The branch, v4-21-test has been updated
via 1fe10a03c5d mdssvc: support a few more attributes
via 7b31e8ea82d vfs_gpfs: add gpfs:clamp_invalid_times
via e3b3db36171 ndr: fix coda logic around in ndr_pull_security_ace()
via b222d6ec73a pytest: add ndr packing tests for security descriptors
via cead38fb096 docs: Update documentation for 'sync machine password
to keytab'
via 63b115a0092 s3:libads: Remove specifier for 'host' principal from
'sync machine password to keytab'
via 8d5384e965f docs-xml:smbdotconf: Document new options for 'sync
machinepassword to keytab'
via 58a7666b678 s3: Add new keytab specifiers
via 55173721908 vfs_ceph_new:minor logging improvement
via 81d4b6467b2 vfs_ceph_new: add smbprofile for async-ops
via 5de7646e7f7 vfs_ceph_new: add profiling support
via 2aae61a8ad3 vfs_ceph_new: log open-flags upon release-fh
via a828997221d vfs_ceph_new: improved vfs-opers logging
via 12394b895a7 vfs_ceph_new: improved mount logging
via 6e0ca057961 vfs_ceph_new: improve mount cache-entry add
via 0aea2e374d5 vfs_ceph_new: improve mount cache-entry ref-count
via 79d6da01caa vfs_ceph_new: avoid setting errno in
cephmount_cache_update
via ab29d3eb6ee vfs_ceph_new: refactor error-case in cephmount_mount_fs
via 3e00ee5a1ca vfs_ceph_new: switch to ceph_readdir_r
via 7302ea418a4 docs_xml/vfs_ceph_new: Add new proxy option
via 378f28e66ae wscript_build: Do not link vfs_ceph_new against
libcephfs
via 50047d6fe64 vfs_ceph_new: Use function pointers for API calls
via 08e50814655 vfs_ceph_new: Pass module config to userperm helpers
via 8183c2cbf2b vfs_ceph_new: Hold a config reference in vfs_ceph_fh
via c176fe4c975 vfs_ceph_new: Call vfs_ceph_userperm_new with
handle->conn
via 254c0846118 vfs_ceph_new: Populate function pointers with addresses
via 8f048690516 vfs_ceph_new: Add required function pointers to config
via 58631b66bf9 vfs_ceph_new: Dynamically open library for 'proxy' mode
via 7d6d1fa4c00 vfs_ceph_new: Introduce new parametric option 'proxy'
via 5f6622e04be vfs_ceph_new: Add a new struct to hold ceph module
config
via 9aa97eb93bd vfs_ceph_new: implement DFS hooks using libcephfs
low-level APIs
from 512514bbae4 s3-libnet: avoid using lp_dns_hostname() in join code
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-21-test
- Log -----------------------------------------------------------------
commit 1fe10a03c5d467ba7bc14a92c77f114498efcc61
Author: Ralph Boehme <[email protected]>
Date: Wed Jan 29 15:11:16 2025 +0100
mdssvc: support a few more attributes
This adds support for the following Spotlight Metadata Attributes:
_kMDItemFileName (another alias for kMDItemFSName and kMDItemDisplayName)
kMDItemLastUsedDate
kMDItemContentCreationDate
kMDItemLogicalSize (another alias for kMDItemFSSize)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15796
Signed-off-by: Ralph Boehme <[email protected]>
Reviewed-by: Stefan Metzmacher <[email protected]>
(cherry picked from commit 0ba1a8d77694182058d1c01b54a8759bdf0e28a6)
Autobuild-User(v4-21-test): Jule Anger <[email protected]>
Autobuild-Date(v4-21-test): Mon Feb 17 11:04:23 UTC 2025 on atb-devel-224
commit 7b31e8ea82d567981e3d2dac43cd77757c66a506
Author: Ralph Boehme <[email protected]>
Date: Wed Jan 22 12:34:31 2025 +0100
vfs_gpfs: add gpfs:clamp_invalid_times
The timestamp validation added as part of the fix for bug 15151 causes hard
failures for certain clients that seem to use a temporary timestamp
initially
when creating files, changing in a later step.
Clamp invalid timestamps to the allowed range 0..UINT32_MAX if
"gpfs:clamp_invalid_times = yes" is set.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15151
Signed-off-by: Ralph Boehme <[email protected]>
Reviewed-by: Christof Schmitt <[email protected]>
Autobuild-User(master): Christof Schmitt <[email protected]>
Autobuild-Date(master): Wed Feb 5 23:42:15 UTC 2025 on atb-devel-224
(cherry picked from commit 0a48167044bb1ffd9e19cb2e23de9834d0551be1)
commit e3b3db36171954d3ffdf7386f7b61c39a74b8bb9
Author: Douglas Bagnall <[email protected]>
Date: Thu Jan 9 16:14:05 2025 +1300
ndr: fix coda logic around in ndr_pull_security_ace()
Sometimes an access allowed object ACE has unneeded trailing bytes,
like this:
aces: struct security_ace
type :
SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT (5)
flags : 0x00 (0)
0: SEC_ACE_FLAG_OBJECT_INHERIT
0: SEC_ACE_FLAG_CONTAINER_INHERIT
0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT
0: SEC_ACE_FLAG_INHERIT_ONLY
0: SEC_ACE_FLAG_INHERITED_ACE
0x00: SEC_ACE_FLAG_VALID_INHERIT (0)
0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS
0: SEC_ACE_FLAG_FAILED_ACCESS
size : 0x0048 (72)
access_mask : 0x00000100 (256)
object : union
security_ace_object_ctr(case 1)
object: struct security_ace_object
flags : 0x00000001 (1)
1: SEC_ACE_OBJECT_TYPE_PRESENT
0:
SEC_ACE_INHERITED_OBJECT_TYPE_PRESENT
type : union
security_ace_object_type(case 1)
type :
edacfd8f-ffb3-11d1-b41d-00a0c968f939
inherited_type : union
security_ace_object_inherited_type(case 0)
trustee : S-1-3-0
coda : union
security_ace_coda(case 5)
ignored : DATA_BLOB length=32
[0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........
........
[0010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........
