The branch, v4-6-stable has been updated via bbdd585 VERSION: Disable GIT_SNAPSHOTS for the 4.6.3 release. via dcff483 WHATSNEW: Add release notes for Samba 4.6.3. via c13244a cleanupdb: Fix a memory read error via b8c11db s3:vfs:shadow_copy2: fix corner case of "/@GMT-token" in shadow_copy2_strip_snapshot via 0a84f16 s3:vfs:shadow_copy2: fix the corner case if cwd=/ in make_relative_path via 222aa4a s3:vfs:shadow_copy2: fix quoting in debug messages via 312fb3b pam_winbind: no longer use wbcUserPasswordPolicyInfo when authenticating via 12c24f3 s3:smbd: Fix incorrect use of sys_getgroups() via ee420c1 s3:lib: Fix incorrect logic in sys_broken_getgroups() via 72d1724 lib: debug: Avoid negative array access. via 71abf1a vfs_acl_xattr: avoid needlessly supplying a large buffer to getxattr() via ec39296 vfs_acl_xattr: factor out fetching of an extended attribute via fb375e3 vfs_xattr_tdb: handle case of zero size. via 70a2e2e selftest: test fetching a large ACL from vfs_acl_xattr via 7a806d7 ctdb-docs: Fix documentation of -n option to ctdb tool via c9a5199 rpcclient: allow -U'OTHERDOMAIN\user' again via 8719babb winbindd: trigger possible passdb_dsdb initialisation via d0d8663 winbindd: error handling in rpc_lookup_sids() via a323631 s3/rpc_client: lookupsids error handling of NT_STATUS_NONE_MAPPED via 9afba47 s3/rpc_client: use NT_STATUS_LOOKUP_ERR via 6526a27 s3/include: add NT_STATUS_LOOKUP_ERR via b6ea6f7 selftest: fix for wbinfo -s tests for wellknown SIDs via 5083579 winbindd: explicit check for well-known SIDs in wb_lookupsids_bulk() via 1a6802e selftest: wbinfo --sids-to-unix-ids tests for wellknown SIDs via 1d66d33 selftest: wbinfo -s tests for wellknown SIDs via fd6ec35 winbindd: use passdb backend for well-known SIDs via 50583a6 selftest: tests idmap mapping with idmap_rid via d0643c5 selftest: new environment "ad_member_idmap_rid" via ff5865a winbindd: remove unused single_domains array via b86a793 winbindd: use correct domain name for failed lookupsids via 4c5f50c autobuild: Stop waf uninstall from removing test_tmpdir via dce116d script/autobuild.py: ignore missing test_tmpdir via da065cd script/autobuild.py: try to make TMPDIR handling more verbose via 286a9fd script/autobuild.py: add a do_print() wrapper function that flushes after each message via 5d964e1 script/autobuild.py: export PYTHONUNBUFFERED=1 via a727300 script/autobuild.py: cleanup the task subdirs when they're done. via 3cd5d41 s4/torture: vfs_fruit: test for bug 12565 via fe3fe4f vfs_fruit: resource fork open request with flags=O_CREAT|O_RDONLY via 981e667 wafsamba: move -L/some/path from LINKFLAGS_PYEMBED to LIBPATH_PYEMBED via 122e46f selftest: Test for bug 12558 via ef48aa4 smbd: Fix smb1 findfirst with DFS via 6f05903 winbindd: Fix password policy for pam authentication via f37537b ctdb-tools: Avoid deferencing argv[0] if argc == 0 via 208dc58 selftest: Define template homedir for 'ad_member' env via 2cad042 s3:tests: Add a subsitution test for %D %u %g via bc93a47 s3:winbind: Use the correct talloc context for user information via 925aa47 VERSION: Bump version up to 4.6.3. via dd75f39 Merge tag 'samba-4.6.2' into v4-6-test via cf02564 s3: Test for CVE-2017-2619 regression with "follow symlinks = no" - part 2 via 30aa17d s3: smbd: Fix "follow symlink = no" regression part 2. via 3f52654 s3: smbd: Fix "follow symlink = no" regression part 2. via 1aaaa78 s3: Fixup test for CVE-2017-2619 regression with "follow symlinks = no" via 35f100d s3: Test for CVE-2017-2619 regression with "follow symlinks = no". via c6199c2 s3: smbd: Fix incorrect logic exposed by fix for the security bug 12496 (CVE-2017-2619). via 07437b0 selftest: tests for vfs_fruite