Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org --- config/rootfiles/packages/aarch64/samba | 820 ++ config/rootfiles/packages/armv5tel/samba | 820 ++ config/rootfiles/packages/i586/samba | 820 ++ config/rootfiles/packages/samba | 229 - config/rootfiles/packages/x86_64/samba | 820 ++ lfs/samba | 115 +- .../samba/CVE-2015-5252-v3-6-bso11395.patch | 44 - .../samba/CVE-2015-5296-v3-6-bso11536.patch | 113 - .../samba/CVE-2015-5299-v3-6-bso11529.patch | 98 - .../samba/CVE-2015-5330-v3-6-bso11599.patch | 214 - src/patches/samba/CVE-2015-5370-v3-6.patch | 3080 -------- src/patches/samba/CVE-2015-7560-v3-6.patch | 341 - src/patches/samba/CVE-2016-2110-v3-6.patch | 670 -- src/patches/samba/CVE-2016-2111-v3-6.patch | 1058 --- src/patches/samba/CVE-2016-2112-v3-6.patch | 184 - src/patches/samba/CVE-2016-2115-v3-6.patch | 359 - src/patches/samba/CVE-2016-2118-v3-6.patch | 629 -- src/patches/samba/CVE-2016-2125-v3.6.patch | 46 - src/patches/samba/CVE-2016-2126-v3.6.patch | 80 - src/patches/samba/CVE-2017-12150-v3-6.patch | 102 - src/patches/samba/CVE-2017-12163.patch | 141 - src/patches/samba/CVE-2017-15275.patch | 45 - src/patches/samba/CVE-2017-2619.patch | 1328 ---- src/patches/samba/CVE-2017-7494-v3-6.patch | 32 - src/patches/samba/CVE-preparation-v3-6.patch | 6976 ----------------- src/patches/samba/doc-update.patch | 2538 ------ .../samba/samba-3.2.0pre1-grouppwd.patch | 13 - .../samba/samba-3.2.0pre1-pipedir.patch | 13 - src/patches/samba/samba-3.2.5-inotify.patch | 49 - src/patches/samba/samba-3.5.11-docs.patch | 70 - .../samba/samba-3.5.11-idmapdebug.patch | 26 - .../samba/samba-3.5.11-nss_info_doc.patch | 75 - .../samba/samba-3.5.11-wbinfo_manpage.patch | 65 - src/patches/samba/samba-3.5.12-dns.patch | 27 - .../samba/samba-3.5.12-pam_radio_type.patch | 31 - ...mba-3.6.18-fix_net_ads_join_segfault.patch | 40 - .../samba/samba-3.6.19-valid_users_doc.patch | 53 - .../samba-3.6.23-fix_libads_krb5_ipv6.patch | 788 -- src/patches/samba/samba-3.6.23-gecos.patch | 42 - .../samba/samba-3.6.23-glusterfs.patch | 2318 ------ .../samba/samba-3.6.23-libsmbclient.patch | 36 - .../samba-3.6.26-smb2_case_sensitive.patch | 118 - ....6.99-2110-ntlmssp-session-setup-nas.patch | 39 - .../samba-3.6.99-add_spoolss_os_version.patch | 53 - ...6.99-add_timeout_option_to_smbclient.patch | 147 - ....6.99-asserted_identity_sid-S-1-18-1.patch | 223 - .../samba/samba-3.6.99-bug-1117059.patch | 86 - .../samba/samba-3.6.99-bug-1192211.patch | 42 - ...3.6.99-doc_netbios_name_length_limit.patch | 257 - .../samba-3.6.99-fix_dirsort_ea-support.patch | 314 - .../samba-3.6.99-fix_dropbox_share.patch | 271 - .../samba/samba-3.6.99-fix_force_group.patch | 68 - ...ix_force_user_winbind_default_domain.patch | 58 - ....99-fix_force_user_with_security_ads.patch | 1292 --- .../samba-3.6.99-fix_gecos_interactive.patch | 922 --- ...-fix_group_expansion_in_service_path.patch | 46 - ...x_group_expansion_with_nss_templates.patch | 376 - ...a-3.6.99-fix_keytab_null_termination.patch | 37 - ...6.99-fix_lookups_with_one_way_trusts.patch | 37 - ...ba-3.6.99-fix_mangling_hash_segfault.patch | 38 - ...amba-3.6.99-fix_map_to_guest_bad_uid.patch | 76 - ...fix_member_auth_after_changed_secret.patch | 89 - ...a-3.6.99-fix_memleak_in_printer_list.patch | 34 - ....99-fix_memleak_winbind_cached_creds.patch | 46 - ...9-fix_nbt_query_with_many_components.patch | 35 - ....99-fix_pam_winbind_parsing_segfault.patch | 112 - ...-3.6.99-fix_printcap_cpu_utilization.patch | 958 --- ...samba-3.6.99-fix_rpc_query_user_list.patch | 37 - ...3.6.99-fix_rpcclient_timeout_command.patch | 73 - ....99-fix_security_server_share_access.patch | 70 - ...-3.6.99-fix_setup_domain_child_logic.patch | 186 - .../samba/samba-3.6.99-fix_smb_conf_doc.patch | 51 - ...mba-3.6.99-fix_smbclient_ntlmv2_auth.patch | 116 - ...-fix_stale_printer_entries_on_rename.patch | 55 - ...amba-3.6.99-fix_symlink_verification.patch | 111 - ...ba-3.6.99-fix_usergroup_cache_lookup.patch | 397 - ...3.6.99-fix_winbind_cache_memory_leak.patch | 29 - .../samba/samba-3.6.99-idmap_ad_memleak.patch | 28 - ...ba-3.6.99-libsmb_fix_dfs_connections.patch | 47 - ...a-3.6.99-net_ads_join_no_dns_updates.patch | 101 - ...samba-3.6.99-nt_printer_publish_guid.patch | 620 -- ...amba-3.6.99-nt_printer_unpublish_fix.patch | 75 - ...-winbind_fix_trusted_domain_handling.patch | 432 - .../samba-3.6.x-winbind_tevent_poll.patch | 308 - 84 files changed, 3293 insertions(+), 30565 deletions(-) create mode 100644 config/rootfiles/packages/aarch64/samba create mode 100644 config/rootfiles/packages/armv5tel/samba create mode 100644 config/rootfiles/packages/i586/samba delete mode 100644 config/rootfiles/packages/samba create mode 100644 config/rootfiles/packages/x86_64/samba delete mode 100644 src/patches/samba/CVE-2015-5252-v3-6-bso11395.patch delete mode 100644 src/patches/samba/CVE-2015-5296-v3-6-bso11536.patch delete mode 100644 src/patches/samba/CVE-2015-5299-v3-6-bso11529.patch delete mode 100644 src/patches/samba/CVE-2015-5330-v3-6-bso11599.patch delete mode 100644 src/patches/samba/CVE-2015-5370-v3-6.patch delete mode 100644 src/patches/samba/CVE-2015-7560-v3-6.patch delete mode 100644 src/patches/samba/CVE-2016-2110-v3-6.patch delete mode 100644 src/patches/samba/CVE-2016-2111-v3-6.patch delete mode 100644 src/patches/samba/CVE-2016-2112-v3-6.patch delete mode 100644 src/patches/samba/CVE-2016-2115-v3-6.patch delete mode 100644 src/patches/samba/CVE-2016-2118-v3-6.patch delete mode 100644 src/patches/samba/CVE-2016-2125-v3.6.patch delete mode 100644 src/patches/samba/CVE-2016-2126-v3.6.patch delete mode 100644 src/patches/samba/CVE-2017-12150-v3-6.patch delete mode 100644 src/patches/samba/CVE-2017-12163.patch delete mode 100644 src/patches/samba/CVE-2017-15275.patch delete mode 100644 src/patches/samba/CVE-2017-2619.patch delete mode 100644 src/patches/samba/CVE-2017-7494-v3-6.patch delete mode 100644 src/patches/samba/CVE-preparation-v3-6.patch delete mode 100644 src/patches/samba/doc-update.patch delete mode 100644 src/patches/samba/samba-3.2.0pre1-grouppwd.patch delete mode 100644 src/patches/samba/samba-3.2.0pre1-pipedir.patch delete mode 100644 src/patches/samba/samba-3.2.5-inotify.patch delete mode 100644 src/patches/samba/samba-3.5.11-docs.patch delete mode 100644 src/patches/samba/samba-3.5.11-idmapdebug.patch delete mode 100644 src/patches/samba/samba-3.5.11-nss_info_doc.patch delete mode 100644 src/patches/samba/samba-3.5.11-wbinfo_manpage.patch delete mode 100644 src/patches/samba/samba-3.5.12-dns.patch delete mode 100644 src/patches/samba/samba-3.5.12-pam_radio_type.patch delete mode 100644 src/patches/samba/samba-3.6.18-fix_net_ads_join_segfault.patch delete mode 100644 src/patches/samba/samba-3.6.19-valid_users_doc.patch delete mode 100644 src/patches/samba/samba-3.6.23-fix_libads_krb5_ipv6.patch delete mode 100644 src/patches/samba/samba-3.6.23-gecos.patch delete mode 100644 src/patches/samba/samba-3.6.23-glusterfs.patch delete mode 100644 src/patches/samba/samba-3.6.23-libsmbclient.patch delete mode 100644 src/patches/samba/samba-3.6.26-smb2_case_sensitive.patch delete mode 100644 src/patches/samba/samba-3.6.99-2110-ntlmssp-session-setup-nas.patch delete mode 100644 src/patches/samba/samba-3.6.99-add_spoolss_os_version.patch delete mode 100644 src/patches/samba/samba-3.6.99-add_timeout_option_to_smbclient.patch delete mode 100644 src/patches/samba/samba-3.6.99-asserted_identity_sid-S-1-18-1.patch delete mode 100644 src/patches/samba/samba-3.6.99-bug-1117059.patch delete mode 100644 src/patches/samba/samba-3.6.99-bug-1192211.patch delete mode 100644 src/patches/samba/samba-3.6.99-doc_netbios_name_length_limit.patch delete mode 100644 src/patches/samba/samba-3.6.99-fix_dirsort_ea-support.patch delete mode 100644 src/patches/samba/samba-3.6.99-fix_dropbox_share.patch delete mode 100644 src/patches/samba/samba-3.6.99-fix_force_group.patch delete mode 100644 src/patches/samba/samba-3.6.99-fix_force_user_winbind_default_domain.patch delete mode 100644 src/patches/samba/samba-3.6.99-fix_force_user_with_security_ads.patch delete mode 100644 src/patches/samba/samba-3.6.99-fix_gecos_interactive.patch delete mode 100644 src/patches/samba/samba-3.6.99-fix_group_expansion_in_service_path.patch delete mode 100644 src/patches/samba/samba-3.6.99-fix_group_expansion_with_nss_templates.patch delete mode 100644 src/patches/samba/samba-3.6.99-fix_keytab_null_termination.patch delete mode 100644 src/patches/samba/samba-3.6.99-fix_lookups_with_one_way_trusts.patch delete mode 100644 src/patches/samba/samba-3.6.99-fix_mangling_hash_segfault.patch delete mode 100644 src/patches/samba/samba-3.6.99-fix_map_to_guest_bad_uid.patch delete mode 100644 src/patches/samba/samba-3.6.99-fix_member_auth_after_changed_secret.patch delete mode 100644 src/patches/samba/samba-3.6.99-fix_memleak_in_printer_list.patch delete mode 100644 src/patches/samba/samba-3.6.99-fix_memleak_winbind_cached_creds.patch delete mode 100644 src/patches/samba/samba-3.6.99-fix_nbt_query_with_many_components.patch delete mode 100644 src/patches/samba/samba-3.6.99-fix_pam_winbind_parsing_segfault.patch delete mode 100644 src/patches/samba/samba-3.6.99-fix_printcap_cpu_utilization.patch delete mode 100644 src/patches/samba/samba-3.6.99-fix_rpc_query_user_list.patch delete mode 100644 src/patches/samba/samba-3.6.99-fix_rpcclient_timeout_command.patch delete mode 100644 src/patches/samba/samba-3.6.99-fix_security_server_share_access.patch delete mode 100644 src/patches/samba/samba-3.6.99-fix_setup_domain_child_logic.patch delete mode 100644 src/patches/samba/samba-3.6.99-fix_smb_conf_doc.patch delete mode 100644 src/patches/samba/samba-3.6.99-fix_smbclient_ntlmv2_auth.patch delete mode 100644 src/patches/samba/samba-3.6.99-fix_stale_printer_entries_on_rename.patch delete mode 100644 src/patches/samba/samba-3.6.99-fix_symlink_verification.patch delete mode 100644 src/patches/samba/samba-3.6.99-fix_usergroup_cache_lookup.patch delete mode 100644 src/patches/samba/samba-3.6.99-fix_winbind_cache_memory_leak.patch delete mode 100644 src/patches/samba/samba-3.6.99-idmap_ad_memleak.patch delete mode 100644 src/patches/samba/samba-3.6.99-libsmb_fix_dfs_connections.patch delete mode 100644 src/patches/samba/samba-3.6.99-net_ads_join_no_dns_updates.patch delete mode 100644 src/patches/samba/samba-3.6.99-nt_printer_publish_guid.patch delete mode 100644 src/patches/samba/samba-3.6.99-nt_printer_unpublish_fix.patch delete mode 100644 src/patches/samba/samba-3.6.99-winbind_fix_trusted_domain_handling.patch delete mode 100644 src/patches/samba/samba-3.6.x-winbind_tevent_poll.patch
diff --git a/config/rootfiles/packages/aarch64/samba b/config/rootfiles/packages/aarch64/samba new file mode 100644 index 000000000..630ec9da8 --- /dev/null +++ b/config/rootfiles/packages/aarch64/samba @@ -0,0 +1,820 @@ +etc/rc.d/init.d/samba +usr/bin/cifsdd +usr/bin/dbwrap_tool +usr/bin/findsmb +usr/bin/gentest +usr/bin/ldbadd +usr/bin/ldbdel +usr/bin/ldbedit +usr/bin/ldbmodify +usr/bin/ldbrename +usr/bin/ldbsearch +usr/bin/locktest +usr/bin/masktest +usr/bin/mdfind +usr/bin/mvxattr +usr/bin/ndrdump +usr/bin/net +usr/bin/nmblookup +usr/bin/ntlm_auth +usr/bin/oLschema2ldif +usr/bin/pdbedit +usr/bin/profiles +usr/bin/regdiff +usr/bin/regpatch +usr/bin/regshell +usr/bin/regtree +usr/bin/rpcclient +usr/bin/samba-regedit +usr/bin/sharesec +usr/bin/smbcacls +usr/bin/smbclient +usr/bin/smbcontrol +usr/bin/smbcquotas +usr/bin/smbget +usr/bin/smbpasswd +usr/bin/smbspool +usr/bin/smbstatus +usr/bin/smbtar +usr/bin/smbtorture +usr/bin/smbtree +usr/bin/tdbbackup +usr/bin/tdbdump +usr/bin/tdbrestore +usr/bin/tdbtool +usr/bin/testparm +usr/bin/wbinfo +#usr/include/samba-4.0 +#usr/include/samba-4.0/charset.h +#usr/include/samba-4.0/core +#usr/include/samba-4.0/core/doserr.h +#usr/include/samba-4.0/core/error.h +#usr/include/samba-4.0/core/hresult.h +#usr/include/samba-4.0/core/ntstatus.h +#usr/include/samba-4.0/core/ntstatus_gen.h +#usr/include/samba-4.0/core/werror.h +#usr/include/samba-4.0/core/werror_gen.h +#usr/include/samba-4.0/credentials.h +#usr/include/samba-4.0/dcerpc.h +#usr/include/samba-4.0/dcesrv_core.h +#usr/include/samba-4.0/domain_credentials.h +#usr/include/samba-4.0/gen_ndr +#usr/include/samba-4.0/gen_ndr/atsvc.h +#usr/include/samba-4.0/gen_ndr/auth.h +#usr/include/samba-4.0/gen_ndr/dcerpc.h +#usr/include/samba-4.0/gen_ndr/drsblobs.h +#usr/include/samba-4.0/gen_ndr/drsuapi.h +#usr/include/samba-4.0/gen_ndr/krb5pac.h +#usr/include/samba-4.0/gen_ndr/lsa.h +#usr/include/samba-4.0/gen_ndr/misc.h +#usr/include/samba-4.0/gen_ndr/nbt.h +#usr/include/samba-4.0/gen_ndr/ndr_atsvc.h +#usr/include/samba-4.0/gen_ndr/ndr_dcerpc.h +#usr/include/samba-4.0/gen_ndr/ndr_drsblobs.h +#usr/include/samba-4.0/gen_ndr/ndr_drsuapi.h +#usr/include/samba-4.0/gen_ndr/ndr_krb5pac.h +#usr/include/samba-4.0/gen_ndr/ndr_misc.h +#usr/include/samba-4.0/gen_ndr/ndr_nbt.h +#usr/include/samba-4.0/gen_ndr/ndr_samr.h +#usr/include/samba-4.0/gen_ndr/ndr_samr_c.h +#usr/include/samba-4.0/gen_ndr/ndr_svcctl.h +#usr/include/samba-4.0/gen_ndr/ndr_svcctl_c.h +#usr/include/samba-4.0/gen_ndr/netlogon.h +#usr/include/samba-4.0/gen_ndr/samr.h +#usr/include/samba-4.0/gen_ndr/security.h +#usr/include/samba-4.0/gen_ndr/server_id.h +#usr/include/samba-4.0/gen_ndr/svcctl.h +#usr/include/samba-4.0/ldb_wrap.h +#usr/include/samba-4.0/libsmbclient.h +#usr/include/samba-4.0/lookup_sid.h +#usr/include/samba-4.0/machine_sid.h +#usr/include/samba-4.0/ndr +#usr/include/samba-4.0/ndr.h +#usr/include/samba-4.0/ndr/ndr_dcerpc.h +#usr/include/samba-4.0/ndr/ndr_drsblobs.h +#usr/include/samba-4.0/ndr/ndr_drsuapi.h +#usr/include/samba-4.0/ndr/ndr_krb5pac.h +#usr/include/samba-4.0/ndr/ndr_nbt.h +#usr/include/samba-4.0/ndr/ndr_svcctl.h +#usr/include/samba-4.0/netapi.h +#usr/include/samba-4.0/param.h +#usr/include/samba-4.0/passdb.h +#usr/include/samba-4.0/policy.h +#usr/include/samba-4.0/rpc_common.h +#usr/include/samba-4.0/samba +#usr/include/samba-4.0/samba/session.h +#usr/include/samba-4.0/samba/version.h +#usr/include/samba-4.0/share.h +#usr/include/samba-4.0/smb2_lease_struct.h +#usr/include/samba-4.0/smb_ldap.h +#usr/include/samba-4.0/smbconf.h +#usr/include/samba-4.0/smbldap.h +#usr/include/samba-4.0/tdr.h +#usr/include/samba-4.0/tsocket.h +#usr/include/samba-4.0/tsocket_internal.h +#usr/include/samba-4.0/util +#usr/include/samba-4.0/util/attr.h +#usr/include/samba-4.0/util/blocking.h +#usr/include/samba-4.0/util/data_blob.h +#usr/include/samba-4.0/util/debug.h +#usr/include/samba-4.0/util/discard.h +#usr/include/samba-4.0/util/fault.h +#usr/include/samba-4.0/util/genrand.h +#usr/include/samba-4.0/util/idtree.h +#usr/include/samba-4.0/util/idtree_random.h +#usr/include/samba-4.0/util/signal.h +#usr/include/samba-4.0/util/string_wrappers.h +#usr/include/samba-4.0/util/substitute.h +#usr/include/samba-4.0/util/tevent_ntstatus.h +#usr/include/samba-4.0/util/tevent_unix.h +#usr/include/samba-4.0/util/tevent_werror.h +#usr/include/samba-4.0/util/tfork.h +#usr/include/samba-4.0/util/time.h +#usr/include/samba-4.0/util_ldb.h +#usr/include/samba-4.0/wbclient.h +usr/lib/libdcerpc-binding.so +usr/lib/libdcerpc-binding.so.0 +usr/lib/libdcerpc-binding.so.0.0.1 +usr/lib/libdcerpc-samr.so +usr/lib/libdcerpc-samr.so.0 +usr/lib/libdcerpc-samr.so.0.0.1 +usr/lib/libdcerpc-server-core.so +usr/lib/libdcerpc-server-core.so.0 +usr/lib/libdcerpc-server-core.so.0.0.1 +usr/lib/libdcerpc.so +usr/lib/libdcerpc.so.0 +usr/lib/libdcerpc.so.0.0.1 +usr/lib/libndr-krb5pac.so +usr/lib/libndr-krb5pac.so.0 +usr/lib/libndr-krb5pac.so.0.0.1 +usr/lib/libndr-nbt.so +usr/lib/libndr-nbt.so.0 +usr/lib/libndr-nbt.so.0.0.1 +usr/lib/libndr-standard.so +usr/lib/libndr-standard.so.0 +usr/lib/libndr-standard.so.0.0.1 +usr/lib/libndr.so +usr/lib/libndr.so.1 +usr/lib/libndr.so.1.0.0 +usr/lib/libnetapi.so +usr/lib/libnetapi.so.0 +usr/lib/libnss_winbind.so +usr/lib/libnss_winbind.so.2 +usr/lib/libnss_wins.so +usr/lib/libnss_wins.so.2 +usr/lib/libsamba-credentials.so +usr/lib/libsamba-credentials.so.0 +usr/lib/libsamba-credentials.so.0.0.1 +usr/lib/libsamba-errors.so +usr/lib/libsamba-errors.so.1 +usr/lib/libsamba-hostconfig.so +usr/lib/libsamba-hostconfig.so.0 +usr/lib/libsamba-hostconfig.so.0.0.1 +usr/lib/libsamba-passdb.so +usr/lib/libsamba-passdb.so.0 +usr/lib/libsamba-passdb.so.0.28.0 +usr/lib/libsamba-policy.cpython-38-aarch64-linux-gnu.so +usr/lib/libsamba-policy.cpython-38-aarch64-linux-gnu.so.0 +usr/lib/libsamba-policy.cpython-38-aarch64-linux-gnu.so.0.0.1 +usr/lib/libsamba-util.so +usr/lib/libsamba-util.so.0 +usr/lib/libsamba-util.so.0.0.1 +usr/lib/libsamdb.so +usr/lib/libsamdb.so.0 +usr/lib/libsamdb.so.0.0.1 +usr/lib/libsmbclient.so +usr/lib/libsmbclient.so.0 +usr/lib/libsmbclient.so.0.6.0 +usr/lib/libsmbconf.so +usr/lib/libsmbconf.so.0 +usr/lib/libsmbldap.so +usr/lib/libsmbldap.so.2 +usr/lib/libtevent-util.so +usr/lib/libtevent-util.so.0 +usr/lib/libtevent-util.so.0.0.1 +usr/lib/libwbclient.so +usr/lib/libwbclient.so.0 +usr/lib/libwbclient.so.0.15 +#usr/lib/pkgconfig/dcerpc.pc +#usr/lib/pkgconfig/dcerpc_samr.pc +#usr/lib/pkgconfig/ndr.pc +#usr/lib/pkgconfig/ndr_krb5pac.pc +#usr/lib/pkgconfig/ndr_nbt.pc +#usr/lib/pkgconfig/ndr_standard.pc +#usr/lib/pkgconfig/netapi.pc +#usr/lib/pkgconfig/samba-credentials.pc +#usr/lib/pkgconfig/samba-hostconfig.pc +#usr/lib/pkgconfig/samba-policy.cpython-38-aarch64-linux-gnu.pc +#usr/lib/pkgconfig/samba-util.pc +#usr/lib/pkgconfig/samdb.pc +#usr/lib/pkgconfig/smbclient.pc +#usr/lib/pkgconfig/wbclient.pc +usr/lib/python3.8/site-packages/_ldb_text.py +usr/lib/python3.8/site-packages/_tdb_text.py +usr/lib/python3.8/site-packages/_tevent.cpython-38-aarch64-linux-gnu.so +usr/lib/python3.8/site-packages/ldb.cpython-38-aarch64-linux-gnu.so +#usr/lib/python3.8/site-packages/samba +usr/lib/python3.8/site-packages/samba/__init__.py +usr/lib/python3.8/site-packages/samba/_glue.cpython-38-aarch64-linux-gnu.so +usr/lib/python3.8/site-packages/samba/_ldb.cpython-38-aarch64-linux-gnu.so +usr/lib/python3.8/site-packages/samba/auth.cpython-38-aarch64-linux-gnu.so +usr/lib/python3.8/site-packages/samba/auth_util.py +usr/lib/python3.8/site-packages/samba/colour.py +usr/lib/python3.8/site-packages/samba/common.py +usr/lib/python3.8/site-packages/samba/compat.py +usr/lib/python3.8/site-packages/samba/credentials.cpython-38-aarch64-linux-gnu.so +usr/lib/python3.8/site-packages/samba/crypto.cpython-38-aarch64-linux-gnu.so +usr/lib/python3.8/site-packages/samba/dbchecker.py +#usr/lib/python3.8/site-packages/samba/dcerpc +usr/lib/python3.8/site-packages/samba/dcerpc/__init__.py +usr/lib/python3.8/site-packages/samba/dcerpc/atsvc.cpython-38-aarch64-linux-gnu.so +usr/lib/python3.8/site-packages/samba/dcerpc/auth.cpython-38-aarch64-linux-gnu.so +usr/lib/python3.8/site-packages/samba/dcerpc/base.cpython-38-aarch64-linux-gnu.so +usr/lib/python3.8/site-packages/samba/dcerpc/dcerpc.cpython-38-aarch64-linux-gnu.so +usr/lib/python3.8/site-packages/samba/dcerpc/dfs.cpython-38-aarch64-linux-gnu.so +usr/lib/python3.8/site-packages/samba/dcerpc/dns.cpython-38-aarch64-linux-gnu.so +usr/lib/python3.8/site-packages/samba/dcerpc/dnsp.cpython-38-aarch64-linux-gnu.so +usr/lib/python3.8/site-packages/samba/dcerpc/dnsserver.cpython-38-aarch64-linux-gnu.so +usr/lib/python3.8/site-packages/samba/dcerpc/drsblobs.cpython-38-aarch64-linux-gnu.so +usr/lib/python3.8/site-packages/samba/dcerpc/drsuapi.cpython-38-aarch64-linux-gnu.so +usr/lib/python3.8/site-packages/samba/dcerpc/echo.cpython-38-aarch64-linux-gnu.so +usr/lib/python3.8/site-packages/samba/dcerpc/epmapper.cpython-38-aarch64-linux-gnu.so +usr/lib/python3.8/site-packages/samba/dcerpc/idmap.cpython-38-aarch64-linux-gnu.so +usr/lib/python3.8/site-packages/samba/dcerpc/initshutdown.cpython-38-aarch64-linux-gnu.so +usr/lib/python3.8/site-packages/samba/dcerpc/irpc.cpython-38-aarch64-linux-gnu.so +usr/lib/python3.8/site-packages/samba/dcerpc/krb5pac.cpython-38-aarch64-linux-gnu.so +usr/lib/python3.8/site-packages/samba/dcerpc/lsa.cpython-38-aarch64-linux-gnu.so +usr/lib/python3.8/site-packages/samba/dcerpc/mdssvc.cpython-38-aarch64-linux-gnu.so +usr/lib/python3.8/site-packages/samba/dcerpc/messaging.cpython-38-aarch64-linux-gnu.so +usr/lib/python3.8/site-packages/samba/dcerpc/mgmt.cpython-38-aarch64-linux-gnu.so +usr/lib/python3.8/site-packages/samba/dcerpc/misc.cpython-38-aarch64-linux-gnu.so +usr/lib/python3.8/site-packages/samba/dcerpc/nbt.cpython-38-aarch64-linux-gnu.so +usr/lib/python3.8/site-packages/samba/dcerpc/netlogon.cpython-38-aarch64-linux-gnu.so +usr/lib/python3.8/site-packages/samba/dcerpc/ntlmssp.cpython-38-aarch64-linux-gnu.so +usr/lib/python3.8/site-packages/samba/dcerpc/preg.cpython-38-aarch64-linux-gnu.so +usr/lib/python3.8/site-packages/samba/dcerpc/samr.cpython-38-aarch64-linux-gnu.so +usr/lib/python3.8/site-packages/samba/dcerpc/security.cpython-38-aarch64-linux-gnu.so +usr/lib/python3.8/site-packages/samba/dcerpc/server_id.cpython-38-aarch64-linux-gnu.so +usr/lib/python3.8/site-packages/samba/dcerpc/smb_acl.cpython-38-aarch64-linux-gnu.so +usr/lib/python3.8/site-packages/samba/dcerpc/spoolss.cpython-38-aarch64-linux-gnu.so +usr/lib/python3.8/site-packages/samba/dcerpc/srvsvc.cpython-38-aarch64-linux-gnu.so +usr/lib/python3.8/site-packages/samba/dcerpc/svcctl.cpython-38-aarch64-linux-gnu.so +usr/lib/python3.8/site-packages/samba/dcerpc/unixinfo.cpython-38-aarch64-linux-gnu.so +usr/lib/python3.8/site-packages/samba/dcerpc/winbind.cpython-38-aarch64-linux-gnu.so +usr/lib/python3.8/site-packages/samba/dcerpc/windows_event_ids.cpython-38-aarch64-linux-gnu.so +usr/lib/python3.8/site-packages/samba/dcerpc/winreg.cpython-38-aarch64-linux-gnu.so +usr/lib/python3.8/site-packages/samba/dcerpc/winspool.cpython-38-aarch64-linux-gnu.so +usr/lib/python3.8/site-packages/samba/dcerpc/witness.cpython-38-aarch64-linux-gnu.so +usr/lib/python3.8/site-packages/samba/dcerpc/wkssvc.cpython-38-aarch64-linux-gnu.so +usr/lib/python3.8/site-packages/samba/dcerpc/xattr.cpython-38-aarch64-linux-gnu.so +usr/lib/python3.8/site-packages/samba/descriptor.py +usr/lib/python3.8/site-packages/samba/dnsserver.py +usr/lib/python3.8/site-packages/samba/domain_update.py +usr/lib/python3.8/site-packages/samba/drs_utils.py +#usr/lib/python3.8/site-packages/samba/emulate +usr/lib/python3.8/site-packages/samba/emulate/__init__.py +usr/lib/python3.8/site-packages/samba/emulate/traffic.py +usr/lib/python3.8/site-packages/samba/emulate/traffic_packets.py +usr/lib/python3.8/site-packages/samba/forest_update.py +usr/lib/python3.8/site-packages/samba/gensec.cpython-38-aarch64-linux-gnu.so +usr/lib/python3.8/site-packages/samba/getopt.py +usr/lib/python3.8/site-packages/samba/gp_ext_loader.py +#usr/lib/python3.8/site-packages/samba/gp_parse +usr/lib/python3.8/site-packages/samba/gp_parse/__init__.py +usr/lib/python3.8/site-packages/samba/gp_parse/gp_aas.py +usr/lib/python3.8/site-packages/samba/gp_parse/gp_csv.py +usr/lib/python3.8/site-packages/samba/gp_parse/gp_inf.py +usr/lib/python3.8/site-packages/samba/gp_parse/gp_ini.py +usr/lib/python3.8/site-packages/samba/gp_parse/gp_pol.py +usr/lib/python3.8/site-packages/samba/gp_scripts_ext.py +usr/lib/python3.8/site-packages/samba/gp_sec_ext.py +usr/lib/python3.8/site-packages/samba/gpclass.py +usr/lib/python3.8/site-packages/samba/gpo.cpython-38-aarch64-linux-gnu.so +usr/lib/python3.8/site-packages/samba/graph.py +usr/lib/python3.8/site-packages/samba/hostconfig.py +usr/lib/python3.8/site-packages/samba/idmap.py +usr/lib/python3.8/site-packages/samba/join.py +#usr/lib/python3.8/site-packages/samba/kcc +usr/lib/python3.8/site-packages/samba/kcc/__init__.py +usr/lib/python3.8/site-packages/samba/kcc/debug.py +usr/lib/python3.8/site-packages/samba/kcc/graph.py +usr/lib/python3.8/site-packages/samba/kcc/graph_utils.py +usr/lib/python3.8/site-packages/samba/kcc/kcc_utils.py +usr/lib/python3.8/site-packages/samba/kcc/ldif_import_export.py +usr/lib/python3.8/site-packages/samba/logger.py +usr/lib/python3.8/site-packages/samba/mdb_util.py +usr/lib/python3.8/site-packages/samba/messaging.cpython-38-aarch64-linux-gnu.so +usr/lib/python3.8/site-packages/samba/ms_display_specifiers.py +usr/lib/python3.8/site-packages/samba/ms_forest_updates_markdown.py +usr/lib/python3.8/site-packages/samba/ms_schema.py +usr/lib/python3.8/site-packages/samba/ms_schema_markdown.py +usr/lib/python3.8/site-packages/samba/ndr.py +usr/lib/python3.8/site-packages/samba/net.cpython-38-aarch64-linux-gnu.so +usr/lib/python3.8/site-packages/samba/netbios.cpython-38-aarch64-linux-gnu.so +#usr/lib/python3.8/site-packages/samba/netcmd +usr/lib/python3.8/site-packages/samba/netcmd/__init__.py +usr/lib/python3.8/site-packages/samba/netcmd/common.py +usr/lib/python3.8/site-packages/samba/netcmd/computer.py +usr/lib/python3.8/site-packages/samba/netcmd/contact.py +usr/lib/python3.8/site-packages/samba/netcmd/dbcheck.py +usr/lib/python3.8/site-packages/samba/netcmd/delegation.py +usr/lib/python3.8/site-packages/samba/netcmd/dns.py +usr/lib/python3.8/site-packages/samba/netcmd/domain.py +usr/lib/python3.8/site-packages/samba/netcmd/domain_backup.py +usr/lib/python3.8/site-packages/samba/netcmd/drs.py +usr/lib/python3.8/site-packages/samba/netcmd/dsacl.py +usr/lib/python3.8/site-packages/samba/netcmd/forest.py +usr/lib/python3.8/site-packages/samba/netcmd/fsmo.py +usr/lib/python3.8/site-packages/samba/netcmd/gpo.py +usr/lib/python3.8/site-packages/samba/netcmd/group.py +usr/lib/python3.8/site-packages/samba/netcmd/ldapcmp.py +usr/lib/python3.8/site-packages/samba/netcmd/main.py +usr/lib/python3.8/site-packages/samba/netcmd/nettime.py +usr/lib/python3.8/site-packages/samba/netcmd/ntacl.py +usr/lib/python3.8/site-packages/samba/netcmd/ou.py +usr/lib/python3.8/site-packages/samba/netcmd/processes.py +usr/lib/python3.8/site-packages/samba/netcmd/pso.py +usr/lib/python3.8/site-packages/samba/netcmd/rodc.py +usr/lib/python3.8/site-packages/samba/netcmd/schema.py +usr/lib/python3.8/site-packages/samba/netcmd/sites.py +usr/lib/python3.8/site-packages/samba/netcmd/spn.py +usr/lib/python3.8/site-packages/samba/netcmd/testparm.py +usr/lib/python3.8/site-packages/samba/netcmd/user.py +usr/lib/python3.8/site-packages/samba/netcmd/visualize.py +usr/lib/python3.8/site-packages/samba/ntacls.py +usr/lib/python3.8/site-packages/samba/ntstatus.cpython-38-aarch64-linux-gnu.so +usr/lib/python3.8/site-packages/samba/param.cpython-38-aarch64-linux-gnu.so +usr/lib/python3.8/site-packages/samba/policy.cpython-38-aarch64-linux-gnu.so +usr/lib/python3.8/site-packages/samba/posix_eadb.cpython-38-aarch64-linux-gnu.so +#usr/lib/python3.8/site-packages/samba/provision +usr/lib/python3.8/site-packages/samba/provision/__init__.py +usr/lib/python3.8/site-packages/samba/provision/backend.py +usr/lib/python3.8/site-packages/samba/provision/common.py +usr/lib/python3.8/site-packages/samba/provision/kerberos.py +usr/lib/python3.8/site-packages/samba/provision/kerberos_implementation.py +usr/lib/python3.8/site-packages/samba/provision/sambadns.py +usr/lib/python3.8/site-packages/samba/registry.cpython-38-aarch64-linux-gnu.so +usr/lib/python3.8/site-packages/samba/remove_dc.py +#usr/lib/python3.8/site-packages/samba/samba3 +usr/lib/python3.8/site-packages/samba/samba3/__init__.py +usr/lib/python3.8/site-packages/samba/samba3/libsmb_samba_internal.cpython-38-aarch64-linux-gnu.so +usr/lib/python3.8/site-packages/samba/samba3/mdscli.cpython-38-aarch64-linux-gnu.so +usr/lib/python3.8/site-packages/samba/samba3/param.cpython-38-aarch64-linux-gnu.so +usr/lib/python3.8/site-packages/samba/samba3/passdb.cpython-38-aarch64-linux-gnu.so +usr/lib/python3.8/site-packages/samba/samba3/smbd.cpython-38-aarch64-linux-gnu.so +usr/lib/python3.8/site-packages/samba/samdb.py +usr/lib/python3.8/site-packages/samba/schema.py +usr/lib/python3.8/site-packages/samba/sd_utils.py +usr/lib/python3.8/site-packages/samba/security.cpython-38-aarch64-linux-gnu.so +usr/lib/python3.8/site-packages/samba/sites.py +usr/lib/python3.8/site-packages/samba/subnets.py +#usr/lib/python3.8/site-packages/samba/subunit +usr/lib/python3.8/site-packages/samba/subunit/__init__.py +usr/lib/python3.8/site-packages/samba/subunit/run.py +usr/lib/python3.8/site-packages/samba/tdb_util.py +#usr/lib/python3.8/site-packages/samba/tests +#usr/lib/python3.8/site-packages/samba/tests/__init__.py +#usr/lib/python3.8/site-packages/samba/tests/audit_log_base.py +#usr/lib/python3.8/site-packages/samba/tests/audit_log_dsdb.py +#usr/lib/python3.8/site-packages/samba/tests/audit_log_pass_change.py +#usr/lib/python3.8/site-packages/samba/tests/auth.py +#usr/lib/python3.8/site-packages/samba/tests/auth_log.py +#usr/lib/python3.8/site-packages/samba/tests/auth_log_base.py +#usr/lib/python3.8/site-packages/samba/tests/auth_log_ncalrpc.py +#usr/lib/python3.8/site-packages/samba/tests/auth_log_netlogon.py +#usr/lib/python3.8/site-packages/samba/tests/auth_log_netlogon_bad_creds.py +#usr/lib/python3.8/site-packages/samba/tests/auth_log_pass_change.py +#usr/lib/python3.8/site-packages/samba/tests/auth_log_samlogon.py +#usr/lib/python3.8/site-packages/samba/tests/auth_log_winbind.py +#usr/lib/python3.8/site-packages/samba/tests/blackbox +#usr/lib/python3.8/site-packages/samba/tests/blackbox/__init__.py +#usr/lib/python3.8/site-packages/samba/tests/blackbox/bug13653.py +#usr/lib/python3.8/site-packages/samba/tests/blackbox/check_output.py +#usr/lib/python3.8/site-packages/samba/tests/blackbox/downgradedatabase.py +#usr/lib/python3.8/site-packages/samba/tests/blackbox/mdfind.py +#usr/lib/python3.8/site-packages/samba/tests/blackbox/ndrdump.py +#usr/lib/python3.8/site-packages/samba/tests/blackbox/netads_json.py +#usr/lib/python3.8/site-packages/samba/tests/blackbox/samba_dnsupdate.py +#usr/lib/python3.8/site-packages/samba/tests/blackbox/smbcacls.py +#usr/lib/python3.8/site-packages/samba/tests/blackbox/smbcacls_basic.py +#usr/lib/python3.8/site-packages/samba/tests/blackbox/smbcontrol.py +#usr/lib/python3.8/site-packages/samba/tests/blackbox/smbcontrol_process.py +#usr/lib/python3.8/site-packages/samba/tests/blackbox/traffic_learner.py +#usr/lib/python3.8/site-packages/samba/tests/blackbox/traffic_replay.py +#usr/lib/python3.8/site-packages/samba/tests/blackbox/traffic_summary.py +#usr/lib/python3.8/site-packages/samba/tests/common.py +#usr/lib/python3.8/site-packages/samba/tests/complex_expressions.py +#usr/lib/python3.8/site-packages/samba/tests/core.py +#usr/lib/python3.8/site-packages/samba/tests/credentials.py +#usr/lib/python3.8/site-packages/samba/tests/dcerpc +#usr/lib/python3.8/site-packages/samba/tests/dcerpc/__init__.py +#usr/lib/python3.8/site-packages/samba/tests/dcerpc/array.py +#usr/lib/python3.8/site-packages/samba/tests/dcerpc/bare.py +#usr/lib/python3.8/site-packages/samba/tests/dcerpc/dnsserver.py +#usr/lib/python3.8/site-packages/samba/tests/dcerpc/integer.py +#usr/lib/python3.8/site-packages/samba/tests/dcerpc/mdssvc.py +#usr/lib/python3.8/site-packages/samba/tests/dcerpc/misc.py +#usr/lib/python3.8/site-packages/samba/tests/dcerpc/raw_protocol.py +#usr/lib/python3.8/site-packages/samba/tests/dcerpc/raw_testcase.py +#usr/lib/python3.8/site-packages/samba/tests/dcerpc/registry.py +#usr/lib/python3.8/site-packages/samba/tests/dcerpc/rpc_talloc.py +#usr/lib/python3.8/site-packages/samba/tests/dcerpc/rpcecho.py +#usr/lib/python3.8/site-packages/samba/tests/dcerpc/sam.py +#usr/lib/python3.8/site-packages/samba/tests/dcerpc/srvsvc.py +#usr/lib/python3.8/site-packages/samba/tests/dcerpc/string_tests.py +#usr/lib/python3.8/site-packages/samba/tests/dcerpc/testrpc.py +#usr/lib/python3.8/site-packages/samba/tests/dcerpc/unix.py +#usr/lib/python3.8/site-packages/samba/tests/dckeytab.py +#usr/lib/python3.8/site-packages/samba/tests/dns.py +#usr/lib/python3.8/site-packages/samba/tests/dns_base.py +#usr/lib/python3.8/site-packages/samba/tests/dns_forwarder.py +#usr/lib/python3.8/site-packages/samba/tests/dns_forwarder_helpers +#usr/lib/python3.8/site-packages/samba/tests/dns_forwarder_helpers/server.py +#usr/lib/python3.8/site-packages/samba/tests/dns_invalid.py +#usr/lib/python3.8/site-packages/samba/tests/dns_packet.py +#usr/lib/python3.8/site-packages/samba/tests/dns_tkey.py +#usr/lib/python3.8/site-packages/samba/tests/dns_wildcard.py +#usr/lib/python3.8/site-packages/samba/tests/docs.py +#usr/lib/python3.8/site-packages/samba/tests/domain_backup.py +#usr/lib/python3.8/site-packages/samba/tests/domain_backup_offline.py +#usr/lib/python3.8/site-packages/samba/tests/dsdb.py +#usr/lib/python3.8/site-packages/samba/tests/dsdb_lock.py +#usr/lib/python3.8/site-packages/samba/tests/dsdb_schema_attributes.py +#usr/lib/python3.8/site-packages/samba/tests/emulate +#usr/lib/python3.8/site-packages/samba/tests/emulate/__init__.py +#usr/lib/python3.8/site-packages/samba/tests/emulate/traffic.py +#usr/lib/python3.8/site-packages/samba/tests/emulate/traffic_packet.py +#usr/lib/python3.8/site-packages/samba/tests/encrypted_secrets.py +#usr/lib/python3.8/site-packages/samba/tests/gensec.py +#usr/lib/python3.8/site-packages/samba/tests/get_opt.py +#usr/lib/python3.8/site-packages/samba/tests/getdcname.py +#usr/lib/python3.8/site-packages/samba/tests/glue.py +#usr/lib/python3.8/site-packages/samba/tests/gpo.py +#usr/lib/python3.8/site-packages/samba/tests/graph.py +#usr/lib/python3.8/site-packages/samba/tests/group_audit.py +#usr/lib/python3.8/site-packages/samba/tests/hostconfig.py +#usr/lib/python3.8/site-packages/samba/tests/join.py +#usr/lib/python3.8/site-packages/samba/tests/kcc +#usr/lib/python3.8/site-packages/samba/tests/kcc/__init__.py +#usr/lib/python3.8/site-packages/samba/tests/kcc/graph.py +#usr/lib/python3.8/site-packages/samba/tests/kcc/graph_utils.py +#usr/lib/python3.8/site-packages/samba/tests/kcc/kcc_utils.py +#usr/lib/python3.8/site-packages/samba/tests/kcc/ldif_import_export.py +#usr/lib/python3.8/site-packages/samba/tests/krb5 +#usr/lib/python3.8/site-packages/samba/tests/krb5/kcrypto.py +#usr/lib/python3.8/site-packages/samba/tests/krb5/raw_testcase.py +#usr/lib/python3.8/site-packages/samba/tests/krb5/rfc4120_pyasn1.py +#usr/lib/python3.8/site-packages/samba/tests/krb5/s4u_tests.py +#usr/lib/python3.8/site-packages/samba/tests/krb5/simple_tests.py +#usr/lib/python3.8/site-packages/samba/tests/krb5/xrealm_tests.py +#usr/lib/python3.8/site-packages/samba/tests/krb5_credentials.py +#usr/lib/python3.8/site-packages/samba/tests/ldap_raw.py +#usr/lib/python3.8/site-packages/samba/tests/ldap_referrals.py +#usr/lib/python3.8/site-packages/samba/tests/libsmb.py +#usr/lib/python3.8/site-packages/samba/tests/loadparm.py +#usr/lib/python3.8/site-packages/samba/tests/lsa_string.py +#usr/lib/python3.8/site-packages/samba/tests/messaging.py +#usr/lib/python3.8/site-packages/samba/tests/net_join.py +#usr/lib/python3.8/site-packages/samba/tests/net_join_no_spnego.py +#usr/lib/python3.8/site-packages/samba/tests/netbios.py +#usr/lib/python3.8/site-packages/samba/tests/netcmd.py +#usr/lib/python3.8/site-packages/samba/tests/netlogonsvc.py +#usr/lib/python3.8/site-packages/samba/tests/ntacls.py +#usr/lib/python3.8/site-packages/samba/tests/ntacls_backup.py +#usr/lib/python3.8/site-packages/samba/tests/ntlm_auth.py +#usr/lib/python3.8/site-packages/samba/tests/ntlm_auth_base.py +#usr/lib/python3.8/site-packages/samba/tests/ntlm_auth_krb5.py +#usr/lib/python3.8/site-packages/samba/tests/ntlmdisabled.py +#usr/lib/python3.8/site-packages/samba/tests/pam_winbind.py +#usr/lib/python3.8/site-packages/samba/tests/pam_winbind_chauthtok.py +#usr/lib/python3.8/site-packages/samba/tests/pam_winbind_warn_pwd_expire.py +#usr/lib/python3.8/site-packages/samba/tests/param.py +#usr/lib/python3.8/site-packages/samba/tests/password_hash.py +#usr/lib/python3.8/site-packages/samba/tests/password_hash_fl2003.py +#usr/lib/python3.8/site-packages/samba/tests/password_hash_fl2008.py +#usr/lib/python3.8/site-packages/samba/tests/password_hash_gpgme.py +#usr/lib/python3.8/site-packages/samba/tests/password_hash_ldap.py +#usr/lib/python3.8/site-packages/samba/tests/password_quality.py +#usr/lib/python3.8/site-packages/samba/tests/password_test.py +#usr/lib/python3.8/site-packages/samba/tests/policy.py +#usr/lib/python3.8/site-packages/samba/tests/posixacl.py +#usr/lib/python3.8/site-packages/samba/tests/prefork_restart.py +#usr/lib/python3.8/site-packages/samba/tests/process_limits.py +#usr/lib/python3.8/site-packages/samba/tests/provision.py +#usr/lib/python3.8/site-packages/samba/tests/pso.py +#usr/lib/python3.8/site-packages/samba/tests/py_credentials.py +#usr/lib/python3.8/site-packages/samba/tests/registry.py +#usr/lib/python3.8/site-packages/samba/tests/s3idmapdb.py +#usr/lib/python3.8/site-packages/samba/tests/s3param.py +#usr/lib/python3.8/site-packages/samba/tests/s3passdb.py +#usr/lib/python3.8/site-packages/samba/tests/s3registry.py +#usr/lib/python3.8/site-packages/samba/tests/s3windb.py +#usr/lib/python3.8/site-packages/samba/tests/samba3sam.py +#usr/lib/python3.8/site-packages/samba/tests/samba_tool +#usr/lib/python3.8/site-packages/samba/tests/samba_tool/__init__.py +#usr/lib/python3.8/site-packages/samba/tests/samba_tool/base.py +#usr/lib/python3.8/site-packages/samba/tests/samba_tool/computer.py +#usr/lib/python3.8/site-packages/samba/tests/samba_tool/contact.py +#usr/lib/python3.8/site-packages/samba/tests/samba_tool/demote.py +#usr/lib/python3.8/site-packages/samba/tests/samba_tool/dnscmd.py +#usr/lib/python3.8/site-packages/samba/tests/samba_tool/drs_clone_dc_data_lmdb_size.py +#usr/lib/python3.8/site-packages/samba/tests/samba_tool/dsacl.py +#usr/lib/python3.8/site-packages/samba/tests/samba_tool/forest.py +#usr/lib/python3.8/site-packages/samba/tests/samba_tool/fsmo.py +#usr/lib/python3.8/site-packages/samba/tests/samba_tool/gpo.py +#usr/lib/python3.8/site-packages/samba/tests/samba_tool/group.py +#usr/lib/python3.8/site-packages/samba/tests/samba_tool/help.py +#usr/lib/python3.8/site-packages/samba/tests/samba_tool/join.py +#usr/lib/python3.8/site-packages/samba/tests/samba_tool/join_lmdb_size.py +#usr/lib/python3.8/site-packages/samba/tests/samba_tool/ntacl.py +#usr/lib/python3.8/site-packages/samba/tests/samba_tool/ou.py +#usr/lib/python3.8/site-packages/samba/tests/samba_tool/passwordsettings.py +#usr/lib/python3.8/site-packages/samba/tests/samba_tool/processes.py +#usr/lib/python3.8/site-packages/samba/tests/samba_tool/promote_dc_lmdb_size.py +#usr/lib/python3.8/site-packages/samba/tests/samba_tool/provision_lmdb_size.py +#usr/lib/python3.8/site-packages/samba/tests/samba_tool/provision_password_check.py +#usr/lib/python3.8/site-packages/samba/tests/samba_tool/rodc.py +#usr/lib/python3.8/site-packages/samba/tests/samba_tool/schema.py +#usr/lib/python3.8/site-packages/samba/tests/samba_tool/sites.py +#usr/lib/python3.8/site-packages/samba/tests/samba_tool/timecmd.py +#usr/lib/python3.8/site-packages/samba/tests/samba_tool/user.py +#usr/lib/python3.8/site-packages/samba/tests/samba_tool/user_check_password_script.py +#usr/lib/python3.8/site-packages/samba/tests/samba_tool/user_virtualCryptSHA.py +#usr/lib/python3.8/site-packages/samba/tests/samba_tool/user_virtualCryptSHA_base.py +#usr/lib/python3.8/site-packages/samba/tests/samba_tool/user_virtualCryptSHA_gpg.py +#usr/lib/python3.8/site-packages/samba/tests/samba_tool/user_virtualCryptSHA_userPassword.py +#usr/lib/python3.8/site-packages/samba/tests/samba_tool/user_wdigest.py +#usr/lib/python3.8/site-packages/samba/tests/samba_tool/visualize.py +#usr/lib/python3.8/site-packages/samba/tests/samba_tool/visualize_drs.py +#usr/lib/python3.8/site-packages/samba/tests/samba_upgradedns_lmdb.py +#usr/lib/python3.8/site-packages/samba/tests/samdb.py +#usr/lib/python3.8/site-packages/samba/tests/samdb_api.py +#usr/lib/python3.8/site-packages/samba/tests/security.py +#usr/lib/python3.8/site-packages/samba/tests/segfault.py +#usr/lib/python3.8/site-packages/samba/tests/smb.py +#usr/lib/python3.8/site-packages/samba/tests/smbd_base.py +#usr/lib/python3.8/site-packages/samba/tests/smbd_fuzztest.py +#usr/lib/python3.8/site-packages/samba/tests/source.py +#usr/lib/python3.8/site-packages/samba/tests/strings.py +#usr/lib/python3.8/site-packages/samba/tests/subunitrun.py +#usr/lib/python3.8/site-packages/samba/tests/tdb_util.py +#usr/lib/python3.8/site-packages/samba/tests/upgrade.py +#usr/lib/python3.8/site-packages/samba/tests/upgradeprovision.py +#usr/lib/python3.8/site-packages/samba/tests/upgradeprovisionneeddc.py +#usr/lib/python3.8/site-packages/samba/tests/usage.py +#usr/lib/python3.8/site-packages/samba/tests/xattr.py +#usr/lib/python3.8/site-packages/samba/third_party +usr/lib/python3.8/site-packages/samba/third_party/__init__.py +usr/lib/python3.8/site-packages/samba/third_party/iso8601 +usr/lib/python3.8/site-packages/samba/third_party/iso8601/__init__.py +usr/lib/python3.8/site-packages/samba/third_party/iso8601/iso8601.py +usr/lib/python3.8/site-packages/samba/third_party/iso8601/test_iso8601.py +usr/lib/python3.8/site-packages/samba/upgrade.py +usr/lib/python3.8/site-packages/samba/upgradehelpers.py +usr/lib/python3.8/site-packages/samba/uptodateness.py +usr/lib/python3.8/site-packages/samba/werror.cpython-38-aarch64-linux-gnu.so +usr/lib/python3.8/site-packages/samba/xattr.py +usr/lib/python3.8/site-packages/samba/xattr_native.cpython-38-aarch64-linux-gnu.so +usr/lib/python3.8/site-packages/samba/xattr_tdb.cpython-38-aarch64-linux-gnu.so +usr/lib/python3.8/site-packages/talloc.cpython-38-aarch64-linux-gnu.so +usr/lib/python3.8/site-packages/tdb.cpython-38-aarch64-linux-gnu.so +usr/lib/python3.8/site-packages/tevent.py +#usr/lib/samba +usr/lib/samba/idmap +usr/lib/samba/idmap/ad.so +usr/lib/samba/idmap/autorid.so +usr/lib/samba/idmap/hash.so +usr/lib/samba/idmap/rfc2307.so +usr/lib/samba/idmap/rid.so +usr/lib/samba/idmap/script.so +usr/lib/samba/idmap/tdb2.so +#usr/lib/samba/krb5 +usr/lib/samba/krb5/winbind_krb5_locator.so +#usr/lib/samba/ldb +usr/lib/samba/ldb/asq.so +usr/lib/samba/ldb/ildap.so +usr/lib/samba/ldb/ldb.so +usr/lib/samba/ldb/ldbsamba_extensions.so +usr/lib/samba/ldb/paged_searches.so +usr/lib/samba/ldb/rdn_name.so +usr/lib/samba/ldb/sample.so +usr/lib/samba/ldb/server_sort.so +usr/lib/samba/ldb/skel.so +usr/lib/samba/ldb/tdb.so +usr/lib/samba/libCHARSET3-samba4.so +usr/lib/samba/libLIBWBCLIENT-OLD-samba4.so +usr/lib/samba/libMESSAGING-SEND-samba4.so +usr/lib/samba/libMESSAGING-samba4.so +usr/lib/samba/libaddns-samba4.so +usr/lib/samba/libads-samba4.so +usr/lib/samba/libasn1-samba4.so.8 +usr/lib/samba/libasn1-samba4.so.8.0.0 +usr/lib/samba/libasn1util-samba4.so +usr/lib/samba/libauth-samba4.so +usr/lib/samba/libauth-unix-token-samba4.so +usr/lib/samba/libauth4-samba4.so +usr/lib/samba/libauthkrb5-samba4.so +usr/lib/samba/libcli-cldap-samba4.so +usr/lib/samba/libcli-ldap-common-samba4.so +usr/lib/samba/libcli-ldap-samba4.so +usr/lib/samba/libcli-nbt-samba4.so +usr/lib/samba/libcli-smb-common-samba4.so +usr/lib/samba/libcli-spoolss-samba4.so +usr/lib/samba/libcliauth-samba4.so +usr/lib/samba/libclidns-samba4.so +usr/lib/samba/libcluster-samba4.so +usr/lib/samba/libcmdline-contexts-samba4.so +usr/lib/samba/libcmdline-credentials-samba4.so +usr/lib/samba/libcmocka-samba4.so +usr/lib/samba/libcom_err-samba4.so.0 +usr/lib/samba/libcom_err-samba4.so.0.25 +usr/lib/samba/libcommon-auth-samba4.so +usr/lib/samba/libdbwrap-samba4.so +usr/lib/samba/libdcerpc-samba-samba4.so +usr/lib/samba/libdcerpc-samba4.so +usr/lib/samba/libdsdb-module-samba4.so +usr/lib/samba/libevents-samba4.so +usr/lib/samba/libflag-mapping-samba4.so +usr/lib/samba/libgenrand-samba4.so +usr/lib/samba/libgensec-samba4.so +usr/lib/samba/libgpext-samba4.so +usr/lib/samba/libgpo-samba4.so +usr/lib/samba/libgse-samba4.so +usr/lib/samba/libgssapi-samba4.so.2 +usr/lib/samba/libgssapi-samba4.so.2.0.0 +usr/lib/samba/libhcrypto-samba4.so.5 +usr/lib/samba/libhcrypto-samba4.so.5.0.1 +usr/lib/samba/libhdb-samba4.so.11 +usr/lib/samba/libhdb-samba4.so.11.0.2 +usr/lib/samba/libheimbase-samba4.so.1 +usr/lib/samba/libheimbase-samba4.so.1.0.0 +usr/lib/samba/libheimntlm-samba4.so.1 +usr/lib/samba/libheimntlm-samba4.so.1.0.1 +usr/lib/samba/libhttp-samba4.so +usr/lib/samba/libhx509-samba4.so.5 +usr/lib/samba/libhx509-samba4.so.5.0.0 +usr/lib/samba/libidmap-samba4.so +usr/lib/samba/libinterfaces-samba4.so +usr/lib/samba/libiov-buf-samba4.so +usr/lib/samba/libkdc-samba4.so.2 +usr/lib/samba/libkdc-samba4.so.2.0.0 +usr/lib/samba/libkrb5-samba4.so.26 +usr/lib/samba/libkrb5-samba4.so.26.0.0 +usr/lib/samba/libkrb5samba-samba4.so +usr/lib/samba/libldb-cmdline-samba4.so +usr/lib/samba/libldb-key-value-samba4.so +usr/lib/samba/libldb-tdb-err-map-samba4.so +usr/lib/samba/libldb-tdb-int-samba4.so +usr/lib/samba/libldb.so.2 +usr/lib/samba/libldb.so.2.2.0 +usr/lib/samba/libldbsamba-samba4.so +usr/lib/samba/liblibcli-lsa3-samba4.so +usr/lib/samba/liblibcli-netlogon3-samba4.so +usr/lib/samba/liblibsmb-samba4.so +usr/lib/samba/libmessages-dgm-samba4.so +usr/lib/samba/libmessages-util-samba4.so +usr/lib/samba/libmsghdr-samba4.so +usr/lib/samba/libmsrpc3-samba4.so +usr/lib/samba/libndr-samba-samba4.so +usr/lib/samba/libndr-samba4.so +usr/lib/samba/libnet-keytab-samba4.so +usr/lib/samba/libnetif-samba4.so +usr/lib/samba/libnpa-tstream-samba4.so +usr/lib/samba/libnss-info-samba4.so +usr/lib/samba/libpopt-samba3-cmdline-samba4.so +usr/lib/samba/libpopt-samba3-samba4.so +usr/lib/samba/libposix-eadb-samba4.so +usr/lib/samba/libprinter-driver-samba4.so +usr/lib/samba/libprinting-migrate-samba4.so +usr/lib/samba/libpyldb-util.cpython-38-aarch64-linux-gnu.so.2 +usr/lib/samba/libpyldb-util.cpython-38-aarch64-linux-gnu.so.2.2.0 +usr/lib/samba/libpytalloc-util.cpython-38-aarch64-linux-gnu.so.2 +usr/lib/samba/libpytalloc-util.cpython-38-aarch64-linux-gnu.so.2.3.1 +usr/lib/samba/libregistry-samba4.so +usr/lib/samba/libreplace-samba4.so +usr/lib/samba/libroken-samba4.so.19 +usr/lib/samba/libroken-samba4.so.19.0.1 +usr/lib/samba/libsamba-cluster-support-samba4.so +usr/lib/samba/libsamba-debug-samba4.so +usr/lib/samba/libsamba-modules-samba4.so +usr/lib/samba/libsamba-net.cpython-38-aarch64-linux-gnu-samba4.so +usr/lib/samba/libsamba-python.cpython-38-aarch64-linux-gnu-samba4.so +usr/lib/samba/libsamba-security-samba4.so +usr/lib/samba/libsamba-sockets-samba4.so +usr/lib/samba/libsamba3-util-samba4.so +usr/lib/samba/libsamdb-common-samba4.so +usr/lib/samba/libsecrets3-samba4.so +usr/lib/samba/libserver-id-db-samba4.so +usr/lib/samba/libserver-role-samba4.so +usr/lib/samba/libshares-samba4.so +usr/lib/samba/libsmb-transport-samba4.so +usr/lib/samba/libsmbclient-raw-samba4.so +usr/lib/samba/libsmbd-base-samba4.so +usr/lib/samba/libsmbd-conn-samba4.so +usr/lib/samba/libsmbd-shim-samba4.so +usr/lib/samba/libsmbldaphelper-samba4.so +usr/lib/samba/libsmbpasswdparser-samba4.so +usr/lib/samba/libsocket-blocking-samba4.so +usr/lib/samba/libsys-rw-samba4.so +usr/lib/samba/libtalloc-report-printf-samba4.so +usr/lib/samba/libtalloc-report-samba4.so +usr/lib/samba/libtalloc.so.2 +usr/lib/samba/libtalloc.so.2.3.1 +usr/lib/samba/libtdb-wrap-samba4.so +usr/lib/samba/libtdb.so.1 +usr/lib/samba/libtdb.so.1.4.3 +usr/lib/samba/libtevent.so.0 +usr/lib/samba/libtevent.so.0.10.2 +usr/lib/samba/libtime-basic-samba4.so +usr/lib/samba/libtorture-samba4.so +usr/lib/samba/libtrusts-util-samba4.so +usr/lib/samba/libutil-cmdline-samba4.so +usr/lib/samba/libutil-reg-samba4.so +usr/lib/samba/libutil-setid-samba4.so +usr/lib/samba/libutil-tdb-samba4.so +usr/lib/samba/libwinbind-client-samba4.so +usr/lib/samba/libwind-samba4.so.0 +usr/lib/samba/libwind-samba4.so.0.0.0 +usr/lib/samba/libxattr-tdb-samba4.so +usr/lib/samba/nss_info +usr/lib/samba/nss_info/hash.so +usr/lib/samba/nss_info/rfc2307.so +usr/lib/samba/nss_info/sfu.so +usr/lib/samba/nss_info/sfu20.so +#usr/lib/samba/vfs +usr/lib/samba/vfs/acl_tdb.so +usr/lib/samba/vfs/acl_xattr.so +usr/lib/samba/vfs/aio_fork.so +usr/lib/samba/vfs/aio_pthread.so +usr/lib/samba/vfs/audit.so +usr/lib/samba/vfs/btrfs.so +usr/lib/samba/vfs/cap.so +usr/lib/samba/vfs/catia.so +usr/lib/samba/vfs/commit.so +usr/lib/samba/vfs/crossrename.so +usr/lib/samba/vfs/default_quota.so +usr/lib/samba/vfs/dirsort.so +usr/lib/samba/vfs/expand_msdfs.so +usr/lib/samba/vfs/extd_audit.so +usr/lib/samba/vfs/fake_perms.so +usr/lib/samba/vfs/fileid.so +usr/lib/samba/vfs/fruit.so +usr/lib/samba/vfs/full_audit.so +usr/lib/samba/vfs/glusterfs_fuse.so +usr/lib/samba/vfs/gpfs.so +usr/lib/samba/vfs/linux_xfs_sgid.so +usr/lib/samba/vfs/media_harmony.so +usr/lib/samba/vfs/offline.so +usr/lib/samba/vfs/preopen.so +usr/lib/samba/vfs/readahead.so +usr/lib/samba/vfs/readonly.so +usr/lib/samba/vfs/recycle.so +usr/lib/samba/vfs/shadow_copy.so +usr/lib/samba/vfs/shadow_copy2.so +usr/lib/samba/vfs/shell_snap.so +usr/lib/samba/vfs/snapper.so +usr/lib/samba/vfs/streams_depot.so +usr/lib/samba/vfs/streams_xattr.so +usr/lib/samba/vfs/syncops.so +usr/lib/samba/vfs/time_audit.so +usr/lib/samba/vfs/unityed_media.so +usr/lib/samba/vfs/virusfilter.so +usr/lib/samba/vfs/widelinks.so +usr/lib/samba/vfs/worm.so +usr/lib/samba/vfs/xattr_tdb.so +usr/lib/security +usr/lib/security/pam_winbind.so +#usr/libexec/samba +usr/libexec/samba/smbspool_krb5_wrapper +usr/sbin/eventlogadm +usr/sbin/nmbd +usr/sbin/samba-gpupdate +usr/sbin/smbd +usr/sbin/winbindd +var/ipfire/backup/addons/includes/samba +#var/ipfire/samba +var/ipfire/samba/default.global +var/ipfire/samba/default.pdc +var/ipfire/samba/default.printer +var/ipfire/samba/default.settings +var/ipfire/samba/default.shares +var/ipfire/samba/global +var/ipfire/samba/pdc +var/ipfire/samba/printer +#var/ipfire/samba/private +var/ipfire/samba/private/secrets.tdb +var/ipfire/samba/private/smbpasswd +var/ipfire/samba/settings +var/ipfire/samba/shares +var/ipfire/samba/smb.conf +var/ipfire/samba/smb.conf.default +var/lib/samba +var/lib/samba/bind-dns +var/lib/samba/private +var/lib/samba/winbindd_privileged +var/log/samba +var/nmbd +srv/web/ipfire/cgi-bin/samba.cgi +srv/web/ipfire/cgi-bin/sambahlp.cgi +var/ipfire/menu.d/EX-samba.menu +usr/local/bin/sambactrl diff --git a/config/rootfiles/packages/armv5tel/samba b/config/rootfiles/packages/armv5tel/samba new file mode 100644 index 000000000..51349093b --- /dev/null +++ b/config/rootfiles/packages/armv5tel/samba @@ -0,0 +1,820 @@ +etc/rc.d/init.d/samba +usr/bin/cifsdd +usr/bin/dbwrap_tool +usr/bin/findsmb +usr/bin/gentest +usr/bin/ldbadd +usr/bin/ldbdel +usr/bin/ldbedit +usr/bin/ldbmodify +usr/bin/ldbrename +usr/bin/ldbsearch +usr/bin/locktest +usr/bin/masktest +usr/bin/mdfind +usr/bin/mvxattr +usr/bin/ndrdump +usr/bin/net +usr/bin/nmblookup +usr/bin/ntlm_auth +usr/bin/oLschema2ldif +usr/bin/pdbedit +usr/bin/profiles +usr/bin/regdiff +usr/bin/regpatch +usr/bin/regshell +usr/bin/regtree +usr/bin/rpcclient +usr/bin/samba-regedit +usr/bin/sharesec +usr/bin/smbcacls +usr/bin/smbclient +usr/bin/smbcontrol +usr/bin/smbcquotas +usr/bin/smbget +usr/bin/smbpasswd +usr/bin/smbspool +usr/bin/smbstatus +usr/bin/smbtar +usr/bin/smbtorture +usr/bin/smbtree +usr/bin/tdbbackup +usr/bin/tdbdump +usr/bin/tdbrestore +usr/bin/tdbtool +usr/bin/testparm +usr/bin/wbinfo +#usr/include/samba-4.0 +#usr/include/samba-4.0/charset.h +#usr/include/samba-4.0/core +#usr/include/samba-4.0/core/doserr.h +#usr/include/samba-4.0/core/error.h +#usr/include/samba-4.0/core/hresult.h +#usr/include/samba-4.0/core/ntstatus.h +#usr/include/samba-4.0/core/ntstatus_gen.h +#usr/include/samba-4.0/core/werror.h +#usr/include/samba-4.0/core/werror_gen.h +#usr/include/samba-4.0/credentials.h +#usr/include/samba-4.0/dcerpc.h +#usr/include/samba-4.0/dcesrv_core.h +#usr/include/samba-4.0/domain_credentials.h +#usr/include/samba-4.0/gen_ndr +#usr/include/samba-4.0/gen_ndr/atsvc.h +#usr/include/samba-4.0/gen_ndr/auth.h +#usr/include/samba-4.0/gen_ndr/dcerpc.h +#usr/include/samba-4.0/gen_ndr/drsblobs.h +#usr/include/samba-4.0/gen_ndr/drsuapi.h +#usr/include/samba-4.0/gen_ndr/krb5pac.h +#usr/include/samba-4.0/gen_ndr/lsa.h +#usr/include/samba-4.0/gen_ndr/misc.h +#usr/include/samba-4.0/gen_ndr/nbt.h +#usr/include/samba-4.0/gen_ndr/ndr_atsvc.h +#usr/include/samba-4.0/gen_ndr/ndr_dcerpc.h +#usr/include/samba-4.0/gen_ndr/ndr_drsblobs.h +#usr/include/samba-4.0/gen_ndr/ndr_drsuapi.h +#usr/include/samba-4.0/gen_ndr/ndr_krb5pac.h +#usr/include/samba-4.0/gen_ndr/ndr_misc.h +#usr/include/samba-4.0/gen_ndr/ndr_nbt.h +#usr/include/samba-4.0/gen_ndr/ndr_samr.h +#usr/include/samba-4.0/gen_ndr/ndr_samr_c.h +#usr/include/samba-4.0/gen_ndr/ndr_svcctl.h +#usr/include/samba-4.0/gen_ndr/ndr_svcctl_c.h +#usr/include/samba-4.0/gen_ndr/netlogon.h +#usr/include/samba-4.0/gen_ndr/samr.h +#usr/include/samba-4.0/gen_ndr/security.h +#usr/include/samba-4.0/gen_ndr/server_id.h +#usr/include/samba-4.0/gen_ndr/svcctl.h +#usr/include/samba-4.0/ldb_wrap.h +#usr/include/samba-4.0/libsmbclient.h +#usr/include/samba-4.0/lookup_sid.h +#usr/include/samba-4.0/machine_sid.h +#usr/include/samba-4.0/ndr +#usr/include/samba-4.0/ndr.h +#usr/include/samba-4.0/ndr/ndr_dcerpc.h +#usr/include/samba-4.0/ndr/ndr_drsblobs.h +#usr/include/samba-4.0/ndr/ndr_drsuapi.h +#usr/include/samba-4.0/ndr/ndr_krb5pac.h +#usr/include/samba-4.0/ndr/ndr_nbt.h +#usr/include/samba-4.0/ndr/ndr_svcctl.h +#usr/include/samba-4.0/netapi.h +#usr/include/samba-4.0/param.h +#usr/include/samba-4.0/passdb.h +#usr/include/samba-4.0/policy.h +#usr/include/samba-4.0/rpc_common.h +#usr/include/samba-4.0/samba +#usr/include/samba-4.0/samba/session.h +#usr/include/samba-4.0/samba/version.h +#usr/include/samba-4.0/share.h +#usr/include/samba-4.0/smb2_lease_struct.h +#usr/include/samba-4.0/smb_ldap.h +#usr/include/samba-4.0/smbconf.h +#usr/include/samba-4.0/smbldap.h +#usr/include/samba-4.0/tdr.h +#usr/include/samba-4.0/tsocket.h +#usr/include/samba-4.0/tsocket_internal.h +#usr/include/samba-4.0/util +#usr/include/samba-4.0/util/attr.h +#usr/include/samba-4.0/util/blocking.h +#usr/include/samba-4.0/util/data_blob.h +#usr/include/samba-4.0/util/debug.h +#usr/include/samba-4.0/util/discard.h +#usr/include/samba-4.0/util/fault.h +#usr/include/samba-4.0/util/genrand.h +#usr/include/samba-4.0/util/idtree.h +#usr/include/samba-4.0/util/idtree_random.h +#usr/include/samba-4.0/util/signal.h +#usr/include/samba-4.0/util/string_wrappers.h +#usr/include/samba-4.0/util/substitute.h +#usr/include/samba-4.0/util/tevent_ntstatus.h +#usr/include/samba-4.0/util/tevent_unix.h +#usr/include/samba-4.0/util/tevent_werror.h +#usr/include/samba-4.0/util/tfork.h +#usr/include/samba-4.0/util/time.h +#usr/include/samba-4.0/util_ldb.h +#usr/include/samba-4.0/wbclient.h +usr/lib/libdcerpc-binding.so +usr/lib/libdcerpc-binding.so.0 +usr/lib/libdcerpc-binding.so.0.0.1 +usr/lib/libdcerpc-samr.so +usr/lib/libdcerpc-samr.so.0 +usr/lib/libdcerpc-samr.so.0.0.1 +usr/lib/libdcerpc-server-core.so +usr/lib/libdcerpc-server-core.so.0 +usr/lib/libdcerpc-server-core.so.0.0.1 +usr/lib/libdcerpc.so +usr/lib/libdcerpc.so.0 +usr/lib/libdcerpc.so.0.0.1 +usr/lib/libndr-krb5pac.so +usr/lib/libndr-krb5pac.so.0 +usr/lib/libndr-krb5pac.so.0.0.1 +usr/lib/libndr-nbt.so +usr/lib/libndr-nbt.so.0 +usr/lib/libndr-nbt.so.0.0.1 +usr/lib/libndr-standard.so +usr/lib/libndr-standard.so.0 +usr/lib/libndr-standard.so.0.0.1 +usr/lib/libndr.so +usr/lib/libndr.so.1 +usr/lib/libndr.so.1.0.0 +usr/lib/libnetapi.so +usr/lib/libnetapi.so.0 +usr/lib/libnss_winbind.so +usr/lib/libnss_winbind.so.2 +usr/lib/libnss_wins.so +usr/lib/libnss_wins.so.2 +usr/lib/libsamba-credentials.so +usr/lib/libsamba-credentials.so.0 +usr/lib/libsamba-credentials.so.0.0.1 +usr/lib/libsamba-errors.so +usr/lib/libsamba-errors.so.1 +usr/lib/libsamba-hostconfig.so +usr/lib/libsamba-hostconfig.so.0 +usr/lib/libsamba-hostconfig.so.0.0.1 +usr/lib/libsamba-passdb.so +usr/lib/libsamba-passdb.so.0 +usr/lib/libsamba-passdb.so.0.28.0 +usr/lib/libsamba-policy.cpython-38-arm-linux-gnueabi.so +usr/lib/libsamba-policy.cpython-38-arm-linux-gnueabi.so.0 +usr/lib/libsamba-policy.cpython-38-arm-linux-gnueabi.so.0.0.1 +usr/lib/libsamba-util.so +usr/lib/libsamba-util.so.0 +usr/lib/libsamba-util.so.0.0.1 +usr/lib/libsamdb.so +usr/lib/libsamdb.so.0 +usr/lib/libsamdb.so.0.0.1 +usr/lib/libsmbclient.so +usr/lib/libsmbclient.so.0 +usr/lib/libsmbclient.so.0.6.0 +usr/lib/libsmbconf.so +usr/lib/libsmbconf.so.0 +usr/lib/libsmbldap.so +usr/lib/libsmbldap.so.2 +usr/lib/libtevent-util.so +usr/lib/libtevent-util.so.0 +usr/lib/libtevent-util.so.0.0.1 +usr/lib/libwbclient.so +usr/lib/libwbclient.so.0 +usr/lib/libwbclient.so.0.15 +#usr/lib/pkgconfig/dcerpc.pc +#usr/lib/pkgconfig/dcerpc_samr.pc +#usr/lib/pkgconfig/ndr.pc +#usr/lib/pkgconfig/ndr_krb5pac.pc +#usr/lib/pkgconfig/ndr_nbt.pc +#usr/lib/pkgconfig/ndr_standard.pc +#usr/lib/pkgconfig/netapi.pc +#usr/lib/pkgconfig/samba-credentials.pc +#usr/lib/pkgconfig/samba-hostconfig.pc +#usr/lib/pkgconfig/samba-policy.cpython-38-arm-linux-gnueabi.pc +#usr/lib/pkgconfig/samba-util.pc +#usr/lib/pkgconfig/samdb.pc +#usr/lib/pkgconfig/smbclient.pc +#usr/lib/pkgconfig/wbclient.pc +usr/lib/python3.8/site-packages/_ldb_text.py +usr/lib/python3.8/site-packages/_tdb_text.py +usr/lib/python3.8/site-packages/_tevent.cpython-38-arm-linux-gnueabi.so +usr/lib/python3.8/site-packages/ldb.cpython-38-arm-linux-gnueabi.so +#usr/lib/python3.8/site-packages/samba +usr/lib/python3.8/site-packages/samba/__init__.py +usr/lib/python3.8/site-packages/samba/_glue.cpython-38-arm-linux-gnueabi.so +usr/lib/python3.8/site-packages/samba/_ldb.cpython-38-arm-linux-gnueabi.so +usr/lib/python3.8/site-packages/samba/auth.cpython-38-arm-linux-gnueabi.so +usr/lib/python3.8/site-packages/samba/auth_util.py +usr/lib/python3.8/site-packages/samba/colour.py +usr/lib/python3.8/site-packages/samba/common.py +usr/lib/python3.8/site-packages/samba/compat.py +usr/lib/python3.8/site-packages/samba/credentials.cpython-38-arm-linux-gnueabi.so +usr/lib/python3.8/site-packages/samba/crypto.cpython-38-arm-linux-gnueabi.so +usr/lib/python3.8/site-packages/samba/dbchecker.py +#usr/lib/python3.8/site-packages/samba/dcerpc +usr/lib/python3.8/site-packages/samba/dcerpc/__init__.py +usr/lib/python3.8/site-packages/samba/dcerpc/atsvc.cpython-38-arm-linux-gnueabi.so +usr/lib/python3.8/site-packages/samba/dcerpc/auth.cpython-38-arm-linux-gnueabi.so +usr/lib/python3.8/site-packages/samba/dcerpc/base.cpython-38-arm-linux-gnueabi.so +usr/lib/python3.8/site-packages/samba/dcerpc/dcerpc.cpython-38-arm-linux-gnueabi.so +usr/lib/python3.8/site-packages/samba/dcerpc/dfs.cpython-38-arm-linux-gnueabi.so +usr/lib/python3.8/site-packages/samba/dcerpc/dns.cpython-38-arm-linux-gnueabi.so +usr/lib/python3.8/site-packages/samba/dcerpc/dnsp.cpython-38-arm-linux-gnueabi.so +usr/lib/python3.8/site-packages/samba/dcerpc/dnsserver.cpython-38-arm-linux-gnueabi.so +usr/lib/python3.8/site-packages/samba/dcerpc/drsblobs.cpython-38-arm-linux-gnueabi.so +usr/lib/python3.8/site-packages/samba/dcerpc/drsuapi.cpython-38-arm-linux-gnueabi.so +usr/lib/python3.8/site-packages/samba/dcerpc/echo.cpython-38-arm-linux-gnueabi.so +usr/lib/python3.8/site-packages/samba/dcerpc/epmapper.cpython-38-arm-linux-gnueabi.so +usr/lib/python3.8/site-packages/samba/dcerpc/idmap.cpython-38-arm-linux-gnueabi.so +usr/lib/python3.8/site-packages/samba/dcerpc/initshutdown.cpython-38-arm-linux-gnueabi.so +usr/lib/python3.8/site-packages/samba/dcerpc/irpc.cpython-38-arm-linux-gnueabi.so +usr/lib/python3.8/site-packages/samba/dcerpc/krb5pac.cpython-38-arm-linux-gnueabi.so +usr/lib/python3.8/site-packages/samba/dcerpc/lsa.cpython-38-arm-linux-gnueabi.so +usr/lib/python3.8/site-packages/samba/dcerpc/mdssvc.cpython-38-arm-linux-gnueabi.so +usr/lib/python3.8/site-packages/samba/dcerpc/messaging.cpython-38-arm-linux-gnueabi.so +usr/lib/python3.8/site-packages/samba/dcerpc/mgmt.cpython-38-arm-linux-gnueabi.so +usr/lib/python3.8/site-packages/samba/dcerpc/misc.cpython-38-arm-linux-gnueabi.so +usr/lib/python3.8/site-packages/samba/dcerpc/nbt.cpython-38-arm-linux-gnueabi.so +usr/lib/python3.8/site-packages/samba/dcerpc/netlogon.cpython-38-arm-linux-gnueabi.so +usr/lib/python3.8/site-packages/samba/dcerpc/ntlmssp.cpython-38-arm-linux-gnueabi.so +usr/lib/python3.8/site-packages/samba/dcerpc/preg.cpython-38-arm-linux-gnueabi.so +usr/lib/python3.8/site-packages/samba/dcerpc/samr.cpython-38-arm-linux-gnueabi.so +usr/lib/python3.8/site-packages/samba/dcerpc/security.cpython-38-arm-linux-gnueabi.so +usr/lib/python3.8/site-packages/samba/dcerpc/server_id.cpython-38-arm-linux-gnueabi.so +usr/lib/python3.8/site-packages/samba/dcerpc/smb_acl.cpython-38-arm-linux-gnueabi.so +usr/lib/python3.8/site-packages/samba/dcerpc/spoolss.cpython-38-arm-linux-gnueabi.so +usr/lib/python3.8/site-packages/samba/dcerpc/srvsvc.cpython-38-arm-linux-gnueabi.so +usr/lib/python3.8/site-packages/samba/dcerpc/svcctl.cpython-38-arm-linux-gnueabi.so +usr/lib/python3.8/site-packages/samba/dcerpc/unixinfo.cpython-38-arm-linux-gnueabi.so +usr/lib/python3.8/site-packages/samba/dcerpc/winbind.cpython-38-arm-linux-gnueabi.so +usr/lib/python3.8/site-packages/samba/dcerpc/windows_event_ids.cpython-38-arm-linux-gnueabi.so +usr/lib/python3.8/site-packages/samba/dcerpc/winreg.cpython-38-arm-linux-gnueabi.so +usr/lib/python3.8/site-packages/samba/dcerpc/winspool.cpython-38-arm-linux-gnueabi.so +usr/lib/python3.8/site-packages/samba/dcerpc/witness.cpython-38-arm-linux-gnueabi.so +usr/lib/python3.8/site-packages/samba/dcerpc/wkssvc.cpython-38-arm-linux-gnueabi.so +usr/lib/python3.8/site-packages/samba/dcerpc/xattr.cpython-38-arm-linux-gnueabi.so +usr/lib/python3.8/site-packages/samba/descriptor.py +usr/lib/python3.8/site-packages/samba/dnsserver.py +usr/lib/python3.8/site-packages/samba/domain_update.py +usr/lib/python3.8/site-packages/samba/drs_utils.py +#usr/lib/python3.8/site-packages/samba/emulate +usr/lib/python3.8/site-packages/samba/emulate/__init__.py +usr/lib/python3.8/site-packages/samba/emulate/traffic.py +usr/lib/python3.8/site-packages/samba/emulate/traffic_packets.py +usr/lib/python3.8/site-packages/samba/forest_update.py +usr/lib/python3.8/site-packages/samba/gensec.cpython-38-arm-linux-gnueabi.so +usr/lib/python3.8/site-packages/samba/getopt.py +usr/lib/python3.8/site-packages/samba/gp_ext_loader.py +#usr/lib/python3.8/site-packages/samba/gp_parse +usr/lib/python3.8/site-packages/samba/gp_parse/__init__.py +usr/lib/python3.8/site-packages/samba/gp_parse/gp_aas.py +usr/lib/python3.8/site-packages/samba/gp_parse/gp_csv.py +usr/lib/python3.8/site-packages/samba/gp_parse/gp_inf.py +usr/lib/python3.8/site-packages/samba/gp_parse/gp_ini.py +usr/lib/python3.8/site-packages/samba/gp_parse/gp_pol.py +usr/lib/python3.8/site-packages/samba/gp_scripts_ext.py +usr/lib/python3.8/site-packages/samba/gp_sec_ext.py +usr/lib/python3.8/site-packages/samba/gpclass.py +usr/lib/python3.8/site-packages/samba/gpo.cpython-38-arm-linux-gnueabi.so +usr/lib/python3.8/site-packages/samba/graph.py +usr/lib/python3.8/site-packages/samba/hostconfig.py +usr/lib/python3.8/site-packages/samba/idmap.py +usr/lib/python3.8/site-packages/samba/join.py +#usr/lib/python3.8/site-packages/samba/kcc +usr/lib/python3.8/site-packages/samba/kcc/__init__.py +usr/lib/python3.8/site-packages/samba/kcc/debug.py +usr/lib/python3.8/site-packages/samba/kcc/graph.py +usr/lib/python3.8/site-packages/samba/kcc/graph_utils.py +usr/lib/python3.8/site-packages/samba/kcc/kcc_utils.py +usr/lib/python3.8/site-packages/samba/kcc/ldif_import_export.py +usr/lib/python3.8/site-packages/samba/logger.py +usr/lib/python3.8/site-packages/samba/mdb_util.py +usr/lib/python3.8/site-packages/samba/messaging.cpython-38-arm-linux-gnueabi.so +usr/lib/python3.8/site-packages/samba/ms_display_specifiers.py +usr/lib/python3.8/site-packages/samba/ms_forest_updates_markdown.py +usr/lib/python3.8/site-packages/samba/ms_schema.py +usr/lib/python3.8/site-packages/samba/ms_schema_markdown.py +usr/lib/python3.8/site-packages/samba/ndr.py +usr/lib/python3.8/site-packages/samba/net.cpython-38-arm-linux-gnueabi.so +usr/lib/python3.8/site-packages/samba/netbios.cpython-38-arm-linux-gnueabi.so +#usr/lib/python3.8/site-packages/samba/netcmd +usr/lib/python3.8/site-packages/samba/netcmd/__init__.py +usr/lib/python3.8/site-packages/samba/netcmd/common.py +usr/lib/python3.8/site-packages/samba/netcmd/computer.py +usr/lib/python3.8/site-packages/samba/netcmd/contact.py +usr/lib/python3.8/site-packages/samba/netcmd/dbcheck.py +usr/lib/python3.8/site-packages/samba/netcmd/delegation.py +usr/lib/python3.8/site-packages/samba/netcmd/dns.py +usr/lib/python3.8/site-packages/samba/netcmd/domain.py +usr/lib/python3.8/site-packages/samba/netcmd/domain_backup.py +usr/lib/python3.8/site-packages/samba/netcmd/drs.py +usr/lib/python3.8/site-packages/samba/netcmd/dsacl.py +usr/lib/python3.8/site-packages/samba/netcmd/forest.py +usr/lib/python3.8/site-packages/samba/netcmd/fsmo.py +usr/lib/python3.8/site-packages/samba/netcmd/gpo.py +usr/lib/python3.8/site-packages/samba/netcmd/group.py +usr/lib/python3.8/site-packages/samba/netcmd/ldapcmp.py +usr/lib/python3.8/site-packages/samba/netcmd/main.py +usr/lib/python3.8/site-packages/samba/netcmd/nettime.py +usr/lib/python3.8/site-packages/samba/netcmd/ntacl.py +usr/lib/python3.8/site-packages/samba/netcmd/ou.py +usr/lib/python3.8/site-packages/samba/netcmd/processes.py +usr/lib/python3.8/site-packages/samba/netcmd/pso.py +usr/lib/python3.8/site-packages/samba/netcmd/rodc.py +usr/lib/python3.8/site-packages/samba/netcmd/schema.py +usr/lib/python3.8/site-packages/samba/netcmd/sites.py +usr/lib/python3.8/site-packages/samba/netcmd/spn.py +usr/lib/python3.8/site-packages/samba/netcmd/testparm.py +usr/lib/python3.8/site-packages/samba/netcmd/user.py +usr/lib/python3.8/site-packages/samba/netcmd/visualize.py +usr/lib/python3.8/site-packages/samba/ntacls.py +usr/lib/python3.8/site-packages/samba/ntstatus.cpython-38-arm-linux-gnueabi.so +usr/lib/python3.8/site-packages/samba/param.cpython-38-arm-linux-gnueabi.so +usr/lib/python3.8/site-packages/samba/policy.cpython-38-arm-linux-gnueabi.so +usr/lib/python3.8/site-packages/samba/posix_eadb.cpython-38-arm-linux-gnueabi.so +#usr/lib/python3.8/site-packages/samba/provision +usr/lib/python3.8/site-packages/samba/provision/__init__.py +usr/lib/python3.8/site-packages/samba/provision/backend.py +usr/lib/python3.8/site-packages/samba/provision/common.py +usr/lib/python3.8/site-packages/samba/provision/kerberos.py +usr/lib/python3.8/site-packages/samba/provision/kerberos_implementation.py +usr/lib/python3.8/site-packages/samba/provision/sambadns.py +usr/lib/python3.8/site-packages/samba/registry.cpython-38-arm-linux-gnueabi.so +usr/lib/python3.8/site-packages/samba/remove_dc.py +#usr/lib/python3.8/site-packages/samba/samba3 +usr/lib/python3.8/site-packages/samba/samba3/__init__.py +usr/lib/python3.8/site-packages/samba/samba3/libsmb_samba_internal.cpython-38-arm-linux-gnueabi.so +usr/lib/python3.8/site-packages/samba/samba3/mdscli.cpython-38-arm-linux-gnueabi.so +usr/lib/python3.8/site-packages/samba/samba3/param.cpython-38-arm-linux-gnueabi.so +usr/lib/python3.8/site-packages/samba/samba3/passdb.cpython-38-arm-linux-gnueabi.so +usr/lib/python3.8/site-packages/samba/samba3/smbd.cpython-38-arm-linux-gnueabi.so +usr/lib/python3.8/site-packages/samba/samdb.py +usr/lib/python3.8/site-packages/samba/schema.py +usr/lib/python3.8/site-packages/samba/sd_utils.py +usr/lib/python3.8/site-packages/samba/security.cpython-38-arm-linux-gnueabi.so +usr/lib/python3.8/site-packages/samba/sites.py +usr/lib/python3.8/site-packages/samba/subnets.py +#usr/lib/python3.8/site-packages/samba/subunit +usr/lib/python3.8/site-packages/samba/subunit/__init__.py +usr/lib/python3.8/site-packages/samba/subunit/run.py +usr/lib/python3.8/site-packages/samba/tdb_util.py +#usr/lib/python3.8/site-packages/samba/tests +#usr/lib/python3.8/site-packages/samba/tests/__init__.py +#usr/lib/python3.8/site-packages/samba/tests/audit_log_base.py +#usr/lib/python3.8/site-packages/samba/tests/audit_log_dsdb.py +#usr/lib/python3.8/site-packages/samba/tests/audit_log_pass_change.py +#usr/lib/python3.8/site-packages/samba/tests/auth.py +#usr/lib/python3.8/site-packages/samba/tests/auth_log.py +#usr/lib/python3.8/site-packages/samba/tests/auth_log_base.py +#usr/lib/python3.8/site-packages/samba/tests/auth_log_ncalrpc.py +#usr/lib/python3.8/site-packages/samba/tests/auth_log_netlogon.py +#usr/lib/python3.8/site-packages/samba/tests/auth_log_netlogon_bad_creds.py +#usr/lib/python3.8/site-packages/samba/tests/auth_log_pass_change.py +#usr/lib/python3.8/site-packages/samba/tests/auth_log_samlogon.py +#usr/lib/python3.8/site-packages/samba/tests/auth_log_winbind.py +#usr/lib/python3.8/site-packages/samba/tests/blackbox +#usr/lib/python3.8/site-packages/samba/tests/blackbox/__init__.py +#usr/lib/python3.8/site-packages/samba/tests/blackbox/bug13653.py +#usr/lib/python3.8/site-packages/samba/tests/blackbox/check_output.py +#usr/lib/python3.8/site-packages/samba/tests/blackbox/downgradedatabase.py +#usr/lib/python3.8/site-packages/samba/tests/blackbox/mdfind.py +#usr/lib/python3.8/site-packages/samba/tests/blackbox/ndrdump.py +#usr/lib/python3.8/site-packages/samba/tests/blackbox/netads_json.py +#usr/lib/python3.8/site-packages/samba/tests/blackbox/samba_dnsupdate.py +#usr/lib/python3.8/site-packages/samba/tests/blackbox/smbcacls.py +#usr/lib/python3.8/site-packages/samba/tests/blackbox/smbcacls_basic.py +#usr/lib/python3.8/site-packages/samba/tests/blackbox/smbcontrol.py +#usr/lib/python3.8/site-packages/samba/tests/blackbox/smbcontrol_process.py +#usr/lib/python3.8/site-packages/samba/tests/blackbox/traffic_learner.py +#usr/lib/python3.8/site-packages/samba/tests/blackbox/traffic_replay.py +#usr/lib/python3.8/site-packages/samba/tests/blackbox/traffic_summary.py +#usr/lib/python3.8/site-packages/samba/tests/common.py +#usr/lib/python3.8/site-packages/samba/tests/complex_expressions.py +#usr/lib/python3.8/site-packages/samba/tests/core.py +#usr/lib/python3.8/site-packages/samba/tests/credentials.py +#usr/lib/python3.8/site-packages/samba/tests/dcerpc +#usr/lib/python3.8/site-packages/samba/tests/dcerpc/__init__.py +#usr/lib/python3.8/site-packages/samba/tests/dcerpc/array.py +#usr/lib/python3.8/site-packages/samba/tests/dcerpc/bare.py +#usr/lib/python3.8/site-packages/samba/tests/dcerpc/dnsserver.py +#usr/lib/python3.8/site-packages/samba/tests/dcerpc/integer.py +#usr/lib/python3.8/site-packages/samba/tests/dcerpc/mdssvc.py +#usr/lib/python3.8/site-packages/samba/tests/dcerpc/misc.py +#usr/lib/python3.8/site-packages/samba/tests/dcerpc/raw_protocol.py +#usr/lib/python3.8/site-packages/samba/tests/dcerpc/raw_testcase.py +#usr/lib/python3.8/site-packages/samba/tests/dcerpc/registry.py +#usr/lib/python3.8/site-packages/samba/tests/dcerpc/rpc_talloc.py +#usr/lib/python3.8/site-packages/samba/tests/dcerpc/rpcecho.py +#usr/lib/python3.8/site-packages/samba/tests/dcerpc/sam.py +#usr/lib/python3.8/site-packages/samba/tests/dcerpc/srvsvc.py +#usr/lib/python3.8/site-packages/samba/tests/dcerpc/string_tests.py +#usr/lib/python3.8/site-packages/samba/tests/dcerpc/testrpc.py +#usr/lib/python3.8/site-packages/samba/tests/dcerpc/unix.py +#usr/lib/python3.8/site-packages/samba/tests/dckeytab.py +#usr/lib/python3.8/site-packages/samba/tests/dns.py +#usr/lib/python3.8/site-packages/samba/tests/dns_base.py +#usr/lib/python3.8/site-packages/samba/tests/dns_forwarder.py +#usr/lib/python3.8/site-packages/samba/tests/dns_forwarder_helpers +#usr/lib/python3.8/site-packages/samba/tests/dns_forwarder_helpers/server.py +#usr/lib/python3.8/site-packages/samba/tests/dns_invalid.py +#usr/lib/python3.8/site-packages/samba/tests/dns_packet.py +#usr/lib/python3.8/site-packages/samba/tests/dns_tkey.py +#usr/lib/python3.8/site-packages/samba/tests/dns_wildcard.py +#usr/lib/python3.8/site-packages/samba/tests/docs.py +#usr/lib/python3.8/site-packages/samba/tests/domain_backup.py +#usr/lib/python3.8/site-packages/samba/tests/domain_backup_offline.py +#usr/lib/python3.8/site-packages/samba/tests/dsdb.py +#usr/lib/python3.8/site-packages/samba/tests/dsdb_lock.py +#usr/lib/python3.8/site-packages/samba/tests/dsdb_schema_attributes.py +#usr/lib/python3.8/site-packages/samba/tests/emulate +#usr/lib/python3.8/site-packages/samba/tests/emulate/__init__.py +#usr/lib/python3.8/site-packages/samba/tests/emulate/traffic.py +#usr/lib/python3.8/site-packages/samba/tests/emulate/traffic_packet.py +#usr/lib/python3.8/site-packages/samba/tests/encrypted_secrets.py +#usr/lib/python3.8/site-packages/samba/tests/gensec.py +#usr/lib/python3.8/site-packages/samba/tests/get_opt.py +#usr/lib/python3.8/site-packages/samba/tests/getdcname.py +#usr/lib/python3.8/site-packages/samba/tests/glue.py +#usr/lib/python3.8/site-packages/samba/tests/gpo.py +#usr/lib/python3.8/site-packages/samba/tests/graph.py +#usr/lib/python3.8/site-packages/samba/tests/group_audit.py +#usr/lib/python3.8/site-packages/samba/tests/hostconfig.py +#usr/lib/python3.8/site-packages/samba/tests/join.py +#usr/lib/python3.8/site-packages/samba/tests/kcc +#usr/lib/python3.8/site-packages/samba/tests/kcc/__init__.py +#usr/lib/python3.8/site-packages/samba/tests/kcc/graph.py +#usr/lib/python3.8/site-packages/samba/tests/kcc/graph_utils.py +#usr/lib/python3.8/site-packages/samba/tests/kcc/kcc_utils.py +#usr/lib/python3.8/site-packages/samba/tests/kcc/ldif_import_export.py +#usr/lib/python3.8/site-packages/samba/tests/krb5 +#usr/lib/python3.8/site-packages/samba/tests/krb5/kcrypto.py +#usr/lib/python3.8/site-packages/samba/tests/krb5/raw_testcase.py +#usr/lib/python3.8/site-packages/samba/tests/krb5/rfc4120_pyasn1.py +#usr/lib/python3.8/site-packages/samba/tests/krb5/s4u_tests.py +#usr/lib/python3.8/site-packages/samba/tests/krb5/simple_tests.py +#usr/lib/python3.8/site-packages/samba/tests/krb5/xrealm_tests.py +#usr/lib/python3.8/site-packages/samba/tests/krb5_credentials.py +#usr/lib/python3.8/site-packages/samba/tests/ldap_raw.py +#usr/lib/python3.8/site-packages/samba/tests/ldap_referrals.py +#usr/lib/python3.8/site-packages/samba/tests/libsmb.py +#usr/lib/python3.8/site-packages/samba/tests/loadparm.py +#usr/lib/python3.8/site-packages/samba/tests/lsa_string.py +#usr/lib/python3.8/site-packages/samba/tests/messaging.py +#usr/lib/python3.8/site-packages/samba/tests/net_join.py +#usr/lib/python3.8/site-packages/samba/tests/net_join_no_spnego.py +#usr/lib/python3.8/site-packages/samba/tests/netbios.py +#usr/lib/python3.8/site-packages/samba/tests/netcmd.py +#usr/lib/python3.8/site-packages/samba/tests/netlogonsvc.py +#usr/lib/python3.8/site-packages/samba/tests/ntacls.py +#usr/lib/python3.8/site-packages/samba/tests/ntacls_backup.py +#usr/lib/python3.8/site-packages/samba/tests/ntlm_auth.py +#usr/lib/python3.8/site-packages/samba/tests/ntlm_auth_base.py +#usr/lib/python3.8/site-packages/samba/tests/ntlm_auth_krb5.py +#usr/lib/python3.8/site-packages/samba/tests/ntlmdisabled.py +#usr/lib/python3.8/site-packages/samba/tests/pam_winbind.py +#usr/lib/python3.8/site-packages/samba/tests/pam_winbind_chauthtok.py +#usr/lib/python3.8/site-packages/samba/tests/pam_winbind_warn_pwd_expire.py +#usr/lib/python3.8/site-packages/samba/tests/param.py +#usr/lib/python3.8/site-packages/samba/tests/password_hash.py +#usr/lib/python3.8/site-packages/samba/tests/password_hash_fl2003.py +#usr/lib/python3.8/site-packages/samba/tests/password_hash_fl2008.py +#usr/lib/python3.8/site-packages/samba/tests/password_hash_gpgme.py +#usr/lib/python3.8/site-packages/samba/tests/password_hash_ldap.py +#usr/lib/python3.8/site-packages/samba/tests/password_quality.py +#usr/lib/python3.8/site-packages/samba/tests/password_test.py +#usr/lib/python3.8/site-packages/samba/tests/policy.py +#usr/lib/python3.8/site-packages/samba/tests/posixacl.py +#usr/lib/python3.8/site-packages/samba/tests/prefork_restart.py +#usr/lib/python3.8/site-packages/samba/tests/process_limits.py +#usr/lib/python3.8/site-packages/samba/tests/provision.py +#usr/lib/python3.8/site-packages/samba/tests/pso.py +#usr/lib/python3.8/site-packages/samba/tests/py_credentials.py +#usr/lib/python3.8/site-packages/samba/tests/registry.py +#usr/lib/python3.8/site-packages/samba/tests/s3idmapdb.py +#usr/lib/python3.8/site-packages/samba/tests/s3param.py +#usr/lib/python3.8/site-packages/samba/tests/s3passdb.py +#usr/lib/python3.8/site-packages/samba/tests/s3registry.py +#usr/lib/python3.8/site-packages/samba/tests/s3windb.py +#usr/lib/python3.8/site-packages/samba/tests/samba3sam.py +#usr/lib/python3.8/site-packages/samba/tests/samba_tool +#usr/lib/python3.8/site-packages/samba/tests/samba_tool/__init__.py +#usr/lib/python3.8/site-packages/samba/tests/samba_tool/base.py +#usr/lib/python3.8/site-packages/samba/tests/samba_tool/computer.py +#usr/lib/python3.8/site-packages/samba/tests/samba_tool/contact.py +#usr/lib/python3.8/site-packages/samba/tests/samba_tool/demote.py +#usr/lib/python3.8/site-packages/samba/tests/samba_tool/dnscmd.py +#usr/lib/python3.8/site-packages/samba/tests/samba_tool/drs_clone_dc_data_lmdb_size.py +#usr/lib/python3.8/site-packages/samba/tests/samba_tool/dsacl.py +#usr/lib/python3.8/site-packages/samba/tests/samba_tool/forest.py +#usr/lib/python3.8/site-packages/samba/tests/samba_tool/fsmo.py +#usr/lib/python3.8/site-packages/samba/tests/samba_tool/gpo.py +#usr/lib/python3.8/site-packages/samba/tests/samba_tool/group.py +#usr/lib/python3.8/site-packages/samba/tests/samba_tool/help.py +#usr/lib/python3.8/site-packages/samba/tests/samba_tool/join.py +#usr/lib/python3.8/site-packages/samba/tests/samba_tool/join_lmdb_size.py +#usr/lib/python3.8/site-packages/samba/tests/samba_tool/ntacl.py +#usr/lib/python3.8/site-packages/samba/tests/samba_tool/ou.py +#usr/lib/python3.8/site-packages/samba/tests/samba_tool/passwordsettings.py +#usr/lib/python3.8/site-packages/samba/tests/samba_tool/processes.py +#usr/lib/python3.8/site-packages/samba/tests/samba_tool/promote_dc_lmdb_size.py +#usr/lib/python3.8/site-packages/samba/tests/samba_tool/provision_lmdb_size.py +#usr/lib/python3.8/site-packages/samba/tests/samba_tool/provision_password_check.py +#usr/lib/python3.8/site-packages/samba/tests/samba_tool/rodc.py +#usr/lib/python3.8/site-packages/samba/tests/samba_tool/schema.py +#usr/lib/python3.8/site-packages/samba/tests/samba_tool/sites.py +#usr/lib/python3.8/site-packages/samba/tests/samba_tool/timecmd.py +#usr/lib/python3.8/site-packages/samba/tests/samba_tool/user.py +#usr/lib/python3.8/site-packages/samba/tests/samba_tool/user_check_password_script.py +#usr/lib/python3.8/site-packages/samba/tests/samba_tool/user_virtualCryptSHA.py +#usr/lib/python3.8/site-packages/samba/tests/samba_tool/user_virtualCryptSHA_base.py +#usr/lib/python3.8/site-packages/samba/tests/samba_tool/user_virtualCryptSHA_gpg.py +#usr/lib/python3.8/site-packages/samba/tests/samba_tool/user_virtualCryptSHA_userPassword.py +#usr/lib/python3.8/site-packages/samba/tests/samba_tool/user_wdigest.py +#usr/lib/python3.8/site-packages/samba/tests/samba_tool/visualize.py +#usr/lib/python3.8/site-packages/samba/tests/samba_tool/visualize_drs.py +#usr/lib/python3.8/site-packages/samba/tests/samba_upgradedns_lmdb.py +#usr/lib/python3.8/site-packages/samba/tests/samdb.py +#usr/lib/python3.8/site-packages/samba/tests/samdb_api.py +#usr/lib/python3.8/site-packages/samba/tests/security.py +#usr/lib/python3.8/site-packages/samba/tests/segfault.py +#usr/lib/python3.8/site-packages/samba/tests/smb.py +#usr/lib/python3.8/site-packages/samba/tests/smbd_base.py +#usr/lib/python3.8/site-packages/samba/tests/smbd_fuzztest.py +#usr/lib/python3.8/site-packages/samba/tests/source.py +#usr/lib/python3.8/site-packages/samba/tests/strings.py +#usr/lib/python3.8/site-packages/samba/tests/subunitrun.py +#usr/lib/python3.8/site-packages/samba/tests/tdb_util.py +#usr/lib/python3.8/site-packages/samba/tests/upgrade.py +#usr/lib/python3.8/site-packages/samba/tests/upgradeprovision.py +#usr/lib/python3.8/site-packages/samba/tests/upgradeprovisionneeddc.py +#usr/lib/python3.8/site-packages/samba/tests/usage.py +#usr/lib/python3.8/site-packages/samba/tests/xattr.py +#usr/lib/python3.8/site-packages/samba/third_party +usr/lib/python3.8/site-packages/samba/third_party/__init__.py +usr/lib/python3.8/site-packages/samba/third_party/iso8601 +usr/lib/python3.8/site-packages/samba/third_party/iso8601/__init__.py +usr/lib/python3.8/site-packages/samba/third_party/iso8601/iso8601.py +usr/lib/python3.8/site-packages/samba/third_party/iso8601/test_iso8601.py +usr/lib/python3.8/site-packages/samba/upgrade.py +usr/lib/python3.8/site-packages/samba/upgradehelpers.py +usr/lib/python3.8/site-packages/samba/uptodateness.py +usr/lib/python3.8/site-packages/samba/werror.cpython-38-arm-linux-gnueabi.so +usr/lib/python3.8/site-packages/samba/xattr.py +usr/lib/python3.8/site-packages/samba/xattr_native.cpython-38-arm-linux-gnueabi.so +usr/lib/python3.8/site-packages/samba/xattr_tdb.cpython-38-arm-linux-gnueabi.so +usr/lib/python3.8/site-packages/talloc.cpython-38-arm-linux-gnueabi.so +usr/lib/python3.8/site-packages/tdb.cpython-38-arm-linux-gnueabi.so +usr/lib/python3.8/site-packages/tevent.py +#usr/lib/samba +usr/lib/samba/idmap +usr/lib/samba/idmap/ad.so +usr/lib/samba/idmap/autorid.so +usr/lib/samba/idmap/hash.so +usr/lib/samba/idmap/rfc2307.so +usr/lib/samba/idmap/rid.so +usr/lib/samba/idmap/script.so +usr/lib/samba/idmap/tdb2.so +#usr/lib/samba/krb5 +usr/lib/samba/krb5/winbind_krb5_locator.so +#usr/lib/samba/ldb +usr/lib/samba/ldb/asq.so +usr/lib/samba/ldb/ildap.so +usr/lib/samba/ldb/ldb.so +usr/lib/samba/ldb/ldbsamba_extensions.so +usr/lib/samba/ldb/paged_searches.so +usr/lib/samba/ldb/rdn_name.so +usr/lib/samba/ldb/sample.so +usr/lib/samba/ldb/server_sort.so +usr/lib/samba/ldb/skel.so +usr/lib/samba/ldb/tdb.so +usr/lib/samba/libCHARSET3-samba4.so +usr/lib/samba/libLIBWBCLIENT-OLD-samba4.so +usr/lib/samba/libMESSAGING-SEND-samba4.so +usr/lib/samba/libMESSAGING-samba4.so +usr/lib/samba/libaddns-samba4.so +usr/lib/samba/libads-samba4.so +usr/lib/samba/libasn1-samba4.so.8 +usr/lib/samba/libasn1-samba4.so.8.0.0 +usr/lib/samba/libasn1util-samba4.so +usr/lib/samba/libauth-samba4.so +usr/lib/samba/libauth-unix-token-samba4.so +usr/lib/samba/libauth4-samba4.so +usr/lib/samba/libauthkrb5-samba4.so +usr/lib/samba/libcli-cldap-samba4.so +usr/lib/samba/libcli-ldap-common-samba4.so +usr/lib/samba/libcli-ldap-samba4.so +usr/lib/samba/libcli-nbt-samba4.so +usr/lib/samba/libcli-smb-common-samba4.so +usr/lib/samba/libcli-spoolss-samba4.so +usr/lib/samba/libcliauth-samba4.so +usr/lib/samba/libclidns-samba4.so +usr/lib/samba/libcluster-samba4.so +usr/lib/samba/libcmdline-contexts-samba4.so +usr/lib/samba/libcmdline-credentials-samba4.so +usr/lib/samba/libcmocka-samba4.so +usr/lib/samba/libcom_err-samba4.so.0 +usr/lib/samba/libcom_err-samba4.so.0.25 +usr/lib/samba/libcommon-auth-samba4.so +usr/lib/samba/libdbwrap-samba4.so +usr/lib/samba/libdcerpc-samba-samba4.so +usr/lib/samba/libdcerpc-samba4.so +usr/lib/samba/libdsdb-module-samba4.so +usr/lib/samba/libevents-samba4.so +usr/lib/samba/libflag-mapping-samba4.so +usr/lib/samba/libgenrand-samba4.so +usr/lib/samba/libgensec-samba4.so +usr/lib/samba/libgpext-samba4.so +usr/lib/samba/libgpo-samba4.so +usr/lib/samba/libgse-samba4.so +usr/lib/samba/libgssapi-samba4.so.2 +usr/lib/samba/libgssapi-samba4.so.2.0.0 +usr/lib/samba/libhcrypto-samba4.so.5 +usr/lib/samba/libhcrypto-samba4.so.5.0.1 +usr/lib/samba/libhdb-samba4.so.11 +usr/lib/samba/libhdb-samba4.so.11.0.2 +usr/lib/samba/libheimbase-samba4.so.1 +usr/lib/samba/libheimbase-samba4.so.1.0.0 +usr/lib/samba/libheimntlm-samba4.so.1 +usr/lib/samba/libheimntlm-samba4.so.1.0.1 +usr/lib/samba/libhttp-samba4.so +usr/lib/samba/libhx509-samba4.so.5 +usr/lib/samba/libhx509-samba4.so.5.0.0 +usr/lib/samba/libidmap-samba4.so +usr/lib/samba/libinterfaces-samba4.so +usr/lib/samba/libiov-buf-samba4.so +usr/lib/samba/libkdc-samba4.so.2 +usr/lib/samba/libkdc-samba4.so.2.0.0 +usr/lib/samba/libkrb5-samba4.so.26 +usr/lib/samba/libkrb5-samba4.so.26.0.0 +usr/lib/samba/libkrb5samba-samba4.so +usr/lib/samba/libldb-cmdline-samba4.so +usr/lib/samba/libldb-key-value-samba4.so +usr/lib/samba/libldb-tdb-err-map-samba4.so +usr/lib/samba/libldb-tdb-int-samba4.so +usr/lib/samba/libldb.so.2 +usr/lib/samba/libldb.so.2.2.0 +usr/lib/samba/libldbsamba-samba4.so +usr/lib/samba/liblibcli-lsa3-samba4.so +usr/lib/samba/liblibcli-netlogon3-samba4.so +usr/lib/samba/liblibsmb-samba4.so +usr/lib/samba/libmessages-dgm-samba4.so +usr/lib/samba/libmessages-util-samba4.so +usr/lib/samba/libmsghdr-samba4.so +usr/lib/samba/libmsrpc3-samba4.so +usr/lib/samba/libndr-samba-samba4.so +usr/lib/samba/libndr-samba4.so +usr/lib/samba/libnet-keytab-samba4.so +usr/lib/samba/libnetif-samba4.so +usr/lib/samba/libnpa-tstream-samba4.so +usr/lib/samba/libnss-info-samba4.so +usr/lib/samba/libpopt-samba3-cmdline-samba4.so +usr/lib/samba/libpopt-samba3-samba4.so +usr/lib/samba/libposix-eadb-samba4.so +usr/lib/samba/libprinter-driver-samba4.so +usr/lib/samba/libprinting-migrate-samba4.so +usr/lib/samba/libpyldb-util.cpython-38-arm-linux-gnueabi.so.2 +usr/lib/samba/libpyldb-util.cpython-38-arm-linux-gnueabi.so.2.2.0 +usr/lib/samba/libpytalloc-util.cpython-38-arm-linux-gnueabi.so.2 +usr/lib/samba/libpytalloc-util.cpython-38-arm-linux-gnueabi.so.2.3.1 +usr/lib/samba/libregistry-samba4.so +usr/lib/samba/libreplace-samba4.so +usr/lib/samba/libroken-samba4.so.19 +usr/lib/samba/libroken-samba4.so.19.0.1 +usr/lib/samba/libsamba-cluster-support-samba4.so +usr/lib/samba/libsamba-debug-samba4.so +usr/lib/samba/libsamba-modules-samba4.so +usr/lib/samba/libsamba-net.cpython-38-arm-linux-gnueabi-samba4.so +usr/lib/samba/libsamba-python.cpython-38-arm-linux-gnueabi-samba4.so +usr/lib/samba/libsamba-security-samba4.so +usr/lib/samba/libsamba-sockets-samba4.so +usr/lib/samba/libsamba3-util-samba4.so +usr/lib/samba/libsamdb-common-samba4.so +usr/lib/samba/libsecrets3-samba4.so +usr/lib/samba/libserver-id-db-samba4.so +usr/lib/samba/libserver-role-samba4.so +usr/lib/samba/libshares-samba4.so +usr/lib/samba/libsmb-transport-samba4.so +usr/lib/samba/libsmbclient-raw-samba4.so +usr/lib/samba/libsmbd-base-samba4.so +usr/lib/samba/libsmbd-conn-samba4.so +usr/lib/samba/libsmbd-shim-samba4.so +usr/lib/samba/libsmbldaphelper-samba4.so +usr/lib/samba/libsmbpasswdparser-samba4.so +usr/lib/samba/libsocket-blocking-samba4.so +usr/lib/samba/libsys-rw-samba4.so +usr/lib/samba/libtalloc-report-printf-samba4.so +usr/lib/samba/libtalloc-report-samba4.so +usr/lib/samba/libtalloc.so.2 +usr/lib/samba/libtalloc.so.2.3.1 +usr/lib/samba/libtdb-wrap-samba4.so +usr/lib/samba/libtdb.so.1 +usr/lib/samba/libtdb.so.1.4.3 +usr/lib/samba/libtevent.so.0 +usr/lib/samba/libtevent.so.0.10.2 +usr/lib/samba/libtime-basic-samba4.so +usr/lib/samba/libtorture-samba4.so +usr/lib/samba/libtrusts-util-samba4.so +usr/lib/samba/libutil-cmdline-samba4.so +usr/lib/samba/libutil-reg-samba4.so +usr/lib/samba/libutil-setid-samba4.so +usr/lib/samba/libutil-tdb-samba4.so +usr/lib/samba/libwinbind-client-samba4.so +usr/lib/samba/libwind-samba4.so.0 +usr/lib/samba/libwind-samba4.so.0.0.0 +usr/lib/samba/libxattr-tdb-samba4.so +usr/lib/samba/nss_info +usr/lib/samba/nss_info/hash.so +usr/lib/samba/nss_info/rfc2307.so +usr/lib/samba/nss_info/sfu.so +usr/lib/samba/nss_info/sfu20.so +#usr/lib/samba/vfs +usr/lib/samba/vfs/acl_tdb.so +usr/lib/samba/vfs/acl_xattr.so +usr/lib/samba/vfs/aio_fork.so +usr/lib/samba/vfs/aio_pthread.so +usr/lib/samba/vfs/audit.so +usr/lib/samba/vfs/btrfs.so +usr/lib/samba/vfs/cap.so +usr/lib/samba/vfs/catia.so +usr/lib/samba/vfs/commit.so +usr/lib/samba/vfs/crossrename.so +usr/lib/samba/vfs/default_quota.so +usr/lib/samba/vfs/dirsort.so +usr/lib/samba/vfs/expand_msdfs.so +usr/lib/samba/vfs/extd_audit.so +usr/lib/samba/vfs/fake_perms.so +usr/lib/samba/vfs/fileid.so +usr/lib/samba/vfs/fruit.so +usr/lib/samba/vfs/full_audit.so +usr/lib/samba/vfs/glusterfs_fuse.so +usr/lib/samba/vfs/gpfs.so +usr/lib/samba/vfs/linux_xfs_sgid.so +usr/lib/samba/vfs/media_harmony.so +usr/lib/samba/vfs/offline.so +usr/lib/samba/vfs/preopen.so +usr/lib/samba/vfs/readahead.so +usr/lib/samba/vfs/readonly.so +usr/lib/samba/vfs/recycle.so +usr/lib/samba/vfs/shadow_copy.so +usr/lib/samba/vfs/shadow_copy2.so +usr/lib/samba/vfs/shell_snap.so +usr/lib/samba/vfs/snapper.so +usr/lib/samba/vfs/streams_depot.so +usr/lib/samba/vfs/streams_xattr.so +usr/lib/samba/vfs/syncops.so +usr/lib/samba/vfs/time_audit.so +usr/lib/samba/vfs/unityed_media.so +usr/lib/samba/vfs/virusfilter.so +usr/lib/samba/vfs/widelinks.so +usr/lib/samba/vfs/worm.so +usr/lib/samba/vfs/xattr_tdb.so +usr/lib/security +usr/lib/security/pam_winbind.so +#usr/libexec/samba +usr/libexec/samba/smbspool_krb5_wrapper +usr/sbin/eventlogadm +usr/sbin/nmbd +usr/sbin/samba-gpupdate +usr/sbin/smbd +usr/sbin/winbindd +var/ipfire/backup/addons/includes/samba +#var/ipfire/samba +var/ipfire/samba/default.global +var/ipfire/samba/default.pdc +var/ipfire/samba/default.printer +var/ipfire/samba/default.settings +var/ipfire/samba/default.shares +var/ipfire/samba/global +var/ipfire/samba/pdc +var/ipfire/samba/printer +#var/ipfire/samba/private +var/ipfire/samba/private/secrets.tdb +var/ipfire/samba/private/smbpasswd +var/ipfire/samba/settings +var/ipfire/samba/shares +var/ipfire/samba/smb.conf +var/ipfire/samba/smb.conf.default +var/lib/samba +var/lib/samba/bind-dns +var/lib/samba/private +var/lib/samba/winbindd_privileged +var/log/samba +var/nmbd +srv/web/ipfire/cgi-bin/samba.cgi +srv/web/ipfire/cgi-bin/sambahlp.cgi +var/ipfire/menu.d/EX-samba.menu +usr/local/bin/sambactrl diff --git a/config/rootfiles/packages/i586/samba b/config/rootfiles/packages/i586/samba new file mode 100644 index 000000000..089f6981d --- /dev/null +++ b/config/rootfiles/packages/i586/samba @@ -0,0 +1,820 @@ +etc/rc.d/init.d/samba +usr/bin/cifsdd +usr/bin/dbwrap_tool +usr/bin/findsmb +usr/bin/gentest +usr/bin/ldbadd +usr/bin/ldbdel +usr/bin/ldbedit +usr/bin/ldbmodify +usr/bin/ldbrename +usr/bin/ldbsearch +usr/bin/locktest +usr/bin/masktest +usr/bin/mdfind +usr/bin/mvxattr +usr/bin/ndrdump +usr/bin/net +usr/bin/nmblookup +usr/bin/ntlm_auth +usr/bin/oLschema2ldif +usr/bin/pdbedit +usr/bin/profiles +usr/bin/regdiff +usr/bin/regpatch +usr/bin/regshell +usr/bin/regtree +usr/bin/rpcclient +usr/bin/samba-regedit +usr/bin/sharesec +usr/bin/smbcacls +usr/bin/smbclient +usr/bin/smbcontrol +usr/bin/smbcquotas +usr/bin/smbget +usr/bin/smbpasswd +usr/bin/smbspool +usr/bin/smbstatus +usr/bin/smbtar +usr/bin/smbtorture +usr/bin/smbtree +usr/bin/tdbbackup +usr/bin/tdbdump +usr/bin/tdbrestore +usr/bin/tdbtool +usr/bin/testparm +usr/bin/wbinfo +#usr/include/samba-4.0 +#usr/include/samba-4.0/charset.h +#usr/include/samba-4.0/core +#usr/include/samba-4.0/core/doserr.h +#usr/include/samba-4.0/core/error.h +#usr/include/samba-4.0/core/hresult.h +#usr/include/samba-4.0/core/ntstatus.h +#usr/include/samba-4.0/core/ntstatus_gen.h +#usr/include/samba-4.0/core/werror.h +#usr/include/samba-4.0/core/werror_gen.h +#usr/include/samba-4.0/credentials.h +#usr/include/samba-4.0/dcerpc.h +#usr/include/samba-4.0/dcesrv_core.h +#usr/include/samba-4.0/domain_credentials.h +#usr/include/samba-4.0/gen_ndr +#usr/include/samba-4.0/gen_ndr/atsvc.h +#usr/include/samba-4.0/gen_ndr/auth.h +#usr/include/samba-4.0/gen_ndr/dcerpc.h +#usr/include/samba-4.0/gen_ndr/drsblobs.h +#usr/include/samba-4.0/gen_ndr/drsuapi.h +#usr/include/samba-4.0/gen_ndr/krb5pac.h +#usr/include/samba-4.0/gen_ndr/lsa.h +#usr/include/samba-4.0/gen_ndr/misc.h +#usr/include/samba-4.0/gen_ndr/nbt.h +#usr/include/samba-4.0/gen_ndr/ndr_atsvc.h +#usr/include/samba-4.0/gen_ndr/ndr_dcerpc.h +#usr/include/samba-4.0/gen_ndr/ndr_drsblobs.h +#usr/include/samba-4.0/gen_ndr/ndr_drsuapi.h +#usr/include/samba-4.0/gen_ndr/ndr_krb5pac.h +#usr/include/samba-4.0/gen_ndr/ndr_misc.h +#usr/include/samba-4.0/gen_ndr/ndr_nbt.h +#usr/include/samba-4.0/gen_ndr/ndr_samr.h +#usr/include/samba-4.0/gen_ndr/ndr_samr_c.h +#usr/include/samba-4.0/gen_ndr/ndr_svcctl.h +#usr/include/samba-4.0/gen_ndr/ndr_svcctl_c.h +#usr/include/samba-4.0/gen_ndr/netlogon.h +#usr/include/samba-4.0/gen_ndr/samr.h +#usr/include/samba-4.0/gen_ndr/security.h +#usr/include/samba-4.0/gen_ndr/server_id.h +#usr/include/samba-4.0/gen_ndr/svcctl.h +#usr/include/samba-4.0/ldb_wrap.h +#usr/include/samba-4.0/libsmbclient.h +#usr/include/samba-4.0/lookup_sid.h +#usr/include/samba-4.0/machine_sid.h +#usr/include/samba-4.0/ndr +#usr/include/samba-4.0/ndr.h +#usr/include/samba-4.0/ndr/ndr_dcerpc.h +#usr/include/samba-4.0/ndr/ndr_drsblobs.h +#usr/include/samba-4.0/ndr/ndr_drsuapi.h +#usr/include/samba-4.0/ndr/ndr_krb5pac.h +#usr/include/samba-4.0/ndr/ndr_nbt.h +#usr/include/samba-4.0/ndr/ndr_svcctl.h +#usr/include/samba-4.0/netapi.h +#usr/include/samba-4.0/param.h +#usr/include/samba-4.0/passdb.h +#usr/include/samba-4.0/policy.h +#usr/include/samba-4.0/rpc_common.h +#usr/include/samba-4.0/samba +#usr/include/samba-4.0/samba/session.h +#usr/include/samba-4.0/samba/version.h +#usr/include/samba-4.0/share.h +#usr/include/samba-4.0/smb2_lease_struct.h +#usr/include/samba-4.0/smb_ldap.h +#usr/include/samba-4.0/smbconf.h +#usr/include/samba-4.0/smbldap.h +#usr/include/samba-4.0/tdr.h +#usr/include/samba-4.0/tsocket.h +#usr/include/samba-4.0/tsocket_internal.h +#usr/include/samba-4.0/util +#usr/include/samba-4.0/util/attr.h +#usr/include/samba-4.0/util/blocking.h +#usr/include/samba-4.0/util/data_blob.h +#usr/include/samba-4.0/util/debug.h +#usr/include/samba-4.0/util/discard.h +#usr/include/samba-4.0/util/fault.h +#usr/include/samba-4.0/util/genrand.h +#usr/include/samba-4.0/util/idtree.h +#usr/include/samba-4.0/util/idtree_random.h +#usr/include/samba-4.0/util/signal.h +#usr/include/samba-4.0/util/string_wrappers.h +#usr/include/samba-4.0/util/substitute.h +#usr/include/samba-4.0/util/tevent_ntstatus.h +#usr/include/samba-4.0/util/tevent_unix.h +#usr/include/samba-4.0/util/tevent_werror.h +#usr/include/samba-4.0/util/tfork.h +#usr/include/samba-4.0/util/time.h +#usr/include/samba-4.0/util_ldb.h +#usr/include/samba-4.0/wbclient.h +usr/lib/libdcerpc-binding.so +usr/lib/libdcerpc-binding.so.0 +usr/lib/libdcerpc-binding.so.0.0.1 +usr/lib/libdcerpc-samr.so +usr/lib/libdcerpc-samr.so.0 +usr/lib/libdcerpc-samr.so.0.0.1 +usr/lib/libdcerpc-server-core.so +usr/lib/libdcerpc-server-core.so.0 +usr/lib/libdcerpc-server-core.so.0.0.1 +usr/lib/libdcerpc.so +usr/lib/libdcerpc.so.0 +usr/lib/libdcerpc.so.0.0.1 +usr/lib/libndr-krb5pac.so +usr/lib/libndr-krb5pac.so.0 +usr/lib/libndr-krb5pac.so.0.0.1 +usr/lib/libndr-nbt.so +usr/lib/libndr-nbt.so.0 +usr/lib/libndr-nbt.so.0.0.1 +usr/lib/libndr-standard.so +usr/lib/libndr-standard.so.0 +usr/lib/libndr-standard.so.0.0.1 +usr/lib/libndr.so +usr/lib/libndr.so.1 +usr/lib/libndr.so.1.0.0 +usr/lib/libnetapi.so +usr/lib/libnetapi.so.0 +usr/lib/libnss_winbind.so +usr/lib/libnss_winbind.so.2 +usr/lib/libnss_wins.so +usr/lib/libnss_wins.so.2 +usr/lib/libsamba-credentials.so +usr/lib/libsamba-credentials.so.0 +usr/lib/libsamba-credentials.so.0.0.1 +usr/lib/libsamba-errors.so +usr/lib/libsamba-errors.so.1 +usr/lib/libsamba-hostconfig.so +usr/lib/libsamba-hostconfig.so.0 +usr/lib/libsamba-hostconfig.so.0.0.1 +usr/lib/libsamba-passdb.so +usr/lib/libsamba-passdb.so.0 +usr/lib/libsamba-passdb.so.0.28.0 +usr/lib/libsamba-policy.cpython-38-i386-linux-gnu.so +usr/lib/libsamba-policy.cpython-38-i386-linux-gnu.so.0 +usr/lib/libsamba-policy.cpython-38-i386-linux-gnu.so.0.0.1 +usr/lib/libsamba-util.so +usr/lib/libsamba-util.so.0 +usr/lib/libsamba-util.so.0.0.1 +usr/lib/libsamdb.so +usr/lib/libsamdb.so.0 +usr/lib/libsamdb.so.0.0.1 +usr/lib/libsmbclient.so +usr/lib/libsmbclient.so.0 +usr/lib/libsmbclient.so.0.6.0 +usr/lib/libsmbconf.so +usr/lib/libsmbconf.so.0 +usr/lib/libsmbldap.so +usr/lib/libsmbldap.so.2 +usr/lib/libtevent-util.so +usr/lib/libtevent-util.so.0 +usr/lib/libtevent-util.so.0.0.1 +usr/lib/libwbclient.so +usr/lib/libwbclient.so.0 +usr/lib/libwbclient.so.0.15 +#usr/lib/pkgconfig/dcerpc.pc +#usr/lib/pkgconfig/dcerpc_samr.pc +#usr/lib/pkgconfig/ndr.pc +#usr/lib/pkgconfig/ndr_krb5pac.pc +#usr/lib/pkgconfig/ndr_nbt.pc +#usr/lib/pkgconfig/ndr_standard.pc +#usr/lib/pkgconfig/netapi.pc +#usr/lib/pkgconfig/samba-credentials.pc +#usr/lib/pkgconfig/samba-hostconfig.pc +#usr/lib/pkgconfig/samba-policy.cpython-38-i386-linux-gnu.pc +#usr/lib/pkgconfig/samba-util.pc +#usr/lib/pkgconfig/samdb.pc +#usr/lib/pkgconfig/smbclient.pc +#usr/lib/pkgconfig/wbclient.pc +usr/lib/python3.8/site-packages/_ldb_text.py +usr/lib/python3.8/site-packages/_tdb_text.py +usr/lib/python3.8/site-packages/_tevent.cpython-38-i386-linux-gnu.so +usr/lib/python3.8/site-packages/ldb.cpython-38-i386-linux-gnu.so +#usr/lib/python3.8/site-packages/samba +usr/lib/python3.8/site-packages/samba/__init__.py +usr/lib/python3.8/site-packages/samba/_glue.cpython-38-i386-linux-gnu.so +usr/lib/python3.8/site-packages/samba/_ldb.cpython-38-i386-linux-gnu.so +usr/lib/python3.8/site-packages/samba/auth.cpython-38-i386-linux-gnu.so +usr/lib/python3.8/site-packages/samba/auth_util.py +usr/lib/python3.8/site-packages/samba/colour.py +usr/lib/python3.8/site-packages/samba/common.py +usr/lib/python3.8/site-packages/samba/compat.py +usr/lib/python3.8/site-packages/samba/credentials.cpython-38-i386-linux-gnu.so +usr/lib/python3.8/site-packages/samba/crypto.cpython-38-i386-linux-gnu.so +usr/lib/python3.8/site-packages/samba/dbchecker.py +#usr/lib/python3.8/site-packages/samba/dcerpc +usr/lib/python3.8/site-packages/samba/dcerpc/__init__.py +usr/lib/python3.8/site-packages/samba/dcerpc/atsvc.cpython-38-i386-linux-gnu.so +usr/lib/python3.8/site-packages/samba/dcerpc/auth.cpython-38-i386-linux-gnu.so +usr/lib/python3.8/site-packages/samba/dcerpc/base.cpython-38-i386-linux-gnu.so +usr/lib/python3.8/site-packages/samba/dcerpc/dcerpc.cpython-38-i386-linux-gnu.so +usr/lib/python3.8/site-packages/samba/dcerpc/dfs.cpython-38-i386-linux-gnu.so +usr/lib/python3.8/site-packages/samba/dcerpc/dns.cpython-38-i386-linux-gnu.so +usr/lib/python3.8/site-packages/samba/dcerpc/dnsp.cpython-38-i386-linux-gnu.so +usr/lib/python3.8/site-packages/samba/dcerpc/dnsserver.cpython-38-i386-linux-gnu.so +usr/lib/python3.8/site-packages/samba/dcerpc/drsblobs.cpython-38-i386-linux-gnu.so +usr/lib/python3.8/site-packages/samba/dcerpc/drsuapi.cpython-38-i386-linux-gnu.so +usr/lib/python3.8/site-packages/samba/dcerpc/echo.cpython-38-i386-linux-gnu.so +usr/lib/python3.8/site-packages/samba/dcerpc/epmapper.cpython-38-i386-linux-gnu.so +usr/lib/python3.8/site-packages/samba/dcerpc/idmap.cpython-38-i386-linux-gnu.so +usr/lib/python3.8/site-packages/samba/dcerpc/initshutdown.cpython-38-i386-linux-gnu.so +usr/lib/python3.8/site-packages/samba/dcerpc/irpc.cpython-38-i386-linux-gnu.so +usr/lib/python3.8/site-packages/samba/dcerpc/krb5pac.cpython-38-i386-linux-gnu.so +usr/lib/python3.8/site-packages/samba/dcerpc/lsa.cpython-38-i386-linux-gnu.so +usr/lib/python3.8/site-packages/samba/dcerpc/mdssvc.cpython-38-i386-linux-gnu.so +usr/lib/python3.8/site-packages/samba/dcerpc/messaging.cpython-38-i386-linux-gnu.so +usr/lib/python3.8/site-packages/samba/dcerpc/mgmt.cpython-38-i386-linux-gnu.so +usr/lib/python3.8/site-packages/samba/dcerpc/misc.cpython-38-i386-linux-gnu.so +usr/lib/python3.8/site-packages/samba/dcerpc/nbt.cpython-38-i386-linux-gnu.so +usr/lib/python3.8/site-packages/samba/dcerpc/netlogon.cpython-38-i386-linux-gnu.so +usr/lib/python3.8/site-packages/samba/dcerpc/ntlmssp.cpython-38-i386-linux-gnu.so +usr/lib/python3.8/site-packages/samba/dcerpc/preg.cpython-38-i386-linux-gnu.so +usr/lib/python3.8/site-packages/samba/dcerpc/samr.cpython-38-i386-linux-gnu.so +usr/lib/python3.8/site-packages/samba/dcerpc/security.cpython-38-i386-linux-gnu.so +usr/lib/python3.8/site-packages/samba/dcerpc/server_id.cpython-38-i386-linux-gnu.so +usr/lib/python3.8/site-packages/samba/dcerpc/smb_acl.cpython-38-i386-linux-gnu.so +usr/lib/python3.8/site-packages/samba/dcerpc/spoolss.cpython-38-i386-linux-gnu.so +usr/lib/python3.8/site-packages/samba/dcerpc/srvsvc.cpython-38-i386-linux-gnu.so +usr/lib/python3.8/site-packages/samba/dcerpc/svcctl.cpython-38-i386-linux-gnu.so +usr/lib/python3.8/site-packages/samba/dcerpc/unixinfo.cpython-38-i386-linux-gnu.so +usr/lib/python3.8/site-packages/samba/dcerpc/winbind.cpython-38-i386-linux-gnu.so +usr/lib/python3.8/site-packages/samba/dcerpc/windows_event_ids.cpython-38-i386-linux-gnu.so +usr/lib/python3.8/site-packages/samba/dcerpc/winreg.cpython-38-i386-linux-gnu.so +usr/lib/python3.8/site-packages/samba/dcerpc/winspool.cpython-38-i386-linux-gnu.so +usr/lib/python3.8/site-packages/samba/dcerpc/witness.cpython-38-i386-linux-gnu.so +usr/lib/python3.8/site-packages/samba/dcerpc/wkssvc.cpython-38-i386-linux-gnu.so +usr/lib/python3.8/site-packages/samba/dcerpc/xattr.cpython-38-i386-linux-gnu.so +usr/lib/python3.8/site-packages/samba/descriptor.py +usr/lib/python3.8/site-packages/samba/dnsserver.py +usr/lib/python3.8/site-packages/samba/domain_update.py +usr/lib/python3.8/site-packages/samba/drs_utils.py +#usr/lib/python3.8/site-packages/samba/emulate +usr/lib/python3.8/site-packages/samba/emulate/__init__.py +usr/lib/python3.8/site-packages/samba/emulate/traffic.py +usr/lib/python3.8/site-packages/samba/emulate/traffic_packets.py +usr/lib/python3.8/site-packages/samba/forest_update.py +usr/lib/python3.8/site-packages/samba/gensec.cpython-38-i386-linux-gnu.so +usr/lib/python3.8/site-packages/samba/getopt.py +usr/lib/python3.8/site-packages/samba/gp_ext_loader.py +#usr/lib/python3.8/site-packages/samba/gp_parse +usr/lib/python3.8/site-packages/samba/gp_parse/__init__.py +usr/lib/python3.8/site-packages/samba/gp_parse/gp_aas.py +usr/lib/python3.8/site-packages/samba/gp_parse/gp_csv.py +usr/lib/python3.8/site-packages/samba/gp_parse/gp_inf.py +usr/lib/python3.8/site-packages/samba/gp_parse/gp_ini.py +usr/lib/python3.8/site-packages/samba/gp_parse/gp_pol.py +usr/lib/python3.8/site-packages/samba/gp_scripts_ext.py +usr/lib/python3.8/site-packages/samba/gp_sec_ext.py +usr/lib/python3.8/site-packages/samba/gpclass.py +usr/lib/python3.8/site-packages/samba/gpo.cpython-38-i386-linux-gnu.so +usr/lib/python3.8/site-packages/samba/graph.py +usr/lib/python3.8/site-packages/samba/hostconfig.py +usr/lib/python3.8/site-packages/samba/idmap.py +usr/lib/python3.8/site-packages/samba/join.py +#usr/lib/python3.8/site-packages/samba/kcc +usr/lib/python3.8/site-packages/samba/kcc/__init__.py +usr/lib/python3.8/site-packages/samba/kcc/debug.py +usr/lib/python3.8/site-packages/samba/kcc/graph.py +usr/lib/python3.8/site-packages/samba/kcc/graph_utils.py +usr/lib/python3.8/site-packages/samba/kcc/kcc_utils.py +usr/lib/python3.8/site-packages/samba/kcc/ldif_import_export.py +usr/lib/python3.8/site-packages/samba/logger.py +usr/lib/python3.8/site-packages/samba/mdb_util.py +usr/lib/python3.8/site-packages/samba/messaging.cpython-38-i386-linux-gnu.so +usr/lib/python3.8/site-packages/samba/ms_display_specifiers.py +usr/lib/python3.8/site-packages/samba/ms_forest_updates_markdown.py +usr/lib/python3.8/site-packages/samba/ms_schema.py +usr/lib/python3.8/site-packages/samba/ms_schema_markdown.py +usr/lib/python3.8/site-packages/samba/ndr.py +usr/lib/python3.8/site-packages/samba/net.cpython-38-i386-linux-gnu.so +usr/lib/python3.8/site-packages/samba/netbios.cpython-38-i386-linux-gnu.so +#usr/lib/python3.8/site-packages/samba/netcmd +usr/lib/python3.8/site-packages/samba/netcmd/__init__.py +usr/lib/python3.8/site-packages/samba/netcmd/common.py +usr/lib/python3.8/site-packages/samba/netcmd/computer.py +usr/lib/python3.8/site-packages/samba/netcmd/contact.py +usr/lib/python3.8/site-packages/samba/netcmd/dbcheck.py +usr/lib/python3.8/site-packages/samba/netcmd/delegation.py +usr/lib/python3.8/site-packages/samba/netcmd/dns.py +usr/lib/python3.8/site-packages/samba/netcmd/domain.py +usr/lib/python3.8/site-packages/samba/netcmd/domain_backup.py +usr/lib/python3.8/site-packages/samba/netcmd/drs.py +usr/lib/python3.8/site-packages/samba/netcmd/dsacl.py +usr/lib/python3.8/site-packages/samba/netcmd/forest.py +usr/lib/python3.8/site-packages/samba/netcmd/fsmo.py +usr/lib/python3.8/site-packages/samba/netcmd/gpo.py +usr/lib/python3.8/site-packages/samba/netcmd/group.py +usr/lib/python3.8/site-packages/samba/netcmd/ldapcmp.py +usr/lib/python3.8/site-packages/samba/netcmd/main.py +usr/lib/python3.8/site-packages/samba/netcmd/nettime.py +usr/lib/python3.8/site-packages/samba/netcmd/ntacl.py +usr/lib/python3.8/site-packages/samba/netcmd/ou.py +usr/lib/python3.8/site-packages/samba/netcmd/processes.py +usr/lib/python3.8/site-packages/samba/netcmd/pso.py +usr/lib/python3.8/site-packages/samba/netcmd/rodc.py +usr/lib/python3.8/site-packages/samba/netcmd/schema.py +usr/lib/python3.8/site-packages/samba/netcmd/sites.py +usr/lib/python3.8/site-packages/samba/netcmd/spn.py +usr/lib/python3.8/site-packages/samba/netcmd/testparm.py +usr/lib/python3.8/site-packages/samba/netcmd/user.py +usr/lib/python3.8/site-packages/samba/netcmd/visualize.py +usr/lib/python3.8/site-packages/samba/ntacls.py +usr/lib/python3.8/site-packages/samba/ntstatus.cpython-38-i386-linux-gnu.so +usr/lib/python3.8/site-packages/samba/param.cpython-38-i386-linux-gnu.so +usr/lib/python3.8/site-packages/samba/policy.cpython-38-i386-linux-gnu.so +usr/lib/python3.8/site-packages/samba/posix_eadb.cpython-38-i386-linux-gnu.so +#usr/lib/python3.8/site-packages/samba/provision +usr/lib/python3.8/site-packages/samba/provision/__init__.py +usr/lib/python3.8/site-packages/samba/provision/backend.py +usr/lib/python3.8/site-packages/samba/provision/common.py +usr/lib/python3.8/site-packages/samba/provision/kerberos.py +usr/lib/python3.8/site-packages/samba/provision/kerberos_implementation.py +usr/lib/python3.8/site-packages/samba/provision/sambadns.py +usr/lib/python3.8/site-packages/samba/registry.cpython-38-i386-linux-gnu.so +usr/lib/python3.8/site-packages/samba/remove_dc.py +#usr/lib/python3.8/site-packages/samba/samba3 +usr/lib/python3.8/site-packages/samba/samba3/__init__.py +usr/lib/python3.8/site-packages/samba/samba3/libsmb_samba_internal.cpython-38-i386-linux-gnu.so +usr/lib/python3.8/site-packages/samba/samba3/mdscli.cpython-38-i386-linux-gnu.so +usr/lib/python3.8/site-packages/samba/samba3/param.cpython-38-i386-linux-gnu.so +usr/lib/python3.8/site-packages/samba/samba3/passdb.cpython-38-i386-linux-gnu.so +usr/lib/python3.8/site-packages/samba/samba3/smbd.cpython-38-i386-linux-gnu.so +usr/lib/python3.8/site-packages/samba/samdb.py +usr/lib/python3.8/site-packages/samba/schema.py +usr/lib/python3.8/site-packages/samba/sd_utils.py +usr/lib/python3.8/site-packages/samba/security.cpython-38-i386-linux-gnu.so +usr/lib/python3.8/site-packages/samba/sites.py +usr/lib/python3.8/site-packages/samba/subnets.py +#usr/lib/python3.8/site-packages/samba/subunit +usr/lib/python3.8/site-packages/samba/subunit/__init__.py +usr/lib/python3.8/site-packages/samba/subunit/run.py +usr/lib/python3.8/site-packages/samba/tdb_util.py +#usr/lib/python3.8/site-packages/samba/tests +#usr/lib/python3.8/site-packages/samba/tests/__init__.py +#usr/lib/python3.8/site-packages/samba/tests/audit_log_base.py +#usr/lib/python3.8/site-packages/samba/tests/audit_log_dsdb.py +#usr/lib/python3.8/site-packages/samba/tests/audit_log_pass_change.py +#usr/lib/python3.8/site-packages/samba/tests/auth.py +#usr/lib/python3.8/site-packages/samba/tests/auth_log.py +#usr/lib/python3.8/site-packages/samba/tests/auth_log_base.py +#usr/lib/python3.8/site-packages/samba/tests/auth_log_ncalrpc.py +#usr/lib/python3.8/site-packages/samba/tests/auth_log_netlogon.py +#usr/lib/python3.8/site-packages/samba/tests/auth_log_netlogon_bad_creds.py +#usr/lib/python3.8/site-packages/samba/tests/auth_log_pass_change.py +#usr/lib/python3.8/site-packages/samba/tests/auth_log_samlogon.py +#usr/lib/python3.8/site-packages/samba/tests/auth_log_winbind.py +#usr/lib/python3.8/site-packages/samba/tests/blackbox +#usr/lib/python3.8/site-packages/samba/tests/blackbox/__init__.py +#usr/lib/python3.8/site-packages/samba/tests/blackbox/bug13653.py +#usr/lib/python3.8/site-packages/samba/tests/blackbox/check_output.py +#usr/lib/python3.8/site-packages/samba/tests/blackbox/downgradedatabase.py +#usr/lib/python3.8/site-packages/samba/tests/blackbox/mdfind.py +#usr/lib/python3.8/site-packages/samba/tests/blackbox/ndrdump.py +#usr/lib/python3.8/site-packages/samba/tests/blackbox/netads_json.py +#usr/lib/python3.8/site-packages/samba/tests/blackbox/samba_dnsupdate.py +#usr/lib/python3.8/site-packages/samba/tests/blackbox/smbcacls.py +#usr/lib/python3.8/site-packages/samba/tests/blackbox/smbcacls_basic.py +#usr/lib/python3.8/site-packages/samba/tests/blackbox/smbcontrol.py +#usr/lib/python3.8/site-packages/samba/tests/blackbox/smbcontrol_process.py +#usr/lib/python3.8/site-packages/samba/tests/blackbox/traffic_learner.py +#usr/lib/python3.8/site-packages/samba/tests/blackbox/traffic_replay.py +#usr/lib/python3.8/site-packages/samba/tests/blackbox/traffic_summary.py +#usr/lib/python3.8/site-packages/samba/tests/common.py +#usr/lib/python3.8/site-packages/samba/tests/complex_expressions.py +#usr/lib/python3.8/site-packages/samba/tests/core.py +#usr/lib/python3.8/site-packages/samba/tests/credentials.py +#usr/lib/python3.8/site-packages/samba/tests/dcerpc +#usr/lib/python3.8/site-packages/samba/tests/dcerpc/__init__.py +#usr/lib/python3.8/site-packages/samba/tests/dcerpc/array.py +#usr/lib/python3.8/site-packages/samba/tests/dcerpc/bare.py +#usr/lib/python3.8/site-packages/samba/tests/dcerpc/dnsserver.py +#usr/lib/python3.8/site-packages/samba/tests/dcerpc/integer.py +#usr/lib/python3.8/site-packages/samba/tests/dcerpc/mdssvc.py +#usr/lib/python3.8/site-packages/samba/tests/dcerpc/misc.py +#usr/lib/python3.8/site-packages/samba/tests/dcerpc/raw_protocol.py +#usr/lib/python3.8/site-packages/samba/tests/dcerpc/raw_testcase.py +#usr/lib/python3.8/site-packages/samba/tests/dcerpc/registry.py +#usr/lib/python3.8/site-packages/samba/tests/dcerpc/rpc_talloc.py +#usr/lib/python3.8/site-packages/samba/tests/dcerpc/rpcecho.py +#usr/lib/python3.8/site-packages/samba/tests/dcerpc/sam.py +#usr/lib/python3.8/site-packages/samba/tests/dcerpc/srvsvc.py +#usr/lib/python3.8/site-packages/samba/tests/dcerpc/string_tests.py +#usr/lib/python3.8/site-packages/samba/tests/dcerpc/testrpc.py +#usr/lib/python3.8/site-packages/samba/tests/dcerpc/unix.py +#usr/lib/python3.8/site-packages/samba/tests/dckeytab.py +#usr/lib/python3.8/site-packages/samba/tests/dns.py +#usr/lib/python3.8/site-packages/samba/tests/dns_base.py +#usr/lib/python3.8/site-packages/samba/tests/dns_forwarder.py +#usr/lib/python3.8/site-packages/samba/tests/dns_forwarder_helpers +#usr/lib/python3.8/site-packages/samba/tests/dns_forwarder_helpers/server.py +#usr/lib/python3.8/site-packages/samba/tests/dns_invalid.py +#usr/lib/python3.8/site-packages/samba/tests/dns_packet.py +#usr/lib/python3.8/site-packages/samba/tests/dns_tkey.py +#usr/lib/python3.8/site-packages/samba/tests/dns_wildcard.py +#usr/lib/python3.8/site-packages/samba/tests/docs.py +#usr/lib/python3.8/site-packages/samba/tests/domain_backup.py +#usr/lib/python3.8/site-packages/samba/tests/domain_backup_offline.py +#usr/lib/python3.8/site-packages/samba/tests/dsdb.py +#usr/lib/python3.8/site-packages/samba/tests/dsdb_lock.py +#usr/lib/python3.8/site-packages/samba/tests/dsdb_schema_attributes.py +#usr/lib/python3.8/site-packages/samba/tests/emulate +#usr/lib/python3.8/site-packages/samba/tests/emulate/__init__.py +#usr/lib/python3.8/site-packages/samba/tests/emulate/traffic.py +#usr/lib/python3.8/site-packages/samba/tests/emulate/traffic_packet.py +#usr/lib/python3.8/site-packages/samba/tests/encrypted_secrets.py +#usr/lib/python3.8/site-packages/samba/tests/gensec.py +#usr/lib/python3.8/site-packages/samba/tests/get_opt.py +#usr/lib/python3.8/site-packages/samba/tests/getdcname.py +#usr/lib/python3.8/site-packages/samba/tests/glue.py +#usr/lib/python3.8/site-packages/samba/tests/gpo.py +#usr/lib/python3.8/site-packages/samba/tests/graph.py +#usr/lib/python3.8/site-packages/samba/tests/group_audit.py +#usr/lib/python3.8/site-packages/samba/tests/hostconfig.py +#usr/lib/python3.8/site-packages/samba/tests/join.py +#usr/lib/python3.8/site-packages/samba/tests/kcc +#usr/lib/python3.8/site-packages/samba/tests/kcc/__init__.py +#usr/lib/python3.8/site-packages/samba/tests/kcc/graph.py +#usr/lib/python3.8/site-packages/samba/tests/kcc/graph_utils.py +#usr/lib/python3.8/site-packages/samba/tests/kcc/kcc_utils.py +#usr/lib/python3.8/site-packages/samba/tests/kcc/ldif_import_export.py +#usr/lib/python3.8/site-packages/samba/tests/krb5 +#usr/lib/python3.8/site-packages/samba/tests/krb5/kcrypto.py +#usr/lib/python3.8/site-packages/samba/tests/krb5/raw_testcase.py +#usr/lib/python3.8/site-packages/samba/tests/krb5/rfc4120_pyasn1.py +#usr/lib/python3.8/site-packages/samba/tests/krb5/s4u_tests.py +#usr/lib/python3.8/site-packages/samba/tests/krb5/simple_tests.py +#usr/lib/python3.8/site-packages/samba/tests/krb5/xrealm_tests.py +#usr/lib/python3.8/site-packages/samba/tests/krb5_credentials.py +#usr/lib/python3.8/site-packages/samba/tests/ldap_raw.py +#usr/lib/python3.8/site-packages/samba/tests/ldap_referrals.py +#usr/lib/python3.8/site-packages/samba/tests/libsmb.py +#usr/lib/python3.8/site-packages/samba/tests/loadparm.py +#usr/lib/python3.8/site-packages/samba/tests/lsa_string.py +#usr/lib/python3.8/site-packages/samba/tests/messaging.py +#usr/lib/python3.8/site-packages/samba/tests/net_join.py +#usr/lib/python3.8/site-packages/samba/tests/net_join_no_spnego.py +#usr/lib/python3.8/site-packages/samba/tests/netbios.py +#usr/lib/python3.8/site-packages/samba/tests/netcmd.py +#usr/lib/python3.8/site-packages/samba/tests/netlogonsvc.py +#usr/lib/python3.8/site-packages/samba/tests/ntacls.py +#usr/lib/python3.8/site-packages/samba/tests/ntacls_backup.py +#usr/lib/python3.8/site-packages/samba/tests/ntlm_auth.py +#usr/lib/python3.8/site-packages/samba/tests/ntlm_auth_base.py +#usr/lib/python3.8/site-packages/samba/tests/ntlm_auth_krb5.py +#usr/lib/python3.8/site-packages/samba/tests/ntlmdisabled.py +#usr/lib/python3.8/site-packages/samba/tests/pam_winbind.py +#usr/lib/python3.8/site-packages/samba/tests/pam_winbind_chauthtok.py +#usr/lib/python3.8/site-packages/samba/tests/pam_winbind_warn_pwd_expire.py +#usr/lib/python3.8/site-packages/samba/tests/param.py +#usr/lib/python3.8/site-packages/samba/tests/password_hash.py +#usr/lib/python3.8/site-packages/samba/tests/password_hash_fl2003.py +#usr/lib/python3.8/site-packages/samba/tests/password_hash_fl2008.py +#usr/lib/python3.8/site-packages/samba/tests/password_hash_gpgme.py +#usr/lib/python3.8/site-packages/samba/tests/password_hash_ldap.py +#usr/lib/python3.8/site-packages/samba/tests/password_quality.py +#usr/lib/python3.8/site-packages/samba/tests/password_test.py +#usr/lib/python3.8/site-packages/samba/tests/policy.py +#usr/lib/python3.8/site-packages/samba/tests/posixacl.py +#usr/lib/python3.8/site-packages/samba/tests/prefork_restart.py +#usr/lib/python3.8/site-packages/samba/tests/process_limits.py +#usr/lib/python3.8/site-packages/samba/tests/provision.py +#usr/lib/python3.8/site-packages/samba/tests/pso.py +#usr/lib/python3.8/site-packages/samba/tests/py_credentials.py +#usr/lib/python3.8/site-packages/samba/tests/registry.py +#usr/lib/python3.8/site-packages/samba/tests/s3idmapdb.py +#usr/lib/python3.8/site-packages/samba/tests/s3param.py +#usr/lib/python3.8/site-packages/samba/tests/s3passdb.py +#usr/lib/python3.8/site-packages/samba/tests/s3registry.py +#usr/lib/python3.8/site-packages/samba/tests/s3windb.py +#usr/lib/python3.8/site-packages/samba/tests/samba3sam.py +#usr/lib/python3.8/site-packages/samba/tests/samba_tool +#usr/lib/python3.8/site-packages/samba/tests/samba_tool/__init__.py +#usr/lib/python3.8/site-packages/samba/tests/samba_tool/base.py +#usr/lib/python3.8/site-packages/samba/tests/samba_tool/computer.py +#usr/lib/python3.8/site-packages/samba/tests/samba_tool/contact.py +#usr/lib/python3.8/site-packages/samba/tests/samba_tool/demote.py +#usr/lib/python3.8/site-packages/samba/tests/samba_tool/dnscmd.py +#usr/lib/python3.8/site-packages/samba/tests/samba_tool/drs_clone_dc_data_lmdb_size.py +#usr/lib/python3.8/site-packages/samba/tests/samba_tool/dsacl.py +#usr/lib/python3.8/site-packages/samba/tests/samba_tool/forest.py +#usr/lib/python3.8/site-packages/samba/tests/samba_tool/fsmo.py +#usr/lib/python3.8/site-packages/samba/tests/samba_tool/gpo.py +#usr/lib/python3.8/site-packages/samba/tests/samba_tool/group.py +#usr/lib/python3.8/site-packages/samba/tests/samba_tool/help.py +#usr/lib/python3.8/site-packages/samba/tests/samba_tool/join.py +#usr/lib/python3.8/site-packages/samba/tests/samba_tool/join_lmdb_size.py +#usr/lib/python3.8/site-packages/samba/tests/samba_tool/ntacl.py +#usr/lib/python3.8/site-packages/samba/tests/samba_tool/ou.py +#usr/lib/python3.8/site-packages/samba/tests/samba_tool/passwordsettings.py +#usr/lib/python3.8/site-packages/samba/tests/samba_tool/processes.py +#usr/lib/python3.8/site-packages/samba/tests/samba_tool/promote_dc_lmdb_size.py +#usr/lib/python3.8/site-packages/samba/tests/samba_tool/provision_lmdb_size.py +#usr/lib/python3.8/site-packages/samba/tests/samba_tool/provision_password_check.py +#usr/lib/python3.8/site-packages/samba/tests/samba_tool/rodc.py +#usr/lib/python3.8/site-packages/samba/tests/samba_tool/schema.py +#usr/lib/python3.8/site-packages/samba/tests/samba_tool/sites.py +#usr/lib/python3.8/site-packages/samba/tests/samba_tool/timecmd.py +#usr/lib/python3.8/site-packages/samba/tests/samba_tool/user.py +#usr/lib/python3.8/site-packages/samba/tests/samba_tool/user_check_password_script.py +#usr/lib/python3.8/site-packages/samba/tests/samba_tool/user_virtualCryptSHA.py +#usr/lib/python3.8/site-packages/samba/tests/samba_tool/user_virtualCryptSHA_base.py +#usr/lib/python3.8/site-packages/samba/tests/samba_tool/user_virtualCryptSHA_gpg.py +#usr/lib/python3.8/site-packages/samba/tests/samba_tool/user_virtualCryptSHA_userPassword.py +#usr/lib/python3.8/site-packages/samba/tests/samba_tool/user_wdigest.py +#usr/lib/python3.8/site-packages/samba/tests/samba_tool/visualize.py +#usr/lib/python3.8/site-packages/samba/tests/samba_tool/visualize_drs.py +#usr/lib/python3.8/site-packages/samba/tests/samba_upgradedns_lmdb.py +#usr/lib/python3.8/site-packages/samba/tests/samdb.py +#usr/lib/python3.8/site-packages/samba/tests/samdb_api.py +#usr/lib/python3.8/site-packages/samba/tests/security.py +#usr/lib/python3.8/site-packages/samba/tests/segfault.py +#usr/lib/python3.8/site-packages/samba/tests/smb.py +#usr/lib/python3.8/site-packages/samba/tests/smbd_base.py +#usr/lib/python3.8/site-packages/samba/tests/smbd_fuzztest.py +#usr/lib/python3.8/site-packages/samba/tests/source.py +#usr/lib/python3.8/site-packages/samba/tests/strings.py +#usr/lib/python3.8/site-packages/samba/tests/subunitrun.py +#usr/lib/python3.8/site-packages/samba/tests/tdb_util.py +#usr/lib/python3.8/site-packages/samba/tests/upgrade.py +#usr/lib/python3.8/site-packages/samba/tests/upgradeprovision.py +#usr/lib/python3.8/site-packages/samba/tests/upgradeprovisionneeddc.py +#usr/lib/python3.8/site-packages/samba/tests/usage.py +#usr/lib/python3.8/site-packages/samba/tests/xattr.py +#usr/lib/python3.8/site-packages/samba/third_party +usr/lib/python3.8/site-packages/samba/third_party/__init__.py +usr/lib/python3.8/site-packages/samba/third_party/iso8601 +usr/lib/python3.8/site-packages/samba/third_party/iso8601/__init__.py +usr/lib/python3.8/site-packages/samba/third_party/iso8601/iso8601.py +usr/lib/python3.8/site-packages/samba/third_party/iso8601/test_iso8601.py +usr/lib/python3.8/site-packages/samba/upgrade.py +usr/lib/python3.8/site-packages/samba/upgradehelpers.py +usr/lib/python3.8/site-packages/samba/uptodateness.py +usr/lib/python3.8/site-packages/samba/werror.cpython-38-i386-linux-gnu.so +usr/lib/python3.8/site-packages/samba/xattr.py +usr/lib/python3.8/site-packages/samba/xattr_native.cpython-38-i386-linux-gnu.so +usr/lib/python3.8/site-packages/samba/xattr_tdb.cpython-38-i386-linux-gnu.so +usr/lib/python3.8/site-packages/talloc.cpython-38-i386-linux-gnu.so +usr/lib/python3.8/site-packages/tdb.cpython-38-i386-linux-gnu.so +usr/lib/python3.8/site-packages/tevent.py +#usr/lib/samba +usr/lib/samba/idmap +usr/lib/samba/idmap/ad.so +usr/lib/samba/idmap/autorid.so +usr/lib/samba/idmap/hash.so +usr/lib/samba/idmap/rfc2307.so +usr/lib/samba/idmap/rid.so +usr/lib/samba/idmap/script.so +usr/lib/samba/idmap/tdb2.so +#usr/lib/samba/krb5 +usr/lib/samba/krb5/winbind_krb5_locator.so +#usr/lib/samba/ldb +usr/lib/samba/ldb/asq.so +usr/lib/samba/ldb/ildap.so +usr/lib/samba/ldb/ldb.so +usr/lib/samba/ldb/ldbsamba_extensions.so +usr/lib/samba/ldb/paged_searches.so +usr/lib/samba/ldb/rdn_name.so +usr/lib/samba/ldb/sample.so +usr/lib/samba/ldb/server_sort.so +usr/lib/samba/ldb/skel.so +usr/lib/samba/ldb/tdb.so +usr/lib/samba/libCHARSET3-samba4.so +usr/lib/samba/libLIBWBCLIENT-OLD-samba4.so +usr/lib/samba/libMESSAGING-SEND-samba4.so +usr/lib/samba/libMESSAGING-samba4.so +usr/lib/samba/libaddns-samba4.so +usr/lib/samba/libads-samba4.so +usr/lib/samba/libasn1-samba4.so.8 +usr/lib/samba/libasn1-samba4.so.8.0.0 +usr/lib/samba/libasn1util-samba4.so +usr/lib/samba/libauth-samba4.so +usr/lib/samba/libauth-unix-token-samba4.so +usr/lib/samba/libauth4-samba4.so +usr/lib/samba/libauthkrb5-samba4.so +usr/lib/samba/libcli-cldap-samba4.so +usr/lib/samba/libcli-ldap-common-samba4.so +usr/lib/samba/libcli-ldap-samba4.so +usr/lib/samba/libcli-nbt-samba4.so +usr/lib/samba/libcli-smb-common-samba4.so +usr/lib/samba/libcli-spoolss-samba4.so +usr/lib/samba/libcliauth-samba4.so +usr/lib/samba/libclidns-samba4.so +usr/lib/samba/libcluster-samba4.so +usr/lib/samba/libcmdline-contexts-samba4.so +usr/lib/samba/libcmdline-credentials-samba4.so +usr/lib/samba/libcmocka-samba4.so +usr/lib/samba/libcom_err-samba4.so.0 +usr/lib/samba/libcom_err-samba4.so.0.25 +usr/lib/samba/libcommon-auth-samba4.so +usr/lib/samba/libdbwrap-samba4.so +usr/lib/samba/libdcerpc-samba-samba4.so +usr/lib/samba/libdcerpc-samba4.so +usr/lib/samba/libdsdb-module-samba4.so +usr/lib/samba/libevents-samba4.so +usr/lib/samba/libflag-mapping-samba4.so +usr/lib/samba/libgenrand-samba4.so +usr/lib/samba/libgensec-samba4.so +usr/lib/samba/libgpext-samba4.so +usr/lib/samba/libgpo-samba4.so +usr/lib/samba/libgse-samba4.so +usr/lib/samba/libgssapi-samba4.so.2 +usr/lib/samba/libgssapi-samba4.so.2.0.0 +usr/lib/samba/libhcrypto-samba4.so.5 +usr/lib/samba/libhcrypto-samba4.so.5.0.1 +usr/lib/samba/libhdb-samba4.so.11 +usr/lib/samba/libhdb-samba4.so.11.0.2 +usr/lib/samba/libheimbase-samba4.so.1 +usr/lib/samba/libheimbase-samba4.so.1.0.0 +usr/lib/samba/libheimntlm-samba4.so.1 +usr/lib/samba/libheimntlm-samba4.so.1.0.1 +usr/lib/samba/libhttp-samba4.so +usr/lib/samba/libhx509-samba4.so.5 +usr/lib/samba/libhx509-samba4.so.5.0.0 +usr/lib/samba/libidmap-samba4.so +usr/lib/samba/libinterfaces-samba4.so +usr/lib/samba/libiov-buf-samba4.so +usr/lib/samba/libkdc-samba4.so.2 +usr/lib/samba/libkdc-samba4.so.2.0.0 +usr/lib/samba/libkrb5-samba4.so.26 +usr/lib/samba/libkrb5-samba4.so.26.0.0 +usr/lib/samba/libkrb5samba-samba4.so +usr/lib/samba/libldb-cmdline-samba4.so +usr/lib/samba/libldb-key-value-samba4.so +usr/lib/samba/libldb-tdb-err-map-samba4.so +usr/lib/samba/libldb-tdb-int-samba4.so +usr/lib/samba/libldb.so.2 +usr/lib/samba/libldb.so.2.2.0 +usr/lib/samba/libldbsamba-samba4.so +usr/lib/samba/liblibcli-lsa3-samba4.so +usr/lib/samba/liblibcli-netlogon3-samba4.so +usr/lib/samba/liblibsmb-samba4.so +usr/lib/samba/libmessages-dgm-samba4.so +usr/lib/samba/libmessages-util-samba4.so +usr/lib/samba/libmsghdr-samba4.so +usr/lib/samba/libmsrpc3-samba4.so +usr/lib/samba/libndr-samba-samba4.so +usr/lib/samba/libndr-samba4.so +usr/lib/samba/libnet-keytab-samba4.so +usr/lib/samba/libnetif-samba4.so +usr/lib/samba/libnpa-tstream-samba4.so +usr/lib/samba/libnss-info-samba4.so +usr/lib/samba/libpopt-samba3-cmdline-samba4.so +usr/lib/samba/libpopt-samba3-samba4.so +usr/lib/samba/libposix-eadb-samba4.so +usr/lib/samba/libprinter-driver-samba4.so +usr/lib/samba/libprinting-migrate-samba4.so +usr/lib/samba/libpyldb-util.cpython-38-i386-linux-gnu.so.2 +usr/lib/samba/libpyldb-util.cpython-38-i386-linux-gnu.so.2.2.0 +usr/lib/samba/libpytalloc-util.cpython-38-i386-linux-gnu.so.2 +usr/lib/samba/libpytalloc-util.cpython-38-i386-linux-gnu.so.2.3.1 +usr/lib/samba/libregistry-samba4.so +usr/lib/samba/libreplace-samba4.so +usr/lib/samba/libroken-samba4.so.19 +usr/lib/samba/libroken-samba4.so.19.0.1 +usr/lib/samba/libsamba-cluster-support-samba4.so +usr/lib/samba/libsamba-debug-samba4.so +usr/lib/samba/libsamba-modules-samba4.so +usr/lib/samba/libsamba-net.cpython-38-i386-linux-gnu-samba4.so +usr/lib/samba/libsamba-python.cpython-38-i386-linux-gnu-samba4.so +usr/lib/samba/libsamba-security-samba4.so +usr/lib/samba/libsamba-sockets-samba4.so +usr/lib/samba/libsamba3-util-samba4.so +usr/lib/samba/libsamdb-common-samba4.so +usr/lib/samba/libsecrets3-samba4.so +usr/lib/samba/libserver-id-db-samba4.so +usr/lib/samba/libserver-role-samba4.so +usr/lib/samba/libshares-samba4.so +usr/lib/samba/libsmb-transport-samba4.so +usr/lib/samba/libsmbclient-raw-samba4.so +usr/lib/samba/libsmbd-base-samba4.so +usr/lib/samba/libsmbd-conn-samba4.so +usr/lib/samba/libsmbd-shim-samba4.so +usr/lib/samba/libsmbldaphelper-samba4.so +usr/lib/samba/libsmbpasswdparser-samba4.so +usr/lib/samba/libsocket-blocking-samba4.so +usr/lib/samba/libsys-rw-samba4.so +usr/lib/samba/libtalloc-report-printf-samba4.so +usr/lib/samba/libtalloc-report-samba4.so +usr/lib/samba/libtalloc.so.2 +usr/lib/samba/libtalloc.so.2.3.1 +usr/lib/samba/libtdb-wrap-samba4.so +usr/lib/samba/libtdb.so.1 +usr/lib/samba/libtdb.so.1.4.3 +usr/lib/samba/libtevent.so.0 +usr/lib/samba/libtevent.so.0.10.2 +usr/lib/samba/libtime-basic-samba4.so +usr/lib/samba/libtorture-samba4.so +usr/lib/samba/libtrusts-util-samba4.so +usr/lib/samba/libutil-cmdline-samba4.so +usr/lib/samba/libutil-reg-samba4.so +usr/lib/samba/libutil-setid-samba4.so +usr/lib/samba/libutil-tdb-samba4.so +usr/lib/samba/libwinbind-client-samba4.so +usr/lib/samba/libwind-samba4.so.0 +usr/lib/samba/libwind-samba4.so.0.0.0 +usr/lib/samba/libxattr-tdb-samba4.so +usr/lib/samba/nss_info +usr/lib/samba/nss_info/hash.so +usr/lib/samba/nss_info/rfc2307.so +usr/lib/samba/nss_info/sfu.so +usr/lib/samba/nss_info/sfu20.so +#usr/lib/samba/vfs +usr/lib/samba/vfs/acl_tdb.so +usr/lib/samba/vfs/acl_xattr.so +usr/lib/samba/vfs/aio_fork.so +usr/lib/samba/vfs/aio_pthread.so +usr/lib/samba/vfs/audit.so +usr/lib/samba/vfs/btrfs.so +usr/lib/samba/vfs/cap.so +usr/lib/samba/vfs/catia.so +usr/lib/samba/vfs/commit.so +usr/lib/samba/vfs/crossrename.so +usr/lib/samba/vfs/default_quota.so +usr/lib/samba/vfs/dirsort.so +usr/lib/samba/vfs/expand_msdfs.so +usr/lib/samba/vfs/extd_audit.so +usr/lib/samba/vfs/fake_perms.so +usr/lib/samba/vfs/fileid.so +usr/lib/samba/vfs/fruit.so +usr/lib/samba/vfs/full_audit.so +usr/lib/samba/vfs/glusterfs_fuse.so +usr/lib/samba/vfs/gpfs.so +usr/lib/samba/vfs/linux_xfs_sgid.so +usr/lib/samba/vfs/media_harmony.so +usr/lib/samba/vfs/offline.so +usr/lib/samba/vfs/preopen.so +usr/lib/samba/vfs/readahead.so +usr/lib/samba/vfs/readonly.so +usr/lib/samba/vfs/recycle.so +usr/lib/samba/vfs/shadow_copy.so +usr/lib/samba/vfs/shadow_copy2.so +usr/lib/samba/vfs/shell_snap.so +usr/lib/samba/vfs/snapper.so +usr/lib/samba/vfs/streams_depot.so +usr/lib/samba/vfs/streams_xattr.so +usr/lib/samba/vfs/syncops.so +usr/lib/samba/vfs/time_audit.so +usr/lib/samba/vfs/unityed_media.so +usr/lib/samba/vfs/virusfilter.so +usr/lib/samba/vfs/widelinks.so +usr/lib/samba/vfs/worm.so +usr/lib/samba/vfs/xattr_tdb.so +usr/lib/security +usr/lib/security/pam_winbind.so +#usr/libexec/samba +usr/libexec/samba/smbspool_krb5_wrapper +usr/sbin/eventlogadm +usr/sbin/nmbd +usr/sbin/samba-gpupdate +usr/sbin/smbd +usr/sbin/winbindd +var/ipfire/backup/addons/includes/samba +#var/ipfire/samba +var/ipfire/samba/default.global +var/ipfire/samba/default.pdc +var/ipfire/samba/default.printer +var/ipfire/samba/default.settings +var/ipfire/samba/default.shares +var/ipfire/samba/global +var/ipfire/samba/pdc +var/ipfire/samba/printer +#var/ipfire/samba/private +var/ipfire/samba/private/secrets.tdb +var/ipfire/samba/private/smbpasswd +var/ipfire/samba/settings +var/ipfire/samba/shares +var/ipfire/samba/smb.conf +var/ipfire/samba/smb.conf.default +var/lib/samba +var/lib/samba/bind-dns +var/lib/samba/private +var/lib/samba/winbindd_privileged +var/log/samba +var/nmbd +srv/web/ipfire/cgi-bin/samba.cgi +srv/web/ipfire/cgi-bin/sambahlp.cgi +var/ipfire/menu.d/EX-samba.menu +usr/local/bin/sambactrl diff --git a/config/rootfiles/packages/samba b/config/rootfiles/packages/samba deleted file mode 100644 index aafa112ac..000000000 --- a/config/rootfiles/packages/samba +++ /dev/null @@ -1,229 +0,0 @@ -usr/bin/eventlogadm -usr/bin/findsmb -usr/bin/net -usr/bin/nmblookup -usr/bin/ntlm_auth -usr/bin/pdbedit -usr/bin/profiles -usr/bin/rpcclient -usr/bin/sharesec -usr/bin/smbcacls -usr/bin/smbclient -usr/bin/smbcontrol -usr/bin/smbcquotas -usr/bin/smbget -usr/bin/smbpasswd -usr/bin/smbspool -usr/bin/smbstatus -usr/bin/smbta-util -usr/bin/smbtar -usr/bin/smbtree -usr/bin/tdbbackup -usr/bin/tdbdump -usr/bin/tdbrestore -usr/bin/tdbtool -usr/bin/testparm -usr/bin/wbinfo -#usr/include/libsmbclient.h -#usr/include/netapi.h -#usr/include/smb_share_modes.h -#usr/include/talloc.h -#usr/include/tdb.h -#usr/include/tevent.h -#usr/include/tevent_internal.h -#usr/include/wbclient.h -usr/lib/libnetapi.so -usr/lib/libnetapi.so.0 -usr/lib/libsmbclient.so -usr/lib/libsmbclient.so.0 -usr/lib/libsmbsharemodes.so -usr/lib/libsmbsharemodes.so.0 -usr/lib/libtalloc.so -usr/lib/libtalloc.so.2 -usr/lib/libtalloc.so.2.0.5 -usr/lib/libtdb.so -usr/lib/libtdb.so.1 -usr/lib/libtdb.so.1.2.9 -usr/lib/libtevent.so -usr/lib/libtevent.so.0 -usr/lib/libtevent.so.0.9.11 -usr/lib/libwbclient.so -usr/lib/libwbclient.so.0 -#usr/lib/samba -#usr/lib/samba/auth -usr/lib/samba/auth/script.so -#usr/lib/samba/charset -usr/lib/samba/charset/CP437.so -usr/lib/samba/charset/CP850.so -usr/lib/samba/gpext -usr/lib/samba/idmap -usr/lib/samba/idmap/autorid.so -usr/lib/samba/lowcase.dat -usr/lib/samba/nss_info -usr/lib/samba/pdb -usr/lib/samba/perfcount -usr/lib/samba/upcase.dat -usr/lib/samba/valid.dat -#usr/lib/samba/vfs -usr/lib/samba/vfs/acl_tdb.so -usr/lib/samba/vfs/acl_xattr.so -usr/lib/samba/vfs/audit.so -usr/lib/samba/vfs/cap.so -usr/lib/samba/vfs/catia.so -usr/lib/samba/vfs/crossrename.so -usr/lib/samba/vfs/default_quota.so -usr/lib/samba/vfs/dirsort.so -usr/lib/samba/vfs/expand_msdfs.so -usr/lib/samba/vfs/extd_audit.so -usr/lib/samba/vfs/fake_perms.so -usr/lib/samba/vfs/fileid.so -usr/lib/samba/vfs/full_audit.so -usr/lib/samba/vfs/linux_xfs_sgid.so -usr/lib/samba/vfs/netatalk.so -usr/lib/samba/vfs/preopen.so -usr/lib/samba/vfs/readahead.so -usr/lib/samba/vfs/readonly.so -usr/lib/samba/vfs/recycle.so -usr/lib/samba/vfs/scannedonly.so -usr/lib/samba/vfs/shadow_copy.so -usr/lib/samba/vfs/shadow_copy2.so -usr/lib/samba/vfs/smb_traffic_analyzer.so -usr/lib/samba/vfs/streams_depot.so -usr/lib/samba/vfs/streams_xattr.so -usr/lib/samba/vfs/syncops.so -usr/lib/samba/vfs/time_audit.so -usr/lib/samba/vfs/xattr_tdb.so -usr/lib/security -usr/lib/security/pam_smbpass.so -usr/lib/security/pam_winbind.so -usr/sbin/nmbd -usr/sbin/smbd -usr/sbin/winbindd -#usr/share/locale/ar/LC_MESSAGES/pam_winbind.mo -#usr/share/locale/cs/LC_MESSAGES/pam_winbind.mo -#usr/share/locale/da/LC_MESSAGES/pam_winbind.mo -#usr/share/locale/de/LC_MESSAGES/net.mo -#usr/share/locale/de/LC_MESSAGES/pam_winbind.mo -#usr/share/locale/es/LC_MESSAGES/pam_winbind.mo -#usr/share/locale/fi/LC_MESSAGES/pam_winbind.mo -#usr/share/locale/fr/LC_MESSAGES/pam_winbind.mo -#usr/share/locale/hu/LC_MESSAGES/pam_winbind.mo -#usr/share/locale/it/LC_MESSAGES/pam_winbind.mo -#usr/share/locale/ja/LC_MESSAGES/pam_winbind.mo -#usr/share/locale/ko/LC_MESSAGES/pam_winbind.mo -#usr/share/locale/nb/LC_MESSAGES/pam_winbind.mo -#usr/share/locale/nl/LC_MESSAGES/pam_winbind.mo -#usr/share/locale/pl/LC_MESSAGES/pam_winbind.mo -#usr/share/locale/pt_BR/LC_MESSAGES/pam_winbind.mo -#usr/share/locale/ru/LC_MESSAGES/pam_winbind.mo -#usr/share/locale/sv/LC_MESSAGES/pam_winbind.mo -#usr/share/locale/zh_CN/LC_MESSAGES/pam_winbind.mo -#usr/share/locale/zh_TW/LC_MESSAGES/pam_winbind.mo -#usr/share/man/man1/dbwrap_tool.1 -#usr/share/man/man1/findsmb.1 -#usr/share/man/man1/log2pcap.1 -#usr/share/man/man1/nmblookup.1 -#usr/share/man/man1/ntlm_auth.1 -#usr/share/man/man1/profiles.1 -#usr/share/man/man1/rpcclient.1 -#usr/share/man/man1/sharesec.1 -#usr/share/man/man1/smbcacls.1 -#usr/share/man/man1/smbclient.1 -#usr/share/man/man1/smbcontrol.1 -#usr/share/man/man1/smbcquotas.1 -#usr/share/man/man1/smbget.1 -#usr/share/man/man1/smbstatus.1 -#usr/share/man/man1/smbtar.1 -#usr/share/man/man1/smbtree.1 -#usr/share/man/man1/testparm.1 -#usr/share/man/man1/vfstest.1 -#usr/share/man/man1/wbinfo.1 -#usr/share/man/man5/lmhosts.5 -#usr/share/man/man5/pam_winbind.conf.5 -#usr/share/man/man5/smb.conf.5 -#usr/share/man/man5/smbgetrc.5 -#usr/share/man/man5/smbpasswd.5 -#usr/share/man/man7/libsmbclient.7 -#usr/share/man/man7/samba.7 -#usr/share/man/man7/winbind_krb5_locator.7 -#usr/share/man/man8/eventlogadm.8 -#usr/share/man/man8/idmap_ad.8 -#usr/share/man/man8/idmap_adex.8 -#usr/share/man/man8/idmap_autorid.8 -#usr/share/man/man8/idmap_hash.8 -#usr/share/man/man8/idmap_ldap.8 -#usr/share/man/man8/idmap_nss.8 -#usr/share/man/man8/idmap_rid.8 -#usr/share/man/man8/idmap_tdb.8 -#usr/share/man/man8/idmap_tdb2.8 -#usr/share/man/man8/net.8 -#usr/share/man/man8/nmbd.8 -#usr/share/man/man8/pam_winbind.8 -#usr/share/man/man8/pdbedit.8 -#usr/share/man/man8/smbd.8 -#usr/share/man/man8/smbpasswd.8 -#usr/share/man/man8/smbspool.8 -#usr/share/man/man8/smbta-util.8 -#usr/share/man/man8/swat.8 -#usr/share/man/man8/tdbbackup.8 -#usr/share/man/man8/tdbdump.8 -#usr/share/man/man8/tdbtool.8 -#usr/share/man/man8/vfs_acl_tdb.8 -#usr/share/man/man8/vfs_acl_xattr.8 -#usr/share/man/man8/vfs_aio_fork.8 -#usr/share/man/man8/vfs_aio_pthread.8 -#usr/share/man/man8/vfs_audit.8 -#usr/share/man/man8/vfs_cacheprime.8 -#usr/share/man/man8/vfs_cap.8 -#usr/share/man/man8/vfs_catia.8 -#usr/share/man/man8/vfs_commit.8 -#usr/share/man/man8/vfs_crossrename.8 -#usr/share/man/man8/vfs_default_quota.8 -#usr/share/man/man8/vfs_dirsort.8 -#usr/share/man/man8/vfs_extd_audit.8 -#usr/share/man/man8/vfs_fake_perms.8 -#usr/share/man/man8/vfs_fileid.8 -#usr/share/man/man8/vfs_full_audit.8 -#usr/share/man/man8/vfs_gpfs.8 -#usr/share/man/man8/vfs_netatalk.8 -#usr/share/man/man8/vfs_notify_fam.8 -#usr/share/man/man8/vfs_prealloc.8 -#usr/share/man/man8/vfs_preopen.8 -#usr/share/man/man8/vfs_readahead.8 -#usr/share/man/man8/vfs_readonly.8 -#usr/share/man/man8/vfs_recycle.8 -#usr/share/man/man8/vfs_scannedonly.8 -#usr/share/man/man8/vfs_shadow_copy.8 -#usr/share/man/man8/vfs_shadow_copy2.8 -#usr/share/man/man8/vfs_smb_traffic_analyzer.8 -#usr/share/man/man8/vfs_streams_depot.8 -#usr/share/man/man8/vfs_streams_xattr.8 -#usr/share/man/man8/vfs_time_audit.8 -#usr/share/man/man8/vfs_xattr_tdb.8 -#usr/share/man/man8/winbindd.8 -var/ipfire/backup/addons/includes/samba -#var/ipfire/samba -var/ipfire/samba/default.global -var/ipfire/samba/default.pdc -var/ipfire/samba/default.printer -var/ipfire/samba/default.settings -var/ipfire/samba/default.shares -var/ipfire/samba/global -var/ipfire/samba/pdc -var/ipfire/samba/printer -#var/ipfire/samba/private -var/ipfire/samba/private/secrets.tdb -var/ipfire/samba/private/smbpasswd -var/ipfire/samba/settings -var/ipfire/samba/shares -var/ipfire/samba/smb.conf -var/ipfire/samba/smb.conf.default -var/lib/samba -var/lib/samba/winbindd_privileged -var/log/samba -var/nmbd -etc/rc.d/init.d/samba -srv/web/ipfire/cgi-bin/samba.cgi -srv/web/ipfire/cgi-bin/sambahlp.cgi -var/ipfire/menu.d/EX-samba.menu -usr/local/bin/sambactrl diff --git a/config/rootfiles/packages/x86_64/samba b/config/rootfiles/packages/x86_64/samba new file mode 100644 index 000000000..ff2b7d5c3 --- /dev/null +++ b/config/rootfiles/packages/x86_64/samba @@ -0,0 +1,820 @@ +etc/rc.d/init.d/samba +usr/bin/cifsdd +usr/bin/dbwrap_tool +usr/bin/findsmb +usr/bin/gentest +usr/bin/ldbadd +usr/bin/ldbdel +usr/bin/ldbedit +usr/bin/ldbmodify +usr/bin/ldbrename +usr/bin/ldbsearch +usr/bin/locktest +usr/bin/masktest +usr/bin/mdfind +usr/bin/mvxattr +usr/bin/ndrdump +usr/bin/net +usr/bin/nmblookup +usr/bin/ntlm_auth +usr/bin/oLschema2ldif +usr/bin/pdbedit +usr/bin/profiles +usr/bin/regdiff +usr/bin/regpatch +usr/bin/regshell +usr/bin/regtree +usr/bin/rpcclient +usr/bin/samba-regedit +usr/bin/sharesec +usr/bin/smbcacls +usr/bin/smbclient +usr/bin/smbcontrol +usr/bin/smbcquotas +usr/bin/smbget +usr/bin/smbpasswd +usr/bin/smbspool +usr/bin/smbstatus +usr/bin/smbtar +usr/bin/smbtorture +usr/bin/smbtree +usr/bin/tdbbackup +usr/bin/tdbdump +usr/bin/tdbrestore +usr/bin/tdbtool +usr/bin/testparm +usr/bin/wbinfo +#usr/include/samba-4.0 +#usr/include/samba-4.0/charset.h +#usr/include/samba-4.0/core +#usr/include/samba-4.0/core/doserr.h +#usr/include/samba-4.0/core/error.h +#usr/include/samba-4.0/core/hresult.h +#usr/include/samba-4.0/core/ntstatus.h +#usr/include/samba-4.0/core/ntstatus_gen.h +#usr/include/samba-4.0/core/werror.h +#usr/include/samba-4.0/core/werror_gen.h +#usr/include/samba-4.0/credentials.h +#usr/include/samba-4.0/dcerpc.h +#usr/include/samba-4.0/dcesrv_core.h +#usr/include/samba-4.0/domain_credentials.h +#usr/include/samba-4.0/gen_ndr +#usr/include/samba-4.0/gen_ndr/atsvc.h +#usr/include/samba-4.0/gen_ndr/auth.h +#usr/include/samba-4.0/gen_ndr/dcerpc.h +#usr/include/samba-4.0/gen_ndr/drsblobs.h +#usr/include/samba-4.0/gen_ndr/drsuapi.h +#usr/include/samba-4.0/gen_ndr/krb5pac.h +#usr/include/samba-4.0/gen_ndr/lsa.h +#usr/include/samba-4.0/gen_ndr/misc.h +#usr/include/samba-4.0/gen_ndr/nbt.h +#usr/include/samba-4.0/gen_ndr/ndr_atsvc.h +#usr/include/samba-4.0/gen_ndr/ndr_dcerpc.h +#usr/include/samba-4.0/gen_ndr/ndr_drsblobs.h +#usr/include/samba-4.0/gen_ndr/ndr_drsuapi.h +#usr/include/samba-4.0/gen_ndr/ndr_krb5pac.h +#usr/include/samba-4.0/gen_ndr/ndr_misc.h +#usr/include/samba-4.0/gen_ndr/ndr_nbt.h +#usr/include/samba-4.0/gen_ndr/ndr_samr.h +#usr/include/samba-4.0/gen_ndr/ndr_samr_c.h +#usr/include/samba-4.0/gen_ndr/ndr_svcctl.h +#usr/include/samba-4.0/gen_ndr/ndr_svcctl_c.h +#usr/include/samba-4.0/gen_ndr/netlogon.h +#usr/include/samba-4.0/gen_ndr/samr.h +#usr/include/samba-4.0/gen_ndr/security.h +#usr/include/samba-4.0/gen_ndr/server_id.h +#usr/include/samba-4.0/gen_ndr/svcctl.h +#usr/include/samba-4.0/ldb_wrap.h +#usr/include/samba-4.0/libsmbclient.h +#usr/include/samba-4.0/lookup_sid.h +#usr/include/samba-4.0/machine_sid.h +#usr/include/samba-4.0/ndr +#usr/include/samba-4.0/ndr.h +#usr/include/samba-4.0/ndr/ndr_dcerpc.h +#usr/include/samba-4.0/ndr/ndr_drsblobs.h +#usr/include/samba-4.0/ndr/ndr_drsuapi.h +#usr/include/samba-4.0/ndr/ndr_krb5pac.h +#usr/include/samba-4.0/ndr/ndr_nbt.h +#usr/include/samba-4.0/ndr/ndr_svcctl.h +#usr/include/samba-4.0/netapi.h +#usr/include/samba-4.0/param.h +#usr/include/samba-4.0/passdb.h +#usr/include/samba-4.0/policy.h +#usr/include/samba-4.0/rpc_common.h +#usr/include/samba-4.0/samba +#usr/include/samba-4.0/samba/session.h +#usr/include/samba-4.0/samba/version.h +#usr/include/samba-4.0/share.h +#usr/include/samba-4.0/smb2_lease_struct.h +#usr/include/samba-4.0/smb_ldap.h +#usr/include/samba-4.0/smbconf.h +#usr/include/samba-4.0/smbldap.h +#usr/include/samba-4.0/tdr.h +#usr/include/samba-4.0/tsocket.h +#usr/include/samba-4.0/tsocket_internal.h +#usr/include/samba-4.0/util +#usr/include/samba-4.0/util/attr.h +#usr/include/samba-4.0/util/blocking.h +#usr/include/samba-4.0/util/data_blob.h +#usr/include/samba-4.0/util/debug.h +#usr/include/samba-4.0/util/discard.h +#usr/include/samba-4.0/util/fault.h +#usr/include/samba-4.0/util/genrand.h +#usr/include/samba-4.0/util/idtree.h +#usr/include/samba-4.0/util/idtree_random.h +#usr/include/samba-4.0/util/signal.h +#usr/include/samba-4.0/util/string_wrappers.h +#usr/include/samba-4.0/util/substitute.h +#usr/include/samba-4.0/util/tevent_ntstatus.h +#usr/include/samba-4.0/util/tevent_unix.h +#usr/include/samba-4.0/util/tevent_werror.h +#usr/include/samba-4.0/util/tfork.h +#usr/include/samba-4.0/util/time.h +#usr/include/samba-4.0/util_ldb.h +#usr/include/samba-4.0/wbclient.h +usr/lib/libdcerpc-binding.so +usr/lib/libdcerpc-binding.so.0 +usr/lib/libdcerpc-binding.so.0.0.1 +usr/lib/libdcerpc-samr.so +usr/lib/libdcerpc-samr.so.0 +usr/lib/libdcerpc-samr.so.0.0.1 +usr/lib/libdcerpc-server-core.so +usr/lib/libdcerpc-server-core.so.0 +usr/lib/libdcerpc-server-core.so.0.0.1 +usr/lib/libdcerpc.so +usr/lib/libdcerpc.so.0 +usr/lib/libdcerpc.so.0.0.1 +usr/lib/libndr-krb5pac.so +usr/lib/libndr-krb5pac.so.0 +usr/lib/libndr-krb5pac.so.0.0.1 +usr/lib/libndr-nbt.so +usr/lib/libndr-nbt.so.0 +usr/lib/libndr-nbt.so.0.0.1 +usr/lib/libndr-standard.so +usr/lib/libndr-standard.so.0 +usr/lib/libndr-standard.so.0.0.1 +usr/lib/libndr.so +usr/lib/libndr.so.1 +usr/lib/libndr.so.1.0.0 +usr/lib/libnetapi.so +usr/lib/libnetapi.so.0 +usr/lib/libnss_winbind.so +usr/lib/libnss_winbind.so.2 +usr/lib/libnss_wins.so +usr/lib/libnss_wins.so.2 +usr/lib/libsamba-credentials.so +usr/lib/libsamba-credentials.so.0 +usr/lib/libsamba-credentials.so.0.0.1 +usr/lib/libsamba-errors.so +usr/lib/libsamba-errors.so.1 +usr/lib/libsamba-hostconfig.so +usr/lib/libsamba-hostconfig.so.0 +usr/lib/libsamba-hostconfig.so.0.0.1 +usr/lib/libsamba-passdb.so +usr/lib/libsamba-passdb.so.0 +usr/lib/libsamba-passdb.so.0.28.0 +usr/lib/libsamba-policy.cpython-38-x86-64-linux-gnu.so +usr/lib/libsamba-policy.cpython-38-x86-64-linux-gnu.so.0 +usr/lib/libsamba-policy.cpython-38-x86-64-linux-gnu.so.0.0.1 +usr/lib/libsamba-util.so +usr/lib/libsamba-util.so.0 +usr/lib/libsamba-util.so.0.0.1 +usr/lib/libsamdb.so +usr/lib/libsamdb.so.0 +usr/lib/libsamdb.so.0.0.1 +usr/lib/libsmbclient.so +usr/lib/libsmbclient.so.0 +usr/lib/libsmbclient.so.0.6.0 +usr/lib/libsmbconf.so +usr/lib/libsmbconf.so.0 +usr/lib/libsmbldap.so +usr/lib/libsmbldap.so.2 +usr/lib/libtevent-util.so +usr/lib/libtevent-util.so.0 +usr/lib/libtevent-util.so.0.0.1 +usr/lib/libwbclient.so +usr/lib/libwbclient.so.0 +usr/lib/libwbclient.so.0.15 +#usr/lib/pkgconfig/dcerpc.pc +#usr/lib/pkgconfig/dcerpc_samr.pc +#usr/lib/pkgconfig/ndr.pc +#usr/lib/pkgconfig/ndr_krb5pac.pc +#usr/lib/pkgconfig/ndr_nbt.pc +#usr/lib/pkgconfig/ndr_standard.pc +#usr/lib/pkgconfig/netapi.pc +#usr/lib/pkgconfig/samba-credentials.pc +#usr/lib/pkgconfig/samba-hostconfig.pc +#usr/lib/pkgconfig/samba-policy.cpython-38-x86_64-linux-gnu.pc +#usr/lib/pkgconfig/samba-util.pc +#usr/lib/pkgconfig/samdb.pc +#usr/lib/pkgconfig/smbclient.pc +#usr/lib/pkgconfig/wbclient.pc +usr/lib/python3.8/site-packages/_ldb_text.py +usr/lib/python3.8/site-packages/_tdb_text.py +usr/lib/python3.8/site-packages/_tevent.cpython-38-x86_64-linux-gnu.so +usr/lib/python3.8/site-packages/ldb.cpython-38-x86_64-linux-gnu.so +#usr/lib/python3.8/site-packages/samba +usr/lib/python3.8/site-packages/samba/__init__.py +usr/lib/python3.8/site-packages/samba/_glue.cpython-38-x86_64-linux-gnu.so +usr/lib/python3.8/site-packages/samba/_ldb.cpython-38-x86_64-linux-gnu.so +usr/lib/python3.8/site-packages/samba/auth.cpython-38-x86_64-linux-gnu.so +usr/lib/python3.8/site-packages/samba/auth_util.py +usr/lib/python3.8/site-packages/samba/colour.py +usr/lib/python3.8/site-packages/samba/common.py +usr/lib/python3.8/site-packages/samba/compat.py +usr/lib/python3.8/site-packages/samba/credentials.cpython-38-x86_64-linux-gnu.so +usr/lib/python3.8/site-packages/samba/crypto.cpython-38-x86_64-linux-gnu.so +usr/lib/python3.8/site-packages/samba/dbchecker.py +#usr/lib/python3.8/site-packages/samba/dcerpc +usr/lib/python3.8/site-packages/samba/dcerpc/__init__.py +usr/lib/python3.8/site-packages/samba/dcerpc/atsvc.cpython-38-x86_64-linux-gnu.so +usr/lib/python3.8/site-packages/samba/dcerpc/auth.cpython-38-x86_64-linux-gnu.so +usr/lib/python3.8/site-packages/samba/dcerpc/base.cpython-38-x86_64-linux-gnu.so +usr/lib/python3.8/site-packages/samba/dcerpc/dcerpc.cpython-38-x86_64-linux-gnu.so +usr/lib/python3.8/site-packages/samba/dcerpc/dfs.cpython-38-x86_64-linux-gnu.so +usr/lib/python3.8/site-packages/samba/dcerpc/dns.cpython-38-x86_64-linux-gnu.so +usr/lib/python3.8/site-packages/samba/dcerpc/dnsp.cpython-38-x86_64-linux-gnu.so +usr/lib/python3.8/site-packages/samba/dcerpc/dnsserver.cpython-38-x86_64-linux-gnu.so +usr/lib/python3.8/site-packages/samba/dcerpc/drsblobs.cpython-38-x86_64-linux-gnu.so +usr/lib/python3.8/site-packages/samba/dcerpc/drsuapi.cpython-38-x86_64-linux-gnu.so +usr/lib/python3.8/site-packages/samba/dcerpc/echo.cpython-38-x86_64-linux-gnu.so +usr/lib/python3.8/site-packages/samba/dcerpc/epmapper.cpython-38-x86_64-linux-gnu.so +usr/lib/python3.8/site-packages/samba/dcerpc/idmap.cpython-38-x86_64-linux-gnu.so +usr/lib/python3.8/site-packages/samba/dcerpc/initshutdown.cpython-38-x86_64-linux-gnu.so +usr/lib/python3.8/site-packages/samba/dcerpc/irpc.cpython-38-x86_64-linux-gnu.so +usr/lib/python3.8/site-packages/samba/dcerpc/krb5pac.cpython-38-x86_64-linux-gnu.so +usr/lib/python3.8/site-packages/samba/dcerpc/lsa.cpython-38-x86_64-linux-gnu.so +usr/lib/python3.8/site-packages/samba/dcerpc/mdssvc.cpython-38-x86_64-linux-gnu.so +usr/lib/python3.8/site-packages/samba/dcerpc/messaging.cpython-38-x86_64-linux-gnu.so +usr/lib/python3.8/site-packages/samba/dcerpc/mgmt.cpython-38-x86_64-linux-gnu.so +usr/lib/python3.8/site-packages/samba/dcerpc/misc.cpython-38-x86_64-linux-gnu.so +usr/lib/python3.8/site-packages/samba/dcerpc/nbt.cpython-38-x86_64-linux-gnu.so +usr/lib/python3.8/site-packages/samba/dcerpc/netlogon.cpython-38-x86_64-linux-gnu.so +usr/lib/python3.8/site-packages/samba/dcerpc/ntlmssp.cpython-38-x86_64-linux-gnu.so +usr/lib/python3.8/site-packages/samba/dcerpc/preg.cpython-38-x86_64-linux-gnu.so +usr/lib/python3.8/site-packages/samba/dcerpc/samr.cpython-38-x86_64-linux-gnu.so +usr/lib/python3.8/site-packages/samba/dcerpc/security.cpython-38-x86_64-linux-gnu.so +usr/lib/python3.8/site-packages/samba/dcerpc/server_id.cpython-38-x86_64-linux-gnu.so +usr/lib/python3.8/site-packages/samba/dcerpc/smb_acl.cpython-38-x86_64-linux-gnu.so +usr/lib/python3.8/site-packages/samba/dcerpc/spoolss.cpython-38-x86_64-linux-gnu.so +usr/lib/python3.8/site-packages/samba/dcerpc/srvsvc.cpython-38-x86_64-linux-gnu.so +usr/lib/python3.8/site-packages/samba/dcerpc/svcctl.cpython-38-x86_64-linux-gnu.so +usr/lib/python3.8/site-packages/samba/dcerpc/unixinfo.cpython-38-x86_64-linux-gnu.so +usr/lib/python3.8/site-packages/samba/dcerpc/winbind.cpython-38-x86_64-linux-gnu.so +usr/lib/python3.8/site-packages/samba/dcerpc/windows_event_ids.cpython-38-x86_64-linux-gnu.so +usr/lib/python3.8/site-packages/samba/dcerpc/winreg.cpython-38-x86_64-linux-gnu.so +usr/lib/python3.8/site-packages/samba/dcerpc/winspool.cpython-38-x86_64-linux-gnu.so +usr/lib/python3.8/site-packages/samba/dcerpc/witness.cpython-38-x86_64-linux-gnu.so +usr/lib/python3.8/site-packages/samba/dcerpc/wkssvc.cpython-38-x86_64-linux-gnu.so +usr/lib/python3.8/site-packages/samba/dcerpc/xattr.cpython-38-x86_64-linux-gnu.so +usr/lib/python3.8/site-packages/samba/descriptor.py +usr/lib/python3.8/site-packages/samba/dnsserver.py +usr/lib/python3.8/site-packages/samba/domain_update.py +usr/lib/python3.8/site-packages/samba/drs_utils.py +#usr/lib/python3.8/site-packages/samba/emulate +usr/lib/python3.8/site-packages/samba/emulate/__init__.py +usr/lib/python3.8/site-packages/samba/emulate/traffic.py +usr/lib/python3.8/site-packages/samba/emulate/traffic_packets.py +usr/lib/python3.8/site-packages/samba/forest_update.py +usr/lib/python3.8/site-packages/samba/gensec.cpython-38-x86_64-linux-gnu.so +usr/lib/python3.8/site-packages/samba/getopt.py +usr/lib/python3.8/site-packages/samba/gp_ext_loader.py +#usr/lib/python3.8/site-packages/samba/gp_parse +usr/lib/python3.8/site-packages/samba/gp_parse/__init__.py +usr/lib/python3.8/site-packages/samba/gp_parse/gp_aas.py +usr/lib/python3.8/site-packages/samba/gp_parse/gp_csv.py +usr/lib/python3.8/site-packages/samba/gp_parse/gp_inf.py +usr/lib/python3.8/site-packages/samba/gp_parse/gp_ini.py +usr/lib/python3.8/site-packages/samba/gp_parse/gp_pol.py +usr/lib/python3.8/site-packages/samba/gp_scripts_ext.py +usr/lib/python3.8/site-packages/samba/gp_sec_ext.py +usr/lib/python3.8/site-packages/samba/gpclass.py +usr/lib/python3.8/site-packages/samba/gpo.cpython-38-x86_64-linux-gnu.so +usr/lib/python3.8/site-packages/samba/graph.py +usr/lib/python3.8/site-packages/samba/hostconfig.py +usr/lib/python3.8/site-packages/samba/idmap.py +usr/lib/python3.8/site-packages/samba/join.py +#usr/lib/python3.8/site-packages/samba/kcc +usr/lib/python3.8/site-packages/samba/kcc/__init__.py +usr/lib/python3.8/site-packages/samba/kcc/debug.py +usr/lib/python3.8/site-packages/samba/kcc/graph.py +usr/lib/python3.8/site-packages/samba/kcc/graph_utils.py +usr/lib/python3.8/site-packages/samba/kcc/kcc_utils.py +usr/lib/python3.8/site-packages/samba/kcc/ldif_import_export.py +usr/lib/python3.8/site-packages/samba/logger.py +usr/lib/python3.8/site-packages/samba/mdb_util.py +usr/lib/python3.8/site-packages/samba/messaging.cpython-38-x86_64-linux-gnu.so +usr/lib/python3.8/site-packages/samba/ms_display_specifiers.py +usr/lib/python3.8/site-packages/samba/ms_forest_updates_markdown.py +usr/lib/python3.8/site-packages/samba/ms_schema.py +usr/lib/python3.8/site-packages/samba/ms_schema_markdown.py +usr/lib/python3.8/site-packages/samba/ndr.py +usr/lib/python3.8/site-packages/samba/net.cpython-38-x86_64-linux-gnu.so +usr/lib/python3.8/site-packages/samba/netbios.cpython-38-x86_64-linux-gnu.so +#usr/lib/python3.8/site-packages/samba/netcmd +usr/lib/python3.8/site-packages/samba/netcmd/__init__.py +usr/lib/python3.8/site-packages/samba/netcmd/common.py +usr/lib/python3.8/site-packages/samba/netcmd/computer.py +usr/lib/python3.8/site-packages/samba/netcmd/contact.py +usr/lib/python3.8/site-packages/samba/netcmd/dbcheck.py +usr/lib/python3.8/site-packages/samba/netcmd/delegation.py +usr/lib/python3.8/site-packages/samba/netcmd/dns.py +usr/lib/python3.8/site-packages/samba/netcmd/domain.py +usr/lib/python3.8/site-packages/samba/netcmd/domain_backup.py +usr/lib/python3.8/site-packages/samba/netcmd/drs.py +usr/lib/python3.8/site-packages/samba/netcmd/dsacl.py +usr/lib/python3.8/site-packages/samba/netcmd/forest.py +usr/lib/python3.8/site-packages/samba/netcmd/fsmo.py +usr/lib/python3.8/site-packages/samba/netcmd/gpo.py +usr/lib/python3.8/site-packages/samba/netcmd/group.py +usr/lib/python3.8/site-packages/samba/netcmd/ldapcmp.py +usr/lib/python3.8/site-packages/samba/netcmd/main.py +usr/lib/python3.8/site-packages/samba/netcmd/nettime.py +usr/lib/python3.8/site-packages/samba/netcmd/ntacl.py +usr/lib/python3.8/site-packages/samba/netcmd/ou.py +usr/lib/python3.8/site-packages/samba/netcmd/processes.py +usr/lib/python3.8/site-packages/samba/netcmd/pso.py +usr/lib/python3.8/site-packages/samba/netcmd/rodc.py +usr/lib/python3.8/site-packages/samba/netcmd/schema.py +usr/lib/python3.8/site-packages/samba/netcmd/sites.py +usr/lib/python3.8/site-packages/samba/netcmd/spn.py +usr/lib/python3.8/site-packages/samba/netcmd/testparm.py +usr/lib/python3.8/site-packages/samba/netcmd/user.py +usr/lib/python3.8/site-packages/samba/netcmd/visualize.py +usr/lib/python3.8/site-packages/samba/ntacls.py +usr/lib/python3.8/site-packages/samba/ntstatus.cpython-38-x86_64-linux-gnu.so +usr/lib/python3.8/site-packages/samba/param.cpython-38-x86_64-linux-gnu.so +usr/lib/python3.8/site-packages/samba/policy.cpython-38-x86_64-linux-gnu.so +usr/lib/python3.8/site-packages/samba/posix_eadb.cpython-38-x86_64-linux-gnu.so +#usr/lib/python3.8/site-packages/samba/provision +usr/lib/python3.8/site-packages/samba/provision/__init__.py +usr/lib/python3.8/site-packages/samba/provision/backend.py +usr/lib/python3.8/site-packages/samba/provision/common.py +usr/lib/python3.8/site-packages/samba/provision/kerberos.py +usr/lib/python3.8/site-packages/samba/provision/kerberos_implementation.py +usr/lib/python3.8/site-packages/samba/provision/sambadns.py +usr/lib/python3.8/site-packages/samba/registry.cpython-38-x86_64-linux-gnu.so +usr/lib/python3.8/site-packages/samba/remove_dc.py +#usr/lib/python3.8/site-packages/samba/samba3 +usr/lib/python3.8/site-packages/samba/samba3/__init__.py +usr/lib/python3.8/site-packages/samba/samba3/libsmb_samba_internal.cpython-38-x86_64-linux-gnu.so +usr/lib/python3.8/site-packages/samba/samba3/mdscli.cpython-38-x86_64-linux-gnu.so +usr/lib/python3.8/site-packages/samba/samba3/param.cpython-38-x86_64-linux-gnu.so +usr/lib/python3.8/site-packages/samba/samba3/passdb.cpython-38-x86_64-linux-gnu.so +usr/lib/python3.8/site-packages/samba/samba3/smbd.cpython-38-x86_64-linux-gnu.so +usr/lib/python3.8/site-packages/samba/samdb.py +usr/lib/python3.8/site-packages/samba/schema.py +usr/lib/python3.8/site-packages/samba/sd_utils.py +usr/lib/python3.8/site-packages/samba/security.cpython-38-x86_64-linux-gnu.so +usr/lib/python3.8/site-packages/samba/sites.py +usr/lib/python3.8/site-packages/samba/subnets.py +#usr/lib/python3.8/site-packages/samba/subunit +usr/lib/python3.8/site-packages/samba/subunit/__init__.py +usr/lib/python3.8/site-packages/samba/subunit/run.py +usr/lib/python3.8/site-packages/samba/tdb_util.py +#usr/lib/python3.8/site-packages/samba/tests +#usr/lib/python3.8/site-packages/samba/tests/__init__.py +#usr/lib/python3.8/site-packages/samba/tests/audit_log_base.py +#usr/lib/python3.8/site-packages/samba/tests/audit_log_dsdb.py +#usr/lib/python3.8/site-packages/samba/tests/audit_log_pass_change.py +#usr/lib/python3.8/site-packages/samba/tests/auth.py +#usr/lib/python3.8/site-packages/samba/tests/auth_log.py +#usr/lib/python3.8/site-packages/samba/tests/auth_log_base.py +#usr/lib/python3.8/site-packages/samba/tests/auth_log_ncalrpc.py +#usr/lib/python3.8/site-packages/samba/tests/auth_log_netlogon.py +#usr/lib/python3.8/site-packages/samba/tests/auth_log_netlogon_bad_creds.py +#usr/lib/python3.8/site-packages/samba/tests/auth_log_pass_change.py +#usr/lib/python3.8/site-packages/samba/tests/auth_log_samlogon.py +#usr/lib/python3.8/site-packages/samba/tests/auth_log_winbind.py +#usr/lib/python3.8/site-packages/samba/tests/blackbox +#usr/lib/python3.8/site-packages/samba/tests/blackbox/__init__.py +#usr/lib/python3.8/site-packages/samba/tests/blackbox/bug13653.py +#usr/lib/python3.8/site-packages/samba/tests/blackbox/check_output.py +#usr/lib/python3.8/site-packages/samba/tests/blackbox/downgradedatabase.py +#usr/lib/python3.8/site-packages/samba/tests/blackbox/mdfind.py +#usr/lib/python3.8/site-packages/samba/tests/blackbox/ndrdump.py +#usr/lib/python3.8/site-packages/samba/tests/blackbox/netads_json.py +#usr/lib/python3.8/site-packages/samba/tests/blackbox/samba_dnsupdate.py +#usr/lib/python3.8/site-packages/samba/tests/blackbox/smbcacls.py +#usr/lib/python3.8/site-packages/samba/tests/blackbox/smbcacls_basic.py +#usr/lib/python3.8/site-packages/samba/tests/blackbox/smbcontrol.py +#usr/lib/python3.8/site-packages/samba/tests/blackbox/smbcontrol_process.py +#usr/lib/python3.8/site-packages/samba/tests/blackbox/traffic_learner.py +#usr/lib/python3.8/site-packages/samba/tests/blackbox/traffic_replay.py +#usr/lib/python3.8/site-packages/samba/tests/blackbox/traffic_summary.py +#usr/lib/python3.8/site-packages/samba/tests/common.py +#usr/lib/python3.8/site-packages/samba/tests/complex_expressions.py +#usr/lib/python3.8/site-packages/samba/tests/core.py +#usr/lib/python3.8/site-packages/samba/tests/credentials.py +#usr/lib/python3.8/site-packages/samba/tests/dcerpc +#usr/lib/python3.8/site-packages/samba/tests/dcerpc/__init__.py +#usr/lib/python3.8/site-packages/samba/tests/dcerpc/array.py +#usr/lib/python3.8/site-packages/samba/tests/dcerpc/bare.py +#usr/lib/python3.8/site-packages/samba/tests/dcerpc/dnsserver.py +#usr/lib/python3.8/site-packages/samba/tests/dcerpc/integer.py +#usr/lib/python3.8/site-packages/samba/tests/dcerpc/mdssvc.py +#usr/lib/python3.8/site-packages/samba/tests/dcerpc/misc.py +#usr/lib/python3.8/site-packages/samba/tests/dcerpc/raw_protocol.py +#usr/lib/python3.8/site-packages/samba/tests/dcerpc/raw_testcase.py +#usr/lib/python3.8/site-packages/samba/tests/dcerpc/registry.py +#usr/lib/python3.8/site-packages/samba/tests/dcerpc/rpc_talloc.py +#usr/lib/python3.8/site-packages/samba/tests/dcerpc/rpcecho.py +#usr/lib/python3.8/site-packages/samba/tests/dcerpc/sam.py +#usr/lib/python3.8/site-packages/samba/tests/dcerpc/srvsvc.py +#usr/lib/python3.8/site-packages/samba/tests/dcerpc/string_tests.py +#usr/lib/python3.8/site-packages/samba/tests/dcerpc/testrpc.py +#usr/lib/python3.8/site-packages/samba/tests/dcerpc/unix.py +#usr/lib/python3.8/site-packages/samba/tests/dckeytab.py +#usr/lib/python3.8/site-packages/samba/tests/dns.py +#usr/lib/python3.8/site-packages/samba/tests/dns_base.py +#usr/lib/python3.8/site-packages/samba/tests/dns_forwarder.py +#usr/lib/python3.8/site-packages/samba/tests/dns_forwarder_helpers +#usr/lib/python3.8/site-packages/samba/tests/dns_forwarder_helpers/server.py +#usr/lib/python3.8/site-packages/samba/tests/dns_invalid.py +#usr/lib/python3.8/site-packages/samba/tests/dns_packet.py +#usr/lib/python3.8/site-packages/samba/tests/dns_tkey.py +#usr/lib/python3.8/site-packages/samba/tests/dns_wildcard.py +#usr/lib/python3.8/site-packages/samba/tests/docs.py +#usr/lib/python3.8/site-packages/samba/tests/domain_backup.py +#usr/lib/python3.8/site-packages/samba/tests/domain_backup_offline.py +#usr/lib/python3.8/site-packages/samba/tests/dsdb.py +#usr/lib/python3.8/site-packages/samba/tests/dsdb_lock.py +#usr/lib/python3.8/site-packages/samba/tests/dsdb_schema_attributes.py +#usr/lib/python3.8/site-packages/samba/tests/emulate +#usr/lib/python3.8/site-packages/samba/tests/emulate/__init__.py +#usr/lib/python3.8/site-packages/samba/tests/emulate/traffic.py +#usr/lib/python3.8/site-packages/samba/tests/emulate/traffic_packet.py +#usr/lib/python3.8/site-packages/samba/tests/encrypted_secrets.py +#usr/lib/python3.8/site-packages/samba/tests/gensec.py +#usr/lib/python3.8/site-packages/samba/tests/get_opt.py +#usr/lib/python3.8/site-packages/samba/tests/getdcname.py +#usr/lib/python3.8/site-packages/samba/tests/glue.py +#usr/lib/python3.8/site-packages/samba/tests/gpo.py +#usr/lib/python3.8/site-packages/samba/tests/graph.py +#usr/lib/python3.8/site-packages/samba/tests/group_audit.py +#usr/lib/python3.8/site-packages/samba/tests/hostconfig.py +#usr/lib/python3.8/site-packages/samba/tests/join.py +#usr/lib/python3.8/site-packages/samba/tests/kcc +#usr/lib/python3.8/site-packages/samba/tests/kcc/__init__.py +#usr/lib/python3.8/site-packages/samba/tests/kcc/graph.py +#usr/lib/python3.8/site-packages/samba/tests/kcc/graph_utils.py +#usr/lib/python3.8/site-packages/samba/tests/kcc/kcc_utils.py +#usr/lib/python3.8/site-packages/samba/tests/kcc/ldif_import_export.py +#usr/lib/python3.8/site-packages/samba/tests/krb5 +#usr/lib/python3.8/site-packages/samba/tests/krb5/kcrypto.py +#usr/lib/python3.8/site-packages/samba/tests/krb5/raw_testcase.py +#usr/lib/python3.8/site-packages/samba/tests/krb5/rfc4120_pyasn1.py +#usr/lib/python3.8/site-packages/samba/tests/krb5/s4u_tests.py +#usr/lib/python3.8/site-packages/samba/tests/krb5/simple_tests.py +#usr/lib/python3.8/site-packages/samba/tests/krb5/xrealm_tests.py +#usr/lib/python3.8/site-packages/samba/tests/krb5_credentials.py +#usr/lib/python3.8/site-packages/samba/tests/ldap_raw.py +#usr/lib/python3.8/site-packages/samba/tests/ldap_referrals.py +#usr/lib/python3.8/site-packages/samba/tests/libsmb.py +#usr/lib/python3.8/site-packages/samba/tests/loadparm.py +#usr/lib/python3.8/site-packages/samba/tests/lsa_string.py +#usr/lib/python3.8/site-packages/samba/tests/messaging.py +#usr/lib/python3.8/site-packages/samba/tests/net_join.py +#usr/lib/python3.8/site-packages/samba/tests/net_join_no_spnego.py +#usr/lib/python3.8/site-packages/samba/tests/netbios.py +#usr/lib/python3.8/site-packages/samba/tests/netcmd.py +#usr/lib/python3.8/site-packages/samba/tests/netlogonsvc.py +#usr/lib/python3.8/site-packages/samba/tests/ntacls.py +#usr/lib/python3.8/site-packages/samba/tests/ntacls_backup.py +#usr/lib/python3.8/site-packages/samba/tests/ntlm_auth.py +#usr/lib/python3.8/site-packages/samba/tests/ntlm_auth_base.py +#usr/lib/python3.8/site-packages/samba/tests/ntlm_auth_krb5.py +#usr/lib/python3.8/site-packages/samba/tests/ntlmdisabled.py +#usr/lib/python3.8/site-packages/samba/tests/pam_winbind.py +#usr/lib/python3.8/site-packages/samba/tests/pam_winbind_chauthtok.py +#usr/lib/python3.8/site-packages/samba/tests/pam_winbind_warn_pwd_expire.py +#usr/lib/python3.8/site-packages/samba/tests/param.py +#usr/lib/python3.8/site-packages/samba/tests/password_hash.py +#usr/lib/python3.8/site-packages/samba/tests/password_hash_fl2003.py +#usr/lib/python3.8/site-packages/samba/tests/password_hash_fl2008.py +#usr/lib/python3.8/site-packages/samba/tests/password_hash_gpgme.py +#usr/lib/python3.8/site-packages/samba/tests/password_hash_ldap.py +#usr/lib/python3.8/site-packages/samba/tests/password_quality.py +#usr/lib/python3.8/site-packages/samba/tests/password_test.py +#usr/lib/python3.8/site-packages/samba/tests/policy.py +#usr/lib/python3.8/site-packages/samba/tests/posixacl.py +#usr/lib/python3.8/site-packages/samba/tests/prefork_restart.py +#usr/lib/python3.8/site-packages/samba/tests/process_limits.py +#usr/lib/python3.8/site-packages/samba/tests/provision.py +#usr/lib/python3.8/site-packages/samba/tests/pso.py +#usr/lib/python3.8/site-packages/samba/tests/py_credentials.py +#usr/lib/python3.8/site-packages/samba/tests/registry.py +#usr/lib/python3.8/site-packages/samba/tests/s3idmapdb.py +#usr/lib/python3.8/site-packages/samba/tests/s3param.py +#usr/lib/python3.8/site-packages/samba/tests/s3passdb.py +#usr/lib/python3.8/site-packages/samba/tests/s3registry.py +#usr/lib/python3.8/site-packages/samba/tests/s3windb.py +#usr/lib/python3.8/site-packages/samba/tests/samba3sam.py +#usr/lib/python3.8/site-packages/samba/tests/samba_tool +#usr/lib/python3.8/site-packages/samba/tests/samba_tool/__init__.py +#usr/lib/python3.8/site-packages/samba/tests/samba_tool/base.py +#usr/lib/python3.8/site-packages/samba/tests/samba_tool/computer.py +#usr/lib/python3.8/site-packages/samba/tests/samba_tool/contact.py +#usr/lib/python3.8/site-packages/samba/tests/samba_tool/demote.py +#usr/lib/python3.8/site-packages/samba/tests/samba_tool/dnscmd.py +#usr/lib/python3.8/site-packages/samba/tests/samba_tool/drs_clone_dc_data_lmdb_size.py +#usr/lib/python3.8/site-packages/samba/tests/samba_tool/dsacl.py +#usr/lib/python3.8/site-packages/samba/tests/samba_tool/forest.py +#usr/lib/python3.8/site-packages/samba/tests/samba_tool/fsmo.py +#usr/lib/python3.8/site-packages/samba/tests/samba_tool/gpo.py +#usr/lib/python3.8/site-packages/samba/tests/samba_tool/group.py +#usr/lib/python3.8/site-packages/samba/tests/samba_tool/help.py +#usr/lib/python3.8/site-packages/samba/tests/samba_tool/join.py +#usr/lib/python3.8/site-packages/samba/tests/samba_tool/join_lmdb_size.py +#usr/lib/python3.8/site-packages/samba/tests/samba_tool/ntacl.py +#usr/lib/python3.8/site-packages/samba/tests/samba_tool/ou.py +#usr/lib/python3.8/site-packages/samba/tests/samba_tool/passwordsettings.py +#usr/lib/python3.8/site-packages/samba/tests/samba_tool/processes.py +#usr/lib/python3.8/site-packages/samba/tests/samba_tool/promote_dc_lmdb_size.py +#usr/lib/python3.8/site-packages/samba/tests/samba_tool/provision_lmdb_size.py +#usr/lib/python3.8/site-packages/samba/tests/samba_tool/provision_password_check.py +#usr/lib/python3.8/site-packages/samba/tests/samba_tool/rodc.py +#usr/lib/python3.8/site-packages/samba/tests/samba_tool/schema.py +#usr/lib/python3.8/site-packages/samba/tests/samba_tool/sites.py +#usr/lib/python3.8/site-packages/samba/tests/samba_tool/timecmd.py +#usr/lib/python3.8/site-packages/samba/tests/samba_tool/user.py +#usr/lib/python3.8/site-packages/samba/tests/samba_tool/user_check_password_script.py +#usr/lib/python3.8/site-packages/samba/tests/samba_tool/user_virtualCryptSHA.py +#usr/lib/python3.8/site-packages/samba/tests/samba_tool/user_virtualCryptSHA_base.py +#usr/lib/python3.8/site-packages/samba/tests/samba_tool/user_virtualCryptSHA_gpg.py +#usr/lib/python3.8/site-packages/samba/tests/samba_tool/user_virtualCryptSHA_userPassword.py +#usr/lib/python3.8/site-packages/samba/tests/samba_tool/user_wdigest.py +#usr/lib/python3.8/site-packages/samba/tests/samba_tool/visualize.py +#usr/lib/python3.8/site-packages/samba/tests/samba_tool/visualize_drs.py +#usr/lib/python3.8/site-packages/samba/tests/samba_upgradedns_lmdb.py +#usr/lib/python3.8/site-packages/samba/tests/samdb.py +#usr/lib/python3.8/site-packages/samba/tests/samdb_api.py +#usr/lib/python3.8/site-packages/samba/tests/security.py +#usr/lib/python3.8/site-packages/samba/tests/segfault.py +#usr/lib/python3.8/site-packages/samba/tests/smb.py +#usr/lib/python3.8/site-packages/samba/tests/smbd_base.py +#usr/lib/python3.8/site-packages/samba/tests/smbd_fuzztest.py +#usr/lib/python3.8/site-packages/samba/tests/source.py +#usr/lib/python3.8/site-packages/samba/tests/strings.py +#usr/lib/python3.8/site-packages/samba/tests/subunitrun.py +#usr/lib/python3.8/site-packages/samba/tests/tdb_util.py +#usr/lib/python3.8/site-packages/samba/tests/upgrade.py +#usr/lib/python3.8/site-packages/samba/tests/upgradeprovision.py +#usr/lib/python3.8/site-packages/samba/tests/upgradeprovisionneeddc.py +#usr/lib/python3.8/site-packages/samba/tests/usage.py +#usr/lib/python3.8/site-packages/samba/tests/xattr.py +#usr/lib/python3.8/site-packages/samba/third_party +usr/lib/python3.8/site-packages/samba/third_party/__init__.py +usr/lib/python3.8/site-packages/samba/third_party/iso8601 +usr/lib/python3.8/site-packages/samba/third_party/iso8601/__init__.py +usr/lib/python3.8/site-packages/samba/third_party/iso8601/iso8601.py +usr/lib/python3.8/site-packages/samba/third_party/iso8601/test_iso8601.py +usr/lib/python3.8/site-packages/samba/upgrade.py +usr/lib/python3.8/site-packages/samba/upgradehelpers.py +usr/lib/python3.8/site-packages/samba/uptodateness.py +usr/lib/python3.8/site-packages/samba/werror.cpython-38-x86_64-linux-gnu.so +usr/lib/python3.8/site-packages/samba/xattr.py +usr/lib/python3.8/site-packages/samba/xattr_native.cpython-38-x86_64-linux-gnu.so +usr/lib/python3.8/site-packages/samba/xattr_tdb.cpython-38-x86_64-linux-gnu.so +usr/lib/python3.8/site-packages/talloc.cpython-38-x86_64-linux-gnu.so +usr/lib/python3.8/site-packages/tdb.cpython-38-x86_64-linux-gnu.so +usr/lib/python3.8/site-packages/tevent.py +#usr/lib/samba +usr/lib/samba/idmap +usr/lib/samba/idmap/ad.so +usr/lib/samba/idmap/autorid.so +usr/lib/samba/idmap/hash.so +usr/lib/samba/idmap/rfc2307.so +usr/lib/samba/idmap/rid.so +usr/lib/samba/idmap/script.so +usr/lib/samba/idmap/tdb2.so +#usr/lib/samba/krb5 +usr/lib/samba/krb5/winbind_krb5_locator.so +#usr/lib/samba/ldb +usr/lib/samba/ldb/asq.so +usr/lib/samba/ldb/ildap.so +usr/lib/samba/ldb/ldb.so +usr/lib/samba/ldb/ldbsamba_extensions.so +usr/lib/samba/ldb/paged_searches.so +usr/lib/samba/ldb/rdn_name.so +usr/lib/samba/ldb/sample.so +usr/lib/samba/ldb/server_sort.so +usr/lib/samba/ldb/skel.so +usr/lib/samba/ldb/tdb.so +usr/lib/samba/libCHARSET3-samba4.so +usr/lib/samba/libLIBWBCLIENT-OLD-samba4.so +usr/lib/samba/libMESSAGING-SEND-samba4.so +usr/lib/samba/libMESSAGING-samba4.so +usr/lib/samba/libaddns-samba4.so +usr/lib/samba/libads-samba4.so +usr/lib/samba/libasn1-samba4.so.8 +usr/lib/samba/libasn1-samba4.so.8.0.0 +usr/lib/samba/libasn1util-samba4.so +usr/lib/samba/libauth-samba4.so +usr/lib/samba/libauth-unix-token-samba4.so +usr/lib/samba/libauth4-samba4.so +usr/lib/samba/libauthkrb5-samba4.so +usr/lib/samba/libcli-cldap-samba4.so +usr/lib/samba/libcli-ldap-common-samba4.so +usr/lib/samba/libcli-ldap-samba4.so +usr/lib/samba/libcli-nbt-samba4.so +usr/lib/samba/libcli-smb-common-samba4.so +usr/lib/samba/libcli-spoolss-samba4.so +usr/lib/samba/libcliauth-samba4.so +usr/lib/samba/libclidns-samba4.so +usr/lib/samba/libcluster-samba4.so +usr/lib/samba/libcmdline-contexts-samba4.so +usr/lib/samba/libcmdline-credentials-samba4.so +usr/lib/samba/libcmocka-samba4.so +usr/lib/samba/libcom_err-samba4.so.0 +usr/lib/samba/libcom_err-samba4.so.0.25 +usr/lib/samba/libcommon-auth-samba4.so +usr/lib/samba/libdbwrap-samba4.so +usr/lib/samba/libdcerpc-samba-samba4.so +usr/lib/samba/libdcerpc-samba4.so +usr/lib/samba/libdsdb-module-samba4.so +usr/lib/samba/libevents-samba4.so +usr/lib/samba/libflag-mapping-samba4.so +usr/lib/samba/libgenrand-samba4.so +usr/lib/samba/libgensec-samba4.so +usr/lib/samba/libgpext-samba4.so +usr/lib/samba/libgpo-samba4.so +usr/lib/samba/libgse-samba4.so +usr/lib/samba/libgssapi-samba4.so.2 +usr/lib/samba/libgssapi-samba4.so.2.0.0 +usr/lib/samba/libhcrypto-samba4.so.5 +usr/lib/samba/libhcrypto-samba4.so.5.0.1 +usr/lib/samba/libhdb-samba4.so.11 +usr/lib/samba/libhdb-samba4.so.11.0.2 +usr/lib/samba/libheimbase-samba4.so.1 +usr/lib/samba/libheimbase-samba4.so.1.0.0 +usr/lib/samba/libheimntlm-samba4.so.1 +usr/lib/samba/libheimntlm-samba4.so.1.0.1 +usr/lib/samba/libhttp-samba4.so +usr/lib/samba/libhx509-samba4.so.5 +usr/lib/samba/libhx509-samba4.so.5.0.0 +usr/lib/samba/libidmap-samba4.so +usr/lib/samba/libinterfaces-samba4.so +usr/lib/samba/libiov-buf-samba4.so +usr/lib/samba/libkdc-samba4.so.2 +usr/lib/samba/libkdc-samba4.so.2.0.0 +usr/lib/samba/libkrb5-samba4.so.26 +usr/lib/samba/libkrb5-samba4.so.26.0.0 +usr/lib/samba/libkrb5samba-samba4.so +usr/lib/samba/libldb-cmdline-samba4.so +usr/lib/samba/libldb-key-value-samba4.so +usr/lib/samba/libldb-tdb-err-map-samba4.so +usr/lib/samba/libldb-tdb-int-samba4.so +usr/lib/samba/libldb.so.2 +usr/lib/samba/libldb.so.2.2.0 +usr/lib/samba/libldbsamba-samba4.so +usr/lib/samba/liblibcli-lsa3-samba4.so +usr/lib/samba/liblibcli-netlogon3-samba4.so +usr/lib/samba/liblibsmb-samba4.so +usr/lib/samba/libmessages-dgm-samba4.so +usr/lib/samba/libmessages-util-samba4.so +usr/lib/samba/libmsghdr-samba4.so +usr/lib/samba/libmsrpc3-samba4.so +usr/lib/samba/libndr-samba-samba4.so +usr/lib/samba/libndr-samba4.so +usr/lib/samba/libnet-keytab-samba4.so +usr/lib/samba/libnetif-samba4.so +usr/lib/samba/libnpa-tstream-samba4.so +usr/lib/samba/libnss-info-samba4.so +usr/lib/samba/libpopt-samba3-cmdline-samba4.so +usr/lib/samba/libpopt-samba3-samba4.so +usr/lib/samba/libposix-eadb-samba4.so +usr/lib/samba/libprinter-driver-samba4.so +usr/lib/samba/libprinting-migrate-samba4.so +usr/lib/samba/libpyldb-util.cpython-38-x86-64-linux-gnu.so.2 +usr/lib/samba/libpyldb-util.cpython-38-x86-64-linux-gnu.so.2.2.0 +usr/lib/samba/libpytalloc-util.cpython-38-x86-64-linux-gnu.so.2 +usr/lib/samba/libpytalloc-util.cpython-38-x86-64-linux-gnu.so.2.3.1 +usr/lib/samba/libregistry-samba4.so +usr/lib/samba/libreplace-samba4.so +usr/lib/samba/libroken-samba4.so.19 +usr/lib/samba/libroken-samba4.so.19.0.1 +usr/lib/samba/libsamba-cluster-support-samba4.so +usr/lib/samba/libsamba-debug-samba4.so +usr/lib/samba/libsamba-modules-samba4.so +usr/lib/samba/libsamba-net.cpython-38-x86-64-linux-gnu-samba4.so +usr/lib/samba/libsamba-python.cpython-38-x86-64-linux-gnu-samba4.so +usr/lib/samba/libsamba-security-samba4.so +usr/lib/samba/libsamba-sockets-samba4.so +usr/lib/samba/libsamba3-util-samba4.so +usr/lib/samba/libsamdb-common-samba4.so +usr/lib/samba/libsecrets3-samba4.so +usr/lib/samba/libserver-id-db-samba4.so +usr/lib/samba/libserver-role-samba4.so +usr/lib/samba/libshares-samba4.so +usr/lib/samba/libsmb-transport-samba4.so +usr/lib/samba/libsmbclient-raw-samba4.so +usr/lib/samba/libsmbd-base-samba4.so +usr/lib/samba/libsmbd-conn-samba4.so +usr/lib/samba/libsmbd-shim-samba4.so +usr/lib/samba/libsmbldaphelper-samba4.so +usr/lib/samba/libsmbpasswdparser-samba4.so +usr/lib/samba/libsocket-blocking-samba4.so +usr/lib/samba/libsys-rw-samba4.so +usr/lib/samba/libtalloc-report-printf-samba4.so +usr/lib/samba/libtalloc-report-samba4.so +usr/lib/samba/libtalloc.so.2 +usr/lib/samba/libtalloc.so.2.3.1 +usr/lib/samba/libtdb-wrap-samba4.so +usr/lib/samba/libtdb.so.1 +usr/lib/samba/libtdb.so.1.4.3 +usr/lib/samba/libtevent.so.0 +usr/lib/samba/libtevent.so.0.10.2 +usr/lib/samba/libtime-basic-samba4.so +usr/lib/samba/libtorture-samba4.so +usr/lib/samba/libtrusts-util-samba4.so +usr/lib/samba/libutil-cmdline-samba4.so +usr/lib/samba/libutil-reg-samba4.so +usr/lib/samba/libutil-setid-samba4.so +usr/lib/samba/libutil-tdb-samba4.so +usr/lib/samba/libwinbind-client-samba4.so +usr/lib/samba/libwind-samba4.so.0 +usr/lib/samba/libwind-samba4.so.0.0.0 +usr/lib/samba/libxattr-tdb-samba4.so +usr/lib/samba/nss_info +usr/lib/samba/nss_info/hash.so +usr/lib/samba/nss_info/rfc2307.so +usr/lib/samba/nss_info/sfu.so +usr/lib/samba/nss_info/sfu20.so +#usr/lib/samba/vfs +usr/lib/samba/vfs/acl_tdb.so +usr/lib/samba/vfs/acl_xattr.so +usr/lib/samba/vfs/aio_fork.so +usr/lib/samba/vfs/aio_pthread.so +usr/lib/samba/vfs/audit.so +usr/lib/samba/vfs/btrfs.so +usr/lib/samba/vfs/cap.so +usr/lib/samba/vfs/catia.so +usr/lib/samba/vfs/commit.so +usr/lib/samba/vfs/crossrename.so +usr/lib/samba/vfs/default_quota.so +usr/lib/samba/vfs/dirsort.so +usr/lib/samba/vfs/expand_msdfs.so +usr/lib/samba/vfs/extd_audit.so +usr/lib/samba/vfs/fake_perms.so +usr/lib/samba/vfs/fileid.so +usr/lib/samba/vfs/fruit.so +usr/lib/samba/vfs/full_audit.so +usr/lib/samba/vfs/glusterfs_fuse.so +usr/lib/samba/vfs/gpfs.so +usr/lib/samba/vfs/linux_xfs_sgid.so +usr/lib/samba/vfs/media_harmony.so +usr/lib/samba/vfs/offline.so +usr/lib/samba/vfs/preopen.so +usr/lib/samba/vfs/readahead.so +usr/lib/samba/vfs/readonly.so +usr/lib/samba/vfs/recycle.so +usr/lib/samba/vfs/shadow_copy.so +usr/lib/samba/vfs/shadow_copy2.so +usr/lib/samba/vfs/shell_snap.so +usr/lib/samba/vfs/snapper.so +usr/lib/samba/vfs/streams_depot.so +usr/lib/samba/vfs/streams_xattr.so +usr/lib/samba/vfs/syncops.so +usr/lib/samba/vfs/time_audit.so +usr/lib/samba/vfs/unityed_media.so +usr/lib/samba/vfs/virusfilter.so +usr/lib/samba/vfs/widelinks.so +usr/lib/samba/vfs/worm.so +usr/lib/samba/vfs/xattr_tdb.so +usr/lib/security +usr/lib/security/pam_winbind.so +#usr/libexec/samba +usr/libexec/samba/smbspool_krb5_wrapper +usr/sbin/eventlogadm +usr/sbin/nmbd +usr/sbin/samba-gpupdate +usr/sbin/smbd +usr/sbin/winbindd +var/ipfire/backup/addons/includes/samba +#var/ipfire/samba +var/ipfire/samba/default.global +var/ipfire/samba/default.pdc +var/ipfire/samba/default.printer +var/ipfire/samba/default.settings +var/ipfire/samba/default.shares +var/ipfire/samba/global +var/ipfire/samba/pdc +var/ipfire/samba/printer +#var/ipfire/samba/private +var/ipfire/samba/private/secrets.tdb +var/ipfire/samba/private/smbpasswd +var/ipfire/samba/settings +var/ipfire/samba/shares +var/ipfire/samba/smb.conf +var/ipfire/samba/smb.conf.default +var/lib/samba +var/lib/samba/bind-dns +var/lib/samba/private +var/lib/samba/winbindd_privileged +var/log/samba +var/nmbd +srv/web/ipfire/cgi-bin/samba.cgi +srv/web/ipfire/cgi-bin/sambahlp.cgi +var/ipfire/menu.d/EX-samba.menu +usr/local/bin/sambactrl diff --git a/lfs/samba b/lfs/samba index aa6f1fd62..dcc3ee051 100644 --- a/lfs/samba +++ b/lfs/samba @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2018 IPFire Team info@ipfire.org # +# Copyright (C) 2007-2020 IPFire Team info@ipfire.org # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@
include Config
-VER = 3.6.25 +VER = 4.13.0
THISAPP = samba-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -32,9 +32,9 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = samba -PAK_VER = 68 +PAK_VER = 69
-DEPS = cups krb5 +DEPS = cups libtirpc krb5 perl-Parse-Yapp
############################################################################### # Top-level Rules @@ -44,7 +44,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 76da2fa64edd94a0188531e7ecb27c4e +$(DL_FILE)_MD5 = a7f5cccac09d638b3bd11204003b7e7b
install : $(TARGET)
@@ -77,117 +77,26 @@ $(subst %,%_MD5,$(objects)) : $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE) - $(UPDATE_AUTOMAKE) - - # Apply patches from RHEL6 - # Upstream patches - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/samba-3.6.99-fix_nbt_query_with_many_components.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/samba-3.6.99-fix_group_expansion_with_nss_templates.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/samba-3.6.99-fix_group_expansion_in_service_path.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/samba-3.6.99-fix_memleak_in_printer_list.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/samba-3.6.99-fix_lookups_with_one_way_trusts.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/samba-3.6.99-fix_setup_domain_child_logic.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/samba-3.6.99-fix_force_user_with_security_ads.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/samba-3.6.99-add_timeout_option_to_smbclient.patch - # Additional Red Hat patches - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/samba-3.2.0pre1-pipedir.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/samba-3.2.0pre1-grouppwd.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/samba-3.2.5-inotify.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/samba-3.5.11-idmapdebug.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/samba-3.5.11-docs.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/samba-3.5.11-nss_info_doc.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/samba-3.5.11-wbinfo_manpage.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/samba-3.5.12-dns.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/samba-3.5.12-pam_radio_type.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/samba-3.6.18-fix_net_ads_join_segfault.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/samba-3.6.19-valid_users_doc.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/samba-3.6.23-gecos.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/samba-3.6.23-glusterfs.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/samba-3.6.23-libsmbclient.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/samba-3.6.23-fix_libads_krb5_ipv6.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/samba-3.6.26-smb2_case_sensitive.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/samba-3.6.99-fix_gecos_interactive.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/samba-3.6.99-fix_dropbox_share.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/samba-3.6.99-add_spoolss_os_version.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/samba-3.6.99-nt_printer_publish_guid.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/samba-3.6.99-fix_keytab_null_termination.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/samba-3.6.99-fix_printcap_cpu_utilization.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/samba-3.6.99-fix_smbclient_ntlmv2_auth.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/samba-3.6.99-fix_smb_conf_doc.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/samba-3.6.99-bug-1117059.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/samba-3.6.99-bug-1192211.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/samba-3.6.99-fix_usergroup_cache_lookup.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/samba-3.6.99-fix_force_user_winbind_default_domain.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/samba-3.6.99-fix_rpcclient_timeout_command.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/samba-3.6.99-fix_force_group.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/samba-3.6.99-fix_pam_winbind_parsing_segfault.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/samba-3.6.99-fix_mangling_hash_segfault.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/samba-3.6.99-doc_netbios_name_length_limit.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/samba-3.6.99-fix_map_to_guest_bad_uid.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/samba-3.6.99-fix_security_server_share_access.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/samba-3.6.99-fix_stale_printer_entries_on_rename.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/CVE-2015-5299-v3-6-bso11529.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/CVE-2015-5296-v3-6-bso11536.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/CVE-2015-5252-v3-6-bso11395.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/CVE-2015-5330-v3-6-bso11599.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/samba-3.6.99-net_ads_join_no_dns_updates.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/samba-3.6.99-asserted_identity_sid-S-1-18-1.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/CVE-2015-7560-v3-6.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/samba-3.6.99-fix_symlink_verification.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/CVE-preparation-v3-6.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/CVE-2016-2110-v3-6.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/CVE-2016-2111-v3-6.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/CVE-2016-2112-v3-6.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/CVE-2016-2115-v3-6.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/CVE-2016-2118-v3-6.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/CVE-2015-5370-v3-6.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/samba-3.6.99-fix_winbind_cache_memory_leak.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/samba-3.6.99-fix_memleak_winbind_cached_creds.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/samba-3.6.99-idmap_ad_memleak.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/samba-3.6.99-libsmb_fix_dfs_connections.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/samba-3.6.99-2110-ntlmssp-session-setup-nas.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/samba-3.6.99-fix_rpc_query_user_list.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/samba-3.6.99-nt_printer_unpublish_fix.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/CVE-2016-2126-v3.6.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/CVE-2016-2125-v3.6.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/samba-3.6.99-fix_member_auth_after_changed_secret.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/samba-3.6.99-fix_dirsort_ea-support.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/CVE-2017-7494-v3-6.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/samba-3.6.99-winbind_fix_trusted_domain_handling.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/CVE-2017-2619.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/CVE-2017-12150-v3-6.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/CVE-2017-12163.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/CVE-2017-15275.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/doc-update.patch - - cd $(DIR_APP)/source3 && ./autogen.sh - cd $(DIR_APP)/source3 && ./configure \ + cd $(DIR_APP) && ./configure \ --prefix=/usr \ --libdir=/usr/lib/ \ --sysconfdir=/var/ipfire \ --localstatedir=/var \ + --without-ad-dc \ --with-cachedir=/var/lib/samba \ --with-lockdir=/var/lib/samba \ --with-piddir=/var/run \ --with-ads \ --with-acl-support \ - --with-libsmbclient \ - --with-libsmbsharemodes \ --with-sendfile-support \ - --with-fhs \ --with-winbind \ - --disable-swat \ + --enable-fhs \ --enable-cups \ --disable-avahi \ --with-syslog - cd $(DIR_APP)/source3 && make $(MAKETUNING) idl_full - cd $(DIR_APP)/source3 && make $(MAKETUNING) proto && make all $(MAKETUNING) $(EXTRA_MAKE) - cd $(DIR_APP)/source3 && make install - cd $(DIR_APP)/source3 && chmod -v 644 /usr/include/libsmbclient.h - #cd $(DIR_APP)/source3 && install -v -m755 nsswitch/libnss_wins.so /lib - #cd $(DIR_APP)/source3 && install -v -m755 nsswitch/libnss_winbind.so /lib - #cd $(DIR_APP)/source3 && ln -v -sf libnss_winbind.so /lib/libnss_winbind.so.2 - #cd $(DIR_APP)/source3 && ln -v -sf libnss_wins.so /lib/libnss_wins.so.2 + cd $(DIR_APP) && make $(MAKETUNING) $(EXTRA_MAKE) + cd $(DIR_APP) && make install + -mkdir -p /var/ipfire/samba cd $(DIR_APP)/source3 && install -v -m644 ../examples/smb.conf.default /var/ipfire/samba cp -vrf $(DIR_SRC)/config/samba/* /var/ipfire/samba/ @@ -198,6 +107,8 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) cp -vfp /var/ipfire/samba/default.shares /var/ipfire/samba/shares cp -vfp /var/ipfire/samba/default.printer /var/ipfire/samba/printer cat /var/ipfire/samba/global /var/ipfire/samba/shares > /var/ipfire/samba/smb.conf + rm -rf /var/lib/samba/private + ln -s /var/ipfire/samba/private /var/lib/samba/private -mkdir -p /var/log/samba install -v -m 644 $(DIR_SRC)/config/backup/includes/samba /var/ipfire/backup/addons/includes/samba
diff --git a/src/patches/samba/CVE-2015-5252-v3-6-bso11395.patch b/src/patches/samba/CVE-2015-5252-v3-6-bso11395.patch deleted file mode 100644 index b7580fba3..000000000 --- a/src/patches/samba/CVE-2015-5252-v3-6-bso11395.patch +++ /dev/null @@ -1,44 +0,0 @@ -From 2e94b6ec10f1d15e24867bab3063bb85f173406a Mon Sep 17 00:00:00 2001 -From: Jeremy Allison jra@samba.org -Date: Thu, 9 Jul 2015 10:58:11 -0700 -Subject: [PATCH] CVE-2015-5252: s3: smbd: Fix symlink verification (file - access outside the share). - -Ensure matching component ends in '/' or '\0'. - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=11395 - -Signed-off-by: Jeremy Allison jra@samba.org -Reviewed-by: Volker Lendecke vl@samba.org ---- - source3/smbd/vfs.c | 7 +++++-- - 1 file changed, 5 insertions(+), 2 deletions(-) - -diff --git a/source3/smbd/vfs.c b/source3/smbd/vfs.c -index 6c56964..bd93b7f 100644 ---- a/source3/smbd/vfs.c -+++ b/source3/smbd/vfs.c -@@ -982,6 +982,7 @@ NTSTATUS check_reduced_name(connection_struct *conn, const char *fname) - if (!allow_widelinks || !allow_symlinks) { - const char *conn_rootdir; - size_t rootdir_len; -+ bool matched; - - conn_rootdir = SMB_VFS_CONNECTPATH(conn, fname); - if (conn_rootdir == NULL) { -@@ -992,8 +993,10 @@ NTSTATUS check_reduced_name(connection_struct *conn, const char *fname) - } - - rootdir_len = strlen(conn_rootdir); -- if (strncmp(conn_rootdir, resolved_name, -- rootdir_len) != 0) { -+ matched = (strncmp(conn_rootdir, resolved_name, -+ rootdir_len) == 0); -+ if (!matched || (resolved_name[rootdir_len] != '/' && -+ resolved_name[rootdir_len] != '\0')) { - DEBUG(2, ("check_reduced_name: Bad access " - "attempt: %s is a symlink outside the " - "share path\n", fname)); --- -2.5.0 - diff --git a/src/patches/samba/CVE-2015-5296-v3-6-bso11536.patch b/src/patches/samba/CVE-2015-5296-v3-6-bso11536.patch deleted file mode 100644 index 4b722a56a..000000000 --- a/src/patches/samba/CVE-2015-5296-v3-6-bso11536.patch +++ /dev/null @@ -1,113 +0,0 @@ -From 25139116756cc285a3a5534834cc276ef1b7baaa Mon Sep 17 00:00:00 2001 -From: Stefan Metzmacher metze@samba.org -Date: Wed, 30 Sep 2015 21:17:02 +0200 -Subject: [PATCH 1/2] CVE-2015-5296: s3:libsmb: force signing when requiring - encryption in do_connect() - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=11536 - -Signed-off-by: Stefan Metzmacher metze@samba.org -Reviewed-by: Jeremy Allison jra@samba.org ---- - source3/libsmb/clidfs.c | 7 ++++++- - 1 file changed, 6 insertions(+), 1 deletion(-) - -diff --git a/source3/libsmb/clidfs.c b/source3/libsmb/clidfs.c -index 23e1471..f153b6b 100644 ---- a/source3/libsmb/clidfs.c -+++ b/source3/libsmb/clidfs.c -@@ -98,6 +98,11 @@ static struct cli_state *do_connect(TALLOC_CTX *ctx, - const char *username; - const char *password; - NTSTATUS status; -+ int signing_state = get_cmdline_auth_info_signing_state(auth_info); -+ -+ if (force_encrypt) { -+ signing_state = Required; -+ } - - /* make a copy so we don't modify the global string 'service' */ - servicename = talloc_strdup(ctx,share); -@@ -132,7 +137,7 @@ static struct cli_state *do_connect(TALLOC_CTX *ctx, - zero_sockaddr(&ss); - - /* have to open a new connection */ -- c = cli_initialise_ex(get_cmdline_auth_info_signing_state(auth_info)); -+ c = cli_initialise_ex(signing_state); - if (c == NULL) { - d_printf("Connection to %s failed\n", server_n); - return NULL; --- -2.5.0 - - -From 060adb0abdeda51b8b622c6020b5dea0c8dde1cf Mon Sep 17 00:00:00 2001 -From: Stefan Metzmacher metze@samba.org -Date: Wed, 30 Sep 2015 21:17:02 +0200 -Subject: [PATCH 2/2] CVE-2015-5296: s3:libsmb: force signing when requiring - encryption in SMBC_server_internal() - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=11536 - -Signed-off-by: Stefan Metzmacher metze@samba.org -Reviewed-by: Jeremy Allison jra@samba.org ---- - source3/libsmb/libsmb_server.c | 13 +++++++++++-- - 1 file changed, 11 insertions(+), 2 deletions(-) - -diff --git a/source3/libsmb/libsmb_server.c b/source3/libsmb/libsmb_server.c -index 45be660..167f2c9 100644 ---- a/source3/libsmb/libsmb_server.c -+++ b/source3/libsmb/libsmb_server.c -@@ -258,6 +258,7 @@ SMBC_server_internal(TALLOC_CTX *ctx, - const char *username_used; - NTSTATUS status; - char *newserver, *newshare; -+ int signing_state = Undefined; - - zero_sockaddr(&ss); - ZERO_STRUCT(c); -@@ -404,8 +405,12 @@ again: - - zero_sockaddr(&ss); - -+ if (context->internal->smb_encryption_level != SMBC_ENCRYPTLEVEL_NONE) { -+ signing_state = Required; -+ } -+ - /* have to open a new connection */ -- if ((c = cli_initialise()) == NULL) { -+ if ((c = cli_initialise_ex(signing_state)) == NULL) { - errno = ENOMEM; - return NULL; - } -@@ -750,6 +755,7 @@ SMBC_attr_server(TALLOC_CTX *ctx, - ipc_srv = SMBC_find_server(ctx, context, server, "*IPC$", - pp_workgroup, pp_username, pp_password); - if (!ipc_srv) { -+ int signing_state = Undefined; - - /* We didn't find a cached connection. Get the password */ - if (!*pp_password || (*pp_password)[0] == '\0') { -@@ -771,6 +777,9 @@ SMBC_attr_server(TALLOC_CTX *ctx, - if (smbc_getOptionUseCCache(context)) { - flags |= CLI_FULL_CONNECTION_USE_CCACHE; - } -+ if (context->internal->smb_encryption_level != SMBC_ENCRYPTLEVEL_NONE) { -+ signing_state = Required; -+ } - - zero_sockaddr(&ss); - nt_status = cli_full_connection(&ipc_cli, -@@ -780,7 +789,7 @@ SMBC_attr_server(TALLOC_CTX *ctx, - *pp_workgroup, - *pp_password, - flags, -- Undefined); -+ signing_state); - if (! NT_STATUS_IS_OK(nt_status)) { - DEBUG(1,("cli_full_connection failed! (%s)\n", - nt_errstr(nt_status))); --- -2.5.0 - diff --git a/src/patches/samba/CVE-2015-5299-v3-6-bso11529.patch b/src/patches/samba/CVE-2015-5299-v3-6-bso11529.patch deleted file mode 100644 index 38936bb91..000000000 --- a/src/patches/samba/CVE-2015-5299-v3-6-bso11529.patch +++ /dev/null @@ -1,98 +0,0 @@ -From 8e49de7754f7171a58a1f94dee0f1138dbee3c60 Mon Sep 17 00:00:00 2001 -From: Jeremy Allison jra@samba.org -Date: Fri, 23 Oct 2015 14:54:31 -0700 -Subject: [PATCH] CVE-2015-5299: s3-shadow-copy2: fix missing access check on - snapdir - -Fix originally from partha@exablox.com - -https://bugzilla.samba.org/show_bug.cgi?id=11529 - -Signed-off-by: Jeremy Allison jra@samba.org -Reviewed-by: David Disseldorp ddiss@samba.org ---- - source3/modules/vfs_shadow_copy2.c | 47 ++++++++++++++++++++++++++++++++++++++ - 1 file changed, 47 insertions(+) - -diff --git a/source3/modules/vfs_shadow_copy2.c b/source3/modules/vfs_shadow_copy2.c -index fedfb53..16c1ed7 100644 ---- a/source3/modules/vfs_shadow_copy2.c -+++ b/source3/modules/vfs_shadow_copy2.c -@@ -21,6 +21,8 @@ - - #include "includes.h" - #include "smbd/smbd.h" -+#include "smbd/globals.h" -+#include "../libcli/security/security.h" - #include "system/filesys.h" - #include "ntioctl.h" - -@@ -764,6 +766,43 @@ static int shadow_copy2_mkdir(vfs_handle_struct *handle, const char *fname, mod - SHADOW2_NEXT(MKDIR, (handle, name, mode), int, -1); - } - -+static bool check_access_snapdir(struct vfs_handle_struct *handle, -+ const char *path) -+{ -+ struct smb_filename smb_fname; -+ int ret; -+ NTSTATUS status; -+ uint32_t access_granted = 0; -+ -+ ZERO_STRUCT(smb_fname); -+ smb_fname.base_name = talloc_asprintf(talloc_tos(), -+ "%s", -+ path); -+ if (smb_fname.base_name == NULL) { -+ return false; -+ } -+ -+ ret = SMB_VFS_NEXT_STAT(handle, &smb_fname); -+ if (ret != 0 || !S_ISDIR(smb_fname.st.st_ex_mode)) { -+ TALLOC_FREE(smb_fname.base_name); -+ return false; -+ } -+ -+ status = smbd_check_open_rights(handle->conn, -+ &smb_fname, -+ SEC_DIR_LIST, -+ &access_granted); -+ if (!NT_STATUS_IS_OK(status)) { -+ DEBUG(0,("user does not have list permission " -+ "on snapdir %s\n", -+ smb_fname.base_name)); -+ TALLOC_FREE(smb_fname.base_name); -+ return false; -+ } -+ TALLOC_FREE(smb_fname.base_name); -+ return true; -+} -+ - static int shadow_copy2_rmdir(vfs_handle_struct *handle, const char *fname) - { - SHADOW2_NEXT(RMDIR, (handle, name), int, -1); -@@ -877,6 +916,7 @@ static int shadow_copy2_get_shadow_copy2_data(vfs_handle_struct *handle, - SMB_STRUCT_DIRENT *d; - TALLOC_CTX *tmp_ctx = talloc_new(handle->data); - char *snapshot; -+ bool ret; - - snapdir = shadow_copy2_find_snapdir(tmp_ctx, handle); - if (snapdir == NULL) { -@@ -886,6 +926,13 @@ static int shadow_copy2_get_shadow_copy2_data(vfs_handle_struct *handle, - talloc_free(tmp_ctx); - return -1; - } -+ ret = check_access_snapdir(handle, snapdir); -+ if (!ret) { -+ DEBUG(0,("access denied on listing snapdir %s\n", snapdir)); -+ errno = EACCES; -+ talloc_free(tmp_ctx); -+ return -1; -+ } - - p = SMB_VFS_NEXT_OPENDIR(handle, snapdir, NULL, 0); - --- -2.5.0 - diff --git a/src/patches/samba/CVE-2015-5330-v3-6-bso11599.patch b/src/patches/samba/CVE-2015-5330-v3-6-bso11599.patch deleted file mode 100644 index 4ae1473bc..000000000 --- a/src/patches/samba/CVE-2015-5330-v3-6-bso11599.patch +++ /dev/null @@ -1,214 +0,0 @@ -From a96c0528c68093d155b674269a9c8bf48315fc01 Mon Sep 17 00:00:00 2001 -From: Douglas Bagnall douglas.bagnall@catalyst.net.nz -Date: Tue, 24 Nov 2015 13:47:16 +1300 -Subject: [PATCH 1/3] CVE-2015-5330: Fix handling of unicode near string - endings - -Until now next_codepoint_ext() and next_codepoint_handle_ext() were -using strnlen(str, 5) to determine how much string they should try to -decode. This ended up looking past the end of the string when it was not -null terminated and the final character looked like a multi-byte encoding. -The fix is to let the caller say how long the string can be. - -Bug: https://bugzilla.samba.org/show_bug.cgi?id=11599 - -Signed-off-by: Douglas Bagnall douglas.bagnall@catalyst.net.nz -Pair-programmed-with: Andrew Bartlett abartlet@samba.org -Reviewed-by: Ralph Boehme slow@samba.org ---- - lib/util/charset/charset.h | 9 +++++---- - lib/util/charset/codepoints.c | 19 +++++++++++++------ - lib/util/charset/util_unistr.c | 5 ++++- - source3/lib/util_str.c | 2 +- - 4 files changed, 23 insertions(+), 12 deletions(-) - -diff --git a/lib/util/charset/charset.h b/lib/util/charset/charset.h -index 474d77e..b70aa61 100644 ---- a/lib/util/charset/charset.h -+++ b/lib/util/charset/charset.h -@@ -175,15 +175,16 @@ smb_iconv_t get_conv_handle(struct smb_iconv_convenience *ic, - charset_t from, charset_t to); - const char *charset_name(struct smb_iconv_convenience *ic, charset_t ch); - --codepoint_t next_codepoint_ext(const char *str, charset_t src_charset, -- size_t *size); -+codepoint_t next_codepoint_ext(const char *str, size_t len, -+ charset_t src_charset, size_t *size); - codepoint_t next_codepoint(const char *str, size_t *size); - ssize_t push_codepoint(char *str, codepoint_t c); - - /* codepoints */ - codepoint_t next_codepoint_convenience_ext(struct smb_iconv_convenience *ic, -- const char *str, charset_t src_charset, -- size_t *size); -+ const char *str, size_t len, -+ charset_t src_charset, -+ size_t *size); - codepoint_t next_codepoint_convenience(struct smb_iconv_convenience *ic, - const char *str, size_t *size); - ssize_t push_codepoint_convenience(struct smb_iconv_convenience *ic, -diff --git a/lib/util/charset/codepoints.c b/lib/util/charset/codepoints.c -index 5ee95a8..8dd647e 100644 ---- a/lib/util/charset/codepoints.c -+++ b/lib/util/charset/codepoints.c -@@ -346,7 +346,8 @@ smb_iconv_t get_conv_handle(struct smb_iconv_convenience *ic, - */ - _PUBLIC_ codepoint_t next_codepoint_convenience_ext( - struct smb_iconv_convenience *ic, -- const char *str, charset_t src_charset, -+ const char *str, size_t len, -+ charset_t src_charset, - size_t *bytes_consumed) - { - /* it cannot occupy more than 4 bytes in UTF16 format */ -@@ -366,7 +367,7 @@ _PUBLIC_ codepoint_t next_codepoint_convenience_ext( - * we assume that no multi-byte character can take more than 5 bytes. - * This is OK as we only support codepoints up to 1M (U+100000) - */ -- ilen_orig = strnlen(str, 5); -+ ilen_orig = MIN(len, 5); - ilen = ilen_orig; - - descriptor = get_conv_handle(ic, src_charset, CH_UTF16); -@@ -424,7 +425,13 @@ _PUBLIC_ codepoint_t next_codepoint_convenience_ext( - _PUBLIC_ codepoint_t next_codepoint_convenience(struct smb_iconv_convenience *ic, - const char *str, size_t *size) - { -- return next_codepoint_convenience_ext(ic, str, CH_UNIX, size); -+ /* -+ * We assume that no multi-byte character can take more than 5 bytes -+ * thus avoiding walking all the way down a long string. This is OK as -+ * Unicode codepoints only go up to (U+10ffff), which can always be -+ * encoded in 4 bytes or less. -+ */ -+ return next_codepoint_convenience_ext(ic, str, strnlen(str, 5), CH_UNIX, size); - } - - /* -@@ -486,10 +493,10 @@ _PUBLIC_ ssize_t push_codepoint_convenience(struct smb_iconv_convenience *ic, - return 5 - olen; - } - --_PUBLIC_ codepoint_t next_codepoint_ext(const char *str, charset_t src_charset, -- size_t *size) -+_PUBLIC_ codepoint_t next_codepoint_ext(const char *str, size_t len, -+ charset_t src_charset, size_t *size) - { -- return next_codepoint_convenience_ext(get_iconv_convenience(), str, -+ return next_codepoint_convenience_ext(get_iconv_convenience(), str, len, - src_charset, size); - } - -diff --git a/lib/util/charset/util_unistr.c b/lib/util/charset/util_unistr.c -index 760be77..d9e9b34 100644 ---- a/lib/util/charset/util_unistr.c -+++ b/lib/util/charset/util_unistr.c -@@ -485,7 +485,10 @@ _PUBLIC_ char *strupper_talloc_n(TALLOC_CTX *ctx, const char *src, size_t n) - - while (n-- && *src) { - size_t c_size; -- codepoint_t c = next_codepoint_convenience(iconv_convenience, src, &c_size); -+ codepoint_t c = next_codepoint_convenience_ext(iconv_convenience, -+ src, -+ n, -+ &c_size); - src += c_size; - - c = toupper_m(c); -diff --git a/source3/lib/util_str.c b/source3/lib/util_str.c -index 4701528..f8a5160 100644 ---- a/source3/lib/util_str.c -+++ b/source3/lib/util_str.c -@@ -1486,7 +1486,7 @@ size_t strlen_m_ext(const char *s, const charset_t src_charset, - - while (*s) { - size_t c_size; -- codepoint_t c = next_codepoint_ext(s, src_charset, &c_size); -+ codepoint_t c = next_codepoint_ext(s, strnlen(s, 5), src_charset, &c_size); - s += c_size; - - switch (dst_charset) { --- -2.5.0 - - -From 8298252a1ba9c014f7ceb76736abb38132181f79 Mon Sep 17 00:00:00 2001 -From: Douglas Bagnall douglas.bagnall@catalyst.net.nz -Date: Tue, 24 Nov 2015 13:54:09 +1300 -Subject: [PATCH 2/3] CVE-2015-5330: next_codepoint_handle_ext: don't - short-circuit UTF16 low bytes - -UTF16 contains zero bytes when it is encoding ASCII (for example), so we -can't assume the absense of the 0x80 bit means a one byte encoding. No -current callers use UTF16. - -Bug: https://bugzilla.samba.org/show_bug.cgi?id=11599 - -Signed-off-by: Douglas Bagnall douglas.bagnall@catalyst.net.nz -Pair-programmed-with: Andrew Bartlett abartlet@samba.org -Reviewed-by: Ralph Boehme slow@samba.org ---- - lib/util/charset/codepoints.c | 5 ++++- - 1 file changed, 4 insertions(+), 1 deletion(-) - -diff --git a/lib/util/charset/codepoints.c b/lib/util/charset/codepoints.c -index 8dd647e..cf5f3e6 100644 ---- a/lib/util/charset/codepoints.c -+++ b/lib/util/charset/codepoints.c -@@ -358,7 +358,10 @@ _PUBLIC_ codepoint_t next_codepoint_convenience_ext( - size_t olen; - char *outbuf; - -- if ((str[0] & 0x80) == 0) { -+ -+ if (((str[0] & 0x80) == 0) && (src_charset == CH_DOS || -+ src_charset == CH_UNIX || -+ src_charset == CH_UTF8)) { - *bytes_consumed = 1; - return (codepoint_t)str[0]; - } --- -2.5.0 - - -From 0988b7cb606a7e4cd73fd8db02806abbc9d8f2e0 Mon Sep 17 00:00:00 2001 -From: Douglas Bagnall douglas.bagnall@catalyst.net.nz -Date: Tue, 24 Nov 2015 13:49:09 +1300 -Subject: [PATCH 3/3] CVE-2015-5330: strupper_talloc_n_handle(): properly count - characters - -When a codepoint eats more than one byte we really want to know, -especially if the string is not NUL terminated. - -Bug: https://bugzilla.samba.org/show_bug.cgi?id=11599 - -Signed-off-by: Douglas Bagnall douglas.bagnall@catalyst.net.nz -Pair-programmed-with: Andrew Bartlett abartlet@samba.org -Reviewed-by: Ralph Boehme slow@samba.org ---- - lib/util/charset/util_unistr.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/lib/util/charset/util_unistr.c b/lib/util/charset/util_unistr.c -index d9e9b34..6dad43f 100644 ---- a/lib/util/charset/util_unistr.c -+++ b/lib/util/charset/util_unistr.c -@@ -483,13 +483,14 @@ _PUBLIC_ char *strupper_talloc_n(TALLOC_CTX *ctx, const char *src, size_t n) - return NULL; - } - -- while (n-- && *src) { -+ while (n && *src) { - size_t c_size; - codepoint_t c = next_codepoint_convenience_ext(iconv_convenience, - src, - n, - &c_size); - src += c_size; -+ n -= c_size; - - c = toupper_m(c); - --- -2.5.0 - diff --git a/src/patches/samba/CVE-2015-5370-v3-6.patch b/src/patches/samba/CVE-2015-5370-v3-6.patch deleted file mode 100644 index 7af1dd362..000000000 --- a/src/patches/samba/CVE-2015-5370-v3-6.patch +++ /dev/null @@ -1,3080 +0,0 @@ -From 8368c32cb69da82c8df36404ec8042c3046866ca Mon Sep 17 00:00:00 2001 -From: Stefan Metzmacher metze@samba.org -Date: Thu, 16 Jul 2015 22:46:05 +0200 -Subject: [PATCH 01/40] CVE-2015-5370: dcerpc.idl: add - DCERPC_{NCACN_PAYLOAD,FRAG}_MAX_SIZE defines -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344 - -Signed-off-by: Stefan Metzmacher metze@samba.org -Reviewed-by: Günther Deschner gd@samba.org ---- - librpc/idl/dcerpc.idl | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/librpc/idl/dcerpc.idl b/librpc/idl/dcerpc.idl -index 75ef2ec..bbb42d1 100644 ---- a/librpc/idl/dcerpc.idl -+++ b/librpc/idl/dcerpc.idl -@@ -475,9 +475,11 @@ interface dcerpc - const uint8 DCERPC_PFC_OFFSET = 3; - const uint8 DCERPC_DREP_OFFSET = 4; - const uint8 DCERPC_FRAG_LEN_OFFSET = 8; -+ const uint32 DCERPC_FRAG_MAX_SIZE = 5840; - const uint8 DCERPC_AUTH_LEN_OFFSET = 10; - const uint8 DCERPC_CALL_ID_OFFSET = 12; - const uint8 DCERPC_NCACN_PAYLOAD_OFFSET = 16; -+ const uint32 DCERPC_NCACN_PAYLOAD_MAX_SIZE = 0x400000; /* 4 MByte */ - - /* little-endian flag */ - const uint8 DCERPC_DREP_LE = 0x10; --- -2.8.1 - - -From e3043ba5aafdb0605ab14b11917d497b59d82bec Mon Sep 17 00:00:00 2001 -From: Stefan Metzmacher metze@samba.org -Date: Sun, 28 Jun 2015 01:19:57 +0200 -Subject: [PATCH 02/40] CVE-2015-5370: librpc/rpc: simplify and harden - dcerpc_pull_auth_trailer() -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344 - -Signed-off-by: Stefan Metzmacher metze@samba.org -Reviewed-by: Günther Deschner gd@samba.org ---- - librpc/rpc/dcerpc_util.c | 63 ++++++++++++++++++++++++++++++++++++------------ - librpc/rpc/rpc_common.h | 4 +-- - 2 files changed, 49 insertions(+), 18 deletions(-) - -diff --git a/librpc/rpc/dcerpc_util.c b/librpc/rpc/dcerpc_util.c -index 97ef798..f936ef4 100644 ---- a/librpc/rpc/dcerpc_util.c -+++ b/librpc/rpc/dcerpc_util.c -@@ -92,31 +92,44 @@ uint8_t dcerpc_get_endian_flag(DATA_BLOB *blob) - * - * @return - A NTSTATUS error code. - */ --NTSTATUS dcerpc_pull_auth_trailer(struct ncacn_packet *pkt, -+NTSTATUS dcerpc_pull_auth_trailer(const struct ncacn_packet *pkt, - TALLOC_CTX *mem_ctx, -- DATA_BLOB *pkt_trailer, -+ const DATA_BLOB *pkt_trailer, - struct dcerpc_auth *auth, -- uint32_t *auth_length, -+ uint32_t *_auth_length, - bool auth_data_only) - { - struct ndr_pull *ndr; - enum ndr_err_code ndr_err; -- uint32_t data_and_pad; -+ uint16_t data_and_pad; -+ uint16_t auth_length; -+ uint32_t tmp_length; - -- data_and_pad = pkt_trailer->length -- - (DCERPC_AUTH_TRAILER_LENGTH + pkt->auth_length); -+ ZERO_STRUCTP(auth); -+ if (_auth_length != NULL) { -+ *_auth_length = 0; -+ } - -- /* paranoia check for pad size. This would be caught anyway by -- the ndr_pull_advance() a few lines down, but it scared -- Jeremy enough for him to call me, so we might as well check -- it now, just to prevent someone posting a bogus YouTube -- video in the future. -- */ -- if (data_and_pad > pkt_trailer->length) { -- return NT_STATUS_INFO_LENGTH_MISMATCH; -+ /* Paranoia checks for auth_length. The caller should check this... */ -+ if (pkt->auth_length > pkt->frag_length) { -+ return NT_STATUS_INTERNAL_ERROR; -+ } -+ tmp_length = DCERPC_NCACN_PAYLOAD_OFFSET; -+ tmp_length += DCERPC_AUTH_TRAILER_LENGTH; -+ tmp_length += pkt->auth_length; -+ if (tmp_length > pkt->frag_length) { -+ return NT_STATUS_INTERNAL_ERROR; -+ } -+ if (pkt_trailer->length > UINT16_MAX) { -+ return NT_STATUS_INTERNAL_ERROR; - } - -- *auth_length = pkt_trailer->length - data_and_pad; -+ auth_length = DCERPC_AUTH_TRAILER_LENGTH + pkt->auth_length; -+ if (pkt_trailer->length < auth_length) { -+ return NT_STATUS_RPC_PROTOCOL_ERROR; -+ } -+ -+ data_and_pad = pkt_trailer->length - auth_length; - - ndr = ndr_pull_init_blob(pkt_trailer, mem_ctx); - if (!ndr) { -@@ -136,14 +149,28 @@ NTSTATUS dcerpc_pull_auth_trailer(struct ncacn_packet *pkt, - ndr_err = ndr_pull_dcerpc_auth(ndr, NDR_SCALARS|NDR_BUFFERS, auth); - if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { - talloc_free(ndr); -+ ZERO_STRUCTP(auth); - return ndr_map_error2ntstatus(ndr_err); - } - -+ if (data_and_pad < auth->auth_pad_length) { -+ DEBUG(1, (__location__ ": ERROR: pad length mismatch. " -+ "Calculated %u got %u\n", -+ (unsigned)data_and_pad, -+ (unsigned)auth->auth_pad_length)); -+ talloc_free(ndr); -+ ZERO_STRUCTP(auth); -+ return NT_STATUS_RPC_PROTOCOL_ERROR; -+ } -+ - if (auth_data_only && data_and_pad != auth->auth_pad_length) { -- DEBUG(1, (__location__ ": WARNING: pad length mismatch. " -+ DEBUG(1, (__location__ ": ERROR: pad length mismatch. " - "Calculated %u got %u\n", - (unsigned)data_and_pad, - (unsigned)auth->auth_pad_length)); -+ talloc_free(ndr); -+ ZERO_STRUCTP(auth); -+ return NT_STATUS_RPC_PROTOCOL_ERROR; - } - - DEBUG(6,(__location__ ": auth_pad_length %u\n", -@@ -152,6 +179,10 @@ NTSTATUS dcerpc_pull_auth_trailer(struct ncacn_packet *pkt, - talloc_steal(mem_ctx, auth->credentials.data); - talloc_free(ndr); - -+ if (_auth_length != NULL) { -+ *_auth_length = auth_length; -+ } -+ - return NT_STATUS_OK; - } - -diff --git a/librpc/rpc/rpc_common.h b/librpc/rpc/rpc_common.h -index fe8129d..98a2e95 100644 ---- a/librpc/rpc/rpc_common.h -+++ b/librpc/rpc/rpc_common.h -@@ -158,9 +158,9 @@ uint8_t dcerpc_get_endian_flag(DATA_BLOB *blob); - * - * @return - A NTSTATUS error code. - */ --NTSTATUS dcerpc_pull_auth_trailer(struct ncacn_packet *pkt, -+NTSTATUS dcerpc_pull_auth_trailer(const struct ncacn_packet *pkt, - TALLOC_CTX *mem_ctx, -- DATA_BLOB *pkt_trailer, -+ const DATA_BLOB *pkt_trailer, - struct dcerpc_auth *auth, - uint32_t *auth_length, - bool auth_data_only); --- -2.8.1 - - -From 397300d996299400842938131691fbbeb88c2c82 Mon Sep 17 00:00:00 2001 -From: Stefan Metzmacher metze@samba.org -Date: Mon, 29 Jun 2015 10:24:45 +0200 -Subject: [PATCH 03/40] CVE-2015-5370: s3:librpc/rpc: don't call - dcerpc_pull_auth_trailer() if auth_length is 0 -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -All other paranoia checks are done within dcerpc_pull_auth_trailer() -now. - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344 - -Signed-off-by: Stefan Metzmacher metze@samba.org -Reviewed-by: Günther Deschner gd@samba.org ---- - source3/librpc/rpc/dcerpc_helpers.c | 12 ++---------- - 1 file changed, 2 insertions(+), 10 deletions(-) - -diff --git a/source3/librpc/rpc/dcerpc_helpers.c b/source3/librpc/rpc/dcerpc_helpers.c -index 24f2f52..76f2acc 100644 ---- a/source3/librpc/rpc/dcerpc_helpers.c -+++ b/source3/librpc/rpc/dcerpc_helpers.c -@@ -899,16 +899,8 @@ NTSTATUS dcerpc_check_auth(struct pipe_auth_data *auth, - return NT_STATUS_INVALID_PARAMETER; - } - -- /* Paranioa checks for auth_length. */ -- if (pkt->auth_length > pkt->frag_length) { -- return NT_STATUS_INFO_LENGTH_MISMATCH; -- } -- if (((unsigned int)pkt->auth_length -- + DCERPC_AUTH_TRAILER_LENGTH < (unsigned int)pkt->auth_length) || -- ((unsigned int)pkt->auth_length -- + DCERPC_AUTH_TRAILER_LENGTH < DCERPC_AUTH_TRAILER_LENGTH)) { -- /* Integer wrap attempt. */ -- return NT_STATUS_INFO_LENGTH_MISMATCH; -+ if (pkt->auth_length == 0) { -+ return NT_STATUS_INVALID_PARAMETER; - } - - status = dcerpc_pull_auth_trailer(pkt, pkt, pkt_trailer, --- -2.8.1 - - -From faa20091b4a456a5e29f852561f6f5e9863860e0 Mon Sep 17 00:00:00 2001 -From: Stefan Metzmacher metze@samba.org -Date: Fri, 26 Jun 2015 08:10:46 +0200 -Subject: [PATCH 04/40] CVE-2015-5370: librpc/rpc: add a - dcerpc_verify_ncacn_packet_header() helper function -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344 - -Signed-off-by: Stefan Metzmacher metze@samba.org -Reviewed-by: Günther Deschner gd@samba.org -(cherry picked from commit 8266be48f455a5e541d0f7f62a1c8c38e0835976) ---- - librpc/rpc/dcerpc_util.c | 73 ++++++++++++++++++++++++++++++++++++++++++++++++ - librpc/rpc/rpc_common.h | 5 ++++ - 2 files changed, 78 insertions(+) - -diff --git a/librpc/rpc/dcerpc_util.c b/librpc/rpc/dcerpc_util.c -index f936ef4..2f599d5 100644 ---- a/librpc/rpc/dcerpc_util.c -+++ b/librpc/rpc/dcerpc_util.c -@@ -186,6 +186,79 @@ NTSTATUS dcerpc_pull_auth_trailer(const struct ncacn_packet *pkt, - return NT_STATUS_OK; - } - -+/** -+* @brief Verify the fields in ncacn_packet header. -+* -+* @param pkt - The ncacn_packet strcuture -+* @param ptype - The expected PDU type -+* @param max_auth_info - The maximum size of a possible auth trailer -+* @param required_flags - The required flags for the pdu. -+* @param optional_flags - The possible optional flags for the pdu. -+* -+* @return - A NTSTATUS error code. -+*/ -+NTSTATUS dcerpc_verify_ncacn_packet_header(const struct ncacn_packet *pkt, -+ enum dcerpc_pkt_type ptype, -+ size_t max_auth_info, -+ uint8_t required_flags, -+ uint8_t optional_flags) -+{ -+ if (pkt->rpc_vers != 5) { -+ return NT_STATUS_RPC_PROTOCOL_ERROR; -+ } -+ -+ if (pkt->rpc_vers_minor != 0) { -+ return NT_STATUS_RPC_PROTOCOL_ERROR; -+ } -+ -+ if (pkt->auth_length > pkt->frag_length) { -+ return NT_STATUS_RPC_PROTOCOL_ERROR; -+ } -+ -+ if (pkt->ptype != ptype) { -+ return NT_STATUS_RPC_PROTOCOL_ERROR; -+ } -+ -+ if (max_auth_info > UINT16_MAX) { -+ return NT_STATUS_INTERNAL_ERROR; -+ } -+ -+ if (pkt->auth_length > 0) { -+ size_t max_auth_length; -+ -+ if (max_auth_info <= DCERPC_AUTH_TRAILER_LENGTH) { -+ return NT_STATUS_RPC_PROTOCOL_ERROR; -+ } -+ max_auth_length = max_auth_info - DCERPC_AUTH_TRAILER_LENGTH; -+ -+ if (pkt->auth_length > max_auth_length) { -+ return NT_STATUS_RPC_PROTOCOL_ERROR; -+ } -+ } -+ -+ if ((pkt->pfc_flags & required_flags) != required_flags) { -+ return NT_STATUS_RPC_PROTOCOL_ERROR; -+ } -+ if (pkt->pfc_flags & ~(optional_flags|required_flags)) { -+ return NT_STATUS_RPC_PROTOCOL_ERROR; -+ } -+ -+ if (pkt->drep[0] & ~DCERPC_DREP_LE) { -+ return NT_STATUS_RPC_PROTOCOL_ERROR; -+ } -+ if (pkt->drep[1] != 0) { -+ return NT_STATUS_RPC_PROTOCOL_ERROR; -+ } -+ if (pkt->drep[2] != 0) { -+ return NT_STATUS_RPC_PROTOCOL_ERROR; -+ } -+ if (pkt->drep[3] != 0) { -+ return NT_STATUS_RPC_PROTOCOL_ERROR; -+ } -+ -+ return NT_STATUS_OK; -+} -+ - struct dcerpc_read_ncacn_packet_state { - #if 0 - struct { -diff --git a/librpc/rpc/rpc_common.h b/librpc/rpc/rpc_common.h -index 98a2e95..b3ae5b2 100644 ---- a/librpc/rpc/rpc_common.h -+++ b/librpc/rpc/rpc_common.h -@@ -164,6 +164,11 @@ NTSTATUS dcerpc_pull_auth_trailer(const struct ncacn_packet *pkt, - struct dcerpc_auth *auth, - uint32_t *auth_length, - bool auth_data_only); -+NTSTATUS dcerpc_verify_ncacn_packet_header(const struct ncacn_packet *pkt, -+ enum dcerpc_pkt_type ptype, -+ size_t max_auth_info, -+ uint8_t required_flags, -+ uint8_t optional_flags); - struct tevent_req *dcerpc_read_ncacn_packet_send(TALLOC_CTX *mem_ctx, - struct tevent_context *ev, - struct tstream_context *stream); --- -2.8.1 - - -From c176174588c1119a11066b6188ac50cd3c9603f4 Mon Sep 17 00:00:00 2001 -From: Stefan Metzmacher metze@samba.org -Date: Tue, 7 Jul 2015 13:05:01 +0200 -Subject: [PATCH 05/40] CVE-2015-5370: s3:rpc_client: move AS/U hack to the top - of cli_pipe_validate_current_pdu() -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344 - -Signed-off-by: Stefan Metzmacher metze@samba.org -Reviewed-by: Günther Deschner gd@samba.org -(cherry picked from commit 665b874b6022bfcdec3f13a9f5a844e5d1784aba) ---- - source3/rpc_client/cli_pipe.c | 24 +++++++++++++----------- - 1 file changed, 13 insertions(+), 11 deletions(-) - -diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c -index 5ddabb7..295b88f 100644 ---- a/source3/rpc_client/cli_pipe.c -+++ b/source3/rpc_client/cli_pipe.c -@@ -414,6 +414,19 @@ static NTSTATUS cli_pipe_validate_current_pdu(TALLOC_CTX *mem_ctx, - */ - *rdata = *pdu; - -+ if ((pkt->ptype == DCERPC_PKT_BIND_ACK) && -+ !(pkt->pfc_flags & DCERPC_PFC_FLAG_LAST)) { -+ /* -+ * TODO: do we still need this hack which was introduced -+ * in commit a42afcdcc7ab9aa9ed193ae36d3dbb10843447f0. -+ * -+ * I don't even know what AS/U might be... -+ */ -+ DEBUG(5, (__location__ ": bug in server (AS/U?), setting " -+ "fragment first/last ON.\n")); -+ pkt->pfc_flags |= DCERPC_PFC_FLAG_FIRST | DCERPC_PFC_FLAG_LAST; -+ } -+ - /* Ensure we have the correct type. */ - switch (pkt->ptype) { - case DCERPC_PKT_ALTER_RESP: -@@ -518,17 +531,6 @@ static NTSTATUS cli_pipe_validate_current_pdu(TALLOC_CTX *mem_ctx, - return NT_STATUS_RPC_PROTOCOL_ERROR; - } - -- /* Do this just before return - we don't want to modify any rpc header -- data before now as we may have needed to do cryptographic actions on -- it before. */ -- -- if ((pkt->ptype == DCERPC_PKT_BIND_ACK) && -- !(pkt->pfc_flags & DCERPC_PFC_FLAG_LAST)) { -- DEBUG(5, (__location__ ": bug in server (AS/U?), setting " -- "fragment first/last ON.\n")); -- pkt->pfc_flags |= DCERPC_PFC_FLAG_FIRST | DCERPC_PFC_FLAG_LAST; -- } -- - return NT_STATUS_OK; - } - --- -2.8.1 - - -From b9ae0068be4dfc6f7d09144c353689ab01955b93 Mon Sep 17 00:00:00 2001 -From: Stefan Metzmacher metze@samba.org -Date: Tue, 7 Jul 2015 13:05:01 +0200 -Subject: [PATCH 06/40] CVE-2015-5370: s3:rpc_client: remove useless - frag_length check in rpc_api_pipe_got_pdu() -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -dcerpc_pull_ncacn_packet() already verifies this. - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344 - -Signed-off-by: Stefan Metzmacher metze@samba.org -Reviewed-by: Günther Deschner gd@samba.org -(cherry picked from commit 9a3f045244b12ff9f77d2664396137c390042297) ---- - source3/rpc_client/cli_pipe.c | 8 -------- - 1 file changed, 8 deletions(-) - -diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c -index 295b88f..2787fbc 100644 ---- a/source3/rpc_client/cli_pipe.c -+++ b/source3/rpc_client/cli_pipe.c -@@ -898,14 +898,6 @@ static void rpc_api_pipe_got_pdu(struct tevent_req *subreq) - return; - } - -- if (state->incoming_frag.length != state->pkt->frag_length) { -- DEBUG(5, ("Incorrect pdu length %u, expected %u\n", -- (unsigned int)state->incoming_frag.length, -- (unsigned int)state->pkt->frag_length)); -- tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER); -- return; -- } -- - status = cli_pipe_validate_current_pdu(state, - state->cli, state->pkt, - &state->incoming_frag, --- -2.8.1 - - -From 05688274f03e6086e3ba4d7b4cb4409f9c4d9cb1 Mon Sep 17 00:00:00 2001 -From: Stefan Metzmacher metze@samba.org -Date: Fri, 26 Jun 2015 08:10:46 +0200 -Subject: [PATCH 07/40] CVE-2015-5370: s4:rpc_server: no authentication is - indicated by pkt->auth_length == 0 -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -pkt->u.*.auth_info.length is not the correct thing to check. - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344 - -Signed-off-by: Stefan Metzmacher metze@samba.org -Reviewed-by: Günther Deschner gd@samba.org -(packported from commit c0236de09e542dbb168969d8ae9f0c150a75198e) ---- - source4/rpc_server/dcesrv_auth.c | 23 ++++++++++++++--------- - 1 file changed, 14 insertions(+), 9 deletions(-) - -diff --git a/source4/rpc_server/dcesrv_auth.c b/source4/rpc_server/dcesrv_auth.c -index 1e6aa24..61f2176 100644 ---- a/source4/rpc_server/dcesrv_auth.c -+++ b/source4/rpc_server/dcesrv_auth.c -@@ -46,7 +46,7 @@ bool dcesrv_auth_bind(struct dcesrv_call_state *call) - NTSTATUS status; - uint32_t auth_length; - -- if (pkt->u.bind.auth_info.length == 0) { -+ if (pkt->auth_length == 0) { - dce_conn->auth_state.auth_info = NULL; - return true; - } -@@ -108,7 +108,7 @@ NTSTATUS dcesrv_auth_bind_ack(struct dcesrv_call_state *call, struct ncacn_packe - struct dcesrv_connection *dce_conn = call->conn; - NTSTATUS status; - -- if (!call->conn->auth_state.gensec_security) { -+ if (call->pkt.auth_length == 0) { - return NT_STATUS_OK; - } - -@@ -155,10 +155,16 @@ bool dcesrv_auth_auth3(struct dcesrv_call_state *call) - NTSTATUS status; - uint32_t auth_length; - -- /* We can't work without an existing gensec state, and an new blob to feed it */ -- if (!dce_conn->auth_state.auth_info || -- !dce_conn->auth_state.gensec_security || -- pkt->u.auth3.auth_info.length == 0) { -+ if (pkt->auth_length == 0) { -+ return false; -+ } -+ -+ if (!dce_conn->auth_state.auth_info) { -+ return false; -+ } -+ -+ /* We can't work without an existing gensec state */ -+ if (!dce_conn->auth_state.gensec_security) { - return false; - } - -@@ -203,7 +209,7 @@ bool dcesrv_auth_alter(struct dcesrv_call_state *call) - uint32_t auth_length; - - /* on a pure interface change there is no auth blob */ -- if (pkt->u.alter.auth_info.length == 0) { -+ if (pkt->auth_length == 0) { - return true; - } - -@@ -238,8 +244,7 @@ NTSTATUS dcesrv_auth_alter_ack(struct dcesrv_call_state *call, struct ncacn_pack - - /* on a pure interface change there is no auth_info structure - setup */ -- if (!call->conn->auth_state.auth_info || -- dce_conn->auth_state.auth_info->credentials.length == 0) { -+ if (call->pkt.auth_length == 0) { - return NT_STATUS_OK; - } - --- -2.8.1 - - -From 57230961cee9e82ab060b54b5fb8c2b19f672111 Mon Sep 17 00:00:00 2001 -From: Stefan Metzmacher metze@samba.org -Date: Sat, 27 Jun 2015 10:31:48 +0200 -Subject: [PATCH 08/40] CVE-2015-5370: s4:librpc/rpc: check pkt->auth_length - before calling dcerpc_pull_auth_trailer - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344 - -Signed-off-by: Ralph Boehme slow@samba.org -(backported from 630dcb55ad7a3a89bcd8643c98a5cdbfb8735ef7) ---- - source4/librpc/rpc/dcerpc.c | 13 ++++++++++--- - source4/rpc_server/dcesrv_auth.c | 5 +++++ - 2 files changed, 15 insertions(+), 3 deletions(-) - -diff --git a/source4/librpc/rpc/dcerpc.c b/source4/librpc/rpc/dcerpc.c -index 742d710..cfbccd6 100644 ---- a/source4/librpc/rpc/dcerpc.c -+++ b/source4/librpc/rpc/dcerpc.c -@@ -701,6 +701,14 @@ static NTSTATUS ncacn_pull_request_auth(struct dcecli_connection *c, TALLOC_CTX - return NT_STATUS_INVALID_LEVEL; - } - -+ if (pkt->auth_length == 0) { -+ return NT_STATUS_INVALID_NETWORK_RESPONSE; -+ } -+ -+ if (c->security_state.generic_state == NULL) { -+ return NT_STATUS_INTERNAL_ERROR; -+ } -+ - status = dcerpc_pull_auth_trailer(pkt, mem_ctx, - &pkt->u.response.stub_and_verifier, - &auth, &auth_length, false); -@@ -1074,7 +1082,7 @@ static void dcerpc_bind_recv_handler(struct rpc_request *req, - } - - /* the bind_ack might contain a reply set of credentials */ -- if (conn->security_state.auth_info && pkt->u.bind_ack.auth_info.length) { -+ if (conn->security_state.auth_info && pkt->auth_length) { - NTSTATUS status; - uint32_t auth_length; - status = dcerpc_pull_auth_trailer(pkt, conn, &pkt->u.bind_ack.auth_info, -@@ -1847,8 +1855,7 @@ static void dcerpc_alter_recv_handler(struct rpc_request *req, - } - - /* the alter_resp might contain a reply set of credentials */ -- if (recv_pipe->conn->security_state.auth_info && -- pkt->u.alter_resp.auth_info.length) { -+ if (recv_pipe->conn->security_state.auth_info && pkt->auth_length) { - struct dcecli_connection *conn = recv_pipe->conn; - NTSTATUS status; - uint32_t auth_length; -diff --git a/source4/rpc_server/dcesrv_auth.c b/source4/rpc_server/dcesrv_auth.c -index 61f2176..3051c1c 100644 ---- a/source4/rpc_server/dcesrv_auth.c -+++ b/source4/rpc_server/dcesrv_auth.c -@@ -320,6 +320,11 @@ bool dcesrv_auth_request(struct dcesrv_call_state *call, DATA_BLOB *full_packet) - return false; - } - -+ if (pkt->auth_length == 0) { -+ DEBUG(1,("dcesrv_auth_request: unexpected auth_length of 0\n")); -+ return false; -+ } -+ - status = dcerpc_pull_auth_trailer(pkt, call, - &pkt->u.request.stub_and_verifier, - &auth, &auth_length, false); --- -2.8.1 - - -From c35b0e37f7d37459f55d67a5037c08bea4d33acf Mon Sep 17 00:00:00 2001 -From: Stefan Metzmacher metze@samba.org -Date: Sun, 28 Jun 2015 01:19:57 +0200 -Subject: [PATCH 09/40] CVE-2015-5370: librpc/rpc: don't allow pkt->auth_length - == 0 in dcerpc_pull_auth_trailer() -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -All callers should have already checked that. - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344 - -Signed-off-by: Stefan Metzmacher metze@samba.org -Reviewed-by: Günther Deschner gd@samba.org -(cherry picked from commit 1ed83c7657a3b405db1928db06c29f41d2738186) ---- - librpc/rpc/dcerpc_util.c | 5 +++++ - 1 file changed, 5 insertions(+) - -diff --git a/librpc/rpc/dcerpc_util.c b/librpc/rpc/dcerpc_util.c -index 2f599d5..89b7597 100644 ---- a/librpc/rpc/dcerpc_util.c -+++ b/librpc/rpc/dcerpc_util.c -@@ -111,6 +111,11 @@ NTSTATUS dcerpc_pull_auth_trailer(const struct ncacn_packet *pkt, - } - - /* Paranoia checks for auth_length. The caller should check this... */ -+ if (pkt->auth_length == 0) { -+ return NT_STATUS_INTERNAL_ERROR; -+ } -+ -+ /* Paranoia checks for auth_length. The caller should check this... */ - if (pkt->auth_length > pkt->frag_length) { - return NT_STATUS_INTERNAL_ERROR; - } --- -2.8.1 - - -From 2341eb0cf8395b1fed628ee6779207d916827a5d Mon Sep 17 00:00:00 2001 -From: Stefan Metzmacher metze@samba.org -Date: Thu, 9 Jul 2015 07:59:24 +0200 -Subject: [PATCH 10/40] CVE-2015-5370: s3:librpc/rpc: remove auth trailer and - possible padding within dcerpc_check_auth() -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -This simplifies the callers a lot. - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344 - -Signed-off-by: Stefan Metzmacher metze@samba.org -Reviewed-by: Günther Deschner gd@samba.org -(cherry picked from commit df3cdf072d1c1e6fd0a58e0374348758f5c65a49) ---- - source3/librpc/rpc/dcerpc.h | 5 ++--- - source3/librpc/rpc/dcerpc_helpers.c | 31 ++++++++++++++++++++----------- - source3/rpc_client/cli_pipe.c | 33 ++++++++++----------------------- - source3/rpc_server/srv_pipe.c | 17 +---------------- - 4 files changed, 33 insertions(+), 53 deletions(-) - -diff --git a/source3/librpc/rpc/dcerpc.h b/source3/librpc/rpc/dcerpc.h -index d14d8e0..e7cca9e 100644 ---- a/source3/librpc/rpc/dcerpc.h -+++ b/source3/librpc/rpc/dcerpc.h -@@ -85,9 +85,8 @@ NTSTATUS dcerpc_add_auth_footer(struct pipe_auth_data *auth, - NTSTATUS dcerpc_check_auth(struct pipe_auth_data *auth, - struct ncacn_packet *pkt, - DATA_BLOB *pkt_trailer, -- size_t header_size, -- DATA_BLOB *raw_pkt, -- size_t *pad_len); -+ uint8_t header_size, -+ DATA_BLOB *raw_pkt); - - /* The following definitions come from librpc/rpc/rpc_common.c */ - -diff --git a/source3/librpc/rpc/dcerpc_helpers.c b/source3/librpc/rpc/dcerpc_helpers.c -index 76f2acc..d871339 100644 ---- a/source3/librpc/rpc/dcerpc_helpers.c -+++ b/source3/librpc/rpc/dcerpc_helpers.c -@@ -844,19 +844,18 @@ NTSTATUS dcerpc_add_auth_footer(struct pipe_auth_data *auth, - * - * @param auth The auth data for the connection - * @param pkt The actual ncacn_packet --* @param pkt_trailer The stub_and_verifier part of the packet -+* @param pkt_trailer [in][out] The stub_and_verifier part of the packet, -+* the auth_trailer and padding will be removed. - * @param header_size The header size - * @param raw_pkt The whole raw packet data blob --* @param pad_len [out] The padding length used in the packet - * - * @return A NTSTATUS error code - */ - NTSTATUS dcerpc_check_auth(struct pipe_auth_data *auth, - struct ncacn_packet *pkt, - DATA_BLOB *pkt_trailer, -- size_t header_size, -- DATA_BLOB *raw_pkt, -- size_t *pad_len) -+ uint8_t header_size, -+ DATA_BLOB *raw_pkt) - { - struct schannel_state *schannel_auth; - struct auth_ntlmssp_state *ntlmssp_ctx; -@@ -868,6 +867,14 @@ NTSTATUS dcerpc_check_auth(struct pipe_auth_data *auth, - DATA_BLOB full_pkt; - DATA_BLOB data; - -+ /* -+ * These check should be done in the caller. -+ */ -+ SMB_ASSERT(raw_pkt->length == pkt->frag_length); -+ SMB_ASSERT(header_size <= pkt->frag_length); -+ SMB_ASSERT(pkt_trailer->length < pkt->frag_length); -+ SMB_ASSERT((pkt_trailer->length + header_size) <= pkt->frag_length); -+ - switch (auth->auth_level) { - case DCERPC_AUTH_LEVEL_PRIVACY: - DEBUG(10, ("Requested Privacy.\n")); -@@ -881,7 +888,6 @@ NTSTATUS dcerpc_check_auth(struct pipe_auth_data *auth, - if (pkt->auth_length != 0) { - break; - } -- *pad_len = 0; - return NT_STATUS_OK; - - case DCERPC_AUTH_LEVEL_NONE: -@@ -890,7 +896,6 @@ NTSTATUS dcerpc_check_auth(struct pipe_auth_data *auth, - "authenticated connection!\n")); - return NT_STATUS_INVALID_PARAMETER; - } -- *pad_len = 0; - return NT_STATUS_OK; - - default: -@@ -909,10 +914,11 @@ NTSTATUS dcerpc_check_auth(struct pipe_auth_data *auth, - return status; - } - -+ pkt_trailer->length -= auth_length; - data = data_blob_const(raw_pkt->data + header_size, -- pkt_trailer->length - auth_length); -- full_pkt = data_blob_const(raw_pkt->data, -- raw_pkt->length - auth_info.credentials.length); -+ pkt_trailer->length); -+ full_pkt = data_blob_const(raw_pkt->data, raw_pkt->length); -+ full_pkt.length -= auth_info.credentials.length; - - switch (auth->auth_type) { - case DCERPC_AUTH_TYPE_NONE: -@@ -988,10 +994,13 @@ NTSTATUS dcerpc_check_auth(struct pipe_auth_data *auth, - * pkt_trailer actually has a copy of the raw data, and they - * are still both used in later calls */ - if (auth->auth_level == DCERPC_AUTH_LEVEL_PRIVACY) { -+ if (pkt_trailer->length != data.length) { -+ return NT_STATUS_INVALID_PARAMETER; -+ } - memcpy(pkt_trailer->data, data.data, data.length); - } - -- *pad_len = auth_info.auth_pad_length; -+ pkt_trailer->length -= auth_info.auth_pad_length; - data_blob_free(&auth_info.credentials); - return NT_STATUS_OK; - } -diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c -index 2787fbc..776e2bf 100644 ---- a/source3/rpc_client/cli_pipe.c -+++ b/source3/rpc_client/cli_pipe.c -@@ -404,9 +404,9 @@ static NTSTATUS cli_pipe_validate_current_pdu(TALLOC_CTX *mem_ctx, - DATA_BLOB *rdata, - DATA_BLOB *reply_pdu) - { -- struct dcerpc_response *r; -+ const struct dcerpc_response *r = NULL; -+ DATA_BLOB tmp_stub = data_blob_null; - NTSTATUS ret = NT_STATUS_OK; -- size_t pad_len = 0; - - /* - * Point the return values at the real data including the RPC -@@ -440,37 +440,24 @@ static NTSTATUS cli_pipe_validate_current_pdu(TALLOC_CTX *mem_ctx, - - r = &pkt->u.response; - -+ tmp_stub.data = r->stub_and_verifier.data; -+ tmp_stub.length = r->stub_and_verifier.length; -+ - /* Here's where we deal with incoming sign/seal. */ - ret = dcerpc_check_auth(cli->auth, pkt, -- &r->stub_and_verifier, -+ &tmp_stub, - DCERPC_RESPONSE_LENGTH, -- pdu, &pad_len); -+ pdu); - if (!NT_STATUS_IS_OK(ret)) { - return ret; - } - -- if (pkt->frag_length < DCERPC_RESPONSE_LENGTH + pad_len) { -- return NT_STATUS_BUFFER_TOO_SMALL; -- } -- - /* Point the return values at the NDR data. */ -- rdata->data = r->stub_and_verifier.data; -- -- if (pkt->auth_length) { -- /* We've already done integer wrap tests in -- * dcerpc_check_auth(). */ -- rdata->length = r->stub_and_verifier.length -- - pad_len -- - DCERPC_AUTH_TRAILER_LENGTH -- - pkt->auth_length; -- } else { -- rdata->length = r->stub_and_verifier.length; -- } -+ *rdata = tmp_stub; - -- DEBUG(10, ("Got pdu len %lu, data_len %lu, ss_len %u\n", -+ DEBUG(10, ("Got pdu len %lu, data_len %lu\n", - (long unsigned int)pdu->length, -- (long unsigned int)rdata->length, -- (unsigned int)pad_len)); -+ (long unsigned int)rdata->length)); - - /* - * If this is the first reply, and the allocation hint is -diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c -index 964b843..0ab7dc6 100644 ---- a/source3/rpc_server/srv_pipe.c -+++ b/source3/rpc_server/srv_pipe.c -@@ -1848,7 +1848,6 @@ static NTSTATUS dcesrv_auth_request(struct pipe_auth_data *auth, - { - NTSTATUS status; - size_t hdr_size = DCERPC_REQUEST_LENGTH; -- size_t pad_len; - - DEBUG(10, ("Checking request auth.\n")); - -@@ -1859,25 +1858,11 @@ static NTSTATUS dcesrv_auth_request(struct pipe_auth_data *auth, - /* in case of sealing this function will unseal the data in place */ - status = dcerpc_check_auth(auth, pkt, - &pkt->u.request.stub_and_verifier, -- hdr_size, raw_pkt, -- &pad_len); -+ hdr_size, raw_pkt); - if (!NT_STATUS_IS_OK(status)) { - return status; - } - -- -- /* remove padding and auth trailer, -- * this way the caller will get just the data */ -- if (pkt->auth_length) { -- size_t trail_len = pad_len -- + DCERPC_AUTH_TRAILER_LENGTH -- + pkt->auth_length; -- if (pkt->u.request.stub_and_verifier.length < trail_len) { -- return NT_STATUS_INFO_LENGTH_MISMATCH; -- } -- pkt->u.request.stub_and_verifier.length -= trail_len; -- } -- - return NT_STATUS_OK; - } - --- -2.8.1 - - -From 9ecba8f4635aa5dbd42e4838ce124a92395b64ab Mon Sep 17 00:00:00 2001 -From: Stefan Metzmacher metze@samba.org -Date: Thu, 9 Jul 2015 07:59:24 +0200 -Subject: [PATCH 11/40] CVE-2015-5370: s3:librpc/rpc: let dcerpc_check_auth() - auth_{type,level} against the expected values. -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344 - -Signed-off-by: Stefan Metzmacher metze@samba.org -Reviewed-by: Günther Deschner gd@samba.org -(cherry picked from commit 19f489d32c03ff5fafd34fe86a075d782af1989a) ---- - source3/librpc/rpc/dcerpc_helpers.c | 8 ++++++++ - 1 file changed, 8 insertions(+) - -diff --git a/source3/librpc/rpc/dcerpc_helpers.c b/source3/librpc/rpc/dcerpc_helpers.c -index d871339..c07835f 100644 ---- a/source3/librpc/rpc/dcerpc_helpers.c -+++ b/source3/librpc/rpc/dcerpc_helpers.c -@@ -914,6 +914,14 @@ NTSTATUS dcerpc_check_auth(struct pipe_auth_data *auth, - return status; - } - -+ if (auth_info.auth_type != auth->auth_type) { -+ return NT_STATUS_INVALID_PARAMETER; -+ } -+ -+ if (auth_info.auth_level != auth->auth_level) { -+ return NT_STATUS_INVALID_PARAMETER; -+ } -+ - pkt_trailer->length -= auth_length; - data = data_blob_const(raw_pkt->data + header_size, - pkt_trailer->length); --- -2.8.1 - - -From 765c10dacf39a3c06c6b12651c205ac270e7fcea Mon Sep 17 00:00:00 2001 -From: Stefan Metzmacher metze@samba.org -Date: Tue, 7 Jul 2015 13:05:01 +0200 -Subject: [PATCH 12/40] CVE-2015-5370: s3:rpc_client: make use of - dcerpc_pull_auth_trailer() -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -The does much more validation than dcerpc_pull_dcerpc_auth(). - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344 - -Signed-off-by: Stefan Metzmacher metze@samba.org -Reviewed-by: Günther Deschner gd@samba.org -(cherry picked from commit acea87f158f02c3240abff45c3e54c7d5fa60b29) ---- - source3/rpc_client/cli_pipe.c | 20 ++++++-------------- - 1 file changed, 6 insertions(+), 14 deletions(-) - -diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c -index 776e2bf..27e37f8 100644 ---- a/source3/rpc_client/cli_pipe.c -+++ b/source3/rpc_client/cli_pipe.c -@@ -1938,20 +1938,15 @@ static void rpc_pipe_bind_step_one_done(struct tevent_req *subreq) - rpc_pipe_bind_step_two_trigger(req); - return; - -- case DCERPC_AUTH_TYPE_NTLMSSP: -- case DCERPC_AUTH_TYPE_SPNEGO: -- case DCERPC_AUTH_TYPE_KRB5: -- /* Paranoid lenght checks */ -- if (pkt->frag_length < DCERPC_AUTH_TRAILER_LENGTH -- + pkt->auth_length) { -- tevent_req_nterror(req, -- NT_STATUS_INFO_LENGTH_MISMATCH); -+ default: -+ if (pkt->auth_length == 0) { -+ tevent_req_nterror(req, NT_STATUS_RPC_PROTOCOL_ERROR); - return; - } - /* get auth credentials */ -- status = dcerpc_pull_dcerpc_auth(talloc_tos(), -- &pkt->u.bind_ack.auth_info, -- &auth, false); -+ status = dcerpc_pull_auth_trailer(pkt, talloc_tos(), -+ &pkt->u.bind_ack.auth_info, -+ &auth, NULL, true); - if (!NT_STATUS_IS_OK(status)) { - DEBUG(0, ("Failed to pull dcerpc auth: %s.\n", - nt_errstr(status))); -@@ -1959,9 +1954,6 @@ static void rpc_pipe_bind_step_one_done(struct tevent_req *subreq) - return; - } - break; -- -- default: -- goto err_out; - } - - /* --- -2.8.1 - - -From b58616bbcc810b076e5fd9dd976272847f832b06 Mon Sep 17 00:00:00 2001 -From: Stefan Metzmacher metze@samba.org -Date: Tue, 7 Jul 2015 13:05:01 +0200 -Subject: [PATCH 13/40] CVE-2015-5370: s3:rpc_client: make use of - dcerpc_verify_ncacn_packet_header() in cli_pipe_validate_current_pdu() -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344 - -Signed-off-by: Stefan Metzmacher metze@samba.org -Reviewed-by: Günther Deschner gd@samba.org -(cherry picked from commit 81bbffa14f5f6faa9801a3bf2d564d2762d49bb6) ---- - source3/rpc_client/cli_pipe.c | 111 ++++++++++++++++++++++++++++++++++++------ - 1 file changed, 96 insertions(+), 15 deletions(-) - -diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c -index 27e37f8..6a22d38 100644 ---- a/source3/rpc_client/cli_pipe.c -+++ b/source3/rpc_client/cli_pipe.c -@@ -429,17 +429,89 @@ static NTSTATUS cli_pipe_validate_current_pdu(TALLOC_CTX *mem_ctx, - - /* Ensure we have the correct type. */ - switch (pkt->ptype) { -- case DCERPC_PKT_ALTER_RESP: -+ case DCERPC_PKT_BIND_NAK: -+ DEBUG(1, (__location__ ": Bind NACK received from %s!\n", -+ rpccli_pipe_txt(talloc_tos(), cli))); -+ -+ ret = dcerpc_verify_ncacn_packet_header(pkt, -+ DCERPC_PKT_BIND_NAK, -+ 0, /* max_auth_info */ -+ DCERPC_PFC_FLAG_FIRST | -+ DCERPC_PFC_FLAG_LAST, -+ 0); /* optional flags */ -+ if (!NT_STATUS_IS_OK(ret)) { -+ DEBUG(1, (__location__ ": Connection to %s got an unexpected " -+ "RPC packet type - %u, expected %u: %s\n", -+ rpccli_pipe_txt(talloc_tos(), cli), -+ pkt->ptype, expected_pkt_type, -+ nt_errstr(ret))); -+ NDR_PRINT_DEBUG(ncacn_packet, pkt); -+ return ret; -+ } -+ -+ /* Use this for now... */ -+ return NT_STATUS_NETWORK_ACCESS_DENIED; -+ - case DCERPC_PKT_BIND_ACK: -+ ret = dcerpc_verify_ncacn_packet_header(pkt, -+ expected_pkt_type, -+ pkt->u.bind_ack.auth_info.length, -+ DCERPC_PFC_FLAG_FIRST | -+ DCERPC_PFC_FLAG_LAST, -+ DCERPC_PFC_FLAG_CONC_MPX | -+ DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN); -+ if (!NT_STATUS_IS_OK(ret)) { -+ DEBUG(1, (__location__ ": Connection to %s got an unexpected " -+ "RPC packet type - %u, expected %u: %s\n", -+ rpccli_pipe_txt(talloc_tos(), cli), -+ pkt->ptype, expected_pkt_type, -+ nt_errstr(ret))); -+ NDR_PRINT_DEBUG(ncacn_packet, pkt); -+ return ret; -+ } - -- /* Client code never receives this kind of packets */ - break; - -+ case DCERPC_PKT_ALTER_RESP: -+ ret = dcerpc_verify_ncacn_packet_header(pkt, -+ expected_pkt_type, -+ pkt->u.alter_resp.auth_info.length, -+ DCERPC_PFC_FLAG_FIRST | -+ DCERPC_PFC_FLAG_LAST, -+ DCERPC_PFC_FLAG_CONC_MPX | -+ DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN); -+ if (!NT_STATUS_IS_OK(ret)) { -+ DEBUG(1, (__location__ ": Connection to %s got an unexpected " -+ "RPC packet type - %u, expected %u: %s\n", -+ rpccli_pipe_txt(talloc_tos(), cli), -+ pkt->ptype, expected_pkt_type, -+ nt_errstr(ret))); -+ NDR_PRINT_DEBUG(ncacn_packet, pkt); -+ return ret; -+ } -+ -+ break; - - case DCERPC_PKT_RESPONSE: - - r = &pkt->u.response; - -+ ret = dcerpc_verify_ncacn_packet_header(pkt, -+ expected_pkt_type, -+ r->stub_and_verifier.length, -+ 0, /* required_flags */ -+ DCERPC_PFC_FLAG_FIRST | -+ DCERPC_PFC_FLAG_LAST); -+ if (!NT_STATUS_IS_OK(ret)) { -+ DEBUG(1, (__location__ ": Connection to %s got an unexpected " -+ "RPC packet type - %u, expected %u: %s\n", -+ rpccli_pipe_txt(talloc_tos(), cli), -+ pkt->ptype, expected_pkt_type, -+ nt_errstr(ret))); -+ NDR_PRINT_DEBUG(ncacn_packet, pkt); -+ return ret; -+ } -+ - tmp_stub.data = r->stub_and_verifier.data; - tmp_stub.length = r->stub_and_verifier.length; - -@@ -449,6 +521,12 @@ static NTSTATUS cli_pipe_validate_current_pdu(TALLOC_CTX *mem_ctx, - DCERPC_RESPONSE_LENGTH, - pdu); - if (!NT_STATUS_IS_OK(ret)) { -+ DEBUG(1, (__location__ ": Connection to %s got an unexpected " -+ "RPC packet type - %u, expected %u: %s\n", -+ rpccli_pipe_txt(talloc_tos(), cli), -+ pkt->ptype, expected_pkt_type, -+ nt_errstr(ret))); -+ NDR_PRINT_DEBUG(ncacn_packet, pkt); - return ret; - } - -@@ -478,14 +556,24 @@ static NTSTATUS cli_pipe_validate_current_pdu(TALLOC_CTX *mem_ctx, - - break; - -- case DCERPC_PKT_BIND_NAK: -- DEBUG(1, (__location__ ": Bind NACK received from %s!\n", -- rpccli_pipe_txt(talloc_tos(), cli))); -- /* Use this for now... */ -- return NT_STATUS_NETWORK_ACCESS_DENIED; -- - case DCERPC_PKT_FAULT: - -+ ret = dcerpc_verify_ncacn_packet_header(pkt, -+ DCERPC_PKT_FAULT, -+ 0, /* max_auth_info */ -+ DCERPC_PFC_FLAG_FIRST | -+ DCERPC_PFC_FLAG_LAST, -+ DCERPC_PFC_FLAG_DID_NOT_EXECUTE); -+ if (!NT_STATUS_IS_OK(ret)) { -+ DEBUG(1, (__location__ ": Connection to %s got an unexpected " -+ "RPC packet type - %u, expected %u: %s\n", -+ rpccli_pipe_txt(talloc_tos(), cli), -+ pkt->ptype, expected_pkt_type, -+ nt_errstr(ret))); -+ NDR_PRINT_DEBUG(ncacn_packet, pkt); -+ return ret; -+ } -+ - DEBUG(1, (__location__ ": RPC fault code %s received " - "from %s!\n", - dcerpc_errstr(talloc_tos(), -@@ -502,13 +590,6 @@ static NTSTATUS cli_pipe_validate_current_pdu(TALLOC_CTX *mem_ctx, - return NT_STATUS_RPC_PROTOCOL_ERROR; - } - -- if (pkt->ptype != expected_pkt_type) { -- DEBUG(3, (__location__ ": Connection to %s got an unexpected " -- "RPC packet type - %u, not %u\n", -- rpccli_pipe_txt(talloc_tos(), cli), -- pkt->ptype, expected_pkt_type)); -- return NT_STATUS_RPC_PROTOCOL_ERROR; -- } - - if (pkt->call_id != call_id) { - DEBUG(3, (__location__ ": Connection to %s got an unexpected " --- -2.8.1 - - -From 3e03b1e6d5b20c14d53763f22442bf510a8d6dcd Mon Sep 17 00:00:00 2001 -From: Stefan Metzmacher metze@samba.org -Date: Fri, 10 Jul 2015 14:48:38 +0200 -Subject: [PATCH 14/40] CVE-2015-5370: s3:rpc_client: protect - rpc_api_pipe_got_pdu() against too large payloads -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344 - -Signed-off-by: Stefan Metzmacher metze@samba.org -Reviewed-by: Günther Deschner gd@samba.org -(cherry picked from commit 98182969e761429e577064e1a0fd5cbc6b50d7d9) ---- - source3/rpc_client/cli_pipe.c | 5 +++++ - 1 file changed, 5 insertions(+) - -diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c -index 6a22d38..755b458 100644 ---- a/source3/rpc_client/cli_pipe.c -+++ b/source3/rpc_client/cli_pipe.c -@@ -1007,6 +1007,11 @@ static void rpc_api_pipe_got_pdu(struct tevent_req *subreq) - return; - } - -+ if (state->reply_pdu_offset + rdata.length > MAX_RPC_DATA_SIZE) { -+ tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER); -+ return; -+ } -+ - /* Now copy the data portion out of the pdu into rbuf. */ - if (state->reply_pdu.length < state->reply_pdu_offset + rdata.length) { - if (!data_blob_realloc(NULL, &state->reply_pdu, --- -2.8.1 - - -From fa884c266be5d808d19955f92921417f435b2957 Mon Sep 17 00:00:00 2001 -From: Stefan Metzmacher metze@samba.org -Date: Tue, 7 Jul 2015 22:51:18 +0200 -Subject: [PATCH 15/40] CVE-2015-5370: s3:rpc_client: verify auth_{type,level} - in rpc_pipe_bind_step_one_done() -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344 - -Signed-off-by: Stefan Metzmacher metze@samba.org -Reviewed-by: Günther Deschner gd@samba.org -(cherry picked from commit df51c22bea7fbf906613ceb160f16f298b2e3106) ---- - source3/rpc_client/cli_pipe.c | 15 +++++++++++++++ - 1 file changed, 15 insertions(+) - -diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c -index 755b458..1c4ff01 100644 ---- a/source3/rpc_client/cli_pipe.c -+++ b/source3/rpc_client/cli_pipe.c -@@ -2039,6 +2039,21 @@ static void rpc_pipe_bind_step_one_done(struct tevent_req *subreq) - tevent_req_nterror(req, status); - return; - } -+ -+ if (auth.auth_type != pauth->auth_type) { -+ DEBUG(0, (__location__ " Auth type %u mismatch expected %u.\n", -+ auth.auth_type, pauth->auth_type)); -+ tevent_req_nterror(req, NT_STATUS_RPC_PROTOCOL_ERROR); -+ return; -+ } -+ -+ if (auth.auth_level != pauth->auth_level) { -+ DEBUG(0, (__location__ " Auth level %u mismatch expected %u.\n", -+ auth.auth_level, pauth->auth_level)); -+ tevent_req_nterror(req, NT_STATUS_RPC_PROTOCOL_ERROR); -+ return; -+ } -+ - break; - } - --- -2.8.1 - - -From 6d2767ad8b084590c572e90d1985ca6d7d36b188 Mon Sep 17 00:00:00 2001 -From: Stefan Metzmacher metze@samba.org -Date: Tue, 7 Jul 2015 13:05:01 +0200 -Subject: [PATCH 16/40] CVE-2015-5370: s3:rpc_server: make use of - dcerpc_pull_auth_trailer() in api_pipe_{bind_req,alter_context,bind_auth3}() -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344 - -Signed-off-by: Stefan Metzmacher metze@samba.org -Reviewed-by: Günther Deschner gd@samba.org -(cherry picked from commit 2a92546590a78760d2fe0e63067a3888dbce53be) ---- - source3/rpc_server/srv_pipe.c | 62 +++++++++---------------------------------- - 1 file changed, 13 insertions(+), 49 deletions(-) - -diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c -index 0ab7dc6..40b1b8e 100644 ---- a/source3/rpc_server/srv_pipe.c -+++ b/source3/rpc_server/srv_pipe.c -@@ -1012,25 +1012,12 @@ static bool api_pipe_bind_req(struct pipes_struct *p, - * Check if this is an authenticated bind request. - */ - if (pkt->auth_length) { -- /* Quick length check. Won't catch a bad auth footer, -- * prevents overrun. */ -- -- if (pkt->frag_length < RPC_HEADER_LEN + -- DCERPC_AUTH_TRAILER_LENGTH + -- pkt->auth_length) { -- DEBUG(0,("api_pipe_bind_req: auth_len (%u) " -- "too long for fragment %u.\n", -- (unsigned int)pkt->auth_length, -- (unsigned int)pkt->frag_length)); -- goto err_exit; -- } -- - /* - * Decode the authentication verifier. - */ -- status = dcerpc_pull_dcerpc_auth(pkt, -- &pkt->u.bind.auth_info, -- &auth_info, p->endian); -+ status = dcerpc_pull_auth_trailer(pkt, pkt, -+ &pkt->u.bind.auth_info, -+ &auth_info, NULL, true); - if (!NT_STATUS_IS_OK(status)) { - DEBUG(0, ("Unable to unmarshall dcerpc_auth.\n")); - goto err_exit; -@@ -1233,23 +1220,13 @@ bool api_pipe_bind_auth3(struct pipes_struct *p, struct ncacn_packet *pkt) - goto err; - } - -- /* Ensure there's enough data for an authenticated request. */ -- if (pkt->frag_length < RPC_HEADER_LEN -- + DCERPC_AUTH_TRAILER_LENGTH -- + pkt->auth_length) { -- DEBUG(0,("api_pipe_ntlmssp_auth_process: auth_len " -- "%u is too large.\n", -- (unsigned int)pkt->auth_length)); -- goto err; -- } -- - /* - * Decode the authentication verifier response. - */ - -- status = dcerpc_pull_dcerpc_auth(pkt, -- &pkt->u.auth3.auth_info, -- &auth_info, p->endian); -+ status = dcerpc_pull_auth_trailer(pkt, pkt, -+ &pkt->u.auth3.auth_info, -+ &auth_info, NULL, true); - if (!NT_STATUS_IS_OK(status)) { - DEBUG(0, ("Failed to unmarshall dcerpc_auth.\n")); - goto err; -@@ -1382,34 +1359,21 @@ static bool api_pipe_alter_context(struct pipes_struct *p, - * Check if this is an authenticated alter context request. - */ - if (pkt->auth_length) { -- /* Quick length check. Won't catch a bad auth footer, -- * prevents overrun. */ -- -- if (pkt->frag_length < RPC_HEADER_LEN + -- DCERPC_AUTH_TRAILER_LENGTH + -- pkt->auth_length) { -- DEBUG(0,("api_pipe_alter_context: auth_len (%u) " -- "too long for fragment %u.\n", -- (unsigned int)pkt->auth_length, -- (unsigned int)pkt->frag_length )); -+ /* We can only finish if the pipe is unbound for now */ -+ if (p->pipe_bound) { -+ DEBUG(0, (__location__ ": Pipe already bound, " -+ "Altering Context not yet supported!\n")); - goto err_exit; - } - -- status = dcerpc_pull_dcerpc_auth(pkt, -- &pkt->u.bind.auth_info, -- &auth_info, p->endian); -+ status = dcerpc_pull_auth_trailer(pkt, pkt, -+ &pkt->u.bind.auth_info, -+ &auth_info, NULL, true); - if (!NT_STATUS_IS_OK(status)) { - DEBUG(0, ("Unable to unmarshall dcerpc_auth.\n")); - goto err_exit; - } - -- /* We can only finish if the pipe is unbound for now */ -- if (p->pipe_bound) { -- DEBUG(0, (__location__ ": Pipe already bound, " -- "Altering Context not yet supported!\n")); -- goto err_exit; -- } -- - if (auth_info.auth_type != p->auth.auth_type) { - DEBUG(0, ("Auth type mismatch! Client sent %d, " - "but auth was started as type %d!\n", --- -2.8.1 - - -From 7400ac11282d540d4f5f80d0f58ec99beabb7d8e Mon Sep 17 00:00:00 2001 -From: Stefan Metzmacher metze@samba.org -Date: Wed, 23 Dec 2015 12:38:55 +0100 -Subject: [PATCH 17/40] CVE-2015-5370: s3:rpc_server: let a failing - sec_verification_trailer mark the connection as broken - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344 - -Signed-off-by: Stefan Metzmacher metze@samba.org -(cherry picked from commit 189c0fbb7a3405f0893f23e5b8d755d259f98eaf) ---- - source3/rpc_server/srv_pipe.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c -index 40b1b8e..da9b91c 100644 ---- a/source3/rpc_server/srv_pipe.c -+++ b/source3/rpc_server/srv_pipe.c -@@ -1663,6 +1663,7 @@ static bool api_pipe_request(struct pipes_struct *p, - - if (!srv_pipe_check_verification_trailer(p, pkt, pipe_fns)) { - DEBUG(1, ("srv_pipe_check_verification_trailer: failed\n")); -+ set_incoming_fault(p); - setup_fault_pdu(p, NT_STATUS(DCERPC_FAULT_ACCESS_DENIED)); - data_blob_free(&p->out_data.rdata); - TALLOC_FREE(frame); --- -2.8.1 - - -From 55da4653f5986989e46be6320f96590f8ebb4ef7 Mon Sep 17 00:00:00 2001 -From: Stefan Metzmacher metze@samba.org -Date: Tue, 7 Jul 2015 13:05:01 +0200 -Subject: [PATCH 18/40] CVE-2015-5370: s3:rpc_server: don't ignore failures of - dcerpc_push_ncacn_packet() -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344 - -Signed-off-by: Stefan Metzmacher metze@samba.org -Reviewed-by: Günther Deschner gd@samba.org -(cherry picked from commit 25bf597124f217c55b5ca71a5ea9cb0ea83943e5) ---- - source3/rpc_server/srv_pipe.c | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c -index da9b91c..71b4665 100644 ---- a/source3/rpc_server/srv_pipe.c -+++ b/source3/rpc_server/srv_pipe.c -@@ -1152,6 +1152,7 @@ static bool api_pipe_bind_req(struct pipes_struct *p, - if (!NT_STATUS_IS_OK(status)) { - DEBUG(0, ("Failed to marshall bind_ack packet. (%s)\n", - nt_errstr(status))); -+ goto err_exit; - } - - if (auth_resp.length) { -@@ -1469,6 +1470,7 @@ static bool api_pipe_alter_context(struct pipes_struct *p, - if (!NT_STATUS_IS_OK(status)) { - DEBUG(0, ("Failed to marshall bind_ack packet. (%s)\n", - nt_errstr(status))); -+ goto err_exit; - } - - if (auth_resp.length) { --- -2.8.1 - - -From 893c840a1aac6711a081eb8e25f2c2a6078fc373 Mon Sep 17 00:00:00 2001 -From: Stefan Metzmacher metze@samba.org -Date: Tue, 7 Jul 2015 13:05:01 +0200 -Subject: [PATCH 19/40] CVE-2015-5370: s3:rpc_server: don't allow auth3 if the - authentication was already finished -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344 - -Signed-off-by: Stefan Metzmacher metze@samba.org -Reviewed-by: Günther Deschner gd@samba.org -(cherry picked from commit 69280e6acef7c3941407d4308b659c5e90ed702d) ---- - source3/rpc_server/srv_pipe.c | 9 ++++++++- - 1 file changed, 8 insertions(+), 1 deletion(-) - -diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c -index 71b4665..4e5b50d4 100644 ---- a/source3/rpc_server/srv_pipe.c -+++ b/source3/rpc_server/srv_pipe.c -@@ -1216,8 +1216,15 @@ bool api_pipe_bind_auth3(struct pipes_struct *p, struct ncacn_packet *pkt) - - DEBUG(5, ("api_pipe_bind_auth3: decode request. %d\n", __LINE__)); - -+ /* We can only finish if the pipe is unbound for now */ -+ if (p->pipe_bound) { -+ DEBUG(0, (__location__ ": Pipe already bound, " -+ "AUTH3 not supported!\n")); -+ goto err; -+ } -+ - if (pkt->auth_length == 0) { -- DEBUG(0, ("No auth field sent for bind request!\n")); -+ DEBUG(1, ("No auth field sent for auth3 request!\n")); - goto err; - } - --- -2.8.1 - - -From a66baed0c65b7acb4d76ef9ea3ae1248a6b5773a Mon Sep 17 00:00:00 2001 -From: Stefan Metzmacher metze@samba.org -Date: Tue, 14 Jul 2015 16:18:45 +0200 -Subject: [PATCH 20/40] CVE-2015-5370: s3:rpc_server: let a failing auth3 mark - the authentication as invalid -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344 - -Signed-off-by: Stefan Metzmacher metze@samba.org -Reviewed-by: Günther Deschner gd@samba.org -(cherry picked from commit 8c96ef7b4fbd925607b26d351b14ad9a95febd88) ---- - source3/rpc_server/srv_pipe.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c -index 4e5b50d4..d28ba8e 100644 ---- a/source3/rpc_server/srv_pipe.c -+++ b/source3/rpc_server/srv_pipe.c -@@ -1304,7 +1304,7 @@ bool api_pipe_bind_auth3(struct pipes_struct *p, struct ncacn_packet *pkt) - return true; - - err: -- -+ p->pipe_bound = false; - TALLOC_FREE(p->auth.auth_ctx); - return false; - } --- -2.8.1 - - -From e47becdf2c03d68662ab998c4608adb371ca2f08 Mon Sep 17 00:00:00 2001 -From: Stefan Metzmacher metze@samba.org -Date: Tue, 7 Jul 2015 13:05:01 +0200 -Subject: [PATCH 21/40] CVE-2015-5370: s3:rpc_server: make sure auth_level - isn't changed by alter_context or auth3 -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344 - -Signed-off-by: Stefan Metzmacher metze@samba.org -Reviewed-by: Günther Deschner gd@samba.org -(cherry picked from commit 63d21d2546a1064be73582a499ec15b0e11e2708) ---- - source3/rpc_server/srv_pipe.c | 13 +++++++++++++ - 1 file changed, 13 insertions(+) - -diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c -index d28ba8e..1b81a4c 100644 ---- a/source3/rpc_server/srv_pipe.c -+++ b/source3/rpc_server/srv_pipe.c -@@ -1252,6 +1252,13 @@ bool api_pipe_bind_auth3(struct pipes_struct *p, struct ncacn_packet *pkt) - goto err; - } - -+ if (auth_info.auth_level != p->auth.auth_level) { -+ DEBUG(1, ("Auth level mismatch! Client sent %d, " -+ "but auth was started as level %d!\n", -+ auth_info.auth_level, p->auth.auth_level)); -+ goto err; -+ } -+ - switch (auth_info.auth_type) { - case DCERPC_AUTH_TYPE_NTLMSSP: - ntlmssp_ctx = talloc_get_type_abort(p->auth.auth_ctx, -@@ -1389,6 +1396,12 @@ static bool api_pipe_alter_context(struct pipes_struct *p, - goto err_exit; - } - -+ if (auth_info.auth_level != p->auth.auth_level) { -+ DEBUG(0, ("Auth level mismatch! Client sent %d, " -+ "but auth was started as level %d!\n", -+ auth_info.auth_level, p->auth.auth_level)); -+ goto err_exit; -+ } - - switch (auth_info.auth_type) { - case DCERPC_AUTH_TYPE_SPNEGO: --- -2.8.1 - - -From 687a4801391c946a62d07a7bdad096a97da0d432 Mon Sep 17 00:00:00 2001 -From: Jeremy Allison jra@samba.org -Date: Tue, 7 Jul 2015 09:15:39 +0200 -Subject: [PATCH 22/40] CVE-2015-5370: s3:rpc_server: ensure that the message - ordering doesn't violate the spec -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -The first pdu is always a BIND. - -REQUEST pdus are only allowed once the authentication -is finished. - -A simple anonymous authentication is finished after the BIND. -Real authentication may need additional ALTER or AUTH3 exchanges. - -Pair-Programmed-With: Stefan Metzmacher metze@samba.org - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344 - -Signed-off-by: Jeremy Allison jra@samba.org -Signed-off-by: Stefan Metzmacher metze@samba.org -Reviewed-by: Günther Deschner gd@samba.org -(cherry picked from commit 0239bfa562ee303c4ac204375b3c66ca287f6cb0) ---- - source3/include/ntdomain.h | 7 ++++++ - source3/rpc_server/rpc_ncacn_np.c | 1 + - source3/rpc_server/rpc_server.c | 1 + - source3/rpc_server/srv_pipe.c | 51 ++++++++++++++++++++++++++++++++++----- - 4 files changed, 54 insertions(+), 6 deletions(-) - -diff --git a/source3/include/ntdomain.h b/source3/include/ntdomain.h -index 650f1d0..b3c5451 100644 ---- a/source3/include/ntdomain.h -+++ b/source3/include/ntdomain.h -@@ -139,6 +139,13 @@ struct pipes_struct { - bool pipe_bound; - - /* -+ * States we can be in. -+ */ -+ bool allow_alter; -+ bool allow_bind; -+ bool allow_auth3; -+ -+ /* - * Set the DCERPC_FAULT to return. - */ - -diff --git a/source3/rpc_server/rpc_ncacn_np.c b/source3/rpc_server/rpc_ncacn_np.c -index efdee27..f2e9d10 100644 ---- a/source3/rpc_server/rpc_ncacn_np.c -+++ b/source3/rpc_server/rpc_ncacn_np.c -@@ -171,6 +171,7 @@ struct pipes_struct *make_internal_rpc_pipe_p(TALLOC_CTX *mem_ctx, - - p->syntax = *syntax; - p->transport = NCALRPC; -+ p->allow_bind = true; - - DEBUG(4,("Created internal pipe %s (pipes_open=%d)\n", - get_pipe_name_from_syntax(talloc_tos(), syntax), pipes_open)); -diff --git a/source3/rpc_server/rpc_server.c b/source3/rpc_server/rpc_server.c -index 8ec55bb..376d26a 100644 ---- a/source3/rpc_server/rpc_server.c -+++ b/source3/rpc_server/rpc_server.c -@@ -102,6 +102,7 @@ static int make_server_pipes_struct(TALLOC_CTX *mem_ctx, - p->syntax = id; - p->transport = transport; - p->ncalrpc_as_system = ncalrpc_as_system; -+ p->allow_bind = true; - - p->mem_ctx = talloc_named(p, 0, "pipe %s %p", pipe_name, p); - if (!p->mem_ctx) { -diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c -index 1b81a4c..41111aa 100644 ---- a/source3/rpc_server/srv_pipe.c -+++ b/source3/rpc_server/srv_pipe.c -@@ -279,6 +279,9 @@ static bool setup_bind_nak(struct pipes_struct *p, struct ncacn_packet *pkt) - p->auth.auth_level = DCERPC_AUTH_LEVEL_NONE; - p->auth.auth_type = DCERPC_AUTH_TYPE_NONE; - p->pipe_bound = False; -+ p->allow_bind = false; -+ p->allow_alter = false; -+ p->allow_auth3 = false; - - return True; - } -@@ -828,6 +831,11 @@ static NTSTATUS pipe_auth_verify_final(struct pipes_struct *p) - void *mech_ctx; - NTSTATUS status; - -+ if (p->auth.auth_type == DCERPC_AUTH_TYPE_NONE) { -+ p->pipe_bound = true; -+ return NT_STATUS_OK; -+ } -+ - switch (p->auth.auth_type) { - case DCERPC_AUTH_TYPE_NTLMSSP: - ntlmssp_ctx = talloc_get_type_abort(p->auth.auth_ctx, -@@ -919,13 +927,11 @@ static bool api_pipe_bind_req(struct pipes_struct *p, - DATA_BLOB auth_resp = data_blob_null; - DATA_BLOB auth_blob = data_blob_null; - -- /* No rebinds on a bound pipe - use alter context. */ -- if (p->pipe_bound) { -- DEBUG(2,("api_pipe_bind_req: rejecting bind request on bound " -- "pipe %s.\n", -- get_pipe_name_from_syntax(talloc_tos(), &p->syntax))); -+ if (!p->allow_bind) { -+ DEBUG(2,("Pipe not in allow bind state\n")); - return setup_bind_nak(p, pkt); - } -+ p->allow_bind = false; - - if (pkt->u.bind.num_contexts == 0) { - DEBUG(0, ("api_pipe_bind_req: no rpc contexts around\n")); -@@ -1192,6 +1198,22 @@ static bool api_pipe_bind_req(struct pipes_struct *p, - p->out_data.current_pdu_sent = 0; - - TALLOC_FREE(auth_blob.data); -+ -+ if (bind_ack_ctx.result == 0) { -+ p->allow_alter = true; -+ p->allow_auth3 = true; -+ if (p->auth.auth_type == DCERPC_AUTH_TYPE_NONE) { -+ status = pipe_auth_verify_final(p); -+ if (!NT_STATUS_IS_OK(status)) { -+ DEBUG(0, ("pipe_auth_verify_final failed: %s\n", -+ nt_errstr(status))); -+ goto err_exit; -+ } -+ } -+ } else { -+ goto err_exit; -+ } -+ - return True; - - err_exit: -@@ -1216,6 +1238,11 @@ bool api_pipe_bind_auth3(struct pipes_struct *p, struct ncacn_packet *pkt) - - DEBUG(5, ("api_pipe_bind_auth3: decode request. %d\n", __LINE__)); - -+ if (!p->allow_auth3) { -+ DEBUG(1, ("Pipe not in allow auth3 state.\n")); -+ goto err; -+ } -+ - /* We can only finish if the pipe is unbound for now */ - if (p->pipe_bound) { - DEBUG(0, (__location__ ": Pipe already bound, " -@@ -1312,6 +1339,10 @@ bool api_pipe_bind_auth3(struct pipes_struct *p, struct ncacn_packet *pkt) - - err: - p->pipe_bound = false; -+ p->allow_bind = false; -+ p->allow_alter = false; -+ p->allow_auth3 = false; -+ - TALLOC_FREE(p->auth.auth_ctx); - return false; - } -@@ -1338,6 +1369,11 @@ static bool api_pipe_alter_context(struct pipes_struct *p, - - DEBUG(5,("api_pipe_alter_context: make response. %d\n", __LINE__)); - -+ if (!p->allow_alter) { -+ DEBUG(1, ("Pipe not in allow alter state.\n")); -+ goto err_exit; -+ } -+ - if (pkt->u.bind.assoc_group_id != 0) { - assoc_gid = pkt->u.bind.assoc_group_id; - } else { -@@ -1363,7 +1399,6 @@ static bool api_pipe_alter_context(struct pipes_struct *p, - bind_ack_ctx.reason = 0; - bind_ack_ctx.syntax = pkt->u.bind.ctx_list[0].transfer_syntaxes[0]; - } else { -- p->pipe_bound = False; - /* Rejection reason: abstract syntax not supported */ - bind_ack_ctx.result = DCERPC_BIND_PROVIDER_REJECT; - bind_ack_ctx.reason = DCERPC_BIND_REASON_ASYNTAX; -@@ -1826,6 +1861,10 @@ void set_incoming_fault(struct pipes_struct *p) - p->in_data.pdu.length = 0; - p->fault_state = DCERPC_FAULT_CANT_PERFORM; - -+ p->allow_alter = false; -+ p->allow_auth3 = false; -+ p->pipe_bound = false; -+ - DEBUG(10, ("Setting fault state\n")); - } - --- -2.8.1 - - -From 45701966d49ec1003f19c137a548c26915f75a99 Mon Sep 17 00:00:00 2001 -From: Stefan Metzmacher metze@samba.org -Date: Tue, 7 Jul 2015 16:06:59 +0200 -Subject: [PATCH 23/40] CVE-2015-5370: s3:rpc_server: use 'alter' instead of - 'bind' for variables in api_pipe_alter_context() -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344 - -Signed-off-by: Stefan Metzmacher metze@samba.org -Reviewed-by: Günther Deschner gd@samba.org -(cherry picked from commit cdefee174d2f8920323e9e62966df4f4ced49ed3) ---- - source3/rpc_server/srv_pipe.c | 32 ++++++++++++++++---------------- - 1 file changed, 16 insertions(+), 16 deletions(-) - -diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c -index 41111aa..382d94a 100644 ---- a/source3/rpc_server/srv_pipe.c -+++ b/source3/rpc_server/srv_pipe.c -@@ -1359,7 +1359,7 @@ static bool api_pipe_alter_context(struct pipes_struct *p, - uint16 assoc_gid; - NTSTATUS status; - union dcerpc_payload u; -- struct dcerpc_ack_ctx bind_ack_ctx; -+ struct dcerpc_ack_ctx alter_ack_ctx; - DATA_BLOB auth_resp = data_blob_null; - DATA_BLOB auth_blob = data_blob_null; - int pad_len = 0; -@@ -1374,8 +1374,8 @@ static bool api_pipe_alter_context(struct pipes_struct *p, - goto err_exit; - } - -- if (pkt->u.bind.assoc_group_id != 0) { -- assoc_gid = pkt->u.bind.assoc_group_id; -+ if (pkt->u.alter.assoc_group_id != 0) { -+ assoc_gid = pkt->u.alter.assoc_group_id; - } else { - assoc_gid = 0x53f0; - } -@@ -1385,24 +1385,24 @@ static bool api_pipe_alter_context(struct pipes_struct *p, - */ - - /* If the requested abstract synt uuid doesn't match our client pipe, -- reject the bind_ack & set the transfer interface synt to all 0's, -+ reject the alter_ack & set the transfer interface synt to all 0's, - ver 0 (observed when NT5 attempts to bind to abstract interfaces - unknown to NT4) - Needed when adding entries to a DACL from NT5 - SK */ - - if (check_bind_req(p, -- &pkt->u.bind.ctx_list[0].abstract_syntax, -- &pkt->u.bind.ctx_list[0].transfer_syntaxes[0], -- pkt->u.bind.ctx_list[0].context_id)) { -+ &pkt->u.alter.ctx_list[0].abstract_syntax, -+ &pkt->u.alter.ctx_list[0].transfer_syntaxes[0], -+ pkt->u.alter.ctx_list[0].context_id)) { - -- bind_ack_ctx.result = 0; -- bind_ack_ctx.reason = 0; -- bind_ack_ctx.syntax = pkt->u.bind.ctx_list[0].transfer_syntaxes[0]; -+ alter_ack_ctx.result = 0; -+ alter_ack_ctx.reason = 0; -+ alter_ack_ctx.syntax = pkt->u.alter.ctx_list[0].transfer_syntaxes[0]; - } else { - /* Rejection reason: abstract syntax not supported */ -- bind_ack_ctx.result = DCERPC_BIND_PROVIDER_REJECT; -- bind_ack_ctx.reason = DCERPC_BIND_REASON_ASYNTAX; -- bind_ack_ctx.syntax = null_ndr_syntax_id; -+ alter_ack_ctx.result = DCERPC_BIND_PROVIDER_REJECT; -+ alter_ack_ctx.reason = DCERPC_BIND_REASON_ASYNTAX; -+ alter_ack_ctx.syntax = null_ndr_syntax_id; - } - - /* -@@ -1417,7 +1417,7 @@ static bool api_pipe_alter_context(struct pipes_struct *p, - } - - status = dcerpc_pull_auth_trailer(pkt, pkt, -- &pkt->u.bind.auth_info, -+ &pkt->u.alter.auth_info, - &auth_info, NULL, true); - if (!NT_STATUS_IS_OK(status)) { - DEBUG(0, ("Unable to unmarshall dcerpc_auth.\n")); -@@ -1503,7 +1503,7 @@ static bool api_pipe_alter_context(struct pipes_struct *p, - u.alter_resp.secondary_address_size = 1; - - u.alter_resp.num_results = 1; -- u.alter_resp.ctx_list = &bind_ack_ctx; -+ u.alter_resp.ctx_list = &alter_ack_ctx; - - /* NOTE: We leave the auth_info empty so we can calculate the padding - * later and then append the auth_info --simo */ -@@ -1523,7 +1523,7 @@ static bool api_pipe_alter_context(struct pipes_struct *p, - &u, - &p->out_data.frag); - if (!NT_STATUS_IS_OK(status)) { -- DEBUG(0, ("Failed to marshall bind_ack packet. (%s)\n", -+ DEBUG(0, ("Failed to marshall alter_resp packet. (%s)\n", - nt_errstr(status))); - goto err_exit; - } --- -2.8.1 - - -From 62b936e134a53662601b0f614f95dbca5ff7a369 Mon Sep 17 00:00:00 2001 -From: Stefan Metzmacher metze@samba.org -Date: Tue, 7 Jul 2015 16:06:59 +0200 -Subject: [PATCH 24/40] CVE-2015-5370: s3:rpc_server: verify presentation - context arrays -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344 - -Signed-off-by: Stefan Metzmacher metze@samba.org -Reviewed-by: Günther Deschner gd@samba.org -(cherry picked from commit 1e6b4abac14840e4cee1afc5d4811b0f0277eade) ---- - source3/rpc_server/srv_pipe.c | 17 ++++++++++++++++- - 1 file changed, 16 insertions(+), 1 deletion(-) - -diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c -index 382d94a..335af2a 100644 ---- a/source3/rpc_server/srv_pipe.c -+++ b/source3/rpc_server/srv_pipe.c -@@ -934,7 +934,12 @@ static bool api_pipe_bind_req(struct pipes_struct *p, - p->allow_bind = false; - - if (pkt->u.bind.num_contexts == 0) { -- DEBUG(0, ("api_pipe_bind_req: no rpc contexts around\n")); -+ DEBUG(1, ("api_pipe_bind_req: no rpc contexts around\n")); -+ goto err_exit; -+ } -+ -+ if (pkt->u.bind.ctx_list[0].num_transfer_syntaxes == 0) { -+ DEBUG(1, ("api_pipe_bind_req: no transfer syntaxes around\n")); - goto err_exit; - } - -@@ -1374,6 +1379,16 @@ static bool api_pipe_alter_context(struct pipes_struct *p, - goto err_exit; - } - -+ if (pkt->u.alter.num_contexts == 0) { -+ DEBUG(1, ("api_pipe_alter_context: no rpc contexts around\n")); -+ goto err_exit; -+ } -+ -+ if (pkt->u.alter.ctx_list[0].num_transfer_syntaxes == 0) { -+ DEBUG(1, ("api_pipe_alter_context: no transfer syntaxes around\n")); -+ goto err_exit; -+ } -+ - if (pkt->u.alter.assoc_group_id != 0) { - assoc_gid = pkt->u.alter.assoc_group_id; - } else { --- -2.8.1 - - -From 585e8aefafcb5f8c501cdf4454b375ebda82f7a6 Mon Sep 17 00:00:00 2001 -From: Stefan Metzmacher metze@samba.org -Date: Tue, 7 Jul 2015 16:06:59 +0200 -Subject: [PATCH 25/40] CVE-2015-5370: s3:rpc_server: make use of - dcerpc_verify_ncacn_packet_header() to verify incoming pdus -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344 - -Signed-off-by: Stefan Metzmacher metze@samba.org -Reviewed-by: Günther Deschner gd@samba.org -(cherry picked from commit e39fdceb25fc75b6f8c77c097bf8dbd2f4286618) ---- - source3/rpc_server/srv_pipe.c | 81 +++++++++++++++++++++++++++++++++++++++++++ - 1 file changed, 81 insertions(+) - -diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c -index 335af2a..2f404b4 100644 ---- a/source3/rpc_server/srv_pipe.c -+++ b/source3/rpc_server/srv_pipe.c -@@ -42,6 +42,7 @@ - #include "auth.h" - #include "ntdomain.h" - #include "rpc_server/srv_pipe.h" -+#include "../librpc/gen_ndr/ndr_dcerpc.h" - #include "../librpc/ndr/ndr_dcerpc.h" - #include "../librpc/gen_ndr/ndr_samr.h" - #include "../librpc/gen_ndr/ndr_lsa.h" -@@ -933,6 +934,25 @@ static bool api_pipe_bind_req(struct pipes_struct *p, - } - p->allow_bind = false; - -+ status = dcerpc_verify_ncacn_packet_header(pkt, -+ DCERPC_PKT_BIND, -+ pkt->u.bind.auth_info.length, -+ 0, /* required flags */ -+ DCERPC_PFC_FLAG_FIRST | -+ DCERPC_PFC_FLAG_LAST | -+ DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN | -+ 0x08 | /* this is not defined, but should be ignored */ -+ DCERPC_PFC_FLAG_CONC_MPX | -+ DCERPC_PFC_FLAG_DID_NOT_EXECUTE | -+ DCERPC_PFC_FLAG_MAYBE | -+ DCERPC_PFC_FLAG_OBJECT_UUID); -+ if (!NT_STATUS_IS_OK(status)) { -+ DEBUG(1, ("api_pipe_bind_req: invalid pdu: %s\n", -+ nt_errstr(status))); -+ NDR_PRINT_DEBUG(ncacn_packet, pkt); -+ goto err_exit; -+ } -+ - if (pkt->u.bind.num_contexts == 0) { - DEBUG(1, ("api_pipe_bind_req: no rpc contexts around\n")); - goto err_exit; -@@ -1248,6 +1268,25 @@ bool api_pipe_bind_auth3(struct pipes_struct *p, struct ncacn_packet *pkt) - goto err; - } - -+ status = dcerpc_verify_ncacn_packet_header(pkt, -+ DCERPC_PKT_AUTH3, -+ pkt->u.auth3.auth_info.length, -+ 0, /* required flags */ -+ DCERPC_PFC_FLAG_FIRST | -+ DCERPC_PFC_FLAG_LAST | -+ DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN | -+ 0x08 | /* this is not defined, but should be ignored */ -+ DCERPC_PFC_FLAG_CONC_MPX | -+ DCERPC_PFC_FLAG_DID_NOT_EXECUTE | -+ DCERPC_PFC_FLAG_MAYBE | -+ DCERPC_PFC_FLAG_OBJECT_UUID); -+ if (!NT_STATUS_IS_OK(status)) { -+ DEBUG(1, ("api_pipe_bind_auth3: invalid pdu: %s\n", -+ nt_errstr(status))); -+ NDR_PRINT_DEBUG(ncacn_packet, pkt); -+ goto err; -+ } -+ - /* We can only finish if the pipe is unbound for now */ - if (p->pipe_bound) { - DEBUG(0, (__location__ ": Pipe already bound, " -@@ -1379,6 +1418,25 @@ static bool api_pipe_alter_context(struct pipes_struct *p, - goto err_exit; - } - -+ status = dcerpc_verify_ncacn_packet_header(pkt, -+ DCERPC_PKT_ALTER, -+ pkt->u.alter.auth_info.length, -+ 0, /* required flags */ -+ DCERPC_PFC_FLAG_FIRST | -+ DCERPC_PFC_FLAG_LAST | -+ DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN | -+ 0x08 | /* this is not defined, but should be ignored */ -+ DCERPC_PFC_FLAG_CONC_MPX | -+ DCERPC_PFC_FLAG_DID_NOT_EXECUTE | -+ DCERPC_PFC_FLAG_MAYBE | -+ DCERPC_PFC_FLAG_OBJECT_UUID); -+ if (!NT_STATUS_IS_OK(status)) { -+ DEBUG(1, ("api_pipe_alter_context: invalid pdu: %s\n", -+ nt_errstr(status))); -+ NDR_PRINT_DEBUG(ncacn_packet, pkt); -+ goto err_exit; -+ } -+ - if (pkt->u.alter.num_contexts == 0) { - DEBUG(1, ("api_pipe_alter_context: no rpc contexts around\n")); - goto err_exit; -@@ -1923,6 +1981,29 @@ static bool process_request_pdu(struct pipes_struct *p, struct ncacn_packet *pkt - return False; - } - -+ /* -+ * We don't ignore DCERPC_PFC_FLAG_PENDING_CANCEL. -+ * TODO: we can reject it with DCERPC_FAULT_NO_CALL_ACTIVE later. -+ */ -+ status = dcerpc_verify_ncacn_packet_header(pkt, -+ DCERPC_PKT_REQUEST, -+ pkt->u.request.stub_and_verifier.length, -+ 0, /* required_flags */ -+ DCERPC_PFC_FLAG_FIRST | -+ DCERPC_PFC_FLAG_LAST | -+ 0x08 | /* this is not defined, but should be ignored */ -+ DCERPC_PFC_FLAG_CONC_MPX | -+ DCERPC_PFC_FLAG_DID_NOT_EXECUTE | -+ DCERPC_PFC_FLAG_MAYBE | -+ DCERPC_PFC_FLAG_OBJECT_UUID); -+ if (!NT_STATUS_IS_OK(status)) { -+ DEBUG(1, ("process_request_pdu: invalid pdu: %s\n", -+ nt_errstr(status))); -+ NDR_PRINT_DEBUG(ncacn_packet, pkt); -+ set_incoming_fault(p); -+ return false; -+ } -+ - /* Store the opnum */ - p->opnum = pkt->u.request.opnum; - --- -2.8.1 - - -From b16b1a5f331adc3bb2f3d0bee586ec084935a202 Mon Sep 17 00:00:00 2001 -From: Stefan Metzmacher metze@samba.org -Date: Wed, 23 Dec 2015 12:40:58 +0100 -Subject: [PATCH 26/40] CVE-2015-5370: s3:rpc_server: disconnect the connection - after a fatal FAULT pdu -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344 - -Signed-off-by: Stefan Metzmacher metze@samba.org -Reviewed-by: Günther Deschner gd@samba.org -(cherry picked from commit 664d7ace0e68b42d2de99583757e0a985647eb4b) ---- - source3/rpc_server/rpc_server.c | 12 ++++++++++++ - 1 file changed, 12 insertions(+) - -diff --git a/source3/rpc_server/rpc_server.c b/source3/rpc_server/rpc_server.c -index 376d26a..3ba83e0 100644 ---- a/source3/rpc_server/rpc_server.c -+++ b/source3/rpc_server/rpc_server.c -@@ -664,6 +664,12 @@ static void named_pipe_packet_done(struct tevent_req *subreq) - goto fail; - } - -+ if (npc->p->fault_state != 0) { -+ DEBUG(2, ("Disconnect after fault\n")); -+ sys_errno = EINVAL; -+ goto fail; -+ } -+ - /* clear out any data that may have been left around */ - npc->count = 0; - TALLOC_FREE(npc->iov); -@@ -1392,6 +1398,12 @@ static void dcerpc_ncacn_packet_done(struct tevent_req *subreq) - goto fail; - } - -+ if (ncacn_conn->p->fault_state != 0) { -+ DEBUG(2, ("Disconnect after fault\n")); -+ sys_errno = EINVAL; -+ goto fail; -+ } -+ - /* clear out any data that may have been left around */ - ncacn_conn->count = 0; - TALLOC_FREE(ncacn_conn->iov); --- -2.8.1 - - -From 642d2b7090e46a87bc94cabf29eccb09e329c125 Mon Sep 17 00:00:00 2001 -From: Stefan Metzmacher metze@samba.org -Date: Wed, 23 Dec 2015 12:38:55 +0100 -Subject: [PATCH 27/40] CVE-2015-5370: s3:rpc_server: let a failing BIND mark - the connection as broken -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344 - -Signed-off-by: Stefan Metzmacher metze@samba.org -Reviewed-by: Günther Deschner gd@samba.org -(cherry picked from commit 8d97085efd8782e48d0f1162e3f56756acb99472) ---- - source3/rpc_server/srv_pipe.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c -index 2f404b4..6275190 100644 ---- a/source3/rpc_server/srv_pipe.c -+++ b/source3/rpc_server/srv_pipe.c -@@ -276,6 +276,7 @@ static bool setup_bind_nak(struct pipes_struct *p, struct ncacn_packet *pkt) - p->out_data.data_sent_length = 0; - p->out_data.current_pdu_sent = 0; - -+ set_incoming_fault(p); - TALLOC_FREE(p->auth.auth_ctx); - p->auth.auth_level = DCERPC_AUTH_LEVEL_NONE; - p->auth.auth_type = DCERPC_AUTH_TYPE_NONE; --- -2.8.1 - - -From f4aa07176636982d9be3c0ce2452fc43a8781d47 Mon Sep 17 00:00:00 2001 -From: Stefan Metzmacher metze@samba.org -Date: Wed, 23 Dec 2015 12:38:55 +0100 -Subject: [PATCH 28/40] CVE-2015-5370: s3:rpc_server: use - DCERPC_NCA_S_PROTO_ERROR FAULTs for protocol errors -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344 - -Signed-off-by: Stefan Metzmacher metze@samba.org -Reviewed-by: Günther Deschner gd@samba.org -(cherry picked from commit d30363f08efb81b22055d4445977c96df3737adf) ---- - source3/rpc_server/srv_pipe.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c -index 6275190..3fb8855 100644 ---- a/source3/rpc_server/srv_pipe.c -+++ b/source3/rpc_server/srv_pipe.c -@@ -1933,7 +1933,7 @@ void set_incoming_fault(struct pipes_struct *p) - data_blob_free(&p->in_data.data); - p->in_data.pdu_needed_len = 0; - p->in_data.pdu.length = 0; -- p->fault_state = DCERPC_FAULT_CANT_PERFORM; -+ p->fault_state = DCERPC_NCA_S_PROTO_ERROR; - - p->allow_alter = false; - p->allow_auth3 = false; -@@ -2254,7 +2254,7 @@ done: - "pipe %s\n", get_pipe_name_from_syntax(talloc_tos(), - &p->syntax))); - set_incoming_fault(p); -- setup_fault_pdu(p, NT_STATUS(DCERPC_FAULT_OP_RNG_ERROR)); -+ setup_fault_pdu(p, NT_STATUS(DCERPC_NCA_S_PROTO_ERROR)); - TALLOC_FREE(pkt); - } else { - /* --- -2.8.1 - - -From ef175975f587d73092461c36b10e4c9cf1805727 Mon Sep 17 00:00:00 2001 -From: Stefan Metzmacher metze@samba.org -Date: Sat, 11 Jul 2015 10:58:07 +0200 -Subject: [PATCH 29/40] CVE-2015-5370: s3:librpc/rpc: remove unused - dcerpc_pull_dcerpc_auth() -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344 - -Signed-off-by: Stefan Metzmacher metze@samba.org -Reviewed-by: Günther Deschner gd@samba.org -(cherry picked from commit 02aef978ff8f16009a52c2d981d414d019bc8dd9) ---- - source3/librpc/rpc/dcerpc.h | 4 ---- - source3/librpc/rpc/dcerpc_helpers.c | 41 ------------------------------------- - 2 files changed, 45 deletions(-) - -diff --git a/source3/librpc/rpc/dcerpc.h b/source3/librpc/rpc/dcerpc.h -index e7cca9e..9452e85 100644 ---- a/source3/librpc/rpc/dcerpc.h -+++ b/source3/librpc/rpc/dcerpc.h -@@ -71,10 +71,6 @@ NTSTATUS dcerpc_push_dcerpc_auth(TALLOC_CTX *mem_ctx, - uint32_t auth_context_id, - const DATA_BLOB *credentials, - DATA_BLOB *blob); --NTSTATUS dcerpc_pull_dcerpc_auth(TALLOC_CTX *mem_ctx, -- const DATA_BLOB *blob, -- struct dcerpc_auth *r, -- bool bigendian); - NTSTATUS dcerpc_guess_sizes(struct pipe_auth_data *auth, - size_t header_len, size_t data_left, - size_t max_xmit_frag, size_t pad_alignment, -diff --git a/source3/librpc/rpc/dcerpc_helpers.c b/source3/librpc/rpc/dcerpc_helpers.c -index c07835f..e4d0e3a 100644 ---- a/source3/librpc/rpc/dcerpc_helpers.c -+++ b/source3/librpc/rpc/dcerpc_helpers.c -@@ -210,47 +210,6 @@ NTSTATUS dcerpc_push_dcerpc_auth(TALLOC_CTX *mem_ctx, - } - - /** --* @brief Decodes a dcerpc_auth blob --* --* @param mem_ctx The memory context on which to allocate the packet --* elements --* @param blob The blob of data to decode --* @param r An empty dcerpc_auth structure, must not be NULL --* --* @return a NTSTATUS error code --*/ --NTSTATUS dcerpc_pull_dcerpc_auth(TALLOC_CTX *mem_ctx, -- const DATA_BLOB *blob, -- struct dcerpc_auth *r, -- bool bigendian) --{ -- enum ndr_err_code ndr_err; -- struct ndr_pull *ndr; -- -- ndr = ndr_pull_init_blob(blob, mem_ctx); -- if (!ndr) { -- return NT_STATUS_NO_MEMORY; -- } -- if (bigendian) { -- ndr->flags |= LIBNDR_FLAG_BIGENDIAN; -- } -- -- ndr_err = ndr_pull_dcerpc_auth(ndr, NDR_SCALARS|NDR_BUFFERS, r); -- -- if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { -- talloc_free(ndr); -- return ndr_map_error2ntstatus(ndr_err); -- } -- talloc_free(ndr); -- -- if (DEBUGLEVEL >= 10) { -- NDR_PRINT_DEBUG(dcerpc_auth, r); -- } -- -- return NT_STATUS_OK; --} -- --/** - * @brief Calculate how much data we can in a packet, including calculating - * auth token and pad lengths. - * --- -2.8.1 - - -From 49d0e60d28d3b615d4ee368cd3f260b3a6386858 Mon Sep 17 00:00:00 2001 -From: Stefan Metzmacher metze@samba.org -Date: Tue, 7 Jul 2015 13:05:01 +0200 -Subject: [PATCH 30/40] CVE-2015-5370: s3:rpc_server: check the transfer syntax - in check_bind_req() first -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344 - -Signed-off-by: Stefan Metzmacher metze@samba.org -Reviewed-by: Günther Deschner gd@samba.org -(cherry picked from commit 9464684010461947fa98d8ee084069e9cf362625) ---- - source3/rpc_server/srv_pipe.c | 20 ++++++++++++++------ - 1 file changed, 14 insertions(+), 6 deletions(-) - -diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c -index 3fb8855..0e6b073 100644 ---- a/source3/rpc_server/srv_pipe.c -+++ b/source3/rpc_server/srv_pipe.c -@@ -351,16 +351,24 @@ static bool check_bind_req(struct pipes_struct *p, - DEBUG(3,("check_bind_req for %s\n", - get_pipe_name_from_syntax(talloc_tos(), abstract))); - -+ ok = ndr_syntax_id_equal(transfer, &ndr_transfer_syntax); -+ if (!ok) { -+ DEBUG(1,("check_bind_req unknown transfer syntax for " -+ "%s context_id=%u\n", -+ get_pipe_name_from_syntax(talloc_tos(), abstract), -+ (unsigned)context_id)); -+ return false; -+ } -+ - /* we have to check all now since win2k introduced a new UUID on the lsaprpc pipe */ -- if (rpc_srv_pipe_exists_by_id(abstract) && -- ndr_syntax_id_equal(transfer, &ndr_transfer_syntax)) { -- DEBUG(3, ("check_bind_req: \PIPE\%s -> \PIPE\%s\n", -- rpc_srv_get_pipe_cli_name(abstract), -- rpc_srv_get_pipe_srv_name(abstract))); -- } else { -+ if (!rpc_srv_pipe_exists_by_id(abstract)) { - return false; - } - -+ DEBUG(3, ("check_bind_req: %s -> %s rpc service\n", -+ rpc_srv_get_pipe_cli_name(abstract), -+ rpc_srv_get_pipe_srv_name(abstract))); -+ - context_fns = SMB_MALLOC_P(struct pipe_rpc_fns); - if (context_fns == NULL) { - DEBUG(0,("check_bind_req: malloc() failed!\n")); --- -2.8.1 - - -From 7ee6698f706e51568f53347f422ac6671cdba9a4 Mon Sep 17 00:00:00 2001 -From: Stefan Metzmacher metze@samba.org -Date: Tue, 7 Jul 2015 13:05:01 +0200 -Subject: [PATCH 31/40] CVE-2015-5370: s3:rpc_server: don't allow an existing - context to be changed in check_bind_req() -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -An alter context can't change the syntax of an existing context, -a new context_id will be used for that. - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344 - -Signed-off-by: Stefan Metzmacher metze@samba.org -Reviewed-by: Günther Deschner gd@samba.org -(cherry picked from commit a995740d4e7fbd8fbb5c8c6280b73eaceae53574) ---- - source3/rpc_server/srv_pipe.c | 22 ++++++++++++++++++++++ - 1 file changed, 22 insertions(+) - -diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c -index 0e6b073..4263a91 100644 ---- a/source3/rpc_server/srv_pipe.c -+++ b/source3/rpc_server/srv_pipe.c -@@ -360,6 +360,28 @@ static bool check_bind_req(struct pipes_struct *p, - return false; - } - -+ for (context_fns = p->contexts; -+ context_fns != NULL; -+ context_fns = context_fns->next) -+ { -+ if (context_fns->context_id != context_id) { -+ continue; -+ } -+ -+ ok = ndr_syntax_id_equal(&context_fns->syntax, -+ abstract); -+ if (ok) { -+ return true; -+ } -+ -+ DEBUG(1,("check_bind_req: changing abstract syntax for " -+ "%s context_id=%u into %s not supported\n", -+ get_pipe_name_from_syntax(talloc_tos(), &context_fns->syntax), -+ (unsigned)context_id, -+ get_pipe_name_from_syntax(talloc_tos(), abstract))); -+ return false; -+ } -+ - /* we have to check all now since win2k introduced a new UUID on the lsaprpc pipe */ - if (!rpc_srv_pipe_exists_by_id(abstract)) { - return false; --- -2.8.1 - - -From 79a238d0c868c7e182f49637b66f544dc1dd86da Mon Sep 17 00:00:00 2001 -From: Stefan Metzmacher metze@samba.org -Date: Wed, 8 Jul 2015 00:01:37 +0200 -Subject: [PATCH 32/40] CVE-2015-5370: s3:rpc_client: pass struct - pipe_auth_data to create_rpc_{bind_auth3,alter_context}() -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344 - -Signed-off-by: Stefan Metzmacher metze@samba.org -Reviewed-by: Günther Deschner gd@samba.org -(cherry picked from commit f556d9245c13d018d4e772f06d013ebe558703d9) ---- - source3/rpc_client/cli_pipe.c | 26 ++++++++++---------------- - 1 file changed, 10 insertions(+), 16 deletions(-) - -diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c -index 1c4ff01..3af3d8f 100644 ---- a/source3/rpc_client/cli_pipe.c -+++ b/source3/rpc_client/cli_pipe.c -@@ -1816,9 +1816,8 @@ static bool check_bind_response(const struct dcerpc_bind_ack *r, - - static NTSTATUS create_rpc_bind_auth3(TALLOC_CTX *mem_ctx, - struct rpc_pipe_client *cli, -- uint32 rpc_call_id, -- enum dcerpc_AuthType auth_type, -- enum dcerpc_AuthLevel auth_level, -+ struct pipe_auth_data *auth, -+ uint32_t rpc_call_id, - DATA_BLOB *pauth_blob, - DATA_BLOB *rpc_out) - { -@@ -1828,8 +1827,8 @@ static NTSTATUS create_rpc_bind_auth3(TALLOC_CTX *mem_ctx, - u.auth3._pad = 0; - - status = dcerpc_push_dcerpc_auth(mem_ctx, -- auth_type, -- auth_level, -+ auth->auth_type, -+ auth->auth_level, - 0, /* auth_pad_length */ - 1, /* auth_context_id */ - pauth_blob, -@@ -1861,9 +1860,8 @@ static NTSTATUS create_rpc_bind_auth3(TALLOC_CTX *mem_ctx, - ********************************************************************/ - - static NTSTATUS create_rpc_alter_context(TALLOC_CTX *mem_ctx, -- enum dcerpc_AuthType auth_type, -- enum dcerpc_AuthLevel auth_level, -- uint32 rpc_call_id, -+ struct pipe_auth_data *auth, -+ uint32_t rpc_call_id, - const struct ndr_syntax_id *abstract, - const struct ndr_syntax_id *transfer, - const DATA_BLOB *pauth_blob, /* spnego auth blob already created. */ -@@ -1873,8 +1871,8 @@ static NTSTATUS create_rpc_alter_context(TALLOC_CTX *mem_ctx, - NTSTATUS status; - - status = dcerpc_push_dcerpc_auth(mem_ctx, -- auth_type, -- auth_level, -+ auth->auth_type, -+ auth->auth_level, - 0, /* auth_pad_length */ - 1, /* auth_context_id */ - pauth_blob, -@@ -2300,9 +2298,7 @@ static NTSTATUS rpc_bind_next_send(struct tevent_req *req, - /* Now prepare the alter context pdu. */ - data_blob_free(&state->rpc_out); - -- status = create_rpc_alter_context(state, -- auth->auth_type, -- auth->auth_level, -+ status = create_rpc_alter_context(state, auth, - state->rpc_call_id, - &state->cli->abstract_syntax, - &state->cli->transfer_syntax, -@@ -2335,10 +2331,8 @@ static NTSTATUS rpc_bind_finish_send(struct tevent_req *req, - /* Now prepare the auth3 context pdu. */ - data_blob_free(&state->rpc_out); - -- status = create_rpc_bind_auth3(state, state->cli, -+ status = create_rpc_bind_auth3(state, state->cli, auth, - state->rpc_call_id, -- auth->auth_type, -- auth->auth_level, - auth_token, - &state->rpc_out); - if (!NT_STATUS_IS_OK(status)) { --- -2.8.1 - - -From 18a50ed6ead11287ff72cb38f100d0f2641c3e7d Mon Sep 17 00:00:00 2001 -From: Stefan Metzmacher metze@samba.org -Date: Wed, 8 Jul 2015 00:01:37 +0200 -Subject: [PATCH 33/40] CVE-2015-5370: s3:librpc/rpc: add auth_context_id to - struct pipe_auth_data -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344 - -Signed-off-by: Stefan Metzmacher metze@samba.org -Reviewed-by: Günther Deschner gd@samba.org -(cherry picked from commit cbf20b43d7b40e3b6ccf044f6f51a5adff1f5e6d) ---- - source3/librpc/rpc/dcerpc.h | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/source3/librpc/rpc/dcerpc.h b/source3/librpc/rpc/dcerpc.h -index 9452e85..c25b0f5 100644 ---- a/source3/librpc/rpc/dcerpc.h -+++ b/source3/librpc/rpc/dcerpc.h -@@ -42,6 +42,7 @@ struct pipe_auth_data { - bool verified_bitmask1; - - void *auth_ctx; -+ uint32_t auth_context_id; - - /* Only the client code uses these 3 for now */ - char *domain; --- -2.8.1 - - -From 7dbaaca2a638406331d4653e1afdc18f7c8502f6 Mon Sep 17 00:00:00 2001 -From: Stefan Metzmacher metze@samba.org -Date: Wed, 8 Jul 2015 00:01:37 +0200 -Subject: [PATCH 34/40] CVE-2015-5370: s3:rpc_client: make use of - pipe_auth_data->auth_context_id -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -This is better than using hardcoded values. -We need to use auth_context_id = 1 for authenticated -connections, as old Samba server (before this patchset) -will use a hardcoded value of 1. - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344 - -Signed-off-by: Stefan Metzmacher metze@samba.org -Reviewed-by: Günther Deschner gd@samba.org -(cherry picked from commit ae68d3f325c3880144b80385779c9445897646e6) ---- - source3/rpc_client/cli_pipe.c | 13 ++++++++++--- - 1 file changed, 10 insertions(+), 3 deletions(-) - -diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c -index 3af3d8f..755d676 100644 ---- a/source3/rpc_client/cli_pipe.c -+++ b/source3/rpc_client/cli_pipe.c -@@ -1314,7 +1314,7 @@ static NTSTATUS create_rpc_bind_req(TALLOC_CTX *mem_ctx, - auth->auth_type, - auth->auth_level, - 0, /* auth_pad_length */ -- 1, /* auth_context_id */ -+ auth->auth_context_id, - &auth_token, - &auth_info); - if (!NT_STATUS_IS_OK(ret)) { -@@ -1830,7 +1830,7 @@ static NTSTATUS create_rpc_bind_auth3(TALLOC_CTX *mem_ctx, - auth->auth_type, - auth->auth_level, - 0, /* auth_pad_length */ -- 1, /* auth_context_id */ -+ auth->auth_context_id, - pauth_blob, - &u.auth3.auth_info); - if (!NT_STATUS_IS_OK(status)) { -@@ -1874,7 +1874,7 @@ static NTSTATUS create_rpc_alter_context(TALLOC_CTX *mem_ctx, - auth->auth_type, - auth->auth_level, - 0, /* auth_pad_length */ -- 1, /* auth_context_id */ -+ auth->auth_context_id, - pauth_blob, - &auth_info); - if (!NT_STATUS_IS_OK(status)) { -@@ -2704,6 +2704,7 @@ NTSTATUS rpccli_ncalrpc_bind_data(TALLOC_CTX *mem_ctx, - - result->auth_type = DCERPC_AUTH_TYPE_NCALRPC_AS_SYSTEM; - result->auth_level = DCERPC_AUTH_LEVEL_CONNECT; -+ result->auth_context_id = 1; - - result->user_name = talloc_strdup(result, ""); - result->domain = talloc_strdup(result, ""); -@@ -2728,6 +2729,7 @@ NTSTATUS rpccli_anon_bind_data(TALLOC_CTX *mem_ctx, - - result->auth_type = DCERPC_AUTH_TYPE_NONE; - result->auth_level = DCERPC_AUTH_LEVEL_NONE; -+ result->auth_context_id = 0; - - result->user_name = talloc_strdup(result, ""); - result->domain = talloc_strdup(result, ""); -@@ -2765,6 +2767,7 @@ static NTSTATUS rpccli_ntlmssp_bind_data(TALLOC_CTX *mem_ctx, - - result->auth_type = auth_type; - result->auth_level = auth_level; -+ result->auth_context_id = 1; - - result->user_name = talloc_strdup(result, username); - result->domain = talloc_strdup(result, domain); -@@ -2836,6 +2839,7 @@ NTSTATUS rpccli_schannel_bind_data(TALLOC_CTX *mem_ctx, const char *domain, - - result->auth_type = DCERPC_AUTH_TYPE_SCHANNEL; - result->auth_level = auth_level; -+ result->auth_context_id = 1; - - result->user_name = talloc_strdup(result, ""); - result->domain = talloc_strdup(result, domain); -@@ -3500,6 +3504,7 @@ NTSTATUS cli_rpc_pipe_open_krb5(struct cli_state *cli, - } - auth->auth_type = DCERPC_AUTH_TYPE_KRB5; - auth->auth_level = auth_level; -+ auth->auth_context_id = 1; - - if (!username) { - username = ""; -@@ -3570,6 +3575,7 @@ NTSTATUS cli_rpc_pipe_open_spnego_krb5(struct cli_state *cli, - } - auth->auth_type = DCERPC_AUTH_TYPE_SPNEGO; - auth->auth_level = auth_level; -+ auth->auth_context_id = 1; - - if (!username) { - username = ""; -@@ -3644,6 +3650,7 @@ NTSTATUS cli_rpc_pipe_open_spnego_ntlmssp(struct cli_state *cli, - } - auth->auth_type = DCERPC_AUTH_TYPE_SPNEGO; - auth->auth_level = auth_level; -+ auth->auth_context_id = 1; - - if (!username) { - username = ""; --- -2.8.1 - - -From 82cd4e90c70d1ababd5fa1ee61206e37edbf40e4 Mon Sep 17 00:00:00 2001 -From: Stefan Metzmacher metze@samba.org -Date: Wed, 8 Jul 2015 00:01:37 +0200 -Subject: [PATCH 35/40] CVE-2015-5370: s3:rpc_server: make use of - pipe_auth_data->auth_context_id -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -This is better than using hardcoded values. -We need to use the value the client used in the BIND request. - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344 - -Signed-off-by: Stefan Metzmacher metze@samba.org -Reviewed-by: Günther Deschner gd@samba.org -(cherry picked from commit 2bc617293a5d8652e484af69660b3646f3d48690) ---- - source3/rpc_server/rpc_ncacn_np.c | 1 + - source3/rpc_server/srv_pipe.c | 11 +++++++---- - 2 files changed, 8 insertions(+), 4 deletions(-) - -diff --git a/source3/rpc_server/rpc_ncacn_np.c b/source3/rpc_server/rpc_ncacn_np.c -index f2e9d10..c0f24a6 100644 ---- a/source3/rpc_server/rpc_ncacn_np.c -+++ b/source3/rpc_server/rpc_ncacn_np.c -@@ -781,6 +781,7 @@ static NTSTATUS rpc_pipe_open_external(TALLOC_CTX *mem_ctx, - } - result->auth->auth_type = DCERPC_AUTH_TYPE_NONE; - result->auth->auth_level = DCERPC_AUTH_LEVEL_NONE; -+ result->auth->auth_context_id = 0; - - status = rpccli_anon_bind_data(result, &auth); - if (!NT_STATUS_IS_OK(status)) { -diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c -index 4263a91..d6c4118 100644 ---- a/source3/rpc_server/srv_pipe.c -+++ b/source3/rpc_server/srv_pipe.c -@@ -534,6 +534,7 @@ static bool pipe_spnego_auth_bind(struct pipes_struct *p, - - p->auth.auth_ctx = spnego_ctx; - p->auth.auth_type = DCERPC_AUTH_TYPE_SPNEGO; -+ p->auth.auth_context_id = auth_info->auth_context_id; - - DEBUG(10, ("SPNEGO auth started\n")); - -@@ -644,6 +645,7 @@ static bool pipe_schannel_auth_bind(struct pipes_struct *p, - /* We're finished with this bind - no more packets. */ - p->auth.auth_ctx = schannel_auth; - p->auth.auth_type = DCERPC_AUTH_TYPE_SCHANNEL; -+ p->auth.auth_context_id = auth_info->auth_context_id; - - p->pipe_bound = True; - -@@ -688,6 +690,7 @@ static bool pipe_ntlmssp_auth_bind(struct pipes_struct *p, - - p->auth.auth_ctx = ntlmssp_state; - p->auth.auth_type = DCERPC_AUTH_TYPE_NTLMSSP; -+ p->auth.auth_context_id = auth_info->auth_context_id; - - DEBUG(10, (__location__ ": NTLMSSP auth started\n")); - -@@ -1173,6 +1176,7 @@ static bool api_pipe_bind_req(struct pipes_struct *p, - p->pipe_bound = True; - /* The session key was initialized from the SMB - * session in make_internal_rpc_pipe_p */ -+ p->auth.auth_context_id = 0; - } - - ZERO_STRUCT(u.bind_ack); -@@ -1218,12 +1222,11 @@ static bool api_pipe_bind_req(struct pipes_struct *p, - } - - if (auth_resp.length) { -- - status = dcerpc_push_dcerpc_auth(pkt, - auth_type, - auth_info.auth_level, -- 0, -- 1, /* auth_context_id */ -+ 0, /* pad_len */ -+ p->auth.auth_context_id, - &auth_resp, - &auth_blob); - if (!NT_STATUS_IS_OK(status)) { -@@ -1646,7 +1649,7 @@ static bool api_pipe_alter_context(struct pipes_struct *p, - auth_info.auth_type, - auth_info.auth_level, - pad_len, -- 1, /* auth_context_id */ -+ p->auth.auth_context_id, - &auth_resp, - &auth_blob); - if (!NT_STATUS_IS_OK(status)) { --- -2.8.1 - - -From 8d1fb1fcf58b08cbf27579382ea648aefb9e7dc6 Mon Sep 17 00:00:00 2001 -From: Stefan Metzmacher metze@samba.org -Date: Wed, 8 Jul 2015 00:01:37 +0200 -Subject: [PATCH 36/40] CVE-2015-5370: s3:librpc/rpc: make use of - auth->auth_context_id in dcerpc_add_auth_footer() -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344 - -Signed-off-by: Stefan Metzmacher metze@samba.org -Reviewed-by: Günther Deschner gd@samba.org -(cherry picked from commit 61faaa63e7e610308c72ae4c41a5c7b5b7312685) ---- - source3/librpc/rpc/dcerpc_helpers.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/source3/librpc/rpc/dcerpc_helpers.c b/source3/librpc/rpc/dcerpc_helpers.c -index e4d0e3a..977a372 100644 ---- a/source3/librpc/rpc/dcerpc_helpers.c -+++ b/source3/librpc/rpc/dcerpc_helpers.c -@@ -741,7 +741,7 @@ NTSTATUS dcerpc_add_auth_footer(struct pipe_auth_data *auth, - auth->auth_type, - auth->auth_level, - pad_len, -- 1 /* context id. */, -+ auth->auth_context_id, - &auth_blob, - &auth_info); - if (!NT_STATUS_IS_OK(status)) { --- -2.8.1 - - -From 2a44cfc65f7dc1ccfd2d6a5abe5d26e94a085aa9 Mon Sep 17 00:00:00 2001 -From: Stefan Metzmacher metze@samba.org -Date: Wed, 8 Jul 2015 00:01:37 +0200 -Subject: [PATCH 37/40] CVE-2015-5370: s3:librpc/rpc: verify auth_context_id in - dcerpc_check_auth() -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344 - -Signed-off-by: Stefan Metzmacher metze@samba.org -Reviewed-by: Günther Deschner gd@samba.org -(cherry picked from commit 0cf3151c843e2c779b534743b455e630d89e2ba9) ---- - source3/librpc/rpc/dcerpc_helpers.c | 4 ++++ - 1 file changed, 4 insertions(+) - -diff --git a/source3/librpc/rpc/dcerpc_helpers.c b/source3/librpc/rpc/dcerpc_helpers.c -index 977a372..b00cf1bf 100644 ---- a/source3/librpc/rpc/dcerpc_helpers.c -+++ b/source3/librpc/rpc/dcerpc_helpers.c -@@ -881,6 +881,10 @@ NTSTATUS dcerpc_check_auth(struct pipe_auth_data *auth, - return NT_STATUS_INVALID_PARAMETER; - } - -+ if (auth_info.auth_context_id != auth->auth_context_id) { -+ return NT_STATUS_INVALID_PARAMETER; -+ } -+ - pkt_trailer->length -= auth_length; - data = data_blob_const(raw_pkt->data + header_size, - pkt_trailer->length); --- -2.8.1 - - -From 68dcc277d5af506706d3fdac43891e43ccb4ceea Mon Sep 17 00:00:00 2001 -From: Stefan Metzmacher metze@samba.org -Date: Tue, 7 Jul 2015 22:51:18 +0200 -Subject: [PATCH 38/40] CVE-2015-5370: s3:rpc_client: verify auth_context_id in - rpc_pipe_bind_step_one_done() -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344 - -Signed-off-by: Stefan Metzmacher metze@samba.org -Reviewed-by: Günther Deschner gd@samba.org -(cherry picked from commit 93a0f92b8ebecb38f92d3b2c9a946b486ee91d3c) ---- - source3/rpc_client/cli_pipe.c | 8 ++++++++ - 1 file changed, 8 insertions(+) - -diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c -index 755d676..ee33e80 100644 ---- a/source3/rpc_client/cli_pipe.c -+++ b/source3/rpc_client/cli_pipe.c -@@ -2052,6 +2052,14 @@ static void rpc_pipe_bind_step_one_done(struct tevent_req *subreq) - return; - } - -+ if (auth.auth_context_id != pauth->auth_context_id) { -+ DEBUG(0, (__location__ " Auth context id %u mismatch expected %u.\n", -+ (unsigned)auth.auth_context_id, -+ (unsigned)pauth->auth_context_id)); -+ tevent_req_nterror(req, NT_STATUS_RPC_PROTOCOL_ERROR); -+ return; -+ } -+ - break; - } - --- -2.8.1 - - -From 8787dd5053974c1f42ae85a310e9522795f4ccfe Mon Sep 17 00:00:00 2001 -From: Stefan Metzmacher metze@samba.org -Date: Wed, 8 Jul 2015 00:01:37 +0200 -Subject: [PATCH 39/40] CVE-2015-5370: s3:rpc_server: verify auth_context_id in - api_pipe_{bind_auth3,alter_context} -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344 - -Signed-off-by: Stefan Metzmacher metze@samba.org -Reviewed-by: Günther Deschner gd@samba.org -(cherry picked from commit 3ef461d8304ee36184cd7a3963676eedff4ef1eb) ---- - source3/rpc_server/srv_pipe.c | 16 ++++++++++++++++ - 1 file changed, 16 insertions(+) - -diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c -index d6c4118..26c4ee0 100644 ---- a/source3/rpc_server/srv_pipe.c -+++ b/source3/rpc_server/srv_pipe.c -@@ -1364,6 +1364,14 @@ bool api_pipe_bind_auth3(struct pipes_struct *p, struct ncacn_packet *pkt) - goto err; - } - -+ if (auth_info.auth_context_id != p->auth.auth_context_id) { -+ DEBUG(0, ("Auth context id mismatch! Client sent %u, " -+ "but auth was started as level %u!\n", -+ (unsigned)auth_info.auth_context_id, -+ (unsigned)p->auth.auth_context_id)); -+ goto err; -+ } -+ - switch (auth_info.auth_type) { - case DCERPC_AUTH_TYPE_NTLMSSP: - ntlmssp_ctx = talloc_get_type_abort(p->auth.auth_ctx, -@@ -1545,6 +1553,14 @@ static bool api_pipe_alter_context(struct pipes_struct *p, - goto err_exit; - } - -+ if (auth_info.auth_context_id != p->auth.auth_context_id) { -+ DEBUG(0, ("Auth context id mismatch! Client sent %u, " -+ "but auth was started as level %u!\n", -+ (unsigned)auth_info.auth_context_id, -+ (unsigned)p->auth.auth_context_id)); -+ goto err_exit; -+ } -+ - switch (auth_info.auth_type) { - case DCERPC_AUTH_TYPE_SPNEGO: - spnego_ctx = talloc_get_type_abort(p->auth.auth_ctx, --- -2.8.1 - - -From bf0040fb860527cb0c54ab0ef301153bdad650c0 Mon Sep 17 00:00:00 2001 -From: Stefan Metzmacher metze@samba.org -Date: Tue, 22 Dec 2015 21:23:14 +0100 -Subject: [PATCH 40/40] CVE-2015-5370: s3:rpc_client: disconnect connection on - protocol errors -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344 - -Signed-off-by: Stefan Metzmacher metze@samba.org -Reviewed-by: Günther Deschner gd@samba.org -(cherry picked from commit 024d3b263a2879cee4fb7794d70f253c948cc043) ---- - source3/rpc_client/cli_pipe.c | 67 +++++++++++++++++++++++++++++++++++++++++-- - 1 file changed, 64 insertions(+), 3 deletions(-) - -diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c -index ee33e80..a3810f0 100644 ---- a/source3/rpc_client/cli_pipe.c -+++ b/source3/rpc_client/cli_pipe.c -@@ -953,6 +953,12 @@ static void rpc_api_pipe_got_pdu(struct tevent_req *subreq) - - state->pkt = talloc(state, struct ncacn_packet); - if (!state->pkt) { -+ /* -+ * TODO: do a real async disconnect ... -+ * -+ * For now do it sync... -+ */ -+ TALLOC_FREE(state->cli->transport); - tevent_req_nterror(req, NT_STATUS_NO_MEMORY); - return; - } -@@ -962,6 +968,12 @@ static void rpc_api_pipe_got_pdu(struct tevent_req *subreq) - state->pkt, - !state->endianess); - if (!NT_STATUS_IS_OK(status)) { -+ /* -+ * TODO: do a real async disconnect ... -+ * -+ * For now do it sync... -+ */ -+ TALLOC_FREE(state->cli->transport); - tevent_req_nterror(req, status); - return; - } -@@ -979,6 +991,28 @@ static void rpc_api_pipe_got_pdu(struct tevent_req *subreq) - (unsigned)state->reply_pdu_offset, - nt_errstr(status))); - -+ if (state->pkt->ptype != DCERPC_PKT_FAULT && !NT_STATUS_IS_OK(status)) { -+ /* -+ * TODO: do a real async disconnect ... -+ * -+ * For now do it sync... -+ */ -+ TALLOC_FREE(state->cli->transport); -+ } else if (NT_STATUS_EQUAL(status, NT_STATUS_RPC_PROTOCOL_ERROR)) { -+ /* -+ * TODO: do a real async disconnect ... -+ * -+ * For now do it sync... -+ */ -+ TALLOC_FREE(state->cli->transport); -+ } else if (NT_STATUS_EQUAL(status, NT_STATUS_RPC_SEC_PKG_ERROR)) { -+ /* -+ * TODO: do a real async disconnect ... -+ * -+ * For now do it sync... -+ */ -+ TALLOC_FREE(state->cli->transport); -+ } - if (!NT_STATUS_IS_OK(status)) { - tevent_req_nterror(req, status); - return; -@@ -1003,12 +1037,24 @@ static void rpc_api_pipe_got_pdu(struct tevent_req *subreq) - "%s\n", - state->endianess?"little":"big", - state->pkt->drep[0]?"little":"big")); -- tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER); -+ /* -+ * TODO: do a real async disconnect ... -+ * -+ * For now do it sync... -+ */ -+ TALLOC_FREE(state->cli->transport); -+ tevent_req_nterror(req, NT_STATUS_RPC_PROTOCOL_ERROR); - return; - } - - if (state->reply_pdu_offset + rdata.length > MAX_RPC_DATA_SIZE) { -- tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER); -+ /* -+ * TODO: do a real async disconnect ... -+ * -+ * For now do it sync... -+ */ -+ TALLOC_FREE(state->cli->transport); -+ tevent_req_nterror(req, NT_STATUS_RPC_PROTOCOL_ERROR); - return; - } - -@@ -1016,6 +1062,12 @@ static void rpc_api_pipe_got_pdu(struct tevent_req *subreq) - if (state->reply_pdu.length < state->reply_pdu_offset + rdata.length) { - if (!data_blob_realloc(NULL, &state->reply_pdu, - state->reply_pdu_offset + rdata.length)) { -+ /* -+ * TODO: do a real async disconnect ... -+ * -+ * For now do it sync... -+ */ -+ TALLOC_FREE(state->cli->transport); - tevent_req_nterror(req, NT_STATUS_NO_MEMORY); - return; - } -@@ -1045,6 +1097,14 @@ static void rpc_api_pipe_got_pdu(struct tevent_req *subreq) - subreq = get_complete_frag_send(state, state->ev, state->cli, - state->call_id, - &state->incoming_frag); -+ if (subreq == NULL) { -+ /* -+ * TODO: do a real async disconnect ... -+ * -+ * For now do it sync... -+ */ -+ TALLOC_FREE(state->cli->transport); -+ } - if (tevent_req_nomem(subreq, req)) { - return; - } -@@ -2574,8 +2634,9 @@ static struct tevent_req *rpccli_bh_disconnect_send(TALLOC_CTX *mem_ctx, - /* - * TODO: do a real async disconnect ... - * -- * For now the caller needs to free rpc_cli -+ * For now we do it sync... - */ -+ TALLOC_FREE(hs->rpc_cli->transport); - hs->rpc_cli = NULL; - - tevent_req_done(req); --- -2.8.1 - diff --git a/src/patches/samba/CVE-2015-7560-v3-6.patch b/src/patches/samba/CVE-2015-7560-v3-6.patch deleted file mode 100644 index 1cf30aeca..000000000 --- a/src/patches/samba/CVE-2015-7560-v3-6.patch +++ /dev/null @@ -1,341 +0,0 @@ -From eb27f9b7bf9c1dc902d9545eecf805831bd4e46c Mon Sep 17 00:00:00 2001 -From: Jeremy Allison jra@samba.org -Date: Tue, 5 Jan 2016 11:18:12 -0800 -Subject: [PATCH 1/8] CVE-2015-7560: s3: smbd: Add refuse_symlink() function - that can be used to prevent operations on a symlink. - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=11648 - -Signed-off-by: Jeremy Allison jra@samba.org -Reviewed-by: Michael Adam obnox@samba.org ---- - source3/smbd/trans2.c | 28 ++++++++++++++++++++++++++++ - 1 file changed, 28 insertions(+) - -diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c -index 26b6523..7f47579 100644 ---- a/source3/smbd/trans2.c -+++ b/source3/smbd/trans2.c -@@ -51,6 +51,34 @@ static char *store_file_unix_basic_info2(connection_struct *conn, - files_struct *fsp, - const SMB_STRUCT_STAT *psbuf); - -+/**************************************************************************** -+ Check if an open file handle or pathname is a symlink. -+****************************************************************************/ -+ -+static NTSTATUS refuse_symlink(connection_struct *conn, -+ const files_struct *fsp, -+ const char *name) -+{ -+ SMB_STRUCT_STAT sbuf; -+ const SMB_STRUCT_STAT *pst = NULL; -+ -+ if (fsp) { -+ pst = &fsp->fsp_name->st; -+ } else { -+ int ret = vfs_stat_smb_fname(conn, -+ name, -+ &sbuf); -+ if (ret == -1) { -+ return map_nt_error_from_unix(errno); -+ } -+ pst = &sbuf; -+ } -+ if (S_ISLNK(pst->st_ex_mode)) { -+ return NT_STATUS_ACCESS_DENIED; -+ } -+ return NT_STATUS_OK; -+} -+ - /******************************************************************** - Roundup a value to the nearest allocation roundup size boundary. - Only do this for Windows clients. --- -2.5.0 - - -From f5b1bcc51e18bc85f376701bb4ae6894d97addfd Mon Sep 17 00:00:00 2001 -From: Jeremy Allison jra@samba.org -Date: Tue, 5 Jan 2016 10:38:28 -0800 -Subject: [PATCH 2/8] CVE-2015-7560: s3: smbd: Refuse to get an ACL from a - POSIX file handle on a symlink. - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=11648 - -Signed-off-by: Jeremy Allison jra@samba.org -Reviewed-by: Michael Adam obnox@samba.org ---- - source3/smbd/nttrans.c | 6 ++++++ - 1 file changed, 6 insertions(+) - -diff --git a/source3/smbd/nttrans.c b/source3/smbd/nttrans.c -index 4c145e0..7255600 100644 ---- a/source3/smbd/nttrans.c -+++ b/source3/smbd/nttrans.c -@@ -1925,6 +1925,12 @@ NTSTATUS smbd_do_query_security_desc(connection_struct *conn, - return NT_STATUS_ACCESS_DENIED; - } - -+ if (S_ISLNK(fsp->fsp_name->st.st_ex_mode)) { -+ DEBUG(10, ("ACL get on symlink %s denied.