........
which we need to pull in order to ignore.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15738
Signed-off-by: Douglas Bagnall <[email protected]>
Reviewed-by: Volker Lendecke <[email protected]>
Autobuild-User(master): Volker Lendecke <[email protected]>
Autobuild-Date(master): Thu Feb 13 15:15:40 UTC 2025 on atb-devel-224
(cherry picked from commit 67b09b481b06080d3f46878d60095f188ff18fb8)
[bugzilla link added in backport]
commit b222d6ec73af27caa4e946887059096aceaea07e
Author: Douglas Bagnall <[email protected]>
Date: Wed Feb 12 15:29:28 2025 +1300
pytest: add ndr packing tests for security descriptors
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15738
Signed-off-by: Douglas Bagnall <[email protected]>
Reviewed-by: Volker Lendecke <[email protected]>
(cherry picked from commit 455a0558c89312061f3b9ccaa577a4a60df7ee77)
[bugzilla link added in backport]
commit cead38fb09647ca20bf489c808f39df993316f12
Author: Pavel Filipenský <[email protected]>
Date: Fri Feb 14 17:27:26 2025 +0100
docs: Update documentation for 'sync machine password to keytab'
Use specifier 'spn_prefixes=host' instead of 'host'
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15759
Signed-off-by: Pavel Filipenský <[email protected]>
Reviewed-by: Stefan Metzmacher <[email protected]>
Autobuild-User(master): Pavel Filipensky <[email protected]>
Autobuild-Date(master): Sat Feb 15 19:21:56 UTC 2025 on atb-devel-224
(cherry picked from commit 7cae7aad1ca6dcd5e0a3a102f36af74fa49a2c2b)
commit 63b115a0092dbf38f8b519b9a469b758b0f3dbf0
Author: Pavel Filipenský <[email protected]>
Date: Fri Feb 14 17:28:54 2025 +0100
s3:libads: Remove specifier for 'host' principal from 'sync machine
password to keytab'
Use specifier 'spn_prefixes=host' instead of 'host'
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15759
Signed-off-by: Pavel Filipenský <[email protected]>
Reviewed-by: Stefan Metzmacher <[email protected]>
(cherry picked from commit ccc3b2b2fba7b5d223c79bffc0f655490aed19cf)
commit 8d5384e965f86fdc40f01654b6f401b2faf4e3b7
Author: Pavel Filipenský <[email protected]>
Date: Tue Jan 14 11:29:54 2025 +0100
docs-xml:smbdotconf: Document new options for 'sync machinepassword to
keytab'
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15759
Signed-off-by: Pavel Filipenský <[email protected]>
Reviewed-by: Andreas Schneider <[email protected]>
Reviewed-by: Alexander Bokovoy <[email protected]>
Autobuild-User(master): Pavel Filipensky <[email protected]>
Autobuild-Date(master): Thu Feb 13 18:45:21 UTC 2025 on atb-devel-224
(cherry picked from commit 7a662e097be5e0d3f7779fa544486968b8f57063)
commit 58a7666b6788b68b82bf9f178e8e42d9e2c3fac3
Author: Pavel Filipenský <[email protected]>
Date: Mon Jan 20 16:00:51 2025 +0100
s3: Add new keytab specifiers
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15759
Signed-off-by: Pavel Filipenský <[email protected]>
Reviewed-by: Andreas Schneider <[email protected]>
Reviewed-by: Alexander Bokovoy <[email protected]>
(cherry picked from commit 15e191736d3eaba83b2fb4b901e1df2214526b64)
commit 5517372190883319850ffd8c01af98a23efc7e39
Author: Shweta Sodani <[email protected]>
Date: Wed Feb 5 11:21:37 2025 +0530
vfs_ceph_new:minor logging improvement
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15703
Signed-off-by: Shweta Sodani <[email protected]>
Reviewed-by: Anoop C S <[email protected]>
Reviewed-by: Guenther Deschner <[email protected]>
Autobuild-User(master): Günther Deschner <[email protected]>
Autobuild-Date(master): Fri Feb 14 10:57:50 UTC 2025 on atb-devel-224
(cherry picked from commit 6430e0a9fb7e9c368a3170f9cddd688a49aedb23)
commit 81d4b6467b26097d885f8be0c8083d8ccb964855
Author: Shachar Sharon <[email protected]>
Date: Tue Jan 14 11:46:05 2025 +0200
vfs_ceph_new: add smbprofile for async-ops
Commit fcd3fc34b2ec5e ("vfs_ceph_new: add profiling support") added
PROFILE accounting for non-async VFS hooks. Add also SMBPROFILE for
async (read/write/fsync) hooks.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15703
Signed-off-by: Shachar Sharon <[email protected]>
Reviewed-by: Anoop C S <[email protected]>
Reviewed-by: Guenther Deschner <[email protected]>
Autobuild-User(master): Günther Deschner <[email protected]>
Autobuild-Date(master): Fri Jan 17 16:47:28 UTC 2025 on atb-devel-224
(cherry picked from commit 775e08ec7b6a32086266a0f7eba4a107869b1cf6)
commit 5de7646e7f79ca4e90eaa35e9618b6be10611650
Author: Shweta Sodani <[email protected]>
Date: Thu Jan 2 19:12:08 2025 +0530
vfs_ceph_new: add profiling support
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15703
Signed-off-by: Shweta Sodani <[email protected]>
Reviewed-by: Anoop C S <[email protected]>
Reviewed-by: Guenther Deschner <[email protected]>
Autobuild-User(master): Günther Deschner <[email protected]>
Autobuild-Date(master): Mon Jan 13 21:26:34 UTC 2025 on atb-devel-224
(cherry picked from commit fcd3fc34b2ec5e00ad24aaa7276338c9a473c086)
commit 2aae61a8ad3fd1fe0c377c4bc57d8ca7a77353e0
Author: Shachar Sharon <[email protected]>
Date: Sun Oct 6 13:26:48 2024 +0300
vfs_ceph_new: log open-flags upon release-fh
Store the set of open O_XXX flags as part of the referenced file-handle
to allow more verbose debug-logging info upon close. This should ease
the developer's logging analysis where same inode is opened multiple
times but with different flags set.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15703
Signed-off-by: Shachar Sharon <[email protected]>
Reviewed-by: Anoop C S <[email protected]>
Reviewed-by: John Mulligan <[email protected]>
(cherry picked from commit 341ff48a5a787ed358a28037b5ec751b7b530e20)
commit a828997221d94573457a45fbd82d5af20aba85f7
Author: Shachar Sharon <[email protected]>
Date: Wed Sep 11 09:58:53 2024 +0300
vfs_ceph_new: improved vfs-opers logging
Have more verbose and explicit values in various DBG_DEBUG logging. In
particular, do not use the redundant '__func__' argument as it's info is
already provided via the DBG_ logging macros.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15703
Signed-off-by: Shachar Sharon <[email protected]>
Reviewed-by: Anoop C S <[email protected]>
Reviewed-by: John Mulligan <[email protected]>
(cherry picked from commit 73d5503a90e3bd5b1d1cfc6322d7de10955faf6c)
commit 12394b895a7fdadc4616e4c784100779c7acb33d
Author: Shachar Sharon <[email protected]>
Date: Thu Sep 5 15:08:38 2024 +0300
vfs_ceph_new: improved mount logging
Add extra debug-logging to mount/umount flows, with more verbose info.