file-id behavior via 6b3cc69 torture: add torture_assert_mem_not_equal_goto() via cdf3f57 vfs_fruit: document added zero_file_id parameter via 9e7cfc4 vfs_fruit: enable zero file id via 2732b0c smbd: add zero_file_id flag via 2e9450a nsswtich: Add negative tests for authentication with wbinfo via 4a6c2da s3:libads: Remove obsolete smb_krb5_get_ntstatus_from_init_creds() via 705149d s3: locking: Update oplock optimization for the leases era ! via a619054 s3: locking: Move two leases functions into a new file. via 32f7ba9 Changes to make the Solaris C compiler happy. via 36a2ee2 lib/crypto: implement samba.crypto Python module for RC4 via 137b26f Fix for Solaris C compiler. via e418059 s3:libsmb: Only print error message if kerberos use is forced via 177dba4 ctdb-readonly: Avoid a tight loop waiting for revoke to complete via 71b8b1d s3: libgpo: Allow skipping GPO objects that don't have the expected LDAP attributes. via 9c8b11b s3:vfs_expand_msdfs: Do not open the remote address as a file via 1fc5090 testprogs: Test 'net ads join' with a dedicated keytab via a54601e param: Allow to specify kerberos method on the commandline via 6717c67 s3:libads: Correctly handle the keytab kerberos methods via 323ba48 krb5_wrap: Print a warning for an invalid keytab name via 0abbc39 testprogs: Correctly expand shell parameters via d6c9486 auth/credentials: Always set the the realm if we set the principal from the ccache via 906c8a3 s3-gse: move krb5 fallback to smb_gss_krb5_import_cred wrapper via 9bf6381 s3-gse: convert to use smb_gss_krb5_import_cred via 92e6351 libads: convert to use smb_gss_krb5_import_cred via 4b74d31 credentials_krb5: convert to use smb_gss_krb5_import_cred via cb44a31 lib/krb5_wrap: add smb_gss_krb5_import_cred wrapper via 7f963d9 gssapi: check for gss_acquire_cred_from via c47fee6 VERSION: Bump version up to 4.6.2. via 0cfe9fa Merge tag 'samba-4.6.1' into v4-6-test via bef5582 s4:kdc: disable principal based autodetected referral detection via b84c967 HEIMDAL:kdc: make it possible to disable the principal based referral detection via f8ae8e8 s3:gse: Correctly handle external trusts with MIT via 73d13c0 s3:gse: Check if we have a target_princpal set we should use via c2b3115 s3:gse: Move setup of service_principal to update function via 3f67876 s3:gse: Pass down the gensec_security pointer via 38f3e64 krb5_wrap: Remove obsolete smb_krb5_get_principal_from_service_hostname() via bc50ac4 s3:gse: Use smb_krb5_get_realm_from_hostname() via 82898b8 s4:gensec_gssapi: Correctly handle external trusts with MIT via be1e158 s4:gensec_gssapi: Use smb_krb5_get_realm_from_hostname() via 43bc67a s4:gensec_gssapi: Move setup of service_principal to update function via 825bfed s4:gensec-gssapi: Create a helper function to setup server_principal via 97fa6c2 krb5_wrap: Make smb_krb5_get_realm_from_hostname() public via f3940ac krb5_wrap: pass client_realm to smb_krb5_get_realm_from_hostname() via ec8cf1c krb5_wrap: Try to guess the correct realm from the service hostname via eaebcde krb5_wrap: Do not return an empty realm from smb_krb5_get_realm_from_hostname() via 8899995 testprogs: Add kinit_trusts tests with smbclient4 via 9b10b35 testprogs: Use smbclient by default in test_kinit_trusts via 202604d s4:gensec_gssapi: require a realm in gensec_gssapi_client_start() via 22e473e s4:gensec_gssapi: the value gensec_get_target_principal() should overwrite gensec_get_target_hostname() via c6e5b84 replace: Include sysmacros.h via cc03f50 manpages/vfs_fruit: document global options via 5acfa04 s4/torture: some tests for kernel oplocks via 48a346f s3/selftest: adopt config.h check from source4 via b6cddc1 s3/smbd: fix deferred open with streams