The branch, v4-6-stable has been updated
via bbdd585 VERSION: Disable GIT_SNAPSHOTS for the 4.6.3 release.
via dcff483 WHATSNEW: Add release notes for Samba 4.6.3.
via c13244a cleanupdb: Fix a memory read error
via b8c11db s3:vfs:shadow_copy2: fix corner case of "/@GMT-token" in
shadow_copy2_strip_snapshot
via 0a84f16 s3:vfs:shadow_copy2: fix the corner case if cwd=/ in
make_relative_path
via 222aa4a s3:vfs:shadow_copy2: fix quoting in debug messages
via 312fb3b pam_winbind: no longer use wbcUserPasswordPolicyInfo when
authenticating
via 12c24f3 s3:smbd: Fix incorrect use of sys_getgroups()
via ee420c1 s3:lib: Fix incorrect logic in sys_broken_getgroups()
via 72d1724 lib: debug: Avoid negative array access.
via 71abf1a vfs_acl_xattr: avoid needlessly supplying a large buffer to
getxattr()
via ec39296 vfs_acl_xattr: factor out fetching of an extended attribute
via fb375e3 vfs_xattr_tdb: handle case of zero size.
via 70a2e2e selftest: test fetching a large ACL from vfs_acl_xattr
via 7a806d7 ctdb-docs: Fix documentation of -n option to ctdb tool
via c9a5199 rpcclient: allow -U'OTHERDOMAIN\user' again
via 8719babb winbindd: trigger possible passdb_dsdb initialisation
via d0d8663 winbindd: error handling in rpc_lookup_sids()
via a323631 s3/rpc_client: lookupsids error handling of
NT_STATUS_NONE_MAPPED
via 9afba47 s3/rpc_client: use NT_STATUS_LOOKUP_ERR
via 6526a27 s3/include: add NT_STATUS_LOOKUP_ERR
via b6ea6f7 selftest: fix for wbinfo -s tests for wellknown SIDs
via 5083579 winbindd: explicit check for well-known SIDs in
wb_lookupsids_bulk()
via 1a6802e selftest: wbinfo --sids-to-unix-ids tests for wellknown SIDs
via 1d66d33 selftest: wbinfo -s tests for wellknown SIDs
via fd6ec35 winbindd: use passdb backend for well-known SIDs
via 50583a6 selftest: tests idmap mapping with idmap_rid
via d0643c5 selftest: new environment "ad_member_idmap_rid"
via ff5865a winbindd: remove unused single_domains array
via b86a793 winbindd: use correct domain name for failed lookupsids
via 4c5f50c autobuild: Stop waf uninstall from removing test_tmpdir
via dce116d script/autobuild.py: ignore missing test_tmpdir
via da065cd script/autobuild.py: try to make TMPDIR handling more
verbose
via 286a9fd script/autobuild.py: add a do_print() wrapper function that
flushes after each message
via 5d964e1 script/autobuild.py: export PYTHONUNBUFFERED=1
via a727300 script/autobuild.py: cleanup the task subdirs when they're
done.
via 3cd5d41 s4/torture: vfs_fruit: test for bug 12565
via fe3fe4f vfs_fruit: resource fork open request with
flags=O_CREAT|O_RDONLY
via 981e667 wafsamba: move -L/some/path from LINKFLAGS_PYEMBED to
LIBPATH_PYEMBED
via 122e46f selftest: Test for bug 12558
via ef48aa4 smbd: Fix smb1 findfirst with DFS
via 6f05903 winbindd: Fix password policy for pam authentication
via f37537b ctdb-tools: Avoid deferencing argv[0] if argc == 0
via 208dc58 selftest: Define template homedir for 'ad_member' env
via 2cad042 s3:tests: Add a subsitution test for %D %u %g
via bc93a47 s3:winbind: Use the correct talloc context for user
information
via 925aa47 VERSION: Bump version up to 4.6.3.
via dd75f39 Merge tag 'samba-4.6.2' into v4-6-test
via cf02564 s3: Test for CVE-2017-2619 regression with "follow symlinks
= no" - part 2
via 30aa17d s3: smbd: Fix "follow symlink = no" regression part 2.
via 3f52654 s3: smbd: Fix "follow symlink = no" regression part 2.
via 1aaaa78 s3: Fixup test for CVE-2017-2619 regression with "follow
symlinks = no"
via 35f100d s3: Test for CVE-2017-2619 regression with "follow symlinks
= no".