\n", -+ fsp_str_dbg(fsp))); -+ return NT_STATUS_ACCESS_DENIED; -+ } -+ - if (security_info_wanted & (SECINFO_DACL|SECINFO_OWNER| - SECINFO_GROUP|SECINFO_SACL)) { - /* Don't return SECINFO_LABEL if anything else was --- -2.5.0 - - -From 8bdbe1c90c98efbd08fc70d773d236c4ba00b1ae Mon Sep 17 00:00:00 2001 -From: Jeremy Allison jra@samba.org -Date: Tue, 5 Jan 2016 10:52:50 -0800 -Subject: [PATCH 3/8] CVE-2015-7560: s3: smbd: Refuse to set an ACL from a - POSIX file handle on a symlink. - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=11648 - -Signed-off-by: Jeremy Allison jra@samba.org -Reviewed-by: Michael Adam obnox@samba.org ---- - source3/smbd/nttrans.c | 6 ++++++ - 1 file changed, 6 insertions(+) - -diff --git a/source3/smbd/nttrans.c b/source3/smbd/nttrans.c -index 7255600..d2102ca 100644 ---- a/source3/smbd/nttrans.c -+++ b/source3/smbd/nttrans.c -@@ -877,6 +877,12 @@ NTSTATUS set_sd(files_struct *fsp, struct security_descriptor *psd, - return NT_STATUS_OK; - } - -+ if (S_ISLNK(fsp->fsp_name->st.st_ex_mode)) { -+ DEBUG(10, ("ACL set on symlink %s denied.\n", -+ fsp_str_dbg(fsp))); -+ return NT_STATUS_ACCESS_DENIED; -+ } -+ - if (psd->owner_sid == NULL) { - security_info_sent &= ~SECINFO_OWNER; - } --- -2.5.0 - - -From 612b032e2dedd3e07bbe79718ecbb3b68ffbb7a5 Mon Sep 17 00:00:00 2001 -From: Jeremy Allison jra@samba.org -Date: Tue, 5 Jan 2016 11:22:12 -0800 -Subject: [PATCH 4/8] CVE-2015-7560: s3: smbd: Refuse to set a POSIX ACL on a - symlink. - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=11648 - -Signed-off-by: Jeremy Allison jra@samba.org -Reviewed-by: Michael Adam obnox@samba.org ---- - source3/smbd/trans2.c | 6 ++++++ - 1 file changed, 6 insertions(+) - -diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c -index 7f47579..2f01e87 100644 ---- a/source3/smbd/trans2.c -+++ b/source3/smbd/trans2.c -@@ -6480,6 +6480,7 @@ static NTSTATUS smb_set_posix_acl(connection_struct *conn, - uint16 num_def_acls; - bool valid_file_acls = True; - bool valid_def_acls = True; -+ NTSTATUS status; - - if (total_data < SMB_POSIX_ACL_HEADER_SIZE) { - return NT_STATUS_INVALID_PARAMETER; -@@ -6507,6 +6508,11 @@ static NTSTATUS smb_set_posix_acl(connection_struct *conn, - return NT_STATUS_INVALID_PARAMETER; - } - -+ status = refuse_symlink(conn, fsp, smb_fname->base_name); -+ if (!NT_STATUS_IS_OK(status)) { -+ return status; -+ } -+ - DEBUG(10,("smb_set_posix_acl: file %s num_file_acls = %u, num_def_acls = %u\n", - smb_fname ? smb_fname_str_dbg(smb_fname) : fsp_str_dbg(fsp), - (unsigned int)num_file_acls, --- -2.5.0 - - -From 28e6120d14e5a942df386db0444abaa93a764207 Mon Sep 17 00:00:00 2001 -From: Jeremy Allison jra@samba.org -Date: Tue, 5 Jan 2016 11:24:36 -0800 -Subject: [PATCH 5/8] CVE-2015-7560: s3: smbd: Refuse to get a POSIX ACL on a - symlink. - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=11648 - -Signed-off-by: Jeremy Allison jra@samba.org -Reviewed-by: Michael Adam obnox@samba.org ---- - source3/smbd/trans2.c | 7 +++++++ - 1 file changed, 7 insertions(+) - -diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c -index 2f01e87..3a098d1 100644 ---- a/source3/smbd/trans2.c -+++ b/source3/smbd/trans2.c -@@ -4959,6 +4959,13 @@ NTSTATUS smbd_do_qfilepathinfo(connection_struct *conn, - uint16 num_file_acls = 0; - uint16 num_def_acls = 0; - -+ status = refuse_symlink(conn, -+ fsp, -+ smb_fname->base_name); -+ if (!NT_STATUS_IS_OK(status)) { -+ return status; -+ } -+ - if (fsp && fsp->fh->fd != -1) { - file_acl = SMB_VFS_SYS_ACL_GET_FD(fsp); - } else { --- -2.5.0 - - -From 659bdb80aa65c02cf4f44377cc3bcffb2a817ee0 Mon Sep 17 00:00:00 2001 -From: Jeremy Allison jra@samba.org -Date: Tue, 5 Jan 2016 11:05:48 -0800 -Subject: [PATCH 6/8] CVE-2015-7560: s3: smbd: Set return values early, allows - removal of code duplication. - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=11648 - -Signed-off-by: Jeremy Allison jra@samba.org -Reviewed-by: Michael Adam obnox@samba.org ---- - source3/smbd/trans2.c | 13 +++++-------- - 1 file changed, 5 insertions(+), 8 deletions(-) - -diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c -index 3a098d1..6fdd1da 100644 ---- a/source3/smbd/trans2.c -+++ b/source3/smbd/trans2.c -@@ -210,11 +210,12 @@ NTSTATUS get_ea_names_from_file(TALLOC_CTX *mem_ctx, connection_struct *conn, - size_t num_names; - ssize_t sizeret = -1; - -+ if (pnames) { -+ *pnames = NULL; -+ } -+ *pnum_names = 0; -+ - if (!lp_ea_support(SNUM(conn))) { -- if (pnames) { -- *pnames = NULL; -- } -- *pnum_names = 0; - return NT_STATUS_OK; - } - -@@ -264,10 +265,6 @@ NTSTATUS get_ea_names_from_file(TALLOC_CTX *mem_ctx, connection_struct *conn, - - if (sizeret == 0) { - TALLOC_FREE(names); -- if (pnames) { -- *pnames = NULL; -- } -- *pnum_names = 0; - return NT_STATUS_OK; - } - --- -2.5.0 - - -From 4ba5e7cf01b8074b0313ecb7e218355d771df1cc Mon Sep 17 00:00:00 2001 -From: Jeremy Allison jra@samba.org -Date: Tue, 5 Jan 2016 11:29:38 -0800 -Subject: [PATCH 7/8] CVE-2015-7560: s3: smbd: Silently return no EA's - available on a symlink. - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=11648 - -Signed-off-by: Jeremy Allison jra@samba.org -Reviewed-by: Michael Adam obnox@samba.org ---- - source3/smbd/trans2.c | 9 +++++++++ - 1 file changed, 9 insertions(+) - -diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c -index 6fdd1da..8b6e4b2 100644 ---- a/source3/smbd/trans2.c -+++ b/source3/smbd/trans2.c -@@ -209,6 +209,7 @@ NTSTATUS get_ea_names_from_file(TALLOC_CTX *mem_ctx, connection_struct *conn, - char **names, **tmp; - size_t num_names; - ssize_t sizeret = -1; -+ NTSTATUS status; - - if (pnames) { - *pnames = NULL; -@@ -219,6 +220,14 @@ NTSTATUS get_ea_names_from_file(TALLOC_CTX *mem_ctx, connection_struct *conn, - return NT_STATUS_OK; - } - -+ status = refuse_symlink(conn, fsp, fname); -+ if (!NT_STATUS_IS_OK(status)) { -+ /* -+ * Just return no EA's on a symlink. -+ */ -+ return NT_STATUS_OK; -+ } -+ - /* - * TALLOC the result early to get the talloc hierarchy right. - */ --- -2.5.0 - - -From 9d8c7274ab87a0c07367e872ca1db7fd72886fde Mon Sep 17 00:00:00 2001 -From: Jeremy Allison jra@samba.org -Date: Tue, 5 Jan 2016 11:33:48 -0800 -Subject: [PATCH 8/8] CVE-2015-7560: s3: smbd: Refuse to set EA's on a symlink. - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=11648 - -Signed-off-by: Jeremy Allison jra@samba.org -Reviewed-by: Michael Adam obnox@samba.org ---- - source3/smbd/trans2.c | 7 +++++++ - 1 file changed, 7 insertions(+) - -diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c -index 8b6e4b2..98fd2af 100644 ---- a/source3/smbd/trans2.c -+++ b/source3/smbd/trans2.c -@@ -584,6 +584,7 @@ NTSTATUS set_ea(connection_struct *conn, files_struct *fsp, - const struct smb_filename *smb_fname, struct ea_list *ea_list) - { - char *fname = NULL; -+ NTSTATUS status; - - if (!lp_ea_support(SNUM(conn))) { - return NT_STATUS_EAS_NOT_SUPPORTED; -@@ -593,6 +594,12 @@ NTSTATUS set_ea(connection_struct *conn, files_struct *fsp, - return NT_STATUS_ACCESS_DENIED; - } - -+ status = refuse_symlink(conn, fsp, smb_fname->base_name); -+ if (!NT_STATUS_IS_OK(status)) { -+ return status; -+ } -+ -+ - /* For now setting EAs on streams isn't supported. */ - fname = smb_fname->base_name; - --- -2.5.0 - diff --git a/src/patches/samba/CVE-2016-2110-v3-6.patch b/src/patches/samba/CVE-2016-2110-v3-6.patch deleted file mode 100644 index 1f454bec8..000000000 --- a/src/patches/samba/CVE-2016-2110-v3-6.patch +++ /dev/null @@ -1,670 +0,0 @@ -From 202d69267c8550b850438877fb51c3d2c992949d Mon Sep 17 00:00:00 2001 -From: Stefan Metzmacher metze@samba.org -Date: Tue, 1 Dec 2015 08:46:45 +0100 -Subject: [PATCH 01/10] CVE-2016-2110: s3:ntlmssp: set and use - ntlmssp_state->allow_lm_key -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=11644 - -Signed-off-by: Stefan Metzmacher metze@samba.org -Reviewed-by: Günther Deschner gd@samba.org ---- - source3/libsmb/ntlmssp.c | 4 +++- - 1 file changed, 3 insertions(+), 1 deletion(-) - -diff --git a/source3/libsmb/ntlmssp.c b/source3/libsmb/ntlmssp.c -index 1de6189..20a5987 100644 ---- a/source3/libsmb/ntlmssp.c -+++ b/source3/libsmb/ntlmssp.c -@@ -530,7 +530,8 @@ noccache: - DEBUG(3, ("Got challenge flags:\n")); - debug_ntlmssp_flags(chal_flags); - -- ntlmssp_handle_neg_flags(ntlmssp_state, chal_flags, lp_client_lanman_auth()); -+ ntlmssp_handle_neg_flags(ntlmssp_state, chal_flags, -+ ntlmssp_state->allow_lm_key); - - if (ntlmssp_state->unicode) { - if (chal_flags & NTLMSSP_NEGOTIATE_TARGET_INFO) { -@@ -769,6 +770,7 @@ NTSTATUS ntlmssp_client_start(TALLOC_CTX *mem_ctx, - ntlmssp_state->unicode = True; - - ntlmssp_state->use_ntlmv2 = use_ntlmv2; -+ ntlmssp_state->allow_lm_key = lp_client_lanman_auth(); - - ntlmssp_state->expected_state = NTLMSSP_INITIAL; - --- -2.8.1 - - -From a701bc5f8a76584a2e0680b2c3dd9afb77f12430 Mon Sep 17 00:00:00 2001 -From: Stefan Metzmacher metze@samba.org -Date: Fri, 11 Dec 2015 14:50:23 +0100 -Subject: [PATCH 02/10] CVE-2016-2110: s3:ntlmssp: add - ntlmssp3_handle_neg_flags() -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -This is a copy of ntlmssp_handle_neg_flags(), which will be changed -in an incompatible way in the following commits. - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=11644 - -Signed-off-by: Stefan Metzmacher metze@samba.org -Reviewed-by: Günther Deschner gd@samba.org ---- - source3/libsmb/ntlmssp.c | 58 ++++++++++++++++++++++++++++++++++++++++++++++-- - 1 file changed, 56 insertions(+), 2 deletions(-) - -diff --git a/source3/libsmb/ntlmssp.c b/source3/libsmb/ntlmssp.c -index 20a5987..ad09f9f 100644 ---- a/source3/libsmb/ntlmssp.c -+++ b/source3/libsmb/ntlmssp.c -@@ -422,6 +422,60 @@ static NTSTATUS ntlmssp_client_initial(struct ntlmssp_state *ntlmssp_state, - return NT_STATUS_MORE_PROCESSING_REQUIRED; - } - -+static void ntlmssp3_handle_neg_flags(struct ntlmssp_state *ntlmssp_state, -+ uint32_t neg_flags, bool allow_lm) -+{ -+ if (neg_flags & NTLMSSP_NEGOTIATE_UNICODE) { -+ ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_UNICODE; -+ ntlmssp_state->neg_flags &= ~NTLMSSP_NEGOTIATE_OEM; -+ ntlmssp_state->unicode = true; -+ } else { -+ ntlmssp_state->neg_flags &= ~NTLMSSP_NEGOTIATE_UNICODE; -+ ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_OEM; -+ ntlmssp_state->unicode = false; -+ } -+ -+ if ((neg_flags & NTLMSSP_NEGOTIATE_LM_KEY) && allow_lm) { -+ /* other end forcing us to use LM */ -+ ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_LM_KEY; -+ ntlmssp_state->use_ntlmv2 = false; -+ } else { -+ ntlmssp_state->neg_flags &= ~NTLMSSP_NEGOTIATE_LM_KEY; -+ } -+ -+ if (!(neg_flags & NTLMSSP_NEGOTIATE_ALWAYS_SIGN)) { -+ ntlmssp_state->neg_flags &= ~NTLMSSP_NEGOTIATE_ALWAYS_SIGN; -+ } -+ -+ if (!(neg_flags & NTLMSSP_NEGOTIATE_NTLM2)) { -+ ntlmssp_state->neg_flags &= ~NTLMSSP_NEGOTIATE_NTLM2; -+ } -+ -+ if (!(neg_flags & NTLMSSP_NEGOTIATE_128)) { -+ ntlmssp_state->neg_flags &= ~NTLMSSP_NEGOTIATE_128; -+ } -+ -+ if (!(neg_flags & NTLMSSP_NEGOTIATE_56)) { -+ ntlmssp_state->neg_flags &= ~NTLMSSP_NEGOTIATE_56; -+ } -+ -+ if (!(neg_flags & NTLMSSP_NEGOTIATE_KEY_EXCH)) { -+ ntlmssp_state->neg_flags &= ~NTLMSSP_NEGOTIATE_KEY_EXCH; -+ } -+ -+ if (!(neg_flags & NTLMSSP_NEGOTIATE_SIGN)) { -+ ntlmssp_state->neg_flags &= ~NTLMSSP_NEGOTIATE_SIGN; -+ } -+ -+ if (!(neg_flags & NTLMSSP_NEGOTIATE_SEAL)) { -+ ntlmssp_state->neg_flags &= ~NTLMSSP_NEGOTIATE_SEAL; -+ } -+ -+ if ((neg_flags & NTLMSSP_REQUEST_TARGET)) { -+ ntlmssp_state->neg_flags |= NTLMSSP_REQUEST_TARGET; -+ } -+} -+ - /** - * Next state function for the Challenge Packet. Generate an auth packet. - * -@@ -530,8 +584,8 @@ noccache: - DEBUG(3, ("Got challenge flags:\n")); - debug_ntlmssp_flags(chal_flags); - -- ntlmssp_handle_neg_flags(ntlmssp_state, chal_flags, -- ntlmssp_state->allow_lm_key); -+ ntlmssp3_handle_neg_flags(ntlmssp_state, chal_flags, -+ ntlmssp_state->allow_lm_key); - - if (ntlmssp_state->unicode) { - if (chal_flags & NTLMSSP_NEGOTIATE_TARGET_INFO) { --- -2.8.1 - - -From 92b2f5315d135b7b83a3ae106b43d18181be2f02 Mon Sep 17 00:00:00 2001 -From: Andreas Schneider asn@cryptomilk.org -Date: Thu, 31 Mar 2016 12:39:50 +0200 -Subject: [PATCH 03/10] CVE-2016-2110: s3:ntlmssp: let - ntlmssp3_handle_neg_flags() return NTSTATUS -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -In future we can do a more fine granted negotiation -and assert specific security features. - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=11644 - -Signed-off-by: Stefan Metzmacher metze@samba.org -Reviewed-by: Günther Deschner gd@samba.org ---- - source3/libsmb/ntlmssp.c | 33 +++++++++++++++++++-------------- - 1 file changed, 19 insertions(+), 14 deletions(-) - -diff --git a/source3/libsmb/ntlmssp.c b/source3/libsmb/ntlmssp.c -index ad09f9f..81a85ce 100644 ---- a/source3/libsmb/ntlmssp.c -+++ b/source3/libsmb/ntlmssp.c -@@ -422,10 +422,10 @@ static NTSTATUS ntlmssp_client_initial(struct ntlmssp_state *ntlmssp_state, - return NT_STATUS_MORE_PROCESSING_REQUIRED; - } - --static void ntlmssp3_handle_neg_flags(struct ntlmssp_state *ntlmssp_state, -- uint32_t neg_flags, bool allow_lm) -+static NTSTATUS ntlmssp3_handle_neg_flags(struct ntlmssp_state *ntlmssp_state, -+ uint32_t flags) - { -- if (neg_flags & NTLMSSP_NEGOTIATE_UNICODE) { -+ if (flags & NTLMSSP_NEGOTIATE_UNICODE) { - ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_UNICODE; - ntlmssp_state->neg_flags &= ~NTLMSSP_NEGOTIATE_OEM; - ntlmssp_state->unicode = true; -@@ -435,7 +435,7 @@ static void ntlmssp3_handle_neg_flags(struct ntlmssp_state *ntlmssp_state, - ntlmssp_state->unicode = false; - } - -- if ((neg_flags & NTLMSSP_NEGOTIATE_LM_KEY) && allow_lm) { -+ if ((flags & NTLMSSP_NEGOTIATE_LM_KEY) && ntlmssp_state->allow_lm_key) { - /* other end forcing us to use LM */ - ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_LM_KEY; - ntlmssp_state->use_ntlmv2 = false; -@@ -443,37 +443,39 @@ static void ntlmssp3_handle_neg_flags(struct ntlmssp_state *ntlmssp_state, - ntlmssp_state->neg_flags &= ~NTLMSSP_NEGOTIATE_LM_KEY; - } - -- if (!(neg_flags & NTLMSSP_NEGOTIATE_ALWAYS_SIGN)) { -+ if (!(flags & NTLMSSP_NEGOTIATE_ALWAYS_SIGN)) { - ntlmssp_state->neg_flags &= ~NTLMSSP_NEGOTIATE_ALWAYS_SIGN; - } - -- if (!(neg_flags & NTLMSSP_NEGOTIATE_NTLM2)) { -+ if (!(flags & NTLMSSP_NEGOTIATE_NTLM2)) { - ntlmssp_state->neg_flags &= ~NTLMSSP_NEGOTIATE_NTLM2; - } - -- if (!(neg_flags & NTLMSSP_NEGOTIATE_128)) { -+ if (!(flags & NTLMSSP_NEGOTIATE_128)) { - ntlmssp_state->neg_flags &= ~NTLMSSP_NEGOTIATE_128; - } - -- if (!(neg_flags & NTLMSSP_NEGOTIATE_56)) { -+ if (!(flags & NTLMSSP_NEGOTIATE_56)) { - ntlmssp_state->neg_flags &= ~NTLMSSP_NEGOTIATE_56; - } - -- if (!(neg_flags & NTLMSSP_NEGOTIATE_KEY_EXCH)) { -+ if (!(flags & NTLMSSP_NEGOTIATE_KEY_EXCH)) { - ntlmssp_state->neg_flags &= ~NTLMSSP_NEGOTIATE_KEY_EXCH; - } - -- if (!(neg_flags & NTLMSSP_NEGOTIATE_SIGN)) { -+ if (!(flags & NTLMSSP_NEGOTIATE_SIGN)) { - ntlmssp_state->neg_flags &= ~NTLMSSP_NEGOTIATE_SIGN; - } - -- if (!(neg_flags & NTLMSSP_NEGOTIATE_SEAL)) { -+ if (!(flags & NTLMSSP_NEGOTIATE_SEAL)) { - ntlmssp_state->neg_flags &= ~NTLMSSP_NEGOTIATE_SEAL; - } - -- if ((neg_flags & NTLMSSP_REQUEST_TARGET)) { -+ if ((flags & NTLMSSP_REQUEST_TARGET)) { - ntlmssp_state->neg_flags |= NTLMSSP_REQUEST_TARGET; - } -+ -+ return NT_STATUS_OK; - } - - /** -@@ -584,8 +586,11 @@ noccache: - DEBUG(3, ("Got challenge flags:\n")); - debug_ntlmssp_flags(chal_flags); - -- ntlmssp3_handle_neg_flags(ntlmssp_state, chal_flags, -- ntlmssp_state->allow_lm_key); -+ nt_status = ntlmssp3_handle_neg_flags(ntlmssp_state, chal_flags); -+ if (!NT_STATUS_IS_OK(nt_status)) { -+ return nt_status; -+ } -+ - - if (ntlmssp_state->unicode) { - if (chal_flags & NTLMSSP_NEGOTIATE_TARGET_INFO) { --- -2.8.1 - - -From a239a337e3c0081af1a41aaac8957bb1aa0771f8 Mon Sep 17 00:00:00 2001 -From: Stefan Metzmacher metze@samba.org -Date: Tue, 1 Dec 2015 15:01:09 +0100 -Subject: [PATCH 04/10] CVE-2016-2110: s3:ntlmssp: don't allow a downgrade from - NTLMv2 to LM_AUTH -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -man smb.conf says "client ntlmv2 auth = yes" the default disables, -"client lanman auth = yes": - - ... - Likewise, if the client ntlmv2 auth parameter is enabled, then only NTLMv2 - logins will be attempted. - ... - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=11644 - -Signed-off-by: Stefan Metzmacher metze@samba.org -Reviewed-by: Günther Deschner gd@samba.org ---- - source3/libsmb/ntlmssp.c | 4 ++++ - 1 file changed, 4 insertions(+) - -diff --git a/source3/libsmb/ntlmssp.c b/source3/libsmb/ntlmssp.c -index 81a85ce..23a5e5d 100644 ---- a/source3/libsmb/ntlmssp.c -+++ b/source3/libsmb/ntlmssp.c -@@ -841,6 +841,10 @@ NTSTATUS ntlmssp_client_start(TALLOC_CTX *mem_ctx, - NTLMSSP_NEGOTIATE_KEY_EXCH | - NTLMSSP_REQUEST_TARGET; - -+ if (ntlmssp_state->use_ntlmv2) { -+ ntlmssp_state->allow_lm_key = false; -+ } -+ - ntlmssp_state->client.netbios_name = talloc_strdup(ntlmssp_state, netbios_name); - if (!ntlmssp_state->client.netbios_name) { - talloc_free(ntlmssp_state); --- -2.8.1 - - -From e11dc9aa90420947f9fc82365b55ecb08353451c Mon Sep 17 00:00:00 2001 -From: Stefan Metzmacher metze@samba.org -Date: Thu, 31 Mar 2016 12:59:05 +0200 -Subject: [PATCH 05/10] CVE-2016-2110: s3:ntlmssp: maintain a required_flags - variable -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -We now give an error when required flags are missing. - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=11644 - -Signed-off-by: Stefan Metzmacher metze@samba.org -Reviewed-by: Günther Deschner gd@samba.org ---- - libcli/auth/ntlmssp.h | 1 + - source3/libsmb/ntlmssp.c | 20 ++++++++++++++++++++ - 2 files changed, 21 insertions(+) - -diff --git a/libcli/auth/ntlmssp.h b/libcli/auth/ntlmssp.h -index 495d94f..88a049b 100644 ---- a/libcli/auth/ntlmssp.h -+++ b/libcli/auth/ntlmssp.h -@@ -83,6 +83,7 @@ struct ntlmssp_state - DATA_BLOB nt_resp; - DATA_BLOB session_key; - -+ uint32_t required_flags; - uint32_t neg_flags; /* the current state of negotiation with the NTLMSSP partner */ - - /** -diff --git a/source3/libsmb/ntlmssp.c b/source3/libsmb/ntlmssp.c -index 23a5e5d..48d7d45 100644 ---- a/source3/libsmb/ntlmssp.c -+++ b/source3/libsmb/ntlmssp.c -@@ -425,6 +425,8 @@ static NTSTATUS ntlmssp_client_initial(struct ntlmssp_state *ntlmssp_state, - static NTSTATUS ntlmssp3_handle_neg_flags(struct ntlmssp_state *ntlmssp_state, - uint32_t flags) - { -+ uint32_t missing_flags = ntlmssp_state->required_flags; -+ - if (flags & NTLMSSP_NEGOTIATE_UNICODE) { - ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_UNICODE; - ntlmssp_state->neg_flags &= ~NTLMSSP_NEGOTIATE_OEM; -@@ -475,6 +477,24 @@ static NTSTATUS ntlmssp3_handle_neg_flags(struct ntlmssp_state *ntlmssp_state, - ntlmssp_state->neg_flags |= NTLMSSP_REQUEST_TARGET; - } - -+ missing_flags &= ~ntlmssp_state->neg_flags; -+ if (missing_flags != 0) { -+ NTSTATUS status = NT_STATUS_RPC_SEC_PKG_ERROR; -+ DEBUG(1, ("%s: Got challenge flags[0x%08x] " -+ "- possible downgrade detected! " -+ "missing_flags[0x%08x] - %s\n", -+ __func__, -+ (unsigned)flags, -+ (unsigned)missing_flags, -+ nt_errstr(status))); -+ debug_ntlmssp_flags(missing_flags); -+ DEBUGADD(4, ("neg_flags[0x%08x]\n", -+ (unsigned)ntlmssp_state->neg_flags)); -+ debug_ntlmssp_flags(ntlmssp_state->neg_flags); -+ -+ return status; -+ } -+ - return NT_STATUS_OK; - } - --- -2.8.1 - - -From 06ca5b7655e577ff6e2d5817cf221c05f9bb5c86 Mon Sep 17 00:00:00 2001 -From: Stefan Metzmacher metze@samba.org -Date: Thu, 31 Mar 2016 13:03:24 +0200 -Subject: [PATCH 06/10] CVE-2016-2110: s3:ntlmssp: don't allow a downgrade from - NTLMv2 to LM_AUTH -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -man smb.conf says "client ntlmv2 auth = yes" the default disables, -"client lanman auth = yes": - - ... - Likewise, if the client ntlmv2 auth parameter is enabled, then only - NTLMv2 logins will be attempted. - ... - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=11644 - -Signed-off-by: Stefan Metzmacher metze@samba.org -Reviewed-by: Günther Deschner gd@samba.org ---- - source3/libsmb/ntlmssp.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/source3/libsmb/ntlmssp.c b/source3/libsmb/ntlmssp.c -index 48d7d45..bf40404 100644 ---- a/source3/libsmb/ntlmssp.c -+++ b/source3/libsmb/ntlmssp.c -@@ -388,6 +388,7 @@ static NTSTATUS ntlmssp_client_initial(struct ntlmssp_state *ntlmssp_state, - - if (ntlmssp_state->use_ntlmv2) { - ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_NTLM2; -+ ntlmssp_state->allow_lm_key = false; - } - - /* generate the ntlmssp negotiate packet */ --- -2.8.1 - - -From f99d4469a8b09dd93eb7124f2814e15869915671 Mon Sep 17 00:00:00 2001 -From: Andreas Schneider asn@samba.org -Date: Mon, 11 Apr 2016 16:18:44 +0200 -Subject: [PATCH 07/10] CVE-2016-2110: auth/ntlmssp: don't let - ntlmssp3_handle_neg_flags() change ntlmssp_state->use_ntlmv2 - -ntlmssp_handle_neg_flags() can only disable flags, but not -set them. All supported flags are set at start time. - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=11644 - -Signed-off-by: Andreas Schneider asn@samba.org -Reviewed-by: Guenther Deschner gd@samba.org ---- - source3/libsmb/ntlmssp.c | 26 +++++++++++++++++--------- - 1 file changed, 17 insertions(+), 9 deletions(-) - -diff --git a/source3/libsmb/ntlmssp.c b/source3/libsmb/ntlmssp.c -index bf40404..7b17a43 100644 ---- a/source3/libsmb/ntlmssp.c -+++ b/source3/libsmb/ntlmssp.c -@@ -391,6 +391,10 @@ static NTSTATUS ntlmssp_client_initial(struct ntlmssp_state *ntlmssp_state, - ntlmssp_state->allow_lm_key = false; - } - -+ if (ntlmssp_state->allow_lm_key) { -+ ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_LM_KEY; -+ } -+ - /* generate the ntlmssp negotiate packet */ - status = msrpc_gen(ntlmssp_state, next_request, "CddAA", - "NTLMSSP", -@@ -438,20 +442,24 @@ static NTSTATUS ntlmssp3_handle_neg_flags(struct ntlmssp_state *ntlmssp_state, - ntlmssp_state->unicode = false; - } - -- if ((flags & NTLMSSP_NEGOTIATE_LM_KEY) && ntlmssp_state->allow_lm_key) { -- /* other end forcing us to use LM */ -- ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_LM_KEY; -- ntlmssp_state->use_ntlmv2 = false; -- } else { -+ /* -+ * NTLMSSP_NEGOTIATE_NTLM2 (NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY) -+ * has priority over NTLMSSP_NEGOTIATE_LM_KEY -+ */ -+ if (!(flags & NTLMSSP_NEGOTIATE_NTLM2)) { -+ ntlmssp_state->neg_flags &= ~NTLMSSP_NEGOTIATE_NTLM2; -+ } -+ -+ if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_NTLM2) { - ntlmssp_state->neg_flags &= ~NTLMSSP_NEGOTIATE_LM_KEY; - } - -- if (!(flags & NTLMSSP_NEGOTIATE_ALWAYS_SIGN)) { -- ntlmssp_state->neg_flags &= ~NTLMSSP_NEGOTIATE_ALWAYS_SIGN; -+ if (!(flags & NTLMSSP_NEGOTIATE_LM_KEY)) { -+ ntlmssp_state->neg_flags &= ~NTLMSSP_NEGOTIATE_LM_KEY; - } - -- if (!(flags & NTLMSSP_NEGOTIATE_NTLM2)) { -- ntlmssp_state->neg_flags &= ~NTLMSSP_NEGOTIATE_NTLM2; -+ if (!(flags & NTLMSSP_NEGOTIATE_ALWAYS_SIGN)) { -+ ntlmssp_state->neg_flags &= ~NTLMSSP_NEGOTIATE_ALWAYS_SIGN; - } - - if (!(flags & NTLMSSP_NEGOTIATE_128)) { --- -2.8.1 - - -From 71dda1c57c36a9816af7873f169306a766e0284a Mon Sep 17 00:00:00 2001 -From: Stefan Metzmacher metze@samba.org -Date: Thu, 31 Mar 2016 14:21:12 +0200 -Subject: [PATCH 08/10] CVE-2016-2110: s3:ntlmssp: let ntlmssp3_client_initial - require NTLM2 (EXTENDED_SESSIONSECURITY) when using ntlmv2 -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=11644 - -Signed-off-by: Stefan Metzmacher metze@samba.org -Reviewed-by: Günther Deschner gd@samba.org ---- - source3/libsmb/ntlmssp.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/source3/libsmb/ntlmssp.c b/source3/libsmb/ntlmssp.c -index 7b17a43..d5c83fd 100644 ---- a/source3/libsmb/ntlmssp.c -+++ b/source3/libsmb/ntlmssp.c -@@ -387,7 +387,7 @@ static NTSTATUS ntlmssp_client_initial(struct ntlmssp_state *ntlmssp_state, - } - - if (ntlmssp_state->use_ntlmv2) { -- ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_NTLM2; -+ ntlmssp_state->required_flags |= NTLMSSP_NEGOTIATE_NTLM2; - ntlmssp_state->allow_lm_key = false; - } - --- -2.8.1 - - -From 911e171bd6fc66e2960cbcdf8c48f2f97d19313b Mon Sep 17 00:00:00 2001 -From: Andreas Schneider asn@cryptomilk.org -Date: Thu, 31 Mar 2016 14:30:05 +0200 -Subject: [PATCH 09/10] CVE-2016-2110: s3:ntlmssp: Change want_fetures to - require flags - -Pair-Programmed-With: Ralph Boehme slow@samba.org -Signed-off-by: Andreas Schneider asn@samba.org -Signed-off-by: Ralph Boehme slow@samba.org ---- - source3/libsmb/ntlmssp.c | 17 +++++++++++------ - 1 file changed, 11 insertions(+), 6 deletions(-) - -diff --git a/source3/libsmb/ntlmssp.c b/source3/libsmb/ntlmssp.c -index d5c83fd..309175b 100644 ---- a/source3/libsmb/ntlmssp.c -+++ b/source3/libsmb/ntlmssp.c -@@ -176,17 +176,19 @@ void ntlmssp_want_feature_list(struct ntlmssp_state *ntlmssp_state, char *featur - * also add NTLMSSP_NEGOTIATE_SEAL here. JRA. - */ - if (in_list("NTLMSSP_FEATURE_SESSION_KEY", feature_list, True)) { -- ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SIGN; -+ ntlmssp_state->required_flags |= NTLMSSP_NEGOTIATE_SIGN; - } - if (in_list("NTLMSSP_FEATURE_SIGN", feature_list, True)) { -- ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SIGN; -+ ntlmssp_state->required_flags |= NTLMSSP_NEGOTIATE_SIGN; - } - if(in_list("NTLMSSP_FEATURE_SEAL", feature_list, True)) { -- ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SEAL; -+ ntlmssp_state->required_flags |= NTLMSSP_NEGOTIATE_SEAL; - } - if (in_list("NTLMSSP_FEATURE_CCACHE", feature_list, true)) { - ntlmssp_state->use_ccache = true; - } -+ -+ ntlmssp_state->neg_flags |= ntlmssp_state->required_flags; - } - - /** -@@ -199,17 +201,20 @@ void ntlmssp_want_feature(struct ntlmssp_state *ntlmssp_state, uint32_t feature) - { - /* As per JRA's comment above */ - if (feature & NTLMSSP_FEATURE_SESSION_KEY) { -- ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SIGN; -+ ntlmssp_state->required_flags |= NTLMSSP_NEGOTIATE_SIGN; - } - if (feature & NTLMSSP_FEATURE_SIGN) { -- ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SIGN; -+ ntlmssp_state->required_flags |= NTLMSSP_NEGOTIATE_SIGN; - } - if (feature & NTLMSSP_FEATURE_SEAL) { -- ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SEAL; -+ ntlmssp_state->required_flags |= NTLMSSP_NEGOTIATE_SIGN; -+ ntlmssp_state->required_flags |= NTLMSSP_NEGOTIATE_SEAL; - } - if (feature & NTLMSSP_FEATURE_CCACHE) { - ntlmssp_state->use_ccache = true; - } -+ -+ ntlmssp_state->neg_flags |= ntlmssp_state->required_flags; - } - - /** --- -2.8.1 - - -From a95a44eff90cdbd42d683567e0d511e9d52026ad Mon Sep 17 00:00:00 2001 -From: Andreas Schneider asn@samba.org -Date: Thu, 31 Mar 2016 15:02:11 +0200 -Subject: [PATCH 10/10] CVE-2016-2110: s3:ntlmssp: Fix downgrade also for the - ntlmssp creds cache case - -Pair-Programmed-With: Ralph Boehme slow@samba.org -Signed-off-by: Andreas Schneider asn@samba.org -Signed-off-by: Ralph Boehme slow@samba.org ---- - source3/libsmb/ntlmssp.c | 42 ++++++++++++++++++++---------------------- - 1 file changed, 20 insertions(+), 22 deletions(-) - -diff --git a/source3/libsmb/ntlmssp.c b/source3/libsmb/ntlmssp.c -index 309175b..045dc87 100644 ---- a/source3/libsmb/ntlmssp.c -+++ b/source3/libsmb/ntlmssp.c -@@ -538,6 +538,26 @@ static NTSTATUS ntlmssp_client_challenge(struct ntlmssp_state *ntlmssp_state, - DATA_BLOB encrypted_session_key = data_blob_null; - NTSTATUS nt_status = NT_STATUS_OK; - -+ if (!msrpc_parse(ntlmssp_state, &reply, "CdBd", -+ "NTLMSSP", -+ &ntlmssp_command, -+ &server_domain_blob, -+ &chal_flags)) { -+ DEBUG(1, ("Failed to parse the NTLMSSP Challenge: (#1)\n")); -+ dump_data(2, reply.data, reply.length); -+ -+ return NT_STATUS_INVALID_PARAMETER; -+ } -+ data_blob_free(&server_domain_blob); -+ -+ DEBUG(3, ("Got challenge flags:\n")); -+ debug_ntlmssp_flags(chal_flags); -+ -+ nt_status = ntlmssp3_handle_neg_flags(ntlmssp_state, chal_flags); -+ if (!NT_STATUS_IS_OK(nt_status)) { -+ return nt_status; -+ } -+ - if (ntlmssp_state->use_ccache) { - struct wbcCredentialCacheParams params; - struct wbcCredentialCacheInfo *info = NULL; -@@ -588,17 +608,6 @@ static NTSTATUS ntlmssp_client_challenge(struct ntlmssp_state *ntlmssp_state, - - noccache: - -- if (!msrpc_parse(ntlmssp_state, &reply, "CdBd", -- "NTLMSSP", -- &ntlmssp_command, -- &server_domain_blob, -- &chal_flags)) { -- DEBUG(1, ("Failed to parse the NTLMSSP Challenge: (#1)\n")); -- dump_data(2, reply.data, reply.length); -- -- return NT_STATUS_INVALID_PARAMETER; -- } -- - if (DEBUGLEVEL >= 10) { - struct CHALLENGE_MESSAGE *challenge = talloc( - talloc_tos(), struct CHALLENGE_MESSAGE); -@@ -615,17 +624,6 @@ noccache: - } - } - -- data_blob_free(&server_domain_blob); -- -- DEBUG(3, ("Got challenge flags:\n")); -- debug_ntlmssp_flags(chal_flags); -- -- nt_status = ntlmssp3_handle_neg_flags(ntlmssp_state, chal_flags); -- if (!NT_STATUS_IS_OK(nt_status)) { -- return nt_status; -- } -- -- - if (ntlmssp_state->unicode) { - if (chal_flags & NTLMSSP_NEGOTIATE_TARGET_INFO) { - chal_parse_string = "CdUdbddB"; --- -2.8.1 - diff --git a/src/patches/samba/CVE-2016-2111-v3-6.patch b/src/patches/samba/CVE-2016-2111-v3-6.patch deleted file mode 100644 index 981736783..000000000 --- a/src/patches/samba/CVE-2016-2111-v3-6.patch +++ /dev/null @@ -1,1058 +0,0 @@ -From ee105156fa151ebfd34b8febc2928e144b3b7b0e Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?G=C3=BCnther=20Deschner?= gd@samba.org -Date: Sat, 26 Sep 2015 01:29:10 +0200 -Subject: [PATCH 01/15] CVE-2016-2111: s3:rpc_server/netlogon: always go - through netr_creds_server_step_check() - -The ensures we apply the "server schannel = yes" restrictions. - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=11749 - -Pair-Programmed-With: Stefan Metzmacher metze@samba.org - -Signed-off-by: Guenther Deschner gd@samba.org -Signed-off-by: Stefan Metzmacher metze@samba.org ---- - source3/rpc_server/netlogon/srv_netlog_nt.c | 24 ++++++++++++++---------- - 1 file changed, 14 insertions(+), 10 deletions(-) - -diff --git a/source3/rpc_server/netlogon/srv_netlog_nt.c b/source3/rpc_server/netlogon/srv_netlog_nt.c -index 4734bfe..54b8c5c 100644 ---- a/source3/rpc_server/netlogon/srv_netlog_nt.c -+++ b/source3/rpc_server/netlogon/srv_netlog_nt.c -@@ -2271,11 +2271,13 @@ NTSTATUS _netr_GetForestTrustInformation(struct pipes_struct *p, - - /* TODO: check server name */ - -- status = schannel_check_creds_state(p->mem_ctx, lp_private_dir(), -- r->in.computer_name, -- r->in.credential, -- r->out.return_authenticator, -- &creds); -+ become_root(); -+ status = netr_creds_server_step_check(p, p->mem_ctx, -+ r->in.computer_name, -+ r->in.credential, -+ r->out.return_authenticator, -+ &creds); -+ unbecome_root(); - if (!NT_STATUS_IS_OK(status)) { - return status; - } -@@ -2371,11 +2373,13 @@ NTSTATUS _netr_ServerGetTrustInfo(struct pipes_struct *p, - - /* TODO: check server name */ - -- status = schannel_check_creds_state(p->mem_ctx, lp_private_dir(), -- r->in.computer_name, -- r->in.credential, -- r->out.return_authenticator, -- &creds); -+ become_root(); -+ status = netr_creds_server_step_check(p, p->mem_ctx, -+ r->in.computer_name, -+ r->in.credential, -+ r->out.return_authenticator, -+ &creds); -+ unbecome_root(); - if (!NT_STATUS_IS_OK(status)) { - return status; - } --- -2.8.1 - - -From f93668be5dffea9b67c5ec2d49ebf7495b74c7fc Mon Sep 17 00:00:00 2001 -From: Stefan Metzmacher metze@samba.org -Date: Fri, 7 Aug 2015 13:33:17 +0200 -Subject: [PATCH 02/15] CVE-2016-2111: s3:rpc_server/netlogon: require - DCERPC_AUTH_LEVEL_PRIVACY for validation level 6 -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=11749 - -Signed-off-by: Stefan Metzmacher metze@samba.org -Reviewed-by: Günther Deschner gd@samba.org ---- - source3/rpc_server/netlogon/srv_netlog_nt.c | 8 ++++++++ - 1 file changed, 8 insertions(+) - -diff --git a/source3/rpc_server/netlogon/srv_netlog_nt.c b/source3/rpc_server/netlogon/srv_netlog_nt.c -index 54b8c5c..30e1bc0 100644 ---- a/source3/rpc_server/netlogon/srv_netlog_nt.c -+++ b/source3/rpc_server/netlogon/srv_netlog_nt.c -@@ -1636,6 +1636,14 @@ static NTSTATUS _netr_LogonSamLogon_base(struct pipes_struct *p, - r->out.validation->sam3); - break; - case 6: -+ /* Only allow this if the pipe is protected. */ -+ if (p->auth.auth_level < DCERPC_AUTH_LEVEL_PRIVACY) { -+ DEBUG(0,("netr_Validation6: client %s not using privacy for netlogon\n", -+ get_remote_machine_name())); -+ status = NT_STATUS_INVALID_PARAMETER; -+ break; -+ } -+ - status = serverinfo_to_SamInfo6(server_info, pipe_session_key, 16, - r->out.validation->sam6); - break; --- -2.8.1 - - -From 70f12940ef563f83310d5c82cf0a3fc5876d98ac Mon Sep 17 00:00:00 2001 -From: Stefan Metzmacher metze@samba.org -Date: Sat, 12 Dec 2015 22:23:18 +0100 -Subject: [PATCH 03/15] CVE-2016-2111: s4:torture/rpc: fix rpc.samba3.netlogon - ntlmv2 test -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -The computer name of the NTLMv2 blob needs to match -the schannel connection. - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=11749 - -Signed-off-by: Stefan Metzmacher metze@samba.org -Reviewed-by: Günther Deschner gd@samba.org ---- - source4/torture/rpc/samba3rpc.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/source4/torture/rpc/samba3rpc.c b/source4/torture/rpc/samba3rpc.c -index 26bed19..d39cf55 100644 ---- a/source4/torture/rpc/samba3rpc.c -+++ b/source4/torture/rpc/samba3rpc.c -@@ -1122,8 +1122,8 @@ static bool schan(struct torture_context *tctx, - generate_random_buffer(chal.data, chal.length); - names_blob = NTLMv2_generate_names_blob( - mem_ctx, -- cli_credentials_get_workstation(user_creds), -- cli_credentials_get_domain(user_creds)); -+ cli_credentials_get_workstation(wks_creds), -+ cli_credentials_get_domain(wks_creds)); - status = cli_credentials_get_ntlm_response( - user_creds, mem_ctx, &flags, chal, names_blob, - &lm_resp, &nt_resp, NULL, NULL); --- -2.8.1 - - -From d8e061a1bcbb88ab6ba0f0dffbcac16a5e1db4f9 Mon Sep 17 00:00:00 2001 -From: Stefan Metzmacher metze@samba.org -Date: Tue, 23 Feb 2016 19:08:31 +0100 -Subject: [PATCH 04/15] CVE-2016-2111: libcli/auth: add - NTLMv2_RESPONSE_verify_netlogon_creds() helper function -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -This is the function that prevents spoofing like -Microsoft's CVE-2015-0005. - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=11749 - -Signed-off-by: Stefan Metzmacher metze@samba.org -Reviewed-by: Günther Deschner gd@samba.org ---- - libcli/auth/proto.h | 5 ++ - libcli/auth/smbencrypt.c | 142 +++++++++++++++++++++++++++++++++++++++++++++- - libcli/auth/wscript_build | 2 +- - source3/Makefile.in | 27 +++++---- - 4 files changed, 163 insertions(+), 13 deletions(-) - -diff --git a/libcli/auth/proto.h b/libcli/auth/proto.h -index 11b720df..558a6eb 100644 ---- a/libcli/auth/proto.h -+++ b/libcli/auth/proto.h -@@ -139,6 +139,11 @@ bool SMBNTLMv2encrypt(TALLOC_CTX *mem_ctx, - const DATA_BLOB *names_blob, - DATA_BLOB *lm_response, DATA_BLOB *nt_response, - DATA_BLOB *lm_session_key, DATA_BLOB *user_session_key) ; -+NTSTATUS NTLMv2_RESPONSE_verify_netlogon_creds(const char *account_name, -+ const char *account_domain, -+ const DATA_BLOB response, -+ const struct netlogon_creds_CredentialState *creds, -+ const char *workgroup); - - /*********************************************************** - encode a password buffer with a unicode password. The buffer -diff --git a/libcli/auth/smbencrypt.c b/libcli/auth/smbencrypt.c -index 8fe606e..7c3142c 100644 ---- a/libcli/auth/smbencrypt.c -+++ b/libcli/auth/smbencrypt.c -@@ -26,7 +26,7 @@ - #include "../libcli/auth/msrpc_parse.h" - #include "../lib/crypto/crypto.h" - #include "../libcli/auth/libcli_auth.h" --#include "../librpc/gen_ndr/ntlmssp.h" -+#include "../librpc/gen_ndr/ndr_ntlmssp.h" - - void SMBencrypt_hash(const uint8_t lm_hash[16], const uint8_t *c8, uint8_t p24[24]) - { -@@ -522,6 +522,146 @@ bool SMBNTLMv2encrypt(TALLOC_CTX *mem_ctx, - lm_response, nt_response, lm_session_key, user_session_key); - } - -+NTSTATUS NTLMv2_RESPONSE_verify_netlogon_creds(const char *account_name, -+ const char *account_domain, -+ const DATA_BLOB response, -+ const struct netlogon_creds_CredentialState *creds, -+ const char *workgroup) -+{ -+ TALLOC_CTX *frame = NULL; -+ /* RespType + HiRespType */ -+ static const char *magic = "\x01\x01"; -+ int cmp; -+ struct NTLMv2_RESPONSE v2_resp; -+ enum ndr_err_code err; -+ const struct AV_PAIR *av_nb_cn = NULL; -+ const struct AV_PAIR *av_nb_dn = NULL; -+ -+ if (response.length < 48) { -+ /* -+ * NTLMv2_RESPONSE has at least 48 bytes. -+ */ -+ return NT_STATUS_OK; -+ } -+ -+ cmp = memcmp(response.data + 16, magic, 2); -+ if (cmp != 0) { -+ /* -+ * It doesn't look like a valid NTLMv2_RESPONSE -+ */ -+ return NT_STATUS_OK; -+ } -+ -+ frame = talloc_stackframe(); -+ -+ err = ndr_pull_struct_blob(&response, frame, &v2_resp, -+ (ndr_pull_flags_fn_t)ndr_pull_NTLMv2_RESPONSE); -+ if (!NDR_ERR_CODE_IS_SUCCESS(err)) { -+ NTSTATUS status; -+ status = ndr_map_error2ntstatus(err); -+ DEBUG(2,("Failed to parse NTLMv2_RESPONSE " -+ "length %u - %s - %s\n", -+ (unsigned)response.length, -+ ndr_map_error2string(err), -+ nt_errstr(status))); -+ dump_data(2, response.data, response.length); -+ TALLOC_FREE(frame); -+ return status; -+ } -+ -+ if (DEBUGLVL(10)) { -+ NDR_PRINT_DEBUG(NTLMv2_RESPONSE, &v2_resp); -+ } -+ -+ /* -+ * Make sure the netbios computer name in the -+ * NTLMv2_RESPONSE matches the computer name -+ * in the secure channel credentials for workstation -+ * trusts. -+ * -+ * And the netbios domain name matches our -+ * workgroup. -+ * -+ * This prevents workstations from requesting -+ * the session key of NTLMSSP sessions of clients -+ * to other hosts. -+ */ -+ if (creds->secure_channel_type == SEC_CHAN_WKSTA) { -+ av_nb_cn = ndr_ntlmssp_find_av(&v2_resp.Challenge.AvPairs, -+ MsvAvNbComputerName); -+ av_nb_dn = ndr_ntlmssp_find_av(&v2_resp.Challenge.AvPairs, -+ MsvAvNbDomainName); -+ } -+ -+ if (av_nb_cn != NULL) { -+ const char *v = NULL; -+ char *a = NULL; -+ size_t len; -+ -+ v = av_nb_cn->Value.AvNbComputerName; -+ -+ a = talloc_strdup(frame, creds->account_name); -+ if (a == NULL) { -+ TALLOC_FREE(frame); -+ return NT_STATUS_NO_MEMORY; -+ } -+ len = strlen(a); -+ if (len > 0 && a[len - 1] == '$') { -+ a[len - 1] = '\0'; -+ } -+ -+#ifdef SAMBA4_INTERNAL_HEIMDAL /* smbtorture4 for make test */ -+ cmp = strcasecmp_m(a, v); -+#else /* smbd */ -+ cmp = StrCaseCmp(a, v); -+#endif -+ if (cmp != 0) { -+ DEBUG(2,("%s: NTLMv2_RESPONSE with " -+ "NbComputerName[%s] rejected " -+ "for user[%s\%s] " -+ "against SEC_CHAN_WKSTA[%s/%s] " -+ "in workgroup[%s]\n", -+ __func__, v, -+ account_domain, -+ account_name, -+ creds->computer_name, -+ creds->account_name, -+ workgroup)); -+ TALLOC_FREE(frame); -+ return NT_STATUS_LOGON_FAILURE; -+ } -+ } -+ if (av_nb_dn != NULL) { -+ const char *v = NULL; -+ -+ v = av_nb_dn->Value.AvNbDomainName; -+ -+#ifdef SAMBA4_INTERNAL_HEIMDAL /* smbtorture4 for make test */ -+ cmp = strcasecmp_m(workgroup, v); -+#else /* smbd */ -+ cmp = StrCaseCmp(workgroup, v); -+#endif -+ if (cmp != 0) { -+ DEBUG(2,("%s: NTLMv2_RESPONSE with " -+ "NbDomainName[%s] rejected " -+ "for user[%s\%s] " -+ "against SEC_CHAN_WKSTA[%s/%s] " -+ "in workgroup[%s]\n", -+ __func__, v, -+ account_domain, -+ account_name, -+ creds->computer_name, -+ creds->account_name, -+ workgroup)); -+ TALLOC_FREE(frame); -+ return NT_STATUS_LOGON_FAILURE; -+ } -+ } -+ -+ TALLOC_FREE(frame); -+ return NT_STATUS_OK; -+} -+ - /*********************************************************** - encode a password buffer with a unicode password. The buffer - is filled with random data to make it harder to attack. -diff --git a/libcli/auth/wscript_build b/libcli/auth/wscript_build -index 0f0e22b..dce6c80 100644 ---- a/libcli/auth/wscript_build -+++ b/libcli/auth/wscript_build -@@ -19,7 +19,7 @@ bld.SAMBA_SUBSYSTEM('MSRPC_PARSE', - - bld.SAMBA_SUBSYSTEM('LIBCLI_AUTH', - source='credentials.c session.c smbencrypt.c smbdes.c', -- public_deps='MSRPC_PARSE', -+ public_deps='MSRPC_PARSE NDR_NTLMSSP', - public_headers='credentials.h:domain_credentials.h' - ) - -diff --git a/source3/Makefile.in b/source3/Makefile.in -index 2668a6b..d562d17 100644 ---- a/source3/Makefile.in -+++ b/source3/Makefile.in -@@ -783,6 +783,7 @@ GROUPDB_OBJ = groupdb/mapping.o groupdb/mapping_tdb.o - PROFILE_OBJ = profile/profile.o - PROFILES_OBJ = utils/profiles.o \ - $(LIBSMB_ERR_OBJ) \ -+ $(LIBNDR_NTLMSSP_OBJ) \ - $(PARAM_OBJ) \ - $(LIB_OBJ) $(LIB_DUMMY_OBJ) \ - $(POPT_LIB_OBJ) \ -@@ -995,10 +996,10 @@ SWAT_OBJ = $(SWAT_OBJ1) $(PARAM_OBJ) $(PRINTING_OBJ) $(PRINTBASE_OBJ) $(LIBSMB_O - STATUS_OBJ = utils/status.o utils/status_profile.o \ - $(LOCKING_OBJ) $(PARAM_OBJ) \ - $(PROFILE_OBJ) $(LIB_NONSMBD_OBJ) $(POPT_LIB_OBJ) \ -- $(LIBSMB_ERR_OBJ) $(FNAME_UTIL_OBJ) -+ $(LIBSMB_ERR_OBJ) $(LIBNDR_NTLMSSP_OBJ) $(FNAME_UTIL_OBJ) - - SMBCONTROL_OBJ = utils/smbcontrol.o $(PARAM_OBJ) $(LIB_NONSMBD_OBJ) \ -- $(LIBSMB_ERR_OBJ) $(POPT_LIB_OBJ) $(PRINTBASE_OBJ) -+ $(LIBSMB_ERR_OBJ) $(LIBNDR_NTLMSSP_OBJ) $(POPT_LIB_OBJ) $(PRINTBASE_OBJ) - - SMBTREE_OBJ = utils/smbtree.o $(PARAM_OBJ) \ - $(PROFILE_OBJ) $(LIB_NONSMBD_OBJ) $(LIBSMB_OBJ) \ -@@ -1012,11 +1013,11 @@ SMBTREE_OBJ = utils/smbtree.o $(PARAM_OBJ) \ - - TESTPARM_OBJ = utils/testparm.o \ - $(PARAM_OBJ) $(LIB_NONSMBD_OBJ) $(POPT_LIB_OBJ) \ -- $(LIBSMB_ERR_OBJ) -+ $(LIBSMB_ERR_OBJ) $(LIBNDR_NTLMSSP_OBJ) - - SMBTA_UTIL_OBJ = utils/smbta-util.o $(PARAM_OBJ) $(POPT_LIB_OBJ) \ - $(LIB_NONSMBD_OBJ) \ -- $(LIBSMB_ERR_OBJ) $(FNAME_UTIL_OBJ) -+ $(LIBSMB_ERR_OBJ) $(LIBNDR_NTLMSSP_OBJ) $(FNAME_UTIL_OBJ) - - TEST_LP_LOAD_OBJ = param/test_lp_load.o \ - $(PARAM_OBJ) $(LIB_NONSMBD_OBJ) \ -@@ -1146,6 +1147,7 @@ SMBCONFTORT_OBJ = $(SMBCONFTORT_OBJ0) \ - $(LIB_NONSMBD_OBJ) \ - $(PARAM_OBJ) \ - $(LIBSMB_ERR_OBJ) \ -+ $(LIBNDR_NTLMSSP_OBJ) \ - $(POPT_LIB_OBJ) - - PTHREADPOOLTEST_OBJ = lib/pthreadpool/pthreadpool.o \ -@@ -1229,7 +1231,7 @@ CUPS_OBJ = client/smbspool.o $(PARAM_OBJ) $(LIBSMB_OBJ) \ - $(LIBNDR_GEN_OBJ0) - - NMBLOOKUP_OBJ = utils/nmblookup.o $(PARAM_OBJ) $(LIBNMB_OBJ) \ -- $(LIB_NONSMBD_OBJ) $(POPT_LIB_OBJ) $(LIBSMB_ERR_OBJ) -+ $(LIB_NONSMBD_OBJ) $(POPT_LIB_OBJ) $(LIBSMB_ERR_OBJ) $(LIBNDR_NTLMSSP_OBJ) - - SMBTORTURE_OBJ1 = torture/torture.o torture/nbio.o torture/scanner.o torture/utable.o \ - torture/denytest.o torture/mangle_test.o \ -@@ -1253,6 +1255,7 @@ MASKTEST_OBJ = torture/masktest.o $(PARAM_OBJ) $(LIBSMB_OBJ) $(KRBCLIENT_OBJ) \ - $(LIBNDR_GEN_OBJ0) - - MSGTEST_OBJ = torture/msgtest.o $(PARAM_OBJ) $(LIBSMB_ERR_OBJ) \ -+ $(LIBNDR_NTLMSSP_OBJ) \ - $(LIB_NONSMBD_OBJ) \ - $(LIBNDR_GEN_OBJ0) - -@@ -1269,7 +1272,7 @@ PDBTEST_OBJ = torture/pdbtest.o $(PARAM_OBJ) $(LIBSMB_OBJ) $(KRBCLIENT_OBJ) \ - - VFSTEST_OBJ = torture/cmd_vfs.o torture/vfstest.o $(SMBD_OBJ_BASE) $(READLINE_OBJ) - --SMBICONV_OBJ = $(PARAM_OBJ) torture/smbiconv.o $(LIB_NONSMBD_OBJ) $(POPT_LIB_OBJ) $(LIBSMB_ERR_OBJ) -+SMBICONV_OBJ = $(PARAM_OBJ) torture/smbiconv.o $(LIB_NONSMBD_OBJ) $(POPT_LIB_OBJ) $(LIBSMB_ERR_OBJ) $(LIBNDR_NTLMSSP_OBJ) - - LOG2PCAP_OBJ = utils/log2pcaphex.o - -@@ -1297,17 +1300,17 @@ SMBCQUOTAS_OBJ = utils/smbcquotas.o $(LIBSMB_OBJ) $(KRBCLIENT_OBJ) \ - EVTLOGADM_OBJ0 = utils/eventlogadm.o - - EVTLOGADM_OBJ = $(EVTLOGADM_OBJ0) $(PARAM_OBJ) $(LIB_NONSMBD_OBJ) \ -- $(LIBSMB_ERR_OBJ) $(LIB_EVENTLOG_OBJ) \ -+ $(LIBSMB_ERR_OBJ) $(LIBNDR_NTLMSSP_OBJ) $(LIB_EVENTLOG_OBJ) \ - librpc/gen_ndr/ndr_eventlog.o \ - librpc/gen_ndr/ndr_lsa.o - - SHARESEC_OBJ0 = utils/sharesec.o - SHARESEC_OBJ = $(SHARESEC_OBJ0) $(PARAM_OBJ) $(LIB_NONSMBD_OBJ) \ -- $(LIBSMB_ERR_OBJ) \ -+ $(LIBSMB_ERR_OBJ) $(LIBNDR_NTLMSSP_OBJ) \ - $(POPT_LIB_OBJ) - - TALLOCTORT_OBJ = @tallocdir@/testsuite.o @tallocdir@/testsuite_main.o \ -- $(PARAM_OBJ) $(LIB_NONSMBD_OBJ) $(LIBSMB_ERR_OBJ) -+ $(PARAM_OBJ) $(LIB_NONSMBD_OBJ) $(LIBSMB_ERR_OBJ) $(LIBNDR_NTLMSSP_OBJ) - - REPLACETORT_OBJ = @libreplacedir@/test/testsuite.o \ - @libreplacedir@/test/getifaddrs.o \ -@@ -1323,7 +1326,7 @@ SMBFILTER_OBJ = utils/smbfilter.o $(PARAM_OBJ) $(LIBSMB_OBJ) \ - $(LIBNDR_GEN_OBJ0) - - WINBIND_WINS_NSS_OBJ = ../nsswitch/wins.o $(PARAM_OBJ) \ -- $(LIB_NONSMBD_OBJ) $(LIBSMB_ERR_OBJ) $(LIBNMB_OBJ) -+ $(LIB_NONSMBD_OBJ) $(LIBSMB_ERR_OBJ) $(LIBNDR_NTLMSSP_OBJ) $(LIBNMB_OBJ) - - PAM_SMBPASS_OBJ_0 = pam_smbpass/pam_smb_auth.o pam_smbpass/pam_smb_passwd.o \ - pam_smbpass/pam_smb_acct.o pam_smbpass/support.o ../lib/util/asn1.o -@@ -1531,12 +1534,14 @@ RPC_OPEN_TCP_OBJ = torture/rpc_open_tcp.o \ - DBWRAP_TOOL_OBJ = utils/dbwrap_tool.o \ - $(PARAM_OBJ) \ - $(LIB_NONSMBD_OBJ) \ -- $(LIBSMB_ERR_OBJ) -+ $(LIBSMB_ERR_OBJ) \ -+ $(LIBNDR_NTLMSSP_OBJ) - - DBWRAP_TORTURE_OBJ = utils/dbwrap_torture.o \ - $(PARAM_OBJ) \ - $(LIB_NONSMBD_OBJ) \ - $(LIBSMB_ERR_OBJ) \ -+ $(LIBNDR_NTLMSSP_OBJ) \ - $(POPT_LIB_OBJ) - - SPLIT_TOKENS_OBJ = utils/split_tokens.o \ --- -2.8.1 - - -From d49e3329a639a570db8e99a13796713fb5a23616 Mon Sep 17 00:00:00 2001 -From: Stefan Metzmacher metze@samba.org -Date: Wed, 9 Dec 2015 13:12:43 +0100 -Subject: [PATCH 05/15] CVE-2016-2111: s3:rpc_server/netlogon: check - NTLMv2_RESPONSE values for SEC_CHAN_WKSTA -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -This prevents spoofing like Microsoft's CVE-2015-0005. - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=11749 - -Signed-off-by: Stefan Metzmacher metze@samba.org -Reviewed-by: Günther Deschner gd@samba.org ---- - source3/rpc_server/netlogon/srv_netlog_nt.c | 9 +++++++++ - 1 file changed, 9 insertions(+) - -diff --git a/source3/rpc_server/netlogon/srv_netlog_nt.c b/source3/rpc_server/netlogon/srv_netlog_nt.c -index 30e1bc0..a630b47 100644 ---- a/source3/rpc_server/netlogon/srv_netlog_nt.c -+++ b/source3/rpc_server/netlogon/srv_netlog_nt.c -@@ -1508,6 +1508,7 @@ static NTSTATUS _netr_LogonSamLogon_base(struct pipes_struct *p, - case NetlogonNetworkTransitiveInformation: - { - const char *wksname = nt_workstation; -+ const char *workgroup = lp_workgroup(); - - status = make_auth_context_fixed(talloc_tos(), &auth_context, - logon->network->challenge); -@@ -1532,6 +1533,14 @@ static NTSTATUS _netr_LogonSamLogon_base(struct pipes_struct *p, - logon->network->nt.length)) { - status = NT_STATUS_NO_MEMORY; - } -+ -+ if (NT_STATUS_IS_OK(status)) { -+ status = NTLMv2_RESPONSE_verify_netlogon_creds( -+ user_info->client.account_name, -+ user_info->client.domain_name, -+ user_info->password.response.nt, -+ creds, workgroup); -+ } - break; - } - case NetlogonInteractiveInformation: --- -2.8.1 - - -From bded435d42be34099d28db69258b1b5ef95ced48 Mon Sep 17 00:00:00 2001 -From: Stefan Metzmacher metze@samba.org -Date: Sat, 26 Mar 2016 22:24:23 +0100 -Subject: [PATCH 06/15] CVE-2016-2111: s4:torture/raw: don't use ntlmv2 for dos - connection in raw.samba3badpath - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=11749 - -Signed-off-by: Stefan Metzmacher metze@samba.org -Reviewed-by: Alexander Bokovoy ab@samba.org ---- - source4/torture/raw/samba3misc.c | 20 ++++++++++++-------- - 1 file changed, 12 insertions(+), 8 deletions(-) - -diff --git a/source4/torture/raw/samba3misc.c b/source4/torture/raw/samba3misc.c -index a603111..b99d40f 100644 ---- a/source4/torture/raw/samba3misc.c -+++ b/source4/torture/raw/samba3misc.c -@@ -340,6 +340,7 @@ bool torture_samba3_badpath(struct torture_context *torture) - bool ret = true; - TALLOC_CTX *mem_ctx; - bool nt_status_support; -+ bool client_ntlmv2_auth; - - if (!(mem_ctx = talloc_init("torture_samba3_badpath"))) { - d_printf("talloc_init failed\n"); -@@ -347,20 +348,17 @@ bool torture_samba3_badpath(struct torture_context *torture) - } - - nt_status_support = lpcfg_nt_status_support(torture->lp_ctx); -+ client_ntlmv2_auth = lpcfg_client_ntlmv2_auth(torture->lp_ctx); - -- if (!lpcfg_set_cmdline(torture->lp_ctx, "nt status support", "yes")) { -- printf("Could not set 'nt status support = yes'\n"); -- goto fail; -- } -+ torture_assert_goto(torture, lpcfg_set_cmdline(torture->lp_ctx, "nt status support", "yes"), ret, fail, "Could not set 'nt status support = yes'\n"); -+ torture_assert_goto(torture, lpcfg_set_cmdline(torture->lp_ctx, "client ntlmv2 auth", "yes"), ret, fail, "Could not set 'client ntlmv2 auth = yes'\n"); - - if (!torture_open_connection(&cli_nt, torture, 0)) { - goto fail; - } - -- if (!lpcfg_set_cmdline(torture->lp_ctx, "nt status support", "no")) { -- printf("Could not set 'nt status support = yes'\n"); -- goto fail; -- } -+ torture_assert_goto(torture, lpcfg_set_cmdline(torture->lp_ctx, "nt status support", "no"), ret, fail, "Could not set 'nt status support = no'\n"); -+ torture_assert_goto(torture, lpcfg_set_cmdline(torture->lp_ctx, "client ntlmv2 auth", "no"), ret, fail, "Could not set 'client ntlmv2 auth = no'\n"); - - if (!torture_open_connection(&cli_dos, torture, 1)) { - goto fail; -@@ -373,6 +371,12 @@ bool torture_samba3_badpath(struct torture_context *torture) - } - - smbcli_deltree(cli_nt->tree, dirname); -+ torture_assert_goto(torture, lpcfg_set_cmdline(torture->lp_ctx, "nt status support", -+ nt_status_support ? "yes":"no"), -+ ret, fail, "Could not set 'nt status support' back to where it was\n"); -+ torture_assert_goto(torture, lpcfg_set_cmdline(torture->lp_ctx, "client ntlmv2 auth", -+ client_ntlmv2_auth ? "yes":"no"), -+ ret, fail, "Could not set 'client ntlmv2 auth' back to where it was\n"); - - status = smbcli_mkdir(cli_nt->tree, dirname); - if (!NT_STATUS_IS_OK(status)) { --- -2.8.1 - - -From 12c908158213b1b82aca5c4485961da89299b6cf Mon Sep 17 00:00:00 2001 -From: Stefan Metzmacher metze@samba.org -Date: Sat, 26 Mar 2016 22:24:23 +0100 -Subject: [PATCH 07/15] CVE-2016-2111: s4:torture/base: don't use ntlmv2 for - dos connection in base.samba3error - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=11749 - -Signed-off-by: Stefan Metzmacher metze@samba.org -Reviewed-by: Alexander Bokovoy ab@samba.org ---- - source4/torture/basic/base.c | 19 +++++++++++++++++-- - 1 file changed, 17 insertions(+), 2 deletions(-) - -diff --git a/source4/torture/basic/base.c b/source4/torture/basic/base.c -index d7bac45..7f74bb9 100644 ---- a/source4/torture/basic/base.c -+++ b/source4/torture/basic/base.c -@@ -1476,6 +1476,7 @@ static bool torture_chkpath_test(struct torture_context *tctx, - static bool torture_samba3_errorpaths(struct torture_context *tctx) - { - bool nt_status_support; -+ bool client_ntlmv2_auth; - struct smbcli_state *cli_nt = NULL, *cli_dos = NULL; - bool result = false; - int fnum; -@@ -1485,18 +1486,27 @@ static bool torture_samba3_errorpaths(struct torture_context *tctx) - NTSTATUS status; - - nt_status_support = lpcfg_nt_status_support(tctx->lp_ctx); -+ client_ntlmv2_auth = lpcfg_client_ntlmv2_auth(tctx->lp_ctx); - - if (!lpcfg_set_cmdline(tctx->lp_ctx, "nt status support", "yes")) { - torture_comment(tctx, "Could not set 'nt status support = yes'\n"); - goto fail; - } -+ if (!lpcfg_set_cmdline(tctx->lp_ctx, "client ntlmv2 auth", "yes")) { -+ torture_result(tctx, TORTURE_FAIL, "Could not set 'client ntlmv2 auth = yes'\n"); -+ goto fail; -+ } - - if (!torture_open_connection(&cli_nt, tctx, 0)) { - goto fail; - } - - if (!lpcfg_set_cmdline(tctx->lp_ctx, "nt status support", "no")) { -- torture_comment(tctx, "Could not set 'nt status support = yes'\n"); -+ torture_result(tctx, TORTURE_FAIL, "Could not set 'nt status support = no'\n"); -+ goto fail; -+ } -+ if (!lpcfg_set_cmdline(tctx->lp_ctx, "client ntlmv2 auth", "no")) { -+ torture_result(tctx, TORTURE_FAIL, "Could not set 'client ntlmv2 auth = no'\n"); - goto fail; - } - -@@ -1506,7 +1516,12 @@ static bool torture_samba3_errorpaths(struct torture_context *tctx) - - if (!lpcfg_set_cmdline(tctx->lp_ctx, "nt status support", - nt_status_support ? "yes":"no")) { -- torture_comment(tctx, "Could not reset 'nt status support = yes'"); -+ torture_result(tctx, TORTURE_FAIL, "Could not reset 'nt status support'"); -+ goto fail; -+ } -+ if (!lpcfg_set_cmdline(tctx->lp_ctx, "client ntlmv2 auth", -+ client_ntlmv2_auth ? "yes":"no")) { -+ torture_result(tctx, TORTURE_FAIL, "Could not reset 'client ntlmv2 auth'"); - goto fail; - } - --- -2.8.1 - - -From 0b659fd0d7b684244c9791e01cc1370c0696e3f7 Mon Sep 17 00:00:00 2001 -From: Stefan Metzmacher metze@samba.org -Date: Sat, 26 Mar 2016 18:08:16 +0100 -Subject: [PATCH 08/15] CVE-2016-2111: s3:libsmb: don't send a raw NTLMv2 - response when we want to use spnego - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=11749 - -Signed-off-by: Stefan Metzmacher metze@samba.org -Reviewed-by: Alexander Bokovoy ab@samba.org ---- - source3/libsmb/cliconnect.c | 11 +++++++++++ - 1 file changed, 11 insertions(+) - -diff --git a/source3/libsmb/cliconnect.c b/source3/libsmb/cliconnect.c -index 8653ba7..4c0abdf 100644 ---- a/source3/libsmb/cliconnect.c -+++ b/source3/libsmb/cliconnect.c -@@ -2077,6 +2077,17 @@ NTSTATUS cli_session_setup(struct cli_state *cli, - NTSTATUS status; - - /* otherwise do a NT1 style session setup */ -+ if (lp_client_ntlmv2_auth() && lp_client_use_spnego()) { -+ /* -+ * Don't send an NTLMv2 response without NTLMSSP -+ * if we want to use spnego support -+ */ -+ DEBUG(1, ("Server does not support EXTENDED_SECURITY " -+ " but 'client use spnego = yes" -+ " and 'client ntlmv2 auth = yes'\n")); -+ return NT_STATUS_ACCESS_DENIED; -+ } -+ - status = cli_session_setup_nt1(cli, user, pass, passlen, - ntpass, ntpasslen, workgroup); - if (!NT_STATUS_IS_OK(status)) { --- -2.8.1 - - -From 5ed1b3a84a1e3d9707a788a89698aa28769a79be Mon Sep 17 00:00:00 2001 -From: Stefan Metzmacher metze@samba.org -Date: Sun, 27 Mar 2016 01:09:05 +0100 -Subject: [PATCH 09/15] CVE-2016-2111: docs-xml: document the new "client - NTLMv2 auth" and "client use spnego" interaction - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=11749 - -Signed-off-by: Stefan Metzmacher metze@samba.org -Reviewed-by: Alexander Bokovoy ab@samba.org ---- - docs-xml/smbdotconf/protocol/clientusespnego.xml | 5 +++++ - docs-xml/smbdotconf/security/clientntlmv2auth.xml | 5 +++++ - 2 files changed, 10 insertions(+) - -diff --git a/docs-xml/smbdotconf/protocol/clientusespnego.xml b/docs-xml/smbdotconf/protocol/clientusespnego.xml -index c688a65..e538745 100644 ---- a/docs-xml/smbdotconf/protocol/clientusespnego.xml -+++ b/docs-xml/smbdotconf/protocol/clientusespnego.xml -@@ -9,6 +9,11 @@ - supporting servers (including WindowsXP, Windows2000 and Samba - 3.0) to agree upon an authentication - mechanism. This enables Kerberos authentication in particular.</para> -+ -+ <para>When <smbconfoption name="client NTLMv2 auth"/> is also set to -+ <constant>yes</constant> extended security (SPNEGO) is required -+ in order to use NTLMv2 only within NTLMSSP. This behavior was -+ introduced with the patches for CVE-2016-2111.</para> - </description> - - <value type="default">yes</value> -diff --git a/docs-xml/smbdotconf/security/clientntlmv2auth.xml b/docs-xml/smbdotconf/security/clientntlmv2auth.xml -index b151df2..1b6d887 100644 ---- a/docs-xml/smbdotconf/security/clientntlmv2auth.xml -+++ b/docs-xml/smbdotconf/security/clientntlmv2auth.xml -@@ -28,6 +28,11 @@ - NTLMv2 by default, and some sites (particularly those following - 'best practice' security polices) only allow NTLMv2 responses, and - not the weaker LM or NTLM.</para> -+ -+ <para>When <smbconfoption name="client use spnego"/> is also set to -+ <constant>yes</constant> extended security (SPNEGO) is required -+ in order to use NTLMv2 only within NTLMSSP. This behavior was -+ introduced with the patches for CVE-2016-2111.</para> - </description> - <value type="default">yes</value> - </samba:parameter> --- -2.8.1 - - -From 8ac4cd75a89732938b1e3161a884f9d5df68ffaf Mon Sep 17 00:00:00 2001 -From: Stefan Metzmacher metze@samba.org -Date: Tue, 15 Mar 2016 21:02:34 +0100 -Subject: [PATCH 10/15] CVE-2016-2111: docs-xml: add "raw NTLMv2 auth" - defaulting to "yes" -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=11749 - -Signed-off-by: Stefan Metzmacher metze@samba.org -Reviewed-by: Günther Deschner gd@samba.org ---- - docs-xml/smbdotconf/security/rawntlmv2auth.xml | 20 ++++++++++++++++++++ - source3/include/proto.h | 1 + - source3/param/loadparm.c | 3 +++ - 3 files changed, 24 insertions(+) - create mode 100644 docs-xml/smbdotconf/security/rawntlmv2auth.xml - -diff --git a/docs-xml/smbdotconf/security/rawntlmv2auth.xml b/docs-xml/smbdotconf/security/rawntlmv2auth.xml -new file mode 100644 -index 0000000..ef26297 ---- /dev/null -+++ b/docs-xml/smbdotconf/security/rawntlmv2auth.xml -@@ -0,0 +1,20 @@ -+<samba:parameter name="raw NTLMv2 auth" -+ context="G" -+ type="boolean" -+ xmlns:samba="http://www.samba.org/samba/DTD/samba-doc%22%3E -+<description> -+ <para>This parameter determines whether or not <citerefentry><refentrytitle>smbd</refentrytitle> -+ <manvolnum>8</manvolnum></citerefentry> will allow SMB1 clients without -+ extended security (without SPNEGO) to use NTLMv2 authentication.</para> -+ -+ <para>If this option, <command moreinfo="none">lanman auth</command> -+ and <command moreinfo="none">ntlm auth</command> are all disabled, -+ then only clients with SPNEGO support will be permitted. -+ That means NTLMv2 is only supported within NTLMSSP.</para> -+ -+ <para>Note that the default will change to "no" with Samba 4.5.</para> -+</description> -+ -+<value type="default">yes</value> -+<value type="example">no</value> -+</samba:parameter> -diff --git a/source3/include/proto.h b/source3/include/proto.h -index 8491d54..32b4e3d 100644 ---- a/source3/include/proto.h -+++ b/source3/include/proto.h -@@ -1489,6 +1489,7 @@ bool lp_map_untrusted_to_domain(void); - int lp_restrict_anonymous(void); - bool lp_lanman_auth(void); - bool lp_ntlm_auth(void); -+bool lp_raw_ntlmv2_auth(void); - bool lp_client_plaintext_auth(void); - bool lp_client_lanman_auth(void); - bool lp_client_ntlmv2_auth(void); -diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c -index 753252a..42ddcf5 100644 ---- a/source3/param/loadparm.c -+++ b/source3/param/loadparm.c -@@ -336,6 +336,7 @@ struct global { - bool bAllowTrustedDomains; - bool bLanmanAuth; - bool bNTLMAuth; -+ bool bRawNTLMv2Auth; - bool bUseSpnego; - bool bClientLanManAuth; - bool bClientNTLMv2Auth; -@@ -5337,6 +5338,7 @@ static void init_globals(bool reinit_globals) - Globals.bClientPlaintextAuth = False; /* Do NOT use a plaintext password even if is requested by the server */ - Globals.bLanmanAuth = False; /* Do NOT use the LanMan hash, even if it is supplied */ - Globals.bNTLMAuth = True; /* Do use NTLMv1 if it is supplied by the client (otherwise NTLMv2) */ -+ Globals.bRawNTLMv2Auth = true; /* Allow NTLMv2 without NTLMSSP */ - Globals.bClientNTLMv2Auth = True; /* Client should always use use NTLMv2, as we can't tell that the server supports it, but most modern servers do */ - /* Note, that we will also use NTLM2 session security (which is different), if it is available */ - -@@ -5819,6 +5821,7 @@ FN_GLOBAL_BOOL(lp_map_untrusted_to_domain, &Globals.bMapUntrustedToDomain) - FN_GLOBAL_INTEGER(lp_restrict_anonymous, &Globals.restrict_anonymous) - FN_GLOBAL_BOOL(lp_lanman_auth, &Globals.bLanmanAuth) - FN_GLOBAL_BOOL(lp_ntlm_auth, &Globals.bNTLMAuth) -+FN_GLOBAL_BOOL(lp_raw_ntlmv2_auth, &Globals.bRawNTLMv2Auth) - FN_GLOBAL_BOOL(lp_client_plaintext_auth, &Globals.bClientPlaintextAuth) - FN_GLOBAL_BOOL(lp_client_lanman_auth, &Globals.bClientLanManAuth) - FN_GLOBAL_BOOL(lp_client_ntlmv2_auth, &Globals.bClientNTLMv2Auth) --- -2.8.1 - - -From de2ba16834dece138d8c0761cc3c834da42dfd33 Mon Sep 17 00:00:00 2001 -From: Stefan Metzmacher metze@samba.org -Date: Tue, 15 Mar 2016 21:02:34 +0100 -Subject: [PATCH 11/15] CVE-2016-2111(<=4.3): loadparm: add "raw NTLMv2 auth" - to param_table -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=11749 - -Signed-off-by: Stefan Metzmacher metze@samba.org -Reviewed-by: Günther Deschner gd@samba.org -Reviewed-by: Ralph Boehme slow@samba.org ---- - source3/param/loadparm.c | 9 +++++++++ - 1 file changed, 9 insertions(+) - -diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c -index 42ddcf5..f806788 100644 ---- a/source3/param/loadparm.c -+++ b/source3/param/loadparm.c -@@ -1384,6 +1384,15 @@ static struct parm_struct parm_table[] = { - .flags = FLAG_ADVANCED, - }, - { -+ .label = "raw NTLMv2 auth", -+ .type = P_BOOL, -+ .p_class = P_GLOBAL, -+ .ptr = &Globals.bRawNTLMv2Auth, -+ .special = NULL, -+ .enum_list = NULL, -+ .flags = FLAG_ADVANCED, -+ }, -+ { - .label = "client NTLMv2 auth", - .type = P_BOOL, - .p_class = P_GLOBAL, --- -2.8.1 - - -From 094fb71d1dda38894be501674c7ec3e4ec03078e Mon Sep 17 00:00:00 2001 -From: Stefan Metzmacher metze@samba.org -Date: Tue, 1 Mar 2016 10:25:54 +0100 -Subject: [PATCH 12/15] CVE-2016-2111: s3:auth: implement "raw NTLMv2 auth" - checks -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=11749 - -Signed-off-by: Stefan Metzmacher metze@samba.org -Reviewed-by: Günther Deschner gd@samba.org ---- - source3/auth/auth_util.c | 14 ++++++++++++++ - 1 file changed, 14 insertions(+) - -diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c -index 288f461..98bbbef 100644 ---- a/source3/auth/auth_util.c -+++ b/source3/auth/auth_util.c -@@ -30,6 +30,7 @@ - #include "../lib/util/util_pw.h" - #include "lib/winbind_util.h" - #include "passdb.h" -+#include "../lib/tsocket/tsocket.h" - - #undef DBGC_CLASS - #define DBGC_CLASS DBGC_AUTH -@@ -367,6 +368,19 @@ NTSTATUS make_user_info_for_reply_enc(struct auth_usersupplied_info **user_info, - const char *client_domain, - DATA_BLOB lm_resp, DATA_BLOB nt_resp) - { -+ bool allow_raw = lp_raw_ntlmv2_auth(); -+ -+ if (!allow_raw && nt_resp.length >= 48) { -+ /* -+ * NTLMv2_RESPONSE has at least 48 bytes -+ * and should only be supported via NTLMSSP. -+ */ -+ DEBUG(2,("Rejecting raw NTLMv2 authentication with " -+ "user [%s\%s]\n", -+ client_domain, smb_name)); -+ return NT_STATUS_INVALID_PARAMETER; -+ } -+ - return make_user_info_map(user_info, smb_name, - client_domain, - get_remote_machine_name(), --- -2.8.1 - - -From a2ef1fb0cf0b83a2799b95795d31b8fb03da11bb Mon Sep 17 00:00:00 2001 -From: Stefan Metzmacher metze@samba.org -Date: Sat, 26 Mar 2016 22:08:38 +0100 -Subject: [PATCH 13/15] CVE-2016-2111: selftest:Samba3: use "raw NTLMv2 auth = - yes" for s3dc - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=11749 - -Signed-off-by: Stefan Metzmacher metze@samba.org -Reviewed-by: Alexander Bokovoy ab@samba.org ---- - selftest/target/Samba3.pm | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/selftest/target/Samba3.pm b/selftest/target/Samba3.pm -index 01a1c47..ee3696e 100644 ---- a/selftest/target/Samba3.pm -+++ b/selftest/target/Samba3.pm -@@ -127,6 +127,7 @@ sub setup_dc($$) - domain master = yes - domain logons = yes - lanman auth = yes -+ raw NTLMv2 auth = yes - "; - - my $vars = $self->provision($path, --- -2.8.1 - - -From 74da0e00f3b817dd20d6429f7ba7748f66b9b6a4 Mon Sep 17 00:00:00 2001 -From: Stefan Metzmacher metze@samba.org -Date: Tue, 15 Mar 2016 21:59:42 +0100 -Subject: [PATCH 14/15] CVE-2016-2111: docs-xml/smbdotconf: default "raw NTLMv2 - auth" to "no" - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=11749 - -Signed-off-by: Stefan Metzmacher metze@samba.org -Reviewed-by: Alexander Bokovoy ab@samba.org ---- - docs-xml/smbdotconf/security/rawntlmv2auth.xml | 7 +++---- - source3/param/loadparm.c | 2 +- - 2 files changed, 4 insertions(+), 5 deletions(-) - -diff --git a/docs-xml/smbdotconf/security/rawntlmv2auth.xml b/docs-xml/smbdotconf/security/rawntlmv2auth.xml -index ef26297..30e7280 100644 ---- a/docs-xml/smbdotconf/security/rawntlmv2auth.xml -+++ b/docs-xml/smbdotconf/security/rawntlmv2auth.xml -@@ -11,10 +11,9 @@ - and <command moreinfo="none">ntlm auth</command> are all disabled, - then only clients with SPNEGO support will be permitted. - That means NTLMv2 is only supported within NTLMSSP.</para> -- -- <para>Note that the default will change to "no" with Samba 4.5.</para> - </description> - --<value type="default">yes</value> --<value type="example">no</value> -+<related>lanman auth</related> -+<related>ntlm auth</related> -+<value type="default">no</value> - </samba:parameter> -diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c -index f806788..7065cf6 100644 ---- a/source3/param/loadparm.c -+++ b/source3/param/loadparm.c -@@ -5347,7 +5347,7 @@ static void init_globals(bool reinit_globals) - Globals.bClientPlaintextAuth = False; /* Do NOT use a plaintext password even if is requested by the server */ - Globals.bLanmanAuth = False; /* Do NOT use the LanMan hash, even if it is supplied */ - Globals.bNTLMAuth = True; /* Do use NTLMv1 if it is supplied by the client (otherwise NTLMv2) */ -- Globals.bRawNTLMv2Auth = true; /* Allow NTLMv2 without NTLMSSP */ -+ Globals.bRawNTLMv2Auth = false; /* Allow NTLMv2 without NTLMSSP */ - Globals.bClientNTLMv2Auth = True; /* Client should always use use NTLMv2, as we can't tell that the server supports it, but most modern servers do */ - /* Note, that we will also use NTLM2 session security (which is different), if it is available */ - --- -2.8.1 - - -From 44530ad870745f8d649aff9cc18480aaeeccf01a Mon Sep 17 00:00:00 2001 -From: Andreas Schneider asn@samba.org -Date: Mon, 4 Apr 2016 16:44:39 +0200 -Subject: [PATCH 15/15] CVE-2016-2111: s3:selftest: Disable client ntlmv2 auth - for secserver - -The client connects with ntlmv1 to the secserver (server with -security = share). So the secserver needs to allow to connect with -NTLMv1 to the password server to verify the user or it will fail. - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=11749 - -Signed-off-by: Andreas Schneider asn@samba.org ---- - selftest/target/Samba3.pm | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/selftest/target/Samba3.pm b/selftest/target/Samba3.pm -index ee3696e..7326b22 100644 ---- a/selftest/target/Samba3.pm -+++ b/selftest/target/Samba3.pm -@@ -231,6 +231,7 @@ sub setup_secserver($$$) - my $secserver_options = " - security = server - password server = $s3dcvars->{SERVER_IP} -+ client ntlmv2 auth = no - "; - - my $ret = $self->provision($prefix, --- -2.8.1 - diff --git a/src/patches/samba/CVE-2016-2112-v3-6.patch b/src/patches/samba/CVE-2016-2112-v3-6.patch deleted file mode 100644 index 57c6f680a..000000000 --- a/src/patches/samba/CVE-2016-2112-v3-6.patch +++ /dev/null @@ -1,184 +0,0 @@ -From 126e3e992bed7174d60ee19212db9b717647ab2e Mon Sep 17 00:00:00 2001 -From: Andreas Schneider asn@cryptomilk.org -Date: Wed, 30 Mar 2016 16:55:44 +0200 -Subject: [PATCH 1/3] CVE-2016-2112: s3:ntlmssp: Implement missing - ntlmssp_have_feature() - -Signed-off-by: Andreas Schneider asn@samba.org ---- - source3/include/proto.h | 1 + - source3/libsmb/ntlmssp.c | 30 ++++++++++++++++++++++++++++++ - 2 files changed, 31 insertions(+) - -diff --git a/source3/include/proto.h b/source3/include/proto.h -index 32b4e3d..43008ea 100644 ---- a/source3/include/proto.h -+++ b/source3/include/proto.h -@@ -1260,6 +1260,7 @@ NTSTATUS ntlmssp_set_password(struct ntlmssp_state *ntlmssp_state, const char *p - NTSTATUS ntlmssp_set_domain(struct ntlmssp_state *ntlmssp_state, const char *domain) ; - void ntlmssp_want_feature_list(struct ntlmssp_state *ntlmssp_state, char *feature_list); - void ntlmssp_want_feature(struct ntlmssp_state *ntlmssp_state, uint32_t feature); -+bool ntlmssp_have_feature(struct ntlmssp_state *ntlmssp_state, uint32_t feature); - NTSTATUS ntlmssp_update(struct ntlmssp_state *ntlmssp_state, - const DATA_BLOB in, DATA_BLOB *out) ; - NTSTATUS ntlmssp_server_start(TALLOC_CTX *mem_ctx, -diff --git a/source3/libsmb/ntlmssp.c b/source3/libsmb/ntlmssp.c -index 045dc87..7e58990 100644 ---- a/source3/libsmb/ntlmssp.c -+++ b/source3/libsmb/ntlmssp.c -@@ -162,6 +162,36 @@ NTSTATUS ntlmssp_set_domain(struct ntlmssp_state *ntlmssp_state, const char *dom - return NT_STATUS_OK; - } - -+bool ntlmssp_have_feature(struct ntlmssp_state *ntlmssp_state, -+ uint32_t feature) -+{ -+ if (feature & NTLMSSP_FEATURE_SIGN) { -+ if (ntlmssp_state->session_key.length == 0) { -+ return false; -+ } -+ if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_SIGN) { -+ return true; -+ } -+ } -+ -+ if (feature & NTLMSSP_FEATURE_SEAL) { -+ if (ntlmssp_state->session_key.length == 0) { -+ return false; -+ } -+ if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_SEAL) { -+ return true; -+ } -+ } -+ -+ if (feature & NTLMSSP_FEATURE_SESSION_KEY) { -+ if (ntlmssp_state->session_key.length > 0) { -+ return true; -+ } -+ } -+ -+ return false; -+} -+ - /** - * Request features for the NTLMSSP negotiation - * --- -2.8.1 - - -From 15338742e0c7304aeecce0e8368f0dad85e8075b Mon Sep 17 00:00:00 2001 -From: Ralph Boehme slow@samba.org -Date: Thu, 24 Mar 2016 16:22:36 +0100 -Subject: [PATCH 2/3] CVE-2016-2112: s3:libads: make sure we detect downgrade - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=11644 - -Pair-programmed-with: Ralph Boehme slow@samba.org - -Signed-off-by: Stefan Metzmacher metze@samba.org -Signed-off-by: Ralph Boehme slow@samba.org ---- - source3/libads/sasl.c | 31 +++++++++++++++++++++++++++++++ - 1 file changed, 31 insertions(+) - -diff --git a/source3/libads/sasl.c b/source3/libads/sasl.c -index e7daa8a..6690f83 100644 ---- a/source3/libads/sasl.c -+++ b/source3/libads/sasl.c -@@ -261,6 +261,37 @@ static ADS_STATUS ads_sasl_spnego_ntlmssp_bind(ADS_STRUCT *ads) - /* we have a reference conter on ntlmssp_state, if we are signing - then the state will be kept by the signing engine */ - -+ if (ads->ldap.wrap_type >= ADS_SASLWRAP_TYPE_SEAL) { -+ bool ok; -+ -+ ok = ntlmssp_have_feature(ntlmssp_state, -+ NTLMSSP_FEATURE_SEAL); -+ if (!ok) { -+ DEBUG(0,("The ntlmssp feature sealing request, but unavailable\n")); -+ TALLOC_FREE(ntlmssp_state); -+ return ADS_ERROR_NT(NT_STATUS_INVALID_NETWORK_RESPONSE); -+ } -+ -+ ok = ntlmssp_have_feature(ntlmssp_state, -+ NTLMSSP_FEATURE_SIGN); -+ if (!ok) { -+ DEBUG(0,("The ntlmssp feature signing request, but unavailable\n")); -+ TALLOC_FREE(ntlmssp_state); -+ return ADS_ERROR_NT(NT_STATUS_INVALID_NETWORK_RESPONSE); -+ } -+ -+ } else if (ads->ldap.wrap_type >= ADS_SASLWRAP_TYPE_SIGN) { -+ bool ok; -+ -+ ok = ntlmssp_have_feature(ntlmssp_state, -+ NTLMSSP_FEATURE_SIGN); -+ if (!ok) { -+ DEBUG(0,("The gensec feature signing request, but unavailable\n")); -+ TALLOC_FREE(ntlmssp_state); -+ return ADS_ERROR_NT(NT_STATUS_INVALID_NETWORK_RESPONSE); -+ } -+ } -+ - if (ads->ldap.wrap_type > ADS_SASLWRAP_TYPE_PLAIN) { - ads->ldap.out.max_unwrapped = ADS_SASL_WRAPPING_OUT_MAX_WRAPPED - NTLMSSP_SIG_SIZE; - ads->ldap.out.sig_size = NTLMSSP_SIG_SIZE; --- -2.8.1 - - -From b020ae88f9024bcc868ed2d85879d14901db32e5 Mon Sep 17 00:00:00 2001 -From: Andrew Bartlett abartlet@samba.org -Date: Fri, 5 Sep 2014 17:38:38 +1200 -Subject: [PATCH 3/3] CVE-2016-2112: winbindd: Change value of "ldap sasl - wrapping" to sign - -This is to disrupt MITM attacks between us and our DC - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=11644 - -Pair-programmed-with: Garming Sam garming@catalyst.net.nz -Signed-off-by: Garming Sam garming@catalyst.net.nz -Signed-off-by: Andrew Bartlett abartlet@samba.org -(backported from commit afe02d12f444ad9a6abf31a61f578320520263a9) ---- - docs-xml/smbdotconf/ldap/clientldapsaslwrapping.xml | 8 +++----- - source3/param/loadparm.c | 2 ++ - 2 files changed, 5 insertions(+), 5 deletions(-) - -diff --git a/docs-xml/smbdotconf/ldap/clientldapsaslwrapping.xml b/docs-xml/smbdotconf/ldap/clientldapsaslwrapping.xml -index a926cec..a7c4395 100644 ---- a/docs-xml/smbdotconf/ldap/clientldapsaslwrapping.xml -+++ b/docs-xml/smbdotconf/ldap/clientldapsaslwrapping.xml -@@ -34,11 +34,9 @@ - </para> - - <para> -- The default value is <emphasis>plain</emphasis> which is not irritable -- to KRB5 clock skew errors. That implies synchronizing the time -- with the KDC in the case of using <emphasis>sign</emphasis> or -- <emphasis>seal</emphasis>. -+ The default value is <emphasis>sign</emphasis>. That implies synchronizing the time -+ with the KDC in the case of using <emphasis>Kerberos</emphasis>. - </para> - </description> --<value type="default">plain</value> -+<value type="default">sign</value> - </samba:parameter> -diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c -index 7065cf6..c5249b7 100644 ---- a/source3/param/loadparm.c -+++ b/source3/param/loadparm.c -@@ -5392,6 +5392,8 @@ static void init_globals(bool reinit_globals) - Globals.ldap_debug_level = 0; - Globals.ldap_debug_threshold = 10; - -+ Globals.client_ldap_sasl_wrapping = ADS_AUTH_SASL_SIGN; -+ - /* This is what we tell the afs client. in reality we set the token - * to never expire, though, when this runs out the afs client will - * forget the token. Set to 0 to get NEVERDATE.*/ --- -2.8.1 - diff --git a/src/patches/samba/CVE-2016-2115-v3-6.patch b/src/patches/samba/CVE-2016-2115-v3-6.patch deleted file mode 100644 index 6167d35a3..000000000 --- a/src/patches/samba/CVE-2016-2115-v3-6.patch +++ /dev/null @@ -1,359 +0,0 @@ -From 513bd34e4523e49e742487be32a7239111486a12 Mon Sep 17 00:00:00 2001 -From: Stefan Metzmacher metze@samba.org -Date: Sat, 27 Feb 2016 03:43:58 +0100 -Subject: [PATCH 1/4] CVE-2016-2115: docs-xml: add "client ipc signing" option - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=11756 - -Signed-off-by: Stefan Metzmacher metze@samba.org -Reviewed-by: Ralph Boehme slow@samba.org ---- - docs-xml/smbdotconf/security/clientipcsigning.xml | 23 +++++++++++++++++++++++ - docs-xml/smbdotconf/security/clientsigning.xml | 3 +++ - source3/include/proto.h | 1 + - source3/param/loadparm.c | 12 ++++++++++++ - 4 files changed, 39 insertions(+) - create mode 100644 docs-xml/smbdotconf/security/clientipcsigning.xml - -diff --git a/docs-xml/smbdotconf/security/clientipcsigning.xml b/docs-xml/smbdotconf/security/clientipcsigning.xml -new file mode 100644 -index 0000000..1897fc6 ---- /dev/null -+++ b/docs-xml/smbdotconf/security/clientipcsigning.xml -@@ -0,0 +1,23 @@ -+<samba:parameter name="client ipc signing" -+ context="G" -+ type="enum" -+ enumlist="enum_smb_signing_vals" -+ xmlns:samba="http://www.samba.org/samba/DTD/samba-doc%22%3E -+<description> -+ <para>This controls whether the client is allowed or required to use SMB signing for IPC$ -+ connections as DCERPC transport inside of winbind. Possible values -+ are <emphasis>auto</emphasis>, <emphasis>mandatory</emphasis> -+ and <emphasis>disabled</emphasis>. -+ </para> -+ -+ <para>When set to auto, SMB signing is offered, but not enforced and if set -+ to disabled, SMB signing is not offered either.</para> -+ -+ <para>Connections from winbindd to Active Directory Domain Controllers -+ always enforce signing.</para> -+</description> -+ -+<related>client signing</related> -+ -+<value type="default">mandatory</value> -+</samba:parameter> -diff --git a/docs-xml/smbdotconf/security/clientsigning.xml b/docs-xml/smbdotconf/security/clientsigning.xml -index c657e05..189a7ae 100644 ---- a/docs-xml/smbdotconf/security/clientsigning.xml -+++ b/docs-xml/smbdotconf/security/clientsigning.xml -@@ -12,6 +12,9 @@ - <para>When set to auto, SMB signing is offered, but not enforced. - When set to mandatory, SMB signing is required and if set - to disabled, SMB signing is not offered either. -+ -+ <para>IPC$ connections for DCERPC e.g. in winbindd, are handled by the -+ <smbconfoption name="client ipc signing"/> option.</para> - </para> - </description> - -diff --git a/source3/include/proto.h b/source3/include/proto.h -index 43008ea..af950aa 100644 ---- a/source3/include/proto.h -+++ b/source3/include/proto.h -@@ -1693,6 +1693,7 @@ const char **lp_winbind_nss_info(void); - int lp_algorithmic_rid_base(void); - int lp_name_cache_timeout(void); - int lp_client_signing(void); -+int lp_client_ipc_signing(void); - int lp_server_signing(void); - int lp_client_ldap_sasl_wrapping(void); - char *lp_parm_talloc_string(int snum, const char *type, const char *option, const char *def); -diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c -index c5249b7..a612e5a3 100644 ---- a/source3/param/loadparm.c -+++ b/source3/param/loadparm.c -@@ -366,6 +366,7 @@ struct global { - int restrict_anonymous; - int name_cache_timeout; - int client_signing; -+ int client_ipc_signing; - int server_signing; - int client_ldap_sasl_wrapping; - int iUsershareMaxShares; -@@ -2319,6 +2320,15 @@ static struct parm_struct parm_table[] = { - .flags = FLAG_ADVANCED, - }, - { -+ .label = "client ipc signing", -+ .type = P_ENUM, -+ .p_class = P_GLOBAL, -+ .ptr = &Globals.client_ipc_signing, -+ .special = NULL, -+ .enum_list = enum_smb_signing_vals, -+ .flags = FLAG_ADVANCED, -+ }, -+ { - .label = "server signing", - .type = P_ENUM, - .p_class = P_GLOBAL, -@@ -5470,6 +5480,7 @@ static void init_globals(bool reinit_globals) - Globals.bClientUseSpnego = True; - - Globals.client_signing = Auto; -+ Globals.client_ipc_signing = Required; - Globals.server_signing = False; - - Globals.bDeferSharingViolations = True; -@@ -6071,6 +6082,7 @@ FN_GLOBAL_LIST(lp_winbind_nss_info, &Globals.szWinbindNssInfo) - FN_GLOBAL_INTEGER(lp_algorithmic_rid_base, &Globals.AlgorithmicRidBase) - FN_GLOBAL_INTEGER(lp_name_cache_timeout, &Globals.name_cache_timeout) - FN_GLOBAL_INTEGER(lp_client_signing, &Globals.client_signing) -+FN_GLOBAL_INTEGER(lp_client_ipc_signing, &Globals.client_ipc_signing) - FN_GLOBAL_INTEGER(lp_server_signing, &Globals.server_signing) - FN_GLOBAL_INTEGER(lp_client_ldap_sasl_wrapping, &Globals.client_ldap_sasl_wrapping) - --- -2.8.1 - - -From 633fcce5f7f488738ef8f45393aa8990e01118f4 Mon Sep 17 00:00:00 2001 -From: Andreas Schneider asn@samba.org -Date: Tue, 5 Apr 2016 10:46:53 +0200 -Subject: [PATCH 2/4] CVE-2016-2115: s3: Use lp_client_ipc_signing() if we are - not an smb client - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=11756 - -Pair-Programmed-With: Ralph Boehme slow@samba.org -Signed-off-by: Andreas Schneider asn@samba.org -Signed-off-by: Ralph Boehme slow@samba.org ---- - source3/param/loadparm.c | 14 ++++++++++++++ - source3/rpc_server/spoolss/srv_spoolss_nt.c | 2 +- - 2 files changed, 15 insertions(+), 1 deletion(-) - -diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c -index a612e5a3..c58f860 100644 ---- a/source3/param/loadparm.c -+++ b/source3/param/loadparm.c -@@ -9712,6 +9712,20 @@ static bool lp_load_ex(const char *pszFname, - lp_do_parameter(GLOBAL_SECTION_SNUM, "wins server", "127.0.0.1"); - } - -+ if (!lp_is_in_client()) { -+ switch (lp_client_ipc_signing()) { -+ case Required: -+ lp_set_cmdline("client signing", "mandatory"); -+ break; -+ case Auto: -+ lp_set_cmdline("client signing", "auto"); -+ break; -+ case False: -+ lp_set_cmdline("client signing", "disabled"); -+ break; -+ } -+ } -+ - init_iconv(); - - bAllowIncludeRegistry = true; -diff --git a/source3/rpc_server/spoolss/srv_spoolss_nt.c b/source3/rpc_server/spoolss/srv_spoolss_nt.c -index 181a7b5..a0fcf27 100644 ---- a/source3/rpc_server/spoolss/srv_spoolss_nt.c -+++ b/source3/rpc_server/spoolss/srv_spoolss_nt.c -@@ -2480,7 +2480,7 @@ static bool spoolss_connect_to_client(struct rpc_pipe_client **pp_pipe, - "", /* username */ - "", /* domain */ - "", /* password */ -- 0, lp_client_signing()); -+ 0, False); - - if ( !NT_STATUS_IS_OK( ret ) ) { - DEBUG(2,("spoolss_connect_to_client: connection to [%s] failed!\n", --- -2.8.1 - - -From e319838866bdd3f5f1602b441516d07a1171ab24 Mon Sep 17 00:00:00 2001 -From: Ralph Boehme slow@samba.org -Date: Thu, 31 Mar 2016 11:30:03 +0200 -Subject: [PATCH 3/4] CVE-2016-2115: s3/param: pick up s4 option "winbind - sealed pipes" - -This will be used in the next commit to prevent mitm attacks on on lsa, -samr and netlogon in winbindd. - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=11756 - -Signed-off-by: Ralph Boehme slow@samba.org -Reviewed-by: Stefan Metzmacher metze@samba.org -Reviewed-by: Andreas Schneider asn@samba.org ---- - docs-xml/smbdotconf/winbind/winbindsealedpipes.xml | 15 +++++++++++++++ - source3/include/proto.h | 1 + - source3/param/loadparm.c | 12 ++++++++++++ - 3 files changed, 28 insertions(+) - create mode 100644 docs-xml/smbdotconf/winbind/winbindsealedpipes.xml - -diff --git a/docs-xml/smbdotconf/winbind/winbindsealedpipes.xml b/docs-xml/smbdotconf/winbind/winbindsealedpipes.xml -new file mode 100644 -index 0000000..016ac9b ---- /dev/null -+++ b/docs-xml/smbdotconf/winbind/winbindsealedpipes.xml -@@ -0,0 +1,15 @@ -+<samba:parameter name="winbind sealed pipes" -+ context="G" -+ type="boolean" -+ xmlns:samba="http://www.samba.org/samba/DTD/samba-doc%22%3E -+<description> -+ <para>This option controls whether any requests from winbindd to domain controllers -+ pipe will be sealed. Disabling sealing can be useful for debugging -+ purposes.</para> -+ -+ <para>The behavior can be controlled per netbios domain -+ by using 'winbind sealed pipes:NETBIOSDOMAIN = no' as option.</para> -+</description> -+ -+<value type="default">yes</value> -+</samba:parameter> -diff --git a/source3/include/proto.h b/source3/include/proto.h -index af950aa..ac1540f 100644 ---- a/source3/include/proto.h -+++ b/source3/include/proto.h -@@ -1690,6 +1690,7 @@ int lp_winbind_cache_time(void); - int lp_winbind_reconnect_delay(void); - int lp_winbind_max_clients(void); - const char **lp_winbind_nss_info(void); -+bool lp_winbind_sealed_pipes(void); - int lp_algorithmic_rid_base(void); - int lp_name_cache_timeout(void); - int lp_client_signing(void); -diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c -index c58f860..fdc9407 100644 ---- a/source3/param/loadparm.c -+++ b/source3/param/loadparm.c -@@ -215,6 +215,7 @@ struct global { - int winbind_expand_groups; - bool bWinbindRefreshTickets; - bool bWinbindOfflineLogon; -+ bool bWinbindSealedPipes; - bool bWinbindNormalizeNames; - bool bWinbindRpcOnly; - bool bCreateKrb5Conf; -@@ -4775,6 +4776,15 @@ static struct parm_struct parm_table[] = { - .flags = FLAG_ADVANCED, - }, - { -+ .label = "winbind sealed pipes", -+ .type = P_BOOL, -+ .p_class = P_GLOBAL, -+ .ptr = &Globals.bWinbindSealedPipes, -+ .special = NULL, -+ .enum_list = NULL, -+ .flags = FLAG_ADVANCED, -+ }, -+ { - .label = "winbind normalize names", - .type = P_BOOL, - .p_class = P_GLOBAL, -@@ -5468,6 +5478,7 @@ static void init_globals(bool reinit_globals) - Globals.szWinbindNssInfo = str_list_make_v3(NULL, "template", NULL); - Globals.bWinbindRefreshTickets = False; - Globals.bWinbindOfflineLogon = False; -+ Globals.bWinbindSealedPipes = True; - - Globals.iIdmapCacheTime = 86400 * 7; /* a week by default */ - Globals.iIdmapNegativeCacheTime = 120; /* 2 minutes by default */ -@@ -5747,6 +5758,7 @@ FN_GLOBAL_BOOL(lp_winbind_nested_groups, &Globals.bWinbindNestedGroups) - FN_GLOBAL_INTEGER(lp_winbind_expand_groups, &Globals.winbind_expand_groups) - FN_GLOBAL_BOOL(lp_winbind_refresh_tickets, &Globals.bWinbindRefreshTickets) - FN_GLOBAL_BOOL(lp_winbind_offline_logon, &Globals.bWinbindOfflineLogon) -+FN_GLOBAL_BOOL(lp_winbind_sealed_pipes, &Globals.bWinbindSealedPipes) - FN_GLOBAL_BOOL(lp_winbind_normalize_names, &Globals.bWinbindNormalizeNames) - FN_GLOBAL_BOOL(lp_winbind_rpc_only, &Globals.bWinbindRpcOnly) - FN_GLOBAL_BOOL(lp_create_krb5_conf, &Globals.bCreateKrb5Conf) --- -2.8.1 - - -From b47d8644e6a826f01dae3911fc510a7b2ff60273 Mon Sep 17 00:00:00 2001 -From: Andrew Bartlett abartlet@samba.org -Date: Fri, 5 Sep 2014 17:00:31 +1200 -Subject: [PATCH 4/4] CVE-2016-2115: winbindd: Do not make anonymous - connections by default - -The requirement is that we have "winbind sealed pipes = false" and -"require strong key = false" before we make anonymous connections. -These are a security risk as we cannot prevent MITM attacks. - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=11796 - -Signed-off-by: Andrew Bartlett abartlet@samba.org -Reviewed-by: Stefan Metzmacher metze@samba.org -(backported from commit e2cd3257141bd4a88cda1fff5bde9df60b253a97) ---- - source3/winbindd/winbindd_cm.c | 32 +++++++++++++++++++++++++++++++- - 1 file changed, 31 insertions(+), 1 deletion(-) - -diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbindd_cm.c -index 8271279..50a341e 100644 ---- a/source3/winbindd/winbindd_cm.c -+++ b/source3/winbindd/winbindd_cm.c -@@ -2384,6 +2384,15 @@ NTSTATUS cm_connect_sam(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx, - TALLOC_FREE(conn->samr_pipe); - - anonymous: -+ if (lp_winbind_sealed_pipes() && (IS_DC || domain->primary)) { -+ status = NT_STATUS_DOWNGRADE_DETECTED; -+ DEBUG(1, ("Unwilling to make SAMR connection to domain %s " -+ "without connection level security, " -+ "must set 'winbind sealed pipes = false' " -+ "to proceed: %s\n", -+ domain->name, nt_errstr(status))); -+ goto done; -+ } - - /* Finally fall back to anonymous. */ - status = cli_rpc_pipe_open_noauth(conn->cli, &ndr_table_samr.syntax_id, -@@ -2610,6 +2619,16 @@ NTSTATUS cm_connect_lsa(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx, - - anonymous: - -+ if (lp_winbind_sealed_pipes() && (IS_DC || domain->primary)) { -+ result = NT_STATUS_DOWNGRADE_DETECTED; -+ DEBUG(1, ("Unwilling to make LSA connection to domain %s " -+ "without connection level security, " -+ "must set 'winbind sealed pipes = false' " -+ "to proceed: %s\n", -+ domain->name, nt_errstr(result))); -+ goto done; -+ } -+ - result = cli_rpc_pipe_open_noauth(conn->cli, - &ndr_table_lsarpc.syntax_id, - &conn->lsa_pipe); -@@ -2749,7 +2768,18 @@ NTSTATUS cm_connect_netlogon(struct winbindd_domain *domain, - - no_schannel: - if ((lp_client_schannel() == False) || -- ((neg_flags & NETLOGON_NEG_SCHANNEL) == 0)) { -+ ((neg_flags & NETLOGON_NEG_SCHANNEL) == 0)) { -+ if (lp_winbind_sealed_pipes() && (IS_DC || domain->primary)) { -+ result = NT_STATUS_DOWNGRADE_DETECTED; -+ DEBUG(1, ("Unwilling to make connection to domain %s " -+ "without connection level security, " -+ "must set 'winbind sealed pipes = false' " -+ "to proceed: %s\n", -+ domain->name, nt_errstr(result))); -+ TALLOC_FREE(netlogon_pipe); -+ invalidate_cm_connection(conn); -+ return result; -+ } - /* - * NetSamLogonEx only works for schannel - */ --- -2.8.1 - diff --git a/src/patches/samba/CVE-2016-2118-v3-6.patch b/src/patches/samba/CVE-2016-2118-v3-6.patch deleted file mode 100644 index e354155e8..000000000 --- a/src/patches/samba/CVE-2016-2118-v3-6.patch +++ /dev/null @@ -1,629 +0,0 @@ -From 9519f8f5123be055a4e845f87badef8b80ab2ee4 Mon Sep 17 00:00:00 2001 -From: Stefan Metzmacher metze@samba.org -Date: Tue, 15 Dec 2015 14:49:36 +0100 -Subject: [PATCH 01/10] CVE-2016-2118: s3: rpcclient: change the default auth - level from DCERPC_AUTH_LEVEL_CONNECT to DCERPC_AUTH_LEVEL_INTEGRITY - -ncacn_ip_tcp:server should get the same protection as ncacn_np:server -if authentication and smb signing is used. - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=11616 - -Signed-off-by: Stefan Metzmacher metze@samba.org - -(cherry picked from commit dab41dee8a4fb27dbf3913b0e44a4cc726e3ac98) ---- - source3/rpcclient/rpcclient.c | 5 ++--- - 1 file changed, 2 insertions(+), 3 deletions(-) - -diff --git a/source3/rpcclient/rpcclient.c b/source3/rpcclient/rpcclient.c -index 949e14c..81c5f42 100644 ---- a/source3/rpcclient/rpcclient.c -+++ b/source3/rpcclient/rpcclient.c -@@ -1062,10 +1062,9 @@ out_free: - } - } - if (pipe_default_auth_type != DCERPC_AUTH_TYPE_NONE) { -- /* If neither Integrity or Privacy are requested then -- * Use just Connect level */ -+ /* If nothing is requested then default to integrity */ - if (pipe_default_auth_level == DCERPC_AUTH_LEVEL_NONE) { -- pipe_default_auth_level = DCERPC_AUTH_LEVEL_CONNECT; -+ pipe_default_auth_level = DCERPC_AUTH_LEVEL_INTEGRITY; - } - } - --- -2.8.1 - - -From 0e00f6da40e6f76d9bd56187e74841c85ea86c55 Mon Sep 17 00:00:00 2001 -From: Stefan Metzmacher metze@samba.org -Date: Fri, 11 Mar 2016 16:02:25 +0100 -Subject: [PATCH 02/10] CVE-2016-2118: s4:librpc: use integrity by default for - authenticated binds - -ncacn_ip_tcp:server should get the same protection as ncacn_np:server -if authentication and smb signing is used. - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=11616 - -Signed-off-by: Stefan Metzmacher metze@samba.org -(cherry picked from commit 7847ee85d278adb9ce4fc7da7cf171917227c93f) ---- - source4/librpc/rpc/dcerpc_util.c | 12 ++++++------ - 1 file changed, 6 insertions(+), 6 deletions(-) - -diff --git a/source4/librpc/rpc/dcerpc_util.c b/source4/librpc/rpc/dcerpc_util.c -index 2cd9499..a6d0df5 100644 ---- a/source4/librpc/rpc/dcerpc_util.c -+++ b/source4/librpc/rpc/dcerpc_util.c -@@ -593,15 +593,15 @@ struct composite_context *dcerpc_pipe_auth_send(struct dcerpc_pipe *p, - - /* Perform an authenticated DCE-RPC bind - */ -- if (!(conn->flags & (DCERPC_SIGN|DCERPC_SEAL))) { -+ if (!(conn->flags & (DCERPC_CONNECT|DCERPC_SEAL))) { - /* - we are doing an authenticated connection, -- but not using sign or seal. We must force -- the CONNECT dcerpc auth type as a NONE auth -- type doesn't allow authentication -- information to be passed. -+ which needs to use [connect], [sign] or [seal]. -+ If nothing is specified, we default to [sign] now. -+ This give roughly the same protection as -+ ncacn_np with smb signing. - */ -- conn->flags |= DCERPC_CONNECT; -+ conn->flags |= DCERPC_SIGN; - } - - if (s->binding->flags & DCERPC_AUTH_SPNEGO) { --- -2.8.1 - - -From 8d53761dbcbea6439f4bfaef86ff79f42b682b22 Mon Sep 17 00:00:00 2001 -From: Stefan Metzmacher metze@samba.org -Date: Thu, 10 Mar 2016 17:03:59 +0100 -Subject: [PATCH 03/10] CVE-2016-2118: docs-xml: add "allow dcerpc auth level - connect" defaulting to "yes" -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -We sadly need to allow this for now by default. - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=11616 - -Signed-off-by: Stefan Metzmacher metze@samba.org -Reviewed-by: Günther Deschner gd@samba.org -(backported from commit 56baca8619ba9ae1734c3d77524fc705ebcbd8d2) ---- - .../security/allowdcerpcauthlevelconnect.xml | 24 ++++++++++++++++++++++ - 1 file changed, 24 insertions(+) - create mode 100644 docs-xml/smbdotconf/security/allowdcerpcauthlevelconnect.xml - -diff --git a/docs-xml/smbdotconf/security/allowdcerpcauthlevelconnect.xml b/docs-xml/smbdotconf/security/allowdcerpcauthlevelconnect.xml -new file mode 100644 -index 0000000..5552112 ---- /dev/null -+++ b/docs-xml/smbdotconf/security/allowdcerpcauthlevelconnect.xml -@@ -0,0 +1,24 @@ -+<samba:parameter name="allow dcerpc auth level connect" -+ context="G" -+ type="boolean" -+ xmlns:samba="http://www.samba.org/samba/DTD/samba-doc%22%3E -+<description> -+ <para>This option controls whether DCERPC services are allowed to -+ be used with DCERPC_AUTH_LEVEL_CONNECT, which provides authentication, -+ but no per message integrity nor privacy protection.</para> -+ -+ <para>The behavior can be controlled per interface name (e.g. lsarpc, netlogon, samr, srvsvc, -+ winreg, wkssvc ...) by using 'allow dcerpc auth level connect:interface = no' as option.</para> -+ -+ <para>This option yields precedence to the implentation specific restrictions. -+ E.g. the drsuapi and backupkey protocols require DCERPC_AUTH_LEVEL_PRIVACY. -+ While others like samr and lsarpc have a hardcoded default of <constant>no</constant>. -+ </para> -+ -+ <para>Note the default will very likely change to <constant>no</constant> for Samba 4.5.</para> -+</description> -+ -+<value type="default">yes</value> -+<value type="example">no</value> -+ -+</samba:parameter> --- -2.8.1 - - -From 9a0e8182314c631681f2dd47da5d790168066279 Mon Sep 17 00:00:00 2001 -From: Ralph Boehme slow@samba.org -Date: Fri, 18 Mar 2016 08:45:11 +0100 -Subject: [PATCH 04/10] CVE-2016-2118: param: add "allow dcerpc auth level - connect" defaulting to "yes" - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=11616 - -Signed-off-by: Ralph Boehme slow@samba.org -Reviewed-by: Stefan Metzmacher metze@samba.org -(backported from commit 6e3ada2c36f527077d77a8278bd41bbc030f48cd) - -(cherry picked from commit 74172d061597c96f0e733c11daee6cb15f3277dc) -Signed-off-by: Aurelien Aptel aaptel@suse.com ---- - source3/include/proto.h | 1 + - source3/param/loadparm.c | 13 +++++++++++++ - 2 files changed, 14 insertions(+) - -diff --git a/source3/include/proto.h b/source3/include/proto.h -index ac1540f..2ed6547 100644 ---- a/source3/include/proto.h -+++ b/source3/include/proto.h -@@ -1821,6 +1821,7 @@ char* lp_perfcount_module(void); - void lp_set_passdb_backend(const char *backend); - void widelinks_warning(int snum); - char *lp_ncalrpc_dir(void); -+bool lp_allow_dcerpc_auth_level_connect(void); - - /* The following definitions come from param/loadparm_server_role.c */ - -diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c -index fdc9407..87d33c5 100644 ---- a/source3/param/loadparm.c -+++ b/source3/param/loadparm.c -@@ -355,6 +355,7 @@ struct global { - bool bUseMmap; - bool bHostnameLookups; - bool bUnixExtensions; -+ bool bAllowDcerpcAuthLevelConnect; - bool bDisableNetbios; - char * szDedicatedKeytabFile; - int iKerberosMethod; -@@ -2303,6 +2304,15 @@ static struct parm_struct parm_table[] = { - .flags = FLAG_ADVANCED, - }, - { -+ .label = "allow dcerpc auth level connect", -+ .type = P_BOOL, -+ .p_class = P_GLOBAL, -+ .ptr = &Globals.bAllowDcerpcAuthLevelConnect, -+ .special = NULL, -+ .enum_list = NULL, -+ .flags = FLAG_ADVANCED, -+ }, -+ { - .label = "use spnego", - .type = P_BOOL, - .p_class = P_GLOBAL, -@@ -5371,6 +5381,8 @@ static void init_globals(bool reinit_globals) - Globals.bClientNTLMv2Auth = True; /* Client should always use use NTLMv2, as we can't tell that the server supports it, but most modern servers do */ - /* Note, that we will also use NTLM2 session security (which is different), if it is available */ - -+ Globals.bAllowDcerpcAuthLevelConnect = true; /* we need to allow this for now by default */ -+ - Globals.map_to_guest = 0; /* By Default, "Never" */ - Globals.oplock_break_wait_time = 0; /* By Default, 0 msecs. */ - Globals.enhanced_browsing = true; -@@ -5745,6 +5757,7 @@ FN_GLOBAL_INTEGER(lp_username_map_cache_time, &Globals.iUsernameMapCacheTime) - - FN_GLOBAL_STRING(lp_check_password_script, &Globals.szCheckPasswordScript) - -+FN_GLOBAL_BOOL(lp_allow_dcerpc_auth_level_connect, &Globals.bAllowDcerpcAuthLevelConnect) - FN_GLOBAL_STRING(lp_wins_hook, &Globals.szWINSHook) - FN_GLOBAL_CONST_STRING(lp_template_homedir, &Globals.szTemplateHomedir) - FN_GLOBAL_CONST_STRING(lp_template_shell, &Globals.szTemplateShell) --- -2.8.1 - - -From 82a245ff842ea33c050a8fbe415a531497232d3d Mon Sep 17 00:00:00 2001 -From: Stefan Metzmacher metze@samba.org -Date: Fri, 18 Mar 2016 04:40:30 +0100 -Subject: [PATCH 05/10] CVE-2016-2118: s3:rpc_server: make use of "allow dcerpc - auth level connect" -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -With this option turned off we only allow DCERPC_AUTH_LEVEL_{NONE,INTEGRITY,PRIVACY}, -this means the reject any request with AUTH_LEVEL_CONNECT with ACCESS_DENIED. - -We sadly need to keep this enabled by default for now. - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=11616 - -Pair-Programmed-With: Günther Deschner gd@samba.org - -Signed-off-by: Stefan Metzmacher metze@samba.org -Signed-off-by: Günther Deschner gd@samba.org -(cherry picked from commit 1fa0bad3da921fca1d34971062522b4cc3e6db2c) -(cherry picked from commit 46744bbe5e3616613b2dbee7cf6fdf0d8d5caab3) -Signed-off-by: Aurelien Aptel aaptel@suse.com ---- - source3/include/ntdomain.h | 4 ++++ - source3/rpc_server/srv_pipe.c | 49 ++++++++++++++++++++++++++++++++++++++++++- - 2 files changed, 52 insertions(+), 1 deletion(-) - -diff --git a/source3/include/ntdomain.h b/source3/include/ntdomain.h -index 2fbeabc..650f1d0 100644 ---- a/source3/include/ntdomain.h -+++ b/source3/include/ntdomain.h -@@ -89,6 +89,10 @@ typedef struct pipe_rpc_fns { - uint32 context_id; - struct ndr_syntax_id syntax; - -+ /* -+ * shall we allow "connect" auth level for this interface ? -+ */ -+ bool allow_connect; - } PIPE_RPC_FNS; - - /* -diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c -index d659705..c462dcf 100644 ---- a/source3/rpc_server/srv_pipe.c -+++ b/source3/rpc_server/srv_pipe.c -@@ -335,6 +335,7 @@ static bool check_bind_req(struct pipes_struct *p, - uint32 context_id) - { - struct pipe_rpc_fns *context_fns; -+ const char *interface_name = NULL; - - DEBUG(3,("check_bind_req for %s\n", - get_pipe_name_from_syntax(talloc_tos(), abstract))); -@@ -355,12 +356,29 @@ static bool check_bind_req(struct pipes_struct *p, - return False; - } - -+ interface_name = get_pipe_name_from_syntax(talloc_tos(), -+ abstract); -+ -+ SMB_ASSERT(interface_name != NULL); -+ - context_fns->next = context_fns->prev = NULL; - context_fns->n_cmds = rpc_srv_get_pipe_num_cmds(abstract); - context_fns->cmds = rpc_srv_get_pipe_cmds(abstract); - context_fns->context_id = context_id; - context_fns->syntax = *abstract; - -+ context_fns->allow_connect = lp_allow_dcerpc_auth_level_connect(); -+ /* -+ * every interface can be modified to allow "connect" auth_level by -+ * using a parametric option like: -+ * allow dcerpc auth level connect:<interface> -+ * e.g. -+ * allow dcerpc auth level connect:samr = yes -+ */ -+ context_fns->allow_connect = lp_parm_bool(-1, -+ "allow dcerpc auth level connect", -+ interface_name, context_fns->allow_connect); -+ - /* add to the list of open contexts */ - - DLIST_ADD( p->contexts, context_fns ); -@@ -1592,6 +1610,7 @@ static bool api_pipe_request(struct pipes_struct *p, - TALLOC_CTX *frame = talloc_stackframe(); - bool ret = False; - PIPE_RPC_FNS *pipe_fns; -+ const char *interface_name = NULL; - - if (!p->pipe_bound) { - DEBUG(1, ("Pipe not bound!\n")); -@@ -1613,8 +1632,36 @@ static bool api_pipe_request(struct pipes_struct *p, - return false; - } - -+ interface_name = get_pipe_name_from_syntax(talloc_tos(), -+ &pipe_fns->syntax); -+ -+ SMB_ASSERT(interface_name != NULL); -+ - DEBUG(5, ("Requested \PIPE\%s\n", -- get_pipe_name_from_syntax(talloc_tos(), &pipe_fns->syntax))); -+ interface_name)); -+ -+ switch (p->auth.auth_level) { -+ case DCERPC_AUTH_LEVEL_NONE: -+ case DCERPC_AUTH_LEVEL_INTEGRITY: -+ case DCERPC_AUTH_LEVEL_PRIVACY: -+ break; -+ default: -+ if (!pipe_fns->allow_connect) { -+ DEBUG(1, ("%s: restrict auth_level_connect access " -+ "to [%s] with auth[type=0x%x,level=0x%x] " -+ "on [%s] from [%s]\n", -+ __func__, interface_name, -+ p->auth.auth_type, -+ p->auth.auth_level, -+ derpc_transport_string_by_transport(p->transport), -+ p->client_id->name)); -+ -+ setup_fault_pdu(p, NT_STATUS(DCERPC_FAULT_ACCESS_DENIED)); -+ TALLOC_FREE(frame); -+ return true; -+ } -+ break; -+ } - - if (!srv_pipe_check_verification_trailer(p, pkt, pipe_fns)) { - DEBUG(1, ("srv_pipe_check_verification_trailer: failed\n")); --- -2.8.1 - - -From b68b204307e0b24bc2879ea667a706e11925166d Mon Sep 17 00:00:00 2001 -From: Stefan Metzmacher metze@samba.org -Date: Fri, 7 Aug 2015 09:50:30 +0200 -Subject: [PATCH 06/10] CVE-2016-2118: s3:rpc_server/{samr,lsa,netlogon}: - reject DCERPC_AUTH_LEVEL_CONNECT by default -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -This prevents man in the middle downgrade attacks. - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=11616 - -Pair-Programmed-With: Günther Deschner gd@samba.org - -Signed-off-by: Stefan Metzmacher metze@samba.org -Signed-off-by: Günther Deschner gd@samba.org -(cherry picked from commit 51dd08951eb4ab9d297678f96cde61f508937721) -Signed-off-by: Aurelien Aptel aaptel@suse.com - -Conflicts: - selftest/knownfail - source3/rpc_server/srv_pipe.c - -selftest/knownfail is ignored in 3.6 ---- - source3/rpc_server/srv_pipe.c | 20 ++++++++++++++++++++ - source3/selftest/knownfail | 1 + - source3/selftest/tests.py | 2 ++ - 3 files changed, 23 insertions(+) - -diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c -index c462dcf..3086b9e 100644 ---- a/source3/rpc_server/srv_pipe.c -+++ b/source3/rpc_server/srv_pipe.c -@@ -43,6 +43,9 @@ - #include "ntdomain.h" - #include "rpc_server/srv_pipe.h" - #include "../librpc/ndr/ndr_dcerpc.h" -+#include "../librpc/gen_ndr/ndr_samr.h" -+#include "../librpc/gen_ndr/ndr_lsa.h" -+#include "../librpc/gen_ndr/ndr_netlogon.h" - - #undef DBGC_CLASS - #define DBGC_CLASS DBGC_RPC_SRV -@@ -336,6 +339,7 @@ static bool check_bind_req(struct pipes_struct *p, - { - struct pipe_rpc_fns *context_fns; - const char *interface_name = NULL; -+ bool ok; - - DEBUG(3,("check_bind_req for %s\n", - get_pipe_name_from_syntax(talloc_tos(), abstract))); -@@ -369,6 +373,22 @@ static bool check_bind_req(struct pipes_struct *p, - - context_fns->allow_connect = lp_allow_dcerpc_auth_level_connect(); - /* -+ * for the samr and the lsarpc interfaces we don't allow "connect" -+ * auth_level by default. -+ */ -+ ok = ndr_syntax_id_equal(abstract, &ndr_table_samr.syntax_id); -+ if (ok) { -+ context_fns->allow_connect = false; -+ } -+ ok = ndr_syntax_id_equal(abstract, &ndr_table_lsarpc.syntax_id); -+ if (ok) { -+ context_fns->allow_connect = false; -+ } -+ ok = ndr_syntax_id_equal(abstract, &ndr_table_netlogon.syntax_id); -+ if (ok) { -+ context_fns->allow_connect = false; -+ } -+ /* - * every interface can be modified to allow "connect" auth_level by - * using a parametric option like: - * allow dcerpc auth level connect:<interface> -diff --git a/source3/selftest/knownfail b/source3/selftest/knownfail -index bda1fe0..8717a4d 100644 ---- a/source3/selftest/knownfail -+++ b/source3/selftest/knownfail -@@ -18,3 +18,4 @@ samba3.posix_s3.nbt.dgram.*netlogon2 - samba3.*rap.sam.*.useradd # Not provided by Samba 3 - samba3.*rap.sam.*.userdelete # Not provided by Samba 3 - samba3.*rap.basic.*.netsessiongetinfo # Not provided by Samba 3 -+samba3.blackbox.rpcclient.over.ncacn_np.with.*connect.* # we don't allow auth_level_connect anymore -diff --git a/source3/selftest/tests.py b/source3/selftest/tests.py -index a733f14..8dfbf1e 100755 ---- a/source3/selftest/tests.py -+++ b/source3/selftest/tests.py -@@ -201,6 +201,8 @@ if sub.returncode == 0: - plansmbtorturetestsuite(t, "s3dc", '//$SERVER_IP/tmpguest -U$USERNAME%$PASSWORD') - elif t == "raw.samba3posixtimedlock": - plansmbtorturetestsuite(t, "s3dc", '//$SERVER_IP/tmpguest -U$USERNAME%$PASSWORD --option=torture:localdir=$SELFTEST_PREFIX/dc/share') -+ elif t == "rpc.samr.passwords.validate": -+ plansmbtorturetestsuite(t, "s3dc", 'ncacn_np:$SERVER_IP[seal] -U$USERNAME%$PASSWORD', 'over ncacn_np ') - else: - plansmbtorturetestsuite(t, "s3dc", '//$SERVER_IP/tmp -U$USERNAME%$PASSWORD') - --- -2.8.1 - - -From 720b9f861322c5fe804c53eb74e7d2d6a4d8b876 Mon Sep 17 00:00:00 2001 -From: Andreas Schneider asn@samba.org -Date: Tue, 5 Apr 2016 09:54:38 +0200 -Subject: [PATCH 07/10] CVE-2016-2118: s3:selftest: The lsa tests which use - connect need to fail - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=11616 - -Signed-off-by: Andreas Schneider asn@samba.org ---- - source3/selftest/knownfail | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/source3/selftest/knownfail b/source3/selftest/knownfail -index 8717a4d..7d9275e 100644 ---- a/source3/selftest/knownfail -+++ b/source3/selftest/knownfail -@@ -19,3 +19,4 @@ samba3.*rap.sam.*.useradd # Not provided by Samba 3 - samba3.*rap.sam.*.userdelete # Not provided by Samba 3 - samba3.*rap.basic.*.netsessiongetinfo # Not provided by Samba 3 - samba3.blackbox.rpcclient.over.ncacn_np.with.*connect.* # we don't allow auth_level_connect anymore -+samba3.posix_s3.rpc.lsa.lookupsids.*ncacn_ip_tcp.*connect.* # we don't allow auth_level_connect anymore --- -2.8.1 - - -From 9b2b563a1f8247f5ec7efde52d70efc666e30f56 Mon Sep 17 00:00:00 2001 -From: Stefan Metzmacher metze@samba.org -Date: Sat, 26 Mar 2016 08:47:42 +0100 -Subject: [PATCH 08/10] CVE-2016-2118: s3:rpc_server/{epmapper,echo}: allow - DCERPC_AUTH_LEVEL_CONNECT by default - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=11616 - -Signed-off-by: Stefan Metzmacher metze@samba.org -Reviewed-by: Alexander Bokovoy ab@samba.org -(cherry picked from commit 98f1a85f23d3d2a4f1c665746588688574261d90) ---- - source3/rpc_server/srv_pipe.c | 14 ++++++++++++++ - 1 file changed, 14 insertions(+) - -diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c -index 3086b9e..964b843 100644 ---- a/source3/rpc_server/srv_pipe.c -+++ b/source3/rpc_server/srv_pipe.c -@@ -46,6 +46,8 @@ - #include "../librpc/gen_ndr/ndr_samr.h" - #include "../librpc/gen_ndr/ndr_lsa.h" - #include "../librpc/gen_ndr/ndr_netlogon.h" -+#include "../librpc/gen_ndr/ndr_epmapper.h" -+#include "../librpc/gen_ndr/ndr_echo.h" - - #undef DBGC_CLASS - #define DBGC_CLASS DBGC_RPC_SRV -@@ -389,6 +391,18 @@ static bool check_bind_req(struct pipes_struct *p, - context_fns->allow_connect = false; - } - /* -+ * for the epmapper and echo interfaces we allow "connect" -+ * auth_level by default. -+ */ -+ ok = ndr_syntax_id_equal(abstract, &ndr_table_epmapper.syntax_id); -+ if (ok) { -+ context_fns->allow_connect = true; -+ } -+ ok = ndr_syntax_id_equal(abstract, &ndr_table_rpcecho.syntax_id); -+ if (ok) { -+ context_fns->allow_connect = true; -+ } -+ /* - * every interface can be modified to allow "connect" auth_level by - * using a parametric option like: - * allow dcerpc auth level connect:<interface> --- -2.8.1 - - -From 21453f6887569b162be44faaf43e1b9a81423210 Mon Sep 17 00:00:00 2001 -From: Stefan Metzmacher metze@samba.org -Date: Thu, 10 Mar 2016 17:03:59 +0100 -Subject: [PATCH 09/10] CVE-2016-2118: docs-xml/param: default "allow dcerpc - auth level connect" to "no" - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=11616 - -Signed-off-by: Stefan Metzmacher metze@samba.org -Reviewed-by: Alexander Bokovoy ab@samba.org -(backported from commit 6469e21af32a2a405dd4f43e7d96a2f87c4a9902) - -Conflicts: - lib/param/loadparm.c - source3/param/loadparm.c ---- - docs-xml/smbdotconf/security/allowdcerpcauthlevelconnect.xml | 6 ++---- - source3/param/loadparm.c | 2 +- - 2 files changed, 3 insertions(+), 5 deletions(-) - -diff --git a/docs-xml/smbdotconf/security/allowdcerpcauthlevelconnect.xml b/docs-xml/smbdotconf/security/allowdcerpcauthlevelconnect.xml -index 5552112..c8e9d18 100644 ---- a/docs-xml/smbdotconf/security/allowdcerpcauthlevelconnect.xml -+++ b/docs-xml/smbdotconf/security/allowdcerpcauthlevelconnect.xml -@@ -14,11 +14,9 @@ - E.g. the drsuapi and backupkey protocols require DCERPC_AUTH_LEVEL_PRIVACY. - While others like samr and lsarpc have a hardcoded default of <constant>no</constant>. - </para> -- -- <para>Note the default will very likely change to <constant>no</constant> for Samba 4.5.</para> - </description> - --<value type="default">yes</value> --<value type="example">no</value> -+<value type="default">no</value> -+<value type="example">yes</value> - - </samba:parameter> -diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c -index 87d33c5..a514727 100644 ---- a/source3/param/loadparm.c -+++ b/source3/param/loadparm.c -@@ -5381,7 +5381,7 @@ static void init_globals(bool reinit_globals) - Globals.bClientNTLMv2Auth = True; /* Client should always use use NTLMv2, as we can't tell that the server supports it, but most modern servers do */ - /* Note, that we will also use NTLM2 session security (which is different), if it is available */ - -- Globals.bAllowDcerpcAuthLevelConnect = true; /* we need to allow this for now by default */ -+ Globals.bAllowDcerpcAuthLevelConnect = false; /* we don't allow this by default */ - - Globals.map_to_guest = 0; /* By Default, "Never" */ - Globals.oplock_break_wait_time = 0; /* By Default, 0 msecs. */ --- -2.8.1 - - -From a5aebec4ff2f1d3b824dfcc05091da712639220d Mon Sep 17 00:00:00 2001 -From: Stefan Metzmacher metze@samba.org -Date: Sun, 28 Feb 2016 22:48:11 +0100 -Subject: [PATCH 10/10] CVE-2016-2118: s3:rpc_server/samr: allow - _samr_ValidatePassword only with PRIVACY... -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -This requires transport encryption. - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=11616 - -Signed-off-by: Stefan Metzmacher metze@samba.org -Reviewed-by: Günther Deschner gd@samba.org -(cherry picked from commit d7c2f1e12544ee0f80438dcc1586e2d30c23b54a) ---- - source3/rpc_server/samr/srv_samr_nt.c | 5 +++++ - 1 file changed, 5 insertions(+) - -diff --git a/source3/rpc_server/samr/srv_samr_nt.c b/source3/rpc_server/samr/srv_samr_nt.c -index 0984984..37e2e4f 100644 ---- a/source3/rpc_server/samr/srv_samr_nt.c -+++ b/source3/rpc_server/samr/srv_samr_nt.c -@@ -6628,6 +6628,11 @@ NTSTATUS _samr_ValidatePassword(struct pipes_struct *p, - struct samr_GetDomPwInfo pw; - struct samr_PwInfo dom_pw_info; - -+ if (p->auth.auth_level != DCERPC_AUTH_LEVEL_PRIVACY) { -+ p->fault_state = DCERPC_FAULT_ACCESS_DENIED; -+ return NT_STATUS_ACCESS_DENIED; -+ } -+ - if (r->in.level < 1 || r->in.level > 3) { - return NT_STATUS_INVALID_INFO_CLASS; - } --- -2.8.1 - diff --git a/src/patches/samba/CVE-2016-2125-v3.6.patch b/src/patches/samba/CVE-2016-2125-v3.6.patch deleted file mode 100644 index f67b5d08f..000000000 --- a/src/patches/samba/CVE-2016-2125-v3.6.patch +++ /dev/null @@ -1,46 +0,0 @@ -From 7cc3b25f4bf9e89e326d04b83bc7365f3cc29265 Mon Sep 17 00:00:00 2001 -From: Stefan Metzmacher metze@samba.org -Date: Wed, 7 Dec 2016 10:58:35 +0100 -Subject: [PATCH] CVE-2016-2125: s3:gse: avoid using GSS_C_DELEG_FLAG - -We should only use GSS_C_DELEG_POLICY_FLAG in order to let -the KDC decide if we should send delegated credentials to -a remote server. - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=12445 - -Signed-off-by: Stefan Metzmacher metze@samba.org -Backported-by: Andreas Schneider asn@samba.org ---- - source3/librpc/crypto/gse.c | 1 - - source3/libsmb/clifsinfo.c | 2 +- - 2 files changed, 1 insertion(+), 2 deletions(-) - -diff --git a/source3/librpc/crypto/gse.c b/source3/librpc/crypto/gse.c -index 02fb0f6141d..211ca7774be 100644 ---- a/source3/librpc/crypto/gse.c -+++ b/source3/librpc/crypto/gse.c -@@ -162,7 +162,6 @@ static NTSTATUS gse_context_init(TALLOC_CTX *mem_ctx, - memcpy(&gse_ctx->gss_mech, gss_mech_krb5, sizeof(gss_OID_desc)); - - gse_ctx->gss_c_flags = GSS_C_MUTUAL_FLAG | -- GSS_C_DELEG_FLAG | - GSS_C_DELEG_POLICY_FLAG | - GSS_C_REPLAY_FLAG | - GSS_C_SEQUENCE_FLAG; -diff --git a/source3/libsmb/clifsinfo.c b/source3/libsmb/clifsinfo.c -index 1d66eb4c6b8..34ebc208db0 100644 ---- a/source3/libsmb/clifsinfo.c -+++ b/source3/libsmb/clifsinfo.c -@@ -726,7 +726,7 @@ static NTSTATUS make_cli_gss_blob(TALLOC_CTX *ctx, - &es->s.gss_state->gss_ctx, - srv_name, - GSS_C_NO_OID, /* default OID. */ -- GSS_C_MUTUAL_FLAG | GSS_C_REPLAY_FLAG | GSS_C_SEQUENCE_FLAG | GSS_C_DELEG_FLAG, -+ GSS_C_MUTUAL_FLAG | GSS_C_REPLAY_FLAG | GSS_C_SEQUENCE_FLAG | GSS_C_DELEG_POLICY_FLAG, - GSS_C_INDEFINITE, /* requested ticket lifetime. */ - NULL, /* no channel bindings */ - p_tok_in, --- -2.11.0 - diff --git a/src/patches/samba/CVE-2016-2126-v3.6.patch b/src/patches/samba/CVE-2016-2126-v3.6.patch deleted file mode 100644 index 8de651e8c..000000000 --- a/src/patches/samba/CVE-2016-2126-v3.6.patch +++ /dev/null @@ -1,80 +0,0 @@ -From 4e47b5d703c54215804d595980be028f47a87cbf Mon Sep 17 00:00:00 2001 -From: Stefan Metzmacher metze@samba.org -Date: Wed, 7 Dec 2016 11:18:59 +0100 -Subject: [PATCH] CVE-2016-2126: auth/kerberos: only allow known checksum types - in check_pac_checksum() - -AES based checksums can only be checked with the corresponding AES based -keytype. - -Otherwise we may trigger an undefined code path deep in the kerberos -libraries, which can leed to segmentation faults. - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=12446 - -Signed-off-by: Stefan Metzmacher metze@samba.org -Backported-by: Andreas Schneider asn@samba.org ---- - source3/include/smb_krb5.h | 12 ++++++++++++ - source3/libads/authdata.c | 22 ++++++++++++++++++++++ - 2 files changed, 34 insertions(+) - -diff --git a/source3/include/smb_krb5.h b/source3/include/smb_krb5.h -index 5a55d3040d5..2780622f512 100644 ---- a/source3/include/smb_krb5.h -+++ b/source3/include/smb_krb5.h -@@ -61,6 +61,18 @@ - #define ENCTYPE_ARCFOUR_HMAC ENCTYPE_ARCFOUR_HMAC_MD5 - #endif - -+#if !defined(CKSUMTYPE_HMAC_MD5_ARCFOUR) && defined(CKSUMTYPE_HMAC_MD5) -+#define CKSUMTYPE_HMAC_MD5_ARCFOUR CKSUMTYPE_HMAC_MD5 -+#endif -+ -+#if !defined(CKSUMTYPE_HMAC_SHA1_96_AES256) && defined(CKSUMTYPE_HMAC_SHA1_96_AES_256) -+#define CKSUMTYPE_HMAC_SHA1_96_AES256 CKSUMTYPE_HMAC_SHA1_96_AES_256 -+#endif -+ -+#if !defined(CKSUMTYPE_HMAC_SHA1_96_AES128) && defined(CKSUMTYPE_HMAC_SHA1_96_AES_128) -+#define CKSUMTYPE_HMAC_SHA1_96_AES128 CKSUMTYPE_HMAC_SHA1_96_AES_128 -+#endif -+ - /* The older versions of heimdal that don't have this - define don't seem to use it anyway. I'm told they - always use a subkey */ -diff --git a/source3/libads/authdata.c b/source3/libads/authdata.c -index 0d877ddef89..30622843f1d 100644 ---- a/source3/libads/authdata.c -+++ b/source3/libads/authdata.c -@@ -42,6 +42,28 @@ static krb5_error_code check_pac_checksum(TALLOC_CTX *mem_ctx, - krb5_checksum cksum; - krb5_keyusage usage = 0; - -+ switch (sig->type) { -+ case CKSUMTYPE_HMAC_MD5_ARCFOUR: -+ /* ignores the key type */ -+ break; -+ case CKSUMTYPE_HMAC_SHA1_96_AES256: -+ if (KRB5_KEY_TYPE(keyblock) != ENCTYPE_AES256_CTS_HMAC_SHA1_96) { -+ return EINVAL; -+ } -+ /* ok */ -+ break; -+ case CKSUMTYPE_HMAC_SHA1_96_AES128: -+ if (KRB5_KEY_TYPE(keyblock) != ENCTYPE_AES128_CTS_HMAC_SHA1_96) { -+ return EINVAL; -+ } -+ /* ok */ -+ break; -+ default: -+ DEBUG(2,("check_pac_checksum: Checksum Type %d is not supported\n", -+ (int)sig->type)); -+ return EINVAL; -+ } -+ - smb_krb5_checksum_from_pac_sig(&cksum, sig); - - #ifdef HAVE_KRB5_KU_OTHER_CKSUM /* Heimdal */ --- -2.11.0 - diff --git a/src/patches/samba/CVE-2017-12150-v3-6.patch b/src/patches/samba/CVE-2017-12150-v3-6.patch deleted file mode 100644 index b221a840c..000000000 --- a/src/patches/samba/CVE-2017-12150-v3-6.patch +++ /dev/null @@ -1,102 +0,0 @@ -From d3198caa7a8910a9ce1eb4104d5b410ef29ac2bb Mon Sep 17 00:00:00 2001 -From: Stefan Metzmacher metze@samba.org -Date: Thu, 3 Nov 2016 17:16:43 +0100 -Subject: [PATCH 1/3] CVE-2017-12150: s3:lib: - get_cmdline_auth_info_signing_state use Required for smb_encrypt - -This is an addition to the fixes for CVE-2015-5296. - -It applies to smb2mount -e, smbcacls -e and smbcquotas -e. - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=12997 - -Signed-off-by: Stefan Metzmacher metze@samba.org -Backported-by: Andreas Schneider asn@samba.org ---- - source3/lib/util_cmdline.c | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/source3/lib/util_cmdline.c b/source3/lib/util_cmdline.c -index cb0b79a5d30..3178c848b63 100644 ---- a/source3/lib/util_cmdline.c -+++ b/source3/lib/util_cmdline.c -@@ -122,6 +122,9 @@ bool set_cmdline_auth_info_signing_state(struct user_auth_info *auth_info, - - int get_cmdline_auth_info_signing_state(const struct user_auth_info *auth_info) - { -+ if (auth_info->smb_encrypt) { -+ return Required; -+ } - return auth_info->signing_state; - } - --- -2.14.1 - - -From bb762a74c81159633f904f8fb67b49bab74a0b9c Mon Sep 17 00:00:00 2001 -From: Stefan Metzmacher metze@samba.org -Date: Mon, 12 Dec 2016 05:49:46 +0100 -Subject: [PATCH 2/3] CVE-2017-12150: libgpo: make use of Required for SMB - signing in gpo_connect_server() - -It's important that we use a signed connection to get the GPOs! - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=12997 - -Signed-off-by: Stefan Metzmacher metze@samba.org -Backported-by: Andreas Schneider asn@samba.org ---- - libgpo/gpo_fetch.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/libgpo/gpo_fetch.c b/libgpo/gpo_fetch.c -index 3cfe1d5b942..af012e01336 100644 ---- a/libgpo/gpo_fetch.c -+++ b/libgpo/gpo_fetch.c -@@ -151,7 +151,7 @@ static NTSTATUS gpo_connect_server(ADS_STRUCT *ads, struct loadparm_context *lp_ - ads->auth.password, - CLI_FULL_CONNECTION_USE_KERBEROS | - CLI_FULL_CONNECTION_FALLBACK_AFTER_KERBEROS, -- Undefined); -+ Required); - if (!NT_STATUS_IS_OK(result)) { - DEBUG(10,("check_refresh_gpo: " - "failed to connect: %s\n", --- -2.14.1 - - -From 070b0fb9ebb57cdbc2b82e335de021fb46bc543c Mon Sep 17 00:00:00 2001 -From: Stefan Metzmacher metze@samba.org -Date: Mon, 12 Dec 2016 06:07:56 +0100 -Subject: [PATCH 3/3] CVE-2017-12150: s3:libsmb: only fallback to anonymous if - authentication was not requested - -With forced encryption or required signing we should also don't fallback. - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=12997 - -Signed-off-by: Stefan Metzmacher metze@samba.org -Backported-by: Andreas Schneider asn@samba.org ---- - source3/libsmb/clidfs.c | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/source3/libsmb/clidfs.c b/source3/libsmb/clidfs.c -index 23e147120f1..120a2c999ce 100644 ---- a/source3/libsmb/clidfs.c -+++ b/source3/libsmb/clidfs.c -@@ -197,7 +197,9 @@ static struct cli_state *do_connect(TALLOC_CTX *ctx, - /* If a password was not supplied then - * try again with a null username. */ - if (password[0] || !username[0] || -+ force_encrypt || client_is_signing_mandatory(c) || - get_cmdline_auth_info_use_kerberos(auth_info) || -+ get_cmdline_auth_info_use_ccache(auth_info) || - !NT_STATUS_IS_OK(cli_session_setup(c, "", - "", 0, - "", 0, --- -2.14.1 - diff --git a/src/patches/samba/CVE-2017-12163.patch b/src/patches/samba/CVE-2017-12163.patch deleted file mode 100644 index 93fe2cec2..000000000 --- a/src/patches/samba/CVE-2017-12163.patch +++ /dev/null @@ -1,141 +0,0 @@ -From 9f1a51917649795123bedbefdea678317d392b48 Mon Sep 17 00:00:00 2001 -From: Jeremy Allison jra@samba.org -Date: Fri, 8 Sep 2017 10:13:14 -0700 -Subject: [PATCH] CVE-2017-12163: s3:smbd: Prevent client short SMB1 write from - writing server memory to file. - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=13020 - -Signed-off-by: Jeremy Allison jra@samba.org -Signed-off-by: Stefan Metzmacher metze@samba.org ---- - source3/smbd/reply.c | 50 ++++++++++++++++++++++++++++++++++++++++++++++++++ - 1 file changed, 50 insertions(+) - -diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c -index 1583c2358bb..9625670d653 100644 ---- a/source3/smbd/reply.c -+++ b/source3/smbd/reply.c -@@ -3977,6 +3977,9 @@ void reply_writebraw(struct smb_request *req) - } - - /* Ensure we don't write bytes past the end of this packet. */ -+ /* -+ * This already protects us against CVE-2017-12163. -+ */ - if (data + numtowrite > smb_base(req->inbuf) + smb_len(req->inbuf)) { - reply_nterror(req, NT_STATUS_INVALID_PARAMETER); - error_to_writebrawerr(req); -@@ -4078,6 +4081,11 @@ void reply_writebraw(struct smb_request *req) - exit_server_cleanly("secondary writebraw failed"); - } - -+ /* -+ * We are not vulnerable to CVE-2017-12163 -+ * here as we are guarenteed to have numtowrite -+ * bytes available - we just read from the client. -+ */ - nwritten = write_file(req,fsp,buf+4,startpos+nwritten,numtowrite); - if (nwritten == -1) { - TALLOC_FREE(buf); -@@ -4159,6 +4167,7 @@ void reply_writeunlock(struct smb_request *req) - connection_struct *conn = req->conn; - ssize_t nwritten = -1; - size_t numtowrite; -+ size_t remaining; - SMB_OFF_T startpos; - const char *data; - NTSTATUS status = NT_STATUS_OK; -@@ -4191,6 +4200,17 @@ void reply_writeunlock(struct smb_request *req) - startpos = IVAL_TO_SMB_OFF_T(req->vwv+2, 0); - data = (const char *)req->buf + 3; - -+ /* -+ * Ensure client isn't asking us to write more than -+ * they sent. CVE-2017-12163. -+ */ -+ remaining = smbreq_bufrem(req, data); -+ if (numtowrite > remaining) { -+ reply_nterror(req, NT_STATUS_INVALID_PARAMETER); -+ END_PROFILE(SMBwriteunlock); -+ return; -+ } -+ - if (!fsp->print_file && numtowrite > 0) { - init_strict_lock_struct(fsp, (uint64_t)req->smbpid, - (uint64_t)startpos, (uint64_t)numtowrite, WRITE_LOCK, -@@ -4272,6 +4292,7 @@ void reply_write(struct smb_request *req) - { - connection_struct *conn = req->conn; - size_t numtowrite; -+ size_t remaining; - ssize_t nwritten = -1; - SMB_OFF_T startpos; - const char *data; -@@ -4312,6 +4333,17 @@ void reply_write(struct smb_request *req) - startpos = IVAL_TO_SMB_OFF_T(req->vwv+2, 0); - data = (const char *)req->buf + 3; - -+ /* -+ * Ensure client isn't asking us to write more than -+ * they sent. CVE-2017-12163. -+ */ -+ remaining = smbreq_bufrem(req, data); -+ if (numtowrite > remaining) { -+ reply_nterror(req, NT_STATUS_INVALID_PARAMETER); -+ END_PROFILE(SMBwrite); -+ return; -+ } -+ - if (!fsp->print_file) { - init_strict_lock_struct(fsp, (uint64_t)req->smbpid, - (uint64_t)startpos, (uint64_t)numtowrite, WRITE_LOCK, -@@ -4523,6 +4555,9 @@ void reply_write_and_X(struct smb_request *req) - return; - } - } else { -+ /* -+ * This already protects us against CVE-2017-12163. -+ */ - if (smb_doff > smblen || smb_doff + numtowrite < numtowrite || - smb_doff + numtowrite > smblen) { - reply_nterror(req, NT_STATUS_INVALID_PARAMETER); -@@ -4892,6 +4927,7 @@ void reply_writeclose(struct smb_request *req) - { - connection_struct *conn = req->conn; - size_t numtowrite; -+ size_t remaining; - ssize_t nwritten = -1; - NTSTATUS close_status = NT_STATUS_OK; - SMB_OFF_T startpos; -@@ -4925,6 +4961,17 @@ void reply_writeclose(struct smb_request *req) - mtime = convert_time_t_to_timespec(srv_make_unix_date3(req->vwv+4)); - data = (const char *)req->buf + 1; - -+ /* -+ * Ensure client isn't asking us to write more than -+ * they sent. CVE-2017-12163. -+ */ -+ remaining = smbreq_bufrem(req, data); -+ if (numtowrite > remaining) { -+ reply_nterror(req, NT_STATUS_INVALID_PARAMETER); -+ END_PROFILE(SMBwriteclose); -+ return; -+ } -+ - if (!fsp->print_file) { - init_strict_lock_struct(fsp, (uint64_t)req->smbpid, - (uint64_t)startpos, (uint64_t)numtowrite, WRITE_LOCK, -@@ -5495,6 +5542,9 @@ void reply_printwrite(struct smb_request *req) - - numtowrite = SVAL(req->buf, 1); - -+ /* -+ * This already protects us against CVE-2017-12163. -+ */ - if (req->buflen < numtowrite + 3) { - reply_nterror(req, NT_STATUS_INVALID_PARAMETER); - END_PROFILE(SMBsplwr); --- -2.13.5 - diff --git a/src/patches/samba/CVE-2017-15275.patch b/src/patches/samba/CVE-2017-15275.patch deleted file mode 100644 index 758672e02..000000000 --- a/src/patches/samba/CVE-2017-15275.patch +++ /dev/null @@ -1,45 +0,0 @@ -From c1a22e59f87783d88dfbaeeb132b89be166b2754 Mon Sep 17 00:00:00 2001 -From: Jeremy Allison jra@samba.org -Date: Wed, 20 Sep 2017 11:04:50 -0700 -Subject: [PATCH 2/2] s3: smbd: Chain code can return uninitialized memory when - talloc buffer is grown. - -Ensure we zero out unused grown area. - -CVE-2017-15275 - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=13077 - -Signed-off-by: Jeremy Allison jra@samba.org ---- - source3/smbd/srvstr.c | 14 ++++++++++++++ - 1 file changed, 14 insertions(+) - -diff --git a/source3/smbd/srvstr.c b/source3/smbd/srvstr.c -index 56dceba8c6c..c2d70b32c32 100644 ---- a/source3/smbd/srvstr.c -+++ b/source3/smbd/srvstr.c -@@ -110,6 +110,20 @@ ssize_t message_push_string(uint8_t **outbuf, const char *str, int flags) - DEBUG(0, ("srvstr_push failed\n")); - return -1; - } -+ -+ /* -+ * Ensure we clear out the extra data we have -+ * grown the buffer by, but not written to. -+ */ -+ if (buf_size + result < buf_size) { -+ return -1; -+ } -+ if (grow_size < result) { -+ return -1; -+ } -+ -+ memset(tmp + buf_size + result, '\0', grow_size - result); -+ - set_message_bcc((char *)tmp, smb_buflen(tmp) + result); - - *outbuf = tmp; --- -2.11.0 - diff --git a/src/patches/samba/CVE-2017-2619.patch b/src/patches/samba/CVE-2017-2619.patch deleted file mode 100644 index 149e085fe..000000000 --- a/src/patches/samba/CVE-2017-2619.patch +++ /dev/null @@ -1,1328 +0,0 @@ -From a398754c9bb1639f762979765de6c540c714b5cb Mon Sep 17 00:00:00 2001 -From: Jeremy Allison jra@samba.org -Date: Mon, 20 Mar 2017 11:32:19 -0700 -Subject: [PATCH 01/15] CVE-2017-2619: s3/smbd: re-open directory after - dptr_CloseDir() - -dptr_CloseDir() will close and invalidate the fsp's file descriptor, we -have to reopen it. - -Bug: https://bugzilla.samba.org/show_bug.cgi?id=12496 - -Signed-off-by: Ralph Bohme slow@samba.org -Signed-off-by: Jeremy Allison jra@samba.org ---- - source3/smbd/open.c | 2 +- - source3/smbd/proto.h | 2 ++ - source3/smbd/smb2_find.c | 17 +++++++++++++++++ - 3 files changed, 20 insertions(+), 1 deletion(-) - -diff --git a/source3/smbd/open.c b/source3/smbd/open.c -index 441b8cd4362..35eee0a1485 100644 ---- a/source3/smbd/open.c -+++ b/source3/smbd/open.c -@@ -197,7 +197,7 @@ static NTSTATUS check_base_file_access(struct connection_struct *conn, - fd support routines - attempt to do a dos_open. - ****************************************************************************/ - --static NTSTATUS fd_open(struct connection_struct *conn, -+NTSTATUS fd_open(struct connection_struct *conn, - files_struct *fsp, - int flags, - mode_t mode) -diff --git a/source3/smbd/proto.h b/source3/smbd/proto.h -index f5fad2bbb50..594edfa1e98 100644 ---- a/source3/smbd/proto.h -+++ b/source3/smbd/proto.h -@@ -603,6 +603,8 @@ NTSTATUS smb1_file_se_access_check(connection_struct *conn, - const struct security_token *token, - uint32_t access_desired, - uint32_t *access_granted); -+NTSTATUS fd_open(struct connection_struct *conn, files_struct *fsp, -+ int flags, mode_t mode); - NTSTATUS fd_close(files_struct *fsp); - void change_file_owner_to_parent(connection_struct *conn, - const char *inherit_from_dir, -diff --git a/source3/smbd/smb2_find.c b/source3/smbd/smb2_find.c -index 6fe6545c128..9dd3176497b 100644 ---- a/source3/smbd/smb2_find.c -+++ b/source3/smbd/smb2_find.c -@@ -24,6 +24,7 @@ - #include "../libcli/smb/smb_common.h" - #include "trans2.h" - #include "../lib/util/tevent_ntstatus.h" -+#include "system/filesys.h" - - static struct tevent_req *smbd_smb2_find_send(TALLOC_CTX *mem_ctx, - struct tevent_context *ev, -@@ -301,7 +302,23 @@ static struct tevent_req *smbd_smb2_find_send(TALLOC_CTX *mem_ctx, - } - - if (in_flags & SMB2_CONTINUE_FLAG_REOPEN) { -+ int flags; -+ - dptr_CloseDir(fsp); -+ -+ /* -+ * dptr_CloseDir() will close and invalidate the fsp's file -+ * descriptor, we have to reopen it. -+ */ -+ -+ flags = O_RDONLY; -+#ifdef O_DIRECTORY -+ flags |= O_DIRECTORY; -+#endif -+ status = fd_open(conn, fsp, flags, 0); -+ if (tevent_req_nterror(req, status)) { -+ return tevent_req_post(req, ev); -+ } - } - - wcard_has_wild = ms_has_wild(in_file_name); --- -2.13.5 - - -From a35fa98b99aa60132eb2c083d6393c28905e2045 Mon Sep 17 00:00:00 2001 -From: Jeremy Allison jra@samba.org -Date: Tue, 28 Feb 2017 09:24:07 -0800 -Subject: [PATCH 02/15] s3: vfs: dirsort doesn't handle opendir of "." - correctly. - -Needs to store $cwd path for correct sorting. - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=12499 - -Signed-off-by: Jeremy Allison jra@samba.org ---- - source3/modules/vfs_dirsort.c | 4 ++++ - 1 file changed, 4 insertions(+) - -diff --git a/source3/modules/vfs_dirsort.c b/source3/modules/vfs_dirsort.c -index 66582e67890..dbcf0b16ed3 100644 ---- a/source3/modules/vfs_dirsort.c -+++ b/source3/modules/vfs_dirsort.c -@@ -153,6 +153,10 @@ static SMB_STRUCT_DIR *dirsort_opendir(vfs_handle_struct *handle, - return NULL; - } - -+ if (ISDOT(data->smb_fname->base_name)) { -+ data->smb_fname->base_name = vfs_GetWd(data, handle->conn); -+ } -+ - /* Open the underlying directory and count the number of entries */ - data->source_directory = SMB_VFS_NEXT_OPENDIR(handle, fname, mask, - attr); --- -2.13.5 - - -From 23d2849d724a0f5bdf51dc7d7db438ed9fb4c2a9 Mon Sep 17 00:00:00 2001 -From: Jeremy Allison jra@samba.org -Date: Mon, 13 Mar 2017 13:44:42 -0700 -Subject: [PATCH 03/15] s3: VFS: vfs_streams_xattr.c: Make streams_xattr_open() - store the same path as streams_xattr_recheck(). - -If the open is changing directories, fsp->fsp_name->base_name -will be the full path from the share root, whilst -smb_fname will be relative to the $cwd. - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=12546 - -Back-ported from a24ba3e4083200ec9885363efc5769f43183fb6b - -Signed-off-by: Jeremy Allison jra@samba.org ---- - source3/modules/vfs_streams_xattr.c | 9 ++++++++- - 1 file changed, 8 insertions(+), 1 deletion(-) - -diff --git a/source3/modules/vfs_streams_xattr.c b/source3/modules/vfs_streams_xattr.c -index 731c813f4d7..be46f8dc1e6 100644 ---- a/source3/modules/vfs_streams_xattr.c -+++ b/source3/modules/vfs_streams_xattr.c -@@ -511,8 +511,15 @@ static int streams_xattr_open(vfs_handle_struct *handle, - - sio->xattr_name = talloc_strdup(VFS_MEMCTX_FSP_EXTENSION(handle, fsp), - xattr_name); -+ /* -+ * sio->base needs to be a copy of fsp->fsp_name->base_name, -+ * making it identical to streams_xattr_recheck(). If the -+ * open is changing directories, fsp->fsp_name->base_name -+ * will be the full path from the share root, whilst -+ * smb_fname will be relative to the $cwd. -+ */ - sio->base = talloc_strdup(VFS_MEMCTX_FSP_EXTENSION(handle, fsp), -- smb_fname->base_name); -+ fsp->fsp_name->base_name); - sio->fsp_name_ptr = fsp->fsp_name; - sio->handle = handle; - sio->fsp = fsp; --- -2.13.5 - - -From 91935aaf77c70e3e2436af1d6e4a538d29fd4276 Mon Sep 17 00:00:00 2001 -From: Jeremy Allison jra@samba.org -Date: Mon, 13 Mar 2017 13:54:04 -0700 -Subject: [PATCH 04/15] vfs_streams_xattr: use fsp, not base_fsp - -The base_fsp's fd is always -1 as it's closed after being openend in -create_file_unixpath(). - -Additionally in streams_xattr_open force using of SMB_VFS_FSETXATTR() by -sticking the just created fd into the fsp (and removing it afterwards). - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=12591 - -Back-ported from 021189e32ba507832b5e821e5cda8a2889225955. - -Signed-off-by: Jeremy Allison jra@samba.org ---- - source3/modules/vfs_streams_xattr.c | 205 +++++++++++++++++------------------- - 1 file changed, 99 insertions(+), 106 deletions(-) - -diff --git a/source3/modules/vfs_streams_xattr.c b/source3/modules/vfs_streams_xattr.c -index be46f8dc1e6..a4ab84bba71 100644 ---- a/source3/modules/vfs_streams_xattr.c -+++ b/source3/modules/vfs_streams_xattr.c -@@ -229,7 +229,7 @@ static int streams_xattr_fstat(vfs_handle_struct *handle, files_struct *fsp, - return -1; - } - -- sbuf->st_ex_size = get_xattr_size(handle->conn, fsp->base_fsp, -+ sbuf->st_ex_size = get_xattr_size(handle->conn, fsp, - io->base, io->xattr_name); - if (sbuf->st_ex_size == -1) { - return -1; -@@ -364,6 +364,7 @@ static int streams_xattr_open(vfs_handle_struct *handle, - char *xattr_name = NULL; - int baseflags; - int hostfd = -1; -+ int ret; - - DEBUG(10, ("streams_xattr_open called for %s\n", - smb_fname_str_dbg(smb_fname))); -@@ -375,133 +376,125 @@ static int streams_xattr_open(vfs_handle_struct *handle, - /* If the default stream is requested, just open the base file. */ - if (is_ntfs_default_stream_smb_fname(smb_fname)) { - char *tmp_stream_name; -- int ret; - - tmp_stream_name = smb_fname->stream_name; - smb_fname->stream_name = NULL; - - ret = SMB_VFS_NEXT_OPEN(handle, smb_fname, fsp, flags, mode); - -- smb_fname->stream_name = tmp_stream_name; -- -- return ret; -- } -+ smb_fname->stream_name = tmp_stream_name; - -- status = streams_xattr_get_name(talloc_tos(), smb_fname->stream_name, -- &xattr_name); -- if (!NT_STATUS_IS_OK(status)) { -- errno = map_errno_from_nt_status(status); -- goto fail; -- } -+ return ret; -+ } - -- /* Create an smb_filename with stream_name == NULL. */ -- status = create_synthetic_smb_fname(talloc_tos(), -- smb_fname->base_name, -- NULL, NULL, -- &smb_fname_base); -- if (!NT_STATUS_IS_OK(status)) { -- errno = map_errno_from_nt_status(status); -- goto fail; -- } -+ status = streams_xattr_get_name(talloc_tos(), smb_fname->stream_name, -+ &xattr_name); -+ if (!NT_STATUS_IS_OK(status)) { -+ errno = map_errno_from_nt_status(status); -+ goto fail; -+ } - -- /* -- * We use baseflags to turn off nasty side-effects when opening the -- * underlying file. -- */ -- baseflags = flags; -- baseflags &= ~O_TRUNC; -- baseflags &= ~O_EXCL; -- baseflags &= ~O_CREAT; -+ /* Create an smb_filename with stream_name == NULL. */ -+ status = create_synthetic_smb_fname(talloc_tos(), -+ smb_fname->base_name, -+ NULL, NULL, -+ &smb_fname_base); -+ if (!NT_STATUS_IS_OK(status)) { -+ errno = map_errno_from_nt_status(status); -+ goto fail; -+ } - -- hostfd = SMB_VFS_OPEN(handle->conn, smb_fname_base, fsp, -- baseflags, mode); -+ /* -+ * We use baseflags to turn off nasty side-effects when opening the -+ * underlying file. -+ */ -+ baseflags = flags; -+ baseflags &= ~O_TRUNC; -+ baseflags &= ~O_EXCL; -+ baseflags &= ~O_CREAT; - -- TALLOC_FREE(smb_fname_base); -+ hostfd = SMB_VFS_OPEN(handle->conn, smb_fname_base, fsp, -+ baseflags, mode); - -- /* It is legit to open a stream on a directory, but the base -- * fd has to be read-only. -- */ -- if ((hostfd == -1) && (errno == EISDIR)) { -- baseflags &= ~O_ACCMODE; -- baseflags |= O_RDONLY; -- hostfd = SMB_VFS_OPEN(handle->conn, smb_fname, fsp, baseflags, -- mode); -- } -+ TALLOC_FREE(smb_fname_base); - -- if (hostfd == -1) { -- goto fail; -- } -+ /* It is legit to open a stream on a directory, but the base -+ * fd has to be read-only. -+ */ -+ if ((hostfd == -1) && (errno == EISDIR)) { -+ baseflags &= ~O_ACCMODE; -+ baseflags |= O_RDONLY; -+ hostfd = SMB_VFS_OPEN(handle->conn, smb_fname, fsp, baseflags, -+ mode); -+ } - -- status = get_ea_value(talloc_tos(), handle->conn, NULL, -- smb_fname->base_name, xattr_name, &ea); -+ if (hostfd == -1) { -+ goto fail; -+ } - -- DEBUG(10, ("get_ea_value returned %s\n", nt_errstr(status))); -+ status = get_ea_value(talloc_tos(), handle->conn, NULL, -+ smb_fname->base_name, xattr_name, &ea); - -- if (!NT_STATUS_IS_OK(status) -- && !NT_STATUS_EQUAL(status, NT_STATUS_NOT_FOUND)) { -- /* -- * The base file is not there. This is an error even if we got -- * O_CREAT, the higher levels should have created the base -- * file for us. -- */ -- DEBUG(10, ("streams_xattr_open: base file %s not around, " -- "returning ENOENT\n", smb_fname->base_name)); -- errno = ENOENT; -- goto fail; -- } -+ DEBUG(10, ("get_ea_value returned %s\n", nt_errstr(status))); - -- if (!NT_STATUS_IS_OK(status)) { -- /* -- * The attribute does not exist -- */ -+ if (!NT_STATUS_IS_OK(status) -+ && !NT_STATUS_EQUAL(status, NT_STATUS_NOT_FOUND)) { -+ /* -+ * The base file is not there. This is an error even if we got -+ * O_CREAT, the higher levels should have created the base -+ * file for us. -+ */ -+ DEBUG(10, ("streams_xattr_open: base file %s not around, " -+ "returning ENOENT\n", smb_fname->base_name)); -+ errno = ENOENT; -+ goto fail; -+ } - -- if (flags & O_CREAT) { -+ if (!NT_STATUS_IS_OK(status)) { - /* -- * Darn, xattrs need at least 1 byte -+ * The attribute does not exist - */ -- char null = '\0'; - -- DEBUG(10, ("creating attribute %s on file %s\n", -- xattr_name, smb_fname->base_name)); -+ if (flags & O_CREAT) { -+ /* -+ * Darn, xattrs need at least 1 byte -+ */ -+ char null = '\0'; -+ -+ DEBUG(10, ("creating attribute %s on file %s\n", -+ xattr_name, smb_fname->base_name)); -+ -+ fsp->fh->fd = hostfd; -+ ret = SMB_VFS_FSETXATTR(fsp, xattr_name, -+ &null, sizeof(null), -+ flags & O_EXCL ? XATTR_CREATE : 0); -+ fsp->fh->fd = -1; -+ if (ret != 0) { -+ goto fail; -+ } -+ } -+ } - -+ if (flags & O_TRUNC) { -+ char null = '\0'; - if (fsp->base_fsp->fh->fd != -1) { -- if (SMB_VFS_FSETXATTR( -- fsp->base_fsp, xattr_name, -- &null, sizeof(null), -- flags & O_EXCL ? XATTR_CREATE : 0) == -1) { -+ if (SMB_VFS_FSETXATTR( -+ fsp->base_fsp, xattr_name, -+ &null, sizeof(null), -+ flags & O_EXCL ? XATTR_CREATE : 0) == -1) { - goto fail; - } - } else { -- if (SMB_VFS_SETXATTR( -- handle->conn, smb_fname->base_name, -- xattr_name, &null, sizeof(null), -- flags & O_EXCL ? XATTR_CREATE : 0) == -1) { -+ if (SMB_VFS_SETXATTR( -+ handle->conn, smb_fname->base_name, -+ xattr_name, &null, sizeof(null), -+ flags & O_EXCL ? XATTR_CREATE : 0) == -1) { - goto fail; - } - } - } -- } -- -- if (flags & O_TRUNC) { -- char null = '\0'; -- if (fsp->base_fsp->fh->fd != -1) { -- if (SMB_VFS_FSETXATTR( -- fsp->base_fsp, xattr_name, -- &null, sizeof(null), -- flags & O_EXCL ? XATTR_CREATE : 0) == -1) { -- goto fail; -- } -- } else { -- if (SMB_VFS_SETXATTR( -- handle->conn, smb_fname->base_name, -- xattr_name, &null, sizeof(null), -- flags & O_EXCL ? XATTR_CREATE : 0) == -1) { -- goto fail; -- } -- } -- } - -- sio = (struct stream_io *)VFS_ADD_FSP_EXTENSION(handle, fsp, -+ sio = (struct stream_io *)VFS_ADD_FSP_EXTENSION(handle, fsp, - struct stream_io, - NULL); - if (sio == NULL) { -@@ -868,7 +861,7 @@ static ssize_t streams_xattr_pwrite(vfs_handle_struct *handle, - return -1; - } - -- status = get_ea_value(talloc_tos(), handle->conn, fsp->base_fsp, -+ status = get_ea_value(talloc_tos(), handle->conn, fsp, - sio->base, sio->xattr_name, &ea); - if (!NT_STATUS_IS_OK(status)) { - return -1; -@@ -892,13 +885,13 @@ static ssize_t streams_xattr_pwrite(vfs_handle_struct *handle, - - memcpy(ea.value.data + offset, data, n); - -- if (fsp->base_fsp->fh->fd != -1) { -- ret = SMB_VFS_FSETXATTR(fsp->base_fsp, -+ if (fsp->fh->fd != -1) { -+ ret = SMB_VFS_FSETXATTR(fsp, - sio->xattr_name, - ea.value.data, ea.value.length, 0); - } else { - ret = SMB_VFS_SETXATTR(fsp->conn, -- fsp->base_fsp->fsp_name->base_name, -+ fsp->fsp_name->base_name, - sio->xattr_name, - ea.value.data, ea.value.length, 0); - } -@@ -932,7 +925,7 @@ static ssize_t streams_xattr_pread(vfs_handle_struct *handle, - return -1; - } - -- status = get_ea_value(talloc_tos(), handle->conn, fsp->base_fsp, -+ status = get_ea_value(talloc_tos(), handle->conn, fsp, - sio->base, sio->xattr_name, &ea); - if (!NT_STATUS_IS_OK(status)) { - return -1; -@@ -977,7 +970,7 @@ static int streams_xattr_ftruncate(struct vfs_handle_struct *handle, - return -1; - } - -- status = get_ea_value(talloc_tos(), handle->conn, fsp->base_fsp, -+ status = get_ea_value(talloc_tos(), handle->conn, fsp, - sio->base, sio->xattr_name, &ea); - if (!NT_STATUS_IS_OK(status)) { - return -1; -@@ -1002,13 +995,13 @@ static int streams_xattr_ftruncate(struct vfs_handle_struct *handle, - ea.value.length = offset + 1; - ea.value.data[offset] = 0; - -- if (fsp->base_fsp->fh->fd != -1) { -- ret = SMB_VFS_FSETXATTR(fsp->base_fsp, -+ if (fsp->fh->fd != -1) { -+ ret = SMB_VFS_FSETXATTR(fsp, - sio->xattr_name, - ea.value.data, ea.value.length, 0); - } else { - ret = SMB_VFS_SETXATTR(fsp->conn, -- fsp->base_fsp->fsp_name->base_name, -+ fsp->fsp_name->base_name, - sio->xattr_name, - ea.value.data, ea.value.length, 0); - } --- -2.13.5 - - -From 3f3c731faaa59f4d3ce7e49c12795c40e048d29f Mon Sep 17 00:00:00 2001 -From: Jeremy Allison jra@samba.org -Date: Mon, 19 Dec 2016 11:55:56 -0800 -Subject: [PATCH 05/15] s3: smbd: Create wrapper function for OpenDir in - preparation for making robust. - -CVE-2017-2619 - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=12496 - -Signed-off-by: Jeremy Allison jra@samba.org ---- - source3/smbd/dir.c | 15 ++++++++++++++- - 1 file changed, 14 insertions(+), 1 deletion(-) - -diff --git a/source3/smbd/dir.c b/source3/smbd/dir.c -index 18ecf066824..ebe2641f813 100644 ---- a/source3/smbd/dir.c -+++ b/source3/smbd/dir.c -@@ -1367,7 +1367,8 @@ static int smb_Dir_destructor(struct smb_Dir *dirp) - Open a directory. - ********************************************************************/ - --struct smb_Dir *OpenDir(TALLOC_CTX *mem_ctx, connection_struct *conn, -+static struct smb_Dir *OpenDir_internal(TALLOC_CTX *mem_ctx, -+ connection_struct *conn, - const char *name, - const char *mask, - uint32 attr) -@@ -1407,6 +1408,18 @@ struct smb_Dir *OpenDir(TALLOC_CTX *mem_ctx, connection_struct *conn, - return NULL; - } - -+struct smb_Dir *OpenDir(TALLOC_CTX *mem_ctx, connection_struct *conn, -+ const char *name, -+ const char *mask, -+ uint32_t attr) -+{ -+ return OpenDir_internal(mem_ctx, -+ conn, -+ name, -+ mask, -+ attr); -+} -+ - /******************************************************************* - Open a directory from an fsp. - ********************************************************************/ --- -2.13.5 - - -From 7efeb067c1586e0f1cfbb775b1efcb3b92005140 Mon Sep 17 00:00:00 2001 -From: Jeremy Allison jra@samba.org -Date: Mon, 19 Dec 2016 16:25:26 -0800 -Subject: [PATCH 06/15] s3: smbd: Opendir_internal() early return if - SMB_VFS_OPENDIR failed. - -CVE-2017-2619 - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=12496 - -Signed-off-by: Jeremy Allison jra@samba.org ---- - source3/smbd/dir.c | 14 +++++++------- - 1 file changed, 7 insertions(+), 7 deletions(-) - -diff --git a/source3/smbd/dir.c b/source3/smbd/dir.c -index ebe2641f813..65327dd0dd1 100644 ---- a/source3/smbd/dir.c -+++ b/source3/smbd/dir.c -@@ -1380,6 +1380,13 @@ static struct smb_Dir *OpenDir_internal(TALLOC_CTX *mem_ctx, - return NULL; - } - -+ dirp->dir = SMB_VFS_OPENDIR(conn, name, mask, attr); -+ if (!dirp->dir) { -+ DEBUG(5,("OpenDir: Can't open %s. %s\n", name, -+ strerror(errno) )); -+ goto fail; -+ } -+ - dirp->conn = conn; - dirp->name_cache_size = lp_directory_name_cache_size(SNUM(conn)); - -@@ -1394,13 +1401,6 @@ static struct smb_Dir *OpenDir_internal(TALLOC_CTX *mem_ctx, - } - talloc_set_destructor(dirp, smb_Dir_destructor); - -- dirp->dir = SMB_VFS_OPENDIR(conn, dirp->dir_path, mask, attr); -- if (!dirp->dir) { -- DEBUG(5,("OpenDir: Can't open %s. %s\n", dirp->dir_path, -- strerror(errno) )); -- goto fail; -- } -- - return dirp; - - fail: --- -2.13.5 - - -From 49d22a0c51ef1f78f0488a7c35131887704e987b Mon Sep 17 00:00:00 2001 -From: Jeremy Allison jra@samba.org -Date: Mon, 19 Dec 2016 16:35:00 -0800 -Subject: [PATCH 07/15] s3: smbd: Create and use open_dir_safely(). Use from - OpenDir(). - -Hardens OpenDir against TOC/TOU races. - -CVE-2017-2619 - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=12496 - -Signed-off-by: Jeremy Allison jra@samba.org ---- - source3/smbd/dir.c | 66 ++++++++++++++++++++++++++++++++++++++++++++++++------ - 1 file changed, 59 insertions(+), 7 deletions(-) - -diff --git a/source3/smbd/dir.c b/source3/smbd/dir.c -index 65327dd0dd1..2d168c3ba9f 100644 ---- a/source3/smbd/dir.c -+++ b/source3/smbd/dir.c -@@ -1390,12 +1390,6 @@ static struct smb_Dir *OpenDir_internal(TALLOC_CTX *mem_ctx, - dirp->conn = conn; - dirp->name_cache_size = lp_directory_name_cache_size(SNUM(conn)); - -- dirp->dir_path = talloc_strdup(dirp, name); -- if (!dirp->dir_path) { -- errno = ENOMEM; -- goto fail; -- } -- - if (sconn && !sconn->using_smb2) { - sconn->searches.dirhandles_open++; - } -@@ -1408,12 +1402,70 @@ static struct smb_Dir *OpenDir_internal(TALLOC_CTX *mem_ctx, - return NULL; - } - -+/**************************************************************************** -+ Open a directory handle by pathname, ensuring it's under the share path. -+****************************************************************************/ -+ -+static struct smb_Dir *open_dir_safely(TALLOC_CTX *ctx, -+ connection_struct *conn, -+ const char *name, -+ const char *wcard, -+ uint32_t attr) -+{ -+ struct smb_Dir *dir_hnd = NULL; -+ char *saved_dir = vfs_GetWd(ctx, conn); -+ NTSTATUS status; -+ -+ if (saved_dir == NULL) { -+ return NULL; -+ } -+ -+ if (vfs_ChDir(conn, name) == -1) { -+ goto out; -+ } -+ -+ /* -+ * Now the directory is pinned, use -+ * REALPATH to ensure we can access it. -+ */ -+ status = check_name(conn, "."); -+ if (!NT_STATUS_IS_OK(status)) { -+ goto out; -+ } -+ -+ dir_hnd = OpenDir_internal(ctx, -+ conn, -+ ".", -+ wcard, -+ attr); -+ -+ if (dir_hnd == NULL) { -+ goto out; -+ } -+ -+ /* -+ * OpenDir_internal only gets "." as the dir name. -+ * Store the real dir name here. -+ */ -+ -+ dir_hnd->dir_path = talloc_strdup(dir_hnd, name); -+ if (!dir_hnd->dir_path) { -+ errno = ENOMEM; -+ } -+ -+ out: -+ -+ vfs_ChDir(conn, saved_dir); -+ TALLOC_FREE(saved_dir); -+ return dir_hnd; -+} -+ - struct smb_Dir *OpenDir(TALLOC_CTX *mem_ctx, connection_struct *conn, - const char *name, - const char *mask, - uint32_t attr) - { -- return OpenDir_internal(mem_ctx, -+ return open_dir_safely(mem_ctx, - conn, - name, - mask, --- -2.13.5 - - -From 6426ae1f9ef53158a6fbe1912dfec40d834115fe Mon Sep 17 00:00:00 2001 -From: Jeremy Allison jra@samba.org -Date: Mon, 19 Dec 2016 12:13:20 -0800 -Subject: [PATCH 08/15] s3: smbd: OpenDir_fsp() use early returns. - -CVE-2017-2619 - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=12496 - -Signed-off-by: Jeremy Allison jra@samba.org ---- - source3/smbd/dir.c | 34 +++++++++++++++++++++------------- - 1 file changed, 21 insertions(+), 13 deletions(-) - -diff --git a/source3/smbd/dir.c b/source3/smbd/dir.c -index 2d168c3ba9f..6aed4a6da46 100644 ---- a/source3/smbd/dir.c -+++ b/source3/smbd/dir.c -@@ -1485,7 +1485,17 @@ static struct smb_Dir *OpenDir_fsp(TALLOC_CTX *mem_ctx, connection_struct *conn, - struct smbd_server_connection *sconn = conn->sconn; - - if (!dirp) { -- return NULL; -+ goto fail; -+ } -+ -+ if (!fsp->is_directory) { -+ errno = EBADF; -+ goto fail; -+ } -+ -+ if (fsp->fh->fd == -1) { -+ errno = EBADF; -+ goto fail; - } - - dirp->conn = conn; -@@ -1502,18 +1512,16 @@ static struct smb_Dir *OpenDir_fsp(TALLOC_CTX *mem_ctx, connection_struct *conn, - } - talloc_set_destructor(dirp, smb_Dir_destructor); - -- if (fsp->is_directory && fsp->fh->fd != -1) { -- dirp->dir = SMB_VFS_FDOPENDIR(fsp, mask, attr); -- if (dirp->dir != NULL) { -- dirp->fsp = fsp; -- } else { -- DEBUG(10,("OpenDir_fsp: SMB_VFS_FDOPENDIR on %s returned " -- "NULL (%s)\n", -- dirp->dir_path, -- strerror(errno))); -- if (errno != ENOSYS) { -- return NULL; -- } -+ dirp->dir = SMB_VFS_FDOPENDIR(fsp, mask, attr); -+ if (dirp->dir != NULL) { -+ dirp->fsp = fsp; -+ } else { -+ DEBUG(10,("OpenDir_fsp: SMB_VFS_FDOPENDIR on %s returned " -+ "NULL (%s)\n", -+ dirp->dir_path, -+ strerror(errno))); -+ if (errno != ENOSYS) { -+ return NULL; - } - } - --- -2.13.5 - - -From f6581858ce665b880c5fea465ec61b1b0c504d89 Mon Sep 17 00:00:00 2001 -From: Jeremy Allison jra@samba.org -Date: Mon, 19 Dec 2016 12:15:59 -0800 -Subject: [PATCH 09/15] s3: smbd: OpenDir_fsp() - Fix memory leak on error. - -CVE-2017-2619 - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=12496 - -Signed-off-by: Jeremy Allison jra@samba.org ---- - source3/smbd/dir.