and kernel oplocks via b375bae s3/smbd: all callers of defer_open() pass a lck via eeed4ff s3/smbd: remove async_open arg from defer_open() via dcde5b1 s3/smbd: fix schedule_async_open() timer via 1d16e5f s3/smbd: add and use retry_open() instead of defer_open() in two places via dc328aa s3/smbd: simplify defer_open() via 93b789c s3/smbd: req is already validated at the beginning of open_file_ntcreate() via 26f7b6f s3/smbd: add comments and some reformatting to open_file_ntcreate() via d15c966 s3/smbd: add const to get_lease_type() args via 30495b1 s3/wscript: fix Linux kernel oplock detection via 1ad29ae lib/pthreadpool: fix a memory leak via 68d6aa8 torture3: Add test for smbd crash via ff94f79 smbd: Do an early exit on negprot failure via 768acab idmap_autorid: allocate new domain range if the callers knows the sid is valid via 074aaeb VERSION: Bump version up to 4.6.1... from 36d0070 VERSION: Disable GIT_SNAPSHOTS for the 4.6.2 release.
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-6-stable - Log ----------------------------------------------------------------- ----------------------------------------------------------------------- Summary of changes: VERSION | 2 +- WHATSNEW.txt | 113 ++++++- auth/credentials/credentials_krb5.c | 42 ++- buildtools/wafsamba/samba_python.py | 6 + ctdb/doc/ctdb.1.xml | 4 +- ctdb/server/ctdb_call.c | 8 +- ctdb/tools/ctdb_event.c | 13 +- docs-xml/manpages/vfs_fruit.8.xml | 172 ++++++---- lib/crypto/py_crypto.c | 90 +++++ lib/crypto/wscript_build | 7 + lib/krb5_wrap/gss_samba.c | 161 +++++++++ lib/krb5_wrap/gss_samba.h | 13 + lib/krb5_wrap/krb5_samba.c | 166 +++------ lib/krb5_wrap/krb5_samba.h | 7 +- lib/param/param_table.c | 4 + lib/replace/replace.h | 4 + lib/torture/torture.h | 10 + lib/util/debug.c | 2 +- libgpo/gpo_ldap.c | 27 +- nsswitch/pam_winbind.c | 58 +--- nsswitch/tests/test_idmap_rid.sh | 66 ++++ nsswitch/tests/test_wbinfo.sh | 46 ++- python/samba/__init__.py | 16 +- script/autobuild.py | 61 ++-- selftest/knownfail | 6 - selftest/target/Samba.pm | 1 + selftest/target/Samba3.pm | 116 ++++++- selftest/target/Samba4.pm | 6 + source3/include/lsa.h | 4 + source3/include/tldap.h | 6 + source3/lib/cleanupdb.c | 2 +- source3/lib/dbwrap/dbwrap_watch.c | 2 +- source3/lib/pthreadpool/pthreadpool.c | 2 +- source3/lib/system.c | 12 +- source3/libads/kerberos.c | 169 ---------- source3/libads/kerberos_keytab.c | 69 +++- source3/libads/sasl.c | 2 +- source3/librpc/crypto/gse.c | 293 ++++++++++------ source3/libsmb/cliconnect.c | 12 +- source3/locking/leases_util.c | 55 +++ source3/locking/locking.c | 22 +- source3/locking/proto.h | 4 + source3/modules/vfs_acl_xattr.c | 84 +++-- source3/modules/vfs_expand_msdfs.c | 3 +- source3/modules/vfs_fruit.c | 21 ++ source3/modules/vfs_shadow_copy2.c | 17 +- source3/modules/vfs_xattr_tdb.c | 12 + source3/rpc_client/cli_lsarpc.c | 8 +- source3/rpcclient/rpcclient.c | 21 +- source3/script/tests/test_large_acl.sh | 59 ++++ source3/script/tests/test_smbclient_s3.sh | 11 + source3/script/tests/test_substitutions.sh | 9 +- source3/script/tests/test_wbinfo_sids2xids_int.py | 2 +- source3/selftest/tests.py | 46 ++- source3/smbd/files.c | 8 - source3/smbd/globals.h | 1 + source3/smbd/msdfs.c | 4 +- source3/smbd/negprot.c | 21 +- source3/smbd/open.c | 391 ++++++++++++++++------ source3/smbd/oplock.c | 25 +- source3/smbd/proto.h | 6 +- source3/smbd/sec_ctx.c | 3 +- source3/smbd/trans2.c | 14 + source3/torture/torture.c | 76 +++++ source3/winbindd/idmap_autorid.c | 13 + source3/winbindd/wb_lookupsids.c | 21 +- source3/winbindd/wb_queryuser.c | 2 +- source3/winbindd/winbindd_pam.c | 7 +- source3/winbindd/winbindd_rpc.c | 9 +- source3/winbindd/winbindd_util.c | 27 +- source3/wscript | 6 +- source3/wscript_build | 6 + source4/auth/gensec/gensec_gssapi.c | 230 +++++++++++-- source4/auth/gensec/gensec_gssapi.h | 2 +- source4/heimdal/kdc/default_config.c | 1 + source4/heimdal/kdc/kdc.h | 2 + source4/heimdal/kdc/krb5tgs.c | 4 +- source4/kdc/kdc-heimdal.c | 2 + source4/selftest/tests.py | 2 +- source4/torture/smb2/oplock.c | 140 ++++++++ source4/torture/smb2/smb2.c | 1 + source4/torture/vfs/fruit.c | 145 +++++++- source4/torture/vfs/vfs.c | 1 + testprogs/blackbox/subunit.sh | 4 +- testprogs/blackbox/test_kinit_trusts_heimdal.sh | 10 +- testprogs/blackbox/test_net_ads.sh | 9 + wscript_configure_system_mitkrb5 | 1 + 87 files changed, 2482 insertions(+), 886 deletions(-) create mode 100644 lib/crypto/py_crypto.c create mode 100755 nsswitch/tests/test_idmap_rid.sh create mode 100644 source3/locking/leases_util.c create mode 100755 source3/script/tests/test_large_acl.sh Changeset truncated at 500 lines: diff --git a/VERSION b/VERSION index 9668644..ce5b2b8 100644 --- a/VERSION +++ b/VERSION @@ -25,7 +25,7 @@ ######################################################## SAMBA_VERSION_MAJOR=4 SAMBA_VERSION_MINOR=6 -SAMBA_VERSION_RELEASE=2 +SAMBA_VERSION_RELEASE=3 ######################################################## # If a official release has a serious bug # diff --git a/WHATSNEW.txt b/WHATSNEW.txt index a5feff8..9a16862 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,4 +1,113 @@ ============================= + Release Notes for Samba 4.6.3 + April 25, 2017 + ============================= + + +This is the latest stable release of the Samba 4.6 release series. + + +Changes since 4.6.2: +-------------------- + +o Michael Adam <ob...@samba.org> + * BUG 12743: s3:vfs:shadow_copy2: vfs_shadow_copy2 fails to list snapshots + from shares with GlusterFS backend. + +o Jeremy Allison <j...@samba.org> + * BUG 12559: Fix for Solaris C compiler. + * BUG 12628: s3: locking: Update oplock optimization for the leases era. + * BUG 12693: Make the Solaris C compiler happy. + * BUG 12695: s3: libgpo: Allow skipping GPO objects that don't have the + expected LDAP attributes. + * BUG 12747: Fix buffer overflow caused by wrong use of getgroups. + +o Hanno Boeck <ha...@hboeck.de> + * BUG 12746: lib: debug: Avoid negative array access. + * BUG 12748: cleanupdb: Fix a memory read error. + +o Ralph Boehme <s...@samba.org> + * BUG 7537: streams_xattr and kernel oplocks results in + NT_STATUS_NETWORK_BUSY. + * BUG 11961: winbindd: idmap_autorid allocates ids for unknown SIDs from other + backends. + * BUG 12565: vfs_fruit: Resource fork open request with + flags=O_CREAT|O_RDONLY. + * BUG 12615: manpages/vfs_fruit: Document global options. + * BUG 12624: lib/pthreadpool: Fix a memory leak. + * BUG 12727: Lookup-domain for well-known SIDs on a DC. + * BUG 12728: winbindd: Fix error handling in rpc_lookup_sids(). + * BUG 12729: winbindd: Trigger possible passdb_dsdb initialisation. + +o Alexander Bokovoy <a...@samba.org> + * BUG 12611: credentials_krb5: use gss_acquire_cred for client-side GSSAPI + use case. + * BUG 12690: lib/crypto: Implement samba.crypto Python module for RC4. + +o Amitay Isaacs <ami...@gmail.com> + * BUG 12697: ctdb-readonly: Avoid a tight loop waiting for revoke to + complete. + * BUG 12723: ctdb_event monitor command crashes if event is not specified. + * BUG 12733: ctdb-docs: Fix documentation of "-n" option to 'ctdb tool'. + +o Volker Lendecke <v...@samba.org> + * BUG 12558: smbd: Fix smb1 findfirst with DFS. + * BUG 12610: smbd: Do an early exit on negprot failure. + * BUG 12699: winbindd: Fix substitution for 'template homedir'. + +o Stefan Metzmacher <me...