The branch, v4-1-test has been updated via bef3fc8 tsocket: Pass the full port number to getaddrinfo(). via 3d20d20 smbtorture: Make cracksname easier to debug by outputing the offered format via 74dd365 Fix a missing parenthesis in the LDAP search request via af41eb6 docs-xml/manpages/smbclient.1.xml: fix case of -T flag in example. via 59462f2 winbindd and nmbd don't set their umask to zero on startup like smbd does. via 011dc52 sharesec: Document --view-all via 4da8984 sharesec: Document -v/--view via 780e2b0 sharesec: Implement --view-all via 4ee73fd s3:smbd/close remove filesystem lock before removing sharemode via 935992f s3:smbd/close use common exit path via 245b5ff s3:lib add mapping for ETXTBSY via 526f0df s3-ctdb: Fix auto-enabling of CTDB readonly support via c9924eb s3:smbd/aio mark file as modified in the SMB2 case via e65c532 nsswitch: fix a comment via 48ae86f heimdal_build: Add missing dep on samba4kgetcred via 7bf8fc7 torture: Add tests for LDAP substring search with no strings provided via 70cb7fd libcli/ldap: Cope with substring match with no chunks in ldap_push_filter via 4ca9639 ldb: bump version to allow a depencency on the substring crash fix via 1a279f7 ldb: Cope with substring match with no chunks in ldb_filter_from_tree via 32d0b75 Note how vfs_gpfs uses the "acl map full control" parameter. via 056e636 Add missing documentation for vfs_zfsacl. via b00d9d2 Use existing "acl map full control" parameter to control the adding of the DELETE_CHILD parameter on NFSv4/ZFS/GPFS file ACE's. via 398ee49 s3/smbclient: fix incorrect command tab completions via d544d17 build: Remove the struct MD5Context conf file check. via 9b88166 lsa4: Fix a set but unused variable warning via 0ee8650 ldb: Ensure not to segfault on a filter such as (mail=) via bbe09b3 Add missing SMB2/SMB3 share capability flag define via 06e5401 lsa4: Fix a set but unused variable warning via 7d5daaa lsa4: Remove an unused variable via 2448fe3 lsa4: Remove an unused variable via 720b4d3 lsa4: Remove an unused variable via 6c49f90 Fix glusterfs backend crash found at the Microsoft interop event. via b96cea4 Fix some blank line endings via d2642cb dns: Fix CID 1034969 Uninitialized scalar variable via ad86e2a s3:passdb/pdb_util make pdb_create_builtin consider whether backend deals with BUILTIN via 2d2d13e s3:passdb add a gid argument to pdb_create_builtin_alias via 212baed s3:utils/net_sam make use of pdb_create_builtin helper function via df41835 s3:passdb expose pdb_create_builtin function via 6a048b4 s3:passdb/pdb_tdb add parameter to control handling of BUILTIN via 324b3cc s3:passdb/pdb_ldap remove an unnecessary check via 01e094b s3:passdb/pdb_ldap make the module handle well-known via 987de8a s3:passdb make pdb_sid_to_id honor backend responsibilities via 55dd9e6 s3:passdb/pdb_samba_dsdb make the module handle well-known via 56df37d s3:lib/util_sid_passdb make use of pdb_is_responsible_for_* functions via 0ad38d7 s3:passdb add pdb_*_is_responsible_for* functions via 9eb67f2 s3:passdb add idmap control functions via 0ad89c3 s3:passdb/samba_dsdb fix some compiler warnings via e211b5c s3:passdb/samba_dsdb fix a compiler warning via e17bc56 s3:utils/net_lookup fix a format-error via 88c72fc s4-winbind: Add special case for BUILTIN domain via d4091c5 Fix bug #9166 - Starting smbd or nmbd with stdin from /dev/null results in "EOF