via c6199c2 s3: smbd: Fix incorrect logic exposed by fix for the
security bug 12496 (CVE-2017-2619).
via 07437b0 selftest: tests for vfs_fruite file-id behavior
via 6b3cc69 torture: add torture_assert_mem_not_equal_goto()
via cdf3f57 vfs_fruit: document added zero_file_id parameter
via 9e7cfc4 vfs_fruit: enable zero file id
via 2732b0c smbd: add zero_file_id flag
via 2e9450a nsswtich: Add negative tests for authentication with wbinfo
via 4a6c2da s3:libads: Remove obsolete
smb_krb5_get_ntstatus_from_init_creds()
via 705149d s3: locking: Update oplock optimization for the leases era !
via a619054 s3: locking: Move two leases functions into a new file.
via 32f7ba9 Changes to make the Solaris C compiler happy.
via 36a2ee2 lib/crypto: implement samba.crypto Python module for RC4
via 137b26f Fix for Solaris C compiler.
via e418059 s3:libsmb: Only print error message if kerberos use is
forced
via 177dba4 ctdb-readonly: Avoid a tight loop waiting for revoke to
complete
via 71b8b1d s3: libgpo: Allow skipping GPO objects that don't have the
expected LDAP attributes.
via 9c8b11b s3:vfs_expand_msdfs: Do not open the remote address as a
file
via 1fc5090 testprogs: Test 'net ads join' with a dedicated keytab
via a54601e param: Allow to specify kerberos method on the commandline
via 6717c67 s3:libads: Correctly handle the keytab kerberos methods
via 323ba48 krb5_wrap: Print a warning for an invalid keytab name
via 0abbc39 testprogs: Correctly expand shell parameters
via d6c9486 auth/credentials: Always set the the realm if we set the
principal from the ccache
via 906c8a3 s3-gse: move krb5 fallback to smb_gss_krb5_import_cred
wrapper
via 9bf6381 s3-gse: convert to use smb_gss_krb5_import_cred
via 92e6351 libads: convert to use smb_gss_krb5_import_cred
via 4b74d31 credentials_krb5: convert to use smb_gss_krb5_import_cred
via cb44a31 lib/krb5_wrap: add smb_gss_krb5_import_cred wrapper
via 7f963d9 gssapi: check for gss_acquire_cred_from
via c47fee6 VERSION: Bump version up to 4.6.2.
via 0cfe9fa Merge tag 'samba-4.6.1' into v4-6-test
via bef5582 s4:kdc: disable principal based autodetected referral
detection
via b84c967 HEIMDAL:kdc: make it possible to disable the principal
based referral detection
via f8ae8e8 s3:gse: Correctly handle external trusts with MIT
via 73d13c0 s3:gse: Check if we have a target_princpal set we should use
via c2b3115 s3:gse: Move setup of service_principal to update function
via 3f67876 s3:gse: Pass down the gensec_security pointer
via 38f3e64 krb5_wrap: Remove obsolete
smb_krb5_get_principal_from_service_hostname()
via bc50ac4 s3:gse: Use smb_krb5_get_realm_from_hostname()
via 82898b8 s4:gensec_gssapi: Correctly handle external trusts with MIT
via be1e158 s4:gensec_gssapi: Use smb_krb5_get_realm_from_hostname()
via 43bc67a s4:gensec_gssapi: Move setup of service_principal to update
function
via 825bfed s4:gensec-gssapi: Create a helper function to setup
server_principal
via 97fa6c2 krb5_wrap: Make smb_krb5_get_realm_from_hostname() public
via f3940ac krb5_wrap: pass client_realm to
smb_krb5_get_realm_from_hostname()
via ec8cf1c krb5_wrap: Try to guess the correct realm from the service
hostname
via eaebcde krb5_wrap: Do not return an empty realm from
smb_krb5_get_realm_from_hostname()
via 8899995 testprogs: Add kinit_trusts tests with smbclient4
via 9b10b35 testprogs: Use smbclient by default in test_kinit_trusts
via 202604d s4:gensec_gssapi: require a realm in
gensec_gssapi_client_start()
via 22e473e s4:gensec_gssapi: the value gensec_get_target_principal()
should overwrite gensec_get_target_hostname()
via c6e5b84 replace: Include sysmacros.h
via cc03f50 manpages/vfs_fruit: document global options
via 5acfa04 s4/torture: some tests for kernel oplocks
via 48a346f s3/selftest: adopt config.h check from source4
via b6cddc1 s3/smbd: fix deferred open with streams and kernel oplocks
via b375bae s3/smbd: all callers of defer_open() pass a lck
via eeed4ff s3/smbd: remove async_open arg from defer_open()
via dcde5b1 s3/smbd: fix schedule_async_open() timer
via 1d16e5f s3/smbd: add and use retry_open() instead of defer_open()
in two places
via dc328aa s3/smbd: simplify defer_open()
via 93b789c s3/smbd: req is already validated at the beginning of
open_file_ntcreate()
via 26f7b6f s3/smbd: add comments and some reformatting to
open_file_ntcreate()
via d15c966 s3/smbd: add const to get_lease_type() args
via 30495b1 s3/wscript: fix Linux kernel oplock detection
via 1ad29ae lib/pthreadpool: fix a memory leak
via 68d6aa8 torture3: Add test for smbd crash
via ff94f79 smbd: Do an early exit on negprot failure
via 768acab idmap_autorid: allocate new domain range if the callers
knows the sid is valid
via 074aaeb VERSION: Bump version up to 4.6.1...
