Merge remote-tracking branch 'origin/master' into next
authorMichael Tremer <michael.tremer@ipfire.org>
Wed, 31 May 2017 20:26:45 +0000 (21:26 +0100)
committerMichael Tremer <michael.tremer@ipfire.org>
Wed, 31 May 2017 20:26:45 +0000 (21:26 +0100)
76 files changed:
config/rootfiles/core/110/update.sh
config/rootfiles/core/111/filelists/files
config/rootfiles/core/111/filelists/i586/openssl-sse2 [new symlink]
config/rootfiles/core/111/filelists/openssl [new symlink]
config/rootfiles/core/111/filelists/openvpn [new symlink]
lfs/cups-filters
lfs/mpd
lfs/samba
make.sh
src/initscripts/networking/dhcpcd.exe
src/initscripts/networking/red
src/patches/samba/CVE-2015-5252-v3-6-bso11395.patch [new file with mode: 0644]
src/patches/samba/CVE-2015-5296-v3-6-bso11536.patch [new file with mode: 0644]
src/patches/samba/CVE-2015-5299-v3-6-bso11529.patch [new file with mode: 0644]
src/patches/samba/CVE-2015-5330-v3-6-bso11599.patch [new file with mode: 0644]
src/patches/samba/CVE-2016-2125-v3.6.patch [new file with mode: 0644]
src/patches/samba/CVE-2016-2126-v3.6.patch [new file with mode: 0644]
src/patches/samba/CVE-2017-7494-v3-6.patch [new file with mode: 0644]
src/patches/samba/doc-update.patch [new file with mode: 0644]
src/patches/samba/samba-3.2.0pre1-grouppwd.patch [new file with mode: 0644]
src/patches/samba/samba-3.2.0pre1-pipedir.patch [new file with mode: 0644]
src/patches/samba/samba-3.2.5-inotify.patch [new file with mode: 0644]
src/patches/samba/samba-3.5.11-docs.patch [new file with mode: 0644]
src/patches/samba/samba-3.5.11-idmapdebug.patch [new file with mode: 0644]
src/patches/samba/samba-3.5.11-nss_info_doc.patch [new file with mode: 0644]
src/patches/samba/samba-3.5.11-wbinfo_manpage.patch [new file with mode: 0644]
src/patches/samba/samba-3.5.12-dns.patch [new file with mode: 0644]
src/patches/samba/samba-3.5.12-pam_radio_type.patch [new file with mode: 0644]
src/patches/samba/samba-3.6.18-fix_net_ads_join_segfault.patch [new file with mode: 0644]
src/patches/samba/samba-3.6.19-valid_users_doc.patch [new file with mode: 0644]
src/patches/samba/samba-3.6.23-fix_libads_krb5_ipv6.patch [new file with mode: 0644]
src/patches/samba/samba-3.6.23-gecos.patch [new file with mode: 0644]
src/patches/samba/samba-3.6.23-glusterfs.patch [new file with mode: 0644]
src/patches/samba/samba-3.6.23-libsmbclient.patch [new file with mode: 0644]
src/patches/samba/samba-3.6.26-smb2_case_sensitive.patch [new file with mode: 0644]
src/patches/samba/samba-3.6.99-2110-ntlmssp-session-setup-nas.patch [new file with mode: 0644]
src/patches/samba/samba-3.6.99-add_spoolss_os_version.patch [new file with mode: 0644]
src/patches/samba/samba-3.6.99-add_timeout_option_to_smbclient.patch [new file with mode: 0644]
src/patches/samba/samba-3.6.99-asserted_identity_sid-S-1-18-1.patch [new file with mode: 0644]
src/patches/samba/samba-3.6.99-bug-1117059.patch [new file with mode: 0644]
src/patches/samba/samba-3.6.99-bug-1192211.patch [new file with mode: 0644]
src/patches/samba/samba-3.6.99-doc_netbios_name_length_limit.patch [new file with mode: 0644]
src/patches/samba/samba-3.6.99-fix_dirsort_ea-support.patch [new file with mode: 0644]
src/patches/samba/samba-3.6.99-fix_dropbox_share.patch [new file with mode: 0644]
src/patches/samba/samba-3.6.99-fix_force_group.patch [new file with mode: 0644]
src/patches/samba/samba-3.6.99-fix_force_user_winbind_default_domain.patch [new file with mode: 0644]
src/patches/samba/samba-3.6.99-fix_force_user_with_security_ads.patch [new file with mode: 0644]
src/patches/samba/samba-3.6.99-fix_gecos_interactive.patch [new file with mode: 0644]
src/patches/samba/samba-3.6.99-fix_group_expansion_in_service_path.patch [new file with mode: 0644]
src/patches/samba/samba-3.6.99-fix_group_expansion_with_nss_templates.patch [new file with mode: 0644]
src/patches/samba/samba-3.6.99-fix_keytab_null_termination.patch [new file with mode: 0644]
src/patches/samba/samba-3.6.99-fix_lookups_with_one_way_trusts.patch [new file with mode: 0644]
src/patches/samba/samba-3.6.99-fix_mangling_hash_segfault.patch [new file with mode: 0644]
src/patches/samba/samba-3.6.99-fix_map_to_guest_bad_uid.patch [new file with mode: 0644]
src/patches/samba/samba-3.6.99-fix_member_auth_after_changed_secret.patch [new file with mode: 0644]
src/patches/samba/samba-3.6.99-fix_memleak_in_printer_list.patch [new file with mode: 0644]
src/patches/samba/samba-3.6.99-fix_memleak_winbind_cached_creds.patch [new file with mode: 0644]
src/patches/samba/samba-3.6.99-fix_nbt_query_with_many_components.patch [new file with mode: 0644]
src/patches/samba/samba-3.6.99-fix_pam_winbind_parsing_segfault.patch [new file with mode: 0644]
src/patches/samba/samba-3.6.99-fix_printcap_cpu_utilization.patch [new file with mode: 0644]
src/patches/samba/samba-3.6.99-fix_rpc_query_user_list.patch [new file with mode: 0644]
src/patches/samba/samba-3.6.99-fix_rpcclient_timeout_command.patch [new file with mode: 0644]
src/patches/samba/samba-3.6.99-fix_security_server_share_access.patch [new file with mode: 0644]
src/patches/samba/samba-3.6.99-fix_setup_domain_child_logic.patch [new file with mode: 0644]
src/patches/samba/samba-3.6.99-fix_smb_conf_doc.patch [new file with mode: 0644]
src/patches/samba/samba-3.6.99-fix_smbclient_ntlmv2_auth.patch [new file with mode: 0644]
src/patches/samba/samba-3.6.99-fix_stale_printer_entries_on_rename.patch [new file with mode: 0644]
src/patches/samba/samba-3.6.99-fix_symlink_verification.patch [new file with mode: 0644]
src/patches/samba/samba-3.6.99-fix_usergroup_cache_lookup.patch [new file with mode: 0644]
src/patches/samba/samba-3.6.99-fix_winbind_cache_memory_leak.patch [new file with mode: 0644]
src/patches/samba/samba-3.6.99-idmap_ad_memleak.patch [new file with mode: 0644]
src/patches/samba/samba-3.6.99-libsmb_fix_dfs_connections.patch [new file with mode: 0644]
src/patches/samba/samba-3.6.99-net_ads_join_no_dns_updates.patch [new file with mode: 0644]
src/patches/samba/samba-3.6.99-nt_printer_publish_guid.patch [new file with mode: 0644]
src/patches/samba/samba-3.6.99-nt_printer_unpublish_fix.patch [new file with mode: 0644]
src/patches/samba/samba-3.6.x-winbind_tevent_poll.patch [new file with mode: 0644]

index 2011d4d..ada4fc5 100644 (file)
@@ -47,6 +47,14 @@ ldconfig
 # Remove deprecated options
 sed -e "/^RSAAuthentication/d" -i /etc/ssh/sshd_config
 
+# Remove avahi from system and pakfire db
+for i in $(cat /opt/pakfire/db/rootfiles/avahi); do
+    rm -rfv /${i}
+done
+rm -fv /opt/pakfire/db/rootfiles/avahi
+rm -fv /opt/pakfire/db/*/meta-avahi
+rm -fv /etc/rc.d/rc*.d/???avahi
+
 # Start services
 /etc/init.d/unbound start
 /etc/init.d/sshd restart
index dbe65e2..f1e9746 100644 (file)
@@ -1,5 +1,7 @@
 etc/system-release
 etc/issue
+etc/rc.d/init.d/networking/dhcpcd.exe
+etc/rc.d/init.d/networking/red
 etc/rc.d/init.d/wlanclient
 srv/web/ipfire/cgi-bin/index.cgi
 srv/web/ipfire/cgi-bin/ipinfo.cgi
diff --git a/config/rootfiles/core/111/filelists/i586/openssl-sse2 b/config/rootfiles/core/111/filelists/i586/openssl-sse2
new file mode 120000 (symlink)
index 0000000..f424713
--- /dev/null
@@ -0,0 +1 @@
+../../../../common/i586/openssl-sse2
\ No newline at end of file
diff --git a/config/rootfiles/core/111/filelists/openssl b/config/rootfiles/core/111/filelists/openssl
new file mode 120000 (symlink)
index 0000000..e011a92
--- /dev/null
@@ -0,0 +1 @@
+../../../common/openssl
\ No newline at end of file
diff --git a/config/rootfiles/core/111/filelists/openvpn b/config/rootfiles/core/111/filelists/openvpn
new file mode 120000 (symlink)
index 0000000..493f3f7
--- /dev/null
@@ -0,0 +1 @@
+../../../common/openvpn
\ No newline at end of file
index d46bc7c..109db07 100644 (file)
@@ -32,7 +32,7 @@ DL_FROM    = $(URL_IPFIRE)
 DIR_APP    = $(DIR_SRC)/$(THISAPP)
 TARGET     = $(DIR_INFO)/$(THISAPP)
 PROG       = cups-filters
-PAK_VER    = 1
+PAK_VER    = 2
 
 DEPS       = "cups ghostscript"
 
diff --git a/lfs/mpd b/lfs/mpd
index 6b057f7..93039b7 100644 (file)
--- a/lfs/mpd
+++ b/lfs/mpd
@@ -32,7 +32,7 @@ DL_FROM    = $(URL_IPFIRE)
 DIR_APP    = $(DIR_SRC)/${THISAPP}
 TARGET     = $(DIR_INFO)/$(THISAPP)
 PROG       = mpd
-PAK_VER    = 16
+PAK_VER    = 17
 
 DEPS       = "alsa faad2 ffmpeg-libs flac lame libmad libshout libogg libid3tag libvorbis opus"
 
index c298f3e..815a8ec 100644 (file)
--- a/lfs/samba
+++ b/lfs/samba
@@ -32,7 +32,7 @@ DL_FROM    = $(URL_IPFIRE)
 DIR_APP    = $(DIR_SRC)/$(THISAPP)
 TARGET     = $(DIR_INFO)/$(THISAPP)
 PROG       = samba
-PAK_VER    = 64
+PAK_VER    = 66
 
 DEPS       = "cups krb5"
 
@@ -78,8 +78,61 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
        @$(PREBUILD)
        @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
 
-       # Apply Redhat CVE patches
+       # Apply patches from RHEL6
+       # Upstream patches
+       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/samba-3.6.99-fix_nbt_query_with_many_components.patch
+       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/samba-3.6.99-fix_group_expansion_with_nss_templates.patch
+       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/samba-3.6.99-fix_group_expansion_in_service_path.patch
+       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/samba-3.6.99-fix_memleak_in_printer_list.patch
+       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/samba-3.6.99-fix_lookups_with_one_way_trusts.patch
+       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/samba-3.6.99-fix_setup_domain_child_logic.patch
+       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/samba-3.6.99-fix_force_user_with_security_ads.patch
+       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/samba-3.6.99-add_timeout_option_to_smbclient.patch
+       # Additional Red Hat patches
+       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/samba-3.2.0pre1-pipedir.patch
+       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/samba-3.2.0pre1-grouppwd.patch
+       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/samba-3.2.5-inotify.patch
+       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/samba-3.5.11-idmapdebug.patch
+       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/samba-3.5.11-docs.patch
+       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/samba-3.5.11-nss_info_doc.patch
+       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/samba-3.5.11-wbinfo_manpage.patch
+       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/samba-3.5.12-dns.patch
+       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/samba-3.5.12-pam_radio_type.patch
+       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/samba-3.6.18-fix_net_ads_join_segfault.patch
+       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/samba-3.6.19-valid_users_doc.patch
+       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/samba-3.6.23-gecos.patch