on stdin" via fc13489 build: Build with system md5.h on OpenIndiana via 5c4772e Re-add umask(0) code removed by commit 3a7c2777ee0de37d758fe81d67d6836a8354825e via fcc43cf Fix xx_path() - return check from mkdir() is incorrect. via d924da9 docs/vfs_catia: rework man page via 8ac17ff docs/vfs_catia: remove space-char mapping recommendation via 8d75965 vfs_catia: use translate direction enum instead of int via 4cd7e1d vfs_streams_xattr: Do not attempt to write empty attribute twice via 9f25ad4 librpc: Shorten dcerpc_binding_handle_call a bit via 7982d2a librpc: Use tevent_req_poll_ntstatus via 20bede7 libsmbclient: Fix typos via fffb701 tsocket: Add some const via cf86f3e gencache: Simplify gencache_init a bit via c71d6ec genrand: Slightly simplify do_reseed via dd0e38b tevent: Fix Coverity ID 989236 Operands don't affect result via f1781ad dsdb: remove a wrong comment in dsdb_check_access_on_dn_internal() via 122214b dsdb: don't allow a missing nTSecurityDescriptor in dsdb_get_sd_from_ldb_message() via 5959aff dsdb: use AS_SYSTEM | SHOW_RECYCLED for access check searches via afb2bcc s4:smb_server: call irpc_add_name() at startup (bug #9905) via 12d9728 s4:rpc_server: call irpc_add_name() at startup (bug #9905) via a1aeeee s4:ldap_server: call irpc_add_name() at startup (bug #9905) via 6c8cccc dsdb repl_meta_data: Use dsdb_request_add_controls() from 5c488cf Initialize the file descriptor in the files_struct before trying to close it. Otherwise, if one of the SETXATTR calls had failed, the close() call will return EBADF.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-1-test - Log ----------------------------------------------------------------- commit bef3fc8527114adbaecaf6a7bbf17d49e598bf60 Author: Andreas Schneider <a...@samba.org> Date: Mon Jul 1 17:05:33 2013 +0200 tsocket: Pass the full port number to getaddrinfo(). The code stripped port numbers above 9999 down to 4 digits. Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Jeremy Allison <j...@samba.org> Autobuild-User(master): Jeremy Allison <j...@samba.org> Autobuild-Date(master): Mon Jul 1 21:10:53 CEST 2013 on sn-devel-104 Autobuild-User(v4-1-test): Karolin Seeger <ksee...@samba.org> Autobuild-Date(v4-1-test): Tue Jul 2 13:07:35 CEST 2013 on sn-devel-104 ----------------------------------------------------------------------- Summary of changes: auth/credentials/credentials_ntlm.c | 2 +- auth/ntlmssp/ntlmssp_server.c | 2 +- auth/ntlmssp/ntlmssp_sign.c | 2 +- docs-xml/manpages/sharesec.1.xml | 15 + docs-xml/manpages/smbclient.1.xml | 2 +- docs-xml/manpages/vfs_catia.8.xml | 77 ++-- docs-xml/manpages/vfs_gpfs.8.xml | 10 + docs-xml/manpages/vfs_zfsacl.8.xml | 160 ++++++ lib/crypto/hmacmd5.c | 4 +- lib/crypto/hmacmd5.h | 2 +- lib/crypto/md5.c | 6 +- lib/crypto/md5test.c | 2 +- lib/crypto/wscript_build | 2 +- lib/ldb/ABI/{ldb-1.1.14.sigs => ldb-1.1.16.sigs} | 0 ...ldb-util-1.1.10.sigs => pyldb-util-1.1.16.sigs} | 0 lib/ldb/common/ldb_match.c | 5 + lib/ldb/common/ldb_parse.c | 2 +- lib/ldb/wscript | 2 +- lib/tevent/tevent_poll.c | 2 +- lib/tevent/tevent_signal.c | 8 +- lib/tsocket/tsocket.h | 4 +- lib/tsocket/tsocket_bsd.c | 4 +- lib/util/genrand.c | 24 +- libcli/auth/credentials.c | 2 +- libcli/auth/schannel_sign.c | 2 +- libcli/auth/smbencrypt.c | 8 +- libcli/drsuapi/repl_decrypt.c | 4 +- libcli/ldap/ldap_message.c | 41 +- libcli/smb/smb2_constants.h | 1 + libcli/smb/smb_signing.c | 2 +- librpc/rpc/binding_handle.c | 22 +- nsswitch/pam_winbind.h | 2 +- source3/client/client.c | 16 +- source3/groupdb/mapping.c | 34 +- source3/include/libsmb_internal.h | 31 +- source3/include/libsmbclient.h | 342 ++++++------ source3/include/passdb.h | 17 +- source3/lib/errmap_unix.c | 3 + source3/lib/gencache.c | 29 +- source3/lib/util.c | 11 +- source3/lib/util_sid_passdb.c | 49 ++- source3/lib/util_sock.c | 9 +- source3/libsmb/libsmb_cache.c | 22 +- source3/libsmb/libsmb_compat.c | 16 +- source3/libsmb/libsmb_context.c | 6 +- source3/libsmb/libsmb_file.c | 14 +- source3/libsmb/libsmb_misc.c | 10 +- source3/libsmb/libsmb_path.c | 6 +- source3/libsmb/libsmb_printjob.c | 4 +- source3/libsmb/libsmb_server.c | 18 +- source3/libsmb/libsmb_setget.c | 6 +- source3/libsmb/libsmb_stat.c | 6 +- source3/libsmb/ntlmssp.c | 2 +- source3/modules/nfs4_acls.c | 19 +- source3/modules/vfs_catia.c | 2 +- source3/modules/vfs_glusterfs.c | 6 +- source3/modules/vfs_streams_xattr.c | 44 +- source3/nmbd/nmbd.c | 20 +- source3/passdb/ABI/pdb-0.sigs | 8 +- source3/passdb/pdb_interface.c | 81 +++ source3/passdb/pdb_ldap.c | 11 +- source3/passdb/pdb_samba_dsdb.c | 13 +- source3/passdb/pdb_tdb.c | 10 + source3/passdb/pdb_util.c | 43 ++- source3/rpc_client/init_samr.c | 2 +- source3/smbd/aio.c | 2 + source3/smbd/close.c | 20 +- source3/smbd/server.c | 14 +- source3/utils/net_lookup.c | 2 +- source3/utils/net_sam.c | 2 +- source3/utils/sharesec.c | 35 ++- source3/winbindd/winbindd.c | 21 +- source3/wscript | 28 + source4/dsdb/common/dsdb_access.c | 19 +- source4/dsdb/samdb/ldb_modules/password_hash.c | 2 +- source4/dsdb/samdb/ldb_modules/repl_meta_data.c | 19 +- source4/heimdal_build/wscript_build | 2 +- source4/ldap_server/ldap_server.c | 3 + source4/libcli/raw/smb_signing.c | 4 +- source4/libnet/libnet_passwd.c | 4 +- source4/ntp_signd/ntp_signd.c | 2 +- source4/rpc_server/dnsserver/dnsutils.c | 2 +- source4/rpc_server/drsuapi/dcesrv_drsuapi.c | 2 +- source4/rpc_server/lsa/dcesrv_lsa.c | 604 ++++++++++---------- source4/rpc_server/samr/samr_password.c | 2 +- source4/rpc_server/service_rpc.c | 1 + source4/smb_server/service_smb.c | 1 + source4/smbd/server.c | 17 +- source4/torture/ldap/basic.c | 110 ++++ source4/torture/ntp/ntp_signd.c | 2 +- source4/torture/rpc/drsuapi_cracknames.c | 67 ++- source4/torture/rpc/samba3rpc.c | 2 +- source4/torture/rpc/samlogon.c | 2 +- source4/torture/rpc/samr.c | 8 +- source4/winbind/wb_dom_info.c | 5 +- source4/winbind/wb_init_domain.c | 38 +- source4/winbind/wb_sid2domain.c | 14 + 97 files changed, 1518 insertions(+), 869 deletions(-) create mode 100644 docs-xml/manpages/vfs_zfsacl.8.xml copy lib/ldb/ABI/{ldb-1.1.14.sigs => ldb-1.1.16.sigs} (100%) copy lib/ldb/ABI/{pyldb-util-1.1.10.sigs => pyldb-util-1.1.16.sigs} (100%) Changeset truncated at 500 lines: diff --git a/auth/credentials/credentials_ntlm.c b/auth/credentials/credentials_ntlm.c index 2d6d6f6..8f143bf 100644 --- a/auth/credentials/credentials_ntlm.c +++ b/auth/credentials/credentials_ntlm.c @@ -110,7 +110,7 @@ _PUBLIC_ NTSTATUS cli_credentials_get_ntlm_response(struct cli_credentials *cred /* LM Key is incompatible... */ *flags &= ~CLI_CRED_LANMAN_AUTH; } else if (*flags & CLI_CRED_NTLM2) { - struct MD5Context md5_session_nonce_ctx; + MD5_CTX md5_session_nonce_ctx; uint8_t session_nonce[16]; uint8_t