@samba.org> + * BUG 12554: s4:kdc: Disable principal based autodetected referral detection. + * BUG 12613: idmap_autorid: Allocate new domain range if the callers knows + the sid is valid. + * BUG 12724: LINKFLAGS_PYEMBED should not contain -L/some/path. + * BUG 12725: PAM auth with WBFLAG_PAM_GET_PWD_POLICY returns wrong policy for + trusted domain. + * BUG 12731: rpcclient: Allow -U'OTHERDOMAIN\user' again. + +o Christof Schmitt <c...@samba.org> + * BUG 12725: winbindd: Fix password policy for pam authentication. + +o Andreas Schneider <a...@samba.org> + * BUG 12554: s3:gse: Correctly handle external trusts with MIT. + * BUG 12611: auth/credentials: Always set the realm if we set the principal + from the ccache. + * BUG 12686: replace: Include sysmacros.h. + * BUG 12687: s3:vfs_expand_msdfs: Do not open the remote address as a file. + * BUG 12704: s3:libsmb: Only print error message if kerberos use is forced. + * BUG 12708: winbindd: Child process crashes when kerberos-authenticating + a user with wrong password. + +o Uri Simchoni <u...@samba.org> + * BUG 12715: vfs_fruit: Office document opens as read-only on macOS due to + CNID semantics. + * BUG 12737: vfs_acl_xattr: Fix failure to get ACL on Linux if memory is + fragmented. + + +####################################### +Reporting bugs & Development Discussion +####################################### + +Please discuss this release on the samba-technical mailing list or by +joining the #samba-technical IRC channel on irc.freenode.net. + +If you do report problems then please try to send high quality +feedback. If you don't provide vital information to help us track down +the problem then you will probably be ignored. All bug reports should +be filed under the "Samba 4.1 and newer" product in the project's Bugzilla +database (https://bugzilla.samba.org/). + + +====================================================================== +== Our Code, Our Bugs, Our Responsibility. +== The Samba Team +====================================================================== + + +Release notes for older releases follow: +---------------------------------------- + + ============================= Release Notes for Samba 4.6.2 March 31, 2017 ============================= @@ -36,8 +145,8 @@ database (https://bugzilla.samba.org/). ====================================================================== -Release notes for older releases follow: ----------------------------------------- +---------------------------------------------------------------------- + ============================= Release Notes for Samba 4.6.1 diff --git a/auth/credentials/credentials_krb5.c b/auth/credentials/credentials_krb5.c index e974df9..1912c48 100644 --- a/auth/credentials/credentials_krb5.c +++ b/auth/credentials/credentials_krb5.c @@ -107,7 +107,8 @@ static int cli_credentials_set_from_ccache(struct cli_credentials *cred, enum credentials_obtained obtained, const char **error_string) { - + bool ok; + char *realm; krb5_principal princ; krb5_error_code ret; char *name; @@ -134,11 +135,24 @@ static int cli_credentials_set_from_ccache(struct cli_credentials *cred, return ret; } - cli_credentials_set_principal(cred, name, obtained); - + ok = cli_credentials_set_principal(cred, name, obtained); + if (!ok) { + krb5_free_principal(ccache->smb_krb5_context->krb5_context, princ); + return ENOMEM; + } free(name); + realm = smb_krb5_principal_get_realm(ccache->smb_krb5_context->krb5_context, + princ); krb5_free_principal(ccache->smb_krb5_context->krb5_context, princ); + if (realm == NULL) { + return ENOMEM; + } + ok = cli_credentials_set_realm(cred, realm, obtained); + SAFE_FREE(realm); + if (!ok) { + return ENOMEM; + } /* set the ccache_obtained here, as