Try to make logging messages follow a 'key=value' format.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15703
Signed-off-by: Shachar Sharon <[email protected]>
Reviewed-by: Anoop C S <[email protected]>
Reviewed-by: John Mulligan <[email protected]>
(cherry picked from commit 2153bedc8eb53e5d9f44ef677bd1781d934abd34)
commit 6e0ca057961e1595b64df2c970fe5444676e6a15
Author: Shachar Sharon <[email protected]>
Date: Sun Oct 20 11:50:13 2024 +0300
vfs_ceph_new: improve mount cache-entry add
Use boolean return value from cephmount_cache_add, to align code-style
with other caphmount helper functions. Returns false in case of memory
allocation failure, true otherwise (success).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15703
Signed-off-by: Shachar Sharon <[email protected]>
Reviewed-by: Anoop C S <[email protected]>
Reviewed-by: John Mulligan <[email protected]>
(cherry picked from commit 866b872cdb2b08a8b5e6a9015cde9b34c4bcdf01)
commit 0aea2e374d5839bd00e475589ac940bc9bb1e1ed
Author: Shachar Sharon <[email protected]>
Date: Thu Sep 5 17:14:59 2024 +0300
vfs_ceph_new: improve mount cache-entry ref-count
Use singed int32_t for cached mount-entries reference counting. Define
helper function for inc/dec ref-count which also provides proper
logging. Prefer boolean return-value for 'cephmount_cache_remove' as
'int' is often used as error indicator within the context of libcephfs
and this VFS module.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15703
Signed-off-by: Shachar Sharon <[email protected]>
Reviewed-by: Anoop C S <[email protected]>
Reviewed-by: John Mulligan <[email protected]>
(cherry picked from commit 29a9d18d2d21842bb38bcdc6b9e366abac458ed9)
commit 79d6da01caa55a978fdb7d023c2347a7503641c2
Author: Shachar Sharon <[email protected]>
Date: Wed Sep 4 15:59:21 2024 +0300
vfs_ceph_new: avoid setting errno in cephmount_cache_update
Do not set 'errno' to ENOENT in cephmount_cache_update. Setting this
errno value upon newly inserted entry may cause vfs_ceph_connect to
change errno to non-zero value even though the final result is OK.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15703
Signed-off-by: Shachar Sharon <[email protected]>
Reviewed-by: Anoop C S <[email protected]>
Reviewed-by: John Mulligan <[email protected]>
(cherry picked from commit 1f7581c9edb32a2a63bf032f7e167be8a401c3d5)
commit ab29d3eb6eef45ee5436bc22681ebbefab1a4842
Author: Shachar Sharon <[email protected]>
Date: Wed Sep 4 14:55:50 2024 +0300
vfs_ceph_new: refactor error-case in cephmount_mount_fs
Align code-style of 'cephmount_mount_fs' with rest of the code: use
'goto' for bail-out upon error case (with proper cleanups). For the
common case of successful operation complete execution and return final
value. Added extra debug-logging for good-path case.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15703
Signed-off-by: Shachar Sharon <[email protected]>
Reviewed-by: Anoop C S <[email protected]>
Reviewed-by: John Mulligan <[email protected]>
(cherry picked from commit d9b872afeee4dee49de2e6eb86e4b59e07804363)
commit 3e00ee5a1ca43bd67bc6ddf01fc724de2b6f417e
Author: Shachar Sharon <[email protected]>
Date: Tue Sep 3 16:54:03 2024 +0300
vfs_ceph_new: switch to ceph_readdir_r
Prefer a safe version of ceph_readdir, where the directory entry struct
is allocated by the caller. Use a dynamic-allocated 'struct dirent'
which is associated with a directory vfs_ceph_fh (optional), which is
allocated on-the-fly upon start of READDIR and released at the end or
CLOSEDIR (or unlikely readdir error).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15703
Signed-off-by: Shachar Sharon <[email protected]>
Reviewed-by: John Mulligan <[email protected]>
Reviewed-by: Anoop C S <[email protected]>
Autobuild-User(master): Anoop C S <[email protected]>
Autobuild-Date(master): Fri Oct 25 10:29:44 UTC 2024 on atb-devel-224
(cherry picked from commit ce459ddbcd0f32252858a7640f6871057eb14645)
commit 7302ea418a4fc9f98973af3db4b8a7b90e8dd978
Author: Anoop C S <[email protected]>
Date: Thu Sep 5 11:45:19 2024 +0530
docs_xml/vfs_ceph_new: Add new proxy option
Update man page to describe new 'proxy' module option.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15703
Signed-off-by: Anoop C S <[email protected]>
Reviewed-by: Guenther Deschner <[email protected]>
Autobuild-User(master): Anoop C S <[email protected]>
Autobuild-Date(master): Thu Sep 12 16:51:14 UTC 2024 on atb-devel-224
(cherry picked from commit 12ad4832a74a6fba3fb8954a8630b900f5763f18)
commit 378f28e66ae8b934b9fa80fc1fe0e7217cc950fc
Author: Anoop C S <[email protected]>
Date: Sun Sep 8 12:52:59 2024 +0530
wscript_build: Do not link vfs_ceph_new against libcephfs
vfs_ceph_new dynamically loads the appropriate libcephfs shared
libraries which means that we don't statically link against it.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15703
Signed-off-by: Anoop C S <[email protected]>