session_nonce_hash[16]; uint8_t user_session_key[16]; diff --git a/auth/ntlmssp/ntlmssp_server.c b/auth/ntlmssp/ntlmssp_server.c index 442bd5d..57179e1 100644 --- a/auth/ntlmssp/ntlmssp_server.c +++ b/auth/ntlmssp/ntlmssp_server.c @@ -369,7 +369,7 @@ static NTSTATUS ntlmssp_server_preauth(struct gensec_security *gensec_security, */ if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_NTLM2) { if (ntlmssp_state->nt_resp.length == 24 && ntlmssp_state->lm_resp.length == 24) { - struct MD5Context md5_session_nonce_ctx; + MD5_CTX md5_session_nonce_ctx; state->doing_ntlm2 = true; memcpy(state->session_nonce, ntlmssp_state->internal_chal.data, 8); diff --git a/auth/ntlmssp/ntlmssp_sign.c b/auth/ntlmssp/ntlmssp_sign.c index 4d07a81..c0be914 100644 --- a/auth/ntlmssp/ntlmssp_sign.c +++ b/auth/ntlmssp/ntlmssp_sign.c @@ -51,7 +51,7 @@ static void calc_ntlmv2_key(uint8_t subkey[16], DATA_BLOB session_key, const char *constant) { - struct MD5Context ctx3; + MD5_CTX ctx3; MD5Init(&ctx3); MD5Update(&ctx3, session_key.data, session_key.length); MD5Update(&ctx3, (const uint8_t *)constant, strlen(constant)+1); diff --git a/docs-xml/manpages/sharesec.1.xml b/docs-xml/manpages/sharesec.1.xml index 5cd4a48..b983408 100644 --- a/docs-xml/manpages/sharesec.1.xml +++ b/docs-xml/manpages/sharesec.1.xml @@ -26,6 +26,7 @@ <arg choice="opt">-R, --replace=ACLs</arg> <arg choice="opt">-D, --delete</arg> <arg choice="opt">-v, --view</arg> + <arg choice="opt">--view-all</arg> <arg choice="opt">-M, --machine-sid</arg> <arg choice="opt">-F, --force</arg> <arg choice="opt">-d, --debuglevel=DEBUGLEVEL</arg> @@ -98,6 +99,20 @@ </para></listitem> </varlistentry> + <varlistentry> + <term>-v|--view</term> + <listitem><para> + List a share acl + </para></listitem> + </varlistentry> + + <varlistentry> + <term>--view-all</term> + <listitem><para> + List all share acls + </para></listitem> + </varlistentry> + &stdarg.help; &stdarg.server.debug; &popt.common.samba; diff --git a/docs-xml/manpages/smbclient.1.xml b/docs-xml/manpages/smbclient.1.xml index d7a017c..328fd50 100644 --- a/docs-xml/manpages/smbclient.1.xml +++ b/docs-xml/manpages/smbclient.1.xml @@ -446,7 +446,7 @@ <para>Create the same tar file as above, but now use a DOS path name. </para> - <para><command>smbclient //mypc/myshare "" -N -tc backup.tar + <para><command>smbclient //mypc/myshare "" -N -Tc backup.tar users\edocs </command></para> <para>Create a tar file of the files listed in the file <filename>tarlist</filename>.</para> diff --git a/docs-xml/manpages/vfs_catia.8.xml b/docs-xml/manpages/vfs_catia.8.xml index b18dc48..02a9473 100644 --- a/docs-xml/manpages/vfs_catia.8.xml +++ b/docs-xml/manpages/vfs_catia.8.xml @@ -37,35 +37,38 @@ <para>This module is stackable.</para> - <para>Up to samba version 3.4.x a fixed character mapping was used. - The invalid windows characters \ / : * ? " < > | and the blank - character were mapped in a hardcoded way. + <para>The parameter "catia:mappings" specifies the mapping on a + per-character basis, see below. </para> +</refsect1> - <para>Starting with samba-3.5.0 a more flexible mapping was introduced. - The new parameter "catia:mappings" now specifies the mapping on a char by char - basis using the notation: unix hex char 0x.. : windows hex char 0x.. - Multiple character mappings are separated by a comma. - </para> +<refsect1> + <title>OPTIONS</title> + <variablelist> + <varlistentry> + <term>catia:mappings = SERVER_HEX_CHAR:CLIENT_HEX_CHAR + </term> + <listitem> + <para>SERVER_HEX_CHAR specifies a 0x prefixed hexedecimal + character code that, when included in a Samba server-side + filename, will be mapped to CLIENT_HEX_CHAR for the CIFS + client.