it just got set to UNINITIALISED by the calls above */ cred->ccache_obtained = obtained; @@ -579,8 +593,9 @@ _PUBLIC_ int cli_credentials_get_client_gss_creds(struct cli_credentials *cred, return ENOMEM; } - maj_stat = gss_krb5_import_cred(&min_stat, ccache->ccache, NULL, NULL, - &gcc->creds); + maj_stat = smb_gss_krb5_import_cred(&min_stat, ccache->smb_krb5_context->krb5_context, + ccache->ccache, NULL, NULL, + &gcc->creds); if ((maj_stat == GSS_S_FAILURE) && (min_stat == (OM_uint32)KRB5_CC_END || min_stat == (OM_uint32)KRB5_CC_NOTFOUND || @@ -597,8 +612,9 @@ _PUBLIC_ int cli_credentials_get_client_gss_creds(struct cli_credentials *cred, return ret; } - maj_stat = gss_krb5_import_cred(&min_stat, ccache->ccache, NULL, NULL, - &gcc->creds); + maj_stat = smb_gss_krb5_import_cred(&min_stat, ccache->smb_krb5_context->krb5_context, + ccache->ccache, NULL, NULL, + &gcc->creds); } @@ -609,7 +625,7 @@ _PUBLIC_ int cli_credentials_get_client_gss_creds(struct cli_credentials *cred, } else { ret = EINVAL; } - (*error_string) = talloc_asprintf(cred, "gss_krb5_import_cred failed: %s", error_message(ret)); + (*error_string) = talloc_asprintf(cred, "smb_gss_krb5_import_cred failed: %s", error_message(ret)); return ret; } @@ -1076,12 +1092,14 @@ _PUBLIC_ int cli_credentials_get_server_gss_creds(struct cli_credentials *cred, if (ktc->password_based || obtained < CRED_SPECIFIED) { /* This creates a GSSAPI cred_id_t for match-by-key with only the keytab set */ - maj_stat = gss_krb5_import_cred(&min_stat, NULL, NULL, ktc->keytab, - &gcc->creds); + maj_stat = smb_gss_krb5_import_cred(&min_stat, smb_krb5_context->krb5_context, + NULL, NULL, ktc->keytab, + &gcc->creds); } else { /* This creates a GSSAPI cred_id_t with the principal and keytab set, matching by name */ - maj_stat = gss_krb5_import_cred(&min_stat, NULL, princ, ktc->keytab, - &gcc->creds); + maj_stat = smb_gss_krb5_import_cred(&min_stat, smb_krb5_context->krb5_context, + NULL, princ, ktc->keytab, + &gcc->creds); } if (maj_stat) { if (min_stat) { diff --git a/buildtools/wafsamba/samba_python.py b/buildtools/wafsamba/samba_python.py index 057a017..3a04881 100644 --- a/buildtools/wafsamba/samba_python.py +++ b/buildtools/wafsamba/samba_python.py @@ -76,6 +76,12 @@ def _check_python_headers(conf, mandatory): else: conf.env['PYTHON_SO_ABI_FLAG'] = '' + for lib in conf.env['LINKFLAGS_PYEMBED']: + if lib.startswith('-L'): + conf.env.append_unique('LIBPATH_PYEMBED', lib[2:]) # strip '-L' + conf.env['LINKFLAGS_PYEMBED'].remove(lib) + + return def SAMBA_PYTHON(bld, name, source='', diff --git a/ctdb/doc/ctdb.1.xml b/ctdb/doc/ctdb.1.xml index f24f8dd..99e535d 100644 --- a/ctdb/doc/ctdb.1.xml +++ b/ctdb/doc/ctdb.1.xml @@ -123,10 +123,10 @@ <title>OPTIONS</title> <variablelist> - <varlistentry><term>-n <parameter>PNN-LIST</parameter></term> + <varlistentry><term>-n <parameter>PNN</parameter></term> <listitem> <para> - The nodes specified by PNN-LIST should be queried for the + The node specified by PNN should be queried for the requested information. Default is to query the daemon running on the local host. </para> diff --git a/ctdb/server/ctdb_call.c b/ctdb/server/ctdb_call.c index a05ec1a..8ce3928 100644 --- a/ctdb/server/ctdb_call.c +++ b/ctdb/server/ctdb_call.c @@ -1600,7 +1600,6 @@ static int deferred_call_destructor(struct revokechild_deferred_call *deferred_c { struct ctdb_context *ctdb = deferred_call->ctdb; struct revokechild_requeue_handle *requeue_handle = talloc(ctdb, struct revokechild_requeue_handle); - struct ctdb_req_call_old *c = (struct ctdb_req_call_old *)deferred_call->hdr; requeue_handle->ctdb = ctdb; requeue_handle->hdr = deferred_call->hdr; @@ -1608,9 +1607,12 @@ static int deferred_call_destructor(struct revokechild_deferred_call *deferred_c requeue_handle->ctx = deferred_call->ctx; talloc_steal(requeue_handle, requeue_handle->hdr); - /* when revoking, any READONLY requests have 1 second grace to let read/write finish first */ + /* Always delay revoke requests. Either wait for the read/write + * operation to complete, or if revoking failed wait for recovery to + * complete + */ tevent_add_timer(ctdb->ev, requeue_handle, - timeval_current_ofs(c->flags & CTDB_WANT_READONLY ? 