+       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/samba-3.6.23-glusterfs.patch
+       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/samba-3.6.23-libsmbclient.patch
+       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/samba-3.6.23-fix_libads_krb5_ipv6.patch
+       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/samba-3.6.26-smb2_case_sensitive.patch
+       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/samba-3.6.99-fix_gecos_interactive.patch
+       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/samba-3.6.99-fix_dropbox_share.patch
+       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/samba-3.6.99-add_spoolss_os_version.patch
+       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/samba-3.6.99-nt_printer_publish_guid.patch
+       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/samba-3.6.99-fix_keytab_null_termination.patch
+       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/samba-3.6.99-fix_printcap_cpu_utilization.patch
+       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/samba-3.6.99-fix_smbclient_ntlmv2_auth.patch
+       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/samba-3.6.99-fix_smb_conf_doc.patch
+       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/samba-3.6.99-bug-1117059.patch
+       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/samba-3.6.99-bug-1192211.patch
+       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/samba-3.6.99-fix_usergroup_cache_lookup.patch
+       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/samba-3.6.99-fix_force_user_winbind_default_domain.patch
+       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/samba-3.6.99-fix_rpcclient_timeout_command.patch
+       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/samba-3.6.99-fix_force_group.patch
+       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/samba-3.6.99-fix_pam_winbind_parsing_segfault.patch
+       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/samba-3.6.99-fix_mangling_hash_segfault.patch
+       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/samba-3.6.99-doc_netbios_name_length_limit.patch
+       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/samba-3.6.99-fix_map_to_guest_bad_uid.patch
+       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/samba-3.6.99-fix_security_server_share_access.patch
+       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/samba-3.6.99-fix_stale_printer_entries_on_rename.patch
+       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/CVE-2015-5299-v3-6-bso11529.patch
+       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/CVE-2015-5296-v3-6-bso11536.patch
+       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/CVE-2015-5252-v3-6-bso11395.patch
+       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/CVE-2015-5330-v3-6-bso11599.patch
+       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/samba-3.6.99-net_ads_join_no_dns_updates.patch
+       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/samba-3.6.99-asserted_identity_sid-S-1-18-1.patch
        cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/CVE-2015-7560-v3-6.patch
+       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/samba-3.6.99-fix_symlink_verification.patch
        cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/CVE-preparation-v3-6.patch
        cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/CVE-2016-2110-v3-6.patch
        cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/CVE-2016-2111-v3-6.patch
@@ -87,6 +140,21 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
        cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/CVE-2016-2115-v3-6.patch
        cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/CVE-2016-2118-v3-6.patch
        cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/CVE-2015-5370-v3-6.patch
+       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/samba-3.6.99-fix_winbind_cache_memory_leak.patch
+       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/samba-3.6.99-fix_memleak_winbind_cached_creds.patch
+       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/samba-3.6.99-idmap_ad_memleak.patch
+       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/samba-3.6.99-libsmb_fix_dfs_connections.patch
+       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/samba-3.6.99-2110-ntlmssp-session-setup-nas.patch
+       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/samba-3.6.99-fix_rpc_query_user_list.patch
+       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/samba-3.6.99-nt_printer_unpublish_fix.patch
+       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/CVE-2016-2126-v3.6.patch
+       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/CVE-2016-2125-v3.6.patch
+       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/samba-3.6.99-fix_member_auth_after_changed_secret.patch
+       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/samba-3.6.99-fix_dirsort_ea-support.patch
+       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/CVE-2017-7494-v3-6.patch
+       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/doc-update.patch
+       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/samba-3.6.x-winbind_tevent_poll.patch
+
 
        cd $(DIR_APP)/source3 && ./autogen.sh
        cd $(DIR_APP)/source3 && ./configure \
diff --git a/make.sh b/make.sh
index 9092dd5..6585dd1 100755 (executable)
--- a/make.sh
+++ b/make.sh
@@ -25,7 +25,7 @@
 NAME="IPFire"                                                  # Software name
 SNAME="ipfire"                                                 # Short name
 VERSION="2.19"                                                 # Version number
-CORE="110"                                                     # Core Level (Filename)
+CORE="111"                                                     # Core Level (Filename)
 PAKFIRE_CORE="110"                                             # Core Level (PAKFIRE)
 GIT_BRANCH=`git rev-parse --abbrev-ref HEAD`                   # Git Branch
 SLOGAN="www.ipfire.org"                                                # Software slogan
index a2cdc66..6c1391d 100644 (file)
@@ -79,7 +79,6 @@ dhcpcd_down()
        # Only if RED_TYPE=DHCP update /var/ipfire/red
        if [ "$RED_TYPE" == "DHCP" ]; then
                logger -p local0.info -t dhcpcd.exe[$$] "${interface} has been brought down"
-               rm -f /var/ipfire/red/active
                run_subdir ${rc_base}/init.d/networking/red.down/
        fi
 }
index 00e739c..20567ce 100644 (file)
@@ -457,6 +457,8 @@ case "${1}" in
                ;;
 
        stop)
+               rm -f /var/ipfire/red/{active,device,dial-on-demand,dns1,dns2,local-ipaddress,remote-ipaddress,resolv.conf}
+
                if [ "$TYPE" == "STATIC" ]; then
                        boot_mesg "Stopping default gateway ${GATEWAY}..."
                        ip route del default via ${GATEWAY} >/dev/null 2>&1
@@ -521,7 +523,6 @@ case "${1}" in
                ## Disable vnstat collection
                /usr/bin/vnstat -u -i ${DEVICE} -r --disable > /dev/null 2>&1
 
-               rm -f /var/ipfire/red/{active,device,dial-on-demand,dns1,dns2,local-ipaddress,remote-ipaddress,resolv.conf}
                exit 0;
                ;;
 esac
diff --git a/src/patches/samba/CVE-2015-5252-v3-6-bso11395.patch b/src/patches/samba/CVE-2015-5252-v3-6-bso11395.patch
new file mode 100644 (file)
index 0000000..b7580fb
--- /dev/null
@@ -0,0 +1,44 @@
+From 2e94b6ec10f1d15e24867bab3063bb85f173406a Mon Sep 17 00:00:00 2001
+From: Jeremy Allison <jra@samba.org>
+Date: Thu, 9 Jul 2015 10:58:11 -0700
+Subject: [PATCH] CVE-2015-5252: s3: smbd: Fix symlink verification (file
+ access outside the share).
+
+Ensure matching component ends in '/' or '\0'.
+
+BUG: https://bugzilla.samba.org/show_bug.cgi?id=11395
+
+Signed-off-by: Jeremy Allison <jra@samba.org>
+Reviewed-by: Volker Lendecke <vl@samba.org>
+---
+ source3/smbd/vfs.c | 7 +++++--
+ 1 file changed, 5 insertions(+), 2 deletions(-)
+
+diff --git a/source3/smbd/vfs.c b/source3/smbd/vfs.c
+index 6c56964..bd93b7f 100644
+--- a/source3/smbd/vfs.c
++++ b/source3/smbd/vfs.c
+@@ -982,6 +982,7 @@ NTSTATUS check_reduced_name(connection_struct *conn, const char *fname)
+       if (!allow_widelinks || !allow_symlinks) {
+               const char *conn_rootdir;
+               size_t rootdir_len;
++              bool matched;
+               conn_rootdir = SMB_VFS_CONNECTPATH(conn, fname);
+               if (conn_rootdir == NULL) {
+@@ -992,8 +993,10 @@ NTSTATUS check_reduced_name(connection_struct *conn, const char *fname)
+               }
+               rootdir_len = strlen(conn_rootdir);
+-              if (strncmp(conn_rootdir, resolved_name,
+-                              rootdir_len) != 0) {
++              matched = (strncmp(conn_rootdir, resolved_name,
++                              rootdir_len) == 0);
++              if (!matched || (resolved_name[rootdir_len] != '/' &&
++                               resolved_name[rootdir_len] != '\0')) {
+                       DEBUG(2, ("check_reduced_name: Bad access "
+                               "attempt: %s is a symlink outside the "
+                               "share path\n", fname));
+-- 
+2.5.0
+
diff --git a/src/patches/samba/CVE-2015-5296-v3-6-bso11536.patch b/src/patches/samba/CVE-2015-5296-v3-6-bso11536.patch
new file mode 100644 (file)
index 0000000..4b722a5
--- /dev/null
@@ -0,0 +1,113 @@
+From 25139116756cc285a3a5534834cc276ef1b7baaa Mon Sep 17 00:00:00 2001
+From: Stefan Metzmacher <metze@samba.org>
+Date: Wed, 30 Sep 2015 21:17:02 +0200
+Subject: [PATCH 1/2] CVE-2015-5296: s3:libsmb: force signing when requiring
+ encryption in do_connect()
+
+BUG: https://bugzilla.samba.org/show_bug.cgi?id=11536
+
+Signed-off-by: Stefan Metzmacher <metze@samba.org>
+Reviewed-by: Jeremy Allison <jra@samba.org>
+---
+ source3/libsmb/clidfs.c | 7 ++++++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+diff --git a/source3/libsmb/clidfs.c b/source3/libsmb/clidfs.c
+index 23e1471..f153b6b 100644
+--- a/source3/libsmb/clidfs.c
++++ b/source3/libsmb/clidfs.c
+@@ -98,6 +98,11 @@ static struct cli_state *do_connect(TALLOC_CTX *ctx,
+       const char *username;
+       const char *password;
+       NTSTATUS status;
++      int signing_state = get_cmdline_auth_info_signing_state(auth_info);
++
++      if (force_encrypt) {
++              signing_state = Required;
++      }
+       /* make a copy so we don't modify the global string 'service' */
+       servicename = talloc_strdup(ctx,share);
+@@ -132,7 +137,7 @@ static struct cli_state *do_connect(TALLOC_CTX *ctx,
+       zero_sockaddr(&ss);
+       /* have to open a new connection */
+-      c = cli_initialise_ex(get_cmdline_auth_info_signing_state(auth_info));