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/source3/smbd/dir.c b/source3/smbd/dir.c -index 6aed4a6da46..efd1a73aab6 100644 ---- a/source3/smbd/dir.c -+++ b/source3/smbd/dir.c -@@ -1521,7 +1521,7 @@ static struct smb_Dir *OpenDir_fsp(TALLOC_CTX *mem_ctx, connection_struct *conn, - dirp->dir_path, - strerror(errno))); - if (errno != ENOSYS) { -- return NULL; -+ goto fail; - } - } - --- -2.13.5 - - -From bacba6987e58d44886d04b1dd5e36f7781dcd9b0 Mon Sep 17 00:00:00 2001 -From: Jeremy Allison jra@samba.org -Date: Mon, 19 Dec 2016 12:32:07 -0800 -Subject: [PATCH 10/15] s3: smbd: Move the reference counting and destructor - setup to just before retuning success. - -CVE-2017-2619 - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=12496 - -Signed-off-by: Jeremy Allison jra@samba.org ---- - source3/smbd/dir.c | 10 +++++----- - 1 file changed, 5 insertions(+), 5 deletions(-) - -diff --git a/source3/smbd/dir.c b/source3/smbd/dir.c -index efd1a73aab6..5eca128c033 100644 ---- a/source3/smbd/dir.c -+++ b/source3/smbd/dir.c -@@ -1507,11 +1507,6 @@ static struct smb_Dir *OpenDir_fsp(TALLOC_CTX *mem_ctx, connection_struct *conn, - goto fail; - } - -- if (sconn && !sconn->using_smb2) { -- sconn->searches.dirhandles_open++; -- } -- talloc_set_destructor(dirp, smb_Dir_destructor); -- - dirp->dir = SMB_VFS_FDOPENDIR(fsp, mask, attr); - if (dirp->dir != NULL) { - dirp->fsp = fsp; -@@ -1536,6 +1531,11 @@ static struct smb_Dir *OpenDir_fsp(TALLOC_CTX *mem_ctx, connection_struct *conn, - goto fail; - } - -+ if (sconn && !sconn->using_smb2) { -+ sconn->searches.dirhandles_open++; -+ } -+ talloc_set_destructor(dirp, smb_Dir_destructor); -+ - return dirp; - - fail: --- -2.13.5 - - -From 34b3d05b55f5c40de76ba65d6b028818518a519f Mon Sep 17 00:00:00 2001 -From: Jeremy Allison jra@samba.org -Date: Mon, 19 Dec 2016 12:35:32 -0800 -Subject: [PATCH 11/15] s3: smbd: Correctly fallback to open_dir_safely if - FDOPENDIR not supported on system. - -CVE-2017-2619 - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=12496 - -Signed-off-by: Jeremy Allison jra@samba.org ---- - source3/smbd/dir.c | 15 +++++++-------- - 1 file changed, 7 insertions(+), 8 deletions(-) - -diff --git a/source3/smbd/dir.c b/source3/smbd/dir.c -index 5eca128c033..7690cb18c1a 100644 ---- a/source3/smbd/dir.c -+++ b/source3/smbd/dir.c -@@ -1521,14 +1521,13 @@ static struct smb_Dir *OpenDir_fsp(TALLOC_CTX *mem_ctx, connection_struct *conn, - } - - if (dirp->dir == NULL) { -- /* FDOPENDIR didn't work. Use OPENDIR instead. */ -- dirp->dir = SMB_VFS_OPENDIR(conn, dirp->dir_path, mask, attr); -- } -- -- if (!dirp->dir) { -- DEBUG(5,("OpenDir_fsp: Can't open %s. %s\n", dirp->dir_path, -- strerror(errno) )); -- goto fail; -+ /* FDOPENDIR is not supported. Use OPENDIR instead. */ -+ TALLOC_FREE(dirp); -+ return open_dir_safely(mem_ctx, -+ conn, -+ fsp->fsp_name->base_name, -+ mask, -+ attr); - } - - if (sconn && !sconn->using_smb2) { --- -2.13.5 - - -From 84bc8b232a4495bff270b7800833ef6785937576 Mon Sep 17 00:00:00 2001 -From: Jeremy Allison jra@samba.org -Date: Thu, 15 Dec 2016 12:52:13 -0800 -Subject: [PATCH 12/15] s3: smbd: Remove O_NOFOLLOW guards. We insist on - O_NOFOLLOW existing. - -CVE-2017-2619 - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=12496 - -Signed-off-by: Jeremy Allison jra@samba.org ---- - source3/smbd/open.c | 4 +--- - 1 file changed, 1 insertion(+), 3 deletions(-) - -diff --git a/source3/smbd/open.c b/source3/smbd/open.c -index 35eee0a1485..8417f8aca4a 100644 ---- a/source3/smbd/open.c -+++ b/source3/smbd/open.c -@@ -205,8 +205,7 @@ NTSTATUS fd_open(struct connection_struct *conn, - struct smb_filename *smb_fname = fsp->fsp_name; - NTSTATUS status = NT_STATUS_OK; - --#ifdef O_NOFOLLOW -- /* -+ /* - * Never follow symlinks on a POSIX client. The - * client should be doing this. - */ -@@ -214,7 +213,6 @@ NTSTATUS fd_open(struct connection_struct *conn, - if (fsp->posix_open || !lp_symlinks(SNUM(conn))) { - flags |= O_NOFOLLOW; - } --#endif - - fsp->fh->fd = SMB_VFS_OPEN(conn, smb_fname, fsp, flags, mode); - if (fsp->fh->fd == -1) { --- -2.13.5 - - -From af0c5a266ae65ad2a638fe48a7ad7d77417f97d7 Mon Sep 17 00:00:00 2001 -From: Jeremy Allison jra@samba.org -Date: Thu, 15 Dec 2016 12:56:08 -0800 -Subject: [PATCH 13/15] s3: smbd: Move special handling of symlink errno's into - a utility function. - -CVE-2017-2619 - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=12496 - -Signed-off-by: Jeremy Allison jra@samba.org ---- - source3/smbd/open.c | 30 ++++++++++++++++++++++++++++-- - 1 file changed, 28 insertions(+), 2 deletions(-) - -diff --git a/source3/smbd/open.c b/source3/smbd/open.c -index 8417f8aca4a..e727e89e9d8 100644 ---- a/source3/smbd/open.c -+++ b/source3/smbd/open.c -@@ -194,6 +194,31 @@ static NTSTATUS check_base_file_access(struct connection_struct *conn, - } - - /**************************************************************************** -+ Handle differing symlink errno's -+****************************************************************************/ -+ -+static int link_errno_convert(int err) -+{ -+#if defined(ENOTSUP) && defined(OSF1) -+ /* handle special Tru64 errno */ -+ if (err == ENOTSUP) { -+ err = ELOOP; -+ } -+#endif /* ENOTSUP */ -+#ifdef EFTYPE -+ /* fix broken NetBSD errno */ -+ if (err == EFTYPE) { -+ err = ELOOP; -+ } -+#endif /* EFTYPE */ -+ /* fix broken FreeBSD errno */ -+ if (err == EMLINK) { -+ err = ELOOP; -+ } -+ return err; -+} -+ -+/**************************************************************************** - fd support routines - attempt to do a dos_open. - ****************************************************************************/ - -@@ -216,8 +241,9 @@ NTSTATUS fd_open(struct connection_struct *conn, - - fsp->fh->fd = SMB_VFS_OPEN(conn, smb_fname, fsp, flags, mode); - if (fsp->fh->fd == -1) { -- status = map_nt_error_from_unix(errno); -- if (errno == EMFILE) { -+ int posix_errno = link_errno_convert(errno); -+ status = map_nt_error_from_unix(posix_errno); -+ if (posix_errno == EMFILE) { - static time_t last_warned = 0L; - - if (time((time_t *) NULL) > last_warned) { --- -2.13.5 - - -From c3bc4ff0367d7a3ebfd64db6defddea0bc3a5f4a Mon Sep 17 00:00:00 2001 -From: Jeremy Allison jra@samba.org -Date: Thu, 15 Dec 2016 13:04:46 -0800 -Subject: [PATCH 14/15] s3: smbd: Add the core functions to prevent symlink - open races. - -CVE-2017-2619 - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=12496 - -Signed-off-by: Jeremy Allison jra@samba.org ---- - source3/smbd/open.c | 242 ++++++++++++++++++++++++++++++++++++++++++++++++++++ - 1 file changed, 242 insertions(+) - -diff --git a/source3/smbd/open.c b/source3/smbd/open.c -index e727e89e9d8..0998adc416a 100644 ---- a/source3/smbd/open.c -+++ b/source3/smbd/open.c -@@ -218,6 +218,248 @@ static int link_errno_convert(int err) - return err; - } - -+static int non_widelink_open(struct connection_struct *conn, -+ const char *conn_rootdir, -+ files_struct *fsp, -+ struct smb_filename *smb_fname, -+ int flags, -+ mode_t mode, -+ unsigned int link_depth); -+ -+/**************************************************************************** -+ Follow a symlink in userspace. -+****************************************************************************/ -+ -+static int process_symlink_open(struct connection_struct *conn, -+ const char *conn_rootdir, -+ files_struct *fsp, -+ struct smb_filename *smb_fname, -+ int flags, -+ mode_t mode, -+ unsigned int link_depth) -+{ -+ int fd = -1; -+ char *link_target = NULL; -+ int link_len = -1; -+ char *oldwd = NULL; -+ size_t rootdir_len = 0; -+ char *resolved_name = NULL; -+ bool matched = false; -+ int saved_errno = 0; -+ -+ /* -+ * Ensure we don't get stuck in a symlink loop. -+ */ -+ link_depth++; -+ if (link_depth >= 20) { -+ errno = ELOOP; -+ goto out; -+ } -+ -+ /* Allocate space for the link target. */ -+ link_target = talloc_array(talloc_tos(), char, PATH_MAX); -+ if (link_target == NULL) { -+ errno = ENOMEM; -+ goto out; -+ } -+ -+ /* Read the link target. */ -+ link_len = SMB_VFS_READLINK(conn, -+ smb_fname->base_name, -+ link_target, -+ PATH_MAX - 1); -+ if (link_len == -1) { -+ goto out; -+ } -+ -+ /* Ensure it's at least null terminated. */ -+ link_target[link_len] = '\0'; -+ -+ /* Convert to an absolute path. */ -+ resolved_name = SMB_VFS_REALPATH(conn, link_target); -+ if (resolved_name == NULL) { -+ goto out; -+ } -+ -+ /* -+ * We know conn_rootdir starts with '/' and -+ * does not end in '/'. FIXME ! Should we -+ * smb_assert this ? -+ */ -+ rootdir_len = strlen(conn_rootdir); -+ -+ matched = (strncmp(conn_rootdir, resolved_name, rootdir_len) == 0); -+ if (!matched) { -+ errno = EACCES; -+ goto out; -+ } -+ -+ /* -+ * Turn into a path relative to the share root. -+ */ -+ if (resolved_name[rootdir_len] == '\0') { -+ /* Link to the root of the share. */ -+ smb_fname->base_name = talloc_strdup(talloc_tos(), "."); -+ if (smb_fname->base_name == NULL) { -+ errno = ENOMEM; -+ goto out; -+ } -+ } else if (resolved_name[rootdir_len] == '/') { -+ smb_fname->base_name = &resolved_name[rootdir_len+1]; -+ } else { -+ errno = EACCES; -+ goto out; -+ } -+ -+ oldwd = vfs_GetWd(talloc_tos(), conn); -+ if (oldwd == NULL) { -+ goto out; -+ } -+ -+ /* Ensure we operate from the root of the share. */ -+ if (vfs_ChDir(conn, conn_rootdir) == -1) { -+ goto out; -+ } -+ -+ /* And do it all again.. */ -+ fd = non_widelink_open(conn, -+ conn_rootdir, -+ fsp, -+ smb_fname, -+ flags, -+ mode, -+ link_depth); -+ if (fd == -1) { -+ saved_errno = errno; -+ } -+ -+ out: -+ -+ SAFE_FREE(resolved_name); -+ TALLOC_FREE(link_target); -+ if (oldwd != NULL) { -+ int ret = vfs_ChDir(conn, oldwd); -+ if (ret == -1) { -+ smb_panic("unable to get back to old directory\n"); -+ } -+ TALLOC_FREE(oldwd); -+ } -+ if (saved_errno != 0) { -+ errno = saved_errno; -+ } -+ return fd; -+} -+ -+/**************************************************************************** -+ Non-widelink open. -+****************************************************************************/ -+ -+static int non_widelink_open(struct connection_struct *conn, -+ const char *conn_rootdir, -+ files_struct *fsp, -+ struct smb_filename *smb_fname, -+ int flags, -+ mode_t mode, -+ unsigned int link_depth) -+{ -+ NTSTATUS status; -+ int fd = -1; -+ struct smb_filename *smb_fname_rel = NULL; -+ int saved_errno = 0; -+ char *oldwd = NULL; -+ char *parent_dir = NULL; -+ const char *final_component = NULL; -+ -+ if (!parent_dirname(talloc_tos(), -+ smb_fname->base_name, -+ &parent_dir, -+ &final_component)) { -+ goto out; -+ } -+ -+ oldwd = vfs_GetWd(talloc_tos(), conn); -+ if (oldwd == NULL) { -+ goto out; -+ } -+ -+ /* Pin parent directory in place. */ -+ if (vfs_ChDir(conn, parent_dir) == -1) { -+ goto out; -+ } -+ -+ /* Ensure the relative path is below the share. */ -+ status = check_reduced_name(conn, final_component); -+ if (!NT_STATUS_IS_OK(status)) { -+ saved_errno = map_errno_from_nt_status(status); -+ goto out; -+ } -+ -+ status = create_synthetic_smb_fname(talloc_tos(), -+ final_component, -+ smb_fname->stream_name, -+ &smb_fname->st, -+ &smb_fname_rel); -+ if (!NT_STATUS_IS_OK(status)) { -+ saved_errno = map_errno_from_nt_status(status); -+ goto out; -+ } -+ -+ flags |= O_NOFOLLOW; -+ -+ { -+ struct smb_filename *tmp_name = fsp->fsp_name; -+ fsp->fsp_name = smb_fname_rel; -+ fd = SMB_VFS_OPEN(conn, smb_fname_rel, fsp, flags, mode); -+ fsp->fsp_name = tmp_name; -+ } -+ -+ if (fd == -1) { -+ saved_errno = link_errno_convert(errno); -+ if (saved_errno == ELOOP) { -+ if (fsp->posix_open) { -+ /* Never follow symlinks on posix open. */ -+ goto out; -+ } -+ if (!lp_symlinks(SNUM(conn))) { -+ /* Explicitly no symlinks. */ -+ goto out; -+ } -+ /* -+ * We have a symlink. Follow in userspace -+ * to ensure it's under the share definition. -+ */ -+ fd = process_symlink_open(conn, -+ conn_rootdir, -+ fsp, -+ smb_fname_rel, -+ flags, -+ mode, -+ link_depth); -+ if (fd == -1) { -+ saved_errno = -+ link_errno_convert(errno); -+ } -+ } -+ } -+ -+ out: -+ -+ TALLOC_FREE(parent_dir); -+ TALLOC_FREE(smb_fname_rel); -+ -+ if (oldwd != NULL) { -+ int ret = vfs_ChDir(conn, oldwd); -+ if (ret == -1) { -+ smb_panic("unable to get back to old directory\n"); -+ } -+ TALLOC_FREE(oldwd); -+ } -+ if (saved_errno != 0) { -+ errno = saved_errno; -+ } -+ return fd; -+} -+ - /**************************************************************************** - fd support routines - attempt to do a dos_open. - ****************************************************************************/ --- -2.13.5 - - -From 6a88d1cf3deb54a784f50c8eba3b9a24a65c1b34 Mon Sep 17 00:00:00 2001 -From: Jeremy Allison jra@samba.org -Date: Thu, 15 Dec 2016 13:06:31 -0800 -Subject: [PATCH 15/15] s3: smbd: Use the new non_widelink_open() function. - -CVE-2017-2619 - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=12496 - -Signed-off-by: Jeremy Allison jra@samba.org ---- - source3/smbd/open.c | 23 ++++++++++++++++++++++- - 1 file changed, 22 insertions(+), 1 deletion(-) - -diff --git a/source3/smbd/open.c b/source3/smbd/open.c -index 0998adc416a..65ca14ec8b8 100644 ---- a/source3/smbd/open.c -+++ b/source3/smbd/open.c -@@ -481,7 +481,28 @@ NTSTATUS fd_open(struct connection_struct *conn, - flags |= O_NOFOLLOW; - } - -- fsp->fh->fd = SMB_VFS_OPEN(conn, smb_fname, fsp, flags, mode); -+ /* Ensure path is below share definition. */ -+ if (!lp_widelinks(SNUM(conn))) { -+ const char *conn_rootdir = SMB_VFS_CONNECTPATH(conn, -+ smb_fname->base_name); -+ if (conn_rootdir == NULL) { -+ return NT_STATUS_NO_MEMORY; -+ } -+ /* -+ * Only follow symlinks within a share -+ * definition. -+ */ -+ fsp->fh->fd = non_widelink_open(conn, -+ conn_rootdir, -+ fsp, -+ smb_fname, -+ flags, -+ mode, -+ 0); -+ } else { -+ fsp->fh->fd = SMB_VFS_OPEN(conn, smb_fname, fsp, flags, mode); -+ } -+ - if (fsp->fh->fd == -1) { - int posix_errno = link_errno_convert(errno); - status = map_nt_error_from_unix(posix_errno); --- -2.13.5 - diff --git a/src/patches/samba/CVE-2017-7494-v3-6.patch b/src/patches/samba/CVE-2017-7494-v3-6.patch deleted file mode 100644 index 3b0d94cbd..000000000 --- a/src/patches/samba/CVE-2017-7494-v3-6.patch +++ /dev/null @@ -1,32 +0,0 @@ -From b719a4d53fc6d590f4fac340d956344a5246de4e Mon Sep 17 00:00:00 2001 -From: Volker Lendecke vl@samba.org -Date: Mon, 8 May 2017 21:40:40 +0200 -Subject: [PATCH] CVE-2017-7494: Refuse to open pipe names with / inside - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=12780 - -Signed-off-by: Volker Lendecke vl@samba.org -Reviewed-by: Andreas Schneider asn@samba.org ---- - source3/rpc_server/srv_pipe.c | 5 +++++ - 1 file changed, 5 insertions(+) - -diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c -index ec24fe7..b80e3f5 100644 ---- a/source3/rpc_server/srv_pipe.c -+++ b/source3/rpc_server/srv_pipe.c -@@ -473,6 +473,11 @@ bool is_known_pipename(const char *cli_filename, struct ndr_syntax_id *syntax) - pipename += 1; - } - -+ if (strchr(pipename, '/')) { -+ DEBUG(1,("Refusing open on pipe %s\n", pipename)); -+ return false; -+ } -+ - if (lp_disable_spoolss() && strequal(pipename, "spoolss")) { - DEBUG(10, ("refusing spoolss access\n")); - return false; --- -2.9.4 - diff --git a/src/patches/samba/CVE-preparation-v3-6.patch b/src/patches/samba/CVE-preparation-v3-6.patch deleted file mode 100644 index c4891d6a5..000000000 --- a/src/patches/samba/CVE-preparation-v3-6.patch +++ /dev/null @@ -1,6976 +0,0 @@ -From 39a3fa39967faaf216be8e108ca57d07de1aa95a Mon Sep 17 00:00:00 2001 -From: Vadim Zhukov persgray@gmail.com -Date: Sat, 25 May 2013 15:19:24 +0100 -Subject: [PATCH 01/44] pidl: Recent Perl warns about "defined(@var)" - constructs. - -Signed-off-by: Jelmer Vernooij jelmer@samba.org - -Autobuild-User(master): Jelmer Vernooij jelmer@samba.org -Autobuild-Date(master): Sat May 25 18:10:53 CEST 2013 on sn-devel-104 - -(cherry picked from commit 92254d09e0ee5a7d9d0cd91fe1803f54e64d9a5f) ---- - pidl/lib/Parse/Pidl/ODL.pm | 2 +- - pidl/pidl | 2 +- - 2 files changed, 2 insertions(+), 2 deletions(-) - -Index: samba-3.6.23/pidl/lib/Parse/Pidl/ODL.pm -=================================================================== ---- samba-3.6.23.orig/pidl/lib/Parse/Pidl/ODL.pm -+++ samba-3.6.23/pidl/lib/Parse/Pidl/ODL.pm -@@ -70,7 +70,7 @@ sub ODL2IDL - next; - } - my $podl = Parse::Pidl::IDL::parse_file($idl_path, $opt_incdirs); -- if (defined(@$podl)) { -+ if (defined($podl)) { - require Parse::Pidl::Typelist; - my $basename = basename($idl_path, ".idl"); - -Index: samba-3.6.23/pidl/pidl -=================================================================== ---- samba-3.6.23.orig/pidl/pidl -+++ samba-3.6.23/pidl/pidl -@@ -605,7 +605,7 @@ sub process_file($) - require Parse::Pidl::IDL; - - $pidl = Parse::Pidl::IDL::parse_file($idl_file, @opt_incdirs); -- defined @$pidl || die "Failed to parse $idl_file"; -+ defined $pidl || die "Failed to parse $idl_file"; - } - - require Parse::Pidl::Typelist; -Index: samba-3.6.23/source4/heimdal/cf/make-proto.pl -=================================================================== ---- samba-3.6.23.orig/source4/heimdal/cf/make-proto.pl -+++ samba-3.6.23/source4/heimdal/cf/make-proto.pl -@@ -1,8 +1,8 @@ - # Make prototypes from .c files - # $Id$ - --##use Getopt::Std; --require 'getopts.pl'; -+use Getopt::Std; -+#require 'getopts.pl'; - - my $comment = 0; - my $if_0 = 0; -@@ -12,7 +12,7 @@ my $debug = 0; - my $oproto = 1; - my $private_func_re = "^_"; - --Getopts('x:m:o:p:dqE:R:P:') || die "foo"; -+getopts('x:m:o:p:dqE:R:P:') || die "foo"; - - if($opt_d) { - $debug = 1; -Index: samba-3.6.23/source3/Makefile-smbtorture4 -=================================================================== ---- samba-3.6.23.orig/source3/Makefile-smbtorture4 -+++ samba-3.6.23/source3/Makefile-smbtorture4 -@@ -6,7 +6,7 @@ SAMBA4_BINARIES="smbtorture,ndrdump" - samba4-configure: - @(cd .. && \ - CFLAGS='' $(WAF) reconfigure || \ -- CFLAGS='' $(WAF) configure --enable-socket-wrapper --enable-nss-wrapper --enable-uid-wrapper --nonshared-binary=$(SAMBA4_BINARIES) --enable-auto-reconfigure ) -+ CFLAGS='' $(WAF) configure --enable-socket-wrapper --enable-nss-wrapper --enable-uid-wrapper --nonshared-binary=$(SAMBA4_BINARIES) --enable-auto-reconfigure --bundled-libraries=ALL --disable-gnutls ) - - .PHONY: samba4-configure - -Index: samba-3.6.23/source4/lib/ldb/wscript -=================================================================== ---- samba-3.6.23.orig/source4/lib/ldb/wscript -+++ samba-3.6.23/source4/lib/ldb/wscript -@@ -135,9 +135,7 @@ def build(bld): - pc_files=ldb_pc_files, - vnum=VERSION, - private_library=private_library, -- manpages='man/ldb.3', -- abi_directory = 'ABI', -- abi_match = abi_match) -+ manpages='man/ldb.3') - - # generate a include/ldb_version.h - t = bld.SAMBA_GENERATOR('ldb_version.h', -Index: samba-3.6.23/source3/selftest/skip -=================================================================== ---- samba-3.6.23.orig/source3/selftest/skip -+++ samba-3.6.23/source3/selftest/skip -@@ -22,3 +22,8 @@ samba3.*raw.ioctl - samba3.*raw.qfileinfo - samba3.*raw.qfsinfo - samba3.*raw.sfileinfo.base -+# skip, don't work for badlock backports -+samba3.posix_s3.raw.eas -+samba3.posix_s3.raw.rename -+samba3.posix_s3.raw.search -+samba3.posix_s3.raw.streams -Index: samba-3.6.23/librpc/ndr/ndr_ntlmssp.c -=================================================================== ---- samba-3.6.23.orig/librpc/ndr/ndr_ntlmssp.c -+++ samba-3.6.23/librpc/ndr/ndr_ntlmssp.c -@@ -176,4 +176,20 @@ _PUBLIC_ void ndr_print_ntlmssp_Version( - } - } - -+_PUBLIC_ struct AV_PAIR *ndr_ntlmssp_find_av(const struct AV_PAIR_LIST *av_list, -+ enum ntlmssp_AvId AvId) -+{ -+ struct AV_PAIR *res = NULL; -+ uint32_t i = 0; - -+ for (i = 0; i < av_list->count; i++) { -+ if (av_list->pair[i].AvId != AvId) { -+ continue; -+ } -+ -+ res = discard_const_p(struct AV_PAIR, &av_list->pair[i]); -+ break; -+ } -+ -+ return res; -+} -Index: samba-3.6.23/librpc/ndr/ndr_ntlmssp.h -=================================================================== ---- samba-3.6.23.orig/librpc/ndr/ndr_ntlmssp.h -+++ samba-3.6.23/librpc/ndr/ndr_ntlmssp.h -@@ -31,3 +31,5 @@ _PUBLIC_ void ndr_print_ntlmssp_lm_respo - bool ntlmv2); - _PUBLIC_ void ndr_print_ntlmssp_Version(struct ndr_print *ndr, const char *name, const union ntlmssp_Version *r); - -+_PUBLIC_ struct AV_PAIR *ndr_ntlmssp_find_av(const struct AV_PAIR_LIST *av_list, -+ enum ntlmssp_AvId AvId); -Index: samba-3.6.23/librpc/ABI/ndr-0.0.2.sigs -=================================================================== ---- /dev/null -+++ samba-3.6.23/librpc/ABI/ndr-0.0.2.sigs -@@ -0,0 +1,247 @@ -+GUID_all_zero: bool (const struct GUID *) -+GUID_compare: int (const struct GUID *, const struct GUID *) -+GUID_equal: bool (const struct GUID *, const struct GUID *) -+GUID_from_data_blob: NTSTATUS (const DATA_BLOB *, struct GUID *) -+GUID_from_ndr_blob: NTSTATUS (const DATA_BLOB *, struct GUID *) -+GUID_from_string: NTSTATUS (const char *, struct GUID *) -+GUID_hexstring: char *(TALLOC_CTX *, const struct GUID *) -+GUID_random: struct GUID (void) -+GUID_string: char *(TALLOC_CTX *, const struct GUID *) -+GUID_string2: char *(TALLOC_CTX *, const struct GUID *) -+GUID_to_ndr_blob: NTSTATUS (const struct GUID *, TALLOC_CTX *, DATA_BLOB *) -+GUID_zero: struct GUID (void) -+ndr_align_size: size_t (uint32_t, size_t) -+ndr_charset_length: uint32_t (const void *, charset_t) -+ndr_check_array_length: enum ndr_err_code (struct ndr_pull *, void *, uint32_t) -+ndr_check_array_size: enum ndr_err_code (struct ndr_pull *, void *, uint32_t) -+ndr_check_padding: void (struct ndr_pull *, size_t) -+ndr_check_pipe_chunk_trailer: enum ndr_err_code (struct ndr_pull *, int, uint32_t) -+ndr_check_string_terminator: enum ndr_err_code (struct ndr_pull *, uint32_t, uint32_t) -+ndr_get_array_length: uint32_t (struct ndr_pull *, const void *) -+ndr_get_array_size: uint32_t (struct ndr_pull *, const void *) -+ndr_map_error2errno: int (enum ndr_err_code) -+ndr_map_error2ntstatus: NTSTATUS (enum ndr_err_code) -+ndr_map_error2string: const char *(enum ndr_err_code) -+ndr_policy_handle_empty: bool (const struct policy_handle *) -+ndr_policy_handle_equal: bool (const struct policy_handle *, const struct policy_handle *) -+ndr_print_DATA_BLOB: void (struct ndr_print *, const char *, DATA_BLOB) -+ndr_print_GUID: void (struct ndr_print *, const char *, const struct GUID *) -+ndr_print_KRB5_EDATA_NTSTATUS: void (struct ndr_print *, const char *, const struct KRB5_EDATA_NTSTATUS *) -+ndr_print_NTSTATUS: void (struct ndr_print *, const char *, NTSTATUS) -+ndr_print_NTTIME: void (struct ndr_print *, const char *, NTTIME) -+ndr_print_NTTIME_1sec: void (struct ndr_print *, const char *, NTTIME) -+ndr_print_NTTIME_hyper: void (struct ndr_print *, const char *, NTTIME) -+ndr_print_WERROR: void (struct ndr_print *, const char *, WERROR) -+ndr_print_array_uint8: void (struct ndr_print *, const char *, const uint8_t *, uint32_t) -+ndr_print_bad_level: void (struct ndr_print *, const char *, uint16_t) -+ndr_print_bitmap_flag: void (struct ndr_print *, size_t, const char *, uint32_t, uint32_t) -+ndr_print_bool: void (struct ndr_print *, const char *, const bool) -+ndr_print_debug: void (ndr_print_fn_t, const char *, void *) -+ndr_print_debug_helper: void (struct ndr_print *, const char *, ...) -+ndr_print_debugc: void (int, ndr_print_fn_t, const char *, void *) -+ndr_print_debugc_helper: void (struct ndr_print *, const char *, ...) -+ndr_print_dlong: void (struct ndr_print *, const char *, int64_t) -+ndr_print_double: void (struct ndr_print *, const char *, double) -+ndr_print_enum: void (struct ndr_print *, const char *, const char *, const char *, uint32_t) -+ndr_print_function_debug: void (ndr_print_function_t, const char *, int, void *) -+ndr_print_function_string: char *(TALLOC_CTX *, ndr_print_function_t, const char *, int, void *) -+ndr_print_get_switch_value: uint32_t (struct ndr_print *, const void *) -+ndr_print_gid_t: void (struct ndr_print *, const char *, gid_t) -+ndr_print_hyper: void (struct ndr_print *, const char *, uint64_t) -+ndr_print_int16: void (struct ndr_print *, const char *, int16_t) -+ndr_print_int32: void (struct ndr_print *, const char *, int32_t) -+ndr_print_int3264: void (struct ndr_print *, const char *, int32_t) -+ndr_print_int8: void (struct ndr_print *, const char *, int8_t) -+ndr_print_ipv4address: void (struct ndr_print *, const char *, const char *) -+ndr_print_ipv6address: void (struct ndr_print *, const char *, const char *) -+ndr_print_ndr_syntax_id: void (struct ndr_print *, const char *, const struct ndr_syntax_id *) -+ndr_print_netr_SamDatabaseID: void (struct ndr_print *, const char *, enum netr_SamDatabaseID) -+ndr_print_netr_SchannelType: void (struct ndr_print *, const char *, enum netr_SchannelType) -+ndr_print_null: void (struct ndr_print *) -+ndr_print_pointer: void (struct ndr_print *, const char *, void *) -+ndr_print_policy_handle: void (struct ndr_print *, const char *, const struct policy_handle *) -+ndr_print_printf_helper: void (struct ndr_print *, const char *, ...) -+ndr_print_ptr: void (struct ndr_print *, const char *, const void *) -+ndr_print_set_switch_value: enum ndr_err_code (struct ndr_print *, const void *, uint32_t) -+ndr_print_sockaddr_storage: void (struct ndr_print *, const char *, const struct sockaddr_storage *) -+ndr_print_string: void (struct ndr_print *, const char *, const char *) -+ndr_print_string_array: void (struct ndr_print *, const char *, const char **) -+ndr_print_string_helper: void (struct ndr_print *, const char *, ...) -+ndr_print_struct: void (struct ndr_print *, const char *, const char *) -+ndr_print_struct_string: char *(TALLOC_CTX *, ndr_print_fn_t, const char *, void *) -+ndr_print_svcctl_ServerType: void (struct ndr_print *, const char *, uint32_t) -+ndr_print_time_t: void (struct ndr_print *, const char *, time_t) -+ndr_print_timespec: void (struct ndr_print *, const char *, const struct timespec *) -+ndr_print_timeval: void (struct ndr_print *, const char *, const struct timeval *) -+ndr_print_udlong: void (struct ndr_print *, const char *, uint64_t) -+ndr_print_udlongr: void (struct ndr_print *, const char *, uint64_t) -+ndr_print_uid_t: void (struct ndr_print *, const char *, uid_t) -+ndr_print_uint16: void (struct ndr_print *, const char *, uint16_t) -+ndr_print_uint32: void (struct ndr_print *, const char *, uint32_t) -+ndr_print_uint3264: void (struct ndr_print *, const char *, uint32_t) -+ndr_print_uint8: void (struct ndr_print *, const char *, uint8_t) -+ndr_print_union: void (struct ndr_print *, const char *, int, const char *) -+ndr_print_union_debug: void (ndr_print_fn_t, const char *, uint32_t, void *) -+ndr_print_union_string: char *(TALLOC_CTX *, ndr_print_fn_t, const char *, uint32_t, void *) -+ndr_print_winreg_Data: void (struct ndr_print *, const char *, const union winreg_Data *) -+ndr_print_winreg_Type: void (struct ndr_print *, const char *, enum winreg_Type) -+ndr_pull_DATA_BLOB: enum ndr_err_code (struct ndr_pull *, int, DATA_BLOB *) -+ndr_pull_GUID: enum ndr_err_code (struct ndr_pull *, int, struct GUID *) -+ndr_pull_KRB5_EDATA_NTSTATUS: enum ndr_err_code (struct ndr_pull *, int, struct KRB5_EDATA_NTSTATUS *) -+ndr_pull_NTSTATUS: enum ndr_err_code (struct ndr_pull *, int, NTSTATUS *) -+ndr_pull_NTTIME: enum ndr_err_code (struct ndr_pull *, int, NTTIME *) -+ndr_pull_NTTIME_1sec: enum ndr_err_code (struct ndr_pull *, int, NTTIME *) -+ndr_pull_NTTIME_hyper: enum ndr_err_code (struct ndr_pull *, int, NTTIME *) -+ndr_pull_WERROR: enum ndr_err_code (struct ndr_pull *, int, WERROR *) -+ndr_pull_advance: enum ndr_err_code (struct ndr_pull *, uint32_t) -+ndr_pull_align: enum ndr_err_code (struct ndr_pull *, size_t) -+ndr_pull_array_length: enum ndr_err_code (struct ndr_pull *, const void *) -+ndr_pull_array_size: enum ndr_err_code (struct ndr_pull *, const void *) -+ndr_pull_array_uint8: enum ndr_err_code (struct ndr_pull *, int, uint8_t *, uint32_t) -+ndr_pull_bytes: enum ndr_err_code (struct ndr_pull *, uint8_t *, uint32_t) -+ndr_pull_charset: enum ndr_err_code (struct ndr_pull *, int, const char **, uint32_t, uint8_t, charset_t) -+ndr_pull_charset_to_null: enum ndr_err_code (struct ndr_pull *, int, const char **, uint32_t, uint8_t, charset_t) -+ndr_pull_dlong: enum ndr_err_code (struct ndr_pull *, int, int64_t *) -+ndr_pull_double: enum ndr_err_code (struct ndr_pull *, int, double *) -+ndr_pull_enum_uint16: enum ndr_err_code (struct ndr_pull *, int, uint16_t *) -+ndr_pull_enum_uint1632: enum ndr_err_code (struct ndr_pull *, int, uint16_t *) -+ndr_pull_enum_uint32: enum ndr_err_code (struct ndr_pull *, int, uint32_t *) -+ndr_pull_enum_uint8: enum ndr_err_code (struct ndr_pull *, int, uint8_t *) -+ndr_pull_error: enum ndr_err_code (struct ndr_pull *, enum ndr_err_code, const char *, ...) -+ndr_pull_generic_ptr: enum ndr_err_code (struct ndr_pull *, uint32_t *) -+ndr_pull_get_relative_base_offset: uint32_t (struct ndr_pull *) -+ndr_pull_get_switch_value: uint32_t (struct ndr_pull *, const void *) -+ndr_pull_gid_t: enum ndr_err_code (struct ndr_pull *, int, gid_t *) -+ndr_pull_hyper: enum ndr_err_code (struct ndr_pull *, int, uint64_t *) -+ndr_pull_init_blob: struct ndr_pull *(const DATA_BLOB *, TALLOC_CTX *) -+ndr_pull_int16: enum ndr_err_code (struct ndr_pull *, int, int16_t *) -+ndr_pull_int32: enum ndr_err_code (struct ndr_pull *, int, int32_t *) -+ndr_pull_int8: enum ndr_err_code (struct ndr_pull *, int, int8_t *) -+ndr_pull_ipv4address: enum ndr_err_code (struct ndr_pull *, int, const char **) -+ndr_pull_ipv6address: enum ndr_err_code (struct ndr_pull *, int, const char **) -+ndr_pull_ndr_syntax_id: enum ndr_err_code (struct ndr_pull *, int, struct ndr_syntax_id *) -+ndr_pull_netr_SamDatabaseID: enum ndr_err_code (struct ndr_pull *, int, enum netr_SamDatabaseID *) -+ndr_pull_netr_SchannelType: enum ndr_err_code (struct ndr_pull *, int, enum netr_SchannelType *) -+ndr_pull_pointer: enum ndr_err_code (struct ndr_pull *, int, void **) -+ndr_pull_policy_handle: enum ndr_err_code (struct ndr_pull *, int, struct policy_handle *) -+ndr_pull_ref_ptr: enum ndr_err_code (struct ndr_pull *, uint32_t *) -+ndr_pull_relative_ptr1: enum ndr_err_code (struct ndr_pull *, const void *, uint32_t) -+ndr_pull_relative_ptr2: enum ndr_err_code (struct ndr_pull *, const void *) -+ndr_pull_relative_ptr_short: enum ndr_err_code (struct ndr_pull *, uint16_t *) -+ndr_pull_restore_relative_base_offset: void (struct ndr_pull *, uint32_t) -+ndr_pull_set_switch_value: enum ndr_err_code (struct ndr_pull *, const void *, uint32_t) -+ndr_pull_setup_relative_base_offset1: enum ndr_err_code (struct ndr_pull *, const void *, uint32_t) -+ndr_pull_setup_relative_base_offset2: enum ndr_err_code (struct ndr_pull *, const void *) -+ndr_pull_string: enum ndr_err_code (struct ndr_pull *, int, const char **) -+ndr_pull_string_array: enum ndr_err_code (struct ndr_pull *, int, const char ***) -+ndr_pull_struct_blob: enum ndr_err_code (const DATA_BLOB *, TALLOC_CTX *, void *, ndr_pull_flags_fn_t) -+ndr_pull_struct_blob_all: enum ndr_err_code (const DATA_BLOB *, TALLOC_CTX *, void *, ndr_pull_flags_fn_t) -+ndr_pull_subcontext_end: enum ndr_err_code (struct ndr_pull *, struct ndr_pull *, size_t, ssize_t) -+ndr_pull_subcontext_start: enum ndr_err_code (struct ndr_pull *, struct ndr_pull **, size_t, ssize_t) -+ndr_pull_svcctl_ServerType: enum ndr_err_code (struct ndr_pull *, int, uint32_t *) -+ndr_pull_time_t: enum ndr_err_code (struct ndr_pull *, int, time_t *) -+ndr_pull_timespec: enum ndr_err_code (struct ndr_pull *, int, struct timespec *) -+ndr_pull_timeval: enum ndr_err_code (struct ndr_pull *, int, struct timeval *) -+ndr_pull_trailer_align: enum ndr_err_code (struct ndr_pull *, size_t) -+ndr_pull_udlong: enum ndr_err_code (struct ndr_pull *, int, uint64_t *) -+ndr_pull_udlongr: enum ndr_err_code (struct ndr_pull *, int, uint64_t *) -+ndr_pull_uid_t: enum ndr_err_code (struct ndr_pull *, int, uid_t *) -+ndr_pull_uint16: enum ndr_err_code (struct ndr_pull *, int, uint16_t *) -+ndr_pull_uint1632: enum ndr_err_code (struct ndr_pull *, int, uint16_t *) -+ndr_pull_uint32: enum ndr_err_code (struct ndr_pull *, int, uint32_t *) -+ndr_pull_uint3264: enum ndr_err_code (struct ndr_pull *, int, uint32_t *) -+ndr_pull_uint8: enum ndr_err_code (struct ndr_pull *, int, uint8_t *) -+ndr_pull_union_align: enum ndr_err_code (struct ndr_pull *, size_t) -+ndr_pull_union_blob: enum ndr_err_code (const DATA_BLOB *, TALLOC_CTX *, void *, uint32_t, ndr_pull_flags_fn_t) -+ndr_pull_union_blob_all: enum ndr_err_code (const DATA_BLOB *, TALLOC_CTX *, void *, uint32_t, ndr_pull_flags_fn_t) -+ndr_pull_winreg_Data: enum ndr_err_code (struct ndr_pull *, int, union winreg_Data *) -+ndr_pull_winreg_Type: enum ndr_err_code (struct ndr_pull *, int, enum winreg_Type *) -+ndr_push_DATA_BLOB: enum ndr_err_code (struct ndr_push *, int, DATA_BLOB) -+ndr_push_GUID: enum ndr_err_code (struct ndr_push *, int, const struct GUID *) -+ndr_push_KRB5_EDATA_NTSTATUS: enum ndr_err_code (struct ndr_push *, int, const struct KRB5_EDATA_NTSTATUS *) -+ndr_push_NTSTATUS: enum ndr_err_code (struct ndr_push *, int, NTSTATUS) -+ndr_push_NTTIME: enum ndr_err_code (struct ndr_push *, int, NTTIME) -+ndr_push_NTTIME_1sec: enum ndr_err_code (struct ndr_push *, int, NTTIME) -+ndr_push_NTTIME_hyper: enum ndr_err_code (struct ndr_push *, int, NTTIME) -+ndr_push_WERROR: enum ndr_err_code (struct ndr_push *, int, WERROR) -+ndr_push_align: enum ndr_err_code (struct ndr_push *, size_t) -+ndr_push_array_uint8: enum ndr_err_code (struct ndr_push *, int, const uint8_t *, uint32_t) -+ndr_push_blob: DATA_BLOB (struct ndr_push *) -+ndr_push_bytes: enum ndr_err_code (struct ndr_push *, const uint8_t *, uint32_t) -+ndr_push_charset: enum ndr_err_code (struct ndr_push *, int, const char *, uint32_t, uint8_t, charset_t) -+ndr_push_dlong: enum ndr_err_code (struct ndr_push *, int, int64_t) -+ndr_push_double: enum ndr_err_code (struct ndr_push *, int, double) -+ndr_push_enum_uint16: enum ndr_err_code (struct ndr_push *, int, uint16_t) -+ndr_push_enum_uint1632: enum ndr_err_code (struct ndr_push *, int, uint16_t) -+ndr_push_enum_uint32: enum ndr_err_code (struct ndr_push *, int, uint32_t) -+ndr_push_enum_uint8: enum ndr_err_code (struct ndr_push *, int, uint8_t) -+ndr_push_error: enum ndr_err_code (struct ndr_push *, enum ndr_err_code, const char *, ...) -+ndr_push_expand: enum ndr_err_code (struct ndr_push *, uint32_t) -+ndr_push_full_ptr: enum ndr_err_code (struct ndr_push *, const void *) -+ndr_push_get_relative_base_offset: uint32_t (struct ndr_push *) -+ndr_push_get_switch_value: uint32_t (struct ndr_push *, const void *) -+ndr_push_gid_t: enum ndr_err_code (struct ndr_push *, int, gid_t) -+ndr_push_hyper: enum ndr_err_code (struct ndr_push *, int, uint64_t) -+ndr_push_init_ctx: struct ndr_push *(TALLOC_CTX *) -+ndr_push_int16: enum ndr_err_code (struct ndr_push *, int, int16_t) -+ndr_push_int32: enum ndr_err_code (struct ndr_push *, int, int32_t) -+ndr_push_int8: enum ndr_err_code (struct ndr_push *, int, int8_t) -+ndr_push_ipv4address: enum ndr_err_code (struct ndr_push *, int, const char *) -+ndr_push_ipv6address: enum ndr_err_code (struct ndr_push *, int, const char *) -+ndr_push_ndr_syntax_id: enum ndr_err_code (struct ndr_push *, int, const struct ndr_syntax_id *) -+ndr_push_netr_SamDatabaseID: enum ndr_err_code (struct ndr_push *, int, enum netr_SamDatabaseID) -+ndr_push_netr_SchannelType: enum ndr_err_code (struct ndr_push *, int, enum netr_SchannelType) -+ndr_push_pipe_chunk_trailer: enum ndr_err_code (struct ndr_push *, int, uint32_t) -+ndr_push_pointer: enum ndr_err_code (struct ndr_push *, int, void *) -+ndr_push_policy_handle: enum ndr_err_code (struct ndr_push *, int, const struct policy_handle *) -+ndr_push_ref_ptr: enum ndr_err_code (struct ndr_push *) -+ndr_push_relative_ptr1: enum ndr_err_code (struct ndr_push *, const void *) -+ndr_push_relative_ptr2_end: enum ndr_err_code (struct ndr_push *, const void *) -+ndr_push_relative_ptr2_start: enum ndr_err_code (struct ndr_push *, const void *) -+ndr_push_restore_relative_base_offset: void (struct ndr_push *, uint32_t) -+ndr_push_set_switch_value: enum ndr_err_code (struct ndr_push *, const void *, uint32_t) -+ndr_push_setup_relative_base_offset1: enum ndr_err_code (struct ndr_push *, const void *, uint32_t) -+ndr_push_setup_relative_base_offset2: enum ndr_err_code (struct ndr_push *, const void *) -+ndr_push_short_relative_ptr1: enum ndr_err_code (struct ndr_push *, const void *) -+ndr_push_short_relative_ptr2: enum ndr_err_code (struct ndr_push *, const void *) -+ndr_push_string: enum ndr_err_code (struct ndr_push *, int, const char *) -+ndr_push_string_array: enum ndr_err_code (struct ndr_push *, int, const char **) -+ndr_push_struct_blob: enum ndr_err_code (DATA_BLOB *, TALLOC_CTX *, const void *, ndr_push_flags_fn_t) -+ndr_push_subcontext_end: enum ndr_err_code (struct ndr_push *, struct ndr_push *, size_t, ssize_t) -+ndr_push_subcontext_start: enum ndr_err_code (struct ndr_push *, struct ndr_push **, size_t, ssize_t) -+ndr_push_svcctl_ServerType: enum ndr_err_code (struct ndr_push *, int, uint32_t) -+ndr_push_time_t: enum ndr_err_code (struct ndr_push *, int, time_t) -+ndr_push_timespec: enum ndr_err_code (struct ndr_push *, int, const struct timespec *) -+ndr_push_timeval: enum ndr_err_code (struct ndr_push *, int, const struct timeval *) -+ndr_push_trailer_align: enum ndr_err_code (struct ndr_push *, size_t) -+ndr_push_udlong: enum ndr_err_code (struct ndr_push *, int, uint64_t) -+ndr_push_udlongr: enum ndr_err_code (struct ndr_push *, int, uint64_t) -+ndr_push_uid_t: enum ndr_err_code (struct ndr_push *, int, uid_t) -+ndr_push_uint16: enum ndr_err_code (struct ndr_push *, int, uint16_t) -+ndr_push_uint1632: enum ndr_err_code (struct ndr_push *, int, uint16_t) -+ndr_push_uint32: enum ndr_err_code (struct ndr_push *, int, uint32_t) -+ndr_push_uint3264: enum ndr_err_code (struct ndr_push *, int, uint32_t) -+ndr_push_uint8: enum ndr_err_code (struct ndr_push *, int, uint8_t) -+ndr_push_union_align: enum ndr_err_code (struct ndr_push *, size_t) -+ndr_push_union_blob: enum ndr_err_code (DATA_BLOB *, TALLOC_CTX *, void *, uint32_t, ndr_push_flags_fn_t) -+ndr_push_unique_ptr: enum ndr_err_code (struct ndr_push *, const void *) -+ndr_push_winreg_Data: enum ndr_err_code (struct ndr_push *, int, const union winreg_Data *) -+ndr_push_winreg_Type: enum ndr_err_code (struct ndr_push *, int, enum winreg_Type) -+ndr_push_zero: enum ndr_err_code (struct ndr_push *, uint32_t) -+ndr_set_flags: void (uint32_t *, uint32_t) -+ndr_size_DATA_BLOB: uint32_t (int, const DATA_BLOB *, int) -+ndr_size_GUID: size_t (const struct GUID *, int) -+ndr_size_string: uint32_t (int, const char * const *, int) -+ndr_size_string_array: size_t (const char **, uint32_t, int) -+ndr_size_struct: size_t (const void *, int, ndr_push_flags_fn_t) -+ndr_size_union: size_t (const void *, int, uint32_t, ndr_push_flags_fn_t) -+ndr_string_array_size: size_t (struct ndr_push *, const char *) -+ndr_string_length: uint32_t (const void *, uint32_t) -+ndr_syntax_id_equal: bool (const struct ndr_syntax_id *, const struct ndr_syntax_id *) -+ndr_syntax_id_null: uuid = {time_low = 0, time_mid = 0, time_hi_and_version = 0, clock_seq = "\000", node = "\000\000\000\000\000"}, if_version = 0 -+ndr_token_peek: uint32_t (struct ndr_token_list **, const void *) -+ndr_token_retrieve: enum ndr_err_code (struct ndr_token_list **, const void *, uint32_t *) -+ndr_token_retrieve_cmp_fn: enum ndr_err_code (struct ndr_token_list **, const void *, uint32_t *, comparison_fn_t, bool) -+ndr_token_store: enum ndr_err_code (TALLOC_CTX *, struct ndr_token_list **, const void *, uint32_t) -+ndr_transfer_syntax_ndr: uuid = {time_low = 2324192516, time_mid = 7403, time_hi_and_version = 4553, clock_seq = "\237\350", node = "\b\000+\020H`"}, if_version = 2 -+ndr_transfer_syntax_ndr64: uuid = {time_low = 1903232307, time_mid = 48826, time_hi_and_version = 18743, clock_seq = "\203\031", node = "\265\333\357\234\314\066"}, if_version = 1 -Index: samba-3.6.23/librpc/ndr/libndr.h -=================================================================== ---- samba-3.6.23.orig/librpc/ndr/libndr.h -+++ samba-3.6.23/librpc/ndr/libndr.h -@@ -124,6 +124,20 @@ struct ndr_print { - #define LIBNDR_FLAG_STR_UTF8 (1<<12) - #define LIBNDR_STRING_FLAGS (0x7FFC) - -+/* -+ * don't debug NDR_ERR_BUFSIZE failures, -+ * as the available buffer might be incomplete. -+ * -+ * return NDR_ERR_INCOMPLETE_BUFFER instead. -+ */ -+#define LIBNDR_FLAG_INCOMPLETE_BUFFER (1<<16) -+ -+/* -+ * This lets ndr_pull_subcontext_end() return -+ * NDR_ERR_UNREAD_BYTES. -+ */ -+#define LIBNDR_FLAG_SUBCONTEXT_NO_UNREAD_BYTES (1<<17) -+ - /* set if relative pointers should *not* be marshalled in reverse order */ - #define LIBNDR_FLAG_NO_RELATIVE_REVERSE (1<<18) - -@@ -163,6 +177,7 @@ struct ndr_print { - - /* useful macro for debugging */ - #define NDR_PRINT_DEBUG(type, p) ndr_print_debug((ndr_print_fn_t)ndr_print_ ##type, #p, p) -+#define NDR_PRINT_DEBUGC(dbgc_class, type, p) ndr_print_debugc(dbgc_class, (ndr_print_fn_t)ndr_print_ ##type, #p, p) - #define NDR_PRINT_UNION_DEBUG(type, level, p) ndr_print_union_debug((ndr_print_fn_t)ndr_print_ ##type, #p, level, p) - #define NDR_PRINT_FUNCTION_DEBUG(type, flags, p) ndr_print_function_debug((ndr_print_function_t)ndr_print_ ##type, #type, flags, p) - #define NDR_PRINT_BOTH_DEBUG(type, p) NDR_PRINT_FUNCTION_DEBUG(type, NDR_BOTH, p) -@@ -199,7 +214,9 @@ enum ndr_err_code { - NDR_ERR_IPV6ADDRESS, - NDR_ERR_INVALID_POINTER, - NDR_ERR_UNREAD_BYTES, -- NDR_ERR_NDR64 -+ NDR_ERR_NDR64, -+ NDR_ERR_FLAGS, -+ NDR_ERR_INCOMPLETE_BUFFER - }; - - #define NDR_ERR_CODE_IS_SUCCESS(x) (x == NDR_ERR_SUCCESS) -@@ -217,20 +234,52 @@ enum ndr_compression_alg { - - /* - flags passed to control parse flow -+ These are deliberately in a different range to the NDR_IN/NDR_OUT -+ flags to catch mixups - */ --#define NDR_SCALARS 1 --#define NDR_BUFFERS 2 -+#define NDR_SCALARS 0x100 -+#define NDR_BUFFERS 0x200 - - /* -- flags passed to ndr_print_*() -+ flags passed to ndr_print_*() and ndr pull/push for functions -+ These are deliberately in a different range to the NDR_SCALARS/NDR_BUFFERS -+ flags to catch mixups - */ --#define NDR_IN 1 --#define NDR_OUT 2 --#define NDR_BOTH 3 --#define NDR_SET_VALUES 4 -+#define NDR_IN 0x10 -+#define NDR_OUT 0x20 -+#define NDR_BOTH 0x30 -+#define NDR_SET_VALUES 0x40 -+ -+ -+#define NDR_PULL_CHECK_FLAGS(ndr, ndr_flags) do { \ -+ if ((ndr_flags) & ~(NDR_SCALARS|NDR_BUFFERS)) { \ -+ return ndr_pull_error(ndr, NDR_ERR_FLAGS, "Invalid pull struct ndr_flags 0x%x", ndr_flags); \ -+ } \ -+} while (0) -+ -+#define NDR_PUSH_CHECK_FLAGS(ndr, ndr_flags) do { \ -+ if ((ndr_flags) & ~(NDR_SCALARS|NDR_BUFFERS)) \ -+ return ndr_push_error(ndr, NDR_ERR_FLAGS, "Invalid push struct ndr_flags 0x%x", ndr_flags); \ -+} while (0) -+ -+#define NDR_PULL_CHECK_FN_FLAGS(ndr, flags) do { \ -+ if ((flags) & ~(NDR_BOTH|NDR_SET_VALUES)) { \ -+ return ndr_pull_error(ndr, NDR_ERR_FLAGS, "Invalid fn pull flags 0x%x", flags); \ -+ } \ -+} while (0) -+ -+#define NDR_PUSH_CHECK_FN_FLAGS(ndr, flags) do { \ -+ if ((flags) & ~(NDR_BOTH|NDR_SET_VALUES)) \ -+ return ndr_push_error(ndr, NDR_ERR_FLAGS, "Invalid fn push flags 0x%x", flags); \ -+} while (0) - - #define NDR_PULL_NEED_BYTES(ndr, n) do { \ - if (unlikely((n) > ndr->data_size || ndr->offset + (n) > ndr->data_size)) { \ -+ if (ndr->flags & LIBNDR_FLAG_INCOMPLETE_BUFFER) { \ -+ uint32_t _available = ndr->data_size - ndr->offset; \ -+ uint32_t _missing = n - _available; \ -+ ndr->relative_highest_offset = _missing; \ -+ } \ - return ndr_pull_error(ndr, NDR_ERR_BUFSIZE, "Pull bytes %u (%s)", (unsigned)n, __location__); \ - } \ - } while(0) -@@ -247,6 +296,10 @@ enum ndr_compression_alg { - ndr->offset = (ndr->offset + (n-1)) & ~(n-1); \ - } \ - if (unlikely(ndr->offset > ndr->data_size)) { \ -+ if (ndr->flags & LIBNDR_FLAG_INCOMPLETE_BUFFER) { \ -+ uint32_t _missing = ndr->offset - ndr->data_size; \ -+ ndr->relative_highest_offset = _missing; \ -+ } \ - return ndr_pull_error(ndr, NDR_ERR_BUFSIZE, "Pull align %u", (unsigned)n); \ - } \ - } while(0) -@@ -402,6 +455,8 @@ void ndr_print_dom_sid0(struct ndr_print - size_t ndr_size_dom_sid0(const struct dom_sid *sid, int flags); - void ndr_print_GUID(struct ndr_print *ndr, const char *name, const struct GUID *guid); - bool ndr_syntax_id_equal(const struct ndr_syntax_id *i1, const struct ndr_syntax_id *i2); -+char *ndr_syntax_id_to_string(TALLOC_CTX *mem_ctx, const struct ndr_syntax_id *id); -+bool ndr_syntax_id_from_string(const char *s, struct ndr_syntax_id *id); - enum ndr_err_code ndr_push_struct_blob(DATA_BLOB *blob, TALLOC_CTX *mem_ctx, const void *p, ndr_push_flags_fn_t fn); - enum ndr_err_code ndr_push_union_blob(DATA_BLOB *blob, TALLOC_CTX *mem_ctx, void *p, uint32_t level, ndr_push_flags_fn_t fn); - size_t ndr_size_struct(const void *p, int flags, ndr_push_flags_fn_t push); -@@ -424,14 +479,18 @@ enum ndr_err_code ndr_pull_relative_ptr2 - enum ndr_err_code ndr_pull_relative_ptr_short(struct ndr_pull *ndr, uint16_t *v); - size_t ndr_align_size(uint32_t offset, size_t n); - struct ndr_pull *ndr_pull_init_blob(const DATA_BLOB *blob, TALLOC_CTX *mem_ctx); -+enum ndr_err_code ndr_pull_append(struct ndr_pull *ndr, DATA_BLOB *blob); -+enum ndr_err_code ndr_pull_pop(struct ndr_pull *ndr); - enum ndr_err_code ndr_pull_advance(struct ndr_pull *ndr, uint32_t size); - struct ndr_push *ndr_push_init_ctx(TALLOC_CTX *mem_ctx); - DATA_BLOB ndr_push_blob(struct ndr_push *ndr); - enum ndr_err_code ndr_push_expand(struct ndr_push *ndr, uint32_t extra_size); - void ndr_print_debug_helper(struct ndr_print *ndr, const char *format, ...) PRINTF_ATTRIBUTE(2,3); -+void ndr_print_debugc_helper(struct ndr_print *ndr, const char *format, ...) PRINTF_ATTRIBUTE(2,3); - void ndr_print_printf_helper(struct ndr_print *ndr, const char *format, ...) PRINTF_ATTRIBUTE(2,3); - void ndr_print_string_helper(struct ndr_print *ndr, const char *format, ...) PRINTF_ATTRIBUTE(2,3); - void ndr_print_debug(ndr_print_fn_t fn, const char *name, void *ptr); -+void ndr_print_debugc(int dbgc_class, ndr_print_fn_t fn, const char *name, void *ptr); - void ndr_print_union_debug(ndr_print_fn_t fn, const char *name, uint32_t level, void *ptr); - void ndr_print_function_debug(ndr_print_function_t fn, const char *name, int flags, void *ptr); - char *ndr_print_struct_string(TALLOC_CTX *mem_ctx, ndr_print_fn_t fn, const char *name, void *ptr); -Index: samba-3.6.23/librpc/ndr/ndr.c -=================================================================== ---- samba-3.6.23.orig/librpc/ndr/ndr.c -+++ samba-3.6.23/librpc/ndr/ndr.c -@@ -77,6 +77,111 @@ _PUBLIC_ struct ndr_pull *ndr_pull_init_ - return ndr; - } - -+_PUBLIC_ enum ndr_err_code ndr_pull_append(struct ndr_pull *ndr, DATA_BLOB *blob) -+{ -+ enum ndr_err_code ndr_err; -+ DATA_BLOB b; -+ uint32_t append = 0; -+ bool ok; -+ -+ if (blob->length == 0) { -+ return NDR_ERR_SUCCESS; -+ } -+ -+ ndr_err = ndr_token_retrieve(&ndr->array_size_list, ndr, &append); -+ if (ndr_err == NDR_ERR_TOKEN) { -+ append = 0; -+ ndr_err = NDR_ERR_SUCCESS; -+ } -+ NDR_CHECK(ndr_err); -+ -+ if (ndr->data_size == 0) { -+ ndr->data = NULL; -+ append = UINT32_MAX; -+ } -+ -+ if (append == UINT32_MAX) { -+ /* -+ * append == UINT32_MAX means that -+ * ndr->data is either NULL or a valid -+ * talloc child of ndr, which means -+ * we can use data_blob_append() without -+ * data_blob_talloc() of the existing callers data -+ */ -+ b = data_blob_const(ndr->data, ndr->data_size); -+ } else { -+ b = data_blob_talloc(ndr, ndr->data, ndr->data_size); -+ if (b.data == NULL) { -+ return ndr_pull_error(ndr, NDR_ERR_ALLOC, "%s", __location__); -+ } -+ } -+ -+ ok = data_blob_append(ndr, &b, blob->data, blob->length); -+ if (!ok) { -+ return ndr_pull_error(ndr, NDR_ERR_ALLOC, "%s", __location__); -+ } -+ -+ ndr->data = b.data; -+ ndr->data_size = b.length; -+ -+ return ndr_token_store(ndr, &ndr->array_size_list, ndr, UINT32_MAX); -+} -+ -+_PUBLIC_ enum ndr_err_code ndr_pull_pop(struct ndr_pull *ndr) -+{ -+ uint32_t skip = 0; -+ uint32_t append = 0; -+ -+ if (ndr->relative_base_offset != 0) { -+ return ndr_pull_error(ndr, NDR_ERR_RELATIVE, -+ "%s", __location__); -+ } -+ if (ndr->relative_highest_offset != 0) { -+ return ndr_pull_error(ndr, NDR_ERR_RELATIVE, -+ "%s", __location__); -+ } -+ if (ndr->relative_list != NULL) { -+ return ndr_pull_error(ndr, NDR_ERR_RELATIVE, -+ "%s", __location__); -+ } -+ if (ndr->relative_base_list != NULL) { -+ return ndr_pull_error(ndr, NDR_ERR_RELATIVE, -+ "%s", __location__); -+ } -+ -+ /* -+ * we need to keep up to 7 bytes -+ * in order to get the aligment right. -+ */ -+ skip = ndr->offset & 0xFFFFFFF8; -+ -+ if (skip == 0) { -+ return NDR_ERR_SUCCESS; -+ } -+ -+ ndr->offset -= skip; -+ ndr->data_size -= skip; -+ -+ append = ndr_token_peek(&ndr->array_size_list, ndr); -+ if (append != UINT32_MAX) { -+ /* -+ * here we assume, that ndr->data is not a -+ * talloc child of ndr. -+ */ -+ ndr->data += skip; -+ return NDR_ERR_SUCCESS; -+ } -+ -+ memmove(ndr->data, ndr->data + skip, ndr->data_size); -+ -+ ndr->data = talloc_realloc(ndr, ndr->data, uint8_t, ndr->data_size); -+ if (ndr->data_size != 0 && ndr->data == NULL) { -+ return ndr_pull_error(ndr, NDR_ERR_ALLOC, "%s", __location__); -+ } -+ -+ return NDR_ERR_SUCCESS; -+} -+ - /* - advance by 'size' bytes - */ -@@ -167,6 +272,38 @@ _PUBLIC_ enum ndr_err_code ndr_push_expa - return NDR_ERR_SUCCESS; - } - -+_PUBLIC_ void ndr_print_debugc_helper(struct ndr_print *ndr, const char *format, ...) -+{ -+ va_list ap; -+ char *s = NULL; -+ uint32_t i; -+ int ret; -+ int dbgc_class; -+ -+ va_start(ap, format); -+ ret = vasprintf(&s, format, ap); -+ va_end(ap); -+ -+ if (ret == -1) { -+ return; -+ } -+ -+ dbgc_class = *(int *)ndr->private_data; -+ -+ if (ndr->no_newline) { -+ DEBUGADDC(dbgc_class, 1,("%s", s)); -+ free(s); -+ return; -+ } -+ -+ for (i=0;i<ndr->depth;i++) { -+ DEBUGADDC(dbgc_class, 1,(" ")); -+ } -+ -+ DEBUGADDC(dbgc_class, 1,("%s\n", s)); -+ free(s); -+} -+ - _PUBLIC_ void ndr_print_debug_helper(struct ndr_print *ndr, const char *format, ...) - { - va_list ap; -@@ -238,6 +375,25 @@ _PUBLIC_ void ndr_print_string_helper(st - } - - /* -+ a useful helper function for printing idl structures via DEBUGC() -+*/ -+_PUBLIC_ void ndr_print_debugc(int dbgc_class, ndr_print_fn_t fn, const char *name, void *ptr) -+{ -+ struct ndr_print *ndr; -+ -+ DEBUGC(dbgc_class, 1,(" ")); -+ -+ ndr = talloc_zero(NULL, struct ndr_print); -+ if (!ndr) return; -+ ndr->private_data = &dbgc_class; -+ ndr->print = ndr_print_debugc_helper; -+ ndr->depth = 1; -+ ndr->flags = 0; -+ fn(ndr, name, ptr); -+ talloc_free(ndr); -+} -+ -+/* - a useful helper function for printing idl structures via DEBUG() - */ - _PUBLIC_ void ndr_print_debug(ndr_print_fn_t fn, const char *name, void *ptr) -@@ -403,6 +559,15 @@ _PUBLIC_ enum ndr_err_code ndr_pull_erro - va_list ap; - int ret; - -+ if (ndr->flags & LIBNDR_FLAG_INCOMPLETE_BUFFER) { -+ switch (ndr_err) { -+ case NDR_ERR_BUFSIZE: -+ return NDR_ERR_INCOMPLETE_BUFFER; -+ default: -+ break; -+ } -+ } -+ - va_start(ap, format); - ret = vasprintf(&s, format, ap); - va_end(ap); -@@ -557,6 +722,23 @@ _PUBLIC_ enum ndr_err_code ndr_pull_subc - NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &reserved)); - break; - } -+ case 0xFFFFFFFF: -+ /* -+ * a shallow copy like subcontext -+ * useful for DCERPC pipe chunks. -+ */ -+ subndr = talloc_zero(ndr, struct ndr_pull); -+ NDR_ERR_HAVE_NO_MEMORY(subndr); -+ -+ subndr->flags = ndr->flags; -+ subndr->current_mem_ctx = ndr->current_mem_ctx; -+ subndr->data = ndr->data; -+ subndr->offset = ndr->offset; -+ subndr->data_size = ndr->data_size; -+ -+ *_subndr = subndr; -+ return NDR_ERR_SUCCESS; -+ - default: - return ndr_pull_error(ndr, NDR_ERR_SUBCONTEXT, "Bad subcontext (PULL) header_size %d", - (int)header_size); -@@ -589,13 +771,35 @@ _PUBLIC_ enum ndr_err_code ndr_pull_subc - ssize_t size_is) - { - uint32_t advance; -- if (size_is >= 0) { -+ uint32_t highest_ofs; -+ -+ if (header_size == 0xFFFFFFFF) { -+ advance = subndr->offset - ndr->offset; -+ } else if (size_is >= 0) { - advance = size_is; - } else if (header_size > 0) { - advance = subndr->data_size; - } else { - advance = subndr->offset; - } -+ -+ if (subndr->offset > ndr->relative_highest_offset) { -+ highest_ofs = subndr->offset; -+ } else { -+ highest_ofs = subndr->relative_highest_offset; -+ } -+ if (!(subndr->flags & LIBNDR_FLAG_SUBCONTEXT_NO_UNREAD_BYTES)) { -+ /* -+ * avoid an error unless SUBCONTEXT_NO_UNREAD_BYTES is specified -+ */ -+ highest_ofs = advance; -+ } -+ if (highest_ofs < advance) { -+ return ndr_pull_error(subndr, NDR_ERR_UNREAD_BYTES, -+ "not all bytes consumed ofs[%u] advance[%u]", -+ highest_ofs, advance); -+ } -+ - NDR_CHECK(ndr_pull_advance(ndr, advance)); - return NDR_ERR_SUCCESS; - } -@@ -1440,6 +1644,7 @@ const static struct { - { NDR_ERR_INVALID_POINTER, "Invalid Pointer" }, - { NDR_ERR_UNREAD_BYTES, "Unread Bytes" }, - { NDR_ERR_NDR64, "NDR64 assertion error" }, -+ { NDR_ERR_INCOMPLETE_BUFFER, "Incomplete Buffer" }, - { 0, NULL } - }; - -Index: samba-3.6.23/librpc/idl/idl_types.h -=================================================================== ---- samba-3.6.23.orig/librpc/idl/idl_types.h -+++ samba-3.6.23/librpc/idl/idl_types.h -@@ -47,3 +47,5 @@ - - #define NDR_RELATIVE_REVERSE LIBNDR_FLAG_RELATIVE_REVERSE - #define NDR_NO_RELATIVE_REVERSE LIBNDR_FLAG_NO_RELATIVE_REVERSE -+ -+#define NDR_SUBCONTEXT_NO_UNREAD_BYTES LIBNDR_FLAG_SUBCONTEXT_NO_UNREAD_BYTES -Index: samba-3.6.23/librpc/idl/dcerpc.idl -=================================================================== ---- samba-3.6.23.orig/librpc/idl/dcerpc.idl -+++ samba-3.6.23/librpc/idl/dcerpc.idl -@@ -10,6 +10,8 @@ - */ - import "misc.idl"; - -+cpp_quote("extern const uint8_t DCERPC_SEC_VT_MAGIC[8];") -+ - interface dcerpc - { - typedef struct { -@@ -453,14 +455,21 @@ interface dcerpc - } dcerpc_payload; - - /* pfc_flags values */ -- const uint8 DCERPC_PFC_FLAG_FIRST = 0x01; /* First fragment */ -- const uint8 DCERPC_PFC_FLAG_LAST = 0x02; /* Last fragment */ -- const uint8 DCERPC_PFC_FLAG_PENDING_CANCEL = 0x04; /* Cancel was pending at sender */ -- const uint8 DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN = DCERPC_PFC_FLAG_PENDING_CANCEL; /* depends on the pdu type */ -- const uint8 DCERPC_PFC_FLAG_CONC_MPX = 0x10; /* supports concurrent multiplexing of a single connection. */ -- const uint8 DCERPC_PFC_FLAG_DID_NOT_EXECUTE = 0x20; /* on a fault it means the server hasn't done anything */ -- const uint8 DCERPC_PFC_FLAG_MAYBE = 0x40; /* `maybe' call semantics requested */ -- const uint8 DCERPC_PFC_FLAG_OBJECT_UUID = 0x80; /* on valid guid is in the optional object field */ -+ typedef [bitmap8bit] bitmap { -+ DCERPC_PFC_FLAG_FIRST = 0x01, /* First fragment */ -+ DCERPC_PFC_FLAG_LAST = 0x02, /* Last fragment */ -+ DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING = 0x04, /* depends on the pdu type */ -+ DCERPC_PFC_FLAG_CONC_MPX = 0x10, /* supports concurrent multiplexing of a single connection. */ -+ DCERPC_PFC_FLAG_DID_NOT_EXECUTE = 0x20, /* on a fault it means the server hasn't done anything */ -+ DCERPC_PFC_FLAG_MAYBE = 0x40, /* `maybe' call semantics requested */ -+ DCERPC_PFC_FLAG_OBJECT_UUID = 0x80 /* on valid guid is in the optional object field */ -+ } dcerpc_pfc_flags; -+ -+ /* Cancel was pending at sender */ -+ const int DCERPC_PFC_FLAG_PENDING_CANCEL = -+ DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING; -+ const ist DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN = -+ DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING; - - /* these offsets are needed by the signing code */ - const uint8 DCERPC_PFC_OFFSET = 3; -@@ -468,6 +477,7 @@ interface dcerpc - const uint8 DCERPC_FRAG_LEN_OFFSET = 8; - const uint8 DCERPC_AUTH_LEN_OFFSET = 10; - const uint8 DCERPC_CALL_ID_OFFSET = 12; -+ const uint8 DCERPC_NCACN_PAYLOAD_OFFSET = 16; - - /* little-endian flag */ - const uint8 DCERPC_DREP_LE = 0x10; -@@ -476,7 +486,7 @@ interface dcerpc - uint8 rpc_vers; /* RPC version */ - uint8 rpc_vers_minor; /* Minor version */ - dcerpc_pkt_type ptype; /* Packet type */ -- uint8 pfc_flags; /* Fragmentation flags */ -+ dcerpc_pfc_flags pfc_flags; /* Fragmentation flags */ - uint8 drep[4]; /* NDR data representation */ - uint16 frag_length; /* Total length of fragment */ - uint16 auth_length; /* authenticator length */ -@@ -506,4 +516,69 @@ interface dcerpc - uint8 serial_low; - [switch_is(ptype)] dcerpc_payload u; - } ncadg_packet; -+ -+ typedef [bitmap16bit] bitmap { -+ DCERPC_SEC_VT_COMMAND_ENUM = 0x3FFF, -+ DCERPC_SEC_VT_COMMAND_END = 0x4000, -+ DCERPC_SEC_VT_MUST_PROCESS = 0x8000 -+ } dcerpc_sec_vt_command; -+ -+ typedef [enum16bit] enum { -+ DCERPC_SEC_VT_COMMAND_BITMASK1 = 0x0001, -+ DCERPC_SEC_VT_COMMAND_PCONTEXT = 0x0002, -+ DCERPC_SEC_VT_COMMAND_HEADER2 = 0x0003 -+ } dcerpc_sec_vt_command_enum; -+ -+ typedef [bitmap32bit] bitmap { -+ DCERPC_SEC_VT_CLIENT_SUPPORTS_HEADER_SIGNING = 0x00000001 -+ } dcerpc_sec_vt_bitmask1; -+ -+ typedef struct { -+ ndr_syntax_id abstract_syntax; -+ ndr_syntax_id transfer_syntax; -+ } dcerpc_sec_vt_pcontext; -+ -+ typedef struct { -+ dcerpc_pkt_type ptype; /* Packet type */ -+ [value(0)] uint8 reserved1; -+ [value(0)] uint16 reserved2; -+ uint8 drep[4]; /* NDR data representation */ -+ uint32 call_id; /* Call identifier */ -+ uint16 context_id; -+ uint16 opnum; -+ } dcerpc_sec_vt_header2; -+ -+ typedef [switch_type(dcerpc_sec_vt_command_enum),nodiscriminant] union { -+ [case(DCERPC_SEC_VT_COMMAND_BITMASK1)] dcerpc_sec_vt_bitmask1 bitmask1; -+ [case(DCERPC_SEC_VT_COMMAND_PCONTEXT)] dcerpc_sec_vt_pcontext pcontext; -+ [case(DCERPC_SEC_VT_COMMAND_HEADER2)] dcerpc_sec_vt_header2 header2; -+ [default,flag(NDR_REMAINING)] DATA_BLOB _unknown; -+ } dcerpc_sec_vt_union; -+ -+ typedef struct { -+ dcerpc_sec_vt_command command; -+ [switch_is(command & DCERPC_SEC_VT_COMMAND_ENUM)] -+ [subcontext(2),flag(NDR_SUBCONTEXT_NO_UNREAD_BYTES)] -+ dcerpc_sec_vt_union u; -+ } dcerpc_sec_vt; -+ -+ typedef [public,nopush,nopull] struct { -+ uint16 count; -+ } dcerpc_sec_vt_count; -+ -+ /* -+ * We assume that the whole verification trailer fits into -+ * the last 1024 bytes after the stub data. -+ * -+ * There're currently only 3 commands defined and each should -+ * only be used once. -+ */ -+ const uint16 DCERPC_SEC_VT_MAX_SIZE = 1024; -+ -+ typedef [public,flag(NDR_PAHEX)] struct { -+ [flag(NDR_ALIGN4)] DATA_BLOB _pad; -+ [value(DCERPC_SEC_VT_MAGIC)] uint8 magic[8]; -+ dcerpc_sec_vt_count count; -+ dcerpc_sec_vt commands[count.count]; -+ } dcerpc_sec_verification_trailer; - } -Index: samba-3.6.23/librpc/ndr/ndr_dcerpc.c -=================================================================== ---- /dev/null -+++ samba-3.6.23/librpc/ndr/ndr_dcerpc.c -@@ -0,0 +1,187 @@ -+/* -+ Unix SMB/CIFS implementation. -+ -+ Manually parsed structures found in the DCERPC protocol -+ -+ Copyright (C) Stefan Metzmacher 2014 -+ Copyright (C) Gregor Beck 2014 -+ -+ This program is free software; you can redistribute it and/or modify -+ it under the terms of the GNU General Public License as published by -+ the Free Software Foundation; either version 3 of the License, or -+ (at your option) any later version. -+ -+ This program is distributed in the hope that it will be useful, -+ but WITHOUT ANY WARRANTY; without even the implied warranty of -+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -+ GNU General Public License for more details. -+ -+ You should have received a copy of the GNU General Public License -+ along with this program. If not, see http://www.gnu.org/licenses/. -+*/ -+ -+#include "includes.h" -+#include "librpc/gen_ndr/ndr_dcerpc.h" -+ -+#include "librpc/gen_ndr/ndr_misc.h" -+#include "lib/util/bitmap.h" -+ -+const uint8_t DCERPC_SEC_VT_MAGIC[] = {0x8a,0xe3,0x13,0x71,0x02,0xf4,0x36,0x71}; -+ -+_PUBLIC_ enum ndr_err_code ndr_push_dcerpc_sec_vt_count(struct ndr_push *ndr, int ndr_flags, const struct dcerpc_sec_vt_count *r) -+{ -+ NDR_PUSH_CHECK_FLAGS(ndr, ndr_flags); -+ /* nothing */ -+ return NDR_ERR_SUCCESS; -+} -+ -+_PUBLIC_ enum ndr_err_code ndr_pull_dcerpc_sec_vt_count(struct ndr_pull *ndr, int ndr_flags, struct dcerpc_sec_vt_count *r) -+{ -+ uint32_t _saved_ofs = ndr->offset; -+ -+ NDR_PULL_CHECK_FLAGS(ndr, ndr_flags); -+ -+ if (!(ndr_flags & NDR_SCALARS)) { -+ return NDR_ERR_SUCCESS; -+ } -+ -+ r->count = 0; -+ -+ while (true) { -+ uint16_t command; -+ uint16_t length; -+ -+ NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &command)); -+ NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &length)); -+ NDR_CHECK(ndr_pull_advance(ndr, length)); -+ -+ r->count += 1; -+ -+ if (command & DCERPC_SEC_VT_COMMAND_END) { -+ break; -+ } -+ } -+ -+ ndr->offset = _saved_ofs; -+ return NDR_ERR_SUCCESS; -+} -+ -+_PUBLIC_ enum ndr_err_code ndr_pop_dcerpc_sec_verification_trailer( -+ struct ndr_pull *ndr, TALLOC_CTX *mem_ctx, -+ struct dcerpc_sec_verification_trailer **_r) -+{ -+ enum ndr_err_code ndr_err; -+ uint32_t ofs; -+ uint32_t min_ofs = 0; -+ struct dcerpc_sec_verification_trailer *r; -+ DATA_BLOB sub_blob = data_blob_null; -+ struct ndr_pull *sub_ndr = NULL; -+ uint32_t remaining; -+ -+ *_r = NULL; -+ -+ r = talloc_zero(mem_ctx, struct dcerpc_sec_verification_trailer); -+ if (r == NULL) { -+ return NDR_ERR_ALLOC; -+ } -+ -+ if (ndr->data_size < sizeof(DCERPC_SEC_VT_MAGIC)) { -+ /* -+ * we return with r->count = 0 -+ */ -+ *_r = r; -+ return NDR_ERR_SUCCESS; -+ } -+ -+ ofs = ndr->data_size - sizeof(DCERPC_SEC_VT_MAGIC); -+ /* the magic is 4 byte aligned */ -+ ofs &= ~3; -+ -+ if (ofs > DCERPC_SEC_VT_MAX_SIZE) { -+ /* -+ * We just scan the last 1024 bytes. -+ */ -+ min_ofs = ofs - DCERPC_SEC_VT_MAX_SIZE; -+ } else { -+ min_ofs = 0; -+ } -+ -+ while (true) { -+ int ret; -+ -+ ret = memcmp(&ndr->data[ofs], -+ DCERPC_SEC_VT_MAGIC, -+ sizeof(DCERPC_SEC_VT_MAGIC)); -+ if (ret == 0) { -+ sub_blob = data_blob_const(&ndr->data[ofs], -+ ndr->data_size - ofs); -+ break; -+ } -+ -+ if (ofs <= min_ofs) { -+ break; -+ } -+ -+ ofs -= 4; -+ } -+ -+ if (sub_blob.length == 0) { -+ /* -+ * we return with r->count = 0 -+ */ -+ *_r = r; -+ return NDR_ERR_SUCCESS; -+ } -+ -+ sub_ndr = ndr_pull_init_blob(&sub_blob, r); -+ if (sub_ndr == NULL) { -+ TALLOC_FREE(r); -+ return NDR_ERR_ALLOC; -+ } -+ -+ ndr_err = ndr_pull_dcerpc_sec_verification_trailer(sub_ndr, -+ NDR_SCALARS | NDR_BUFFERS, -+ r); -+ if (ndr_err == NDR_ERR_ALLOC) { -+ TALLOC_FREE(r); -+ return NDR_ERR_ALLOC; -+ } -+ -+ if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { -+ goto ignore_error; -+ } -+ -+ remaining = sub_ndr->data_size - sub_ndr->offset; -+ if (remaining > 16) { -+ /* -+ * we expect not more than 16 byte of additional -+ * padding after the verification trailer. -+ */ -+ goto ignore_error; -+ } -+ -+ /* -+ * We assume that we got a real verification trailer. -+ * -+ * We remove it from the available stub data. -+ */ -+ ndr->data_size = ofs; -+ -+ TALLOC_FREE(sub_ndr); -+ -+ *_r = r; -+ return NDR_ERR_SUCCESS; -+ -+ignore_error: -+ TALLOC_FREE(sub_ndr); -+ /* -+ * just ignore the error, it's likely -+ * that the magic we found belongs to -+ * the stub data. -+ * -+ * we return with r->count = 0 -+ */ -+ ZERO_STRUCTP(r); -+ *_r = r; -+ return NDR_ERR_SUCCESS; -+} -Index: samba-3.6.23/librpc/wscript_build -=================================================================== ---- samba-3.6.23.orig/librpc/wscript_build -+++ samba-3.6.23/librpc/wscript_build -@@ -274,8 +274,9 @@ bld.SAMBA_SUBSYSTEM('NDR_COMPRESSION', - ) - - bld.SAMBA_SUBSYSTEM('NDR_DCERPC', -- source='gen_ndr/ndr_dcerpc.c', -+ source='gen_ndr/ndr_dcerpc.c ndr/ndr_dcerpc.c', - public_deps='ndr', -+ deps='bitmap', - public_headers='gen_ndr/ndr_dcerpc.h gen_ndr/dcerpc.h', - header_path= [ ('*gen_ndr*', 'gen_ndr') ], - ) -Index: samba-3.6.23/source3/Makefile.in -=================================================================== ---- samba-3.6.23.orig/source3/Makefile.in -+++ samba-3.6.23/source3/Makefile.in -@@ -323,7 +323,8 @@ LIBNDR_OBJ = ../librpc/ndr/ndr_basic.o \ - ../librpc/ndr/uuid.o \ - librpc/ndr/util.o \ - librpc/gen_ndr/ndr_server_id.o \ -- librpc/gen_ndr/ndr_dcerpc.o -+ librpc/gen_ndr/ndr_dcerpc.o \ -+ ../librpc/ndr/ndr_dcerpc.o - - LIBNDR_GEN_OBJ0 = librpc/gen_ndr/ndr_samr.o \ - librpc/gen_ndr/ndr_lsa.o -@@ -454,7 +455,7 @@ LIB_OBJ = $(LIBSAMBAUTIL_OBJ) $(UTIL_OBJ - lib/username.o \ - ../libds/common/flag_mapping.o \ - lib/access.o lib/smbrun.o \ -- lib/bitmap.o lib/dprintf.o $(UTIL_REG_OBJ) \ -+ ../lib/util/bitmap.o lib/dprintf.o $(UTIL_REG_OBJ) \ - lib/wins_srv.o \ - lib/util_str.o lib/clobber.o lib/util_sid.o lib/util_specialsids.o \ - lib/util_unistr.o ../lib/util/charset/codepoints.o lib/util_file.o \ -@@ -988,7 +989,9 @@ SWAT_OBJ = $(SWAT_OBJ1) $(PARAM_OBJ) $(P - $(POPT_LIB_OBJ) $(SMBLDAP_OBJ) $(LIBMSRPC_GEN_OBJ) $(LIBMSRPC_OBJ) \ - $(PASSCHANGE_OBJ) $(FNAME_UTIL_OBJ) \ - $(LIBCLI_SAMR_OBJ) \ -- rpc_client/init_lsa.o -+ $(LIBCLI_NETLOGON_OBJ) \ -+ rpc_client/init_lsa.o \ -+ rpc_client/init_netlogon.o - - STATUS_OBJ = utils/status.o utils/status_profile.o \ - $(LOCKING_OBJ) $(PARAM_OBJ) \ -@@ -1004,7 +1007,9 @@ SMBTREE_OBJ = utils/smbtree.o $(PARAM_OB - $(PASSDB_OBJ) $(SMBLDAP_OBJ) $(GROUPDB_OBJ) \ - $(LIBMSRPC_GEN_OBJ) \ - $(LIBMSRPC_OBJ) \ -- $(LIBCLI_SRVSVC_OBJ) -+ $(LIBCLI_SRVSVC_OBJ) \ -+ $(LIBCLI_NETLOGON_OBJ) \ -+ rpc_client/init_netlogon.o - - TESTPARM_OBJ = utils/testparm.o \ - $(PARAM_OBJ) $(LIB_NONSMBD_OBJ) $(POPT_LIB_OBJ) \ -@@ -1026,7 +1031,9 @@ SMBPASSWD_OBJ = utils/smbpasswd.o $(PASS - $(POPT_LIB_OBJ) $(SMBLDAP_OBJ) \ - $(LIBMSRPC_GEN_OBJ) $(LIBMSRPC_OBJ) \ - $(LIBCLI_SAMR_OBJ) \ -- rpc_client/init_lsa.o -+ $(LIBCLI_NETLOGON_OBJ) \ -+ rpc_client/init_lsa.o \ -+ rpc_client/init_netlogon.o - - PDBEDIT_OBJ = utils/pdbedit.o $(PASSWD_UTIL_OBJ) $(PARAM_OBJ) $(PASSDB_OBJ) \ - $(LIBSAMBA_OBJ) $(LIBTSOCKET_OBJ) \ -@@ -1099,7 +1106,9 @@ LIBSMBCLIENT_OBJ1 = $(LIBSMBCLIENT_OBJ0) - $(LIBMSRPC_OBJ) $(LIBMSRPC_GEN_OBJ) \ - $(PASSDB_OBJ) $(SMBLDAP_OBJ) $(GROUPDB_OBJ) \ - $(LIBCLI_SRVSVC_OBJ) \ -- $(LIBCLI_LSA_OBJ) -+ $(LIBCLI_LSA_OBJ) \ -+ $(LIBCLI_NETLOGON_OBJ) \ -+ rpc_client/init_netlogon.o - - LIBSMBCLIENT_OBJ = $(LIBSMBCLIENT_OBJ1) - -@@ -1122,7 +1131,9 @@ CLIENT_OBJ = $(CLIENT_OBJ1) $(PARAM_OBJ) - $(READLINE_OBJ) $(POPT_LIB_OBJ) \ - $(PASSDB_OBJ) $(SMBLDAP_OBJ) $(GROUPDB_OBJ) \ - $(DISPLAY_SEC_OBJ) \ -- $(LIBCLI_SRVSVC_OBJ) -+ $(LIBCLI_SRVSVC_OBJ) \ -+ $(LIBCLI_NETLOGON_OBJ) \ -+ rpc_client/init_netlogon.o - - LIBSMBCONF_OBJ = ../lib/smbconf/smbconf.o \ - ../lib/smbconf/smbconf_util.o \ -@@ -1234,7 +1245,9 @@ SMBTORTURE_OBJ = $(SMBTORTURE_OBJ1) $(PA - @LIBWBCLIENT_STATIC@ \ - torture/wbc_async.o \ - ../nsswitch/wb_reqtrans.o \ -- $(LIBMSRPC_OBJ) $(LIBMSRPC_GEN_OBJ) $(LIBCLI_ECHO_OBJ) -+ $(LIBMSRPC_OBJ) $(LIBMSRPC_GEN_OBJ) $(LIBCLI_ECHO_OBJ) \ -+ $(LIBCLI_NETLOGON_OBJ) rpc_client/init_netlogon.o -+ - - MASKTEST_OBJ = torture/masktest.o $(PARAM_OBJ) $(LIBSMB_OBJ) $(KRBCLIENT_OBJ) \ - $(LIB_NONSMBD_OBJ) \ -@@ -1269,14 +1282,18 @@ SMBCACLS_OBJ = utils/smbcacls.o $(PARAM_ - $(KRBCLIENT_OBJ) $(LIB_NONSMBD_OBJ) \ - $(PASSDB_OBJ) $(GROUPDB_OBJ) $(LIBMSRPC_OBJ) $(LIBMSRPC_GEN_OBJ) \ - $(POPT_LIB_OBJ) $(SMBLDAP_OBJ) \ -- $(LIBCLI_LSA_OBJ) -+ $(LIBCLI_LSA_OBJ) \ -+ $(LIBCLI_NETLOGON_OBJ) \ -+ rpc_client/init_netlogon.o - - SMBCQUOTAS_OBJ = utils/smbcquotas.o $(LIBSMB_OBJ) $(KRBCLIENT_OBJ) \ - $(PARAM_OBJ) \ - $(LIB_NONSMBD_OBJ) \ - $(LIBMSRPC_OBJ) $(LIBMSRPC_GEN_OBJ) $(POPT_LIB_OBJ) \ - $(PASSDB_OBJ) $(SMBLDAP_OBJ) $(GROUPDB_OBJ) \ -- $(LIBCLI_LSA_OBJ) -+ $(LIBCLI_LSA_OBJ) \ -+ $(LIBCLI_NETLOGON_OBJ) \ -+ rpc_client/init_netlogon.o - - EVTLOGADM_OBJ0 = utils/eventlogadm.o - -Index: samba-3.6.23/librpc/ndr/ndr_basic.c -=================================================================== ---- samba-3.6.23.orig/librpc/ndr/ndr_basic.c -+++ samba-3.6.23/librpc/ndr/ndr_basic.c -@@ -61,6 +61,7 @@ _PUBLIC_ void ndr_check_padding(struct n - */ - _PUBLIC_ enum ndr_err_code ndr_pull_int8(struct ndr_pull *ndr, int ndr_flags, int8_t *v) - { -+ NDR_PULL_CHECK_FLAGS(ndr, ndr_flags); - NDR_PULL_NEED_BYTES(ndr, 1); - *v = (int8_t)CVAL(ndr->data, ndr->offset); - ndr->offset += 1; -@@ -72,6 +73,7 @@ _PUBLIC_ enum ndr_err_code ndr_pull_int8 - */ - _PUBLIC_ enum ndr_err_code ndr_pull_uint8(struct ndr_pull *ndr, int ndr_flags, uint8_t *v) - { -+ NDR_PULL_CHECK_FLAGS(ndr, ndr_flags); - NDR_PULL_NEED_BYTES(ndr, 1); - *v = CVAL(ndr->data, ndr->offset); - ndr->offset += 1; -@@ -83,6 +85,7 @@ _PUBLIC_ enum ndr_err_code ndr_pull_uint - */ - _PUBLIC_ enum ndr_err_code ndr_pull_int16(struct ndr_pull *ndr, int ndr_flags, int16_t *v) - { -+ NDR_PULL_CHECK_FLAGS(ndr, ndr_flags); - NDR_PULL_ALIGN(ndr, 2); - NDR_PULL_NEED_BYTES(ndr, 2); - *v = (uint16_t)NDR_SVAL(ndr, ndr->offset); -@@ -95,6 +98,7 @@ _PUBLIC_ enum ndr_err_code ndr_pull_int1 - */ - _PUBLIC_ enum ndr_err_code ndr_pull_uint16(struct ndr_pull *ndr, int ndr_flags, uint16_t *v) - { -+ NDR_PULL_CHECK_FLAGS(ndr, ndr_flags); - NDR_PULL_ALIGN(ndr, 2); - NDR_PULL_NEED_BYTES(ndr, 2); - *v = NDR_SVAL(ndr, ndr->offset); -@@ -107,6 +111,7 @@ _PUBLIC_ enum ndr_err_code ndr_pull_uint - */ - _PUBLIC_ enum ndr_err_code ndr_pull_uint1632(struct ndr_pull *ndr, int ndr_flags, uint16_t *v) - { -+ NDR_PULL_CHECK_FLAGS(ndr, ndr_flags); - if (unlikely(ndr->flags & LIBNDR_FLAG_NDR64)) { - uint32_t v32 = 0; - enum ndr_err_code err = ndr_pull_uint32(ndr, ndr_flags, &v32); -@@ -125,6 +130,7 @@ _PUBLIC_ enum ndr_err_code ndr_pull_uint - */ - _PUBLIC_ enum ndr_err_code ndr_pull_int32(struct ndr_pull *ndr, int ndr_flags, int32_t *v) - { -+ NDR_PULL_CHECK_FLAGS(ndr, ndr_flags); - NDR_PULL_ALIGN(ndr, 4); - NDR_PULL_NEED_BYTES(ndr, 4); - *v = NDR_IVALS(ndr, ndr->offset); -@@ -137,6 +143,7 @@ _PUBLIC_ enum ndr_err_code ndr_pull_int3 - */ - _PUBLIC_ enum ndr_err_code ndr_pull_uint32(struct ndr_pull *ndr, int ndr_flags, uint32_t *v) - { -+ NDR_PULL_CHECK_FLAGS(ndr, ndr_flags); - NDR_PULL_ALIGN(ndr, 4); - NDR_PULL_NEED_BYTES(ndr, 4); - *v = NDR_IVAL(ndr, ndr->offset); -@@ -151,6 +158,7 @@ _PUBLIC_ enum ndr_err_code ndr_pull_uint - { - uint64_t v64; - enum ndr_err_code err; -+ NDR_PULL_CHECK_FLAGS(ndr, ndr_flags); - if (likely(!(ndr->flags & LIBNDR_FLAG_NDR64))) { - return ndr_pull_uint32(ndr, ndr_flags, v); - } -@@ -169,6 +177,7 @@ _PUBLIC_ enum ndr_err_code ndr_pull_uint - */ - _PUBLIC_ enum ndr_err_code ndr_pull_double(struct ndr_pull *ndr, int ndr_flags, double *v) - { -+ NDR_PULL_CHECK_FLAGS(ndr, ndr_flags); - NDR_PULL_ALIGN(ndr, 8); - NDR_PULL_NEED_BYTES(ndr, 8); - memcpy(v, ndr->data+ndr->offset, 8); -@@ -217,6 +226,7 @@ _PUBLIC_ enum ndr_err_code ndr_pull_ref_ - */ - _PUBLIC_ enum ndr_err_code ndr_pull_udlong(struct ndr_pull *ndr, int ndr_flags, uint64_t *v) - { -+ NDR_PULL_CHECK_FLAGS(ndr, ndr_flags); - NDR_PULL_ALIGN(ndr, 4); - NDR_PULL_NEED_BYTES(ndr, 8); - *v = NDR_IVAL(ndr, ndr->offset); -@@ -230,6 +240,7 @@ _PUBLIC_ enum ndr_err_code ndr_pull_udlo - */ - _PUBLIC_ enum ndr_err_code ndr_pull_udlongr(struct ndr_pull *ndr, int ndr_flags, uint64_t *v) - { -+ NDR_PULL_CHECK_FLAGS(ndr, ndr_flags); - NDR_PULL_ALIGN(ndr, 4); - NDR_PULL_NEED_BYTES(ndr, 8); - *v = ((uint64_t)NDR_IVAL(ndr, ndr->offset)) << 32; -@@ -264,6 +275,7 @@ _PUBLIC_ enum ndr_err_code ndr_pull_hype - _PUBLIC_ enum ndr_err_code ndr_pull_pointer(struct ndr_pull *ndr, int ndr_flags, void* *v) - { - uintptr_t h; -+ NDR_PULL_CHECK_FLAGS(ndr, ndr_flags); - NDR_PULL_ALIGN(ndr, sizeof(h)); - NDR_PULL_NEED_BYTES(ndr, sizeof(h)); - memcpy(&h, ndr->data+ndr->offset, sizeof(h)); -@@ -278,6 +290,7 @@ _PUBLIC_ enum ndr_err_code ndr_pull_poin - _PUBLIC_ enum ndr_err_code ndr_pull_NTSTATUS(struct ndr_pull *ndr, int ndr_flags, NTSTATUS *status) - { - uint32_t v; -+ NDR_PULL_CHECK_FLAGS(ndr, ndr_flags); - NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &v)); - *status = NT_STATUS(v); - return NDR_ERR_SUCCESS; -@@ -302,6 +315,7 @@ _PUBLIC_ void ndr_print_NTSTATUS(struct - _PUBLIC_ enum ndr_err_code ndr_pull_WERROR(struct ndr_pull *ndr, int ndr_flags, WERROR *status) - { - uint32_t v; -+ NDR_PULL_CHECK_FLAGS(ndr, ndr_flags); - NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &v)); - *status = W_ERROR(v); - return NDR_ERR_SUCCESS; -@@ -414,6 +428,7 @@ _PUBLIC_ enum ndr_err_code ndr_pull_byte - */ - _PUBLIC_ enum ndr_err_code ndr_pull_array_uint8(struct ndr_pull *ndr, int ndr_flags, uint8_t *data, uint32_t n) - { -+ NDR_PULL_CHECK_FLAGS(ndr, ndr_flags); - if (!(ndr_flags & NDR_SCALARS)) { - return NDR_ERR_SUCCESS; - } -@@ -425,6 +440,7 @@ _PUBLIC_ enum ndr_err_code ndr_pull_arra - */ - _PUBLIC_ enum ndr_err_code ndr_push_int8(struct ndr_push *ndr, int ndr_flags, int8_t v) - { -+ NDR_PUSH_CHECK_FLAGS(ndr, ndr_flags); - NDR_PUSH_NEED_BYTES(ndr, 1); - SCVAL(ndr->data, ndr->offset, (uint8_t)v); - ndr->offset += 1; -@@ -436,6 +452,7 @@ _PUBLIC_ enum ndr_err_code ndr_push_int8 - */ - _PUBLIC_ enum ndr_err_code ndr_push_uint8(struct ndr_push *ndr, int ndr_flags, uint8_t v) - { -+ NDR_PUSH_CHECK_FLAGS(ndr, ndr_flags); - NDR_PUSH_NEED_BYTES(ndr, 1); - SCVAL(ndr->data, ndr->offset, v); - ndr->offset += 1; -@@ -447,6 +464,7 @@ _PUBLIC_ enum ndr_err_code ndr_push_uint - */ - _PUBLIC_ enum ndr_err_code ndr_push_int16(struct ndr_push *ndr, int ndr_flags, int16_t v) - { -+ NDR_PUSH_CHECK_FLAGS(ndr, ndr_flags); - NDR_PUSH_ALIGN(ndr, 2); - NDR_PUSH_NEED_BYTES(ndr, 2); - NDR_SSVAL(ndr, ndr->offset, (uint16_t)v); -@@ -459,6 +477,7 @@ _PUBLIC_ enum ndr_err_code ndr_push_int1 - */ - _PUBLIC_ enum ndr_err_code ndr_push_uint16(struct ndr_push *ndr, int ndr_flags, uint16_t v) - { -+ NDR_PUSH_CHECK_FLAGS(ndr, ndr_flags); - NDR_PUSH_ALIGN(ndr, 2); - NDR_PUSH_NEED_BYTES(ndr, 2); - NDR_SSVAL(ndr, ndr->offset, v); -@@ -482,6 +501,7 @@ _PUBLIC_ enum ndr_err_code ndr_push_uint - */ - _PUBLIC_ enum ndr_err_code ndr_push_int32(struct ndr_push *ndr, int ndr_flags, int32_t v) - { -+ NDR_PUSH_CHECK_FLAGS(ndr, ndr_flags); - NDR_PUSH_ALIGN(ndr, 4); - NDR_PUSH_NEED_BYTES(ndr, 4); - NDR_SIVALS(ndr, ndr->offset, v); -@@ -494,6 +514,7 @@ _PUBLIC_ enum ndr_err_code ndr_push_int3 - */ - _PUBLIC_ enum ndr_err_code ndr_push_uint32(struct ndr_push *ndr, int ndr_flags, uint32_t v) - { -+ NDR_PUSH_CHECK_FLAGS(ndr, ndr_flags); - NDR_PUSH_ALIGN(ndr, 4); - NDR_PUSH_NEED_BYTES(ndr, 4); - NDR_SIVAL(ndr, ndr->offset, v); -@@ -517,6 +538,7 @@ _PUBLIC_ enum ndr_err_code ndr_push_uint - */ - _PUBLIC_ enum ndr_err_code ndr_push_udlong(struct ndr_push *ndr, int ndr_flags, uint64_t v) - { -+ NDR_PUSH_CHECK_FLAGS(ndr, ndr_flags); - NDR_PUSH_ALIGN(ndr, 4); - NDR_PUSH_NEED_BYTES(ndr, 8); - NDR_SIVAL(ndr, ndr->offset, (v & 0xFFFFFFFF)); -@@ -530,6 +552,7 @@ _PUBLIC_ enum ndr_err_code ndr_push_udlo - */ - _PUBLIC_ enum ndr_err_code ndr_push_udlongr(struct ndr_push *ndr, int ndr_flags, uint64_t v) - { -+ NDR_PUSH_CHECK_FLAGS(ndr, ndr_flags); - NDR_PUSH_ALIGN(ndr, 4); - NDR_PUSH_NEED_BYTES(ndr, 8); - NDR_SIVAL(ndr, ndr->offset, (v>>32)); -@@ -563,6 +586,7 @@ _PUBLIC_ enum ndr_err_code ndr_push_hype - */ - _PUBLIC_ enum ndr_err_code ndr_push_double(struct ndr_push *ndr, int ndr_flags, double v) - { -+ NDR_PUSH_CHECK_FLAGS(ndr, ndr_flags); - NDR_PUSH_ALIGN(ndr, 8); - NDR_PUSH_NEED_BYTES(ndr, 8); - memcpy(ndr->data+ndr->offset, &v, 8); -@@ -576,6 +600,7 @@ _PUBLIC_ enum ndr_err_code ndr_push_doub - _PUBLIC_ enum ndr_err_code ndr_push_pointer(struct ndr_push *ndr, int ndr_flags, void* v) - { - uintptr_t h = (intptr_t)v; -+ NDR_PUSH_CHECK_FLAGS(ndr, ndr_flags); - NDR_PUSH_ALIGN(ndr, sizeof(h)); - NDR_PUSH_NEED_BYTES(ndr, sizeof(h)); - memcpy(ndr->data+ndr->offset, &h, sizeof(h)); -@@ -686,6 +711,7 @@ _PUBLIC_ enum ndr_err_code ndr_push_zero - */ - _PUBLIC_ enum ndr_err_code ndr_push_array_uint8(struct ndr_push *ndr, int ndr_flags, const uint8_t *data, uint32_t n) - { -+ NDR_PUSH_CHECK_FLAGS(ndr, ndr_flags); - if (!(ndr_flags & NDR_SCALARS)) { - return NDR_ERR_SUCCESS; - } -@@ -738,6 +764,7 @@ _PUBLIC_ enum ndr_err_code ndr_push_ref_ - */ - _PUBLIC_ enum ndr_err_code ndr_push_NTTIME(struct ndr_push *ndr, int ndr_flags, NTTIME t) - { -+ NDR_PUSH_CHECK_FLAGS(ndr, ndr_flags); - NDR_CHECK(ndr_push_udlong(ndr, ndr_flags, t)); - return NDR_ERR_SUCCESS; - } -@@ -747,6 +774,7 @@ _PUBLIC_ enum ndr_err_code ndr_push_NTTI - */ - _PUBLIC_ enum ndr_err_code ndr_pull_NTTIME(struct ndr_pull *ndr, int ndr_flags, NTTIME *t) - { -+ NDR_PULL_CHECK_FLAGS(ndr, ndr_flags); - NDR_CHECK(ndr_pull_udlong(ndr, ndr_flags, t)); - return NDR_ERR_SUCCESS; - } -@@ -756,6 +784,7 @@ _PUBLIC_ enum ndr_err_code ndr_pull_NTTI - */ - _PUBLIC_ enum ndr_err_code ndr_push_NTTIME_1sec(struct ndr_push *ndr, int ndr_flags, NTTIME t) - { -+ NDR_PUSH_CHECK_FLAGS(ndr, ndr_flags); - t /= 10000000; - NDR_CHECK(ndr_push_hyper(ndr, ndr_flags, t)); - return NDR_ERR_SUCCESS; -@@ -766,6 +795,7 @@ _PUBLIC_ enum ndr_err_code ndr_push_NTTI - */ - _PUBLIC_ enum ndr_err_code ndr_pull_NTTIME_1sec(struct ndr_pull *ndr, int ndr_flags, NTTIME *t) - { -+ NDR_PULL_CHECK_FLAGS(ndr, ndr_flags); - NDR_CHECK(ndr_pull_hyper(ndr, ndr_flags, t)); - (*t) *= 10000000; - return NDR_ERR_SUCCESS; -@@ -776,6 +806,7 @@ _PUBLIC_ enum ndr_err_code ndr_pull_NTTI - */ - _PUBLIC_ enum ndr_err_code ndr_pull_NTTIME_hyper(struct ndr_pull *ndr, int ndr_flags, NTTIME *t) - { -+ NDR_PULL_CHECK_FLAGS(ndr, ndr_flags); - NDR_CHECK(ndr_pull_hyper(ndr, ndr_flags, t)); - return NDR_ERR_SUCCESS; - } -@@ -785,6 +816,7 @@ _PUBLIC_ enum ndr_err_code ndr_pull_NTTI - */ - _PUBLIC_ enum ndr_err_code ndr_push_NTTIME_hyper(struct ndr_push *ndr, int ndr_flags, NTTIME t) - { -+ NDR_PUSH_CHECK_FLAGS(ndr, ndr_flags); - NDR_CHECK(ndr_push_hyper(ndr, ndr_flags, t)); - return NDR_ERR_SUCCESS; - } -@@ -814,6 +846,7 @@ _PUBLIC_ enum ndr_err_code ndr_pull_time - */ - _PUBLIC_ enum ndr_err_code ndr_push_uid_t(struct ndr_push *ndr, int ndr_flags, uid_t u) - { -+ NDR_PUSH_CHECK_FLAGS(ndr, ndr_flags); - return ndr_push_hyper(ndr, NDR_SCALARS, (uint64_t)u); - } - -@@ -839,6 +872,7 @@ _PUBLIC_ enum ndr_err_code ndr_pull_uid_ - */ - _PUBLIC_ enum ndr_err_code ndr_push_gid_t(struct ndr_push *ndr, int ndr_flags, gid_t g) - { -+ NDR_PUSH_CHECK_FLAGS(ndr, ndr_flags); - return ndr_push_hyper(ndr, NDR_SCALARS, (uint64_t)g); - } - -Index: samba-3.6.23/source3/lib/bitmap.c -=================================================================== ---- samba-3.6.23.orig/source3/lib/bitmap.c -+++ /dev/null -@@ -1,136 +0,0 @@ --/* -- Unix SMB/CIFS implementation. -- simple bitmap functions -- Copyright (C) Andrew Tridgell 1992-1998 -- -- This program is free software; you can redistribute it and/or modify -- it under the terms of the GNU General Public License as published by -- the Free Software Foundation; either version 3 of the License, or -- (at your option) any later version. -- -- This program is distributed in the hope that it will be useful, -- but WITHOUT ANY WARRANTY; without even the implied warranty of -- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -- GNU General Public License for more details. -- -- You should have received a copy of the GNU General Public License -- along with this program. If not, see http://www.gnu.org/licenses/. --*/ -- --#include "includes.h" -- --/* these functions provide a simple way to allocate integers from a -- pool without repetition */ -- --/**************************************************************************** --talloc a bitmap --****************************************************************************/ --struct bitmap *bitmap_talloc(TALLOC_CTX *mem_ctx, int n) --{ -- struct bitmap *bm; -- -- bm = TALLOC_P(mem_ctx, struct bitmap); -- -- if (!bm) return NULL; -- -- bm->n = n; -- bm->b = TALLOC_ZERO_ARRAY(bm, uint32, (n+31)/32); -- if (!bm->b) { -- TALLOC_FREE(bm); -- return NULL; -- } -- return bm; --} -- --/**************************************************************************** --copy as much of the source bitmap as will fit in the destination bitmap. --****************************************************************************/ -- --int bitmap_copy(struct bitmap * const dst, const struct bitmap * const src) --{ -- int count = MIN(dst->n, src->n); -- -- SMB_ASSERT(dst->b != src->b); -- memcpy(dst->b, src->b, sizeof(uint32)*((count+31)/32)); -- -- return count; --} -- --/**************************************************************************** --set a bit in a bitmap --****************************************************************************/ --bool bitmap_set(struct bitmap *bm, unsigned i) --{ -- if (i >= bm->n) { -- DEBUG(0,("Setting invalid bitmap entry %d (of %d)\n", -- i, bm->n)); -- return False; -- } -- bm->b[i/32] |= (1<<(i%32)); -- return True; --} -- --/**************************************************************************** --clear a bit in a bitmap --****************************************************************************/ --bool bitmap_clear(struct bitmap *bm, unsigned i) --{ -- if (i >= bm->n) { -- DEBUG(0,("clearing invalid bitmap entry %d (of %d)\n", -- i, bm->n)); -- return False; -- } -- bm->b[i/32] &= ~(1<<(i%32)); -- return True; --} -- --/**************************************************************************** --query a bit in a bitmap --****************************************************************************/ --bool bitmap_query(struct bitmap *bm, unsigned i) --{ -- if (i >= bm->n) return False; -- if (bm->b[i/32] & (1<<(i%32))) { -- return True; -- } -- return False; --} -- --/**************************************************************************** --find a zero bit in a bitmap starting at the specified offset, with --wraparound --****************************************************************************/ --int bitmap_find(struct bitmap *bm, unsigned ofs) --{ -- unsigned int i, j; -- -- if (ofs > bm->n) ofs = 0; -- -- i = ofs; -- while (i < bm->n) { -- if (~(bm->b[i/32])) { -- j = i; -- do { -- if (!bitmap_query(bm, j)) return j; -- j++; -- } while (j & 31 && j < bm->n); -- } -- i += 32; -- i &= ~31; -- } -- -- i = 0; -- while (i < ofs) { -- if (~(bm->b[i/32])) { -- j = i; -- do { -- if (!bitmap_query(bm, j)) return j; -- j++; -- } while (j & 31 && j < bm->n); -- } -- i += 32; -- i &= ~31; -- } -- -- return -1; --} -Index: samba-3.6.23/lib/util/bitmap.c -=================================================================== ---- /dev/null -+++ samba-3.6.23/lib/util/bitmap.c -@@ -0,0 +1,137 @@ -+/* -+ Unix SMB/CIFS implementation. -+ simple bitmap functions -+ Copyright (C) Andrew Tridgell 1992-1998 -+ -+ This program is free software; you can redistribute it and/or modify -+ it under the terms of the GNU General Public License as published by -+ the Free Software Foundation; either version 3 of the License, or -+ (at your option) any later version. -+ -+ This program is distributed in the hope that it will be useful, -+ but WITHOUT ANY WARRANTY; without even the implied warranty of -+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -+ GNU General Public License for more details. -+ -+ You should have received a copy of the GNU General Public License -+ along with this program. If not, see http://www.gnu.org/licenses/. -+*/ -+ -+#include "includes.h" -+#include "lib/util/bitmap.h" -+ -+/* these functions provide a simple way to allocate integers from a -+ pool without repetition */ -+ -+/**************************************************************************** -+talloc a bitmap -+****************************************************************************/ -+struct bitmap *bitmap_talloc(TALLOC_CTX *mem_ctx, int n) -+{ -+ struct bitmap *bm; -+ -+ bm = talloc_zero(mem_ctx, struct bitmap); -+ -+ if (!bm) return NULL; -+ -+ bm->n = n; -+ bm->b = talloc_zero_array(bm, uint32_t, (n+31)/32); -+ if (!bm->b) { -+ TALLOC_FREE(bm); -+ return NULL; -+ } -+ return bm; -+} -+ -+/**************************************************************************** -+copy as much of the source bitmap as will fit in the destination bitmap. -+****************************************************************************/ -+ -+int bitmap_copy(struct bitmap * const dst, const struct bitmap * const src) -+{ -+ int count = MIN(dst->n, src->n); -+ -+ SMB_ASSERT(dst->b != src->b); -+ memcpy(dst->b, src->b, sizeof(uint32_t)*((count+31)/32)); -+ -+ return count; -+} -+ -+/**************************************************************************** -+set a bit in a bitmap -+****************************************************************************/ -+bool bitmap_set(struct bitmap *bm, unsigned i) -+{ -+ if (i >= bm->n) { -+ DEBUG(0,("Setting invalid bitmap entry %d (of %d)\n", -+ i, bm->n)); -+ return false; -+ } -+ bm->b[i/32] |= (1<<(i%32)); -+ return true; -+} -+ -+/**************************************************************************** -+clear a bit in a bitmap -+****************************************************************************/ -+bool bitmap_clear(struct bitmap *bm, unsigned i) -+{ -+ if (i >= bm->n) { -+ DEBUG(0,("clearing invalid bitmap entry %d (of %d)\n", -+ i, bm->n)); -+ return false; -+ } -+ bm->b[i/32] &= ~(1<<(i%32)); -+ return true; -+} -+ -+/**************************************************************************** -+query a bit in a bitmap -+****************************************************************************/ -+bool bitmap_query(struct bitmap *bm, unsigned i) -+{ -+ if (i >= bm->n) return false; -+ if (bm->b[i/32] & (1<<(i%32))) { -+ return true; -+ } -+ return false; -+} -+ -+/**************************************************************************** -+find a zero bit in a bitmap starting at the specified offset, with -+wraparound -+****************************************************************************/ -+int bitmap_find(struct bitmap *bm, unsigned ofs) -+{ -+ unsigned int i, j; -+ -+ if (ofs > bm->n) ofs = 0; -+ -+ i = ofs; -+ while (i < bm->n) { -+ if (~(bm->b[i/32])) { -+ j = i; -+ do { -+ if (!bitmap_query(bm, j)) return j; -+ j++; -+ } while (j & 31 && j < bm->n); -+ } -+ i += 32; -+ i &= ~31; -+ } -+ -+ i = 0; -+ while (i < ofs) { -+ if (~(bm->b[i/32])) { -+ j = i; -+ do { -+ if (!bitmap_query(bm, j)) return j; -+ j++; -+ } while (j & 31 && j < bm->n); -+ } -+ i += 32; -+ i &= ~31; -+ } -+ -+ return -1; -+} -Index: samba-3.6.23/lib/util/bitmap.h -=================================================================== ---- /dev/null -+++ samba-3.6.23/lib/util/bitmap.h -@@ -0,0 +1,32 @@ -+/* -+ Unix SMB/CIFS implementation. -+ simple bitmap functions -+ Copyright (C) Andrew Tridgell 1992-1998 -+ -+ This program is free software; you can redistribute it and/or modify -+ it under the terms of the GNU General Public License as published by -+ the Free Software Foundation; either version 3 of the License, or -+ (at your option) any later version. -+ -+ This program is distributed in the hope that it will be useful, -+ but WITHOUT ANY WARRANTY; without even the implied warranty of -+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -+ GNU General Public License for more details. -+ -+ You should have received a copy of the GNU General Public License -+ along with this program. If not, see http://www.gnu.org/licenses/. -+*/ -+ -+/* The following definitions come from lib/bitmap.c */ -+ -+struct bitmap { -+ uint32_t *b; -+ unsigned int n; -+}; -+ -+struct bitmap *bitmap_talloc(TALLOC_CTX *mem_ctx, int n); -+int bitmap_copy(struct bitmap * const dst, const struct bitmap * const src); -+bool bitmap_set(struct bitmap *bm, unsigned i); -+bool bitmap_clear(struct bitmap *bm, unsigned i); -+bool bitmap_query(struct bitmap *bm, unsigned i); -+int bitmap_find(struct bitmap *bm, unsigned ofs); -Index: samba-3.6.23/lib/util/wscript_build -=================================================================== ---- samba-3.6.23.orig/lib/util/wscript_build -+++ samba-3.6.23/lib/util/wscript_build -@@ -99,5 +99,11 @@ bld.SAMBA_LIBRARY('tdb-wrap', - public_headers='tdb_wrap.h', - private_library=True, - local_include=False -- ) -+ ) -+ -+bld.SAMBA_LIBRARY('bitmap', -+ source='bitmap.c', -+ deps='talloc samba-util', -+ local_include=False, -+ private_library=True) - -Index: samba-3.6.23/source3/include/proto.h -=================================================================== ---- samba-3.6.23.orig/source3/include/proto.h -+++ samba-3.6.23/source3/include/proto.h -@@ -61,15 +61,6 @@ const char *audit_description_str(uint32 - bool get_audit_category_from_param(const char *param, uint32 *audit_category); - const char *audit_policy_str(TALLOC_CTX *mem_ctx, uint32 policy); - --/* The following definitions come from lib/bitmap.c */ -- --struct bitmap *bitmap_talloc(TALLOC_CTX *mem_ctx, int n); --int bitmap_copy(struct bitmap * const dst, const struct bitmap * const src); --bool bitmap_set(struct bitmap *bm, unsigned i); --bool bitmap_clear(struct bitmap *bm, unsigned i); --bool bitmap_query(struct bitmap *bm, unsigned i); --int bitmap_find(struct bitmap *bm, unsigned ofs); -- - /* The following definitions come from lib/charcnv.c */ - - char lp_failed_convert_char(void); -Index: samba-3.6.23/source3/include/smb.h -=================================================================== ---- samba-3.6.23.orig/source3/include/smb.h -+++ samba-3.6.23/source3/include/smb.h -@@ -712,7 +712,6 @@ struct connections_data { - uint32 unused_compatitibility_field; - }; - -- - /* the following are used by loadparm for option lists */ - typedef enum { - P_BOOL,P_BOOLREV,P_CHAR,P_INTEGER,P_OCTAL,P_LIST, -@@ -759,11 +758,6 @@ struct parm_struct { - #define FLAG_META 0x8000 /* A meta directive - not a real parameter */ - #define FLAG_CMDLINE 0x10000 /* option has been overridden */ - --struct bitmap { -- uint32 *b; -- unsigned int n; --}; -- - /* offsets into message for common items */ - #define smb_com 8 - #define smb_rcls 9 -Index: samba-3.6.23/source3/modules/vfs_acl_common.c -=================================================================== ---- samba-3.6.23.orig/source3/modules/vfs_acl_common.c -+++ samba-3.6.23/source3/modules/vfs_acl_common.c -@@ -23,6 +23,7 @@ - #include "system/filesys.h" - #include "../libcli/security/security.h" - #include "../librpc/gen_ndr/ndr_security.h" -+#include "../lib/util/bitmap.h" - - static NTSTATUS create_acl_blob(const struct security_descriptor *psd, - DATA_BLOB *pblob, -Index: samba-3.6.23/source3/modules/vfs_full_audit.c -=================================================================== ---- samba-3.6.23.orig/source3/modules/vfs_full_audit.c -+++ samba-3.6.23/source3/modules/vfs_full_audit.c -@@ -64,6 +64,7 @@ - #include "../librpc/gen_ndr/ndr_netlogon.h" - #include "auth.h" - #include "ntioctl.h" -+#include "lib/util/bitmap.h" - - static int vfs_full_audit_debug_level = DBGC_VFS; - -Index: samba-3.6.23/source3/param/loadparm.c -=================================================================== ---- samba-3.6.23.orig/source3/param/loadparm.c -+++ samba-3.6.23/source3/param/loadparm.c -@@ -64,6 +64,7 @@ - #include "smb_signing.h" - #include "dbwrap.h" - #include "smbldap.h" -+#include "../lib/util/bitmap.h" - - #ifdef HAVE_SYS_SYSCTL_H - #include <sys/sysctl.h> -Index: samba-3.6.23/source3/passdb/pdb_get_set.c -=================================================================== ---- samba-3.6.23.orig/source3/passdb/pdb_get_set.c -+++ samba-3.6.23/source3/passdb/pdb_get_set.c -@@ -25,6 +25,7 @@ - #include "passdb.h" - #include "../libcli/auth/libcli_auth.h" - #include "../libcli/security/security.h" -+#include "../lib/util/bitmap.h" - - #undef DBGC_CLASS - #define DBGC_CLASS DBGC_PASSDB -Index: samba-3.6.23/source3/smbd/conn.c -=================================================================== ---- samba-3.6.23.orig/source3/smbd/conn.c -+++ samba-3.6.23/source3/smbd/conn.c -@@ -23,6 +23,7 @@ - #include "smbd/smbd.h" - #include "smbd/globals.h" - #include "rpc_server/rpc_ncacn_np.h" -+#include "lib/util/bitmap.h" - - /* The connections bitmap is expanded in increments of BITMAP_BLOCK_SZ. The - * maximum size of the bitmap is the largest positive integer, but you will hit -Index: samba-3.6.23/source3/smbd/dir.c -=================================================================== ---- samba-3.6.23.orig/source3/smbd/dir.c -+++ samba-3.6.23/source3/smbd/dir.c -@@ -23,6 +23,7 @@ - #include "smbd/smbd.h" - #include "smbd/globals.h" - #include "libcli/security/security.h" -+#include "lib/util/bitmap.h" - - /* - This module implements directory related functions for Samba. -Index: samba-3.6.23/source3/smbd/files.c -=================================================================== ---- samba-3.6.23.orig/source3/smbd/files.c -+++ samba-3.6.23/source3/smbd/files.c -@@ -22,6 +22,7 @@ - #include "smbd/globals.h" - #include "libcli/security/security.h" - #include "util_tdb.h" -+#include "lib/util/bitmap.h" - - #define VALID_FNUM(fnum) (((fnum) >= 0) && ((fnum) < real_max_open_files)) - -Index: samba-3.6.23/source3/smbd/smb2_server.c -=================================================================== ---- samba-3.6.23.orig/source3/smbd/smb2_server.c -+++ samba-3.6.23/source3/smbd/smb2_server.c -@@ -26,6 +26,7 @@ - #include "../lib/tsocket/tsocket.h" - #include "../lib/util/tevent_ntstatus.h" - #include "smbprofile.h" -+#include "../lib/util/bitmap.h" - - #define OUTVEC_ALLOC_SIZE (SMB2_HDR_BODY + 9) - -Index: samba-3.6.23/source3/rpc_client/cli_pipe.c -=================================================================== ---- samba-3.6.23.orig/source3/rpc_client/cli_pipe.c -+++ samba-3.6.23/source3/rpc_client/cli_pipe.c -@@ -28,6 +28,7 @@ - #include "../libcli/auth/ntlmssp.h" - #include "ntlmssp_wrap.h" - #include "librpc/gen_ndr/ndr_dcerpc.h" -+#include "librpc/gen_ndr/ndr_netlogon_c.h" - #include "librpc/rpc/dcerpc.h" - #include "librpc/crypto/gse.h" - #include "librpc/crypto/spnego.h" -@@ -399,6 +400,7 @@ static NTSTATUS cli_pipe_validate_curren - struct ncacn_packet *pkt, - DATA_BLOB *pdu, - uint8_t expected_pkt_type, -+ uint32_t call_id, - DATA_BLOB *rdata, - DATA_BLOB *reply_pdu) - { -@@ -497,7 +499,7 @@ static NTSTATUS cli_pipe_validate_curren - "from %s!\n", - (unsigned int)pkt->ptype, - rpccli_pipe_txt(talloc_tos(), cli))); -- return NT_STATUS_INVALID_INFO_CLASS; -+ return NT_STATUS_RPC_PROTOCOL_ERROR; - } - - if (pkt->ptype != expected_pkt_type) { -@@ -505,7 +507,15 @@ static NTSTATUS cli_pipe_validate_curren - "RPC packet type - %u, not %u\n", - rpccli_pipe_txt(talloc_tos(), cli), - pkt->ptype, expected_pkt_type)); -- return NT_STATUS_INVALID_INFO_CLASS; -+ return NT_STATUS_RPC_PROTOCOL_ERROR; -+ } -+ -+ if (pkt->call_id != call_id) { -+ DEBUG(3, (__location__ ": Connection to %s got an unexpected " -+ "RPC call_id - %u, not %u\n", -+ rpccli_pipe_txt(talloc_tos(), cli), -+ pkt->call_id, call_id)); -+ return NT_STATUS_RPC_PROTOCOL_ERROR; - } - - /* Do this just before return - we don't want to modify any rpc header -@@ -898,6 +908,7 @@ static void rpc_api_pipe_got_pdu(struct - state->cli, state->pkt, - &state->incoming_frag, - state->expected_pkt_type, -+ state->call_id, - &rdata, - &state->reply_pdu); - -@@ -1269,12 +1280,17 @@ struct rpc_api_pipe_req_state { - uint32_t call_id; - DATA_BLOB *req_data; - uint32_t req_data_sent; -+ DATA_BLOB req_trailer; -+ uint32_t req_trailer_sent; -+ bool verify_bitmask1; -+ bool verify_pcontext; - DATA_BLOB rpc_out; - DATA_BLOB reply_pdu; - }; - - static void rpc_api_pipe_req_write_done(struct tevent_req *subreq); - static void rpc_api_pipe_req_done(struct tevent_req *subreq); -+static NTSTATUS prepare_verification_trailer(struct rpc_api_pipe_req_state *state); - static NTSTATUS prepare_next_frag(struct rpc_api_pipe_req_state *state, - bool *is_last_frag); - -@@ -1310,6 +1326,11 @@ struct tevent_req *rpc_api_pipe_req_send - goto post_status; - } - -+ status = prepare_verification_trailer(state); -+ if (!NT_STATUS_IS_OK(status)) { -+ goto post_status; -+ } -+ - status = prepare_next_frag(state, &is_last_frag); - if (!NT_STATUS_IS_OK(status)) { - goto post_status; -@@ -1344,25 +1365,161 @@ struct tevent_req *rpc_api_pipe_req_send - return NULL; - } - -+static NTSTATUS prepare_verification_trailer(struct rpc_api_pipe_req_state *state) -+{ -+ struct pipe_auth_data *a = state->cli->auth; -+ struct dcerpc_sec_verification_trailer *t; -+ struct dcerpc_sec_vt *c = NULL; -+ struct ndr_push *ndr = NULL; -+ enum ndr_err_code ndr_err; -+ size_t align = 0; -+ size_t pad = 0; -+ -+ if (a == NULL) { -+ return NT_STATUS_OK; -+ } -+ -+ if (a->auth_level < DCERPC_AUTH_LEVEL_INTEGRITY) { -+ return NT_STATUS_OK; -+ } -+ -+ t = talloc_zero(state, struct dcerpc_sec_verification_trailer); -+ if (t == NULL) { -+ return NT_STATUS_NO_MEMORY; -+ } -+ -+ if (!a->verified_bitmask1) { -+ t->commands = talloc_realloc(t, t->commands, -+ struct dcerpc_sec_vt, -+ t->count.count + 1); -+ if (t->commands == NULL) { -+ return NT_STATUS_NO_MEMORY; -+ } -+ c = &t->commands[t->count.count++]; -+ ZERO_STRUCTP(c); -+ -+ c->command = DCERPC_SEC_VT_COMMAND_BITMASK1; -+ state->verify_bitmask1 = true; -+ } -+ -+ if (!state->cli->verified_pcontext) { -+ t->commands = talloc_realloc(t, t->commands, -+ struct dcerpc_sec_vt, -+ t->count.count + 1); -+ if (t->commands == NULL) { -+ return NT_STATUS_NO_MEMORY; -+ } -+ c = &t->commands[t->count.count++]; -+ ZERO_STRUCTP(c); -+ -+ c->command = DCERPC_SEC_VT_COMMAND_PCONTEXT; -+ c->u.pcontext.abstract_syntax = state->cli->abstract_syntax; -+ c->u.pcontext.transfer_syntax = state->cli->transfer_syntax; -+ -+ state->verify_pcontext = true; -+ } -+ -+ if (true) { /* We do not support header signing */ -+ t->commands = talloc_realloc(t, t->commands, -+ struct dcerpc_sec_vt, -+ t->count.count + 1); -+ if (t->commands == NULL) { -+ return NT_STATUS_NO_MEMORY; -+ } -+ c = &t->commands[t->count.count++]; -+ ZERO_STRUCTP(c); -+ -+ c->command = DCERPC_SEC_VT_COMMAND_HEADER2; -+ c->u.header2.ptype = DCERPC_PKT_REQUEST; -+ c->u.header2.drep[0] = DCERPC_DREP_LE; -+ c->u.header2.drep[1] = 0; -+ c->u.header2.drep[2] = 0; -+ c->u.header2.drep[3] = 0; -+ c->u.header2.call_id = state->call_id; -+ c->u.header2.context_id = 0; -+ c->u.header2.opnum = state->op_num; -+ } -+ -+ if (t->count.count == 0) { -+ TALLOC_FREE(t); -+ return NT_STATUS_OK; -+ } -+ -+ c = &t->commands[t->count.count - 1]; -+ c->command |= DCERPC_SEC_VT_COMMAND_END; -+ -+ if (DEBUGLEVEL >= 10) { -+ NDR_PRINT_DEBUG(dcerpc_sec_verification_trailer, t); -+ } -+ -+ ndr = ndr_push_init_ctx(state); -+ if (ndr == NULL) { -+ return NT_STATUS_NO_MEMORY; -+ } -+ -+ ndr_err = ndr_push_dcerpc_sec_verification_trailer(ndr, -+ NDR_SCALARS | NDR_BUFFERS, -+ t); -+ if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { -+ return ndr_map_error2ntstatus(ndr_err); -+ } -+ state->req_trailer = ndr_push_blob(ndr); -+ -+ align = state->req_data->length & 0x3; -+ if (align > 0) { -+ pad = 4 - align; -+ } -+ if (pad > 0) { -+ bool ok; -+ uint8_t *p; -+ const uint8_t zeros[4] = { 0, }; -+ -+ ok = data_blob_append(ndr, &state->req_trailer, zeros, pad); -+ if (!ok) { -+ return NT_STATUS_NO_MEMORY; -+ } -+ -+ /* move the padding to the start */ -+ p = state->req_trailer.data; -+ memmove(p + pad, p, state->req_trailer.length - pad); -+ memset(p, 0, pad); -+ } -+ -+ return NT_STATUS_OK; -+} -+ - static NTSTATUS prepare_next_frag(struct rpc_api_pipe_req_state *state, - bool *is_last_frag) - { -- size_t data_sent_thistime; - size_t auth_len; - size_t frag_len; - uint8_t flags = 0; - size_t pad_len; - size_t data_left; -+ size_t data_thistime; -+ size_t trailer_left; -+ size_t trailer_thistime = 0; -+ size_t total_left; -+ size_t total_thistime; - NTSTATUS status; -+ bool ok; - union dcerpc_payload u; - - data_left = state->req_data->length - state->req_data_sent; -+ trailer_left = state->req_trailer.length - state->req_trailer_sent; -+ total_left = data_left + trailer_left; -+ if ((total_left < data_left) || (total_left < trailer_left)) { -+ /* -+ * overflow -+ */ -+ return NT_STATUS_INVALID_PARAMETER_MIX; -+ } - - status = dcerpc_guess_sizes(state->cli->auth, -- DCERPC_REQUEST_LENGTH, data_left, -+ DCERPC_REQUEST_LENGTH, total_left, - state->cli->max_xmit_frag, - CLIENT_NDR_PADDING_SIZE, -- &data_sent_thistime, -+ &total_thistime, - &frag_len, &auth_len, &pad_len); - if (!NT_STATUS_IS_OK(status)) { - return status; -@@ -1372,15 +1529,20 @@ static NTSTATUS prepare_next_frag(struct - flags = DCERPC_PFC_FLAG_FIRST; - } - -- if (data_sent_thistime == data_left) { -+ if (total_thistime == total_left) { - flags |= DCERPC_PFC_FLAG_LAST; - } - -+ data_thistime = MIN(total_thistime, data_left); -+ if (data_thistime < total_thistime) { -+ trailer_thistime = total_thistime - data_thistime; -+ } -+ - data_blob_free(&state->rpc_out); - - ZERO_STRUCT(u.request); - -- u.request.alloc_hint = state->req_data->length; -+ u.request.alloc_hint = total_left; - u.request.context_id = 0; - u.request.opnum = state->op_num; - -@@ -1400,11 +1562,26 @@ static NTSTATUS prepare_next_frag(struct - * at this stage */ - dcerpc_set_frag_length(&state->rpc_out, frag_len); - -- /* Copy in the data. */ -- if (!data_blob_append(NULL, &state->rpc_out, -+ if (data_thistime > 0) { -+ /* Copy in the data. */ -+ ok = data_blob_append(NULL, &state->rpc_out, - state->req_data->data + state->req_data_sent, -- data_sent_thistime)) { -- return NT_STATUS_NO_MEMORY; -+ data_thistime); -+ if (!ok) { -+ return NT_STATUS_NO_MEMORY; -+ } -+ state->req_data_sent += data_thistime; -+ } -+ -+ if (trailer_thistime > 0) { -+ /* Copy in the verification trailer. */ -+ ok = data_blob_append(NULL, &state->rpc_out, -+ state->req_trailer.data + state->req_trailer_sent, -+ trailer_thistime); -+ if (!ok) { -+ return NT_STATUS_NO_MEMORY; -+ } -+ state->req_trailer_sent += trailer_thistime; - } - - switch (state->cli->auth->auth_level) { -@@ -1424,7 +1601,6 @@ static NTSTATUS prepare_next_frag(struct - return NT_STATUS_INVALID_PARAMETER; - } - -- state->req_data_sent += data_sent_thistime; - *is_last_frag = ((flags & DCERPC_PFC_FLAG_LAST) != 0); - - return status; -@@ -1488,6 +1664,20 @@ static void rpc_api_pipe_req_done(struct - tevent_req_nterror(req, status); - return; - } -+ -+ if (state->cli->auth == NULL) { -+ tevent_req_done(req); -+ return; -+ } -+ -+ if (state->verify_bitmask1) { -+ state->cli->auth->verified_bitmask1 = true; -+ } -+ -+ if (state->verify_pcontext) { -+ state->cli->verified_pcontext = true; -+ } -+ - tevent_req_done(req); - } - -@@ -1647,9 +1837,15 @@ struct rpc_pipe_bind_state { - DATA_BLOB rpc_out; - bool auth3; - uint32_t rpc_call_id; -+ struct netr_Authenticator auth; -+ struct netr_Authenticator return_auth; -+ struct netlogon_creds_CredentialState *creds; -+ union netr_Capabilities capabilities; -+ struct netr_LogonGetCapabilities r; - }; - - static void rpc_pipe_bind_step_one_done(struct tevent_req *subreq); -+static void rpc_pipe_bind_step_two_trigger(struct tevent_req *req); - static NTSTATUS rpc_bind_next_send(struct tevent_req *req, - struct rpc_pipe_bind_state *state, - DATA_BLOB *credentials); -@@ -1753,11 +1949,14 @@ static void rpc_pipe_bind_step_one_done( - - case DCERPC_AUTH_TYPE_NONE: - case DCERPC_AUTH_TYPE_NCALRPC_AS_SYSTEM: -- case DCERPC_AUTH_TYPE_SCHANNEL: - /* Bind complete. */ - tevent_req_done(req); - return; - -+ case DCERPC_AUTH_TYPE_SCHANNEL: -+ rpc_pipe_bind_step_two_trigger(req); -+ return; -+ - case DCERPC_AUTH_TYPE_NTLMSSP: - case DCERPC_AUTH_TYPE_SPNEGO: - case DCERPC_AUTH_TYPE_KRB5: -@@ -1869,6 +2068,150 @@ err_out: - tevent_req_nterror(req, NT_STATUS_INTERNAL_ERROR); - } - -+static void rpc_pipe_bind_step_two_done(struct tevent_req *subreq); -+ -+static void rpc_pipe_bind_step_two_trigger(struct tevent_req *req) -+{ -+ struct rpc_pipe_bind_state *state = -+ tevent_req_data(req, -+ struct rpc_pipe_bind_state); -+ struct dcerpc_binding_handle *b = state->cli->binding_handle; -+ struct schannel_state *schannel_auth = -+ talloc_get_type_abort(state->cli->auth->auth_ctx, -+ struct schannel_state); -+ struct tevent_req *subreq; -+ -+ if (schannel_auth == NULL || -+ !ndr_syntax_id_equal(&state->cli->abstract_syntax, -+ &ndr_table_netlogon.syntax_id)) { -+ tevent_req_done(req); -+ return; -+ } -+ -+ ZERO_STRUCT(state->return_auth); -+ -+ state->creds = netlogon_creds_copy(state, schannel_auth->creds); -+ if (state->creds == NULL) { -+ tevent_req_nterror(req, NT_STATUS_NO_MEMORY); -+ return; -+ } -+ -+ netlogon_creds_client_authenticator(state->creds, &state->auth); -+ -+ state->r.in.server_name = state->cli->srv_name_slash; -+ state->r.in.computer_name = state->creds->computer_name; -+ state->r.in.credential = &state->auth; -+ state->r.in.query_level = 1; -+ state->r.in.return_authenticator = &state->return_auth; -+ -+ state->r.out.capabilities = &state->capabilities; -+ state->r.out.return_authenticator = &state->return_auth; -+ -+ subreq = dcerpc_netr_LogonGetCapabilities_r_send(talloc_tos(), -+ state->ev, -+ b, -+ &state->r); -+ if (subreq == NULL) { -+ tevent_req_nterror(req, NT_STATUS_NO_MEMORY); -+ return; -+ } -+ -+ tevent_req_set_callback(subreq, rpc_pipe_bind_step_two_done, req); -+ return; -+} -+ -+static void rpc_pipe_bind_step_two_done(struct tevent_req *subreq) -+{ -+ struct tevent_req *req = -+ tevent_req_callback_data(subreq, -+ struct tevent_req); -+ struct rpc_pipe_bind_state *state = -+ tevent_req_data(req, -+ struct rpc_pipe_bind_state); -+ NTSTATUS status; -+ -+ status = dcerpc_netr_LogonGetCapabilities_r_recv(subreq, talloc_tos()); -+ TALLOC_FREE(subreq); -+ if (NT_STATUS_EQUAL(status, NT_STATUS_RPC_PROCNUM_OUT_OF_RANGE)) { -+ if (state->cli->dc && state->cli->dc->negotiate_flags & -+ NETLOGON_NEG_SUPPORTS_AES) { -+ DEBUG(5, ("AES is not supported and the error was %s\n", -+ nt_errstr(status))); -+ tevent_req_nterror(req, -+ NT_STATUS_INVALID_NETWORK_RESPONSE); -+ return; -+ } -+ -+ /* This is probably NT */ -+ DEBUG(5, ("We are checking against an NT - %s\n", -+ nt_errstr(status))); -+ tevent_req_done(req); -+ return; -+ } else if (!NT_STATUS_IS_OK(status)) { -+ DEBUG(0, ("dcerpc_netr_LogonGetCapabilities_r_recv failed with %s\n", -+ nt_errstr(status))); -+ tevent_req_nterror(req, status); -+ return; -+ } -+ -+ if (NT_STATUS_EQUAL(state->r.out.result, NT_STATUS_NOT_IMPLEMENTED)) { -+ if (state->creds->negotiate_flags & NETLOGON_NEG_SUPPORTS_AES) { -+ /* This means AES isn't supported. */ -+ DEBUG(5, ("AES is not supported and the error was %s\n", -+ nt_errstr(state->r.out.result))); -+ tevent_req_nterror(req, -+ NT_STATUS_INVALID_NETWORK_RESPONSE); -+ return; -+ } -+ -+ /* This is probably an old Samba version */ -+ DEBUG(5, ("We are checking against an old Samba version - %s\n", -+ nt_errstr(state->r.out.result))); -+ tevent_req_done(req); -+ return; -+ } -+ -+ /* We need to check the credential state here, cause win2k3 and earlier -+ * returns NT_STATUS_NOT_IMPLEMENTED */ -+ if (!netlogon_creds_client_check(state->creds, -+ &state->r.out.return_authenticator->cred)) { -+ /* -+ * Server replied with bad credential. Fail. -+ */ -+ DEBUG(0,("rpc_pipe_bind_step_two_done: server %s " -+ "replied with bad credential\n", -+ state->cli->desthost)); -+ tevent_req_nterror(req, NT_STATUS_UNSUCCESSFUL); -+ return; -+ } -+ -+ TALLOC_FREE(state->cli->dc); -+ state->cli->dc = talloc_steal(state->cli, state->creds); -+ -+ if (!NT_STATUS_IS_OK(state->r.out.result)) { -+ DEBUG(0, ("dcerpc_netr_LogonGetCapabilities_r_recv failed with %s\n", -+ nt_errstr(state->r.out.result))); -+ tevent_req_nterror(req, state->r.out.result); -+ return; -+ } -+ -+ if (state->creds->negotiate_flags != -+ state->r.out.capabilities->server_capabilities) { -+ DEBUG(0, ("The client capabilities don't match the server " -+ "capabilities: local[0x%08X] remote[0x%08X]\n", -+ state->creds->negotiate_flags, -+ state->capabilities.server_capabilities)); -+ tevent_req_nterror(req, -+ NT_STATUS_INVALID_NETWORK_RESPONSE); -+ return; -+ } -+ -+ /* TODO: Add downgrade dectection. */ -+ -+ tevent_req_done(req); -+ return; -+} -+ - static NTSTATUS rpc_bind_next_send(struct tevent_req *req, - struct rpc_pipe_bind_state *state, - DATA_BLOB *auth_token) -@@ -3039,10 +3382,12 @@ NTSTATUS cli_rpc_pipe_open_schannel_with - * The credentials on a new netlogon pipe are the ones we are passed - * in - copy them over - */ -- result->dc = netlogon_creds_copy(result, *pdc); - if (result->dc == NULL) { -- TALLOC_FREE(result); -- return NT_STATUS_NO_MEMORY; -+ result->dc = netlogon_creds_copy(result, *pdc); -+ if (result->dc == NULL) { -+ TALLOC_FREE(result); -+ return NT_STATUS_NO_MEMORY; -+ } - } - - DEBUG(10,("cli_rpc_pipe_open_schannel_with_key: opened pipe %s to machine %s " -Index: samba-3.6.23/source3/librpc/rpc/dcerpc.h -=================================================================== ---- samba-3.6.23.orig/source3/librpc/rpc/dcerpc.h -+++ samba-3.6.23/source3/librpc/rpc/dcerpc.h -@@ -39,6 +39,7 @@ struct NL_AUTH_MESSAGE; - struct pipe_auth_data { - enum dcerpc_AuthType auth_type; - enum dcerpc_AuthLevel auth_level; -+ bool verified_bitmask1; - - void *auth_ctx; - -Index: samba-3.6.23/source3/rpc_client/rpc_client.h -=================================================================== ---- samba-3.6.23.orig/source3/rpc_client/rpc_client.h -+++ samba-3.6.23/source3/rpc_client/rpc_client.h -@@ -39,6 +39,7 @@ struct rpc_pipe_client { - - struct ndr_syntax_id abstract_syntax; - struct ndr_syntax_id transfer_syntax; -+ bool verified_pcontext; - - char *desthost; - char *srv_name_slash; -Index: samba-3.6.23/librpc/ndr/ndr_dcerpc.h -=================================================================== ---- /dev/null -+++ samba-3.6.23/librpc/ndr/ndr_dcerpc.h -@@ -0,0 +1,25 @@ -+/* -+ Unix SMB/CIFS implementation. -+ -+ Manually parsed structures found in the DCERPC protocol -+ -+ Copyright (C) Stefan Metzmacher 2014 -+ Copyright (C) Gregor Beck 2014 -+ -+ This program is free software; you can redistribute it and/or modify -+ it under the terms of the GNU General Public License as published by -+ the Free Software Foundation; either version 3 of the License, or -+ (at your option) any later version. -+ -+ This program is distributed in the hope that it will be useful, -+ but WITHOUT ANY WARRANTY; without even the implied warranty of -+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -+ GNU General Public License for more details. -+ -+ You should have received a copy of the GNU General Public License -+ along with this program. If not, see http://www.gnu.org/licenses/. -+*/ -+ -+enum ndr_err_code ndr_pop_dcerpc_sec_verification_trailer( -+ struct ndr_pull *ndr, TALLOC_CTX *mem_ctx, -+ struct dcerpc_sec_verification_trailer **_r); -Index: samba-3.6.23/librpc/ABI/ndr-0.0.3.sigs -=================================================================== ---- /dev/null -+++ samba-3.6.23/librpc/ABI/ndr-0.0.3.sigs -@@ -0,0 +1,251 @@ -+GUID_all_zero: bool (const struct GUID *) -+GUID_compare: int (const struct GUID *, const struct GUID *) -+GUID_equal: bool (const struct GUID *, const struct GUID *) -+GUID_from_data_blob: NTSTATUS (const DATA_BLOB *, struct GUID *) -+GUID_from_ndr_blob: NTSTATUS (const DATA_BLOB *, struct GUID *) -+GUID_from_string: NTSTATUS (const char *, struct GUID *) -+GUID_hexstring: char *(TALLOC_CTX *, const struct GUID *) -+GUID_random: struct GUID (void) -+GUID_string: char *(TALLOC_CTX *, const struct GUID *) -+GUID_string2: char *(TALLOC_CTX *, const struct GUID *) -+GUID_to_ndr_blob: NTSTATUS (const struct GUID *, TALLOC_CTX *, DATA_BLOB *) -+GUID_zero: struct GUID (void) -+ndr_align_size: size_t (uint32_t, size_t) -+ndr_charset_length: uint32_t (const void *, charset_t) -+ndr_check_array_length: enum ndr_err_code (struct ndr_pull *, void *, uint32_t) -+ndr_check_array_size: enum ndr_err_code (struct ndr_pull *, void *, uint32_t) -+ndr_check_padding: void (struct ndr_pull *, size_t) -+ndr_check_pipe_chunk_trailer: enum ndr_err_code (struct ndr_pull *, int, uint32_t) -+ndr_check_string_terminator: enum ndr_err_code (struct ndr_pull *, uint32_t, uint32_t) -+ndr_get_array_length: uint32_t (struct ndr_pull *, const void *) -+ndr_get_array_size: uint32_t (struct ndr_pull *, const void *) -+ndr_map_error2errno: int (enum ndr_err_code) -+ndr_map_error2ntstatus: NTSTATUS (enum ndr_err_code) -+ndr_map_error2string: const char *(enum ndr_err_code) -+ndr_policy_handle_empty: bool (const struct policy_handle *) -+ndr_policy_handle_equal: bool (const struct policy_handle *, const struct policy_handle *) -+ndr_print_DATA_BLOB: void (struct ndr_print *, const char *, DATA_BLOB) -+ndr_print_GUID: void (struct ndr_print *, const char *, const struct GUID *) -+ndr_print_KRB5_EDATA_NTSTATUS: void (struct ndr_print *, const char *, const struct KRB5_EDATA_NTSTATUS *) -+ndr_print_NTSTATUS: void (struct ndr_print *, const char *, NTSTATUS) -+ndr_print_NTTIME: void (struct ndr_print *, const char *, NTTIME) -+ndr_print_NTTIME_1sec: void (struct ndr_print *, const char *, NTTIME) -+ndr_print_NTTIME_hyper: void (struct ndr_print *, const char *, NTTIME) -+ndr_print_WERROR: void (struct ndr_print *, const char *, WERROR) -+ndr_print_array_uint8: void (struct ndr_print *, const char *, const uint8_t *, uint32_t) -+ndr_print_bad_level: void (struct ndr_print *, const char *, uint16_t) -+ndr_print_bitmap_flag: void (struct ndr_print *, size_t, const char *, uint32_t, uint32_t) -+ndr_print_bool: void (struct ndr_print *, const char *, const bool) -+ndr_print_debug: void (ndr_print_fn_t, const char *, void *) -+ndr_print_debug_helper: void (struct ndr_print *, const char *, ...) -+ndr_print_debugc: void (int, ndr_print_fn_t, const char *, void *) -+ndr_print_debugc_helper: void (struct ndr_print *, const char *, ...) -+ndr_print_dlong: void (struct ndr_print *, const char *, int64_t) -+ndr_print_double: void (struct ndr_print *, const char *, double) -+ndr_print_enum: void (struct ndr_print *, const char *, const char *, const char *, uint32_t) -+ndr_print_function_debug: void (ndr_print_function_t, const char *, int, void *) -+ndr_print_function_string: char *(TALLOC_CTX *, ndr_print_function_t, const char *, int, void *) -+ndr_print_get_switch_value: uint32_t (struct ndr_print *, const void *) -+ndr_print_gid_t: void (struct ndr_print *, const char *, gid_t) -+ndr_print_hyper: void (struct ndr_print *, const char *, uint64_t) -+ndr_print_int16: void (struct ndr_print *, const char *, int16_t) -+ndr_print_int32: void (struct ndr_print *, const char *, int32_t) -+ndr_print_int3264: void (struct ndr_print *, const char *, int32_t) -+ndr_print_int8: void (struct ndr_print *, const char *, int8_t) -+ndr_print_ipv4address: void (struct ndr_print *, const char *, const char *) -+ndr_print_ipv6address: void (struct ndr_print *, const char *, const char *) -+ndr_print_ndr_syntax_id: void (struct ndr_print *, const char *, const struct ndr_syntax_id *) -+ndr_print_netr_SamDatabaseID: void (struct ndr_print *, const char *, enum netr_SamDatabaseID) -+ndr_print_netr_SchannelType: void (struct ndr_print *, const char *, enum netr_SchannelType) -+ndr_print_null: void (struct ndr_print *) -+ndr_print_pointer: void (struct ndr_print *, const char *, void *) -+ndr_print_policy_handle: void (struct ndr_print *, const char *, const struct policy_handle *) -+ndr_print_printf_helper: void (struct ndr_print *, const char *, ...) -+ndr_print_ptr: void (struct ndr_print *, const char *, const void *) -+ndr_print_set_switch_value: enum ndr_err_code (struct ndr_print *, const void *, uint32_t) -+ndr_print_sockaddr_storage: void (struct ndr_print *, const char *, const struct sockaddr_storage *) -+ndr_print_string: void (struct ndr_print *, const char *, const char *) -+ndr_print_string_array: void (struct ndr_print *, const char *, const char **) -+ndr_print_string_helper: void (struct ndr_print *, const char *, ...) -+ndr_print_struct: void (struct ndr_print *, const char *, const char *) -+ndr_print_struct_string: char *(TALLOC_CTX *, ndr_print_fn_t, const char *, void *) -+ndr_print_svcctl_ServerType: void (struct ndr_print *, const char *, uint32_t) -+ndr_print_time_t: void (struct ndr_print *, const char *, time_t) -+ndr_print_timespec: void (struct ndr_print *, const char *, const struct timespec *) -+ndr_print_timeval: void (struct ndr_print *, const char *, const struct timeval *) -+ndr_print_udlong: void (struct ndr_print *, const char *, uint64_t) -+ndr_print_udlongr: void (struct ndr_print *, const char *, uint64_t) -+ndr_print_uid_t: void (struct ndr_print *, const char *, uid_t) -+ndr_print_uint16: void (struct ndr_print *, const char *, uint16_t) -+ndr_print_uint32: void (struct ndr_print *, const char *, uint32_t) -+ndr_print_uint3264: void (struct ndr_print *, const char *, uint32_t) -+ndr_print_uint8: void (struct ndr_print *, const char *, uint8_t) -+ndr_print_union: void (struct ndr_print *, const char *, int, const char *) -+ndr_print_union_debug: void (ndr_print_fn_t, const char *, uint32_t, void *) -+ndr_print_union_string: char *(TALLOC_CTX *, ndr_print_fn_t, const char *, uint32_t, void *) -+ndr_print_winreg_Data: void (struct ndr_print *, const char *, const union winreg_Data *) -+ndr_print_winreg_Type: void (struct ndr_print *, const char *, enum winreg_Type) -+ndr_pull_DATA_BLOB: enum ndr_err_code (struct ndr_pull *, int, DATA_BLOB *) -+ndr_pull_GUID: enum ndr_err_code (struct ndr_pull *, int, struct GUID *) -+ndr_pull_KRB5_EDATA_NTSTATUS: enum ndr_err_code (struct ndr_pull *, int, struct KRB5_EDATA_NTSTATUS *) -+ndr_pull_NTSTATUS: enum ndr_err_code (struct ndr_pull *, int, NTSTATUS *) -+ndr_pull_NTTIME: enum ndr_err_code (struct ndr_pull *, int, NTTIME *) -+ndr_pull_NTTIME_1sec: enum ndr_err_code (struct ndr_pull *, int, NTTIME *) -+ndr_pull_NTTIME_hyper: enum ndr_err_code (struct ndr_pull *, int, NTTIME *) -+ndr_pull_WERROR: enum ndr_err_code (struct ndr_pull *, int, WERROR *) -+ndr_pull_advance: enum ndr_err_code (struct ndr_pull *, uint32_t) -+ndr_pull_align: enum ndr_err_code (struct ndr_pull *, size_t) -+ndr_pull_append: enum ndr_err_code (struct ndr_pull *, DATA_BLOB *) -+ndr_pull_array_length: enum ndr_err_code (struct ndr_pull *, const void *) -+ndr_pull_array_size: enum ndr_err_code (struct ndr_pull *, const void *) -+ndr_pull_array_uint8: enum ndr_err_code (struct ndr_pull *, int, uint8_t *, uint32_t) -+ndr_pull_bytes: enum ndr_err_code (struct ndr_pull *, uint8_t *, uint32_t) -+ndr_pull_charset: enum ndr_err_code (struct ndr_pull *, int, const char **, uint32_t, uint8_t, charset_t) -+ndr_pull_charset_to_null: enum ndr_err_code (struct ndr_pull *, int, const char **, uint32_t, uint8_t, charset_t) -+ndr_pull_dlong: enum ndr_err_code (struct ndr_pull *, int, int64_t *) -+ndr_pull_double: enum ndr_err_code (struct ndr_pull *, int, double *) -+ndr_pull_enum_uint16: enum ndr_err_code (struct ndr_pull *, int, uint16_t *) -+ndr_pull_enum_uint1632: enum ndr_err_code (struct ndr_pull *, int, uint16_t *) -+ndr_pull_enum_uint32: enum ndr_err_code (struct ndr_pull *, int, uint32_t *) -+ndr_pull_enum_uint8: enum ndr_err_code (struct ndr_pull *, int, uint8_t *) -+ndr_pull_error: enum ndr_err_code (struct ndr_pull *, enum ndr_err_code, const char *, ...) -+ndr_pull_generic_ptr: enum ndr_err_code (struct ndr_pull *, uint32_t *) -+ndr_pull_get_relative_base_offset: uint32_t (struct ndr_pull *) -+ndr_pull_get_switch_value: uint32_t (struct ndr_pull *, const void *) -+ndr_pull_gid_t: enum ndr_err_code (struct ndr_pull *, int, gid_t *) -+ndr_pull_hyper: enum ndr_err_code (struct ndr_pull *, int, uint64_t *) -+ndr_pull_init_blob: struct ndr_pull *(const DATA_BLOB *, TALLOC_CTX *) -+ndr_pull_int16: enum ndr_err_code (struct ndr_pull *, int, int16_t *) -+ndr_pull_int32: enum ndr_err_code (struct ndr_pull *, int, int32_t *) -+ndr_pull_int8: enum ndr_err_code (struct ndr_pull *, int, int8_t *) -+ndr_pull_ipv4address: enum ndr_err_code (struct ndr_pull *, int, const char **) -+ndr_pull_ipv6address: enum ndr_err_code (struct ndr_pull *, int, const char **) -+ndr_pull_ndr_syntax_id: enum ndr_err_code (struct ndr_pull *, int, struct ndr_syntax_id *) -+ndr_pull_netr_SamDatabaseID: enum ndr_err_code (struct ndr_pull *, int, enum netr_SamDatabaseID *) -+ndr_pull_netr_SchannelType: enum ndr_err_code (struct ndr_pull *, int, enum netr_SchannelType *) -+ndr_pull_pointer: enum ndr_err_code (struct ndr_pull *, int, void **) -+ndr_pull_policy_handle: enum ndr_err_code (struct ndr_pull *, int, struct policy_handle *) -+ndr_pull_pop: enum ndr_err_code (struct ndr_pull *) -+ndr_pull_ref_ptr: enum ndr_err_code (struct ndr_pull *, uint32_t *) -+ndr_pull_relative_ptr1: enum ndr_err_code (struct ndr_pull *, const void *, uint32_t) -+ndr_pull_relative_ptr2: enum ndr_err_code (struct ndr_pull *, const void *) -+ndr_pull_relative_ptr_short: enum ndr_err_code (struct ndr_pull *, uint16_t *) -+ndr_pull_restore_relative_base_offset: void (struct ndr_pull *, uint32_t) -+ndr_pull_set_switch_value: enum ndr_err_code (struct ndr_pull *, const void *, uint32_t) -+ndr_pull_setup_relative_base_offset1: enum ndr_err_code (struct ndr_pull *, const void *, uint32_t) -+ndr_pull_setup_relative_base_offset2: enum ndr_err_code (struct ndr_pull *, const void *) -+ndr_pull_string: enum ndr_err_code (struct ndr_pull *, int, const char **) -+ndr_pull_string_array: enum ndr_err_code (struct ndr_pull *, int, const char ***) -+ndr_pull_struct_blob: enum ndr_err_code (const DATA_BLOB *, TALLOC_CTX *, void *, ndr_pull_flags_fn_t) -+ndr_pull_struct_blob_all: enum ndr_err_code (const DATA_BLOB *, TALLOC_CTX *, void *, ndr_pull_flags_fn_t) -+ndr_pull_subcontext_end: enum ndr_err_code (struct ndr_pull *, struct ndr_pull *, size_t, ssize_t) -+ndr_pull_subcontext_start: enum ndr_err_code (struct ndr_pull *, struct ndr_pull **, size_t, ssize_t) -+ndr_pull_svcctl_ServerType: enum ndr_err_code (struct ndr_pull *, int, uint32_t *) -+ndr_pull_time_t: enum ndr_err_code (struct ndr_pull *, int, time_t *) -+ndr_pull_timespec: enum ndr_err_code (struct ndr_pull *, int, struct timespec *) -+ndr_pull_timeval: enum ndr_err_code (struct ndr_pull *, int, struct timeval *) -+ndr_pull_trailer_align: enum ndr_err_code (struct ndr_pull *, size_t) -+ndr_pull_udlong: enum ndr_err_code (struct ndr_pull *, int, uint64_t *) -+ndr_pull_udlongr: enum ndr_err_code (struct ndr_pull *, int, uint64_t *) -+ndr_pull_uid_t: enum ndr_err_code (struct ndr_pull *, int, uid_t *) -+ndr_pull_uint16: enum ndr_err_code (struct ndr_pull *, int, uint16_t *) -+ndr_pull_uint1632: enum ndr_err_code (struct ndr_pull *, int, uint16_t *) -+ndr_pull_uint32: enum ndr_err_code (struct ndr_pull *, int, uint32_t *) -+ndr_pull_uint3264: enum ndr_err_code (struct ndr_pull *, int, uint32_t *) -+ndr_pull_uint8: enum ndr_err_code (struct ndr_pull *, int, uint8_t *) -+ndr_pull_union_align: enum ndr_err_code (struct ndr_pull *, size_t) -+ndr_pull_union_blob: enum ndr_err_code (const DATA_BLOB *, TALLOC_CTX *, void *, uint32_t, ndr_pull_flags_fn_t) -+ndr_pull_union_blob_all: enum ndr_err_code (const DATA_BLOB *, TALLOC_CTX *, void *, uint32_t, ndr_pull_flags_fn_t) -+ndr_pull_winreg_Data: enum ndr_err_code (struct ndr_pull *, int, union winreg_Data *) -+ndr_pull_winreg_Type: enum ndr_err_code (struct ndr_pull *, int, enum winreg_Type *) -+ndr_push_DATA_BLOB: enum ndr_err_code (struct ndr_push *, int, DATA_BLOB) -+ndr_push_GUID: enum ndr_err_code (struct ndr_push *, int, const struct GUID *) -+ndr_push_KRB5_EDATA_NTSTATUS: enum ndr_err_code (struct ndr_push *, int, const struct KRB5_EDATA_NTSTATUS *) -+ndr_push_NTSTATUS: enum ndr_err_code (struct ndr_push *, int, NTSTATUS) -+ndr_push_NTTIME: enum ndr_err_code (struct ndr_push *, int, NTTIME) -+ndr_push_NTTIME_1sec: enum ndr_err_code (struct ndr_push *, int, NTTIME) -+ndr_push_NTTIME_hyper: enum ndr_err_code (struct ndr_push *, int, NTTIME) -+ndr_push_WERROR: enum ndr_err_code (struct ndr_push *, int, WERROR) -+ndr_push_align: enum ndr_err_code (struct ndr_push *, size_t) -+ndr_push_array_uint8: enum ndr_err_code (struct ndr_push *, int, const uint8_t *, uint32_t) -+ndr_push_blob: DATA_BLOB (struct ndr_push *) -+ndr_push_bytes: enum ndr_err_code (struct ndr_push *, const uint8_t *, uint32_t) -+ndr_push_charset: enum ndr_err_code (struct ndr_push *, int, const char *, uint32_t, uint8_t, charset_t) -+ndr_push_dlong: enum ndr_err_code (struct ndr_push *, int, int64_t) -+ndr_push_double: enum ndr_err_code (struct ndr_push *, int, double) -+ndr_push_enum_uint16: enum ndr_err_code (struct ndr_push *, int, uint16_t) -+ndr_push_enum_uint1632: enum ndr_err_code (struct ndr_push *, int, uint16_t) -+ndr_push_enum_uint32: enum ndr_err_code (struct ndr_push *, int, uint32_t) -+ndr_push_enum_uint8: enum ndr_err_code (struct ndr_push *, int, uint8_t) -+ndr_push_error: enum ndr_err_code (struct ndr_push *, enum ndr_err_code, const char *, ...) -+ndr_push_expand: enum ndr_err_code (struct ndr_push *, uint32_t) -+ndr_push_full_ptr: enum ndr_err_code (struct ndr_push *, const void *) -+ndr_push_get_relative_base_offset: uint32_t (struct ndr_push *) -+ndr_push_get_switch_value: uint32_t (struct ndr_push *, const void *) -+ndr_push_gid_t: enum ndr_err_code (struct ndr_push *, int, gid_t) -+ndr_push_hyper: enum ndr_err_code (struct ndr_push *, int, uint64_t) -+ndr_push_init_ctx: struct ndr_push *(TALLOC_CTX *) -+ndr_push_int16: enum ndr_err_code (struct ndr_push *, int, int16_t) -+ndr_push_int32: enum ndr_err_code (struct ndr_push *, int, int32_t) -+ndr_push_int8: enum ndr_err_code (struct ndr_push *, int, int8_t) -+ndr_push_ipv4address: enum ndr_err_code (struct ndr_push *, int, const char *) -+ndr_push_ipv6address: enum ndr_err_code (struct ndr_push *, int, const char *) -+ndr_push_ndr_syntax_id: enum ndr_err_code (struct ndr_push *, int, const struct ndr_syntax_id *) -+ndr_push_netr_SamDatabaseID: enum ndr_err_code (struct ndr_push *, int, enum netr_SamDatabaseID) -+ndr_push_netr_SchannelType: enum ndr_err_code (struct ndr_push *, int, enum netr_SchannelType) -+ndr_push_pipe_chunk_trailer: enum ndr_err_code (struct ndr_push *, int, uint32_t) -+ndr_push_pointer: enum ndr_err_code (struct ndr_push *, int, void *) -+ndr_push_policy_handle: enum ndr_err_code (struct ndr_push *, int, const struct policy_handle *) -+ndr_push_ref_ptr: enum ndr_err_code (struct ndr_push *) -+ndr_push_relative_ptr1: enum ndr_err_code (struct ndr_push *, const void *) -+ndr_push_relative_ptr2_end: enum ndr_err_code (struct ndr_push *, const void *) -+ndr_push_relative_ptr2_start: enum ndr_err_code (struct ndr_push *, const void *) -+ndr_push_restore_relative_base_offset: void (struct ndr_push *, uint32_t) -+ndr_push_set_switch_value: enum ndr_err_code (struct ndr_push *, const void *, uint32_t) -+ndr_push_setup_relative_base_offset1: enum ndr_err_code (struct ndr_push *, const void *, uint32_t) -+ndr_push_setup_relative_base_offset2: enum ndr_err_code (struct ndr_push *, const void *) -+ndr_push_short_relative_ptr1: enum ndr_err_code (struct ndr_push *, const void *) -+ndr_push_short_relative_ptr2: enum ndr_err_code (struct ndr_push *, const void *) -+ndr_push_string: enum ndr_err_code (struct ndr_push *, int, const char *) -+ndr_push_string_array: enum ndr_err_code (struct ndr_push *, int, const char **) -+ndr_push_struct_blob: enum ndr_err_code (DATA_BLOB *, TALLOC_CTX *, const void *, ndr_push_flags_fn_t) -+ndr_push_subcontext_end: enum ndr_err_code (struct ndr_push *, struct ndr_push *, size_t, ssize_t) -+ndr_push_subcontext_start: enum ndr_err_code (struct ndr_push *, struct ndr_push **, size_t, ssize_t) -+ndr_push_svcctl_ServerType: enum ndr_err_code (struct ndr_push *, int, uint32_t) -+ndr_push_time_t: enum ndr_err_code (struct ndr_push *, int, time_t) -+ndr_push_timespec: enum ndr_err_code (struct ndr_push *, int, const struct timespec *) -+ndr_push_timeval: enum ndr_err_code (struct ndr_push *, int, const struct timeval *) -+ndr_push_trailer_align: enum ndr_err_code (struct ndr_push *, size_t) -+ndr_push_udlong: enum ndr_err_code (struct ndr_push *, int, uint64_t) -+ndr_push_udlongr: enum ndr_err_code (struct ndr_push *, int, uint64_t) -+ndr_push_uid_t: enum ndr_err_code (struct ndr_push *, int, uid_t) -+ndr_push_uint16: enum ndr_err_code (struct ndr_push *, int, uint16_t) -+ndr_push_uint1632: enum ndr_err_code (struct ndr_push *, int, uint16_t) -+ndr_push_uint32: enum ndr_err_code (struct ndr_push *, int, uint32_t) -+ndr_push_uint3264: enum ndr_err_code (struct ndr_push *, int, uint32_t) -+ndr_push_uint8: enum ndr_err_code (struct ndr_push *, int, uint8_t) -+ndr_push_union_align: enum ndr_err_code (struct ndr_push *, size_t) -+ndr_push_union_blob: enum ndr_err_code (DATA_BLOB *, TALLOC_CTX *, void *, uint32_t, ndr_push_flags_fn_t) -+ndr_push_unique_ptr: enum ndr_err_code (struct ndr_push *, const void *) -+ndr_push_winreg_Data: enum ndr_err_code (struct ndr_push *, int, const union winreg_Data *) -+ndr_push_winreg_Type: enum ndr_err_code (struct ndr_push *, int, enum winreg_Type) -+ndr_push_zero: enum ndr_err_code (struct ndr_push *, uint32_t) -+ndr_set_flags: void (uint32_t *, uint32_t) -+ndr_size_DATA_BLOB: uint32_t (int, const DATA_BLOB *, int) -+ndr_size_GUID: size_t (const struct GUID *, int) -+ndr_size_string: uint32_t (int, const char * const *, int) -+ndr_size_string_array: size_t (const char **, uint32_t, int) -+ndr_size_struct: size_t (const void *, int, ndr_push_flags_fn_t) -+ndr_size_union: size_t (const void *, int, uint32_t, ndr_push_flags_fn_t) -+ndr_string_array_size: size_t (struct ndr_push *, const char *) -+ndr_string_length: uint32_t (const void *, uint32_t) -+ndr_syntax_id_equal: bool (const struct ndr_syntax_id *, const struct ndr_syntax_id *) -+ndr_syntax_id_from_string: bool (const char *, struct ndr_syntax_id *) -+ndr_syntax_id_null: uuid = {time_low = 0, time_mid = 0, time_hi_and_version = 0, clock_seq = "\000", node = "\000\000\000\000\000"}, if_version = 0 -+ndr_syntax_id_to_string: char *(TALLOC_CTX *, const struct ndr_syntax_id *) -+ndr_token_peek: uint32_t (struct ndr_token_list **, const void *) -+ndr_token_retrieve: enum ndr_err_code (struct ndr_token_list **, const void *, uint32_t *) -+ndr_token_retrieve_cmp_fn: enum ndr_err_code (struct ndr_token_list **, const void *, uint32_t *, comparison_fn_t, bool) -+ndr_token_store: enum ndr_err_code (TALLOC_CTX *, struct ndr_token_list **, const void *, uint32_t) -+ndr_transfer_syntax_ndr: uuid = {time_low = 2324192516, time_mid = 7403, time_hi_and_version = 4553, clock_seq = "\237\350", node = "\b\000+\020H`"}, if_version = 2 -+ndr_transfer_syntax_ndr64: uuid = {time_low = 1903232307, time_mid = 48826, time_hi_and_version = 18743, clock_seq = "\203\031", node = "\265\333\357\234\314\066"}, if_version = 1 -Index: samba-3.6.23/librpc/ndr/ndr_misc.c -=================================================================== ---- samba-3.6.23.orig/librpc/ndr/ndr_misc.c -+++ samba-3.6.23/librpc/ndr/ndr_misc.c -@@ -35,3 +35,50 @@ bool ndr_syntax_id_equal(const struct nd - return GUID_equal(&i1->uuid, &i2->uuid) - && (i1->if_version == i2->if_version); - } -+ -+_PUBLIC_ char *ndr_syntax_id_to_string(TALLOC_CTX *mem_ctx, const struct ndr_syntax_id *id) -+{ -+ return talloc_asprintf(mem_ctx, -+ "%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x/0x%08x", -+ id->uuid.time_low, id->uuid.time_mid, -+ id->uuid.time_hi_and_version, -+ id->uuid.clock_seq[0], -+ id->uuid.clock_seq[1], -+ id->uuid.node[0], id->uuid.node[1], -+ id->uuid.node[2], id->uuid.node[3], -+ id->uuid.node[4], id->uuid.node[5], -+ (unsigned)id->if_version); -+} -+ -+_PUBLIC_ bool ndr_syntax_id_from_string(const char *s, struct ndr_syntax_id *id) -+{ -+ int ret; -+ size_t i; -+ uint32_t time_low; -+ uint32_t time_mid, time_hi_and_version; -+ uint32_t clock_seq[2]; -+ uint32_t node[6]; -+ uint32_t if_version; -+ -+ ret = sscanf(s, -+ "%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x/0x%08x", -+ &time_low, &time_mid, &time_hi_and_version, -+ &clock_seq[0], &clock_seq[1], -+ &node[0], &node[1], &node[2], &node[3], &node[4], &node[5], -+ &if_version); -+ if (ret != 12) { -+ return false; -+ } -+ -+ id->uuid.time_low = time_low; -+ id->uuid.time_mid = time_mid; -+ id->uuid.time_hi_and_version = time_hi_and_version; -+ id->uuid.clock_seq[0] = clock_seq[0]; -+ id->uuid.clock_seq[1] = clock_seq[1]; -+ for (i=0; i<6; i++) { -+ id->uuid.node[i] = node[i]; -+ } -+ id->if_version = if_version; -+ -+ return true; -+} -Index: samba-3.6.23/librpc/rpc/dcerpc_util.c -=================================================================== ---- samba-3.6.23.orig/librpc/rpc/dcerpc_util.c -+++ samba-3.6.23/librpc/rpc/dcerpc_util.c -@@ -27,6 +27,7 @@ - #include "librpc/rpc/dcerpc.h" - #include "librpc/gen_ndr/ndr_dcerpc.h" - #include "rpc_common.h" -+#include "lib/util/bitmap.h" - - /* we need to be able to get/set the fragment length without doing a full - decode */ -@@ -341,3 +342,194 @@ NTSTATUS dcerpc_read_ncacn_packet_recv(s - tevent_req_received(req); - return NT_STATUS_OK; - } -+ -+struct dcerpc_sec_vt_header2 dcerpc_sec_vt_header2_from_ncacn_packet(const struct ncacn_packet *pkt) -+{ -+ struct dcerpc_sec_vt_header2 ret; -+ -+ ZERO_STRUCT(ret); -+ ret.ptype = pkt->ptype; -+ memcpy(&ret.drep, pkt->drep, sizeof(ret.drep)); -+ ret.call_id = pkt->call_id; -+ -+ switch (pkt->ptype) { -+ case DCERPC_PKT_REQUEST: -+ ret.context_id = pkt->u.request.context_id; -+ ret.opnum = pkt->u.request.opnum; -+ break; -+ -+ case DCERPC_PKT_RESPONSE: -+ ret.context_id = pkt->u.response.context_id; -+ break; -+ -+ case DCERPC_PKT_FAULT: -+ ret.context_id = pkt->u.fault.context_id; -+ break; -+ -+ default: -+ break; -+ } -+ -+ return ret; -+} -+ -+bool dcerpc_sec_vt_header2_equal(const struct dcerpc_sec_vt_header2 *v1, -+ const struct dcerpc_sec_vt_header2 *v2) -+{ -+ if (v1->ptype != v2->ptype) { -+ return false; -+ } -+ -+ if (memcmp(v1->drep, v2->drep, sizeof(v1->drep)) != 0) { -+ return false; -+ } -+ -+ if (v1->call_id != v2->call_id) { -+ return false; -+ } -+ -+ if (v1->context_id != v2->context_id) { -+ return false; -+ } -+ -+ if (v1->opnum != v2->opnum) { -+ return false; -+ } -+ -+ return true; -+} -+ -+static bool dcerpc_sec_vt_is_valid(const struct dcerpc_sec_verification_trailer *r) -+{ -+ bool ret = false; -+ TALLOC_CTX *frame = talloc_stackframe(); -+ struct bitmap *commands_seen; -+ int i; -+ -+ if (r->count.count == 0) { -+ ret = true; -+ goto done; -+ } -+ -+ if (memcmp(r->magic, DCERPC_SEC_VT_MAGIC, sizeof(r->magic)) != 0) { -+ goto done; -+ } -+ -+ commands_seen = bitmap_talloc(frame, DCERPC_SEC_VT_COMMAND_ENUM + 1); -+ if (commands_seen == NULL) { -+ goto done; -+ } -+ -+ for (i=0; i < r->count.count; i++) { -+ enum dcerpc_sec_vt_command_enum cmd = -+ r->commands[i].command & DCERPC_SEC_VT_COMMAND_ENUM; -+ -+ if (bitmap_query(commands_seen, cmd)) { -+ /* Each command must appear at most once. */ -+ goto done; -+ } -+ bitmap_set(commands_seen, cmd); -+ -+ switch (cmd) { -+ case DCERPC_SEC_VT_COMMAND_BITMASK1: -+ case DCERPC_SEC_VT_COMMAND_PCONTEXT: -+ case DCERPC_SEC_VT_COMMAND_HEADER2: -+ break; -+ default: -+ if ((r->commands[i].u._unknown.length % 4) != 0) { -+ goto done; -+ } -+ break; -+ } -+ } -+ ret = true; -+done: -+ TALLOC_FREE(frame); -+ return ret; -+} -+ -+#define CHECK(msg, ok) \ -+do { \ -+ if (!ok) { \ -+ DEBUG(10, ("SEC_VT check %s failed\n", msg)); \ -+ return false; \ -+ } \ -+} while(0) -+ -+#define CHECK_SYNTAX(msg, s1, s2) \ -+do { \ -+ if (!ndr_syntax_id_equal(&s1, &s2)) { \ -+ TALLOC_CTX *frame = talloc_stackframe(); \ -+ DEBUG(10, ("SEC_VT check %s failed: %s vs. %s\n", msg, \ -+ ndr_syntax_id_to_string(frame, &s1), \ -+ ndr_syntax_id_to_string(frame, &s1))); \ -+ TALLOC_FREE(frame); \ -+ return false; \ -+ } \ -+} while(0) -+ -+ -+bool dcerpc_sec_verification_trailer_check( -+ const struct dcerpc_sec_verification_trailer *vt, -+ const uint32_t *bitmask1, -+ const struct dcerpc_sec_vt_pcontext *pcontext, -+ const struct dcerpc_sec_vt_header2 *header2) -+{ -+ size_t i; -+ -+ if (!dcerpc_sec_vt_is_valid(vt)) { -+ return false; -+ } -+ -+ for (i=0; i < vt->count.count; i++) { -+ struct dcerpc_sec_vt *c = &vt->commands[i]; -+ -+ switch (c->command & DCERPC_SEC_VT_COMMAND_ENUM) { -+ case DCERPC_SEC_VT_COMMAND_BITMASK1: -+ if (bitmask1 == NULL) { -+ CHECK("Bitmask1 must_process_command", -+ !(c->command & DCERPC_SEC_VT_MUST_PROCESS)); -+ break; -+ } -+ -+ if (c->u.bitmask1 & DCERPC_SEC_VT_CLIENT_SUPPORTS_HEADER_SIGNING) { -+ CHECK("Bitmask1 client_header_signing", -+ *bitmask1 & DCERPC_SEC_VT_CLIENT_SUPPORTS_HEADER_SIGNING); -+ } -+ break; -+ -+ case DCERPC_SEC_VT_COMMAND_PCONTEXT: -+ if (pcontext == NULL) { -+ CHECK("Pcontext must_process_command", -+ !(c->command & DCERPC_SEC_VT_MUST_PROCESS)); -+ break; -+ } -+ -+ CHECK_SYNTAX("Pcontect abstract_syntax", -+ pcontext->abstract_syntax, -+ c->u.pcontext.abstract_syntax); -+ CHECK_SYNTAX("Pcontext transfer_syntax", -+ pcontext->transfer_syntax, -+ c->u.pcontext.transfer_syntax); -+ break; -+ -+ case DCERPC_SEC_VT_COMMAND_HEADER2: { -+ if (header2 == NULL) { -+ CHECK("Header2 must_process_command", -+ !(c->command & DCERPC_SEC_VT_MUST_PROCESS)); -+ break; -+ } -+ -+ CHECK("Header2", dcerpc_sec_vt_header2_equal(header2, &c->u.header2)); -+ break; -+ } -+ -+ default: -+ CHECK("Unknown must_process_command", -+ !(c->command & DCERPC_SEC_VT_MUST_PROCESS)); -+ break; -+ } -+ } -+ -+ return true; -+} -Index: samba-3.6.23/librpc/rpc/rpc_common.h -=================================================================== ---- samba-3.6.23.orig/librpc/rpc/rpc_common.h -+++ samba-3.6.23/librpc/rpc/rpc_common.h -@@ -296,4 +296,45 @@ NTSTATUS dcerpc_binding_handle_call(stru - TALLOC_CTX *r_mem, - void *r_ptr); - -+/** -+ * Extract header information from a ncacn_packet -+ * as a dcerpc_sec_vt_header2 as used by the security verification trailer. -+ * -+ * @param[in] pkt a packet -+ * -+ * @return a dcerpc_sec_vt_header2 -+ */ -+struct dcerpc_sec_vt_header2 dcerpc_sec_vt_header2_from_ncacn_packet(const struct ncacn_packet *pkt); -+ -+ -+/** -+ * Test if two dcerpc_sec_vt_header2 structures are equal -+ * without consideration of reserved fields. -+ * -+ * @param v1 a pointer to a dcerpc_sec_vt_header2 structure -+ * @param v2 a pointer to a dcerpc_sec_vt_header2 structure -+ * -+ * @retval true if *v1 equals *v2 -+ */ -+bool dcerpc_sec_vt_header2_equal(const struct dcerpc_sec_vt_header2 *v1, -+ const struct dcerpc_sec_vt_header2 *v2); -+ -+/** -+ * Check for consistency of the security verification trailer with the PDU header. -+ * See <a href="http://msdn.microsoft.com/en-us/library/cc243559.aspx">MS-RPCE 2.2.2.13</a>. -+ * A check with an empty trailer succeeds. -+ * -+ * @param[in] vt a pointer to the security verification trailer. -+ * @param[in] bitmask1 which flags were negotiated on the connection. -+ * @param[in] pcontext the syntaxes negotiatied for the presentation context. -+ * @param[in] header2 some fields from the PDU header. -+ * -+ * @retval true on success. -+ */ -+bool dcerpc_sec_verification_trailer_check( -+ const struct dcerpc_sec_verification_trailer *vt, -+ const uint32_t *bitmask1, -+ const struct dcerpc_sec_vt_pcontext *pcontext, -+ const struct dcerpc_sec_vt_header2 *header2); -+ - #endif /* __DEFAULT_LIBRPC_RPCCOMMON_H__ */ -Index: samba-3.6.23/source4/torture/ndr/ndr.c -=================================================================== ---- samba-3.6.23.orig/source4/torture/ndr/ndr.c -+++ samba-3.6.23/source4/torture/ndr/ndr.c -@@ -29,40 +29,65 @@ struct ndr_pull_test_data { - DATA_BLOB data_context; - size_t struct_size; - ndr_pull_flags_fn_t pull_fn; -+ ndr_push_flags_fn_t push_fn; - int ndr_flags; -+ int flags; - }; - --static bool wrap_ndr_pull_test(struct torture_context *tctx, -- struct torture_tcase *tcase, -- struct torture_test *test) -+static bool wrap_ndr_pullpush_test(struct torture_context *tctx, -+ struct torture_tcase *tcase, -+ struct torture_test *test) - { - bool (*check_fn) (struct torture_context *ctx, void *data) = test->fn; - const struct ndr_pull_test_data *data = (const struct ndr_pull_test_data *)test->data; -- void *ds = talloc_zero_size(tctx, data->struct_size); - struct ndr_pull *ndr = ndr_pull_init_blob(&(data->data), tctx); -+ void *ds = talloc_zero_size(ndr, data->struct_size); -+ bool ret; -+ uint32_t highest_ofs; -+ -+ ndr->flags |= data->flags; - - ndr->flags |= LIBNDR_FLAG_REF_ALLOC; - - torture_assert_ndr_success(tctx, data->pull_fn(ndr, data->ndr_flags, ds), - "pulling"); - -- torture_assert(tctx, ndr->offset == ndr->data_size, -+ if (ndr->offset > ndr->relative_highest_offset) { -+ highest_ofs = ndr->offset; -+ } else { -+ highest_ofs = ndr->relative_highest_offset; -+ } -+ -+ torture_assert(tctx, highest_ofs == ndr->data_size, - talloc_asprintf(tctx, -- "%d unread bytes", ndr->data_size - ndr->offset)); -+ "%d unread bytes", ndr->data_size - highest_ofs)); - -- if (check_fn != NULL) -- return check_fn(tctx, ds); -- else -- return true; -+ if (check_fn != NULL) { -+ ret = check_fn(tctx, ds); -+ } else { -+ ret = true; -+ } -+ -+ if (data->push_fn != NULL) { -+ DATA_BLOB outblob; -+ torture_assert_ndr_success(tctx, ndr_push_struct_blob(&outblob, ndr, ds, data->push_fn), "pushing"); -+ torture_assert_data_blob_equal(tctx, outblob, data->data, "ndr push compare"); -+ } -+ -+ talloc_free(ndr); -+ return ret; - } - --_PUBLIC_ struct torture_test *_torture_suite_add_ndr_pull_test( -- struct torture_suite *suite, -- const char *name, ndr_pull_flags_fn_t pull_fn, -- DATA_BLOB db, -- size_t struct_size, -- int ndr_flags, -- bool (*check_fn) (struct torture_context *ctx, void *data)) -+_PUBLIC_ struct torture_test *_torture_suite_add_ndr_pullpush_test( -+ struct torture_suite *suite, -+ const char *name, -+ ndr_pull_flags_fn_t pull_fn, -+ ndr_push_flags_fn_t push_fn, -+ DATA_BLOB db, -+ size_t struct_size, -+ int ndr_flags, -+ int flags, -+ bool (*check_fn) (struct torture_context *ctx, void *data)) - { - struct torture_test *test; - struct torture_tcase *tcase; -@@ -74,12 +99,16 @@ _PUBLIC_ struct torture_test *_torture_s - - test->name = talloc_strdup(test, name); - test->description = NULL; -- test->run = wrap_ndr_pull_test; -+ test->run = wrap_ndr_pullpush_test; -+ - data = talloc(test, struct ndr_pull_test_data); - data->data = db; - data->ndr_flags = ndr_flags; -+ data->flags = flags; - data->struct_size = struct_size; - data->pull_fn = pull_fn; -+ data->push_fn = push_fn; -+ - test->data = data; - test->fn = check_fn; - test->dangerous = false; -@@ -89,6 +118,7 @@ _PUBLIC_ struct torture_test *_torture_s - return test; - } - -+ - static bool wrap_ndr_inout_pull_test(struct torture_context *tctx, - struct torture_tcase *tcase, - struct torture_test *test) -@@ -97,6 +127,7 @@ static bool wrap_ndr_inout_pull_test(str - const struct ndr_pull_test_data *data = (const struct ndr_pull_test_data *)test->data; - void *ds = talloc_zero_size(tctx, data->struct_size); - struct ndr_pull *ndr; -+ uint32_t highest_ofs; - - /* handle NDR_IN context */ - -@@ -109,8 +140,14 @@ static bool wrap_ndr_inout_pull_test(str - data->pull_fn(ndr, NDR_IN, ds), - "ndr pull of context failed"); - -- torture_assert(tctx, ndr->offset == ndr->data_size, -- talloc_asprintf(tctx, "%d unread bytes", ndr->data_size - ndr->offset)); -+ if (ndr->offset > ndr->relative_highest_offset) { -+ highest_ofs = ndr->offset; -+ } else { -+ highest_ofs = ndr->relative_highest_offset; -+ } -+ -+ torture_assert(tctx, highest_ofs == ndr->data_size, -+ talloc_asprintf(tctx, "%d unread bytes", ndr->data_size - highest_ofs)); - - talloc_free(ndr); - -@@ -125,8 +162,14 @@ static bool wrap_ndr_inout_pull_test(str - data->pull_fn(ndr, NDR_OUT, ds), - "ndr pull failed"); - -- torture_assert(tctx, ndr->offset == ndr->data_size, -- talloc_asprintf(tctx, "%d unread bytes", ndr->data_size - ndr->offset)); -+ if (ndr->offset > ndr->relative_highest_offset) { -+ highest_ofs = ndr->offset; -+ } else { -+ highest_ofs = ndr->relative_highest_offset; -+ } -+ -+ torture_assert(tctx, highest_ofs == ndr->data_size, -+ talloc_asprintf(tctx, "%d unread bytes", ndr->data_size - highest_ofs)); - - talloc_free(ndr); - -Index: samba-3.6.23/source4/torture/ndr/ndr.h -=================================================================== ---- samba-3.6.23.orig/source4/torture/ndr/ndr.h -+++ samba-3.6.23/source4/torture/ndr/ndr.h -@@ -24,12 +24,15 @@ - #include "librpc/ndr/libndr.h" - #include "libcli/security/security.h" - --_PUBLIC_ struct torture_test *_torture_suite_add_ndr_pull_test( -+_PUBLIC_ struct torture_test *_torture_suite_add_ndr_pullpush_test( - struct torture_suite *suite, -- const char *name, ndr_pull_flags_fn_t fn, -+ const char *name, -+ ndr_pull_flags_fn_t pull_fn, -+ ndr_push_flags_fn_t push_fn, - DATA_BLOB db, - size_t struct_size, - int ndr_flags, -+ int flags, - bool (*check_fn) (struct torture_context *, void *data)); - - _PUBLIC_ struct torture_test *_torture_suite_add_ndr_pull_inout_test( -@@ -41,20 +44,32 @@ _PUBLIC_ struct torture_test *_torture_s - bool (*check_fn) (struct torture_context *ctx, void *data)); - - #define torture_suite_add_ndr_pull_test(suite,name,data,check_fn) \ -- _torture_suite_add_ndr_pull_test(suite, #name, \ -- (ndr_pull_flags_fn_t)ndr_pull_ ## name, data_blob_talloc(suite, data, sizeof(data)), \ -- sizeof(struct name), NDR_SCALARS|NDR_BUFFERS, (bool (*) (struct torture_context *, void *)) check_fn); -+ _torture_suite_add_ndr_pullpush_test(suite, #name, \ -+ (ndr_pull_flags_fn_t)ndr_pull_ ## name, NULL, data_blob_const(data, sizeof(data)), \ -+ sizeof(struct name), NDR_SCALARS|NDR_BUFFERS, 0, (bool (*) (struct torture_context *, void *)) check_fn); - - #define torture_suite_add_ndr_pull_fn_test(suite,name,data,flags,check_fn) \ -- _torture_suite_add_ndr_pull_test(suite, #name "_" #flags, \ -- (ndr_pull_flags_fn_t)ndr_pull_ ## name, data_blob_talloc(suite, data, sizeof(data)), \ -- sizeof(struct name), flags, (bool (*) (struct torture_context *, void *)) check_fn); -+ _torture_suite_add_ndr_pullpush_test(suite, #name "_" #flags, \ -+ (ndr_pull_flags_fn_t)ndr_pull_ ## name, NULL, data_blob_const(data, sizeof(data)), \ -+ sizeof(struct name), flags, 0, (bool (*) (struct torture_context *, void *)) check_fn); -+ -+#define torture_suite_add_ndr_pull_fn_test_flags(suite,name,data,flags,flags2,check_fn) \ -+ _torture_suite_add_ndr_pullpush_test(suite, #name "_" #flags "_" #flags2, \ -+ (ndr_pull_flags_fn_t)ndr_pull_ ## name, NULL, data_blob_const(data, sizeof(data)), \ -+ sizeof(struct name), flags, flags2, (bool (*) (struct torture_context *, void *)) check_fn); -+ -+#define torture_suite_add_ndr_pullpush_test(suite,name,data_blob,check_fn) \ -+ _torture_suite_add_ndr_pullpush_test(suite, #name, \ -+ (ndr_pull_flags_fn_t)ndr_pull_ ## name, \ -+ (ndr_push_flags_fn_t)ndr_push_ ## name, \ -+ data_blob, \ -+ sizeof(struct name), NDR_SCALARS|NDR_BUFFERS, 0, (bool (*) (struct torture_context *, void *)) check_fn); - - #define torture_suite_add_ndr_pull_io_test(suite,name,data_in,data_out,check_fn_out) \ - _torture_suite_add_ndr_pull_inout_test(suite, #name "_INOUT", \ - (ndr_pull_flags_fn_t)ndr_pull_ ## name, \ -- data_blob_talloc(suite, data_in, sizeof(data_in)), \ -- data_blob_talloc(suite, data_out, sizeof(data_out)), \ -+ data_blob_const(data_in, sizeof(data_in)), \ -+ data_blob_const(data_out, sizeof(data_out)), \ - sizeof(struct name), \ - (bool (*) (struct torture_context *, void *)) check_fn_out); - -Index: samba-3.6.23/source4/torture/ndr/dfsblob.c -=================================================================== ---- samba-3.6.23.orig/source4/torture/ndr/dfsblob.c -+++ samba-3.6.23/source4/torture/ndr/dfsblob.c -@@ -74,11 +74,11 @@ struct torture_suite *ndr_dfsblob_suite( - { - struct torture_suite *suite = torture_suite_create(ctx, "dfsblob"); - -- torture_suite_add_ndr_pull_fn_test(suite, dfs_GetDFSReferral_in, dfs_get_ref_in, NDR_IN, NULL); -+ torture_suite_add_ndr_pull_test(suite, dfs_GetDFSReferral_in, dfs_get_ref_in, NULL); - -- torture_suite_add_ndr_pull_fn_test(suite, dfs_referral_resp, dfs_get_ref_out2, NDR_BUFFERS|NDR_SCALARS, NULL); -+ torture_suite_add_ndr_pull_test(suite, dfs_referral_resp, dfs_get_ref_out2, NULL); - -- torture_suite_add_ndr_pull_fn_test(suite, dfs_referral_resp, dfs_get_ref_out, NDR_BUFFERS|NDR_SCALARS,dfs_referral_out_check); -+ torture_suite_add_ndr_pull_test(suite, dfs_referral_resp, dfs_get_ref_out,dfs_referral_out_check); - - return suite; - } -Index: samba-3.6.23/source4/torture/ndr/nbt.c -=================================================================== ---- samba-3.6.23.orig/source4/torture/ndr/nbt.c -+++ samba-3.6.23/source4/torture/ndr/nbt.c -@@ -62,9 +62,9 @@ struct torture_suite *ndr_nbt_suite(TALL - { - struct torture_suite *suite = torture_suite_create(ctx, "nbt"); - -- torture_suite_add_ndr_pull_fn_test(suite, nbt_netlogon_packet, netlogon_logon_request_req_data, NDR_IN, netlogon_logon_request_req_check); -+ torture_suite_add_ndr_pull_test(suite, nbt_netlogon_packet, netlogon_logon_request_req_data, netlogon_logon_request_req_check); - -- torture_suite_add_ndr_pull_fn_test(suite, nbt_netlogon_response2, netlogon_logon_request_resp_data, NDR_IN, netlogon_logon_request_resp_check); -+ torture_suite_add_ndr_pull_test(suite, nbt_netlogon_response2, netlogon_logon_request_resp_data, netlogon_logon_request_resp_check); - - return suite; - } -Index: samba-3.6.23/source4/torture/ndr/ntlmssp.c -=================================================================== ---- samba-3.6.23.orig/source4/torture/ndr/ntlmssp.c -+++ samba-3.6.23/source4/torture/ndr/ntlmssp.c -@@ -111,9 +111,10 @@ struct torture_suite *ndr_ntlmssp_suite( - { - struct torture_suite *suite = torture_suite_create(ctx, "ntlmssp"); - -- torture_suite_add_ndr_pull_fn_test(suite, NEGOTIATE_MESSAGE, ntlmssp_NEGOTIATE_MESSAGE_data, NDR_IN, ntlmssp_NEGOTIATE_MESSAGE_check); -- /* torture_suite_add_ndr_pull_fn_test(suite, CHALLENGE_MESSAGE, ntlmssp_CHALLENGE_MESSAGE_data, NDR_IN, ntlmssp_CHALLENGE_MESSAGE_check); -- torture_suite_add_ndr_pull_fn_test(suite, AUTHENTICATE_MESSAGE, ntlmssp_AUTHENTICATE_MESSAGE_data, NDR_IN, ntlmssp_AUTHENTICATE_MESSAGE_check); */ -- -+ torture_suite_add_ndr_pull_test(suite, NEGOTIATE_MESSAGE, ntlmssp_NEGOTIATE_MESSAGE_data, ntlmssp_NEGOTIATE_MESSAGE_check); -+#if 0 -+ torture_suite_add_ndr_pull_test(suite, CHALLENGE_MESSAGE, ntlmssp_CHALLENGE_MESSAGE_data, ntlmssp_CHALLENGE_MESSAGE_check); -+ torture_suite_add_ndr_pull_test(suite, AUTHENTICATE_MESSAGE, ntlmssp_AUTHENTICATE_MESSAGE_data, ntlmssp_AUTHENTICATE_MESSAGE_check); -+#endif - return suite; - } -Index: samba-3.6.23/source4/torture/ndr/drsblobs.c -=================================================================== ---- samba-3.6.23.orig/source4/torture/ndr/drsblobs.c -+++ samba-3.6.23/source4/torture/ndr/drsblobs.c -@@ -115,6 +115,34 @@ static const uint8_t trust_domain_passwo - 0x38, 0x00, 0x00, 0x00, 0x38, 0x00, 0x00, 0x00 - }; - -+/* these are taken from the trust objects of a w2k8r2 forest, with a -+ * trust relationship between the forest parent and a child domain -+ */ -+static const char *trustAuthIncoming = -+"AQAAAAwAAAAcAQAASuQ+RXJdzAECAAAAAAEAAMOWL6UVfVKiJOUsGcT03H" -+"jHxr2ACsMMOV5ynM617Tp7idNC+c4egdqk4S9YEpvR2YvHmdZdymL6F7QKm8OkXazYZF2r/gZ/bI+" -+"jkWbsn4O8qyAc3OUKQRZwBbf+lxBW+vM4O3ZpUjz5BSKCcFQgM+MY91yVU8Nji3HNnvGnDquobFAZ" -+"hxjL+S1l5+QZgkfyfv5mQScGRbU1Lar1xg9G3JznUb7S6pvrBO2nwK8g+KZBfJy5UeULigDH4IWo/" -+"JmtaEGkKE2uiKIjdsEQd/uwnkouW26XzRc0ulfJnPFftGnT9KIcShPf7DLj/tstmQAAceRMFHJTY3" -+"PmxoowoK8HUyBK5D5Fcl3MAQIAAAAAAQAAw5YvpRV9UqIk5SwZxPTceMfGvYAKwww5XnKczrXtOnu" -+"J00L5zh6B2qThL1gSm9HZi8eZ1l3KYvoXtAqbw6RdrNhkXav+Bn9sj6ORZuyfg7yrIBzc5QpBFnAF" -+"t/6XEFb68zg7dmlSPPkFIoJwVCAz4xj3XJVTw2OLcc2e8acOq6hsUBmHGMv5LWXn5BmCR/J+/mZBJ" -+"wZFtTUtqvXGD0bcnOdRvtLqm+sE7afAryD4pkF8nLlR5QuKAMfghaj8ma1oQaQoTa6IoiN2wRB3+7" -+"CeSi5bbpfNFzS6V8mc8V+0adP0ohxKE9/sMuP+2y2ZAABx5EwUclNjc+bGijCgrwdTIA=="; -+ -+static const char *trustAuthOutgoing = -+"AQAAAAwAAAAcAQAASuQ+RXJdzAECAAAAAAEAAMOWL6UVfVKiJOUsGcT03H" -+"jHxr2ACsMMOV5ynM617Tp7idNC+c4egdqk4S9YEpvR2YvHmdZdymL6F7QKm8OkXazYZF2r/gZ/bI+" -+"jkWbsn4O8qyAc3OUKQRZwBbf+lxBW+vM4O3ZpUjz5BSKCcFQgM+MY91yVU8Nji3HNnvGnDquobFAZ" -+"hxjL+S1l5+QZgkfyfv5mQScGRbU1Lar1xg9G3JznUb7S6pvrBO2nwK8g+KZBfJy5UeULigDH4IWo/" -+"JmtaEGkKE2uiKIjdsEQd/uwnkouW26XzRc0ulfJnPFftGnT9KIcShPf7DLj/tstmQAAceRMFHJTY3" -+"PmxoowoK8HUyBK5D5Fcl3MAQIAAAAAAQAAw5YvpRV9UqIk5SwZxPTceMfGvYAKwww5XnKczrXtOnu" -+"J00L5zh6B2qThL1gSm9HZi8eZ1l3KYvoXtAqbw6RdrNhkXav+Bn9sj6ORZuyfg7yrIBzc5QpBFnAF" -+"t/6XEFb68zg7dmlSPPkFIoJwVCAz4xj3XJVTw2OLcc2e8acOq6hsUBmHGMv5LWXn5BmCR/J+/mZBJ" -+"wZFtTUtqvXGD0bcnOdRvtLqm+sE7afAryD4pkF8nLlR5QuKAMfghaj8ma1oQaQoTa6IoiN2wRB3+7" -+"CeSi5bbpfNFzS6V8mc8V+0adP0ohxKE9/sMuP+2y2ZAABx5EwUclNjc+bGijCgrwdTIA=="; -+ -+ - static bool trust_domain_passwords_check_in(struct torture_context *tctx, - struct trustDomainPasswords *r) - { -@@ -154,8 +182,20 @@ struct torture_suite *ndr_drsblobs_suite - { - struct torture_suite *suite = torture_suite_create(ctx, "drsblobs"); - -- torture_suite_add_ndr_pull_fn_test(suite, ForestTrustInfo, forest_trust_info_data_out, NDR_IN, forest_trust_info_check_out); -- torture_suite_add_ndr_pull_fn_test(suite, trustDomainPasswords, trust_domain_passwords_in, NDR_IN, trust_domain_passwords_check_in); -+ torture_suite_add_ndr_pull_test(suite, ForestTrustInfo, forest_trust_info_data_out, forest_trust_info_check_out); -+ torture_suite_add_ndr_pull_test(suite, trustDomainPasswords, trust_domain_passwords_in, trust_domain_passwords_check_in); -+ -+#if 0 -+ torture_suite_add_ndr_pullpush_test(suite, -+ trustAuthInOutBlob, -+ base64_decode_data_blob_talloc(suite, trustAuthIncoming), -+ NULL); -+ -+ torture_suite_add_ndr_pullpush_test(suite, -+ trustAuthInOutBlob, -+ base64_decode_data_blob_talloc(suite, trustAuthOutgoing), -+ NULL); -+#endif - - return suite; - } -Index: samba-3.6.23/source3/rpcclient/rpcclient.c -=================================================================== ---- samba-3.6.23.orig/source3/rpcclient/rpcclient.c -+++ samba-3.6.23/source3/rpcclient/rpcclient.c -@@ -1021,6 +1021,10 @@ out_free: - binding->transport = NCACN_NP; - } - -+ if (binding->flags & DCERPC_CONNECT) { -+ pipe_default_auth_level = DCERPC_AUTH_LEVEL_CONNECT; -+ pipe_default_auth_type = DCERPC_AUTH_TYPE_NTLMSSP; -+ } - if (binding->flags & DCERPC_SIGN) { - pipe_default_auth_level = DCERPC_AUTH_LEVEL_INTEGRITY; - pipe_default_auth_type = DCERPC_AUTH_TYPE_NTLMSSP; -@@ -1034,12 +1038,6 @@ out_free: - pipe_default_auth_spnego_type = PIPE_AUTH_TYPE_SPNEGO_NTLMSSP; - } - if (binding->flags & DCERPC_AUTH_NTLM) { -- /* If neither Integrity or Privacy are requested then -- * Use just Connect level */ -- if (pipe_default_auth_level == DCERPC_AUTH_LEVEL_NONE) { -- pipe_default_auth_level = DCERPC_AUTH_LEVEL_CONNECT; -- } -- - if (pipe_default_auth_type == DCERPC_AUTH_TYPE_SPNEGO) { - pipe_default_auth_spnego_type = PIPE_AUTH_TYPE_SPNEGO_NTLMSSP; - } else { -@@ -1047,18 +1045,19 @@ out_free: - } - } - if (binding->flags & DCERPC_AUTH_KRB5) { -- /* If neither Integrity or Privacy are requested then -- * Use just Connect level */ -- if (pipe_default_auth_level == DCERPC_AUTH_LEVEL_NONE) { -- pipe_default_auth_level = DCERPC_AUTH_LEVEL_CONNECT; -- } -- - if (pipe_default_auth_type == DCERPC_AUTH_TYPE_SPNEGO) { - pipe_default_auth_spnego_type = PIPE_AUTH_TYPE_SPNEGO_KRB5; - } else { - pipe_default_auth_type = DCERPC_AUTH_TYPE_KRB5; - } - } -+ if (pipe_default_auth_type != DCERPC_AUTH_TYPE_NONE) { -+ /* If neither Integrity or Privacy are requested then -+ * Use just Connect level */ -+ if (pipe_default_auth_level == DCERPC_AUTH_LEVEL_NONE) { -+ pipe_default_auth_level = DCERPC_AUTH_LEVEL_CONNECT; -+ } -+ } - - if (get_cmdline_auth_info_use_kerberos(rpcclient_auth_info)) { - flags |= CLI_FULL_CONNECTION_USE_KERBEROS | -Index: samba-3.6.23/source3/script/tests/test_rpcclient.sh -=================================================================== ---- /dev/null -+++ samba-3.6.23/source3/script/tests/test_rpcclient.sh -@@ -0,0 +1,19 @@ -+#!