1 : 0, 0), + timeval_current_ofs(1, 0), deferred_call_requeue, requeue_handle); return 0; diff --git a/ctdb/tools/ctdb_event.c b/ctdb/tools/ctdb_event.c index 62b4b91..8e2dca7 100644 --- a/ctdb/tools/ctdb_event.c +++ b/ctdb/tools/ctdb_event.c @@ -223,23 +223,26 @@ static int command_status(TALLOC_CTX *mem_ctx, struct tool_context *tctx, talloc_free(req); if (! status) { fprintf(stderr, "Failed to get event %s status, ret=%d\n", - argv[0], ret); + ctdb_event_to_string(event), ret); return ret; } if (result != 0) { fprintf(stderr, "Failed to get event %s status, result=%d\n", - argv[0], result); + ctdb_event_to_string(event), result); return result; } if (script_list == NULL) { if (state == CTDB_EVENT_LAST_RUN) { - printf("Event %s has never run\n", argv[0]); + printf("Event %s has never run\n", + ctdb_event_to_string(event)); } else if (state == CTDB_EVENT_LAST_PASS) { - printf("Event %s has never passed\n", argv[0]); + printf("Event %s has never passed\n", + ctdb_event_to_string(event)); } else if (state == CTDB_EVENT_LAST_FAIL) { - printf("Event %s has never failed\n", argv[0]); + printf("Event %s has never failed\n", + ctdb_event_to_string(event)); } } else { for (i=0; i<script_list->num_scripts; i++) { diff --git a/docs-xml/manpages/vfs_fruit.8.xml b/docs-xml/manpages/vfs_fruit.8.xml index fa86b6f..cbeb12c 100644 --- a/docs-xml/manpages/vfs_fruit.8.xml +++ b/docs-xml/manpages/vfs_fruit.8.xml @@ -79,8 +79,98 @@ </refsect1> <refsect1> + <title>GLOBAL OPTIONS</title> + + <para>The following options must be set in the global smb.conf section + and won't take effect when set per share.</para> + + <variablelist> + + <varlistentry> + <term>fruit:aapl = yes | no</term> + <listitem> + <para>A <emphasis>global</emphasis> option whether to enable Apple's SMB2+ + extension codenamed AAPL. Default + <emphasis>yes</emphasis>. This extension enhances + several deficiencies when connecting from Macs:</para> + + <itemizedlist> + <listitem><para>directory enumeration is enriched with + Mac relevant filesystem metadata (UNIX mode, + FinderInfo, resource fork size and effective + permission), as a result the Mac client doesn't need + to fetch this metadata individuallly per directory + entry resulting in an often tremendous performance + increase.</para></listitem> + + <listitem><para>The ability to query and modify the + UNIX mode of directory entries.</para></listitem> + </itemizedlist> + + <para>There's a set of per share options that come into play when + <emphasis>fruit:aapl</emphasis> is enabled. These opions, listed + below, can be used to disable the computation of specific Mac + metadata in the directory enumeration context, all are enabled by + default:</para> + + <itemizedlist> + <listitem><para>readdir_attr:aapl_rsize = yes | no</para></listitem> + <listitem><para>readdir_attr:aapl_finder_info = yes | no</para></listitem> + <listitem><para>readdir_attr:aapl_max_access = yes | no</para></listitem> + </itemizedlist> + + <para>See below for a description of these options.</para> + + </listitem> + </varlistentry> + + <varlistentry> + <term>fruit:nfs_aces = yes | no</term> + <listitem> + <para>A <emphasis>global</emphasis> option whether support for + querying and modifying the UNIX mode of directory entries via NFS + ACEs is enabled, default <emphasis>yes</emphasis>.