from 36d0070 VERSION: Disable GIT_SNAPSHOTS for the 4.6.2 release.
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-6-stable
- Log -----------------------------------------------------------------
-----------------------------------------------------------------------
Summary of changes:
VERSION | 2 +-
WHATSNEW.txt | 113 ++++++-
auth/credentials/credentials_krb5.c | 42 ++-
buildtools/wafsamba/samba_python.py | 6 +
ctdb/doc/ctdb.1.xml | 4 +-
ctdb/server/ctdb_call.c | 8 +-
ctdb/tools/ctdb_event.c | 13 +-
docs-xml/manpages/vfs_fruit.8.xml | 172 ++++++----
lib/crypto/py_crypto.c | 90 +++++
lib/crypto/wscript_build | 7 +
lib/krb5_wrap/gss_samba.c | 161 +++++++++
lib/krb5_wrap/gss_samba.h | 13 +
lib/krb5_wrap/krb5_samba.c | 166 +++------
lib/krb5_wrap/krb5_samba.h | 7 +-
lib/param/param_table.c | 4 +
lib/replace/replace.h | 4 +
lib/torture/torture.h | 10 +
lib/util/debug.c | 2 +-
libgpo/gpo_ldap.c | 27 +-
nsswitch/pam_winbind.c | 58 +---
nsswitch/tests/test_idmap_rid.sh | 66 ++++
nsswitch/tests/test_wbinfo.sh | 46 ++-
python/samba/__init__.py | 16 +-
script/autobuild.py | 61 ++--
selftest/knownfail | 6 -
selftest/target/Samba.pm | 1 +
selftest/target/Samba3.pm | 116 ++++++-
selftest/target/Samba4.pm | 6 +
source3/include/lsa.h | 4 +
source3/include/tldap.h | 6 +
source3/lib/cleanupdb.c | 2 +-
source3/lib/dbwrap/dbwrap_watch.c | 2 +-
source3/lib/pthreadpool/pthreadpool.c | 2 +-
source3/lib/system.c | 12 +-
source3/libads/kerberos.c | 169 ----------
source3/libads/kerberos_keytab.c | 69 +++-
source3/libads/sasl.c | 2 +-
source3/librpc/crypto/gse.c | 293 ++++++++++------
source3/libsmb/cliconnect.c | 12 +-
source3/locking/leases_util.c | 55 +++
source3/locking/locking.c | 22 +-
source3/locking/proto.h | 4 +
source3/modules/vfs_acl_xattr.c | 84 +++--
source3/modules/vfs_expand_msdfs.c | 3 +-
source3/modules/vfs_fruit.c | 21 ++
source3/modules/vfs_shadow_copy2.c | 17 +-
source3/modules/vfs_xattr_tdb.c | 12 +
source3/rpc_client/cli_lsarpc.c | 8 +-
source3/rpcclient/rpcclient.c | 21 +-
source3/script/tests/test_large_acl.sh | 59 ++++
source3/script/tests/test_smbclient_s3.sh | 11 +
source3/script/tests/test_substitutions.sh | 9 +-
source3/script/tests/test_wbinfo_sids2xids_int.py | 2 +-
source3/selftest/tests.py | 46 ++-
source3/smbd/files.c | 8 -
source3/smbd/globals.h | 1 +
source3/smbd/msdfs.c | 4 +-
source3/smbd/negprot.c | 21 +-
source3/smbd/open.c | 391 ++++++++++++++++------
source3/smbd/oplock.c | 25 +-
source3/smbd/proto.h | 6 +-
source3/smbd/sec_ctx.c | 3 +-
source3/smbd/trans2.c | 14 +
source3/torture/torture.c | 76 +++++
source3/winbindd/idmap_autorid.c | 13 +
source3/winbindd/wb_lookupsids.c | 21 +-
source3/winbindd/wb_queryuser.c | 2 +-
source3/winbindd/winbindd_pam.c | 7 +-
source3/winbindd/winbindd_rpc.c | 9 +-
source3/winbindd/winbindd_util.c | 27 +-
source3/wscript | 6 +-
source3/wscript_build | 6 +