</para> + <para>The same mapping occurs in the opposite direction. + Multiple character mappings are separated by a comma.</para> + </listitem> + </varlistentry> + </variablelist> </refsect1> + <refsect1> <title>EXAMPLES</title> - <para>Samba versions up to 3.4.x:</para> - <para>Map Catia filenames on the [CAD] share:</para> - -<programlisting> - <smbconfsection name="[CAD]"/> - <smbconfoption name="path">/data/cad</smbconfoption> - <smbconfoption name="vfs objects">catia</smbconfoption> -</programlisting> - - <para>Samba versions 3.5.0 and later:</para> - <para>Map Catia filenames on the [CAD] share:</para> + <para>Map server-side quotation-marks (") to client-side diaeresis + (¨) on filenames in the [CAD] share:</para> <programlisting> <smbconfsection name="[CAD]"/> @@ -74,25 +77,29 @@ <smbconfoption name="catia:mappings">0x22:0xa8</smbconfoption> </programlisting> - <para>To get the full formerly fixed mappings:</para> + <para>Perform comprehensive mapping of common Catia filename characters:</para> <programlisting> <smbconfsection name="[CAD]"/> <smbconfoption name="path">/data/cad</smbconfoption> <smbconfoption name="vfs objects">catia</smbconfoption> - <smbconfoption name="catia:mappings">0x22:0xa8,0x2a:0xa4,0x2f:0xf8,0x3a:0xf7,0x3c:0xab,0x3e:0xbb,0x3f:0xbf,0x5c:0xff,0x7c:0xa6,0x20:0xb1</smbconfoption> + <smbconfoption name="catia:mappings">0x22:0xa8,0x2a:0xa4,0x2f:0xf8,0x3a:0xf7,0x3c:0xab,0x3e:0xbb,0x3f:0xbf,0x5c:0xff,0x7c:0xa6</smbconfoption> </programlisting> - <para>Unix filename to be translated (Note that the path delimiter "/" is not used here): + <para>Server-side filename to be translated (Note that the path delimiter "/" is not used here): </para> - <para>a\a:a*a?a"a<a>a|a a</para> + <para>a\a:a*a?a"a<a>a|a</para> - <para>Resulting windows filename:</para> + <para>Resulting filename, as seen by the client:</para> - <para>aÿa÷a¤a¿a¨a«a»a¦a±a + <para>aÿa÷a¤a¿a¨a«a»a¦a </para> +</refsect1> - <para>Note that the character mapping must work in BOTH directions - (unix -> windows and windows -> unix) to get unique and existing file names! +<refsect1> + <title>CAVEATS</title> + + <para>Character mapping must work in BOTH directions (server -> + client and client -> server) to get unique and existing file names! </para> <para>A NOT working example:</para> @@ -104,20 +111,20 @@ <smbconfoption name="catia:mappings">0x3a:0x5f</smbconfoption> </programlisting> - <para>Here the colon ":" is mapped to the underscore "_".</para> - <para>Assuming a unix filename "a:should_work", which is well translated - to windows as "a_should_work".</para> - <para>BUT the reverse mapping from windows "a_should_work" to unix - will result in "a:should:work" - something like "file not found" - will be returned. - </para> + <para>Here the colon ":" is mapped to the underscore "_".</para> + <para>Assuming a server-side filename "a:should_work", which is + translated to "a_should_work" for the client.