++      c = cli_initialise_ex(signing_state);
+       if (c == NULL) {
+               d_printf("Connection to %s failed\n", server_n);
+               return NULL;
+-- 
+2.5.0
+
+
+From 060adb0abdeda51b8b622c6020b5dea0c8dde1cf Mon Sep 17 00:00:00 2001
+From: Stefan Metzmacher <metze@samba.org>
+Date: Wed, 30 Sep 2015 21:17:02 +0200
+Subject: [PATCH 2/2] CVE-2015-5296: s3:libsmb: force signing when requiring
+ encryption in SMBC_server_internal()
+
+BUG: https://bugzilla.samba.org/show_bug.cgi?id=11536
+
+Signed-off-by: Stefan Metzmacher <metze@samba.org>
+Reviewed-by: Jeremy Allison <jra@samba.org>
+---
+ source3/libsmb/libsmb_server.c | 13 +++++++++++--
+ 1 file changed, 11 insertions(+), 2 deletions(-)
+
+diff --git a/source3/libsmb/libsmb_server.c b/source3/libsmb/libsmb_server.c
+index 45be660..167f2c9 100644
+--- a/source3/libsmb/libsmb_server.c
++++ b/source3/libsmb/libsmb_server.c
+@@ -258,6 +258,7 @@ SMBC_server_internal(TALLOC_CTX *ctx,
+         const char *username_used;
+       NTSTATUS status;
+       char *newserver, *newshare;
++      int signing_state = Undefined;
+       zero_sockaddr(&ss);
+       ZERO_STRUCT(c);
+@@ -404,8 +405,12 @@ again:
+       zero_sockaddr(&ss);
++      if (context->internal->smb_encryption_level != SMBC_ENCRYPTLEVEL_NONE) {
++              signing_state = Required;
++      }
++
+       /* have to open a new connection */
+-      if ((c = cli_initialise()) == NULL) {
++      if ((c = cli_initialise_ex(signing_state)) == NULL) {
+               errno = ENOMEM;
+               return NULL;
+       }
+@@ -750,6 +755,7 @@ SMBC_attr_server(TALLOC_CTX *ctx,
+         ipc_srv = SMBC_find_server(ctx, context, server, "*IPC$",
+                                    pp_workgroup, pp_username, pp_password);
+         if (!ipc_srv) {
++              int signing_state = Undefined;
+                 /* We didn't find a cached connection.  Get the password */
+               if (!*pp_password || (*pp_password)[0] == '\0') {
+@@ -771,6 +777,9 @@ SMBC_attr_server(TALLOC_CTX *ctx,
+                 if (smbc_getOptionUseCCache(context)) {
+                         flags |= CLI_FULL_CONNECTION_USE_CCACHE;
+                 }
++              if (context->internal->smb_encryption_level != SMBC_ENCRYPTLEVEL_NONE) {
++                      signing_state = Required;
++              }
+                 zero_sockaddr(&ss);
+                 nt_status = cli_full_connection(&ipc_cli,
+@@ -780,7 +789,7 @@ SMBC_attr_server(TALLOC_CTX *ctx,
+                                               *pp_workgroup,
+                                               *pp_password,
+                                               flags,
+-                                              Undefined);
++                                              signing_state);
+                 if (! NT_STATUS_IS_OK(nt_status)) {
+                         DEBUG(1,("cli_full_connection failed! (%s)\n",
+                                  nt_errstr(nt_status)));
+-- 
+2.5.0
+
diff --git a/src/patches/samba/CVE-2015-5299-v3-6-bso11529.patch b/src/patches/samba/CVE-2015-5299-v3-6-bso11529.patch
new file mode 100644 (file)
index 0000000..38936bb
--- /dev/null
@@ -0,0 +1,98 @@
+From 8e49de7754f7171a58a1f94dee0f1138dbee3c60 Mon Sep 17 00:00:00 2001
+From: Jeremy Allison <jra@samba.org>
+Date: Fri, 23 Oct 2015 14:54:31 -0700
+Subject: [PATCH] CVE-2015-5299: s3-shadow-copy2: fix missing access check on
+ snapdir
+
+Fix originally from <partha@exablox.com>
+
+https://bugzilla.samba.org/show_bug.cgi?id=11529
+
+Signed-off-by: Jeremy Allison <jra@samba.org>
+Reviewed-by: David Disseldorp <ddiss@samba.org>
+---
+ source3/modules/vfs_shadow_copy2.c | 47 ++++++++++++++++++++++++++++++++++++++
+ 1 file changed, 47 insertions(+)
+
+diff --git a/source3/modules/vfs_shadow_copy2.c b/source3/modules/vfs_shadow_copy2.c
+index fedfb53..16c1ed7 100644
+--- a/source3/modules/vfs_shadow_copy2.c
++++ b/source3/modules/vfs_shadow_copy2.c
+@@ -21,6 +21,8 @@
+ #include "includes.h"
+ #include "smbd/smbd.h"
++#include "smbd/globals.h"
++#include "../libcli/security/security.h"
+ #include "system/filesys.h"
+ #include "ntioctl.h"
+@@ -764,6 +766,43 @@ static int shadow_copy2_mkdir(vfs_handle_struct *handle,  const char *fname, mod
+         SHADOW2_NEXT(MKDIR, (handle, name, mode), int, -1);
+ }
++static bool check_access_snapdir(struct vfs_handle_struct *handle,
++                              const char *path)
++{
++      struct smb_filename smb_fname;
++      int ret;
++      NTSTATUS status;
++      uint32_t access_granted = 0;
++
++      ZERO_STRUCT(smb_fname);
++      smb_fname.base_name = talloc_asprintf(talloc_tos(),
++                                              "%s",
++                                              path);
++      if (smb_fname.base_name == NULL) {
++              return false;
++      }
++
++      ret = SMB_VFS_NEXT_STAT(handle, &smb_fname);
++      if (ret != 0 || !S_ISDIR(smb_fname.st.st_ex_mode)) {
++              TALLOC_FREE(smb_fname.base_name);
++              return false;
++      }
++
++      status = smbd_check_open_rights(handle->conn,
++                                      &smb_fname,
++                                      SEC_DIR_LIST,
++                                      &access_granted);
++      if (!NT_STATUS_IS_OK(status)) {
++              DEBUG(0,("user does not have list permission "
++                      "on snapdir %s\n",
++                      smb_fname.base_name));
++              TALLOC_FREE(smb_fname.base_name);
++              return false;
++      }
++      TALLOC_FREE(smb_fname.base_name);
++      return true;
++}
++
+ static int shadow_copy2_rmdir(vfs_handle_struct *handle,  const char *fname)
+ {
+         SHADOW2_NEXT(RMDIR, (handle, name), int, -1);
+@@ -877,6 +916,7 @@ static int shadow_copy2_get_shadow_copy2_data(vfs_handle_struct *handle,
+       SMB_STRUCT_DIRENT *d;
+       TALLOC_CTX *tmp_ctx = talloc_new(handle->data);
+       char *snapshot;
++      bool ret;
+       snapdir = shadow_copy2_find_snapdir(tmp_ctx, handle);
+       if (snapdir == NULL) {
+@@ -886,6 +926,13 @@ static int shadow_copy2_get_shadow_copy2_data(vfs_handle_struct *handle,
+               talloc_free(tmp_ctx);
+               return -1;
+       }
++      ret = check_access_snapdir(handle, snapdir);
++      if (!ret) {
++              DEBUG(0,("access denied on listing snapdir %s\n", snapdir));
++              errno = EACCES;
++              talloc_free(tmp_ctx);
++              return -1;
++      }
+       p = SMB_VFS_NEXT_OPENDIR(handle, snapdir, NULL, 0);
+-- 
+2.5.0
+
diff --git a/src/patches/samba/CVE-2015-5330-v3-6-bso11599.patch b/src/patches/samba/CVE-2015-5330-v3-6-bso11599.patch
new file mode 100644 (file)
index 0000000..4ae1473
--- /dev/null
@@ -0,0 +1,214 @@
+From a96c0528c68093d155b674269a9c8bf48315fc01 Mon Sep 17 00:00:00 2001
+From: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
+Date: Tue, 24 Nov 2015 13:47:16 +1300
+Subject: [PATCH 1/3] CVE-2015-5330: Fix handling of unicode near string
+ endings
+
+Until now next_codepoint_ext() and next_codepoint_handle_ext() were
+using strnlen(str, 5) to determine how much string they should try to
+decode. This ended up looking past the end of the string when it was not
+null terminated and the final character looked like a multi-byte encoding.
+The fix is to let the caller say how long the string can be.
+
+Bug: https://bugzilla.samba.org/show_bug.cgi?id=11599
+
+Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
+Pair-programmed-with: Andrew Bartlett <abartlet@samba.org>
+Reviewed-by: Ralph Boehme <slow@samba.org>
+---
+ lib/util/charset/charset.h     |  9 +++++----
+ lib/util/charset/codepoints.c  | 19 +++++++++++++------
+ lib/util/charset/util_unistr.c |  5 ++++-
+ source3/lib/util_str.c         |  2 +-
+ 4 files changed, 23 insertions(+), 12 deletions(-)
+
+diff --git a/lib/util/charset/charset.h b/lib/util/charset/charset.h
+index 474d77e..b70aa61 100644
+--- a/lib/util/charset/charset.h
++++ b/lib/util/charset/charset.h
+@@ -175,15 +175,16 @@ smb_iconv_t get_conv_handle(struct smb_iconv_convenience *ic,
+                           charset_t from, charset_t to);
+ const char *charset_name(struct smb_iconv_convenience *ic, charset_t ch);
+-codepoint_t next_codepoint_ext(const char *str, charset_t src_charset,
+-                             size_t *size);
++codepoint_t next_codepoint_ext(const char *str, size_t len,
++                             charset_t src_charset, size_t *size);
+ codepoint_t next_codepoint(const char *str, size_t *size);
+ ssize_t push_codepoint(char *str, codepoint_t c);
+ /* codepoints */
+ codepoint_t next_codepoint_convenience_ext(struct smb_iconv_convenience *ic,
+-                          const char *str, charset_t src_charset,
+-                          size_t *size);
++                                         const char *str, size_t len,
++                                         charset_t src_charset,
++                                         size_t *size);
+ codepoint_t next_codepoint_convenience(struct smb_iconv_convenience *ic, 
+                           const char *str, size_t *size);
+ ssize_t push_codepoint_convenience(struct smb_iconv_convenience *ic, 
+diff --git a/lib/util/charset/codepoints.c b/lib/util/charset/codepoints.c
+index 5ee95a8..8dd647e 100644
+--- a/lib/util/charset/codepoints.c
++++ b/lib/util/charset/codepoints.c
+@@ -346,7 +346,8 @@ smb_iconv_t get_conv_handle(struct smb_iconv_convenience *ic,
+  */
+ _PUBLIC_ codepoint_t next_codepoint_convenience_ext(
+                       struct smb_iconv_convenience *ic,
+-                      const char *str, charset_t src_charset,
++                      const char *str, size_t len,
++                      charset_t src_charset,
+                       size_t *bytes_consumed)
+ {
+       /* it cannot occupy more than 4 bytes in UTF16 format */
+@@ -366,7 +367,7 @@ _PUBLIC_ codepoint_t next_codepoint_convenience_ext(
+        * we assume that no multi-byte character can take more than 5 bytes.
+        * This is OK as we only support codepoints up to 1M (U+100000)
+        */
+-      ilen_orig = strnlen(str, 5);
++      ilen_orig = MIN(len, 5);
+       ilen = ilen_orig;
+       descriptor = get_conv_handle(ic, src_charset, CH_UTF16);
+@@ -424,7 +425,13 @@ _PUBLIC_ codepoint_t next_codepoint_convenience_ext(
+ _PUBLIC_ codepoint_t next_codepoint_convenience(struct smb_iconv_convenience *ic,
+                                   const char *str, size_t *size)
+ {
+-      return next_codepoint_convenience_ext(ic, str, CH_UNIX, size);
++      /*
++       * We assume that no multi-byte character can take more than 5 bytes
++       * thus avoiding walking all the way down a long string. This is OK as
++       * Unicode codepoints only go up to (U+10ffff), which can always be
++       * encoded in 4 bytes or less.
