs
diff --git a/lib/ldb/ABI/pyldb-util-1.1.10.sigs b/lib/ldb/ABI/pyldb-util-1.5.5.sigs
similarity index 100%
copy from lib/ldb/ABI/pyldb-util-1.1.10.sigs
copy to lib/ldb/ABI/pyldb-util-1.5.5.sigs
diff --git a/lib/ldb/ABI/pyldb-util-1.1.10.sigs b/lib/ldb/ABI/pyldb-util.py3-1.5.5.sigs
similarity index 100%
copy from lib/ldb/ABI/pyldb-util-1.1.10.sigs
copy to lib/ldb/ABI/pyldb-util.py3-1.5.5.sigs
diff --git a/lib/ldb/include/ldb_module.h b/lib/ldb/include/ldb_module.h
index 6ba2a49300a..c73fc37f3aa 100644
--- a/lib/ldb/include/ldb_module.h
+++ b/lib/ldb/include/ldb_module.h
@@ -103,6 +103,11 @@ struct ldb_module;
* attributes, not to be printed in trace messages */
#define LDB_SECRET_ATTRIBUTE_LIST_OPAQUE "LDB_SECRET_ATTRIBUTE_LIST"
+/*
+ * The scheme to be used for referral entries, i.e. ldap or ldaps
+ */
+#define LDAP_REFERRAL_SCHEME_OPAQUE "LDAP_REFERRAL_SCHEME"
+
/*
these function pointers define the operations that a ldb module can intercept
*/
diff --git a/lib/ldb/ldb_key_value/ldb_kv.c b/lib/ldb/ldb_key_value/ldb_kv.c
index d4f896736a2..31bdfb532f2 100644
--- a/lib/ldb/ldb_key_value/ldb_kv.c
+++ b/lib/ldb/ldb_key_value/ldb_kv.c
@@ -63,12 +63,22 @@ struct ldb_kv_req_spy {
* Determine if this key could hold a record. We allow the new GUID
* index, the old DN index and a possible future ID=
*/
-bool ldb_kv_key_is_record(struct ldb_val key)
+bool ldb_kv_key_is_normal_record(struct ldb_val key)
{
if (key.length < 4) {
return false;
}
+ /*
+ * @ records are not normal records, we don't want to index
+ * them nor search on them
+ */
+ if (key.length > 4 &&
+ memcmp(key.data, "DN=@", 4) == 0) {
+ return false;
+ }
+
+ /* All other DN= records are however */
if (memcmp(key.data, "DN=", 3) == 0) {
return true;
}
diff --git a/lib/ldb/ldb_key_value/ldb_kv.h b/lib/ldb/ldb_key_value/ldb_kv.h
index 5070a588c00..cbc5213c765 100644
--- a/lib/ldb/ldb_key_value/ldb_kv.h
+++ b/lib/ldb/ldb_key_value/ldb_kv.h
@@ -231,10 +231,11 @@ int ldb_kv_search(struct ldb_kv_context *ctx);
/*
* The following definitions come from lib/ldb/ldb_key_value/ldb_kv.c */
/*
- * Determine if this key could hold a record. We allow the new GUID
- * index, the old DN index and a possible future ID=
+ * Determine if this key could hold a normal record. We allow the new
+ * GUID index, the old DN index and a possible future ID= but not
+ * DN=@.
*/
-bool ldb_kv_key_is_record(struct ldb_val key);
+bool ldb_kv_key_is_normal_record(struct ldb_val key);
struct ldb_val ldb_kv_key_dn(struct ldb_module *module,
TALLOC_CTX *mem_ctx,
struct ldb_dn *dn);
diff --git a/lib/ldb/ldb_key_value/ldb_kv_index.c b/lib/ldb/ldb_key_value/ldb_kv_index.c
index 6d02c91a597..af02107b5d2 100644
--- a/lib/ldb/ldb_key_value/ldb_kv_index.c
+++ b/lib/ldb/ldb_key_value/ldb_kv_index.c
@@ -2925,12 +2925,7 @@ static int re_key(struct ldb_kv_private *ldb_kv,
--
Samba Shared Repository
More information about the samba-cvs
mailing list