The branch, v4-1-stable has been updated
via 74be972 VERSION: Disable git snapshots for the 4.1.20 release.
via ec3ff76 WHATSNEW: Add release notes for Samba 4.1.20.
via 487c3b3 s3: winbindd: Fix TALLOC_FREE of uninitialized groups
variable.
via 711131e s3-util: Compare the maximum allowed length of a NetBIOS
name
via 0c640d0 s3-net: use talloc array in share allowedusers
via 49e39b0 s3-passdb: Respect LOOKUP_NAME_GROUP flag in sid lookup.
via 516f518 lib: replace: Add strsep function (missing on Solaris).
via e889ea3 s3-auth: Fix a possible null pointer dereference
via 28ee83d s3-smbd: Leave sys_disk_free() if dfree command is used
via d7d60d8 s3-smbd: reset protocol in smbXsrv_connection_init_tables
failure paths.
via 7127c60 s3:libsmb: Fix a bug in conversion of ea list to ea array.
via 5f029fc smbd:trans2: treat new SMB_SIGNING_DESIRED in case
via a55bed3 docs:smb.conf: explain effect of new setting 'desired' of
smb encrypt
via aae0423 smbd:smb2: use encryption_desired in send_break
via 57c879a smbd:smb2: only enable encryption in tcon if desired
via 2cad86c smbd:smb2: only enable encryption in session if desired
via 3ed2fbe smbd:smb2: separate between encryption required and enc
desired
via 2c19c6f smbXsrv: add bools encryption_desired to session and tcon
via b615fb6 Introduce setting "desired" for 'smb encrypt' and
'client/server signing'
via 0b97972 smbd: Make SMB3 clients use encryption with "smb encrypt =
auto"
via 15b323d s4:selftest: also run rpc.winreg with kerberos and all
possible auth options
via d8df89f s4:selftest: run rpc.echo tests also with krb5 krb5,sign
krb5,seal
via 6d6799a s4:rpc_server: fix padding caclucation in
dcesrv_auth_response()
via 62966eb s4:rpc_server: let dcesrv_auth_response() handle sig_size
== 0 with auth_info as error
via 496d7f9 s4:rpc_server: let dcesrv_reply() use a sig_size for a
padded payload
via e22adb8 s4:rpc_server: let dcesrv_reply() use
DCERPC_AUTH_PAD_ALIGNMENT define
via e661c30 s4:librpc/rpc: fix padding caclucation in
ncacn_push_request_sign()
via 3336fb7 s4:librpc/rpc: let ncacn_push_request_sign() handle
sig_size == 0 with auth_info as internal error
via 18342a7 s4:librpc/rpc: let dcerpc_ship_next_request() use a
sig_size for a padded payload
via ad94101 s4:librpc/rpc: let dcerpc_ship_next_request() use
DCERPC_AUTH_PAD_ALIGNMENT define
via 9ab5872 s3:rpc_server: remove pad handling from
api_pipe_alter_context()
via c17dd15 s3:librpc/rpc: fix padding calculation in
dcerpc_guess_sizes()
via 843c953 s3:librpc/rpc: allow up to DCERPC_AUTH_PAD_ALIGNMENT
padding bytes in dcerpc_add_auth_footer()
via 213b98b librpc/rpc: add DCERPC_AUTH_PAD_LENGTH(stub_length) helper
macro
via c0432c2 dcerpc.idl: add DCERPC_AUTH_PAD_ALIGNMENT (=16)
via 5570954 auth/gensec: make sure gensec_start_mech_by_authtype()
resets SIGN/SEAL before starting
via 54b9c1c auth/gensec: gensec_[un]seal_packet() should only work with
GENSEC_FEATURE_DCE_STYLE
via b6a59bb winbindd: winbindd_raw_kerberos_login - ensure logon_info
exists in PAC.
via 7e05f60 kerberos auth info3 should contain resource group ids
available from pac_logon
via 8ddab98 s3: auth: Fix winbindd_pam_auth_pac_send() to create a new
info3 and merge in resource groups from a trusted PAC.
via 4bdfb15 s3: auth: Change auth3_generate_session_info_pac() to use a
copy of the info3 struct from the struct PAC_LOGON_INFO.
via 02bda07 s3: auth: Add create_info3_from_pac_logon_info() to create
a new info3 and merge resource group SIDs into it.