</para> + <para>BUT the reverse mapping from client "a_should_work" to server + will result in "a:should:work" - something like "file not found" + will be returned. + </para> </refsect1> <refsect1> <title>VERSION</title> - <para>This man page is correct for all versions up to 4.0.3 of the Samba suite. + <para>This man page is correct for Samba versions from 3.5.0 to 4.0.6. </para> </refsect1> diff --git a/docs-xml/manpages/vfs_gpfs.8.xml b/docs-xml/manpages/vfs_gpfs.8.xml index 7f560ca..d1243a9 100644 --- a/docs-xml/manpages/vfs_gpfs.8.xml +++ b/docs-xml/manpages/vfs_gpfs.8.xml @@ -48,6 +48,16 @@ are the responsibility of the underlying filesystem than of Samba. </para> + <para>This module makes use of the smb.conf parameter + <smbconfoption name="acl map full control">acl map full control</smbconfoption> + When set to yes (the default), this parameter will add in the FILE_DELETE_CHILD + bit on a returned ACE entry for a file (not a directory) that already + contains all file permissions except for FILE_DELETE and FILE_DELETE_CHILD. + This can prevent Windows applications that request GENERIC_ALL access + from getting ACCESS_DENIED errors when running against a filesystem + with NFSv4 compatible ACLs. + </para> + <para>This module is stackable.</para> <para>Since Samba 4.0 all options are per share options.</para> diff --git a/docs-xml/manpages/vfs_zfsacl.8.xml b/docs-xml/manpages/vfs_zfsacl.8.xml new file mode 100644 index 0000000..f56af1b --- /dev/null +++ b/docs-xml/manpages/vfs_zfsacl.8.xml @@ -0,0 +1,160 @@ +<?xml version="1.0" encoding="iso-8859-1"?> +<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc"> +<refentry id="vfs_zfsacl.8"> + +<refmeta> + <refentrytitle>vfs_zfsacl</refentrytitle> + <manvolnum>8</manvolnum> + <refmiscinfo class="source">Samba</refmiscinfo> + <refmiscinfo class="manual">System Administration tools</refmiscinfo> + <refmiscinfo class="version">4.0</refmiscinfo> +</refmeta> + + +<refnamediv> + <refname>vfs_zfsacl</refname> + <refpurpose>ZFS ACL samba module</refpurpose> +</refnamediv> + +<refsynopsisdiv> + <cmdsynopsis> + <command>vfs objects = zfsacl</command> + </cmdsynopsis> +</refsynopsisdiv> + +<refsect1> + <title>DESCRIPTION</title> + + <para>This VFS module is part of the + <citerefentry><refentrytitle>samba</refentrytitle> + <manvolnum>7</manvolnum></citerefentry> suite.</para> + + <para>The <command>zfsacl</command> VFS module is the home + for all ACL extensions that Samba requires for proper integration + with ZFS. + </para> + + <para>Currently the zfsacl vfs module provides extensions in following areas : + <itemizedlist> + <listitem><para>NFSv4 ACL Interfaces with configurable options for ZFS</para></listitem> + </itemizedlist> + </para> + + <para><command>NOTE:</command>This module follows the posix-acl behaviour + and hence allows permission stealing via chown. Samba might allow at a later + point in time, to restrict the chown via this module as such restrictions + are the responsibility of the underlying filesystem than of Samba. + </para> + + <para>This module makes use of the smb.conf parameter + <smbconfoption name="acl map full control">acl map full control</smbconfoption> + When set to yes (the default), this parameter will add in the FILE_DELETE_CHILD + bit on a returned ACE entry for a file (not a directory) that already + contains all file permissions except for FILE_DELETE and FILE_DELETE_CHILD. + This can prevent Windows applications that request GENERIC_ALL access + from getting ACCESS_DENIED errors when running against a filesystem + with NFSv4 compatible ACLs. + </para> + + <para>This module is stackable.