</para> + </listitem> + </varlistentry> + + <varlistentry> + <term>fruit:copyfile = yes | no</term> + <listitem> + <para>A <emphasis>global</emphasis> option whether to enable OS X + specific copychunk ioctl that requests a copy of a whole file + along with all attached metadata.</para> + <para>WARNING: the copyfile request is blocking the + client while the server does the copy.</para>. + <para>The default is <emphasis>no</emphasis>.</para> + </listitem> + </varlistentry> + + <varlistentry> + <term>fruit:zero_file_id = yes | no</term> + <listitem> + <para>A <emphasis>global</emphasis> option whether to return + zero to queries of on-disk file identifier, if the client + has negotiated AAPL.</para> + <para>Mac applications and / or the Mac SMB + client code expect the on-disk file identifier to have the + semantics of HFS+ Catalog Node Identifier (CNID). Samba + doesn't provide those semantics, and that occasionally cause + usability issues or even data loss. Returning a file identifier + of zero causes the Mac client to stop using and trusting the + file id returned from the server.</para> + <para>The default is <emphasis>yes</emphasis>.</para> + </listitem> + </varlistentry> + + </variablelist> +</refsect1> + +<refsect1> <title>OPTIONS</title> + <para>The following options can be set either in the global smb.conf section + or per share.</para> + <variablelist> <varlistentry> @@ -178,50 +268,6 @@ </varlistentry> <varlistentry> - <term>fruit:aapl = yes | no</term> - <listitem> - <para>A global option whether to enable Apple's SMB2+ - extension codenamed AAPL. Default - <emphasis>yes</emphasis>. This extension enhances - several deficiencies when connecting from Macs:</para> - - <itemizedlist> - <listitem><para>directory enumeration is enriched with - Mac relevant filesystem metadata (UNIX mode, - FinderInfo, resource fork size and effective - permission), as a result the Mac client doesn't need - to fetch this metadata individuallly per directory - entry resulting in an often tremendous performance - increase.</para></listitem> - - <listitem><para>The ability to query and modify the - UNIX mode of directory entries.</para></listitem> - </itemizedlist> - - <para>There's a set of per share options that can be - used to disable the computation of specific Mac metadata - in the directory enumeration context, all are enabled by - default:</para> - - <itemizedlist> - <listitem><para>readdir_attr:aapl_rsize = true | false</para></listitem> - <listitem><para>readdir_attr:aapl_finder_info = true | false</para></listitem> - <listitem><para>readdir_attr:aapl_max_access = true | false</para></listitem> - </itemizedlist> - - </listitem> - </varlistentry> - - <varlistentry> - <term>fruit:nfs_aces = yes | no</term> - <listitem> - <para>Whether support for querying and modifying the - UNIX mode of directory entries via NFS ACEs is enabled, - default <emphasis>yes</emphasis>.</para> - </listitem> - </varlistentry> - - <varlistentry> <term>fruit:veto_appledouble = yes | no</term> <listitem> <para><emphasis>Note:</emphasis> this option only applies when @@ -243,18 +289,6 @@ </varlistentry> <varlistentry> - <term>fruit:copyfile = yes | no</term> - <listitem> - <para>Whether to enable OS X specific copychunk ioctl - that requests a copy of a whole file along with all - attached metadata.</para> - <para>WARNING: the copyfile request is blocking the - client while the server does the copy.</para>. - <para>The default is <emphasis>no</emphasis>.</para> - </listitem> - </varlistentry> -- Samba Shared Repository