source4/auth/gensec/gensec_gssapi.c | 230 +++++++++++--
source4/auth/gensec/gensec_gssapi.h | 2 +-
source4/heimdal/kdc/default_config.c | 1 +
source4/heimdal/kdc/kdc.h | 2 +
source4/heimdal/kdc/krb5tgs.c | 4 +-
source4/kdc/kdc-heimdal.c | 2 +
source4/selftest/tests.py | 2 +-
source4/torture/smb2/oplock.c | 140 ++++++++
source4/torture/smb2/smb2.c | 1 +
source4/torture/vfs/fruit.c | 145 +++++++-
source4/torture/vfs/vfs.c | 1 +
testprogs/blackbox/subunit.sh | 4 +-
testprogs/blackbox/test_kinit_trusts_heimdal.sh | 10 +-
testprogs/blackbox/test_net_ads.sh | 9 +
wscript_configure_system_mitkrb5 | 1 +
87 files changed, 2482 insertions(+), 886 deletions(-)
create mode 100644 lib/crypto/py_crypto.c
create mode 100755 nsswitch/tests/test_idmap_rid.sh
create mode 100644 source3/locking/leases_util.c
create mode 100755 source3/script/tests/test_large_acl.sh
Changeset truncated at 500 lines:
diff --git a/VERSION b/VERSION
index 9668644..ce5b2b8 100644
--- a/VERSION
+++ b/VERSION
@@ -25,7 +25,7 @@
########################################################
SAMBA_VERSION_MAJOR=4
SAMBA_VERSION_MINOR=6
-SAMBA_VERSION_RELEASE=2
+SAMBA_VERSION_RELEASE=3
########################################################
# If a official release has a serious bug #
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index a5feff8..9a16862 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,4 +1,113 @@
=============================
+ Release Notes for Samba 4.6.3
+ April 25, 2017
+ =============================
+
+
+This is the latest stable release of the Samba 4.6 release series.
+
+
+Changes since 4.6.2:
+--------------------
+
+o Michael Adam <ob...@samba.org>
+ * BUG 12743: s3:vfs:shadow_copy2: vfs_shadow_copy2 fails to list snapshots
+ from shares with GlusterFS backend.
+
+o Jeremy Allison <j...@samba.org>
+ * BUG 12559: Fix for Solaris C compiler.
+ * BUG 12628: s3: locking: Update oplock optimization for the leases era.
+ * BUG 12693: Make the Solaris C compiler happy.
+ * BUG 12695: s3: libgpo: Allow skipping GPO objects that don't have the
+ expected LDAP attributes.
+ * BUG 12747: Fix buffer overflow caused by wrong use of getgroups.
+
+o Hanno Boeck <ha...@hboeck.de>
+ * BUG 12746: lib: debug: Avoid negative array access.
+ * BUG 12748: cleanupdb: Fix a memory read error.
+
+o Ralph Boehme <s...@samba.org>
+ * BUG 7537: streams_xattr and kernel oplocks results in
+ NT_STATUS_NETWORK_BUSY.
+ * BUG 11961: winbindd: idmap_autorid allocates ids for unknown SIDs from
other
+ backends.
+ * BUG 12565: vfs_fruit: Resource fork open request with
+ flags=O_CREAT|O_RDONLY.
+ * BUG 12615: manpages/vfs_fruit: Document global options.
+ * BUG 12624: lib/pthreadpool: Fix a memory leak.
+ * BUG 12727: Lookup-domain for well-known SIDs on a DC.
+ * BUG 12728: winbindd: Fix error handling in rpc_lookup_sids().
+ * BUG 12729: winbindd: Trigger possible passdb_dsdb initialisation.