Reviewed-by: Guenther Deschner <[email protected]>
(cherry picked from commit 095ece43a2edbdeb498e8bef07bdf09f9836bb40)
commit 50047d6fe644e70fe5b55591f487cb6b32b8482f
Author: Anoop C S <[email protected]>
Date: Thu Sep 5 15:20:28 2024 +0530
vfs_ceph_new: Use function pointers for API calls
Replace direct function calls with pointers holding their equivalent
addresses.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15703
Signed-off-by: Anoop C S <[email protected]>
Reviewed-by: Guenther Deschner <[email protected]>
(cherry picked from commit 962a40a6ff51f33adc39e466f1479dfb35ac0926)
commit 08e50814655043309c16db0e63b44d76e0c5274a
Author: Anoop C S <[email protected]>
Date: Thu Sep 5 15:16:54 2024 +0530
vfs_ceph_new: Pass module config to userperm helpers
userperm helpers will switch to function references instead of direct
invocation of APIs. This would mean the matching config structure is
passed to those helpers.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15703
Signed-off-by: Anoop C S <[email protected]>
Reviewed-by: Guenther Deschner <[email protected]>
(cherry picked from commit d5926cf492b1cb81c90b27e0537ec3f1b1a10f80)
commit 8183c2cbf2b8e48b14e3f65abffe1894c968152d
Author: Anoop C S <[email protected]>
Date: Thu Sep 5 14:01:37 2024 +0530
vfs_ceph_new: Hold a config reference in vfs_ceph_fh
This is required to perform the cleanup when fsp extension destructor is
called as part of VFS_REMOVE_FSP_EXTENSION where mount information and
function references are to be used in upcoming changes.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15703
Signed-off-by: Anoop C S <[email protected]>
Reviewed-by: Guenther Deschner <[email protected]>
(cherry picked from commit 250af54250bed87928250b95db663ff13cc1f42a)
commit c176fe4c975ab92296c3be6f1f0f50e9e2d688e1
Author: Anoop C S <[email protected]>
Date: Thu Sep 5 14:50:48 2024 +0530
vfs_ceph_new: Call vfs_ceph_userperm_new with handle->conn
vfs_ceph_userperm_new() only need connection structure from handle
for fetching the current unix token. Therefore modify the signature
to accept just handle->conn.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15703
Signed-off-by: Anoop C S <[email protected]>
Reviewed-by: Guenther Deschner <[email protected]>
(cherry picked from commit 8c1d774c7e206bb413284d500c5aa950ac3dd3d5)
commit 254c0846118eb34914686c656b17aeb67bd5df33
Author: Guenther Deschner <[email protected]>
Date: Thu Sep 5 13:40:27 2024 +0530
vfs_ceph_new: Populate function pointers with addresses
Use dlysm() for assigning addresses to already declared libcephfs
low-level API function pointers.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15703
Pair-Programmed-With: Anoop C S <[email protected]>
Signed-off-by: Guenther Deschner <[email protected]>
Signed-off-by: Anoop C S <[email protected]>
Reviewed-by: Guenther Deschner <[email protected]>
(cherry picked from commit e4fc1df4b4486f5eed095135f905bdbf10bb1793)
commit 8f04869051682634ad5f12188b6eb371a49fd333
Author: Guenther Deschner <[email protected]>
Date: Thu Sep 5 13:31:13 2024 +0530
vfs_ceph_new: Add required function pointers to config
Declare necessary libcephfs low-level APIs as function pointers to be
assigned with corresponding loadable addresses.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15703
Pair-Programmed-With: Anoop C S <[email protected]>
Signed-off-by: Guenther Deschner <[email protected]>
Signed-off-by: Anoop C S <[email protected]>
Reviewed-by: Guenther Deschner <[email protected]>
(cherry picked from commit 0d2ad13d8e5191f4b01584afa0bcdbf1114042b8)
commit 58631b66bf949a14125ab61ae6664910e44d80c2
Author: Guenther Deschner <[email protected]>
Date: Thu Sep 5 13:19:52 2024 +0530
vfs_ceph_new: Dynamically open library for 'proxy' mode
Use dlopen() to load either of the shared libraries(libcephfs.so or
libcephfs_proxy.so) based on the configuration for 'proxy' module
parameter. Further down the line we will define the required APIs
as function pointers within the config structure.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15703
Pair-Programmed-With: Anoop C S <[email protected]>
Signed-off-by: Guenther Deschner <[email protected]>
Signed-off-by: Anoop C S <[email protected]>
Reviewed-by: Guenther Deschner <[email protected]>
(cherry picked from commit 47812a279118befbaeffdd6c81e3d49b071f04c5)
commit 7d6d1fa4c0018a5a0ed12f6f4d6f49d8d2ee0ac6
Author: Guenther Deschner <[email protected]>
Date: Thu Sep 5 13:13:38 2024 +0530
vfs_ceph_new: Introduce new parametric option 'proxy'
Provide early support for consuming yet to come libcephfs proxy[1] for
optimized resource utilization. For better control we make use of an
additional module specific option 'proxy' to specify the intent to load
proxy library. With the default value 'no' a regular cephfs connection
is established. There is also an 'auto' mode which can fall back to the
regular connection if proxy requirements are not met.