via a3d6a15 s3: auth: Change make_server_info_info3() to take a const
struct netr_SamInfo3 pointer instead of a struct PAC_LOGON_INFO.
via 2ff1428 s3: auth: Add some const to the struct netr_SamInfo3 *
arguments of copy_netr_SamInfo3() and make_server_info_info3()
via 7434e77 docs: overhaul the description of "smb encrypt" to include
SMB3 encryption.
via 972a97b docs: Change smb encrypt default in docs to match s3 and
lib/param
via 290c1ae s3: smbd: Codenomicon crash in do_smb_load_module().
via 81dde5e s3:winbindd: make sure we pass a valid server to
rpccli_netlogon_sam_network_logon*()
via e700e9d s3: smbd: Use separate flag to track
become_root()/unbecome_root() state.
via af4617a s3:param/loadparm fix testparm --show-all-parameters
via 9a67af3 VERSION: Bump version up to 4.1.20...
from f14dcca VERSION: Disable git snapshots for the 4.1.19 release.
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-1-stable
- Log -----------------------------------------------------------------
-----------------------------------------------------------------------
Summary of changes:
VERSION | 2 +-
WHATSNEW.txt | 92 +++++++++-
auth/gensec/gensec.c | 14 ++
auth/gensec/gensec_start.c | 6 +
docs-xml/smbdotconf/security/smbencrypt.xml | 262 ++++++++++++++++++++++++----
lib/param/param_table.c | 1 +
lib/replace/replace.c | 20 +++
lib/replace/replace.h | 5 +
lib/replace/wscript | 4 +-
lib/util/modules.c | 5 +
libcli/smb/smbXcli_base.c | 6 +
libcli/smb/smb_constants.h | 1 +
librpc/idl/dcerpc.idl | 1 +
librpc/rpc/rpc_common.h | 6 +
source3/auth/auth_generic.c | 11 +-
source3/auth/auth_ntlmssp.c | 4 +-
source3/auth/auth_util.c | 2 +-
source3/auth/proto.h | 9 +-
source3/auth/server_info.c | 79 ++++++++-
source3/auth/user_krb5.c | 8 +-
source3/lib/util.c | 2 +-
source3/librpc/idl/smbXsrv.idl | 2 +
source3/librpc/rpc/dcerpc.h | 2 +-
source3/librpc/rpc/dcerpc_helpers.c | 26 ++-
source3/libsmb/cli_smb2_fnum.c | 2 +-
source3/param/loadparm.c | 2 +-
source3/passdb/lookup_sid.c | 4 +-
source3/passdb/lookup_sid.h | 2 +-
source3/rpc_client/cli_pipe.c | 1 -
source3/rpc_server/srv_pipe.c | 28 +--
source3/smbd/dfree.c | 29 ++-
source3/smbd/globals.h | 3 +
source3/smbd/process.c | 7 +-
source3/smbd/smb2_server.c | 22 ++-
source3/smbd/smb2_sesssetup.c | 8 +-
source3/smbd/smb2_tcon.c | 10 +-
source3/smbd/trans2.c | 9 +-
source3/utils/net_rpc.c | 24 ++-
source3/winbindd/winbindd_dual_srv.c | 2 +-
source3/winbindd/winbindd_pam.c | 45 ++++-
source4/librpc/rpc/dcerpc.c | 16 +-
source4/rpc_server/common/reply.c | 9 +-
source4/rpc_server/dcesrv_auth.c | 8 +-
source4/selftest/tests.py | 9 +-
source4/smb_server/smb2/negprot.c | 1 +
45 files changed, 661 insertions(+), 150 deletions(-)
Changeset truncated at 500 lines:
diff --git a/VERSION b/VERSION
index 610c2c8..bfe6225 100644
--- a/VERSION
+++ b/VERSION
@@ -25,7 +25,7 @@
########################################################
SAMBA_VERSION_MAJOR=4
SAMBA_VERSION_MINOR=1
-SAMBA_VERSION_RELEASE=19
+SAMBA_VERSION_RELEASE=20
########################################################
# If a official release has a serious bug #
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index f7b50ab..642653b 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,4 +1,92 @@
==============================
+ Release Notes for Samba 4.1.20
+ September 1, 2015
+ ==============================
+
+
+This is the latest stable release of Samba 4.1.