/bin/sh -+ -+if [ $# -lt 1 ]; then -+cat <<EOF -+Usage: test_rpcclient.sh ccache binding <rpcclient commands> -+EOF -+exit 1; -+fi -+ -+KRB5CCNAME=$1 -+shift 1 -+export KRB5CCNAME -+ADDARGS="$*" -+ -+incdir=`dirname $0`/../../../testprogs/blackbox -+. $incdir/subunit.sh -+testit "rpcclient" $VALGRIND $BINDIR/rpcclient -c 'getusername' $ADDARGS || failed=`expr $failed + 1` -+ -+testok $0 $failed -Index: samba-3.6.23/source3/selftest/tests.py -=================================================================== ---- samba-3.6.23.orig/source3/selftest/tests.py -+++ samba-3.6.23/source3/selftest/tests.py -@@ -208,7 +208,7 @@ if sub.returncode == 0: - plansmbtorturetestsuite(t, "s3dc", '//$SERVER_IP/tmpcase -U$USERNAME%$PASSWORD') - - test = 'rpc.lsa.lookupsids' -- auth_options = ["", "ntlm", "spnego" ] -+ auth_options = ["", "ntlm", "spnego", "spnego,ntlm" ] - signseal_options = ["", ",connect", ",sign", ",seal"] - smb_options = ["", ",smb2"] - endianness_options = ["", ",bigendian"] -@@ -219,6 +219,9 @@ if sub.returncode == 0: - binding_string = "ncacn_np:$SERVER_IP[%s%s%s%s]" % (a, s, z, e) - options = binding_string + " -U$USERNAME%$PASSWORD" - plansmbtorturetestsuite(test, "s3dc", options, 'over ncacn_np with [%s%s%s%s] ' % (a, s, z, e)) -+ plantestsuite("samba3.blackbox.rpcclient over ncacn_np with [%s%s%s%s] " % (a, s, z, e), "s3dc:local", [os.path.join(samba3srcdir, "script/tests/test_rpcclient.sh"), -+ "none", options, configuration]) -+ - for e in endianness_options: - for a in auth_options: - for s in signseal_options: -Index: samba-3.6.23/source4/torture/rpc/rpc.c -=================================================================== ---- samba-3.6.23.orig/source4/torture/rpc/rpc.c -+++ samba-3.6.23/source4/torture/rpc/rpc.c -@@ -501,6 +501,7 @@ NTSTATUS torture_rpc_init(void) - torture_suite_add_suite(suite, torture_rpc_samr_passwords_pwdlastset(suite)); - torture_suite_add_suite(suite, torture_rpc_samr_passwords_badpwdcount(suite)); - torture_suite_add_suite(suite, torture_rpc_samr_passwords_lockout(suite)); -+ torture_suite_add_suite(suite, torture_rpc_samr_passwords_validate(suite)); - torture_suite_add_suite(suite, torture_rpc_samr_user_privileges(suite)); - torture_suite_add_suite(suite, torture_rpc_samr_large_dc(suite)); - torture_suite_add_suite(suite, torture_rpc_epmapper(suite)); -Index: samba-3.6.23/source4/torture/rpc/samr.c -=================================================================== ---- samba-3.6.23.orig/source4/torture/rpc/samr.c -+++ samba-3.6.23/source4/torture/rpc/samr.c -@@ -7938,8 +7938,8 @@ static bool test_Connect(struct dcerpc_b - } - - --static bool test_samr_ValidatePassword(struct dcerpc_pipe *p, -- struct torture_context *tctx) -+static bool test_samr_ValidatePassword(struct torture_context *tctx, -+ struct dcerpc_pipe *p) - { - struct samr_ValidatePassword r; - union samr_ValidatePasswordReq req; -@@ -7951,6 +7951,10 @@ static bool test_samr_ValidatePassword(s - - torture_comment(tctx, "Testing samr_ValidatePassword\n"); - -+ if (p->conn->transport.transport != NCACN_IP_TCP) { -+ torture_comment(tctx, "samr_ValidatePassword only should succeed over NCACN_IP_TCP!\n"); -+ } -+ - ZERO_STRUCT(r); - r.in.level = NetValidatePasswordReset; - r.in.req = &req; -@@ -8074,8 +8078,6 @@ bool torture_rpc_samr_passwords(struct t - - ret &= test_samr_handle_Close(b, torture, &ctx->handle); - -- ret &= test_samr_ValidatePassword(p, torture); -- - return ret; - } - -@@ -8370,4 +8372,15 @@ struct torture_suite *torture_rpc_samr_p - return suite; - } - -+struct torture_suite *torture_rpc_samr_passwords_validate(TALLOC_CTX *mem_ctx) -+{ -+ struct torture_suite *suite = torture_suite_create(mem_ctx, "samr.passwords.validate"); -+ struct torture_rpc_tcase *tcase; -+ -+ tcase = torture_suite_add_rpc_iface_tcase(suite, "samr", -+ &ndr_table_samr); -+ torture_rpc_tcase_add_test(tcase, "validate", -+ test_samr_ValidatePassword); - -+ return suite; -+} -Index: samba-3.6.23/source3/rpc_server/srv_pipe.c -=================================================================== ---- samba-3.6.23.orig/source3/rpc_server/srv_pipe.c -+++ samba-3.6.23/source3/rpc_server/srv_pipe.c -@@ -42,6 +42,7 @@ - #include "auth.h" - #include "ntdomain.h" - #include "rpc_server/srv_pipe.h" -+#include "../librpc/ndr/ndr_dcerpc.h" - - #undef DBGC_CLASS - #define DBGC_CLASS DBGC_RPC_SRV -@@ -202,7 +203,7 @@ bool create_next_pdu(struct pipes_struct - * the pipe gets closed. JRA. - */ - if (p->fault_state) { -- setup_fault_pdu(p, NT_STATUS(DCERPC_FAULT_OP_RNG_ERROR)); -+ setup_fault_pdu(p, NT_STATUS(p->fault_state)); - return true; - } - -@@ -336,7 +337,7 @@ static bool check_bind_req(struct pipes_ - struct pipe_rpc_fns *context_fns; - - DEBUG(3,("check_bind_req for %s\n", -- get_pipe_name_from_syntax(talloc_tos(), &p->syntax))); -+ get_pipe_name_from_syntax(talloc_tos(), abstract))); - - /* we have to check all now since win2k introduced a new UUID on the lsaprpc pipe */ - if (rpc_srv_pipe_exists_by_id(abstract) && -@@ -358,6 +359,7 @@ static bool check_bind_req(struct pipes_ - context_fns->n_cmds = rpc_srv_get_pipe_num_cmds(abstract); - context_fns->cmds = rpc_srv_get_pipe_cmds(abstract); - context_fns->context_id = context_id; -+ context_fns->syntax = *abstract; - - /* add to the list of open contexts */ - -@@ -1541,7 +1543,41 @@ static PIPE_RPC_FNS* find_pipe_fns_by_co - } - - static bool api_rpcTNP(struct pipes_struct *p, struct ncacn_packet *pkt, -- const struct api_struct *api_rpc_cmds, int n_cmds); -+ const struct api_struct *api_rpc_cmds, int n_cmds, -+ const struct ndr_syntax_id *syntax); -+ -+static bool srv_pipe_check_verification_trailer(struct pipes_struct *p, -+ struct ncacn_packet *pkt, -+ struct pipe_rpc_fns *pipe_fns) -+{ -+ TALLOC_CTX *frame = talloc_stackframe(); -+ struct dcerpc_sec_verification_trailer *vt = NULL; -+ const struct dcerpc_sec_vt_pcontext pcontext = { -+ .abstract_syntax = pipe_fns->syntax, -+ .transfer_syntax = ndr_transfer_syntax, -+ }; -+ const struct dcerpc_sec_vt_header2 header2 = -+ dcerpc_sec_vt_header2_from_ncacn_packet(pkt); -+ struct ndr_pull *ndr; -+ enum ndr_err_code ndr_err; -+ bool ret = false; -+ -+ ndr = ndr_pull_init_blob(&p->in_data.data, frame); -+ if (ndr == NULL) { -+ goto done; -+ } -+ -+ ndr_err = ndr_pop_dcerpc_sec_verification_trailer(ndr, frame, &vt); -+ if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { -+ goto done; -+ } -+ -+ ret = dcerpc_sec_verification_trailer_check(vt, NULL, -+ &pcontext, &header2); -+done: -+ TALLOC_FREE(frame); -+ return ret; -+} - - /**************************************************************************** - Find the correct RPC function to call for this request. -@@ -1552,46 +1588,53 @@ static bool api_rpcTNP(struct pipes_stru - static bool api_pipe_request(struct pipes_struct *p, - struct ncacn_packet *pkt) - { -+ TALLOC_CTX *frame = talloc_stackframe(); - bool ret = False; -- bool changed_user = False; - PIPE_RPC_FNS *pipe_fns; - -- if (p->pipe_bound && -- ((p->auth.auth_type == DCERPC_AUTH_TYPE_NTLMSSP) || -- (p->auth.auth_type == DCERPC_AUTH_TYPE_KRB5) || -- (p->auth.auth_type == DCERPC_AUTH_TYPE_SPNEGO))) { -- if(!become_authenticated_pipe_user(p->session_info)) { -- data_blob_free(&p->out_data.rdata); -- return False; -- } -- changed_user = True; -+ if (!p->pipe_bound) { -+ DEBUG(1, ("Pipe not bound!\n")); -+ data_blob_free(&p->out_data.rdata); -+ TALLOC_FREE(frame); -+ return false; - } - -- DEBUG(5, ("Requested \PIPE\%s\n", -- get_pipe_name_from_syntax(talloc_tos(), &p->syntax))); -- - /* get the set of RPC functions for this context */ - - pipe_fns = find_pipe_fns_by_context(p->contexts, - pkt->u.request.context_id); -- -- if ( pipe_fns ) { -- TALLOC_CTX *frame = talloc_stackframe(); -- ret = api_rpcTNP(p, pkt, pipe_fns->cmds, pipe_fns->n_cmds); -+ if (pipe_fns == NULL) { -+ DEBUG(0, ("No rpc function table associated with context " -+ "[%d]\n", -+ pkt->u.request.context_id)); -+ data_blob_free(&p->out_data.rdata); - TALLOC_FREE(frame); -+ return false; - } -- else { -- DEBUG(0, ("No rpc function table associated with context " -- "[%d] on pipe [%s]\n", -- pkt->u.request.context_id, -- get_pipe_name_from_syntax(talloc_tos(), -- &p->syntax))); -+ -+ DEBUG(5, ("Requested \PIPE\%s\n", -+ get_pipe_name_from_syntax(talloc_tos(), &pipe_fns->syntax))); -+ -+ if (!srv_pipe_check_verification_trailer(p, pkt, pipe_fns)) { -+ DEBUG(1, ("srv_pipe_check_verification_trailer: failed\n")); -+ setup_fault_pdu(p, NT_STATUS(DCERPC_FAULT_ACCESS_DENIED)); -+ data_blob_free(&p->out_data.rdata); -+ TALLOC_FREE(frame); -+ return true; - } - -- if (changed_user) { -- unbecome_authenticated_pipe_user(); -+ if (!become_authenticated_pipe_user(p->session_info)) { -+ DEBUG(1, ("Failed to become pipe user!\n")); -+ data_blob_free(&p->out_data.rdata); -+ TALLOC_FREE(frame); -+ return false; - } - -+ ret = api_rpcTNP(p, pkt, pipe_fns->cmds, pipe_fns->n_cmds, -+ &pipe_fns->syntax); -+ unbecome_authenticated_pipe_user(); -+ -+ TALLOC_FREE(frame); - return ret; - } - -@@ -1600,20 +1643,21 @@ static bool api_pipe_request(struct pipe - ********************************************************************/ - - static bool api_rpcTNP(struct pipes_struct *p, struct ncacn_packet *pkt, -- const struct api_struct *api_rpc_cmds, int n_cmds) -+ const struct api_struct *api_rpc_cmds, int n_cmds, -+ const struct ndr_syntax_id *syntax) - { - int fn_num; - uint32_t offset1; - - /* interpret the command */ - DEBUG(4,("api_rpcTNP: %s op 0x%x - ", -- get_pipe_name_from_syntax(talloc_tos(), &p->syntax), -+ get_pipe_name_from_syntax(talloc_tos(), syntax), - pkt->u.request.opnum)); - - if (DEBUGLEVEL >= 50) { - fstring name; - slprintf(name, sizeof(name)-1, "in_%s", -- get_pipe_name_from_syntax(talloc_tos(), &p->syntax)); -+ get_pipe_name_from_syntax(talloc_tos(), syntax)); - dump_pdu_region(name, pkt->u.request.opnum, - &p->in_data.data, 0, - p->in_data.data.length); -@@ -1646,37 +1690,30 @@ static bool api_rpcTNP(struct pipes_stru - /* do the actual command */ - if(!api_rpc_cmds[fn_num].fn(p)) { - DEBUG(0,("api_rpcTNP: %s: %s failed.\n", -- get_pipe_name_from_syntax(talloc_tos(), &p->syntax), -+ get_pipe_name_from_syntax(talloc_tos(), syntax), - api_rpc_cmds[fn_num].name)); - data_blob_free(&p->out_data.rdata); - return False; - } - -- if (p->bad_handle_fault_state) { -- DEBUG(4,("api_rpcTNP: bad handle fault return.\n")); -- p->bad_handle_fault_state = False; -- setup_fault_pdu(p, NT_STATUS(DCERPC_FAULT_CONTEXT_MISMATCH)); -- return True; -- } -- -- if (p->rng_fault_state) { -- DEBUG(4, ("api_rpcTNP: rng fault return\n")); -- p->rng_fault_state = False; -- setup_fault_pdu(p, NT_STATUS(DCERPC_FAULT_OP_RNG_ERROR)); -- return True; -+ if (p->fault_state) { -+ DEBUG(4,("api_rpcTNP: fault(%d) return.\n", p->fault_state)); -+ setup_fault_pdu(p, NT_STATUS(p->fault_state)); -+ p->fault_state = 0; -+ return true; - } - - if (DEBUGLEVEL >= 50) { - fstring name; - slprintf(name, sizeof(name)-1, "out_%s", -- get_pipe_name_from_syntax(talloc_tos(), &p->syntax)); -+ get_pipe_name_from_syntax(talloc_tos(), syntax)); - dump_pdu_region(name, pkt->u.request.opnum, - &p->out_data.rdata, offset1, - p->out_data.rdata.length); - } - - DEBUG(5,("api_rpcTNP: called %s successfully\n", -- get_pipe_name_from_syntax(talloc_tos(), &p->syntax))); -+ get_pipe_name_from_syntax(talloc_tos(), syntax))); - - /* Check for buffer underflow in rpc parsing */ - if ((DEBUGLEVEL >= 10) && -@@ -1718,9 +1755,9 @@ void set_incoming_fault(struct pipes_str - data_blob_free(&p->in_data.data); - p->in_data.pdu_needed_len = 0; - p->in_data.pdu.length = 0; -- p->fault_state = True; -- DEBUG(10, ("set_incoming_fault: Setting fault state on pipe %s\n", -- get_pipe_name_from_syntax(talloc_tos(), &p->syntax))); -+ p->fault_state = DCERPC_FAULT_CANT_PERFORM; -+ -+ DEBUG(10, ("Setting fault state\n")); - } - - static NTSTATUS dcesrv_auth_request(struct pipe_auth_data *auth, -Index: samba-3.6.23/source3/include/ntdomain.h -=================================================================== ---- samba-3.6.23.orig/source3/include/ntdomain.h -+++ samba-3.6.23/source3/include/ntdomain.h -@@ -87,6 +87,7 @@ typedef struct pipe_rpc_fns { - const struct api_struct *cmds; - int n_cmds; - uint32 context_id; -+ struct ndr_syntax_id syntax; - - } PIPE_RPC_FNS; - -@@ -134,22 +135,10 @@ struct pipes_struct { - bool pipe_bound; - - /* -- * Set to true when we should return fault PDU's for everything. -- */ -- -- bool fault_state; -- -- /* -- * Set to true when we should return fault PDU's for a bad handle. -- */ -- -- bool bad_handle_fault_state; -- -- /* -- * Set to true when the backend does not support a call. -+ * Set the DCERPC_FAULT to return. - */ - -- bool rng_fault_state; -+ int fault_state; - - /* - * Set to RPC_BIG_ENDIAN when dealing with big-endian PDU's -Index: samba-3.6.23/pidl/lib/Parse/Pidl/Samba3/ServerNDR.pm -=================================================================== ---- samba-3.6.23.orig/pidl/lib/Parse/Pidl/Samba3/ServerNDR.pm -+++ samba-3.6.23/pidl/lib/Parse/Pidl/Samba3/ServerNDR.pm -@@ -183,7 +183,7 @@ sub ParseFunction($$) - ); - - pidl ""; -- pidl "if (p->rng_fault_state) {"; -+ pidl "if (p->fault_state) {"; - pidl "\ttalloc_free(r);"; - pidl "\t/* Return true here, srv_pipe_hnd.c will take care */"; - pidl "\treturn true;"; -Index: samba-3.6.23/source3/rpc_server/dfs/srv_dfs_nt.c -=================================================================== ---- samba-3.6.23.orig/source3/rpc_server/dfs/srv_dfs_nt.c -+++ samba-3.6.23/source3/rpc_server/dfs/srv_dfs_nt.c -@@ -411,125 +411,125 @@ WERROR _dfs_GetInfo(struct pipes_struct - WERROR _dfs_SetInfo(struct pipes_struct *p, struct dfs_SetInfo *r) - { - /* FIXME: Implement your code here */ -- p->rng_fault_state = True; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - - WERROR _dfs_Rename(struct pipes_struct *p, struct dfs_Rename *r) - { - /* FIXME: Implement your code here */ -- p->rng_fault_state = True; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - - WERROR _dfs_Move(struct pipes_struct *p, struct dfs_Move *r) - { - /* FIXME: Implement your code here */ -- p->rng_fault_state = True; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - - WERROR _dfs_ManagerGetConfigInfo(struct pipes_struct *p, struct dfs_ManagerGetConfigInfo *r) - { - /* FIXME: Implement your code here */ -- p->rng_fault_state = True; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - - WERROR _dfs_ManagerSendSiteInfo(struct pipes_struct *p, struct dfs_ManagerSendSiteInfo *r) - { - /* FIXME: Implement your code here */ -- p->rng_fault_state = True; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - - WERROR _dfs_AddFtRoot(struct pipes_struct *p, struct dfs_AddFtRoot *r) - { - /* FIXME: Implement your code here */ -- p->rng_fault_state = True; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - - WERROR _dfs_RemoveFtRoot(struct pipes_struct *p, struct dfs_RemoveFtRoot *r) - { - /* FIXME: Implement your code here */ -- p->rng_fault_state = True; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - - WERROR _dfs_AddStdRoot(struct pipes_struct *p, struct dfs_AddStdRoot *r) - { - /* FIXME: Implement your code here */ -- p->rng_fault_state = True; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - - WERROR _dfs_RemoveStdRoot(struct pipes_struct *p, struct dfs_RemoveStdRoot *r) - { - /* FIXME: Implement your code here */ -- p->rng_fault_state = True; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - - WERROR _dfs_ManagerInitialize(struct pipes_struct *p, struct dfs_ManagerInitialize *r) - { - /* FIXME: Implement your code here */ -- p->rng_fault_state = True; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - - WERROR _dfs_AddStdRootForced(struct pipes_struct *p, struct dfs_AddStdRootForced *r) - { - /* FIXME: Implement your code here */ -- p->rng_fault_state = True; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - - WERROR _dfs_GetDcAddress(struct pipes_struct *p, struct dfs_GetDcAddress *r) - { - /* FIXME: Implement your code here */ -- p->rng_fault_state = True; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - - WERROR _dfs_SetDcAddress(struct pipes_struct *p, struct dfs_SetDcAddress *r) - { - /* FIXME: Implement your code here */ -- p->rng_fault_state = True; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - - WERROR _dfs_FlushFtTable(struct pipes_struct *p, struct dfs_FlushFtTable *r) - { - /* FIXME: Implement your code here */ -- p->rng_fault_state = True; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - - WERROR _dfs_Add2(struct pipes_struct *p, struct dfs_Add2 *r) - { - /* FIXME: Implement your code here */ -- p->rng_fault_state = True; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - - WERROR _dfs_Remove2(struct pipes_struct *p, struct dfs_Remove2 *r) - { - /* FIXME: Implement your code here */ -- p->rng_fault_state = True; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - - WERROR _dfs_EnumEx(struct pipes_struct *p, struct dfs_EnumEx *r) - { - /* FIXME: Implement your code here */ -- p->rng_fault_state = True; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - - WERROR _dfs_SetInfo2(struct pipes_struct *p, struct dfs_SetInfo2 *r) - { - /* FIXME: Implement your code here */ -- p->rng_fault_state = True; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } -Index: samba-3.6.23/source3/rpc_server/dssetup/srv_dssetup_nt.c -=================================================================== ---- samba-3.6.23.orig/source3/rpc_server/dssetup/srv_dssetup_nt.c -+++ samba-3.6.23/source3/rpc_server/dssetup/srv_dssetup_nt.c -@@ -130,7 +130,7 @@ WERROR _dssetup_DsRoleGetPrimaryDomainIn - WERROR _dssetup_DsRoleDnsNameToFlatName(struct pipes_struct *p, - struct dssetup_DsRoleDnsNameToFlatName *r) - { -- p->rng_fault_state = true; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - -@@ -140,7 +140,7 @@ WERROR _dssetup_DsRoleDnsNameToFlatName( - WERROR _dssetup_DsRoleDcAsDc(struct pipes_struct *p, - struct dssetup_DsRoleDcAsDc *r) - { -- p->rng_fault_state = true; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - -@@ -150,7 +150,7 @@ WERROR _dssetup_DsRoleDcAsDc(struct pipe - WERROR _dssetup_DsRoleDcAsReplica(struct pipes_struct *p, - struct dssetup_DsRoleDcAsReplica *r) - { -- p->rng_fault_state = true; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - -@@ -160,7 +160,7 @@ WERROR _dssetup_DsRoleDcAsReplica(struct - WERROR _dssetup_DsRoleDemoteDc(struct pipes_struct *p, - struct dssetup_DsRoleDemoteDc *r) - { -- p->rng_fault_state = true; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - -@@ -170,7 +170,7 @@ WERROR _dssetup_DsRoleDemoteDc(struct pi - WERROR _dssetup_DsRoleGetDcOperationProgress(struct pipes_struct *p, - struct dssetup_DsRoleGetDcOperationProgress *r) - { -- p->rng_fault_state = true; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - -@@ -180,7 +180,7 @@ WERROR _dssetup_DsRoleGetDcOperationProg - WERROR _dssetup_DsRoleGetDcOperationResults(struct pipes_struct *p, - struct dssetup_DsRoleGetDcOperationResults *r) - { -- p->rng_fault_state = true; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - -@@ -190,7 +190,7 @@ WERROR _dssetup_DsRoleGetDcOperationResu - WERROR _dssetup_DsRoleCancel(struct pipes_struct *p, - struct dssetup_DsRoleCancel *r) - { -- p->rng_fault_state = true; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - -@@ -200,7 +200,7 @@ WERROR _dssetup_DsRoleCancel(struct pipe - WERROR _dssetup_DsRoleServerSaveStateForUpgrade(struct pipes_struct *p, - struct dssetup_DsRoleServerSaveStateForUpgrade *r) - { -- p->rng_fault_state = true; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - -@@ -210,7 +210,7 @@ WERROR _dssetup_DsRoleServerSaveStateFor - WERROR _dssetup_DsRoleUpgradeDownlevelServer(struct pipes_struct *p, - struct dssetup_DsRoleUpgradeDownlevelServer *r) - { -- p->rng_fault_state = true; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - -@@ -220,6 +220,6 @@ WERROR _dssetup_DsRoleUpgradeDownlevelSe - WERROR _dssetup_DsRoleAbortDownlevelServerUpgrade(struct pipes_struct *p, - struct dssetup_DsRoleAbortDownlevelServerUpgrade *r) - { -- p->rng_fault_state = true; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } -Index: samba-3.6.23/source3/rpc_server/echo/srv_echo_nt.c -=================================================================== ---- samba-3.6.23.orig/source3/rpc_server/echo/srv_echo_nt.c -+++ samba-3.6.23/source3/rpc_server/echo/srv_echo_nt.c -@@ -87,13 +87,13 @@ void _echo_SourceData(struct pipes_struc - - void _echo_TestCall(struct pipes_struct *p, struct echo_TestCall *r) - { -- p->rng_fault_state = True; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return; - } - - NTSTATUS _echo_TestCall2(struct pipes_struct *p, struct echo_TestCall2 *r) - { -- p->rng_fault_state = True; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return NT_STATUS_OK; - } - -@@ -105,18 +105,18 @@ uint32 _echo_TestSleep(struct pipes_stru - - void _echo_TestEnum(struct pipes_struct *p, struct echo_TestEnum *r) - { -- p->rng_fault_state = True; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return; - } - - void _echo_TestSurrounding(struct pipes_struct *p, struct echo_TestSurrounding *r) - { -- p->rng_fault_state = True; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return; - } - - uint16 _echo_TestDoublePointer(struct pipes_struct *p, struct echo_TestDoublePointer *r) - { -- p->rng_fault_state = True; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return 0; - } -Index: samba-3.6.23/source3/rpc_server/epmapper/srv_epmapper.c -=================================================================== ---- samba-3.6.23.orig/source3/rpc_server/epmapper/srv_epmapper.c -+++ samba-3.6.23/source3/rpc_server/epmapper/srv_epmapper.c -@@ -297,6 +297,7 @@ error_status_t _epm_Insert(struct pipes_ - /* If this is not a priviledged users, return */ - if (p->transport != NCALRPC || - !is_priviledged_pipe(p->session_info)) { -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return EPMAPPER_STATUS_CANT_PERFORM_OP; - } - -@@ -433,6 +434,7 @@ error_status_t _epm_Delete(struct pipes_ - /* If this is not a priviledged users, return */ - if (p->transport != NCALRPC || - !is_priviledged_pipe(p->session_info)) { -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return EPMAPPER_STATUS_CANT_PERFORM_OP; - } - -@@ -1096,7 +1098,7 @@ error_status_t _epm_LookupHandleFree(str - error_status_t _epm_InqObject(struct pipes_struct *p, - struct epm_InqObject *r) - { -- p->rng_fault_state = true; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return EPMAPPER_STATUS_CANT_PERFORM_OP; - } - -@@ -1110,7 +1112,7 @@ error_status_t _epm_InqObject(struct pip - error_status_t _epm_MgmtDelete(struct pipes_struct *p, - struct epm_MgmtDelete *r) - { -- p->rng_fault_state = true; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return EPMAPPER_STATUS_CANT_PERFORM_OP; - } - -@@ -1121,7 +1123,7 @@ error_status_t _epm_MgmtDelete(struct pi - error_status_t _epm_MapAuth(struct pipes_struct *p, - struct epm_MapAuth *r) - { -- p->rng_fault_state = true; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return EPMAPPER_STATUS_CANT_PERFORM_OP; - } - -Index: samba-3.6.23/source3/rpc_server/eventlog/srv_eventlog_nt.c -=================================================================== ---- samba-3.6.23.orig/source3/rpc_server/eventlog/srv_eventlog_nt.c -+++ samba-3.6.23/source3/rpc_server/eventlog/srv_eventlog_nt.c -@@ -695,7 +695,7 @@ NTSTATUS _eventlog_GetNumRecords(struct - - NTSTATUS _eventlog_BackupEventLogW(struct pipes_struct *p, struct eventlog_BackupEventLogW *r) - { -- p->rng_fault_state = True; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return NT_STATUS_NOT_IMPLEMENTED; - } - -@@ -838,104 +838,104 @@ NTSTATUS _eventlog_ReportEventW(struct p - NTSTATUS _eventlog_DeregisterEventSource(struct pipes_struct *p, - struct eventlog_DeregisterEventSource *r) - { -- p->rng_fault_state = True; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return NT_STATUS_NOT_IMPLEMENTED; - } - - NTSTATUS _eventlog_ChangeNotify(struct pipes_struct *p, - struct eventlog_ChangeNotify *r) - { -- p->rng_fault_state = True; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return NT_STATUS_NOT_IMPLEMENTED; - } - - NTSTATUS _eventlog_RegisterEventSourceW(struct pipes_struct *p, - struct eventlog_RegisterEventSourceW *r) - { -- p->rng_fault_state = True; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return NT_STATUS_NOT_IMPLEMENTED; - } - - NTSTATUS _eventlog_OpenBackupEventLogW(struct pipes_struct *p, - struct eventlog_OpenBackupEventLogW *r) - { -- p->rng_fault_state = True; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return NT_STATUS_NOT_IMPLEMENTED; - } - - NTSTATUS _eventlog_ClearEventLogA(struct pipes_struct *p, - struct eventlog_ClearEventLogA *r) - { -- p->rng_fault_state = True; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return NT_STATUS_NOT_IMPLEMENTED; - } - - NTSTATUS _eventlog_BackupEventLogA(struct pipes_struct *p, - struct eventlog_BackupEventLogA *r) - { -- p->rng_fault_state = True; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return NT_STATUS_NOT_IMPLEMENTED; - } - - NTSTATUS _eventlog_OpenEventLogA(struct pipes_struct *p, - struct eventlog_OpenEventLogA *r) - { -- p->rng_fault_state = True; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return NT_STATUS_NOT_IMPLEMENTED; - } - - NTSTATUS _eventlog_RegisterEventSourceA(struct pipes_struct *p, - struct eventlog_RegisterEventSourceA *r) - { -- p->rng_fault_state = True; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return NT_STATUS_NOT_IMPLEMENTED; - } - - NTSTATUS _eventlog_OpenBackupEventLogA(struct pipes_struct *p, - struct eventlog_OpenBackupEventLogA *r) - { -- p->rng_fault_state = True; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return NT_STATUS_NOT_IMPLEMENTED; - } - - NTSTATUS _eventlog_ReadEventLogA(struct pipes_struct *p, - struct eventlog_ReadEventLogA *r) - { -- p->rng_fault_state = True; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return NT_STATUS_NOT_IMPLEMENTED; - } - - NTSTATUS _eventlog_ReportEventA(struct pipes_struct *p, - struct eventlog_ReportEventA *r) - { -- p->rng_fault_state = True; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return NT_STATUS_NOT_IMPLEMENTED; - } - - NTSTATUS _eventlog_RegisterClusterSvc(struct pipes_struct *p, - struct eventlog_RegisterClusterSvc *r) - { -- p->rng_fault_state = True; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return NT_STATUS_NOT_IMPLEMENTED; - } - - NTSTATUS _eventlog_DeregisterClusterSvc(struct pipes_struct *p, - struct eventlog_DeregisterClusterSvc *r) - { -- p->rng_fault_state = True; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return NT_STATUS_NOT_IMPLEMENTED; - } - - NTSTATUS _eventlog_WriteClusterEvents(struct pipes_struct *p, - struct eventlog_WriteClusterEvents *r) - { -- p->rng_fault_state = True; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return NT_STATUS_NOT_IMPLEMENTED; - } - - NTSTATUS _eventlog_ReportEventAndSourceW(struct pipes_struct *p, - struct eventlog_ReportEventAndSourceW *r) - { -- p->rng_fault_state = True; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return NT_STATUS_NOT_IMPLEMENTED; - } -Index: samba-3.6.23/source3/rpc_server/lsa/srv_lsa_nt.c -=================================================================== ---- samba-3.6.23.orig/source3/rpc_server/lsa/srv_lsa_nt.c -+++ samba-3.6.23/source3/rpc_server/lsa/srv_lsa_nt.c -@@ -817,7 +817,7 @@ NTSTATUS _lsa_QueryInfoPolicy2(struct pi - struct lsa_QueryInfoPolicy r; - - if ((pdb_capabilities() & PDB_CAP_ADS) == 0) { -- p->rng_fault_state = True; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return NT_STATUS_NOT_IMPLEMENTED; - } - -@@ -3210,88 +3210,88 @@ NTSTATUS _lsa_Delete(struct pipes_struct - - NTSTATUS _lsa_SetSecObj(struct pipes_struct *p, struct lsa_SetSecObj *r) - { -- p->rng_fault_state = True; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return NT_STATUS_NOT_IMPLEMENTED; - } - - NTSTATUS _lsa_ChangePassword(struct pipes_struct *p, - struct lsa_ChangePassword *r) - { -- p->rng_fault_state = True; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return NT_STATUS_NOT_IMPLEMENTED; - } - - NTSTATUS _lsa_SetInfoPolicy(struct pipes_struct *p, struct lsa_SetInfoPolicy *r) - { -- p->rng_fault_state = True; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return NT_STATUS_NOT_IMPLEMENTED; - } - - NTSTATUS _lsa_ClearAuditLog(struct pipes_struct *p, struct lsa_ClearAuditLog *r) - { -- p->rng_fault_state = True; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return NT_STATUS_NOT_IMPLEMENTED; - } - - NTSTATUS _lsa_GetQuotasForAccount(struct pipes_struct *p, - struct lsa_GetQuotasForAccount *r) - { -- p->rng_fault_state = True; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return NT_STATUS_NOT_IMPLEMENTED; - } - - NTSTATUS _lsa_SetQuotasForAccount(struct pipes_struct *p, - struct lsa_SetQuotasForAccount *r) - { -- p->rng_fault_state = True; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return NT_STATUS_NOT_IMPLEMENTED; - } - - NTSTATUS _lsa_SetInformationTrustedDomain(struct pipes_struct *p, - struct lsa_SetInformationTrustedDomain *r) - { -- p->rng_fault_state = True; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return NT_STATUS_NOT_IMPLEMENTED; - } - - NTSTATUS _lsa_QuerySecret(struct pipes_struct *p, struct lsa_QuerySecret *r) - { -- p->rng_fault_state = True; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return NT_STATUS_NOT_IMPLEMENTED; - } - - NTSTATUS _lsa_SetTrustedDomainInfo(struct pipes_struct *p, - struct lsa_SetTrustedDomainInfo *r) - { -- p->rng_fault_state = True; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return NT_STATUS_NOT_IMPLEMENTED; - } - - NTSTATUS _lsa_StorePrivateData(struct pipes_struct *p, - struct lsa_StorePrivateData *r) - { -- p->rng_fault_state = True; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return NT_STATUS_NOT_IMPLEMENTED; - } - - NTSTATUS _lsa_RetrievePrivateData(struct pipes_struct *p, - struct lsa_RetrievePrivateData *r) - { -- p->rng_fault_state = True; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return NT_STATUS_NOT_IMPLEMENTED; - } - - NTSTATUS _lsa_SetInfoPolicy2(struct pipes_struct *p, - struct lsa_SetInfoPolicy2 *r) - { -- p->rng_fault_state = True; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return NT_STATUS_NOT_IMPLEMENTED; - } - - NTSTATUS _lsa_SetTrustedDomainInfoByName(struct pipes_struct *p, - struct lsa_SetTrustedDomainInfoByName *r) - { -- p->rng_fault_state = True; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return NT_STATUS_NOT_IMPLEMENTED; - } - -@@ -3310,7 +3310,7 @@ NTSTATUS _lsa_EnumTrustedDomainsEx(struc - * _lsa_EnumTrustedDomains() afterwards - gd */ - - if (!(pdb_capabilities() & PDB_CAP_TRUSTED_DOMAINS_EX)) { -- p->rng_fault_state = True; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return NT_STATUS_NOT_IMPLEMENTED; - } - -@@ -3379,107 +3379,107 @@ NTSTATUS _lsa_EnumTrustedDomainsEx(struc - NTSTATUS _lsa_QueryDomainInformationPolicy(struct pipes_struct *p, - struct lsa_QueryDomainInformationPolicy *r) - { -- p->rng_fault_state = True; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return NT_STATUS_NOT_IMPLEMENTED; - } - - NTSTATUS _lsa_SetDomainInformationPolicy(struct pipes_struct *p, - struct lsa_SetDomainInformationPolicy *r) - { -- p->rng_fault_state = True; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return NT_STATUS_NOT_IMPLEMENTED; - } - - NTSTATUS _lsa_TestCall(struct pipes_struct *p, struct lsa_TestCall *r) - { -- p->rng_fault_state = True; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return NT_STATUS_NOT_IMPLEMENTED; - } - - NTSTATUS _lsa_CREDRWRITE(struct pipes_struct *p, struct lsa_CREDRWRITE *r) - { -- p->rng_fault_state = True; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return NT_STATUS_NOT_IMPLEMENTED; - } - - NTSTATUS _lsa_CREDRREAD(struct pipes_struct *p, struct lsa_CREDRREAD *r) - { -- p->rng_fault_state = True; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return NT_STATUS_NOT_IMPLEMENTED; - } - - NTSTATUS _lsa_CREDRENUMERATE(struct pipes_struct *p, struct lsa_CREDRENUMERATE *r) - { -- p->rng_fault_state = True; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return NT_STATUS_NOT_IMPLEMENTED; - } - - NTSTATUS _lsa_CREDRWRITEDOMAINCREDENTIALS(struct pipes_struct *p, - struct lsa_CREDRWRITEDOMAINCREDENTIALS *r) - { -- p->rng_fault_state = True; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return NT_STATUS_NOT_IMPLEMENTED; - } - - NTSTATUS _lsa_CREDRREADDOMAINCREDENTIALS(struct pipes_struct *p, - struct lsa_CREDRREADDOMAINCREDENTIALS *r) - { -- p->rng_fault_state = True; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return NT_STATUS_NOT_IMPLEMENTED; - } - - NTSTATUS _lsa_CREDRDELETE(struct pipes_struct *p, struct lsa_CREDRDELETE *r) - { -- p->rng_fault_state = True; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return NT_STATUS_NOT_IMPLEMENTED; - } - - NTSTATUS _lsa_CREDRGETTARGETINFO(struct pipes_struct *p, - struct lsa_CREDRGETTARGETINFO *r) - { -- p->rng_fault_state = True; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return NT_STATUS_NOT_IMPLEMENTED; - } - - NTSTATUS _lsa_CREDRPROFILELOADED(struct pipes_struct *p, - struct lsa_CREDRPROFILELOADED *r) - { -- p->rng_fault_state = True; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return NT_STATUS_NOT_IMPLEMENTED; - } - - NTSTATUS _lsa_CREDRGETSESSIONTYPES(struct pipes_struct *p, - struct lsa_CREDRGETSESSIONTYPES *r) - { -- p->rng_fault_state = True; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return NT_STATUS_NOT_IMPLEMENTED; - } - - NTSTATUS _lsa_LSARREGISTERAUDITEVENT(struct pipes_struct *p, - struct lsa_LSARREGISTERAUDITEVENT *r) - { -- p->rng_fault_state = True; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return NT_STATUS_NOT_IMPLEMENTED; - } - - NTSTATUS _lsa_LSARGENAUDITEVENT(struct pipes_struct *p, - struct lsa_LSARGENAUDITEVENT *r) - { -- p->rng_fault_state = True; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return NT_STATUS_NOT_IMPLEMENTED; - } - - NTSTATUS _lsa_LSARUNREGISTERAUDITEVENT(struct pipes_struct *p, - struct lsa_LSARUNREGISTERAUDITEVENT *r) - { -- p->rng_fault_state = True; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return NT_STATUS_NOT_IMPLEMENTED; - } - - NTSTATUS _lsa_lsaRQueryForestTrustInformation(struct pipes_struct *p, - struct lsa_lsaRQueryForestTrustInformation *r) - { -- p->rng_fault_state = True; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return NT_STATUS_NOT_IMPLEMENTED; - } - -@@ -3992,34 +3992,34 @@ NTSTATUS _lsa_lsaRSetForestTrustInformat - NTSTATUS _lsa_CREDRRENAME(struct pipes_struct *p, - struct lsa_CREDRRENAME *r) - { -- p->rng_fault_state = True; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return NT_STATUS_NOT_IMPLEMENTED; - } - - NTSTATUS _lsa_LSAROPENPOLICYSCE(struct pipes_struct *p, - struct lsa_LSAROPENPOLICYSCE *r) - { -- p->rng_fault_state = True; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return NT_STATUS_NOT_IMPLEMENTED; - } - - NTSTATUS _lsa_LSARADTREGISTERSECURITYEVENTSOURCE(struct pipes_struct *p, - struct lsa_LSARADTREGISTERSECURITYEVENTSOURCE *r) - { -- p->rng_fault_state = True; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return NT_STATUS_NOT_IMPLEMENTED; - } - - NTSTATUS _lsa_LSARADTUNREGISTERSECURITYEVENTSOURCE(struct pipes_struct *p, - struct lsa_LSARADTUNREGISTERSECURITYEVENTSOURCE *r) - { -- p->rng_fault_state = True; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return NT_STATUS_NOT_IMPLEMENTED; - } - - NTSTATUS _lsa_LSARADTREPORTSECURITYEVENT(struct pipes_struct *p, - struct lsa_LSARADTREPORTSECURITYEVENT *r) - { -- p->rng_fault_state = True; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return NT_STATUS_NOT_IMPLEMENTED; - } -Index: samba-3.6.23/source3/rpc_server/netlogon/srv_netlog_nt.c -=================================================================== ---- samba-3.6.23.orig/source3/rpc_server/netlogon/srv_netlog_nt.c -+++ samba-3.6.23/source3/rpc_server/netlogon/srv_netlog_nt.c -@@ -1789,7 +1789,7 @@ NTSTATUS _netr_LogonSamLogonEx(struct pi - WERROR _netr_LogonUasLogon(struct pipes_struct *p, - struct netr_LogonUasLogon *r) - { -- p->rng_fault_state = true; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - -@@ -1799,7 +1799,7 @@ WERROR _netr_LogonUasLogon(struct pipes_ - WERROR _netr_LogonUasLogoff(struct pipes_struct *p, - struct netr_LogonUasLogoff *r) - { -- p->rng_fault_state = true; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - -@@ -1809,7 +1809,7 @@ WERROR _netr_LogonUasLogoff(struct pipes - NTSTATUS _netr_DatabaseDeltas(struct pipes_struct *p, - struct netr_DatabaseDeltas *r) - { -- p->rng_fault_state = true; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return NT_STATUS_NOT_IMPLEMENTED; - } - -@@ -1819,7 +1819,7 @@ NTSTATUS _netr_DatabaseDeltas(struct pip - NTSTATUS _netr_DatabaseSync(struct pipes_struct *p, - struct netr_DatabaseSync *r) - { -- p->rng_fault_state = true; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return NT_STATUS_NOT_IMPLEMENTED; - } - -@@ -1829,7 +1829,7 @@ NTSTATUS _netr_DatabaseSync(struct pipes - NTSTATUS _netr_AccountDeltas(struct pipes_struct *p, - struct netr_AccountDeltas *r) - { -- p->rng_fault_state = true; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return NT_STATUS_NOT_IMPLEMENTED; - } - -@@ -1839,7 +1839,7 @@ NTSTATUS _netr_AccountDeltas(struct pipe - NTSTATUS _netr_AccountSync(struct pipes_struct *p, - struct netr_AccountSync *r) - { -- p->rng_fault_state = true; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return NT_STATUS_NOT_IMPLEMENTED; - } - -@@ -1980,7 +1980,7 @@ WERROR _netr_GetAnyDCName(struct pipes_s - NTSTATUS _netr_DatabaseSync2(struct pipes_struct *p, - struct netr_DatabaseSync2 *r) - { -- p->rng_fault_state = true; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return NT_STATUS_NOT_IMPLEMENTED; - } - -@@ -1990,7 +1990,7 @@ NTSTATUS _netr_DatabaseSync2(struct pipe - NTSTATUS _netr_DatabaseRedo(struct pipes_struct *p, - struct netr_DatabaseRedo *r) - { -- p->rng_fault_state = true; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return NT_STATUS_NOT_IMPLEMENTED; - } - -@@ -2000,7 +2000,7 @@ NTSTATUS _netr_DatabaseRedo(struct pipes - WERROR _netr_DsRGetDCName(struct pipes_struct *p, - struct netr_DsRGetDCName *r) - { -- p->rng_fault_state = true; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - -@@ -2019,7 +2019,7 @@ NTSTATUS _netr_LogonGetCapabilities(stru - WERROR _netr_NETRLOGONSETSERVICEBITS(struct pipes_struct *p, - struct netr_NETRLOGONSETSERVICEBITS *r) - { -- p->rng_fault_state = true; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - -@@ -2029,7 +2029,7 @@ WERROR _netr_NETRLOGONSETSERVICEBITS(str - WERROR _netr_LogonGetTrustRid(struct pipes_struct *p, - struct netr_LogonGetTrustRid *r) - { -- p->rng_fault_state = true; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - -@@ -2039,7 +2039,7 @@ WERROR _netr_LogonGetTrustRid(struct pip - WERROR _netr_NETRLOGONCOMPUTESERVERDIGEST(struct pipes_struct *p, - struct netr_NETRLOGONCOMPUTESERVERDIGEST *r) - { -- p->rng_fault_state = true; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - -@@ -2049,7 +2049,7 @@ WERROR _netr_NETRLOGONCOMPUTESERVERDIGES - WERROR _netr_NETRLOGONCOMPUTECLIENTDIGEST(struct pipes_struct *p, - struct netr_NETRLOGONCOMPUTECLIENTDIGEST *r) - { -- p->rng_fault_state = true; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - -@@ -2059,7 +2059,7 @@ WERROR _netr_NETRLOGONCOMPUTECLIENTDIGES - WERROR _netr_DsRGetDCNameEx(struct pipes_struct *p, - struct netr_DsRGetDCNameEx *r) - { -- p->rng_fault_state = true; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - -@@ -2069,7 +2069,7 @@ WERROR _netr_DsRGetDCNameEx(struct pipes - WERROR _netr_DsRGetSiteName(struct pipes_struct *p, - struct netr_DsRGetSiteName *r) - { -- p->rng_fault_state = true; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - -@@ -2079,7 +2079,7 @@ WERROR _netr_DsRGetSiteName(struct pipes - NTSTATUS _netr_LogonGetDomainInfo(struct pipes_struct *p, - struct netr_LogonGetDomainInfo *r) - { -- p->rng_fault_state = true; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return NT_STATUS_NOT_IMPLEMENTED; - } - -@@ -2089,7 +2089,7 @@ NTSTATUS _netr_LogonGetDomainInfo(struct - WERROR _netr_ServerPasswordGet(struct pipes_struct *p, - struct netr_ServerPasswordGet *r) - { -- p->rng_fault_state = true; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - -@@ -2099,7 +2099,7 @@ WERROR _netr_ServerPasswordGet(struct pi - WERROR _netr_NETRLOGONSENDTOSAM(struct pipes_struct *p, - struct netr_NETRLOGONSENDTOSAM *r) - { -- p->rng_fault_state = true; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - -@@ -2109,7 +2109,7 @@ WERROR _netr_NETRLOGONSENDTOSAM(struct p - WERROR _netr_DsRAddressToSitenamesW(struct pipes_struct *p, - struct netr_DsRAddressToSitenamesW *r) - { -- p->rng_fault_state = true; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - -@@ -2119,7 +2119,7 @@ WERROR _netr_DsRAddressToSitenamesW(stru - WERROR _netr_DsRGetDCNameEx2(struct pipes_struct *p, - struct netr_DsRGetDCNameEx2 *r) - { -- p->rng_fault_state = true; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - -@@ -2129,7 +2129,7 @@ WERROR _netr_DsRGetDCNameEx2(struct pipe - WERROR _netr_NETRLOGONGETTIMESERVICEPARENTDOMAIN(struct pipes_struct *p, - struct netr_NETRLOGONGETTIMESERVICEPARENTDOMAIN *r) - { -- p->rng_fault_state = true; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - -@@ -2139,7 +2139,7 @@ WERROR _netr_NETRLOGONGETTIMESERVICEPARE - WERROR _netr_NetrEnumerateTrustedDomainsEx(struct pipes_struct *p, - struct netr_NetrEnumerateTrustedDomainsEx *r) - { -- p->rng_fault_state = true; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - -@@ -2149,7 +2149,7 @@ WERROR _netr_NetrEnumerateTrustedDomains - WERROR _netr_DsRAddressToSitenamesExW(struct pipes_struct *p, - struct netr_DsRAddressToSitenamesExW *r) - { -- p->rng_fault_state = true; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - -@@ -2159,7 +2159,7 @@ WERROR _netr_DsRAddressToSitenamesExW(st - WERROR _netr_DsrGetDcSiteCoverageW(struct pipes_struct *p, - struct netr_DsrGetDcSiteCoverageW *r) - { -- p->rng_fault_state = true; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - -@@ -2169,7 +2169,7 @@ WERROR _netr_DsrGetDcSiteCoverageW(struc - WERROR _netr_DsrEnumerateDomainTrusts(struct pipes_struct *p, - struct netr_DsrEnumerateDomainTrusts *r) - { -- p->rng_fault_state = true; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - -@@ -2179,7 +2179,7 @@ WERROR _netr_DsrEnumerateDomainTrusts(st - WERROR _netr_DsrDeregisterDNSHostRecords(struct pipes_struct *p, - struct netr_DsrDeregisterDNSHostRecords *r) - { -- p->rng_fault_state = true; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - -@@ -2189,7 +2189,7 @@ WERROR _netr_DsrDeregisterDNSHostRecords - NTSTATUS _netr_ServerTrustPasswordsGet(struct pipes_struct *p, - struct netr_ServerTrustPasswordsGet *r) - { -- p->rng_fault_state = true; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return NT_STATUS_NOT_IMPLEMENTED; - } - -@@ -2199,7 +2199,7 @@ NTSTATUS _netr_ServerTrustPasswordsGet(s - WERROR _netr_DsRGetForestTrustInformation(struct pipes_struct *p, - struct netr_DsRGetForestTrustInformation *r) - { -- p->rng_fault_state = true; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - -@@ -2478,7 +2478,7 @@ NTSTATUS _netr_ServerGetTrustInfo(struct - NTSTATUS _netr_Unused47(struct pipes_struct *p, - struct netr_Unused47 *r) - { -- p->rng_fault_state = true; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return NT_STATUS_NOT_IMPLEMENTED; - } - -@@ -2488,6 +2488,6 @@ NTSTATUS _netr_Unused47(struct pipes_str - NTSTATUS _netr_DsrUpdateReadOnlyServerDnsRecords(struct pipes_struct *p, - struct netr_DsrUpdateReadOnlyServerDnsRecords *r) - { -- p->rng_fault_state = true; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return NT_STATUS_NOT_IMPLEMENTED; - } -Index: samba-3.6.23/source3/rpc_server/ntsvcs/srv_ntsvcs_nt.c -=================================================================== ---- samba-3.6.23.orig/source3/rpc_server/ntsvcs/srv_ntsvcs_nt.c -+++ samba-3.6.23/source3/rpc_server/ntsvcs/srv_ntsvcs_nt.c -@@ -227,7 +227,7 @@ WERROR _PNP_HwProfFlags(struct pipes_str - WERROR _PNP_Disconnect(struct pipes_struct *p, - struct PNP_Disconnect *r) - { -- p->rng_fault_state = true; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - -@@ -237,7 +237,7 @@ WERROR _PNP_Disconnect(struct pipes_stru - WERROR _PNP_Connect(struct pipes_struct *p, - struct PNP_Connect *r) - { -- p->rng_fault_state = true; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - -@@ -247,7 +247,7 @@ WERROR _PNP_Connect(struct pipes_struct - WERROR _PNP_GetGlobalState(struct pipes_struct *p, - struct PNP_GetGlobalState *r) - { -- p->rng_fault_state = true; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - -@@ -257,7 +257,7 @@ WERROR _PNP_GetGlobalState(struct pipes_ - WERROR _PNP_InitDetection(struct pipes_struct *p, - struct PNP_InitDetection *r) - { -- p->rng_fault_state = true; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - -@@ -267,7 +267,7 @@ WERROR _PNP_InitDetection(struct pipes_s - WERROR _PNP_ReportLogOn(struct pipes_struct *p, - struct PNP_ReportLogOn *r) - { -- p->rng_fault_state = true; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - -@@ -277,7 +277,7 @@ WERROR _PNP_ReportLogOn(struct pipes_str - WERROR _PNP_GetRootDeviceInstance(struct pipes_struct *p, - struct PNP_GetRootDeviceInstance *r) - { -- p->rng_fault_state = true; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - -@@ -287,7 +287,7 @@ WERROR _PNP_GetRootDeviceInstance(struct - WERROR _PNP_GetRelatedDeviceInstance(struct pipes_struct *p, - struct PNP_GetRelatedDeviceInstance *r) - { -- p->rng_fault_state = true; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - -@@ -297,7 +297,7 @@ WERROR _PNP_GetRelatedDeviceInstance(str - WERROR _PNP_EnumerateSubKeys(struct pipes_struct *p, - struct PNP_EnumerateSubKeys *r) - { -- p->rng_fault_state = true; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - -@@ -307,7 +307,7 @@ WERROR _PNP_EnumerateSubKeys(struct pipe - WERROR _PNP_GetDepth(struct pipes_struct *p, - struct PNP_GetDepth *r) - { -- p->rng_fault_state = true; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - -@@ -317,7 +317,7 @@ WERROR _PNP_GetDepth(struct pipes_struct - WERROR _PNP_SetDeviceRegProp(struct pipes_struct *p, - struct PNP_SetDeviceRegProp *r) - { -- p->rng_fault_state = true; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - -@@ -327,7 +327,7 @@ WERROR _PNP_SetDeviceRegProp(struct pipe - WERROR _PNP_GetClassInstance(struct pipes_struct *p, - struct PNP_GetClassInstance *r) - { -- p->rng_fault_state = true; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - -@@ -337,7 +337,7 @@ WERROR _PNP_GetClassInstance(struct pipe - WERROR _PNP_CreateKey(struct pipes_struct *p, - struct PNP_CreateKey *r) - { -- p->rng_fault_state = true; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - -@@ -347,7 +347,7 @@ WERROR _PNP_CreateKey(struct pipes_struc - WERROR _PNP_DeleteRegistryKey(struct pipes_struct *p, - struct PNP_DeleteRegistryKey *r) - { -- p->rng_fault_state = true; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - -@@ -357,7 +357,7 @@ WERROR _PNP_DeleteRegistryKey(struct pip - WERROR _PNP_GetClassCount(struct pipes_struct *p, - struct PNP_GetClassCount *r) - { -- p->rng_fault_state = true; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - -@@ -367,7 +367,7 @@ WERROR _PNP_GetClassCount(struct pipes_s - WERROR _PNP_GetClassName(struct pipes_struct *p, - struct PNP_GetClassName *r) - { -- p->rng_fault_state = true; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - -@@ -377,7 +377,7 @@ WERROR _PNP_GetClassName(struct pipes_st - WERROR _PNP_DeleteClassKey(struct pipes_struct *p, - struct PNP_DeleteClassKey *r) - { -- p->rng_fault_state = true; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - -@@ -387,7 +387,7 @@ WERROR _PNP_DeleteClassKey(struct pipes_ - WERROR _PNP_GetInterfaceDeviceAlias(struct pipes_struct *p, - struct PNP_GetInterfaceDeviceAlias *r) - { -- p->rng_fault_state = true; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - -@@ -397,7 +397,7 @@ WERROR _PNP_GetInterfaceDeviceAlias(stru - WERROR _PNP_GetInterfaceDeviceList(struct pipes_struct *p, - struct PNP_GetInterfaceDeviceList *r) - { -- p->rng_fault_state = true; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - -@@ -407,7 +407,7 @@ WERROR _PNP_GetInterfaceDeviceList(struc - WERROR _PNP_GetInterfaceDeviceListSize(struct pipes_struct *p, - struct PNP_GetInterfaceDeviceListSize *r) - { -- p->rng_fault_state = true; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - -@@ -417,7 +417,7 @@ WERROR _PNP_GetInterfaceDeviceListSize(s - WERROR _PNP_RegisterDeviceClassAssociation(struct pipes_struct *p, - struct PNP_RegisterDeviceClassAssociation *r) - { -- p->rng_fault_state = true; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - -@@ -427,7 +427,7 @@ WERROR _PNP_RegisterDeviceClassAssociati - WERROR _PNP_UnregisterDeviceClassAssociation(struct pipes_struct *p, - struct PNP_UnregisterDeviceClassAssociation *r) - { -- p->rng_fault_state = true; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - -@@ -437,7 +437,7 @@ WERROR _PNP_UnregisterDeviceClassAssocia - WERROR _PNP_GetClassRegProp(struct pipes_struct *p, - struct PNP_GetClassRegProp *r) - { -- p->rng_fault_state = true; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - -@@ -447,7 +447,7 @@ WERROR _PNP_GetClassRegProp(struct pipes - WERROR _PNP_SetClassRegProp(struct pipes_struct *p, - struct PNP_SetClassRegProp *r) - { -- p->rng_fault_state = true; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - -@@ -457,7 +457,7 @@ WERROR _PNP_SetClassRegProp(struct pipes - WERROR _PNP_CreateDevInst(struct pipes_struct *p, - struct PNP_CreateDevInst *r) - { -- p->rng_fault_state = true; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - -@@ -467,7 +467,7 @@ WERROR _PNP_CreateDevInst(struct pipes_s - WERROR _PNP_DeviceInstanceAction(struct pipes_struct *p, - struct PNP_DeviceInstanceAction *r) - { -- p->rng_fault_state = true; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - -@@ -477,7 +477,7 @@ WERROR _PNP_DeviceInstanceAction(struct - WERROR _PNP_GetDeviceStatus(struct pipes_struct *p, - struct PNP_GetDeviceStatus *r) - { -- p->rng_fault_state = true; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - -@@ -487,7 +487,7 @@ WERROR _PNP_GetDeviceStatus(struct pipes - WERROR _PNP_SetDeviceProblem(struct pipes_struct *p, - struct PNP_SetDeviceProblem *r) - { -- p->rng_fault_state = true; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - -@@ -497,7 +497,7 @@ WERROR _PNP_SetDeviceProblem(struct pipe - WERROR _PNP_DisableDevInst(struct pipes_struct *p, - struct PNP_DisableDevInst *r) - { -- p->rng_fault_state = true; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - -@@ -507,7 +507,7 @@ WERROR _PNP_DisableDevInst(struct pipes_ - WERROR _PNP_UninstallDevInst(struct pipes_struct *p, - struct PNP_UninstallDevInst *r) - { -- p->rng_fault_state = true; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - -@@ -517,7 +517,7 @@ WERROR _PNP_UninstallDevInst(struct pipe - WERROR _PNP_AddID(struct pipes_struct *p, - struct PNP_AddID *r) - { -- p->rng_fault_state = true; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - -@@ -527,7 +527,7 @@ WERROR _PNP_AddID(struct pipes_struct *p - WERROR _PNP_RegisterDriver(struct pipes_struct *p, - struct PNP_RegisterDriver *r) - { -- p->rng_fault_state = true; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - -@@ -537,7 +537,7 @@ WERROR _PNP_RegisterDriver(struct pipes_ - WERROR _PNP_QueryRemove(struct pipes_struct *p, - struct PNP_QueryRemove *r) - { -- p->rng_fault_state = true; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - -@@ -547,7 +547,7 @@ WERROR _PNP_QueryRemove(struct pipes_str - WERROR _PNP_RequestDeviceEject(struct pipes_struct *p, - struct PNP_RequestDeviceEject *r) - { -- p->rng_fault_state = true; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - -@@ -557,7 +557,7 @@ WERROR _PNP_RequestDeviceEject(struct pi - WERROR _PNP_IsDockStationPresent(struct pipes_struct *p, - struct PNP_IsDockStationPresent *r) - { -- p->rng_fault_state = true; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - -@@ -567,7 +567,7 @@ WERROR _PNP_IsDockStationPresent(struct - WERROR _PNP_RequestEjectPC(struct pipes_struct *p, - struct PNP_RequestEjectPC *r) - { -- p->rng_fault_state = true; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - -@@ -577,7 +577,7 @@ WERROR _PNP_RequestEjectPC(struct pipes_ - WERROR _PNP_AddEmptyLogConf(struct pipes_struct *p, - struct PNP_AddEmptyLogConf *r) - { -- p->rng_fault_state = true; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - -@@ -587,7 +587,7 @@ WERROR _PNP_AddEmptyLogConf(struct pipes - WERROR _PNP_FreeLogConf(struct pipes_struct *p, - struct PNP_FreeLogConf *r) - { -- p->rng_fault_state = true; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - -@@ -597,7 +597,7 @@ WERROR _PNP_FreeLogConf(struct pipes_str - WERROR _PNP_GetFirstLogConf(struct pipes_struct *p, - struct PNP_GetFirstLogConf *r) - { -- p->rng_fault_state = true; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - -@@ -607,7 +607,7 @@ WERROR _PNP_GetFirstLogConf(struct pipes - WERROR _PNP_GetNextLogConf(struct pipes_struct *p, - struct PNP_GetNextLogConf *r) - { -- p->rng_fault_state = true; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - -@@ -617,7 +617,7 @@ WERROR _PNP_GetNextLogConf(struct pipes_ - WERROR _PNP_GetLogConfPriority(struct pipes_struct *p, - struct PNP_GetLogConfPriority *r) - { -- p->rng_fault_state = true; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - -@@ -627,7 +627,7 @@ WERROR _PNP_GetLogConfPriority(struct pi - WERROR _PNP_AddResDes(struct pipes_struct *p, - struct PNP_AddResDes *r) - { -- p->rng_fault_state = true; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - -@@ -637,7 +637,7 @@ WERROR _PNP_AddResDes(struct pipes_struc - WERROR _PNP_FreeResDes(struct pipes_struct *p, - struct PNP_FreeResDes *r) - { -- p->rng_fault_state = true; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - -@@ -647,7 +647,7 @@ WERROR _PNP_FreeResDes(struct pipes_stru - WERROR _PNP_GetNextResDes(struct pipes_struct *p, - struct PNP_GetNextResDes *r) - { -- p->rng_fault_state = true; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - -@@ -657,7 +657,7 @@ WERROR _PNP_GetNextResDes(struct pipes_s - WERROR _PNP_GetResDesData(struct pipes_struct *p, - struct PNP_GetResDesData *r) - { -- p->rng_fault_state = true; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - -@@ -667,7 +667,7 @@ WERROR _PNP_GetResDesData(struct pipes_s - WERROR _PNP_GetResDesDataSize(struct pipes_struct *p, - struct PNP_GetResDesDataSize *r) - { -- p->rng_fault_state = true; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - -@@ -677,7 +677,7 @@ WERROR _PNP_GetResDesDataSize(struct pip - WERROR _PNP_ModifyResDes(struct pipes_struct *p, - struct PNP_ModifyResDes *r) - { -- p->rng_fault_state = true; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - -@@ -687,7 +687,7 @@ WERROR _PNP_ModifyResDes(struct pipes_st - WERROR _PNP_DetectResourceLimit(struct pipes_struct *p, - struct PNP_DetectResourceLimit *r) - { -- p->rng_fault_state = true; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - -@@ -697,7 +697,7 @@ WERROR _PNP_DetectResourceLimit(struct p - WERROR _PNP_QueryResConfList(struct pipes_struct *p, - struct PNP_QueryResConfList *r) - { -- p->rng_fault_state = true; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - -@@ -707,7 +707,7 @@ WERROR _PNP_QueryResConfList(struct pipe - WERROR _PNP_SetHwProf(struct pipes_struct *p, - struct PNP_SetHwProf *r) - { -- p->rng_fault_state = true; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - -@@ -717,7 +717,7 @@ WERROR _PNP_SetHwProf(struct pipes_struc - WERROR _PNP_QueryArbitratorFreeData(struct pipes_struct *p, - struct PNP_QueryArbitratorFreeData *r) - { -- p->rng_fault_state = true; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - -@@ -727,7 +727,7 @@ WERROR _PNP_QueryArbitratorFreeData(stru - WERROR _PNP_QueryArbitratorFreeSize(struct pipes_struct *p, - struct PNP_QueryArbitratorFreeSize *r) - { -- p->rng_fault_state = true; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - -@@ -737,7 +737,7 @@ WERROR _PNP_QueryArbitratorFreeSize(stru - WERROR _PNP_RunDetection(struct pipes_struct *p, - struct PNP_RunDetection *r) - { -- p->rng_fault_state = true; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - -@@ -747,7 +747,7 @@ WERROR _PNP_RunDetection(struct pipes_st - WERROR _PNP_RegisterNotification(struct pipes_struct *p, - struct PNP_RegisterNotification *r) - { -- p->rng_fault_state = true; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - -@@ -757,7 +757,7 @@ WERROR _PNP_RegisterNotification(struct - WERROR _PNP_UnregisterNotification(struct pipes_struct *p, - struct PNP_UnregisterNotification *r) - { -- p->rng_fault_state = true; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - -@@ -767,7 +767,7 @@ WERROR _PNP_UnregisterNotification(struc - WERROR _PNP_GetCustomDevProp(struct pipes_struct *p, - struct PNP_GetCustomDevProp *r) - { -- p->rng_fault_state = true; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - -@@ -777,7 +777,7 @@ WERROR _PNP_GetCustomDevProp(struct pipe - WERROR _PNP_GetVersionInternal(struct pipes_struct *p, - struct PNP_GetVersionInternal *r) - { -- p->rng_fault_state = true; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - -@@ -787,7 +787,7 @@ WERROR _PNP_GetVersionInternal(struct pi - WERROR _PNP_GetBlockedDriverInfo(struct pipes_struct *p, - struct PNP_GetBlockedDriverInfo *r) - { -- p->rng_fault_state = true; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - -@@ -797,6 +797,6 @@ WERROR _PNP_GetBlockedDriverInfo(struct - WERROR _PNP_GetServerSideDeviceInstallFlags(struct pipes_struct *p, - struct PNP_GetServerSideDeviceInstallFlags *r) - { -- p->rng_fault_state = true; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } -Index: samba-3.6.23/source3/rpc_server/rpc_handles.c -=================================================================== ---- samba-3.6.23.orig/source3/rpc_server/rpc_handles.c -+++ samba-3.6.23/source3/rpc_server/rpc_handles.c -@@ -242,7 +242,7 @@ static struct dcesrv_handle *find_policy - DEBUG(4,("Policy not found: ")); - dump_data(4, (uint8_t *)hnd, sizeof(*hnd)); - -- p->bad_handle_fault_state = true; -+ p->fault_state = DCERPC_FAULT_CONTEXT_MISMATCH; - - return NULL; - } -Index: samba-3.6.23/source3/rpc_server/rpc_ncacn_np.c -=================================================================== ---- samba-3.6.23.orig/source3/rpc_server/rpc_ncacn_np.c -+++ samba-3.6.23/source3/rpc_server/rpc_ncacn_np.c -@@ -216,24 +216,13 @@ static NTSTATUS rpcint_dispatch(struct p - } - - if (p->fault_state) { -- p->fault_state = false; -- data_blob_free(&p->out_data.rdata); -- talloc_free_children(p->mem_ctx); -- return NT_STATUS_RPC_CALL_FAILED; -- } -- -- if (p->bad_handle_fault_state) { -- p->bad_handle_fault_state = false; -- data_blob_free(&p->out_data.rdata); -- talloc_free_children(p->mem_ctx); -- return NT_STATUS_RPC_SS_CONTEXT_MISMATCH; -- } -+ NTSTATUS status; - -- if (p->rng_fault_state) { -- p->rng_fault_state = false; -+ status = NT_STATUS(p->fault_state); -+ p->fault_state = 0; - data_blob_free(&p->out_data.rdata); - talloc_free_children(p->mem_ctx); -- return NT_STATUS_RPC_PROCNUM_OUT_OF_RANGE; -+ return status; - } - - *out_data = p->out_data.rdata; -Index: samba-3.6.23/source3/rpc_server/samr/srv_samr_nt.c -=================================================================== ---- samba-3.6.23.orig/source3/rpc_server/samr/srv_samr_nt.c -+++ samba-3.6.23/source3/rpc_server/samr/srv_samr_nt.c -@@ -6682,7 +6682,7 @@ NTSTATUS _samr_ValidatePassword(struct p - NTSTATUS _samr_Shutdown(struct pipes_struct *p, - struct samr_Shutdown *r) - { -- p->rng_fault_state = true; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return NT_STATUS_NOT_IMPLEMENTED; - } - -@@ -6692,7 +6692,7 @@ NTSTATUS _samr_Shutdown(struct pipes_str - NTSTATUS _samr_SetMemberAttributesOfGroup(struct pipes_struct *p, - struct samr_SetMemberAttributesOfGroup *r) - { -- p->rng_fault_state = true; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return NT_STATUS_NOT_IMPLEMENTED; - } - -@@ -6702,6 +6702,7 @@ NTSTATUS _samr_SetMemberAttributesOfGrou - NTSTATUS _samr_TestPrivateFunctionsDomain(struct pipes_struct *p, - struct samr_TestPrivateFunctionsDomain *r) - { -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return NT_STATUS_NOT_IMPLEMENTED; - } - -@@ -6711,6 +6712,7 @@ NTSTATUS _samr_TestPrivateFunctionsDomai - NTSTATUS _samr_TestPrivateFunctionsUser(struct pipes_struct *p, - struct samr_TestPrivateFunctionsUser *r) - { -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return NT_STATUS_NOT_IMPLEMENTED; - } - -@@ -6720,7 +6722,7 @@ NTSTATUS _samr_TestPrivateFunctionsUser( - NTSTATUS _samr_AddMultipleMembersToAlias(struct pipes_struct *p, - struct samr_AddMultipleMembersToAlias *r) - { -- p->rng_fault_state = true; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return NT_STATUS_NOT_IMPLEMENTED; - } - -@@ -6730,7 +6732,7 @@ NTSTATUS _samr_AddMultipleMembersToAlias - NTSTATUS _samr_RemoveMultipleMembersFromAlias(struct pipes_struct *p, - struct samr_RemoveMultipleMembersFromAlias *r) - { -- p->rng_fault_state = true; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return NT_STATUS_NOT_IMPLEMENTED; - } - -@@ -6740,7 +6742,7 @@ NTSTATUS _samr_RemoveMultipleMembersFrom - NTSTATUS _samr_SetBootKeyInformation(struct pipes_struct *p, - struct samr_SetBootKeyInformation *r) - { -- p->rng_fault_state = true; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return NT_STATUS_NOT_IMPLEMENTED; - } - -@@ -6750,7 +6752,7 @@ NTSTATUS _samr_SetBootKeyInformation(str - NTSTATUS _samr_GetBootKeyInformation(struct pipes_struct *p, - struct samr_GetBootKeyInformation *r) - { -- p->rng_fault_state = true; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return NT_STATUS_NOT_IMPLEMENTED; - } - -@@ -6760,6 +6762,6 @@ NTSTATUS _samr_GetBootKeyInformation(str - NTSTATUS _samr_SetDsrmPassword(struct pipes_struct *p, - struct samr_SetDsrmPassword *r) - { -- p->rng_fault_state = true; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return NT_STATUS_NOT_IMPLEMENTED; - } -Index: samba-3.6.23/source3/rpc_server/spoolss/srv_spoolss_nt.c -=================================================================== ---- samba-3.6.23.orig/source3/rpc_server/spoolss/srv_spoolss_nt.c -+++ samba-3.6.23/source3/rpc_server/spoolss/srv_spoolss_nt.c -@@ -10207,7 +10207,7 @@ WERROR _spoolss_AddPort(struct pipes_str - WERROR _spoolss_GetPrinterDriver(struct pipes_struct *p, - struct spoolss_GetPrinterDriver *r) - { -- p->rng_fault_state = true; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - -@@ -10218,7 +10218,7 @@ WERROR _spoolss_GetPrinterDriver(struct - WERROR _spoolss_ReadPrinter(struct pipes_struct *p, - struct spoolss_ReadPrinter *r) - { -- p->rng_fault_state = true; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - -@@ -10229,7 +10229,7 @@ WERROR _spoolss_ReadPrinter(struct pipes - WERROR _spoolss_WaitForPrinterChange(struct pipes_struct *p, - struct spoolss_WaitForPrinterChange *r) - { -- p->rng_fault_state = true; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - -@@ -10240,7 +10240,7 @@ WERROR _spoolss_WaitForPrinterChange(str - WERROR _spoolss_ConfigurePort(struct pipes_struct *p, - struct spoolss_ConfigurePort *r) - { -- p->rng_fault_state = true; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - -@@ -10251,7 +10251,7 @@ WERROR _spoolss_ConfigurePort(struct pip - WERROR _spoolss_DeletePort(struct pipes_struct *p, - struct spoolss_DeletePort *r) - { -- p->rng_fault_state = true; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - -@@ -10262,7 +10262,7 @@ WERROR _spoolss_DeletePort(struct pipes_ - WERROR _spoolss_CreatePrinterIC(struct pipes_struct *p, - struct spoolss_CreatePrinterIC *r) - { -- p->rng_fault_state = true; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - -@@ -10273,7 +10273,7 @@ WERROR _spoolss_CreatePrinterIC(struct p - WERROR _spoolss_PlayGDIScriptOnPrinterIC(struct pipes_struct *p, - struct spoolss_PlayGDIScriptOnPrinterIC *r) - { -- p->rng_fault_state = true; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - -@@ -10284,7 +10284,7 @@ WERROR _spoolss_PlayGDIScriptOnPrinterIC - WERROR _spoolss_DeletePrinterIC(struct pipes_struct *p, - struct spoolss_DeletePrinterIC *r) - { -- p->rng_fault_state = true; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - -@@ -10295,7 +10295,7 @@ WERROR _spoolss_DeletePrinterIC(struct p - WERROR _spoolss_AddPrinterConnection(struct pipes_struct *p, - struct spoolss_AddPrinterConnection *r) - { -- p->rng_fault_state = true; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - -@@ -10306,7 +10306,7 @@ WERROR _spoolss_AddPrinterConnection(str - WERROR _spoolss_DeletePrinterConnection(struct pipes_struct *p, - struct spoolss_DeletePrinterConnection *r) - { -- p->rng_fault_state = true; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - -@@ -10317,7 +10317,7 @@ WERROR _spoolss_DeletePrinterConnection( - WERROR _spoolss_PrinterMessageBox(struct pipes_struct *p, - struct spoolss_PrinterMessageBox *r) - { -- p->rng_fault_state = true; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - -@@ -10328,7 +10328,7 @@ WERROR _spoolss_PrinterMessageBox(struct - WERROR _spoolss_AddMonitor(struct pipes_struct *p, - struct spoolss_AddMonitor *r) - { -- p->rng_fault_state = true; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - -@@ -10339,7 +10339,7 @@ WERROR _spoolss_AddMonitor(struct pipes_ - WERROR _spoolss_DeleteMonitor(struct pipes_struct *p, - struct spoolss_DeleteMonitor *r) - { -- p->rng_fault_state = true; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - -@@ -10350,7 +10350,7 @@ WERROR _spoolss_DeleteMonitor(struct pip - WERROR _spoolss_DeletePrintProcessor(struct pipes_struct *p, - struct spoolss_DeletePrintProcessor *r) - { -- p->rng_fault_state = true; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - -@@ -10361,7 +10361,7 @@ WERROR _spoolss_DeletePrintProcessor(str - WERROR _spoolss_AddPrintProvidor(struct pipes_struct *p, - struct spoolss_AddPrintProvidor *r) - { -- p->rng_fault_state = true; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - -@@ -10372,7 +10372,7 @@ WERROR _spoolss_AddPrintProvidor(struct - WERROR _spoolss_DeletePrintProvidor(struct pipes_struct *p, - struct spoolss_DeletePrintProvidor *r) - { -- p->rng_fault_state = true; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - -@@ -10383,7 +10383,7 @@ WERROR _spoolss_DeletePrintProvidor(stru - WERROR _spoolss_FindFirstPrinterChangeNotification(struct pipes_struct *p, - struct spoolss_FindFirstPrinterChangeNotification *r) - { -- p->rng_fault_state = true; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - -@@ -10394,7 +10394,7 @@ WERROR _spoolss_FindFirstPrinterChangeNo - WERROR _spoolss_FindNextPrinterChangeNotification(struct pipes_struct *p, - struct spoolss_FindNextPrinterChangeNotification *r) - { -- p->rng_fault_state = true; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - -@@ -10405,7 +10405,7 @@ WERROR _spoolss_FindNextPrinterChangeNot - WERROR _spoolss_RouterFindFirstPrinterChangeNotificationOld(struct pipes_struct *p, - struct spoolss_RouterFindFirstPrinterChangeNotificationOld *r) - { -- p->rng_fault_state = true; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - -@@ -10416,7 +10416,7 @@ WERROR _spoolss_RouterFindFirstPrinterCh - WERROR _spoolss_ReplyOpenPrinter(struct pipes_struct *p, - struct spoolss_ReplyOpenPrinter *r) - { -- p->rng_fault_state = true; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - -@@ -10427,7 +10427,7 @@ WERROR _spoolss_ReplyOpenPrinter(struct - WERROR _spoolss_RouterReplyPrinter(struct pipes_struct *p, - struct spoolss_RouterReplyPrinter *r) - { -- p->rng_fault_state = true; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - -@@ -10438,7 +10438,7 @@ WERROR _spoolss_RouterReplyPrinter(struc - WERROR _spoolss_ReplyClosePrinter(struct pipes_struct *p, - struct spoolss_ReplyClosePrinter *r) - { -- p->rng_fault_state = true; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - -@@ -10449,7 +10449,7 @@ WERROR _spoolss_ReplyClosePrinter(struct - WERROR _spoolss_AddPortEx(struct pipes_struct *p, - struct spoolss_AddPortEx *r) - { -- p->rng_fault_state = true; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - -@@ -10460,7 +10460,7 @@ WERROR _spoolss_AddPortEx(struct pipes_s - WERROR _spoolss_RouterFindFirstPrinterChangeNotification(struct pipes_struct *p, - struct spoolss_RouterFindFirstPrinterChangeNotification *r) - { -- p->rng_fault_state = true; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - -@@ -10471,7 +10471,7 @@ WERROR _spoolss_RouterFindFirstPrinterCh - WERROR _spoolss_SpoolerInit(struct pipes_struct *p, - struct spoolss_SpoolerInit *r) - { -- p->rng_fault_state = true; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - -@@ -10482,7 +10482,7 @@ WERROR _spoolss_SpoolerInit(struct pipes - WERROR _spoolss_ResetPrinterEx(struct pipes_struct *p, - struct spoolss_ResetPrinterEx *r) - { -- p->rng_fault_state = true; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - -@@ -10493,7 +10493,7 @@ WERROR _spoolss_ResetPrinterEx(struct pi - WERROR _spoolss_RouterReplyPrinterEx(struct pipes_struct *p, - struct spoolss_RouterReplyPrinterEx *r) - { -- p->rng_fault_state = true; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - -@@ -10504,7 +10504,7 @@ WERROR _spoolss_RouterReplyPrinterEx(str - WERROR _spoolss_44(struct pipes_struct *p, - struct spoolss_44 *r) - { -- p->rng_fault_state = true; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - -@@ -10515,7 +10515,7 @@ WERROR _spoolss_44(struct pipes_struct * - WERROR _spoolss_SetPort(struct pipes_struct *p, - struct spoolss_SetPort *r) - { -- p->rng_fault_state = true; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - -@@ -10526,7 +10526,7 @@ WERROR _spoolss_SetPort(struct pipes_str - WERROR _spoolss_4a(struct pipes_struct *p, - struct spoolss_4a *r) - { -- p->rng_fault_state = true; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - -@@ -10537,7 +10537,7 @@ WERROR _spoolss_4a(struct pipes_struct * - WERROR _spoolss_4b(struct pipes_struct *p, - struct spoolss_4b *r) - { -- p->rng_fault_state = true; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - -@@ -10548,7 +10548,7 @@ WERROR _spoolss_4b(struct pipes_struct * - WERROR _spoolss_4c(struct pipes_struct *p, - struct spoolss_4c *r) - { -- p->rng_fault_state = true; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - -@@ -10559,7 +10559,7 @@ WERROR _spoolss_4c(struct pipes_struct * - WERROR _spoolss_53(struct pipes_struct *p, - struct spoolss_53 *r) - { -- p->rng_fault_state = true; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - -@@ -10570,7 +10570,7 @@ WERROR _spoolss_53(struct pipes_struct * - WERROR _spoolss_AddPerMachineConnection(struct pipes_struct *p, - struct spoolss_AddPerMachineConnection *r) - { -- p->rng_fault_state = true; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - -@@ -10581,7 +10581,7 @@ WERROR _spoolss_AddPerMachineConnection( - WERROR _spoolss_DeletePerMachineConnection(struct pipes_struct *p, - struct spoolss_DeletePerMachineConnection *r) - { -- p->rng_fault_state = true; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - -@@ -10592,7 +10592,7 @@ WERROR _spoolss_DeletePerMachineConnecti - WERROR _spoolss_EnumPerMachineConnections(struct pipes_struct *p, - struct spoolss_EnumPerMachineConnections *r) - { -- p->rng_fault_state = true; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - -@@ -10603,7 +10603,7 @@ WERROR _spoolss_EnumPerMachineConnection - WERROR _spoolss_5a(struct pipes_struct *p, - struct spoolss_5a *r) - { -- p->rng_fault_state = true; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - -@@ -10614,7 +10614,7 @@ WERROR _spoolss_5a(struct pipes_struct * - WERROR _spoolss_5b(struct pipes_struct *p, - struct spoolss_5b *r) - { -- p->rng_fault_state = true; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - -@@ -10625,7 +10625,7 @@ WERROR _spoolss_5b(struct pipes_struct * - WERROR _spoolss_5c(struct pipes_struct *p, - struct spoolss_5c *r) - { -- p->rng_fault_state = true; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - -@@ -10636,7 +10636,7 @@ WERROR _spoolss_5c(struct pipes_struct * - WERROR _spoolss_5d(struct pipes_struct *p, - struct spoolss_5d *r) - { -- p->rng_fault_state = true; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - -@@ -10647,7 +10647,7 @@ WERROR _spoolss_5d(struct pipes_struct * - WERROR _spoolss_5e(struct pipes_struct *p, - struct spoolss_5e *r) - { -- p->rng_fault_state = true; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - -@@ -10658,7 +10658,7 @@ WERROR _spoolss_5e(struct pipes_struct * - WERROR _spoolss_5f(struct pipes_struct *p, - struct spoolss_5f *r) - { -- p->rng_fault_state = true; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - -@@ -10669,7 +10669,7 @@ WERROR _spoolss_5f(struct pipes_struct * - WERROR _spoolss_60(struct pipes_struct *p, - struct spoolss_60 *r) - { -- p->rng_fault_state = true; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - -@@ -10680,7 +10680,7 @@ WERROR _spoolss_60(struct pipes_struct * - WERROR _spoolss_61(struct pipes_struct *p, - struct spoolss_61 *r) - { -- p->rng_fault_state = true; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - -@@ -10691,7 +10691,7 @@ WERROR _spoolss_61(struct pipes_struct * - WERROR _spoolss_62(struct pipes_struct *p, - struct spoolss_62 *r) - { -- p->rng_fault_state = true; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - -@@ -10702,7 +10702,7 @@ WERROR _spoolss_62(struct pipes_struct * - WERROR _spoolss_63(struct pipes_struct *p, - struct spoolss_63 *r) - { -- p->rng_fault_state = true; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - -@@ -10713,7 +10713,7 @@ WERROR _spoolss_63(struct pipes_struct * - WERROR _spoolss_64(struct pipes_struct *p, - struct spoolss_64 *r) - { -- p->rng_fault_state = true; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - -@@ -10724,7 +10724,7 @@ WERROR _spoolss_64(struct pipes_struct * - WERROR _spoolss_65(struct pipes_struct *p, - struct spoolss_65 *r) - { -- p->rng_fault_state = true; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - -@@ -10735,7 +10735,7 @@ WERROR _spoolss_65(struct pipes_struct * - WERROR _spoolss_GetCorePrinterDrivers(struct pipes_struct *p, - struct spoolss_GetCorePrinterDrivers *r) - { -- p->rng_fault_state = true; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - -@@ -10746,7 +10746,7 @@ WERROR _spoolss_GetCorePrinterDrivers(st - WERROR _spoolss_67(struct pipes_struct *p, - struct spoolss_67 *r) - { -- p->rng_fault_state = true; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - -@@ -10757,7 +10757,7 @@ WERROR _spoolss_67(struct pipes_struct * - WERROR _spoolss_GetPrinterDriverPackagePath(struct pipes_struct *p, - struct spoolss_GetPrinterDriverPackagePath *r) - { -- p->rng_fault_state = true; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - -@@ -10768,7 +10768,7 @@ WERROR _spoolss_GetPrinterDriverPackageP - WERROR _spoolss_69(struct pipes_struct *p, - struct spoolss_69 *r) - { -- p->rng_fault_state = true; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - -@@ -10779,7 +10779,7 @@ WERROR _spoolss_69(struct pipes_struct * - WERROR _spoolss_6a(struct pipes_struct *p, - struct spoolss_6a *r) - { -- p->rng_fault_state = true; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - -@@ -10790,7 +10790,7 @@ WERROR _spoolss_6a(struct pipes_struct * - WERROR _spoolss_6b(struct pipes_struct *p, - struct spoolss_6b *r) - { -- p->rng_fault_state = true; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - -@@ -10801,7 +10801,7 @@ WERROR _spoolss_6b(struct pipes_struct * - WERROR _spoolss_6c(struct pipes_struct *p, - struct spoolss_6c *r) - { -- p->rng_fault_state = true; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - -@@ -10812,6 +10812,6 @@ WERROR _spoolss_6c(struct pipes_struct * - WERROR _spoolss_6d(struct pipes_struct *p, - struct spoolss_6d *r) - { -- p->rng_fault_state = true; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } -Index: samba-3.6.23/source3/rpc_server/srvsvc/srv_srvsvc_nt.c -=================================================================== ---- samba-3.6.23.orig/source3/rpc_server/srvsvc/srv_srvsvc_nt.c -+++ samba-3.6.23/source3/rpc_server/srvsvc/srv_srvsvc_nt.c -@@ -2549,244 +2549,244 @@ WERROR _srvsvc_NetFileClose(struct pipes - WERROR _srvsvc_NetCharDevEnum(struct pipes_struct *p, - struct srvsvc_NetCharDevEnum *r) - { -- p->rng_fault_state = True; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - - WERROR _srvsvc_NetCharDevGetInfo(struct pipes_struct *p, - struct srvsvc_NetCharDevGetInfo *r) - { -- p->rng_fault_state = True; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - - WERROR _srvsvc_NetCharDevControl(struct pipes_struct *p, - struct srvsvc_NetCharDevControl *r) - { -- p->rng_fault_state = True; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - - WERROR _srvsvc_NetCharDevQEnum(struct pipes_struct *p, - struct srvsvc_NetCharDevQEnum *r) - { -- p->rng_fault_state = True; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - - WERROR _srvsvc_NetCharDevQGetInfo(struct pipes_struct *p, - struct srvsvc_NetCharDevQGetInfo *r) - { -- p->rng_fault_state = True; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - - WERROR _srvsvc_NetCharDevQSetInfo(struct pipes_struct *p, - struct srvsvc_NetCharDevQSetInfo *r) - { -- p->rng_fault_state = True; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - - WERROR _srvsvc_NetCharDevQPurge(struct pipes_struct *p, - struct srvsvc_NetCharDevQPurge *r) - { -- p->rng_fault_state = True; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - - WERROR _srvsvc_NetCharDevQPurgeSelf(struct pipes_struct *p, - struct srvsvc_NetCharDevQPurgeSelf *r) - { -- p->rng_fault_state = True; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - - WERROR _srvsvc_NetFileGetInfo(struct pipes_struct *p, - struct srvsvc_NetFileGetInfo *r) - { -- p->rng_fault_state = True; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - - WERROR _srvsvc_NetShareCheck(struct pipes_struct *p, - struct srvsvc_NetShareCheck *r) - { -- p->rng_fault_state = True; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - - WERROR _srvsvc_NetServerStatisticsGet(struct pipes_struct *p, - struct srvsvc_NetServerStatisticsGet *r) - { -- p->rng_fault_state = True; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - - WERROR _srvsvc_NetTransportAdd(struct pipes_struct *p, - struct srvsvc_NetTransportAdd *r) - { -- p->rng_fault_state = True; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - - WERROR _srvsvc_NetTransportEnum(struct pipes_struct *p, - struct srvsvc_NetTransportEnum *r) - { -- p->rng_fault_state = True; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - - WERROR _srvsvc_NetTransportDel(struct pipes_struct *p, - struct srvsvc_NetTransportDel *r) - { -- p->rng_fault_state = True; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - - WERROR _srvsvc_NetSetServiceBits(struct pipes_struct *p, - struct srvsvc_NetSetServiceBits *r) - { -- p->rng_fault_state = True; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - - WERROR _srvsvc_NetPathType(struct pipes_struct *p, - struct srvsvc_NetPathType *r) - { -- p->rng_fault_state = True; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - - WERROR _srvsvc_NetPathCanonicalize(struct pipes_struct *p, - struct srvsvc_NetPathCanonicalize *r) - { -- p->rng_fault_state = True; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - - WERROR _srvsvc_NetPathCompare(struct pipes_struct *p, - struct srvsvc_NetPathCompare *r) - { -- p->rng_fault_state = True; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - - WERROR _srvsvc_NETRPRNAMECANONICALIZE(struct pipes_struct *p, - struct srvsvc_NETRPRNAMECANONICALIZE *r) - { -- p->rng_fault_state = True; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - - WERROR _srvsvc_NetPRNameCompare(struct pipes_struct *p, - struct srvsvc_NetPRNameCompare *r) - { -- p->rng_fault_state = True; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - - WERROR _srvsvc_NetShareDelStart(struct pipes_struct *p, - struct srvsvc_NetShareDelStart *r) - { -- p->rng_fault_state = True; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - - WERROR _srvsvc_NetShareDelCommit(struct pipes_struct *p, - struct srvsvc_NetShareDelCommit *r) - { -- p->rng_fault_state = True; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - - WERROR _srvsvc_NetServerTransportAddEx(struct pipes_struct *p, - struct srvsvc_NetServerTransportAddEx *r) - { -- p->rng_fault_state = True; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - - WERROR _srvsvc_NetServerSetServiceBitsEx(struct pipes_struct *p, - struct srvsvc_NetServerSetServiceBitsEx *r) - { -- p->rng_fault_state = True; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - - WERROR _srvsvc_NETRDFSGETVERSION(struct pipes_struct *p, - struct srvsvc_NETRDFSGETVERSION *r) - { -- p->rng_fault_state = True; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - - WERROR _srvsvc_NETRDFSCREATELOCALPARTITION(struct pipes_struct *p, - struct srvsvc_NETRDFSCREATELOCALPARTITION *r) - { -- p->rng_fault_state = True; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - - WERROR _srvsvc_NETRDFSDELETELOCALPARTITION(struct pipes_struct *p, - struct srvsvc_NETRDFSDELETELOCALPARTITION *r) - { -- p->rng_fault_state = True; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - - WERROR _srvsvc_NETRDFSSETLOCALVOLUMESTATE(struct pipes_struct *p, - struct srvsvc_NETRDFSSETLOCALVOLUMESTATE *r) - { -- p->rng_fault_state = True; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - - WERROR _srvsvc_NETRDFSSETSERVERINFO(struct pipes_struct *p, - struct srvsvc_NETRDFSSETSERVERINFO *r) - { -- p->rng_fault_state = True; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - - WERROR _srvsvc_NETRDFSCREATEEXITPOINT(struct pipes_struct *p, - struct srvsvc_NETRDFSCREATEEXITPOINT *r) - { -- p->rng_fault_state = True; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - - WERROR _srvsvc_NETRDFSDELETEEXITPOINT(struct pipes_struct *p, - struct srvsvc_NETRDFSDELETEEXITPOINT *r) - { -- p->rng_fault_state = True; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - - WERROR _srvsvc_NETRDFSMODIFYPREFIX(struct pipes_struct *p, - struct srvsvc_NETRDFSMODIFYPREFIX *r) - { -- p->rng_fault_state = True; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - - WERROR _srvsvc_NETRDFSFIXLOCALVOLUME(struct pipes_struct *p, - struct srvsvc_NETRDFSFIXLOCALVOLUME *r) - { -- p->rng_fault_state = True; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - - WERROR _srvsvc_NETRDFSMANAGERREPORTSITEINFO(struct pipes_struct *p, - struct srvsvc_NETRDFSMANAGERREPORTSITEINFO *r) - { -- p->rng_fault_state = True; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - - WERROR _srvsvc_NETRSERVERTRANSPORTDELEX(struct pipes_struct *p, - struct srvsvc_NETRSERVERTRANSPORTDELEX *r) - { -- p->rng_fault_state = True; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } -Index: samba-3.6.23/source3/rpc_server/svcctl/srv_svcctl_nt.c -=================================================================== ---- samba-3.6.23.orig/source3/rpc_server/svcctl/srv_svcctl_nt.c -+++ samba-3.6.23/source3/rpc_server/svcctl/srv_svcctl_nt.c -@@ -1004,195 +1004,195 @@ WERROR _svcctl_SetServiceObjectSecurity( - WERROR _svcctl_DeleteService(struct pipes_struct *p, - struct svcctl_DeleteService *r) - { -- p->rng_fault_state = True; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - - WERROR _svcctl_SetServiceStatus(struct pipes_struct *p, - struct svcctl_SetServiceStatus *r) - { -- p->rng_fault_state = True; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - - WERROR _svcctl_NotifyBootConfigStatus(struct pipes_struct *p, - struct svcctl_NotifyBootConfigStatus *r) - { -- p->rng_fault_state = True; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - - WERROR _svcctl_SCSetServiceBitsW(struct pipes_struct *p, - struct svcctl_SCSetServiceBitsW *r) - { -- p->rng_fault_state = True; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - - WERROR _svcctl_ChangeServiceConfigW(struct pipes_struct *p, - struct svcctl_ChangeServiceConfigW *r) - { -- p->rng_fault_state = True; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - - WERROR _svcctl_CreateServiceW(struct pipes_struct *p, - struct svcctl_CreateServiceW *r) - { -- p->rng_fault_state = True; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - - WERROR _svcctl_QueryServiceLockStatusW(struct pipes_struct *p, - struct svcctl_QueryServiceLockStatusW *r) - { -- p->rng_fault_state = True; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - - WERROR _svcctl_GetServiceKeyNameW(struct pipes_struct *p, - struct svcctl_GetServiceKeyNameW *r) - { -- p->rng_fault_state = True; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - - WERROR _svcctl_SCSetServiceBitsA(struct pipes_struct *p, - struct svcctl_SCSetServiceBitsA *r) - { -- p->rng_fault_state = True; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - - WERROR _svcctl_ChangeServiceConfigA(struct pipes_struct *p, - struct svcctl_ChangeServiceConfigA *r) - { -- p->rng_fault_state = True; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - - WERROR _svcctl_CreateServiceA(struct pipes_struct *p, - struct svcctl_CreateServiceA *r) - { -- p->rng_fault_state = True; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - - WERROR _svcctl_EnumDependentServicesA(struct pipes_struct *p, - struct svcctl_EnumDependentServicesA *r) - { -- p->rng_fault_state = True; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - - WERROR _svcctl_EnumServicesStatusA(struct pipes_struct *p, - struct svcctl_EnumServicesStatusA *r) - { -- p->rng_fault_state = True; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - - WERROR _svcctl_OpenSCManagerA(struct pipes_struct *p, - struct svcctl_OpenSCManagerA *r) - { -- p->rng_fault_state = True; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - - WERROR _svcctl_OpenServiceA(struct pipes_struct *p, - struct svcctl_OpenServiceA *r) - { -- p->rng_fault_state = True; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - - WERROR _svcctl_QueryServiceConfigA(struct pipes_struct *p, - struct svcctl_QueryServiceConfigA *r) - { -- p->rng_fault_state = True; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - - WERROR _svcctl_QueryServiceLockStatusA(struct pipes_struct *p, - struct svcctl_QueryServiceLockStatusA *r) - { -- p->rng_fault_state = True; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - - WERROR _svcctl_StartServiceA(struct pipes_struct *p, - struct svcctl_StartServiceA *r) - { -- p->rng_fault_state = True; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - - WERROR _svcctl_GetServiceDisplayNameA(struct pipes_struct *p, - struct svcctl_GetServiceDisplayNameA *r) - { -- p->rng_fault_state = True; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - - WERROR _svcctl_GetServiceKeyNameA(struct pipes_struct *p, - struct svcctl_GetServiceKeyNameA *r) - { -- p->rng_fault_state = True; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - - WERROR _svcctl_GetCurrentGroupeStateW(struct pipes_struct *p, - struct svcctl_GetCurrentGroupeStateW *r) - { -- p->rng_fault_state = True; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - - WERROR _svcctl_EnumServiceGroupW(struct pipes_struct *p, - struct svcctl_EnumServiceGroupW *r) - { -- p->rng_fault_state = True; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - - WERROR _svcctl_ChangeServiceConfig2A(struct pipes_struct *p, - struct svcctl_ChangeServiceConfig2A *r) - { -- p->rng_fault_state = True; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - - WERROR _svcctl_ChangeServiceConfig2W(struct pipes_struct *p, - struct svcctl_ChangeServiceConfig2W *r) - { -- p->rng_fault_state = True; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - - WERROR _svcctl_QueryServiceConfig2A(struct pipes_struct *p, - struct svcctl_QueryServiceConfig2A *r) - { -- p->rng_fault_state = True; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - - WERROR _EnumServicesStatusExA(struct pipes_struct *p, - struct EnumServicesStatusExA *r) - { -- p->rng_fault_state = True; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - - WERROR _EnumServicesStatusExW(struct pipes_struct *p, - struct EnumServicesStatusExW *r) - { -- p->rng_fault_state = True; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - - WERROR _svcctl_SCSendTSMessage(struct pipes_struct *p, - struct svcctl_SCSendTSMessage *r) - { -- p->rng_fault_state = True; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } -Index: samba-3.6.23/source3/rpc_server/winreg/srv_winreg_nt.c -=================================================================== ---- samba-3.6.23.orig/source3/rpc_server/winreg/srv_winreg_nt.c -+++ samba-3.6.23/source3/rpc_server/winreg/srv_winreg_nt.c -@@ -760,7 +760,7 @@ WERROR _winreg_SaveKeyEx(struct pipes_st - /* fill in your code here if you think this call should - do anything */ - -- p->rng_fault_state = True; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - -@@ -948,7 +948,7 @@ WERROR _winreg_UnLoadKey(struct pipes_st - /* fill in your code here if you think this call should - do anything */ - -- p->rng_fault_state = True; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - -@@ -962,7 +962,7 @@ WERROR _winreg_ReplaceKey(struct pipes_s - /* fill in your code here if you think this call should - do anything */ - -- p->rng_fault_state = True; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - -@@ -976,7 +976,7 @@ WERROR _winreg_LoadKey(struct pipes_stru - /* fill in your code here if you think this call should - do anything */ - -- p->rng_fault_state = True; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - -@@ -1139,6 +1139,6 @@ WERROR _winreg_DeleteKeyEx(struct pipes_ - /* fill in your code here if you think this call should - do anything */ - -- p->rng_fault_state = True; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } -Index: samba-3.6.23/source3/rpc_server/wkssvc/srv_wkssvc_nt.c -=================================================================== ---- samba-3.6.23.orig/source3/rpc_server/wkssvc/srv_wkssvc_nt.c -+++ samba-3.6.23/source3/rpc_server/wkssvc/srv_wkssvc_nt.c -@@ -405,7 +405,7 @@ WERROR _wkssvc_NetWkstaSetInfo(struct pi - struct wkssvc_NetWkstaSetInfo *r) - { - /* FIXME: Add implementation code here */ -- p->rng_fault_state = True; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - -@@ -608,7 +608,7 @@ WERROR _wkssvc_NetrWkstaUserGetInfo(stru - struct wkssvc_NetrWkstaUserGetInfo *r) - { - /* FIXME: Add implementation code here */ -- p->rng_fault_state = True; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - -@@ -619,7 +619,7 @@ WERROR _wkssvc_NetrWkstaUserSetInfo(stru - struct wkssvc_NetrWkstaUserSetInfo *r) - { - /* FIXME: Add implementation code here */ -- p->rng_fault_state = True; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - -@@ -630,7 +630,7 @@ WERROR _wkssvc_NetWkstaTransportEnum(str - struct wkssvc_NetWkstaTransportEnum *r) - { - /* FIXME: Add implementation code here */ -- p->rng_fault_state = True; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - -@@ -641,7 +641,7 @@ WERROR _wkssvc_NetrWkstaTransportAdd(str - struct wkssvc_NetrWkstaTransportAdd *r) - { - /* FIXME: Add implementation code here */ -- p->rng_fault_state = True; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - -@@ -652,7 +652,7 @@ WERROR _wkssvc_NetrWkstaTransportDel(str - struct wkssvc_NetrWkstaTransportDel *r) - { - /* FIXME: Add implementation code here */ -- p->rng_fault_state = True; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - -@@ -663,7 +663,7 @@ WERROR _wkssvc_NetrUseAdd(struct pipes_s - struct wkssvc_NetrUseAdd *r) - { - /* FIXME: Add implementation code here */ -- p->rng_fault_state = True; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - -@@ -674,7 +674,7 @@ WERROR _wkssvc_NetrUseGetInfo(struct pip - struct wkssvc_NetrUseGetInfo *r) - { - /* FIXME: Add implementation code here */ -- p->rng_fault_state = True; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - -@@ -685,7 +685,7 @@ WERROR _wkssvc_NetrUseDel(struct pipes_s - struct wkssvc_NetrUseDel *r) - { - /* FIXME: Add implementation code here */ -- p->rng_fault_state = True; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - -@@ -696,7 +696,7 @@ WERROR _wkssvc_NetrUseEnum(struct pipes_ - struct wkssvc_NetrUseEnum *r) - { - /* FIXME: Add implementation code here */ -- p->rng_fault_state = True; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - -@@ -707,7 +707,7 @@ WERROR _wkssvc_NetrMessageBufferSend(str - struct wkssvc_NetrMessageBufferSend *r) - { - /* FIXME: Add implementation code here */ -- p->rng_fault_state = True; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - -@@ -718,7 +718,7 @@ WERROR _wkssvc_NetrWorkstationStatistics - struct wkssvc_NetrWorkstationStatisticsGet *r) - { - /* FIXME: Add implementation code here */ -- p->rng_fault_state = True; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - -@@ -729,7 +729,7 @@ WERROR _wkssvc_NetrLogonDomainNameAdd(st - struct wkssvc_NetrLogonDomainNameAdd *r) - { - /* FIXME: Add implementation code here */ -- p->rng_fault_state = True; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - -@@ -740,7 +740,7 @@ WERROR _wkssvc_NetrLogonDomainNameDel(st - struct wkssvc_NetrLogonDomainNameDel *r) - { - /* FIXME: Add implementation code here */ -- p->rng_fault_state = True; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - -@@ -751,7 +751,7 @@ WERROR _wkssvc_NetrJoinDomain(struct pip - struct wkssvc_NetrJoinDomain *r) - { - /* FIXME: Add implementation code here */ -- p->rng_fault_state = True; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - -@@ -762,7 +762,7 @@ WERROR _wkssvc_NetrUnjoinDomain(struct p - struct wkssvc_NetrUnjoinDomain *r) - { - /* FIXME: Add implementation code here */ -- p->rng_fault_state = True; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - -@@ -773,7 +773,7 @@ WERROR _wkssvc_NetrRenameMachineInDomain - struct wkssvc_NetrRenameMachineInDomain *r) - { - /* FIXME: Add implementation code here */ -- p->rng_fault_state = True; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - -@@ -784,7 +784,7 @@ WERROR _wkssvc_NetrValidateName(struct p - struct wkssvc_NetrValidateName *r) - { - /* FIXME: Add implementation code here */ -- p->rng_fault_state = True; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - -@@ -795,7 +795,7 @@ WERROR _wkssvc_NetrGetJoinInformation(st - struct wkssvc_NetrGetJoinInformation *r) - { - /* FIXME: Add implementation code here */ -- p->rng_fault_state = True; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - -@@ -806,7 +806,7 @@ WERROR _wkssvc_NetrGetJoinableOus(struct - struct wkssvc_NetrGetJoinableOus *r) - { - /* FIXME: Add implementation code here */ -- p->rng_fault_state = True; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - -@@ -962,6 +962,7 @@ WERROR _wkssvc_NetrRenameMachineInDomain - struct wkssvc_NetrRenameMachineInDomain2 *r) - { - /* for now just return not supported */ -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - -@@ -972,7 +973,7 @@ WERROR _wkssvc_NetrValidateName2(struct - struct wkssvc_NetrValidateName2 *r) - { - /* FIXME: Add implementation code here */ -- p->rng_fault_state = True; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - -@@ -983,7 +984,7 @@ WERROR _wkssvc_NetrGetJoinableOus2(struc - struct wkssvc_NetrGetJoinableOus2 *r) - { - /* FIXME: Add implementation code here */ -- p->rng_fault_state = True; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - -@@ -994,7 +995,7 @@ WERROR _wkssvc_NetrAddAlternateComputerN - struct wkssvc_NetrAddAlternateComputerName *r) - { - /* FIXME: Add implementation code here */ -- p->rng_fault_state = True; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - -@@ -1005,7 +1006,7 @@ WERROR _wkssvc_NetrRemoveAlternateComput - struct wkssvc_NetrRemoveAlternateComputerName *r) - { - /* FIXME: Add implementation code here */ -- p->rng_fault_state = True; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - -@@ -1016,7 +1017,7 @@ WERROR _wkssvc_NetrSetPrimaryComputernam - struct wkssvc_NetrSetPrimaryComputername *r) - { - /* FIXME: Add implementation code here */ -- p->rng_fault_state = True; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } - -@@ -1027,6 +1028,6 @@ WERROR _wkssvc_NetrEnumerateComputerName - struct wkssvc_NetrEnumerateComputerNames *r) - { - /* FIXME: Add implementation code here */ -- p->rng_fault_state = True; -+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; - return WERR_NOT_SUPPORTED; - } -Index: samba-3.6.23/libcli/auth/smbencrypt.c -=================================================================== ---- samba-3.6.23.orig/libcli/auth/smbencrypt.c -+++ samba-3.6.23/libcli/auth/smbencrypt.c -@@ -355,11 +355,18 @@ DATA_BLOB NTLMv2_generate_names_blob(TAL - DATA_BLOB names_blob = data_blob_talloc(mem_ctx, NULL, 0); - - /* Deliberately ignore return here.. */ -- (void)msrpc_gen(mem_ctx, &names_blob, -- "aaa", -- MsvAvNbDomainName, domain, -- MsvAvNbComputerName, hostname, -- MsvAvEOL, ""); -+ if (hostname != NULL) { -+ (void)msrpc_gen(mem_ctx, &names_blob, -+ "aaa", -+ MsvAvNbDomainName, domain, -+ MsvAvNbComputerName, hostname, -+ MsvAvEOL, ""); -+ } else { -+ (void)msrpc_gen(mem_ctx, &names_blob, -+ "aa", -+ MsvAvNbDomainName, domain, -+ MsvAvEOL, ""); -+ } - return names_blob; - } - diff --git a/src/patches/samba/doc-update.patch b/src/patches/samba/doc-update.patch deleted file mode 100644 index a0323b991..000000000 --- a/src/patches/samba/doc-update.patch +++ /dev/null @@ -1,2538 +0,0 @@ -Index: samba-3.6.23/docs/manpages/dbwrap_tool.1 -=================================================================== ---- samba-3.6.23.orig/docs/manpages/dbwrap_tool.1 -+++ samba-3.6.23/docs/manpages/dbwrap_tool.1 -@@ -1,13 +1,13 @@ - '" t - ." Title: dbwrap_tool - ." Author: [see the "AUTHOR" section] --." Generator: DocBook XSL Stylesheets v1.76.1 http://docbook.sf.net/ --." Date: 09/18/2013 -+." Generator: DocBook XSL Stylesheets v1.78.1 http://docbook.sf.net/ -+." Date: 04/11/2016 - ." Manual: System Administration tools - ." Source: Samba 3.6 - ." Language: English - ." --.TH "DBWRAP_TOOL" "1" "09/18/2013" "Samba 3&.6" "System Administration tools" -+.TH "DBWRAP_TOOL" "1" "04/11/2016" "Samba 3&.6" "System Administration tools" - ." ----------------------------------------------------------------- - ." * Define some portability stuff - ." ----------------------------------------------------------------- -Index: samba-3.6.23/docs/manpages/eventlogadm.8 -=================================================================== ---- samba-3.6.23.orig/docs/manpages/eventlogadm.8 -+++ samba-3.6.23/docs/manpages/eventlogadm.8 -@@ -1,13 +1,13 @@ - '" t - ." Title: eventlogadm - ." Author: [see the "AUTHOR" section] --." Generator: DocBook XSL Stylesheets v1.76.1 http://docbook.sf.net/ --." Date: 09/18/2013 -+." Generator: DocBook XSL Stylesheets v1.78.1 http://docbook.sf.net/ -+." Date: 04/11/2016 - ." Manual: System Administration tools - ." Source: Samba 3.6 - ." Language: English - ." --.TH "EVENTLOGADM" "8" "09/18/2013" "Samba 3&.6" "System Administration tools" -+.TH "EVENTLOGADM" "8" "04/11/2016" "Samba 3&.6" "System Administration tools" - ." ----------------------------------------------------------------- - ." * Define some portability stuff - ." ----------------------------------------------------------------- -@@ -105,7 +105,6 @@ The event log record field are: - .sp -1 - .IP (bu 2.3 - .} -- - LEN - - This field should be 0, since - eventlogadm -@@ -120,7 +119,6 @@ will calculate this value&. - .sp -1 - .IP (bu 2.3 - .} -- - RS1 - - This must be the value 1699505740&. - .RE -@@ -133,7 +131,6 @@ RS1 - .sp -1 - .IP (bu 2.3 - .} -- - RCN - - This field should be 0&. - .RE -@@ -146,7 +143,6 @@ RCN - .sp -1 - .IP (bu 2.3 - .} -- - TMG - - The time the eventlog record was generated; format is the number of seconds since 00:00:00 January 1, 1970, UTC&. - .RE -@@ -159,7 +155,6 @@ TMG - .sp -1 - .IP (bu 2.3 - .} -- - TMW - - The time the eventlog record was written; format is the number of seconds since 00:00:00 January 1, 1970, UTC&. - .RE -@@ -172,7 +167,6 @@ TMW - .sp -1 - .IP (bu 2.3 - .} -- - EID - - The eventlog ID&. - .RE -@@ -185,7 +179,6 @@ EID - .sp -1 - .IP (bu 2.3 - .} -- - ETP - - The event type -- one of "INFO", "ERROR", "WARNING", "AUDIT SUCCESS" or "AUDIT FAILURE"&. - .RE -@@ -198,7 +191,6 @@ ETP - .sp -1 - .IP (bu 2.3 - .} -- - ECT - - The event category; this depends on the message file&. It is primarily used as a means of filtering in the eventlog viewer&. - .RE -@@ -211,7 +203,6 @@ ECT - .sp -1 - .IP (bu 2.3 - .} -- - RS2 - - This field should be 0&. - .RE -@@ -224,7 +215,6 @@ RS2 - .sp -1 - .IP (bu 2.3 - .} -- - CRN - - This field should be 0&. - .RE -@@ -237,7 +227,6 @@ CRN - .sp -1 - .IP (bu 2.3 - .} -- - USL - - This field should be 0&. - .RE -@@ -250,7 +239,6 @@ USL - .sp -1 - .IP (bu 2.3 - .} -- - SRC - - This field contains the source name associated with the event log&. If a message file is used with an event log, there will be a registry entry for associating this source name with a message file DLL&. - .RE -@@ -263,7 +251,6 @@ SRC - .sp -1 - .IP (bu 2.3 - .} -- - SRN - - The name of the machine on which the eventlog was generated&. This is typically the host name&. - .RE -@@ -276,7 +263,6 @@ SRN - .sp -1 - .IP (bu 2.3 - .} -- - STR - - The text associated with the eventlog&. There may be more than one string in a record&. - .RE -@@ -289,7 +275,6 @@ STR - .sp -1 - .IP (bu 2.3 - .} -- - DAT - - This field should be left unset&. - .RE -Index: samba-3.6.23/docs/manpages/findsmb.1 -=================================================================== ---- samba-3.6.23.orig/docs/manpages/findsmb.1 -+++ samba-3.6.23/docs/manpages/findsmb.1 -@@ -1,13 +1,13 @@ - '" t - ." Title: findsmb - ." Author: [see the "AUTHOR" section] --." Generator: DocBook XSL Stylesheets v1.76.1 http://docbook.sf.net/ --." Date: 09/18/2013 -+." Generator: DocBook XSL Stylesheets v1.78.1 http://docbook.sf.net/ -+." Date: 04/11/2016 - ." Manual: User Commands - ." Source: Samba 3.6 - ." Language: English - ." --.TH "FINDSMB" "1" "09/18/2013" "Samba 3&.6" "User Commands" -+.TH "FINDSMB" "1" "04/11/2016" "Samba 3&.6" "User Commands" - ." ----------------------------------------------------------------- - ." * Define some portability stuff - ." ----------------------------------------------------------------- -Index: samba-3.6.23/docs/manpages/idmap_ad.8 -=================================================================== ---- samba-3.6.23.orig/docs/manpages/idmap_ad.8 -+++ samba-3.6.23/docs/manpages/idmap_ad.8 -@@ -1,13 +1,13 @@ - '" t - ." Title: idmap_ad - ." Author: [see the "AUTHOR" section] --." Generator: DocBook XSL Stylesheets v1.76.1 http://docbook.sf.net/ --." Date: 09/18/2013 -+." Generator: DocBook XSL Stylesheets v1.78.1 http://docbook.sf.net/ -+." Date: 04/11/2016 - ." Manual: System Administration tools - ." Source: Samba 3.6 - ." Language: English - ." --.TH "IDMAP_AD" "8" "09/18/2013" "Samba 3&.6" "System Administration tools" -+.TH "IDMAP_AD" "8" "04/11/2016" "Samba 3&.6" "System Administration tools" - ." ----------------------------------------------------------------- - ." * Define some portability stuff - ." ----------------------------------------------------------------- -Index: samba-3.6.23/docs/manpages/idmap_adex.8 -=================================================================== ---- samba-3.6.23.orig/docs/manpages/idmap_adex.8 -+++ samba-3.6.23/docs/manpages/idmap_adex.8 -@@ -1,13 +1,13 @@ - '" t - ." Title: idmap_adex - ." Author: [see the "AUTHOR" section] --." Generator: DocBook XSL Stylesheets v1.76.1 http://docbook.sf.net/ --." Date: 09/18/2013 -+." Generator: DocBook XSL Stylesheets v1.78.1 http://docbook.sf.net/ -+." Date: 04/11/2016 - ." Manual: System Administration tools - ." Source: Samba 3.6 - ." Language: English - ." --.TH "IDMAP_ADEX" "8" "09/18/2013" "Samba 3&.6" "System Administration tools" -+.TH "IDMAP_ADEX" "8" "04/11/2016" "Samba 3&.6" "System Administration tools" - ." ----------------------------------------------------------------- - ." * Define some portability stuff - ." ----------------------------------------------------------------- -Index: samba-3.6.23/docs/manpages/idmap_autorid.8 -=================================================================== ---- samba-3.6.23.orig/docs/manpages/idmap_autorid.8 -+++ samba-3.6.23/docs/manpages/idmap_autorid.8 -@@ -1,13 +1,13 @@ - '" t - ." Title: idmap_autorid - ." Author: [see the "AUTHOR" section] --." Generator: DocBook XSL Stylesheets v1.76.1 http://docbook.sf.net/ --." Date: 09/18/2013 -+." Generator: DocBook XSL Stylesheets v1.78.1 http://docbook.sf.net/ -+." Date: 04/11/2016 - ." Manual: System Administration tools - ." Source: Samba 3.6 - ." Language: English - ." --.TH "IDMAP_AUTORID" "8" "09/18/2013" "Samba 3&.6" "System Administration tools" -+.TH "IDMAP_AUTORID" "8" "04/11/2016" "Samba 3&.6" "System Administration tools" - ." ----------------------------------------------------------------- - ." * Define some portability stuff - ." ----------------------------------------------------------------- -Index: samba-3.6.23/docs/manpages/idmap_hash.8 -=================================================================== ---- samba-3.6.23.orig/docs/manpages/idmap_hash.8 -+++ samba-3.6.23/docs/manpages/idmap_hash.8 -@@ -1,13 +1,13 @@ - '" t - ." Title: idmap_hash - ." Author: [see the "AUTHOR" section] --." Generator: DocBook XSL Stylesheets v1.76.1 http://docbook.sf.net/ --." Date: 09/18/2013 -+." Generator: DocBook XSL Stylesheets v1.78.1 http://docbook.sf.net/ -+." Date: 04/11/2016 - ." Manual: System Administration tools - ." Source: Samba 3.6 - ." Language: English - ." --.TH "IDMAP_HASH" "8" "09/18/2013" "Samba 3&.6" "System Administration tools" -+.TH "IDMAP_HASH" "8" "04/11/2016" "Samba 3&.6" "System Administration tools" - ." ----------------------------------------------------------------- - ." * Define some portability stuff - ." ----------------------------------------------------------------- -Index: samba-3.6.23/docs/manpages/idmap_ldap.8 -=================================================================== ---- samba-3.6.23.orig/docs/manpages/idmap_ldap.8 -+++ samba-3.6.23/docs/manpages/idmap_ldap.8 -@@ -1,13 +1,13 @@ - '" t - ." Title: idmap_ldap - ." Author: [see the "AUTHOR" section] --." Generator: DocBook XSL Stylesheets v1.76.1 http://docbook.sf.net/ --." Date: 09/18/2013 -+." Generator: DocBook XSL Stylesheets v1.78.1 http://docbook.sf.net/ -+." Date: 04/11/2016 - ." Manual: System Administration tools - ." Source: Samba 3.6 - ." Language: English - ." --.TH "IDMAP_LDAP" "8" "09/18/2013" "Samba 3&.6" "System Administration tools" -+.TH "IDMAP_LDAP" "8" "04/11/2016" "Samba 3&.6" "System Administration tools" - ." ----------------------------------------------------------------- - ." * Define some portability stuff - ." ----------------------------------------------------------------- -Index: samba-3.6.23/docs/manpages/idmap_nss.8 -=================================================================== ---- samba-3.6.23.orig/docs/manpages/idmap_nss.8 -+++ samba-3.6.23/docs/manpages/idmap_nss.8 -@@ -1,13 +1,13 @@ - '" t - ." Title: idmap_nss - ." Author: [see the "AUTHOR" section] --." Generator: DocBook XSL Stylesheets v1.76.1 http://docbook.sf.net/ --." Date: 09/18/2013 -+." Generator: DocBook XSL Stylesheets v1.78.1 http://docbook.sf.net/ -+." Date: 04/11/2016 - ." Manual: System Administration tools - ." Source: Samba 3.6 - ." Language: English - ." --.TH "IDMAP_NSS" "8" "09/18/2013" "Samba 3&.6" "System Administration tools" -+.TH "IDMAP_NSS" "8" "04/11/2016" "Samba 3&.6" "System Administration tools" - ." ----------------------------------------------------------------- - ." * Define some portability stuff - ." ----------------------------------------------------------------- -Index: samba-3.6.23/docs/manpages/idmap_rid.8 -=================================================================== ---- samba-3.6.23.orig/docs/manpages/idmap_rid.8 -+++ samba-3.6.23/docs/manpages/idmap_rid.8 -@@ -1,13 +1,13 @@ - '" t - ." Title: idmap_rid - ." Author: [see the "AUTHOR" section] --." Generator: DocBook XSL Stylesheets v1.76.1 http://docbook.sf.net/ --." Date: 09/18/2013 -+." Generator: DocBook XSL Stylesheets v1.78.1 http://docbook.sf.net/ -+." Date: 04/11/2016 - ." Manual: System Administration tools - ." Source: Samba 3.6 - ." Language: English - ." --.TH "IDMAP_RID" "8" "09/18/2013" "Samba 3&.6" "System Administration tools" -+.TH "IDMAP_RID" "8" "04/11/2016" "Samba 3&.6" "System Administration tools" - ." ----------------------------------------------------------------- - ." * Define some portability stuff - ." ----------------------------------------------------------------- -Index: samba-3.6.23/docs/manpages/idmap_tdb2.8 -=================================================================== ---- samba-3.6.23.orig/docs/manpages/idmap_tdb2.8 -+++ samba-3.6.23/docs/manpages/idmap_tdb2.8 -@@ -1,13 +1,13 @@ - '" t - ." Title: idmap_tdb2 - ." Author: [see the "AUTHOR" section] --." Generator: DocBook XSL Stylesheets v1.76.1 http://docbook.sf.net/ --." Date: 09/18/2013 -+." Generator: DocBook XSL Stylesheets v1.78.1 http://docbook.sf.net/ -+." Date: 04/11/2016 - ." Manual: System Administration tools - ." Source: Samba 3.6 - ." Language: English - ." --.TH "IDMAP_TDB2" "8" "09/18/2013" "Samba 3&.6" "System Administration tools" -+.TH "IDMAP_TDB2" "8" "04/11/2016" "Samba 3&.6" "System Administration tools" - ." ----------------------------------------------------------------- - ." * Define some portability stuff - ." ----------------------------------------------------------------- -Index: samba-3.6.23/docs/manpages/idmap_tdb.8 -=================================================================== ---- samba-3.6.23.orig/docs/manpages/idmap_tdb.8 -+++ samba-3.6.23/docs/manpages/idmap_tdb.8 -@@ -1,13 +1,13 @@ - '" t - ." Title: idmap_tdb - ." Author: [see the "AUTHOR" section] --." Generator: DocBook XSL Stylesheets v1.76.1 http://docbook.sf.net/ --." Date: 09/18/2013 -+." Generator: DocBook XSL Stylesheets v1.78.1 http://docbook.sf.net/ -+." Date: 04/11/2016 - ." Manual: System Administration tools - ." Source: Samba 3.6 - ." Language: English - ." --.TH "IDMAP_TDB" "8" "09/18/2013" "Samba 3&.6" "System Administration tools" -+.TH "IDMAP_TDB" "8" "04/11/2016" "Samba 3&.6" "System Administration tools" - ." ----------------------------------------------------------------- - ." * Define some portability stuff - ." ----------------------------------------------------------------- -Index: samba-3.6.23/docs/manpages/libsmbclient.7 -=================================================================== ---- samba-3.6.23.orig/docs/manpages/libsmbclient.7 -+++ samba-3.6.23/docs/manpages/libsmbclient.7 -@@ -1,13 +1,13 @@ - '" t - ." Title: libsmbclient - ." Author: [see the "AUTHOR" section] --." Generator: DocBook XSL Stylesheets v1.76.1 http://docbook.sf.net/ --." Date: 09/18/2013 -+." Generator: DocBook XSL Stylesheets v1.78.1 http://docbook.sf.net/ -+." Date: 04/11/2016 - ." Manual: 7 - ." Source: Samba 3.6 - ." Language: English - ." --.TH "LIBSMBCLIENT" "7" "09/18/2013" "Samba 3&.6" "7" -+.TH "LIBSMBCLIENT" "7" "04/11/2016" "Samba 3&.6" "7" - ." ----------------------------------------------------------------- - ." * Define some portability stuff - ." ----------------------------------------------------------------- -@@ -40,11 +40,9 @@ This tool is part of the - \fBsamba\fR(7) - suite&. - .PP -- - libsmbclient - is a library toolset that permits applications to manipulate CIFS/SMB network resources using many of the standards POSIX functions available for manipulating local UNIX/Linux files&. It permits much more than just browsing, files can be opened and read or written, permissions changed, file times modified, attributes and ACL*(Aqs can be manipulated, and so on&. Of course, its functionality includes all the capabilities commonly called browsing&. - .PP -- - libsmbclient - can not be used directly from the command line, instead it provides an extension of the capabilities of tools such as file managers and browsers&. This man page describes the configuration options for this tool so that the user may obtain greatest utility of use&. - .SH "OPTIONS" -@@ -77,7 +75,6 @@ and then append the contents of the - ~/&.smb/smb&.conf&.append - to it&. - .PP -- - libsmbclient - will check the users shell environment for the - USER -Index: samba-3.6.23/docs/manpages/lmhosts.5 -=================================================================== ---- samba-3.6.23.orig/docs/manpages/lmhosts.5 -+++ samba-3.6.23/docs/manpages/lmhosts.5 -@@ -1,13 +1,13 @@ - '" t - ." Title: lmhosts - ." Author: [see the "AUTHOR" section] --." Generator: DocBook XSL Stylesheets v1.76.1 http://docbook.sf.net/ --." Date: 09/18/2013 -+." Generator: DocBook XSL Stylesheets v1.78.1 http://docbook.sf.net/ -+." Date: 04/11/2016 - ." Manual: File Formats and Conventions - ." Source: Samba 3.6 - ." Language: English - ." --.TH "LMHOSTS" "5" "09/18/2013" "Samba 3&.6" "File Formats and Conventions" -+.TH "LMHOSTS" "5" "04/11/2016" "Samba 3&.6" "File Formats and Conventions" - ." ----------------------------------------------------------------- - ." * Define some portability stuff - ." ----------------------------------------------------------------- -Index: samba-3.6.23/docs/manpages/log2pcap.1 -=================================================================== ---- samba-3.6.23.orig/docs/manpages/log2pcap.1 -+++ samba-3.6.23/docs/manpages/log2pcap.1 -@@ -1,13 +1,13 @@ - '" t - ." Title: log2pcap - ." Author: [see the "AUTHOR" section] --." Generator: DocBook XSL Stylesheets v1.76.1 http://docbook.sf.net/ --." Date: 09/18/2013 -+." Generator: DocBook XSL Stylesheets v1.78.1 http://docbook.sf.net/ -+." Date: 04/11/2016 - ." Manual: User Commands - ." Source: Samba 3.6 - ." Language: English - ." --.TH "LOG2PCAP" "1" "09/18/2013" "Samba 3&.6" "User Commands" -+.TH "LOG2PCAP" "1" "04/11/2016" "Samba 3&.6" "User Commands" - ." ----------------------------------------------------------------- - ." * Define some portability stuff - ." ----------------------------------------------------------------- -@@ -74,7 +74,7 @@ pcap_file - Name of the output file to write the pcap (or hexdump) data to&. If this argument is not specified, output data will be written to stdout&. - .RE - .PP ---h|--help -+-?|--help - .RS 4 - Print a summary of command line options&. - .RE -Index: samba-3.6.23/docs/manpages/net.8 -=================================================================== ---- samba-3.6.23.orig/docs/manpages/net.8 -+++ samba-3.6.23/docs/manpages/net.8 -@@ -1,13 +1,13 @@ - '" t - ." Title: net - ." Author: [see the "AUTHOR" section] --." Generator: DocBook XSL Stylesheets v1.76.1 http://docbook.sf.net/ --." Date: 09/18/2013 -+." Generator: DocBook XSL Stylesheets v1.78.1 http://docbook.sf.net/ -+." Date: 04/11/2016 - ." Manual: System Administration tools - ." Source: Samba 3.6 - ." Language: English - ." --.TH "NET" "8" "09/18/2013" "Samba 3&.6" "System Administration tools" -+.TH "NET" "8" "04/11/2016" "Samba 3&.6" "System Administration tools" - ." ----------------------------------------------------------------- - ." * Define some portability stuff - ." ----------------------------------------------------------------- -@@ -41,7 +41,7 @@ suite&. - The Samba net utility is meant to work just like the net utility available for windows and DOS&. The first argument should be used to specify the protocol to use when executing a certain command&. ADS is used for ActiveDirectory, RAP is using for old (Win9x/NT3) clients and RPC can be used for NT4 and Windows 2000&. If this argument is omitted, net will try to determine it automatically&. Not all commands are available on all protocols&. - .SH "OPTIONS" - .PP ---h|--help -+-?|--help - .RS 4 - Print a summary of command line options&. - .RE -@@ -113,6 +113,11 @@ Make queries to the external server usin - Let client requests timeout after 30 seconds the default is 10 seconds&. - .RE - .PP -+--no-dns-updates -+.RS 4 -+Do not perform DNS updates as part of "net ads join"&. -+.RE -+.PP - -d|--debuglevel=level - .RS 4 - \fIlevel\fR -@@ -153,7 +158,7 @@ Tries to set the date and time of the lo - .SS "TIME ZONE" - .PP - Displays the timezone in hours from GMT on the remote computer&. --.SS "[RPC|ADS] JOIN [TYPE] [-U username[%password]] [createupn=UPN] [createcomputer=OU] [options]" -+.SS "[RPC|ADS] JOIN [TYPE] [--no-dns-updates] [-U username[%password]] [createupn=UPN] [createcomputer=OU] [options]" - .PP - Join a domain&. If the account already exists on the server, and [TYPE] is MEMBER, the machine will attempt to join automatically&. (Assuming that the machine has been created in server manager) Otherwise, a password will be prompted for, and a new account may be created&. - .PP -@@ -509,8 +514,6 @@ net groupmap delete {ntgroup=string|sid= - .PP - Update en existing group entry&. - .PP -- --.sp - .if n {\ - .RS 4 - .} -@@ -1208,8 +1211,7 @@ may be one of - \fImulti_sz\fR - or - \fIdword\fR&. In case of --\fImulti_sz\fR --\fIvalue\fR -+\fImulti_sz\fR\fIvalue\fR - may be given multiple times&. - .SS "REGISTRY INCREMENT key name [inc]" - .PP -Index: samba-3.6.23/docs/manpages/nmbd.8 -=================================================================== ---- samba-3.6.23.orig/docs/manpages/nmbd.8 -+++ samba-3.6.23/docs/manpages/nmbd.8 -@@ -1,13 +1,13 @@ - '" t - ." Title: nmbd - ." Author: [see the "AUTHOR" section] --." Generator: DocBook XSL Stylesheets v1.76.1 http://docbook.sf.net/ --." Date: 09/18/2013 -+." Generator: DocBook XSL Stylesheets v1.78.1 http://docbook.sf.net/ -+." Date: 04/11/2016 - ." Manual: System Administration tools - ." Source: Samba 3.6 - ." Language: English - ." --.TH "NMBD" "8" "09/18/2013" "Samba 3&.6" "System Administration tools" -+.TH "NMBD" "8" "04/11/2016" "Samba 3&.6" "System Administration tools" - ." ----------------------------------------------------------------- - ." * Define some portability stuff - ." ----------------------------------------------------------------- -@@ -106,7 +106,7 @@ also logs to standard output, as if the - parameter had been given&. - .RE - .PP ---h|--help -+-?|--help - .RS 4 - Print a summary of command line options&. - .RE -@@ -264,7 +264,6 @@ The debug log level of nmbd may be raise - This man page is correct for version 3 of the Samba suite&. - .SH "SEE ALSO" - .PP -- - \fBinetd\fR(8), - \fBsmbd\fR(8), - \fBsmb.conf\fR(5), -Index: samba-3.6.23/docs/manpages/nmblookup.1 -=================================================================== ---- samba-3.6.23.orig/docs/manpages/nmblookup.1 -+++ samba-3.6.23/docs/manpages/nmblookup.1 -@@ -1,13 +1,13 @@ - '" t - ." Title: nmblookup - ." Author: [see the "AUTHOR" section] --." Generator: DocBook XSL Stylesheets v1.76.1 http://docbook.sf.net/ --." Date: 09/18/2013 -+." Generator: DocBook XSL Stylesheets v1.78.1 http://docbook.sf.net/ -+." Date: 04/11/2016 - ." Manual: User Commands - ." Source: Samba 3.6 - ." Language: English - ." --.TH "NMBLOOKUP" "1" "09/18/2013" "Samba 3&.6" "User Commands" -+.TH "NMBLOOKUP" "1" "04/11/2016" "Samba 3&.6" "User Commands" - ." ----------------------------------------------------------------- - ." * Define some portability stuff - ." ----------------------------------------------------------------- -@@ -109,7 +109,7 @@ smb&.conf - manual page for the list of valid options&. - .RE - .PP ---h|--help -+-?|--help - .RS 4 - Print a summary of command line options&. - .RE -Index: samba-3.6.23/docs/manpages/ntlm_auth.1 -=================================================================== ---- samba-3.6.23.orig/docs/manpages/ntlm_auth.1 -+++ samba-3.6.23/docs/manpages/ntlm_auth.1 -@@ -1,13 +1,13 @@ - '" t - ." Title: ntlm_auth - ." Author: [see the "AUTHOR" section] --." Generator: DocBook XSL Stylesheets v1.76.1 http://docbook.sf.net/ --." Date: 09/18/2013 -+." Generator: DocBook XSL Stylesheets v1.78.1 http://docbook.sf.net/ -+." Date: 04/11/2016 - ." Manual: User Commands - ." Source: Samba 3.6 - ." Language: English - ." --.TH "NTLM_AUTH" "1" "09/18/2013" "Samba 3&.6" "User Commands" -+.TH "NTLM_AUTH" "1" "04/11/2016" "Samba 3&.6" "User Commands" - ." ----------------------------------------------------------------- - ." * Define some portability stuff - ." ----------------------------------------------------------------- -@@ -347,7 +347,7 @@ Base directory name for log/debug files\ - will be appended (e&.g&. log&.smbclient, log&.smbd, etc&.&.&.)&. The log file is never removed by the client&. - .RE - .PP ---h|--help -+-?|--help - .RS 4 - Print a summary of command line options&. - .RE -Index: samba-3.6.23/docs/manpages/pam_winbind.8 -=================================================================== ---- samba-3.6.23.orig/docs/manpages/pam_winbind.8 -+++ samba-3.6.23/docs/manpages/pam_winbind.8 -@@ -1,13 +1,13 @@ - '" t - ." Title: pam_winbind - ." Author: [see the "AUTHOR" section] --." Generator: DocBook XSL Stylesheets v1.76.1 http://docbook.sf.net/ --." Date: 09/18/2013 -+." Generator: DocBook XSL Stylesheets v1.78.1 http://docbook.sf.net/ -+." Date: 04/11/2016 - ." Manual: 8 - ." Source: Samba 3.6 - ." Language: English - ." --.TH "PAM_WINBIND" "8" "09/18/2013" "Samba 3&.6" "8" -+.TH "PAM_WINBIND" "8" "04/11/2016" "Samba 3&.6" "8" - ." ----------------------------------------------------------------- - ." * Define some portability stuff - ." ----------------------------------------------------------------- -Index: samba-3.6.23/docs/manpages/pam_winbind.conf.5 -=================================================================== ---- samba-3.6.23.orig/docs/manpages/pam_winbind.conf.5 -+++ samba-3.6.23/docs/manpages/pam_winbind.conf.5 -@@ -1,13 +1,13 @@ - '" t - ." Title: pam_winbind.conf - ." Author: [see the "AUTHOR" section] --." Generator: DocBook XSL Stylesheets v1.76.1 http://docbook.sf.net/ --." Date: 09/18/2013 -+." Generator: DocBook XSL Stylesheets v1.78.1 http://docbook.sf.net/ -+." Date: 04/11/2016 - ." Manual: 5 - ." Source: Samba 3.6 - ." Language: English - ." --.TH "PAM_WINBIND&.CONF" "5" "09/18/2013" "Samba 3&.6" "5" -+.TH "PAM_WINBIND&.CONF" "5" "04/11/2016" "Samba 3&.6" "5" - ." ----------------------------------------------------------------- - ." * Define some portability stuff - ." ----------------------------------------------------------------- -Index: samba-3.6.23/docs/manpages/pdbedit.8 -=================================================================== ---- samba-3.6.23.orig/docs/manpages/pdbedit.8 -+++ samba-3.6.23/docs/manpages/pdbedit.8 -@@ -1,13 +1,13 @@ - '" t - ." Title: pdbedit - ." Author: [see the "AUTHOR" section] --." Generator: DocBook XSL Stylesheets v1.76.1 http://docbook.sf.net/ --." Date: 09/18/2013 -+." Generator: DocBook XSL Stylesheets v1.78.1 http://docbook.sf.net/ -+." Date: 04/11/2016 - ." Manual: System Administration tools - ." Source: Samba 3.6 - ." Language: English - ." --.TH "PDBEDIT" "8" "09/18/2013" "Samba 3&.6" "System Administration tools" -+.TH "PDBEDIT" "8" "04/11/2016" "Samba 3&.6" "System Administration tools" - ." ----------------------------------------------------------------- - ." * Define some portability stuff - ." ----------------------------------------------------------------- -@@ -204,8 +204,6 @@ Example: - .RS 4 - This option can be used while adding or modifying a user account&. It will specify the users*(Aq account control property&. Possible flags are listed below&. - .sp -- --.sp - .RS 4 - .ie n {\ - \h'-04'(bu\h'+03'\c -@@ -555,7 +553,7 @@ Example: - This option is currently not being used&. - .RE - .PP ---h|--help -+-?|--help - .RS 4 - Print a summary of command line options&. - .RE -Index: samba-3.6.23/docs/manpages/profiles.1 -=================================================================== ---- samba-3.6.23.orig/docs/manpages/profiles.1 -+++ samba-3.6.23/docs/manpages/profiles.1 -@@ -1,13 +1,13 @@ - '" t - ." Title: profiles - ." Author: [see the "AUTHOR" section] --." Generator: DocBook XSL Stylesheets v1.76.1 http://docbook.sf.net/ --." Date: 09/18/2013 -+." Generator: DocBook XSL Stylesheets v1.78.1 http://docbook.sf.net/ -+." Date: 04/11/2016 - ." Manual: User Commands - ." Source: Samba 3.6 - ." Language: English - ." --.TH "PROFILES" "1" "09/18/2013" "Samba 3&.6" "User Commands" -+.TH "PROFILES" "1" "04/11/2016" "Samba 3&.6" "User Commands" - ." ----------------------------------------------------------------- - ." * Define some portability stuff - ." ----------------------------------------------------------------- -@@ -59,7 +59,7 @@ file - by SID2&. - .RE - .PP ---h|--help -+-?|--help - .RS 4 - Print a summary of command line options&. - .RE -Index: samba-3.6.23/docs/manpages/rpcclient.1 -=================================================================== ---- samba-3.6.23.orig/docs/manpages/rpcclient.1 -+++ samba-3.6.23/docs/manpages/rpcclient.1 -@@ -1,13 +1,13 @@ - '" t - ." Title: rpcclient - ." Author: [see the "AUTHOR" section] --." Generator: DocBook XSL Stylesheets v1.76.1 http://docbook.sf.net/ --." Date: 09/18/2013 -+." Generator: DocBook XSL Stylesheets v1.78.1 http://docbook.sf.net/ -+." Date: 04/11/2016 - ." Manual: User Commands - ." Source: Samba 3.6 - ." Language: English - ." --.TH "RPCCLIENT" "1" "09/18/2013" "Samba 3&.6" "User Commands" -+.TH "RPCCLIENT" "1" "04/11/2016" "Samba 3&.6" "User Commands" - ." ----------------------------------------------------------------- - ." * Define some portability stuff - ." ----------------------------------------------------------------- -@@ -199,7 +199,7 @@ smb&.conf - manual page for the list of valid options&. - .RE - .PP ---h|--help -+-?|--help - .RS 4 - Print a summary of command line options&. - .RE -Index: samba-3.6.23/docs/manpages/samba.7 -=================================================================== ---- samba-3.6.23.orig/docs/manpages/samba.7 -+++ samba-3.6.23/docs/manpages/samba.7 -@@ -1,13 +1,13 @@ - '" t - ." Title: samba - ." Author: [see the "AUTHOR" section] --." Generator: DocBook XSL Stylesheets v1.76.1 http://docbook.sf.net/ --." Date: 09/18/2013 -+." Generator: DocBook XSL Stylesheets v1.78.1 http://docbook.sf.net/ -+." Date: 04/11/2016 - ." Manual: Miscellanea - ." Source: Samba 3.6 - ." Language: English - ." --.TH "SAMBA" "7" "09/18/2013" "Samba 3&.6" "Miscellanea" -+.TH "SAMBA" "7" "04/11/2016" "Samba 3&.6" "Miscellanea" - ." ----------------------------------------------------------------- - ." * Define some portability stuff - ." ----------------------------------------------------------------- -Index: samba-3.6.23/docs/manpages/sharesec.1 -=================================================================== ---- samba-3.6.23.orig/docs/manpages/sharesec.1 -+++ samba-3.6.23/docs/manpages/sharesec.1 -@@ -1,13 +1,13 @@ - '" t - ." Title: sharesec - ." Author: [see the "AUTHOR" section] --." Generator: DocBook XSL Stylesheets v1.76.1 http://docbook.sf.net/ --." Date: 09/18/2013 -+." Generator: DocBook XSL Stylesheets v1.78.1 http://docbook.sf.net/ -+." Date: 04/11/2016 - ." Manual: User Commands - ." Source: Samba 3.6 - ." Language: English - ." --.TH "SHARESEC" "1" "09/18/2013" "Samba 3&.6" "User Commands" -+.TH "SHARESEC" "1" "04/11/2016" "Samba 3&.6" "User Commands" - ." ----------------------------------------------------------------- - ." * Define some portability stuff - ." ----------------------------------------------------------------- -@@ -82,7 +82,7 @@ Remove ACEs&. - Overwrite an existing share permission ACL&. - .RE - .PP ---h|--help -+-?|--help - .RS 4 - Print a summary of command line options&. - .RE -Index: samba-3.6.23/docs/manpages/smbcacls.1 -=================================================================== ---- samba-3.6.23.orig/docs/manpages/smbcacls.1 -+++ samba-3.6.23/docs/manpages/smbcacls.1 -@@ -1,13 +1,13 @@ - '" t - ." Title: smbcacls - ." Author: [see the "AUTHOR" section] --." Generator: DocBook XSL Stylesheets v1.76.1 http://docbook.sf.net/ --." Date: 09/18/2013 -+." Generator: DocBook XSL Stylesheets v1.78.1 http://docbook.sf.net/ -+." Date: 04/11/2016 - ." Manual: User Commands - ." Source: Samba 3.6 - ." Language: English - ." --.TH "SMBCACLS" "1" "09/18/2013" "Samba 3&.6" "User Commands" -+.TH "SMBCACLS" "1" "04/11/2016" "Samba 3&.6" "User Commands" - ." ----------------------------------------------------------------- - ." * Define some portability stuff - ." ----------------------------------------------------------------- -@@ -102,7 +102,7 @@ This option displays all ACL information - Don*(Aqt actually do anything, only validate the correctness of the arguments&. - .RE - .PP ---h|--help -+-?|--help - .RS 4 - Print a summary of command line options&. - .RE -Index: samba-3.6.23/docs/manpages/smbclient.1 -=================================================================== ---- samba-3.6.23.orig/docs/manpages/smbclient.1 -+++ samba-3.6.23/docs/manpages/smbclient.1 -@@ -1,13 +1,13 @@ - '" t - ." Title: smbclient - ." Author: [see the "AUTHOR" section] --." Generator: DocBook XSL Stylesheets v1.76.1 http://docbook.sf.net/ --." Date: 09/18/2013 -+." Generator: DocBook XSL Stylesheets v1.78.1 http://docbook.sf.net/ -+." Date: 04/11/2016 - ." Manual: User Commands - ." Source: Samba 3.6 - ." Language: English - ." --.TH "SMBCLIENT" "1" "09/18/2013" "Samba 3&.6" "User Commands" -+.TH "SMBCLIENT" "1" "04/11/2016" "Samba 3&.6" "User Commands" - ." ----------------------------------------------------------------- - ." * Define some portability stuff - ." ----------------------------------------------------------------- -@@ -205,7 +205,7 @@ This parameter sets the maximum protocol - Make queries to the external server using the machine account of the local server&. - .RE - .PP ---h|--help -+-?|--help - .RS 4 - Print a summary of command line options&. - .RE -Index: samba-3.6.23/docs/manpages/smb.conf.5 -=================================================================== ---- samba-3.6.23.orig/docs/manpages/smb.conf.5 -+++ samba-3.6.23/docs/manpages/smb.conf.5 -@@ -2,12 +2,12 @@ - ." Title: smb.conf - ." Author: [see the "AUTHOR" section] - ." Generator: DocBook XSL Stylesheets v1.78.1 http://docbook.sf.net/ --." Date: 10/15/2015 -+." Date: 04/11/2016 - ." Manual: File Formats and Conventions - ." Source: Samba 3.6 - ." Language: English - ." --.TH "SMB&.CONF" "5" "10/15/2015" "Samba 3&.6" "File Formats and Conventions" -+.TH "SMB&.CONF" "5" "04/11/2016" "Samba 3&.6" "File Formats and Conventions" - ." ----------------------------------------------------------------- - ." * Define some portability stuff - ." ----------------------------------------------------------------- -@@ -1371,6 +1371,24 @@ Example: - \fI\fIallocation roundup size\fR\fR\fI = \fR\fI0 # (to disable roundups)\fR\fI \fR - .RE - -+allow dcerpc auth level connect (G) -+." allow dcerpc auth level connect -+.PP -+.RS 4 -+This option controls whether DCERPC services are allowed to be used with DCERPC_AUTH_LEVEL_CONNECT, which provides authentication, but no per message integrity nor privacy protection&. -+.sp -+The behavior can be controlled per interface name (e&.g&. lsarpc, netlogon, samr, srvsvc, winreg, wkssvc &.&.&.) by using *(Aqallow dcerpc auth level connect:interface = no*(Aq as option&. -+.sp -+This option yields precedence to the implentation specific restrictions&. E&.g&. the drsuapi and backupkey protocols require DCERPC_AUTH_LEVEL_PRIVACY&. While others like samr and lsarpc have a hardcoded default of -+\fBno\fR&. -+.sp -+Default: -+\fI\fIallow dcerpc auth level connect\fR\fR\fI = \fR\fIno\fR\fI \fR -+.sp -+Example: -+\fI\fIallow dcerpc auth level connect\fR\fR\fI = \fR\fIyes\fR\fI \fR -+.RE -+ - allow insecure wide links (G) - ." allow insecure wide links - .PP -@@ -1826,6 +1844,24 @@ Example: - \fI\fIcheck password script\fR\fR\fI = \fR\fI/usr/local/sbin/crackcheck\fR\fI \fR - .RE - -+client ipc signing (G) -+." client ipc signing -+.PP -+.RS 4 -+This controls whether the client is allowed or required to use SMB signing for IPC$ connections as DCERPC transport inside of winbind&. Possible values are -+\fIauto\fR, -+\fImandatory\fR -+and -+\fIdisabled\fR&. -+.sp -+When set to auto, SMB signing is offered, but not enforced and if set to disabled, SMB signing is not offered either&. -+.sp -+Connections from winbindd to Active Directory Domain Controllers always enforce signing&. -+.sp -+Default: -+\fI\fIclient ipc signing\fR\fR\fI = \fR\fImandatory\fR\fI \fR -+.RE -+ - client lanman auth (G) - ." client lanman auth - .PP -@@ -1874,14 +1910,11 @@ is just an alias for - \fIseal\fR&. - .sp - The default value is --\fIplain\fR --which is not irritable to KRB5 clock skew errors&. That implies synchronizing the time with the KDC in the case of using --\fIsign\fR --or --\fIseal\fR&. -+\fIsign\fR&. That implies synchronizing the time with the KDC in the case of using -+\fIKerberos\fR&. - .sp - Default: --\fI\fIclient ldap sasl wrapping\fR\fR\fI = \fR\fIplain\fR\fI \fR -+\fI\fIclient ldap sasl wrapping\fR\fR\fI = \fR\fIsign\fR\fI \fR - .RE - - client ntlmv2 auth (G) -@@ -1905,6 +1938,12 @@ client lanman auth&. - .sp - Note that Windows Vista and later versions already use NTLMv2 by default, and some sites (particularly those following *(Aqbest practice*(Aq security polices) only allow NTLMv2 responses, and not the weaker LM or NTLM&. - .sp -+When -+\m[blue]\fBclient use spnego\fR\m[] -+is also set to -+\fByes\fR -+extended security (SPNEGO) is required in order to use NTLMv2 only within NTLMSSP&. This behavior was introduced with the patches for CVE-2016-2111&. -+.sp - Default: - \fI\fIclient ntlmv2 auth\fR\fR\fI = \fR\fIyes\fR\fI \fR - .RE -@@ -1949,6 +1988,7 @@ and - \fIdisabled\fR&. - .sp - When set to auto, SMB signing is offered, but not enforced&. When set to mandatory, SMB signing is required and if set to disabled, SMB signing is not offered either&. -+IPC$ connections for DCERPC e&.g&. in winbindd, are handled by the \m[blue]\fBclient ipc signing\fR\m[] option&. - .sp - Default: - \fI\fIclient signing\fR\fR\fI = \fR\fIauto\fR\fI \fR -@@ -1978,6 +2018,12 @@ client use spnego (G) - .RS 4 - This variable controls whether Samba clients will try to use Simple and Protected NEGOciation (as specified by rfc2478) with supporting servers (including WindowsXP, Windows2000 and Samba 3&.0) to agree upon an authentication mechanism&. This enables Kerberos authentication in particular&. - .sp -+When -+\m[blue]\fBclient NTLMv2 auth\fR\m[] -+is also set to -+\fByes\fR -+extended security (SPNEGO) is required in order to use NTLMv2 only within NTLMSSP&. This behavior was introduced with the patches for CVE-2016-2111&. -+.sp - Default: - \fI\fIclient use spnego\fR\fR\fI = \fR\fIyes\fR\fI \fR - .RE -@@ -8103,6 +8149,24 @@ Example: - \fI\fIqueueresume command\fR\fR\fI = \fR\fIenable %p\fR\fI \fR - .RE - -+raw NTLMv2 auth (G) -+." raw NTLMv2 auth -+.PP -+.RS 4 -+This parameter determines whether or not -+\fBsmbd\fR(8) -+will allow SMB1 clients without extended security (without SPNEGO) to use NTLMv2 authentication&. -+.sp -+If this option, -+lanman auth -+and -+ntlm auth -+are all disabled, then only clients with SPNEGO support will be permitted&. That means NTLMv2 is only supported within NTLMSSP&. -+.sp -+Default: -+\fI\fIraw NTLMv2 auth\fR\fR\fI = \fR\fIno\fR\fI \fR -+.RE -+ - read list (S) - ." read list - .PP -@@ -10699,6 +10763,18 @@ Default: - \fI\fIwinbind rpc only\fR\fR\fI = \fR\fIno\fR\fI \fR - .RE - -+winbind sealed pipes (G) -+." winbind sealed pipes -+.PP -+.RS 4 -+This option controls whether any requests from winbindd to domain controllers pipe will be sealed&. Disabling sealing can be useful for debugging purposes&. -+.sp -+The behavior can be controlled per netbios domain by using *(Aqwinbind sealed pipes:NETBIOSDOMAIN = no*(Aq as option&. -+.sp -+Default: -+\fI\fIwinbind sealed pipes\fR\fR\fI = \fR\fIyes\fR\fI \fR -+.RE -+ - winbind separator (G) - ." winbind separator - .PP -Index: samba-3.6.23/docs/manpages/smbcontrol.1 -=================================================================== ---- samba-3.6.23.orig/docs/manpages/smbcontrol.1 -+++ samba-3.6.23/docs/manpages/smbcontrol.1 -@@ -1,13 +1,13 @@ - '" t - ." Title: smbcontrol - ." Author: [see the "AUTHOR" section] --." Generator: DocBook XSL Stylesheets v1.76.1 http://docbook.sf.net/ --." Date: 09/18/2013 -+." Generator: DocBook XSL Stylesheets v1.78.1 http://docbook.sf.net/ -+." Date: 04/11/2016 - ." Manual: User Commands - ." Source: Samba 3.6 - ." Language: English - ." --.TH "SMBCONTROL" "1" "09/18/2013" "Samba 3&.6" "User Commands" -+.TH "SMBCONTROL" "1" "04/11/2016" "Samba 3&.6" "User Commands" - ." ----------------------------------------------------------------- - ." * Define some portability stuff - ." ----------------------------------------------------------------- -@@ -48,7 +48,7 @@ is a very small program, which sends mes - daemon running on the system&. - .SH "OPTIONS" - .PP ---h|--help -+-?|--help - .RS 4 - Print a summary of command line options&. - .RE -Index: samba-3.6.23/docs/manpages/smbcquotas.1 -=================================================================== ---- samba-3.6.23.orig/docs/manpages/smbcquotas.1 -+++ samba-3.6.23/docs/manpages/smbcquotas.1 -@@ -1,13 +1,13 @@ - '" t - ." Title: smbcquotas - ." Author: [see the "AUTHOR" section] --." Generator: DocBook XSL Stylesheets v1.76.1 http://docbook.sf.net/ --." Date: 09/18/2013 -+." Generator: DocBook XSL Stylesheets v1.78.1 http://docbook.sf.net/ -+." Date: 04/11/2016 - ." Manual: User Commands - ." Source: Samba 3.6 - ." Language: English - ." --.TH "SMBCQUOTAS" "1" "09/18/2013" "Samba 3&.6" "User Commands" -+.TH "SMBCQUOTAS" "1" "04/11/2016" "Samba 3&.6" "User Commands" - ." ----------------------------------------------------------------- - ." * Define some portability stuff - ." ----------------------------------------------------------------- -@@ -82,7 +82,7 @@ Don*(Aqt actually do anything, only val - Be verbose&. - .RE - .PP ---h|--help -+-?|--help - .RS 4 - Print a summary of command line options&. - .RE -Index: samba-3.6.23/docs/manpages/smbd.8 -=================================================================== ---- samba-3.6.23.orig/docs/manpages/smbd.8 -+++ samba-3.6.23/docs/manpages/smbd.8 -@@ -1,13 +1,13 @@ - '" t - ." Title: smbd - ." Author: [see the "AUTHOR" section] --." Generator: DocBook XSL Stylesheets v1.76.1 http://docbook.sf.net/ --." Date: 09/18/2013 -+." Generator: DocBook XSL Stylesheets v1.78.1 http://docbook.sf.net/ -+." Date: 04/11/2016 - ." Manual: System Administration tools - ." Source: Samba 3.6 - ." Language: English - ." --.TH "SMBD" "8" "09/18/2013" "Samba 3&.6" "System Administration tools" -+.TH "SMBD" "8" "04/11/2016" "Samba 3&.6" "System Administration tools" - ." ----------------------------------------------------------------- - ." * Define some portability stuff - ." ----------------------------------------------------------------- -@@ -130,7 +130,7 @@ Base directory name for log/debug files\ - will be appended (e&.g&. log&.smbclient, log&.smbd, etc&.&.&.)&. The log file is never removed by the client&. - .RE - .PP ---h|--help -+-?|--help - .RS 4 - Print a summary of command line options&. - .RE -@@ -207,8 +207,7 @@ if this variable is not defined) as the - .SH "PAM INTERACTION" - .PP - Samba uses PAM for authentication (when presented with a plaintext password), for account checking (is this account disabled?) and for session management&. The degree too which samba supports PAM is restricted by the limitations of the SMB protocol and the --\m[blue]\fBobey pam restrictions\fR\m[] --\fBsmb.conf\fR(5) -+\m[blue]\fBobey pam restrictions\fR\m[]\fBsmb.conf\fR(5) - parameter&. When this is set, the following restrictions apply: - .sp - .RS 4 -@@ -359,8 +358,7 @@ configuration file within a short period - To shut down a user*(Aqs - smbd - process it is recommended that --SIGKILL (-9) --\fINOT\fR -+SIGKILL (-9)\fINOT\fR - be used, except as a last resort, as this may leave the shared memory area in an inconsistent state&. The safe way to terminate an - smbd - is to send it a SIGTERM (-15) signal and wait for it to die on its own&. -Index: samba-3.6.23/docs/manpages/smbget.1 -=================================================================== ---- samba-3.6.23.orig/docs/manpages/smbget.1 -+++ samba-3.6.23/docs/manpages/smbget.1 -@@ -1,13 +1,13 @@ - '" t - ." Title: smbget - ." Author: [see the "AUTHOR" section] --." Generator: DocBook XSL Stylesheets v1.76.1 http://docbook.sf.net/ --." Date: 09/18/2013 -+." Generator: DocBook XSL Stylesheets v1.78.1 http://docbook.sf.net/ -+." Date: 04/11/2016 - ." Manual: User Commands - ." Source: Samba 3.6 - ." Language: English - ." --.TH "SMBGET" "1" "09/18/2013" "Samba 3&.6" "User Commands" -+.TH "SMBGET" "1" "04/11/2016" "Samba 3&.6" "User Commands" - ." ----------------------------------------------------------------- - ." * Define some portability stuff - ." ----------------------------------------------------------------- -Index: samba-3.6.23/docs/manpages/smbgetrc.5 -=================================================================== ---- samba-3.6.23.orig/docs/manpages/smbgetrc.5 -+++ samba-3.6.23/docs/manpages/smbgetrc.5 -@@ -1,13 +1,13 @@ - '" t - ." Title: smbgetrc - ." Author: [see the "AUTHOR" section] --." Generator: DocBook XSL Stylesheets v1.76.1 http://docbook.sf.net/ --." Date: 09/18/2013 -+." Generator: DocBook XSL Stylesheets v1.78.1 http://docbook.sf.net/ -+." Date: 04/11/2016 - ." Manual: File Formats and Conventions - ." Source: Samba 3.6 - ." Language: English - ." --.TH "SMBGETRC" "5" "09/18/2013" "Samba 3&.6" "File Formats and Conventions" -+.TH "SMBGETRC" "5" "04/11/2016" "Samba 3&.6" "File Formats and Conventions" - ." ----------------------------------------------------------------- - ." * Define some portability stuff - ." ----------------------------------------------------------------- -Index: samba-3.6.23/docs/manpages/smbpasswd.5 -=================================================================== ---- samba-3.6.23.orig/docs/manpages/smbpasswd.5 -+++ samba-3.6.23/docs/manpages/smbpasswd.5 -@@ -1,13 +1,13 @@ - '" t - ." Title: smbpasswd - ." Author: [see the "AUTHOR" section] --." Generator: DocBook XSL Stylesheets v1.76.1 http://docbook.sf.net/ --." Date: 09/18/2013 -+." Generator: DocBook XSL Stylesheets v1.78.1 http://docbook.sf.net/ -+." Date: 04/11/2016 - ." Manual: File Formats and Conventions - ." Source: Samba 3.6 - ." Language: English - ." --.TH "SMBPASSWD" "5" "09/18/2013" "Samba 3&.6" "File Formats and Conventions" -+.TH "SMBPASSWD" "5" "04/11/2016" "Samba 3&.6" "File Formats and Conventions" - ." ----------------------------------------------------------------- - ." * Define some portability stuff - ." ----------------------------------------------------------------- -Index: samba-3.6.23/docs/manpages/smbpasswd.8 -=================================================================== ---- samba-3.6.23.orig/docs/manpages/smbpasswd.8 -+++ samba-3.6.23/docs/manpages/smbpasswd.8 -@@ -1,13 +1,13 @@ - '" t - ." Title: smbpasswd - ." Author: [see the "AUTHOR" section] --." Generator: DocBook XSL Stylesheets v1.76.1 http://docbook.sf.net/ --." Date: 09/18/2013 -+." Generator: DocBook XSL Stylesheets v1.78.1 http://docbook.sf.net/ -+." Date: 04/11/2016 - ." Manual: System Administration tools - ." Source: Samba 3.6 - ." Language: English - ." --.TH "SMBPASSWD" "8" "09/18/2013" "Samba 3&.6" "System Administration tools" -+.TH "SMBPASSWD" "8" "04/11/2016" "Samba 3&.6" "System Administration tools" - ." ----------------------------------------------------------------- - ." * Define some portability stuff - ." ----------------------------------------------------------------- -Index: samba-3.6.23/docs/manpages/smbspool.8 -=================================================================== ---- samba-3.6.23.orig/docs/manpages/smbspool.8 -+++ samba-3.6.23/docs/manpages/smbspool.8 -@@ -1,13 +1,13 @@ - '" t - ." Title: smbspool - ." Author: [see the "AUTHOR" section] --." Generator: DocBook XSL Stylesheets v1.76.1 http://docbook.sf.net/ --." Date: 09/18/2013 -+." Generator: DocBook XSL Stylesheets v1.78.1 http://docbook.sf.net/ -+." Date: 04/11/2016 - ." Manual: System Administration tools - ." Source: Samba 3.6 - ." Language: English - ." --.TH "SMBSPOOL" "8" "09/18/2013" "Samba 3&.6" "System Administration tools" -+.TH "SMBSPOOL" "8" "04/11/2016" "Samba 3&.6" "System Administration tools" - ." ----------------------------------------------------------------- - ." * Define some portability stuff - ." ----------------------------------------------------------------- -Index: samba-3.6.23/docs/manpages/smbstatus.1 -=================================================================== ---- samba-3.6.23.orig/docs/manpages/smbstatus.1 -+++ samba-3.6.23/docs/manpages/smbstatus.1 -@@ -1,13 +1,13 @@ - '" t - ." Title: smbstatus - ." Author: [see the "AUTHOR" section] --." Generator: DocBook XSL Stylesheets v1.76.1 http://docbook.sf.net/ --." Date: 09/18/2013 -+." Generator: DocBook XSL Stylesheets v1.78.1 http://docbook.sf.net/ -+." Date: 04/11/2016 - ." Manual: User Commands - ." Source: Samba 3.6 - ." Language: English - ." --.TH "SMBSTATUS" "1" "09/18/2013" "Samba 3&.6" "User Commands" -+.TH "SMBSTATUS" "1" "04/11/2016" "Samba 3&.6" "User Commands" - ." ----------------------------------------------------------------- - ." * Define some portability stuff - ." ----------------------------------------------------------------- -@@ -114,7 +114,7 @@ processes and exit&. Useful for scripti - causes smbstatus to only list shares&. - .RE - .PP ---h|--help -+-?