+
+o Alexander Bokovoy <a...@samba.org>
+ * BUG 12611: credentials_krb5: use gss_acquire_cred for client-side GSSAPI
+ use case.
+ * BUG 12690: lib/crypto: Implement samba.crypto Python module for RC4.
+
+o Amitay Isaacs <ami...@gmail.com>
+ * BUG 12697: ctdb-readonly: Avoid a tight loop waiting for revoke to
+ complete.
+ * BUG 12723: ctdb_event monitor command crashes if event is not specified.
+ * BUG 12733: ctdb-docs: Fix documentation of "-n" option to 'ctdb tool'.
+
+o Volker Lendecke <v...@samba.org>
+ * BUG 12558: smbd: Fix smb1 findfirst with DFS.
+ * BUG 12610: smbd: Do an early exit on negprot failure.
+ * BUG 12699: winbindd: Fix substitution for 'template homedir'.
+
+o Stefan Metzmacher <me...@samba.org>
+ * BUG 12554: s4:kdc: Disable principal based autodetected referral
detection.
+ * BUG 12613: idmap_autorid: Allocate new domain range if the callers knows
+ the sid is valid.
+ * BUG 12724: LINKFLAGS_PYEMBED should not contain -L/some/path.
+ * BUG 12725: PAM auth with WBFLAG_PAM_GET_PWD_POLICY returns wrong policy
for
+ trusted domain.
+ * BUG 12731: rpcclient: Allow -U'OTHERDOMAIN\user' again.
+
+o Christof Schmitt <c...@samba.org>
+ * BUG 12725: winbindd: Fix password policy for pam authentication.
+
+o Andreas Schneider <a...@samba.org>
+ * BUG 12554: s3:gse: Correctly handle external trusts with MIT.
+ * BUG 12611: auth/credentials: Always set the realm if we set the principal
+ from the ccache.
+ * BUG 12686: replace: Include sysmacros.h.
+ * BUG 12687: s3:vfs_expand_msdfs: Do not open the remote address as a file.
+ * BUG 12704: s3:libsmb: Only print error message if kerberos use is forced.
+ * BUG 12708: winbindd: Child process crashes when kerberos-authenticating
+ a user with wrong password.
+
+o Uri Simchoni <u...@samba.org>
+ * BUG 12715: vfs_fruit: Office document opens as read-only on macOS due to
+ CNID semantics.
+ * BUG 12737: vfs_acl_xattr: Fix failure to get ACL on Linux if memory is
+ fragmented.
+
+
+#######################################
+Reporting bugs & Development Discussion
+#######################################
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical IRC channel on irc.freenode.net.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored. All bug reports should
+be filed under the "Samba 4.1 and newer" product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+======================================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+======================================================================
+
+
+Release notes for older releases follow:
+----------------------------------------
+
+ =============================
Release Notes for Samba 4.6.2
March 31, 2017
=============================
@@ -36,8 +145,8 @@ database (https://bugzilla.samba.org/).
======================================================================
-Release notes for older releases follow:
-----------------------------------------
+----------------------------------------------------------------------
+
=============================
Release Notes for Samba 4.6.1
diff --git a/auth/credentials/credentials_krb5.c
b/auth/credentials/credentials_krb5.c
index e974df9..1912c48 100644
--- a/auth/credentials/credentials_krb5.c
+++ b/auth/credentials/credentials_krb5.c
@@ -107,7 +107,8 @@ static int cli_credentials_set_from_ccache(struct
cli_credentials *cred,
enum credentials_obtained obtained,
const char **error_string)
{
-
+ bool ok;
+ char *realm;
krb5_principal princ;
krb5_error_code ret;
char *name;
@@ -134,11 +135,24 @@ static int cli_credentials_set_from_ccache(struct
cli_credentials *cred,
return ret;
}