+
+
+Changes since 4.1.19:
+---------------------
+
+o Michael Adam <[email protected]>
+ * BUG 11366: docs: Overhaul the description of "smb encrypt" to include
SMB3
+ encryption.
+ * BUG 11372: smbd: Fix SMB3 functionality of "smb encrypt".
+
+
+o Jeremy Allison <[email protected]>
+ * BUG 10823: s3: winbindd: Fix TALLOC_FREE of uninitialized groups
variable.
+ * BUG 11328: Use resource group sids obtained from pac logon_info.
+ * BUG 11339: s3: smbd: Use separate flag to track
+ become_root()/unbecome_root() state.
+ * BUG 11342: s3: smbd: Codenomicon crash in do_smb_load_module().
+ * BUG 11359: lib: replace: Add strsep function (missing on Solaris).
+
+
+o Christian Ambach <[email protected]>
+ * BUG 11170: s3:param/loadparm fix 'testparm --show-all-parameters'.
+
+
+o Ralph Boehme <[email protected]>
+ * BUG 11426: s3-net: Use talloc array in share allowedusers.
+
+
+o Günther Deschner <[email protected]>
+ * BUG 11373: s3-smbd: Reset protocol in smbXsrv_connection_init_tables
+ failure paths.
+
+
+o Justin Maggard <[email protected]>
+ * BUG 11320: s3-passdb: Respect LOOKUP_NAME_GROUP flag in sid lookup.
+
+
+o Stefan Metzmacher <[email protected]>
+ * BUG 11061: Fix logon via MS Remote Desktop.
+ * BUG 11081: s3:winbindd: make sure we pass a valid server to
+ rpccli_netlogon_sam_network_logon*().
+
+
+o Anubhav Rakshit <[email protected]>
+ * BUG 11361: s3:libsmb: Fix a bug in conversion of ea list to ea array.
+
+
+o Andreas Schneider <[email protected]>
+ * BUG 11403: s3-smbd: Leave sys_disk_free() if dfree command is used.
+ * BUG 11404: s3-auth: Fix a possible null pointer dereference.
+
+
+o Roel van Meer <[email protected]>
+ * BUG 11427: s3-util: Compare the maximum allowed length of a NetBIOS name.
+
+
+#######################################
+Reporting bugs & Development Discussion
+#######################################
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical IRC channel on irc.freenode.net.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored. All bug reports should
+be filed under the Samba 4.1 product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+======================================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+======================================================================
+
+
+Release notes for older releases follow:
+----------------------------------------
+
+======================================================================
+
+ ==============================
Release Notes for Samba 4.1.19
June 23, 2015
==============================
@@ -74,10 +162,8 @@ database (https://bugzilla.samba.org/).
======================================================================
-Release notes for older releases follow:
-----------------------------------------
+----------------------------------------------------------------------
-======================================================================
==============================
Release Notes for Samba 4.1.18
diff --git a/auth/gensec/gensec.c b/auth/gensec/gensec.c
index ea62861..01c4ac6 100644
--- a/auth/gensec/gensec.c
+++ b/auth/gensec/gensec.c
@@ -39,9 +39,15 @@ _PUBLIC_ NTSTATUS gensec_unseal_packet(struct
gensec_security *gensec_security,
if (!gensec_security->ops->unseal_packet) {
return NT_STATUS_NOT_IMPLEMENTED;
}
+ if (!gensec_have_feature(gensec_security, GENSEC_FEATURE_SIGN)) {
+ return NT_STATUS_INVALID_PARAMETER;
+ }
if (!gensec_have_feature(gensec_security, GENSEC_FEATURE_SEAL)) {
return NT_STATUS_INVALID_PARAMETER;
}
+ if (!gensec_have_feature(gensec_security, GENSEC_FEATURE_DCE_STYLE)) {
+ return NT_STATUS_INVALID_PARAMETER;
+ }
return gensec_security->ops->unseal_packet(gensec_security,
data, length,
@@ -79,6 +85,9 @@ _PUBLIC_ NTSTATUS gensec_seal_packet(struct gensec_security