[1] https://github.com/ceph/ceph/pull/58376
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15703
Signed-off-by: Guenther Deschner <[email protected]>
Reviewed-by: Guenther Deschner <[email protected]>
(cherry picked from commit 90464bdcafda0f0f0e4d2b549fd1675c076ee188)
commit 5f6622e04beb678355a3aa537b3f868e27a2007b
Author: Guenther Deschner <[email protected]>
Date: Thu Sep 5 12:19:52 2024 +0530
vfs_ceph_new: Add a new struct to hold ceph module config
Consolidate all required configuration related data under a dedicated
structure named vfs_ceph_config. As of now it includes the location of
configuration file, file system name, ceph client user id and mount
related information. This is expected to grow in future with more
details as and when required. Apart from that small cleanups are also
done to make code more robust.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15703
Pair-Programmed-With: Anoop C S <[email protected]>
Signed-off-by: Guenther Deschner <[email protected]>
Signed-off-by: Anoop C S <[email protected]>
Reviewed-by: Guenther Deschner <[email protected]>
(cherry picked from commit f1d418181d12bd513204cf2b77c37990939e2041)
commit 9aa97eb93bdbb2ed0088c6f9388e216e069c6e31
Author: Shachar Sharon <[email protected]>
Date: Mon Aug 12 14:45:53 2024 +0300
vfs_ceph_new: implement DFS hooks using libcephfs low-level APIs
Refactor the VFS hooks 'create_dfs_pathat_fn' and 'read_dfs_pathat_fn'
in 'vfs_ceph_new.c' to use libcephfs low-level APIs: instead of using
path-based operations (as done in legacy 'vfs_ceph.c') use inode based
operations to create and read msdfs symbolic-links values.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15703
Signed-off-by: Shachar Sharon <[email protected]>
Reviewed-by: Anoop C S <[email protected]>
Reviewed-by: Guenther Deschner <[email protected]>
Autobuild-User(master): Günther Deschner <[email protected]>
Autobuild-Date(master): Wed Sep 11 19:09:41 UTC 2024 on atb-devel-224
(cherry picked from commit 0cedd74e47ab919528420761a5bd2acb198f084c)
-----------------------------------------------------------------------
Summary of changes:
docs-xml/manpages/net.8.xml | 24 +-
docs-xml/manpages/vfs_ceph_new.8.xml | 29 +
docs-xml/manpages/vfs_gpfs.8.xml | 29 +
.../security/syncmachinepasswordtokeytab.xml | 41 +-
librpc/ndr/ndr_sec_helper.c | 5 +-
python/samba/tests/ndr/sd.py | 623 +++++++
selftest/target/Samba3.pm | 7 +-
selftest/tests.py | 1 +
source3/libads/kerberos_keytab.c | 626 ++++---
source3/modules/vfs_ceph_new.c | 1771 ++++++++++++++------
source3/modules/vfs_gpfs.c | 43 +-
source3/modules/wscript_build | 2 +-
source3/rpc_server/mdssvc/mdssvc.c | 23 +-
source3/script/tests/test_update_keytab.sh | 401 +++--
14 files changed, 2695 insertions(+), 930 deletions(-)
create mode 100644 python/samba/tests/ndr/sd.py
Changeset truncated at 500 lines:
diff --git a/docs-xml/manpages/net.8.xml b/docs-xml/manpages/net.8.xml
index f388644172f..a5f004d6e12 100644
--- a/docs-xml/manpages/net.8.xml
+++ b/docs-xml/manpages/net.8.xml
@@ -1549,29 +1549,25 @@ to show in the result.
<para>
Since Samba 4.21.0, keytab file is created as specified in <smbconfoption
-name="sync machine password to keytab"/>. The keytab is created only for
+name="sync machine password to keytab"/> . The keytab can be created only when
+machine password is available in secrets.tdb, i.e. only for
<smbconfoption name="kerberos method">secrets only</smbconfoption> and
<smbconfoption name="kerberos method">secrets and keytab</smbconfoption>. With
the smb.conf default values for <smbconfoption name="kerberos method"> secrets
only</smbconfoption> and <smbconfoption name="sync machine password to
keytab"/>
(default is empty) the keytab is not generated at all. Keytab with a default
-name and SPNs synced from AD is created for <smbconfoption name="kerberos
-method">secrets and keytab</smbconfoption> if <smbconfoption name="sync machine
-password to keytab"/> is missing.
+name containing: SPNs synced from AD, account name COMPUTER$ and principal
+host/dns_hostname is created for <smbconfoption name="kerberos method">secrets
+and keytab</smbconfoption> if <smbconfoption name="sync machine password to
+keytab"/> is missing.
</para>
<para>
-Till Samba 4.20.0, two more entries were created by default: the machinename of
-the client (ending with '$') and the UPN (host/domain@REALM). If these two
-entries are still needed, each must be specified in an own keytab file.
-Example below will generate three keytab files that contain SPNs synced from
-AD, host UPN and machine$ SPN:
+Till Samba 4.20, these entries were created by default: the account name
+COMPUTER$, 'host' principal and SPNs synced from AD. Example below generates
+such keytab:
</para>
<programlisting>
-<smbconfoption name="sync machine password to keytab">
-/etc/krb5.keytab0:sync_spns:machine_password,
-/etc/krb5.keytab1:spns=host/[email protected]:machine_password,
-/etc/krb5.keytab2:account_name:machine_password
-</smbconfoption>
+<smbconfoption name="sync machine password to
keytab">/etc/krb5.keytab:spn_prefixes=host:account_name:sync_spns:sync_kvno:machine_password</smbconfoption>
</programlisting>
<para>
No changes are made to the computer AD account.
diff --git a/docs-xml/manpages/vfs_ceph_new.8.xml
b/docs-xml/manpages/vfs_ceph_new.8.xml
index b0640a591a5..eaf5b66cceb 100644
--- a/docs-xml/manpages/vfs_ceph_new.8.xml
+++ b/docs-xml/manpages/vfs_ceph_new.8.xml
@@ -152,6 +152,35 @@
</listitem>
</varlistentry>
+ <varlistentry>
+ <term>ceph_new:proxy = [ yes | no | auto ]</term>
+ <listitem>
+ <para>
+ Allows one to indicate use of the libcephfs proxy
library
+ for optimized resource utilization, allowing more
simultaneous
+ client connections. Prerequisites include the presence
of
+ <emphasis>libcephfs_proxy.so.X</emphasis> shared
library file
+ under loadable locations for dynamic linker and an
active(running)
+ <emphasis>libcephfsd</emphasis> daemon.
+ </para>
+
+ <itemizedlist>
+ <listitem><para><constant>no</constant> (default) - Do
+ not use the proxy library but regular connection through
+ <emphasis>libcephfs.so.X</emphasis>.</para></listitem>
+
+ <listitem><para><constant>yes</constant> - Always use
+ the proxy library and fail the client connection request
+ if prerequisites are unmet.</para></listitem>
+
+ <listitem><para><constant>auto</constant> - Attempt to
+ use the proxy library but fall back to the regular
cephfs
+ connection if prerequisites are unmet.</para></listitem>
+
+ </itemizedlist>
+
+ </listitem>
+ </varlistentry>
</variablelist>
</refsect1>
diff --git a/docs-xml/manpages/vfs_gpfs.8.xml b/docs-xml/manpages/vfs_gpfs.8.xml
index 29f2ac453f0..cee12cd3f94 100644
--- a/docs-xml/manpages/vfs_gpfs.8.xml
+++ b/docs-xml/manpages/vfs_gpfs.8.xml
@@ -316,6 +316,35 @@
</varlistentry>
+ <varlistentry>
+ <term>gpfs:clamp_invalid_times = [ yes | no ]</term>
+ <listitem>
+ <para>
+ GPFS stores timestamps using 32-bit unsigned integers for the
+ seconds component. When using gpfs:settimes = yes, this module
+ validates times that clients attempt to set are within the
+ supported GPFS range between 0 and UINT32_MAX. If a timestamp is
+ outside of this range, the client request is rejected. To cope
+ with clients setting eg temporary timestamps outside the valid
+ range, this parameter can be used to clamp the client timestamp
+ to the allowed range. Times before Thu Jan 1 12:00:00 AM UTC
+ 1970 (the UNIX epock) are then set to Thu Jan 1 12:00:00 AM UTC
+ 1970, times after Sun Feb 7 06:28:15 AM UTC 2106 will be set to
+ Sun Feb 7 06:28:15 AM UTC 2106.