|--help - .RS 4 - Print a summary of command line options&. - .RE -Index: samba-3.6.23/docs/manpages/smbtar.1 -=================================================================== ---- samba-3.6.23.orig/docs/manpages/smbtar.1 -+++ samba-3.6.23/docs/manpages/smbtar.1 -@@ -1,13 +1,13 @@ - '" t - ." Title: smbtar - ." Author: [see the "AUTHOR" section] --." Generator: DocBook XSL Stylesheets v1.76.1 http://docbook.sf.net/ --." Date: 09/18/2013 -+." Generator: DocBook XSL Stylesheets v1.78.1 http://docbook.sf.net/ -+." Date: 04/11/2016 - ." Manual: User Commands - ." Source: Samba 3.6 - ." Language: English - ." --.TH "SMBTAR" "1" "09/18/2013" "Samba 3&.6" "User Commands" -+.TH "SMBTAR" "1" "04/11/2016" "Samba 3&.6" "User Commands" - ." ----------------------------------------------------------------- - ." * Define some portability stuff - ." ----------------------------------------------------------------- -Index: samba-3.6.23/docs/manpages/smbta-util.8 -=================================================================== ---- samba-3.6.23.orig/docs/manpages/smbta-util.8 -+++ samba-3.6.23/docs/manpages/smbta-util.8 -@@ -1,13 +1,13 @@ - '" t - ." Title: smbta-util - ." Author: [see the "AUTHOR" section] --." Generator: DocBook XSL Stylesheets v1.76.1 http://docbook.sf.net/ --." Date: 09/18/2013 -+." Generator: DocBook XSL Stylesheets v1.78.1 http://docbook.sf.net/ -+." Date: 04/11/2016 - ." Manual: System Administration tools - ." Source: Samba 3.6 - ." Language: English - ." --.TH "SMBTA-UTIL" "8" "09/18/2013" "Samba 3&.6" "System Administration tools" -+.TH "SMBTA-UTIL" "8" "04/11/2016" "Samba 3&.6" "System Administration tools" - ." ----------------------------------------------------------------- - ." * Define some portability stuff - ." ----------------------------------------------------------------- -Index: samba-3.6.23/docs/manpages/smbtree.1 -=================================================================== ---- samba-3.6.23.orig/docs/manpages/smbtree.1 -+++ samba-3.6.23/docs/manpages/smbtree.1 -@@ -1,13 +1,13 @@ - '" t - ." Title: smbtree - ." Author: [see the "AUTHOR" section] --." Generator: DocBook XSL Stylesheets v1.76.1 http://docbook.sf.net/ --." Date: 09/18/2013 -+." Generator: DocBook XSL Stylesheets v1.78.1 http://docbook.sf.net/ -+." Date: 04/11/2016 - ." Manual: User Commands - ." Source: Samba 3.6 - ." Language: English - ." --.TH "SMBTREE" "1" "09/18/2013" "Samba 3&.6" "User Commands" -+.TH "SMBTREE" "1" "04/11/2016" "Samba 3&.6" "User Commands" - ." ----------------------------------------------------------------- - ." * Define some portability stuff - ." ----------------------------------------------------------------- -@@ -153,7 +153,7 @@ rpcclient - to prompt for a password and type it in directly&. - .RE - .PP ---h|--help -+-?|--help - .RS 4 - Print a summary of command line options&. - .RE -Index: samba-3.6.23/docs/manpages/swat.8 -=================================================================== ---- samba-3.6.23.orig/docs/manpages/swat.8 -+++ samba-3.6.23/docs/manpages/swat.8 -@@ -1,13 +1,13 @@ - '" t - ." Title: swat - ." Author: [see the "AUTHOR" section] --." Generator: DocBook XSL Stylesheets v1.76.1 http://docbook.sf.net/ --." Date: 09/18/2013 -+." Generator: DocBook XSL Stylesheets v1.78.1 http://docbook.sf.net/ -+." Date: 04/11/2016 - ." Manual: System Administration tools - ." Source: Samba 3.6 - ." Language: English - ." --.TH "SWAT" "8" "09/18/2013" "Samba 3&.6" "System Administration tools" -+.TH "SWAT" "8" "04/11/2016" "Samba 3&.6" "System Administration tools" - ." ----------------------------------------------------------------- - ." * Define some portability stuff - ." ----------------------------------------------------------------- -@@ -116,7 +116,7 @@ Base directory name for log/debug files\ - will be appended (e&.g&. log&.smbclient, log&.smbd, etc&.&.&.)&. The log file is never removed by the client&. - .RE - .PP ---h|--help -+-?|--help - .RS 4 - Print a summary of command line options&. - .RE -Index: samba-3.6.23/docs/manpages/tdbbackup.8 -=================================================================== ---- samba-3.6.23.orig/docs/manpages/tdbbackup.8 -+++ samba-3.6.23/docs/manpages/tdbbackup.8 -@@ -1,13 +1,13 @@ - '" t - ." Title: tdbbackup - ." Author: [see the "AUTHOR" section] --." Generator: DocBook XSL Stylesheets v1.76.1 http://docbook.sf.net/ --." Date: 09/18/2013 -+." Generator: DocBook XSL Stylesheets v1.78.1 http://docbook.sf.net/ -+." Date: 04/11/2016 - ." Manual: System Administration tools - ." Source: Samba 3.6 - ." Language: English - ." --.TH "TDBBACKUP" "8" "09/18/2013" "Samba 3&.6" "System Administration tools" -+.TH "TDBBACKUP" "8" "04/11/2016" "Samba 3&.6" "System Administration tools" - ." ----------------------------------------------------------------- - ." * Define some portability stuff - ." ----------------------------------------------------------------- -@@ -84,7 +84,6 @@ Samba &.tdb files are stored in various - .sp -1 - .IP (bu 2.3 - .} -- - secrets&.tdb - - usual location is in the /usr/local/samba/private directory, or on some systems in /etc/samba&. - .RE -@@ -97,7 +96,6 @@ secrets&.tdb - .sp -1 - .IP (bu 2.3 - .} -- - passdb&.tdb - - usual location is in the /usr/local/samba/private directory, or on some systems in /etc/samba&. - .RE -@@ -110,7 +108,6 @@ passdb&.tdb - .sp -1 - .IP (bu 2.3 - .} -- - *&.tdb - located in the /usr/local/samba/var directory or on some systems in the /var/cache or /var/lib/samba directories&. - .RE -Index: samba-3.6.23/docs/manpages/tdbdump.8 -=================================================================== ---- samba-3.6.23.orig/docs/manpages/tdbdump.8 -+++ samba-3.6.23/docs/manpages/tdbdump.8 -@@ -1,13 +1,13 @@ - '" t - ." Title: tdbdump - ." Author: [see the "AUTHOR" section] --." Generator: DocBook XSL Stylesheets v1.76.1 http://docbook.sf.net/ --." Date: 09/18/2013 -+." Generator: DocBook XSL Stylesheets v1.78.1 http://docbook.sf.net/ -+." Date: 04/11/2016 - ." Manual: System Administration tools - ." Source: Samba 3.6 - ." Language: English - ." --.TH "TDBDUMP" "8" "09/18/2013" "Samba 3&.6" "System Administration tools" -+.TH "TDBDUMP" "8" "04/11/2016" "Samba 3&.6" "System Administration tools" - ." ----------------------------------------------------------------- - ." * Define some portability stuff - ." ----------------------------------------------------------------- -Index: samba-3.6.23/docs/manpages/tdbtool.8 -=================================================================== ---- samba-3.6.23.orig/docs/manpages/tdbtool.8 -+++ samba-3.6.23/docs/manpages/tdbtool.8 -@@ -1,13 +1,13 @@ - '" t - ." Title: tdbtool - ." Author: [see the "AUTHOR" section] --." Generator: DocBook XSL Stylesheets v1.76.1 http://docbook.sf.net/ --." Date: 09/18/2013 -+." Generator: DocBook XSL Stylesheets v1.78.1 http://docbook.sf.net/ -+." Date: 04/11/2016 - ." Manual: System Administration tools - ." Source: Samba 3.6 - ." Language: English - ." --.TH "TDBTOOL" "8" "09/18/2013" "Samba 3&.6" "System Administration tools" -+.TH "TDBTOOL" "8" "04/11/2016" "Samba 3&.6" "System Administration tools" - ." ----------------------------------------------------------------- - ." * Define some portability stuff - ." ----------------------------------------------------------------- -Index: samba-3.6.23/docs/manpages/testparm.1 -=================================================================== ---- samba-3.6.23.orig/docs/manpages/testparm.1 -+++ samba-3.6.23/docs/manpages/testparm.1 -@@ -1,13 +1,13 @@ - '" t - ." Title: testparm - ." Author: [see the "AUTHOR" section] --." Generator: DocBook XSL Stylesheets v1.76.1 http://docbook.sf.net/ --." Date: 09/18/2013 -+." Generator: DocBook XSL Stylesheets v1.78.1 http://docbook.sf.net/ -+." Date: 04/11/2016 - ." Manual: User Commands - ." Source: Samba 3.6 - ." Language: English - ." --.TH "TESTPARM" "1" "09/18/2013" "Samba 3&.6" "User Commands" -+.TH "TESTPARM" "1" "04/11/2016" "Samba 3&.6" "User Commands" - ." ----------------------------------------------------------------- - ." * Define some portability stuff - ." ----------------------------------------------------------------- -@@ -66,7 +66,7 @@ testparm - will prompt for a carriage return after printing the service names and before dumping the service definitions&. - .RE - .PP ---h|--help -+-?|--help - .RS 4 - Print a summary of command line options&. - .RE -Index: samba-3.6.23/docs/manpages/vfs_acl_tdb.8 -=================================================================== ---- samba-3.6.23.orig/docs/manpages/vfs_acl_tdb.8 -+++ samba-3.6.23/docs/manpages/vfs_acl_tdb.8 -@@ -1,13 +1,13 @@ - '" t - ." Title: vfs_acl_tdb - ." Author: [see the "AUTHOR" section] --." Generator: DocBook XSL Stylesheets v1.76.1 http://docbook.sf.net/ --." Date: 09/18/2013 -+." Generator: DocBook XSL Stylesheets v1.78.1 http://docbook.sf.net/ -+." Date: 04/11/2016 - ." Manual: System Administration tools - ." Source: Samba 3.6 - ." Language: English - ." --.TH "VFS_ACL_TDB" "8" "09/18/2013" "Samba 3&.6" "System Administration tools" -+.TH "VFS_ACL_TDB" "8" "04/11/2016" "Samba 3&.6" "System Administration tools" - ." ----------------------------------------------------------------- - ." * Define some portability stuff - ." ----------------------------------------------------------------- -Index: samba-3.6.23/docs/manpages/vfs_acl_xattr.8 -=================================================================== ---- samba-3.6.23.orig/docs/manpages/vfs_acl_xattr.8 -+++ samba-3.6.23/docs/manpages/vfs_acl_xattr.8 -@@ -1,13 +1,13 @@ - '" t - ." Title: vfs_acl_xattr - ." Author: [see the "AUTHOR" section] --." Generator: DocBook XSL Stylesheets v1.76.1 http://docbook.sf.net/ --." Date: 09/18/2013 -+." Generator: DocBook XSL Stylesheets v1.78.1 http://docbook.sf.net/ -+." Date: 04/11/2016 - ." Manual: System Administration tools - ." Source: Samba 3.6 - ." Language: English - ." --.TH "VFS_ACL_XATTR" "8" "09/18/2013" "Samba 3&.6" "System Administration tools" -+.TH "VFS_ACL_XATTR" "8" "04/11/2016" "Samba 3&.6" "System Administration tools" - ." ----------------------------------------------------------------- - ." * Define some portability stuff - ." ----------------------------------------------------------------- -Index: samba-3.6.23/docs/manpages/vfs_aio_fork.8 -=================================================================== ---- samba-3.6.23.orig/docs/manpages/vfs_aio_fork.8 -+++ samba-3.6.23/docs/manpages/vfs_aio_fork.8 -@@ -1,13 +1,13 @@ - '" t - ." Title: vfs_aio_fork - ." Author: [see the "AUTHOR" section] --." Generator: DocBook XSL Stylesheets v1.76.1 http://docbook.sf.net/ --." Date: 09/18/2013 -+." Generator: DocBook XSL Stylesheets v1.78.1 http://docbook.sf.net/ -+." Date: 04/11/2016 - ." Manual: System Administration tools - ." Source: Samba 3.6 - ." Language: English - ." --.TH "VFS_AIO_FORK" "8" "09/18/2013" "Samba 3&.6" "System Administration tools" -+.TH "VFS_AIO_FORK" "8" "04/11/2016" "Samba 3&.6" "System Administration tools" - ." ----------------------------------------------------------------- - ." * Define some portability stuff - ." ----------------------------------------------------------------- -Index: samba-3.6.23/docs/manpages/vfs_aio_pthread.8 -=================================================================== ---- samba-3.6.23.orig/docs/manpages/vfs_aio_pthread.8 -+++ samba-3.6.23/docs/manpages/vfs_aio_pthread.8 -@@ -1,13 +1,13 @@ - '" t - ." Title: vfs_aio_pthread - ." Author: [see the "AUTHOR" section] --." Generator: DocBook XSL Stylesheets v1.76.1 http://docbook.sf.net/ --." Date: 09/18/2013 -+." Generator: DocBook XSL Stylesheets v1.78.1 http://docbook.sf.net/ -+." Date: 04/11/2016 - ." Manual: System Administration tools - ." Source: Samba 3.6 - ." Language: English - ." --.TH "VFS_AIO_PTHREAD" "8" "09/18/2013" "Samba 3&.6" "System Administration tools" -+.TH "VFS_AIO_PTHREAD" "8" "04/11/2016" "Samba 3&.6" "System Administration tools" - ." ----------------------------------------------------------------- - ." * Define some portability stuff - ." ----------------------------------------------------------------- -Index: samba-3.6.23/docs/manpages/vfs_audit.8 -=================================================================== ---- samba-3.6.23.orig/docs/manpages/vfs_audit.8 -+++ samba-3.6.23/docs/manpages/vfs_audit.8 -@@ -1,13 +1,13 @@ - '" t - ." Title: vfs_audit - ." Author: [see the "AUTHOR" section] --." Generator: DocBook XSL Stylesheets v1.76.1 http://docbook.sf.net/ --." Date: 09/18/2013 -+." Generator: DocBook XSL Stylesheets v1.78.1 http://docbook.sf.net/ -+." Date: 04/11/2016 - ." Manual: System Administration tools - ." Source: Samba 3.6 - ." Language: English - ." --.TH "VFS_AUDIT" "8" "09/18/2013" "Samba 3&.6" "System Administration tools" -+.TH "VFS_AUDIT" "8" "04/11/2016" "Samba 3&.6" "System Administration tools" - ." ----------------------------------------------------------------- - ." * Define some portability stuff - ." ----------------------------------------------------------------- -Index: samba-3.6.23/docs/manpages/vfs_cacheprime.8 -=================================================================== ---- samba-3.6.23.orig/docs/manpages/vfs_cacheprime.8 -+++ samba-3.6.23/docs/manpages/vfs_cacheprime.8 -@@ -1,13 +1,13 @@ - '" t - ." Title: vfs_cacheprime - ." Author: [see the "AUTHOR" section] --." Generator: DocBook XSL Stylesheets v1.76.1 http://docbook.sf.net/ --." Date: 09/18/2013 -+." Generator: DocBook XSL Stylesheets v1.78.1 http://docbook.sf.net/ -+." Date: 04/11/2016 - ." Manual: System Administration tools - ." Source: Samba 3.6 - ." Language: English - ." --.TH "VFS_CACHEPRIME" "8" "09/18/2013" "Samba 3&.6" "System Administration tools" -+.TH "VFS_CACHEPRIME" "8" "04/11/2016" "Samba 3&.6" "System Administration tools" - ." ----------------------------------------------------------------- - ." * Define some portability stuff - ." ----------------------------------------------------------------- -Index: samba-3.6.23/docs/manpages/vfs_cap.8 -=================================================================== ---- samba-3.6.23.orig/docs/manpages/vfs_cap.8 -+++ samba-3.6.23/docs/manpages/vfs_cap.8 -@@ -1,13 +1,13 @@ - '" t - ." Title: vfs_cap - ." Author: [see the "AUTHOR" section] --." Generator: DocBook XSL Stylesheets v1.76.1 http://docbook.sf.net/ --." Date: 09/18/2013 -+." Generator: DocBook XSL Stylesheets v1.78.1 http://docbook.sf.net/ -+." Date: 04/11/2016 - ." Manual: System Administration tools - ." Source: Samba 3.6 - ." Language: English - ." --.TH "VFS_CAP" "8" "09/18/2013" "Samba 3&.6" "System Administration tools" -+.TH "VFS_CAP" "8" "04/11/2016" "Samba 3&.6" "System Administration tools" - ." ----------------------------------------------------------------- - ." * Define some portability stuff - ." ----------------------------------------------------------------- -Index: samba-3.6.23/docs/manpages/vfs_catia.8 -=================================================================== ---- samba-3.6.23.orig/docs/manpages/vfs_catia.8 -+++ samba-3.6.23/docs/manpages/vfs_catia.8 -@@ -1,13 +1,13 @@ - '" t - ." Title: vfs_catia - ." Author: [see the "AUTHOR" section] --." Generator: DocBook XSL Stylesheets v1.76.1 http://docbook.sf.net/ --." Date: 09/18/2013 -+." Generator: DocBook XSL Stylesheets v1.78.1 http://docbook.sf.net/ -+." Date: 04/11/2016 - ." Manual: System Administration tools - ." Source: Samba 3.6 - ." Language: English - ." --.TH "VFS_CATIA" "8" "09/18/2013" "Samba 3&.6" "System Administration tools" -+.TH "VFS_CATIA" "8" "04/11/2016" "Samba 3&.6" "System Administration tools" - ." ----------------------------------------------------------------- - ." * Define some portability stuff - ." ----------------------------------------------------------------- -Index: samba-3.6.23/docs/manpages/vfs_commit.8 -=================================================================== ---- samba-3.6.23.orig/docs/manpages/vfs_commit.8 -+++ samba-3.6.23/docs/manpages/vfs_commit.8 -@@ -1,13 +1,13 @@ - '" t - ." Title: vfs_commit - ." Author: [see the "AUTHOR" section] --." Generator: DocBook XSL Stylesheets v1.76.1 http://docbook.sf.net/ --." Date: 09/18/2013 -+." Generator: DocBook XSL Stylesheets v1.78.1 http://docbook.sf.net/ -+." Date: 04/11/2016 - ." Manual: System Administration tools - ." Source: Samba 3.6 - ." Language: English - ." --.TH "VFS_COMMIT" "8" "09/18/2013" "Samba 3&.6" "System Administration tools" -+.TH "VFS_COMMIT" "8" "04/11/2016" "Samba 3&.6" "System Administration tools" - ." ----------------------------------------------------------------- - ." * Define some portability stuff - ." ----------------------------------------------------------------- -Index: samba-3.6.23/docs/manpages/vfs_crossrename.8 -=================================================================== ---- samba-3.6.23.orig/docs/manpages/vfs_crossrename.8 -+++ samba-3.6.23/docs/manpages/vfs_crossrename.8 -@@ -1,13 +1,13 @@ - '" t - ." Title: vfs_crossrename - ." Author: [see the "AUTHOR" section] --." Generator: DocBook XSL Stylesheets v1.76.1 http://docbook.sf.net/ --." Date: 09/18/2013 -+." Generator: DocBook XSL Stylesheets v1.78.1 http://docbook.sf.net/ -+." Date: 04/11/2016 - ." Manual: System Administration tools - ." Source: Samba 3.6 - ." Language: English - ." --.TH "VFS_CROSSRENAME" "8" "09/18/2013" "Samba 3&.6" "System Administration tools" -+.TH "VFS_CROSSRENAME" "8" "04/11/2016" "Samba 3&.6" "System Administration tools" - ." ----------------------------------------------------------------- - ." * Define some portability stuff - ." ----------------------------------------------------------------- -Index: samba-3.6.23/docs/manpages/vfs_default_quota.8 -=================================================================== ---- samba-3.6.23.orig/docs/manpages/vfs_default_quota.8 -+++ samba-3.6.23/docs/manpages/vfs_default_quota.8 -@@ -1,13 +1,13 @@ - '" t - ." Title: vfs_default_quota - ." Author: [see the "AUTHOR" section] --." Generator: DocBook XSL Stylesheets v1.76.1 http://docbook.sf.net/ --." Date: 09/18/2013 -+." Generator: DocBook XSL Stylesheets v1.78.1 http://docbook.sf.net/ -+." Date: 04/11/2016 - ." Manual: System Administration tools - ." Source: Samba 3.6 - ." Language: English - ." --.TH "VFS_DEFAULT_QUOTA" "8" "09/18/2013" "Samba 3&.6" "System Administration tools" -+.TH "VFS_DEFAULT_QUOTA" "8" "04/11/2016" "Samba 3&.6" "System Administration tools" - ." ----------------------------------------------------------------- - ." * Define some portability stuff - ." ----------------------------------------------------------------- -Index: samba-3.6.23/docs/manpages/vfs_dirsort.8 -=================================================================== ---- samba-3.6.23.orig/docs/manpages/vfs_dirsort.8 -+++ samba-3.6.23/docs/manpages/vfs_dirsort.8 -@@ -1,13 +1,13 @@ - '" t - ." Title: vfs_dirsort - ." Author: [see the "AUTHOR" section] --." Generator: DocBook XSL Stylesheets v1.76.1 http://docbook.sf.net/ --." Date: 09/18/2013 -+." Generator: DocBook XSL Stylesheets v1.78.1 http://docbook.sf.net/ -+." Date: 04/11/2016 - ." Manual: System Administration tools - ." Source: Samba 3.6 - ." Language: English - ." --.TH "VFS_DIRSORT" "8" "09/18/2013" "Samba 3&.6" "System Administration tools" -+.TH "VFS_DIRSORT" "8" "04/11/2016" "Samba 3&.6" "System Administration tools" - ." ----------------------------------------------------------------- - ." * Define some portability stuff - ." ----------------------------------------------------------------- -Index: samba-3.6.23/docs/manpages/vfs_extd_audit.8 -=================================================================== ---- samba-3.6.23.orig/docs/manpages/vfs_extd_audit.8 -+++ samba-3.6.23/docs/manpages/vfs_extd_audit.8 -@@ -1,13 +1,13 @@ - '" t - ." Title: vfs_extd_audit - ." Author: [see the "AUTHOR" section] --." Generator: DocBook XSL Stylesheets v1.76.1 http://docbook.sf.net/ --." Date: 09/18/2013 -+." Generator: DocBook XSL Stylesheets v1.78.1 http://docbook.sf.net/ -+." Date: 04/11/2016 - ." Manual: System Administration tools - ." Source: Samba 3.6 - ." Language: English - ." --.TH "VFS_EXTD_AUDIT" "8" "09/18/2013" "Samba 3&.6" "System Administration tools" -+.TH "VFS_EXTD_AUDIT" "8" "04/11/2016" "Samba 3&.6" "System Administration tools" - ." ----------------------------------------------------------------- - ." * Define some portability stuff - ." ----------------------------------------------------------------- -Index: samba-3.6.23/docs/manpages/vfs_fake_perms.8 -=================================================================== ---- samba-3.6.23.orig/docs/manpages/vfs_fake_perms.8 -+++ samba-3.6.23/docs/manpages/vfs_fake_perms.8 -@@ -1,13 +1,13 @@ - '" t - ." Title: vfs_fake_perms - ." Author: [see the "AUTHOR" section] --." Generator: DocBook XSL Stylesheets v1.76.1 http://docbook.sf.net/ --." Date: 09/18/2013 -+." Generator: DocBook XSL Stylesheets v1.78.1 http://docbook.sf.net/ -+." Date: 04/11/2016 - ." Manual: System Administration tools - ." Source: Samba 3.6 - ." Language: English - ." --.TH "VFS_FAKE_PERMS" "8" "09/18/2013" "Samba 3&.6" "System Administration tools" -+.TH "VFS_FAKE_PERMS" "8" "04/11/2016" "Samba 3&.6" "System Administration tools" - ." ----------------------------------------------------------------- - ." * Define some portability stuff - ." ----------------------------------------------------------------- -Index: samba-3.6.23/docs/manpages/vfs_fileid.8 -=================================================================== ---- samba-3.6.23.orig/docs/manpages/vfs_fileid.8 -+++ samba-3.6.23/docs/manpages/vfs_fileid.8 -@@ -1,13 +1,13 @@ - '" t - ." Title: vfs_fileid - ." Author: [see the "AUTHOR" section] --." Generator: DocBook XSL Stylesheets v1.76.1 http://docbook.sf.net/ --." Date: 09/18/2013 -+." Generator: DocBook XSL Stylesheets v1.78.1 http://docbook.sf.net/ -+." Date: 04/11/2016 - ." Manual: System Administration tools - ." Source: Samba 3.6 - ." Language: English - ." --.TH "VFS_FILEID" "8" "09/18/2013" "Samba 3&.6" "System Administration tools" -+.TH "VFS_FILEID" "8" "04/11/2016" "Samba 3&.6" "System Administration tools" - ." ----------------------------------------------------------------- - ." * Define some portability stuff - ." ----------------------------------------------------------------- -Index: samba-3.6.23/docs/manpages/vfs_full_audit.8 -=================================================================== ---- samba-3.6.23.orig/docs/manpages/vfs_full_audit.8 -+++ samba-3.6.23/docs/manpages/vfs_full_audit.8 -@@ -1,13 +1,13 @@ - '" t - ." Title: vfs_full_audit - ." Author: [see the "AUTHOR" section] --." Generator: DocBook XSL Stylesheets v1.76.1 http://docbook.sf.net/ --." Date: 09/18/2013 -+." Generator: DocBook XSL Stylesheets v1.78.1 http://docbook.sf.net/ -+." Date: 04/11/2016 - ." Manual: System Administration tools - ." Source: Samba 3.6 - ." Language: English - ." --.TH "VFS_FULL_AUDIT" "8" "09/18/2013" "Samba 3&.6" "System Administration tools" -+.TH "VFS_FULL_AUDIT" "8" "04/11/2016" "Samba 3&.6" "System Administration tools" - ." ----------------------------------------------------------------- - ." * Define some portability stuff - ." ----------------------------------------------------------------- -Index: samba-3.6.23/docs/manpages/vfs_gpfs.8 -=================================================================== ---- samba-3.6.23.orig/docs/manpages/vfs_gpfs.8 -+++ samba-3.6.23/docs/manpages/vfs_gpfs.8 -@@ -1,13 +1,13 @@ - '" t - ." Title: vfs_gpfs - ." Author: [see the "AUTHOR" section] --." Generator: DocBook XSL Stylesheets v1.76.1 http://docbook.sf.net/ --." Date: 09/18/2013 -+." Generator: DocBook XSL Stylesheets v1.78.1 http://docbook.sf.net/ -+." Date: 04/11/2016 - ." Manual: System Administration tools - ." Source: Samba 3.6 - ." Language: English - ." --.TH "VFS_GPFS" "8" "09/18/2013" "Samba 3&.6" "System Administration tools" -+.TH "VFS_GPFS" "8" "04/11/2016" "Samba 3&.6" "System Administration tools" - ." ----------------------------------------------------------------- - ." * Define some portability stuff - ." ----------------------------------------------------------------- -@@ -96,7 +96,6 @@ Enable/Disable cross node sharemode hand - .sp -1 - .IP (bu 2.3 - .} -- - yes(default) - - propagate sharemodes across all GPFS nodes&. - .RE -@@ -109,7 +108,6 @@ yes(default) - .sp -1 - .IP (bu 2.3 - .} -- - no - - do not propagate sharemodes across all GPFS nodes&. This should only be used if the GPFS file system is exclusively exported by Samba&. Access by local unix application or NFS exports could lead to corrupted files&. - .RE -@@ -133,7 +131,6 @@ options to the same value&. - .sp -1 - .IP (bu 2.3 - .} -- - yes(default) - - propagate leases across all GPFS nodes&. - .RE -@@ -146,7 +143,6 @@ yes(default) - .sp -1 - .IP (bu 2.3 - .} -- - no - - do not propagate leases across all GPFS nodes&. This should only be used if the GPFS file system is exclusively exported by Samba&. Access by local unix application or NFS exports could lead to corrupted files&. - .RE -@@ -166,7 +162,6 @@ Enable/Disable announcing if this FS has - .sp -1 - .IP (bu 2.3 - .} -- - no(default) - - Do not announce HSM&. - .RE -@@ -179,7 +174,6 @@ no(default) - .sp -1 - .IP (bu 2.3 - .} -- - no - - Announce HSM&. - .RE -@@ -201,7 +195,6 @@ function&. This improves the casesensit - .sp -1 - .IP (bu 2.3 - .} -- - yes(default) - - use - gpfs_get_realfilename_path()&. -@@ -215,7 +208,6 @@ gpfs_get_realfilename_path()&. - .sp -1 - .IP (bu 2.3 - .} -- - no - - do not use - gpfs_get_realfilename_path()&. It seems that -@@ -238,7 +230,6 @@ Enable/Disable usage of the windows attr - .sp -1 - .IP (bu 2.3 - .} -- - no(default) - - do not use GPFS windows attributes&. - .RE -@@ -251,7 +242,6 @@ no(default) - .sp -1 - .IP (bu 2.3 - .} -- - yes - - use GPFS windows attributes&. - .RE -@@ -271,7 +261,6 @@ GPFS ACLs doesn*(Aqt know about the *( - .sp -1 - .IP (bu 2.3 - .} -- - yes(default) - - map *(AqAPPEND*(Aq to *(AqWRITE*(Aq&. - .RE -@@ -284,7 +273,6 @@ yes(default) - .sp -1 - .IP (bu 2.3 - .} -- - no - - do not map *(AqAPPEND*(Aq to *(AqWRITE*(Aq&. - .RE -@@ -308,7 +296,6 @@ to enable an explicit check for this fla - .sp -1 - .IP (bu 2.3 - .} -- - no(default) - - ignore the DESC_DACL_PROTECTED flags&. - .RE -@@ -321,7 +308,6 @@ no(default) - .sp -1 - .IP (bu 2.3 - .} -- - yes - - reject ACLs with DESC_DACL_PROTECTED&. - .RE -Index: samba-3.6.23/docs/manpages/vfs_netatalk.8 -=================================================================== ---- samba-3.6.23.orig/docs/manpages/vfs_netatalk.8 -+++ samba-3.6.23/docs/manpages/vfs_netatalk.8 -@@ -1,13 +1,13 @@ - '" t - ." Title: vfs_netatalk - ." Author: [see the "AUTHOR" section] --." Generator: DocBook XSL Stylesheets v1.76.1 http://docbook.sf.net/ --." Date: 09/18/2013 -+." Generator: DocBook XSL Stylesheets v1.78.1 http://docbook.sf.net/ -+." Date: 04/11/2016 - ." Manual: System Administration tools - ." Source: Samba 3.6 - ." Language: English - ." --.TH "VFS_NETATALK" "8" "09/18/2013" "Samba 3&.6" "System Administration tools" -+.TH "VFS_NETATALK" "8" "04/11/2016" "Samba 3&.6" "System Administration tools" - ." ----------------------------------------------------------------- - ." * Define some portability stuff - ." ----------------------------------------------------------------- -Index: samba-3.6.23/docs/manpages/vfs_notify_fam.8 -=================================================================== ---- samba-3.6.23.orig/docs/manpages/vfs_notify_fam.8 -+++ samba-3.6.23/docs/manpages/vfs_notify_fam.8 -@@ -1,13 +1,13 @@ - '" t - ." Title: vfs_notify_fam - ." Author: [see the "AUTHOR" section] --." Generator: DocBook XSL Stylesheets v1.76.1 http://docbook.sf.net/ --." Date: 09/18/2013 -+." Generator: DocBook XSL Stylesheets v1.78.1 http://docbook.sf.net/ -+." Date: 04/11/2016 - ." Manual: System Administration tools - ." Source: Samba 3.6 - ." Language: English - ." --.TH "VFS_NOTIFY_FAM" "8" "09/18/2013" "Samba 3&.6" "System Administration tools" -+.TH "VFS_NOTIFY_FAM" "8" "04/11/2016" "Samba 3&.6" "System Administration tools" - ." ----------------------------------------------------------------- - ." * Define some portability stuff - ." ----------------------------------------------------------------- -Index: samba-3.6.23/docs/manpages/vfs_prealloc.8 -=================================================================== ---- samba-3.6.23.orig/docs/manpages/vfs_prealloc.8 -+++ samba-3.6.23/docs/manpages/vfs_prealloc.8 -@@ -1,13 +1,13 @@ - '" t - ." Title: vfs_prealloc - ." Author: [see the "AUTHOR" section] --." Generator: DocBook XSL Stylesheets v1.76.1 http://docbook.sf.net/ --." Date: 09/18/2013 -+." Generator: DocBook XSL Stylesheets v1.78.1 http://docbook.sf.net/ -+." Date: 04/11/2016 - ." Manual: System Administration tools - ." Source: Samba 3.6 - ." Language: English - ." --.TH "VFS_PREALLOC" "8" "09/18/2013" "Samba 3&.6" "System Administration tools" -+.TH "VFS_PREALLOC" "8" "04/11/2016" "Samba 3&.6" "System Administration tools" - ." ----------------------------------------------------------------- - ." * Define some portability stuff - ." ----------------------------------------------------------------- -Index: samba-3.6.23/docs/manpages/vfs_preopen.8 -=================================================================== ---- samba-3.6.23.orig/docs/manpages/vfs_preopen.8 -+++ samba-3.6.23/docs/manpages/vfs_preopen.8 -@@ -1,13 +1,13 @@ - '" t - ." Title: vfs_preopen - ." Author: [see the "AUTHOR" section] --." Generator: DocBook XSL Stylesheets v1.76.1 http://docbook.sf.net/ --." Date: 09/18/2013 -+." Generator: DocBook XSL Stylesheets v1.78.1 http://docbook.sf.net/ -+." Date: 04/11/2016 - ." Manual: System Administration tools - ." Source: Samba 3.6 - ." Language: English - ." --.TH "VFS_PREOPEN" "8" "09/18/2013" "Samba 3&.6" "System Administration tools" -+.TH "VFS_PREOPEN" "8" "04/11/2016" "Samba 3&.6" "System Administration tools" - ." ----------------------------------------------------------------- - ." * Define some portability stuff - ." ----------------------------------------------------------------- -Index: samba-3.6.23/docs/manpages/vfs_readahead.8 -=================================================================== ---- samba-3.6.23.orig/docs/manpages/vfs_readahead.8 -+++ samba-3.6.23/docs/manpages/vfs_readahead.8 -@@ -1,13 +1,13 @@ - '" t - ." Title: vfs_readahead - ." Author: [see the "AUTHOR" section] --." Generator: DocBook XSL Stylesheets v1.76.1 http://docbook.sf.net/ --." Date: 09/18/2013 -+." Generator: DocBook XSL Stylesheets v1.78.1 http://docbook.sf.net/ -+." Date: 04/11/2016 - ." Manual: System Administration tools - ." Source: Samba 3.6 - ." Language: English - ." --.TH "VFS_READAHEAD" "8" "09/18/2013" "Samba 3&.6" "System Administration tools" -+.TH "VFS_READAHEAD" "8" "04/11/2016" "Samba 3&.6" "System Administration tools" - ." ----------------------------------------------------------------- - ." * Define some portability stuff - ." ----------------------------------------------------------------- -Index: samba-3.6.23/docs/manpages/vfs_readonly.8 -=================================================================== ---- samba-3.6.23.orig/docs/manpages/vfs_readonly.8 -+++ samba-3.6.23/docs/manpages/vfs_readonly.8 -@@ -1,13 +1,13 @@ - '" t - ." Title: vfs_readonly - ." Author: [see the "AUTHOR" section] --." Generator: DocBook XSL Stylesheets v1.76.1 http://docbook.sf.net/ --." Date: 09/18/2013 -+." Generator: DocBook XSL Stylesheets v1.78.1 http://docbook.sf.net/ -+." Date: 04/11/2016 - ." Manual: System Administration tools - ." Source: Samba 3.6 - ." Language: English - ." --.TH "VFS_READONLY" "8" "09/18/2013" "Samba 3&.6" "System Administration tools" -+.TH "VFS_READONLY" "8" "04/11/2016" "Samba 3&.6" "System Administration tools" - ." ----------------------------------------------------------------- - ." * Define some portability stuff - ." ----------------------------------------------------------------- -Index: samba-3.6.23/docs/manpages/vfs_recycle.8 -=================================================================== ---- samba-3.6.23.orig/docs/manpages/vfs_recycle.8 -+++ samba-3.6.23/docs/manpages/vfs_recycle.8 -@@ -1,13 +1,13 @@ - '" t - ." Title: vfs_recycle - ." Author: [see the "AUTHOR" section] --." Generator: DocBook XSL Stylesheets v1.76.1 http://docbook.sf.net/ --." Date: 09/18/2013 -+." Generator: DocBook XSL Stylesheets v1.78.1 http://docbook.sf.net/ -+." Date: 04/11/2016 - ." Manual: System Administration tools - ." Source: Samba 3.6 - ." Language: English - ." --.TH "VFS_RECYCLE" "8" "09/18/2013" "Samba 3&.6" "System Administration tools" -+.TH "VFS_RECYCLE" "8" "04/11/2016" "Samba 3&.6" "System Administration tools" - ." ----------------------------------------------------------------- - ." * Define some portability stuff - ." ----------------------------------------------------------------- -Index: samba-3.6.23/docs/manpages/vfs_scannedonly.8 -=================================================================== ---- samba-3.6.23.orig/docs/manpages/vfs_scannedonly.8 -+++ samba-3.6.23/docs/manpages/vfs_scannedonly.8 -@@ -1,13 +1,13 @@ - '" t - ." Title: vfs_scannedonly - ." Author: [see the "AUTHOR" section] --." Generator: DocBook XSL Stylesheets v1.76.1 http://docbook.sf.net/ --." Date: 09/18/2013 -+." Generator: DocBook XSL Stylesheets v1.78.1 http://docbook.sf.net/ -+." Date: 04/11/2016 - ." Manual: System Administration tools - ." Source: Samba 3.6 - ." Language: English - ." --.TH "VFS_SCANNEDONLY" "8" "09/18/2013" "Samba 3&.6" "System Administration tools" -+.TH "VFS_SCANNEDONLY" "8" "04/11/2016" "Samba 3&.6" "System Administration tools" - ." ----------------------------------------------------------------- - ." * Define some portability stuff - ." ----------------------------------------------------------------- -Index: samba-3.6.23/docs/manpages/vfs_shadow_copy2.8 -=================================================================== ---- samba-3.6.23.orig/docs/manpages/vfs_shadow_copy2.8 -+++ samba-3.6.23/docs/manpages/vfs_shadow_copy2.8 -@@ -1,13 +1,13 @@ - '" t - ." Title: vfs_shadow_copy2 - ." Author: [see the "AUTHOR" section] --." Generator: DocBook XSL Stylesheets v1.76.1 http://docbook.sf.net/ --." Date: 09/18/2013 -+." Generator: DocBook XSL Stylesheets v1.78.1 http://docbook.sf.net/ -+." Date: 04/11/2016 - ." Manual: System Administration tools - ." Source: Samba 3.6 - ." Language: English - ." --.TH "VFS_SHADOW_COPY2" "8" "09/18/2013" "Samba 3&.6" "System Administration tools" -+.TH "VFS_SHADOW_COPY2" "8" "04/11/2016" "Samba 3&.6" "System Administration tools" - ." ----------------------------------------------------------------- - ." * Define some portability stuff - ." ----------------------------------------------------------------- -Index: samba-3.6.23/docs/manpages/vfs_shadow_copy.8 -=================================================================== ---- samba-3.6.23.orig/docs/manpages/vfs_shadow_copy.8 -+++ samba-3.6.23/docs/manpages/vfs_shadow_copy.8 -@@ -1,13 +1,13 @@ - '" t - ." Title: vfs_shadow_copy - ." Author: [see the "AUTHOR" section] --." Generator: DocBook XSL Stylesheets v1.76.1 http://docbook.sf.net/ --." Date: 09/18/2013 -+." Generator: DocBook XSL Stylesheets v1.78.1 http://docbook.sf.net/ -+." Date: 04/11/2016 - ." Manual: System Administration tools - ." Source: Samba 3.6 - ." Language: English - ." --.TH "VFS_SHADOW_COPY" "8" "09/18/2013" "Samba 3&.6" "System Administration tools" -+.TH "VFS_SHADOW_COPY" "8" "04/11/2016" "Samba 3&.6" "System Administration tools" - ." ----------------------------------------------------------------- - ." * Define some portability stuff - ." ----------------------------------------------------------------- -Index: samba-3.6.23/docs/manpages/vfs_smb_traffic_analyzer.8 -=================================================================== ---- samba-3.6.23.orig/docs/manpages/vfs_smb_traffic_analyzer.8 -+++ samba-3.6.23/docs/manpages/vfs_smb_traffic_analyzer.8 -@@ -1,13 +1,13 @@ - '" t - ." Title: smb_traffic_analyzer - ." Author: [see the "AUTHOR" section] --." Generator: DocBook XSL Stylesheets v1.76.1 http://docbook.sf.net/ --." Date: 09/18/2013 -+." Generator: DocBook XSL Stylesheets v1.78.1 http://docbook.sf.net/ -+." Date: 04/11/2016 - ." Manual: System Administration tools - ." Source: Samba 3.6 - ." Language: English - ." --.TH "SMB_TRAFFIC_ANALYZER" "8" "09/18/2013" "Samba 3&.6" "System Administration tools" -+.TH "SMB_TRAFFIC_ANALYZER" "8" "04/11/2016" "Samba 3&.6" "System Administration tools" - ." ----------------------------------------------------------------- - ." * Define some portability stuff - ." ----------------------------------------------------------------- -@@ -185,7 +185,6 @@ Several drawbacks have been seen with pr - .sp -1 - .IP (bu 2.3 - .} -- - Problematic parsing - - Protocol version 1 uses hyphen and comma to seperate blocks of data&. Once there is a filename with a hyphen, you will run into problems because the receiver decodes the data in a wrong way&. - .RE -@@ -198,7 +197,6 @@ Protocol version 1 uses hyphen and comma - .sp -1 - .IP (bu 2.3 - .} -- - Insecure network transfer - - Protocol version 1 sends all it*(Aqs data as plaintext over the network&. - .RE -@@ -211,7 +209,6 @@ Protocol version 1 sends all it*(Aqs da - .sp -1 - .IP (bu 2.3 - .} -- - Limited set of supported VFS operations - - Protocol version 1 supports only four VFS operations&. - .RE -@@ -224,7 +221,6 @@ Protocol version 1 supports only four VF - .sp -1 - .IP (bu 2.3 - .} -- - No subreleases of the protocol - - Protocol version 1 is fixed on it*(Aqs version, making it unable to introduce new features or bugfixes through compatible sub-releases&. - .RE -Index: samba-3.6.23/docs/manpages/vfs_streams_depot.8 -=================================================================== ---- samba-3.6.23.orig/docs/manpages/vfs_streams_depot.8 -+++ samba-3.6.23/docs/manpages/vfs_streams_depot.8 -@@ -1,13 +1,13 @@ - '" t - ." Title: vfs_streams_depot - ." Author: [see the "AUTHOR" section] --." Generator: DocBook XSL Stylesheets v1.76.1 http://docbook.sf.net/ --." Date: 09/18/2013 -+." Generator: DocBook XSL Stylesheets v1.78.1 http://docbook.sf.net/ -+." Date: 04/11/2016 - ." Manual: System Administration tools - ." Source: Samba 3.6 - ." Language: English - ." --.TH "VFS_STREAMS_DEPOT" "8" "09/18/2013" "Samba 3&.6" "System Administration tools" -+.TH "VFS_STREAMS_DEPOT" "8" "04/11/2016" "Samba 3&.6" "System Administration tools" - ." ----------------------------------------------------------------- - ." * Define some portability stuff - ." ----------------------------------------------------------------- -Index: samba-3.6.23/docs/manpages/vfs_streams_xattr.8 -=================================================================== ---- samba-3.6.23.orig/docs/manpages/vfs_streams_xattr.8 -+++ samba-3.6.23/docs/manpages/vfs_streams_xattr.8 -@@ -1,13 +1,13 @@ - '" t - ." Title: vfs_streams_xattr - ." Author: [see the "AUTHOR" section] --." Generator: DocBook XSL Stylesheets v1.76.1 http://docbook.sf.net/ --." Date: 09/18/2013 -+." Generator: DocBook XSL Stylesheets v1.78.1 http://docbook.sf.net/ -+." Date: 04/11/2016 - ." Manual: System Administration tools - ." Source: Samba 3.6 - ." Language: English - ." --.TH "VFS_STREAMS_XATTR" "8" "09/18/2013" "Samba 3&.6" "System Administration tools" -+.TH "VFS_STREAMS_XATTR" "8" "04/11/2016" "Samba 3&.6" "System Administration tools" - ." ----------------------------------------------------------------- - ." * Define some portability stuff - ." ----------------------------------------------------------------- -Index: samba-3.6.23/docs/manpages/vfstest.1 -=================================================================== ---- samba-3.6.23.orig/docs/manpages/vfstest.1 -+++ samba-3.6.23/docs/manpages/vfstest.1 -@@ -1,13 +1,13 @@ - '" t - ." Title: vfstest - ." Author: [see the "AUTHOR" section] --." Generator: DocBook XSL Stylesheets v1.76.1 http://docbook.sf.net/ --." Date: 09/18/2013 -+." Generator: DocBook XSL Stylesheets v1.78.1 http://docbook.sf.net/ -+." Date: 04/11/2016 - ." Manual: User Commands - ." Source: Samba 3.6 - ." Language: English - ." --.TH "VFSTEST" "1" "09/18/2013" "Samba 3&.6" "User Commands" -+.TH "VFSTEST" "1" "04/11/2016" "Samba 3&.6" "User Commands" - ." ----------------------------------------------------------------- - ." * Define some portability stuff - ." ----------------------------------------------------------------- -@@ -47,7 +47,7 @@ is a small command line utility that has - Execute the specified (colon-separated) commands&. See below for the commands that are available&. - .RE - .PP ---h|--help -+-?|--help - .RS 4 - Print a summary of command line options&. - .RE -Index: samba-3.6.23/docs/manpages/vfs_time_audit.8 -=================================================================== ---- samba-3.6.23.orig/docs/manpages/vfs_time_audit.8 -+++ samba-3.6.23/docs/manpages/vfs_time_audit.8 -@@ -1,13 +1,13 @@ - '" t - ." Title: vfs_time_audit - ." Author: [see the "AUTHOR" section] --." Generator: DocBook XSL Stylesheets v1.76.1 http://docbook.sf.net/ --." Date: 09/18/2013 -+." Generator: DocBook XSL Stylesheets v1.78.1 http://docbook.sf.net/ -+." Date: 04/11/2016 - ." Manual: System Administration tools - ." Source: Samba 3.6 - ." Language: English - ." --.TH "VFS_TIME_AUDIT" "8" "09/18/2013" "Samba 3&.6" "System Administration tools" -+.TH "VFS_TIME_AUDIT" "8" "04/11/2016" "Samba 3&.6" "System Administration tools" - ." ----------------------------------------------------------------- - ." * Define some portability stuff - ." ----------------------------------------------------------------- -Index: samba-3.6.23/docs/manpages/vfs_xattr_tdb.8 -=================================================================== ---- samba-3.6.23.orig/docs/manpages/vfs_xattr_tdb.8 -+++ samba-3.6.23/docs/manpages/vfs_xattr_tdb.8 -@@ -1,13 +1,13 @@ - '" t - ." Title: vfs_xattr_tdb - ." Author: [see the "AUTHOR" section] --." Generator: DocBook XSL Stylesheets v1.76.1 http://docbook.sf.net/ --." Date: 09/18/2013 -+." Generator: DocBook XSL Stylesheets v1.78.1 http://docbook.sf.net/ -+." Date: 04/11/2016 - ." Manual: System Administration tools - ." Source: Samba 3.6 - ." Language: English - ." --.TH "VFS_XATTR_TDB" "8" "09/18/2013" "Samba 3&.6" "System Administration tools" -+.TH "VFS_XATTR_TDB" "8" "04/11/2016" "Samba 3&.6" "System Administration tools" - ." ----------------------------------------------------------------- - ." * Define some portability stuff - ." ----------------------------------------------------------------- -Index: samba-3.6.23/docs/manpages/wbinfo.1 -=================================================================== ---- samba-3.6.23.orig/docs/manpages/wbinfo.1 -+++ samba-3.6.23/docs/manpages/wbinfo.1 -@@ -1,13 +1,13 @@ - '" t - ." Title: wbinfo - ." Author: [see the "AUTHOR" section] --." Generator: DocBook XSL Stylesheets v1.76.1 http://docbook.sf.net/ --." Date: 09/18/2013 -+." Generator: DocBook XSL Stylesheets v1.78.1 http://docbook.sf.net/ -+." Date: 04/11/2016 - ." Manual: User Commands - ." Source: Samba 3.6 - ." Language: English - ." --.TH "WBINFO" "1" "09/18/2013" "Samba 3&.6" "User Commands" -+.TH "WBINFO" "1" "04/11/2016" "Samba 3&.6" "User Commands" - ." ----------------------------------------------------------------- - ." * Define some portability stuff - ." ----------------------------------------------------------------- -@@ -206,8 +206,7 @@ The - option queries - \fBwinbindd\fR(8) - for the SID associated with the name specified&. Domain names can be specified before the user name by using the winbind separator character&. For example CWDOM1/Administrator refers to the Administrator user in the domain CWDOM1&. If no domain is specified then the domain used is the one specified in the --\fBsmb.conf\fR(5) --\fIworkgroup \fR -+\fBsmb.conf\fR(5)\fIworkgroup \fR - parameter&. - .RE - .PP -@@ -360,7 +359,7 @@ then the operation will fail&. - Prints the program version number&. - .RE - .PP ---h|--help -+-?|--help - .RS 4 - Print a summary of command line options&. - .RE -Index: samba-3.6.23/docs/manpages/winbindd.8 -=================================================================== ---- samba-3.6.23.orig/docs/manpages/winbindd.8 -+++ samba-3.6.23/docs/manpages/winbindd.8 -@@ -1,13 +1,13 @@ - '" t - ." Title: winbindd - ." Author: [see the "AUTHOR" section] --." Generator: DocBook XSL Stylesheets v1.76.1 http://docbook.sf.net/ --." Date: 09/18/2013 -+." Generator: DocBook XSL Stylesheets v1.78.1 http://docbook.sf.net/ -+." Date: 04/11/2016 - ." Manual: System Administration tools - ." Source: Samba 3.6 - ." Language: English - ." --.TH "WINBINDD" "8" "09/18/2013" "Samba 3&.6" "System Administration tools" -+.TH "WINBINDD" "8" "04/11/2016" "Samba 3&.6" "System Administration tools" - ." ----------------------------------------------------------------- - ." * Define some portability stuff - ." ----------------------------------------------------------------- -@@ -207,7 +207,7 @@ Base directory name for log/debug files\ - will be appended (e&.g&. log&.smbclient, log&.smbd, etc&.&.&.)&. The log file is never removed by the client&. - .RE - .PP ---h|--help -+-?|--help - .RS 4 - Print a summary of command line options&. - .RE -@@ -254,7 +254,6 @@ file&. All parameters should be specifi - .sp -1 - .IP (bu 2.3 - .} -- - \m[blue]\fBwinbind separator\fR\m[] - .RE - .sp -@@ -266,7 +265,6 @@ file&. All parameters should be specifi - .sp -1 - .IP (bu 2.3 - .} -- - \m[blue]\fBidmap config * : range\fR\m[] - .RE - .sp -@@ -278,7 +276,6 @@ file&. All parameters should be specifi - .sp -1 - .IP (bu 2.3 - .} -- - \m[blue]\fBidmap config * : backend\fR\m[] - .RE - .sp -@@ -290,7 +287,6 @@ file&. All parameters should be specifi - .sp -1 - .IP (bu 2.3 - .} -- - \m[blue]\fBwinbind cache time\fR\m[] - .RE - .sp -@@ -302,7 +298,6 @@ file&. All parameters should be specifi - .sp -1 - .IP (bu 2.3 - .} -- - \m[blue]\fBwinbind enum users\fR\m[] - .RE - .sp -@@ -314,7 +309,6 @@ file&. All parameters should be specifi - .sp -1 - .IP (bu 2.3 - .} -- - \m[blue]\fBwinbind enum groups\fR\m[] - .RE - .sp -@@ -326,7 +320,6 @@ file&. All parameters should be specifi - .sp -1 - .IP (bu 2.3 - .} -- - \m[blue]\fBtemplate homedir\fR\m[] - .RE - .sp -@@ -338,7 +331,6 @@ file&. All parameters should be specifi - .sp -1 - .IP (bu 2.3 - .} -- - \m[blue]\fBtemplate shell\fR\m[] - .RE - .sp -@@ -350,7 +342,6 @@ file&. All parameters should be specifi - .sp -1 - .IP (bu 2.3 - .} -- - \m[blue]\fBwinbind use default domain\fR\m[] - .RE - .sp -@@ -362,7 +353,6 @@ file&. All parameters should be specifi - .sp -1 - .IP (bu 2.3 - .} -- - \m[blue]\fBwinbind: rpc only\fR\m[] - Setting this parameter forces winbindd to use RPC instead of LDAP to retrieve information from Domain Controllers&. - .RE -Index: samba-3.6.23/docs/manpages/winbind_krb5_locator.7 -=================================================================== ---- samba-3.6.23.orig/docs/manpages/winbind_krb5_locator.7 -+++ samba-3.6.23/docs/manpages/winbind_krb5_locator.7 -@@ -1,13 +1,13 @@ - '" t - ." Title: winbind_krb5_locator - ." Author: [see the "AUTHOR" section] --." Generator: DocBook XSL Stylesheets v1.76.1 http://docbook.sf.net/ --." Date: 09/18/2013 -+." Generator: DocBook XSL Stylesheets v1.78.1 http://docbook.sf.net/ -+." Date: 04/11/2016 - ." Manual: 7 - ." Source: Samba 3.6 - ." Language: English - ." --.TH "WINBIND_KRB5_LOCATOR" "7" "09/18/2013" "Samba 3&.6" "7" -+.TH "WINBIND_KRB5_LOCATOR" "7" "04/11/2016" "Samba 3&.6" "7" - ." ----------------------------------------------------------------- - ." * Define some portability stuff - ." ----------------------------------------------------------------- -@@ -35,7 +35,6 @@ This plugin is part of the - \fBsamba\fR(7) - suite&. - .PP -- - winbind_krb5_locator - is a plugin that permits MIT and Heimdal Kerberos libraries to detect Kerberos Servers (for the KDC and kpasswd service) using the same semantics that other tools of the Samba suite use&. This include site-aware DNS service record lookups and caching of closest dc&. The plugin uses the public locator API provided by most modern Kerberos implementations&. - .SH "PREREQUISITES" diff --git a/src/patches/samba/samba-3.2.0pre1-grouppwd.patch b/src/patches/samba/samba-3.2.0pre1-grouppwd.patch deleted file mode 100644 index b19a020e7..000000000 --- a/src/patches/samba/samba-3.2.0pre1-grouppwd.patch +++ /dev/null @@ -1,13 +0,0 @@ -Index: samba-3.6.22/source3/winbindd/winbindd_group.c -=================================================================== ---- samba-3.6.22.orig/source3/winbindd/winbindd_group.c -+++ samba-3.6.22/source3/winbindd/winbindd_group.c -@@ -69,7 +69,7 @@ bool fill_grent(TALLOC_CTX *mem_ctx, str - /* Group name and password */ - - safe_strcpy(gr->gr_name, full_group_name, sizeof(gr->gr_name) - 1); -- safe_strcpy(gr->gr_passwd, "x", sizeof(gr->gr_passwd) - 1); -+ safe_strcpy(gr->gr_passwd, "*", sizeof(gr->gr_passwd) - 1); - - return True; - } diff --git a/src/patches/samba/samba-3.2.0pre1-pipedir.patch b/src/patches/samba/samba-3.2.0pre1-pipedir.patch deleted file mode 100644 index a138c706e..000000000 --- a/src/patches/samba/samba-3.2.0pre1-pipedir.patch +++ /dev/null @@ -1,13 +0,0 @@ -Index: samba-3.6.6/nsswitch/winbind_struct_protocol.h -=================================================================== ---- samba-3.6.6.orig/nsswitch/winbind_struct_protocol.h -+++ samba-3.6.6/nsswitch/winbind_struct_protocol.h -@@ -29,7 +29,7 @@ typedef char fstring[FSTRING_LEN]; - * is needed for launchd support -- jpeach. - */ - #ifndef WINBINDD_SOCKET_DIR --#define WINBINDD_SOCKET_DIR "/tmp/.winbindd" /* Name of PF_UNIX dir */ -+#define WINBINDD_SOCKET_DIR "/var/run/winbindd" /* Name of PF_UNIX dir */ - #endif - - /* diff --git a/src/patches/samba/samba-3.2.5-inotify.patch b/src/patches/samba/samba-3.2.5-inotify.patch deleted file mode 100644 index e215f5bcc..000000000 --- a/src/patches/samba/samba-3.2.5-inotify.patch +++ /dev/null @@ -1,49 +0,0 @@ -Index: samba-3.6.6/source3/smbd/notify_inotify.c -=================================================================== ---- samba-3.6.6.orig/source3/smbd/notify_inotify.c -+++ samba-3.6.6/source3/smbd/notify_inotify.c -@@ -77,6 +77,7 @@ struct inotify_private { - struct sys_notify_context *ctx; - int fd; - struct inotify_watch_context *watches; -+ bool broken_inotify; /* Late stop for broken system */ - }; - - struct inotify_watch_context { -@@ -241,8 +242,15 @@ static void inotify_handler(struct event - filenames, and thus can't know how much to allocate - otherwise - */ -- if (ioctl(in->fd, FIONREAD, &bufsize) != 0 || -- bufsize == 0) { -+ if ((ioctl(in->fd, FIONREAD, &bufsize) != 0) && (errno == EACCES)) { -+ /* -+ * Workaround for broken system (SELinux policy bug fixed since long but it is always better not to loop on EACCES) -+ */ -+ TALLOC_FREE(fde); -+ in->broken_inotify = True; -+ return; -+ } -+ if (bufsize == 0) { - DEBUG(0,("No data on inotify fd?!\n")); - TALLOC_FREE(fde); - return; -@@ -300,6 +308,7 @@ static NTSTATUS inotify_setup(struct sys - } - in->ctx = ctx; - in->watches = NULL; -+ in->broken_inotify = False; - - ctx->private_data = in; - talloc_set_destructor(in, inotify_destructor); -@@ -394,6 +403,10 @@ NTSTATUS inotify_watch(struct sys_notify - - in = talloc_get_type(ctx->private_data, struct inotify_private); - -+ if (in->broken_inotify) { -+ return NT_STATUS_OK; -+ } -+ - mask = inotify_map(e); - if (mask == 0) { - /* this filter can't be handled by inotify */ diff --git a/src/patches/samba/samba-3.5.11-docs.patch b/src/patches/samba/samba-3.5.11-docs.patch deleted file mode 100644 index 35db3dcc5..000000000 --- a/src/patches/samba/samba-3.5.11-docs.patch +++ /dev/null @@ -1,70 +0,0 @@ -From 337e286f110f594f02ea6780900e0a95ec6794c2 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?G=C3=BCnther=20Deschner?= gd@samba.org -Date: Fri, 5 Aug 2011 12:25:52 +0200 -Subject: [PATCH] s3-docs: document --user-sidinfo wbinfo option. - -Guenther ---- - docs-xml/manpages-3/wbinfo.1.xml | 8 ++++++++ - 1 files changed, 8 insertions(+), 0 deletions(-) - -Index: samba-3.6.22/docs-xml/manpages-3/wbinfo.1.xml -=================================================================== ---- samba-3.6.22.orig/docs-xml/manpages-3/wbinfo.1.xml -+++ samba-3.6.22/docs-xml/manpages-3/wbinfo.1.xml -@@ -47,7 +47,7 @@ - <arg choide="opt">--online-status</arg> - <arg choice="opt">--own-domain</arg> - <arg choice="opt">-p</arg> -- <arg choice="opt">-P|--ping-dc</arg> -+ <arg choice="opt">--ping-dc</arg> - <arg choice="opt">-r user</arg> - <arg choide="opt">-R|--lookup-rids</arg> - <arg choice="opt">-s sid</arg> -@@ -61,6 +61,7 @@ - <arg choice="opt">--uid-info uid</arg> - <arg choide="opt">--usage</arg> - <arg choice="opt">--user-domgroups sid</arg> -+ <arg choice="opt">--user-sidinfo sid</arg> - <arg choice="opt">--user-sids sid</arg> - <arg choice="opt">-U uid</arg> - <arg choice="opt">-V</arg> -@@ -414,6 +415,13 @@ - </varlistentry> - - <varlistentry> -+ <term>--user-sidinfo <replaceable>sid</replaceable></term> -+ <listitem><para>Get user info by sid. -+ </para></listitem> -+ </varlistentry> -+ -+ -+ <varlistentry> - <term>--user-sids <replaceable>sid</replaceable></term> - <listitem><para>Get user group SIDs for user. - </para></listitem> -Index: samba-3.6.22/docs/manpages/wbinfo.1 -=================================================================== ---- samba-3.6.22.orig/docs/manpages/wbinfo.1 -+++ samba-3.6.22/docs/manpages/wbinfo.1 -@@ -31,7 +31,7 @@ - wbinfo - Query information from winbind daemon - .SH "SYNOPSIS" - .HP \w'\ 'u --wbinfo [-a\ user%password] [--all-domains] [--allocate-gid] [--allocate-uid] [-c] [--ccache-save] [--change-user-password] [-D\ domain] [--domain\ domain] [--dsgetdcname\ domain] [-g] [--getdcname\ domain] [--get-auth-user] [-G\ gid] [--gid-info] [--group-info] [--help|-?] [-i\ user] [-I\ ip] [-K\ user%password] [--lanman] [-m] [-n\ name] [-N\ netbios-name] [--ntlmv2] [--online-status] [--own-domain] [-p] [-P|--ping-dc] [-r\ user] [-R|--lookup-rids] [-s\ sid] [--separator] [--set-auth-user\ user%password] [-S\ sid] [--sid-aliases] [--sid-to-fullname] [-t] [-u] [--uid-info\ uid] [--usage] [--user-domgroups\ sid] [--user-sids\ sid] [-U\ uid] [-V] [--verbose] [-Y\ sid] -+wbinfo [-a\ user%password] [--all-domains] [--allocate-gid] [--allocate-uid] [-c] [--ccache-save] [--change-user-password] [-D\ domain] [--domain\ domain] [--dsgetdcname\ domain] [-g] [--getdcname\ domain] [--get-auth-user] [-G\ gid] [--gid-info] [--group-info] [--help|-?] [-i\ user] [-I\ ip] [-K\ user%password] [--lanman] [-m] [-n\ name] [-N\ netbios-name] [--ntlmv2] [--online-status] [--own-domain] [-p] [--ping-dc] [-r\ user] [-R|--lookup-rids] [-s\ sid] [--separator] [--set-auth-user\ user%password] [-S\ sid] [--sid-aliases] [--sid-to-fullname] [-t] [-u] [--uid-info\ uid] [--usage] [--user-domgroups\ sid] [--user-sidinfo\ sid] [--user-sids\ sid] [-U\ uid] [-V] [--verbose] [-Y\ sid] - .SH "DESCRIPTION" - .PP - This tool is part of the -@@ -328,6 +328,11 @@ Print brief help overview&. - Get user domain groups&. - .RE - .PP -+--user-sidinfo \fIsid\fR -+.RS 4 -+Get user info by sid&. -+.RE -+.PP - --user-sids \fIsid\fR - .RS 4 - Get user group SIDs for user&. diff --git a/src/patches/samba/samba-3.5.11-idmapdebug.patch b/src/patches/samba/samba-3.5.11-idmapdebug.patch deleted file mode 100644 index 44da0ff9d..000000000 --- a/src/patches/samba/samba-3.5.11-idmapdebug.patch +++ /dev/null @@ -1,26 +0,0 @@ -Index: samba-3.6.6/source3/winbindd/idmap.c -=================================================================== ---- samba-3.6.6.orig/source3/winbindd/idmap.c -+++ samba-3.6.6/source3/winbindd/idmap.c -@@ -129,7 +129,7 @@ NTSTATUS smb_register_idmap(int version, - - for (entry = backends; entry != NULL; entry = entry->next) { - if (strequal(entry->name, name)) { -- DEBUG(0,("Idmap module %s already registered!\n", -+ DEBUG(5,("Idmap module %s already registered!\n", - name)); - return NT_STATUS_OBJECT_NAME_COLLISION; - } -Index: samba-3.6.6/source3/winbindd/nss_info.c -=================================================================== ---- samba-3.6.6.orig/source3/winbindd/nss_info.c -+++ samba-3.6.6/source3/winbindd/nss_info.c -@@ -66,7 +66,7 @@ static struct nss_function_entry *nss_ge - } - - if ( nss_get_backend(name) ) { -- DEBUG(0,("smb_register_idmap_nss: idmap module %s " -+ DEBUG(5,("smb_register_idmap_nss: idmap module %s " - "already registered!\n", name)); - return NT_STATUS_OBJECT_NAME_COLLISION; - } diff --git a/src/patches/samba/samba-3.5.11-nss_info_doc.patch b/src/patches/samba/samba-3.5.11-nss_info_doc.patch deleted file mode 100644 index 50051a007..000000000 --- a/src/patches/samba/samba-3.5.11-nss_info_doc.patch +++ /dev/null @@ -1,75 +0,0 @@ -From 47871b11df083ec6936599e1196a553379c044b3 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?G=C3=BCnther=20Deschner?= gd@samba.org -Date: Wed, 19 Oct 2011 00:19:58 +0200 -Subject: [PATCH 1/2] s3-docs: Document Services for Unix 2.0 (sfu20) nss_info - ldap schema support. - -Guenther ---- - docs-xml/manpages-3/idmap_ad.8.xml | 4 +++- - docs-xml/smbdotconf/winbind/winbindnssinfo.xml | 5 +++-- - 2 files changed, 6 insertions(+), 3 deletions(-) - -Index: samba-3.6.22/docs-xml/manpages-3/idmap_ad.8.xml -=================================================================== ---- samba-3.6.22.orig/docs-xml/manpages-3/idmap_ad.8.xml -+++ samba-3.6.22/docs-xml/manpages-3/idmap_ad.8.xml -@@ -63,12 +63,17 @@ - </para></listitem> - </varlistentry> - <varlistentry> -- <term>schema_mode = <rfc2307 | sfu ></term> -+ <term>schema_mode = <rfc2307 | sfu | sfu20></term> - <listitem><para> - Defines the schema that idmap_ad should use when querying - Active Directory regarding user and group information. - This can be either the RFC2307 schema support included - in Windows 2003 R2 or the Service for Unix (SFU) schema. -+ For SFU 3.0 or 3.5 please choose "sfu", for SFU 2.0 -+ please choose "sfu20". -+ -+ Please note that primary group membership is currently always calculated -+ via the "primaryGroupID" LDAP attribute. - </para></listitem> - </varlistentry> - </variablelist> -Index: samba-3.6.22/docs-xml/smbdotconf/winbind/winbindnssinfo.xml -=================================================================== ---- samba-3.6.22.orig/docs-xml/smbdotconf/winbind/winbindnssinfo.xml -+++ samba-3.6.22/docs-xml/smbdotconf/winbind/winbindnssinfo.xml -@@ -18,14 +18,16 @@ - </listitem> - - <listitem> -- <para><parameter moreinfo="none"><sfu | rfc2307 ></parameter> -+ <para><parameter moreinfo="none"><sfu | sfu20 | rfc2307 ></parameter> - - When Samba is running in security = ads and your Active Directory - Domain Controller does support the Microsoft "Services for Unix" (SFU) - LDAP schema, winbind can retrieve the login shell and the home -- directory attributes directly from your Directory Server. Note that -+ directory attributes directly from your Directory Server. For SFU 3.0 or 3.5 simply choose -+ "sfu", if you use SFU 2.0 please choose "sfu20". Note that - retrieving UID and GID from your ADS-Server requires to - use <parameter moreinfo="none">idmap config DOMAIN:backend</parameter> = ad -- as well. -+ as well. The primary group membership is currently -+ always calculated via the "primaryGroupID" LDAP attribute. - </para> - </listitem> - </itemizedlist> -Index: samba-3.6.22/docs/manpages/idmap_ad.8 -=================================================================== ---- samba-3.6.22.orig/docs/manpages/idmap_ad.8 -+++ samba-3.6.22/docs/manpages/idmap_ad.8 -@@ -48,9 +48,9 @@ range = low - high - Defines the available matching UID and GID range for which the backend is authoritative&. Note that the range acts as a filter&. If specified any UID or GID stored in AD that fall outside the range is ignored and the corresponding map is discarded&. It is intended as a way to avoid accidental UID/GID overlaps between local and remotely defined IDs&. - .RE - .PP --schema_mode = <rfc2307 | sfu > -+schema_mode = <rfc2307 | sfu | sfu20> - .RS 4 --Defines the schema that idmap_ad should use when querying Active Directory regarding user and group information&. This can be either the RFC2307 schema support included in Windows 2003 R2 or the Service for Unix (SFU) schema&. -+Defines the schema that idmap_ad should use when querying Active Directory regarding user and group information&. This can be either the RFC2307 schema support included in Windows 2003 R2 or the Service for Unix (SFU) schema&. For SFU 3&.0 or 3&.5 please choose "sfu", for SFU 2&.0 please choose "sfu20"&. Please note that primary group membership is currently always calculated via the "primaryGroupID" LDAP attribute&. - .RE - .SH "EXAMPLES" - .PP diff --git a/src/patches/samba/samba-3.5.11-wbinfo_manpage.patch b/src/patches/samba/samba-3.5.11-wbinfo_manpage.patch deleted file mode 100644 index 635553368..000000000 --- a/src/patches/samba/samba-3.5.11-wbinfo_manpage.patch +++ /dev/null @@ -1,65 +0,0 @@ -From 21027216d43c33fac220746c32acff6b355c4e7d Mon Sep 17 00:00:00 2001 -From: Christian Ambach ambi@samba.org -Date: Fri, 30 Sep 2011 17:07:05 +0200 -Subject: [PATCH] s3-docs: some corrections for wbinfo - -Parameters for --group-info and --gid-info were not listed -properly in the SYNOPSIS and the OPTIONS section - -Autobuild-User: Christian Ambach ambi@samba.org -Autobuild-Date: Fri Sep 30 18:44:34 CEST 2011 on sn-devel-104 ---- - docs-xml/manpages-3/wbinfo.1.xml | 8 ++++---- - 1 files changed, 4 insertions(+), 4 deletions(-) - -Index: samba-3.6.6/docs-xml/manpages-3/wbinfo.1.xml -=================================================================== ---- samba-3.6.6.orig/docs-xml/manpages-3/wbinfo.1.xml -+++ samba-3.6.6/docs-xml/manpages-3/wbinfo.1.xml -@@ -33,8 +33,8 @@ - <arg choice="opt">--getdcname domain</arg> - <arg choice="opt">--get-auth-user</arg> - <arg choice="opt">-G gid</arg> -- <arg choide="opt">--gid-info</arg> -- <arg choide="opt">--group-info</arg> -+ <arg choide="opt">--gid-info gid</arg> -+ <arg choide="opt">--group-info group</arg> - <arg choice="opt">--help|-?</arg> - <arg choice="opt">-i user</arg> - <arg choice="opt">-I ip</arg> -@@ -171,8 +171,8 @@ - </varlistentry> - - <varlistentry> -- <term>--group-info <replaceable>user</replaceable></term> -- <listitem><para>Get group info for user. -+ <term>--group-info <replaceable>group</replaceable></term> -+ <listitem><para>Get group info from group name. - </para></listitem> - </varlistentry> - -Index: samba-3.6.6/docs/manpages/wbinfo.1 -=================================================================== ---- samba-3.6.6.orig/docs/manpages/wbinfo.1 -+++ samba-3.6.6/docs/manpages/wbinfo.1 -@@ -31,7 +31,7 @@ - wbinfo - Query information from winbind daemon - .SH "SYNOPSIS" - .HP \w'\ 'u --wbinfo [-a\ user%password] [--all-domains] [--allocate-gid] [--allocate-uid] [-c] [--ccache-save] [--change-user-password] [-D\ domain] [--domain\ domain] [--dsgetdcname\ domain] [-g] [--getdcname\ domain] [--get-auth-user] [-G\ gid] [--gid-info] [--group-info] [--help|-?] [-i\ user] [-I\ ip] [-K\ user%password] [--lanman] [-m] [-n\ name] [-N\ netbios-name] [--ntlmv2] [--online-status] [--own-domain] [-p] [--ping-dc] [-r\ user] [-R|--lookup-rids] [-s\ sid] [--separator] [--set-auth-user\ user%password] [-S\ sid] [--sid-aliases] [--sid-to-fullname] [-t] [-u] [--uid-info\ uid] [--usage] [--user-domgroups\ sid] [--user-sidinfo\ sid] [--user-sids\ sid] [-U\ uid] [-V] [--verbose] [-Y\ sid] -+wbinfo [-a\ user%password] [--all-domains] [--allocate-gid] [--allocate-uid] [-c] [--ccache-save] [--change-user-password] [-D\ domain] [--domain\ domain] [--dsgetdcname\ domain] [-g] [--getdcname\ domain] [--get-auth-user] [-G\ gid] [--gid-info\ gid] [--group-info\ group] [--help|-?] [-i\ user] [-I\ ip] [-K\ user%password] [--lanman] [-m] [-n\ name] [-N\ netbios-name] [--ntlmv2] [--online-status] [--own-domain] [-p] [--ping-dc] [-r\ user] [-R|--lookup-rids] [-s\ sid] [--separator] [--set-auth-user\ user%password] [-S\ sid] [--sid-aliases] [--sid-to-fullname] [-t] [-u] [--uid-info\ uid] [--usage] [--user-domgroups\ sid] [--user-sidinfo\ sid] [--user-sids\ sid] [-U\ uid] [-V] [--verbose] [-Y\ sid] - .SH "DESCRIPTION" - .PP - This tool is part of the -@@ -130,9 +130,9 @@ Find a DC for a domain&. - Get group info from gid&. - .RE - .PP ----group-info \fIuser\fR -+--group-info \fIgroup\fR - .RS 4 --Get group info for user&. -+Get group info from group name&. - .RE - .PP - -g|--domain-groups diff --git a/src/patches/samba/samba-3.5.12-dns.patch b/src/patches/samba/samba-3.5.12-dns.patch deleted file mode 100644 index d655a8254..000000000 --- a/src/patches/samba/samba-3.5.12-dns.patch +++ /dev/null @@ -1,27 +0,0 @@ -From 1b0421a1a3d2b2e0168c0957864c16adf93e326d Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?G=C3=BCnther=20Deschner?= gd@samba.org -Date: Wed, 21 Dec 2011 15:47:35 +0100 -Subject: [PATCH] s3-dns: prevent from potentially doing wrong SRV DNS - lookups. - -With an empty sitename we asked for e.g. -_ldap._tcp.._sites.dc._msdcs.AD.EXAMPLE.COM - -Guenther ---- - source3/libads/dns.c | 2 +- - 1 files changed, 1 insertions(+), 1 deletions(-) - -Index: samba-3.6.6/source3/libads/dns.c -=================================================================== ---- samba-3.6.6.orig/source3/libads/dns.c -+++ samba-3.6.6/source3/libads/dns.c -@@ -741,7 +741,7 @@ static NTSTATUS ads_dns_query_internal(T - int *numdcs ) - { - char *name; -- if (sitename) { -+ if (sitename && strlen(sitename)) { - name = talloc_asprintf(ctx, "%s._tcp.%s._sites.%s._msdcs.%s", - servicename, sitename, - dc_pdc_gc_domains, realm); diff --git a/src/patches/samba/samba-3.5.12-pam_radio_type.patch b/src/patches/samba/samba-3.5.12-pam_radio_type.patch deleted file mode 100644 index 624b73f26..000000000 --- a/src/patches/samba/samba-3.5.12-pam_radio_type.patch +++ /dev/null @@ -1,31 +0,0 @@ -From 516ba47988f00f83dd4ee53556e0be6463de88ec Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?G=C3=BCnther=20Deschner?= gd@samba.org -Date: Thu, 5 Apr 2012 14:05:00 +0200 -Subject: [PATCH] nsswitch: disable HAVE_PAM_RADIO_TYPE handling until proper - PAM_RADIO_TYPE handling is available. - - This is needed that gdm doesn't crash. - -Guenther ---- - nsswitch/pam_winbind.c | 4 +++- - 1 files changed, 3 insertions(+), 1 deletions(-) - -diff --git a/nsswitch/pam_winbind.c b/nsswitch/pam_winbind.c -index b802036..0ed91d8 100644 ---- a/nsswitch/pam_winbind.c -+++ b/nsswitch/pam_winbind.c -@@ -807,7 +807,9 @@ static int wbc_auth_error_to_pam_error(struct pwb_context *ctx, - return pam_winbind_request_log(ctx, ret, username, fn); - } - --#if defined(HAVE_PAM_RADIO_TYPE) -+#if 0 -+/* #if defined(HAVE_PAM_RADIO_TYPE) currently disabled until proper -+ * PAM_RADIO_TYPE is implemented - gd */ - static bool _pam_winbind_change_pwd(struct pwb_context *ctx) - { - struct pam_message msg, *pmsg; --- -1.7.7.6 - diff --git a/src/patches/samba/samba-3.6.18-fix_net_ads_join_segfault.patch b/src/patches/samba/samba-3.6.18-fix_net_ads_join_segfault.patch deleted file mode 100644 index dac2edeaf..000000000 --- a/src/patches/samba/samba-3.6.18-fix_net_ads_join_segfault.patch +++ /dev/null @@ -1,40 +0,0 @@ -From 814b2c730b2f38767712a005bf328a4a04478f63 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?G=C3=BCnther=20Deschner?= gd@samba.org -Date: Fri, 17 May 2013 15:14:35 +0200 -Subject: [PATCH 1/2] s3-libads: Fail - create_local_private_krb5_conf_for_domain() if parameters missing. -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Guenther - -Signed-off-by: Günther Deschner gd@samba.org -Reviewed-by: Stefan Metzmacher metze@samba.org -Reviewed-by: Andreas Schneider asn@samba.org -(cherry picked from commit 6dc7c63efa95d0c04b542667d9b6a6621c8139bf) ---- - source3/libads/kerberos.c | 4 ++++ - 1 file changed, 4 insertions(+) - -Index: samba-3.6.22/source3/libads/kerberos.c -=================================================================== ---- samba-3.6.22.orig/source3/libads/kerberos.c -+++ samba-3.6.22/source3/libads/kerberos.c -@@ -866,6 +866,16 @@ bool create_local_private_krb5_conf_for_ - return false; - } - -+ if (realm == NULL) { -+ DEBUG(0, ("No realm has been specified! Do you really want to " -+ "join an Active Directory server?\n")); -+ return false; -+ } -+ -+ if (domain == NULL || pss == NULL || kdc_name == NULL) { -+ return false; -+ } -+ - dname = lock_path("smb_krb5"); - if (!dname) { - return false; diff --git a/src/patches/samba/samba-3.6.19-valid_users_doc.patch b/src/patches/samba/samba-3.6.19-valid_users_doc.patch deleted file mode 100644 index 602783bdc..000000000 --- a/src/patches/samba/samba-3.6.19-valid_users_doc.patch +++ /dev/null @@ -1,53 +0,0 @@ -From 3c7822bac97ce4646f1b2c8419d1dae773c02c1d Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?G=C3=BCnther=20Deschner?= gd@samba.org -Date: Tue, 17 Sep 2013 12:47:58 +0200 -Subject: [PATCH] docs: point out side-effects of global "valid users" setting. -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Guenther - -Signed-off-by: Günther Deschner gd@samba.org ---- - docs-xml/smbdotconf/security/validusers.xml | 10 ++++++++++ - 1 file changed, 10 insertions(+) - -Index: samba-3.6.22/docs-xml/smbdotconf/security/validusers.xml -=================================================================== ---- samba-3.6.22.orig/docs-xml/smbdotconf/security/validusers.xml -+++ samba-3.6.22/docs-xml/smbdotconf/security/validusers.xml -@@ -19,6 +19,16 @@ - The current servicename is substituted for <parameter moreinfo="none">%S</parameter>. - This is useful in the [homes] section. - </para> -+ -+ <para><emphasis>Note: </emphasis>When used in the [global] section this -+ parameter may have unwanted side effects. For example: If samba is configured as a MASTER BROWSER (see -+ <parameter moreinfo="none">local master</parameter>, -+ <parameter moreinfo="none">os level</parameter>, -+ <parameter moreinfo="none">domain master</parameter>, -+ <parameter moreinfo="none">preferred master</parameter>) this option -+ will prevent workstations from being able to browse the network. -+ </para> -+ - </description> - - <related>invalid users</related> -Index: samba-3.6.22/docs/manpages/smb.conf.5 -=================================================================== ---- samba-3.6.22.orig/docs/manpages/smb.conf.5 -+++ samba-3.6.22/docs/manpages/smb.conf.5 -@@ -10311,6 +10311,12 @@ list then access is denied for that user - The current servicename is substituted for - \fI%S\fR&. This is useful in the [homes] section&. - .sp -+\fINote: \fRWhen used in the [global] section this parameter may have unwanted side effects&. For example: If samba is configured as a MASTER BROWSER (see -+\fIlocal master\fR, -+\fIos level\fR, -+\fIdomain master\fR, -+\fIpreferred master\fR) this option will prevent workstations from being able to browse the network&. -+.sp - Default: - \fI\fIvalid users\fR\fR\fI = \fR\fI # No valid users list (anyone can login) \fR\fI \fR - .sp diff --git a/src/patches/samba/samba-3.6.23-fix_libads_krb5_ipv6.patch b/src/patches/samba/samba-3.6.23-fix_libads_krb5_ipv6.patch deleted file mode 100644 index 9b6d22189..000000000 --- a/src/patches/samba/samba-3.6.23-fix_libads_krb5_ipv6.patch +++ /dev/null @@ -1,788 +0,0 @@ -From 918ac8f0ed19aeaa4718fa94fcabe87d0419d768 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?G=C3=BCnther=20Deschner?= gd@samba.org -Date: Mon, 13 Jan 2014 15:59:26 +0100 -Subject: [PATCH 1/5] PATCHSET11: s3-kerberos: remove print_kdc_line() - completely. -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Just calling print_canonical_sockaddr() is sufficient, as it already deals with -ipv6 as well. The port handling, which was only done for IPv6 (not IPv4), is -removed as well. It was pointless because it always derived the port number from -the provided address which was either a SMB (usually port 445) or LDAP -connection. No KDC will ever run on port 389 or 445 on a Windows/Samba DC. -Finally, the kerberos libraries that we support and build with, can deal with -ipv6 addresses in krb5.conf, so we no longer put the (unnecessary) burden of -resolving the DC name on the kerberos library anymore. - -Guenther - -Signed-off-by: Günther Deschner gd@samba.org -Reviewed-by: Andreas Schneider asn@samba.org - -Conflicts: - source3/libads/kerberos.c ---- - source3/libads/kerberos.c | 86 +++++------------------------------------------ - 1 file changed, 9 insertions(+), 77 deletions(-) - -diff --git a/source3/libads/kerberos.c b/source3/libads/kerberos.c -index 1153ccb..064e5f7 100644 ---- a/source3/libads/kerberos.c -+++ b/source3/libads/kerberos.c -@@ -661,73 +661,6 @@ int kerberos_kinit_password(const char *principal, - } - - /************************************************************************ --************************************************************************/ -- --static char *print_kdc_line(char *mem_ctx, -- const char *prev_line, -- const struct sockaddr_storage *pss, -- const char *kdc_name) --{ -- char *kdc_str = NULL; -- -- if (pss->ss_family == AF_INET) { -- kdc_str = talloc_asprintf(mem_ctx, "%s\tkdc = %s\n", -- prev_line, -- print_canonical_sockaddr(mem_ctx, pss)); -- } else { -- char addr[INET6_ADDRSTRLEN]; -- uint16_t port = get_sockaddr_port(pss); -- -- DEBUG(10,("print_kdc_line: IPv6 case for kdc_name: %s, port: %d\n", -- kdc_name, port)); -- -- if (port != 0 && port != DEFAULT_KRB5_PORT) { -- /* Currently for IPv6 we can't specify a non-default -- krb5 port with an address, as this requires a ':'. -- Resolve to a name. */ -- char hostname[MAX_DNS_NAME_LENGTH]; -- int ret = sys_getnameinfo((const struct sockaddr *)pss, -- sizeof(*pss), -- hostname, sizeof(hostname), -- NULL, 0, -- NI_NAMEREQD); -- if (ret) { -- DEBUG(0,("print_kdc_line: can't resolve name " -- "for kdc with non-default port %s. " -- "Error %s\n.", -- print_canonical_sockaddr(mem_ctx, pss), -- gai_strerror(ret))); -- return NULL; -- } -- /* Success, use host:port */ -- kdc_str = talloc_asprintf(mem_ctx, -- "%s\tkdc = %s:%u\n", -- prev_line, -- hostname, -- (unsigned int)port); -- } else { -- -- /* no krb5 lib currently supports "kdc = ipv6 address" -- * at all, so just fill in just the kdc_name if we have -- * it and let the krb5 lib figure out the appropriate -- * ipv6 address - gd */ -- -- if (kdc_name) { -- kdc_str = talloc_asprintf(mem_ctx, "%s\tkdc = %s\n", -- prev_line, kdc_name); -- } else { -- kdc_str = talloc_asprintf(mem_ctx, "%s\tkdc = %s\n", -- prev_line, -- print_sockaddr(addr, -- sizeof(addr), -- pss)); -- } -- } -- } -- return kdc_str; --} -- --/************************************************************************ - Create a string list of available kdc's, possibly searching by sitename. - Does DNS queries. - -@@ -746,7 +679,8 @@ static char *get_kdc_ip_string(char *mem_ctx, - struct ip_service *ip_srv_nonsite = NULL; - int count_site = 0; - int count_nonsite; -- char *kdc_str = print_kdc_line(mem_ctx, "", pss, kdc_name); -+ char *kdc_str = talloc_asprintf(mem_ctx, "%s\tkdc = %s\n", "", -+ print_canonical_sockaddr(mem_ctx, pss)); - - if (kdc_str == NULL) { - return NULL; -@@ -768,10 +702,9 @@ static char *get_kdc_ip_string(char *mem_ctx, - } - /* Append to the string - inefficient - * but not done often. */ -- kdc_str = print_kdc_line(mem_ctx, -- kdc_str, -- &ip_srv_site[i].ss, -- NULL); -+ kdc_str = talloc_asprintf(mem_ctx, "%s\tkdc = %s\n", -+ kdc_str, -+ print_canonical_sockaddr(mem_ctx, &ip_srv_site[i].ss)); - if (!kdc_str) { - SAFE_FREE(ip_srv_site); - return NULL; -@@ -806,11 +739,10 @@ static char *get_kdc_ip_string(char *mem_ctx, - } - - /* Append to the string - inefficient but not done often. */ -- kdc_str = print_kdc_line(mem_ctx, -- kdc_str, -- &ip_srv_nonsite[i].ss, -- NULL); -- if (!kdc_str) { -+ kdc_str = talloc_asprintf(mem_ctx, "%s\tkdc = %s\n", -+ kdc_str, -+ print_canonical_sockaddr(mem_ctx, &ip_srv_nonsite[i].ss)); -+ if (kdc_str == NULL) { - SAFE_FREE(ip_srv_site); - SAFE_FREE(ip_srv_nonsite); - return NULL; --- -1.9.0 - - -From b4eba7d838b60230b9f6c9a08ef0ddc00e3e47f0 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?G=C3=BCnther=20Deschner?= gd@samba.org -Date: Fri, 7 Mar 2014 14:47:31 +0100 -Subject: [PATCH 2/5] PATCHSET11: s3-kerberos: remove unused kdc_name from - create_local_private_krb5_conf_for_domain(). -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Guenther - -Signed-off-by: Günther Deschner gd@samba.org -Reviewed-by: Andreas Schneider asn@samba.org - -Autobuild-User(master): Günther Deschner gd@samba.org -Autobuild-Date(master): Fri Mar 7 18:43:57 CET 2014 on sn-devel-104 - -Conflicts: - source3/libads/kerberos.c - source3/libads/kerberos_proto.h - source3/libnet/libnet_join.c - source3/winbindd/winbindd_cm.c ---- - source3/libads/kerberos.c | 10 ++++------ - source3/libads/kerberos_proto.h | 3 +-- - source3/libnet/libnet_join.c | 2 +- - source3/libsmb/namequery_dc.c | 6 ++---- - source3/winbindd/winbindd_cm.c | 6 ++---- - 5 files changed, 10 insertions(+), 17 deletions(-) - -diff --git a/source3/libads/kerberos.c b/source3/libads/kerberos.c -index 064e5f7..b826cb3 100644 ---- a/source3/libads/kerberos.c -+++ b/source3/libads/kerberos.c -@@ -671,8 +671,7 @@ int kerberos_kinit_password(const char *principal, - static char *get_kdc_ip_string(char *mem_ctx, - const char *realm, - const char *sitename, -- struct sockaddr_storage *pss, -- const char *kdc_name) -+ struct sockaddr_storage *pss) - { - int i; - struct ip_service *ip_srv_site = NULL; -@@ -769,8 +768,7 @@ static char *get_kdc_ip_string(char *mem_ctx, - bool create_local_private_krb5_conf_for_domain(const char *realm, - const char *domain, - const char *sitename, -- struct sockaddr_storage *pss, -- const char *kdc_name) -+ struct sockaddr_storage *pss) - { - char *dname; - char *tmpname = NULL; -@@ -794,7 +792,7 @@ bool create_local_private_krb5_conf_for_domain(const char *realm, - return false; - } - -- if (domain == NULL || pss == NULL || kdc_name == NULL) { -+ if (domain == NULL || pss == NULL) { - return false; - } - -@@ -825,7 +823,7 @@ bool create_local_private_krb5_conf_for_domain(const char *realm, - realm_upper = talloc_strdup(fname, realm); - strupper_m(realm_upper); - -- kdc_ip_string = get_kdc_ip_string(dname, realm, sitename, pss, kdc_name); -+ kdc_ip_string = get_kdc_ip_string(dname, realm, sitename, pss); - if (!kdc_ip_string) { - goto done; - } -diff --git a/source3/libads/kerberos_proto.h b/source3/libads/kerberos_proto.h -index 406669cc..90d7cd9 100644 ---- a/source3/libads/kerberos_proto.h -+++ b/source3/libads/kerberos_proto.h -@@ -75,8 +75,7 @@ int kerberos_kinit_password(const char *principal, - bool create_local_private_krb5_conf_for_domain(const char *realm, - const char *domain, - const char *sitename, -- struct sockaddr_storage *pss, -- const char *kdc_name); -+ struct sockaddr_storage *pss); - - /* The following definitions come from libads/authdata.c */ - -diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c -index e84682d..f1736ec 100644 ---- a/source3/libnet/libnet_join.c -+++ b/source3/libnet/libnet_join.c -@@ -1985,7 +1985,7 @@ static WERROR libnet_DomainJoin(TALLOC_CTX *mem_ctx, - - create_local_private_krb5_conf_for_domain( - r->out.dns_domain_name, r->out.netbios_domain_name, -- NULL, &cli->dest_ss, cli->desthost); -+ NULL, &cli->dest_ss); - - if (r->out.domain_is_ad && r->in.account_ou && - !(r->in.join_flags & WKSSVC_JOIN_FLAGS_JOIN_UNSECURE)) { -diff --git a/source3/libsmb/namequery_dc.c b/source3/libsmb/namequery_dc.c -index 39b780c..149121a 100644 ---- a/source3/libsmb/namequery_dc.c -+++ b/source3/libsmb/namequery_dc.c -@@ -111,14 +111,12 @@ static bool ads_dc_name(const char *domain, - create_local_private_krb5_conf_for_domain(realm, - domain, - sitename, -- &ads->ldap.ss, -- ads->config.ldap_server_name); -+ &ads->ldap.ss); - } else { - create_local_private_krb5_conf_for_domain(realm, - domain, - NULL, -- &ads->ldap.ss, -- ads->config.ldap_server_name); -+ &ads->ldap.ss); - } - } - #endif -diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbindd_cm.c -index 8271279..59f30a5 100644 ---- a/source3/winbindd/winbindd_cm.c -+++ b/source3/winbindd/winbindd_cm.c -@@ -1226,8 +1226,7 @@ static bool dcip_to_name(TALLOC_CTX *mem_ctx, - create_local_private_krb5_conf_for_domain(domain->alt_name, - domain->name, - sitename, -- pss, -- name); -+ pss); - - SAFE_FREE(sitename); - } else { -@@ -1235,8 +1234,7 @@ static bool dcip_to_name(TALLOC_CTX *mem_ctx, - create_local_private_krb5_conf_for_domain(domain->alt_name, - domain->name, - NULL, -- pss, -- name); -+ pss); - } - winbindd_set_locator_kdc_envs(domain); - --- -1.9.0 - - -From db840b57e81922cea984530e2dc1b42cc99e75de Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?G=C3=BCnther=20Deschner?= gd@samba.org -Date: Wed, 2 Apr 2014 19:37:34 +0200 -Subject: [PATCH 3/5] PATCHSET11: s3-kerberos: make ipv6 support for generated - krb5 config files more robust. -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Older MIT Kerberos libraries will add any secondary ipv6 address as -ipv4 address, defining the (default) krb5 port 88 circumvents that. - -Guenther - -Signed-off-by: Günther Deschner gd@samba.org -Reviewed-by: Andreas Schneider asn@samba.org - -Autobuild-User(master): Günther Deschner gd@samba.org -Autobuild-Date(master): Fri Apr 4 16:33:12 CEST 2014 on sn-devel-104 - -Conflicts: - source3/libads/kerberos.c ---- - source3/libads/kerberos.c | 29 +++++++++++++++++++++++++++-- - 1 file changed, 27 insertions(+), 2 deletions(-) - -diff --git a/source3/libads/kerberos.c b/source3/libads/kerberos.c -index b826cb3..5e34aa3 100644 ---- a/source3/libads/kerberos.c -+++ b/source3/libads/kerberos.c -@@ -668,6 +668,31 @@ int kerberos_kinit_password(const char *principal, - - ************************************************************************/ - -+/* print_canonical_sockaddr prints an ipv6 addr in the form of -+* [ipv6.addr]. This string, when put in a generated krb5.conf file is not -+* always properly dealt with by some older krb5 libraries. Adding the hard-coded -+* portnumber workarounds the issue. - gd */ -+ -+static char *print_canonical_sockaddr_with_port(TALLOC_CTX *mem_ctx, -+ const struct sockaddr_storage *pss) -+{ -+ char *str = NULL; -+ -+ str = print_canonical_sockaddr(mem_ctx, pss); -+ if (str == NULL) { -+ return NULL; -+ } -+ -+ if (pss->ss_family != AF_INET6) { -+ return str; -+ } -+ -+#if defined(HAVE_IPV6) -+ str = talloc_asprintf_append(str, ":88"); -+#endif -+ return str; -+} -+ - static char *get_kdc_ip_string(char *mem_ctx, - const char *realm, - const char *sitename, -@@ -679,7 +704,7 @@ static char *get_kdc_ip_string(char *mem_ctx, - int count_site = 0; - int count_nonsite; - char *kdc_str = talloc_asprintf(mem_ctx, "%s\tkdc = %s\n", "", -- print_canonical_sockaddr(mem_ctx, pss)); -+ print_canonical_sockaddr_with_port(mem_ctx, pss)); - - if (kdc_str == NULL) { - return NULL; -@@ -740,7 +765,7 @@ static char *get_kdc_ip_string(char *mem_ctx, - /* Append to the string - inefficient but not done often. */ - kdc_str = talloc_asprintf(mem_ctx, "%s\tkdc = %s\n", - kdc_str, -- print_canonical_sockaddr(mem_ctx, &ip_srv_nonsite[i].ss)); -+ print_canonical_sockaddr_with_port(mem_ctx, &ip_srv_nonsite[i].ss)); - if (kdc_str == NULL) { - SAFE_FREE(ip_srv_site); - SAFE_FREE(ip_srv_nonsite); --- -1.9.0 - - -From 208f1d7b5ae557bf34a39c847aeb1925ce4cb171 Mon Sep 17 00:00:00 2001 -From: Andrew Bartlett abartlet@samba.org -Date: Tue, 26 Apr 2011 17:03:32 +1000 -Subject: [PATCH 4/5] PATCHSET11: s3-libads Pass a struct sockaddr_storage to - cldap routines - -This avoids these routines doing a DNS lookup that has already been -done, and ensures that the emulated DNS lookup isn't thrown away. - -Andrew Bartlett ---- - source3/libads/cldap.c | 14 ++++-------- - source3/libads/cldap.h | 4 ++-- - source3/libads/ldap.c | 41 ++++++++++------------------------- - source3/libsmb/dsgetdcname.c | 3 ++- - source3/utils/net_ads.c | 7 +++--- - source3/winbindd/idmap_adex/gc_util.c | 12 +++++++++- - 6 files changed, 33 insertions(+), 48 deletions(-) - -diff --git a/source3/libads/cldap.c b/source3/libads/cldap.c -index 5d2e900..03fa17c 100644 ---- a/source3/libads/cldap.c -+++ b/source3/libads/cldap.c -@@ -30,7 +30,7 @@ - *******************************************************************/ - - bool ads_cldap_netlogon(TALLOC_CTX *mem_ctx, -- const char *server, -+ struct sockaddr_storage *ss, - const char *realm, - uint32_t nt_version, - struct netlogon_samlogon_response **_reply) -@@ -39,18 +39,12 @@ bool ads_cldap_netlogon(TALLOC_CTX *mem_ctx, - struct cldap_netlogon io; - struct netlogon_samlogon_response *reply; - NTSTATUS status; -- struct sockaddr_storage ss; - char addrstr[INET6_ADDRSTRLEN]; - const char *dest_str; - int ret; - struct tsocket_address *dest_addr; - -- if (!interpret_string_addr_prefer_ipv4(&ss, server, 0)) { -- DEBUG(2,("Failed to resolve[%s] into an address for cldap\n", -- server)); -- return false; -- } -- dest_str = print_sockaddr(addrstr, sizeof(addrstr), &ss); -+ dest_str = print_sockaddr(addrstr, sizeof(addrstr), ss); - - ret = tsocket_address_inet_from_strings(mem_ctx, "ip", - dest_str, LDAP_PORT, -@@ -113,7 +107,7 @@ failed: - *******************************************************************/ - - bool ads_cldap_netlogon_5(TALLOC_CTX *mem_ctx, -- const char *server, -+ struct sockaddr_storage *ss, - const char *realm, - struct NETLOGON_SAM_LOGON_RESPONSE_EX *reply5) - { -@@ -121,7 +115,7 @@ bool ads_cldap_netlogon_5(TALLOC_CTX *mem_ctx, - struct netlogon_samlogon_response *reply = NULL; - bool ret; - -- ret = ads_cldap_netlogon(mem_ctx, server, realm, nt_version, &reply); -+ ret = ads_cldap_netlogon(mem_ctx, ss, realm, nt_version, &reply); - if (!ret) { - return false; - } -diff --git a/source3/libads/cldap.h b/source3/libads/cldap.h -index d2ad4b0..60e1c56 100644 ---- a/source3/libads/cldap.h -+++ b/source3/libads/cldap.h -@@ -27,12 +27,12 @@ - - /* The following definitions come from libads/cldap.c */ - bool ads_cldap_netlogon(TALLOC_CTX *mem_ctx, -- const char *server, -+ struct sockaddr_storage *ss, - const char *realm, - uint32_t nt_version, - struct netlogon_samlogon_response **reply); - bool ads_cldap_netlogon_5(TALLOC_CTX *mem_ctx, -- const char *server, -+ struct sockaddr_storage *ss, - const char *realm, - struct NETLOGON_SAM_LOGON_RESPONSE_EX *reply5); - -diff --git a/source3/libads/ldap.c b/source3/libads/ldap.c -index b841c84..0db0bcd 100644 ---- a/source3/libads/ldap.c -+++ b/source3/libads/ldap.c -@@ -196,45 +196,32 @@ bool ads_closest_dc(ADS_STRUCT *ads) - */ - static bool ads_try_connect(ADS_STRUCT *ads, const char *server, bool gc) - { -- char *srv; - struct NETLOGON_SAM_LOGON_RESPONSE_EX cldap_reply; - TALLOC_CTX *frame = talloc_stackframe(); - bool ret = false; -+ struct sockaddr_storage ss; -+ char addr[INET6_ADDRSTRLEN]; - - if (!server || !*server) { - TALLOC_FREE(frame); - return False; - } - -- if (!is_ipaddress(server)) { -- struct sockaddr_storage ss; -- char addr[INET6_ADDRSTRLEN]; -- -- if (!resolve_name(server, &ss, 0x20, true)) { -- DEBUG(5,("ads_try_connect: unable to resolve name %s\n", -- server )); -- TALLOC_FREE(frame); -- return false; -- } -- print_sockaddr(addr, sizeof(addr), &ss); -- srv = talloc_strdup(frame, addr); -- } else { -- /* this copes with inet_ntoa brokenness */ -- srv = talloc_strdup(frame, server); -- } -- -- if (!srv) { -+ if (!resolve_name(server, &ss, 0x20, true)) { -+ DEBUG(5,("ads_try_connect: unable to resolve name %s\n", -+ server )); - TALLOC_FREE(frame); - return false; - } -+ print_sockaddr(addr, sizeof(addr), &ss); - - DEBUG(5,("ads_try_connect: sending CLDAP request to %s (realm: %s)\n", -- srv, ads->server.realm)); -+ addr, ads->server.realm)); - - ZERO_STRUCT( cldap_reply ); - -- if ( !ads_cldap_netlogon_5(frame, srv, ads->server.realm, &cldap_reply ) ) { -- DEBUG(3,("ads_try_connect: CLDAP request %s failed.\n", srv)); -+ if ( !ads_cldap_netlogon_5(frame, &ss, ads->server.realm, &cldap_reply ) ) { -+ DEBUG(3,("ads_try_connect: CLDAP request %s failed.\n", addr)); - ret = false; - goto out; - } -@@ -243,7 +230,7 @@ static bool ads_try_connect(ADS_STRUCT *ads, const char *server, bool gc) - - if ( !(cldap_reply.server_type & NBT_SERVER_LDAP) ) { - DEBUG(1,("ads_try_connect: %s's CLDAP reply says it is not an LDAP server!\n", -- srv)); -+ addr)); - ret = false; - goto out; - } -@@ -273,13 +260,7 @@ static bool ads_try_connect(ADS_STRUCT *ads, const char *server, bool gc) - ads->server.workgroup = SMB_STRDUP(cldap_reply.domain_name); - - ads->ldap.port = gc ? LDAP_GC_PORT : LDAP_PORT; -- if (!interpret_string_addr(&ads->ldap.ss, srv, 0)) { -- DEBUG(1,("ads_try_connect: unable to convert %s " -- "to an address\n", -- srv)); -- ret = false; -- goto out; -- } -+ ads->ldap.ss = ss; - - /* Store our site name. */ - sitename_store( cldap_reply.domain_name, cldap_reply.client_site); -diff --git a/source3/libsmb/dsgetdcname.c b/source3/libsmb/dsgetdcname.c -index 841a179..2f8b8dc 100644 ---- a/source3/libsmb/dsgetdcname.c -+++ b/source3/libsmb/dsgetdcname.c -@@ -863,9 +863,10 @@ static NTSTATUS process_dc_dns(TALLOC_CTX *mem_ctx, - - for (i=0; i<num_dcs; i++) { - -+ - DEBUG(10,("LDAP ping to %s\n", dclist[i].hostname)); - -- if (ads_cldap_netlogon(mem_ctx, dclist[i].hostname, -+ if (ads_cldap_netlogon(mem_ctx, &dclist[i].ss, - domain_name, - nt_version, - &r)) -diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c -index 8f8b7b4..816349d 100644 ---- a/source3/utils/net_ads.c -+++ b/source3/utils/net_ads.c -@@ -62,7 +62,8 @@ static int net_ads_cldap_netlogon(struct net_context *c, ADS_STRUCT *ads) - struct NETLOGON_SAM_LOGON_RESPONSE_EX reply; - - print_sockaddr(addr, sizeof(addr), &ads->ldap.ss); -- if ( !ads_cldap_netlogon_5(talloc_tos(), addr, ads->server.realm, &reply ) ) { -+ -+ if ( !ads_cldap_netlogon_5(talloc_tos(), &ads->ldap.ss, ads->server.realm, &reply ) ) { - d_fprintf(stderr, _("CLDAP query failed!\n")); - return -1; - } -@@ -385,7 +386,6 @@ int net_ads_check(struct net_context *c) - static int net_ads_workgroup(struct net_context *c, int argc, const char **argv) - { - ADS_STRUCT *ads; -- char addr[INET6_ADDRSTRLEN]; - struct NETLOGON_SAM_LOGON_RESPONSE_EX reply; - - if (c->display_usage) { -@@ -407,8 +407,7 @@ static int net_ads_workgroup(struct net_context *c, int argc, const char **argv) - ads->ldap.port = 389; - } - -- print_sockaddr(addr, sizeof(addr), &ads->ldap.ss); -- if ( !ads_cldap_netlogon_5(talloc_tos(), addr, ads->server.realm, &reply ) ) { -+ if ( !ads_cldap_netlogon_5(talloc_tos(), &ads->ldap.ss, ads->server.realm, &reply ) ) { - d_fprintf(stderr, _("CLDAP query failed!\n")); - ads_destroy(&ads); - return -1; -diff --git a/source3/winbindd/idmap_adex/gc_util.c b/source3/winbindd/idmap_adex/gc_util.c -index 77b318c..e625265 100644 ---- a/source3/winbindd/idmap_adex/gc_util.c -+++ b/source3/winbindd/idmap_adex/gc_util.c -@@ -107,6 +107,7 @@ done: - NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL; - struct NETLOGON_SAM_LOGON_RESPONSE_EX cldap_reply; - TALLOC_CTX *frame = talloc_stackframe(); -+ struct sockaddr_storage ss; - - if (!gc || !domain) { - return NT_STATUS_INVALID_PARAMETER; -@@ -126,8 +127,17 @@ done: - nt_status = ads_ntstatus(ads_status); - BAIL_ON_NTSTATUS_ERROR(nt_status); - -+ if (!resolve_name(ads->config.ldap_server_name, &ss, 0x20, true)) { -+ DEBUG(5,("gc_find_forest_root: unable to resolve name %s\n", -+ ads->config.ldap_server_name)); -+ nt_status = NT_STATUS_IO_TIMEOUT; -+ /* This matches the old code which did the resolve in -+ * ads_cldap_netlogon_5 */ -+ BAIL_ON_NTSTATUS_ERROR(nt_status); -+ } -+ - if (!ads_cldap_netlogon_5(frame, -- ads->config.ldap_server_name, -+ &ss, - ads->config.realm, - &cldap_reply)) - { --- -1.9.0 - - -From 4eb02e7caa83b725988dd9f659b3568873522a30 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?G=C3=BCnther=20Deschner?= gd@samba.org -Date: Wed, 16 Apr 2014 16:07:14 +0200 -Subject: [PATCH 5/5] PATCHSET11: s3-libads: allow ads_try_connect() to re-use - a resolved ip address. -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Pass down a struct sockaddr_storage to ads_try_connect. - -Guenther - -Signed-off-by: Günther Deschner gd@samba.org -Reviewed-by: Andreas Schneider asn@samba.org - -Autobuild-User(master): Günther Deschner gd@samba.org -Autobuild-Date(master): Thu Apr 17 19:56:16 CEST 2014 on sn-devel-104 ---- - source3/libads/ldap.c | 44 ++++++++++++++++++++++++++------------------ - 1 file changed, 26 insertions(+), 18 deletions(-) - -diff --git a/source3/libads/ldap.c b/source3/libads/ldap.c -index 0db0bcd..f8349cf 100644 ---- a/source3/libads/ldap.c -+++ b/source3/libads/ldap.c -@@ -194,33 +194,27 @@ bool ads_closest_dc(ADS_STRUCT *ads) - try a connection to a given ldap server, returning True and setting the servers IP - in the ads struct if successful - */ --static bool ads_try_connect(ADS_STRUCT *ads, const char *server, bool gc) -+static bool ads_try_connect(ADS_STRUCT *ads, bool gc, -+ struct sockaddr_storage *ss) - { - struct NETLOGON_SAM_LOGON_RESPONSE_EX cldap_reply; - TALLOC_CTX *frame = talloc_stackframe(); - bool ret = false; -- struct sockaddr_storage ss; - char addr[INET6_ADDRSTRLEN]; - -- if (!server || !*server) { -+ if (ss == NULL) { - TALLOC_FREE(frame); - return False; - } - -- if (!resolve_name(server, &ss, 0x20, true)) { -- DEBUG(5,("ads_try_connect: unable to resolve name %s\n", -- server )); -- TALLOC_FREE(frame); -- return false; -- } -- print_sockaddr(addr, sizeof(addr), &ss); -+ print_sockaddr(addr, sizeof(addr), ss); - - DEBUG(5,("ads_try_connect: sending CLDAP request to %s (realm: %s)\n", - addr, ads->server.realm)); - - ZERO_STRUCT( cldap_reply ); - -- if ( !ads_cldap_netlogon_5(frame, &ss, ads->server.realm, &cldap_reply ) ) { -+ if ( !ads_cldap_netlogon_5(frame, ss, ads->server.realm, &cldap_reply ) ) { - DEBUG(3,("ads_try_connect: CLDAP request %s failed.\n", addr)); - ret = false; - goto out; -@@ -260,7 +254,7 @@ static bool ads_try_connect(ADS_STRUCT *ads, const char *server, bool gc) - ads->server.workgroup = SMB_STRDUP(cldap_reply.domain_name); - - ads->ldap.port = gc ? LDAP_GC_PORT : LDAP_PORT; -- ads->ldap.ss = ss; -+ ads->ldap.ss = *ss; - - /* Store our site name. */ - sitename_store( cldap_reply.domain_name, cldap_reply.client_site); -@@ -292,6 +286,7 @@ static NTSTATUS ads_find_dc(ADS_STRUCT *ads) - bool use_own_domain = False; - char *sitename; - NTSTATUS status = NT_STATUS_UNSUCCESSFUL; -+ bool ok = false; - - /* if the realm and workgroup are both empty, assume they are ours */ - -@@ -345,12 +340,14 @@ static NTSTATUS ads_find_dc(ADS_STRUCT *ads) - DEBUG(6,("ads_find_dc: (ldap) looking for %s '%s'\n", - (got_realm ? "realm" : "domain"), realm)); - -- if (get_dc_name(domain, realm, srv_name, &ip_out)) { -+ ok = get_dc_name(domain, realm, srv_name, &ip_out); -+ if (ok) { - /* - * we call ads_try_connect() to fill in the - * ads->config details - */ -- if (ads_try_connect(ads, srv_name, false)) { -+ ok = ads_try_connect(ads, false, &ip_out); -+ if (ok) { - return NT_STATUS_OK; - } - } -@@ -406,7 +403,8 @@ static NTSTATUS ads_find_dc(ADS_STRUCT *ads) - } - } - -- if ( ads_try_connect(ads, server, false) ) { -+ ok = ads_try_connect(ads, false, &ip_list[i].ss); -+ if (ok) { - SAFE_FREE(ip_list); - SAFE_FREE(sitename); - return NT_STATUS_OK; -@@ -591,9 +589,19 @@ ADS_STATUS ads_connect(ADS_STRUCT *ads) - TALLOC_FREE(s); - } - -- if (ads->server.ldap_server) -- { -- if (ads_try_connect(ads, ads->server.ldap_server, ads->server.gc)) { -+ if (ads->server.ldap_server) { -+ bool ok = false; -+ struct sockaddr_storage ss; -+ -+ ok = resolve_name(ads->server.ldap_server, &ss, 0x20, true); -+ if (!ok) { -+ DEBUG(5,("ads_connect: unable to resolve name %s\n", -+ ads->server.ldap_server)); -+ status = ADS_ERROR_NT(NT_STATUS_NOT_FOUND); -+ goto out; -+ } -+ ok = ads_try_connect(ads, ads->server.gc, &ss); -+ if (ok) { - goto got_connection; - } - --- -1.9.0 - -diff --git a/source3/libads/kerberos.c b/source3/libads/kerberos.c -index b826cb3..5e34aa3 100644 ---- a/source3/libads/kerberos.c -+++ b/source3/libads/kerberos.c -@@ -827,10 +827,6 @@ - return false; - } - -- if (domain == NULL || pss == NULL || kdc_name == NULL) { -- return false; -- } -- - dname = lock_path("smb_krb5"); - if (!dname) { - return false; diff --git a/src/patches/samba/samba-3.6.23-gecos.patch b/src/patches/samba/samba-3.6.23-gecos.patch deleted file mode 100644 index 2ecfe862c..000000000 --- a/src/patches/samba/samba-3.6.23-gecos.patch +++ /dev/null @@ -1,42 +0,0 @@ -From 02da0b0ae947f30480b1246de22e865491e479f0 Mon Sep 17 00:00:00 2001 -From: Andreas Schneider asn@samba.org -Date: Wed, 12 Feb 2014 13:26:02 +0100 -Subject: [PATCH] PATCHSET12: s3-winbind: Use strlcpy to avoid log entry. - -The full_name from Windows can be longer than 255 chars which results in -a warning on log level 0 that we have a string overflow. This will avoid -the warning. However we should fix this sooner or later on the protocol -level to have no limit. - -Signed-off-by: Andreas Schneider asn@samba.org -Reviewed-by: Volker Lendecke vl@samba.org - -Conflicts: - source3/winbindd/wb_fill_pwent.c ---- - source3/winbindd/wb_fill_pwent.c | 9 +++++++-- - 1 file changed, 7 insertions(+), 2 deletions(-) - -diff --git a/source3/winbindd/wb_fill_pwent.c b/source3/winbindd/wb_fill_pwent.c -index 9634317..9d42b31 100644 ---- a/source3/winbindd/wb_fill_pwent.c -+++ b/source3/winbindd/wb_fill_pwent.c -@@ -141,8 +141,13 @@ static void wb_fill_pwent_getgrsid_done(struct tevent_req *subreq) - true); - } - -- fstrcpy(state->pw->pw_name, output_username); -- fstrcpy(state->pw->pw_gecos, state->info->full_name); -+ strlcpy(state->pw->pw_name, -+ output_username, -+ sizeof(state->pw->pw_name)); -+ /* FIXME The full_name can be longer than 255 chars */ -+ strlcpy(state->pw->pw_gecos, -+ state->info->full_name ? state->info->full_name : "", -+ sizeof(state->pw->pw_gecos)); - - /* Home directory and shell */ - ok = fillup_pw_field(lp_template_homedir(), --- -1.9.3 - diff --git a/src/patches/samba/samba-3.6.23-glusterfs.patch b/src/patches/samba/samba-3.6.23-glusterfs.patch deleted file mode 100644 index 2b82064b4..000000000 --- a/src/patches/samba/samba-3.6.23-glusterfs.patch +++ /dev/null @@ -1,2318 +0,0 @@ -From f2f684d4eadadeebf725b513bf4945ccf0aa7371 Mon Sep 17 00:00:00 2001 -From: Anand Avati avati@redhat.com -Date: Wed, 29 May 2013 07:21:46 -0400 -Subject: [PATCH 1/9] PATCHSET13: vfs_glusterfs: Samba VFS module for glusterfs - -Implement a Samba VFS plugin for glusterfs based on gluster's gfapi. -This is a "bottom" vfs plugin (not something to be stacked on top of -another module), and translates (most) calls into closest actions -on gfapi. - -Reviewed-by: Andrew Bartlett abartlet@samba.org -Reviewed-by: Simo Sorce idra@samba.org -Signed-off-by: Anand Avati avati@redhat.com ---- - source3/Makefile.in | 5 + - source3/configure.in | 23 + - source3/modules/vfs_glusterfs.c | 1461 +++++++++++++++++++++++++++++++++++++++ - source3/modules/wscript_build | 9 + - source3/wscript | 22 + - 5 files changed, 1520 insertions(+) - create mode 100644 source3/modules/vfs_glusterfs.c - -diff --git a/source3/Makefile.in b/source3/Makefile.in -index 9e8e03d..27bc43e 100644 ---- a/source3/Makefile.in -+++ b/source3/Makefile.in -@@ -848,6 +848,7 @@ VFS_SCANNEDONLY_OBJ = modules/vfs_scannedonly.o - VFS_CROSSRENAME_OBJ = modules/vfs_crossrename.o - VFS_LINUX_XFS_SGID_OBJ = modules/vfs_linux_xfs_sgid.o - VFS_TIME_AUDIT_OBJ = modules/vfs_time_audit.o -+VFS_GLUSTERFS_OBJ = modules/vfs_glusterfs.o - - PAM_ERRORS_OBJ = ../libcli/auth/pam_errors.o - PLAINTEXT_AUTH_OBJ = auth/pampass.o auth/pass_check.o $(PAM_ERRORS_OBJ) -@@ -3191,6 +3192,10 @@ bin/time_audit.@SHLIBEXT@: $(BINARY_PREREQS) $(VFS_TIME_AUDIT_OBJ) - @echo "Building plugin $@" - @$(SHLD_MODULE) $(VFS_TIME_AUDIT_OBJ) - -+bin/glusterfs.@SHLIBEXT@: $(BINARY_PREREQS) $(VFS_GLUSTERFS_OBJ) -+ @echo "Building plugin $@" -+ $(SHLD_MODULE) $(VFS_GLUSTERFS_OBJ) @GLUSTERFS_LIBS@ -+ - ######################################################### - ## IdMap NSS plugins - -diff --git a/source3/configure.in b/source3/configure.in -index 42c23e3..3cc78e9 100644 ---- a/source3/configure.in -+++ b/source3/configure.in -@@ -6688,6 +6688,29 @@ - fi - - -+############# -+AC_ARG_ENABLE([glusterfs], -+ AC_HELP_STRING([--disable-glusterfs],[Do not build vfs_glusterfs module])) -+ -+GLUTERFS_LIBS="" -+ -+if test "x$enable_glusterfs" != "xno"; then -+ PKG_CHECK_MODULES([GLFS], [glusterfs-api >= 4], glfs_found=yes, glfs_found=no) -+fi -+ -+if test "x$enable_glusterfs" = "xyes" -a "x$glfs_found" != "xyes"; then -+ echo "GFAPI not found in build system" -+ exit 1 -+fi -+ -+if test "x$glfs_found" = "xyes"; then -+ CFLAGS="$CFLAGS $GLFS_CFLAGS" -+ GLUSTERFS_LIBS="$GLFS_LIBS" -+ default_shared_modules="$default_shared_modules vfs_glusterfs" -+fi -+AC_SUBST(GLUSTERFS_LIBS) -+ -+ - ################################################# - # Set pthread stuff - -@@ -7007,6 +7030,7 @@ - SMB_MODULE(vfs_crossrename, $(VFS_CROSSRENAME_OBJ), "bin/crossrename.$SHLIBEXT", VFS) - SMB_MODULE(vfs_linux_xfs_sgid, $(VFS_LINUX_XFS_SGID_OBJ), "bin/linux_xfs_sgid.$SHLIBEXT", VFS) - SMB_MODULE(vfs_time_audit, $(VFS_TIME_AUDIT_OBJ), "bin/time_audit.$SHLIBEXT", VFS) -+SMB_MODULE(vfs_glusterfs, $(VFS_GLUSTERFS_OBJ), "bin/glusterfs.$SHLIBEXT", VFS) - - SMB_SUBSYSTEM(VFS,smbd/vfs.o) - -diff --git a/source3/modules/vfs_glusterfs.c b/source3/modules/vfs_glusterfs.c -new file mode 100644 -index 0000000..4beac1d ---- /dev/null -+++ b/source3/modules/vfs_glusterfs.c -@@ -0,0 +1,1461 @@ -+/* -+ Unix SMB/CIFS implementation. -+ -+ Wrap GlusterFS GFAPI calls in vfs functions. -+ -+ Copyright (c) 2013 Anand Avati avati@redhat.com -+ -+ This program is free software; you can redistribute it and/or modify -+ it under the terms of the GNU General Public License as published by -+ the Free Software Foundation; either version 3 of the License, or -+ (at your option) any later version. -+ -+ This program is distributed in the hope that it will be useful, -+ but WITHOUT ANY WARRANTY; without even the implied warranty of -+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -+ GNU General Public License for more details. -+ -+ You should have received a copy of the GNU General Public License -+ along with this program. If not, see http://www.gnu.org/licenses/. -+*/ -+ -+#include "includes.h" -+#include "smbd/smbd.h" -+#include <stdio.h> -+#include "api/glfs.h" -+ -+#define DEFAULT_VOLFILE_SERVER "localhost" -+ -+/* -+ TODO -+ ---- -+ Short term: -+ - AIO support -+ - sendfile/recvfile support -+*/ -+ -+/* Helpers to provide 'integer' fds */ -+ -+/* This is global. gfapi's FD operations do not -+ require filesystem context. -+*/ -+static glfs_fd_t **glfd_fd; -+static int glfd_fd_size; -+static int glfd_fd_used; -+static int glfd_fd_store(glfs_fd_t *glfd) -+{ -+ int i; -+ void *tmp; -+ -+ if (glfd_fd_size == glfd_fd_used) { -+ if (glfd_fd_size >= INT_MAX - 1) { -+ errno = ENOMEM; -+ return -1; -+ } -+ -+ tmp = talloc_realloc(glfd_fd, glfd_fd, glfs_fd_t *, -+ glfd_fd_size + 1); -+ if (tmp == NULL) { -+ errno = ENOMEM; -+ return -1; -+ } -+ -+ glfd_fd = tmp; -+ glfd_fd[glfd_fd_size] = 0; -+ glfd_fd_size++; -+ } -+ -+ for (i = 0; i < glfd_fd_size; i++) { -+ if (!glfd_fd[i]) { -+ break; -+ } -+ } -+ glfd_fd_used++; -+ glfd_fd[i] = glfd; -+ return i; -+} -+ -+static glfs_fd_t *glfd_fd_get(int i) -+{ -+ if (i < 0 || i >= glfd_fd_size) { -+ return NULL; -+ } -+ return glfd_fd[i]; -+} -+ -+static glfs_fd_t *glfd_fd_clear(int i) -+{ -+ glfs_fd_t *glfd = NULL; -+ -+ if (i < 0 || i >= glfd_fd_size) { -+ return NULL; -+ } -+ -+ glfd = glfd_fd[i]; -+ glfd_fd[i] = 0; -+ glfd_fd_used--; -+ return glfd; -+} -+ -+/* Helper to convert stat to stat_ex */ -+ -+static void smb_stat_ex_from_stat(struct stat_ex *dst, const struct stat *src) -+{ -+ ZERO_STRUCTP(dst); -+ -+ dst->st_ex_dev = src->st_dev; -+ dst->st_ex_ino = src->st_ino; -+ dst->st_ex_mode = src->st_mode; -+ dst->st_ex_nlink = src->st_nlink; -+ dst->st_ex_uid = src->st_uid; -+ dst->st_ex_gid = src->st_gid; -+ dst->st_ex_rdev = src->st_rdev; -+ dst->st_ex_size = src->st_size; -+ dst->st_ex_atime.tv_sec = src->st_atime; -+#ifdef STAT_HAVE_NSEC -+ dst->st_ex_atime.tv_nsec = src->st_atime_nsec; -+#endif -+ dst->st_ex_mtime.tv_sec = src->st_mtime; -+#ifdef STAT_HAVE_NSEC -+ dst->st_ex_mtime.tv_nsec = src->st_mtime_nsec; -+#endif -+ dst->st_ex_ctime.tv_sec = src->st_ctime; -+#ifdef STAT_HAVE_NSEC -+ dst->st_ex_ctime.tv_nsec = src->st_ctime_nsec; -+#endif -+ dst->st_ex_btime.tv_sec = src->st_mtime; -+#ifdef STAT_HAVE_NSEC -+ dst->st_ex_btime.tv_nsec = src->st_mtime_nsec; -+#endif -+ dst->st_ex_blksize = src->st_blksize; -+ dst->st_ex_blocks = src->st_blocks; -+} -+ -+/* pre-opened glfs_t */ -+ -+static struct glfs_preopened { -+ char *volume; -+ glfs_t *fs; -+ int ref; -+ struct glfs_preopened *next, *prev; -+} *glfs_preopened; -+ -+ -+int glfs_set_preopened(const char *volume, glfs_t *fs) -+{ -+ struct glfs_preopened *entry = NULL; -+ -+ entry = talloc_zero(NULL, struct glfs_preopened); -+ if (!entry) { -+ errno = ENOMEM; -+ return -1; -+ } -+ -+ entry->volume = talloc_strdup(entry, volume); -+ if (!entry->volume) { -+ talloc_free(entry); -+ errno = ENOMEM; -+ return -1; -+ } -+ -+ entry->fs = fs; -+ entry->ref = 1; -+ -+ DLIST_ADD(glfs_preopened, entry); -+ -+ return 0; -+} -+ -+static glfs_t *glfs_find_preopened(const char *volume) -+{ -+ struct glfs_preopened *entry = NULL; -+ -+ for (entry = glfs_preopened; entry; entry = entry->next) { -+ if (strcmp(entry->volume, volume) == 0) { -+ entry->ref++; -+ return entry->fs; -+ } -+ } -+ -+ return NULL; -+} -+ -+static void glfs_clear_preopened(glfs_t *fs) -+{ -+ int i; -+ struct glfs_preopened *entry = NULL; -+ -+ for (entry = glfs_preopened; entry; entry = entry->next) { -+ if (entry->fs == fs) { -+ if (--entry->ref) -+ return; -+ -+ DLIST_REMOVE(glfs_preopened, entry); -+ -+ glfs_fini(entry->fs); -+ talloc_free(entry); -+ } -+ } -+} -+ -+/* Disk Operations */ -+ -+static int vfs_gluster_connect(struct vfs_handle_struct *handle, -+ const char *service, const char *user) -+{ -+ const char *volfile_server; -+ const char *volume; -+ const char *logfile; -+ int loglevel; -+ glfs_t *fs; -+ int ret; -+ -+ logfile = lp_parm_const_string(SNUM(handle->conn), "glusterfs", -+ "logfile", NULL); -+ -+ loglevel = lp_parm_int(SNUM(handle->conn), "glusterfs", "loglevel", -1); -+ -+ volfile_server = lp_parm_const_string(SNUM(handle->conn), "glusterfs", -+ "volfile_server", NULL); -+ if (volfile_server == NULL) { -+ volfile_server = DEFAULT_VOLFILE_SERVER; -+ } -+ -+ volume = lp_parm_const_string(SNUM(handle->conn), "glusterfs", "volume", -+ NULL); -+ if (volume == NULL) { -+ volume = service; -+ } -+ -+ fs = glfs_find_preopened(volume); -+ if (fs) { -+ goto found; -+ } -+ -+ fs = glfs_new(volume); -+ if (fs == NULL) { -+ return -1; -+ } -+ -+ ret = glfs_set_volfile_server(fs, "tcp", volfile_server, 0); -+ if (ret < 0) { -+ DEBUG(0, ("Failed to set volfile_server %s\n", volfile_server)); -+ glfs_fini(fs); -+ return -1; -+ } -+ -+ ret = glfs_set_xlator_option(fs, "*-md-cache", "cache-posix-acl", -+ "true"); -+ if (ret < 0) { -+ DEBUG(0, ("%s: Failed to set xlator options\n", volume)); -+ glfs_fini(fs); -+ return -1; -+ } -+ -+ ret = glfs_set_logging(fs, logfile, loglevel); -+ if (ret < 0) { -+ DEBUG(0, ("%s: Failed to set logfile %s loglevel %d\n", -+ volume, logfile, loglevel)); -+ glfs_fini(fs); -+ return -1; -+ } -+ -+ ret = glfs_init(fs); -+ if (ret < 0) { -+ DEBUG(0, ("%s: Failed to initialize volume (%s)\n", -+ volume, strerror(errno))); -+ glfs_fini(fs); -+ return -1; -+ } -+ -+ ret = glfs_set_preopened(volume, fs); -+ if (ret < 0) { -+ DEBUG(0, ("%s: Failed to register volume (%s)\n", -+ volume, strerror(errno))); -+ glfs_fini(fs); -+ return -1; -+ } -+found: -+ DEBUG(0, ("%s: Initialized volume from server %s\n", -+ volume, volfile_server)); -+ handle->data = fs; -+ return 0; -+} -+ -+static void vfs_gluster_disconnect(struct vfs_handle_struct *handle) -+{ -+ glfs_t *fs = NULL; -+ -+ fs = handle->data; -+ -+ glfs_clear_preopened(fs); -+} -+ -+static uint64_t -+vfs_gluster_disk_free(struct vfs_handle_struct *handle, const char *path, -+ bool small_query, uint64_t *bsize_p, uint64_t *dfree_p, -+ uint64_t *dsize_p) -+{ -+ struct statvfs statvfs = { 0, }; -+ uint64_t dfree = 0; -+ int ret; -+ -+ ret = glfs_statvfs(handle->data, path, &statvfs); -+ if (ret < 0) { -+ DEBUG(0, ("glfs_statvfs(%s) failed: %s\n", -+ path, strerror(errno))); -+ return -1; -+ } -+ -+ dfree = statvfs.f_bsize * statvfs.f_bavail; -+ -+ if (bsize_p) { -+ *bsize_p = statvfs.f_bsize; -+ } -+ if (dfree_p) { -+ *dfree_p = dfree; -+ } -+ if (dsize_p) { -+ *dsize_p = statvfs.f_bsize * statvfs.f_blocks; -+ } -+ -+ return dfree; -+} -+ -+static int -+vfs_gluster_get_quota(struct vfs_handle_struct *handle, -+ enum SMB_QUOTA_TYPE qtype, unid_t id, SMB_DISK_QUOTA *qt) -+{ -+ errno = ENOSYS; -+ return -1; -+} -+ -+static int -+vfs_gluster_set_quota(struct vfs_handle_struct *handle, -+ enum SMB_QUOTA_TYPE qtype, unid_t id, SMB_DISK_QUOTA *qt) -+{ -+ errno = ENOSYS; -+ return -1; -+} -+ -+static int vfs_gluster_statvfs(struct vfs_handle_struct *handle, -+ const char *path, -+ struct vfs_statvfs_struct *vfs_statvfs) -+{ -+ struct statvfs statvfs = { 0, }; -+ int ret; -+ -+ ret = glfs_statvfs(handle->data, path, &statvfs); -+ if (ret < 0) { -+ DEBUG(0, ("glfs_statvfs(%s) failed: %s\n", -+ path, strerror(errno))); -+ return -1; -+ } -+ -+ ZERO_STRUCTP(vfs_statvfs); -+ -+ vfs_statvfs->OptimalTransferSize = statvfs.f_frsize; -+ vfs_statvfs->BlockSize = statvfs.f_bsize; -+ vfs_statvfs->TotalBlocks = statvfs.f_blocks; -+ vfs_statvfs->BlocksAvail = statvfs.f_bfree; -+ vfs_statvfs->UserBlocksAvail = statvfs.f_bavail; -+ vfs_statvfs->TotalFileNodes = statvfs.f_files; -+ vfs_statvfs->FreeFileNodes = statvfs.f_ffree; -+ vfs_statvfs->FsIdentifier = statvfs.f_fsid; -+ vfs_statvfs->FsCapabilities = -+ FILE_CASE_SENSITIVE_SEARCH | FILE_CASE_PRESERVED_NAMES; -+ -+ return ret; -+} -+ -+static uint32_t vfs_gluster_fs_capabilities(struct vfs_handle_struct *handle, -+ enum timestamp_set_resolution *p_ts_res) -+{ -+ uint32_t caps = FILE_CASE_SENSITIVE_SEARCH | FILE_CASE_PRESERVED_NAMES; -+ -+#ifdef STAT_HAVE_NSEC -+ *p_ts_res = TIMESTAMP_SET_NT_OR_BETTER; -+#endif -+ -+ return caps; -+} -+ -+static DIR *vfs_gluster_opendir(struct vfs_handle_struct *handle, -+ const char *path, const char *mask, -+ uint32 attributes) -+{ -+ glfs_fd_t *fd; -+ -+ fd = glfs_opendir(handle->data, path); -+ if (fd == NULL) { -+ DEBUG(0, ("glfs_opendir(%s) failed: %s\n", -+ path, strerror(errno))); -+ } -+ -+ return (DIR *) fd; -+} -+ -+static DIR *vfs_gluster_fdopendir(struct vfs_handle_struct *handle, -+ files_struct *fsp, const char *mask, -+ uint32 attributes) -+{ -+ return (DIR *) glfd_fd_get(fsp->fh->fd); -+} -+ -+static int vfs_gluster_closedir(struct vfs_handle_struct *handle, DIR *dirp) -+{ -+ return glfs_closedir((void *)dirp); -+} -+ -+static SMB_STRUCT_DIRENT *vfs_gluster_readdir(struct vfs_handle_struct *handle, -+ SMB_STRUCT_DIR *dirp, -+ SMB_STRUCT_STAT *sbuf) -+{ -+ char direntbuf[512]; -+ int ret; -+ struct stat stat; -+ struct dirent *dirent = 0; -+ static SMB_STRUCT_DIRENT result; -+ -+ if (sbuf != NULL) { -+ ret = glfs_readdirplus_r((void *)dirp, &stat, (void *)direntbuf, -+ &dirent); -+ } else { -+ ret = glfs_readdir_r((void *)dirp, (void *)direntbuf, &dirent); -+ } -+ -+ if (ret < 0 || (dirent == NULL)) { -+ return NULL; -+ } -+ -+ if (sbuf != NULL) { -+ smb_stat_ex_from_stat(sbuf, &stat); -+ } -+ -+ result.d_ino = dirent->d_ino; -+ result.d_off = dirent->d_off; -+ result.d_reclen = dirent->d_reclen; -+ result.d_type = dirent->d_type; -+ strncpy(result.d_name, dirent->d_name, 256); -+ -+ return &result; -+} -+ -+static long vfs_gluster_telldir(struct vfs_handle_struct *handle, DIR *dirp) -+{ -+ return glfs_telldir((void *)dirp); -+} -+ -+static void vfs_gluster_seekdir(struct vfs_handle_struct *handle, DIR *dirp, -+ long offset) -+{ -+ glfs_seekdir((void *)dirp, offset); -+} -+ -+static void vfs_gluster_rewinddir(struct vfs_handle_struct *handle, -+ DIR *dirp) -+{ -+ glfs_seekdir((void *)dirp, 0); -+} -+ -+static void vfs_gluster_init_search_op(struct vfs_handle_struct *handle, -+ DIR *dirp) -+{ -+ return; -+} -+ -+static int vfs_gluster_mkdir(struct vfs_handle_struct *handle, const char *path, -+ mode_t mode) -+{ -+ return glfs_mkdir(handle->data, path, mode); -+} -+ -+static int vfs_gluster_rmdir(struct vfs_handle_struct *handle, const char *path) -+{ -+ return glfs_rmdir(handle->data, path); -+} -+ -+static int vfs_gluster_open(struct vfs_handle_struct *handle, -+ struct smb_filename *smb_fname, files_struct *fsp, -+ int flags, mode_t mode) -+{ -+ glfs_fd_t *glfd; -+ -+ if (flags & O_DIRECTORY) { -+ glfd = glfs_opendir(handle->data, smb_fname->base_name); -+ } else if (flags & O_CREAT) { -+ glfd = glfs_creat(handle->data, smb_fname->base_name, flags, -+ mode); -+ } else { -+ glfd = glfs_open(handle->data, smb_fname->base_name, flags); -+ } -+ -+ if (glfd == NULL) { -+ DEBUG(0, ("glfs_{open[dir],creat}(%s) failed: %s\n", -+ smb_fname->base_name, strerror(errno))); -+ return -1; -+ } -+ -+ return glfd_fd_store(glfd); -+} -+ -+static int vfs_gluster_close(struct vfs_handle_struct *handle, -+ files_struct *fsp) -+{ -+ return glfs_close(glfd_fd_clear(fsp->fh->fd)); -+} -+ -+static ssize_t vfs_gluster_read(struct vfs_handle_struct *handle, -+ files_struct *fsp, void *data, size_t n) -+{ -+ return glfs_read(glfd_fd_get(fsp->fh->fd), data, n, 0); -+} -+ -+static ssize_t vfs_gluster_pread(struct vfs_handle_struct *handle, -+ files_struct *fsp, void *data, size_t n, -+ off_t offset) -+{ -+ return glfs_pread(glfd_fd_get(fsp->fh->fd), data, n, offset, 0); -+} -+ -+static ssize_t vfs_gluster_write(struct vfs_handle_struct *handle, -+ files_struct *fsp, const void *data, size_t n) -+{ -+ return glfs_write(glfd_fd_get(fsp->fh->fd), data, n, 0); -+} -+ -+static ssize_t vfs_gluster_pwrite(struct vfs_handle_struct *handle, -+ files_struct *fsp, const void *data, size_t n, -+ off_t offset) -+{ -+ return glfs_pwrite(glfd_fd_get(fsp->fh->fd), data, n, offset, 0); -+} -+ -+static off_t vfs_gluster_lseek(struct vfs_handle_struct *handle, -+ files_struct *fsp, off_t offset, int whence) -+{ -+ return glfs_lseek(glfd_fd_get(fsp->fh->fd), offset, whence); -+} -+ -+static ssize_t vfs_gluster_sendfile(struct vfs_handle_struct *handle, int tofd, -+ files_struct *fromfsp, const DATA_BLOB *hdr, -+ off_t offset, size_t n) -+{ -+ errno = ENOTSUP; -+ return -1; -+} -+ -+static ssize_t vfs_gluster_recvfile(struct vfs_handle_struct *handle, -+ int fromfd, files_struct *tofsp, -+ off_t offset, size_t n) -+{ -+ errno = ENOTSUP; -+ return -1; -+} -+ -+static int vfs_gluster_rename(struct vfs_handle_struct *handle, -+ const struct smb_filename *smb_fname_src, -+ const struct smb_filename *smb_fname_dst) -+{ -+ return glfs_rename(handle->data, smb_fname_src->base_name, -+ smb_fname_dst->base_name); -+} -+ -+static int vfs_gluster_fsync(struct vfs_handle_struct *handle, -+ files_struct *fsp) -+{ -+ return glfs_fsync(glfd_fd_get(fsp->fh->fd)); -+} -+ -+static int vfs_gluster_stat(struct vfs_handle_struct *handle, -+ struct smb_filename *smb_fname) -+{ -+ struct stat st; -+ int ret; -+ -+ ret = glfs_stat(handle->data, smb_fname->base_name, &st); -+ if (ret == 0) { -+ smb_stat_ex_from_stat(&smb_fname->st, &st); -+ } -+ if (ret < 0 && errno != ENOENT) { -+ DEBUG(0, ("glfs_stat(%s) failed: %s\n", -+ smb_fname->base_name, strerror(errno))); -+ } -+ return ret; -+} -+ -+static int vfs_gluster_fstat(struct vfs_handle_struct *handle, -+ files_struct *fsp, SMB_STRUCT_STAT *sbuf) -+{ -+ struct stat st; -+ int ret; -+ -+ ret = glfs_fstat(glfd_fd_get(fsp->fh->fd), &st); -+ if (ret == 0) { -+ smb_stat_ex_from_stat(sbuf, &st); -+ } -+ if (ret < 0) { -+ DEBUG(0, ("glfs_ftat(%d) failed: %s\n", -+ fsp->fh->fd, strerror(errno))); -+ } -+ return ret; -+} -+ -+static int vfs_gluster_lstat(struct vfs_handle_struct *handle, -+ struct smb_filename *smb_fname) -+{ -+ struct stat st; -+ int ret; -+ -+ ret = glfs_lstat(handle->data, smb_fname->base_name, &st); -+ if (ret == 0) { -+ smb_stat_ex_from_stat(&smb_fname->st, &st); -+ } -+ if (ret < 0 && errno != ENOENT) { -+ DEBUG(0, ("glfs_lstat(%s) failed: %s\n", -+ smb_fname->base_name, strerror(errno))); -+ } -+ -+ return ret; -+} -+ -+static uint64_t vfs_gluster_get_alloc_size(struct vfs_handle_struct *handle, -+ files_struct *fsp, -+ const SMB_STRUCT_STAT *sbuf) -+{ -+ return sbuf->st_ex_blocks * 512; -+} -+ -+static int vfs_gluster_unlink(struct vfs_handle_struct *handle, -+ const struct smb_filename *smb_fname) -+{ -+ return glfs_unlink(handle->data, smb_fname->base_name); -+} -+ -+static int vfs_gluster_chmod(struct vfs_handle_struct *handle, -+ const char *path, mode_t mode) -+{ -+ return glfs_chmod(handle->data, path, mode); -+} -+ -+static int vfs_gluster_fchmod(struct vfs_handle_struct *handle, -+ files_struct *fsp, mode_t mode) -+{ -+ return glfs_fchmod(glfd_fd_get(fsp->fh->fd), mode); -+} -+ -+static int vfs_gluster_chown(struct vfs_handle_struct *handle, -+ const char *path, uid_t uid, gid_t gid) -+{ -+ return glfs_chown(handle->data, path, uid, gid); -+} -+ -+static int vfs_gluster_fchown(struct vfs_handle_struct *handle, -+ files_struct *fsp, uid_t uid, gid_t gid) -+{ -+ return glfs_fchown(glfd_fd_get(fsp->fh->fd), uid, gid); -+} -+ -+static int vfs_gluster_lchown(struct vfs_handle_struct *handle, -+ const char *path, uid_t uid, gid_t gid) -+{ -+ return glfs_lchown(handle->data, path, uid, gid); -+} -+ -+static int vfs_gluster_chdir(struct vfs_handle_struct *handle, const char *path) -+{ -+ return glfs_chdir(handle->data, path); -+} -+ -+static char *vfs_gluster_getwd(struct vfs_handle_struct *handle, char *path) -+{ -+ return glfs_getcwd(handle->data, path, PATH_MAX); -+} -+ -+static int vfs_gluster_ntimes(struct vfs_handle_struct *handle, -+ const struct smb_filename *smb_fname, -+ struct smb_file_time *ft) -+{ -+ struct timespec times[2]; -+ -+ times[0].tv_sec = ft->atime.tv_sec; -+ times[0].tv_nsec = ft->atime.tv_nsec; -+ times[1].tv_sec = ft->mtime.tv_sec; -+ times[1].tv_nsec = ft->mtime.tv_nsec; -+ -+ return glfs_utimens(handle->data, smb_fname->base_name, times); -+} -+ -+static int vfs_gluster_ftruncate(struct vfs_handle_struct *handle, -+ files_struct *fsp, off_t offset) -+{ -+ return glfs_ftruncate(glfd_fd_get(fsp->fh->fd), offset); -+} -+ -+static int vfs_gluster_fallocate(struct vfs_handle_struct *handle, -+ struct files_struct *fsp, -+ enum vfs_fallocate_mode mode, -+ off_t offset, off_t len) -+{ -+ errno = ENOTSUP; -+ return -1; -+} -+ -+static char *vfs_gluster_realpath(struct vfs_handle_struct *handle, -+ const char *path) -+{ -+ return glfs_realpath(handle->data, path, 0); -+} -+ -+static bool vfs_gluster_lock(struct vfs_handle_struct *handle, -+ files_struct *fsp, int op, off_t offset, -+ off_t count, int type) -+{ -+ struct flock flock = { 0, }; -+ int ret; -+ -+ flock.l_type = type; -+ flock.l_whence = SEEK_SET; -+ flock.l_start = offset; -+ flock.l_len = count; -+ flock.l_pid = 0; -+ -+ ret = glfs_posix_lock(glfd_fd_get(fsp->fh->fd), op, &flock); -+ -+ if (op == F_GETLK) { -+ /* lock query, true if someone else has locked */ -+ if ((ret != -1) && -+ (flock.l_type != F_UNLCK) && -+ (flock.l_pid != 0) && (flock.l_pid != getpid())) -+ return true; -+ /* not me */ -+ return false; -+ } -+ -+ if (ret == -1) { -+ return false; -+ } -+ -+ return true; -+} -+ -+static int vfs_gluster_kernel_flock(struct vfs_handle_struct *handle, -+ files_struct *fsp, uint32 share_mode, -+ uint32_t access_mask) -+{ -+ return 0; -+} -+ -+static int vfs_gluster_linux_setlease(struct vfs_handle_struct *handle, -+ files_struct *fsp, int leasetype) -+{ -+ errno = ENOSYS; -+ return -1; -+} -+ -+static bool vfs_gluster_getlock(struct vfs_handle_struct *handle, -+ files_struct *fsp, off_t *poffset, -+ off_t *pcount, int *ptype, pid_t *ppid) -+{ -+ struct flock flock = { 0, }; -+ int ret; -+ -+ flock.l_type = *ptype; -+ flock.l_whence = SEEK_SET; -+ flock.l_start = *poffset; -+ flock.l_len = *pcount; -+ flock.l_pid = 0; -+ -+ ret = glfs_posix_lock(glfd_fd_get(fsp->fh->fd), F_GETLK, &flock); -+ -+ if (ret == -1) { -+ return false; -+ } -+ -+ *ptype = flock.l_type; -+ *poffset = flock.l_start; -+ *pcount = flock.l_len; -+ *ppid = flock.l_pid; -+ -+ return true; -+} -+ -+static int vfs_gluster_symlink(struct vfs_handle_struct *handle, -+ const char *oldpath, const char *newpath) -+{ -+ return glfs_symlink(handle->data, oldpath, newpath); -+} -+ -+static int vfs_gluster_readlink(struct vfs_handle_struct *handle, -+ const char *path, char *buf, size_t bufsiz) -+{ -+ return glfs_readlink(handle->data, path, buf, bufsiz); -+} -+ -+static int vfs_gluster_link(struct vfs_handle_struct *handle, -+ const char *oldpath, const char *newpath) -+{ -+ return glfs_link(handle->data, oldpath, newpath); -+} -+ -+static int vfs_gluster_mknod(struct vfs_handle_struct *handle, const char *path, -+ mode_t mode, SMB_DEV_T dev) -+{ -+ return glfs_mknod(handle->data, path, mode, dev); -+} -+ -+static NTSTATUS vfs_gluster_notify_watch(struct vfs_handle_struct *vfs_handle, -+ struct sys_notify_context *ctx, -+ struct notify_entry *e, -+ void (*callback) (struct sys_notify_context *ctx, -+ void *private_data, -+ struct notify_event *ev), -+ void *private_data, void *handle) -+{ -+ return NT_STATUS_NOT_IMPLEMENTED; -+} -+ -+static int vfs_gluster_chflags(struct vfs_handle_struct *handle, -+ const char *path, unsigned int flags) -+{ -+ errno = ENOSYS; -+ return -1; -+} -+ -+static int vfs_gluster_get_real_filename(struct vfs_handle_struct *handle, -+ const char *path, const char *name, -+ TALLOC_CTX *mem_ctx, char **found_name) -+{ -+ int ret; -+ char key_buf[NAME_MAX + 64]; -+ char val_buf[NAME_MAX + 1]; -+ -+ if (strlen(name) >= NAME_MAX) { -+ errno = ENAMETOOLONG; -+ return -1; -+ } -+ -+ snprintf(key_buf, NAME_MAX + 64, -+ "user.glusterfs.get_real_filename:%s", name); -+ -+ ret = glfs_getxattr(handle->data, path, key_buf, val_buf, NAME_MAX + 1); -+ if (ret == -1 && errno == ENODATA) { -+ errno = EOPNOTSUPP; -+ return -1; -+ } -+ -+ *found_name = talloc_strdup(mem_ctx, val_buf); -+ if (found_name[0] == NULL) { -+ errno = ENOMEM; -+ return -1; -+ } -+ return 0; -+} -+ -+static const char *vfs_gluster_connectpath(struct vfs_handle_struct *handle, -+ const char *filename) -+{ -+ return handle->conn->connectpath; -+} -+ -+/* EA Operations */ -+ -+static ssize_t vfs_gluster_getxattr(struct vfs_handle_struct *handle, -+ const char *path, const char *name, -+ void *value, size_t size) -+{ -+ return glfs_getxattr(handle->data, path, name, value, size); -+} -+ -+static ssize_t vfs_gluster_lgetxattr(struct vfs_handle_struct *handle, -+ const char *path, const char *name, -+ void *value, size_t size) -+{ -+ return glfs_lgetxattr(handle->data, path, name, value, size); -+} -+ -+static ssize_t vfs_gluster_fgetxattr(struct vfs_handle_struct *handle, -+ files_struct *fsp, const char *name, -+ void *value, size_t size) -+{ -+ return glfs_fgetxattr(glfd_fd_get(fsp->fh->fd), name, value, size); -+} -+ -+static ssize_t vfs_gluster_listxattr(struct vfs_handle_struct *handle, -+ const char *path, char *list, size_t size) -+{ -+ return glfs_listxattr(handle->data, path, list, size); -+} -+ -+static ssize_t vfs_gluster_llistxattr(struct vfs_handle_struct *handle, -+ const char *path, char *list, size_t size) -+{ -+ return glfs_llistxattr(handle->data, path, list, size); -+} -+ -+static ssize_t vfs_gluster_flistxattr(struct vfs_handle_struct *handle, -+ files_struct *fsp, char *list, -+ size_t size) -+{ -+ return glfs_flistxattr(glfd_fd_get(fsp->fh->fd), list, size); -+} -+ -+static int vfs_gluster_removexattr(struct vfs_handle_struct *handle, -+ const char *path, const char *name) -+{ -+ return glfs_removexattr(handle->data, path, name); -+} -+ -+static int vfs_gluster_lremovexattr(struct vfs_handle_struct *handle, -+ const char *path, const char *name) -+{ -+ return glfs_lremovexattr(handle->data, path, name); -+} -+ -+static int vfs_gluster_fremovexattr(struct vfs_handle_struct *handle, -+ files_struct *fsp, const char *name) -+{ -+ return glfs_fremovexattr(glfd_fd_get(fsp->fh->fd), name); -+} -+ -+static int vfs_gluster_setxattr(struct vfs_handle_struct *handle, -+ const char *path, const char *name, -+ const void *value, size_t size, int flags) -+{ -+ return glfs_setxattr(handle->data, path, name, value, size, flags); -+} -+ -+static int vfs_gluster_lsetxattr(struct vfs_handle_struct *handle, -+ const char *path, const char *name, -+ const void *value, size_t size, int flags) -+{ -+ return glfs_lsetxattr(handle->data, path, name, value, size, flags); -+} -+ -+static int vfs_gluster_fsetxattr(struct vfs_handle_struct *handle, -+ files_struct *fsp, const char *name, -+ const void *value, size_t size, int flags) -+{ -+ return glfs_fsetxattr(glfd_fd_get(fsp->fh->fd), name, value, size, -+ flags); -+} -+ -+/* AIO Operations */ -+ -+static bool vfs_gluster_aio_force(struct vfs_handle_struct *handle, -+ files_struct *fsp) -+{ -+ return false; -+} -+ -+/* Offline Operations */ -+ -+static bool vfs_gluster_is_offline(struct vfs_handle_struct *handle, -+ const struct smb_filename *fname, -+ SMB_STRUCT_STAT *sbuf) -+{ -+ return false; -+} -+ -+static int vfs_gluster_set_offline(struct vfs_handle_struct *handle, -+ const struct smb_filename *fname) -+{ -+ errno = ENOTSUP; -+ return -1; -+} -+ -+/* Posix ACL Operations */ -+ -+#define GLUSTER_ACL_VERSION 2 -+#define GLUSTER_ACL_READ 0x04 -+#define GLUSTER_ACL_WRITE 0x02 -+#define GLUSTER_ACL_EXECUTE 0x01 -+ -+#define GLUSTER_ACL_UNDEFINED_TAG 0x00 -+#define GLUSTER_ACL_USER_OBJ 0x01 -+#define GLUSTER_ACL_USER 0x02 -+#define GLUSTER_ACL_GROUP_OBJ 0x04 -+#define GLUSTER_ACL_GROUP 0x08 -+#define GLUSTER_ACL_MASK 0x10 -+#define GLUSTER_ACL_OTHER 0x20 -+ -+#define GLUSTER_ACL_UNDEFINED_ID (-1) -+ -+struct gluster_ace { -+ uint16_t tag; -+ uint16_t perm; -+ uint32_t id; -+}; -+ -+struct gluster_acl_header { -+ uint32_t version; -+ struct gluster_ace entries[]; -+}; -+ -+static SMB_ACL_T gluster_to_smb_acl(const char *buf, size_t xattr_size) -+{ -+ int count; -+ size_t size; -+ struct gluster_ace *ace; -+ struct smb_acl_entry *smb_ace; -+ struct gluster_acl_header *hdr; -+ struct smb_acl_t *result; -+ int i; -+ uint16_t tag; -+ uint16_t perm; -+ uint32_t id; -+ -+ size = xattr_size; -+ -+ if (size < sizeof(*hdr)) { -+ /* ACL should be at least as big as the header */ -+ errno = EINVAL; -+ return NULL; -+ } -+ -+ size -= sizeof(*hdr); -+ -+ if (size % sizeof(*ace)) { -+ /* Size of entries must strictly be a multiple of -+ size of an ACE -+ */ -+ errno = EINVAL; -+ return NULL; -+ } -+ -+ count = size / sizeof(*ace); -+ -+ hdr = (void *)buf; -+ -+ if (ntohl(hdr->version) != GLUSTER_ACL_VERSION) { -+ DEBUG(0, ("Unknown gluster ACL version: %d\n", -+ ntohl(hdr->version))); -+ return NULL; -+ } -+ -+ result = SMB_MALLOC(sizeof(struct smb_acl_t) + (sizeof(struct smb_acl_entry) * count)); -+ if (!result) { -+ errno = ENOMEM; -+ return NULL; -+ } -+ -+ result->count = count; -+ -+ smb_ace = result->acl; -+ ace = hdr->entries; -+ -+ for (i = 0; i < count; i++) { -+ tag = ntohs(ace->tag); -+ -+ switch(tag) { -+ case GLUSTER_ACL_USER: -+ smb_ace->a_type = SMB_ACL_USER; -+ break; -+ case GLUSTER_ACL_USER_OBJ: -+ smb_ace->a_type = SMB_ACL_USER_OBJ; -+ break; -+ case GLUSTER_ACL_GROUP: -+ smb_ace->a_type = SMB_ACL_GROUP; -+ break; -+ case GLUSTER_ACL_GROUP_OBJ: -+ smb_ace->a_type = SMB_ACL_GROUP_OBJ; -+ break; -+ case GLUSTER_ACL_OTHER: -+ smb_ace->a_type = SMB_ACL_OTHER; -+ break; -+ case GLUSTER_ACL_MASK: -+ smb_ace->a_type = SMB_ACL_MASK; -+ break; -+ default: -+ DEBUG(0, ("unknown tag type %d\n", (unsigned int) tag)); -+ return NULL; -+ } -+ -+ id = ntohl(ace->id); -+ -+ switch(smb_ace->a_type) { -+ case SMB_ACL_USER: -+ smb_ace->uid = id; -+ break; -+ case SMB_ACL_GROUP: -+ smb_ace->gid = id; -+ break; -+ default: -+ break; -+ } -+ -+ perm = ntohs(ace->perm); -+ -+ smb_ace->a_perm = 0; -+ smb_ace->a_perm |= -+ ((perm & GLUSTER_ACL_READ) ? SMB_ACL_READ : 0); -+ smb_ace->a_perm |= -+ ((perm & GLUSTER_ACL_WRITE) ? SMB_ACL_WRITE : 0); -+ smb_ace->a_perm |= -+ ((perm & GLUSTER_ACL_EXECUTE) ? SMB_ACL_EXECUTE : 0); -+ -+ ace++; -+ smb_ace++; -+ } -+ -+ return result; -+} -+ -+static ssize_t smb_to_gluster_acl(SMB_ACL_T theacl, char *buf, size_t len) -+{ -+ ssize_t size; -+ struct gluster_ace *ace; -+ struct smb_acl_entry *smb_ace; -+ struct gluster_acl_header *hdr; -+ int i; -+ int count; -+ uint16_t tag; -+ uint16_t perm; -+ uint32_t id; -+ -+ count = theacl->count; -+ -+ size = sizeof(*hdr) + (count * sizeof(*ace)); -+ if (!buf) { -+ return size; -+ } -+ -+ if (len < size) { -+ errno = ERANGE; -+ return -1; -+ } -+ -+ hdr = (void *)buf; -+ ace = hdr->entries; -+ smb_ace = theacl->acl; -+ -+ hdr->version = htonl(GLUSTER_ACL_VERSION); -+ -+ for (i = 0; i < count; i++) { -+ switch(smb_ace->a_type) { -+ case SMB_ACL_USER: -+ tag = GLUSTER_ACL_USER; -+ break; -+ case SMB_ACL_USER_OBJ: -+ tag = GLUSTER_ACL_USER_OBJ; -+ break; -+ case SMB_ACL_GROUP: -+ tag = GLUSTER_ACL_GROUP; -+ break; -+ case SMB_ACL_GROUP_OBJ: -+ tag = GLUSTER_ACL_GROUP_OBJ; -+ break; -+ case SMB_ACL_OTHER: -+ tag = GLUSTER_ACL_OTHER; -+ break; -+ case SMB_ACL_MASK: -+ tag = GLUSTER_ACL_MASK; -+ break; -+ default: -+ DEBUG(0, ("Unknown tag value %d\n", -+ smb_ace->a_type)); -+ errno = EINVAL; -+ return -1; -+ } -+ -+ ace->tag = ntohs(tag); -+ -+ switch(smb_ace->a_type) { -+ case SMB_ACL_USER: -+ id = smb_ace->uid; -+ break; -+ case SMB_ACL_GROUP: -+ id = smb_ace->gid; -+ break; -+ default: -+ id = GLUSTER_ACL_UNDEFINED_ID; -+ break; -+ } -+ -+ ace->id = ntohl(id); -+ -+ ace->perm = 0; -+ ace->perm |= -+ ((smb_ace->a_perm & SMB_ACL_READ) ? GLUSTER_ACL_READ : 0); -+ ace->perm |= -+ ((smb_ace->a_perm & SMB_ACL_WRITE) ? GLUSTER_ACL_WRITE : 0); -+ ace->perm |= -+ ((smb_ace->a_perm & SMB_ACL_EXECUTE) ? GLUSTER_ACL_EXECUTE : 0); -+ -+ ace++; -+ smb_ace++; -+ } -+ -+ return size; -+} -+ -+ -+static SMB_ACL_T vfs_gluster_sys_acl_get_file(struct vfs_handle_struct *handle, -+ const char *path_p, -+ SMB_ACL_TYPE_T type) -+{ -+ struct smb_acl_t *result; -+ char *buf; -+ char *key; -+ ssize_t ret; -+ -+ switch (type) { -+ case SMB_ACL_TYPE_ACCESS: -+ key = "system.posix_acl_access"; -+ break; -+ case SMB_ACL_TYPE_DEFAULT: -+ key = "system.posix_acl_default"; -+ break; -+ default: -+ errno = EINVAL; -+ return NULL; -+ } -+ -+ ret = glfs_getxattr(handle->data, path_p, key, 0, 0); -+ if (ret <= 0) { -+ return NULL; -+ } -+ -+ buf = alloca(ret); -+ ret = glfs_getxattr(handle->data, path_p, key, buf, ret); -+ if (ret <= 0) { -+ return NULL; -+ } -+ -+ result = gluster_to_smb_acl(buf, ret); -+ -+ return result; -+} -+ -+static SMB_ACL_T vfs_gluster_sys_acl_get_fd(struct vfs_handle_struct *handle, -+ struct files_struct *fsp) -+{ -+ struct smb_acl_t *result; -+ int ret; -+ char *buf; -+ -+ ret = glfs_fgetxattr(glfd_fd_get(fsp->fh->fd), -+ "system.posix_acl_access", 0, 0); -+ if (ret <= 0) { -+ return NULL; -+ } -+ -+ buf = alloca(ret); -+ ret = glfs_fgetxattr(glfd_fd_get(fsp->fh->fd), -+ "system.posix_acl_access", buf, ret); -+ if (ret <= 0) { -+ return NULL; -+ } -+ -+ result = gluster_to_smb_acl(buf, ret); -+ -+ return result; -+} -+ -+static int vfs_gluster_sys_acl_set_file(struct vfs_handle_struct *handle, -+ const char *name, -+ SMB_ACL_TYPE_T acltype, -+ SMB_ACL_T theacl) -+{ -+ int ret; -+ char *key; -+ char *buf; -+ ssize_t size; -+ -+ switch (acltype) { -+ case SMB_ACL_TYPE_ACCESS: -+ key = "system.posix_acl_access"; -+ break; -+ case SMB_ACL_TYPE_DEFAULT: -+ key = "system.posix_acl_default"; -+ break; -+ default: -+ errno = EINVAL; -+ return -1; -+ } -+ -+ size = smb_to_gluster_acl(theacl, 0, 0); -+ buf = alloca(size); -+ -+ size = smb_to_gluster_acl(theacl, buf, size); -+ if (size == -1) { -+ return -1; -+ } -+ -+ ret = glfs_setxattr(handle->data, name, key, buf, size, 0); -+ -+ return ret; -+} -+ -+static int vfs_gluster_sys_acl_set_fd(struct vfs_handle_struct *handle, -+ struct files_struct *fsp, -+ SMB_ACL_T theacl) -+{ -+ int ret; -+ char *buf; -+ ssize_t size; -+ -+ size = smb_to_gluster_acl(theacl, 0, 0); -+ buf = alloca(size); -+ -+ size = smb_to_gluster_acl(theacl, buf, size); -+ if (size == -1) { -+ return -1; -+ } -+ -+ ret = glfs_fsetxattr(glfd_fd_get(fsp->fh->fd), -+ "system.posix_acl_access", buf, size, 0); -+ return ret; -+} -+ -+static int vfs_gluster_sys_acl_delete_def_file(struct vfs_handle_struct *handle, -+ const char *path) -+{ -+ return glfs_removexattr(handle->data, path, "system.posix_acl_default"); -+} -+ -+static struct vfs_fn_pointers glusterfs_fns = { -+ -+ /* Disk Operations */ -+ -+ .connect_fn = vfs_gluster_connect, -+ .disconnect = vfs_gluster_disconnect, -+ .disk_free = vfs_gluster_disk_free, -+ .get_quota = vfs_gluster_get_quota, -+ .set_quota = vfs_gluster_set_quota, -+ .statvfs = vfs_gluster_statvfs, -+ .fs_capabilities = vfs_gluster_fs_capabilities, -+ -+ /* Directory Operations */ -+ -+ .opendir = vfs_gluster_opendir, -+ .fdopendir = vfs_gluster_fdopendir, -+ .readdir = vfs_gluster_readdir, -+ .seekdir = vfs_gluster_seekdir, -+ .telldir = vfs_gluster_telldir, -+ .rewind_dir = vfs_gluster_rewinddir, -+ .mkdir = vfs_gluster_mkdir, -+ .rmdir = vfs_gluster_rmdir, -+ .closedir = vfs_gluster_closedir, -+ .init_search_op = vfs_gluster_init_search_op, -+ -+ /* File Operations */ -+ -+ .open_fn = vfs_gluster_open, -+ .create_file = NULL, -+ .close_fn = vfs_gluster_close, -+ .vfs_read = vfs_gluster_read, -+ .pread = vfs_gluster_pread, -+ .write = vfs_gluster_write, -+ .pwrite = vfs_gluster_pwrite, -+ .lseek = vfs_gluster_lseek, -+ .sendfile = vfs_gluster_sendfile, -+ .recvfile = vfs_gluster_recvfile, -+ .rename = vfs_gluster_rename, -+ .fsync = vfs_gluster_fsync, -+ .stat = vfs_gluster_stat, -+ .fstat = vfs_gluster_fstat, -+ .lstat = vfs_gluster_lstat, -+ .get_alloc_size = vfs_gluster_get_alloc_size, -+ .unlink = vfs_gluster_unlink, -+ -+ .chmod = vfs_gluster_chmod, -+ .fchmod = vfs_gluster_fchmod, -+ .chown = vfs_gluster_chown, -+ .fchown = vfs_gluster_fchown, -+ .lchown = vfs_gluster_lchown, -+ .chdir = vfs_gluster_chdir, -+ .getwd = vfs_gluster_getwd, -+ .ntimes = vfs_gluster_ntimes, -+ .ftruncate = vfs_gluster_ftruncate, -+ .fallocate = vfs_gluster_fallocate, -+ .lock = vfs_gluster_lock, -+ .kernel_flock = vfs_gluster_kernel_flock, -+ .linux_setlease = vfs_gluster_linux_setlease, -+ .getlock = vfs_gluster_getlock, -+ .symlink = vfs_gluster_symlink, -+ .vfs_readlink = vfs_gluster_readlink, -+ .link = vfs_gluster_link, -+ .mknod = vfs_gluster_mknod, -+ .realpath = vfs_gluster_realpath, -+ .notify_watch = vfs_gluster_notify_watch, -+ .chflags = vfs_gluster_chflags, -+ .file_id_create = NULL, -+ .streaminfo = NULL, -+ .get_real_filename = vfs_gluster_get_real_filename, -+ .connectpath = vfs_gluster_connectpath, -+ -+ .brl_lock_windows = NULL, -+ .brl_unlock_windows = NULL, -+ .brl_cancel_windows = NULL, -+ .strict_lock = NULL, -+ .strict_unlock = NULL, -+ .translate_name = NULL, -+ -+ /* NT ACL Operations */ -+ .fget_nt_acl = NULL, -+ .get_nt_acl = NULL, -+ .fset_nt_acl = NULL, -+ -+ /* Posix ACL Operations */ -+ .chmod_acl = NULL, /* passthrough to default */ -+ .fchmod_acl = NULL, /* passthrough to default */ -+ -+ .sys_acl_get_entry = NULL, -+ .sys_acl_get_tag_type = NULL, -+ .sys_acl_get_permset = NULL, -+ .sys_acl_get_qualifier = NULL, -+ .sys_acl_get_file = vfs_gluster_sys_acl_get_file, -+ .sys_acl_get_fd = vfs_gluster_sys_acl_get_fd, -+ .sys_acl_clear_perms = NULL, -+ .sys_acl_add_perm = NULL, -+ .sys_acl_to_text = NULL, -+ .sys_acl_init = NULL, -+ .sys_acl_create_entry = NULL, -+ .sys_acl_set_tag_type = NULL, -+ .sys_acl_set_qualifier = NULL, -+ .sys_acl_set_permset = NULL, -+ .sys_acl_valid = NULL, -+ .sys_acl_set_file = vfs_gluster_sys_acl_set_file, -+ .sys_acl_set_fd = vfs_gluster_sys_acl_set_fd, -+ .sys_acl_delete_def_file = vfs_gluster_sys_acl_delete_def_file, -+ .sys_acl_get_perm = NULL, -+ .sys_acl_free_text = NULL, -+ .sys_acl_free_acl = NULL, -+ .sys_acl_free_qualifier = NULL, -+ -+ /* EA Operations */ -+ .getxattr = vfs_gluster_getxattr, -+ .lgetxattr = vfs_gluster_lgetxattr, -+ .fgetxattr = vfs_gluster_fgetxattr, -+ .listxattr = vfs_gluster_listxattr, -+ .llistxattr = vfs_gluster_llistxattr, -+ .flistxattr = vfs_gluster_flistxattr, -+ .removexattr = vfs_gluster_removexattr, -+ .lremovexattr = vfs_gluster_lremovexattr, -+ .fremovexattr = vfs_gluster_fremovexattr, -+ .setxattr = vfs_gluster_setxattr, -+ .lsetxattr = vfs_gluster_lsetxattr, -+ .fsetxattr = vfs_gluster_fsetxattr, -+ -+ /* AIO Operations */ -+ .aio_read = NULL, -+ .aio_write = NULL, -+ .aio_return_fn = NULL, -+ .aio_cancel = NULL, -+ .aio_error_fn = NULL, -+ .aio_fsync = NULL, -+ .aio_suspend = NULL, -+ .aio_force = vfs_gluster_aio_force, -+ -+ /* Offline Operations */ -+ .is_offline = vfs_gluster_is_offline, -+ .set_offline = vfs_gluster_set_offline, -+}; -+ -+NTSTATUS vfs_glusterfs_init(void); -+NTSTATUS vfs_glusterfs_init(void) -+{ -+ return smb_register_vfs(SMB_VFS_INTERFACE_VERSION, -+ "glusterfs", &glusterfs_fns); -+} -diff --git a/source3/modules/wscript_build b/source3/modules/wscript_build -index ff7163f..31c93be 100644 ---- a/source3/modules/wscript_build -+++ b/source3/modules/wscript_build -@@ -50,6 +50,7 @@ VFS_SCANNEDONLY_SRC = 'vfs_scannedonly.c' - VFS_CROSSRENAME_SRC = 'vfs_crossrename.c' - VFS_LINUX_XFS_SGID_SRC = 'vfs_linux_xfs_sgid.c' - VFS_TIME_AUDIT_SRC = 'vfs_time_audit.c' -+VFS_GLUSTERFS_SRC = 'vfs_glusterfs.c' - - - bld.SAMBA3_SUBSYSTEM('NFS4_ACLS', -@@ -408,6 +409,14 @@ bld.SAMBA3_MODULE('vfs_time_audit', - internal_module=bld.SAMBA3_IS_STATIC_MODULE('vfs_time_audit'), - enabled=bld.SAMBA3_IS_ENABLED_MODULE('vfs_time_audit')) - -+bld.SAMBA3_MODULE('vfs_glusterfs', -+ subsystem='vfs', -+ source=VFS_GLUSTERFS_SRC, -+ deps='samba-util gfapi', -+ init_function='', -+ internal_module=bld.SAMBA3_IS_STATIC_MODULE('vfs_glusterfs'), -+ enabled=bld.SAMBA3_IS_ENABLED_MODULE('vfs_glusterfs'), -+ allow_undefined_symbols=False) - - - CHARSET_WEIRD_SRC = 'weird.c' -diff --git a/source3/wscript b/source3/wscript -index bcc6ce1..7e34db5 100644 ---- a/source3/wscript -+++ b/source3/wscript -@@ -60,6 +60,7 @@ def set_options(opt): - opt.SAMBA3_ADD_OPTION('automount') - opt.SAMBA3_ADD_OPTION('aio-support') - opt.SAMBA3_ADD_OPTION('profiling-data') -+ opt.SAMBA3_ADD_OPTION('glusterfs', with_name="enable", without_name="disable", default=True) - - opt.SAMBA3_ADD_OPTION('cluster-support') - -@@ -1701,6 +1702,24 @@ main() { - conf.undefine('CLUSTER_SUPPORT') - - -+ # -+ # Checking for GlusterFS -+ # -+ if Options.options.with_glusterfs: -+ conf.check_cfg(package='glusterfs-api', args='"glusterfs-api >= 4" --cflags --libs', -+ msg='Checking for glusterfs-api >= 4', uselib_store="GFAPI") -+ conf.CHECK_HEADERS('api/glfs.h', lib='gfapi') -+ conf.CHECK_LIB('gfapi', shlib=True) -+ -+ if conf.CONFIG_SET('HAVE_API_GLFS_H'): -+ conf.DEFINE('HAVE_GLUSTERFS', '1') -+ else: -+ conf.SET_TARGET_TYPE('gfapi', 'EMPTY') -+ conf.undefine('HAVE_GLUSTERFS') -+ else: -+ conf.SET_TARGET_TYPE('gfapi', 'EMPTY') -+ conf.undefine('HAVE_GLUSTERFS') -+ - - conf.CHECK_CODE('__attribute__((destructor)) static void cleanup(void) { }', - 'HAVE_FUNCTION_ATTRIBUTE_DESTRUCTOR', -@@ -1794,6 +1813,9 @@ main() { - if conf.CONFIG_SET('HAVE_GPFS'): - default_shared_modules.extend(TO_LIST('vfs_gpfs vfs_gpfs_hsm_notify')) - -+ if conf.CONFIG_SET('HAVE_GLUSTERFS'): -+ default_shared_modules.extend(TO_LIST('vfs_glusterfs')) -+ - explicit_shared_modules = TO_LIST(Options.options.shared_modules, delimiter=',') - explicit_static_modules = TO_LIST(Options.options.static_modules, delimiter=',') - --- -1.9.3 - - -From e2b70ae1e9b072173de2b7d6140381b910d436b4 Mon Sep 17 00:00:00 2001 -From: Raghavendra Talur rtalur@redhat.com -Date: Thu, 20 Jun 2013 17:58:15 -0700 -Subject: [PATCH 2/9] PATCHSET13: vfs_glusterfs: New file creation fix. - -When a new document is created in explorer, a check for file_exist is made. -vfs_gluster_get_real_filename was returning 0 even when the file did not -exist. ---- - source3/modules/vfs_glusterfs.c | 6 ++++-- - 1 file changed, 4 insertions(+), 2 deletions(-) - -diff --git a/source3/modules/vfs_glusterfs.c b/source3/modules/vfs_glusterfs.c -index 4beac1d..3752940 100644 ---- a/source3/modules/vfs_glusterfs.c -+++ b/source3/modules/vfs_glusterfs.c -@@ -839,8 +839,10 @@ static int vfs_gluster_get_real_filename(struct vfs_handle_struct *handle, - "user.glusterfs.get_real_filename:%s", name); - - ret = glfs_getxattr(handle->data, path, key_buf, val_buf, NAME_MAX + 1); -- if (ret == -1 && errno == ENODATA) { -- errno = EOPNOTSUPP; -+ if (ret == -1) { -+ if (errno == ENODATA) { -+ errno = EOPNOTSUPP; -+ } - return -1; - } - --- -1.9.3 - - -From e963ec42b17cdc7369e4b79387447bb3ddc99d2a Mon Sep 17 00:00:00 2001 -From: susant spalai@redhat.com -Date: Wed, 7 Aug 2013 01:00:31 -0500 -Subject: [PATCH 3/9] PATCHSET13: vfs_glusterfs: Volume capacity reported to - Windows is incorrect - -VFS plugin was sending the actual size of the volume instead of the -total number of block units because of which windows was getting the -wrong volume capacity. - -Signed-off-by: susant spalai@redhat.com -Reviewed-by: Anand Avati avati@redhat.com ---- - source3/modules/vfs_glusterfs.c | 11 ++++------- - 1 file changed, 4 insertions(+), 7 deletions(-) - -diff --git a/source3/modules/vfs_glusterfs.c b/source3/modules/vfs_glusterfs.c -index 3752940..1502776 100644 ---- a/source3/modules/vfs_glusterfs.c -+++ b/source3/modules/vfs_glusterfs.c -@@ -297,7 +297,6 @@ vfs_gluster_disk_free(struct vfs_handle_struct *handle, const char *path, - uint64_t *dsize_p) - { - struct statvfs statvfs = { 0, }; -- uint64_t dfree = 0; - int ret; - - ret = glfs_statvfs(handle->data, path, &statvfs); -@@ -307,19 +306,17 @@ vfs_gluster_disk_free(struct vfs_handle_struct *handle, const char *path, - return -1; - } - -- dfree = statvfs.f_bsize * statvfs.f_bavail; -- - if (bsize_p) { -- *bsize_p = statvfs.f_bsize; -+ *bsize_p = (uint64_t)statvfs.f_bsize; /* Block size */ - } - if (dfree_p) { -- *dfree_p = dfree; -+ *dfree_p = (uint64_t)statvfs.f_bavail; /* Available Block units */ - } - if (dsize_p) { -- *dsize_p = statvfs.f_bsize * statvfs.f_blocks; -+ *dsize_p = (uint64_t)statvfs.f_blocks; /* Total Block units */ - } - -- return dfree; -+ return (uint64_t)statvfs.f_bavail; - } - - static int --- -1.9.3 - - -From 1d41227866ede7ae14857105abd6b322e8e41525 Mon Sep 17 00:00:00 2001 -From: Anand Avati avati@redhat.com -Date: Mon, 12 Aug 2013 14:59:24 -0500 -Subject: [PATCH 4/9] PATCHSET13: vfs_glusterfs: Implement proper - mashalling/unmarshalling of ACLs - -Use the primitives available in Samba byteorder.h for implementing -proper (un)marshalling of ACL xattrs. - -Signed-off-by: Anand Avati avati@redhat.com -Reviewed-by: Raghavendra Talur rtalur@redhat.com -Reviewed-by: Jeremy Allison jra@samba.org -Tested-by: "Jose A. Rivera" jarrpa@redhat.com ---- - source3/modules/vfs_glusterfs.c | 154 +++++++++++++++++++++++++++++----------- - 1 file changed, 112 insertions(+), 42 deletions(-) - -diff --git a/source3/modules/vfs_glusterfs.c b/source3/modules/vfs_glusterfs.c -index 1502776..1b81d06 100644 ---- a/source3/modules/vfs_glusterfs.c -+++ b/source3/modules/vfs_glusterfs.c -@@ -963,13 +963,36 @@ static int vfs_gluster_set_offline(struct vfs_handle_struct *handle, - return -1; - } - --/* Posix ACL Operations */ -+/* -+ Gluster ACL Format: -+ -+ Size = 4 (header) + N * 8 (entry) -+ -+ Offset Size Field (Little Endian) -+ ------------------------------------- -+ 0-3 4-byte Version -+ -+ 4-5 2-byte Entry-1 tag -+ 6-7 2-byte Entry-1 perm -+ 8-11 4-byte Entry-1 id -+ -+ 12-13 2-byte Entry-2 tag -+ 14-15 2-byte Entry-2 perm -+ 16-19 4-byte Entry-2 id - -+ ... -+ -+ */ -+ -+/* header version */ - #define GLUSTER_ACL_VERSION 2 -+ -+/* perm bits */ - #define GLUSTER_ACL_READ 0x04 - #define GLUSTER_ACL_WRITE 0x02 - #define GLUSTER_ACL_EXECUTE 0x01 - -+/* tag values */ - #define GLUSTER_ACL_UNDEFINED_TAG 0x00 - #define GLUSTER_ACL_USER_OBJ 0x01 - #define GLUSTER_ACL_USER 0x02 -@@ -980,57 +1003,48 @@ static int vfs_gluster_set_offline(struct vfs_handle_struct *handle, - - #define GLUSTER_ACL_UNDEFINED_ID (-1) - --struct gluster_ace { -- uint16_t tag; -- uint16_t perm; -- uint32_t id; --}; -- --struct gluster_acl_header { -- uint32_t version; -- struct gluster_ace entries[]; --}; -+#define GLUSTER_ACL_HEADER_SIZE 4 -+#define GLUSTER_ACL_ENTRY_SIZE 8 - - static SMB_ACL_T gluster_to_smb_acl(const char *buf, size_t xattr_size) - { - int count; - size_t size; -- struct gluster_ace *ace; - struct smb_acl_entry *smb_ace; -- struct gluster_acl_header *hdr; - struct smb_acl_t *result; - int i; -+ int offset; - uint16_t tag; - uint16_t perm; - uint32_t id; - - size = xattr_size; - -- if (size < sizeof(*hdr)) { -- /* ACL should be at least as big as the header */ -+ if (size < GLUSTER_ACL_HEADER_SIZE) { -+ /* ACL should be at least as big as the header (4 bytes) */ - errno = EINVAL; - return NULL; - } - -- size -= sizeof(*hdr); -+ size -= GLUSTER_ACL_HEADER_SIZE; /* size of header = 4 bytes */ - -- if (size % sizeof(*ace)) { -+ if (size % GLUSTER_ACL_ENTRY_SIZE) { - /* Size of entries must strictly be a multiple of -- size of an ACE -+ size of an ACE (8 bytes) - */ - errno = EINVAL; - return NULL; - } - -- count = size / sizeof(*ace); -- -- hdr = (void *)buf; -+ count = size / GLUSTER_ACL_ENTRY_SIZE; - -- if (ntohl(hdr->version) != GLUSTER_ACL_VERSION) { -+ /* Version is the first 4 bytes of the ACL */ -+ if (IVAL(buf, 0) != GLUSTER_ACL_VERSION) { - DEBUG(0, ("Unknown gluster ACL version: %d\n", -- ntohl(hdr->version))); -+ IVAL(buf, 0))); - return NULL; - } -+ offset = GLUSTER_ACL_HEADER_SIZE; - - result = SMB_MALLOC(sizeof(struct smb_acl_t) + (sizeof(struct smb_acl_entry) * count)); - if (!result) { -@@ -1041,10 +1055,19 @@ static SMB_ACL_T gluster_to_smb_acl(const char *buf, size_t xattr_size) - result->count = count; - - smb_ace = result->acl; -- ace = hdr->entries; - - for (i = 0; i < count; i++) { -- tag = ntohs(ace->tag); -+ /* TAG is the first 2 bytes of an entry */ -+ tag = SVAL(buf, offset); -+ offset += 2; -+ -+ /* PERM is the next 2 bytes of an entry */ -+ perm = SVAL(buf, offset); -+ offset += 2; -+ -+ /* ID is the last 4 bytes of an entry */ -+ id = IVAL(buf, offset); -+ offset += 4; - - switch(tag) { - case GLUSTER_ACL_USER: -@@ -1070,7 +1093,6 @@ static SMB_ACL_T gluster_to_smb_acl(const char *buf, size_t xattr_size) - return NULL; - } - -- id = ntohl(ace->id); - - switch(smb_ace->a_type) { - case SMB_ACL_USER: -@@ -1083,8 +1105,6 @@ static SMB_ACL_T gluster_to_smb_acl(const char *buf, size_t xattr_size) - break; - } - -- perm = ntohs(ace->perm); -- - smb_ace->a_perm = 0; - smb_ace->a_perm |= - ((perm & GLUSTER_ACL_READ) ? SMB_ACL_READ : 0); -@@ -1093,28 +1113,61 @@ static SMB_ACL_T gluster_to_smb_acl(const char *buf, size_t xattr_size) - smb_ace->a_perm |= - ((perm & GLUSTER_ACL_EXECUTE) ? SMB_ACL_EXECUTE : 0); - -- ace++; - smb_ace++; - } - - return result; - } - -+ -+static int gluster_ace_cmp(const void *left, const void *right) -+{ -+ int ret = 0; -+ uint16_t tag_left, tag_right; -+ uint32_t id_left, id_right; -+ -+ /* -+ Sorting precedence: -+ -+ - Smaller TAG values must be earlier. -+ -+ - Within same TAG, smaller identifiers must be earlier, E.g: -+ UID 0 entry must be earlier than UID 200 -+ GID 17 entry must be earlier than GID 19 -+ */ -+ -+ /* TAG is the first element in the entry */ -+ tag_left = SVAL(left, 0); -+ tag_right = SVAL(right, 0); -+ -+ ret = (tag_left - tag_right); -+ if (!ret) { -+ /* ID is the third element in the entry, after two short -+ integers (tag and perm), i.e at offset 4. -+ */ -+ id_left = IVAL(left, 4); -+ id_right = IVAL(right, 4); -+ ret = id_left - id_right; -+ } -+ -+ return ret; -+} -+ -+ - static ssize_t smb_to_gluster_acl(SMB_ACL_T theacl, char *buf, size_t len) - { - ssize_t size; -- struct gluster_ace *ace; - struct smb_acl_entry *smb_ace; -- struct gluster_acl_header *hdr; - int i; - int count; - uint16_t tag; - uint16_t perm; - uint32_t id; -+ int offset; - - count = theacl->count; - -- size = sizeof(*hdr) + (count * sizeof(*ace)); -+ size = GLUSTER_ACL_HEADER_SIZE + (count * GLUSTER_ACL_ENTRY_SIZE); - if (!buf) { - return size; - } -@@ -1124,13 +1177,14 @@ static ssize_t smb_to_gluster_acl(SMB_ACL_T theacl, char *buf, size_t len) - return -1; - } - -- hdr = (void *)buf; -- ace = hdr->entries; - smb_ace = theacl->acl; - -- hdr->version = htonl(GLUSTER_ACL_VERSION); -+ /* Version is the first 4 bytes of the ACL */ -+ SIVAL(buf, 0, GLUSTER_ACL_VERSION); -+ offset = GLUSTER_ACL_HEADER_SIZE; - - for (i = 0; i < count; i++) { -+ /* Calculate tag */ - switch(smb_ace->a_type) { - case SMB_ACL_USER: - tag = GLUSTER_ACL_USER; -@@ -1157,8 +1211,8 @@ static ssize_t smb_to_gluster_acl(SMB_ACL_T theacl, char *buf, size_t len) - return -1; - } - -- ace->tag = ntohs(tag); - -+ /* Calculate id */ - switch(smb_ace->a_type) { - case SMB_ACL_USER: - id = smb_ace->uid; -@@ -1171,20 +1225,36 @@ static ssize_t smb_to_gluster_acl(SMB_ACL_T theacl, char *buf, size_t len) - break; - } - -- ace->id = ntohl(id); -+ /* Calculate perm */ -+ perm = 0; - -- ace->perm = 0; -- ace->perm |= -+ perm |= - ((smb_ace->a_perm & SMB_ACL_READ) ? GLUSTER_ACL_READ : 0); -- ace->perm |= -+ perm |= - ((smb_ace->a_perm & SMB_ACL_WRITE) ? GLUSTER_ACL_WRITE : 0); -- ace->perm |= -+ perm |= - ((smb_ace->a_perm & SMB_ACL_EXECUTE) ? GLUSTER_ACL_EXECUTE : 0); - -- ace++; -+ -+ /* TAG is the first 2 bytes of an entry */ -+ SSVAL(buf, offset, tag); -+ offset += 2; -+ -+ /* PERM is the next 2 bytes of an entry */ -+ SSVAL(buf, offset, perm); -+ offset += 2; -+ -+ /* ID is the last 4 bytes of an entry */ -+ SIVAL(buf, offset, id); -+ offset += 4; -+ - smb_ace++; - } - -+ /* Skip the header, sort @count number of 8-byte entries */ -+ qsort(buf+GLUSTER_ACL_HEADER_SIZE, count, GLUSTER_ACL_ENTRY_SIZE, -+ gluster_ace_cmp); -+ - return size; - } - --- -1.9.3 - - -From 26673935299da8ce830ff9d0ea5df18f52092092 Mon Sep 17 00:00:00 2001 -From: "Christopher R. Hertel" crh@redhat.com -Date: Thu, 29 Aug 2013 11:01:24 -0500 -Subject: [PATCH 5/9] PATCHSET13: vfs_glusterfs: Fix excessive debug output - from vfs_gluster_open(). - -The vfs_gluster_open() function generates a debug message (at level 0) -for every failed attempt to open a pathname. This includes cases in -which attempts are made to open a directory as a file (those attempts -are retried calling vfs_gluster_opendir()). The result is that the log -file fills with messages about failed attempts to open directories, -because they are directories. This patch ensures that failed attempts -to open directories as files are logged at log level 4, not 0. In -addition, other failed open attempts are logged at level 1, not 0. - -Signed-off-by: Christopher R. Hertel crh@redhat.com -Reviewed-by : Susant Palai spalai@redhat.com -Reviewed-by : Raghavendra Talur rtalur@redhat.com -Reviewed-by : Jose A. Rivera jarrpa@redhat.com ---- - source3/modules/vfs_glusterfs.c | 3 --- - 1 file changed, 3 deletions(-) - -diff --git a/source3/modules/vfs_glusterfs.c b/source3/modules/vfs_glusterfs.c -index 1b81d06..b92c7fd 100644 ---- a/source3/modules/vfs_glusterfs.c -+++ b/source3/modules/vfs_glusterfs.c -@@ -488,11 +488,8 @@ static int vfs_gluster_open(struct vfs_handle_struct *handle, - } - - if (glfd == NULL) { -- DEBUG(0, ("glfs_{open[dir],creat}(%s) failed: %s\n", -- smb_fname->base_name, strerror(errno))); - return -1; - } -- - return glfd_fd_store(glfd); - } - --- -1.9.3 - - -From f396be725dd8e8f93b0eed1b23fcf0a0f61303a9 Mon Sep 17 00:00:00 2001 -From: Andreas Schneider asn@samba.org -Date: Mon, 4 Nov 2013 12:32:05 +0100 -Subject: [PATCH 6/9] PATCHSET13: vfs: Fix some build warnings in glusterfs. - -Signed-off-by: Andreas Schneider asn@samba.org -Reviewed-by: David Disseldorp ddiss@samba.org ---- - source3/modules/vfs_glusterfs.