*gensec_security,
if (!gensec_have_feature(gensec_security, GENSEC_FEATURE_SIGN)) {
return NT_STATUS_INVALID_PARAMETER;
}
+ if (!gensec_have_feature(gensec_security, GENSEC_FEATURE_DCE_STYLE)) {
+ return NT_STATUS_INVALID_PARAMETER;
+ }
return gensec_security->ops->seal_packet(gensec_security, mem_ctx,
data, length, whole_pdu, pdu_length, sig);
}
@@ -107,6 +116,11 @@ _PUBLIC_ size_t gensec_sig_size(struct gensec_security
*gensec_security, size_t
if (!gensec_have_feature(gensec_security, GENSEC_FEATURE_SIGN)) {
return 0;
}
+ if (gensec_have_feature(gensec_security, GENSEC_FEATURE_SEAL)) {
+ if (!gensec_have_feature(gensec_security,
GENSEC_FEATURE_DCE_STYLE)) {
+ return 0;
+ }
+ }
return gensec_security->ops->sig_size(gensec_security, data_size);
}
diff --git a/auth/gensec/gensec_start.c b/auth/gensec/gensec_start.c
index e46f0ee..8b649e5 100644
--- a/auth/gensec/gensec_start.c
+++ b/auth/gensec/gensec_start.c
@@ -701,6 +701,12 @@ _PUBLIC_ NTSTATUS gensec_start_mech_by_authtype(struct
gensec_security *gensec_s
return NT_STATUS_INVALID_PARAMETER;
}
gensec_security->dcerpc_auth_level = auth_level;
+ /*
+ * We need to reset sign/seal in order to reset it.
+ * We may got some default features inherited by the credentials
+ */
+ gensec_security->want_features &= ~GENSEC_FEATURE_SIGN;
+ gensec_security->want_features &= ~GENSEC_FEATURE_SEAL;
gensec_want_feature(gensec_security, GENSEC_FEATURE_DCE_STYLE);
gensec_want_feature(gensec_security, GENSEC_FEATURE_ASYNC_REPLIES);
if (auth_level == DCERPC_AUTH_LEVEL_INTEGRITY) {
diff --git a/docs-xml/smbdotconf/security/smbencrypt.xml
b/docs-xml/smbdotconf/security/smbencrypt.xml
index 51079ae..284fe9e 100644
--- a/docs-xml/smbdotconf/security/smbencrypt.xml
+++ b/docs-xml/smbdotconf/security/smbencrypt.xml
@@ -4,41 +4,235 @@
basic="1"
xmlns:samba="http://www.samba.org/samba/DTD/samba-doc";>
<description>
+ <para>
+ This parameter controls whether a remote client is allowed or required
+ to use SMB encryption. It has different effects depending on whether
+ the connection uses SMB1 or SMB2 and newer:
+ </para>
- <para>This is a new feature introduced with Samba 3.2 and above. It is an
- extension to the SMB/CIFS protocol negotiated as part of the UNIX
extensions.
- SMB encryption uses the GSSAPI (SSPI on Windows) ability to encrypt
- and sign every request/response in a SMB protocol stream. When
- enabled it provides a secure method of SMB/CIFS communication,
- similar to an ssh protected session, but using SMB/CIFS authentication
- to negotiate encryption and signing keys. Currently this is only
- supported by Samba 3.2 smbclient, and hopefully soon Linux CIFSFS
- and MacOS/X clients. Windows clients do not support this feature.
- </para>
-
- <para>This controls whether the remote client is allowed or required to
use SMB encryption. Possible values
- are <emphasis>auto</emphasis>, <emphasis>mandatory</emphasis>
- and <emphasis>disabled</emphasis>. This may be set on a per-share
- basis, but clients may chose to encrypt the entire session, not
- just traffic to a specific share. If this is set to mandatory
- then all traffic to a share <emphasis>must</emphasis>
- be encrypted once the connection has been made to the share.
- The server would return "access denied" to all non-encrypted
- requests on such a share. Selecting encrypted traffic reduces
- throughput as smaller packet sizes must be used (no huge UNIX
- style read/writes allowed) as well as the overhead of encrypting
- and signing all the data.
- </para>
-
- <para>If SMB encryption is selected, Windows style SMB signing (see
- the <smbconfoption name="server signing"/> option) is no longer necessary,
- as the GSSAPI flags use select both signing and sealing of the data.