</para> + + <para>Since Samba 4.0 all options are per share options.</para> + +</refsect1> + + +<refsect1> + <title>OPTIONS</title> + + <variablelist> + + <varlistentry> + + <term>nfs4:mode = [ simple | special ]</term> + <listitem> + <para> + Controls substitution of special IDs (OWNER@ and GROUP@) on ZFS. + The use of mode simple is recommended. + In this mode only non inheriting ACL entries for the file owner + and group are mapped to special IDs. + </para> + + <para>The following MODEs are understood by the module:</para> + <itemizedlist> + <listitem><para><command>simple(default)</command> - use OWNER@ and GROUP@ special IDs for non inheriting ACEs only.</para></listitem> + <listitem><para><command>special(deprecated)</command> - use OWNER@ and GROUP@ special IDs in ACEs for all file owner and group ACEs.</para></listitem> + </itemizedlist> + </listitem> + + </varlistentry> + + + <varlistentry> + <term>nfs4:acedup = [dontcare|reject|ignore|merge]</term> + <listitem> + <para> + This parameter configures how Samba handles duplicate ACEs encountered in ZFS ACLs. + ZFS allows/creates duplicate ACE for different bits for same ID. + </para> + + <para>Following is the behaviour of Samba for different values :</para> + <itemizedlist> + <listitem><para><command>dontcare (default)</command> - copy the ACEs as they come</para></listitem> + <listitem><para><command>reject</command> - stop operation and exit with error on ACL set op</para></listitem> + <listitem><para><command>ignore</command> - don't include the second matching ACE</para></listitem> + <listitem><para><command>merge</command> - bitwise OR the 2 ace.flag fields and 2 ace.mask fields of the 2 duplicate ACEs into 1 ACE</para></listitem> + </itemizedlist> + </listitem> + </varlistentry> + + + <varlistentry> + <term>nfs4:chown = [yes|no]</term> + <listitem> + <para>This parameter allows enabling or disabling the chown supported + by the underlying filesystem. This parameter should be enabled with + care as it might leave your system insecure.</para> + <para>Some filesystems allow chown as a) giving b) stealing. It is the latter + that is considered a risk.</para> + + <para>Following is the behaviour of Samba for different values : </para> + <itemizedlist> + <listitem><para><command>yes</command> - Enable chown if as supported by the under filesystem</para></listitem> + <listitem><para><command>no (default)</command> - Disable chown</para></listitem> + </itemizedlist> + </listitem> + </varlistentry> + + </variablelist> +</refsect1> + +<refsect1> + <title>EXAMPLES</title> + + <para>A ZFS mount can be exported via Samba as follows :</para> + +<programlisting> + <smbconfsection name="[samba_zfs_share]"/> + <smbconfoption name="vfs objects">zfsacl</smbconfoption> + <smbconfoption name="path">/test/zfs_mount</smbconfoption> + <smbconfoption name="nfs4: mode">special</smbconfoption> + <smbconfoption name="nfs4: acedup">merge</smbconfoption> +</programlisting> +</refsect1> + +<refsect1> + <title>VERSION</title> + <para>This man page is correct for version 4.0.x of the Samba suite. + </para> +</refsect1> + +<refsect1> + <title>AUTHOR</title> + + <para>The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed.</para> +</refsect1> + +</refentry> diff --git a/lib/crypto/hmacmd5.c b/lib/crypto/hmacmd5.c index cfbd428..882788c 100644 --- a/lib/crypto/hmacmd5.c +++ b/lib/crypto/hmacmd5.c @@ -36,7 +36,7 @@ _PUBLIC_ void hmac_md5_init_rfc2104(const uint8_t *key, int key_len, HMACMD5Cont /* if key is longer than 64 bytes reset it to key=MD5(key) */ if (key_len > 64) { - struct MD5Context tctx; + MD5_CTX tctx; MD5Init(&tctx); MD5Update(&tctx, key, key_len); @@ -91,7 +91,7 @@ _PUBLIC_ void hmac_md5_update(const uint8_t *text, int text_len, HMACMD5Context ***********************************************************************/ _PUBLIC_ void hmac_md5_final(uint8_t *digest, HMACMD5Context *ctx) { - struct MD5Context ctx_o; + MD5_CTX ctx_o; MD5Final(digest, &ctx->ctx); diff --git a/lib/crypto/hmacmd5.h b/lib/crypto/hmacmd5.h index 91b8ca5..aa43d24 100644 --- a/lib/crypto/hmacmd5.h +++ b/lib/crypto/hmacmd5.h @@ -25,7 +25,7 @@ typedef struct { - struct MD5Context ctx; + MD5_CTX ctx; uint8_t k_ipad[65]; uint8_t k_opad[65]; diff --git a/lib/crypto/md5.c b/lib/crypto/md5.c index 0324744..b834c91 100644 --- a/lib/crypto/md5.c +++ b/lib/crypto/md5.c @@ -43,7 +43,7 @@ static void byteReverse(uint8_t *buf, unsigned int longs) * Start MD5 accumulation. Set bit count to 0 and buffer to mysterious * initialization constants. */ -_PUBLIC_ void MD5Init(struct MD5Context *ctx) +_PUBLIC_ void MD5Init(MD5_CTX *ctx) { ctx->buf[0] = 0x67452301; ctx->buf[1] = 0xefcdab89; @@ -58,7 +58,7 @@ _PUBLIC_ void MD5Init(struct MD5Context *ctx) * Update context to reflect the concatenation of another buffer full * of bytes. */ -_PUBLIC_ void MD5Update(struct MD5Context *ctx, const uint8_t *buf, size_t len) +_PUBLIC_ void MD5Update(MD5_CTX *ctx, const uint8_t *buf, size_t len) { register uint32_t t; @@ -106,7 +106,7 @@ _PUBLIC_ void MD5Update(struct MD5Context *ctx, const uint8_t *buf, size_t len) * Final wrapup - pad to 64-byte boundary with the bit pattern * 1 0* (64-bit count of bits processed, MSB-first) */ -_PUBLIC_ void MD5Final(uint8_t digest[16], struct MD5Context *ctx) +_PUBLIC_ void MD5Final(uint8_t digest[16], MD5_CTX *ctx) { unsigned int count; uint8_t *p; diff --git a/lib/crypto/md5test.c b/lib/crypto/md5test.c index 38626c3..f58e131 100644 --- a/lib/crypto/md5test.c +++ b/lib/crypto/md5test.c @@ -65,7 +65,7 @@ bool torture_local_crypto_md5(struct torture_context *torture) }; for (i=0; i < ARRAY_SIZE(testarray); i++) { - struct MD5Context ctx; + MD5_CTX ctx; uint8_t md5[16]; int e; diff --git a/lib/crypto/wscript_build b/lib/crypto/wscript_build index e056f65..a1f29ae 100644 --- a/lib/crypto/wscript_build +++ b/lib/crypto/wscript_build @@ -8,7 +8,7 @@ elif bld.CONFIG_SET('HAVE_SYS_MD5_H') and bld.CONFIG_SET('HAVE_LIBMD5'): extra_deps += ' md5' elif bld.CONFIG_SET('HAVE_SYS_MD5_H') and bld.CONFIG_SET('HAVE_LIBMD'): extra_deps += ' md' -elif not bld.CONFIG_SET('HAVE_COMMONCRYPTO_COMMONDIGEST_H'): +elif not bld.CONFIG_SET('HAVE_SYS_MD5_H') and not bld.CONFIG_SET('HAVE_COMMONCRYPTO_COMMONDIGEST_H'): extra_source += ' md5.c' bld.SAMBA_SUBSYSTEM('LIBCRYPTO', diff --git a/lib/ldb/ABI/ldb-1.1.14.sigs b/lib/ldb/ABI/ldb-1.1.16.sigs similarity index 100% copy from lib/ldb/ABI/ldb-1.1.14.sigs copy to lib/ldb/ABI/ldb-1.1.16.sigs diff --git a/lib/ldb/ABI/pyldb-util-1.1.10.sigs b/lib/ldb/ABI/pyldb-util-1.1.16.sigs similarity index 100% copy from lib/ldb/ABI/pyldb-util-1.1.10.sigs -- Samba Shared Repository