+ </para>
+
+ <itemizedlist>
+ <listitem><para>
+ <command>no(default)</command> - Fail request with invalid time.
+ </para></listitem>
+ <listitem><para>
+ <command>yes</command> - clamp invalid times to 0 or UINT32_MAX.
+ </para></listitem>
+ </itemizedlist>
+ </listitem>
+ </varlistentry>
+
+
<varlistentry>
<term>gpfs:syncio = [yes|no]</term>
<listitem>
diff --git a/docs-xml/smbdotconf/security/syncmachinepasswordtokeytab.xml
b/docs-xml/smbdotconf/security/syncmachinepasswordtokeytab.xml
index f7dc30023d4..ec3fffc1119 100644
--- a/docs-xml/smbdotconf/security/syncmachinepasswordtokeytab.xml
+++ b/docs-xml/smbdotconf/security/syncmachinepasswordtokeytab.xml
@@ -24,36 +24,48 @@ synchronization.
Each string has this form:
<programlisting>
-absolute_path_to_keytab:spn_spec[:sync_etypes][:sync_kvno][:netbios_aliases][:additional_dns_hostnames][:machine_password]
+absolute_path_to_keytab:spn_spec[:spn_spec]*[:sync_etypes][:sync_kvno][:netbios_aliases][:additional_dns_hostnames][:machine_password]
</programlisting>
-where spn_spec can have exactly one of these four forms:
+spn_spec can be specified multiple times (separated using ':') and each
spn_spec can have exactly one of these forms:
<programlisting>
account_name
+sync_account_name
+sync_upn
sync_spns
spn_prefixes=value1[,value2[...]]
spns=value1[,value2[...]]
</programlisting>
-No other combinations are allowed.
</para>
<para>
-Specifiers:
+Every keytab contains principals according the specification below:
<programlisting>
-account_name - creates entry using principal 'computer$@REALM'.
-sync_spns - uses principals received from AD DC.
-spn_prefixes - creates principals from the prefixes and adds netbios_aliases
or additional_dns_hostnames if specified.
-spns - creates only the principals defined in the list.
+account_name - COMPUTER$@REALM
+sync_account_name - uses attribute "sAMAccountName" from AD
+sync_upn - uses attribute "userPrincipalName" (if exists in AD)
+sync_spns - uses attribute "servicePrincipalName" (if exists in AD)
+spn_prefixes - creates these two principals from each prefix. e.g.:
+ prefix/<smbconfoption name="netbios name"/>@REALM
+ prefix/<smbconfoption name="dns hostname"/>@REALM
+ with :netbios_aliases for each netbiosalias in
<smbconfoption name="netbios aliases"/>
+ prefix/netbiosalias@REALM
+ prefix/netbiosalias.dnsdomain@REALM
+ with :additional_dns_hostnames for each
additionaldnshostname in <smbconfoption name="additional dns hostnames"/>
+ prefix/additionaldnshostname@REALM
+ - 'host' principal should be created using specifier
spn_prefixes
+spns - creates only the principals defined in the list
</programlisting>
+'account_name' and 'sync_account_name' are the same, just the source differs
(secrets.tdb vs. AD).
</para>
<para>
Options:
<programlisting>
-sync_etypes - parameter "msDS-SupportedEncryptionTypes" is read
from DC and is used to find the highest common enc type for AD and KRB5 lib.
-sync_kvno - the key version number ("msDS-KeyVersionNumber") is
synchronized from DC, otherwise is set to -1.
-netbios_aliases - evaluated only for SPN_SPEC_PREFIX. If present,
PREFIX/netbiosname@REALM and PREFIX/netbiosname.domainname@REALM are added for
each alias. See <smbconfoption name="netbios aliases"/>
-additional_dns_hostnames - evaluated only for SPN_SPEC_PREFIX. If present,
PREFIX/dnshostname@REALM is added for each dns name. See <smbconfoption
name="additional dns hostnames"/>
+sync_etypes - attribute "msDS-SupportedEncryptionTypes" is read
from AD and is used to find the highest common enc type for AD and KRB5 lib.
+sync_kvno - attribute "msDS-KeyVersionNumber" from AD is used
to set KVNO. If this option is missing, KVNO is set to -1.
+netbios_aliases - evaluated only for spn_prefixes (see details above).
+additional_dns_hostnames - evaluated only for spn_prefixes (see details above).
machine_password - mandatory, if missing the entry is ignored. For
future use.
</programlisting>
</para>
@@ -68,7 +80,8 @@ Example:
"/path/to/keytab4:spn_prefixes=imap,smtp:machine_password",
"/path/to/keytab5:spn_prefixes=imap,smtp:netbios_aliases:additional_dns_hostnames:sync_kvno:machine_password",
"/path/to/keytab6:spns=wurst/brot@REALM:machine_password",
-"/path/to/keytab7:spns=wurst/brot@REALM,wurst2/brot@REALM:sync_kvno:machine_password"
+"/path/to/keytab7:spns=wurst/brot@REALM,wurst2/brot@REALM:sync_kvno:machine_password",
+"/path/to/keytab8:sync_account_name:sync_upn:sync_spns:spn_prefixes=host,cifs,http:spns=wurst/brot@REALM:sync_kvno:machine_password"
</programlisting>
If sync_etypes or sync_kvno or sync_spns is present then winbind connects to
DC. For "offline domain join" it might be useful not to use these options.
</para>
@@ -80,7 +93,7 @@ If no value is present and <smbconfoption name="kerberos
method"/> is different
<itemizedlist>
<listitem>
<para><userinput>winbind</userinput> uses value
-
<programlisting>/path/to/keytab:sync_spns:sync_kvno:machine_password</programlisting>
+
<programlisting>/path/to/keytab:host:account_name:sync_spns:sync_kvno:machine_password</programlisting>
where the path to the keytab is obtained either from the
krb5 library or from
<smbconfoption name="dedicated keytab file"/>.