- cli_credentials_set_principal(cred, name, obtained);
-
+ ok = cli_credentials_set_principal(cred, name, obtained);
+ if (!ok) {
+ krb5_free_principal(ccache->smb_krb5_context->krb5_context,
princ);
+ return ENOMEM;
+ }
free(name);
+ realm =
smb_krb5_principal_get_realm(ccache->smb_krb5_context->krb5_context,
+ princ);
krb5_free_principal(ccache->smb_krb5_context->krb5_context, princ);
+ if (realm == NULL) {
+ return ENOMEM;
+ }
+ ok = cli_credentials_set_realm(cred, realm, obtained);
+ SAFE_FREE(realm);
+ if (!ok) {
+ return ENOMEM;
+ }
/* set the ccache_obtained here, as it just got set to UNINITIALISED by
the calls above */
cred->ccache_obtained = obtained;
@@ -579,8 +593,9 @@ _PUBLIC_ int cli_credentials_get_client_gss_creds(struct
cli_credentials *cred,
return ENOMEM;
}
- maj_stat = gss_krb5_import_cred(&min_stat, ccache->ccache, NULL, NULL,
- &gcc->creds);
+ maj_stat = smb_gss_krb5_import_cred(&min_stat,
ccache->smb_krb5_context->krb5_context,
+ ccache->ccache, NULL, NULL,
+ &gcc->creds);
if ((maj_stat == GSS_S_FAILURE) &&
(min_stat == (OM_uint32)KRB5_CC_END ||
min_stat == (OM_uint32)KRB5_CC_NOTFOUND ||
@@ -597,8 +612,9 @@ _PUBLIC_ int cli_credentials_get_client_gss_creds(struct
cli_credentials *cred,
return ret;
}
- maj_stat = gss_krb5_import_cred(&min_stat, ccache->ccache,
NULL, NULL,
- &gcc->creds);
+ maj_stat = smb_gss_krb5_import_cred(&min_stat,
ccache->smb_krb5_context->krb5_context,
+ ccache->ccache, NULL, NULL,
+ &gcc->creds);
}
@@ -609,7 +625,7 @@ _PUBLIC_ int cli_credentials_get_client_gss_creds(struct
cli_credentials *cred,
} else {
ret = EINVAL;
}
- (*error_string) = talloc_asprintf(cred, "gss_krb5_import_cred
failed: %s", error_message(ret));
+ (*error_string) = talloc_asprintf(cred,
"smb_gss_krb5_import_cred failed: %s", error_message(ret));
return ret;
}
@@ -1076,12 +1092,14 @@ _PUBLIC_ int
cli_credentials_get_server_gss_creds(struct cli_credentials *cred,
if (ktc->password_based || obtained < CRED_SPECIFIED) {
/* This creates a GSSAPI cred_id_t for match-by-key with only
the keytab set */
- maj_stat = gss_krb5_import_cred(&min_stat, NULL, NULL,
ktc->keytab,
- &gcc->creds);
+ maj_stat = smb_gss_krb5_import_cred(&min_stat,
smb_krb5_context->krb5_context,
+ NULL, NULL, ktc->keytab,
+ &gcc->creds);
} else {
/* This creates a GSSAPI cred_id_t with the principal and
keytab set, matching by name */
- maj_stat = gss_krb5_import_cred(&min_stat, NULL, princ,
ktc->keytab,
- &gcc->creds);
+ maj_stat = smb_gss_krb5_import_cred(&min_stat,
smb_krb5_context->krb5_context,
+ NULL, princ, ktc->keytab,
+ &gcc->creds);
}
if (maj_stat) {
if (min_stat) {
diff --git a/buildtools/wafsamba/samba_python.py
b/buildtools/wafsamba/samba_python.py
index 057a017..3a04881 100644
--- a/buildtools/wafsamba/samba_python.py
+++ b/buildtools/wafsamba/samba_python.py
@@ -76,6 +76,12 @@ def _check_python_headers(conf, mandatory):
else:
conf.env['PYTHON_SO_ABI_FLAG'] = ''
+ for lib in conf.env['LINKFLAGS_PYEMBED']:
+ if lib.startswith('-L'):
+ conf.env.append_unique('LIBPATH_PYEMBED', lib[2:]) # strip '-L'
+ conf.env['LINKFLAGS_PYEMBED'].remove(lib)
+
+ return
def SAMBA_PYTHON(bld, name,
source='',
diff --git a/ctdb/doc/ctdb.1.xml b/ctdb/doc/ctdb.1.xml
index f24f8dd..99e535d 100644
--- a/ctdb/doc/ctdb.1.xml
+++ b/ctdb/doc/ctdb.1.xml
@@ -123,10 +123,10 @@
<title>OPTIONS</title>
<variablelist>
- <varlistentry><term>-n <parameter>PNN-LIST</parameter></term>
+ <varlistentry><term>-n <parameter>PNN</parameter></term>
<listitem>
<para>
- The nodes specified by PNN-LIST should be queried for the
+ The node specified by PNN should be queried for the
requested information. Default is to query the daemon
running on the local host.