++       */
++      return next_codepoint_convenience_ext(ic, str, strnlen(str, 5), CH_UNIX, size);
+ }
+ /*
+@@ -486,10 +493,10 @@ _PUBLIC_ ssize_t push_codepoint_convenience(struct smb_iconv_convenience *ic,
+       return 5 - olen;
+ }
+-_PUBLIC_ codepoint_t next_codepoint_ext(const char *str, charset_t src_charset,
+-                                      size_t *size)
++_PUBLIC_ codepoint_t next_codepoint_ext(const char *str, size_t len,
++                                      charset_t src_charset, size_t *size)
+ {
+-      return next_codepoint_convenience_ext(get_iconv_convenience(), str,
++      return next_codepoint_convenience_ext(get_iconv_convenience(), str, len,
+                                             src_charset, size);
+ }
+diff --git a/lib/util/charset/util_unistr.c b/lib/util/charset/util_unistr.c
+index 760be77..d9e9b34 100644
+--- a/lib/util/charset/util_unistr.c
++++ b/lib/util/charset/util_unistr.c
+@@ -485,7 +485,10 @@ _PUBLIC_ char *strupper_talloc_n(TALLOC_CTX *ctx, const char *src, size_t n)
+       while (n-- && *src) {
+               size_t c_size;
+-              codepoint_t c = next_codepoint_convenience(iconv_convenience, src, &c_size);
++              codepoint_t c = next_codepoint_convenience_ext(iconv_convenience,
++                                                             src,
++                                                             n,
++                                                             &c_size);
+               src += c_size;
+               c = toupper_m(c);
+diff --git a/source3/lib/util_str.c b/source3/lib/util_str.c
+index 4701528..f8a5160 100644
+--- a/source3/lib/util_str.c
++++ b/source3/lib/util_str.c
+@@ -1486,7 +1486,7 @@ size_t strlen_m_ext(const char *s, const charset_t src_charset,
+       while (*s) {
+               size_t c_size;
+-              codepoint_t c = next_codepoint_ext(s, src_charset, &c_size);
++              codepoint_t c = next_codepoint_ext(s, strnlen(s, 5), src_charset, &c_size);
+               s += c_size;
+               switch (dst_charset) {
+-- 
+2.5.0
+
+
+From 8298252a1ba9c014f7ceb76736abb38132181f79 Mon Sep 17 00:00:00 2001
+From: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
+Date: Tue, 24 Nov 2015 13:54:09 +1300
+Subject: [PATCH 2/3] CVE-2015-5330: next_codepoint_handle_ext: don't
+ short-circuit UTF16 low bytes
+
+UTF16 contains zero bytes when it is encoding ASCII (for example), so we
+can't assume the absense of the 0x80 bit means a one byte encoding. No
+current callers use UTF16.
+
+Bug: https://bugzilla.samba.org/show_bug.cgi?id=11599
+
+Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
+Pair-programmed-with: Andrew Bartlett <abartlet@samba.org>
+Reviewed-by: Ralph Boehme <slow@samba.org>
+---
+ lib/util/charset/codepoints.c | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/lib/util/charset/codepoints.c b/lib/util/charset/codepoints.c
+index 8dd647e..cf5f3e6 100644
+--- a/lib/util/charset/codepoints.c
++++ b/lib/util/charset/codepoints.c
+@@ -358,7 +358,10 @@ _PUBLIC_ codepoint_t next_codepoint_convenience_ext(
+       size_t olen;
+       char *outbuf;
+-      if ((str[0] & 0x80) == 0) {
++
++      if (((str[0] & 0x80) == 0) && (src_charset == CH_DOS ||
++                                     src_charset == CH_UNIX ||
++                                     src_charset == CH_UTF8)) {
+               *bytes_consumed = 1;
+               return (codepoint_t)str[0];
+       }
+-- 
+2.5.0
+
+
+From 0988b7cb606a7e4cd73fd8db02806abbc9d8f2e0 Mon Sep 17 00:00:00 2001
+From: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
+Date: Tue, 24 Nov 2015 13:49:09 +1300
+Subject: [PATCH 3/3] CVE-2015-5330: strupper_talloc_n_handle(): properly count
+ characters
+
+When a codepoint eats more than one byte we really want to know,
+especially if the string is not NUL terminated.
+
+Bug: https://bugzilla.samba.org/show_bug.cgi?id=11599
+
+Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
+Pair-programmed-with: Andrew Bartlett <abartlet@samba.org>
+Reviewed-by: Ralph Boehme <slow@samba.org>
+---
+ lib/util/charset/util_unistr.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/lib/util/charset/util_unistr.c b/lib/util/charset/util_unistr.c
+index d9e9b34..6dad43f 100644
+--- a/lib/util/charset/util_unistr.c
++++ b/lib/util/charset/util_unistr.c
+@@ -483,13 +483,14 @@ _PUBLIC_ char *strupper_talloc_n(TALLOC_CTX *ctx, const char *src, size_t n)
+               return NULL;
+       }
+-      while (n-- && *src) {
++      while (n && *src) {
+               size_t c_size;
+               codepoint_t c = next_codepoint_convenience_ext(iconv_convenience,
+                                                              src,
+                                                              n,
+                                                              &c_size);
+               src += c_size;
++              n -= c_size;
+               c = toupper_m(c);
+-- 
+2.5.0
+
diff --git a/src/patches/samba/CVE-2016-2125-v3.6.patch b/src/patches/samba/CVE-2016-2125-v3.6.patch
new file mode 100644 (file)
index 0000000..f67b5d0
--- /dev/null
@@ -0,0 +1,46 @@
+From 7cc3b25f4bf9e89e326d04b83bc7365f3cc29265 Mon Sep 17 00:00:00 2001
+From: Stefan Metzmacher <metze@samba.org>
+Date: Wed, 7 Dec 2016 10:58:35 +0100
+Subject: [PATCH] CVE-2016-2125: s3:gse: avoid using GSS_C_DELEG_FLAG
+
+We should only use GSS_C_DELEG_POLICY_FLAG in order to let
+the KDC decide if we should send delegated credentials to
+a remote server.
+
+BUG: https://bugzilla.samba.org/show_bug.cgi?id=12445
+
+Signed-off-by: Stefan Metzmacher <metze@samba.org>
+Backported-by: Andreas Schneider <asn@samba.org>
+---
+ source3/librpc/crypto/gse.c | 1 -
+ source3/libsmb/clifsinfo.c  | 2 +-
+ 2 files changed, 1 insertion(+), 2 deletions(-)
+
+diff --git a/source3/librpc/crypto/gse.c b/source3/librpc/crypto/gse.c
+index 02fb0f6141d..211ca7774be 100644
+--- a/source3/librpc/crypto/gse.c
++++ b/source3/librpc/crypto/gse.c
+@@ -162,7 +162,6 @@ static NTSTATUS gse_context_init(TALLOC_CTX *mem_ctx,
+       memcpy(&gse_ctx->gss_mech, gss_mech_krb5, sizeof(gss_OID_desc));
+       gse_ctx->gss_c_flags = GSS_C_MUTUAL_FLAG |
+-                              GSS_C_DELEG_FLAG |
+                               GSS_C_DELEG_POLICY_FLAG |
+                               GSS_C_REPLAY_FLAG |
+                               GSS_C_SEQUENCE_FLAG;
+diff --git a/source3/libsmb/clifsinfo.c b/source3/libsmb/clifsinfo.c
+index 1d66eb4c6b8..34ebc208db0 100644
+--- a/source3/libsmb/clifsinfo.c
++++ b/source3/libsmb/clifsinfo.c
+@@ -726,7 +726,7 @@ static NTSTATUS make_cli_gss_blob(TALLOC_CTX *ctx,
+                               &es->s.gss_state->gss_ctx,
+                               srv_name,
+                               GSS_C_NO_OID, /* default OID. */
+-                              GSS_C_MUTUAL_FLAG | GSS_C_REPLAY_FLAG | GSS_C_SEQUENCE_FLAG | GSS_C_DELEG_FLAG,
++                              GSS_C_MUTUAL_FLAG | GSS_C_REPLAY_FLAG | GSS_C_SEQUENCE_FLAG | GSS_C_DELEG_POLICY_FLAG,
+                               GSS_C_INDEFINITE,       /* requested ticket lifetime. */
+                               NULL,   /* no channel bindings */
+                               p_tok_in,
+-- 
+2.11.0
+
diff --git a/src/patches/samba/CVE-2016-2126-v3.6.patch b/src/patches/samba/CVE-2016-2126-v3.6.patch
new file mode 100644 (file)
index 0000000..8de651e
--- /dev/null
@@ -0,0 +1,80 @@
+From 4e47b5d703c54215804d595980be028f47a87cbf Mon Sep 17 00:00:00 2001
+From: Stefan Metzmacher <metze@samba.org>
+Date: Wed, 7 Dec 2016 11:18:59 +0100
+Subject: [PATCH] CVE-2016-2126: auth/kerberos: only allow known checksum types
+ in check_pac_checksum()
+
+AES based checksums can only be checked with the corresponding AES based
+keytype.
+
+Otherwise we may trigger an undefined code path deep in the kerberos
+libraries, which can leed to segmentation faults.