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/source3/modules/vfs_glusterfs.c b/source3/modules/vfs_glusterfs.c -index b92c7fd..4b8da4a 100644 ---- a/source3/modules/vfs_glusterfs.c -+++ b/source3/modules/vfs_glusterfs.c -@@ -1262,7 +1262,7 @@ static SMB_ACL_T vfs_gluster_sys_acl_get_file(struct vfs_handle_struct *handle, - { - struct smb_acl_t *result; - char *buf; -- char *key; -+ const char *key; - ssize_t ret; - - switch (type) { -@@ -1324,7 +1324,7 @@ static int vfs_gluster_sys_acl_set_file(struct vfs_handle_struct *handle, - SMB_ACL_T theacl) - { - int ret; -- char *key; -+ const char *key; - char *buf; - ssize_t size; - --- -1.9.3 - - -From 2b136f8999e171d15736d0a532353799b7251ae2 Mon Sep 17 00:00:00 2001 -From: Andreas Schneider asn@samba.org -Date: Fri, 15 Nov 2013 17:02:19 +0100 -Subject: [PATCH 7/9] PATCHSET13: s3-vfs: Make glfs_set_preopened() static. - -Signed-off-by: Andreas Schneider asn@samba.org -Reviewed-by: Jeremy Allison jra@samba.org ---- - source3/modules/vfs_glusterfs.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/source3/modules/vfs_glusterfs.c b/source3/modules/vfs_glusterfs.c -index 4b8da4a..ef505a3 100644 ---- a/source3/modules/vfs_glusterfs.c -+++ b/source3/modules/vfs_glusterfs.c -@@ -141,7 +141,7 @@ static struct glfs_preopened { - } *glfs_preopened; - - --int glfs_set_preopened(const char *volume, glfs_t *fs) -+static int glfs_set_preopened(const char *volume, glfs_t *fs) - { - struct glfs_preopened *entry = NULL; - --- -1.9.3 - - -From 9b2c8854a5a27e4fdbe5191abf174d3152b0edfd Mon Sep 17 00:00:00 2001 -From: Poornima Gurusiddaiah pgurusid@redhat.com -Date: Sun, 24 Nov 2013 21:37:53 +0000 -Subject: [PATCH 8/9] PATCHSET13: vfs_glusterfs: Enable per client log file - -In Samba configuration file, one of the options of gluster type is -log file, the value of this option was not allowed to contain any -variables, as a result all the clients would have a single log file, -which complicated debugging. -In this patch, variable substitution is performed for gluster log file. -Hence allowing user to customise the gluster log file name. - -Signed-off-by: Poornima Gurusiddaiah pgurusid@redhat.com -Reviewed-by: Ira Cooper ira@samba.org ---- - source3/modules/vfs_glusterfs.c | 41 ++++++++++++++++++++++------------------- - 1 file changed, 22 insertions(+), 19 deletions(-) - -diff --git a/source3/modules/vfs_glusterfs.c b/source3/modules/vfs_glusterfs.c -index ef505a3..3757968 100644 ---- a/source3/modules/vfs_glusterfs.c -+++ b/source3/modules/vfs_glusterfs.c -@@ -205,12 +205,12 @@ static int vfs_gluster_connect(struct vfs_handle_struct *handle, - { - const char *volfile_server; - const char *volume; -- const char *logfile; -+ char *logfile; - int loglevel; - glfs_t *fs; -- int ret; -+ int ret = 0; - -- logfile = lp_parm_const_string(SNUM(handle->conn), "glusterfs", -+ logfile = lp_parm_talloc_string(SNUM(handle->conn), "glusterfs", - "logfile", NULL); - - loglevel = lp_parm_int(SNUM(handle->conn), "glusterfs", "loglevel", -1); -@@ -229,57 +229,60 @@ static int vfs_gluster_connect(struct vfs_handle_struct *handle, - - fs = glfs_find_preopened(volume); - if (fs) { -- goto found; -+ goto done; - } - - fs = glfs_new(volume); - if (fs == NULL) { -- return -1; -+ ret = -1; -+ goto done; - } - - ret = glfs_set_volfile_server(fs, "tcp", volfile_server, 0); - if (ret < 0) { - DEBUG(0, ("Failed to set volfile_server %s\n", volfile_server)); -- glfs_fini(fs); -- return -1; -+ goto done; - } - - ret = glfs_set_xlator_option(fs, "*-md-cache", "cache-posix-acl", - "true"); - if (ret < 0) { - DEBUG(0, ("%s: Failed to set xlator options\n", volume)); -- glfs_fini(fs); -- return -1; -+ goto done; - } - - ret = glfs_set_logging(fs, logfile, loglevel); - if (ret < 0) { - DEBUG(0, ("%s: Failed to set logfile %s loglevel %d\n", - volume, logfile, loglevel)); -- glfs_fini(fs); -- return -1; -+ goto done; - } - - ret = glfs_init(fs); - if (ret < 0) { - DEBUG(0, ("%s: Failed to initialize volume (%s)\n", - volume, strerror(errno))); -- glfs_fini(fs); -- return -1; -+ goto done; - } - - ret = glfs_set_preopened(volume, fs); - if (ret < 0) { - DEBUG(0, ("%s: Failed to register volume (%s)\n", - volume, strerror(errno))); -- glfs_fini(fs); -+ goto done; -+ } -+done: -+ talloc_free(logfile); -+ if (ret < 0) { -+ if (fs) -+ glfs_fini(fs); - return -1; -+ } else { -+ DEBUG(0, ("%s: Initialized volume from server %s\n", -+ volume, volfile_server)); -+ handle->data = fs; -+ return 0; - } --found: -- DEBUG(0, ("%s: Initialized volume from server %s\n", -- volume, volfile_server)); -- handle->data = fs; -- return 0; - } - - static void vfs_gluster_disconnect(struct vfs_handle_struct *handle) --- -1.9.3 - - -From 8577c573dcd44e26579a6594b83a6d582faef14c Mon Sep 17 00:00:00 2001 -From: Niels de Vos ndevos@redhat.com -Date: Fri, 10 Jan 2014 16:26:18 +0100 -Subject: [PATCH 9/9] PATCHSET13: vfs/glusterfs: in case atime is not passed, - set it to the current atime - -The Linux CIFS client does not pass an updated atime when a write() is -done. This causes the vfs/glusterfs module to set the atime to -1 on the -Gluster backend, resulting in an atime far in the future (year 2106). - -Signed-off-by: Niels de Vos ndevos@redhat.com -Reviewed-by: Ira Cooper ira@samba.org -Reviewed-by: Jeremy Allison jra@samba.org - -Autobuild-User(master): Jeremy Allison jra@samba.org -Autobuild-Date(master): Wed Jan 15 21:31:30 CET 2014 on sn-devel-104 ---- - source3/modules/vfs_glusterfs.c | 26 ++++++++++++++++++++++---- - 1 file changed, 22 insertions(+), 4 deletions(-) - -diff --git a/source3/modules/vfs_glusterfs.c b/source3/modules/vfs_glusterfs.c -index 3757968..24f80dd 100644 ---- a/source3/modules/vfs_glusterfs.c -+++ b/source3/modules/vfs_glusterfs.c -@@ -675,10 +675,28 @@ static int vfs_gluster_ntimes(struct vfs_handle_struct *handle, - { - struct timespec times[2]; - -- times[0].tv_sec = ft->atime.tv_sec; -- times[0].tv_nsec = ft->atime.tv_nsec; -- times[1].tv_sec = ft->mtime.tv_sec; -- times[1].tv_nsec = ft->mtime.tv_nsec; -+ if (null_timespec(ft->atime)) { -+ times[0].tv_sec = smb_fname->st.st_ex_atime.tv_sec; -+ times[0].tv_nsec = smb_fname->st.st_ex_atime.tv_nsec; -+ } else { -+ times[0].tv_sec = ft->atime.tv_sec; -+ times[0].tv_nsec = ft->atime.tv_nsec; -+ } -+ -+ if (null_timespec(ft->mtime)) { -+ times[1].tv_sec = smb_fname->st.st_ex_mtime.tv_sec; -+ times[1].tv_nsec = smb_fname->st.st_ex_mtime.tv_nsec; -+ } else { -+ times[1].tv_sec = ft->mtime.tv_sec; -+ times[1].tv_nsec = ft->mtime.tv_nsec; -+ } -+ -+ if ((timespec_compare(×[0], -+ &smb_fname->st.st_ex_atime) == 0) && -+ (timespec_compare(×[1], -+ &smb_fname->st.st_ex_mtime) == 0)) { -+ return 0; -+ } - - return glfs_utimens(handle->data, smb_fname->base_name, times); - } --- -1.9.3 - diff --git a/src/patches/samba/samba-3.6.23-libsmbclient.patch b/src/patches/samba/samba-3.6.23-libsmbclient.patch deleted file mode 100644 index 61107c589..000000000 --- a/src/patches/samba/samba-3.6.23-libsmbclient.patch +++ /dev/null @@ -1,36 +0,0 @@ -From b2b00b1d7871f7557fe7e8f616fa46a8e5ebd298 Mon Sep 17 00:00:00 2001 -From: Andreas Schneider asn@samba.org -Date: Wed, 28 May 2014 16:02:15 +0200 -Subject: [PATCH] PATCHSET10: s3-libsmbclient: Always initialize globals. - -This fixes cases where we dereference NULL pointers of globals which -were not initialized. ---- - source3/libsmb/libsmb_context.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/source3/libsmb/libsmb_context.c b/source3/libsmb/libsmb_context.c -index 6c20d65..888c2ef 100644 ---- a/source3/libsmb/libsmb_context.c -+++ b/source3/libsmb/libsmb_context.c -@@ -76,7 +76,7 @@ SMBC_module_init(void * punused) - * defaults ... - */ - -- if (!lp_load(get_dyn_CONFIGFILE(), True, False, False, False)) { -+ if (!lp_load(get_dyn_CONFIGFILE(), True, False, False, True)) { - DEBUG(5, ("Could not load config file: %s\n", - get_dyn_CONFIGFILE())); - } else if (home) { -@@ -89,7 +89,7 @@ SMBC_module_init(void * punused) - if (asprintf(&conf, - "%s/.smb/smb.conf.append", - home) > 0) { -- if (!lp_load(conf, True, False, False, False)) { -+ if (!lp_load(conf, True, False, False, True)) { - DEBUG(10, - ("Could not append config file: " - "%s\n", --- -1.9.3 - diff --git a/src/patches/samba/samba-3.6.26-smb2_case_sensitive.patch b/src/patches/samba/samba-3.6.26-smb2_case_sensitive.patch deleted file mode 100644 index ee27bd41c..000000000 --- a/src/patches/samba/samba-3.6.26-smb2_case_sensitive.patch +++ /dev/null @@ -1,118 +0,0 @@ -From 3432aafbf86b4d3a559838d81b3ebc039e72a412 Mon Sep 17 00:00:00 2001 -From: Jeremy Allison jra@samba.org -Date: Tue, 10 Jun 2014 14:41:45 -0700 -Subject: [PATCH 1/2] s3: smbd - SMB[2|3]. Ensure a \ or / can't be found - anywhere in a search path, not just at the start. - -Signed-off-by: Jeremy Allison jra@samba.org ---- - source3/smbd/smb2_find.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/source3/smbd/smb2_find.c b/source3/smbd/smb2_find.c -index 59e5b66..b0ab7a8 100644 ---- a/source3/smbd/smb2_find.c -+++ b/source3/smbd/smb2_find.c -@@ -255,11 +255,11 @@ static struct tevent_req *smbd_smb2_find_send(TALLOC_CTX *mem_ctx, - tevent_req_nterror(req, NT_STATUS_OBJECT_NAME_INVALID); - return tevent_req_post(req, ev); - } -- if (strcmp(in_file_name, "\") == 0) { -+ if (strchr_m(in_file_name, '\') != NULL) { - tevent_req_nterror(req, NT_STATUS_OBJECT_NAME_INVALID); - return tevent_req_post(req, ev); - } -- if (strcmp(in_file_name, "/") == 0) { -+ if (strchr_m(in_file_name, '/') != NULL) { - tevent_req_nterror(req, NT_STATUS_OBJECT_NAME_INVALID); - return tevent_req_post(req, ev); - } --- -1.9.3 - - -From 190d0f39bb400a373c8f4d6847e2980c0df8da2b Mon Sep 17 00:00:00 2001 -From: Jeremy Allison jra@samba.org -Date: Tue, 10 Jun 2014 15:58:15 -0700 -Subject: [PATCH 2/2] s3: smbd : SMB2 - fix SMB2_SEARCH when searching non - wildcard string with a case-canonicalized share. - -We need to go through filename_convert() in order for the filename -canonicalization to be done on a non-wildcard search string (as is -done in the SMB1 findfirst code path). - -Fixes Bug #10650 - "case sensitive = True" option doesn't work with "max protocol = SMB2" or higher in large directories. - -https://bugzilla.samba.org/show_bug.cgi?id=10650 - -Signed-off-by: Jeremy Allison jra@samba.org ---- - source3/smbd/smb2_find.c | 38 +++++++++++++++++++++++++++++++++++--- - 1 file changed, 35 insertions(+), 3 deletions(-) - -diff --git a/source3/smbd/smb2_find.c b/source3/smbd/smb2_find.c -index b0ab7a8..6fe6545 100644 ---- a/source3/smbd/smb2_find.c -+++ b/source3/smbd/smb2_find.c -@@ -229,6 +229,7 @@ static struct tevent_req *smbd_smb2_find_send(TALLOC_CTX *mem_ctx, - uint32_t dirtype = FILE_ATTRIBUTE_HIDDEN | FILE_ATTRIBUTE_SYSTEM | FILE_ATTRIBUTE_DIRECTORY; - bool dont_descend = false; - bool ask_sharemode = true; -+ bool wcard_has_wild; - - req = tevent_req_create(mem_ctx, &state, - struct smbd_smb2_find_state); -@@ -303,16 +304,47 @@ static struct tevent_req *smbd_smb2_find_send(TALLOC_CTX *mem_ctx, - dptr_CloseDir(fsp); - } - -+ wcard_has_wild = ms_has_wild(in_file_name); -+ -+ /* Ensure we've canonicalized any search path if not a wildcard. */ -+ if (!wcard_has_wild) { -+ struct smb_filename *smb_fname = NULL; -+ const char *fullpath; -+ -+ if (ISDOT(fsp->fsp_name->base_name)) { -+ fullpath = in_file_name; -+ } else { -+ fullpath = talloc_asprintf(state, -+ "%s/%s", -+ fsp->fsp_name->base_name, -+ in_file_name); -+ } -+ if (tevent_req_nomem(fullpath, req)) { -+ return tevent_req_post(req, ev); -+ } -+ status = filename_convert(state, -+ conn, -+ false, /* Not a DFS path. */ -+ fullpath, -+ UCF_SAVE_LCOMP | UCF_ALWAYS_ALLOW_WCARD_LCOMP, -+ &wcard_has_wild, -+ &smb_fname); -+ -+ if (!NT_STATUS_IS_OK(status)) { -+ tevent_req_nterror(req, status); -+ return tevent_req_post(req, ev); -+ } -+ -+ in_file_name = smb_fname->original_lcomp; -+ } -+ - if (fsp->dptr == NULL) { -- bool wcard_has_wild; - - if (!(fsp->access_mask & SEC_DIR_LIST)) { - tevent_req_nterror(req, NT_STATUS_ACCESS_DENIED); - return tevent_req_post(req, ev); - } - -- wcard_has_wild = ms_has_wild(in_file_name); -- - status = dptr_create(conn, - fsp, - fsp->fsp_name->base_name, --- -1.9.3 - diff --git a/src/patches/samba/samba-3.6.99-2110-ntlmssp-session-setup-nas.patch b/src/patches/samba/samba-3.6.99-2110-ntlmssp-session-setup-nas.patch deleted file mode 100644 index 2b6ce6abc..000000000 --- a/src/patches/samba/samba-3.6.99-2110-ntlmssp-session-setup-nas.patch +++ /dev/null @@ -1,39 +0,0 @@ -From ce2b7dad823e3af00884bc0c75851eec7445ec88 Mon Sep 17 00:00:00 2001 -From: Andreas Schneider asn@samba.org -Date: Mon, 31 Oct 2016 12:25:35 +0100 -Subject: [PATCH] s3-libsmb Allow SESSION KEY setup without signing - -This is not supported by NetApp or EMC NAS systems. They do not -implement the protocol correctly. So work around their broken -implementations. - -Signed-off-by: Andreas Schneider asn@samba.org ---- - source3/libsmb/ntlmssp.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/source3/libsmb/ntlmssp.c b/source3/libsmb/ntlmssp.c -index 7e58990..446d02d 100644 ---- a/source3/libsmb/ntlmssp.c -+++ b/source3/libsmb/ntlmssp.c -@@ -206,7 +206,7 @@ void ntlmssp_want_feature_list(struct ntlmssp_state *ntlmssp_state, char *featur - * also add NTLMSSP_NEGOTIATE_SEAL here. JRA. - */ - if (in_list("NTLMSSP_FEATURE_SESSION_KEY", feature_list, True)) { -- ntlmssp_state->required_flags |= NTLMSSP_NEGOTIATE_SIGN; -+ ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SIGN; - } - if (in_list("NTLMSSP_FEATURE_SIGN", feature_list, True)) { - ntlmssp_state->required_flags |= NTLMSSP_NEGOTIATE_SIGN; -@@ -231,7 +231,7 @@ void ntlmssp_want_feature(struct ntlmssp_state *ntlmssp_state, uint32_t feature) - { - /* As per JRA's comment above */ - if (feature & NTLMSSP_FEATURE_SESSION_KEY) { -- ntlmssp_state->required_flags |= NTLMSSP_NEGOTIATE_SIGN; -+ ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SIGN; - } - if (feature & NTLMSSP_FEATURE_SIGN) { - ntlmssp_state->required_flags |= NTLMSSP_NEGOTIATE_SIGN; --- -2.10.1 - diff --git a/src/patches/samba/samba-3.6.99-add_spoolss_os_version.patch b/src/patches/samba/samba-3.6.99-add_spoolss_os_version.patch deleted file mode 100644 index 3953b299f..000000000 --- a/src/patches/samba/samba-3.6.99-add_spoolss_os_version.patch +++ /dev/null @@ -1,53 +0,0 @@ -From e5d6a3914151217e1487d9a444c2ced4cfd89491 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?G=C3=BCnther=20Deschner?= gd@samba.org -Date: Sat, 19 Jan 2013 01:37:29 +0100 -Subject: [PATCH 19/20] PATCHSET9: s3-spoolss: Make it easier to manipulate the - returned OSVersion at runtime. -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Guenther - -Signed-off-by: Günther Deschner gd@samba.org -Reviewed-by: Andreas Schneider asn@samba.org -Signed-off-by: Andreas Schneider asn@samba.org ---- - source3/rpc_server/spoolss/srv_spoolss_nt.c | 14 +++++++++++--- - 1 file changed, 11 insertions(+), 3 deletions(-) - -diff --git a/source3/rpc_server/spoolss/srv_spoolss_nt.c b/source3/rpc_server/spoolss/srv_spoolss_nt.c -index 8372c43..0c4b582 100644 ---- a/source3/rpc_server/spoolss/srv_spoolss_nt.c -+++ b/source3/rpc_server/spoolss/srv_spoolss_nt.c -@@ -2352,9 +2352,13 @@ static WERROR getprinterdata_printer_server(TALLOC_CTX *mem_ctx, - enum ndr_err_code ndr_err; - struct spoolss_OSVersion os; - -- os.major = 5; /* Windows 2000 == 5.0 */ -- os.minor = 0; -- os.build = 2195; /* build */ -+ os.major = lp_parm_int(GLOBAL_SECTION_SNUM, -+ "spoolss", "os_major", 5); -+ /* Windows 2000 == 5.0 */ -+ os.minor = lp_parm_int(GLOBAL_SECTION_SNUM, -+ "spoolss", "os_minor", 0); -+ os.build = lp_parm_int(GLOBAL_SECTION_SNUM, -+ "spoolss", "os_build", 2195); - os.extra_string = ""; /* leave extra string empty */ - - ndr_err = ndr_push_struct_blob(&blob, mem_ctx, &os, -@@ -2363,6 +2367,10 @@ static WERROR getprinterdata_printer_server(TALLOC_CTX *mem_ctx, - return WERR_GENERAL_FAILURE; - } - -+ if (DEBUGLEVEL >= 10) { -+ NDR_PRINT_DEBUG(spoolss_OSVersion, &os); -+ } -+ - *type = REG_BINARY; - data->binary = blob; - --- -1.9.0 - diff --git a/src/patches/samba/samba-3.6.99-add_timeout_option_to_smbclient.patch b/src/patches/samba/samba-3.6.99-add_timeout_option_to_smbclient.patch deleted file mode 100644 index 7175ca86a..000000000 --- a/src/patches/samba/samba-3.6.99-add_timeout_option_to_smbclient.patch +++ /dev/null @@ -1,147 +0,0 @@ -commit e8f6a7df1b5ae7f7275ac59b8c21b82de1922c3b -Author: Jeremy Allison jra@samba.org -AuthorDate: Fri Aug 16 13:49:39 2013 -0700 -Commit: Andreas Schneider asn@samba.org -CommitDate: Wed Feb 5 11:50:28 2014 +0100 - - Add new "timeout" command and -t option to smbclient to set the per-operation timeout. - - This is needed as once SMB3 encryption is selected the server - response time can be very slow when requesting large numbers - (256) of large encrypted packets (1MB) from a Windows 2012 - virtual machine. This allows clients to tune their allowable - wait time. - - Signed-off-by: Jeremy Allison jra@samba.org - Reviewed-by: Michael Adam obnox@samba.org - (cherry picked from commit d9c88a56dc451be09e8c9fc9aa8857e312fcb444) ---- - source3/client/client.c | 44 ++++++++++++++++++++++++++++++++++++++++---- - 1 file changed, 40 insertions(+), 4 deletions(-) - -diff --git a/source3/client/client.c b/source3/client/client.c -index f6e42f6..aa16b14 100644 ---- a/source3/client/client.c -+++ b/source3/client/client.c -@@ -54,7 +54,12 @@ static bool grepable = false; - static char *cmdstr = NULL; - const char *cmd_ptr = NULL; - -+/* 30 second timeout on most commands */ -+#define CLIENT_TIMEOUT (30*1000) -+#define SHORT_TIMEOUT (5*1000) -+ - static int io_bufsize = 524288; -+static int io_timeout = (CLIENT_TIMEOUT/1000); /* Per operation timeout (in seconds). */ - - static int name_type = 0x20; - static int max_protocol = PROTOCOL_NT1; -@@ -64,10 +69,6 @@ static int cmd_help(void); - - #define CREATE_ACCESS_READ READ_CONTROL_ACCESS - --/* 30 second timeout on most commands */ --#define CLIENT_TIMEOUT (30*1000) --#define SHORT_TIMEOUT (5*1000) -- - /* value for unused fid field in trans2 secondary request */ - #define FID_UNUSED (0xFFFF) - -@@ -4264,6 +4265,31 @@ int cmd_iosize(void) - } - - /**************************************************************************** -+ timeout command -+***************************************************************************/ -+ -+static int cmd_timeout(void) -+{ -+ TALLOC_CTX *ctx = talloc_tos(); -+ char *buf; -+ -+ if (!next_token_talloc(ctx, &cmd_ptr,&buf,NULL)) { -+ unsigned int old_timeout = cli_set_timeout(cli, 0); -+ cli_set_timeout(cli, old_timeout); -+ d_printf("timeout <n> (per-operation timeout " -+ "in seconds - currently %u).\n", -+ old_timeout/1000); -+ return 1; -+ } -+ -+ io_timeout = strtol(buf,NULL,0); -+ cli_set_timeout(cli, io_timeout*1000); -+ d_printf("io_timeout per operation is now %d\n", io_timeout); -+ return 0; -+} -+ -+ -+/**************************************************************************** - history - ****************************************************************************/ - static int cmd_history(void) -@@ -4369,6 +4395,7 @@ static struct { - {"symlink",cmd_symlink,"<oldname> <newname> create a UNIX symlink",{COMPL_REMOTE,COMPL_REMOTE}}, - {"tar",cmd_tar,"tar <c|x>[IXFqbgNan] current directory to/from <file name>",{COMPL_NONE,COMPL_NONE}}, - {"tarmode",cmd_tarmode,"<full|inc|reset|noreset> tar's behaviour towards archive bits",{COMPL_NONE,COMPL_NONE}}, -+ {"timeout",cmd_timeout,"timeout <number> - set the per-operation timeout in seconds (default 20)",{COMPL_NONE,COMPL_NONE}}, - {"translate",cmd_translate,"toggle text translation for printing",{COMPL_NONE,COMPL_NONE}}, - {"unlock",cmd_unlock,"unlock <fnum> <hex-start> <hex-len> : remove a POSIX lock",{COMPL_REMOTE,COMPL_REMOTE}}, - {"volume",cmd_volume,"print the volume name",{COMPL_NONE,COMPL_NONE}}, -@@ -4465,6 +4492,7 @@ static int process_command_string(const char *cmd_in) - if (!cli) { - return 1; - } -+ cli_set_timeout(cli, io_timeout*1000); - } - - while (cmd[0] != '\0') { -@@ -4942,6 +4970,8 @@ static int process(const char *base_directory) - return 1; - } - -+ cli_set_timeout(cli, io_timeout*1000); -+ - if (base_directory && *base_directory) { - rc = do_cd(base_directory); - if (rc) { -@@ -4972,6 +5002,7 @@ static int do_host_query(const char *query_host) - if (!cli) - return 1; - -+ cli_set_timeout(cli, io_timeout*1000); - browse_host(true); - - /* Ensure that the host can do IPv4 */ -@@ -5003,6 +5034,7 @@ static int do_host_query(const char *query_host) - return 1; - } - -+ cli_set_timeout(cli, io_timeout*1000); - list_servers(lp_workgroup()); - - cli_shutdown(cli); -@@ -5026,6 +5058,7 @@ static int do_tar_op(const char *base_directory) - max_protocol, port, name_type); - if (!cli) - return 1; -+ cli_set_timeout(cli, io_timeout*1000); - } - - recurse=true; -@@ -5091,6 +5124,8 @@ static int do_message_op(struct user_auth_info *a_info) - return 1; - } - -+ cli_set_timeout(cli, io_timeout*1000); -+ - send_message(get_cmdline_auth_info_username(a_info)); - cli_shutdown(cli); - -@@ -5127,6 +5162,7 @@ static int do_message_op(struct user_auth_info *a_info) - { "directory", 'D', POPT_ARG_STRING, NULL, 'D', "Start from directory", "DIR" }, - { "command", 'c', POPT_ARG_STRING, &cmdstr, 'c', "Execute semicolon separated commands" }, - { "send-buffer", 'b', POPT_ARG_INT, &io_bufsize, 'b', "Changes the transmit/send buffer", "BYTES" }, -+ { "timeout", 't', POPT_ARG_INT, &io_timeout, 'b', "Changes the per-operation timeout", "SECONDS" }, - { "port", 'p', POPT_ARG_INT, &port, 'p', "Port to connect to", "PORT" }, - { "grepable", 'g', POPT_ARG_NONE, NULL, 'g', "Produce grepable output" }, - { "browse", 'B', POPT_ARG_NONE, NULL, 'B', "Browse SMB servers using DNS" }, diff --git a/src/patches/samba/samba-3.6.99-asserted_identity_sid-S-1-18-1.patch b/src/patches/samba/samba-3.6.99-asserted_identity_sid-S-1-18-1.patch deleted file mode 100644 index 19e5f1ad5..000000000 --- a/src/patches/samba/samba-3.6.99-asserted_identity_sid-S-1-18-1.patch +++ /dev/null @@ -1,223 +0,0 @@ -From ed26d110b814e2cf0413bd9665bd08bda271ba01 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?G=C3=BCnther=20Deschner?= gd@samba.org -Date: Fri, 15 Jan 2016 14:46:07 +0100 -Subject: [PATCH 1/3] security: Add Asserted Identity sids (S-1-18) -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Bug: https://bugzilla.samba.org/show_bug.cgi?id=11677 - -definitions taken from [MS-DTYP]: Windows Data Types, -2.4.2.4 Well-Known SID Structures. - -Guenther - -Signed-off-by: Günther Deschner gd@samba.org ---- - libcli/security/dom_sid.h | 3 +++ - libcli/security/util_sid.c | 8 ++++++++ - librpc/idl/security.idl | 3 +++ - 3 files changed, 14 insertions(+) - -diff --git a/libcli/security/dom_sid.h b/libcli/security/dom_sid.h -index 04571c2..503b621 100644 ---- a/libcli/security/dom_sid.h -+++ b/libcli/security/dom_sid.h -@@ -35,6 +35,9 @@ extern const struct dom_sid global_sid_System; - extern const struct dom_sid global_sid_NULL; - extern const struct dom_sid global_sid_Authenticated_Users; - extern const struct dom_sid global_sid_Network; -+extern const struct dom_sid global_sid_Asserted_Identity; -+extern const struct dom_sid global_sid_Asserted_Identity_Service; -+extern const struct dom_sid global_sid_Asserted_Identity_Authentication_Authority; - extern const struct dom_sid global_sid_Creator_Owner; - extern const struct dom_sid global_sid_Creator_Group; - extern const struct dom_sid global_sid_Anonymous; -diff --git a/libcli/security/util_sid.c b/libcli/security/util_sid.c -index cf1f7f3..5a41ef7 100644 ---- a/libcli/security/util_sid.c -+++ b/libcli/security/util_sid.c -@@ -53,6 +53,14 @@ const struct dom_sid global_sid_Authenticated_Users = /* All authenticated rids - const struct dom_sid global_sid_Restriced = /* Restriced Code */ - { 1, 1, {0,0,0,0,0,5}, {12,0,0,0,0,0,0,0,0,0,0,0,0,0,0}}; - #endif -+ -+const struct dom_sid global_sid_Asserted_Identity = /* Asserted Identity */ -+{ 1, 0, {0,0,0,0,0,18}, {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0}}; -+const struct dom_sid global_sid_Asserted_Identity_Service = /* Asserted Identity Service */ -+{ 1, 1, {0,0,0,0,0,18}, {1,0,0,0,0,0,0,0,0,0,0,0,0,0,0}}; -+const struct dom_sid global_sid_Asserted_Identity_Authentication_Authority = /* Asserted Identity Authentication Authority */ -+{ 1, 1, {0,0,0,0,0,18}, {2,0,0,0,0,0,0,0,0,0,0,0,0,0,0}}; -+ - const struct dom_sid global_sid_Network = /* Network rids */ - { 1, 1, {0,0,0,0,0,5}, {2,0,0,0,0,0,0,0,0,0,0,0,0,0,0}}; - -diff --git a/librpc/idl/security.idl b/librpc/idl/security.idl -index 0ea79a3..7df773e 100644 ---- a/librpc/idl/security.idl -+++ b/librpc/idl/security.idl -@@ -277,6 +277,9 @@ interface security - const string SID_NT_TRUSTED_INSTALLER = - "S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464"; - -+ const string SID_AUTHENTICATION_AUTHORITY_ASSERTED_IDENTITY = "S-1-18-1"; -+ const string SID_SERVICE_ASSERTED_IDENTITY = "S-1-18-2"; -+ - /* well-known domain RIDs */ - const int DOMAIN_RID_LOGON = 9; - const int DOMAIN_RID_ENTERPRISE_READONLY_DCS = 498; --- -2.5.0 - - -From be247c05146c45bcea5c06a38ff07e8f0c934ab6 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?G=C3=BCnther=20Deschner?= gd@samba.org -Date: Fri, 15 Jan 2016 14:43:12 +0100 -Subject: [PATCH 2/3] s3-util: add helper functions to deal with the S-1-18 - domain. -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Bug: https://bugzilla.samba.org/show_bug.cgi?id=11677 - -Guenther - -Signed-off-by: Günther Deschner gd@samba.org ---- - source3/Makefile.in | 2 +- - source3/include/proto.h | 5 +++++ - source3/lib/util_specialsids.c | 40 ++++++++++++++++++++++++++++++++++++++++ - source3/wscript_build | 1 + - 4 files changed, 47 insertions(+), 1 deletion(-) - create mode 100644 source3/lib/util_specialsids.c - -diff --git a/source3/Makefile.in b/source3/Makefile.in -index 9e8e03d..8df2bff 100644 ---- a/source3/Makefile.in -+++ b/source3/Makefile.in -@@ -456,7 +456,7 @@ LIB_OBJ = $(LIBSAMBAUTIL_OBJ) $(UTIL_OBJ) $(CRYPTO_OBJ) \ - lib/access.o lib/smbrun.o \ - lib/bitmap.o lib/dprintf.o $(UTIL_REG_OBJ) \ - lib/wins_srv.o \ -- lib/util_str.o lib/clobber.o lib/util_sid.o \ -+ lib/util_str.o lib/clobber.o lib/util_sid.o lib/util_specialsids.o \ - lib/util_unistr.o ../lib/util/charset/codepoints.o lib/util_file.o \ - lib/util.o lib/util_cmdline.o lib/util_names.o \ - lib/util_sock.o lib/sock_exec.o lib/util_sec.o \ -diff --git a/source3/include/proto.h b/source3/include/proto.h -index 7303e76..8cd162b 100644 ---- a/source3/include/proto.h -+++ b/source3/include/proto.h -@@ -1937,6 +1937,11 @@ bool sid_check_is_in_unix_groups(const struct dom_sid *sid); - const char *unix_groups_domain_name(void); - bool lookup_unix_group_name(const char *name, struct dom_sid *sid); - -+/* The following definitions come from lib/util_specialsids.c */ -+bool sid_check_is_asserted_identity(const struct dom_sid *sid); -+bool sid_check_is_in_asserted_identity(const struct dom_sid *sid); -+const char *asserted_identity_domain_name(void); -+ - /* The following definitions come from lib/filename_util.c */ - - NTSTATUS get_full_smb_filename(TALLOC_CTX *ctx, const struct smb_filename *smb_fname, -diff --git a/source3/lib/util_specialsids.c b/source3/lib/util_specialsids.c -new file mode 100644 -index 0000000..4c402d6 ---- /dev/null -+++ b/source3/lib/util_specialsids.c -@@ -0,0 +1,40 @@ -+/* -+ Unix SMB/CIFS implementation. -+ Copyright (C) Guenther Deschner 2016 -+ -+ This program is free software; you can redistribute it and/or modify -+ it under the terms of the GNU General Public License as published by -+ the Free Software Foundation; either version 3 of the License, or -+ (at your option) any later version. -+ -+ This program is distributed in the hope that it will be useful, -+ but WITHOUT ANY WARRANTY; without even the implied warranty of -+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -+ GNU General Public License for more details. -+ -+ You should have received a copy of the GNU General Public License -+ along with this program. If not, see http://www.gnu.org/licenses/. -+*/ -+ -+#include "includes.h" -+#include "../libcli/security/security.h" -+ -+bool sid_check_is_asserted_identity(const struct dom_sid *sid) -+{ -+ return dom_sid_equal(sid, &global_sid_Asserted_Identity); -+} -+ -+bool sid_check_is_in_asserted_identity(const struct dom_sid *sid) -+{ -+ struct dom_sid dom_sid; -+ -+ sid_copy(&dom_sid, sid); -+ sid_split_rid(&dom_sid, NULL); -+ -+ return sid_check_is_asserted_identity(&dom_sid); -+} -+ -+const char *asserted_identity_domain_name(void) -+{ -+ return "Asserted Identity"; -+} -diff --git a/source3/wscript_build b/source3/wscript_build -index 40935d1..ceccbb5 100755 ---- a/source3/wscript_build -+++ b/source3/wscript_build -@@ -74,6 +74,7 @@ LIB_SRC = ''' - lib/bitmap.c lib/dprintf.c - lib/wins_srv.c - lib/clobber.c lib/util_sid.c -+ lib/util_specialsids.c - lib/util_file.c - lib/util.c lib/util_cmdline.c lib/util_names.c - lib/util_sock.c lib/sock_exec.c lib/util_sec.c --- -2.5.0 - - -From bb5c28c8d45be8e26abe37e4873c4b1c59fff782 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?G=C3=BCnther=20Deschner?= gd@samba.org -Date: Fri, 15 Jan 2016 14:43:48 +0100 -Subject: [PATCH 3/3] s3-util: skip S-1-18 sids in token generaion in - sid_array_from_info3(). -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Bug: https://bugzilla.samba.org/show_bug.cgi?id=11677 - -Guenther - -Signed-off-by: Günther Deschner gd@samba.org ---- - source3/lib/util_sid.c | 5 +++++ - 1 file changed, 5 insertions(+) - -diff --git a/source3/lib/util_sid.c b/source3/lib/util_sid.c -index f051b7a..92fbc76 100644 ---- a/source3/lib/util_sid.c -+++ b/source3/lib/util_sid.c -@@ -190,6 +190,11 @@ NTSTATUS sid_array_from_info3(TALLOC_CTX *mem_ctx, - */ - - for (i = 0; i < info3->sidcount; i++) { -+ -+ if (sid_check_is_in_asserted_identity(info3->sids[i].sid)) { -+ continue; -+ } -+ - status = add_sid_to_array(mem_ctx, info3->sids[i].sid, - &sid_array, &num_sids); - if (!NT_STATUS_IS_OK(status)) { --- -2.5.0 - diff --git a/src/patches/samba/samba-3.6.99-bug-1117059.patch b/src/patches/samba/samba-3.6.99-bug-1117059.patch deleted file mode 100644 index 4941e664c..000000000 --- a/src/patches/samba/samba-3.6.99-bug-1117059.patch +++ /dev/null @@ -1,86 +0,0 @@ -From 7f0edd8c68cd20a136a33d692f32ee2ffc30db76 Mon Sep 17 00:00:00 2001 -From: Michael Adam obnox@samba.org -Date: Mon, 19 Jan 2015 13:51:55 +0100 -Subject: [PATCH] s3:winbind:grent: don't stop group enumeration when a group - has no gid - -simply continue with the next group - -Note: this patch introduces some code duplication to make it -easier to create minimal backport patch. Subsequent patches -will provide some refactoring to reduce the duplication. - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=8905 - -Signed-off-by: Michael Adam obnox@samba.org ---- - source3/winbindd/wb_next_grent.c | 51 +++++++++++++++++++++++++++++++++++++++- - 1 file changed, 50 insertions(+), 1 deletion(-) - -diff --git a/source3/winbindd/wb_next_grent.c b/source3/winbindd/wb_next_grent.c -index 2b3799a..f52d2d1 100644 ---- a/source3/winbindd/wb_next_grent.c -+++ b/source3/winbindd/wb_next_grent.c -@@ -168,9 +168,58 @@ static void wb_next_grent_getgrsid_done(struct tevent_req *subreq) - status = wb_getgrsid_recv(subreq, talloc_tos(), &domname, &name, - &state->gr->gr_gid, &state->members); - TALLOC_FREE(subreq); -- if (tevent_req_nterror(req, status)) { -+ -+ if (NT_STATUS_EQUAL(status, NT_STATUS_NONE_MAPPED)) { -+ state->gstate->next_group += 1; -+ -+ if (state->gstate->next_group >= state->gstate->num_groups) { -+ TALLOC_FREE(state->gstate->groups); -+ -+ if (state->gstate->domain == NULL) { -+ state->gstate->domain = domain_list(); -+ } else { -+ state->gstate->domain = state->gstate->domain->next; -+ } -+ -+ if ((state->gstate->domain != NULL) && -+ sid_check_is_domain(&state->gstate->domain->sid)) -+ { -+ state->gstate->domain = state->gstate->domain->next; -+ } -+ -+ if (state->gstate->domain == NULL) { -+ tevent_req_nterror(req, -+ NT_STATUS_NO_MORE_ENTRIES); -+ return; -+ } -+ -+ subreq = dcerpc_wbint_QueryGroupList_send( -+ state, state->ev, -+ dom_child_handle(state->gstate->domain), -+ &state->next_groups); -+ if (tevent_req_nomem(subreq, req)) { -+ return; -+ } -+ -+ tevent_req_set_callback(subreq, -+ wb_next_grent_fetch_done, req); -+ return; -+ } -+ -+ subreq = wb_getgrsid_send( -+ state, state->ev, -+ &state->gstate->groups[state->gstate->next_group].sid, -+ state->max_nesting); -+ if (tevent_req_nomem(subreq, req)) { -+ return; -+ } -+ tevent_req_set_callback(subreq, wb_next_grent_getgrsid_done, -+ req); -+ return; -+ } else if (tevent_req_nterror(req, status)) { - return; - } -+ - if (!fill_grent(talloc_tos(), state->gr, domname, name, - state->gr->gr_gid)) { - DEBUG(5, ("fill_grent failed\n")); --- -2.1.0 - diff --git a/src/patches/samba/samba-3.6.99-bug-1192211.patch b/src/patches/samba/samba-3.6.99-bug-1192211.patch deleted file mode 100644 index a14f73602..000000000 --- a/src/patches/samba/samba-3.6.99-bug-1192211.patch +++ /dev/null @@ -1,42 +0,0 @@ -From a5b116fe3107a56e1d881906e77d9731b0c6b2c2 Mon Sep 17 00:00:00 2001 -From: Michael Adam obnox@samba.org -Date: Sat, 1 Jun 2013 02:14:41 +0200 -Subject: [PATCH] shadow_copy2: implement disk_free - -Signed-off-by: Michael Adam obnox@samba.org ---- - source3/modules/vfs_shadow_copy2.c | 11 +++++++++++ - 1 file changed, 11 insertions(+) - -diff --git a/source3/modules/vfs_shadow_copy2.c b/source3/modules/vfs_shadow_copy2.c -index fedfb53..7fd4dd5 100644 ---- a/source3/modules/vfs_shadow_copy2.c -+++ b/source3/modules/vfs_shadow_copy2.c -@@ -944,6 +944,16 @@ static int shadow_copy2_get_shadow_copy2_data(vfs_handle_struct *handle, - return 0; - } - -+static uint64_t shadow_copy2_disk_free(vfs_handle_struct *handle, -+ const char *fname, bool small_query, -+ uint64_t *bsize, uint64_t *dfree, -+ uint64_t *dsize) -+{ -+ SHADOW2_NEXT(DISK_FREE, -+ (handle, name, small_query, bsize, dfree, dsize), -+ uint64_t, 0); -+} -+ - static struct vfs_fn_pointers vfs_shadow_copy2_fns = { - .opendir = shadow_copy2_opendir, - .mkdir = shadow_copy2_mkdir, -@@ -975,6 +985,7 @@ static struct vfs_fn_pointers vfs_shadow_copy2_fns = { - .get_nt_acl = shadow_copy2_get_nt_acl, - .chmod_acl = shadow_copy2_chmod_acl, - .get_shadow_copy_data = shadow_copy2_get_shadow_copy2_data, -+ .disk_free = shadow_copy2_disk_free, - }; - - NTSTATUS vfs_shadow_copy2_init(void); --- -2.1.0 - diff --git a/src/patches/samba/samba-3.6.99-doc_netbios_name_length_limit.patch b/src/patches/samba/samba-3.6.99-doc_netbios_name_length_limit.patch deleted file mode 100644 index 22330f128..000000000 --- a/src/patches/samba/samba-3.6.99-doc_netbios_name_length_limit.patch +++ /dev/null @@ -1,257 +0,0 @@ -From caea507e6b57a82e059803e307f87fd39affde9c Mon Sep 17 00:00:00 2001 -From: Andreas Schneider asn@samba.org -Date: Wed, 15 Jul 2015 13:22:40 +0200 -Subject: [PATCH] PATCHSET31: docs: Documents length limitations for NetBIOS - name - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=11401 - -Signed-off-by: Andreas Schneider asn@samba.org -Reviewed-by: Michael Adam obnox@samba.org - -Autobuild-User(master): Andreas Schneider asn@cryptomilk.org -Autobuild-Date(master): Wed Jul 15 19:35:48 CEST 2015 on sn-devel-104 ---- - docs-xml/smbdotconf/base/netbiosname.xml | 2 ++ - 1 file changed, 2 insertions(+) - -Index: samba-3.6.23/docs-xml/smbdotconf/base/netbiosname.xml -=================================================================== ---- samba-3.6.23.orig/docs-xml/smbdotconf/base/netbiosname.xml -+++ samba-3.6.23/docs-xml/smbdotconf/base/netbiosname.xml -@@ -9,6 +9,8 @@ - the hosts DNS name) will be the name that these services are advertised under. - </para> - -+ <para>Note that the maximum length for a NetBIOS name is 15 charactars.</para> -+ - <para> - There is a bug in Samba-3 that breaks operation of browsing and access to shares if the netbios name - is set to the literal name <literal>PIPE</literal>. To avoid this problem, do not name your Samba-3 -Index: samba-3.6.23/docs/manpages/smb.conf.5 -=================================================================== ---- samba-3.6.23.orig/docs/manpages/smb.conf.5 -+++ samba-3.6.23/docs/manpages/smb.conf.5 -@@ -1,13 +1,13 @@ - '" t - ." Title: smb.conf - ." Author: [see the "AUTHOR" section] --." Generator: DocBook XSL Stylesheets v1.76.1 http://docbook.sf.net/ --." Date: 09/18/2013 -+." Generator: DocBook XSL Stylesheets v1.78.1 http://docbook.sf.net/ -+." Date: 10/15/2015 - ." Manual: File Formats and Conventions - ." Source: Samba 3.6 - ." Language: English - ." --.TH "SMB&.CONF" "5" "09/18/2013" "Samba 3&.6" "File Formats and Conventions" -+.TH "SMB&.CONF" "5" "10/15/2015" "Samba 3&.6" "File Formats and Conventions" - ." ----------------------------------------------------------------- - ." * Define some portability stuff - ." ----------------------------------------------------------------- -@@ -1201,8 +1201,7 @@ add user to group script (G) - .PP - .RS 4 - Full path to the script that will be called when a user is added to a group using the Windows NT domain administration tools&. It will be run by --\fBsmbd\fR(8) --\fIAS ROOT\fR&. Any -+\fBsmbd\fR(8)\fIAS ROOT\fR&. Any - \fI%g\fR - will be replaced with the group name and any - \fI%u\fR -@@ -1563,8 +1562,7 @@ smbpasswd - will fail to connect in it*(Aqs default mode&. - smbpasswd - can be forced to use the primary IP interface of the local host by using its --\fBsmbpasswd\fR(8) --\fI-r \fR\fI\fIremote machine\fR\fR -+\fBsmbpasswd\fR(8)\fI-r \fR\fI\fIremote machine\fR\fR - parameter, with - \fIremote machine\fR - set to the IP name of the primary interface of the local host&. -@@ -1868,8 +1866,7 @@ and - \fIseal\fR - are only available if Samba has been compiled against a modern OpenLDAP version (2&.3&.x or higher)&. - .sp --This option is needed in the case of Domain Controllers enforcing the usage of signed LDAP connections (e&.g&. Windows 2000 SP3 or higher)&. LDAP sign and seal can be controlled with the registry key "HKLM\eSystem\eCurrentControlSet\eServices\e --NTDS\eParameters\eLDAPServerIntegrity" on the Windows server side&. -+This option is needed in the case of Domain Controllers enforcing the usage of signed LDAP connections (e&.g&. Windows 2000 SP3 or higher)&. LDAP sign and seal can be controlled with the registry key "HKLM\eSystem\eCurrentControlSet\eServices\eNTDS\eParameters\eLDAPServerIntegrity" on the Windows server side&. - .sp - Depending on the used KRB5 library (MIT and older Heimdal versions) it is possible that the message "integrity only" is not supported&. In this case, - \fIsign\fR -@@ -2513,8 +2510,7 @@ delete group script (G) - .PP - .RS 4 - This is the full pathname to a script that will be run --\fIAS ROOT\fR --\fBsmbd\fR(8) -+\fIAS ROOT\fR\fBsmbd\fR(8) - when a group is requested to be deleted&. It will expand any - \fI%g\fR - to the group name passed&. This script is only useful for installations using the Windows NT domain administration tools&. -@@ -2633,8 +2629,7 @@ delete user from group script (G) - .PP - .RS 4 - Full path to the script that will be called when a user is removed from a group using the Windows NT domain administration tools&. It will be run by --\fBsmbd\fR(8) --\fIAS ROOT\fR&. Any -+\fBsmbd\fR(8)\fIAS ROOT\fR&. Any - \fI%g\fR - will be replaced with the group name and any - \fI%u\fR -@@ -4895,8 +4890,7 @@ script&. - LDAP connections should be secured where possible&. This may be done setting - \fIeither\fR - this parameter to --\fIStart_tls\fR --\fIor\fR -+\fIStart_tls\fR\fIor\fR - by specifying - \fIldaps://\fR - in the URL argument of -@@ -4935,9 +4929,7 @@ Please note that this parameter does onl - \fIrpc\fR - methods&. To enable the LDAPv3 StartTLS extended operation (RFC2830) for - \fIads\fR, set --\m[blue]\fBldap ssl = yes\fR\m[] --\fIand\fR --\m[blue]\fBldap ssl ads = yes\fR\m[]&. See -+\m[blue]\fBldap ssl = yes\fR\m[]\fIand\fR\m[blue]\fBldap ssl ads = yes\fR\m[]&. See - smb&.conf(5) - for more information on - \m[blue]\fBldap ssl ads\fR\m[]&. -@@ -5100,8 +5092,7 @@ in elections for local master browser&. - Setting this value to - \fBno\fR - will cause --nmbd --\fInever\fR -+nmbd\fInever\fR - to become a local master browser&. - .sp - Default: -@@ -5463,7 +5454,6 @@ logon home (G) - .RS 4 - This parameter specifies the home directory location when a Win95/98 or NT Workstation logs into a Samba PDC&. It allows you to do - .sp -- - C:\e>\fBNET USE H: /HOME\fR - .sp - from a command prompt, for example&. -@@ -5472,7 +5462,6 @@ This option takes the standard substitut - .sp - This parameter can be used with Win9X workstations to ensure that roaming profiles are stored in a subdirectory of the user*(Aqs home directory&. This is done in the following way: - .sp -- - logon home = \e\e%N\e%U\eprofile - .sp - This tells Samba to return the above string, with substitutions made when a client requests the info, generally in a NetUserGetInfo request&. Win9X clients truncate the info to \e\eserver\eshare when a user does -@@ -6050,7 +6039,6 @@ The three settings are : - .sp -1 - .IP (bu 2.3 - .} -- - \fBYes\fR - - The read only DOS attribute is mapped to the inverse of the user or owner write bit in the unix permission mode set&. If the owner write bit is not set, the read only attribute is reported as being set on the file&. If the read only DOS attribute is set, Samba sets the owner, group and others write bits to zero&. Write bits set in an ACL are ignored by Samba&. If the read only DOS attribute is unset, Samba simply sets the write bit of the owner to one&. - .RE -@@ -6063,7 +6051,6 @@ The three settings are : - .sp -1 - .IP (bu 2.3 - .} -- - \fBPermissions\fR - - The read only DOS attribute is mapped to the effective permissions of the connecting user, as evaluated by - \fBsmbd\fR(8) -@@ -6078,7 +6065,6 @@ by reading the unix permissions and POSI - .sp -1 - .IP (bu 2.3 - .} -- - \fBNo\fR - - The read only DOS attribute is unaffected by permissions, and can only be set by the - \m[blue]\fBstore dos attributes\fR\m[] -@@ -6732,7 +6718,6 @@ The options are: "lmhosts", "host", "win - .sp -1 - .IP (bu 2.3 - .} -- - \fBlmhosts\fR - : Lookup an IP address in the Samba lmhosts file&. If the line in lmhosts has no name type attached to the NetBIOS name (see the manpage for lmhosts for details) then any name type matches for lookup&. - .RE -@@ -6745,7 +6730,6 @@ The options are: "lmhosts", "host", "win - .sp -1 - .IP (bu 2.3 - .} -- - \fBhost\fR - : Do a standard host name to IP address resolution, using the system - /etc/hosts, NIS, or DNS lookups&. This method of name resolution is operating system depended for instance on IRIX or Solaris this may be controlled by the -@@ -6833,6 +6817,8 @@ netbios name (G) - .RS 4 - This sets the NetBIOS name by which a Samba server is known&. By default it is the same as the first component of the host*(Aqs DNS name&. If a machine is a browse server or logon server this name (or the first component of the hosts DNS name) will be the name that these services are advertised under&. - .sp -+Note that the maximum length for a NetBIOS name is 15 charactars&. -+.sp - There is a bug in Samba-3 that breaks operation of browsing and access to shares if the netbios name is set to the literal name - PIPE&. To avoid this problem, do not name your Samba-3 server - PIPE&. -@@ -7639,7 +7625,6 @@ This option specifies a command to be ru - .sp - An interesting example is to send the users a welcome message every time they log in&. Maybe a message of the day? Here is an example: - .sp -- - preexec = csh -c *(Aqecho \e"Welcome to %S!\e" | /usr/local/samba/bin/smbclient -M %m -I %I*(Aq & - .sp - Of course, this could get annoying after a while :-) -@@ -8452,9 +8437,7 @@ rpc_server (G) - Defines what kind of rpc server to use for a named pipe&. The rpc_server prefix must be followed by the pipe name, and a value&. - .sp - Three possible values are currently supported: --embedded --daemon --external -+embeddeddaemonexternal - .sp - The classic method is to run every pipe as an internal function - \fIembedded\fR -@@ -8632,8 +8615,7 @@ security = share - server)&. Instead, the clients send authentication information (passwords) on a per-share basis, at the time they attempt to connect to that share&. - .sp - Note that --smbd --\fIALWAYS\fR -+smbd\fIALWAYS\fR - uses a valid UNIX user to act on behalf of the client, even in - security = share - level security&. -@@ -10177,8 +10159,6 @@ This parameter specifies the absolute pa - .sp - For example, a valid usershare directory might be /usr/local/samba/lib/usershares, set up as follows&. - .sp -- --.sp - .if n {\ - .RS 4 - .} -@@ -10650,10 +10630,10 @@ and - .sp -1 - .IP (bu 2.3 - .} --\fI<sfu | rfc2307 >\fR --- When Samba is running in security = ads and your Active Directory Domain Controller does support the Microsoft "Services for Unix" (SFU) LDAP schema, winbind can retrieve the login shell and the home directory attributes directly from your Directory Server&. Note that retrieving UID and GID from your ADS-Server requires to use -+\fI<sfu | sfu20 | rfc2307 >\fR -+- When Samba is running in security = ads and your Active Directory Domain Controller does support the Microsoft "Services for Unix" (SFU) LDAP schema, winbind can retrieve the login shell and the home directory attributes directly from your Directory Server&. For SFU 3&.0 or 3&.5 simply choose "sfu", if you use SFU 2&.0 please choose "sfu20"&. Note that retrieving UID and GID from your ADS-Server requires to use - \fIidmap config DOMAIN:backend\fR --= ad as well&. -+= ad as well&. The primary group membership is currently always calculated via the "primaryGroupID" LDAP attribute&. - .RE - .sp - .RE -@@ -11036,7 +11016,6 @@ special sections make life for an admini - This man page is correct for version 3 of the Samba suite&. - .SH "SEE ALSO" - .PP -- - \fBsamba\fR(7), - \fBsmbpasswd\fR(8), - \fBswat\fR(8), diff --git a/src/patches/samba/samba-3.6.99-fix_dirsort_ea-support.patch b/src/patches/samba/samba-3.6.99-fix_dirsort_ea-support.patch deleted file mode 100644 index 5683ae6d2..000000000 --- a/src/patches/samba/samba-3.6.99-fix_dirsort_ea-support.patch +++ /dev/null @@ -1,314 +0,0 @@ -From 252499c1513c45764d039af8732cd97b37c8c494 Mon Sep 17 00:00:00 2001 -From: Volker Lendecke vl@samba.org -Date: Thu, 9 Feb 2017 15:40:39 +0100 -Subject: [PATCH 1/3] smbd: Streamline get_ea_names_from_file - -Signed-off-by: Volker Lendecke vl@samba.org -Reviewed-by: Ralph Boehme slow@samba.org -Backported-by: Andreas Schneider asn@samba.org -Backported-from: 27daed8fcf95eed2df112dc1c30c3a40b5c9565b ---- - source3/smbd/trans2.c | 89 +++++++++++++++++++++++++++++---------------------- - 1 file changed, 51 insertions(+), 38 deletions(-) - -diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c -index 98fd2af..49cfe9f 100644 ---- a/source3/smbd/trans2.c -+++ b/source3/smbd/trans2.c -@@ -201,12 +201,14 @@ NTSTATUS get_ea_names_from_file(TALLOC_CTX *mem_ctx, connection_struct *conn, - files_struct *fsp, const char *fname, - char ***pnames, size_t *pnum_names) - { -+ char smallbuf[1024]; - /* Get a list of all xattrs. Max namesize is 64k. */ - size_t ea_namelist_size = 1024; -- char *ea_namelist = NULL; -+ char *ea_namelist = smallbuf; -+ char *to_free = NULL; - - char *p; -- char **names, **tmp; -+ char **names; - size_t num_names; - ssize_t sizeret = -1; - NTSTATUS status; -@@ -228,25 +230,24 @@ NTSTATUS get_ea_names_from_file(TALLOC_CTX *mem_ctx, connection_struct *conn, - return NT_STATUS_OK; - } - -- /* -- * TALLOC the result early to get the talloc hierarchy right. -- */ -- -- names = TALLOC_ARRAY(mem_ctx, char *, 1); -- if (names == NULL) { -- DEBUG(0, ("talloc failed\n")); -- return NT_STATUS_NO_MEMORY; -+ if (fsp && fsp->fh->fd != -1) { -+ sizeret = SMB_VFS_FLISTXATTR(fsp, ea_namelist, -+ ea_namelist_size); -+ } else { -+ sizeret = SMB_VFS_LISTXATTR(conn, -+ fname, -+ ea_namelist, -+ ea_namelist_size); - } - -- while (ea_namelist_size <= 65536) { -- -- ea_namelist = TALLOC_REALLOC_ARRAY( -- names, ea_namelist, char, ea_namelist_size); -+ if ((sizeret == -1) && (errno == ERANGE)) { -+ ea_namelist_size = 65536; -+ ea_namelist = TALLOC_ARRAY(mem_ctx, char, ea_namelist_size); - if (ea_namelist == NULL) { - DEBUG(0, ("talloc failed\n")); -- TALLOC_FREE(names); - return NT_STATUS_NO_MEMORY; - } -+ to_free = ea_namelist; - - if (fsp && fsp->fh->fd != -1) { - sizeret = SMB_VFS_FLISTXATTR(fsp, ea_namelist, -@@ -255,25 +256,18 @@ NTSTATUS get_ea_names_from_file(TALLOC_CTX *mem_ctx, connection_struct *conn, - sizeret = SMB_VFS_LISTXATTR(conn, fname, ea_namelist, - ea_namelist_size); - } -- -- if ((sizeret == -1) && (errno == ERANGE)) { -- ea_namelist_size *= 2; -- } -- else { -- break; -- } - } - - if (sizeret == -1) { -- TALLOC_FREE(names); -- return map_nt_error_from_unix(errno); -+ status = map_nt_error_from_unix(errno); -+ TALLOC_FREE(to_free); -+ return status; - } - -- DEBUG(10, ("get_ea_list_from_file: ea_namelist size = %u\n", -- (unsigned int)sizeret)); -+ DEBUG(10, ("ea_namelist size = %zd\n", sizeret)); - - if (sizeret == 0) { -- TALLOC_FREE(names); -+ TALLOC_FREE(to_free); - return NT_STATUS_OK; - } - -@@ -282,7 +276,7 @@ NTSTATUS get_ea_names_from_file(TALLOC_CTX *mem_ctx, connection_struct *conn, - */ - - if (ea_namelist[sizeret-1] != '\0') { -- TALLOC_FREE(names); -+ TALLOC_FREE(to_free); - return NT_STATUS_INTERNAL_ERROR; - } - -@@ -295,26 +289,45 @@ NTSTATUS get_ea_names_from_file(TALLOC_CTX *mem_ctx, connection_struct *conn, - num_names += 1; - } - -- tmp = TALLOC_REALLOC_ARRAY(mem_ctx, names, char *, num_names); -- if (tmp == NULL) { -+ *pnum_names = num_names; -+ -+ if (pnames == NULL) { -+ TALLOC_FREE(to_free); -+ return NT_STATUS_OK; -+ } -+ -+ names = TALLOC_ARRAY(mem_ctx, char *, num_names); -+ if (names == NULL) { - DEBUG(0, ("talloc failed\n")); -- TALLOC_FREE(names); -+ TALLOC_FREE(to_free); - return NT_STATUS_NO_MEMORY; - } - -- names = tmp; -+ if (ea_namelist == smallbuf) { -+ ea_namelist = talloc_memdup(names, smallbuf, sizeret); -+ if (ea_namelist == NULL) { -+ TALLOC_FREE(names); -+ return NT_STATUS_NO_MEMORY; -+ } -+ } else { -+ talloc_steal(names, ea_namelist); -+ -+ ea_namelist = talloc_realloc(names, ea_namelist, char, -+ sizeret); -+ if (ea_namelist == NULL) { -+ TALLOC_FREE(names); -+ return NT_STATUS_NO_MEMORY; -+ } -+ } -+ - num_names = 0; - - for (p = ea_namelist; p - ea_namelist < sizeret; p += strlen(p)+1) { - names[num_names++] = p; - } - -- if (pnames) { -- *pnames = names; -- } else { -- TALLOC_FREE(names); -- } -- *pnum_names = num_names; -+ *pnames = names; -+ - return NT_STATUS_OK; - } - --- -2.9.3 - - -From 17563ab22ad19b34e1d9a1d12b2594c4186718b6 Mon Sep 17 00:00:00 2001 -From: Volker Lendecke vl@samba.org -Date: Tue, 25 Oct 2016 12:28:12 +0200 -Subject: [PATCH 2/3] lib/util/charset: Optimize next_codepoint for the ascii - case - -Signed-off-by: Volker Lendecke vl@samba.org -Reviewed-by: Ralph Boehme slow@samba.org - -(cherry picked from commit 07d9a909ba6853fb0b96f6d86e4cf0d5d1b35b28) ---- - lib/util/charset/codepoints.c | 4 ++++ - 1 file changed, 4 insertions(+) - -diff --git a/lib/util/charset/codepoints.c b/lib/util/charset/codepoints.c -index 5ee95a8..7d157a3 100644 ---- a/lib/util/charset/codepoints.c -+++ b/lib/util/charset/codepoints.c -@@ -495,6 +495,10 @@ _PUBLIC_ codepoint_t next_codepoint_ext(const char *str, charset_t src_charset, - - _PUBLIC_ codepoint_t next_codepoint(const char *str, size_t *size) - { -+ if ((str[0] & 0x80) == 0) { -+ *size = 1; -+ return str[0]; -+ } - return next_codepoint_convenience(get_iconv_convenience(), str, size); - } - --- -2.9.3 - - -From ac8f6faa891fd282fb39ccb8e75a364bf97a5f2b Mon Sep 17 00:00:00 2001 -From: Andreas Schneider asn@samba.org -Date: Thu, 9 Feb 2017 15:05:01 +0100 -Subject: [PATCH 3/3] s3-vfs: Only walk the directory once in - open_and_sort_dir() - -On a slow filesystem or network filesystem this can make a huge -difference. - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=12571 - -Signed-off-by: Andreas Schneider asn@samba.org ---- - source3/modules/vfs_dirsort.c | 61 +++++++++++++++++++++++++++---------------- - 1 file changed, 38 insertions(+), 23 deletions(-) - -diff --git a/source3/modules/vfs_dirsort.c b/source3/modules/vfs_dirsort.c -index 698e96b..66582e6 100644 ---- a/source3/modules/vfs_dirsort.c -+++ b/source3/modules/vfs_dirsort.c -@@ -68,8 +68,10 @@ static bool get_sorted_dir_mtime(vfs_handle_struct *handle, - static bool open_and_sort_dir(vfs_handle_struct *handle, - struct dirsort_privates *data) - { -- unsigned int i = 0; -- unsigned int total_count = 0; -+ uint32_t total_count = 0; -+ /* This should be enough for most use cases */ -+ uint32_t dirent_allocated = 64; -+ SMB_STRUCT_DIRENT *dp; - - data->number_of_entries = 0; - -@@ -77,38 +79,51 @@ static bool open_and_sort_dir(vfs_handle_struct *handle, - return false; - } - -- while (SMB_VFS_NEXT_READDIR(handle, data->source_directory, NULL) -- != NULL) { -- total_count++; -- } -- -- if (total_count == 0) { -+ dp = SMB_VFS_NEXT_READDIR(handle, data->source_directory, NULL); -+ if (dp == NULL) { - return false; - } - -- /* Open the underlying directory and count the number of entries -- Skip back to the beginning as we'll read it again */ -- SMB_VFS_NEXT_REWINDDIR(handle, data->source_directory); -- - /* Set up an array and read the directory entries into it */ - TALLOC_FREE(data->directory_list); /* destroy previous cache if needed */ - data->directory_list = talloc_zero_array(data, - SMB_STRUCT_DIRENT, -- total_count); -- if (!data->directory_list) { -+ dirent_allocated); -+ if (data->directory_list == NULL) { - return false; - } -- for (i = 0; i < total_count; i++) { -- SMB_STRUCT_DIRENT *dp = SMB_VFS_NEXT_READDIR(handle, -- data->source_directory, -- NULL); -- if (dp == NULL) { -- break; -+ -+ do { -+ if (total_count >= dirent_allocated) { -+ struct dirent *dlist; -+ -+ /* -+ * Be memory friendly. -+ * -+ * We should not double the amount of memory. With a lot -+ * of files we reach easily 50MB, and doubling will -+ * get much bigger just for a few files more. -+ * -+ * For 200k files this means 50 memory reallocations. -+ */ -+ dirent_allocated += 4096; -+ -+ dlist = talloc_realloc(data, -+ data->directory_list, -+ SMB_STRUCT_DIRENT, -+ dirent_allocated); -+ if (dlist == NULL) { -+ break; -+ } -+ data->directory_list = dlist; - } -- data->directory_list[i] = *dp; -- } -+ data->directory_list[total_count] = *dp; -+ -+ total_count++; -+ dp = SMB_VFS_NEXT_READDIR(handle, data->source_directory, NULL); -+ } while (dp != NULL); - -- data->number_of_entries = i; -+ data->number_of_entries = total_count; - - /* Sort the directory entries by name */ - TYPESAFE_QSORT(data->directory_list, data->number_of_entries, compare_dirent); --- -2.9.3 - diff --git a/src/patches/samba/samba-3.6.99-fix_dropbox_share.patch b/src/patches/samba/samba-3.6.99-fix_dropbox_share.patch deleted file mode 100644 index 564ecb423..000000000 --- a/src/patches/samba/samba-3.6.99-fix_dropbox_share.patch +++ /dev/null @@ -1,271 +0,0 @@ -From 8f286450a223d002358f6dfe81b770fee86c3c85 Mon Sep 17 00:00:00 2001 -From: Volker Lendecke vl@samba.org -Date: Tue, 3 Dec 2013 13:20:17 +0100 -Subject: [PATCH 1/3] PATCHSET15: smbd: Fix regression for the dropbox case. - -We need to allow to save a file to a directory with perm -wx. - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=10297 - -Signed-off-by: Volker Lendecke vl@samba.org -Reviewed-by: Jeremy Allison jra@samba.org -Reviewed-by: Andreas Schneider asn@samba.org -(cherry picked from commit 5b49fe24c906cbae12beff7a1b45de6809258cab) ---- - source3/smbd/filename.c | 10 +++++----- - 1 file changed, 5 insertions(+), 5 deletions(-) - -diff --git a/source3/smbd/filename.c b/source3/smbd/filename.c -index 8ef0c0a..ca19369 100644 ---- a/source3/smbd/filename.c -+++ b/source3/smbd/filename.c -@@ -716,7 +716,10 @@ NTSTATUS unix_convert(TALLOC_CTX *ctx, - * here. - */ - if (errno == EACCES) { -- if (ucf_flags & UCF_CREATING_FILE) { -+ if ((ucf_flags & UCF_CREATING_FILE) == 0) { -+ status = NT_STATUS_ACCESS_DENIED; -+ goto fail; -+ } else { - /* - * This is the dropbox - * behaviour. A dropbox is a -@@ -728,11 +731,8 @@ NTSTATUS unix_convert(TALLOC_CTX *ctx, - * nevertheless want to allow - * users creating a file. - */ -- status = NT_STATUS_OBJECT_PATH_NOT_FOUND; -- } else { -- status = NT_STATUS_ACCESS_DENIED; -+ errno = 0; - } -- goto fail; - } - - if ((errno != 0) && (errno != ENOENT)) { --- -1.9.3 - - -From 38674e8f208a7e8f2ead72266292f30b7ea33c87 Mon Sep 17 00:00:00 2001 -From: Jeremy Allison jra@samba.org -Date: Tue, 3 Dec 2013 10:19:09 -0800 -Subject: [PATCH 2/3] PATCHSET15: smbd: change flag name from UCF_CREATING_FILE - to UCF_PREP_CREATEFILE - -In preparation to using it for all open calls. - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=10297 - -Signed-off-by: Jeremy Allison jra@samba.org -Reviewed-by: Volker Lendecke vl@samba.org -(cherry picked from commit 874318a97868e08837a1febb1be8e8a167b5ae0f) ---- - source3/include/smb.h | 2 +- - source3/smbd/filename.c | 2 +- - source3/smbd/nttrans.c | 4 ++-- - source3/smbd/reply.c | 10 +++++----- - source3/smbd/smb2_create.c | 2 +- - 5 files changed, 10 insertions(+), 10 deletions(-) - -diff --git a/source3/include/smb.h b/source3/include/smb.h -index 2d04373..559e061 100644 ---- a/source3/include/smb.h -+++ b/source3/include/smb.h -@@ -1716,7 +1716,7 @@ struct smb_file_time { - #define UCF_COND_ALLOW_WCARD_LCOMP 0x00000004 - #define UCF_POSIX_PATHNAMES 0x00000008 - #define UCF_UNIX_NAME_LOOKUP 0x00000010 --#define UCF_CREATING_FILE 0x00000020 -+#define UCF_PREP_CREATEFILE 0x00000020 - - /* - * smb_filename -diff --git a/source3/smbd/filename.c b/source3/smbd/filename.c -index ca19369..2e68e52 100644 ---- a/source3/smbd/filename.c -+++ b/source3/smbd/filename.c -@@ -716,7 +716,7 @@ NTSTATUS unix_convert(TALLOC_CTX *ctx, - * here. - */ - if (errno == EACCES) { -- if ((ucf_flags & UCF_CREATING_FILE) == 0) { -+ if ((ucf_flags & UCF_PREP_CREATEFILE) == 0) { - status = NT_STATUS_ACCESS_DENIED; - goto fail; - } else { -diff --git a/source3/smbd/nttrans.c b/source3/smbd/nttrans.c -index 4c145e0..f5da720 100644 ---- a/source3/smbd/nttrans.c -+++ b/source3/smbd/nttrans.c -@@ -537,7 +537,7 @@ void reply_ntcreate_and_X(struct smb_request *req) - req->flags2 & FLAGS2_DFS_PATHNAMES, - fname, - (create_disposition == FILE_CREATE) -- ? UCF_CREATING_FILE : 0, -+ ? UCF_PREP_CREATEFILE : 0, - NULL, - &smb_fname); - -@@ -1167,7 +1167,7 @@ static void call_nt_transact_create(connection_struct *conn, - req->flags2 & FLAGS2_DFS_PATHNAMES, - fname, - (create_disposition == FILE_CREATE) -- ? UCF_CREATING_FILE : 0, -+ ? UCF_PREP_CREATEFILE : 0, - NULL, - &smb_fname); - -diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c -index 0585a6e..8478031 100644 ---- a/source3/smbd/reply.c -+++ b/source3/smbd/reply.c -@@ -1761,7 +1761,7 @@ void reply_open(struct smb_request *req) - req->flags2 & FLAGS2_DFS_PATHNAMES, - fname, - (create_disposition == FILE_CREATE) -- ? UCF_CREATING_FILE : 0, -+ ? UCF_PREP_CREATEFILE : 0, - NULL, - &smb_fname); - if (!NT_STATUS_IS_OK(status)) { -@@ -1939,7 +1939,7 @@ void reply_open_and_X(struct smb_request *req) - req->flags2 & FLAGS2_DFS_PATHNAMES, - fname, - (create_disposition == FILE_CREATE) -- ? UCF_CREATING_FILE : 0, -+ ? UCF_PREP_CREATEFILE : 0, - NULL, - &smb_fname); - if (!NT_STATUS_IS_OK(status)) { -@@ -2147,7 +2147,7 @@ void reply_mknew(struct smb_request *req) - conn, - req->flags2 & FLAGS2_DFS_PATHNAMES, - fname, -- UCF_CREATING_FILE, -+ UCF_PREP_CREATEFILE, - NULL, - &smb_fname); - if (!NT_STATUS_IS_OK(status)) { -@@ -2288,7 +2288,7 @@ void reply_ctemp(struct smb_request *req) - status = filename_convert(ctx, conn, - req->flags2 & FLAGS2_DFS_PATHNAMES, - fname, -- UCF_CREATING_FILE, -+ UCF_PREP_CREATEFILE, - NULL, - &smb_fname); - if (!NT_STATUS_IS_OK(status)) { -@@ -5541,7 +5541,7 @@ void reply_mkdir(struct smb_request *req) - status = filename_convert(ctx, conn, - req->flags2 & FLAGS2_DFS_PATHNAMES, - directory, -- UCF_CREATING_FILE, -+ UCF_PREP_CREATEFILE, - NULL, - &smb_dname); - if (!NT_STATUS_IS_OK(status)) { -diff --git a/source3/smbd/smb2_create.c b/source3/smbd/smb2_create.c -index 0862990..cd15852 100644 ---- a/source3/smbd/smb2_create.c -+++ b/source3/smbd/smb2_create.c -@@ -695,7 +695,7 @@ static struct tevent_req *smbd_smb2_create_send(TALLOC_CTX *mem_ctx, - smb1req->flags2 & FLAGS2_DFS_PATHNAMES, - fname, - (in_create_disposition == FILE_CREATE) ? -- UCF_CREATING_FILE : 0, -+ UCF_PREP_CREATEFILE : 0, - NULL, - &smb_fname); - if (!NT_STATUS_IS_OK(status)) { --- -1.9.3 - - -From d3fb56a7239ef4173ff13f2fec2beb44402dee6b Mon Sep 17 00:00:00 2001 -From: Jeremy Allison jra@samba.org -Date: Tue, 3 Dec 2013 10:21:16 -0800 -Subject: [PATCH 3/3] PATCHSET15: smbd: Always use UCF_PREP_CREATEFILE for - filename_convert calls to resolve a path for open. - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=10297 - -Signed-off-by: Jeremy Allison jra@samba.org -Reviewed-by: Volker Lendecke vl@samba.org - -Autobuild-User(master): Jeremy Allison jra@samba.org -Autobuild-Date(master): Mon Dec 9 21:02:21 CET 2013 on sn-devel-104 - -(cherry picked from commit f98d10af2a05f0261611f4cabdfe274cd9fe91c0) ---- - source3/smbd/nttrans.c | 6 ++---- - source3/smbd/reply.c | 6 ++---- - source3/smbd/smb2_create.c | 3 +-- - 3 files changed, 5 insertions(+), 10 deletions(-) - -diff --git a/source3/smbd/nttrans.c b/source3/smbd/nttrans.c -index f5da720..f7d9b9d 100644 ---- a/source3/smbd/nttrans.c -+++ b/source3/smbd/nttrans.c -@@ -536,8 +536,7 @@ void reply_ntcreate_and_X(struct smb_request *req) - conn, - req->flags2 & FLAGS2_DFS_PATHNAMES, - fname, -- (create_disposition == FILE_CREATE) -- ? UCF_PREP_CREATEFILE : 0, -+ UCF_PREP_CREATEFILE, - NULL, - &smb_fname); - -@@ -1166,8 +1165,7 @@ static void call_nt_transact_create(connection_struct *conn, - conn, - req->flags2 & FLAGS2_DFS_PATHNAMES, - fname, -- (create_disposition == FILE_CREATE) -- ? UCF_PREP_CREATEFILE : 0, -+ UCF_PREP_CREATEFILE, - NULL, - &smb_fname); - -diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c -index 8478031..1583c23 100644 ---- a/source3/smbd/reply.c -+++ b/source3/smbd/reply.c -@@ -1760,8 +1760,7 @@ void reply_open(struct smb_request *req) - conn, - req->flags2 & FLAGS2_DFS_PATHNAMES, - fname, -- (create_disposition == FILE_CREATE) -- ? UCF_PREP_CREATEFILE : 0, -+ UCF_PREP_CREATEFILE, - NULL, - &smb_fname); - if (!NT_STATUS_IS_OK(status)) { -@@ -1938,8 +1937,7 @@ void reply_open_and_X(struct smb_request *req) - conn, - req->flags2 & FLAGS2_DFS_PATHNAMES, - fname, -- (create_disposition == FILE_CREATE) -- ? UCF_PREP_CREATEFILE : 0, -+ UCF_PREP_CREATEFILE, - NULL, - &smb_fname); - if (!NT_STATUS_IS_OK(status)) { -diff --git a/source3/smbd/smb2_create.c b/source3/smbd/smb2_create.c -index cd15852..d0cda33 100644 ---- a/source3/smbd/smb2_create.c -+++ b/source3/smbd/smb2_create.c -@@ -694,8 +694,7 @@ static struct tevent_req *smbd_smb2_create_send(TALLOC_CTX *mem_ctx, - smb1req->conn, - smb1req->flags2 & FLAGS2_DFS_PATHNAMES, - fname, -- (in_create_disposition == FILE_CREATE) ? -- UCF_PREP_CREATEFILE : 0, -+ UCF_PREP_CREATEFILE, - NULL, - &smb_fname); - if (!NT_STATUS_IS_OK(status)) { --- -1.9.3 - diff --git a/src/patches/samba/samba-3.6.99-fix_force_group.patch b/src/patches/samba/samba-3.6.99-fix_force_group.patch deleted file mode 100644 index 2d4bb9557..000000000 --- a/src/patches/samba/samba-3.6.99-fix_force_group.patch +++ /dev/null @@ -1,68 +0,0 @@ -From a502759e2e20e8001355b26d1e974a7116d78b92 Mon Sep 17 00:00:00 2001 -From: Justin Maggard jmaggard@netgear.com -Date: Tue, 21 Jul 2015 15:17:30 -0700 -Subject: [PATCH] PATCHSET27: s3-passdb: Respect LOOKUP_NAME_GROUP flag in sid - lookup. - -Somewhere along the line, a config line like "valid users = @foo" -broke when "foo" also exists as a user. - -user_ok_token() already does the right thing by adding the LOOKUP_NAME_GROUP -flag; but lookup_name() was not respecting that flag, and went ahead and looked -for users anyway. - -Regression test to follow. - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=11320 - -Signed-off-by: Justin Maggard jmaggard@netgear.com -Reviewed-by: Jeremy Allison jra@samba.org -Reviewed-by: Marc Muehlfeld mmuehlfeld@samba.org - -Autobuild-User(master): Jeremy Allison jra@samba.org -Autobuild-Date(master): Tue Jul 28 21:35:58 CEST 2015 on sn-devel-104 - -(cherry picked from commit dc99d451bf23668d73878847219682fced547622) ---- - source3/passdb/lookup_sid.c | 4 ++-- - source3/passdb/lookup_sid.h | 2 +- - 2 files changed, 3 insertions(+), 3 deletions(-) - -diff --git a/source3/passdb/lookup_sid.c b/source3/passdb/lookup_sid.c -index dcc2911..18d0e37 100644 ---- a/source3/passdb/lookup_sid.c -+++ b/source3/passdb/lookup_sid.c -@@ -119,7 +119,7 @@ bool lookup_name(TALLOC_CTX *mem_ctx, - goto ok; - } - -- if (((flags & LOOKUP_NAME_NO_NSS) == 0) -+ if (((flags & (LOOKUP_NAME_NO_NSS|LOOKUP_NAME_GROUP)) == 0) - && strequal(domain, unix_users_domain_name())) { - if (lookup_unix_user_name(name, &sid)) { - type = SID_NAME_USER; -@@ -292,7 +292,7 @@ bool lookup_name(TALLOC_CTX *mem_ctx, - /* 11. Ok, windows would end here. Samba has two more options: - Unmapped users and unmapped groups */ - -- if (((flags & LOOKUP_NAME_NO_NSS) == 0) -+ if (((flags & (LOOKUP_NAME_NO_NSS|LOOKUP_NAME_GROUP)) == 0) - && lookup_unix_user_name(name, &sid)) { - domain = talloc_strdup(tmp_ctx, unix_users_domain_name()); - type = SID_NAME_USER; -diff --git a/source3/passdb/lookup_sid.h b/source3/passdb/lookup_sid.h -index b2f5cf5..4b26e0a 100644 ---- a/source3/passdb/lookup_sid.h -+++ b/source3/passdb/lookup_sid.h -@@ -29,7 +29,7 @@ - #define LOOKUP_NAME_NONE 0x00000000 - #define LOOKUP_NAME_ISOLATED 0x00000001 /* Look up unqualified names */ - #define LOOKUP_NAME_REMOTE 0x00000002 /* Ask others */ --#define LOOKUP_NAME_GROUP 0x00000004 /* (unused) This is a NASTY hack for -+#define LOOKUP_NAME_GROUP 0x00000004 /* This is a NASTY hack for - valid users = @foo where foo also - exists in as user. */ - #define LOOKUP_NAME_NO_NSS 0x00000008 /* no NSS calls to avoid --- -2.5.0 - diff --git a/src/patches/samba/samba-3.6.99-fix_force_user_winbind_default_domain.patch b/src/patches/samba/samba-3.6.99-fix_force_user_winbind_default_domain.patch deleted file mode 100644 index 6552e1a0d..000000000 --- a/src/patches/samba/samba-3.6.99-fix_force_user_winbind_default_domain.patch +++ /dev/null @@ -1,58 +0,0 @@ -From 4d187b353d77761d40b04b8451f7ebe11fc8fab8 Mon Sep 17 00:00:00 2001 -From: Andreas Schneider asn@samba.org -Date: Tue, 31 Mar 2015 18:15:51 +0200 -Subject: [PATCH] PATCHSET24: s3-passdb: Fix 'force user' with winbind default - domain - -If we set 'winbind use default domain' and specify 'force user = user' -without a domain name we fail to log in. In this case we need to try a -lookup with the domain name. - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=11185 - -Signed-off-by: Andreas Schneider asn@samba.org -Reviewed-by: Jeremy Allison jra@samba.org - -(cherry picked from commit cd4442c7ac93e165862c9195a7c345472646aa59) ---- - source3/passdb/lookup_sid.c | 24 ++++++++++++++++++++++++ - 1 file changed, 24 insertions(+) - -diff --git a/source3/passdb/lookup_sid.c b/source3/passdb/lookup_sid.c -index 64a181e..dcc2911 100644 ---- a/source3/passdb/lookup_sid.c -+++ b/source3/passdb/lookup_sid.c -@@ -391,6 +391,30 @@ bool lookup_name_smbconf(TALLOC_CTX *mem_ctx, - ret_sid, ret_type); - } - -+ /* Try with winbind default domain name. */ -+ if (lp_winbind_use_default_domain()) { -+ bool ok; -+ -+ qualified_name = talloc_asprintf(mem_ctx, -+ "%s\%s", -+ lp_workgroup(), -+ full_name); -+ if (qualified_name == NULL) { -+ return false; -+ } -+ -+ ok = lookup_name(mem_ctx, -+ qualified_name, -+ flags, -+ ret_domain, -+ ret_name, -+ ret_sid, -+ ret_type); -+ if (ok) { -+ return true; -+ } -+ } -+ - /* Try with our own SAM name. */ - qualified_name = talloc_asprintf(mem_ctx, "%s\%s", - get_global_sam_name(), --- -2.1.0 - diff --git a/src/patches/samba/samba-3.6.99-fix_force_user_with_security_ads.patch b/src/patches/samba/samba-3.6.99-fix_force_user_with_security_ads.patch deleted file mode 100644 index cd732b04b..000000000 --- a/src/patches/samba/samba-3.6.99-fix_force_user_with_security_ads.patch +++ /dev/null @@ -1,1292 +0,0 @@ -From 77942b3569d379a097b2f7c58203d0379fd80ddc Mon Sep 17 00:00:00 2001 -From: Andreas Schneider asn@samba.org -Date: Mon, 16 Dec 2013 12:57:20 +0100 -Subject: [PATCH 1/6] s3-lib: Add winbind_lookup_usersids(). - -Pair-Programmed-With: Guenther Deschner gd@samba.org -Signed-off-by: Guenther Deschner gd@samba.org -Signed-off-by: Andreas Schneider asn@samba.org -Reviewed-by: Andrew Bartlett abartlet@samba.org ---- - source3/lib/winbind_util.c | 34 ++++++++++++++++++++++++++++++++++ - source3/lib/winbind_util.h | 4 ++++ - 2 files changed, 38 insertions(+) - -diff --git a/source3/lib/winbind_util.c b/source3/lib/winbind_util.c -index f30bcfc..758fe73 100644 ---- a/source3/lib/winbind_util.c -+++ b/source3/lib/winbind_util.c -@@ -342,6 +342,40 @@ bool winbind_get_sid_aliases(TALLOC_CTX *mem_ctx, - return true; - } - -+bool winbind_lookup_usersids(TALLOC_CTX *mem_ctx, -+ const struct dom_sid *user_sid, -+ uint32_t *p_num_sids, -+ struct dom_sid **p_sids) -+{ -+ wbcErr ret; -+ struct wbcDomainSid dom_sid; -+ struct wbcDomainSid *sid_list = NULL; -+ uint32_t num_sids; -+ -+ memcpy(&dom_sid, user_sid, sizeof(dom_sid)); -+ -+ ret = wbcLookupUserSids(&dom_sid, -+ false, -+ &num_sids, -+ &sid_list); -+ if (ret != WBC_ERR_SUCCESS) { -+ return false; -+ } -+ -+ *p_sids = talloc_array(mem_ctx, struct dom_sid, num_sids); -+ if (*p_sids == NULL) { -+ wbcFreeMemory(sid_list); -+ return false; -+ } -+ -+ memcpy(*p_sids, sid_list, sizeof(dom_sid) * num_sids); -+ -+ *p_num_sids = num_sids; -+ wbcFreeMemory(sid_list); -+ -+ return true; -+} -+ - #else /* WITH_WINBIND */ - - struct passwd * winbind_getpwnam(const char * name) -diff --git a/source3/lib/winbind_util.h b/source3/lib/winbind_util.h -index 541bb95..abbc5a9 100644 ---- a/source3/lib/winbind_util.h -+++ b/source3/lib/winbind_util.h -@@ -58,5 +58,9 @@ bool winbind_get_sid_aliases(TALLOC_CTX *mem_ctx, - size_t num_members, - uint32_t **pp_alias_rids, - size_t *p_num_alias_rids); -+bool winbind_lookup_usersids(TALLOC_CTX *mem_ctx, -+ const struct dom_sid *user_sid, -+ uint32_t *p_num_sids, -+ struct dom_sid **p_sids); - - #endif /* __LIB__WINBIND_UTIL_H__ */ --- -1.8.5.3 - - -From a776571e344110b89340f5008bed869763aa4dff Mon Sep 17 00:00:00 2001 -From: Andreas Schneider asn@samba.org -Date: Fri, 13 Dec 2013 19:08:34 +0100 -Subject: [PATCH 2/6] s3-auth: Add passwd_to_SamInfo3(). - -First this function tries to contacts winbind if the user is a domain -user to get valid information about it. If winbind isn't running it will -try to create everything from the passwd struct. This is not always -reliable but works in most cases. It improves the current situation -which doesn't talk to winbind at all. - -Pair-Programmed-With: Guenther Deschner gd@samba.org -Signed-off-by: Guenther Deschner gd@samba.org -Signed-off-by: Andreas Schneider asn@samba.org -Reviewed-by: Andrew Bartlett abartlet@samba.org ---- - source3/auth/proto.h | 4 ++ - source3/auth/server_info.c | 116 +++++++++++++++++++++++++++++++++++++++++++++ - 2 files changed, 120 insertions(+) - -diff --git a/source3/auth/proto.h b/source3/auth/proto.h -index 3d1fa06..c5a9647 100644 ---- a/source3/auth/proto.h -+++ b/source3/auth/proto.h -@@ -225,6 +225,10 @@ NTSTATUS samu_to_SamInfo3(TALLOC_CTX *mem_ctx, - const char *login_server, - struct netr_SamInfo3 **_info3, - struct extra_auth_info *extra); -+NTSTATUS passwd_to_SamInfo3(TALLOC_CTX *mem_ctx, -+ const char *unix_username, -+ const struct passwd *pwd, -+ struct netr_SamInfo3 **pinfo3); - struct netr_SamInfo3 *copy_netr_SamInfo3(TALLOC_CTX *mem_ctx, - struct netr_SamInfo3 *orig); - struct netr_SamInfo3 *wbcAuthUserInfo_to_netr_SamInfo3(TALLOC_CTX *mem_ctx, -diff --git a/source3/auth/server_info.c b/source3/auth/server_info.c -index 90b3ed6..32ffd3a 100644 ---- a/source3/auth/server_info.c -+++ b/source3/auth/server_info.c -@@ -24,6 +24,7 @@ - #include "../libcli/security/security.h" - #include "rpc_client/util_netlogon.h" - #include "nsswitch/libwbclient/wbclient.h" -+#include "lib/winbind_util.h" - #include "passdb.h" - - #undef DBGC_CLASS -@@ -476,6 +477,121 @@ NTSTATUS samu_to_SamInfo3(TALLOC_CTX *mem_ctx, - return NT_STATUS_OK; - } - -+NTSTATUS passwd_to_SamInfo3(TALLOC_CTX *mem_ctx, -+ const char *unix_username, -+ const struct passwd *pwd, -+ struct netr_SamInfo3 **pinfo3) -+{ -+ struct netr_SamInfo3 *info3; -+ NTSTATUS status; -+ TALLOC_CTX *tmp_ctx; -+ const char *domain_name = NULL; -+ const char *user_name = NULL; -+ struct dom_sid domain_sid; -+ struct dom_sid user_sid; -+ struct dom_sid group_sid; -+ enum lsa_SidType type; -+ uint32_t num_sids = 0; -+ struct dom_sid *user_sids = NULL; -+ bool ok; -+ -+ tmp_ctx = talloc_stackframe(); -+ -+ ok = lookup_name_smbconf(tmp_ctx, -+ unix_username, -+ LOOKUP_NAME_ALL, -+ &domain_name, -+ &user_name, -+ &user_sid, -+ &type); -+ if (!ok) { -+ status = NT_STATUS_NO_SUCH_USER; -+ goto done; -+ } -+ -+ if (type != SID_NAME_USER) { -+ status = NT_STATUS_NO_SUCH_USER; -+ goto done; -+ } -+ -+ ok = winbind_lookup_usersids(tmp_ctx, -+ &user_sid, -+ &num_sids, -+ &user_sids); -+ /* Check if winbind is running */ -+ if (ok) { -+ /* -+ * Winbind is running and the first element of the user_sids -+ * is the primary group. -+ */ -+ if (num_sids > 0) { -+ group_sid = user_sids[0]; -+ } -+ } else { -+ /* -+ * Winbind is not running, create the group_sid from the -+ * group id. -+ */ -+ gid_to_sid(&group_sid, pwd->pw_gid); -+ } -+ -+ /* Make sure we have a valid group sid */ -+ ok = !is_null_sid(&group_sid); -+ if (!ok) { -+ status = NT_STATUS_NO_SUCH_USER; -+ goto done; -+ } -+ -+ /* Construct a netr_SamInfo3 from the information we have */ -+ info3 = talloc_zero(tmp_ctx, struct netr_SamInfo3); -+ if (!info3) { -+ status = NT_STATUS_NO_MEMORY; -+ goto done; -+ } -+ -+ info3->base.account_name.string = talloc_strdup(info3, unix_username); -+ if (info3->base.account_name.string == NULL) { -+ status = NT_STATUS_NO_MEMORY; -+ goto done; -+ } -+ -+ ZERO_STRUCT(domain_sid); -+ -+ sid_copy(&domain_sid, &user_sid); -+ sid_split_rid(&domain_sid, &info3->base.rid); -+ info3->base.domain_sid = dom_sid_dup(info3, &domain_sid); -+ -+ ok = sid_peek_check_rid(&domain_sid, &group_sid, -+ &info3->base.primary_gid); -+ if (!ok) { -+ DEBUG(1, ("The primary group domain sid(%s) does not " -+ "match the domain sid(%s) for %s(%s)\n", -+ sid_string_dbg(&group_sid), -+ sid_string_dbg(&domain_sid), -+ unix_username, -+ sid_string_dbg(&user_sid))); -+ status = NT_STATUS_INVALID_SID; -+ goto done; -+ } -+ -+ info3->base.acct_flags = ACB_NORMAL; -+ -+ if (num_sids) { -+ status = group_sids_to_info3(info3, user_sids, num_sids); -+ if (!NT_STATUS_IS_OK(status)) { -+ goto done; -+ } -+ } -+ -+ *pinfo3 = talloc_steal(mem_ctx, info3); -+ -+ status = NT_STATUS_OK; -+done: -+ talloc_free(tmp_ctx); -+ -+ return status; -+} -+ - #undef RET_NOMEM - - #define RET_NOMEM(ptr) do { \ --- -1.8.5.3 - - -From de5914820e7e8665036411061911a9a5ed06a673 Mon Sep 17 00:00:00 2001 -From: Andreas Schneider asn@samba.org -Date: Fri, 13 Dec 2013 19:11:01 +0100 -Subject: [PATCH 3/6] s3-auth: Pass talloc context to make_server_info_pw(). - -Pair-Programmed-With: Guenther Deschner gd@samba.org -Signed-off-by: Guenther Deschner gd@samba.org -Signed-off-by: Andreas Schneider asn@samba.org -Reviewed-by: Andrew Bartlett abartlet@samba.org ---- - source3/auth/auth_server.c | 5 ++++- - source3/auth/auth_unix.c | 7 +++++-- - source3/auth/auth_util.c | 51 ++++++++++++++++++++++++++-------------------- - source3/auth/proto.h | 9 ++++---- - source3/auth/user_krb5.c | 2 +- - 5 files changed, 44 insertions(+), 30 deletions(-) - -diff --git a/source3/auth/auth_server.c b/source3/auth/auth_server.c -index fdd7671..969caad 100644 ---- a/source3/auth/auth_server.c -+++ b/source3/auth/auth_server.c -@@ -448,7 +448,10 @@ use this machine as the password server.\n")); - if ( (pass = smb_getpwnam(talloc_tos(), user_info->mapped.account_name, - &real_username, True )) != NULL ) - { -- nt_status = make_server_info_pw(server_info, pass->pw_name, pass); -+ nt_status = make_server_info_pw(mem_ctx, -+ pass->pw_name, -+ pass, -+ server_info); - TALLOC_FREE(pass); - TALLOC_FREE(real_username); - } -diff --git a/source3/auth/auth_unix.c b/source3/auth/auth_unix.c -index 086c39e..d6ef547 100644 ---- a/source3/auth/auth_unix.c -+++ b/source3/auth/auth_unix.c -@@ -56,8 +56,11 @@ static NTSTATUS check_unix_security(const struct auth_context *auth_context, - unbecome_root(); - - if (NT_STATUS_IS_OK(nt_status)) { -- if (pass) { -- make_server_info_pw(server_info, pass->pw_name, pass); -+ if (pass != NULL) { -+ nt_status = make_server_info_pw(mem_ctx, -+ pass->pw_name, -+ pass, -+ server_info); - } else { - /* we need to do somthing more useful here */ - nt_status = NT_STATUS_NO_SUCH_USER; -diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c -index 288f461..3aa229d 100644 ---- a/source3/auth/auth_util.c -+++ b/source3/auth/auth_util.c -@@ -555,14 +555,15 @@ NTSTATUS create_local_token(struct auth_serversupplied_info *server_info) - to a struct samu - ***************************************************************************/ - --NTSTATUS make_server_info_pw(struct auth_serversupplied_info **server_info, -- char *unix_username, -- struct passwd *pwd) -+NTSTATUS make_server_info_pw(TALLOC_CTX *mem_ctx, -+ const char *unix_username, -+ const struct passwd *pwd, -+ struct auth_serversupplied_info **server_info) - { - NTSTATUS status; - struct samu *sampass = NULL; - char *qualified_name = NULL; -- TALLOC_CTX *mem_ctx = NULL; -+ TALLOC_CTX *tmp_ctx; - struct dom_sid u_sid; - enum lsa_SidType type; - struct auth_serversupplied_info *result; -@@ -580,27 +581,27 @@ NTSTATUS make_server_info_pw(struct auth_serversupplied_info **server_info, - * plaintext passwords were used with no SAM backend. - */ - -- mem_ctx = talloc_init("make_server_info_pw_tmp"); -- if (!mem_ctx) { -+ tmp_ctx = talloc_stackframe(); -+ if (tmp_ctx == NULL) { - return NT_STATUS_NO_MEMORY; - } - -- qualified_name = talloc_asprintf(mem_ctx, "%s\%s", -+ qualified_name = talloc_asprintf(tmp_ctx, "%s\%s", - unix_users_domain_name(), - unix_username ); - if (!qualified_name) { -- TALLOC_FREE(mem_ctx); -+ TALLOC_FREE(tmp_ctx); - return NT_STATUS_NO_MEMORY; - } - -- if (!lookup_name(mem_ctx, qualified_name, LOOKUP_NAME_ALL, -+ if (!lookup_name(tmp_ctx, qualified_name, LOOKUP_NAME_ALL, - NULL, NULL, - &u_sid, &type)) { -- TALLOC_FREE(mem_ctx); -+ TALLOC_FREE(tmp_ctx); - return NT_STATUS_NO_SUCH_USER; - } - -- TALLOC_FREE(mem_ctx); -+ TALLOC_FREE(tmp_ctx); - - if (type != SID_NAME_USER) { - return NT_STATUS_NO_SUCH_USER; -@@ -623,7 +624,7 @@ NTSTATUS make_server_info_pw(struct auth_serversupplied_info **server_info, - /* set the user sid to be the calculated u_sid */ - pdb_set_user_sid(sampass, &u_sid, PDB_SET); - -- result = make_server_info(NULL); -+ result = make_server_info(mem_ctx); - if (result == NULL) { - TALLOC_FREE(sampass); - return NT_STATUS_NO_MEMORY; -@@ -908,37 +909,43 @@ NTSTATUS make_serverinfo_from_username(TALLOC_CTX *mem_ctx, - { - struct auth_serversupplied_info *result; - struct passwd *pwd; -+ TALLOC_CTX *tmp_ctx; - NTSTATUS status; - -- pwd = Get_Pwnam_alloc(talloc_tos(), username); -- if (pwd == NULL) { -- return NT_STATUS_NO_SUCH_USER; -+ tmp_ctx = talloc_stackframe(); -+ if (tmp_ctx == NULL) { -+ return NT_STATUS_NO_MEMORY; - } - -- status = make_server_info_pw(&result, pwd->pw_name, pwd); -- -- TALLOC_FREE(pwd); -+ pwd = Get_Pwnam_alloc(tmp_ctx, username); -+ if (pwd == NULL) { -+ status = NT_STATUS_NO_SUCH_USER; -+ goto done; -+ } - -+ status = make_server_info_pw(tmp_ctx, pwd->pw_name, pwd, &result); - if (!NT_STATUS_IS_OK(status)) { -- return status; -+ goto done; - } - - result->nss_token = true; - result->guest = is_guest; - - if (use_guest_token) { -- status = make_server_info_guest(mem_ctx, &result); -+ status = make_server_info_guest(tmp_ctx, &result); - } else { - status = create_local_token(result); - } - -+ *presult = talloc_steal(mem_ctx, result); -+done: -+ talloc_free(tmp_ctx); - if (!NT_STATUS_IS_OK(status)) { - TALLOC_FREE(result); - return status; - } - -- *presult = talloc_steal(mem_ctx, result); -- return NT_STATUS_OK; -+ return status; - } - - -diff --git a/source3/auth/proto.h b/source3/auth/proto.h -index c5a9647..50a27cf 100644 ---- a/source3/auth/proto.h -+++ b/source3/auth/proto.h -@@ -144,14 +144,15 @@ NTSTATUS create_token_from_username(TALLOC_CTX *mem_ctx, const char *username, - bool user_in_group_sid(const char *username, const struct dom_sid *group_sid); - bool user_in_group(const char *username, const char *groupname); - struct passwd; --NTSTATUS make_server_info_pw(struct auth_serversupplied_info **server_info, -- char *unix_username, -- struct passwd *pwd); -+NTSTATUS make_server_info_pw(TALLOC_CTX *mem_ctx, -+ const char *unix_username, -+ const struct passwd *pwd, -+ struct auth_serversupplied_info **server_info); - NTSTATUS make_serverinfo_from_username(TALLOC_CTX *mem_ctx, - const char *username, - bool use_guest_token, - bool is_guest, -- struct auth_serversupplied_info **presult); -+ struct auth_serversupplied_info **session_info); - struct auth_serversupplied_info *copy_serverinfo(TALLOC_CTX *mem_ctx, - const struct auth_serversupplied_info *src); - bool init_guest_info(void); -diff --git a/source3/auth/user_krb5.c b/source3/auth/user_krb5.c -index e52149a..1214b45 100644 ---- a/source3/auth/user_krb5.c -+++ b/source3/auth/user_krb5.c -@@ -238,7 +238,7 @@ NTSTATUS make_server_info_krb5(TALLOC_CTX *mem_ctx, - */ - DEBUG(10, ("didn't find user %s in passdb, calling " - "make_server_info_pw\n", username)); -- status = make_server_info_pw(&tmp, username, pw); -+ status = make_server_info_pw(mem_ctx, username, pw, &tmp); - } - TALLOC_FREE(sampass); - --- -1.8.5.3 - - -From 840b5b996a719922a1fdaa5ee2188a4d4c60f345 Mon Sep 17 00:00:00 2001 -From: Andreas Schneider asn@samba.org -Date: Fri, 13 Dec 2013 19:19:02 +0100 -Subject: [PATCH 4/6] s3-auth: Use passwd_to_SamInfo3(). - -Correctly lookup users which come from smb.conf. passwd_to_SamInfo3() -tries to contact winbind if the user is a domain user to get -valid information about it. If winbind isn't running it will try to -create everything from the passwd struct. This is not always reliable -but works in most cases. It improves the current situation which doesn't -talk to winbind at all. - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=8598 - -Pair-Programmed-With: Guenther Deschner gd@samba.org -Signed-off-by: Andreas Schneider asn@samba.org -Reviewed-by: Andrew Bartlett abartlet@samba.org - -Autobuild-User(master): Andrew Bartlett abartlet@samba.org -Autobuild-Date(master): Wed Feb 5 01:40:38 CET 2014 on sn-devel-104 ---- - source3/auth/auth_util.c | 91 +++++++++------------------------------------- - source3/auth/server_info.c | 22 ++++++++++- - 2 files changed, 37 insertions(+), 76 deletions(-) - -diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c -index 3aa229d..5ffdb25f 100644 ---- a/source3/auth/auth_util.c -+++ b/source3/auth/auth_util.c -@@ -561,100 +561,43 @@ NTSTATUS make_server_info_pw(TALLOC_CTX *mem_ctx, - struct auth_serversupplied_info **server_info) - { - NTSTATUS status; -- struct samu *sampass = NULL; -- char *qualified_name = NULL; -- TALLOC_CTX *tmp_ctx; -- struct dom_sid u_sid; -- enum lsa_SidType type; -+ TALLOC_CTX *tmp_ctx = NULL; - struct auth_serversupplied_info *result; - -- /* -- * The SID returned in server_info->sam_account is based -- * on our SAM sid even though for a pure UNIX account this should -- * not be the case as it doesn't really exist in the SAM db. -- * This causes lookups on "[in]valid users" to fail as they -- * will lookup this name as a "Unix User" SID to check against -- * the user token. Fix this by adding the "Unix User"\unix_username -- * SID to the sid array. The correct fix should probably be -- * changing the server_info->sam_account user SID to be a -- * S-1-22 Unix SID, but this might break old configs where -- * plaintext passwords were used with no SAM backend. -- */ -- - tmp_ctx = talloc_stackframe(); - if (tmp_ctx == NULL) { - return NT_STATUS_NO_MEMORY; - } - -- qualified_name = talloc_asprintf(tmp_ctx, "%s\%s", -- unix_users_domain_name(), -- unix_username ); -- if (!qualified_name) { -- TALLOC_FREE(tmp_ctx); -- return NT_STATUS_NO_MEMORY; -- } -- -- if (!lookup_name(tmp_ctx, qualified_name, LOOKUP_NAME_ALL, -- NULL, NULL, -- &u_sid, &type)) { -- TALLOC_FREE(tmp_ctx); -- return NT_STATUS_NO_SUCH_USER; -- } -- -- TALLOC_FREE(tmp_ctx); -- -- if (type != SID_NAME_USER) { -- return NT_STATUS_NO_SUCH_USER; -- } -- -- if ( !(sampass = samu_new( NULL )) ) { -- return NT_STATUS_NO_MEMORY; -- } -- -- status = samu_set_unix( sampass, pwd ); -- if (!NT_STATUS_IS_OK(status)) { -- return status; -- } -- -- /* In pathological cases the above call can set the account -- * name to the DOMAIN\username form. Reset the account name -- * using unix_username */ -- pdb_set_username(sampass, unix_username, PDB_SET); -- -- /* set the user sid to be the calculated u_sid */ -- pdb_set_user_sid(sampass, &u_sid, PDB_SET); -- -- result = make_server_info(mem_ctx); -+ result = make_server_info(tmp_ctx); - if (result == NULL) { -- TALLOC_FREE(sampass); -- return NT_STATUS_NO_MEMORY; -+ status = NT_STATUS_NO_MEMORY; -+ goto done; - } - -- status = samu_to_SamInfo3(result, sampass, global_myname(), -- &result->info3, &result->extra); -- TALLOC_FREE(sampass); -+ status = passwd_to_SamInfo3(result, -+ unix_username, -+ pwd, -+ &result->info3); - if (!NT_STATUS_IS_OK(status)) { -- DEBUG(10, ("Failed to convert samu to info3: %s\n", -- nt_errstr(status))); -- TALLOC_FREE(result); -- return status; -+ goto done; - } - - result->unix_name = talloc_strdup(result, unix_username); -- result->sanitized_username = sanitize_username(result, unix_username); -- -- if ((result->unix_name == NULL) -- || (result->sanitized_username == NULL)) { -- TALLOC_FREE(result); -- return NT_STATUS_NO_MEMORY; -+ if (result->unix_name == NULL) { -+ status = NT_STATUS_NO_MEMORY; -+ goto done; - } - - result->utok.uid = pwd->pw_uid; - result->utok.gid = pwd->pw_gid; - -- *server_info = result; -+ *server_info = talloc_steal(mem_ctx, result); -+ status = NT_STATUS_OK; -+done: -+ talloc_free(tmp_ctx); - -- return NT_STATUS_OK; -+ return status; - } - - static NTSTATUS get_system_info3(TALLOC_CTX *mem_ctx, -diff --git a/source3/auth/server_info.c b/source3/auth/server_info.c -index 32ffd3a..077bb6b 100644 ---- a/source3/auth/server_info.c -+++ b/source3/auth/server_info.c -@@ -529,10 +529,28 @@ NTSTATUS passwd_to_SamInfo3(TALLOC_CTX *mem_ctx, - } - } else { - /* -- * Winbind is not running, create the group_sid from the -- * group id. -+ * Winbind is not running, try to create the group_sid from the -+ * passwd group id. -+ */ -+ -+ /* -+ * This can lead to a primary group of S-1-22-2-XX which -+ * will be rejected by other Samba code. - */ - gid_to_sid(&group_sid, pwd->pw_gid); -+ -+ ZERO_STRUCT(domain_sid); -+ -+ /* -+ * If we are a unix group, set the group_sid to the -+ * 'Domain Users' RID of 513 which will always resolve to a -+ * name. -+ */ -+ if (sid_check_is_in_unix_groups(&group_sid)) { -+ sid_compose(&group_sid, -+ get_global_sam_sid(), -+ DOMAIN_RID_USERS); -+ } - } - - /* Make sure we have a valid group sid */ --- -1.8.5.3 - - -From 7d8da06b8966cfb45ede48ce2be0754fd592ff62 Mon Sep 17 00:00:00 2001 -From: Andreas Schneider asn@samba.org -Date: Tue, 18 Feb 2014 10:02:57 +0100 -Subject: [PATCH 5/6] s3-auth: Pass mem_ctx to make_server_info_sam(). - -Coverity-Id: 1168009 -BUG: https://bugzilla.samba.org/show_bug.cgi?id=8598 - -Signed-off-by: Andreas Schneider asn@samba.org - -Change-Id: Ie614b0654c3a7eec1ebb10dbb9763696eec795bd -Reviewed-by: Andrew Bartlett abartlet@samba.org - -(cherry picked from commit 3dc72266005e87a291f5bf9847257e8c54314d39) ---- - source3/auth/check_samsec.c | 2 +- - source3/auth/proto.h | 5 ++-- - source3/auth/server_info_sam.c | 63 +++++++++++++++++++++++++----------------- - source3/auth/user_krb5.c | 12 ++++---- - 4 files changed, 49 insertions(+), 33 deletions(-) - -diff --git a/source3/auth/check_samsec.c b/source3/auth/check_samsec.c -index f918dc0..ed30e0d 100644 ---- a/source3/auth/check_samsec.c -+++ b/source3/auth/check_samsec.c -@@ -482,7 +482,7 @@ NTSTATUS check_sam_security(const DATA_BLOB *challenge, - } - - become_root(); -- nt_status = make_server_info_sam(server_info, sampass); -+ nt_status = make_server_info_sam(mem_ctx, sampass, server_info); - unbecome_root(); - - TALLOC_FREE(sampass); -diff --git a/source3/auth/proto.h b/source3/auth/proto.h -index 50a27cf..e6830aa 100644 ---- a/source3/auth/proto.h -+++ b/source3/auth/proto.h -@@ -133,8 +133,9 @@ NTSTATUS make_user_info_for_reply_enc(struct auth_usersupplied_info **user_info, - DATA_BLOB lm_resp, DATA_BLOB nt_resp); - bool make_user_info_guest(struct auth_usersupplied_info **user_info) ; - struct samu; --NTSTATUS make_server_info_sam(struct auth_serversupplied_info **server_info, -- struct samu *sampass); -+NTSTATUS make_server_info_sam(TALLOC_CTX *mem_ctx, -+ struct samu *sampass, -+ struct auth_serversupplied_info **pserver_info); - NTSTATUS create_local_token(struct auth_serversupplied_info *server_info); - NTSTATUS create_token_from_username(TALLOC_CTX *mem_ctx, const char *username, - bool is_guest, -diff --git a/source3/auth/server_info_sam.c b/source3/auth/server_info_sam.c -index 31fd9f9..aed70fa 100644 ---- a/source3/auth/server_info_sam.c -+++ b/source3/auth/server_info_sam.c -@@ -58,45 +58,54 @@ static bool is_our_machine_account(const char *username) - Make (and fill) a user_info struct from a struct samu - ***************************************************************************/ - --NTSTATUS make_server_info_sam(struct auth_serversupplied_info **server_info, -- struct samu *sampass) -+NTSTATUS make_server_info_sam(TALLOC_CTX *mem_ctx, -+ struct samu *sampass, -+ struct auth_serversupplied_info **pserver_info) - { - struct passwd *pwd; -- struct auth_serversupplied_info *result; -+ struct auth_serversupplied_info *server_info; - const char *username = pdb_get_username(sampass); -+ TALLOC_CTX *tmp_ctx; - NTSTATUS status; - -- if ( !(result = make_server_info(NULL)) ) { -+ tmp_ctx = talloc_stackframe(); -+ if (tmp_ctx == NULL) { - return NT_STATUS_NO_MEMORY; - } - -- if ( !(pwd = Get_Pwnam_alloc(result, username)) ) { -+ server_info = make_server_info(tmp_ctx); -+ if (server_info == NULL) { -+ status = NT_STATUS_NO_MEMORY; -+ goto out; -+ } -+ -+ pwd = Get_Pwnam_alloc(tmp_ctx, username); -+ if (pwd == NULL) { - DEBUG(1, ("User %s in passdb, but getpwnam() fails!\n", - pdb_get_username(sampass))); -- TALLOC_FREE(result); -- return NT_STATUS_NO_SUCH_USER; -+ status = NT_STATUS_NO_SUCH_USER; -+ goto out; - } - -- status = samu_to_SamInfo3(result, sampass, global_myname(), -- &result->info3, &result->extra); -+ status = samu_to_SamInfo3(server_info, -+ sampass, -+ global_myname(), -+ &server_info->info3, -+ &server_info->extra); - if (!NT_STATUS_IS_OK(status)) { -- TALLOC_FREE(result); -- return status; -+ goto out; - } - -- result->unix_name = pwd->pw_name; -- /* Ensure that we keep pwd->pw_name, because we will free pwd below */ -- talloc_steal(result, pwd->pw_name); -- result->utok.gid = pwd->pw_gid; -- result->utok.uid = pwd->pw_uid; -+ server_info->unix_name = talloc_steal(server_info, pwd->pw_name); - -- TALLOC_FREE(pwd); -+ server_info->utok.gid = pwd->pw_gid; -+ server_info->utok.uid = pwd->pw_uid; - -- result->sanitized_username = sanitize_username(result, -- result->unix_name); -- if (result->sanitized_username == NULL) { -- TALLOC_FREE(result); -- return NT_STATUS_NO_MEMORY; -+ server_info->sanitized_username = sanitize_username(server_info, -+ server_info->unix_name); -+ if (server_info->sanitized_username == NULL) { -+ status = NT_STATUS_NO_MEMORY; -+ goto out; - } - - if (IS_DC && is_our_machine_account(username)) { -@@ -117,9 +126,13 @@ NTSTATUS make_server_info_sam(struct auth_serversupplied_info **server_info, - } - - DEBUG(5,("make_server_info_sam: made server info for user %s -> %s\n", -- pdb_get_username(sampass), result->unix_name)); -+ pdb_get_username(sampass), server_info->unix_name)); -+ -+ *pserver_info = talloc_steal(mem_ctx, server_info); - -- *server_info = result; -+ status = NT_STATUS_OK; -+out: -+ talloc_free(tmp_ctx); - -- return NT_STATUS_OK; -+ return status; - } -diff --git a/source3/auth/user_krb5.c b/source3/auth/user_krb5.c -index 1214b45..1441f88 100644 ---- a/source3/auth/user_krb5.c -+++ b/source3/auth/user_krb5.c -@@ -219,9 +219,6 @@ NTSTATUS make_server_info_krb5(TALLOC_CTX *mem_ctx, - * SID consistency with ntlmssp session setup - */ - struct samu *sampass; -- /* The stupid make_server_info_XX functions here -- don't take a talloc context. */ -- struct auth_serversupplied_info *tmp = NULL; - - sampass = samu_new(talloc_tos()); - if (sampass == NULL) { -@@ -231,14 +228,19 @@ NTSTATUS make_server_info_krb5(TALLOC_CTX *mem_ctx, - if (pdb_getsampwnam(sampass, username)) { - DEBUG(10, ("found user %s in passdb, calling " - "make_server_info_sam\n", username)); -- status = make_server_info_sam(&tmp, sampass); -+ status = make_server_info_sam(mem_ctx, -+ sampass, -+ &server_info); - } else { - /* - * User not in passdb, make it up artificially - */ - DEBUG(10, ("didn't find user %s in passdb, calling " - "make_server_info_pw\n", username)); -- status = make_server_info_pw(mem_ctx, username, pw, &tmp); -+ status = make_server_info_pw(mem_ctx, -+ username, -+ pw, -+ &server_info); - } - TALLOC_FREE(sampass); - --- -1.8.5.3 - - -From 77c2d6c08ab3f3894a225a306dbc87f5575a1902 Mon Sep 17 00:00:00 2001 -From: Andreas Schneider asn@samba.org -Date: Tue, 18 Feb 2014 10:19:57 +0100 -Subject: [PATCH 6/6] s3-auth: Pass mem_ctx to auth_check_ntlm_password(). - -Coverity-Id: 1168009 -BUG: https://bugzilla.samba.org/show_bug.cgi?id=8598 - -Signed-off-by: Andreas Schneider asn@samba.org - -Change-Id: Ie01674561a6a75239a13918d3190c2f21c3efc7a -Reviewed-by: Andrew Bartlett abartlet@samba.org - -(cherry picked from commit 4d792db03f18aa164b565c7fdc7b446c174fba28) ---- - source3/auth/auth.c | 51 ++++++++++++++++++----------- - source3/auth/auth_compat.c | 19 ++++++++--- - source3/auth/auth_ntlmssp.c | 6 ++-- - source3/auth/proto.h | 3 +- - source3/auth/user_krb5.c | 7 ++-- - source3/include/auth.h | 3 +- - source3/rpc_server/netlogon/srv_netlog_nt.c | 6 ++-- - source3/smbd/sesssetup.c | 16 +++++---- - 8 files changed, 69 insertions(+), 42 deletions(-) - -diff --git a/source3/auth/auth.c b/source3/auth/auth.c -index dbe337f..17431b8 100644 ---- a/source3/auth/auth.c -+++ b/source3/auth/auth.c -@@ -201,19 +201,19 @@ static bool check_domain_match(const char *user, const char *domain) - * @return An NTSTATUS with NT_STATUS_OK or an appropriate error. - * - **/ -- --static NTSTATUS check_ntlm_password(const struct auth_context *auth_context, -- const struct auth_usersupplied_info *user_info, -- struct auth_serversupplied_info **server_info) -+static NTSTATUS check_ntlm_password(TALLOC_CTX *mem_ctx, -+ const struct auth_context *auth_context, -+ const struct auth_usersupplied_info *user_info, -+ struct auth_serversupplied_info **pserver_info) - { - /* if all the modules say 'not for me' this is reasonable */ - NTSTATUS nt_status = NT_STATUS_NO_SUCH_USER; - const char *unix_username; - auth_methods *auth_method; -- TALLOC_CTX *mem_ctx; - -- if (!user_info || !auth_context || !server_info) -+ if (user_info == NULL || auth_context == NULL || pserver_info == NULL) { - return NT_STATUS_LOGON_FAILURE; -+ } - - DEBUG(3, ("check_ntlm_password: Checking password for unmapped user [%s]\[%s]@[%s] with the new password interface\n", - user_info->client.domain_name, user_info->client.account_name, user_info->workstation_name)); -@@ -247,17 +247,27 @@ static NTSTATUS check_ntlm_password(const struct auth_context *auth_context, - return NT_STATUS_LOGON_FAILURE; - - for (auth_method = auth_context->auth_method_list;auth_method; auth_method = auth_method->next) { -+ struct auth_serversupplied_info *server_info; -+ TALLOC_CTX *tmp_ctx; - NTSTATUS result; - -- mem_ctx = talloc_init("%s authentication for user %s\%s", auth_method->name, -- user_info->mapped.domain_name, user_info->client.account_name); -+ tmp_ctx = talloc_named(mem_ctx, -+ 0, -+ "%s authentication for user %s\%s", -+ auth_method->name, -+ user_info->mapped.domain_name, -+ user_info->client.account_name); - -- result = auth_method->auth(auth_context, auth_method->private_data, mem_ctx, user_info, server_info); -+ result = auth_method->auth(auth_context, -+ auth_method->private_data, -+ tmp_ctx, -+ user_info, -+ &server_info); - - /* check if the module did anything */ - if ( NT_STATUS_V(result) == NT_STATUS_V(NT_STATUS_NOT_IMPLEMENTED) ) { - DEBUG(10,("check_ntlm_password: %s had nothing to say\n", auth_method->name)); -- talloc_destroy(mem_ctx); -+ TALLOC_FREE(tmp_ctx); - continue; - } - -@@ -271,19 +281,20 @@ static NTSTATUS check_ntlm_password(const struct auth_context *auth_context, - auth_method->name, user_info->client.account_name, nt_errstr(nt_status))); - } - -- talloc_destroy(mem_ctx); -- -- if ( NT_STATUS_IS_OK(nt_status)) -- { -- break; -+ if (NT_STATUS_IS_OK(nt_status)) { -+ *pserver_info = talloc_steal(mem_ctx, server_info); -+ TALLOC_FREE(tmp_ctx); -+ break; - } -+ -+ TALLOC_FREE(tmp_ctx); - } - - /* successful authentication */ - - if (NT_STATUS_IS_OK(nt_status)) { -- unix_username = (*server_info)->unix_name; -- if (!(*server_info)->guest) { -+ unix_username = (*pserver_info)->unix_name; -+ if (!(*pserver_info)->guest) { - /* We might not be root if we are an RPC call */ - become_root(); - nt_status = smb_pam_accountcheck( -@@ -301,9 +312,9 @@ static NTSTATUS check_ntlm_password(const struct auth_context *auth_context, - } - - if (NT_STATUS_IS_OK(nt_status)) { -- DEBUG((*server_info)->guest ? 5 : 2, -+ DEBUG((*pserver_info)->guest ? 5 : 2, - ("check_ntlm_password: %sauthentication for user [%s] -> [%s] -> [%s] succeeded\n", -- (*server_info)->guest ? "guest " : "", -+ (*pserver_info)->guest ? "guest " : "", - user_info->client.account_name, - user_info->mapped.account_name, - unix_username)); -@@ -317,7 +328,7 @@ static NTSTATUS check_ntlm_password(const struct auth_context *auth_context, - DEBUG(2, ("check_ntlm_password: Authentication for user [%s] -> [%s] FAILED with error %s\n", - user_info->client.account_name, user_info->mapped.account_name, - nt_errstr(nt_status))); -- ZERO_STRUCTP(server_info); -+ ZERO_STRUCTP(pserver_info); - - return nt_status; - } -diff --git a/source3/auth/auth_compat.c b/source3/auth/auth_compat.c -index 0ae712a..d51c96f 100644 ---- a/source3/auth/auth_compat.c -+++ b/source3/auth/auth_compat.c -@@ -35,7 +35,8 @@ check if a username/password is OK assuming the password is in plaintext - return True if the password is correct, False otherwise - ****************************************************************************/ - --NTSTATUS check_plaintext_password(const char *smb_name, -+NTSTATUS check_plaintext_password(TALLOC_CTX *mem_ctx, -+ const char *smb_name, - DATA_BLOB plaintext_blob, - struct auth_serversupplied_info **server_info) - { -@@ -59,8 +60,10 @@ NTSTATUS check_plaintext_password(const char *smb_name, - return NT_STATUS_NO_MEMORY; - } - -- nt_status = plaintext_auth_context->check_ntlm_password(plaintext_auth_context, -- user_info, server_info); -+ nt_status = plaintext_auth_context->check_ntlm_password(mem_ctx, -+ plaintext_auth_context, -+ user_info, -+ server_info); - - TALLOC_FREE(plaintext_auth_context); - free_user_info(&user_info); -@@ -84,7 +87,10 @@ static NTSTATUS pass_check_smb(struct auth_context *actx, - domain, - lm_pwd, - nt_pwd); -- nt_status = actx->check_ntlm_password(actx, user_info, &server_info); -+ nt_status = actx->check_ntlm_password(talloc_tos(), -+ actx, -+ user_info, -+ &server_info); - free_user_info(&user_info); - TALLOC_FREE(server_info); - return nt_status; -@@ -127,7 +133,10 @@ bool password_ok(struct auth_context *actx, bool global_encrypted, - } - } else { - struct auth_serversupplied_info *server_info = NULL; -- NTSTATUS nt_status = check_plaintext_password(smb_name, password_blob, &server_info); -+ NTSTATUS nt_status = check_plaintext_password(talloc_tos(), -+ smb_name, -+ password_blob, -+ &server_info); - TALLOC_FREE(server_info); - if (NT_STATUS_IS_OK(nt_status)) { - return True; -diff --git a/source3/auth/auth_ntlmssp.c b/source3/auth/auth_ntlmssp.c -index ae29c30..097501c 100644 ---- a/source3/auth/auth_ntlmssp.c -+++ b/source3/auth/auth_ntlmssp.c -@@ -143,8 +143,10 @@ static NTSTATUS auth_ntlmssp_check_password(struct ntlmssp_state *ntlmssp_state, - - user_info->logon_parameters = MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT | MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT; - -- nt_status = auth_ntlmssp_state->auth_context->check_ntlm_password(auth_ntlmssp_state->auth_context, -- user_info, &auth_ntlmssp_state->server_info); -+ nt_status = auth_ntlmssp_state->auth_context->check_ntlm_password(mem_ctx, -+ auth_ntlmssp_state->auth_context, -+ user_info, -+ &auth_ntlmssp_state->server_info); - - username_was_mapped = user_info->was_mapped; - -diff --git a/source3/auth/proto.h b/source3/auth/proto.h -index e6830aa..fccabc4 100644 ---- a/source3/auth/proto.h -+++ b/source3/auth/proto.h -@@ -50,7 +50,8 @@ NTSTATUS auth_builtin_init(void); - - /* The following definitions come from auth/auth_compat.c */ - --NTSTATUS check_plaintext_password(const char *smb_name, -+NTSTATUS check_plaintext_password(TALLOC_CTX *mem_ctx, -+ const char *smb_name, - DATA_BLOB plaintext_password, - struct auth_serversupplied_info **server_info); - bool password_ok(struct auth_context *actx, bool global_encrypted, -diff --git a/source3/auth/user_krb5.c b/source3/auth/user_krb5.c -index 1441f88..1e5254e 100644 ---- a/source3/auth/user_krb5.c -+++ b/source3/auth/user_krb5.c -@@ -230,7 +230,7 @@ NTSTATUS make_server_info_krb5(TALLOC_CTX *mem_ctx, - "make_server_info_sam\n", username)); - status = make_server_info_sam(mem_ctx, - sampass, -- &server_info); -+ server_info); - } else { - /* - * User not in passdb, make it up artificially -@@ -240,7 +240,7 @@ NTSTATUS make_server_info_krb5(TALLOC_CTX *mem_ctx, - status = make_server_info_pw(mem_ctx, - username, - pw, -- &server_info); -+ server_info); - } - TALLOC_FREE(sampass); - -@@ -250,9 +250,6 @@ NTSTATUS make_server_info_krb5(TALLOC_CTX *mem_ctx, - return status; - } - -- /* Steal tmp server info into the server_info pointer. */ -- *server_info = talloc_move(mem_ctx, &tmp); -- - /* make_server_info_pw does not set the domain. Without this - * we end up with the local netbios name in substitutions for - * %D. */ -diff --git a/source3/include/auth.h b/source3/include/auth.h -index c017da9..b0ac11a 100644 ---- a/source3/include/auth.h -+++ b/source3/include/auth.h -@@ -89,7 +89,8 @@ struct auth_context { - - NTSTATUS (*get_ntlm_challenge)(struct auth_context *auth_context, - uint8_t chal[8]); -- NTSTATUS (*check_ntlm_password)(const struct auth_context *auth_context, -+ NTSTATUS (*check_ntlm_password)(TALLOC_CTX *mem_ctx, -+ const struct auth_context *auth_context, - const struct auth_usersupplied_info *user_info, - struct auth_serversupplied_info **server_info); - NTSTATUS (*nt_status_squash)(NTSTATUS nt_status); -diff --git a/source3/rpc_server/netlogon/srv_netlog_nt.c b/source3/rpc_server/netlogon/srv_netlog_nt.c -index 3fd93bc..1cf04df 100644 ---- a/source3/rpc_server/netlogon/srv_netlog_nt.c -+++ b/source3/rpc_server/netlogon/srv_netlog_nt.c -@@ -1563,8 +1563,10 @@ static NTSTATUS _netr_LogonSamLogon_base(struct pipes_struct *p, - } /* end switch */ - - if ( NT_STATUS_IS_OK(status) ) { -- status = auth_context->check_ntlm_password(auth_context, -- user_info, &server_info); -+ status = auth_context->check_ntlm_password(p->mem_ctx, -+ auth_context, -+ user_info, -+ &server_info); - } - - TALLOC_FREE(auth_context); -diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c -index 75c2a15..2a40e1b 100644 ---- a/source3/smbd/sesssetup.c -+++ b/source3/smbd/sesssetup.c -@@ -140,7 +140,8 @@ static void reply_sesssetup_blob(struct smb_request *req, - Do a 'guest' logon, getting back the - ****************************************************************************/ - --static NTSTATUS check_guest_password(struct auth_serversupplied_info **server_info) -+static NTSTATUS check_guest_password(TALLOC_CTX *mem_ctx, -+ struct auth_serversupplied_info **server_info) - { - struct auth_context *auth_context; - struct auth_usersupplied_info *user_info = NULL; -@@ -150,7 +151,7 @@ static NTSTATUS check_guest_password(struct auth_serversupplied_info **server_in - - DEBUG(3,("Got anonymous request\n")); - -- nt_status = make_auth_context_fixed(talloc_tos(), &auth_context, chal); -+ nt_status = make_auth_context_fixed(mem_ctx, &auth_context, chal); - if (!NT_STATUS_IS_OK(nt_status)) { - return nt_status; - } -@@ -160,9 +161,10 @@ static NTSTATUS check_guest_password(struct auth_serversupplied_info **server_in - return NT_STATUS_NO_MEMORY; - } - -- nt_status = auth_context->check_ntlm_password(auth_context, -- user_info, -- server_info); -+ nt_status = auth_context->check_ntlm_password(mem_ctx, -+ auth_context, -+ user_info, -+ server_info); - TALLOC_FREE(auth_context); - free_user_info(&user_info); - return nt_status; -@@ -1609,7 +1611,7 @@ void reply_sesssetup_and_X(struct smb_request *req) - - if (!*user) { - -- nt_status = check_guest_password(&server_info); -+ nt_status = check_guest_password(talloc_tos(), &server_info); - - } else if (doencrypt) { - struct auth_context *negprot_auth_context = NULL; -@@ -1627,6 +1629,7 @@ void reply_sesssetup_and_X(struct smb_request *req) - lm_resp, nt_resp); - if (NT_STATUS_IS_OK(nt_status)) { - nt_status = negprot_auth_context->check_ntlm_password( -+ talloc_tos(), - negprot_auth_context, - user_info, - &server_info); -@@ -1651,6 +1654,7 @@ void reply_sesssetup_and_X(struct smb_request *req) - - if (NT_STATUS_IS_OK(nt_status)) { - nt_status = plaintext_auth_context->check_ntlm_password( -+ talloc_tos(), - plaintext_auth_context, - user_info, - &server_info); --- -1.8.5.3 - -From f07614228629e650b0e0a27dd4d15b6e5eef5baa Mon Sep 17 00:00:00 2001 -From: Andreas Schneider asn@samba.org -Date: Wed, 28 May 2014 15:12:29 +0200 -Subject: [PATCH 18/20] PATCHSET1: Allocate server_info on the correct memory - context. - -This fixes a talloc double free PANIC when connecting to share. - -Signed-off-by: Andreas Schneider asn@samba.org ---- - source3/auth/auth_ntlmssp.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/source3/auth/auth_ntlmssp.c b/source3/auth/auth_ntlmssp.c -index 097501c..3c7e324 100644 ---- a/source3/auth/auth_ntlmssp.c -+++ b/source3/auth/auth_ntlmssp.c -@@ -143,7 +143,7 @@ static NTSTATUS auth_ntlmssp_check_password(struct ntlmssp_state *ntlmssp_state, - - user_info->logon_parameters = MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT | MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT; - -- nt_status = auth_ntlmssp_state->auth_context->check_ntlm_password(mem_ctx, -+ nt_status = auth_ntlmssp_state->auth_context->check_ntlm_password(auth_ntlmssp_state, - auth_ntlmssp_state->auth_context, - user_info, - &auth_ntlmssp_state->server_info); --- -1.9.0 - -commit 0c6838663d42a04a80e25a8a3827710926952077 -Author: Andreas Schneider asn@samba.org -AuthorDate: Wed Jul 2 16:39:22 2014 +0200 -Commit: Andreas Schneider asn@samba.org -CommitDate: Wed Jul 2 16:47:43 2014 +0200 - - PATCHSET1 s3-auth: Do not double free the result. - - Signed-off-by: Andreas Schneider asn@samba.org - Reviewed-by: Guenther Deschner gd@samba.org ---- - source3/auth/auth_util.c | 4 ---- - 1 file changed, 4 deletions(-) - -diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c -index 5ffdb25f..1f1fed9 100644 ---- a/source3/auth/auth_util.c -+++ b/source3/auth/auth_util.c -@@ -883,10 +883,6 @@ NTSTATUS make_serverinfo_from_username(TALLOC_CTX *mem_ctx, - *presult = talloc_steal(mem_ctx, result); - done: - talloc_free(tmp_ctx); -- if (!NT_STATUS_IS_OK(status)) { -- TALLOC_FREE(result); -- return status; -- } - - return status; - } -commit 879e576d439fddf33ab2353b4a54ccd162020a03 -Author: Andreas Schneider asn@samba.org -AuthorDate: Tue Jul 8 10:26:51 2014 +0200 -Commit: Andreas Schneider asn@samba.org -CommitDate: Tue Jul 8 17:08:10 2014 +0200 - - PATCHSET1 s3-auth: Fix support for 'security = share' in passwd_to_SamInfo3(). - - Signed-off-by: Andreas Schneider asn@samba.org ---- - source3/auth/server_info.c | 19 ++++++++++++++++--- - 1 file changed, 16 insertions(+), 3 deletions(-) - -diff --git a/source3/auth/server_info.c b/source3/auth/server_info.c -index 077bb6b..e627892 100644 ---- a/source3/auth/server_info.c -+++ b/source3/auth/server_info.c -@@ -575,9 +575,21 @@ NTSTATUS passwd_to_SamInfo3(TALLOC_CTX *mem_ctx, - - ZERO_STRUCT(domain_sid); - -- sid_copy(&domain_sid, &user_sid); -- sid_split_rid(&domain_sid, &info3->base.rid); -- info3->base.domain_sid = dom_sid_dup(info3, &domain_sid); -+ /* -+ * Check if this is a "Unix Users" domain user, -+ * we need to handle it in a special way if that's the case. -+ */ -+ if (sid_check_is_in_unix_users(&user_sid)) { -+ /* -+ * In info3 you can only set rids for the user and the -+ * primary group, and the domain sid must be that of -+ * the sam domain. -+ */ -+ sid_copy(&domain_sid, get_global_sam_sid()); -+ } else { -+ sid_copy(&domain_sid, &user_sid); -+ sid_split_rid(&domain_sid, &info3->base.rid); -+ } - - ok = sid_peek_check_rid(&domain_sid, &group_sid, - &info3->base.primary_gid); -@@ -592,6 +604,7 @@ NTSTATUS passwd_to_SamInfo3(TALLOC_CTX *mem_ctx, - goto done; - } - -+ info3->base.domain_sid = dom_sid_dup(info3, &domain_sid); - info3->base.acct_flags = ACB_NORMAL; - - if (num_sids) { diff --git a/src/patches/samba/samba-3.6.99-fix_gecos_interactive.patch b/src/patches/samba/samba-3.6.99-fix_gecos_interactive.patch deleted file mode 100644 index acb0c51fc..000000000 --- a/src/patches/samba/samba-3.6.99-fix_gecos_interactive.patch +++ /dev/null @@ -1,922 +0,0 @@ -commit 8a7159aa1b000593ffe89ca8d7477e6373764aaf -Author: Günther Deschner gd@samba.org -AuthorDate: Tue Jul 15 14:16:56 2014 +0200 -Commit: Andreas Schneider asn@samba.org -CommitDate: Tue Jul 15 15:25:27 2014 +0200 - - PATCHSET14 s3-rpc_client: return info3 in rpccli_netlogon_password_logon(). - - Guenther - - Signed-off-by: Günther Deschner gd@samba.org - Pair-Programmed-With: Andreas Schneider asn@samba.org - Reviewed-by: Andreas Schneider asn@samba.org ---- - source3/rpc_client/cli_netlogon.c | 100 +++++++++++++++++++++----------------- - source3/rpc_client/cli_netlogon.h | 3 +- - source3/rpcclient/cmd_netlogon.c | 3 +- - 3 files changed, 60 insertions(+), 46 deletions(-) - -diff --git a/source3/rpc_client/cli_netlogon.c b/source3/rpc_client/cli_netlogon.c -index c69a933..9454226 100644 ---- a/source3/rpc_client/cli_netlogon.c -+++ b/source3/rpc_client/cli_netlogon.c -@@ -153,6 +153,53 @@ NTSTATUS rpccli_netlogon_setup_creds(struct rpc_pipe_client *cli, - return NT_STATUS_OK; - } - -+static NTSTATUS map_validation_to_info3(TALLOC_CTX *mem_ctx, -+ uint16_t validation_level, -+ union netr_Validation *validation, -+ struct netr_SamInfo3 **info3_p) -+{ -+ struct netr_SamInfo3 *info3; -+ NTSTATUS status; -+ -+ if (validation == NULL) { -+ return NT_STATUS_INVALID_PARAMETER; -+ } -+ -+ switch (validation_level) { -+ case 3: -+ if (validation->sam3 == NULL) { -+ return NT_STATUS_INVALID_PARAMETER; -+ } -+ -+ info3 = talloc_move(mem_ctx, &validation->sam3); -+ break; -+ case 6: -+ if (validation->sam6 == NULL) { -+ return NT_STATUS_INVALID_PARAMETER; -+ } -+ -+ info3 = talloc_zero(mem_ctx, struct netr_SamInfo3); -+ if (info3 == NULL) { -+ return NT_STATUS_NO_MEMORY; -+ } -+ status = copy_netr_SamBaseInfo(info3, &validation->sam6->base, &info3->base); -+ if (!NT_STATUS_IS_OK(status)) { -+ TALLOC_FREE(info3); -+ return status; -+ } -+ -+ info3->sidcount = validation->sam6->sidcount; -+ info3->sids = talloc_move(info3, &validation->sam6->sids); -+ break; -+ default: -+ return NT_STATUS_BAD_VALIDATION_CLASS; -+ } -+ -+ *info3_p = info3; -+ -+ return NT_STATUS_OK; -+} -+ - /* Logon domain user */ - - NTSTATUS rpccli_netlogon_sam_logon(struct rpc_pipe_client *cli, -@@ -163,7 +210,8 @@ NTSTATUS rpccli_netlogon_sam_logon(struct rpc_pipe_client *cli, - const char *password, - const char *workstation, - uint16_t validation_level, -- int logon_type) -+ int logon_type, -+ struct netr_SamInfo3 **info3) - { - NTSTATUS result = NT_STATUS_UNSUCCESSFUL; - NTSTATUS status; -@@ -298,54 +346,18 @@ NTSTATUS rpccli_netlogon_sam_logon(struct rpc_pipe_client *cli, - return NT_STATUS_ACCESS_DENIED; - } - -- return result; --} -- --static NTSTATUS map_validation_to_info3(TALLOC_CTX *mem_ctx, -- uint16_t validation_level, -- union netr_Validation *validation, -- struct netr_SamInfo3 **info3_p) --{ -- struct netr_SamInfo3 *info3; -- NTSTATUS status; -- -- if (validation == NULL) { -- return NT_STATUS_INVALID_PARAMETER; -+ if (!NT_STATUS_IS_OK(result)) { -+ return result; - } - -- switch (validation_level) { -- case 3: -- if (validation->sam3 == NULL) { -- return NT_STATUS_INVALID_PARAMETER; -- } -- -- info3 = talloc_move(mem_ctx, &validation->sam3); -- break; -- case 6: -- if (validation->sam6 == NULL) { -- return NT_STATUS_INVALID_PARAMETER; -- } -- -- info3 = talloc_zero(mem_ctx, struct netr_SamInfo3); -- if (info3 == NULL) { -- return NT_STATUS_NO_MEMORY; -- } -- status = copy_netr_SamBaseInfo(info3, &validation->sam6->base, &info3->base); -- if (!NT_STATUS_IS_OK(status)) { -- TALLOC_FREE(info3); -- return status; -- } -+ netlogon_creds_decrypt_samlogon(cli->dc, validation_level, &validation); - -- info3->sidcount = validation->sam6->sidcount; -- info3->sids = talloc_move(info3, &validation->sam6->sids); -- break; -- default: -- return NT_STATUS_BAD_VALIDATION_CLASS; -+ result = map_validation_to_info3(mem_ctx, validation_level, &validation, info3); -+ if (!NT_STATUS_IS_OK(result)) { -+ return result; - } - -- *info3_p = info3; -- -- return NT_STATUS_OK; -+ return result; - } - - /** -diff --git a/source3/rpc_client/cli_netlogon.h b/source3/rpc_client/cli_netlogon.h -index ad59d5b..9c6cbc8 100644 ---- a/source3/rpc_client/cli_netlogon.h -+++ b/source3/rpc_client/cli_netlogon.h -@@ -41,7 +41,8 @@ NTSTATUS rpccli_netlogon_sam_logon(struct rpc_pipe_client *cli, - const char *password, - const char *workstation, - uint16_t validation_level, -- int logon_type); -+ int logon_type, -+ struct netr_SamInfo3 **info3); - NTSTATUS rpccli_netlogon_sam_network_logon(struct rpc_pipe_client *cli, - TALLOC_CTX *mem_ctx, - uint32 logon_parameters, -diff --git a/source3/rpcclient/cmd_netlogon.c b/source3/rpcclient/cmd_netlogon.c -index 63057ac..e285145 100644 ---- a/source3/rpcclient/cmd_netlogon.c -+++ b/source3/rpcclient/cmd_netlogon.c -@@ -724,6 +724,7 @@ static NTSTATUS cmd_netlogon_sam_logon(struct rpc_pipe_client *cli, - uint16_t validation_level = 3; - uint32 logon_param = 0; - const char *workstation = NULL; -+ struct netr_SamInfo3 *info3 = NULL; - - /* Check arguments */ - -@@ -750,7 +751,7 @@ static NTSTATUS cmd_netlogon_sam_logon(struct rpc_pipe_client *cli, - - /* Perform the sam logon */ - -- result = rpccli_netlogon_sam_logon(cli, mem_ctx, logon_param, lp_workgroup(), username, password, workstation, validation_level, logon_type); -+ result = rpccli_netlogon_sam_logon(cli, mem_ctx, logon_param, lp_workgroup(), username, password, workstation, validation_level, logon_type, &info3); - - if (!NT_STATUS_IS_OK(result)) - goto done; -commit 53c404ade6d660c449a9dddb56aa80dc6d5ea920 -Author: Günther Deschner gd@samba.org -AuthorDate: Tue Jul 15 14:25:19 2014 +0200 -Commit: Andreas Schneider asn@samba.org -CommitDate: Tue Jul 15 15:25:29 2014 +0200 - - PATCHSET14 s3-winbindd: call interactive samlogon via rpccli_netlogon_password_logon. - - Guenther - - Signed-off-by: Guenther Deschner gd@samba.org - Pair-Programmed-With: Andreas Schneider asn@samba.org - Reviewed-by: Andreas Schneider asn@samba.org ---- - source3/winbindd/winbindd_pam.c | 20 +++++++++++++++++++- - 1 file changed, 19 insertions(+), 1 deletion(-) - -diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winbindd_pam.c -index 125e393..2b31d54 100644 ---- a/source3/winbindd/winbindd_pam.c -+++ b/source3/winbindd/winbindd_pam.c -@@ -1152,11 +1152,13 @@ static NTSTATUS winbind_samlogon_retry_loop(struct winbindd_domain *domain, - uint32_t logon_parameters, - const char *server, - const char *username, -+ const char *password, - const char *domainname, - const char *workstation, - const uint8_t chal[8], - DATA_BLOB lm_response, - DATA_BLOB nt_response, -+ bool interactive, - struct netr_SamInfo3 **info3) - { - int attempts = 0; -@@ -1269,7 +1271,19 @@ static NTSTATUS winbind_samlogon_retry_loop(struct winbindd_domain *domain, - domain->can_do_validation6 = false; - } - -- if (domain->can_do_samlogon_ex && domain->can_do_validation6) { -+ if (interactive && username != NULL && password != NULL) { -+ result = rpccli_netlogon_sam_logon( -+ netlogon_pipe, -+ mem_ctx, -+ logon_parameters, -+ domainname, -+ username, -+ password, -+ workstation, -+ 3, /* FIXME */ -+ NetlogonInteractiveInformation, -+ info3); -+ } else if (domain->can_do_samlogon_ex && domain->can_do_validation6) { - result = rpccli_netlogon_sam_network_logon_ex( - netlogon_pipe, - mem_ctx, -@@ -1453,11 +1467,13 @@ static NTSTATUS winbindd_dual_pam_auth_samlogon(TALLOC_CTX *mem_ctx, - 0, - domain->dcname, - name_user, -+ pass, - name_domain, - global_myname(), - chal, - lm_resp, - nt_resp, -+ true, - &my_info3); - if (!NT_STATUS_IS_OK(result)) { - goto done; -@@ -1874,12 +1890,14 @@ enum winbindd_result winbindd_dual_pam_auth_crap(struct winbindd_domain *domain, - state->request->data.auth_crap.logon_parameters, - domain->dcname, - name_user, -+ NULL, /* password */ - name_domain, - /* Bug #3248 - found by Stefan Burkei. */ - workstation, /* We carefully set this above so use it... */ - state->request->data.auth_crap.chal, - lm_resp, - nt_resp, -+ false, /* interactive */ - &info3); - if (!NT_STATUS_IS_OK(result)) { - goto done; -commit f73d1b92b78c4c3f23f411807273e3d09d39c10a -Author: Günther Deschner gd@samba.org -AuthorDate: Mon Jul 7 17:14:37 2014 +0200 -Commit: Andreas Schneider asn@samba.org -CommitDate: Tue Jul 15 15:25:30 2014 +0200 - - PATCHSET14 s3-winbindd: add wcache_query_user_fullname(). - - This helper function is used to query the full name of a cached user object (for - further gecos processing). - - Thanks to Matt Rogers mrogers@redhat.com. - - BUG: https://bugzilla.samba.org/show_bug.cgi?id=10440 - - Guenther - - Pair-Programmed-With: Andreas Schneider asn@samba.org - Signed-off-by: Günther Deschner gd@samba.org - Reviewed-by: Andreas Schneider asn@samba.org ---- - source3/winbindd/winbindd_cache.c | 34 ++++++++++++++++++++++++++++++++++ - source3/winbindd/winbindd_proto.h | 4 ++++ - 2 files changed, 38 insertions(+) - -diff --git a/source3/winbindd/winbindd_cache.c b/source3/winbindd/winbindd_cache.c -index 0a65953..82c8087 100644 ---- a/source3/winbindd/winbindd_cache.c -+++ b/source3/winbindd/winbindd_cache.c -@@ -2282,6 +2282,40 @@ NTSTATUS wcache_query_user(struct winbindd_domain *domain, - return status; - } - -+ -+/** -+* @brief Query a fullname from the username cache (for further gecos processing) -+* -+* @param domain A pointer to the winbindd_domain struct. -+* @param mem_ctx The talloc context. -+* @param user_sid The user sid. -+* @param full_name A pointer to the full_name string. -+* -+* @return NTSTATUS code -+*/ -+NTSTATUS wcache_query_user_fullname(struct winbindd_domain *domain, -+ TALLOC_CTX *mem_ctx, -+ const struct dom_sid *user_sid, -+ const char **full_name) -+{ -+ NTSTATUS status; -+ struct wbint_userinfo info; -+ -+ status = wcache_query_user(domain, mem_ctx, user_sid, &info); -+ if (!NT_STATUS_IS_OK(status)) { -+ return status; -+ } -+ -+ if (info.full_name != NULL) { -+ *full_name = talloc_strdup(mem_ctx, info.full_name); -+ if (*full_name == NULL) { -+ return NT_STATUS_NO_MEMORY; -+ } -+ } -+ -+ return NT_STATUS_OK; -+} -+ - /* Lookup user information from a rid */ - static NTSTATUS query_user(struct winbindd_domain *domain, - TALLOC_CTX *mem_ctx, -diff --git a/source3/winbindd/winbindd_proto.h b/source3/winbindd/winbindd_proto.h -index 82176b2..585853e 100644 ---- a/source3/winbindd/winbindd_proto.h -+++ b/source3/winbindd/winbindd_proto.h -@@ -103,6 +103,10 @@ NTSTATUS wcache_query_user(struct winbindd_domain *domain, - TALLOC_CTX *mem_ctx, - const struct dom_sid *user_sid, - struct wbint_userinfo *info); -+NTSTATUS wcache_query_user_fullname(struct winbindd_domain *domain, -+ TALLOC_CTX *mem_ctx, -+ const struct dom_sid *user_sid, -+ const char **full_name); - NTSTATUS wcache_lookup_useraliases(struct winbindd_domain *domain, - TALLOC_CTX *mem_ctx, - uint32 num_sids, const struct dom_sid *sids, -commit d4d04c269ade1e96f84b71e60a1c6c322eec5514 -Author: Günther Deschner gd@samba.org -AuthorDate: Mon Jul 7 17:16:32 2014 +0200 -Commit: Andreas Schneider asn@samba.org -CommitDate: Tue Jul 15 15:25:31 2014 +0200 - - PATCHSET14 s3-winbindd: use wcache_query_user_fullname after inspecting samlogon cache. - - The reason for this followup query is that very often the samlogon cache only - contains a info3 netlogon user structure that has been retrieved during a - netlogon samlogon authentication using "network" logon level. With that logon - level only a few info3 fields are filled in; the user's fullname is never filled - in that case. This is problematic when the cache is used to fill in the user's - gecos field (for NSS queries). When we have retrieved the user's fullname during - other queries, reuse it from the other caches. - - Thanks to Matt Rogers mrogers@redhat.com. - - BUG: https://bugzilla.samba.org/show_bug.cgi?id=10440 - - Guenther - - Pair-Programmed-With: Andreas Schneider asn@samba.org - Signed-off-by: Guenther Deschner gd@samba.org - Reviewed-by: Andreas Schneider asn@samba.org ---- - source3/winbindd/winbindd_ads.c | 8 ++++++++ - source3/winbindd/winbindd_msrpc.c | 8 ++++++++ - source3/winbindd/winbindd_pam.c | 41 +++++++++++++++++++++++++++++++++++++++ - 3 files changed, 57 insertions(+) - -diff --git a/source3/winbindd/winbindd_ads.c b/source3/winbindd/winbindd_ads.c -index 3099ff0..7d960fc 100644 ---- a/source3/winbindd/winbindd_ads.c -+++ b/source3/winbindd/winbindd_ads.c -@@ -515,6 +515,14 @@ static NTSTATUS query_user(struct winbindd_domain *domain, - - TALLOC_FREE(user); - -+ if (info->full_name == NULL) { -+ /* this might fail so we dont check the return code */ -+ wcache_query_user_fullname(domain, -+ mem_ctx, -+ sid, -+ &info->full_name); -+ } -+ - return NT_STATUS_OK; - } - -diff --git a/source3/winbindd/winbindd_msrpc.c b/source3/winbindd/winbindd_msrpc.c -index b426884..eae822c 100644 ---- a/source3/winbindd/winbindd_msrpc.c -+++ b/source3/winbindd/winbindd_msrpc.c -@@ -439,6 +439,14 @@ static NTSTATUS msrpc_query_user(struct winbindd_domain *domain, - user_info->full_name = talloc_strdup(user_info, - user->base.full_name.string); - -+ if (user_info->full_name == NULL) { -+ /* this might fail so we dont check the return code */ -+ wcache_query_user_fullname(domain, -+ mem_ctx, -+ user_sid, -+ &user_info->full_name); -+ } -+ - status = NT_STATUS_OK; - goto done; - } -diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winbindd_pam.c -index 2b31d54..86b352e 100644 ---- a/source3/winbindd/winbindd_pam.c -+++ b/source3/winbindd/winbindd_pam.c -@@ -1739,6 +1739,26 @@ process_result: - sid_compose(&user_sid, info3->base.domain_sid, - info3->base.rid); - -+ if (info3->base.full_name.string == NULL) { -+ struct netr_SamInfo3 *cached_info3; -+ -+ cached_info3 = netsamlogon_cache_get(state->mem_ctx, -+ &user_sid); -+ if (cached_info3 != NULL && -+ cached_info3->base.full_name.string != NULL) { -+ info3->base.full_name.string = -+ talloc_strdup(info3, -+ cached_info3->base.full_name.string); -+ } else { -+ -+ /* this might fail so we dont check the return code */ -+ wcache_query_user_fullname(domain, -+ info3, -+ &user_sid, -+ &info3->base.full_name.string); -+ } -+ } -+ - wcache_invalidate_samlogon(find_domain_from_name(name_domain), - &user_sid); - netsamlogon_cache_store(name_user, info3); -@@ -1910,6 +1930,27 @@ process_result: - - sid_compose(&user_sid, info3->base.domain_sid, - info3->base.rid); -+ -+ if (info3->base.full_name.string == NULL) { -+ struct netr_SamInfo3 *cached_info3; -+ -+ cached_info3 = netsamlogon_cache_get(state->mem_ctx, -+ &user_sid); -+ if (cached_info3 != NULL && -+ cached_info3->base.full_name.string != NULL) { -+ info3->base.full_name.string = -+ talloc_strdup(info3, -+ cached_info3->base.full_name.string); -+ } else { -+ -+ /* this might fail so we dont check the return code */ -+ wcache_query_user_fullname(domain, -+ info3, -+ &user_sid, -+ &info3->base.full_name.string); -+ } -+ } -+ - wcache_invalidate_samlogon(find_domain_from_name(name_domain), - &user_sid); - netsamlogon_cache_store(name_user, info3); -commit 7a38729ac2b93d0bd8c2450821cfcedff6fa3f53 -Author: Günther Deschner gd@samba.org -AuthorDate: Wed Jul 9 13:36:06 2014 +0200 -Commit: Andreas Schneider asn@samba.org -CommitDate: Tue Jul 15 15:25:32 2014 +0200 - - PATCHSET14 samlogon_cache: use a talloc_stackframe inside netsamlogon_cache_store. - - Guenther - - Signed-off-by: Günther Deschner gd@samba.org - Reviewed-by: Andreas Schneider asn@samba.org ---- - source3/libsmb/samlogon_cache.c | 13 ++++--------- - 1 file changed, 4 insertions(+), 9 deletions(-) - -diff --git a/source3/libsmb/samlogon_cache.c b/source3/libsmb/samlogon_cache.c -index 590c950..4281965 100644 ---- a/source3/libsmb/samlogon_cache.c -+++ b/source3/libsmb/samlogon_cache.c -@@ -132,7 +132,7 @@ bool netsamlogon_cache_store(const char *username, struct netr_SamInfo3 *info3) - bool result = false; - struct dom_sid user_sid; - time_t t = time(NULL); -- TALLOC_CTX *mem_ctx; -+ TALLOC_CTX *tmp_ctx = talloc_stackframe(); - DATA_BLOB blob; - enum ndr_err_code ndr_err; - struct netsamlogoncache_entry r; -@@ -156,11 +156,6 @@ bool netsamlogon_cache_store(const char *username, struct netr_SamInfo3 *info3) - - /* Prepare data */ - -- if (!(mem_ctx = TALLOC_P( NULL, int))) { -- DEBUG(0,("netsamlogon_cache_store: talloc() failed!\n")); -- return false; -- } -- - /* only Samba fills in the username, not sure why NT doesn't */ - /* so we fill it in since winbindd_getpwnam() makes use of it */ - -@@ -175,11 +170,11 @@ bool netsamlogon_cache_store(const char *username, struct netr_SamInfo3 *info3) - NDR_PRINT_DEBUG(netsamlogoncache_entry, &r); - } - -- ndr_err = ndr_push_struct_blob(&blob, mem_ctx, &r, -+ ndr_err = ndr_push_struct_blob(&blob, tmp_ctx, &r, - (ndr_push_flags_fn_t)ndr_push_netsamlogoncache_entry); - if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { - DEBUG(0,("netsamlogon_cache_store: failed to push entry to cache\n")); -- TALLOC_FREE(mem_ctx); -+ TALLOC_FREE(tmp_ctx); - return false; - } - -@@ -190,7 +185,7 @@ bool netsamlogon_cache_store(const char *username, struct netr_SamInfo3 *info3) - result = true; - } - -- TALLOC_FREE(mem_ctx); -+ TALLOC_FREE(tmp_ctx); - - return result; - } -commit f89b793bd672a66f5e75ade33467f6621545f0d4 -Author: Andreas Schneider asn@samba.org -AuthorDate: Thu Jul 3 16:17:46 2014 +0200 -Commit: Andreas Schneider asn@samba.org -CommitDate: Tue Jul 15 15:25:32 2014 +0200 - - PATCHSET14 samlogon_cache: avoid overwriting info3->base.full_name.string. - - This field servers as a source for the gecos field. We should not overwrite it - when a info3 struct from a samlogon network level gets saved in which case this - field is always NULL. - - BUG: https://bugzilla.samba.org/show_bug.cgi?id=10440 - - Signed-off-by: Andreas Schneider asn@samba.org - Reviewed-by: Guenther Deschner gd@samba.org ---- - source3/libsmb/samlogon_cache.c | 14 ++++++++++++++ - 1 file changed, 14 insertions(+) - -diff --git a/source3/libsmb/samlogon_cache.c b/source3/libsmb/samlogon_cache.c -index 4281965..8a3dbd2 100644 ---- a/source3/libsmb/samlogon_cache.c -+++ b/source3/libsmb/samlogon_cache.c -@@ -156,6 +156,20 @@ bool netsamlogon_cache_store(const char *username, struct netr_SamInfo3 *info3) - - /* Prepare data */ - -+ if (info3->base.full_name.string == NULL) { -+ struct netr_SamInfo3 *cached_info3; -+ const char *full_name = NULL; -+ -+ cached_info3 = netsamlogon_cache_get(tmp_ctx, &user_sid); -+ if (cached_info3 != NULL) { -+ full_name = cached_info3->base.full_name.string; -+ } -+ -+ if (full_name != NULL) { -+ info3->base.full_name.string = talloc_strdup(info3, full_name); -+ } -+ } -+ - /* only Samba fills in the username, not sure why NT doesn't */ - /* so we fill it in since winbindd_getpwnam() makes use of it */ - -commit 8fcaeecf174a1c9088c84f271e2859f75e9a5101 -Author: Andreas Schneider asn@samba.org -AuthorDate: Thu Jul 3 16:19:42 2014 +0200 -Commit: Andreas Schneider asn@samba.org -CommitDate: Tue Jul 15 15:25:33 2014 +0200 - - PATCHSET14 s3-winbind: Don't set the gecos field to NULL. - - The value is loaded from the cache anyway. So it will be set to NULL if - it is not available. - - BUG: https://bugzilla.samba.org/show_bug.cgi?id=10440 - - Signed-off-by: Andreas Schneider asn@samba.org - Reviewed-by: Guenther Deschner gd@samba.org ---- - source3/winbindd/nss_info_template.c | 1 - - 1 file changed, 1 deletion(-) - -diff --git a/source3/winbindd/nss_info_template.c b/source3/winbindd/nss_info_template.c -index 5fdfd9b..de93803 100644 ---- a/source3/winbindd/nss_info_template.c -+++ b/source3/winbindd/nss_info_template.c -@@ -48,7 +48,6 @@ static NTSTATUS nss_template_get_info( struct nss_domain_entry *e, - username */ - *homedir = talloc_strdup( ctx, lp_template_homedir() ); - *shell = talloc_strdup( ctx, lp_template_shell() ); -- *gecos = NULL; - - if ( !*homedir || !*shell ) { - return NT_STATUS_NO_MEMORY; -commit d32503872aec4fca41056b2d9d9bbb6b15ce9701 -Author: Günther Deschner gd@samba.org -AuthorDate: Tue Jul 15 16:21:08 2014 +0200 -Commit: Andreas Schneider asn@samba.org -CommitDate: Tue Jul 15 16:24:59 2014 +0200 - - PATCHSET14 s3-rpc_client: add rpccli_netlogon_sam_logon_ex(). - - This function deals with interactive samlogon and does a dcerpc_netr_SamLogonEx - call (w/o credential chaining). - - Guenther - - Signed-off-by: Günther Deschner gd@samba.org ---- - source3/rpc_client/cli_netlogon.c | 152 ++++++++++++++++++++++++++++++++++++++ - source3/rpc_client/cli_netlogon.h | 10 +++ - 2 files changed, 162 insertions(+) - -diff --git a/source3/rpc_client/cli_netlogon.c b/source3/rpc_client/cli_netlogon.c -index 9454226..0290944 100644 ---- a/source3/rpc_client/cli_netlogon.c -+++ b/source3/rpc_client/cli_netlogon.c -@@ -360,6 +360,158 @@ NTSTATUS rpccli_netlogon_sam_logon(struct rpc_pipe_client *cli, - return result; - } - -+/* Logon domain user */ -+ -+NTSTATUS rpccli_netlogon_sam_logon_ex(struct rpc_pipe_client *cli, -+ TALLOC_CTX *mem_ctx, -+ uint32 logon_parameters, -+ const char *domain, -+ const char *username, -+ const char *password, -+ const char *workstation, -+ uint16_t validation_level, -+ int logon_type, -+ struct netr_SamInfo3 **info3) -+{ -+ NTSTATUS result = NT_STATUS_UNSUCCESSFUL; -+ NTSTATUS status; -+ struct netr_Authenticator ret_creds; -+ union netr_LogonLevel *logon; -+ union netr_Validation validation; -+ uint8_t authoritative; -+ fstring clnt_name_slash; -+ struct dcerpc_binding_handle *b = cli->binding_handle; -+ uint32_t flags = 0; -+ -+ ZERO_STRUCT(ret_creds); -+ -+ logon = TALLOC_ZERO_P(mem_ctx, union netr_LogonLevel); -+ if (!logon) { -+ return NT_STATUS_NO_MEMORY; -+ } -+ -+ if (workstation) { -+ fstr_sprintf( clnt_name_slash, "\\%s", workstation ); -+ } else { -+ fstr_sprintf( clnt_name_slash, "\\%s", global_myname() ); -+ } -+ -+ /* Initialise input parameters */ -+ -+ switch (logon_type) { -+ case NetlogonInteractiveInformation: { -+ -+ struct netr_PasswordInfo *password_info; -+ -+ struct samr_Password lmpassword; -+ struct samr_Password ntpassword; -+ -+ password_info = TALLOC_ZERO_P(mem_ctx, struct netr_PasswordInfo); -+ if (!password_info) { -+ return NT_STATUS_NO_MEMORY; -+ } -+ -+ nt_lm_owf_gen(password, ntpassword.hash, lmpassword.hash); -+ -+ if (cli->dc->negotiate_flags & NETLOGON_NEG_ARCFOUR) { -+ netlogon_creds_arcfour_crypt(cli->dc, lmpassword.hash, 16); -+ netlogon_creds_arcfour_crypt(cli->dc, ntpassword.hash, 16); -+ } else { -+ netlogon_creds_des_encrypt(cli->dc, &lmpassword); -+ netlogon_creds_des_encrypt(cli->dc, &ntpassword); -+ } -+ -+ password_info->identity_info.domain_name.string = domain; -+ password_info->identity_info.parameter_control = logon_parameters; -+ password_info->identity_info.logon_id_low = 0xdead; -+ password_info->identity_info.logon_id_high = 0xbeef; -+ password_info->identity_info.account_name.string = username; -+ password_info->identity_info.workstation.string = clnt_name_slash; -+ -+ password_info->lmpassword = lmpassword; -+ password_info->ntpassword = ntpassword; -+ -+ logon->password = password_info; -+ -+ break; -+ } -+ case NetlogonNetworkInformation: { -+ struct netr_NetworkInfo *network_info; -+ uint8 chal[8]; -+ unsigned char local_lm_response[24]; -+ unsigned char local_nt_response[24]; -+ struct netr_ChallengeResponse lm; -+ struct netr_ChallengeResponse nt; -+ -+ ZERO_STRUCT(lm); -+ ZERO_STRUCT(nt); -+ -+ network_info = TALLOC_ZERO_P(mem_ctx, struct netr_NetworkInfo); -+ if (!network_info) { -+ return NT_STATUS_NO_MEMORY; -+ } -+ -+ generate_random_buffer(chal, 8); -+ -+ SMBencrypt(password, chal, local_lm_response); -+ SMBNTencrypt(password, chal, local_nt_response); -+ -+ lm.length = 24; -+ lm.data = local_lm_response; -+ -+ nt.length = 24; -+ nt.data = local_nt_response; -+ -+ network_info->identity_info.domain_name.string = domain; -+ network_info->identity_info.parameter_control = logon_parameters; -+ network_info->identity_info.logon_id_low = 0xdead; -+ network_info->identity_info.logon_id_high = 0xbeef; -+ network_info->identity_info.account_name.string = username; -+ network_info->identity_info.workstation.string = clnt_name_slash; -+ -+ memcpy(network_info->challenge, chal, 8); -+ network_info->nt = nt; -+ network_info->lm = lm; -+ -+ logon->network = network_info; -+ -+ break; -+ } -+ default: -+ DEBUG(0, ("switch value %d not supported\n", -+ logon_type)); -+ return NT_STATUS_INVALID_INFO_CLASS; -+ } -+ -+ status = dcerpc_netr_LogonSamLogonEx(b, mem_ctx, -+ cli->srv_name_slash, -+ global_myname(), -+ logon_type, -+ logon, -+ validation_level, -+ &validation, -+ &authoritative, -+ &flags, -+ &result); -+ if (!NT_STATUS_IS_OK(status)) { -+ return status; -+ } -+ -+ if (!NT_STATUS_IS_OK(result)) { -+ return result; -+ } -+ -+ netlogon_creds_decrypt_samlogon(cli->dc, validation_level, &validation); -+ -+ result = map_validation_to_info3(mem_ctx, validation_level, &validation, info3); -+ if (!NT_STATUS_IS_OK(result)) { -+ return result; -+ } -+ -+ return result; -+} -+ -+ - /** - * Logon domain user with an 'network' SAM logon - * -diff --git a/source3/rpc_client/cli_netlogon.h b/source3/rpc_client/cli_netlogon.h -index 9c6cbc8..3763843 100644 ---- a/source3/rpc_client/cli_netlogon.h -+++ b/source3/rpc_client/cli_netlogon.h -@@ -43,6 +43,16 @@ NTSTATUS rpccli_netlogon_sam_logon(struct rpc_pipe_client *cli, - uint16_t validation_level, - int logon_type, - struct netr_SamInfo3 **info3); -+NTSTATUS rpccli_netlogon_sam_logon_ex(struct rpc_pipe_client *cli, -+ TALLOC_CTX *mem_ctx, -+ uint32 logon_parameters, -+ const char *domain, -+ const char *username, -+ const char *password, -+ const char *workstation, -+ uint16_t validation_level, -+ int logon_type, -+ struct netr_SamInfo3 **info3); - NTSTATUS rpccli_netlogon_sam_network_logon(struct rpc_pipe_client *cli, - TALLOC_CTX *mem_ctx, - uint32 logon_parameters, -commit f39f18e062207427ea436c85a7c721629a38bc0d -Author: Günther Deschner gd@samba.org -AuthorDate: Tue Jul 15 16:22:15 2014 +0200 -Commit: Andreas Schneider asn@samba.org -CommitDate: Tue Jul 15 16:25:04 2014 +0200 - - PATCHSET14 s3-winbindd: prefer to do a rpccli_netlogon_sam_logon_ex if we can. - - Guenther - - Signed-off-by: Günther Deschner gd@samba.org ---- - source3/winbindd/winbindd_pam.c | 36 +++++++++++++++++++++++++----------- - 1 file changed, 25 insertions(+), 11 deletions(-) - -diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winbindd_pam.c -index 86b352e..e838ac6 100644 ---- a/source3/winbindd/winbindd_pam.c -+++ b/source3/winbindd/winbindd_pam.c -@@ -1272,17 +1272,31 @@ static NTSTATUS winbind_samlogon_retry_loop(struct winbindd_domain *domain, - } - - if (interactive && username != NULL && password != NULL) { -- result = rpccli_netlogon_sam_logon( -- netlogon_pipe, -- mem_ctx, -- logon_parameters, -- domainname, -- username, -- password, -- workstation, -- 3, /* FIXME */ -- NetlogonInteractiveInformation, -- info3); -+ if (domain->can_do_samlogon_ex && domain->can_do_validation6) { -+ result = rpccli_netlogon_sam_logon_ex( -+ netlogon_pipe, -+ mem_ctx, -+ logon_parameters, -+ domainname, -+ username, -+ password, -+ workstation, -+ 6, -+ NetlogonInteractiveInformation, -+ info3); -+ } else { -+ result = rpccli_netlogon_sam_logon( -+ netlogon_pipe, -+ mem_ctx, -+ logon_parameters, -+ domainname, -+ username, -+ password, -+ workstation, -+ domain->can_do_validation6 ? 6 : 3, -+ NetlogonInteractiveInformation, -+ info3); -+ } - } else if (domain->can_do_samlogon_ex && domain->can_do_validation6) { - result = rpccli_netlogon_sam_network_logon_ex( - netlogon_pipe, -From fa58aff691268b021ba4dde1eb580d0387b917e1 Mon Sep 17 00:00:00 2001 -From: Andreas Schneider asn@samba.org -Date: Wed, 20 Aug 2014 15:51:21 +0200 -Subject: [PATCH] PATCHSET14: Reset netlogon pipe for interactive samlogon_ex. - ---- - source3/winbindd/winbindd_pam.c | 12 ++++++++++++ - 1 file changed, 12 insertions(+) - -diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winbindd_pam.c -index e838ac6..5316232 100644 ---- a/source3/winbindd/winbindd_pam.c -+++ b/source3/winbindd/winbindd_pam.c -@@ -1297,6 +1297,18 @@ static NTSTATUS winbind_samlogon_retry_loop(struct winbindd_domain *domain, - NetlogonInteractiveInformation, - info3); - } -+ -+ if (NT_STATUS_EQUAL(result, NT_STATUS_WRONG_PASSWORD)) { -+ /* -+ * HACK: This is a 3.6 hack that we get a new -+ * session_key to do a successfuly interactive -+ * logon -+ */ -+ TALLOC_FREE(domain->conn.netlogon_pipe); -+ attempts += 1; -+ retry = true; -+ continue; -+ } - } else if (domain->can_do_samlogon_ex && domain->can_do_validation6) { - result = rpccli_netlogon_sam_network_logon_ex( - netlogon_pipe, --- -1.9.3 - diff --git a/src/patches/samba/samba-3.6.99-fix_group_expansion_in_service_path.patch b/src/patches/samba/samba-3.6.99-fix_group_expansion_in_service_path.patch deleted file mode 100644 index 28661d7b2..000000000 --- a/src/patches/samba/samba-3.6.99-fix_group_expansion_in_service_path.patch +++ /dev/null @@ -1,46 +0,0 @@ -commit 1d5f14acc3bacb96f7b8b300b3aeccd793552122 -Author: Andreas Schneider asn@samba.org -AuthorDate: Wed Nov 27 17:21:01 2013 +0100 -Commit: Andreas Schneider asn@samba.org -CommitDate: Wed Feb 5 11:44:51 2014 +0100 - - s3-lib: Fix %G substitution for domain users in smbd - - BUG: https://bugzilla.samba.org/show_bug.cgi?id=10286 - Signed-off-by: Andreas Schneider asn@samba.org - Reviewed-by: Christian Ambach ambi@samba.org - - Autobuild-User(master): Christian Ambach ambi@samba.org - Autobuild-Date(master): Tue Dec 10 16:39:43 CET 2013 on sn-devel-104 - - (cherry picked from commit 8eef4ab79ec5fb7e96ad2f2ad6c9bf30db13a50d) ---- - source3/lib/substitute.c | 12 +++++++++++- - 1 file changed, 11 insertions(+), 1 deletion(-) - -diff --git a/source3/lib/substitute.c b/source3/lib/substitute.c -index 10beed7..5f72a5d 100644 ---- a/source3/lib/substitute.c -+++ b/source3/lib/substitute.c -@@ -605,10 +605,20 @@ static char *alloc_sub_basic(const char *smb_name, const char *domain_name, - break; - case 'G' : { - struct passwd *pass; -- r = talloc_strdup(tmp_ctx, smb_name); -+ -+ if (domain_name != NULL && domain_name[0] != '\0') { -+ r = talloc_asprintf(tmp_ctx, -+ "%s%c%s", -+ domain_name, -+ *lp_winbind_separator(), -+ smb_name); -+ } else { -+ r = talloc_strdup(tmp_ctx, smb_name); -+ } - if (r == NULL) { - goto error; - } -+ - pass = Get_Pwnam_alloc(tmp_ctx, r); - if (pass != NULL) { - a_string = realloc_string_sub( diff --git a/src/patches/samba/samba-3.6.99-fix_group_expansion_with_nss_templates.patch b/src/patches/samba/samba-3.6.99-fix_group_expansion_with_nss_templates.patch deleted file mode 100644 index 6d43f7c59..000000000 --- a/src/patches/samba/samba-3.6.99-fix_group_expansion_with_nss_templates.patch +++ /dev/null @@ -1,376 +0,0 @@ -commit 75989f1d0d3ec86bb2046511b962ad72119c750b -Author: Andreas Schneider asn@samba.org -AuthorDate: Mon Nov 18 14:58:04 2013 +0100 -Commit: Andreas Schneider asn@samba.org -CommitDate: Wed Feb 5 11:38:44 2014 +0100 - - s3-lib: Add grpname to talloc_sub_specified(). - - BUG: https://bugzilla.samba.org/show_bug.cgi?id=2191 ---- - source3/include/proto.h | 1 + - source3/lib/substitute.c | 31 +++++++++++++++++++++++++------ - source3/passdb/passdb.c | 8 ++++---- - source3/passdb/pdb_ldap.c | 24 +++++++++++++++++++++--- - source3/torture/torture.c | 2 +- - source3/utils/net_sam.c | 2 ++ - source3/winbindd/wb_fill_pwent.c | 4 ++-- - 7 files changed, 56 insertions(+), 16 deletions(-) - -diff --git a/source3/include/proto.h b/source3/include/proto.h -index 7303e76..db091ce 100644 ---- a/source3/include/proto.h -+++ b/source3/include/proto.h -@@ -365,6 +365,7 @@ char *talloc_sub_basic(TALLOC_CTX *mem_ctx, const char *smb_name, - char *talloc_sub_specified(TALLOC_CTX *mem_ctx, - const char *input_string, - const char *username, -+ const char *grpname, - const char *domain, - uid_t uid, - gid_t gid); -diff --git a/source3/lib/substitute.c b/source3/lib/substitute.c -index 68328e5..10beed7 100644 ---- a/source3/lib/substitute.c -+++ b/source3/lib/substitute.c -@@ -722,6 +722,7 @@ done: - char *talloc_sub_specified(TALLOC_CTX *mem_ctx, - const char *input_string, - const char *username, -+ const char *grpname, - const char *domain, - uid_t uid, - gid_t gid) -@@ -757,9 +758,18 @@ char *talloc_sub_specified(TALLOC_CTX *mem_ctx, - break; - case 'G' : - if (gid != -1) { -- a_string = talloc_string_sub( -- tmp_ctx, a_string, "%G", -- gidtoname(gid)); -+ const char *name; -+ -+ if (grpname != NULL) { -+ name = grpname; -+ } else { -+ name = gidtoname(gid); -+ } -+ -+ a_string = talloc_string_sub(tmp_ctx, -+ a_string, -+ "%G", -+ name); - } else { - a_string = talloc_string_sub( - tmp_ctx, a_string, -@@ -768,9 +778,18 @@ char *talloc_sub_specified(TALLOC_CTX *mem_ctx, - break; - case 'g' : - if (gid != -1) { -- a_string = talloc_string_sub( -- tmp_ctx, a_string, "%g", -- gidtoname(gid)); -+ const char *name; -+ -+ if (grpname != NULL) { -+ name = grpname; -+ } else { -+ name = gidtoname(gid); -+ } -+ -+ a_string = talloc_string_sub(tmp_ctx, -+ a_string, -+ "%g", -+ name); - } else { - a_string = talloc_string_sub( - tmp_ctx, a_string, "%g", "NO_GROUP"); -diff --git a/source3/passdb/passdb.c b/source3/passdb/passdb.c -index 52c1129..493a694 100644 ---- a/source3/passdb/passdb.c -+++ b/source3/passdb/passdb.c -@@ -228,16 +228,16 @@ static NTSTATUS samu_set_unix_internal(struct samu *user, const struct passwd *p - /* set some basic attributes */ - - pdb_set_profile_path(user, talloc_sub_specified(user, -- lp_logon_path(), pwd->pw_name, domain, pwd->pw_uid, pwd->pw_gid), -+ lp_logon_path(), pwd->pw_name, NULL, domain, pwd->pw_uid, pwd->pw_gid), - PDB_DEFAULT); - pdb_set_homedir(user, talloc_sub_specified(user, -- lp_logon_home(), pwd->pw_name, domain, pwd->pw_uid, pwd->pw_gid), -+ lp_logon_home(), pwd->pw_name, NULL, domain, pwd->pw_uid, pwd->pw_gid), - PDB_DEFAULT); - pdb_set_dir_drive(user, talloc_sub_specified(user, -- lp_logon_drive(), pwd->pw_name, domain, pwd->pw_uid, pwd->pw_gid), -+ lp_logon_drive(), pwd->pw_name, NULL, domain, pwd->pw_uid, pwd->pw_gid), - PDB_DEFAULT); - pdb_set_logon_script(user, talloc_sub_specified(user, -- lp_logon_script(), pwd->pw_name, domain, pwd->pw_uid, pwd->pw_gid), -+ lp_logon_script(), pwd->pw_name, NULL, domain, pwd->pw_uid, pwd->pw_gid), - PDB_DEFAULT); - } - -diff --git a/source3/passdb/pdb_ldap.c b/source3/passdb/pdb_ldap.c -index 9316f40..1665641 100644 ---- a/source3/passdb/pdb_ldap.c -+++ b/source3/passdb/pdb_ldap.c -@@ -5399,11 +5399,29 @@ static NTSTATUS ldapsam_create_user(struct pdb_methods *my_methods, - - if (is_machine) { - /* TODO: choose a more appropriate default for machines */ -- homedir = talloc_sub_specified(tmp_ctx, lp_template_homedir(), "SMB_workstations_home", ldap_state->domain_name, uid, gid); -+ homedir = talloc_sub_specified(tmp_ctx, -+ lp_template_homedir(), -+ "SMB_workstations_home", -+ NULL, -+ ldap_state->domain_name, -+ uid, -+ gid); - shell = talloc_strdup(tmp_ctx, "/bin/false"); - } else { -- homedir = talloc_sub_specified(tmp_ctx, lp_template_homedir(), name, ldap_state->domain_name, uid, gid); -- shell = talloc_sub_specified(tmp_ctx, lp_template_shell(), name, ldap_state->domain_name, uid, gid); -+ homedir = talloc_sub_specified(tmp_ctx, -+ lp_template_homedir(), -+ name, -+ NULL, -+ ldap_state->domain_name, -+ uid, -+ gid); -+ shell = talloc_sub_specified(tmp_ctx, -+ lp_template_shell(), -+ name, -+ NULL, -+ ldap_state->domain_name, -+ uid, -+ gid); - } - uidstr = talloc_asprintf(tmp_ctx, "%u", (unsigned int)uid); - gidstr = talloc_asprintf(tmp_ctx, "%u", (unsigned int)gid); -diff --git a/source3/torture/torture.c b/source3/torture/torture.c -index d37d83c..def177b 100644 ---- a/source3/torture/torture.c -+++ b/source3/torture/torture.c -@@ -5976,7 +5976,7 @@ static bool subst_test(const char *str, const char *user, const char *domain, - char *subst; - bool result = true; - -- subst = talloc_sub_specified(talloc_tos(), str, user, domain, uid, gid); -+ subst = talloc_sub_specified(talloc_tos(), str, user, NULL, domain, uid, gid); - - if (strcmp(subst, expected) != 0) { - printf("sub_specified(%s, %s, %s, %d, %d) returned [%s], expected " -diff --git a/source3/utils/net_sam.c b/source3/utils/net_sam.c -index 0ff7c55..b49bb73 100644 ---- a/source3/utils/net_sam.c -+++ b/source3/utils/net_sam.c -@@ -1847,10 +1847,12 @@ doma_done: - gidstr = talloc_asprintf(tc, "%u", (unsigned int)domadmins_gid); - dir = talloc_sub_specified(tc, lp_template_homedir(), - "Administrator", -+ NULL, - get_global_sam_name(), - uid, domadmins_gid); - shell = talloc_sub_specified(tc, lp_template_shell(), - "Administrator", -+ NULL, - get_global_sam_name(), - uid, domadmins_gid); - -diff --git a/source3/winbindd/wb_fill_pwent.c b/source3/winbindd/wb_fill_pwent.c -index 8f09480..4d94a31 100644 ---- a/source3/winbindd/wb_fill_pwent.c -+++ b/source3/winbindd/wb_fill_pwent.c -@@ -181,11 +181,11 @@ static bool fillup_pw_field(const char *lp_template, - - if ((in != NULL) && (in[0] != '\0') && (lp_security() == SEC_ADS)) { - templ = talloc_sub_specified(talloc_tos(), in, -- username, domname, -+ username, NULL, domname, - uid, gid); - } else { - templ = talloc_sub_specified(talloc_tos(), lp_template, -- username, domname, -+ username, NULL, domname, - uid, gid); - } - -commit 5faa0adf0a8c450897d7a61d348a600f889e5bef -Author: Andreas Schneider asn@samba.org -AuthorDate: Mon Nov 18 14:58:14 2013 +0100 -Commit: Andreas Schneider asn@samba.org -CommitDate: Wed Feb 5 11:43:17 2014 +0100 - - s3-winbind: Pass the group name to fillup_pw_field(). - - BUG: https://bugzilla.samba.org/show_bug.cgi?id=2191 ---- - source3/winbindd/wb_fill_pwent.c | 58 +++++++++++++++++++++++++++++----------- - 1 file changed, 42 insertions(+), 16 deletions(-) - -diff --git a/source3/winbindd/wb_fill_pwent.c b/source3/winbindd/wb_fill_pwent.c -index 4d94a31..878c5ad 100644 ---- a/source3/winbindd/wb_fill_pwent.c -+++ b/source3/winbindd/wb_fill_pwent.c -@@ -29,6 +29,7 @@ struct wb_fill_pwent_state { - - static bool fillup_pw_field(const char *lp_template, - const char *username, -+ const char *grpname, - const char *domname, - uid_t uid, - gid_t gid, -@@ -36,7 +37,7 @@ static bool fillup_pw_field(const char *lp_template, - fstring out); - - static void wb_fill_pwent_sid2uid_done(struct tevent_req *subreq); --static void wb_fill_pwent_sid2gid_done(struct tevent_req *subreq); -+static void wb_fill_pwent_getgrsid_done(struct tevent_req *subreq); - - struct tevent_req *wb_fill_pwent_send(TALLOC_CTX *mem_ctx, - struct tevent_context *ev, -@@ -76,33 +77,44 @@ static void wb_fill_pwent_sid2uid_done(struct tevent_req *subreq) - return; - } - -- subreq = wb_sid2gid_send(state, state->ev, &state->info->group_sid); -+ subreq = wb_getgrsid_send(state, state->ev, &state->info->group_sid, 1); - if (tevent_req_nomem(subreq, req)) { - return; - } -- tevent_req_set_callback(subreq, wb_fill_pwent_sid2gid_done, req); -+ tevent_req_set_callback(subreq, wb_fill_pwent_getgrsid_done, req); - } - --static void wb_fill_pwent_sid2gid_done(struct tevent_req *subreq) -+static void wb_fill_pwent_getgrsid_done(struct tevent_req *subreq) - { - struct tevent_req *req = tevent_req_callback_data( - subreq, struct tevent_req); - struct wb_fill_pwent_state *state = tevent_req_data( - req, struct wb_fill_pwent_state); - struct winbindd_domain *domain; -- char *dom_name; -+ const char *dom_name; -+ const char *grp_name; - fstring user_name, output_username; - char *mapped_name = NULL; -+ struct talloc_dict *members; -+ TALLOC_CTX *tmp_ctx = talloc_stackframe(); - NTSTATUS status; -- -- status = wb_sid2gid_recv(subreq, &state->pw->pw_gid); -+ bool ok; -+ -+ status = wb_getgrsid_recv(subreq, -+ tmp_ctx, -+ &dom_name, -+ &grp_name, -+ &state->pw->pw_gid, -+ &members); - TALLOC_FREE(subreq); - if (tevent_req_nterror(req, status)) { -+ talloc_free(tmp_ctx); - return; - } - - domain = find_domain_from_sid_noinit(&state->info->user_sid); - if (domain == NULL) { -+ talloc_free(tmp_ctx); - tevent_req_nterror(req, NT_STATUS_NO_SUCH_USER); - return; - } -@@ -133,17 +145,30 @@ static void wb_fill_pwent_sid2gid_done(struct tevent_req *subreq) - fstrcpy(state->pw->pw_gecos, state->info->full_name); - - /* Home directory and shell */ -- -- if (!fillup_pw_field(lp_template_homedir(), user_name, dom_name, -- state->pw->pw_uid, state->pw->pw_gid, -- state->info->homedir, state->pw->pw_dir)) { -+ ok = fillup_pw_field(lp_template_homedir(), -+ user_name, -+ grp_name, -+ dom_name, -+ state->pw->pw_uid, -+ state->pw->pw_gid, -+ state->info->homedir, -+ state->pw->pw_dir); -+ if (!ok) { -+ talloc_free(tmp_ctx); - tevent_req_nterror(req, NT_STATUS_NO_SUCH_USER); - return; - } - -- if (!fillup_pw_field(lp_template_shell(), user_name, dom_name, -- state->pw->pw_uid, state->pw->pw_gid, -- state->info->shell, state->pw->pw_shell)) { -+ ok = fillup_pw_field(lp_template_shell(), -+ user_name, -+ grp_name, -+ dom_name, -+ state->pw->pw_uid, -+ state->pw->pw_gid, -+ state->info->shell, -+ state->pw->pw_shell); -+ talloc_free(tmp_ctx); -+ if (!ok) { - tevent_req_nterror(req, NT_STATUS_NO_SUCH_USER); - return; - } -@@ -162,6 +187,7 @@ NTSTATUS wb_fill_pwent_recv(struct tevent_req *req) - - static bool fillup_pw_field(const char *lp_template, - const char *username, -+ const char *grpname, - const char *domname, - uid_t uid, - gid_t gid, -@@ -181,11 +207,11 @@ static bool fillup_pw_field(const char *lp_template, - - if ((in != NULL) && (in[0] != '\0') && (lp_security() == SEC_ADS)) { - templ = talloc_sub_specified(talloc_tos(), in, -- username, NULL, domname, -+ username, grpname, domname, - uid, gid); - } else { - templ = talloc_sub_specified(talloc_tos(), lp_template, -- username, NULL, domname, -+ username, grpname, domname, - uid, gid); - } - -commit db176c22f4f3e4c4f38288144d63822c3c191419 -Author: Volker Lendecke vl@samba.org -AuthorDate: Thu Jan 16 16:10:25 2014 +0100 -Commit: Andreas Schneider asn@samba.org -CommitDate: Wed Feb 5 11:44:15 2014 +0100 - - s3-winbind: Improve performance of wb_fill_pwent_sid2uid_done(). - - BUG: https://bugzilla.samba.org/show_bug.cgi?id=2191 - - Signed-off-by: Volker Lendecke vl@samba.org - Reviewed-by: Andreas Schneider asn@samba.org - - Autobuild-User(master): Andreas Schneider asn@cryptomilk.org - Autobuild-Date(master): Thu Jan 16 20:17:24 CET 2014 on sn-devel-104 - - (cherry picked from commit 1a43778433934530d77791edd1af538de8b1d8a3) ---- - source3/winbindd/wb_fill_pwent.