</para>
diff --git a/ctdb/server/ctdb_call.c b/ctdb/server/ctdb_call.c
index a05ec1a..8ce3928 100644
--- a/ctdb/server/ctdb_call.c
+++ b/ctdb/server/ctdb_call.c
@@ -1600,7 +1600,6 @@ static int deferred_call_destructor(struct
revokechild_deferred_call *deferred_c
{
struct ctdb_context *ctdb = deferred_call->ctdb;
struct revokechild_requeue_handle *requeue_handle = talloc(ctdb, struct
revokechild_requeue_handle);
- struct ctdb_req_call_old *c = (struct ctdb_req_call_old
*)deferred_call->hdr;
requeue_handle->ctdb = ctdb;
requeue_handle->hdr = deferred_call->hdr;
@@ -1608,9 +1607,12 @@ static int deferred_call_destructor(struct
revokechild_deferred_call *deferred_c
requeue_handle->ctx = deferred_call->ctx;
talloc_steal(requeue_handle, requeue_handle->hdr);
- /* when revoking, any READONLY requests have 1 second grace to let
read/write finish first */
+ /* Always delay revoke requests. Either wait for the read/write
+ * operation to complete, or if revoking failed wait for recovery to
+ * complete
+ */
tevent_add_timer(ctdb->ev, requeue_handle,
- timeval_current_ofs(c->flags & CTDB_WANT_READONLY ? 1
: 0, 0),
+ timeval_current_ofs(1, 0),
deferred_call_requeue, requeue_handle);
return 0;
diff --git a/ctdb/tools/ctdb_event.c b/ctdb/tools/ctdb_event.c
index 62b4b91..8e2dca7 100644
--- a/ctdb/tools/ctdb_event.c
+++ b/ctdb/tools/ctdb_event.c
@@ -223,23 +223,26 @@ static int command_status(TALLOC_CTX *mem_ctx, struct
tool_context *tctx,
talloc_free(req);
if (! status) {
fprintf(stderr, "Failed to get event %s status, ret=%d\n",
- argv[0], ret);
+ ctdb_event_to_string(event), ret);
return ret;
}
if (result != 0) {
fprintf(stderr, "Failed to get event %s status, result=%d\n",
- argv[0], result);
+ ctdb_event_to_string(event), result);
return result;
}
if (script_list == NULL) {
if (state == CTDB_EVENT_LAST_RUN) {
- printf("Event %s has never run\n", argv[0]);
+ printf("Event %s has never run\n",
+ ctdb_event_to_string(event));
} else if (state == CTDB_EVENT_LAST_PASS) {
- printf("Event %s has never passed\n", argv[0]);
+ printf("Event %s has never passed\n",
+ ctdb_event_to_string(event));
} else if (state == CTDB_EVENT_LAST_FAIL) {
- printf("Event %s has never failed\n", argv[0]);
+ printf("Event %s has never failed\n",
+ ctdb_event_to_string(event));
}
} else {
for (i=0; i<script_list->num_scripts; i++) {
diff --git a/docs-xml/manpages/vfs_fruit.8.xml
b/docs-xml/manpages/vfs_fruit.8.xml
index fa86b6f..cbeb12c 100644
--- a/docs-xml/manpages/vfs_fruit.8.xml
+++ b/docs-xml/manpages/vfs_fruit.8.xml
@@ -79,8 +79,98 @@
</refsect1>
<refsect1>
+ <title>GLOBAL OPTIONS</title>
+
+ <para>The following options must be set in the global smb.conf section
+ and won't take effect when set per share.</para>
+
+ <variablelist>
+
+ <varlistentry>
+ <term>fruit:aapl = yes | no</term>
+ <listitem>
+ <para>A <emphasis>global</emphasis> option whether to enable
Apple's SMB2+
+ extension codenamed AAPL. Default
+ <emphasis>yes</emphasis>. This extension enhances
+ several deficiencies when connecting from Macs:</para>
+
+ <itemizedlist>
+ <listitem><para>directory enumeration is enriched with
+ Mac relevant filesystem metadata (UNIX mode,
+ FinderInfo, resource fork size and effective
+ permission), as a result the Mac client doesn't need
+ to fetch this metadata individuallly per directory
+ entry resulting in an often tremendous performance
+ increase.</para></listitem>
+
+ <listitem><para>The ability to query and modify the
+ UNIX mode of directory entries.</para></listitem>
+ </itemizedlist>
+
+ <para>There's a set of per share options that come into play when
+ <emphasis>fruit:aapl</emphasis> is enabled. These opions, listed
+ below, can be used to disable the computation of specific Mac
+ metadata in the directory enumeration context, all are enabled by
+ default:</para>
+
+ <itemizedlist>
+ <listitem><para>readdir_attr:aapl_rsize = yes |
no</para></listitem>
+ <listitem><para>readdir_attr:aapl_finder_info = yes |
no</para></listitem>
+ <listitem><para>readdir_attr:aapl_max_access = yes |
no</para></listitem>
+ </itemizedlist>
+
+ <para>See below for a description of these options.</para>
+
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>fruit:nfs_aces = yes | no</term>
+ <listitem>
+ <para>A <emphasis>global</emphasis> option whether support for
+ querying and modifying the UNIX mode of directory entries via NFS
+ ACEs is enabled, default <emphasis>yes</emphasis>.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>fruit:copyfile = yes | no</term>
+ <listitem>
+ <para>A <emphasis>global</emphasis> option whether to enable OS X
+ specific copychunk ioctl that requests a copy of a whole file
+ along with all attached metadata.</para>
+ <para>WARNING: the copyfile request is blocking the
+ client while the server does the copy.</para>.