- </para>
-
- <para>When set to auto, SMB encryption is offered, but not enforced.
- When set to mandatory, SMB encryption is required and if set
- to disabled, SMB encryption can not be negotiated.</para>
+ <itemizedlist>
+ <listitem>
+ <para>
+ If the connection uses SMB1, then this option controls the use
+ of a Samba-specific extension to the SMB protocol introduced in
+ Samba 3.2 that makes use of the Unix extensions.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ If the connection uses SMB2 or newer, then this option controls
+ the use of the SMB-level encryption that is supported in SMB
+ version 3.0 and above and available in Windows 8 and newer.
+ </para>
+ </listitem>
+ </itemizedlist>
+
+ <para>
+ This parameter can be set globally and on a per-share bases.
+ Possible values are
+ <emphasis>off</emphasis> (or <emphasis>disabled</emphasis>),
+ <emphasis>enabled</emphasis> (or <emphasis>auto</emphasis>, or
+ <emphasis>if_required</emphasis>),
+ <emphasis>desired</emphasis>,
+ and
+ <emphasis>required</emphasis>
+ (or <emphasis>mandatory</emphasis>).
+ A special value is <emphasis>default</emphasis> which is
+ the implicit default setting of <emphasis>enabled</emphasis>.
+ </para>
+
+ <variablelist>
+ <varlistentry>
+ <term><emphasis>Effects for SMB1</emphasis></term>
+ <listitem>
+ <para>
+ The Samba-specific encryption of SMB1 connections is an
+ extension to the SMB protocol negotiated as part of the UNIX
+ extensions. SMB encryption uses the GSSAPI (SSPI on Windows)
+ ability to encrypt and sign every request/response in a SMB
+ protocol stream. When enabled it provides a secure method of
+ SMB/CIFS communication, similar to an ssh protected session, but
+ using SMB/CIFS authentication to negotiate encryption and
+ signing keys. Currently this is only supported smbclient of by
+ Samba 3.2 and newer, and hopefully soon Linux CIFSFS and MacOS/X
+ clients. Windows clients do not support this feature.
+ </para>
+
+ <para>This may be set on a per-share
+ basis, but clients may chose to encrypt the entire session, not
+ just traffic to a specific share. If this is set to mandatory
+ then all traffic to a share <emphasis>must</emphasis>
+ be encrypted once the connection has been made to the share.
+ The server would return "access denied" to all non-encrypted
+ requests on such a share. Selecting encrypted traffic reduces
+ throughput as smaller packet sizes must be used (no huge UNIX
+ style read/writes allowed) as well as the overhead of encrypting
+ and signing all the data.
+ </para>
+
+ <para>
+ If SMB encryption is selected, Windows style SMB signing (see
+ the <smbconfoption name="server signing"/> option) is no longer
+ necessary, as the GSSAPI flags use select both signing and
+ sealing of the data.
+ </para>
+
+ <para>
+ When set to auto or default, SMB encryption is offered, but not
+ enforced. When set to mandatory, SMB encryption is required and
+ if set to disabled, SMB encryption can not be negotiated.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><emphasis>Effects for SMB2</emphasis></term>
+ <listitem>
+ <para>
+ Native SMB transport encryption is available in SMB version 3.0
+ or newer. It is only offered by Samba if
+ <emphasis>server max protocol</emphasis> is set to
+ <emphasis>SMB3</emphasis> or newer.
+ Clients supporting this type of encryption include
+ Windows 8 and newer,
+ Windows server 2012 and newer,
+ and smbclient of Samba 4.1 and newer.
+ </para>
+
+ <para>
+ The protocol implementation offers various options:
+ </para>
+
+ <itemizedlist>
+ <listitem>
+ <para>
+ The capability to perform SMB encryption can be
+ negotiated during protocol negotiation.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Data encryption can be enabled globally. In that case,
+ an encryption-capable connection will have all traffic
+ in all its sessions encrypted. In particular all share
+ connections will be encrypted.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Data encryption can also be enabled per share if not
+ enabled globally. For an encryption-capable connection,
+ all connections to an encryption-enabled share will be
+ encrypted.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Encryption can be enforced. This means that session
+ setups will be denied on non-encryption-capable
+ connections if data encryption has been enabled
+ globally. And tree connections will be denied for
+ non-encryption capable connections to shares with data
+ encryption enabled.