+
+BUG: https://bugzilla.samba.org/show_bug.cgi?id=12446
+
+Signed-off-by: Stefan Metzmacher <metze@samba.org>
+Backported-by: Andreas Schneider <asn@samba.org>
+---
+ source3/include/smb_krb5.h | 12 ++++++++++++
+ source3/libads/authdata.c  | 22 ++++++++++++++++++++++
+ 2 files changed, 34 insertions(+)
+
+diff --git a/source3/include/smb_krb5.h b/source3/include/smb_krb5.h
+index 5a55d3040d5..2780622f512 100644
+--- a/source3/include/smb_krb5.h
++++ b/source3/include/smb_krb5.h
+@@ -61,6 +61,18 @@
+ #define ENCTYPE_ARCFOUR_HMAC ENCTYPE_ARCFOUR_HMAC_MD5
+ #endif
++#if !defined(CKSUMTYPE_HMAC_MD5_ARCFOUR) && defined(CKSUMTYPE_HMAC_MD5)
++#define CKSUMTYPE_HMAC_MD5_ARCFOUR CKSUMTYPE_HMAC_MD5
++#endif
++
++#if !defined(CKSUMTYPE_HMAC_SHA1_96_AES256) && defined(CKSUMTYPE_HMAC_SHA1_96_AES_256)
++#define CKSUMTYPE_HMAC_SHA1_96_AES256 CKSUMTYPE_HMAC_SHA1_96_AES_256
++#endif
++
++#if !defined(CKSUMTYPE_HMAC_SHA1_96_AES128) && defined(CKSUMTYPE_HMAC_SHA1_96_AES_128)
++#define CKSUMTYPE_HMAC_SHA1_96_AES128 CKSUMTYPE_HMAC_SHA1_96_AES_128
++#endif
++
+ /* The older versions of heimdal that don't have this
+    define don't seem to use it anyway.  I'm told they
+    always use a subkey */
+diff --git a/source3/libads/authdata.c b/source3/libads/authdata.c
+index 0d877ddef89..30622843f1d 100644
+--- a/source3/libads/authdata.c
++++ b/source3/libads/authdata.c
+@@ -42,6 +42,28 @@ static krb5_error_code check_pac_checksum(TALLOC_CTX *mem_ctx,
+       krb5_checksum cksum;
+       krb5_keyusage usage = 0;
++      switch (sig->type) {
++      case CKSUMTYPE_HMAC_MD5_ARCFOUR:
++              /* ignores the key type */
++              break;
++      case CKSUMTYPE_HMAC_SHA1_96_AES256:
++              if (KRB5_KEY_TYPE(keyblock) != ENCTYPE_AES256_CTS_HMAC_SHA1_96) {
++                      return EINVAL;
++              }
++              /* ok */
++              break;
++      case CKSUMTYPE_HMAC_SHA1_96_AES128:
++              if (KRB5_KEY_TYPE(keyblock) != ENCTYPE_AES128_CTS_HMAC_SHA1_96) {
++                      return EINVAL;
++              }
++              /* ok */
++              break;
++      default:
++              DEBUG(2,("check_pac_checksum: Checksum Type %d is not supported\n",
++                      (int)sig->type));
++              return EINVAL;
++      }
++
+       smb_krb5_checksum_from_pac_sig(&cksum, sig);
+ #ifdef HAVE_KRB5_KU_OTHER_CKSUM /* Heimdal */
+-- 
+2.11.0
+
diff --git a/src/patches/samba/CVE-2017-7494-v3-6.patch b/src/patches/samba/CVE-2017-7494-v3-6.patch
new file mode 100644 (file)
index 0000000..3b0d94c
--- /dev/null
@@ -0,0 +1,32 @@
+From b719a4d53fc6d590f4fac340d956344a5246de4e Mon Sep 17 00:00:00 2001
+From: Volker Lendecke <vl@samba.org>
+Date: Mon, 8 May 2017 21:40:40 +0200
+Subject: [PATCH] CVE-2017-7494: Refuse to open pipe names with / inside
+
+BUG: https://bugzilla.samba.org/show_bug.cgi?id=12780
+
+Signed-off-by: Volker Lendecke <vl@samba.org>
+Reviewed-by: Andreas Schneider <asn@samba.org>
+---
+ source3/rpc_server/srv_pipe.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c
+index ec24fe7..b80e3f5 100644
+--- a/source3/rpc_server/srv_pipe.c
++++ b/source3/rpc_server/srv_pipe.c
+@@ -473,6 +473,11 @@ bool is_known_pipename(const char *cli_filename, struct ndr_syntax_id *syntax)
+               pipename += 1;
+       }
++      if (strchr(pipename, '/')) {
++              DEBUG(1,("Refusing open on pipe %s\n", pipename));
++              return false;
++      }
++
+       if (lp_disable_spoolss() && strequal(pipename, "spoolss")) {
+               DEBUG(10, ("refusing spoolss access\n"));
+               return false;
+-- 
+2.9.4
+
diff --git a/src/patches/samba/doc-update.patch b/src/patches/samba/doc-update.patch
new file mode 100644 (file)
index 0000000..a0323b9
--- /dev/null
@@ -0,0 +1,2538 @@
+Index: samba-3.6.23/docs/manpages/dbwrap_tool.1
+===================================================================
+--- samba-3.6.23.orig/docs/manpages/dbwrap_tool.1
++++ samba-3.6.23/docs/manpages/dbwrap_tool.1
+@@ -1,13 +1,13 @@
+ '\" t
+ .\"     Title: dbwrap_tool
+ .\"    Author: [see the "AUTHOR" section]
+-.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
+-.\"      Date: 09/18/2013
++.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
++.\"      Date: 04/11/2016
+ .\"    Manual: System Administration tools
+ .\"    Source: Samba 3.6
+ .\"  Language: English
+ .\"
+-.TH "DBWRAP_TOOL" "1" "09/18/2013" "Samba 3\&.6" "System Administration tools"
++.TH "DBWRAP_TOOL" "1" "04/11/2016" "Samba 3\&.6" "System Administration tools"
+ .\" -----------------------------------------------------------------
+ .\" * Define some portability stuff
+ .\" -----------------------------------------------------------------
+Index: samba-3.6.23/docs/manpages/eventlogadm.8
+===================================================================
+--- samba-3.6.23.orig/docs/manpages/eventlogadm.8
++++ samba-3.6.23/docs/manpages/eventlogadm.8
+@@ -1,13 +1,13 @@
+ '\" t
+ .\"     Title: eventlogadm
+ .\"    Author: [see the "AUTHOR" section]
+-.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
+-.\"      Date: 09/18/2013
++.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
++.\"      Date: 04/11/2016
+ .\"    Manual: System Administration tools
+ .\"    Source: Samba 3.6
+ .\"  Language: English
+ .\"
+-.TH "EVENTLOGADM" "8" "09/18/2013" "Samba 3\&.6" "System Administration tools"
++.TH "EVENTLOGADM" "8" "04/11/2016" "Samba 3\&.6" "System Administration tools"
+ .\" -----------------------------------------------------------------
+ .\" * Define some portability stuff
+ .\" -----------------------------------------------------------------
+@@ -105,7 +105,6 @@ The event log record field are:
+ .sp -1
+ .IP \(bu 2.3
+ .\}
+-
+ LEN
+ \- This field should be 0, since
+ eventlogadm
+@@ -120,7 +119,6 @@ will calculate this value\&.
+ .sp -1
+ .IP \(bu 2.3
+ .\}
+-
+ RS1
+ \- This must be the value 1699505740\&.
+ .RE
+@@ -133,7 +131,6 @@ RS1
+ .sp -1
+ .IP \(bu 2.3
+ .\}
+-
+ RCN
+ \- This field should be 0\&.
+ .RE
+@@ -146,7 +143,6 @@ RCN
+ .sp -1
+ .IP \(bu 2.3
+ .\}
+-
+ TMG
+ \- The time the eventlog record was generated; format is the number of seconds since 00:00:00 January 1, 1970, UTC\&.
+ .RE
+@@ -159,7 +155,6 @@ TMG
+ .sp -1
+ .IP \(bu 2.3
+ .\}
+-
+ TMW
+ \- The time the eventlog record was written; format is the number of seconds since 00:00:00 January 1, 1970, UTC\&.
+ .RE
+@@ -172,7 +167,6 @@ TMW
+ .sp -1
+ .IP \(bu 2.3
+ .\}
+-
+ EID
+ \- The eventlog ID\&.
+ .RE
+@@ -185,7 +179,6 @@ EID
+ .sp -1
+ .IP \(bu 2.3
+ .\}
+-
+ ETP
+ \- The event type \-\- one of "INFO", "ERROR", "WARNING", "AUDIT SUCCESS" or "AUDIT FAILURE"\&.
+ .RE
+@@ -198,7 +191,6 @@ ETP
+ .sp -1
+ .IP \(bu 2.3
+ .\}
+-
+ ECT
+ \- The event category; this depends on the message file\&. It is primarily used as a means of filtering in the eventlog viewer\&.
+ .RE
+@@ -211,7 +203,6 @@ ECT
+ .sp -1
+ .IP \(bu 2.3
+ .\}
+-
+ RS2
+ \- This field should be 0\&.
+ .RE
+@@ -224,7 +215,6 @@ RS2
+ .sp -1
+ .IP \(bu 2.3
+ .\}
+-
+ CRN
+ \- This field should be 0\&.
+ .RE
+@@ -237,7 +227,6 @@ CRN
+ .sp -1
+ .IP \(bu 2.3
+ .\}
+-
+ USL
+ \- This field should be 0\&.
+ .RE
+@@ -250,7 +239,6 @@ USL
+ .sp -1
+ .IP \(bu 2.3
+ .\}
+-
+ SRC
+ \- This field contains the source name associated with the event log\&. If a message file is used with an event log, there will be a registry entry for associating this source name with a message file DLL\&.
+ .RE
+@@ -263,7 +251,6 @@ SRC
+ .sp -1
+ .IP \(bu 2.3
+ .\}
+-
+ SRN
+ \- The name of the machine on which the eventlog was generated\&. This is typically the host name\&.
+ .RE
+@@ -276,7 +263,6 @@ SRN
+ .sp -1
+ .IP \(bu 2.3
+ .\}
+-
+ STR
+ \- The text associated with the eventlog\&. There may be more than one string in a record\&.
+ .RE
+@@ -289,7 +275,6 @@ STR
+ .sp -1
+ .IP \(bu 2.3
+ .\}
+-
+ DAT
+ \- This field should be left unset\&.
+ .RE
+Index: samba-3.6.23/docs/manpages/findsmb.1
+===================================================================
+--- samba-3.6.23.orig/docs/manpages/findsmb.1
++++ samba-3.6.23/docs/manpages/findsmb.1
+@@ -1,13 +1,13 @@
+ '\" t
+ .\"     Title: findsmb
+ .\"    Author: [see the "AUTHOR" section]
+-.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
+-.\"      Date: 09/18/2013
++.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
++.\"      Date: 04/11/2016
+ .\"    Manual: User Commands
+ .\"    Source: Samba 3.6
+ .\"  Language: English
+ .\"
+-.TH "FINDSMB" "1" "09/18/2013" "Samba 3\&.6" "User Commands"
++.TH "FINDSMB" "1" "04/11/2016" "Samba 3\&.6" "User Commands"
+ .\" -----------------------------------------------------------------
+ .\" * Define some portability stuff
+ .\" -----------------------------------------------------------------
+Index: samba-3.6.23/docs/manpages/idmap_ad.8
+===================================================================
+--- samba-3.6.23.orig/docs/manpages/idmap_ad.8
++++ samba-3.6.23/docs/manpages/idmap_ad.8
+@@ -1,13 +1,13 @@
+ '\" t
+ .\"     Title: idmap_ad
+ .\"    Author: [see the "AUTHOR" section]
+-.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
+-.\"      Date: 09/18/2013
++.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
++.\"      Date: 04/11/2016
+ .\"    Manual: System Administration tools
+ .\"    Source: Samba 3.6
+ .\"  Language: English
+ .\"
+-.TH "IDMAP_AD" "8" "09/18/2013" "Samba 3\&.6" "System Administration tools"
++.TH "IDMAP_AD" "8" "04/11/2016" "Samba 3\&.6" "System Administration tools"
+ .\" -----------------------------------------------------------------
+ .\" * Define some portability stuff
+ .\" -----------------------------------------------------------------
+Index: samba-3.6.23/docs/manpages/idmap_adex.8
+===================================================================
+--- samba-3.6.23.orig/docs/manpages/idmap_adex.8
++++ samba-3.6.23/docs/manpages/idmap_adex.8
+@@ -1,13 +1,13 @@
+ '\" t
+ .\"     Title: idmap_adex
+ .\"    Author: [see the "AUTHOR" section]
+-.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
+-.\"      Date: 09/18/2013
++.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
++.\"      Date: 04/11/2016
+ .\"    Manual: System Administration tools
+ .\"    Source: Samba 3.6
+ .\"  Language: English
+ .\"
+-.TH "IDMAP_ADEX" "8" "09/18/2013" "Samba 3\&.6" "System Administration tools"
++.TH "IDMAP_ADEX" "8" "04/11/2016" "Samba 3\&.6" "System Administration tools"
+ .\" -----------------------------------------------------------------
+ .\" * Define some portability stuff
+ .\" -----------------------------------------------------------------
+Index: samba-3.6.23/docs/manpages/idmap_autorid.8
+===================================================================
+--- samba-3.6.23.orig/docs/manpages/idmap_autorid.8
++++ samba-3.6.23/docs/manpages/idmap_autorid.8
+@@ -1,13 +1,13 @@
+ '\" t
+ .\"     Title: idmap_autorid
+ .\"    Author: [see the "AUTHOR" section]
+-.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
+-.\"      Date: 09/18/2013
++.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
++.\"      Date: 04/11/2016
+ .\"    Manual: System Administration tools
+ .\"    Source: Samba 3.6
+ .\"  Language: English
+ .\"
+-.TH "IDMAP_AUTORID" "8" "09/18/2013" "Samba 3\&.6" "System Administration tools"
++.TH "IDMAP_AUTORID" "8" "04/11/2016" "Samba 3\&.6" "System Administration tools"
+ .\" -----------------------------------------------------------------
+ .\" * Define some portability stuff
+ .\" -----------------------------------------------------------------
+Index: samba-3.6.23/docs/manpages/idmap_hash.8
+===================================================================
+--- samba-3.6.23.orig/docs/manpages/idmap_hash.8