</para>
diff --git a/librpc/ndr/ndr_sec_helper.c b/librpc/ndr/ndr_sec_helper.c
index 1a156b01d40..1ac6e66cfe5 100644
--- a/librpc/ndr/ndr_sec_helper.c
+++ b/librpc/ndr/ndr_sec_helper.c
@@ -104,6 +104,7 @@ _PUBLIC_ enum ndr_err_code ndr_pull_security_ace(struct
ndr_pull *ndr, ndr_flags
{
NDR_PULL_CHECK_FLAGS(ndr, ndr_flags);
if (ndr_flags & NDR_SCALARS) {
+ ssize_t sub_size;
NDR_CHECK(ndr_pull_align(ndr, 5));
NDR_CHECK(ndr_pull_security_ace_type(ndr, NDR_SCALARS,
&r->type));
NDR_CHECK(ndr_pull_security_ace_flags(ndr, NDR_SCALARS,
&r->flags));
@@ -111,12 +112,12 @@ _PUBLIC_ enum ndr_err_code ndr_pull_security_ace(struct
ndr_pull *ndr, ndr_flags
NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->access_mask));
NDR_CHECK(ndr_maybe_pull_security_ace_object_ctr(ndr,
NDR_SCALARS, r));
NDR_CHECK(ndr_pull_dom_sid(ndr, NDR_SCALARS, &r->trustee));
- if (!sec_ace_has_extra_blob(r->type)) {
+ sub_size = ndr_subcontext_size_of_ace_coda(r, r->size,
ndr->flags);
+ if (sub_size == 0 && !sec_ace_has_extra_blob(r->type)) {
r->coda.ignored.data = NULL;
r->coda.ignored.length = 0;
} else {
struct ndr_pull *_ndr_coda;
- ssize_t sub_size = ndr_subcontext_size_of_ace_coda(r,
r->size, ndr->flags);
NDR_CHECK(ndr_pull_subcontext_start(ndr, &_ndr_coda, 0,
sub_size));
NDR_CHECK(ndr_pull_set_switch_value(_ndr_coda,
&r->coda, r->type));
NDR_CHECK(ndr_pull_security_ace_coda(_ndr_coda,
NDR_SCALARS|NDR_BUFFERS, &r->coda));
diff --git a/python/samba/tests/ndr/sd.py b/python/samba/tests/ndr/sd.py
new file mode 100644
index 00000000000..b72327421b0
--- /dev/null
+++ b/python/samba/tests/ndr/sd.py
@@ -0,0 +1,623 @@
+# Unix SMB/CIFS implementation.
+# Copyright © Douglas Bagnall <[email protected]> 2025
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+import samba
+from samba.tests import TestCase, DynamicTestCase
+from samba.ndr import ndr_pack, ndr_unpack
+from samba.dcerpc import security
+
+
+class BaseSDTestCase(TestCase):
+ maxDiff = 10000
+ _cases = {
+ # subclasses should have a mapping of test names to binhex
+ # strings, as readable by bytes.fromhex().
+ #
+ # note, in Python 3.7+ that means hex pairs separated by any
+ # amount of whitespace, but in Python 3.6 it means any number
+ # of spaces. For example;
+ #
+ # 'ok_in_36': ("01 0203 04 05"
+ # " 06"),
+ # 'ok_in_37': """
+ # 01 02\t03
+ # 04
+ # 05 06"""
+ }
+
+ @classmethod
+ def setUpDynamicTestCases(cls):
+ for k, v in cls._cases.items():
+ cls.generate_dynamic_test('test_sd', k, v)
+
+ def _test_sd_with_args(self, v):
+ packed = bytes.fromhex(v)
+ try:
+ sd = ndr_unpack(security.descriptor, packed)
+ except (TypeError, ValueError, RuntimeError) as e:
+ self.fail(f"raised {e}")
+ try:
+ repack = ndr_pack(sd)
+ except (TypeError, ValueError) as e:
+ self.fail(f"raised {e}")
+
+ sd2 = ndr_unpack(security.descriptor, repack)
+ self.assertEqual(sd, sd2)
+
+
+@DynamicTestCase
+class SDTestCase(BaseSDTestCase):
+ _cases = {
+ "sd_01": (
+ # this one is manually annotated, but not because it is
+ # especially interesting.