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/source3/winbindd/wb_fill_pwent.c b/source3/winbindd/wb_fill_pwent.c -index 878c5ad..9634317 100644 ---- a/source3/winbindd/wb_fill_pwent.c -+++ b/source3/winbindd/wb_fill_pwent.c -@@ -77,7 +77,7 @@ static void wb_fill_pwent_sid2uid_done(struct tevent_req *subreq) - return; - } - -- subreq = wb_getgrsid_send(state, state->ev, &state->info->group_sid, 1); -+ subreq = wb_getgrsid_send(state, state->ev, &state->info->group_sid, 0); - if (tevent_req_nomem(subreq, req)) { - return; - } diff --git a/src/patches/samba/samba-3.6.99-fix_keytab_null_termination.patch b/src/patches/samba/samba-3.6.99-fix_keytab_null_termination.patch deleted file mode 100644 index 6c78b23e1..000000000 --- a/src/patches/samba/samba-3.6.99-fix_keytab_null_termination.patch +++ /dev/null @@ -1,37 +0,0 @@ -From e56b5bf5eddfa89ae948dc7bb154dfc6154199a6 Mon Sep 17 00:00:00 2001 -From: Matt Rogers mrogers@redhat.com -Date: Wed, 12 Nov 2014 17:21:05 +0100 -Subject: [PATCH] PATCHSET17: s3-keytab: fix keytab array NULL termination. - -Signed-off-by: Matt Rogers mrogers@redhat.com -Reviewed-by: Guenther Deschner gd@samba.org -Reviewed-by: Jeremy Allison jra@samba.org -(cherry picked from commit 0de6799996955fbf8e19ace8c4b7b61f5a262cb5) -Signed-off-by: Andreas Schneider asn@cryptomilk.org ---- - source3/libads/kerberos_keytab.c | 3 +-- - 1 file changed, 1 insertion(+), 2 deletions(-) - -diff --git a/source3/libads/kerberos_keytab.c b/source3/libads/kerberos_keytab.c -index badce3e..1033842 100644 ---- a/source3/libads/kerberos_keytab.c -+++ b/source3/libads/kerberos_keytab.c -@@ -629,14 +629,13 @@ int ads_keytab_create_default(ADS_STRUCT *ads) - goto done; - } - -- oldEntries = talloc_array(tmpctx, char *, found); -+ oldEntries = talloc_zero_array(tmpctx, char *, found + 1); - if (!oldEntries) { - DEBUG(1, (__location__ ": Failed to allocate space to store " - "the old keytab entries (talloc failed?).\n")); - ret = -1; - goto done; - } -- memset(oldEntries, '\0', found * sizeof(char *)); - - ret = krb5_kt_start_seq_get(context, keytab, &cursor); - if (ret == KRB5_KT_END || ret == ENOENT) { --- -2.1.0 - diff --git a/src/patches/samba/samba-3.6.99-fix_lookups_with_one_way_trusts.patch b/src/patches/samba/samba-3.6.99-fix_lookups_with_one_way_trusts.patch deleted file mode 100644 index c42548972..000000000 --- a/src/patches/samba/samba-3.6.99-fix_lookups_with_one_way_trusts.patch +++ /dev/null @@ -1,37 +0,0 @@ -commit afcc7e5ef289d25c19c7ac881ce505ec910fde7c -Author: Gregor Beck gbeck@sernet.de -AuthorDate: Thu Feb 20 11:25:53 2014 +0100 -Commit: Andreas Schneider asn@samba.org -CommitDate: Mon Mar 3 16:49:42 2014 +0100 - - s3:winbindd: avoid directly asking a trusted domain in wb_lookupsids*() - - As a domain member we should always use a DC of our own domain. - - It would be possible to pass all sids in one single dcerpc_wbint_LookupSids() - call. For now we just fix bug. - - Pair-Programmed-With: Stefan Metzmacher metze@samba.org - - Bug: https://bugzilla.samba.org/show_bug.cgi?id=10458 - Signed-off-by: Gregor Beck gbeck@sernet.de - Signed-off-by: Stefan Metzmacher metze@samba.org - Reviewed-by: Andreas Schneider asn@samba.org - (cherry picked from commit 66fb0ce9557553a4c01607b517e65ac4c93841d0) ---- - source3/winbindd/wb_lookupsids.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/source3/winbindd/wb_lookupsids.c b/source3/winbindd/wb_lookupsids.c -index 2fd735d..1bfdba8 100644 ---- a/source3/winbindd/wb_lookupsids.c -+++ b/source3/winbindd/wb_lookupsids.c -@@ -320,7 +320,7 @@ static struct wb_lookupsids_domain *wb_lookupsids_get_domain( - } - } - -- wb_domain = find_domain_from_sid_noinit(sid); -+ wb_domain = find_lookup_domain_from_sid(sid); - if (wb_domain == NULL) { - return NULL; - } diff --git a/src/patches/samba/samba-3.6.99-fix_mangling_hash_segfault.patch b/src/patches/samba/samba-3.6.99-fix_mangling_hash_segfault.patch deleted file mode 100644 index ce19a972c..000000000 --- a/src/patches/samba/samba-3.6.99-fix_mangling_hash_segfault.patch +++ /dev/null @@ -1,38 +0,0 @@ -From 9f974a391260e95340f08091fdbc822845eae160 Mon Sep 17 00:00:00 2001 -From: Volker Lendecke vl@samba.org -Date: Tue, 19 Aug 2014 14:32:15 +0000 -Subject: [PATCH] PATCHSET29: smbd: Properly initialize mangle_hash - -[Bug 10782] mangle_hash() can fail to initialize charset (smbd crash). - -https://bugzilla.samba.org/show_bug.cgi?id=10782 - -Signed-off-by: Volker Lendecke vl@samba.org -Reviewed-by: Jeremy Allison jra@samba.org - -Autobuild-User(master): Jeremy Allison jra@samba.org -Autobuild-Date(master): Tue Aug 26 01:30:38 CEST 2014 on sn-devel-104 - -(cherry picked from commit e914c2c52db7ecf3bb2a3860820c5cfe8812696e) ---- - source3/smbd/mangle_hash.c | 4 ++++ - 1 file changed, 4 insertions(+) - -diff --git a/source3/smbd/mangle_hash.c b/source3/smbd/mangle_hash.c -index bafcd03..35a098f 100644 ---- a/source3/smbd/mangle_hash.c -+++ b/source3/smbd/mangle_hash.c -@@ -706,6 +706,10 @@ const struct mangle_fns *mangle_hash_init(void) - { - mangle_reset(); - -+ if (chartest == NULL) { -+ init_chartest(); -+ } -+ - /* Create the in-memory tdb using our custom hash function. */ - tdb_mangled_cache = tdb_open_ex("mangled_cache", 1031, TDB_INTERNAL, - (O_RDWR|O_CREAT), 0644, NULL, fast_string_hash); --- -2.5.0 - diff --git a/src/patches/samba/samba-3.6.99-fix_map_to_guest_bad_uid.patch b/src/patches/samba/samba-3.6.99-fix_map_to_guest_bad_uid.patch deleted file mode 100644 index 3d5add11f..000000000 --- a/src/patches/samba/samba-3.6.99-fix_map_to_guest_bad_uid.patch +++ /dev/null @@ -1,76 +0,0 @@ -From c370237f44f91f98e4e5cce81fafeea442573bad Mon Sep 17 00:00:00 2001 -From: Andreas Schneider asn@samba.org -Date: Wed, 19 Aug 2015 16:24:08 +0200 -Subject: [PATCH 1/2] PATCHSET32: s3-auth: Pass nt_username to check_account() - -We set nt_username above but do not use it in this function. - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=9862 - -Signed-off-by: Andreas Schneider asn@samba.org -Reviewed-by: Guenther Deschner gd@samba.org -(cherry picked from commit e8c76932e4ac192a00afa3b9731f5921c4b37da6) ---- - source3/auth/auth_util.c | 9 ++++++--- - 1 file changed, 6 insertions(+), 3 deletions(-) - -diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c -index a548b7b..aa269d6 100644 ---- a/source3/auth/auth_util.c -+++ b/source3/auth/auth_util.c -@@ -1251,9 +1251,12 @@ NTSTATUS make_server_info_info3(TALLOC_CTX *mem_ctx, - - /* this call will try to create the user if necessary */ - -- nt_status = check_account(mem_ctx, nt_domain, sent_nt_username, -- &found_username, &pwd, -- &username_was_mapped); -+ nt_status = check_account(mem_ctx, -+ nt_domain, -+ nt_username, -+ &found_username, -+ &pwd, -+ &username_was_mapped); - - if (!NT_STATUS_IS_OK(nt_status)) { - return nt_status; --- -2.5.0 - - -From 1ab3cd252942b4fa5637d3f98b48ac3ba098de30 Mon Sep 17 00:00:00 2001 -From: Andreas Schneider asn@samba.org -Date: Wed, 19 Aug 2015 16:11:47 +0200 -Subject: [PATCH 2/2] PATCHSET32: s3-auth: Fix 'map to guest = Bad Uid' support - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=9862 - -Signed-off-by: Andreas Schneider asn@samba.org -Reviewed-by: Guenther Deschner gd@samba.org -(cherry picked from commit 34965d4d98d172e848e2b96fad8a9e0b99288ba7) ---- - source3/auth/auth_util.c | 8 ++++++++ - 1 file changed, 8 insertions(+) - -diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c -index aa269d6..cfda8b7 100644 ---- a/source3/auth/auth_util.c -+++ b/source3/auth/auth_util.c -@@ -1259,6 +1259,14 @@ NTSTATUS make_server_info_info3(TALLOC_CTX *mem_ctx, - &username_was_mapped); - - if (!NT_STATUS_IS_OK(nt_status)) { -+ /* Handle 'map to guest = Bad Uid */ -+ if (NT_STATUS_EQUAL(nt_status, NT_STATUS_NO_SUCH_USER) && -+ (lp_security() == SEC_ADS || lp_security() == SEC_DOMAIN) && -+ lp_map_to_guest() == MAP_TO_GUEST_ON_BAD_UID) { -+ DEBUG(2, ("Try to map %s to guest account\n", -+ nt_username)); -+ return make_server_info_guest(mem_ctx, server_info); -+ } - return nt_status; - } - --- -2.5.0 - diff --git a/src/patches/samba/samba-3.6.99-fix_member_auth_after_changed_secret.patch b/src/patches/samba/samba-3.6.99-fix_member_auth_after_changed_secret.patch deleted file mode 100644 index 819a4f501..000000000 --- a/src/patches/samba/samba-3.6.99-fix_member_auth_after_changed_secret.patch +++ /dev/null @@ -1,89 +0,0 @@ -From 51fbcb75007faddfbea29ef78a3857ba878a2327 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?G=C3=BCnther=20Deschner?= gd@samba.org -Date: Thu, 6 Dec 2012 14:54:25 +0100 -Subject: [PATCH] s3-rpc_server: Remove obsolete process_creds boolean in - samlogon server. -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Guenther - -Signed-off-by: Günther Deschner gd@samba.org -Reviewed-by: Stefan Metzmacher metze@samba.org - -(cherry picked from commit c1fb595081c2b0bf66bce06c09750f53e8031311) ---- - source3/rpc_server/netlogon/srv_netlog_nt.c | 27 +++------------------------ - 1 file changed, 3 insertions(+), 24 deletions(-) - -diff --git a/source3/rpc_server/netlogon/srv_netlog_nt.c b/source3/rpc_server/netlogon/srv_netlog_nt.c -index 8079b3a..d14d0ed 100644 ---- a/source3/rpc_server/netlogon/srv_netlog_nt.c -+++ b/source3/rpc_server/netlogon/srv_netlog_nt.c -@@ -1416,21 +1416,16 @@ static NTSTATUS _netr_LogonSamLogon_base(struct pipes_struct *p, - struct auth_usersupplied_info *user_info = NULL; - struct auth_serversupplied_info *server_info = NULL; - struct auth_context *auth_context = NULL; -- uint8_t pipe_session_key[16]; -- bool process_creds = true; - const char *fn; - - switch (p->opnum) { - case NDR_NETR_LOGONSAMLOGON: -- process_creds = true; - fn = "_netr_LogonSamLogon"; - break; - case NDR_NETR_LOGONSAMLOGONWITHFLAGS: -- process_creds = true; - fn = "_netr_LogonSamLogonWithFlags"; - break; - case NDR_NETR_LOGONSAMLOGONEX: -- process_creds = false; - fn = "_netr_LogonSamLogonEx"; - break; - default: -@@ -1621,29 +1616,13 @@ static NTSTATUS _netr_LogonSamLogon_base(struct pipes_struct *p, - the SAM Local Security Authority should record that the user is - logged in to the domain. */ - -- if (process_creds) { -- /* Get the pipe session key from the creds. */ -- memcpy(pipe_session_key, creds->session_key, 16); -- } else { -- struct schannel_state *schannel_auth; -- /* Get the pipe session key from the schannel. */ -- if ((p->auth.auth_type != DCERPC_AUTH_TYPE_SCHANNEL) -- || (p->auth.auth_ctx == NULL)) { -- return NT_STATUS_INVALID_HANDLE; -- } -- -- schannel_auth = talloc_get_type_abort(p->auth.auth_ctx, -- struct schannel_state); -- memcpy(pipe_session_key, schannel_auth->creds->session_key, 16); -- } -- - switch (r->in.validation_level) { - case 2: -- status = serverinfo_to_SamInfo2(server_info, pipe_session_key, 16, -+ status = serverinfo_to_SamInfo2(server_info, creds->session_key, 16, - r->out.validation->sam2); - break; - case 3: -- status = serverinfo_to_SamInfo3(server_info, pipe_session_key, 16, -+ status = serverinfo_to_SamInfo3(server_info, creds->session_key, 16, - r->out.validation->sam3); - break; - case 6: -@@ -1655,7 +1634,7 @@ static NTSTATUS _netr_LogonSamLogon_base(struct pipes_struct *p, - break; - } - -- status = serverinfo_to_SamInfo6(server_info, pipe_session_key, 16, -+ status = serverinfo_to_SamInfo6(server_info, creds->session_key, 16, - r->out.validation->sam6); - break; - } --- -2.9.3 - diff --git a/src/patches/samba/samba-3.6.99-fix_memleak_in_printer_list.patch b/src/patches/samba/samba-3.6.99-fix_memleak_in_printer_list.patch deleted file mode 100644 index 979809c3d..000000000 --- a/src/patches/samba/samba-3.6.99-fix_memleak_in_printer_list.patch +++ /dev/null @@ -1,34 +0,0 @@ -commit 5c6cbc0becb78f57dea333185a56ea782716c334 -Author: Jeremy Allison jra@samba.org -AuthorDate: Mon Feb 24 16:18:31 2014 -0800 -Commit: Andreas Schneider asn@samba.org -CommitDate: Fri Feb 28 17:17:49 2014 +0100 - - s3-printing: Fix obvious memory leak in printer_list_get_printer(). - - https://bugzilla.samba.org/show_bug.cgi?id=9993 - - Signed-off-by: Jeremy Allison jra@samba.org - Reviewed-by: Ira Cooper ira@samba.org - Reviewed-by: Andreas Schneider asn@samba.org - - Autobuild-User(master): Andreas Schneider asn@cryptomilk.org - Autobuild-Date(master): Tue Feb 25 13:19:37 CET 2014 on sn-devel-104 - - (cherry picked from commit 148bbdd8d04400b5d873f636671dd443952ca04f) ---- - source3/printing/printer_list.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/source3/printing/printer_list.c b/source3/printing/printer_list.c -index 8f196a5..603ce4b 100644 ---- a/source3/printing/printer_list.c -+++ b/source3/printing/printer_list.c -@@ -133,6 +133,7 @@ NTSTATUS printer_list_get_printer(TALLOC_CTX *mem_ctx, - done: - SAFE_FREE(nstr); - SAFE_FREE(cstr); -+ SAFE_FREE(lstr); - TALLOC_FREE(key); - return status; - } diff --git a/src/patches/samba/samba-3.6.99-fix_memleak_winbind_cached_creds.patch b/src/patches/samba/samba-3.6.99-fix_memleak_winbind_cached_creds.patch deleted file mode 100644 index 6de8a211d..000000000 --- a/src/patches/samba/samba-3.6.99-fix_memleak_winbind_cached_creds.patch +++ /dev/null @@ -1,46 +0,0 @@ -From cf53bff0e8482e35068d8e894af5634a0a9b1399 Mon Sep 17 00:00:00 2001 -From: Andreas Schneider asn@samba.org -Date: Wed, 29 Jun 2016 13:38:19 +0200 -Subject: [PATCH] s3-winbind: Fix memory leak with each cached credential login - -When we allow offline logon and have a lot of logins, windbind will leak -4k of memory which each log in. On systems with heavy load this can grow -quickly and the OOM killer will kill Winbind. - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=11999 - -Signed-off-by: Andreas Schneider asn@samba.org -Reviewed-by: Guenther Deschner gd@samba.org ---- - source3/winbindd/winbindd_cache.c | 8 ++++++-- - 1 file changed, 6 insertions(+), 2 deletions(-) - -diff --git a/source3/winbindd/winbindd_cache.c b/source3/winbindd/winbindd_cache.c -index 82c8087..2e983cd 100644 ---- a/source3/winbindd/winbindd_cache.c -+++ b/source3/winbindd/winbindd_cache.c -@@ -3415,7 +3415,7 @@ NTSTATUS wcache_remove_oldest_cached_creds(struct winbindd_domain *domain, const - struct winbind_cache *cache = get_cache(domain); - NTSTATUS status; - int ret; -- struct cred_list *cred, *oldest = NULL; -+ struct cred_list *cred, *next, *oldest = NULL; - - if (!cache->tdb) { - return NT_STATUS_INTERNAL_DB_ERROR; -@@ -3484,7 +3484,11 @@ NTSTATUS wcache_remove_oldest_cached_creds(struct winbindd_domain *domain, const - status = NT_STATUS_UNSUCCESSFUL; - } - done: -- SAFE_FREE(wcache_cred_list); -+ for (cred = wcache_cred_list; cred; cred = next) { -+ next = cred->next; -+ DLIST_REMOVE(wcache_cred_list, cred); -+ SAFE_FREE(cred); -+ } - SAFE_FREE(oldest); - - return status; --- -2.9.0 - diff --git a/src/patches/samba/samba-3.6.99-fix_nbt_query_with_many_components.patch b/src/patches/samba/samba-3.6.99-fix_nbt_query_with_many_components.patch deleted file mode 100644 index 9d99f4478..000000000 --- a/src/patches/samba/samba-3.6.99-fix_nbt_query_with_many_components.patch +++ /dev/null @@ -1,35 +0,0 @@ -commit 9c3a46e53ebfff376eefee88c2b8745e17bdc21b -Author: Günther Deschner gd@samba.org -AuthorDate: Tue Feb 4 16:38:46 2014 +0100 -Commit: Andreas Schneider asn@samba.org -CommitDate: Mon Mar 10 17:18:14 2014 +0100 - - PATCHSET6 librpc/nbt: increase MAX_COMPONENTS limit for nbt_names. - - domains with more then 10 subdomains are not so uncommon. - - https://bugzilla.samba.org/show_bug.cgi?id=10439 - - Guenther - - Signed-off-by: Günther Deschner gd@samba.org - Reviewed-by: Andreas Schneider asn@samba.org - - (cherry picked from commit 4e05bad0d18e351cb2a2db74860e77adea727c79) ---- - libcli/nbt/nbtname.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/libcli/nbt/nbtname.c b/libcli/nbt/nbtname.c -index fec8e8e..3aa0000 100644 ---- a/libcli/nbt/nbtname.c -+++ b/libcli/nbt/nbtname.c -@@ -30,7 +30,7 @@ - #include "lib/util/util_net.h" - - /* don't allow an unlimited number of name components */ --#define MAX_COMPONENTS 10 -+#define MAX_COMPONENTS 128 - - /** - print a nbt string diff --git a/src/patches/samba/samba-3.6.99-fix_pam_winbind_parsing_segfault.patch b/src/patches/samba/samba-3.6.99-fix_pam_winbind_parsing_segfault.patch deleted file mode 100644 index 954af029c..000000000 --- a/src/patches/samba/samba-3.6.99-fix_pam_winbind_parsing_segfault.patch +++ /dev/null @@ -1,112 +0,0 @@ -From 580eabc2c9dfe29d719a026ff8f6ac3d2ead1983 Mon Sep 17 00:00:00 2001 -From: Andreas Schneider asn@samba.org -Date: Tue, 8 Sep 2015 16:48:08 +0200 -Subject: [PATCH] PATCHSET28: pam_winbind: Fix a segfault if initialization - fails - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=11502 - -Signed-off-by: Andreas Schneider asn@samba.org -Reviewed-by: Michael Adam obnox@samba.org - -Autobuild-User(master): Michael Adam obnox@samba.org -Autobuild-Date(master): Tue Sep 8 21:39:21 CEST 2015 on sn-devel-104 - -(cherry picked from commit 7d84cd6e40024fd361ea21635f7befed40f0e41f) ---- - nsswitch/pam_winbind.c | 19 ++++++++----------- - 1 file changed, 8 insertions(+), 11 deletions(-) - -diff --git a/nsswitch/pam_winbind.c b/nsswitch/pam_winbind.c -index d126494..cfaa5f1 100644 ---- a/nsswitch/pam_winbind.c -+++ b/nsswitch/pam_winbind.c -@@ -2465,7 +2465,7 @@ static int _pam_delete_cred(pam_handle_t *pamh, int flags, - - retval = _pam_winbind_init_context(pamh, flags, argc, argv, &ctx); - if (retval) { -- goto out; -+ return retval; - } - - _PAM_LOG_FUNCTION_ENTER("_pam_delete_cred", ctx); -@@ -2600,7 +2600,7 @@ int pam_sm_authenticate(pam_handle_t *pamh, int flags, - - retval = _pam_winbind_init_context(pamh, flags, argc, argv, &ctx); - if (retval) { -- goto out; -+ return retval; - } - - _PAM_LOG_FUNCTION_ENTER("pam_sm_authenticate", ctx); -@@ -2752,7 +2752,7 @@ int pam_sm_setcred(pam_handle_t *pamh, int flags, - - ret = _pam_winbind_init_context(pamh, flags, argc, argv, &ctx); - if (ret) { -- goto out; -+ return ret; - } - - _PAM_LOG_FUNCTION_ENTER("pam_sm_setcred", ctx); -@@ -2782,8 +2782,6 @@ int pam_sm_setcred(pam_handle_t *pamh, int flags, - break; - } - -- out: -- - _PAM_LOG_FUNCTION_LEAVE("pam_sm_setcred", ctx, ret); - - TALLOC_FREE(ctx); -@@ -2806,7 +2804,7 @@ int pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, - - ret = _pam_winbind_init_context(pamh, flags, argc, argv, &ctx); - if (ret) { -- goto out; -+ return ret; - } - - _PAM_LOG_FUNCTION_ENTER("pam_sm_acct_mgmt", ctx); -@@ -2901,7 +2899,7 @@ int pam_sm_open_session(pam_handle_t *pamh, int flags, - - ret = _pam_winbind_init_context(pamh, flags, argc, argv, &ctx); - if (ret) { -- goto out; -+ return ret; - } - - _PAM_LOG_FUNCTION_ENTER("pam_sm_open_session", ctx); -@@ -2910,7 +2908,7 @@ int pam_sm_open_session(pam_handle_t *pamh, int flags, - /* check and create homedir */ - ret = _pam_mkhomedir(ctx); - } -- out: -+ - _PAM_LOG_FUNCTION_LEAVE("pam_sm_open_session", ctx, ret); - - TALLOC_FREE(ctx); -@@ -2927,12 +2925,11 @@ int pam_sm_close_session(pam_handle_t *pamh, int flags, - - ret = _pam_winbind_init_context(pamh, flags, argc, argv, &ctx); - if (ret) { -- goto out; -+ return ret; - } - - _PAM_LOG_FUNCTION_ENTER("pam_sm_close_session", ctx); - --out: - _PAM_LOG_FUNCTION_LEAVE("pam_sm_close_session", ctx, ret); - - TALLOC_FREE(ctx); -@@ -3012,7 +3009,7 @@ int pam_sm_chauthtok(pam_handle_t * pamh, int flags, - - ret = _pam_winbind_init_context(pamh, flags, argc, argv, &ctx); - if (ret) { -- goto out; -+ return ret; - } - - _PAM_LOG_FUNCTION_ENTER("pam_sm_chauthtok", ctx); --- -2.5.0 - diff --git a/src/patches/samba/samba-3.6.99-fix_printcap_cpu_utilization.patch b/src/patches/samba/samba-3.6.99-fix_printcap_cpu_utilization.patch deleted file mode 100644 index 7c5921111..000000000 --- a/src/patches/samba/samba-3.6.99-fix_printcap_cpu_utilization.patch +++ /dev/null @@ -1,958 +0,0 @@ -From 61c58824cc9117ffe206ae7c126929bfa2384486 Mon Sep 17 00:00:00 2001 -From: David Disseldorp ddiss@samba.org -Date: Thu, 10 Jul 2014 00:18:10 +0200 -Subject: [PATCH 1/7] PATCHSET18: printing: traverse_read the printer list for - share updates -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -The printcap update procedure involves the background printer process -obtaining the printcap information from the printing backend, writing -this to printer_list.tdb, and then notifying all smbd processes of the -new list. The processes then all attempt to simultaneously traverse -printer_list.tdb, in order to update their local share lists. - -With a large number of printers, and a large number of per-client smbd -processes, this traversal results in significant lock contention, mostly -due to the fact that the traversal is unnecessarily done with an -exclusive (write) lock on the printer_list.tdb database. - -This commit changes the share update code path to perform a read-only -traversal. - -Bug: https://bugzilla.samba.org/show_bug.cgi?id=10652 - -Reported-by: Alex K korobkin+samba@gmail.com -Reported-by: Franz Pförtsch franz.pfoertsch@brose.com -Signed-off-by: David Disseldorp ddiss@samba.org ---- - source3/printing/load.c | 2 +- - source3/printing/pcap.c | 4 ++-- - source3/printing/pcap.h | 2 +- - source3/printing/printer_list.c | 17 +++++++++++------ - source3/printing/printer_list.h | 4 ++-- - 5 files changed, 17 insertions(+), 12 deletions(-) - -diff --git a/source3/printing/load.c b/source3/printing/load.c -index 829c3e3..0a3de73 100644 ---- a/source3/printing/load.c -+++ b/source3/printing/load.c -@@ -70,5 +70,5 @@ void load_printers(struct tevent_context *ev, - - /* load all printcap printers */ - if (lp_load_printers() && lp_servicenumber(PRINTERS_NAME) >= 0) -- pcap_printer_fn(lp_add_one_printer, NULL); -+ pcap_printer_read_fn(lp_add_one_printer, NULL); - } -diff --git a/source3/printing/pcap.c b/source3/printing/pcap.c -index 62db4f5..6ad8e33 100644 ---- a/source3/printing/pcap.c -+++ b/source3/printing/pcap.c -@@ -229,11 +229,11 @@ void pcap_printer_fn_specific(const struct pcap_cache *pc, - return; - } - --void pcap_printer_fn(void (*fn)(const char *, const char *, const char *, void *), void *pdata) -+void pcap_printer_read_fn(void (*fn)(const char *, const char *, const char *, void *), void *pdata) - { - NTSTATUS status; - -- status = printer_list_run_fn(fn, pdata); -+ status = printer_list_read_run_fn(fn, pdata); - if (!NT_STATUS_IS_OK(status)) { - DEBUG(3, ("Failed to run fn for all printers!\n")); - } -diff --git a/source3/printing/pcap.h b/source3/printing/pcap.h -index 7056213..6c062c3 100644 ---- a/source3/printing/pcap.h -+++ b/source3/printing/pcap.h -@@ -39,7 +39,7 @@ bool pcap_cache_add(const char *name, const char *comment, const char *location) - bool pcap_cache_loaded(void); - bool pcap_cache_replace(const struct pcap_cache *cache); - void pcap_printer_fn_specific(const struct pcap_cache *, void (*fn)(const char *, const char *, const char *, void *), void *); --void pcap_printer_fn(void (*fn)(const char *, const char *, const char *, void *), void *); -+void pcap_printer_read_fn(void (*fn)(const char *, const char *, const char *, void *), void *); - - void pcap_cache_reload(struct tevent_context *ev, - struct messaging_context *msg_ctx, -diff --git a/source3/printing/printer_list.c b/source3/printing/printer_list.c -index 603ce4b..b24bf83 100644 ---- a/source3/printing/printer_list.c -+++ b/source3/printing/printer_list.c -@@ -280,7 +280,8 @@ done: - typedef int (printer_list_trv_fn_t)(struct db_record *, void *); - - static NTSTATUS printer_list_traverse(printer_list_trv_fn_t *fn, -- void *private_data) -+ void *private_data, -+ bool read_only) - { - struct db_context *db; - int ret; -@@ -290,7 +291,11 @@ static NTSTATUS printer_list_traverse(printer_list_trv_fn_t *fn, - return NT_STATUS_INTERNAL_DB_CORRUPTION; - } - -- ret = db->traverse(db, fn, private_data); -+ if (read_only) { -+ ret = db->traverse_read(db, fn, private_data); -+ } else { -+ ret = db->traverse(db, fn, private_data); -+ } - if (ret < 0) { - return NT_STATUS_UNSUCCESSFUL; - } -@@ -357,7 +362,7 @@ NTSTATUS printer_list_clean_old(void) - - state.status = NT_STATUS_OK; - -- status = printer_list_traverse(printer_list_clean_fn, &state); -+ status = printer_list_traverse(printer_list_clean_fn, &state, false); - if (NT_STATUS_EQUAL(status, NT_STATUS_UNSUCCESSFUL) && - !NT_STATUS_IS_OK(state.status)) { - status = state.status; -@@ -404,8 +409,8 @@ static int printer_list_exec_fn(struct db_record *rec, void *private_data) - return 0; - } - --NTSTATUS printer_list_run_fn(void (*fn)(const char *, const char *, const char *, void *), -- void *private_data) -+NTSTATUS printer_list_read_run_fn(void (*fn)(const char *, const char *, const char *, void *), -+ void *private_data) - { - struct printer_list_exec_state state; - NTSTATUS status; -@@ -414,7 +419,7 @@ NTSTATUS printer_list_run_fn(void (*fn)(const char *, const char *, const char * - state.private_data = private_data; - state.status = NT_STATUS_OK; - -- status = printer_list_traverse(printer_list_exec_fn, &state); -+ status = printer_list_traverse(printer_list_exec_fn, &state, true); - if (NT_STATUS_EQUAL(status, NT_STATUS_UNSUCCESSFUL) && - !NT_STATUS_IS_OK(state.status)) { - status = state.status; -diff --git a/source3/printing/printer_list.h b/source3/printing/printer_list.h -index fb2e007..b12c192 100644 ---- a/source3/printing/printer_list.h -+++ b/source3/printing/printer_list.h -@@ -100,6 +100,6 @@ NTSTATUS printer_list_mark_reload(void); - */ - NTSTATUS printer_list_clean_old(void); - --NTSTATUS printer_list_run_fn(void (*fn)(const char *, const char *, const char *, void *), -- void *private_data); -+NTSTATUS printer_list_read_run_fn(void (*fn)(const char *, const char *, const char *, void *), -+ void *private_data); - #endif /* _PRINTER_LIST_H_ */ --- -2.1.0 - - -From 18b15f127b656ad9232789b073460c95b1aaa835 Mon Sep 17 00:00:00 2001 -From: David Disseldorp ddiss@samba.org -Date: Fri, 11 Jul 2014 17:00:05 +0200 -Subject: [PATCH 2/7] PATCHSET18: printing: only reload printer shares on - client enum - -Currently, automatic printer share updates are handled in the following -way: -- Background printer process (BPP) forked on startup -- Parent smbd and per-client children await MSG_PRINTER_PCAP messages -- BPP periodically polls the printing backend for printcap data - - printcap data written to printer_list.tdb - - MSG_PRINTER_PCAP sent to all smbd processes following update -- smbd processes all read the latest printer_list.tdb data, and update - their share listings - -This procedure is not scalable, as all smbd processes hit -printer_list.tdb in parallel, resulting in a large spike in CPU usage. - -This change sees smbd processes only update their printer share lists -only when a client asks for this information, e.g. via NetShareEnum or -EnumPrinters. - -Bug: https://bugzilla.samba.org/show_bug.cgi?id=10652 - -Suggested-by: Volker Lendecke vl@samba.org -Signed-off-by: David Disseldorp ddiss@samba.org ---- - source3/printing/spoolssd.c | 17 +---------------- - source3/rpc_server/spoolss/srv_spoolss_nt.c | 11 ++++++++++- - source3/rpc_server/srvsvc/srv_srvsvc_nt.c | 1 + - source3/smbd/lanman.c | 3 +++ - source3/smbd/server.c | 27 +++++---------------------- - 5 files changed, 20 insertions(+), 39 deletions(-) - -diff --git a/source3/printing/spoolssd.c b/source3/printing/spoolssd.c -index 83727df..7953237 100644 ---- a/source3/printing/spoolssd.c -+++ b/source3/printing/spoolssd.c -@@ -74,20 +74,6 @@ static void smb_conf_updated(struct messaging_context *msg, - spoolss_reopen_logs(); - } - --static void spoolss_pcap_updated(struct messaging_context *msg, -- void *private_data, -- uint32_t msg_type, -- struct server_id server_id, -- DATA_BLOB *data) --{ -- struct tevent_context *ev_ctx = talloc_get_type_abort(private_data, -- struct tevent_context); -- -- DEBUG(10, ("Got message saying pcap was updated. Reloading.\n")); -- change_to_root_user(); -- reload_printers(ev_ctx, msg); --} -- - static void spoolss_sig_term_handler(struct tevent_context *ev, - struct tevent_signal *se, - int signum, -@@ -206,12 +192,11 @@ void start_spoolssd(struct tevent_context *ev_ctx, - exit(1); - } - -+ /* printer shares updated from printer_list.tdb on client enumeration */ - messaging_register(msg_ctx, NULL, - MSG_PRINTER_UPDATE, print_queue_receive); - messaging_register(msg_ctx, ev_ctx, - MSG_SMB_CONF_UPDATED, smb_conf_updated); -- messaging_register(msg_ctx, ev_ctx, -- MSG_PRINTER_PCAP, spoolss_pcap_updated); - - /* - * Initialize spoolss with an init function to convert printers first. -diff --git a/source3/rpc_server/spoolss/srv_spoolss_nt.c b/source3/rpc_server/spoolss/srv_spoolss_nt.c -index 516b7dc..db48574 100644 ---- a/source3/rpc_server/spoolss/srv_spoolss_nt.c -+++ b/source3/rpc_server/spoolss/srv_spoolss_nt.c -@@ -4316,12 +4316,21 @@ static WERROR enum_all_printers_info_level(TALLOC_CTX *mem_ctx, - uint32_t *count_p) - { - int snum; -- int n_services = lp_numservices(); -+ int n_services; - union spoolss_PrinterInfo *info = NULL; - uint32_t count = 0; - WERROR result = WERR_OK; - struct dcerpc_binding_handle *b = NULL; - -+ /* -+ * printer shares are only updated on client enumeration. The background -+ * printer process updates printer_list.tdb at regular intervals. -+ */ -+ become_root(); -+ reload_printers(messaging_event_context(msg_ctx), msg_ctx); -+ unbecome_root(); -+ -+ n_services = lp_numservices(); - *count_p = 0; - *info_p = NULL; - -diff --git a/source3/rpc_server/srvsvc/srv_srvsvc_nt.c b/source3/rpc_server/srvsvc/srv_srvsvc_nt.c -index b9345d6..4600da3 100644 ---- a/source3/rpc_server/srvsvc/srv_srvsvc_nt.c -+++ b/source3/rpc_server/srvsvc/srv_srvsvc_nt.c -@@ -568,6 +568,7 @@ static WERROR init_srv_share_info_ctr(struct pipes_struct *p, - - /* Ensure all the usershares are loaded. */ - become_root(); -+ reload_printers(messaging_event_context(p->msg_ctx), p->msg_ctx); - load_usershare_shares(); - load_registry_shares(); - num_services = lp_numservices(); -diff --git a/source3/smbd/lanman.c b/source3/smbd/lanman.c -index f56ea30..49f7583 100644 ---- a/source3/smbd/lanman.c -+++ b/source3/smbd/lanman.c -@@ -43,6 +43,7 @@ - #include "passdb/machine_sid.h" - #include "auth.h" - #include "rpc_server/rpc_ncacn_np.h" -+#include "messages.h" - - #ifdef CHECK_TYPES - #undef CHECK_TYPES -@@ -2091,6 +2092,8 @@ static bool api_RNetShareEnum(struct smbd_server_connection *sconn, - - /* Ensure all the usershares are loaded. */ - become_root(); -+ reload_printers(messaging_event_context(sconn->msg_ctx), -+ sconn->msg_ctx); - load_registry_shares(); - count = load_usershare_shares(); - unbecome_root(); -diff --git a/source3/smbd/server.c b/source3/smbd/server.c -index a26dbc4..102e8dd 100644 ---- a/source3/smbd/server.c -+++ b/source3/smbd/server.c -@@ -111,24 +111,6 @@ static void smb_conf_updated(struct messaging_context *msg, - /* printer reload triggered by background printing process */ - } - --/******************************************************************* -- What to do when printcap is updated. -- ********************************************************************/ -- --static void smb_pcap_updated(struct messaging_context *msg, -- void *private_data, -- uint32_t msg_type, -- struct server_id server_id, -- DATA_BLOB *data) --{ -- struct tevent_context *ev_ctx = -- talloc_get_type_abort(private_data, struct tevent_context); -- -- DEBUG(10,("Got message saying pcap was updated. Reloading.\n")); -- change_to_root_user(); -- reload_printers(ev_ctx, msg); --} -- - static void smbd_sig_term_handler(struct tevent_context *ev, - struct tevent_signal *se, - int signum, -@@ -1287,10 +1269,11 @@ extern void build_options(bool screen); - - if (is_daemon && !interactive - && lp_parm_bool(-1, "smbd", "backgroundqueue", true)) { -- /* background queue is responsible for printcap cache updates */ -- messaging_register(smbd_server_conn->msg_ctx, -- smbd_event_context(), -- MSG_PRINTER_PCAP, smb_pcap_updated); -+ /* -+ * background queue is responsible for printcap cache updates. -+ * Other smbd processes only reload printers when a client -+ * issues an enumeration request. -+ */ - start_background_queue(server_event_context(), - smbd_server_conn->msg_ctx); - } else { --- -2.1.0 - - -From 52196380547dde4784e42c35c46135bb5230a08d Mon Sep 17 00:00:00 2001 -From: David Disseldorp ddiss@samba.org -Date: Tue, 22 Jul 2014 20:17:38 +0200 -Subject: [PATCH 3/7] PATCHSET18: printing: reload printer_list.tdb from in - memory list - -This will allow in future for a single atomic printer_list.tdb update. - -Bug: https://bugzilla.samba.org/show_bug.cgi?id=10652 - -Signed-off-by: David Disseldorp ddiss@samba.org ---- - source3/printing/pcap.c | 26 +++++++++++--------------- - source3/printing/pcap.h | 8 ++++---- - source3/printing/print_aix.c | 17 ++++++++++++++--- - source3/printing/print_iprint.c | 16 ++++++++++------ - source3/printing/print_standard.c | 8 ++++++-- - source3/printing/print_svid.c | 11 +++++++---- - 6 files changed, 52 insertions(+), 34 deletions(-) - -diff --git a/source3/printing/pcap.c b/source3/printing/pcap.c -index 6ad8e33..5173fc9 100644 ---- a/source3/printing/pcap.c -+++ b/source3/printing/pcap.c -@@ -83,7 +83,7 @@ void pcap_cache_destroy_specific(struct pcap_cache **pp_cache) - *pp_cache = NULL; - } - --bool pcap_cache_add(const char *name, const char *comment, const char *location) -+static bool pcap_cache_add(const char *name, const char *comment, const char *location) - { - NTSTATUS status; - time_t t = time_mono(NULL); -@@ -132,8 +132,8 @@ void pcap_cache_reload(struct tevent_context *ev, - { - const char *pcap_name = lp_printcapname(); - bool pcap_reloaded = False; -- NTSTATUS status; - bool post_cache_fill_fn_handled = false; -+ struct pcap_cache *pcache = NULL; - - DEBUG(3, ("reloading printcap cache\n")); - -@@ -143,12 +143,6 @@ void pcap_cache_reload(struct tevent_context *ev, - return; - } - -- status = printer_list_mark_reload(); -- if (!NT_STATUS_IS_OK(status)) { -- DEBUG(0, ("Failed to mark printer list for reload!\n")); -- return; -- } -- - #ifdef HAVE_CUPS - if (strequal(pcap_name, "cups")) { - pcap_reloaded = cups_cache_reload(ev, msg_ctx, -@@ -164,26 +158,26 @@ void pcap_cache_reload(struct tevent_context *ev, - - #ifdef HAVE_IPRINT - if (strequal(pcap_name, "iprint")) { -- pcap_reloaded = iprint_cache_reload(); -+ pcap_reloaded = iprint_cache_reload(&pcache); - goto done; - } - #endif - - #if defined(SYSV) || defined(HPUX) - if (strequal(pcap_name, "lpstat")) { -- pcap_reloaded = sysv_cache_reload(); -+ pcap_reloaded = sysv_cache_reload(&pcache); - goto done; - } - #endif - - #ifdef AIX - if (strstr_m(pcap_name, "/qconfig") != NULL) { -- pcap_reloaded = aix_cache_reload(); -+ pcap_reloaded = aix_cache_reload(&pcache); - goto done; - } - #endif - -- pcap_reloaded = std_pcap_cache_reload(pcap_name); -+ pcap_reloaded = std_pcap_cache_reload(pcap_name, &pcache); - - done: - DEBUG(3, ("reload status: %s\n", (pcap_reloaded) ? "ok" : "error")); -@@ -192,14 +186,16 @@ done: - /* cleanup old entries only if the operation was successful, - * otherwise keep around the old entries until we can - * successfuly reaload */ -- status = printer_list_clean_old(); -- if (!NT_STATUS_IS_OK(status)) { -- DEBUG(0, ("Failed to cleanup printer list!\n")); -+ -+ if (!pcap_cache_replace(pcache)) { -+ DEBUG(0, ("Failed to replace printer list!\n")); - } -+ - if (post_cache_fill_fn != NULL) { - post_cache_fill_fn(ev, msg_ctx); - } - } -+ pcap_cache_destroy_specific(&pcache); - - return; - } -diff --git a/source3/printing/pcap.h b/source3/printing/pcap.h -index 6c062c3..d388d7d 100644 ---- a/source3/printing/pcap.h -+++ b/source3/printing/pcap.h -@@ -49,7 +49,7 @@ bool pcap_printername_ok(const char *printername); - - /* The following definitions come from printing/print_aix.c */ - --bool aix_cache_reload(void); -+bool aix_cache_reload(struct pcap_cache **_pcache); - - /* The following definitions come from printing/print_cups.c */ - -@@ -60,13 +60,13 @@ bool cups_cache_reload(struct tevent_context *ev, - - /* The following definitions come from printing/print_iprint.c */ - --bool iprint_cache_reload(void); -+bool iprint_cache_reload(struct pcap_cache **_pcache); - - /* The following definitions come from printing/print_svid.c */ - --bool sysv_cache_reload(void); -+bool sysv_cache_reload(struct pcap_cache **_pcache); - - /* The following definitions come from printing/print_standard.c */ --bool std_pcap_cache_reload(const char *pcap_name); -+bool std_pcap_cache_reload(const char *pcap_name, struct pcap_cache **_pcache); - - #endif /* _PRINTING_PCAP_H_ */ -diff --git a/source3/printing/print_aix.c b/source3/printing/print_aix.c -index 23d9a86..927a71b 100644 ---- a/source3/printing/print_aix.c -+++ b/source3/printing/print_aix.c -@@ -29,12 +29,13 @@ - #include "printing/pcap.h" - - #ifdef AIX --bool aix_cache_reload(void) -+bool aix_cache_reload(struct pcap_cache **_pcache) - { - int iEtat; - XFILE *pfile; - char *line = NULL, *p; - char *name = NULL; -+ struct pcap_cache *pcache = NULL; - TALLOC_CTX *ctx = talloc_init("aix_cache_reload"); - - if (!ctx) { -@@ -52,6 +53,8 @@ bool aix_cache_reload(void) - iEtat = 0; - /* scan qconfig file for searching <printername>: */ - for (;(line = fgets_slash(NULL, 1024, pfile)); free(line)) { -+ bool ok; -+ - if (*line == '*' || *line == 0) - continue; - -@@ -67,6 +70,7 @@ bool aix_cache_reload(void) - if (strcmp(p, "bsh") != 0) { - name = talloc_strdup(ctx, p); - if (!name) { -+ pcap_cache_destroy_specific(&pcache); - SAFE_FREE(line); - x_fclose(pfile); - TALLOC_FREE(ctx); -@@ -86,7 +90,10 @@ bool aix_cache_reload(void) - /* name is found without stanza device */ - /* probably a good printer ??? */ - iEtat = 0; -- if (!pcap_cache_add(name, NULL, NULL)) { -+ ok = pcap_cache_add_specific(&pcache, -+ name, NULL, NULL); -+ if (!ok) { -+ pcap_cache_destroy_specific(&pcache); - SAFE_FREE(line); - x_fclose(pfile); - TALLOC_FREE(ctx); -@@ -101,7 +108,10 @@ bool aix_cache_reload(void) - } else if (strstr_m(line, "device")) { - /* it's a good virtual printer */ - iEtat = 0; -- if (!pcap_cache_add(name, NULL, NULL)) { -+ ok = pcap_cache_add_specific(&pcache, -+ name, NULL, NULL); -+ if (!ok) { -+ pcap_cache_destroy_specific(&pcache); - SAFE_FREE(line); - x_fclose(pfile); - TALLOC_FREE(ctx); -@@ -113,6 +123,7 @@ bool aix_cache_reload(void) - } - } - -+ *_pcache = pcache; - x_fclose(pfile); - TALLOC_FREE(ctx); - return true; -diff --git a/source3/printing/print_iprint.c b/source3/printing/print_iprint.c -index 529f0dd..6e91747 100644 ---- a/source3/printing/print_iprint.c -+++ b/source3/printing/print_iprint.c -@@ -204,7 +204,8 @@ static int iprint_get_server_version(http_t *http, char* serviceUri) - - static int iprint_cache_add_printer(http_t *http, - int reqId, -- char* url) -+ char *url, -+ struct pcap_cache **pcache) - { - ipp_t *request = NULL, /* IPP Request */ - *response = NULL; /* IPP Response */ -@@ -340,7 +341,7 @@ static int iprint_cache_add_printer(http_t *http, - */ - - if (name != NULL && !secure && smb_enabled) -- pcap_cache_add(name, info, NULL); -+ pcap_cache_add_specific(pcache, name, info, NULL); - } - - out: -@@ -349,7 +350,7 @@ static int iprint_cache_add_printer(http_t *http, - return(0); - } - --bool iprint_cache_reload(void) -+bool iprint_cache_reload(struct pcap_cache **_pcache) - { - http_t *http = NULL; /* HTTP connection to server */ - ipp_t *request = NULL, /* IPP Request */ -@@ -357,7 +358,8 @@ bool iprint_cache_reload(void) - ipp_attribute_t *attr; /* Current attribute */ - cups_lang_t *language = NULL; /* Default language */ - int i; -- bool ret = False; -+ bool ret = false; -+ struct pcap_cache *pcache = NULL; - - DEBUG(5, ("reloading iprint printcap cache\n")); - -@@ -439,14 +441,16 @@ bool iprint_cache_reload(void) - char *url = ippGetString(attr, i, NULL); - if (!url || !strlen(url)) - continue; -- iprint_cache_add_printer(http, i+2, url); -+ iprint_cache_add_printer(http, i+2, url, -+ &pcache); - } - } - attr = ippNextAttribute(response); - } - } - -- ret = True; -+ ret = true; -+ *_pcache = pcache; - - out: - if (response) -diff --git a/source3/printing/print_standard.c b/source3/printing/print_standard.c -index c4f9c5b..b5f1056 100644 ---- a/source3/printing/print_standard.c -+++ b/source3/printing/print_standard.c -@@ -59,10 +59,11 @@ - #include "printing/pcap.h" - - /* handle standard printcap - moved from pcap_printer_fn() */ --bool std_pcap_cache_reload(const char *pcap_name) -+bool std_pcap_cache_reload(const char *pcap_name, struct pcap_cache **_pcache) - { - XFILE *pcap_file; - char *pcap_line; -+ struct pcap_cache *pcache = NULL; - - if ((pcap_file = x_fopen(pcap_name, O_RDONLY, 0)) == NULL) { - DEBUG(0, ("Unable to open printcap file %s for read!\n", pcap_name)); -@@ -117,12 +118,15 @@ bool std_pcap_cache_reload(const char *pcap_name) - } - } - -- if (*name && !pcap_cache_add(name, comment, NULL)) { -+ if ((*name != '\0') -+ && !pcap_cache_add_specific(&pcache, name, comment, NULL)) { - x_fclose(pcap_file); -+ pcap_cache_destroy_specific(&pcache); - return false; - } - } - - x_fclose(pcap_file); -+ *_pcache = pcache; - return true; - } -diff --git a/source3/printing/print_svid.c b/source3/printing/print_svid.c -index 2226493..879661b 100644 ---- a/source3/printing/print_svid.c -+++ b/source3/printing/print_svid.c -@@ -35,10 +35,11 @@ - #include "printing/pcap.h" - - #if defined(SYSV) || defined(HPUX) --bool sysv_cache_reload(void) -+bool sysv_cache_reload(struct pcap_cache **_pcache) - { - char **lines; - int i; -+ struct pcap_cache *pcache = NULL; - - #if defined(HPUX) - DEBUG(5, ("reloading hpux printcap cache\n")); -@@ -111,14 +112,16 @@ bool sysv_cache_reload(void) - *tmp = '\0'; - - /* add it to the cache */ -- if (!pcap_cache_add(name, NULL, NULL)) { -+ if (!pcap_cache_add_specific(&pcache, name, NULL, NULL)) { - TALLOC_FREE(lines); -- return False; -+ pcap_cache_destroy_specific(&pcache); -+ return false; - } - } - - TALLOC_FREE(lines); -- return True; -+ *_pcache = pcache; -+ return true; - } - - #else --- -2.1.0 - - -From 91c0b6477fcd4ad20d1cda45f78f160cee8e58ff Mon Sep 17 00:00:00 2001 -From: David Disseldorp ddiss@samba.org -Date: Fri, 25 Jul 2014 12:18:54 +0200 -Subject: [PATCH 4/7] PATCHSET18: printing: remove pcap_cache_add() - -All print list updates are now done via pcap_cache_replace(), which can -call into the print_list code directly. - -Bug: https://bugzilla.samba.org/show_bug.cgi?id=10652 - -Signed-off-by: David Disseldorp ddiss@samba.org ---- - source3/printing/pcap.c | 16 ++++++---------- - source3/printing/pcap.h | 1 - - 2 files changed, 6 insertions(+), 11 deletions(-) - -diff --git a/source3/printing/pcap.c b/source3/printing/pcap.c -index 5173fc9..5059f20 100644 ---- a/source3/printing/pcap.c -+++ b/source3/printing/pcap.c -@@ -83,15 +83,6 @@ void pcap_cache_destroy_specific(struct pcap_cache **pp_cache) - *pp_cache = NULL; - } - --static bool pcap_cache_add(const char *name, const char *comment, const char *location) --{ -- NTSTATUS status; -- time_t t = time_mono(NULL); -- -- status = printer_list_set_printer(talloc_tos(), name, comment, location, t); -- return NT_STATUS_IS_OK(status); --} -- - bool pcap_cache_loaded(void) - { - NTSTATUS status; -@@ -105,6 +96,7 @@ bool pcap_cache_replace(const struct pcap_cache *pcache) - { - const struct pcap_cache *p; - NTSTATUS status; -+ time_t t = time_mono(NULL); - - status = printer_list_mark_reload(); - if (!NT_STATUS_IS_OK(status)) { -@@ -113,7 +105,11 @@ bool pcap_cache_replace(const struct pcap_cache *pcache) - } - - for (p = pcache; p; p = p->next) { -- pcap_cache_add(p->name, p->comment, p->location); -+ status = printer_list_set_printer(talloc_tos(), p->name, -+ p->comment, p->location, t); -+ if (!NT_STATUS_IS_OK(status)) { -+ return false; -+ } - } - - status = printer_list_clean_old(); -diff --git a/source3/printing/pcap.h b/source3/printing/pcap.h -index d388d7d..7dccf84 100644 ---- a/source3/printing/pcap.h -+++ b/source3/printing/pcap.h -@@ -35,7 +35,6 @@ struct pcap_cache; - - bool pcap_cache_add_specific(struct pcap_cache **ppcache, const char *name, const char *comment, const char *location); - void pcap_cache_destroy_specific(struct pcap_cache **ppcache); --bool pcap_cache_add(const char *name, const char *comment, const char *location); - bool pcap_cache_loaded(void); - bool pcap_cache_replace(const struct pcap_cache *cache); - void pcap_printer_fn_specific(const struct pcap_cache *, void (*fn)(const char *, const char *, const char *, void *), void *); --- -2.1.0 - - -From 10582491e417d5ab5c77afe2337793dbacd98fa8 Mon Sep 17 00:00:00 2001 -From: David Disseldorp ddiss@samba.org -Date: Wed, 23 Jul 2014 12:12:34 +0200 -Subject: [PATCH 5/7] PATCHSET18: printing: return last change time with - pcap_cache_loaded() - -Bug: https://bugzilla.samba.org/show_bug.cgi?id=10652 - -Signed-off-by: David Disseldorp ddiss@samba.org ---- - source3/printing/load.c | 2 +- - source3/printing/pcap.c | 10 ++++++++-- - source3/printing/pcap.h | 2 +- - source3/web/swat.c | 4 ++-- - 4 files changed, 12 insertions(+), 6 deletions(-) - -diff --git a/source3/printing/load.c b/source3/printing/load.c -index 0a3de73..83f1095 100644 ---- a/source3/printing/load.c -+++ b/source3/printing/load.c -@@ -64,7 +64,7 @@ load automatic printer services from pre-populated pcap cache - void load_printers(struct tevent_context *ev, - struct messaging_context *msg_ctx) - { -- SMB_ASSERT(pcap_cache_loaded()); -+ SMB_ASSERT(pcap_cache_loaded(NULL)); - - add_auto_printers(); - -diff --git a/source3/printing/pcap.c b/source3/printing/pcap.c -index 5059f20..027c1b2 100644 ---- a/source3/printing/pcap.c -+++ b/source3/printing/pcap.c -@@ -83,13 +83,19 @@ void pcap_cache_destroy_specific(struct pcap_cache **pp_cache) - *pp_cache = NULL; - } - --bool pcap_cache_loaded(void) -+bool pcap_cache_loaded(time_t *_last_change) - { - NTSTATUS status; - time_t last; - - status = printer_list_get_last_refresh(&last); -- return NT_STATUS_IS_OK(status); -+ if (!NT_STATUS_IS_OK(status)) { -+ return false; -+ } -+ if (_last_change != NULL) { -+ *_last_change = last; -+ } -+ return true; - } - - bool pcap_cache_replace(const struct pcap_cache *pcache) -diff --git a/source3/printing/pcap.h b/source3/printing/pcap.h -index 7dccf84..8fc9e9d 100644 ---- a/source3/printing/pcap.h -+++ b/source3/printing/pcap.h -@@ -35,7 +35,7 @@ struct pcap_cache; - - bool pcap_cache_add_specific(struct pcap_cache **ppcache, const char *name, const char *comment, const char *location); - void pcap_cache_destroy_specific(struct pcap_cache **ppcache); --bool pcap_cache_loaded(void); -+bool pcap_cache_loaded(time_t *_last_change); - bool pcap_cache_replace(const struct pcap_cache *cache); - void pcap_printer_fn_specific(const struct pcap_cache *, void (*fn)(const char *, const char *, const char *, void *), void *); - void pcap_printer_read_fn(void (*fn)(const char *, const char *, const char *, void *), void *); -diff --git a/source3/web/swat.c b/source3/web/swat.c -index f8933d2..a1a035c 100644 ---- a/source3/web/swat.c -+++ b/source3/web/swat.c -@@ -586,7 +586,7 @@ static int save_reload(int snum) - return 0; - } - iNumNonAutoPrintServices = lp_numservices(); -- if (pcap_cache_loaded()) { -+ if (pcap_cache_loaded(NULL)) { - load_printers(server_event_context(), - server_messaging_context()); - } -@@ -1572,7 +1572,7 @@ const char *lang_msg_rotate(TALLOC_CTX *ctx, const char *msgid) - reopen_logs(); - load_interfaces(); - iNumNonAutoPrintServices = lp_numservices(); -- if (pcap_cache_loaded()) { -+ if (pcap_cache_loaded(NULL)) { - load_printers(server_event_context(), - server_messaging_context()); - } --- -2.1.0 - - -From 484667ff73b54b275f8629264aef27ec9628c7fd Mon Sep 17 00:00:00 2001 -From: David Disseldorp ddiss@samba.org -Date: Wed, 23 Jul 2014 14:42:00 +0200 -Subject: [PATCH 6/7] PATCHSET18: smbd: only reprocess printer_list.tdb if it - changed - -The per-client smbd printer share inventory is currently updated from -printer_list.tdb when a client enumerates printers, via EnumPrinters or -NetShareEnum. -printer_list.tdb is populated by the background print process, based on -the latest printcap values retrieved from the printing backend (e.g. -CUPS) at regular intervals. -This change ensures that per-client smbd processes don't reparse -printer_list.tdb if it hasn't been updated since the last enumeration. - -Bug: https://bugzilla.samba.org/show_bug.cgi?id=10652 - -Suggested-by: Volker Lendecke vl@samba.org -Signed-off-by: David Disseldorp ddiss@samba.org ---- - source3/smbd/server_reload.c | 21 +++++++++++++++++++++ - 1 file changed, 21 insertions(+) - -diff --git a/source3/smbd/server_reload.c b/source3/smbd/server_reload.c -index c4c5a8d..57f7972 100644 ---- a/source3/smbd/server_reload.c -+++ b/source3/smbd/server_reload.c -@@ -30,6 +30,13 @@ - #include "auth.h" - #include "messages.h" - -+/* -+ * The persistent pcap cache is populated by the background print process. Per -+ * client smbds should only reload their printer share inventories if this -+ * information has changed. Use last_reload_time to detect this. -+ */ -+static time_t reload_last_pcap_time = 0; -+ - /**************************************************************************** - purge stale printers and reload from pre-populated pcap cache - **************************************************************************/ -@@ -40,6 +47,20 @@ void reload_printers(struct tevent_context *ev, - int pnum; - int snum; - const char *pname; -+ bool ok; -+ time_t pcap_last_update; -+ -+ ok = pcap_cache_loaded(&pcap_last_update); -+ if (!ok) { -+ DEBUG(1, ("pcap cache not loaded\n")); -+ return; -+ } -+ -+ if (reload_last_pcap_time == pcap_last_update) { -+ DEBUG(5, ("skipping printer reload, already up to date.\n")); -+ return; -+ } -+ reload_last_pcap_time = pcap_last_update; - - n_services = lp_numservices(); - pnum = lp_servicenumber(PRINTERS_NAME); --- -2.1.0 - - -From 08848f939b735b5a68066ebcc995247d77f5fa2d Mon Sep 17 00:00:00 2001 -From: David Disseldorp ddiss@samba.org -Date: Wed, 6 Aug 2014 14:33:02 +0200 -Subject: [PATCH 7/7] PATCHSET18: printing: reload printer shares on - OpenPrinter - -The printer share inventory should be reloaded on open _and_ -enumeration, as there are some clients, such as cupsaddsmb, that do not -perform an enumeration prior to access. - -Bug: https://bugzilla.samba.org/show_bug.cgi?id=10652 - -Signed-off-by: David Disseldorp ddiss@samba.org ---- - source3/rpc_server/spoolss/srv_spoolss_nt.c | 12 +++++++++++- - 1 file changed, 11 insertions(+), 1 deletion(-) - -diff --git a/source3/rpc_server/spoolss/srv_spoolss_nt.c b/source3/rpc_server/spoolss/srv_spoolss_nt.c -index db48574..fb8f61f 100644 ---- a/source3/rpc_server/spoolss/srv_spoolss_nt.c -+++ b/source3/rpc_server/spoolss/srv_spoolss_nt.c -@@ -1737,6 +1737,16 @@ WERROR _spoolss_OpenPrinterEx(struct pipes_struct *p, - return WERR_INVALID_PARAM; - } - -+ /* -+ * The printcap printer share inventory is updated on client -+ * enumeration. For clients that do not perform enumeration prior to -+ * access, such as cupssmbadd, we reinitialise the printer share -+ * inventory on open as well. -+ */ -+ become_root(); -+ reload_printers(messaging_event_context(p->msg_ctx), p->msg_ctx); -+ unbecome_root(); -+ - /* some sanity check because you can open a printer or a print server */ - /* aka: \server\printer or \server */ - -@@ -4323,7 +4333,7 @@ static WERROR enum_all_printers_info_level(TALLOC_CTX *mem_ctx, - struct dcerpc_binding_handle *b = NULL; - - /* -- * printer shares are only updated on client enumeration. The background -+ * printer shares are updated on client enumeration. The background - * printer process updates printer_list.tdb at regular intervals. - */ - become_root(); --- -2.1.0 - diff --git a/src/patches/samba/samba-3.6.99-fix_rpc_query_user_list.patch b/src/patches/samba/samba-3.6.99-fix_rpc_query_user_list.patch deleted file mode 100644 index cc4352890..000000000 --- a/src/patches/samba/samba-3.6.99-fix_rpc_query_user_list.patch +++ /dev/null @@ -1,37 +0,0 @@ -From 75497eb3bb57424cefbbbe0c61cd2b0adcad802b Mon Sep 17 00:00:00 2001 -From: Andreas Schneider asn@samba.org -Date: Wed, 2 Nov 2016 17:19:09 +0100 -Subject: [PATCH] s3-winbind: Do not return NO_MEMORY if we have an empty user - list - -The domain child for the MACHINE ACCOUNT might fail with -NT_STATUS_NO_MEMORY because an emtpy user list is returned. - -*pnum_info is already set to 0 at the beginngin so we should just -declare victory here! - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=12405 - -Signed-off-by: Andreas Schneider asn@samba.org ---- - source3/winbindd/winbindd_rpc.c | 4 ++++ - 1 file changed, 4 insertions(+) - -diff --git a/source3/winbindd/winbindd_rpc.c b/source3/winbindd/winbindd_rpc.c -index c560a6b..59bd78a 100644 ---- a/source3/winbindd/winbindd_rpc.c -+++ b/source3/winbindd/winbindd_rpc.c -@@ -88,6 +88,10 @@ NTSTATUS rpc_query_user_list(TALLOC_CTX *mem_ctx, - num_dom_users = disp_info.info1.count; - - num_info += num_dom_users; -+ /* If there are no user to enumerate we're done */ -+ if (num_info == 0) { -+ return NT_STATUS_OK; -+ } - - info = TALLOC_REALLOC_ARRAY(mem_ctx, - info, --- -2.7.4 - diff --git a/src/patches/samba/samba-3.6.99-fix_rpcclient_timeout_command.patch b/src/patches/samba/samba-3.6.99-fix_rpcclient_timeout_command.patch deleted file mode 100644 index 02be2c632..000000000 --- a/src/patches/samba/samba-3.6.99-fix_rpcclient_timeout_command.patch +++ /dev/null @@ -1,73 +0,0 @@ -From fe30cb2d1932401b5507af9f12149506cf0ae749 Mon Sep 17 00:00:00 2001 -From: Andreas Schneider asn@samba.org -Date: Tue, 7 Apr 2015 16:12:18 +0200 -Subject: [PATCH] PATCHSET25: rpcclient: Fix the timeout command - -https://bugzilla.samba.org/show_bug.cgi?id=11199 - -Signed-off-by: Andreas Schneider asn@samba.org -Reviewed-by: Stefan Metzmacher metze@samba.org - -(cherry picked from commit 2bca4cdc6f83dce48c73a33288c4fd3ae80f883b) ---- - source3/rpcclient/rpcclient.c | 23 +++++++---------------- - 1 file changed, 7 insertions(+), 16 deletions(-) - -diff --git a/source3/rpcclient/rpcclient.c b/source3/rpcclient/rpcclient.c -index c2f3e4c..0dbcd01 100644 ---- a/source3/rpcclient/rpcclient.c -+++ b/source3/rpcclient/rpcclient.c -@@ -481,8 +481,6 @@ static NTSTATUS cmd_seal(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, - static NTSTATUS cmd_timeout(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, - int argc, const char **argv) - { -- struct cmd_list *tmp; -- - if (argc > 2) { - printf("Usage: %s timeout\n", argv[0]); - return NT_STATUS_OK; -@@ -490,19 +488,6 @@ static NTSTATUS cmd_timeout(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, - - if (argc == 2) { - timeout = atoi(argv[1]); -- -- for (tmp = cmd_list; tmp; tmp = tmp->next) { -- -- struct cmd_set *tmp_set; -- -- for (tmp_set = tmp->cmd_set; tmp_set->name; tmp_set++) { -- if (tmp_set->rpc_pipe == NULL) { -- continue; -- } -- -- rpccli_set_timeout(tmp_set->rpc_pipe, timeout); -- } -- } - } - - printf("timeout is %d\n", timeout); -@@ -791,6 +776,11 @@ static NTSTATUS do_cmd(struct cli_state *cli, - } - } - -+ /* Set timeout for new connections */ -+ if (cmd_entry->rpc_pipe) { -+ rpccli_set_timeout(cmd_entry->rpc_pipe, timeout); -+ } -+ - /* Run command */ - - if ( cmd_entry->returntype == RPC_RTYPE_NTSTATUS ) { -@@ -1124,7 +1114,8 @@ out_free: - - /* Load command lists */ - -- timeout = cli_set_timeout(cli, 10000); -+ timeout = 10000; -+ cli_set_timeout(cli, timeout); - - cmd_set = rpcclient_command_list; - --- -2.1.0 - diff --git a/src/patches/samba/samba-3.6.99-fix_security_server_share_access.patch b/src/patches/samba/samba-3.6.99-fix_security_server_share_access.patch deleted file mode 100644 index ad2335328..000000000 --- a/src/patches/samba/samba-3.6.99-fix_security_server_share_access.patch +++ /dev/null @@ -1,70 +0,0 @@ -From 56bfca66b8597afe731f4624bb9f862bb45f81ba Mon Sep 17 00:00:00 2001 -From: Matt Rogers mrogers@redhat.com -Date: Mon, 12 Oct 2015 14:46:18 +0200 -Subject: [PATCH] PATCHSET33: s3-auch: Fix secuirty = server share access - -Resolve user groups in non-winbind path of passwd_to_SamInfo3(), fixing -group memberships with server security. - -Signed-off-by: Matt Rogers mrogers@redhat.com ---- - source3/auth/server_info.c | 28 ++++++++++++++++++++++++++++ - 1 file changed, 28 insertions(+) - -diff --git a/source3/auth/server_info.c b/source3/auth/server_info.c -index 1fd9317..91724cc 100644 ---- a/source3/auth/server_info.c -+++ b/source3/auth/server_info.c -@@ -571,7 +571,9 @@ NTSTATUS passwd_to_SamInfo3(TALLOC_CTX *mem_ctx, - enum lsa_SidType type; - uint32_t num_sids = 0; - struct dom_sid *user_sids = NULL; -+ gid_t *gids = NULL; - bool ok; -+ int i; - - tmp_ctx = talloc_stackframe(); - -@@ -629,6 +631,29 @@ NTSTATUS passwd_to_SamInfo3(TALLOC_CTX *mem_ctx, - get_global_sam_sid(), - DOMAIN_RID_USERS); - } -+ -+ if (!getgroups_unix_user(tmp_ctx, -+ unix_username, -+ pwd->pw_gid, -+ &gids, -+ &num_sids)) { -+ DEBUG(1, ("Failed to get unix user groups.\n")); -+ goto done; -+ } -+ -+ if (num_sids == 0) { -+ smb_panic("primary group missing"); -+ } -+ -+ user_sids = TALLOC_ARRAY(tmp_ctx, struct dom_sid, num_sids); -+ -+ if (user_sids == NULL) { -+ return NT_STATUS_NO_MEMORY; -+ } -+ -+ for (i = 0; i < num_sids; i++) { -+ gid_to_sid(&user_sids[i], gids[i]); -+ } - } - - /* Make sure we have a valid group sid */ -@@ -696,6 +721,9 @@ NTSTATUS passwd_to_SamInfo3(TALLOC_CTX *mem_ctx, - - status = NT_STATUS_OK; - done: -+ if (gids != NULL) { -+ talloc_free(gids); -+ } - talloc_free(tmp_ctx); - - return status; --- -2.5.0 - diff --git a/src/patches/samba/samba-3.6.99-fix_setup_domain_child_logic.patch b/src/patches/samba/samba-3.6.99-fix_setup_domain_child_logic.patch deleted file mode 100644 index e31f75e97..000000000 --- a/src/patches/samba/samba-3.6.99-fix_setup_domain_child_logic.patch +++ /dev/null @@ -1,186 +0,0 @@ -commit 9dd0bb462b613a5f6f41d4130bfd31c0a64debd7 -Author: Jeremy Allison jra@samba.org -AuthorDate: Mon Jan 13 15:23:00 2014 +0100 -Commit: Andreas Schneider asn@samba.org -CommitDate: Wed Feb 5 11:45:44 2014 +0100 - - s3-winbind: Move setup_domain_child() into add_trusted_domain(). - - Ensure it only gets called when a new domain is allocated - and added to the list. - - This should fix problems with the previous logic where - setup_domain_child() was called in places where an existing - domain was returned. - - BUG: https://bugzilla.samba.org/show_bug.cgi?id=10358 ---- - source3/winbindd/winbindd_util.c | 74 ++++++++++++++++++---------------------- - 1 file changed, 33 insertions(+), 41 deletions(-) - -diff --git a/source3/winbindd/winbindd_util.c b/source3/winbindd/winbindd_util.c -index 37b6578..353722e 100644 ---- a/source3/winbindd/winbindd_util.c -+++ b/source3/winbindd/winbindd_util.c -@@ -89,7 +89,10 @@ static bool is_in_internal_domain(const struct dom_sid *sid) - } - - --/* Add a trusted domain to our list of domains */ -+/* Add a trusted domain to our list of domains. -+ If the domain already exists in the list, -+ return it and don't re-initialize. -+ */ - static struct winbindd_domain *add_trusted_domain(const char *domain_name, const char *alt_name, - struct winbindd_methods *methods, - const struct dom_sid *sid) -@@ -99,6 +102,7 @@ static struct winbindd_domain *add_trusted_domain(const char *domain_name, const - char *idmap_config_option; - const char *param; - const char **ignored_domains, **dom; -+ int role = lp_server_role(); - - ignored_domains = lp_parm_string_list(-1, "winbind", "ignore domains", NULL); - for (dom=ignored_domains; dom && *dom; dom++) { -@@ -146,7 +150,10 @@ static struct winbindd_domain *add_trusted_domain(const char *domain_name, const - - if (domain != NULL) { - /* -- * We found a match. Possibly update the SID -+ * We found a match on domain->name or -+ * domain->alt_name. Possibly update the SID -+ * if the stored SID was the NULL SID -+ * and return the matching entry. - */ - if ((sid != NULL) - && dom_sid_equal(&domain->sid, &global_sid_NULL)) { -@@ -192,6 +199,15 @@ static struct winbindd_domain *add_trusted_domain(const char *domain_name, const - sid_copy(&domain->sid, sid); - } - -+ /* Is this our primary domain ? */ -+ if (strequal(domain_name, get_global_sam_name()) && -+ (role != ROLE_DOMAIN_MEMBER)) { -+ domain->primary = true; -+ } else if (strequal(domain_name, lp_workgroup()) && -+ (role == ROLE_DOMAIN_MEMBER)) { -+ domain->primary = true; -+ } -+ - /* Link to domain list */ - DLIST_ADD_END(_domain_list, domain, struct winbindd_domain *); - -@@ -228,6 +244,8 @@ static struct winbindd_domain *add_trusted_domain(const char *domain_name, const - - done: - -+ setup_domain_child(domain); -+ - DEBUG(2,("Added domain %s %s %s\n", - domain->name, domain->alt_name, - &domain->sid?sid_string_dbg(&domain->sid):"")); -@@ -341,18 +359,10 @@ static void trustdom_list_done(struct tevent_req *req) - necessary. This is important because we need the - SID for sibling domains */ - -- if ( find_domain_from_name_noinit(p) != NULL ) { -- domain = add_trusted_domain(p, alternate_name, -- &cache_methods, -- &sid); -- } else { -- domain = add_trusted_domain(p, alternate_name, -- &cache_methods, -- &sid); -- if (domain) { -- setup_domain_child(domain); -- } -- } -+ (void)add_trusted_domain(p, alternate_name, -+ &cache_methods, -+ &sid); -+ - p=q; - if (p != NULL) - p += 1; -@@ -422,13 +432,10 @@ static void rescan_forest_root_trusts( void ) - d = find_domain_from_name_noinit( dom_list[i].domain_name ); - - if ( !d ) { -- d = add_trusted_domain( dom_list[i].domain_name, -+ (void)add_trusted_domain( dom_list[i].domain_name, - dom_list[i].dns_name, - &cache_methods, -- &dom_list[i].sid ); -- if (d != NULL) { -- setup_domain_child(d); -- } -+ &dom_list[i].sid); - } - - if (d == NULL) { -@@ -494,13 +501,10 @@ static void rescan_forest_trusts( void ) - about it */ - - if ( !d ) { -- d = add_trusted_domain( dom_list[i].domain_name, -+ (void)add_trusted_domain( dom_list[i].domain_name, - dom_list[i].dns_name, - &cache_methods, -- &dom_list[i].sid ); -- if (d != NULL) { -- setup_domain_child(d); -- } -+ &dom_list[i].sid); - } - - if (d == NULL) { -@@ -601,7 +605,6 @@ enum winbindd_result winbindd_dual_init_connection(struct winbindd_domain *domai - /* Look up global info for the winbind daemon */ - bool init_domain_list(void) - { -- struct winbindd_domain *domain; - int role = lp_server_role(); - - /* Free existing list */ -@@ -609,26 +612,18 @@ bool init_domain_list(void) - - /* BUILTIN domain */ - -- domain = add_trusted_domain("BUILTIN", NULL, &cache_methods, -- &global_sid_Builtin); -- if (domain) { -- setup_domain_child(domain); -- } -+ (void)add_trusted_domain("BUILTIN", NULL, &cache_methods, -+ &global_sid_Builtin); - - /* Local SAM */ - -- domain = add_trusted_domain(get_global_sam_name(), NULL, -- &cache_methods, get_global_sam_sid()); -- if (domain) { -- if ( role != ROLE_DOMAIN_MEMBER ) { -- domain->primary = True; -- } -- setup_domain_child(domain); -- } -+ (void)add_trusted_domain(get_global_sam_name(), NULL, -+ &cache_methods, get_global_sam_sid()); - - /* Add ourselves as the first entry. */ - - if ( role == ROLE_DOMAIN_MEMBER ) { -+ struct winbindd_domain *domain; - struct dom_sid our_sid; - - if (!secrets_fetch_domain_sid(lp_workgroup(), &our_sid)) { -@@ -639,9 +634,6 @@ bool init_domain_list(void) - domain = add_trusted_domain( lp_workgroup(), lp_realm(), - &cache_methods, &our_sid); - if (domain) { -- domain->primary = True; -- setup_domain_child(domain); -- - /* Even in the parent winbindd we'll need to - talk to the DC, so try and see if we can - contact it. Theoretically this isn't neccessary diff --git a/src/patches/samba/samba-3.6.99-fix_smb_conf_doc.patch b/src/patches/samba/samba-3.6.99-fix_smb_conf_doc.patch deleted file mode 100644 index 3b0d1788d..000000000 --- a/src/patches/samba/samba-3.6.99-fix_smb_conf_doc.patch +++ /dev/null @@ -1,51 +0,0 @@ -From cea644fd24dbbf2e2359fd7b6d361a698660d5eb Mon Sep 17 00:00:00 2001 -From: Andreas Schneider asn@samba.org -Date: Mon, 2 Mar 2015 11:55:01 +0100 -Subject: [PATCH] PATCHSET20: doc-xml: Add 'sharesec' reference to 'access - based share enum' - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=11127 - -Signed-off-by: Andreas Schneider asn@samba.org -Reviewed-by: Michael Adam obnox@samba.org - -Autobuild-User(master): Andreas Schneider asn@cryptomilk.org -Autobuild-Date(master): Mon Mar 2 14:33:33 CET 2015 on sn-devel-104 - -(cherry picked from commit e2ed224653985afa13e906e2a5f3656a18d622c0) -Signed-off-by: Andreas Schneider asn@cryptomilk.org ---- - docs-xml/smbdotconf/security/accessbasedshareenum.xml | 5 ++++- - 1 file changed, 4 insertions(+), 1 deletion(-) - -Index: samba-3.6.23/docs-xml/smbdotconf/security/accessbasedshareenum.xml -=================================================================== ---- samba-3.6.23.orig/docs-xml/smbdotconf/security/accessbasedshareenum.xml -+++ samba-3.6.23/docs-xml/smbdotconf/security/accessbasedshareenum.xml -@@ -7,7 +7,10 @@ - <para>If this parameter is <constant>yes</constant> for a - service, then the share hosted by the service will only be visible - to users who have read or write access to the share during share -- enumeration (for example net view \sambaserver). This has -+ enumeration (for example net view \sambaserver). The share ACLs -+ which allow or deny the access to the share can be modified using -+ for example the <command moreinfo="none">sharesec</command> command -+ or using the appropriate Windows tools. This has - parallels to access based enumeration, the main difference being - that only share permissions are evaluated, and security - descriptors on files contained on the share are not used in -Index: samba-3.6.23/docs/manpages/smb.conf.5 -=================================================================== ---- samba-3.6.23.orig/docs/manpages/smb.conf.5 -+++ samba-3.6.23/docs/manpages/smb.conf.5 -@@ -784,7 +784,9 @@ access based share enum (S) - .RS 4 - If this parameter is - \fByes\fR --for a service, then the share hosted by the service will only be visible to users who have read or write access to the share during share enumeration (for example net view \e\esambaserver)&. This has parallels to access based enumeration, the main difference being that only share permissions are evaluated, and security descriptors on files contained on the share are not used in computing enumeration access rights&. -+for a service, then the share hosted by the service will only be visible to users who have read or write access to the share during share enumeration (for example net view \e\esambaserver)&. The share ACLs which allow or deny the access to the share can be modified using for example the -+sharesec -+command or using the appropriate Windows tools&. This has parallels to access based enumeration, the main difference being that only share permissions are evaluated, and security descriptors on files contained on the share are not used in computing enumeration access rights&. - .sp - Default: - \fI\fIaccess based share enum\fR\fR\fI = \fR\fIno\fR\fI \fR diff --git a/src/patches/samba/samba-3.6.99-fix_smbclient_ntlmv2_auth.patch b/src/patches/samba/samba-3.6.99-fix_smbclient_ntlmv2_auth.patch deleted file mode 100644 index 4f136e505..000000000 --- a/src/patches/samba/samba-3.6.99-fix_smbclient_ntlmv2_auth.patch +++ /dev/null @@ -1,116 +0,0 @@ -From b413a09fa5b927102655a8332e95a64a80e57825 Mon Sep 17 00:00:00 2001 -From: Stefan Metzmacher metze@samba.org -Date: Thu, 21 Jul 2011 21:15:38 +0200 -Subject: [PATCH 1/2] PATCHSET19: s3:libsmb: don't pass cli->called.name to - NTLMv2_generate_names_blob() - -cli->called.name is never initialized, so this change doesn't change -the behavior. And this behavior seems to be correct, see -commit 29c0c37691da10bf061ba90a5b31482bda2fa486 -s4/libcli: do not use netbios name in NTLMv2 blobs w/o spnego. - -metze - -(cherry picked from commit 392ddf970c8f8486e79eec5214ed49912e344e09) ---- - source3/libsmb/cliconnect.c | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) - -diff --git a/source3/libsmb/cliconnect.c b/source3/libsmb/cliconnect.c -index 8653ba7..38ae230 100644 ---- a/source3/libsmb/cliconnect.c -+++ b/source3/libsmb/cliconnect.c -@@ -862,11 +862,11 @@ static struct tevent_req *cli_session_setup_nt1_send( - /* - * note that the 'workgroup' here is a best - * guess - we don't know the server's domain -- * at this point. The 'server name' is also -- * dodgy... -+ * at this point. Windows clients also don't -+ * use hostname... - */ - names_blob = NTLMv2_generate_names_blob( -- NULL, cli->called.name, workgroup); -+ NULL, NULL, workgroup); - - if (tevent_req_nomem(names_blob.data, req)) { - return tevent_req_post(req, ev); --- -2.1.0 - - -From 1415733b6cfeba129e1459ef55a0a12a5dec0fa3 Mon Sep 17 00:00:00 2001 -From: Christian Ambach christian.ambach@de.ibm.com -Date: Thu, 7 Apr 2011 14:05:04 +0200 -Subject: [PATCH 2/2] PATCHSET19: s4/libcli: do not use netbios name in NTLMv2 - blobs w/o spnego - -I have seen domain controllers rejecting NTLMv2 blobs presented to -NetrLogonSamLogonEx with LOGON_FAILURE when the MsvAvNbComputerName -was a FQDN or an IP address - -I have not seen this field in NTLMv2 blobs send by Windows clients -when extended security was not available, so omitting the field -makes Samba similar to Windows. - -This prevents errors with some smbtorture testcases that disable -spnego and when a target name is specified that is not a valid -netbios name. - -Signed-off-by: Andrew Bartlett abartlet@samba.org - -Autobuild-User: Andrew Bartlett abartlet@samba.org -Autobuild-Date: Thu Apr 14 02:19:08 CEST 2011 on sn-devel-104 -(cherry picked from commit 29c0c37691da10bf061ba90a5b31482bda2fa486) ---- - source4/libcli/smb_composite/sesssetup.c | 26 ++++++++++++++++++++++---- - 1 file changed, 22 insertions(+), 4 deletions(-) - -diff --git a/source4/libcli/smb_composite/sesssetup.c b/source4/libcli/smb_composite/sesssetup.c -index e1159a4..ebc3598 100644 ---- a/source4/libcli/smb_composite/sesssetup.c -+++ b/source4/libcli/smb_composite/sesssetup.c -@@ -280,8 +280,17 @@ static NTSTATUS session_setup_nt1(struct composite_context *c, - struct smbcli_request **req) - { - NTSTATUS nt_status = NT_STATUS_INTERNAL_ERROR; -- struct sesssetup_state *state = talloc_get_type(c->private_data, struct sesssetup_state); -- DATA_BLOB names_blob = NTLMv2_generate_names_blob(state, session->transport->socket->hostname, cli_credentials_get_domain(io->in.credentials)); -+ struct sesssetup_state *state = talloc_get_type(c->private_data, -+ struct sesssetup_state); -+ const char *domain = cli_credentials_get_domain(io->in.credentials); -+ -+ /* -+ * domain controllers tend to reject the NTLM v2 blob -+ * if the netbiosname is not valid (e.g. IP address or FQDN) -+ * so just leave it away (as Windows client do) -+ */ -+ DATA_BLOB names_blob = NTLMv2_generate_names_blob(state, NULL, domain); -+ - DATA_BLOB session_key = data_blob(NULL, 0); - int flags = CLI_CRED_NTLM_AUTH; - -@@ -353,9 +362,18 @@ static NTSTATUS session_setup_old(struct composite_context *c, - struct smbcli_request **req) - { - NTSTATUS nt_status; -- struct sesssetup_state *state = talloc_get_type(c->private_data, struct sesssetup_state); -+ struct sesssetup_state *state = talloc_get_type(c->private_data, -+ struct sesssetup_state); - const char *password = cli_credentials_get_password(io->in.credentials); -- DATA_BLOB names_blob = NTLMv2_generate_names_blob(state, session->transport->socket->hostname, cli_credentials_get_domain(io->in.credentials)); -+ const char *domain = cli_credentials_get_domain(io->in.credentials); -+ -+ /* -+ * domain controllers tend to reject the NTLM v2 blob -+ * if the netbiosname is not valid (e.g. IP address or FQDN) -+ * so just leave it away (as Windows client do) -+ */ -+ DATA_BLOB names_blob = NTLMv2_generate_names_blob(state, NULL, domain); -+ - DATA_BLOB session_key; - int flags = 0; - if (session->options.lanman_auth) { --- -2.1.0 - diff --git a/src/patches/samba/samba-3.6.99-fix_stale_printer_entries_on_rename.patch b/src/patches/samba/samba-3.6.99-fix_stale_printer_entries_on_rename.patch deleted file mode 100644 index 3ad3b62ae..000000000 --- a/src/patches/samba/samba-3.6.99-fix_stale_printer_entries_on_rename.patch +++ /dev/null @@ -1,55 +0,0 @@ -From 20d92c8a18beb4af2b9020efed15f5238d86d13c Mon Sep 17 00:00:00 2001 -From: David Disseldorp ddiss@samba.org -Date: Wed, 1 Apr 2015 01:03:13 +0200 -Subject: [PATCH] PATCHSET30 spoolss: purge the printer name cache on name - change -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Currently the name cache is only cleared on printer deletion. This means -that if a printer undergoes a name change, the old name remains in the -cache and can be subsequently used incorrecly if another printer takes -the same name as the old. - -Bug: https://bugzilla.samba.org/show_bug.cgi?id=11210 - -Reported-by: Franz Pförtsch franz.pfoertsch@brose.com -Signed-off-by: David Disseldorp ddiss@samba.org -Reviewed-by: Jeremy Allison jra@samba.org - -Autobuild-User(master): Jeremy Allison jra@samba.org -Autobuild-Date(master): Tue Apr 14 05:37:50 CEST 2015 on sn-devel-104 - -(cherry picked from commit a97507a9a7ba01beead6a621e1210618e93a9f9c) ---- - source3/rpc_server/spoolss/srv_spoolss_nt.c | 6 ++++++ - 1 file changed, 6 insertions(+) - -diff --git a/source3/rpc_server/spoolss/srv_spoolss_nt.c b/source3/rpc_server/spoolss/srv_spoolss_nt.c -index fb8f61f..629bdc2 100644 ---- a/source3/rpc_server/spoolss/srv_spoolss_nt.c -+++ b/source3/rpc_server/spoolss/srv_spoolss_nt.c -@@ -6373,6 +6373,9 @@ static WERROR update_dsspooler(TALLOC_CTX *mem_ctx, - snum, printer->sharename ? - printer->sharename : ""); - } -+ -+ /* name change, purge any cache entries for the old */ -+ prune_printername_cache(); - } - - if (force_update || !strequal(printer->printername, old_printer->printername)) { -@@ -6398,6 +6401,9 @@ static WERROR update_dsspooler(TALLOC_CTX *mem_ctx, - notify_printer_printername(server_event_context(), - msg_ctx, snum, p ? p : ""); - } -+ -+ /* name change, purge any cache entries for the old */ -+ prune_printername_cache(); - } - - if (force_update || !strequal(printer->portname, old_printer->portname)) { --- -2.5.0 - diff --git a/src/patches/samba/samba-3.6.99-fix_symlink_verification.patch b/src/patches/samba/samba-3.6.99-fix_symlink_verification.patch deleted file mode 100644 index 8819849f7..000000000 --- a/src/patches/samba/samba-3.6.99-fix_symlink_verification.patch +++ /dev/null @@ -1,111 +0,0 @@ -From b6192b3cdeaa9eb719ec5da3977af9470504d294 Mon Sep 17 00:00:00 2001 -From: Michael Adam obnox@samba.org -Date: Wed, 23 Dec 2015 18:01:23 +0100 -Subject: [PATCH] s3:smbd: fix a corner case of the symlink verification - -Commit 7606c0db257b3f9d84da5b2bf5fbb4034cc8d77d fixes the -path checks in check_reduced_name[_with_privilege]() to -prevent unintended access via wide links. - -The fix fails to correctly treat a corner case where the share -path is "/". This case is important for some real world -scenarios, notably the use of the glusterfs VFS module: - -For the share path "/", the newly introduced checks deny all -operations in the share. - -This change fixes the checks for the corner case. -The point is that the assumptions on which the original -checks are based are not true for the rootdir "/" case. -This is the case where the rootdir starts _and ends_ with -a slash. Hence a subdirectory does not continue with a -slash after the rootdir, since the candidate path has -been normalized. - -This fix just omits the string comparison and the -next character checks in the case of rootdir "/", -which is correct because we know that the candidate -path is normalized and hence starts with a '/'. - -The patch is fairly minimal, but changes indentation, -hence best viewed with 'git show -w'. - -A side effect is that the rootdir="/" case needs -one strncmp less. - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=11647 - -Pair-Programmed-With: Jose A. Rivera jarrpa@samba.org - -Signed-off-by: Michael Adam obnox@samba.org -Signed-off-by: Jose A. Rivera jarrpa@samba.org -Reviewed-by: Jeremy Allison jra@samba.org - -Autobuild-User(master): Michael Adam obnox@samba.org -Autobuild-Date(master): Thu Dec 24 00:57:31 CET 2015 on sn-devel-144 - -(cherry picked from commit ada59ec7b3a5ed0478d11da2fe0c90991d137288) ---- - source3/smbd/vfs.c | 39 +++++++++++++++++++++++++++------------ - 1 file changed, 27 insertions(+), 12 deletions(-) - -diff --git a/source3/smbd/vfs.c b/source3/smbd/vfs.c -index bd93b7f..2b8000d 100644 ---- a/source3/smbd/vfs.c -+++ b/source3/smbd/vfs.c -@@ -982,7 +982,6 @@ NTSTATUS check_reduced_name(connection_struct *conn, const char *fname) - if (!allow_widelinks || !allow_symlinks) { - const char *conn_rootdir; - size_t rootdir_len; -- bool matched; - - conn_rootdir = SMB_VFS_CONNECTPATH(conn, fname); - if (conn_rootdir == NULL) { -@@ -993,17 +992,33 @@ NTSTATUS check_reduced_name(connection_struct *conn, const char *fname) - } - - rootdir_len = strlen(conn_rootdir); -- matched = (strncmp(conn_rootdir, resolved_name, -- rootdir_len) == 0); -- if (!matched || (resolved_name[rootdir_len] != '/' && -- resolved_name[rootdir_len] != '\0')) { -- DEBUG(2, ("check_reduced_name: Bad access " -- "attempt: %s is a symlink outside the " -- "share path\n", fname)); -- DEBUGADD(2, ("conn_rootdir =%s\n", conn_rootdir)); -- DEBUGADD(2, ("resolved_name=%s\n", resolved_name)); -- SAFE_FREE(resolved_name); -- return NT_STATUS_ACCESS_DENIED; -+ -+ /* -+ * In the case of rootdir_len == 1, we know that -+ * conn_rootdir is "/", and we also know that -+ * resolved_name starts with a slash. So, in this -+ * corner case, resolved_name is automatically a -+ * sub-directory of the conn_rootdir. Thus we can skip -+ * the string comparison and the next character checks -+ * (which are even wrong in this case). -+ */ -+ if (rootdir_len != 1) { -+ bool matched; -+ -+ matched = (strncmp(conn_rootdir, resolved_name, -+ rootdir_len) == 0); -+ if (!matched || (resolved_name[rootdir_len] != '/' && -+ resolved_name[rootdir_len] != '\0')) { -+ DEBUG(2, ("check_reduced_name: Bad access " -+ "attempt: %s is a symlink outside the " -+ "share path\n", fname)); -+ DEBUGADD(2, ("conn_rootdir =%s\n", -+ conn_rootdir)); -+ DEBUGADD(2, ("resolved_name=%s\n", -+ resolved_name)); -+ SAFE_FREE(resolved_name); -+ return NT_STATUS_ACCESS_DENIED; -+ } - } - - /* Extra checks if all symlinks are disallowed. */ --- -2.5.0 - diff --git a/src/patches/samba/samba-3.6.99-fix_usergroup_cache_lookup.patch b/src/patches/samba/samba-3.6.99-fix_usergroup_cache_lookup.patch deleted file mode 100644 index a30494e29..000000000 --- a/src/patches/samba/samba-3.6.99-fix_usergroup_cache_lookup.patch +++ /dev/null @@ -1,397 +0,0 @@ -From 72494e601ee6027873494f7ee7aff03d9170e3eb Mon Sep 17 00:00:00 2001 -From: Jeremy Allison jra@samba.org -Date: Mon, 16 Jun 2014 22:49:29 -0700 -Subject: [PATCH 1/5] PATCHSET21: s3: auth: Add some const to the struct - netr_SamInfo3 * arguments of copy_netr_SamInfo3() and - make_server_info_info3() - -Both functions only read from the struct netr_SamInfo3 * argument. - -Signed-off-by: Jeremy Allison jra@samba.org -Reviewed-by: Richard Sharpe realrichardsharpe@gmail.com -Reviewed-by: Simo Sorce idra@samba.org -(cherry picked from commit c2411767adb5ce48a4619349075f6f8faae41aab) - -Conflicts: - source3/auth/proto.h ---- - source3/auth/auth_util.c | 2 +- - source3/auth/proto.h | 4 ++-- - source3/auth/server_info.c | 2 +- - 3 files changed, 4 insertions(+), 4 deletions(-) - -diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c -index 1f1fed9..a548b7b 100644 ---- a/source3/auth/auth_util.c -+++ b/source3/auth/auth_util.c -@@ -1195,7 +1195,7 @@ NTSTATUS make_server_info_info3(TALLOC_CTX *mem_ctx, - const char *sent_nt_username, - const char *domain, - struct auth_serversupplied_info **server_info, -- struct netr_SamInfo3 *info3) -+ const struct netr_SamInfo3 *info3) - { - static const char zeros[16] = {0, }; - -diff --git a/source3/auth/proto.h b/source3/auth/proto.h -index fccabc4..c851722 100644 ---- a/source3/auth/proto.h -+++ b/source3/auth/proto.h -@@ -173,7 +173,7 @@ NTSTATUS make_server_info_info3(TALLOC_CTX *mem_ctx, - const char *sent_nt_username, - const char *domain, - struct auth_serversupplied_info **server_info, -- struct netr_SamInfo3 *info3); -+ const struct netr_SamInfo3 *info3); - struct wbcAuthUserInfo; - NTSTATUS make_server_info_wbcAuthUserInfo(TALLOC_CTX *mem_ctx, - const char *sent_nt_username, -@@ -233,7 +233,7 @@ NTSTATUS passwd_to_SamInfo3(TALLOC_CTX *mem_ctx, - const struct passwd *pwd, - struct netr_SamInfo3 **pinfo3); - struct netr_SamInfo3 *copy_netr_SamInfo3(TALLOC_CTX *mem_ctx, -- struct netr_SamInfo3 *orig); -+ const struct netr_SamInfo3 *orig); - struct netr_SamInfo3 *wbcAuthUserInfo_to_netr_SamInfo3(TALLOC_CTX *mem_ctx, - const struct wbcAuthUserInfo *info); - -diff --git a/source3/auth/server_info.c b/source3/auth/server_info.c -index e627892..63b4989 100644 ---- a/source3/auth/server_info.c -+++ b/source3/auth/server_info.c -@@ -632,7 +632,7 @@ done: - } } while(0) - - struct netr_SamInfo3 *copy_netr_SamInfo3(TALLOC_CTX *mem_ctx, -- struct netr_SamInfo3 *orig) -+ const struct netr_SamInfo3 *orig) - { - struct netr_SamInfo3 *info3; - unsigned int i; --- -2.1.0 - - -From 1afd41a9cc31acdff66ab084ba89913c8a239a0f Mon Sep 17 00:00:00 2001 -From: Jeremy Allison jra@samba.org -Date: Mon, 16 Jun 2014 22:54:45 -0700 -Subject: [PATCH 2/5] PATCHSET21: s3: auth: Change make_server_info_info3() to - take a const struct netr_SamInfo3 pointer instead of a struct PAC_LOGON_INFO. - -make_server_info_info3() only reads from the info3 pointer. - -Signed-off-by: Jeremy Allison jra@samba.org -Reviewed-by: Richard Sharpe realrichardsharpe@gmail.com -Reviewed-by: Simo Sorce idra@samba.org -(cherry picked from commit 527f7b54388713acaaf7b66c718cc0f7114fc368) - -Conflicts: - source3/auth/auth_generic.c - source3/auth/proto.h - source3/auth/user_krb5.c ---- - source3/auth/proto.h | 2 +- - source3/auth/user_krb5.c | 8 ++++---- - 2 files changed, 5 insertions(+), 5 deletions(-) - -diff --git a/source3/auth/proto.h b/source3/auth/proto.h -index c851722..0ab32a7 100644 ---- a/source3/auth/proto.h -+++ b/source3/auth/proto.h -@@ -305,7 +305,7 @@ NTSTATUS make_server_info_krb5(TALLOC_CTX *mem_ctx, - char *ntdomain, - char *username, - struct passwd *pw, -- struct PAC_LOGON_INFO *logon_info, -+ const struct netr_SamInfo3 *info3, - bool mapped_to_guest, - struct auth_serversupplied_info **server_info); - -diff --git a/source3/auth/user_krb5.c b/source3/auth/user_krb5.c -index 1e5254e..fde2f48 100644 ---- a/source3/auth/user_krb5.c -+++ b/source3/auth/user_krb5.c -@@ -184,7 +184,7 @@ NTSTATUS make_server_info_krb5(TALLOC_CTX *mem_ctx, - char *ntdomain, - char *username, - struct passwd *pw, -- struct PAC_LOGON_INFO *logon_info, -+ const struct netr_SamInfo3 *info3, - bool mapped_to_guest, - struct auth_serversupplied_info **server_info) - { -@@ -198,14 +198,14 @@ NTSTATUS make_server_info_krb5(TALLOC_CTX *mem_ctx, - return status; - } - -- } else if (logon_info) { -+ } else if (info3) { - /* pass the unmapped username here since map_username() - will be called again in make_server_info_info3() */ - - status = make_server_info_info3(mem_ctx, - ntuser, ntdomain, - server_info, -- &logon_info->info3); -+ info3); - if (!NT_STATUS_IS_OK(status)) { - DEBUG(1, ("make_server_info_info3 failed: %s!\n", - nt_errstr(status))); -@@ -284,7 +284,7 @@ NTSTATUS make_server_info_krb5(TALLOC_CTX *mem_ctx, - char *ntdomain, - char *username, - struct passwd *pw, -- struct PAC_LOGON_INFO *logon_info, -+ const struct netr_SamInfo3 *info3, - bool mapped_to_guest, - struct auth_serversupplied_info **server_info) - { --- -2.1.0 - - -From 08bf07ec03537aedbd7beb359cf9274be2882edf Mon Sep 17 00:00:00 2001 -From: Jeremy Allison jra@samba.org -Date: Mon, 16 Jun 2014 23:11:58 -0700 -Subject: [PATCH 3/5] PATCHSET21: s3: auth: Add - create_info3_from_pac_logon_info() to create a new info3 and merge resource - group SIDs into it. - -Originally written by Richard Sharpe Richard Sharpe realrichardsharpe@gmail.com. - -Signed-off-by: Jeremy Allison jra@samba.org -Reviewed-by: Richard Sharpe realrichardsharpe@gmail.com -Reviewed-by: Simo Sorce idra@samba.org -(cherry picked from commit db775c68ccbed0252abf092b5cb811e8f5fa9bb6) ---- - source3/auth/proto.h | 5 ++- - source3/auth/server_info.c | 78 ++++++++++++++++++++++++++++++++++++++++++++++ - 2 files changed, 82 insertions(+), 1 deletion(-) - -diff --git a/source3/auth/proto.h b/source3/auth/proto.h -index 0ab32a7..4335cf8 100644 ---- a/source3/auth/proto.h -+++ b/source3/auth/proto.h -@@ -209,6 +209,7 @@ NTSTATUS auth_winbind_init(void); - struct netr_SamInfo2; - struct netr_SamInfo3; - struct netr_SamInfo6; -+struct PAC_LOGON_INFO; - - struct auth_serversupplied_info *make_server_info(TALLOC_CTX *mem_ctx); - NTSTATUS serverinfo_to_SamInfo2(struct auth_serversupplied_info *server_info, -@@ -223,6 +224,9 @@ NTSTATUS serverinfo_to_SamInfo6(struct auth_serversupplied_info *server_info, - uint8_t *pipe_session_key, - size_t pipe_session_key_len, - struct netr_SamInfo6 *sam6); -+NTSTATUS create_info3_from_pac_logon_info(TALLOC_CTX *mem_ctx, -+ const struct PAC_LOGON_INFO *logon_info, -+ struct netr_SamInfo3 **pp_info3); - NTSTATUS samu_to_SamInfo3(TALLOC_CTX *mem_ctx, - struct samu *samu, - const char *login_server, -@@ -289,7 +293,6 @@ bool user_in_netgroup(TALLOC_CTX *ctx, const char *user, const char *ngname); - bool user_in_list(TALLOC_CTX *ctx, const char *user,const char **list); - - /* The following definitions come from auth/user_krb5.c */ --struct PAC_LOGON_INFO; - NTSTATUS get_user_from_kerberos_info(TALLOC_CTX *mem_ctx, - const char *cli_name, - const char *princ_name, -diff --git a/source3/auth/server_info.c b/source3/auth/server_info.c -index 63b4989..1fd9317 100644 ---- a/source3/auth/server_info.c -+++ b/source3/auth/server_info.c -@@ -21,6 +21,7 @@ - #include "auth.h" - #include "../lib/crypto/arcfour.h" - #include "../librpc/gen_ndr/netlogon.h" -+#include "../librpc/gen_ndr/krb5pac.h" - #include "../libcli/security/security.h" - #include "rpc_client/util_netlogon.h" - #include "nsswitch/libwbclient/wbclient.h" -@@ -293,6 +294,83 @@ static NTSTATUS group_sids_to_info3(struct netr_SamInfo3 *info3, - return NT_STATUS_OK; - } - -+/* -+ * Merge resource SIDs, if any, into the passed in info3 structure. -+ */ -+ -+static NTSTATUS merge_resource_sids(const struct PAC_LOGON_INFO *logon_info, -+ struct netr_SamInfo3 *info3) -+{ -+ uint32_t i = 0; -+ -+ if (!(logon_info->info3.base.user_flags & NETLOGON_RESOURCE_GROUPS)) { -+ return NT_STATUS_OK; -+ } -+ -+ /* -+ * If there are any resource groups (SID Compression) add -+ * them to the extra sids portion of the info3 in the PAC. -+ * -+ * This makes the info3 look like it would if we got the info -+ * from the DC rather than the PAC. -+ */ -+ -+ /* -+ * Construct a SID for each RID in the list and then append it -+ * to the info3. -+ */ -+ for (i = 0; i < logon_info->res_groups.count; i++) { -+ NTSTATUS status; -+ struct dom_sid new_sid; -+ uint32_t attributes = logon_info->res_groups.rids[i].attributes; -+ -+ sid_compose(&new_sid, -+ logon_info->res_group_dom_sid, -+ logon_info->res_groups.rids[i].rid); -+ -+ DEBUG(10, ("Adding SID %s to extra SIDS\n", -+ sid_string_dbg(&new_sid))); -+ -+ status = append_netr_SidAttr(info3, &info3->sids, -+ &info3->sidcount, -+ &new_sid, -+ attributes); -+ if (!NT_STATUS_IS_OK(status)) { -+ DEBUG(1, ("failed to append SID %s to extra SIDS: %s\n", -+ sid_string_dbg(&new_sid), -+ nt_errstr(status))); -+ return status; -+ } -+ } -+ -+ return NT_STATUS_OK; -+} -+ -+/* -+ * Create a copy of an info3 struct from the struct PAC_LOGON_INFO, -+ * then merge resource SIDs, if any, into it. If successful return -+ * the created info3 struct. -+ */ -+ -+NTSTATUS create_info3_from_pac_logon_info(TALLOC_CTX *mem_ctx, -+ const struct PAC_LOGON_INFO *logon_info, -+ struct netr_SamInfo3 **pp_info3) -+{ -+ NTSTATUS status; -+ struct netr_SamInfo3 *info3 = copy_netr_SamInfo3(mem_ctx, -+ &logon_info->info3); -+ if (info3 == NULL) { -+ return NT_STATUS_NO_MEMORY; -+ } -+ status = merge_resource_sids(logon_info, info3); -+ if (!NT_STATUS_IS_OK(status)) { -+ TALLOC_FREE(info3); -+ return status; -+ } -+ *pp_info3 = info3; -+ return NT_STATUS_OK; -+} -+ - #define RET_NOMEM(ptr) do { \ - if (!ptr) { \ - TALLOC_FREE(info3); \ --- -2.1.0 - - -From 86d58108db53958f05d559b2d2a20185ef2deb55 Mon Sep 17 00:00:00 2001 -From: Andreas Schneider asn@cryptomilk.org -Date: Wed, 4 Mar 2015 17:45:39 +0100 -Subject: [PATCH 4/5] PATCHSET21: s3-winbind: Merge resource groups from a - trusted PAC into the sid array. - -This is a backport of db775c68ccbed0252abf092b5cb811e8f5fa9bb6. ---- - source3/winbindd/winbindd_pam.c | 10 +++++++++- - 1 file changed, 9 insertions(+), 1 deletion(-) - -diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winbindd_pam.c -index 5316232..b1838a6 100644 ---- a/source3/winbindd/winbindd_pam.c -+++ b/source3/winbindd/winbindd_pam.c -@@ -546,6 +546,7 @@ static NTSTATUS winbindd_raw_kerberos_login(TALLOC_CTX *mem_ctx, - time_t time_offset = 0; - const char *user_ccache_file; - struct PAC_LOGON_INFO *logon_info = NULL; -+ struct netr_SamInfo3 *info3_copy = NULL; - - *info3 = NULL; - -@@ -624,7 +625,14 @@ static NTSTATUS winbindd_raw_kerberos_login(TALLOC_CTX *mem_ctx, - goto failed; - } - -- *info3 = &logon_info->info3; -+ result = create_info3_from_pac_logon_info(mem_ctx, -+ logon_info, -+ &info3_copy); -+ if (!NT_STATUS_IS_OK(result)) { -+ return result; -+ } -+ -+ *info3 = info3_copy; - - DEBUG(10,("winbindd_raw_kerberos_login: winbindd validated ticket of %s\n", - principal_s)); --- -2.1.0 - - -From 40731d512ba1ee0502bdbdd831c4154f967d9f3e Mon Sep 17 00:00:00 2001 -From: Michael Adam obnox@samba.org -Date: Mon, 9 Mar 2015 15:15:37 +0100 -Subject: [PATCH 5/5] PATCHSET21: s3-winbind: Fix chached user group lookup of - trusted domains. - -If a user group lookup has aleady been done before with a machine -account we did always return the incomplete information from the cache. -This patch makes sure we return the correct group information from the -netsamlogon cache. - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=11143 - -Pair-Programmed-With: Andreas Schneider asn@samba.org -Signed-off-by: Michael Adam obnox@samba.org -Signed-off-by: Andreas Schneider asn@samba.org -Reviewed-by: Volker Lendecke vl@samba.org - -(cherry picked from commit f5d0204bfa1eb641fe7697613c1f773b6a7e65de) ---- - source3/winbindd/wb_lookupusergroups.c | 11 +++++++++++ - 1 file changed, 11 insertions(+) - -diff --git a/source3/winbindd/wb_lookupusergroups.c b/source3/winbindd/wb_lookupusergroups.c -index aeffc17..1bb7081 100644 ---- a/source3/winbindd/wb_lookupusergroups.c -+++ b/source3/winbindd/wb_lookupusergroups.c -@@ -37,6 +37,7 @@ struct tevent_req *wb_lookupusergroups_send(TALLOC_CTX *mem_ctx, - { - struct tevent_req *req, *subreq; - struct wb_lookupusergroups_state *state; -+ NTSTATUS status; - - req = tevent_req_create(mem_ctx, &state, - struct wb_lookupusergroups_state); -@@ -45,6 +46,16 @@ struct tevent_req *wb_lookupusergroups_send(TALLOC_CTX *mem_ctx, - } - sid_copy(&state->sid, sid); - -+ status = lookup_usergroups_cached(NULL, -+ state, -+ &state->sid, -+ &state->sids.num_sids, -+ &state->sids.sids); -+ if (NT_STATUS_IS_OK(status)) { -+ tevent_req_done(req); -+ return tevent_req_post(req, ev); -+ } -+ - subreq = dcerpc_wbint_LookupUserGroups_send( - state, ev, dom_child_handle(domain), &state->sid, &state->sids); - if (tevent_req_nomem(subreq, req)) { --- -2.1.0 diff --git a/src/patches/samba/samba-3.6.99-fix_winbind_cache_memory_leak.patch b/src/patches/samba/samba-3.6.99-fix_winbind_cache_memory_leak.patch deleted file mode 100644 index d25f9ff54..000000000 --- a/src/patches/samba/samba-3.6.99-fix_winbind_cache_memory_leak.patch +++ /dev/null @@ -1,29 +0,0 @@ -From 7aa2d48a4952980316dc0418d79053cfc9fea2ed Mon Sep 17 00:00:00 2001 -From: Volker Lendecke vl@samba.org -Date: Sun, 20 Oct 2013 17:25:27 +0200 -Subject: [PATCH] winbind3: Fix CID 241468 Resource leak - -We were leaking centry in this error case - -Signed-off-by: Volker Lendecke vl@samba.org -Reviewed-by: Jeremy Allison jra@samba.org -(cherry picked from commit 71c8cd19cf079c7e1462a9ca4432725e3623f7cd) ---- - source3/winbindd/winbindd_cache.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/source3/winbindd/winbindd_cache.c b/source3/winbindd/winbindd_cache.c -index 82c8087..00bd034 100644 ---- a/source3/winbindd/winbindd_cache.c -+++ b/source3/winbindd/winbindd_cache.c -@@ -2076,6 +2076,7 @@ static NTSTATUS rids_to_names(struct winbindd_domain *domain, - } else { - /* something's definitely wrong */ - result = centry->status; -+ centry_free(centry); - goto error; - } - --- -2.5.5 - diff --git a/src/patches/samba/samba-3.6.99-idmap_ad_memleak.patch b/src/patches/samba/samba-3.6.99-idmap_ad_memleak.patch deleted file mode 100644 index 554a6c942..000000000 --- a/src/patches/samba/samba-3.6.99-idmap_ad_memleak.patch +++ /dev/null @@ -1,28 +0,0 @@ -commit d88c59d3690e7c14edfc99411479c245de62e3aa -Author: Andreas Schneider asn@samba.org -AuthorDate: Wed Oct 5 10:32:16 2016 +0200 -Commit: Andreas Schneider asn@samba.org -CommitDate: Wed Oct 5 10:32:16 2016 +0200 - - s3-winbind: Fix memory leak in ad_idmap_cached_connection_internal() - - Signed-off-by: Andreas Schneider asn@samba.org ---- - source3/winbindd/idmap_ad.c | 4 +++- - 1 file changed, 3 insertions(+), 1 deletion(-) - -diff --git a/source3/winbindd/idmap_ad.c b/source3/winbindd/idmap_ad.c -index 2b35a4f..2b21051 100644 ---- a/source3/winbindd/idmap_ad.c -+++ b/source3/winbindd/idmap_ad.c -@@ -127,7 +127,9 @@ static ADS_STATUS ad_idmap_cached_connection_internal(struct idmap_domain *dom) - realm = wb_dom->alt_name; - } - -- if ( (ads = ads_init(realm, dom->name, ldap_server)) == NULL ) { -+ ads = ads_init(realm, dom->name, ldap_server); -+ SAFE_FREE(ldap_server); -+ if (ads == NULL) { - DEBUG(1,("ads_init failed\n")); - return ADS_ERROR_NT(NT_STATUS_NO_MEMORY); - } diff --git a/src/patches/samba/samba-3.6.99-libsmb_fix_dfs_connections.patch b/src/patches/samba/samba-3.6.99-libsmb_fix_dfs_connections.patch deleted file mode 100644 index dccd3a7fa..000000000 --- a/src/patches/samba/samba-3.6.99-libsmb_fix_dfs_connections.patch +++ /dev/null @@ -1,47 +0,0 @@ -From 8368c6336f557220d6b2a088e291c5ce61f80f9e Mon Sep 17 00:00:00 2001 -From: Jeremy Allison jra@samba.org -Date: Wed, 16 Dec 2015 11:04:20 -0800 -Subject: [PATCH] s3: libsmb: Correctly initialize the list head when keeping a - list of primary followed by DFS connections. - -Greatly helped by shargagan@novell.com to -track down this issue. - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=11624 - -Signed-off-by: Jeremy Allison jra@samba.org -Reviewed-by: Volker Lendecke vl@samba.org - -Autobuild-User(master): Volker Lendecke vl@samba.org -Autobuild-Date(master): Fri Dec 18 01:02:55 CET 2015 on sn-devel-144 - -(cherry picked from commit d7feb1879ee711598540049c2c5eccc80fd6f1e5) ---- - source3/libsmb/libsmb_server.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/source3/libsmb/libsmb_server.c b/source3/libsmb/libsmb_server.c -index 45be660..e7416e0 100644 ---- a/source3/libsmb/libsmb_server.c -+++ b/source3/libsmb/libsmb_server.c -@@ -634,7 +634,7 @@ again: - } - - ZERO_STRUCTP(srv); -- srv->cli = c; -+ DLIST_ADD(srv->cli, c); - srv->dev = (dev_t)(str_checksum(server) ^ str_checksum(share)); - srv->no_pathinfo = False; - srv->no_pathinfo2 = False; -@@ -821,7 +821,7 @@ SMBC_attr_server(TALLOC_CTX *ctx, - } - - ZERO_STRUCTP(ipc_srv); -- ipc_srv->cli = ipc_cli; -+ DLIST_ADD(ipc_srv->cli, ipc_cli); - - nt_status = cli_rpc_pipe_open_noauth( - ipc_srv->cli, &ndr_table_lsarpc.syntax_id, &pipe_hnd); --- -2.7.4 - diff --git a/src/patches/samba/samba-3.6.99-net_ads_join_no_dns_updates.patch b/src/patches/samba/samba-3.6.99-net_ads_join_no_dns_updates.patch deleted file mode 100644 index 3d496975f..000000000 --- a/src/patches/samba/samba-3.6.99-net_ads_join_no_dns_updates.patch +++ /dev/null @@ -1,101 +0,0 @@ -From df1da96d7f9a11ee1029c1bb55a40255ea63267c Mon Sep 17 00:00:00 2001 -From: Michael Adam obnox@samba.org -Date: Wed, 6 Jan 2016 11:04:16 +0100 -Subject: [PATCH] PATCHSET35 net: add option --no-dns-updates for net ads join - -If called with this option, 'net ads join' will not attempt -to perform dns updates. - -Backported for Samba 3.6 from master patches: - - ae81a40b1193ef93add61666ace6fff1a1e0676a - d7a617f2f00c4a2b5294523fa651915c85de0d8b - -Signed-off-by: Michael Adam obnox@samba.org ---- - docs-xml/manpages-3/net.8.xml | 9 ++++++++- - source3/utils/net.c | 2 ++ - source3/utils/net.h | 2 ++ - source3/utils/net_ads.c | 6 +++++- - 4 files changed, 17 insertions(+), 2 deletions(-) - -diff --git a/docs-xml/manpages-3/net.8.xml b/docs-xml/manpages-3/net.8.xml -index 65f1272..cff3594 100644 ---- a/docs-xml/manpages-3/net.8.xml -+++ b/docs-xml/manpages-3/net.8.xml -@@ -135,6 +135,13 @@ - </para></listitem> - </varlistentry> - -+ <varlistentry> -+ <term>--no-dns-updates</term> -+ <listitem><para>Do not perform DNS updates as part of -+ "net ads join". -+ </para></listitem> -+ </varlistentry> -+ - &stdarg.server.debug; - </variablelist> - </refsect1> -@@ -194,7 +201,7 @@ the remote server using <command>/bin/date</command>. </para> - </refsect2> - - <refsect2> --<title>[RPC|ADS] JOIN [TYPE] [-U username[%password]] [createupn=UPN] [createcomputer=OU] [options]</title> -+<title>[RPC|ADS] JOIN [TYPE] [--no-dns-updates] [-U username[%password]] [createupn=UPN] [createcomputer=OU] [options]</title> - - <para> - Join a domain. If the account already exists on the server, and -diff --git a/source3/utils/net.c b/source3/utils/net.c -index c53b285..3a95f7e 100644 ---- a/source3/utils/net.c -+++ b/source3/utils/net.c -@@ -820,6 +820,8 @@ static struct functable net_func[] = { - {"lock", 0, POPT_ARG_NONE, &c->opt_lock}, - {"auto", 'a', POPT_ARG_NONE, &c->opt_auto}, - {"repair", 0, POPT_ARG_NONE, &c->opt_repair}, -+ /* Options for 'net ads join' */ -+ {"no-dns-updates", 0, POPT_ARG_NONE, &c->opt_no_dns_updates}, - POPT_COMMON_SAMBA - { 0, 0, 0, 0} - }; -diff --git a/source3/utils/net.h b/source3/utils/net.h -index 1d1559f..adddf34 100644 ---- a/source3/utils/net.h -+++ b/source3/utils/net.h -@@ -81,6 +81,8 @@ struct net_context { - int opt_auto; - int opt_repair; - -+ int opt_no_dns_updates; -+ - int opt_have_ip; - struct sockaddr_storage opt_dest_ip; - bool smb_encrypt; -diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c -index 816349d..5c541f3 100644 ---- a/source3/utils/net_ads.c -+++ b/source3/utils/net_ads.c -@@ -1296,7 +1296,7 @@ static NTSTATUS net_update_dns(struct net_context *c, TALLOC_CTX *mem_ctx, ADS_S - - static int net_ads_join_usage(struct net_context *c, int argc, const char **argv) - { -- d_printf(_("net ads join [options]\n" -+ d_printf(_("net ads join [--no-dns-updates] [options]\n" - "Valid options:\n")); - d_printf(_(" createupn[=UPN] Set the userPrincipalName attribute during the join.\n" - " The deault UPN is in the form host/netbiosname@REALM.\n")); -@@ -1455,6 +1455,10 @@ int net_ads_join(struct net_context *c, int argc, const char **argv) - } - - #if defined(WITH_DNS_UPDATES) -+ if (c->opt_no_dns_updates) { -+ goto done; -+ } -+ - /* - * In a clustered environment, don't do dynamic dns updates: - * Registering the set of ip addresses that are assigned to --- -2.5.0 - diff --git a/src/patches/samba/samba-3.6.99-nt_printer_publish_guid.patch b/src/patches/samba/samba-3.6.99-nt_printer_publish_guid.patch deleted file mode 100644 index 820d136cd..000000000 --- a/src/patches/samba/samba-3.6.99-nt_printer_publish_guid.patch +++ /dev/null @@ -1,620 +0,0 @@ -From 892d163635563a3505fcde2d3439a2f6b1af92a7 Mon Sep 17 00:00:00 2001 -From: David Disseldorp ddiss@samba.org -Date: Thu, 18 Dec 2014 18:18:21 +0100 -Subject: [PATCH 1/4] PATCHSET16: printing: split out printer DN and GUID - retrieval - -This functions are used for printer publishing. - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=11018 - -Pair-programmed-with: Andreas Schneider asn@samba.org -Signed-off-by: David Disseldorp ddiss@samba.org -Signed-off-by: Andreas Schneider asn@samba.org -Reviewed-by: Guenther Deschner gd@samba.org -(cherry picked from commit 7cabd89789a50d37fc32735968c493092a37e69f) ---- - source3/printing/nt_printing_ads.c | 209 ++++++++++++++++++++++++------------- - 1 file changed, 137 insertions(+), 72 deletions(-) - -diff --git a/source3/printing/nt_printing_ads.c b/source3/printing/nt_printing_ads.c -index bf309b0..25e1ab6 100644 ---- a/source3/printing/nt_printing_ads.c -+++ b/source3/printing/nt_printing_ads.c -@@ -87,6 +87,128 @@ done: - talloc_free(tmp_ctx); - } - -+static WERROR nt_printer_dn_lookup(TALLOC_CTX *mem_ctx, -+ ADS_STRUCT *ads, -+ const char *printer, -+ char **pprinter_dn) -+{ -+ char *printer_dn = NULL; -+ char *srv_dn = NULL; -+ char *srv_cn_0 = NULL; -+ char *srv_cn_escaped = NULL; -+ char *sharename_escaped = NULL; -+ char *srv_dn_utf8 = NULL; -+ char **srv_cn_utf8 = NULL; -+ size_t converted_size; -+ ADS_STATUS ads_status; -+ LDAPMessage *res; -+ WERROR result; -+ bool ok; -+ -+ ads_status = ads_find_machine_acct(ads, &res, global_myname()); -+ if (!ADS_ERR_OK(ads_status)) { -+ DEBUG(2, ("Failed to find machine account for %s\n", -+ global_myname())); -+ result = WERR_NOT_FOUND; -+ goto err_out; -+ } -+ -+ /* -+ * We use ldap_get_dn here as we need the answer in utf8 to call -+ * ldap_explode_dn(). JRA. -+ */ -+ srv_dn_utf8 = ldap_get_dn((LDAP *)ads->ldap.ld, (LDAPMessage *)res); -+ ads_msgfree(ads, res); -+ if (srv_dn_utf8 == NULL) { -+ result = WERR_SERVER_UNAVAILABLE; -+ goto err_out; -+ } -+ -+ srv_cn_utf8 = ldap_explode_dn(srv_dn_utf8, 1); -+ if (srv_cn_utf8 == NULL) { -+ ldap_memfree(srv_dn_utf8); -+ result = WERR_SERVER_UNAVAILABLE; -+ goto err_out; -+ } -+ -+ /* Now convert to CH_UNIX. */ -+ ok = pull_utf8_talloc(mem_ctx, &srv_dn, srv_dn_utf8, &converted_size); -+ ldap_memfree(srv_dn_utf8); -+ if (!ok) { -+ ldap_memfree(srv_cn_utf8); -+ result = WERR_SERVER_UNAVAILABLE; -+ goto err_out; -+ } -+ -+ ok = pull_utf8_talloc(mem_ctx, &srv_cn_0, srv_cn_utf8[0], &converted_size); -+ ldap_memfree(srv_cn_utf8); -+ if (!ok) { -+ result = WERR_SERVER_UNAVAILABLE; -+ goto err_out; -+ } -+ -+ srv_cn_escaped = escape_rdn_val_string_alloc(srv_cn_0); -+ if (srv_cn_escaped == NULL) { -+ result = WERR_SERVER_UNAVAILABLE; -+ goto err_out; -+ } -+ -+ sharename_escaped = escape_rdn_val_string_alloc(printer); -+ if (sharename_escaped == NULL) { -+ result = WERR_SERVER_UNAVAILABLE; -+ goto err_out; -+ } -+ -+ printer_dn = talloc_asprintf(mem_ctx, -+ "cn=%s-%s,%s", -+ srv_cn_escaped, -+ sharename_escaped, -+ srv_dn); -+ if (printer_dn == NULL) { -+ result = WERR_NOMEM; -+ goto err_out; -+ } -+ -+ *pprinter_dn = printer_dn; -+ -+ result = WERR_OK; -+err_out: -+ SAFE_FREE(sharename_escaped); -+ SAFE_FREE(srv_cn_escaped); -+ TALLOC_FREE(srv_cn_0); -+ TALLOC_FREE(srv_dn); -+ return result; -+} -+ -+static WERROR nt_printer_guid_retrieve_internal(ADS_STRUCT *ads, -+ const char *printer_dn, -+ struct GUID *pguid) -+{ -+ ADS_STATUS ads_status; -+ LDAPMessage *res; -+ const char *attrs[] = {"objectGUID", NULL}; -+ struct GUID guid; -+ bool ok; -+ -+ ads_status = ads_search_dn(ads, &res, printer_dn, attrs); -+ if (!ADS_ERR_OK(ads_status)) { -+ DEBUG(2, ("Failed to retrieve GUID from DC - %s\n", -+ ads_errstr(ads_status))); -+ return WERR_BADFILE; -+ } -+ -+ ZERO_STRUCT(guid); -+ ok = ads_pull_guid(ads, res, &guid); -+ ads_msgfree(ads, res); -+ if (!ok) { -+ return WERR_NOMEM; -+ } -+ -+ *pguid = guid; -+ -+ return WERR_OK; -+} -+ - WERROR nt_printer_guid_get(TALLOC_CTX *mem_ctx, - const struct auth_serversupplied_info *session_info, - struct messaging_context *msg_ctx, -@@ -246,16 +368,12 @@ static WERROR nt_printer_publish_ads(struct messaging_context *msg_ctx, - struct spoolss_PrinterInfo2 *pinfo2) - { - ADS_STATUS ads_rc; -- LDAPMessage *res; -- char *prt_dn = NULL, *srv_dn, *srv_cn_0, *srv_cn_escaped, *sharename_escaped; -- char *srv_dn_utf8, **srv_cn_utf8; - TALLOC_CTX *ctx; - ADS_MODLIST mods; -- const char *attrs[] = {"objectGUID", NULL}; - struct GUID guid; - WERROR win_rc = WERR_OK; -- size_t converted_size; - const char *printer = pinfo2->sharename; -+ char *printer_dn = NULL; - - /* build the ads mods */ - ctx = talloc_init("nt_printer_publish_ads"); -@@ -265,65 +383,13 @@ static WERROR nt_printer_publish_ads(struct messaging_context *msg_ctx, - - DEBUG(5, ("publishing printer %s\n", printer)); - -- /* figure out where to publish */ -- ads_rc = ads_find_machine_acct(ads, &res, global_myname()); -- if (!ADS_ERR_OK(ads_rc)) { -- DEBUG(0, ("failed to find machine account for %s\n", -- global_myname())); -- TALLOC_FREE(ctx); -- return WERR_NOT_FOUND; -- } -- -- /* We use ldap_get_dn here as we need the answer -- * in utf8 to call ldap_explode_dn(). JRA. */ -- -- srv_dn_utf8 = ldap_get_dn((LDAP *)ads->ldap.ld, (LDAPMessage *)res); -- ads_msgfree(ads, res); -- if (!srv_dn_utf8) { -- TALLOC_FREE(ctx); -- return WERR_SERVER_UNAVAILABLE; -- } -- srv_cn_utf8 = ldap_explode_dn(srv_dn_utf8, 1); -- if (!srv_cn_utf8) { -- TALLOC_FREE(ctx); -- ldap_memfree(srv_dn_utf8); -- return WERR_SERVER_UNAVAILABLE; -- } -- /* Now convert to CH_UNIX. */ -- if (!pull_utf8_talloc(ctx, &srv_dn, srv_dn_utf8, &converted_size)) { -- TALLOC_FREE(ctx); -- ldap_memfree(srv_dn_utf8); -- ldap_memfree(srv_cn_utf8); -- return WERR_SERVER_UNAVAILABLE; -- } -- if (!pull_utf8_talloc(ctx, &srv_cn_0, srv_cn_utf8[0], &converted_size)) { -- TALLOC_FREE(ctx); -- ldap_memfree(srv_dn_utf8); -- ldap_memfree(srv_cn_utf8); -- TALLOC_FREE(srv_dn); -- return WERR_SERVER_UNAVAILABLE; -- } -- -- ldap_memfree(srv_dn_utf8); -- ldap_memfree(srv_cn_utf8); -- -- srv_cn_escaped = escape_rdn_val_string_alloc(srv_cn_0); -- if (!srv_cn_escaped) { -- TALLOC_FREE(ctx); -- return WERR_SERVER_UNAVAILABLE; -- } -- sharename_escaped = escape_rdn_val_string_alloc(printer); -- if (!sharename_escaped) { -- SAFE_FREE(srv_cn_escaped); -+ win_rc = nt_printer_dn_lookup(ctx, ads, printer, &printer_dn); -+ if (!W_ERROR_IS_OK(win_rc)) { -+ DEBUG(2, ("Failed to create printer dn\n")); - TALLOC_FREE(ctx); -- return WERR_SERVER_UNAVAILABLE; -+ return win_rc; - } - -- prt_dn = talloc_asprintf(ctx, "cn=%s-%s,%s", srv_cn_escaped, sharename_escaped, srv_dn); -- -- SAFE_FREE(srv_cn_escaped); -- SAFE_FREE(sharename_escaped); -- - mods = ads_init_mods(ctx); - - if (mods == NULL) { -@@ -338,13 +404,13 @@ static WERROR nt_printer_publish_ads(struct messaging_context *msg_ctx, - } - - /* publish it */ -- ads_rc = ads_mod_printer_entry(ads, prt_dn, ctx, &mods); -+ ads_rc = ads_mod_printer_entry(ads, printer_dn, ctx, &mods); - if (ads_rc.err.rc == LDAP_NO_SUCH_OBJECT) { - int i; - for (i=0; mods[i] != 0; i++) - ; - mods[i] = (LDAPMod *)-1; -- ads_rc = ads_add_printer_entry(ads, prt_dn, ctx, &mods); -+ ads_rc = ads_add_printer_entry(ads, printer_dn, ctx, &mods); - } - - if (!ADS_ERR_OK(ads_rc)) { -@@ -352,16 +418,15 @@ static WERROR nt_printer_publish_ads(struct messaging_context *msg_ctx, - printer, ads_errstr(ads_rc))); - } - -- /* retreive the guid and store it locally */ -- if (ADS_ERR_OK(ads_search_dn(ads, &res, prt_dn, attrs))) { -- bool guid_ok; -- ZERO_STRUCT(guid); -- guid_ok = ads_pull_guid(ads, res, &guid); -- ads_msgfree(ads, res); -- if (guid_ok) { -- store_printer_guid(msg_ctx, printer, guid); -- } -+ win_rc = nt_printer_guid_retrieve_internal(ads, printer_dn, &guid); -+ if (!W_ERROR_IS_OK(win_rc)) { -+ TALLOC_FREE(ctx); -+ return win_rc; - } -+ -+ /* TODO add a return value */ -+ store_printer_guid(msg_ctx, printer, guid); -+ - TALLOC_FREE(ctx); - - return win_rc; --- -2.3.0 - - -From 45bb946d93deaf4926754cf57454f79869e8bfaf Mon Sep 17 00:00:00 2001 -From: David Disseldorp ddiss@samba.org -Date: Thu, 18 Dec 2014 18:23:11 +0100 -Subject: [PATCH 2/4] PATCHSET16: printing: add nt_printer_guid_retrieve() - helper - -This function connects to the domain controller and retrieves the -GUID for the corresponding printer DN. - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=11018 - -Pair-programmed-with: Andreas Schneider asn@samba.org -Signed-off-by: David Disseldorp ddiss@samba.org -Signed-off-by: Andreas Schneider asn@samba.org -Reviewed-by: Guenther Deschner gd@samba.org -(cherry picked from commit 38dbd054dc331a441b10fdebbdb4bd0fc51cfc0a) ---- - source3/include/nt_printing.h | 3 ++ - source3/printing/nt_printing_ads.c | 58 ++++++++++++++++++++++++++++++++++++++ - 2 files changed, 61 insertions(+) - -diff --git a/source3/include/nt_printing.h b/source3/include/nt_printing.h -index cdbad87..67a0522 100644 ---- a/source3/include/nt_printing.h -+++ b/source3/include/nt_printing.h -@@ -132,6 +132,9 @@ bool print_access_check(const struct auth_serversupplied_info *server_info, - struct messaging_context *msg_ctx, int snum, - int access_type); - -+WERROR nt_printer_guid_retrieve(TALLOC_CTX *mem_ctx, const char *printer, -+ struct GUID *pguid); -+ - WERROR nt_printer_guid_get(TALLOC_CTX *mem_ctx, - const struct auth_serversupplied_info *server_info, - struct messaging_context *msg_ctx, -diff --git a/source3/printing/nt_printing_ads.c b/source3/printing/nt_printing_ads.c -index 25e1ab6..6fa4bfc 100644 ---- a/source3/printing/nt_printing_ads.c -+++ b/source3/printing/nt_printing_ads.c -@@ -209,6 +209,58 @@ static WERROR nt_printer_guid_retrieve_internal(ADS_STRUCT *ads, - return WERR_OK; - } - -+WERROR nt_printer_guid_retrieve(TALLOC_CTX *mem_ctx, const char *printer, -+ struct GUID *pguid) -+{ -+ ADS_STRUCT *ads = NULL; -+ char *old_krb5ccname = NULL; -+ char *printer_dn; -+ WERROR result; -+ ADS_STATUS ads_status; -+ TALLOC_CTX *tmp_ctx; -+ -+ tmp_ctx = talloc_new(mem_ctx); -+ if (tmp_ctx == NULL) { -+ return WERR_NOMEM; -+ } -+ -+ ads = ads_init(lp_realm(), lp_workgroup(), NULL); -+ if (ads == NULL) { -+ result = WERR_SERVER_UNAVAILABLE; -+ goto out; -+ } -+ -+ old_krb5ccname = getenv(KRB5_ENV_CCNAME); -+ setenv(KRB5_ENV_CCNAME, "MEMORY:prtpub_cache", 1); -+ SAFE_FREE(ads->auth.password); -+ ads->auth.password = secrets_fetch_machine_password(lp_workgroup(), -+ NULL, NULL); -+ -+ ads_status = ads_connect(ads); -+ if (!ADS_ERR_OK(ads_status)) { -+ DEBUG(3, ("ads_connect failed: %s\n", ads_errstr(ads_status))); -+ result = WERR_ACCESS_DENIED; -+ goto out; -+ } -+ -+ result = nt_printer_dn_lookup(tmp_ctx, ads, printer, &printer_dn); -+ if (!W_ERROR_IS_OK(result)) { -+ goto out; -+ } -+ -+ result = nt_printer_guid_retrieve_internal(ads, printer_dn, pguid); -+out: -+ TALLOC_FREE(tmp_ctx); -+ ads_destroy(&ads); -+ ads_kdestroy("MEMORY:prtpub_cache"); -+ unsetenv(KRB5_ENV_CCNAME); -+ if (old_krb5ccname != NULL) { -+ setenv(KRB5_ENV_CCNAME, old_krb5ccname, 0); -+ } -+ -+ return result; -+} -+ - WERROR nt_printer_guid_get(TALLOC_CTX *mem_ctx, - const struct auth_serversupplied_info *session_info, - struct messaging_context *msg_ctx, -@@ -652,6 +704,12 @@ bool is_printer_published(TALLOC_CTX *mem_ctx, - return true; - } - #else -+WERROR nt_printer_guid_retrieve(TALLOC_CTX *mem_ctx, const char *printer, -+ struct GUID *pguid) -+{ -+ return WERR_NOT_SUPPORTED; -+} -+ - WERROR nt_printer_guid_get(TALLOC_CTX *mem_ctx, - const struct auth_serversupplied_info *session_info, - struct messaging_context *msg_ctx, --- -2.3.0 - - -From 228323b1c846d6dfcd39e23c8ce850c79f339de9 Mon Sep 17 00:00:00 2001 -From: Andreas Schneider asn@samba.org -Date: Thu, 18 Dec 2014 15:13:27 +0000 -Subject: [PATCH 3/4] PATCHSET16: printing: rework nt_printer_guid_store to - return errors - -Callers can now choose whether or not to ignore errors. - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=11018 - -Pair-programmed-with: David Disseldorp ddiss@samba.org -Signed-off-by: Andreas Schneider asn@samba.org -Signed-off-by: David Disseldorp ddiss@samba.org -Reviewed-by: Guenther Deschner gd@samba.org -(cherry picked from commit 6595ced146a53dcef9bbd5d2deb82a44c8ce1a1a) ---- - source3/include/nt_printing.h | 3 +++ - source3/printing/nt_printing_ads.c | 49 +++++++++++++++++++++++++------------- - 2 files changed, 35 insertions(+), 17 deletions(-) - -diff --git a/source3/include/nt_printing.h b/source3/include/nt_printing.h -index 67a0522..493f4ce 100644 ---- a/source3/include/nt_printing.h -+++ b/source3/include/nt_printing.h -@@ -135,6 +135,9 @@ bool print_access_check(const struct auth_serversupplied_info *server_info, - WERROR nt_printer_guid_retrieve(TALLOC_CTX *mem_ctx, const char *printer, - struct GUID *pguid); - -+WERROR nt_printer_guid_store(struct messaging_context *msg_ctx, -+ const char *printer, struct GUID guid); -+ - WERROR nt_printer_guid_get(TALLOC_CTX *mem_ctx, - const struct auth_serversupplied_info *server_info, - struct messaging_context *msg_ctx, -diff --git a/source3/printing/nt_printing_ads.c b/source3/printing/nt_printing_ads.c -index 6fa4bfc..540a8a3 100644 ---- a/source3/printing/nt_printing_ads.c -+++ b/source3/printing/nt_printing_ads.c -@@ -35,32 +35,32 @@ - /***************************************************************** - ****************************************************************/ - --static void store_printer_guid(struct messaging_context *msg_ctx, -- const char *printer, struct GUID guid) -+WERROR nt_printer_guid_store(struct messaging_context *msg_ctx, -+ const char *printer, struct GUID guid) - { - TALLOC_CTX *tmp_ctx; -- struct auth_serversupplied_info *session_info = NULL; -+ const struct auth_serversupplied_info *session_info; - const char *guid_str; - DATA_BLOB blob; -- NTSTATUS status; - WERROR result; - - tmp_ctx = talloc_new(NULL); - if (!tmp_ctx) { -- DEBUG(0, ("store_printer_guid: Out of memory?!\n")); -- return; -+ DEBUG(0, ("Out of memory?!\n")); -+ return WERR_NOMEM; - } - -- status = make_session_info_system(tmp_ctx, &session_info); -- if (!NT_STATUS_IS_OK(status)) { -- DEBUG(0, ("store_printer_guid: " -- "Could not create system session_info\n")); -+ session_info = get_session_info_system(); -+ if (session_info == NULL) { -+ DEBUG(0, ("Could not get system session_info\n")); -+ result = WERR_NOMEM; - goto done; - } - - guid_str = GUID_string(tmp_ctx, &guid); - if (!guid_str) { -- DEBUG(0, ("store_printer_guid: Out of memory?!\n")); -+ DEBUG(0, ("Out of memory?!\n")); -+ result = WERR_NOMEM; - goto done; - } - -@@ -68,9 +68,9 @@ static void store_printer_guid(struct messaging_context *msg_ctx, - Vista to whine */ - - if (!push_reg_sz(tmp_ctx, &blob, guid_str)) { -- DEBUG(0, ("store_printer_guid: " -- "Could not marshall string %s for objectGUID\n", -+ DEBUG(0, ("Could not marshall string %s for objectGUID\n", - guid_str)); -+ result = WERR_NOMEM; - goto done; - } - -@@ -79,12 +79,15 @@ static void store_printer_guid(struct messaging_context *msg_ctx, - SPOOL_DSSPOOLER_KEY, "objectGUID", - REG_SZ, blob.data, blob.length); - if (!W_ERROR_IS_OK(result)) { -- DEBUG(0, ("store_printer_guid: " -- "Failed to store GUID for printer %s\n", printer)); -+ DEBUG(0, ("Failed to store GUID for printer %s\n", printer)); -+ goto done; - } - -+ result = WERR_OK; - done: - talloc_free(tmp_ctx); -+ -+ return result; - } - - static WERROR nt_printer_dn_lookup(TALLOC_CTX *mem_ctx, -@@ -468,6 +471,7 @@ static WERROR nt_printer_publish_ads(struct messaging_context *msg_ctx, - if (!ADS_ERR_OK(ads_rc)) { - DEBUG(3, ("error publishing %s: %s\n", - printer, ads_errstr(ads_rc))); -+ /* XXX failed to publish, so no guid to retrieve */ - } - - win_rc = nt_printer_guid_retrieve_internal(ads, printer_dn, &guid); -@@ -476,8 +480,13 @@ static WERROR nt_printer_publish_ads(struct messaging_context *msg_ctx, - return win_rc; - } - -- /* TODO add a return value */ -- store_printer_guid(msg_ctx, printer, guid); -+ win_rc = nt_printer_guid_store(msg_ctx, printer, guid); -+ if (!W_ERROR_IS_OK(win_rc)) { -+ DEBUG(3, ("failed to store printer %s guid\n", -+ printer)); -+ /* not catastrophic, retrieve on next use */ -+ win_rc = WERR_OK; -+ } - - TALLOC_FREE(ctx); - -@@ -704,6 +713,12 @@ bool is_printer_published(TALLOC_CTX *mem_ctx, - return true; - } - #else -+WERROR nt_printer_guid_store(struct messaging_context *msg_ctx, -+ const char *printer, struct GUID guid) -+{ -+ return WERR_NOT_SUPPORTED; -+} -+ - WERROR nt_printer_guid_retrieve(TALLOC_CTX *mem_ctx, const char *printer, - struct GUID *pguid) - { --- -2.3.0 - - -From d4847deadc4cd6f4f8071fae16d05bc8ec4ed566 Mon Sep 17 00:00:00 2001 -From: Andreas Schneider asn@samba.org -Date: Thu, 18 Dec 2014 15:14:36 +0000 -Subject: [PATCH 4/4] PATCHSET16: spoolss: retrieve published printer GUID if - not in registry -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -When a printer is published, the GUID for the published DN is retrieved -from the domain controller and stored in the registry. -When handling a spoolss GetPrinter(level=7) request, the same GUID is -obtained from the registry and returned to the client. - -This change sees the spoolss server query the DC for the published -printer GUID if it is not present in the registry when handling a -spoolss GetPrinter(level=7) request. - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=11018 - -Pair-Programmed-With: David Disseldorp ddiss@samba.org -Signed-off-by: Andreas Schneider asn@samba.org -Signed-off-by: David Disseldorp ddiss@samba.org -Reviewed-by: Guenther Deschner gd@samba.org - -Autobuild-User(master): Günther Deschner gd@samba.org -Autobuild-Date(master): Wed Feb 18 12:43:44 CET 2015 on sn-devel-104 - -(cherry picked from commit a4157e7c5d75be7003ad0b72fdfe9856a9e5ba8f) ---- - source3/rpc_server/spoolss/srv_spoolss_nt.c | 20 +++++++++++++++++++- - 1 file changed, 19 insertions(+), 1 deletion(-) - -diff --git a/source3/rpc_server/spoolss/srv_spoolss_nt.c b/source3/rpc_server/spoolss/srv_spoolss_nt.c -index 0c4b582..516b7dc 100644 ---- a/source3/rpc_server/spoolss/srv_spoolss_nt.c -+++ b/source3/rpc_server/spoolss/srv_spoolss_nt.c -@@ -4213,7 +4213,25 @@ static WERROR construct_printer_info7(TALLOC_CTX *mem_ctx, - werr = nt_printer_guid_get(tmp_ctx, session_info, msg_ctx, - printer, &guid); - if (!W_ERROR_IS_OK(werr)) { -- goto out_tmp_free; -+ /* -+ * If we do not have a GUID entry in the registry, then -+ * try to retrieve it from AD and store it now. -+ */ -+ werr = nt_printer_guid_retrieve(tmp_ctx, printer, -+ &guid); -+ if (!W_ERROR_IS_OK(werr)) { -+ DEBUG(1, ("Failed to retrieve GUID for " -+ "printer [%s] from AD - " -+ "Is the the printer still " -+ "published ?\n", printer)); -+ goto out_tmp_free; -+ } -+ -+ werr = nt_printer_guid_store(msg_ctx, printer, guid); -+ if (!W_ERROR_IS_OK(werr)) { -+ DEBUG(3, ("failed to store printer %s guid\n", -+ printer)); -+ } - } - r->guid = talloc_strdup_upper(mem_ctx, GUID_string2(mem_ctx, &guid)); - r->action = DSPRINT_PUBLISH; --- -2.3.0 - diff --git a/src/patches/samba/samba-3.6.99-nt_printer_unpublish_fix.patch b/src/patches/samba/samba-3.6.99-nt_printer_unpublish_fix.patch deleted file mode 100644 index 641e62b14..000000000 --- a/src/patches/samba/samba-3.6.99-nt_printer_unpublish_fix.patch +++ /dev/null @@ -1,75 +0,0 @@ -From cd3082b03487eaeddb0105807b5ad39b47aa65f1 Mon Sep 17 00:00:00 2001 -From: Andreas Schneider asn@samba.org -Date: Tue, 8 Nov 2016 12:20:41 +0100 -Subject: [PATCH] s3-spoolss: Remove printer from registry if it is unpublished - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=11665 - -Signed-off-by: Andreas Schneider asn@samba.org -Reviewed-by: Guenther Deschner gd@samba.org ---- - source3/rpc_server/spoolss/srv_spoolss_nt.c | 34 ++++++++++++++++++++++++----- - 1 file changed, 29 insertions(+), 5 deletions(-) - -diff --git a/source3/rpc_server/spoolss/srv_spoolss_nt.c b/source3/rpc_server/spoolss/srv_spoolss_nt.c -index 556cd4f..f1ab3fb 100644 ---- a/source3/rpc_server/spoolss/srv_spoolss_nt.c -+++ b/source3/rpc_server/spoolss/srv_spoolss_nt.c -@@ -4194,6 +4194,7 @@ static WERROR construct_printer_info7(TALLOC_CTX *mem_ctx, - int snum) - { - struct auth_serversupplied_info *session_info; -+ struct spoolss_PrinterInfo2 *pinfo2 = NULL; - char *printer; - NTSTATUS status; - WERROR werr; -@@ -4218,7 +4219,7 @@ static WERROR construct_printer_info7(TALLOC_CTX *mem_ctx, - } - - if (is_printer_published(tmp_ctx, session_info, msg_ctx, -- servername, printer, NULL)) { -+ servername, printer, &pinfo2)) { - struct GUID guid; - werr = nt_printer_guid_get(tmp_ctx, session_info, msg_ctx, - printer, &guid); -@@ -4230,10 +4231,33 @@ static WERROR construct_printer_info7(TALLOC_CTX *mem_ctx, - werr = nt_printer_guid_retrieve(tmp_ctx, printer, - &guid); - if (!W_ERROR_IS_OK(werr)) { -- DEBUG(1, ("Failed to retrieve GUID for " -- "printer [%s] from AD - " -- "Is the the printer still " -- "published ?\n", printer)); -+ DEBUG(3, ("Failed to retrieve GUID for " -+ "printer [%s] from AD - %s\n", -+ printer, -+ win_errstr(werr))); -+ if (W_ERROR_EQUAL(werr, WERR_FILE_NOT_FOUND)) { -+ /* -+ * If we did not find it in AD, then it -+ * is unpublished and we should reflect -+ * this in the registry and return -+ * success. -+ */ -+ DEBUG(1, ("Unpublish printer [%s]\n", -+ pinfo2->sharename)); -+ nt_printer_publish(tmp_ctx, -+ session_info, -+ msg_ctx, -+ pinfo2, -+ DSPRINT_UNPUBLISH); -+ r->guid = talloc_strdup(mem_ctx, ""); -+ r->action = DSPRINT_UNPUBLISH; -+ -+ if (r->guid == NULL) { -+ werr = WERR_NOT_ENOUGH_MEMORY; -+ } else { -+ werr = WERR_OK; -+ } -+ } - goto out_tmp_free; - } - --- -2.10.1 - diff --git a/src/patches/samba/samba-3.6.99-winbind_fix_trusted_domain_handling.patch b/src/patches/samba/samba-3.6.99-winbind_fix_trusted_domain_handling.patch deleted file mode 100644 index e58f7146a..000000000 --- a/src/patches/samba/samba-3.6.99-winbind_fix_trusted_domain_handling.patch +++ /dev/null @@ -1,432 +0,0 @@ -From a280f61d71d5ea7e2212d253b84ac5b25810b88e Mon Sep 17 00:00:00 2001 -From: Uri Simchoni uri@samba.org -Date: Wed, 10 Feb 2016 00:26:45 +0200 -Subject: [PATCH 1/4] winbindd: introduce add_trusted_domain_from_tdc() - -This is purely a refactoring patch - -Add a routine that adds a winbindd domain object based on -domain trust cache entry. add_trusted_domain() becomes -a wrapper for this new routine. - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=11691 - -Signed-off-by: Uri Simchoni uri@samba.org -Reviewed-by: Ralph Boehme slow@samba.org ---- - source3/winbindd/winbindd_util.c | 76 +++++++++++++++++++++++++--------------- - 1 file changed, 48 insertions(+), 28 deletions(-) - -diff --git a/source3/winbindd/winbindd_util.c b/source3/winbindd/winbindd_util.c -index 353722e..70a9041 100644 ---- a/source3/winbindd/winbindd_util.c -+++ b/source3/winbindd/winbindd_util.c -@@ -30,6 +30,10 @@ - #undef DBGC_CLASS - #define DBGC_CLASS DBGC_WINBIND - -+static struct winbindd_domain * -+add_trusted_domain_from_tdc(const struct winbindd_tdc_domain *tdc, -+ struct winbindd_methods *methods); -+ - extern struct winbindd_methods cache_methods; - - /** -@@ -91,11 +95,31 @@ static bool is_in_internal_domain(const struct dom_sid *sid) - - /* Add a trusted domain to our list of domains. - If the domain already exists in the list, -- return it and don't re-initialize. -- */ --static struct winbindd_domain *add_trusted_domain(const char *domain_name, const char *alt_name, -- struct winbindd_methods *methods, -- const struct dom_sid *sid) -+ return it and don't re-initialize. */ -+ -+static struct winbindd_domain * -+add_trusted_domain(const char *domain_name, const char *alt_name, -+ struct winbindd_methods *methods, const struct dom_sid *sid) -+{ -+ struct winbindd_tdc_domain tdc; -+ -+ ZERO_STRUCT(tdc); -+ -+ tdc.domain_name = domain_name; -+ tdc.dns_name = alt_name; -+ if (sid) { -+ sid_copy(&tdc.sid, sid); -+ } -+ -+ return add_trusted_domain_from_tdc(&tdc, methods); -+} -+ -+/* Add a trusted domain out of a trusted domain cache -+ entry -+*/ -+static struct winbindd_domain * -+add_trusted_domain_from_tdc(const struct winbindd_tdc_domain *tdc, -+ struct winbindd_methods *methods) - { - struct winbindd_domain *domain; - const char *alternative_name = NULL; -@@ -103,6 +127,12 @@ static struct winbindd_domain *add_trusted_domain(const char *domain_name, const - const char *param; - const char **ignored_domains, **dom; - int role = lp_server_role(); -+ const char *domain_name = tdc->domain_name; -+ const struct dom_sid *sid = &tdc->sid; -+ -+ if (is_null_sid(sid)) { -+ sid = NULL; -+ } - - ignored_domains = lp_parm_string_list(-1, "winbind", "ignore domains", NULL); - for (dom=ignored_domains; dom && *dom; dom++) { -@@ -114,8 +144,8 @@ static struct winbindd_domain *add_trusted_domain(const char *domain_name, const - - /* ignore alt_name if we are not in an AD domain */ - -- if ( (lp_security() == SEC_ADS) && alt_name && *alt_name) { -- alternative_name = alt_name; -+ if (tdc->dns_name && *tdc->dns_name) { -+ alternative_name = tdc->dns_name; - } - - /* We can't call domain_list() as this function is called from -@@ -127,8 +157,7 @@ static struct winbindd_domain *add_trusted_domain(const char *domain_name, const - break; - } - -- if (alternative_name && *alternative_name) -- { -+ if (alternative_name) { - if (strequal(alternative_name, domain->name) || - strequal(alternative_name, domain->alt_name)) - { -@@ -136,12 +165,7 @@ static struct winbindd_domain *add_trusted_domain(const char *domain_name, const - } - } - -- if (sid) -- { -- if (is_null_sid(sid)) { -- continue; -- } -- -+ if (sid != NULL) { - if (dom_sid_equal(sid, &domain->sid)) { - break; - } -@@ -191,11 +215,11 @@ static struct winbindd_domain *add_trusted_domain(const char *domain_name, const - domain->internal = is_internal_domain(sid); - domain->sequence_number = DOM_SEQUENCE_NONE; - domain->last_seq_check = 0; -- domain->initialized = False; -+ domain->initialized = false; - domain->online = is_internal_domain(sid); - domain->check_online_timeout = 0; - domain->dc_probe_pid = (pid_t)-1; -- if (sid) { -+ if (sid != NULL) { - sid_copy(&domain->sid, sid); - } - -@@ -246,9 +270,9 @@ done: - - setup_domain_child(domain); - -- DEBUG(2,("Added domain %s %s %s\n", -- domain->name, domain->alt_name, -- &domain->sid?sid_string_dbg(&domain->sid):"")); -+ DEBUG(2, -+ ("Added domain %s %s %s\n", domain->name, domain->alt_name, -+ !is_null_sid(&domain->sid) ? sid_string_dbg(&domain->sid) : "")); - - return domain; - } -@@ -432,10 +456,8 @@ static void rescan_forest_root_trusts( void ) - d = find_domain_from_name_noinit( dom_list[i].domain_name ); - - if ( !d ) { -- (void)add_trusted_domain( dom_list[i].domain_name, -- dom_list[i].dns_name, -- &cache_methods, -- &dom_list[i].sid); -+ d = add_trusted_domain_from_tdc(&dom_list[i], -+ &cache_methods); - } - - if (d == NULL) { -@@ -501,10 +523,8 @@ static void rescan_forest_trusts( void ) - about it */ - - if ( !d ) { -- (void)add_trusted_domain( dom_list[i].domain_name, -- dom_list[i].dns_name, -- &cache_methods, -- &dom_list[i].sid); -+ d = add_trusted_domain_from_tdc(&dom_list[i], -+ &cache_methods); - } - - if (d == NULL) { --- -2.9.4 - - -From 153f173eea81ffa1caa4768589a08bb20a6a1950 Mon Sep 17 00:00:00 2001 -From: Stefan Metzmacher metze@samba.org -Date: Tue, 23 Dec 2014 09:43:03 +0000 -Subject: [PATCH 2/4] s3:winbindd: mark our primary as active_directory if - possible - -Signed-off-by: Stefan Metzmacher metze@samba.org -Reviewed-by: Guenther Deschner gd@samba.org ---- - source3/winbindd/winbindd_util.c | 6 ++++++ - 1 file changed, 6 insertions(+) - -diff --git a/source3/winbindd/winbindd_util.c b/source3/winbindd/winbindd_util.c -index 70a9041..700076a 100644 ---- a/source3/winbindd/winbindd_util.c -+++ b/source3/winbindd/winbindd_util.c -@@ -232,6 +232,12 @@ add_trusted_domain_from_tdc(const struct winbindd_tdc_domain *tdc, - domain->primary = true; - } - -+ if (domain->primary) { -+ if (lp_security() == SEC_ADS) { -+ domain->active_directory = true; -+ } -+ } -+ - /* Link to domain list */ - DLIST_ADD_END(_domain_list, domain, struct winbindd_domain *); - --- -2.9.4 - - -From 5d741ee3d1dafbb32c106fed817840892b69598d Mon Sep 17 00:00:00 2001 -From: Uri Simchoni uri@samba.org -Date: Wed, 10 Feb 2016 00:32:23 +0200 -Subject: [PATCH 3/4] winbindd: initialize foreign domain as AD based on trust - -Based on trust parameters, initialize the active_directory -member of domain object to true. - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=11691 - -Signed-off-by: Uri Simchoni uri@samba.org -Reviewed-by: Ralph Boehme slow@samba.org ---- - source3/winbindd/winbindd_util.c | 7 +++++++ - 1 file changed, 7 insertions(+) - -diff --git a/source3/winbindd/winbindd_util.c b/source3/winbindd/winbindd_util.c -index 700076a..aaa9ee8 100644 ---- a/source3/winbindd/winbindd_util.c -+++ b/source3/winbindd/winbindd_util.c -@@ -222,6 +222,9 @@ add_trusted_domain_from_tdc(const struct winbindd_tdc_domain *tdc, - if (sid != NULL) { - sid_copy(&domain->sid, sid); - } -+ domain->domain_flags = tdc->trust_flags; -+ domain->domain_type = tdc->trust_type; -+ domain->domain_trust_attribs = tdc->trust_attribs; - - /* Is this our primary domain ? */ - if (strequal(domain_name, get_global_sam_name()) && -@@ -236,6 +239,10 @@ add_trusted_domain_from_tdc(const struct winbindd_tdc_domain *tdc, - if (lp_security() == SEC_ADS) { - domain->active_directory = true; - } -+ } else if (!domain->internal) { -+ if (domain->domain_type == LSA_TRUST_TYPE_UPLEVEL) { -+ domain->active_directory = true; -+ } - } - - /* Link to domain list */ --- -2.9.4 - - -From a8ac7dcae2e3b00362ea9d91b5ef7f149bc734a0 Mon Sep 17 00:00:00 2001 -From: Uri Simchoni uri@samba.org -Date: Wed, 10 Feb 2016 00:38:11 +0200 -Subject: [PATCH 4/4] winbindd: return trust parameters when listing trusts -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -When asking a child domain process to list trusts on that domain, -return (along with trust domain names and SID) the trust properties - -flags, type, and attributes. - -Use those attributes to initialize domain object. - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=11691 - -Signed-off-by: Uri Simchoni uri@samba.org -Reviewed-by: Ralph Boehme slow@samba.org - -Autobuild-User(master): Ralph Böhme slow@samba.org -Autobuild-Date(master): Tue Feb 23 22:02:16 CET 2016 on sn-devel-144 ---- - source3/winbindd/winbindd_misc.c | 11 +++--- - source3/winbindd/winbindd_util.c | 82 +++++++++++++++++++++++++++++----------- - 2 files changed, 65 insertions(+), 28 deletions(-) - -diff --git a/source3/winbindd/winbindd_misc.c b/source3/winbindd/winbindd_misc.c -index 7d25167..5335ad9 100644 ---- a/source3/winbindd/winbindd_misc.c -+++ b/source3/winbindd/winbindd_misc.c -@@ -172,11 +172,12 @@ enum winbindd_result winbindd_dual_list_trusted_domains(struct winbindd_domain * - - for (i=0; i<trusts.count; i++) { - extra_data = talloc_asprintf_append_buffer( -- extra_data, "%s\%s\%s\n", -- trusts.array[i].netbios_name, -- trusts.array[i].dns_name, -- sid_string_talloc(state->mem_ctx, -- trusts.array[i].sid)); -+ extra_data, "%s\%s\%s\%u\%u\%u\n", -+ trusts.array[i].netbios_name, trusts.array[i].dns_name, -+ sid_string_talloc(state->mem_ctx, trusts.array[i].sid), -+ trusts.array[i].trust_flags, -+ (uint32_t)trusts.array[i].trust_type, -+ trusts.array[i].trust_attributes); - } - - /* add our primary domain */ -diff --git a/source3/winbindd/winbindd_util.c b/source3/winbindd/winbindd_util.c -index aaa9ee8..b99fac4 100644 ---- a/source3/winbindd/winbindd_util.c -+++ b/source3/winbindd/winbindd_util.c -@@ -343,6 +343,8 @@ static void trustdom_list_done(struct tevent_req *req) - struct winbindd_response *response; - int res, err; - char *p; -+ struct winbindd_tdc_domain trust_params = {0}; -+ ptrdiff_t extra_len; - - res = wb_domain_request_recv(req, state, &response, &err); - if ((res == -1) || (response->result != WINBINDD_OK)) { -@@ -351,17 +353,27 @@ static void trustdom_list_done(struct tevent_req *req) - return; - } - -+ if (response->length < sizeof(struct winbindd_response)) { -+ DEBUG(0, ("ill-formed trustdom response - short length\n")); -+ TALLOC_FREE(state); -+ return; -+ } -+ -+ extra_len = response->length - sizeof(struct winbindd_response); -+ - p = (char *)response->extra_data.data; - -- while ((p != NULL) && (*p != '\0')) { -+ while ((p - (char *)response->extra_data.data) < extra_len) { - char *q, *sidstr, *alt_name; -- struct dom_sid sid; -- struct winbindd_domain *domain; -- char *alternate_name = NULL; -+ -+ DEBUG(10, ("parsing response line '%s'\n", p)); -+ -+ ZERO_STRUCT(trust_params); -+ trust_params.domain_name = p; - - alt_name = strchr(p, '\'); - if (alt_name == NULL) { -- DEBUG(0, ("Got invalid trustdom response\n")); -+ DEBUG(10, ("Got invalid trustdom response\n")); - break; - } - -@@ -370,39 +382,63 @@ static void trustdom_list_done(struct tevent_req *req) - - sidstr = strchr(alt_name, '\'); - if (sidstr == NULL) { -- DEBUG(0, ("Got invalid trustdom response\n")); -+ DEBUG(10, ("Got invalid trustdom response\n")); - break; - } - - *sidstr = '\0'; - sidstr += 1; - -- q = strchr(sidstr, '\n'); -- if (q != NULL) -- *q = '\0'; -+ /* use the real alt_name if we have one, else pass in NULL */ -+ if (!strequal(alt_name, "(null)")) { -+ trust_params.dns_name = alt_name; -+ } -+ -+ q = strtok(sidstr, "\"); -+ if (q == NULL) { -+ DEBUG(10, ("Got invalid trustdom response\n")); -+ break; -+ } -+ -+ if (!string_to_sid(&trust_params.sid, sidstr)) { -+ DEBUG(0, ("Got invalid trustdom response\n")); -+ break; -+ } - -- if (!string_to_sid(&sid, sidstr)) { -+ q = strtok(NULL, "\"); -+ if (q == NULL) { - DEBUG(0, ("Got invalid trustdom response\n")); - break; - } - -- /* use the real alt_name if we have one, else pass in NULL */ -+ trust_params.trust_flags = (uint32_t)strtoul(q, NULL, 10); - -- if ( !strequal( alt_name, "(null)" ) ) -- alternate_name = alt_name; -+ q = strtok(NULL, "\"); -+ if (q == NULL) { -+ DEBUG(0, ("Got invalid trustdom response\n")); -+ break; -+ } -+ -+ trust_params.trust_type = (uint32_t)strtoul(q, NULL, 10); - -- /* If we have an existing domain structure, calling -- add_trusted_domain() will update the SID if -- necessary. This is important because we need the -- SID for sibling domains */ -+ q = strtok(NULL, "\n"); -+ if (q == NULL) { -+ DEBUG(10, ("Got invalid trustdom response\n")); -+ break; -+ } - -- (void)add_trusted_domain(p, alternate_name, -- &cache_methods, -- &sid); -+ trust_params.trust_attribs = (uint32_t)strtoul(q, NULL, 10); -+ -+ /* -+ * We always call add_trusted_domain() cause on an existing -+ * domain structure, it will update the SID if necessary. -+ * This is important because we need the SID for sibling -+ * domains. -+ */ -+ (void)add_trusted_domain_from_tdc(&trust_params, -+ &cache_methods); - -- p=q; -- if (p != NULL) -- p += 1; -+ p = q + strlen(q) + 1; - } - - /* --- -2.9.4 - diff --git a/src/patches/samba/samba-3.6.x-winbind_tevent_poll.patch b/src/patches/samba/samba-3.6.x-winbind_tevent_poll.patch deleted file mode 100644 index f38aabf6f..000000000 --- a/src/patches/samba/samba-3.6.x-winbind_tevent_poll.patch +++ /dev/null @@ -1,308 +0,0 @@ -From 1d94210adc6e0bb8a08fbfc1a516a0f958dbf744 Mon Sep 17 00:00:00 2001 -From: Volker Lendecke vl@samba.org -Date: Wed, 16 Jan 2013 12:00:00 +0100 -Subject: [PATCH 1/2] winbind: Use standard tevent_context_init - -This makes winbind use epoll instead of poll ---- - source3/winbindd/winbindd.c | 38 ++++++++++++++++++++++++++++++++----- - source3/winbindd/winbindd.h | 2 -- - source3/winbindd/winbindd_proto.h | 1 + - 3 files changed, 34 insertions(+), 7 deletions(-) - -Index: samba-3.6.22/source3/winbindd/winbindd.c -=================================================================== ---- samba-3.6.22.orig/source3/winbindd/winbindd.c -+++ samba-3.6.22/source3/winbindd/winbindd.c -@@ -48,14 +48,42 @@ static bool interactive = False; - - extern bool override_logfile; - -+struct tevent_context *winbind_event_context(void) -+{ -+ static struct tevent_context *ev = NULL; -+ -+ if (ev != NULL) { -+ return ev; -+ } -+ -+ /* -+ * Note we MUST use the NULL context here, not the autofree context, -+ * to avoid side effects in forked children exiting. -+ */ -+ ev = tevent_context_init(NULL); -+ if (ev == NULL) { -+ smb_panic("Could not init winbindd's messaging context.\n"); -+ } -+ return ev; -+} -+ - struct messaging_context *winbind_messaging_context(void) - { -- struct messaging_context *msg_ctx = server_messaging_context(); -- if (likely(msg_ctx != NULL)) { -- return msg_ctx; -+ static struct messaging_context *msg = NULL; -+ -+ if (msg != NULL) { -+ return msg; -+ } -+ -+ /* -+ * Note we MUST use the NULL context here, not the autofree context, -+ * to avoid side effects in forked children exiting. -+ */ -+ msg = messaging_init(NULL, procid_self(), winbind_event_context()); -+ if (msg == NULL) { -+ smb_panic("Could not init winbindd's messaging context.\n"); - } -- smb_panic("Could not init winbindd's messaging context.\n"); -- return NULL; -+ return msg; - } - - /* Reload configuration */ -Index: samba-3.6.22/source3/winbindd/winbindd.h -=================================================================== ---- samba-3.6.22.orig/source3/winbindd/winbindd.h -+++ samba-3.6.22/source3/winbindd/winbindd.h -@@ -397,6 +397,4 @@ struct WINBINDD_CCACHE_ENTRY { - #define WINBINDD_PAM_AUTH_KRB5_RENEW_TIME 2592000 /* one month */ - #define DOM_SEQUENCE_NONE ((uint32)-1) - --#define winbind_event_context server_event_context -- - #endif /* _WINBINDD_H */ -Index: samba-3.6.22/source3/winbindd/winbindd_proto.h -=================================================================== ---- samba-3.6.22.orig/source3/winbindd/winbindd_proto.h -+++ samba-3.6.22/source3/winbindd/winbindd_proto.h -@@ -34,6 +34,7 @@ bool winbindd_use_cache(void); - void winbindd_register_handlers(void); - const char *get_winbind_pipe_dir(void); - char *get_winbind_priv_pipe_dir(void); -+struct tevent_context *winbind_event_context(void); - int main(int argc, char **argv, char **envp); - - /* The following definitions come from winbindd/winbindd_ads.c */ -Index: samba-3.6.22/source3/winbindd/winbindd_dual.c -=================================================================== ---- samba-3.6.22.orig/source3/winbindd/winbindd_dual.c -+++ samba-3.6.22/source3/winbindd/winbindd_dual.c -@@ -1284,6 +1284,66 @@ NTSTATUS winbindd_reinit_after_fork(cons - return NT_STATUS_OK; - } - -+struct child_handler_state { -+ struct winbindd_child *child; -+ struct winbindd_cli_state *cli_state; -+}; -+ -+static void child_handler(struct tevent_context *ev, struct tevent_fd *fde, -+ uint16_t flags, void *private_data) -+{ -+ struct child_handler_state *ch_state = -+ (struct child_handler_state *)private_data; -+ struct winbindd_cli_state *state = ch_state->cli_state; -+ struct iovec iov[2]; -+ int iov_count; -+ NTSTATUS status; -+ -+ if ((flags & TEVENT_FD_READ) == 0) { -+ return; -+ } -+ -+ /* fetch a request from the main daemon */ -+ status = child_read_request(state); -+ -+ if (!NT_STATUS_IS_OK(status)) { -+ /* we lost contact with our parent */ -+ _exit(0); -+ } -+ -+ DEBUG(4,("child daemon request %d\n", (int)state->request->cmd)); -+ -+ ZERO_STRUCTP(state->response); -+ state->request->null_term = '\0'; -+ state->mem_ctx = talloc_tos(); -+ child_process_request(ch_state->child, state); -+ -+ DEBUG(4, ("Finished processing child request %d\n", -+ (int)state->request->cmd)); -+ -+ SAFE_FREE(state->request->extra_data.data); -+ -+ iov[0].iov_base = (void *)state->response; -+ iov[0].iov_len = sizeof(struct winbindd_response); -+ iov_count = 1; -+ -+ if (state->response->length > sizeof(struct winbindd_response)) { -+ iov[1].iov_base = -+ (void *)state->response->extra_data.data; -+ iov[1].iov_len = state->response->length-iov[0].iov_len; -+ iov_count = 2; -+ } -+ -+ DEBUG(10, ("Writing %d bytes to parent\n", -+ (int)state->response->length)); -+ -+ if (write_data_iov(state->sock, iov, iov_count) != -+ state->response->length) { -+ DEBUG(0, ("Could not write result\n")); -+ exit(1); -+ } -+} -+ - /* - * In a child there will be only one domain, reference that here. - */ -@@ -1301,6 +1361,7 @@ static bool fork_domain_child(struct win - struct winbindd_request request; - struct winbindd_response response; - struct winbindd_domain *primary_domain = NULL; -+ struct child_handler_state ch_state; - NTSTATUS status; - ssize_t nwritten; - -@@ -1322,6 +1383,9 @@ static bool fork_domain_child(struct win - state.request = &request; - state.response = &response; - -+ ch_state.child = child; -+ ch_state.cli_state = &state; -+ - child->pid = sys_fork(); - - if (child->pid == -1) { -@@ -1464,22 +1528,14 @@ static bool fork_domain_child(struct win - } - } - -- while (1) { -+ if (tevent_add_fd(winbind_event_context(), NULL, state.sock, -+ TEVENT_FD_READ, child_handler, &ch_state) == NULL) { -+ DEBUG(1, ("tevent_add_fd failed\n")); -+ exit(1); -+ } - -- int ret; -- struct pollfd *pfds; -- int num_pfds; -- int timeout; -- struct timeval t; -- struct timeval *tp; -+ while (1) { - TALLOC_CTX *frame = talloc_stackframe(); -- struct iovec iov[2]; -- int iov_count; -- -- if (run_events_poll(winbind_event_context(), 0, NULL, 0)) { -- TALLOC_FREE(frame); -- continue; -- } - - if (child->domain && child->domain->startup && - (time_mono(NULL) > child->domain->startup_time + 30)) { -@@ -1489,99 +1545,12 @@ static bool fork_domain_child(struct win - child->domain->startup = False; - } - -- pfds = TALLOC_ZERO_P(talloc_tos(), struct pollfd); -- if (pfds == NULL) { -- DEBUG(1, ("talloc failed\n")); -- _exit(1); -- } -- -- pfds->fd = state.sock; -- pfds->events = POLLIN|POLLHUP; -- num_pfds = 1; -- -- timeout = INT_MAX; -- -- if (!event_add_to_poll_args( -- winbind_event_context(), talloc_tos(), -- &pfds, &num_pfds, &timeout)) { -- DEBUG(1, ("event_add_to_poll_args failed\n")); -- _exit(1); -- } -- tp = get_timed_events_timeout(winbind_event_context(), &t); -- if (tp) { -- DEBUG(11,("select will use timeout of %u.%u seconds\n", -- (unsigned int)tp->tv_sec, (unsigned int)tp->tv_usec )); -- } -- -- ret = sys_poll(pfds, num_pfds, timeout); -- -- if (run_events_poll(winbind_event_context(), ret, -- pfds, num_pfds)) { -- /* We got a signal - continue. */ -- TALLOC_FREE(frame); -- continue; -- } -- -- TALLOC_FREE(pfds); -- -- if (ret == 0) { -- DEBUG(11,("nothing is ready yet, continue\n")); -- TALLOC_FREE(frame); -- continue; -- } -- -- if (ret == -1 && errno == EINTR) { -- /* We got a signal - continue. */ -- TALLOC_FREE(frame); -- continue; -- } -- -- if (ret == -1 && errno != EINTR) { -- DEBUG(0,("poll error occured\n")); -- TALLOC_FREE(frame); -- perror("poll"); -+ if (tevent_loop_once(winbind_event_context()) != 0) { -+ DEBUG(1, ("tevent_loop_once failed: %s\n", -+ strerror(errno))); - _exit(1); - } - -- /* fetch a request from the main daemon */ -- status = child_read_request(&state); -- -- if (!NT_STATUS_IS_OK(status)) { -- /* we lost contact with our parent */ -- _exit(0); -- } -- -- DEBUG(4,("child daemon request %d\n", (int)state.request->cmd)); -- -- ZERO_STRUCTP(state.response); -- state.request->null_term = '\0'; -- state.mem_ctx = frame; -- child_process_request(child, &state); -- -- DEBUG(4, ("Finished processing child request %d\n", -- (int)state.request->cmd)); -- -- SAFE_FREE(state.request->extra_data.data); -- -- iov[0].iov_base = (void *)state.response; -- iov[0].iov_len = sizeof(struct winbindd_response); -- iov_count = 1; -- -- if (state.response->length > sizeof(struct winbindd_response)) { -- iov[1].iov_base = -- (void *)state.response->extra_data.data; -- iov[1].iov_len = state.response->length-iov[0].iov_len; -- iov_count = 2; -- } -- -- DEBUG(10, ("Writing %d bytes to parent\n", -- (int)state.response->length)); -- -- if (write_data_iov(state.sock, iov, iov_count) != -- state.response->length) { -- DEBUG(0, ("Could not write result\n")); -- exit(1); -- } - TALLOC_FREE(frame); - } - }