++++ samba-3.6.23/docs/manpages/idmap_hash.8
+@@ -1,13 +1,13 @@
+ '\" t
+ .\"     Title: idmap_hash
+ .\"    Author: [see the "AUTHOR" section]
+-.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
+-.\"      Date: 09/18/2013
++.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
++.\"      Date: 04/11/2016
+ .\"    Manual: System Administration tools
+ .\"    Source: Samba 3.6
+ .\"  Language: English
+ .\"
+-.TH "IDMAP_HASH" "8" "09/18/2013" "Samba 3\&.6" "System Administration tools"
++.TH "IDMAP_HASH" "8" "04/11/2016" "Samba 3\&.6" "System Administration tools"
+ .\" -----------------------------------------------------------------
+ .\" * Define some portability stuff
+ .\" -----------------------------------------------------------------
+Index: samba-3.6.23/docs/manpages/idmap_ldap.8
+===================================================================
+--- samba-3.6.23.orig/docs/manpages/idmap_ldap.8
++++ samba-3.6.23/docs/manpages/idmap_ldap.8
+@@ -1,13 +1,13 @@
+ '\" t
+ .\"     Title: idmap_ldap
+ .\"    Author: [see the "AUTHOR" section]
+-.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
+-.\"      Date: 09/18/2013
++.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
++.\"      Date: 04/11/2016
+ .\"    Manual: System Administration tools
+ .\"    Source: Samba 3.6
+ .\"  Language: English
+ .\"
+-.TH "IDMAP_LDAP" "8" "09/18/2013" "Samba 3\&.6" "System Administration tools"
++.TH "IDMAP_LDAP" "8" "04/11/2016" "Samba 3\&.6" "System Administration tools"
+ .\" -----------------------------------------------------------------
+ .\" * Define some portability stuff
+ .\" -----------------------------------------------------------------
+Index: samba-3.6.23/docs/manpages/idmap_nss.8
+===================================================================
+--- samba-3.6.23.orig/docs/manpages/idmap_nss.8
++++ samba-3.6.23/docs/manpages/idmap_nss.8
+@@ -1,13 +1,13 @@
+ '\" t
+ .\"     Title: idmap_nss
+ .\"    Author: [see the "AUTHOR" section]
+-.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
+-.\"      Date: 09/18/2013
++.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
++.\"      Date: 04/11/2016
+ .\"    Manual: System Administration tools
+ .\"    Source: Samba 3.6
+ .\"  Language: English
+ .\"
+-.TH "IDMAP_NSS" "8" "09/18/2013" "Samba 3\&.6" "System Administration tools"
++.TH "IDMAP_NSS" "8" "04/11/2016" "Samba 3\&.6" "System Administration tools"
+ .\" -----------------------------------------------------------------
+ .\" * Define some portability stuff
+ .\" -----------------------------------------------------------------
+Index: samba-3.6.23/docs/manpages/idmap_rid.8
+===================================================================
+--- samba-3.6.23.orig/docs/manpages/idmap_rid.8
++++ samba-3.6.23/docs/manpages/idmap_rid.8
+@@ -1,13 +1,13 @@
+ '\" t
+ .\"     Title: idmap_rid
+ .\"    Author: [see the "AUTHOR" section]
+-.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
+-.\"      Date: 09/18/2013
++.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
++.\"      Date: 04/11/2016
+ .\"    Manual: System Administration tools
+ .\"    Source: Samba 3.6
+ .\"  Language: English
+ .\"
+-.TH "IDMAP_RID" "8" "09/18/2013" "Samba 3\&.6" "System Administration tools"
++.TH "IDMAP_RID" "8" "04/11/2016" "Samba 3\&.6" "System Administration tools"
+ .\" -----------------------------------------------------------------
+ .\" * Define some portability stuff
+ .\" -----------------------------------------------------------------
+Index: samba-3.6.23/docs/manpages/idmap_tdb2.8
+===================================================================
+--- samba-3.6.23.orig/docs/manpages/idmap_tdb2.8
++++ samba-3.6.23/docs/manpages/idmap_tdb2.8
+@@ -1,13 +1,13 @@
+ '\" t
+ .\"     Title: idmap_tdb2
+ .\"    Author: [see the "AUTHOR" section]
+-.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
+-.\"      Date: 09/18/2013
++.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
++.\"      Date: 04/11/2016
+ .\"    Manual: System Administration tools
+ .\"    Source: Samba 3.6
+ .\"  Language: English
+ .\"
+-.TH "IDMAP_TDB2" "8" "09/18/2013" "Samba 3\&.6" "System Administration tools"
++.TH "IDMAP_TDB2" "8" "04/11/2016" "Samba 3\&.6" "System Administration tools"
+ .\" -----------------------------------------------------------------
+ .\" * Define some portability stuff
+ .\" -----------------------------------------------------------------
+Index: samba-3.6.23/docs/manpages/idmap_tdb.8
+===================================================================
+--- samba-3.6.23.orig/docs/manpages/idmap_tdb.8
++++ samba-3.6.23/docs/manpages/idmap_tdb.8
+@@ -1,13 +1,13 @@
+ '\" t
+ .\"     Title: idmap_tdb
+ .\"    Author: [see the "AUTHOR" section]
+-.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
+-.\"      Date: 09/18/2013
++.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
++.\"      Date: 04/11/2016
+ .\"    Manual: System Administration tools
+ .\"    Source: Samba 3.6
+ .\"  Language: English
+ .\"
+-.TH "IDMAP_TDB" "8" "09/18/2013" "Samba 3\&.6" "System Administration tools"
++.TH "IDMAP_TDB" "8" "04/11/2016" "Samba 3\&.6" "System Administration tools"
+ .\" -----------------------------------------------------------------
+ .\" * Define some portability stuff
+ .\" -----------------------------------------------------------------
+Index: samba-3.6.23/docs/manpages/libsmbclient.7
+===================================================================
+--- samba-3.6.23.orig/docs/manpages/libsmbclient.7
++++ samba-3.6.23/docs/manpages/libsmbclient.7
+@@ -1,13 +1,13 @@
+ '\" t
+ .\"     Title: libsmbclient
+ .\"    Author: [see the "AUTHOR" section]
+-.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
+-.\"      Date: 09/18/2013
++.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
++.\"      Date: 04/11/2016
+ .\"    Manual: 7
+ .\"    Source: Samba 3.6
+ .\"  Language: English
+ .\"
+-.TH "LIBSMBCLIENT" "7" "09/18/2013" "Samba 3\&.6" "7"
++.TH "LIBSMBCLIENT" "7" "04/11/2016" "Samba 3\&.6" "7"
+ .\" -----------------------------------------------------------------
+ .\" * Define some portability stuff
+ .\" -----------------------------------------------------------------
+@@ -40,11 +40,9 @@ This tool is part of the
+ \fBsamba\fR(7)
+ suite\&.
+ .PP
+-
+ libsmbclient
+ is a library toolset that permits applications to manipulate CIFS/SMB network resources using many of the standards POSIX functions available for manipulating local UNIX/Linux files\&. It permits much more than just browsing, files can be opened and read or written, permissions changed, file times modified, attributes and ACL\*(Aqs can be manipulated, and so on\&. Of course, its functionality includes all the capabilities commonly called browsing\&.
+ .PP
+-
+ libsmbclient
+ can not be used directly from the command line, instead it provides an extension of the capabilities of tools such as file managers and browsers\&. This man page describes the configuration options for this tool so that the user may obtain greatest utility of use\&.
+ .SH "OPTIONS"
+@@ -77,7 +75,6 @@ and then append the contents of the
+ ~/\&.smb/smb\&.conf\&.append
+ to it\&.
+ .PP
+-
+ libsmbclient
+ will check the users shell environment for the
+ USER
+Index: samba-3.6.23/docs/manpages/lmhosts.5
+===================================================================
+--- samba-3.6.23.orig/docs/manpages/lmhosts.5
++++ samba-3.6.23/docs/manpages/lmhosts.5
+@@ -1,13 +1,13 @@
+ '\" t
+ .\"     Title: lmhosts
+ .\"    Author: [see the "AUTHOR" section]
+-.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
+-.\"      Date: 09/18/2013
++.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
++.\"      Date: 04/11/2016
+ .\"    Manual: File Formats and Conventions
+ .\"    Source: Samba 3.6
+ .\"  Language: English
+ .\"
+-.TH "LMHOSTS" "5" "09/18/2013" "Samba 3\&.6" "File Formats and Conventions"
++.TH "LMHOSTS" "5" "04/11/2016" "Samba 3\&.6" "File Formats and Conventions"
+ .\" -----------------------------------------------------------------
+ .\" * Define some portability stuff
+ .\" -----------------------------------------------------------------
+Index: samba-3.6.23/docs/manpages/log2pcap.1
+===================================================================
+--- samba-3.6.23.orig/docs/manpages/log2pcap.1
++++ samba-3.6.23/docs/manpages/log2pcap.1
+@@ -1,13 +1,13 @@
+ '\" t
+ .\"     Title: log2pcap
+ .\"    Author: [see the "AUTHOR" section]
+-.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
+-.\"      Date: 09/18/2013
++.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
++.\"      Date: 04/11/2016
+ .\"    Manual: User Commands
+ .\"    Source: Samba 3.6
+ .\"  Language: English
+ .\"
+-.TH "LOG2PCAP" "1" "09/18/2013" "Samba 3\&.6" "User Commands"
++.TH "LOG2PCAP" "1" "04/11/2016" "Samba 3\&.6" "User Commands"
+ .\" -----------------------------------------------------------------
+ .\" * Define some portability stuff
+ .\" -----------------------------------------------------------------
+@@ -74,7 +74,7 @@ pcap_file
+ Name of the output file to write the pcap (or hexdump) data to\&. If this argument is not specified, output data will be written to stdout\&.
+ .RE
+ .PP
+-\-h|\-\-help
++\-?|\-\-help
+ .RS 4
+ Print a summary of command line options\&.
+ .RE
+Index: samba-3.6.23/docs/manpages/net.8
+===================================================================
+--- samba-3.6.23.orig/docs/manpages/net.8
++++ samba-3.6.23/docs/manpages/net.8
+@@ -1,13 +1,13 @@
+ '\" t
+ .\"     Title: net
+ .\"    Author: [see the "AUTHOR" section]
+-.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
+-.\"      Date: 09/18/2013
++.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
++.\"      Date: 04/11/2016
+ .\"    Manual: System Administration tools
+ .\"    Source: Samba 3.6
+ .\"  Language: English
+ .\"
+-.TH "NET" "8" "09/18/2013" "Samba 3\&.6" "System Administration tools"
++.TH "NET" "8" "04/11/2016" "Samba 3\&.6" "System Administration tools"
+ .\" -----------------------------------------------------------------
+ .\" * Define some portability stuff
+ .\" -----------------------------------------------------------------
+@@ -41,7 +41,7 @@ suite\&.
+ The Samba net utility is meant to work just like the net utility available for windows and DOS\&. The first argument should be used to specify the protocol to use when executing a certain command\&. ADS is used for ActiveDirectory, RAP is using for old (Win9x/NT3) clients and RPC can be used for NT4 and Windows 2000\&. If this argument is omitted, net will try to determine it automatically\&. Not all commands are available on all protocols\&.
+ .SH "OPTIONS"
+ .PP
+-\-h|\-\-help
++\-?|\-\-help
+ .RS 4
+ Print a summary of command line options\&.
+ .RE
+@@ -113,6 +113,11 @@ Make queries to the external server usin
+ Let client requests timeout after 30 seconds the default is 10 seconds\&.
+ .RE
+ .PP
++\-\-no\-dns\-updates
++.RS 4
++Do not perform DNS updates as part of "net ads join"\&.
++.RE
++.PP
+ \-d|\-\-debuglevel=level
+ .RS 4
+ \fIlevel\fR
+@@ -153,7 +158,7 @@ Tries to set the date and time of the lo
+ .SS "TIME ZONE"
+ .PP
+ Displays the timezone in hours from GMT on the remote computer\&.
+-.SS "[RPC|ADS] JOIN [TYPE] [\-U username[%password]] [createupn=UPN] [createcomputer=OU] [options]"
++.SS "[RPC|ADS] JOIN [TYPE] [\-\-no\-dns\-updates] [\-U username[%password]] [createupn=UPN] [createcomputer=OU] [options]"
+ .PP
+ Join a domain\&. If the account already exists on the server, and [TYPE] is MEMBER, the machine will attempt to join automatically\&. (Assuming that the machine has been created in server manager) Otherwise, a password will be prompted for, and a new account may be created\&.