+ "01 " # version
+ "00 " #
+ "17 8c " # control: SR,RM,PS,SI,SD,SP,DP
+ "14 00 00 00 " # owner offset (20)
+ "30 00 00 00 " # group offset (48)
+ "4c 00 00 00 " # sacl offset (76)
+ "c4 00 00 00 " # dacl offset (196)
+ "01 05 " # S-1- (5 sub auths)
+ "00 00 00 00 00 05 " # 5-
+ "15 00 00 00 " # 21-
+ "51 d7 cf 86 "
+ "f9 1b ef 93 "
+ "c3 53 ea 70 "
+ "00 02 00 00 "
+ "01 05 " # group: S-1-5-21-b-c-d-e
+ "00 00 00 00 00 05 "
+ "15 00 00 00 "
+ "51 d7 cf 86 "
+ "f9 1b ef 93 "
+ "c3 53 ea 70 "
+ "00 02 00 00 "
+ # SACL
+ "04 00 " # sacl v4
+ "78 00 " # sacl size (92)
+ "02 00 " # ace count (2)
+ "00 00 "
+ "07 " # sacl ACE, SYSTEM_AUDIT_OBJECT_ACE_TYPE
+ "5a " # flags
+ "38 00 " # ace size
+ "20 00 00 00 " # mask
+ "03 00 00 00 " # flags
+ "be 3b 0e f3 f0 9f d1 11 " # object type GUID
+ "b6 03 00 00 f8 03 67 c1 "
+ "a5 7a 96 bf e6 0d d0 11 " # inherited type GUID
+ "a2 85 00 aa 00 30 49 e2 "
+ "01 01 " # S-1- (1 subauth)
+ "00 00 00 00 00 01 " # 1-
+ "00 00 00 00 " # 0
+ "07 " # sacl ACE, SYSTEM_AUDIT_OBJECT_ACE_TYPE
+ "5a " # flags
+ "38 00 " # size
+ "20 00 00 00 " # mask
+ "03 00 00 00 " #flags
+ "bf 3b 0e f3 f0 9f d1 11 " # objct GUID
+ "b6 03 00 00 f8 03 67 c1 "
+ "a5 7a 96 bf e6 0d d0 11 " # inherited GUID
+ "a2 85 00 aa 00 30 49 e2 "
+ "01 01 " # S-1- (1 subauth)
+ "00 00 00 00 00 01 " # 1-
+ "00 00 00 00 " # 0
+ # DACL
+ "04 00 " # dacl v4
+ "10 02 " # dacl size (528)
+ "0d 00 " # 13 aces
+ "00 00 "
+ "00 " # ACCESS_ALLOWED_ACE_TYPE
+ "00 " # flags
+ "24 00 " # size
+ "ff 01 0f 00 " # mask
+ "01 05 " # S-1- (5 subauth)
+ "00 00 00 00 00 05 " # 5-
+ "15 00 00 00 " # 21-
+ "51 d7 cf 86 "
+ "f9 1b ef 93 "
+ "c3 53 ea 70 "
+ "00 02 00 00 "
+ "00 " # ACCESS_ALLOWED_ACE_TYPE
+ "00 "
+ "14 00 "
+ "ff 01 0f 00 "
+ "01 01 " # S-1-5-18
+ "00 00 00 00 00 05 "
+ "12 00 00 00 "
+ "00 " # ACCESS_ALLOWED_ACE_TYPE
+ "00 "
+ "14 00 "
+ "94 00 02 00 "
+ "01 01 " # S-1-5-11
+ "00 00 00 00 00 05 "
+ "0b 00 00 00 "
+ "00 " # ACCESS_ALLOWED_ACE_TYPE
+ "12 " # flags
+ "24 00 "
+ "ff 01 0f 00 "
+ "01 05 " # S-1-5-a-b-c-d-e
+ "00 00 00 00 00 05 "
+ "15 00 00 00 "
+ "51 d7 cf 86 "
+ "f9 1b ef 93 "
+ "c3 53 ea 70 "
+ "07 02 00 00 "
+ "00 " # ACCESS_ALLOWED_ACE_TYPE
+ "12 " # flags
+ "18 00 "
+ "bd 01 0f 00 "
+ "01 02 " # S-1-5-32-544
+ "00 00 00 00 00 05 "
+ "20 00 00 00 "
+ "20 02 00 00 "
+ "00 " # ACCESS_ALLOWED_ACE_TYPE
+ "12 " # flags
+ "18 00 "
+ "04 00 00 00 "
+ "01 02 " # S-1-5-32-554
+ "00 00 00 00 00 05 "
+ "20 00 00 00 "
+ "2a 02 00 00 "
+ "05 " # ACCESS_ALLOWED_OBJECT_ACE_TYPE
+ "1a "
+ "38 00 " # size 56
+ "08 00 00 00 " # mask
+ "03 00 00 00 " # flags: object and inherited present
+ "a6 6d 02 9b 3c 0d 5c 46 " # object GUID
+ "8b ee 51 99 d7 16 5c ba "
+ "86 7a 96 bf e6 0d d0 11 " # inherited GUID
+ "a2 85 00 aa 00 30 49 e2 "
+ "01 01 " # S-1-3-0
+ "00 00 00 00 00 03 "
+ "00 00 00 00 "
+ "05 " # ACCESS_ALLOWED_OBJECT_ACE_TYPE
+ "12 "
+ "28 00 " # size 40
+ "30 00 00 00 " # mask
+ "01 00 00 00 " # flags: object present
+ "e5 c3 78 3f 9a f7 bd 46 " # object GUID
+ "a0 b8 9d 18 11 6d dc 79 "
+ "01 01 " # S-1-5-10
+ "00 00 00 00 00 05 "
+ "0a 00 00 00 "
+ "05 "
+ "12 "
+ "28 00 "
+ "30 01 00 00 "
+ "01 00 00 00 " # flags: object present
+ "de 47 e6 91 6f d9 70 4b " # object GUID
+ "95 57 d6 3f f4 f3 cc d8 "
+ "01 01 " # S-1-5-10
+ "00 00 00 00 00 05 "
+ "0a 00 00 00 "
+ "05 "
+ "1a "
+ "38 00 " # size 56
+ "08 00 00 00 "
+ "03 00 00 00 " # flags both present
+ "a6 6d 02 9b 3c 0d 5c 46 "
+ "8b ee 51 99 d7 16 5c ba "
+ "86 7a 96 bf e6 0d d0 11 "
+ "a2 85 00 aa 00 30 49 e2 "
+ "01 01 " # S-1-5-10
+ "00 00 00 00 00 05 "
+ "0a 00 00 00 "
+ "05 "
+ "1a "
+ "38 00 " # size 56
+ "20 00 00 00 "
+ "03 00 00 00 "
+ "93 7b 1b ea 48 5e d5 46 "
+ "bc 6c 4d f4 fd a7 8a 35 "
+ "86 7a 96 bf e6 0d d0 11 "
+ "a2 85 00 aa 00 30 49 e2 "
+ "01 01 " # S-1-5-10
+ "00 00 00 00 00 05 "
+ "0a 00 00 00 "
+ "05 "
+ "12 "
+ "38 00 " # size 56
+ "30 00 00 00 "
+ "01 00 00 00 " # only object GUI present
+ "0f d6 47 5b 90 60 b2 40 "
+ "9f 37 2a 4d e8 8f 30 63 "
+ "01 05 " # S-1-5-21-b-c-d-e
+ "00 00 00 00 00 05 "
+ "15 00 00 00 "
+ "51 d7 cf 86 "
+ "f9 1b ef 93 "
+ "c3 53 ea 70 "
+ "0e 02 00 00 "
+ "05 "
+ "12 "
+ "38 00 " # size 56
+ "30 00 00 00 "
+ "01 00 00 00 "
+ "0f d6 47 5b 90 60 b2 40 "
+ "9f 37 2a 4d e8 8f 30 63 "
+ "01 05 " # S-1-5-21-b-c-d-e
+ "00 00 00 00 00 05 "
+ "15 00 00 00 "
+ "51 d7 cf 86 "
+ "f9 1b ef 93 "
+ "c3 53 ea 70 "
+ "0f 02 00 00"
+ ),
+ "sd_02": (
--
Samba Shared Repository