+ </para>
+ </listitem>
+ </itemizedlist>
+
+ <para>
+ These features can be crontrolled with settings of
+ <emphasis>smb encrypt</emphasis> as follows:
+ </para>
+
+ <itemizedlist>
+ <listitem>
+ <para>
+ Leaving it as default, explicitly setting
+ <emphasis>default</emphasis>, or setting it to
+ <emphasis>enabled</emphasis> globally will enable
+ negotiation of encryption but will not turn on
+ data encryption globally or per share.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Setting it to <emphasis>desired</emphasis> globally
+ will enable negotiation and will turn on data encryption
+ on sessions and share connections for those clients
+ that support it.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Setting it to <emphasis>required</emphasis> globally
+ will enable negotiation and turn on data encryption
+ on sessions and share connections. Clients that do
+ not support encryption will be denied access to the
+ server.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Setting it to <emphasis>off</emphasis> globally will
+ completely disable the encryption feature.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Setting it to <emphasis>desired</emphasis> on a share
+ will turn on data encryption for this share for clients
+ that support encryption if negotiation has been
+ enabled globally.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Setting it to <emphasis>required</emphasis> on a share
+ will enforce data encryption for this share if
+ negotiation has been enabled globally. I.e. clients that
+ do not support encryption will be denied access to the
+ share.
+ </para>
+ <para>
+ Note that this allows per-share enforcing to be
+ controlled in Samba differently from Windows:
+ In Windows, <emphasis>RejectUnencryptedAccess</emphasis>
+ is a global setting, and if it is set, all shares with
+ data encryption turned on
+ are automatically enforcing encryption. In order to
+ achieve the same effect in Samba, one
+ has to globally set <emphasis>smb encrypt</emphasis> to
+ <emphasis>enabled</emphasis>, and then set all shares
+ that should be encrypted to
+ <emphasis>required</emphasis>.
+ Additionally, it is possible in Samba to have some
+ shares with encryption <emphasis>required</emphasis>
+ and some other shares with encryption only
+ <emphasis>desired</emphasis>, which is not possible in
+ Windows.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Setting it to <emphasis>off</emphasis> or
+ <emphasis>enabled</emphasis> for a share has
+ no effect.
+ </para>
+ </listitem>
+ </itemizedlist>
+ </listitem>
+ </varlistentry>
+ </variablelist>
</description>
-<value type="default">auto</value>
+<value type="default">default</value>
</samba:parameter>
diff --git a/lib/param/param_table.c b/lib/param/param_table.c
index d590bd1..aa16969 100644
--- a/lib/param/param_table.c
+++ b/lib/param/param_table.c
@@ -101,6 +101,7 @@ static const struct enum_list enum_smb_signing_vals[] = {
{SMB_SIGNING_IF_REQUIRED, "On"},
{SMB_SIGNING_IF_REQUIRED, "enabled"},
{SMB_SIGNING_IF_REQUIRED, "auto"},
+ {SMB_SIGNING_DESIRED, "desired"},
{SMB_SIGNING_REQUIRED, "required"},
{SMB_SIGNING_REQUIRED, "mandatory"},
{SMB_SIGNING_REQUIRED, "force"},
diff --git a/lib/replace/replace.c b/lib/replace/replace.c
index 37edb31..488da0a 100644
--- a/lib/replace/replace.c
+++ b/lib/replace/replace.c
@@ -467,6 +467,26 @@ char *rep_strcasestr(const char *haystack, const char
*needle)
}
#endif
+#ifndef HAVE_STRSEP
+char *rep_strsep(char **pps, const char *delim)
+{
+ char *ret = *pps;
+ char *p = *pps;
+
+ if (p == NULL) {
+ return NULL;
+ }
+ p += strcspn(p, delim);
+ if (*p == '\0') {
+ *pps = NULL;
+ } else {
+ *p = '\0';
+ *pps = p + 1;
+ }
+ return ret;
+}
+#endif
+
#ifndef HAVE_STRTOK_R
/* based on GLIBC version, copyright Free Software Foundation */
char *rep_strtok_r(char *s, const char *delim, char **save_ptr)
diff --git a/lib/replace/replace.h b/lib/replace/replace.h
index cd0c25e..57163a9 100644
--
Samba Shared Repository