+ .PP
+@@ -509,8 +514,6 @@ net groupmap delete {ntgroup=string|sid=
+ .PP
+ Update en existing group entry\&.
+ .PP
+-
+-.sp
+ .if n \{\
+ .RS 4
+ .\}
+@@ -1208,8 +1211,7 @@ may be one of
+ \fImulti_sz\fR
+ or
+ \fIdword\fR\&. In case of
+-\fImulti_sz\fR
+-\fIvalue\fR
++\fImulti_sz\fR\fIvalue\fR
+ may be given multiple times\&.
+ .SS "REGISTRY INCREMENT key name [inc]"
+ .PP
+Index: samba-3.6.23/docs/manpages/nmbd.8
+===================================================================
+--- samba-3.6.23.orig/docs/manpages/nmbd.8
++++ samba-3.6.23/docs/manpages/nmbd.8
+@@ -1,13 +1,13 @@
+ '\" t
+ .\"     Title: nmbd
+ .\"    Author: [see the "AUTHOR" section]
+-.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
+-.\"      Date: 09/18/2013
++.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
++.\"      Date: 04/11/2016
+ .\"    Manual: System Administration tools
+ .\"    Source: Samba 3.6
+ .\"  Language: English
+ .\"
+-.TH "NMBD" "8" "09/18/2013" "Samba 3\&.6" "System Administration tools"
++.TH "NMBD" "8" "04/11/2016" "Samba 3\&.6" "System Administration tools"
+ .\" -----------------------------------------------------------------
+ .\" * Define some portability stuff
+ .\" -----------------------------------------------------------------
+@@ -106,7 +106,7 @@ also logs to standard output, as if the
+ parameter had been given\&.
+ .RE
+ .PP
+-\-h|\-\-help
++\-?|\-\-help
+ .RS 4
+ Print a summary of command line options\&.
+ .RE
+@@ -264,7 +264,6 @@ The debug log level of nmbd may be raise
+ This man page is correct for version 3 of the Samba suite\&.
+ .SH "SEE ALSO"
+ .PP
+-
+ \fBinetd\fR(8),
+ \fBsmbd\fR(8),
+ \fBsmb.conf\fR(5),
+Index: samba-3.6.23/docs/manpages/nmblookup.1
+===================================================================
+--- samba-3.6.23.orig/docs/manpages/nmblookup.1
++++ samba-3.6.23/docs/manpages/nmblookup.1
+@@ -1,13 +1,13 @@
+ '\" t
+ .\"     Title: nmblookup
+ .\"    Author: [see the "AUTHOR" section]
+-.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
+-.\"      Date: 09/18/2013
++.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
++.\"      Date: 04/11/2016
+ .\"    Manual: User Commands
+ .\"    Source: Samba 3.6
+ .\"  Language: English
+ .\"
+-.TH "NMBLOOKUP" "1" "09/18/2013" "Samba 3\&.6" "User Commands"
++.TH "NMBLOOKUP" "1" "04/11/2016" "Samba 3\&.6" "User Commands"
+ .\" -----------------------------------------------------------------
+ .\" * Define some portability stuff
+ .\" -----------------------------------------------------------------
+@@ -109,7 +109,7 @@ smb\&.conf
+ manual page for the list of valid options\&.
+ .RE
+ .PP
+-\-h|\-\-help
++\-?|\-\-help
+ .RS 4
+ Print a summary of command line options\&.
+ .RE
+Index: samba-3.6.23/docs/manpages/ntlm_auth.1
+===================================================================
+--- samba-3.6.23.orig/docs/manpages/ntlm_auth.1
++++ samba-3.6.23/docs/manpages/ntlm_auth.1
+@@ -1,13 +1,13 @@
+ '\" t
+ .\"     Title: ntlm_auth
+ .\"    Author: [see the "AUTHOR" section]
+-.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
+-.\"      Date: 09/18/2013
++.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
++.\"      Date: 04/11/2016
+ .\"    Manual: User Commands
+ .\"    Source: Samba 3.6
+ .\"  Language: English
+ .\"
+-.TH "NTLM_AUTH" "1" "09/18/2013" "Samba 3\&.6" "User Commands"
++.TH "NTLM_AUTH" "1" "04/11/2016" "Samba 3\&.6" "User Commands"
+ .\" -----------------------------------------------------------------
+ .\" * Define some portability stuff
+ .\" -----------------------------------------------------------------
+@@ -347,7 +347,7 @@ Base directory name for log/debug files\
+ will be appended (e\&.g\&. log\&.smbclient, log\&.smbd, etc\&.\&.\&.)\&. The log file is never removed by the client\&.
+ .RE
+ .PP
+-\-h|\-\-help
++\-?|\-\-help
+ .RS 4
+ Print a summary of command line options\&.
+ .RE
+Index: samba-3.6.23/docs/manpages/pam_winbind.8
+===================================================================
+--- samba-3.6.23.orig/docs/manpages/pam_winbind.8
++++ samba-3.6.23/docs/manpages/pam_winbind.8
+@@ -1,13 +1,13 @@
+ '\" t
+ .\"     Title: pam_winbind
+ .\"    Author: [see the "AUTHOR" section]
+-.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
+-.\"      Date: 09/18/2013
++.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
++.\"      Date: 04/11/2016
+ .\"    Manual: 8
+ .\"    Source: Samba 3.6
+ .\"  Language: English
+ .\"
+-.TH "PAM_WINBIND" "8" "09/18/2013" "Samba 3\&.6" "8"
++.TH "PAM_WINBIND" "8" "04/11/2016" "Samba 3\&.6" "8"
+ .\" -----------------------------------------------------------------
+ .\" * Define some portability stuff
+ .\" -----------------------------------------------------------------
+Index: samba-3.6.23/docs/manpages/pam_winbind.conf.5
+===================================================================
+--- samba-3.6.23.orig/docs/manpages/pam_winbind.conf.5
++++ samba-3.6.23/docs/manpages/pam_winbind.conf.5
+@@ -1,13 +1,13 @@
+ '\" t
+ .\"     Title: pam_winbind.conf
+ .\"    Author: [see the "AUTHOR" section]
+-.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
+-.\"      Date: 09/18/2013
++.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
++.\"      Date: 04/11/2016
+ .\"    Manual: 5
+ .\"    Source: Samba 3.6
+ .\"  Language: English
+ .\"
+-.TH "PAM_WINBIND\&.CONF" "5" "09/18/2013" "Samba 3\&.6" "5"
++.TH "PAM_WINBIND\&.CONF" "5" "04/11/2016" "Samba 3\&.6" "5"
+ .\" -----------------------------------------------------------------
+ .\" * Define some portability stuff
+ .\" -----------------------------------------------------------------
+Index: samba-3.6.23/docs/manpages/pdbedit.8
+===================================================================
+--- samba-3.6.23.orig/docs/manpages/pdbedit.8
++++ samba-3.6.23/docs/manpages/pdbedit.8
+@@ -1,13 +1,13 @@
+ '\" t
+ .\"     Title: pdbedit
+ .\"    Author: [see the "AUTHOR" section]
+-.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
+-.\"      Date: 09/18/2013
++.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
++.\"      Date: 04/11/2016
+ .\"    Manual: System Administration tools
+ .\"    Source: Samba 3.6
+ .\"  Language: English
+ .\"
+-.TH "PDBEDIT" "8" "09/18/2013" "Samba 3\&.6" "System Administration tools"
++.TH "PDBEDIT" "8" "04/11/2016" "Samba 3\&.6" "System Administration tools"
+ .\" -----------------------------------------------------------------
+ .\" * Define some portability stuff
+ .\" -----------------------------------------------------------------
+@@ -204,8 +204,6 @@ Example:
+ .RS 4
+ This option can be used while adding or modifying a user account\&. It will specify the users\*(Aq account control property\&. Possible flags are listed below\&.
+ .sp
+-
+-.sp
+ .RS 4
+ .ie n \{\
+ \h'-04'\(bu\h'+03'\c
+@@ -555,7 +553,7 @@ Example:
+ This option is currently not being used\&.
+ .RE
+ .PP
+-\-h|\-\-help
++\-?|\-\-help
+ .RS 4
+ Print a summary of command line options\&.
+ .RE
+Index: samba-3.6.23/docs/manpages/profiles.1
+===================================================================
+--- samba-3.6.23.orig/docs/manpages/profiles.1
++++ samba-3.6.23/docs/manpages/profiles.1
+@@ -1,13 +1,13 @@
+ '\" t
+ .\"     Title: profiles
+ .\"    Author: [see the "AUTHOR" section]
+-.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
+-.\"      Date: 09/18/2013
++.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
++.\"      Date: 04/11/2016
+ .\"    Manual: User Commands
+ .\"    Source: Samba 3.6
+ .\"  Language: English
+ .\"
+-.TH "PROFILES" "1" "09/18/2013" "Samba 3\&.6" "User Commands"
++.TH "PROFILES" "1" "04/11/2016" "Samba 3\&.6" "User Commands"
+ .\" -----------------------------------------------------------------
+ .\" * Define some portability stuff
+ .\" -----------------------------------------------------------------
+@@ -59,7 +59,7 @@ file
+ by SID2\&.
+ .RE
+ .PP
+-\-h|\-\-help
++\-?|\-\-help
+ .RS 4
+ Print a summary of command line options\&.
+ .RE
+Index: samba-3.6.23/docs/manpages/rpcclient.1
+===================================================================
+--- samba-3.6.23.orig/docs/manpages/rpcclient.1
++++ samba-3.6.23/docs/manpages/rpcclient.1
+@@ -1,13 +1,13 @@
+ '\" t
+ .\"     Title: rpcclient
+ .\"    Author: [see the "AUTHOR" section]
+-.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
+-.\"      Date: 09/18/2013
++.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
++.\"      Date: 04/11/2016
+ .\"    Manual: User Commands
+ .\"    Source: Samba 3.6
+ .\"  Language: English
+ .\"
+-.TH "RPCCLIENT" "1" "09/18/2013" "Samba 3\&.6" "User Commands"
++.TH "RPCCLIENT" "1" "04/11/2016" "Samba 3\&.6" "User Commands"
+ .\" -----------------------------------------------------------------
+ .\" * Define some portability stuff
+ .\" -----------------------------------------------------------------
+@@ -199,7 +199,7 @@ smb\&.conf
+ manual page for the list of valid options\&.
+ .RE
+ .PP
+-\-h|\-\-help
++\-?|\-\-help
+ .RS 4
+ Print a summary of command line options\&.
+ .RE
+Index: samba-3.6.23/docs/manpages/samba.7
+===================================================================
+--- samba-3.6.23.orig/docs/manpages/samba.7
++++ samba-3.6.23/docs/manpages/samba.7
+@@ -1,13 +1,13 @@
+ '\" t
+ .\"     Title: samba
+ .\"    Author: [see the "AUTHOR" section]
+-.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
+-.\"      Date: 09/18/2013
++.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
++.\"      Date: 04/11/2016
+ .\"    Manual: Miscellanea
+ .\"    Source: Samba 3.6
+ .\"  Language: English
+ .\"
+-.TH "SAMBA" "7" "09/18/2013" "Samba 3\&.6" "Miscellanea"
++.TH "SAMBA" "7" "04/11/2016" "Samba 3\&.6" "Miscellanea"
+ .\" -----------------------------------------------------------------
+ .\" * Define some portability stuff
+ .\" -----------------------------------------------------------------
+Index: samba-3.6.23/docs/manpages/sharesec.1
+===================================================================
+--- samba-3.6.23.orig/docs/manpages/sharesec.1
++++ samba-3.6.23/docs/manpages/sharesec.1
+@@ -1,13 +1,13 @@
+ '\" t
+ .\"     Title: sharesec
+ .\"    Author: [see the "AUTHOR" section]
+-.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
+-.\"      Date: 09/18/2013
++.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
++.\"      Date: 04/11/2016
+ .\"    Manual: User Commands
+ .\"    Source: Samba 3.6
+ .\"  Language: English
+ .\"
+-.TH "SHARESEC" "1" "09/18/2013" "Samba 3\&.6" "User Commands"
++.TH "SHARESEC" "1" "04/11/2016" "Samba 3\&.6" "User Commands"
+ .\" -----------------------------------------------------------------
+ .\" * Define some portability stuff
+ .\" -----------------------------------------------------------------
+@@ -82,7 +82,7 @@ Remove ACEs\&.