+ <para>The default is <emphasis>no</emphasis>.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>fruit:zero_file_id = yes | no</term>
+ <listitem>
+ <para>A <emphasis>global</emphasis> option whether to return
+ zero to queries of on-disk file identifier, if the client
+ has negotiated AAPL.</para>
+ <para>Mac applications and / or the Mac SMB
+ client code expect the on-disk file identifier to have the
+ semantics of HFS+ Catalog Node Identifier (CNID). Samba
+ doesn't provide those semantics, and that occasionally cause
+ usability issues or even data loss. Returning a file identifier
+ of zero causes the Mac client to stop using and trusting the
+ file id returned from the server.</para>
+ <para>The default is <emphasis>yes</emphasis>.</para>
+ </listitem>
+ </varlistentry>
+
+ </variablelist>
+</refsect1>
+
+<refsect1>
<title>OPTIONS</title>
+ <para>The following options can be set either in the global smb.conf
section
+ or per share.</para>
+
<variablelist>
<varlistentry>
@@ -178,50 +268,6 @@
</varlistentry>
<varlistentry>
- <term>fruit:aapl = yes | no</term>
- <listitem>
- <para>A global option whether to enable Apple's SMB2+
- extension codenamed AAPL. Default
- <emphasis>yes</emphasis>. This extension enhances
- several deficiencies when connecting from Macs:</para>
-
- <itemizedlist>
- <listitem><para>directory enumeration is enriched with
- Mac relevant filesystem metadata (UNIX mode,
- FinderInfo, resource fork size and effective
- permission), as a result the Mac client doesn't need
- to fetch this metadata individuallly per directory
- entry resulting in an often tremendous performance
- increase.</para></listitem>
-
- <listitem><para>The ability to query and modify the
- UNIX mode of directory entries.</para></listitem>
- </itemizedlist>
-
- <para>There's a set of per share options that can be
- used to disable the computation of specific Mac metadata
- in the directory enumeration context, all are enabled by
- default:</para>
-
- <itemizedlist>
- <listitem><para>readdir_attr:aapl_rsize = true |
false</para></listitem>
- <listitem><para>readdir_attr:aapl_finder_info = true |
false</para></listitem>
- <listitem><para>readdir_attr:aapl_max_access = true |
false</para></listitem>
- </itemizedlist>
-
- </listitem>
- </varlistentry>
-
- <varlistentry>
- <term>fruit:nfs_aces = yes | no</term>
- <listitem>
- <para>Whether support for querying and modifying the
- UNIX mode of directory entries via NFS ACEs is enabled,
- default <emphasis>yes</emphasis>.</para>
- </listitem>
- </varlistentry>
-
- <varlistentry>
<term>fruit:veto_appledouble = yes | no</term>
<listitem>
<para><emphasis>Note:</emphasis> this option only applies when
@@ -243,18 +289,6 @@
</varlistentry>
<varlistentry>
- <term>fruit:copyfile = yes | no</term>
- <listitem>
- <para>Whether to enable OS X specific copychunk ioctl
- that requests a copy of a whole file along with all
- attached metadata.</para>
- <para>WARNING: the copyfile request is blocking the
- client while the server does the copy.</para>.
- <para>The default is <emphasis>no</emphasis>.</para>
- </listitem>
- </varlistentry>
--
Samba Shared Repository