+ Overwrite an existing share permission ACL\&.
+ .RE
+ .PP
+-\-h|\-\-help
++\-?|\-\-help
+ .RS 4
+ Print a summary of command line options\&.
+ .RE
+Index: samba-3.6.23/docs/manpages/smbcacls.1
+===================================================================
+--- samba-3.6.23.orig/docs/manpages/smbcacls.1
++++ samba-3.6.23/docs/manpages/smbcacls.1
+@@ -1,13 +1,13 @@
+ '\" t
+ .\"     Title: smbcacls
+ .\"    Author: [see the "AUTHOR" section]
+-.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
+-.\"      Date: 09/18/2013
++.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
++.\"      Date: 04/11/2016
+ .\"    Manual: User Commands
+ .\"    Source: Samba 3.6
+ .\"  Language: English
+ .\"
+-.TH "SMBCACLS" "1" "09/18/2013" "Samba 3\&.6" "User Commands"
++.TH "SMBCACLS" "1" "04/11/2016" "Samba 3\&.6" "User Commands"
+ .\" -----------------------------------------------------------------
+ .\" * Define some portability stuff
+ .\" -----------------------------------------------------------------
+@@ -102,7 +102,7 @@ This option displays all ACL information
+ Don\*(Aqt actually do anything, only validate the correctness of the arguments\&.
+ .RE
+ .PP
+-\-h|\-\-help
++\-?|\-\-help
+ .RS 4
+ Print a summary of command line options\&.
+ .RE
+Index: samba-3.6.23/docs/manpages/smbclient.1
+===================================================================
+--- samba-3.6.23.orig/docs/manpages/smbclient.1
++++ samba-3.6.23/docs/manpages/smbclient.1
+@@ -1,13 +1,13 @@
+ '\" t
+ .\"     Title: smbclient
+ .\"    Author: [see the "AUTHOR" section]
+-.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
+-.\"      Date: 09/18/2013
++.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
++.\"      Date: 04/11/2016
+ .\"    Manual: User Commands
+ .\"    Source: Samba 3.6
+ .\"  Language: English
+ .\"
+-.TH "SMBCLIENT" "1" "09/18/2013" "Samba 3\&.6" "User Commands"
++.TH "SMBCLIENT" "1" "04/11/2016" "Samba 3\&.6" "User Commands"
+ .\" -----------------------------------------------------------------
+ .\" * Define some portability stuff
+ .\" -----------------------------------------------------------------
+@@ -205,7 +205,7 @@ This parameter sets the maximum protocol
+ Make queries to the external server using the machine account of the local server\&.
+ .RE
+ .PP
+-\-h|\-\-help
++\-?|\-\-help
+ .RS 4
+ Print a summary of command line options\&.
+ .RE
+Index: samba-3.6.23/docs/manpages/smb.conf.5
+===================================================================
+--- samba-3.6.23.orig/docs/manpages/smb.conf.5
++++ samba-3.6.23/docs/manpages/smb.conf.5
+@@ -2,12 +2,12 @@
+ .\"     Title: smb.conf
+ .\"    Author: [see the "AUTHOR" section]
+ .\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
+-.\"      Date: 10/15/2015
++.\"      Date: 04/11/2016
+ .\"    Manual: File Formats and Conventions
+ .\"    Source: Samba 3.6
+ .\"  Language: English
+ .\"
+-.TH "SMB\&.CONF" "5" "10/15/2015" "Samba 3\&.6" "File Formats and Conventions"
++.TH "SMB\&.CONF" "5" "04/11/2016" "Samba 3\&.6" "File Formats and Conventions"
+ .\" -----------------------------------------------------------------
+ .\" * Define some portability stuff
+ .\" -----------------------------------------------------------------
+@@ -1371,6 +1371,24 @@ Example:
+ \fI\fIallocation roundup size\fR\fR\fI = \fR\fI0 # (to disable roundups)\fR\fI \fR
+ .RE
++allow dcerpc auth level connect (G)
++.\" allow dcerpc auth level connect
++.PP
++.RS 4
++This option controls whether DCERPC services are allowed to be used with DCERPC_AUTH_LEVEL_CONNECT, which provides authentication, but no per message integrity nor privacy protection\&.
++.sp
++The behavior can be controlled per interface name (e\&.g\&. lsarpc, netlogon, samr, srvsvc, winreg, wkssvc \&.\&.\&.) by using \*(Aqallow dcerpc auth level connect:interface = no\*(Aq as option\&.
++.sp
++This option yields precedence to the implentation specific restrictions\&. E\&.g\&. the drsuapi and backupkey protocols require DCERPC_AUTH_LEVEL_PRIVACY\&. While others like samr and lsarpc have a hardcoded default of
++\fBno\fR\&.
++.sp
++Default:
++\fI\fIallow dcerpc auth level connect\fR\fR\fI = \fR\fIno\fR\fI \fR
++.sp
++Example:
++\fI\fIallow dcerpc auth level connect\fR\fR\fI = \fR\fIyes\fR\fI \fR
++.RE
++
+ allow insecure wide links (G)
+ .\" allow insecure wide links
+ .PP
+@@ -1826,6 +1844,24 @@ Example:
+ \fI\fIcheck password script\fR\fR\fI = \fR\fI/usr/local/sbin/crackcheck\fR\fI \fR
+ .RE
++client ipc signing (G)
++.\" client ipc signing
++.PP
++.RS 4
++This controls whether the client is allowed or required to use SMB signing for IPC$ connections as DCERPC transport inside of winbind\&. Possible values are
++\fIauto\fR,
++\fImandatory\fR
++and
++\fIdisabled\fR\&.
++.sp
++When set to auto, SMB signing is offered, but not enforced and if set to disabled, SMB signing is not offered either\&.
++.sp
++Connections from winbindd to Active Directory Domain Controllers always enforce signing\&.
++.sp
++Default:
++\fI\fIclient ipc signing\fR\fR\fI = \fR\fImandatory\fR\fI \fR
++.RE
++
+ client lanman auth (G)
+ .\" client lanman auth
+ .PP
+@@ -1874,14 +1910,11 @@ is just an alias for
+ \fIseal\fR\&.
+ .sp
+ The default value is
+-\fIplain\fR
+-which is not irritable to KRB5 clock skew errors\&. That implies synchronizing the time with the KDC in the case of using
+-\fIsign\fR
+-or
+-\fIseal\fR\&.
++\fIsign\fR\&. That implies synchronizing the time with the KDC in the case of using
++\fIKerberos\fR\&.
+ .sp
+ Default:
+-\fI\fIclient ldap sasl wrapping\fR\fR\fI = \fR\fIplain\fR\fI \fR
++\fI\fIclient ldap sasl wrapping\fR\fR\fI = \fR\fIsign\fR\fI \fR
+ .RE
+ client ntlmv2 auth (G)
+@@ -1905,6 +1938,12 @@ client lanman auth\&.
+ .sp
+ Note that Windows Vista and later versions already use NTLMv2 by default, and some sites (particularly those following \*(Aqbest practice\*(Aq security polices) only allow NTLMv2 responses, and not the weaker LM or NTLM\&.
+ .sp
++When
++\m[blue]\fBclient use spnego\fR\m[]
++is also set to
++\fByes\fR
++extended security (SPNEGO) is required in order to use NTLMv2 only within NTLMSSP\&. This behavior was introduced with the patches for CVE\-2016\-2111\&.
++.sp
+ Default:
+ \fI\fIclient ntlmv2 auth\fR\fR\fI = \fR\fIyes\fR\fI \fR
+ .RE
+@@ -1949,6 +1988,7 @@ and
+ \fIdisabled\fR\&.
+ .sp
+ When set to auto, SMB signing is offered, but not enforced\&. When set to mandatory, SMB signing is required and if set to disabled, SMB signing is not offered either\&.
++IPC$ connections for DCERPC e\&.g\&. in winbindd, are handled by the \m[blue]\fBclient ipc signing\fR\m[] option\&.
+ .sp
+ Default:
+ \fI\fIclient signing\fR\fR\fI = \fR\fIauto\fR\fI \fR
+@@ -1978,6 +2018,12 @@ client use spnego (G)
+ .RS 4
+ This variable controls whether Samba clients will try to use Simple and Protected NEGOciation (as specified by rfc2478) with supporting servers (including WindowsXP, Windows2000 and Samba 3\&.0) to agree upon an authentication mechanism\&. This enables Kerberos authentication in particular\&.
+ .sp
++When
++\m[blue]\fBclient NTLMv2 auth\fR\m[]
++is also set to
++\fByes\fR
++extended security (SPNEGO) is required in order to use NTLMv2 only within NTLMSSP\&. This behavior was introduced with the patches for CVE\-2016\-2111\&.
++.sp
+ Default:
+ \fI\fIclient use spnego\fR\fR\fI = \fR\fIyes\fR\fI \fR
+ .RE
+@@ -8103,6 +8149,24 @@ Example:
+ \fI\fIqueueresume command\fR\fR\fI = \fR\fIenable %p\fR\fI \fR
+ .RE
++raw NTLMv2 auth (G)
++.\" raw NTLMv2 auth
++.PP
++.RS 4
++This parameter determines whether or not
++\fBsmbd\fR(8)
++will allow SMB1 clients without extended security (without SPNEGO) to use NTLMv2 authentication\&.
++.sp
++If this option,
++lanman auth
++and
++ntlm auth
++are all disabled, then only clients with SPNEGO support will be permitted\&. That means NTLMv2 is only supported within NTLMSSP\&.
++.sp
++Default:
++\fI\fIraw NTLMv2 auth\fR\fR\fI = \fR\fIno\fR\fI \fR
++.RE
++
+ read list (S)
+ .\" read list
+ .PP
+@@ -10699,6 +10763,18 @@ Default:
+ \fI\fIwinbind rpc only\fR\fR\fI = \fR\fIno\fR\fI \fR
+ .RE
++winbind sealed pipes (G)
++.\" winbind sealed pipes
++.PP
++.RS 4
++This option controls whether any requests from winbindd to domain controllers pipe will be sealed\&. Disabling sealing can be useful for debugging purposes\&.
++.sp
++The behavior can be controlled per netbios domain by using \*(Aqwinbind sealed pipes:NETBIOSDOMAIN = no\*(Aq as option\&.
++.sp
++Default:
++\fI\fIwinbind sealed pipes\fR\fR\fI = \fR\fIyes\fR\fI \fR
++.RE
++
+ winbind separator (G)
+ .\" winbind separator
+ .PP
+Index: samba-3.6.23/docs/manpages/smbcontrol.1
+===================================================================
+--- samba-3.6.23.orig/docs/manpages/smbcontrol.1
++++ samba-3.6.23/docs/manpages/smbcontrol.1
+@@ -1,13 +1,13 @@
+ '\" t
+ .\"     Title: smbcontrol
+ .\"    Author: [see the "AUTHOR" section]
+-.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
+-.\"      Date: 09/18/2013
++.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
++.\"      Date: 04/11/2016
+ .\"    Manual: User Commands
+ .\"    Source: Samba 3.6
+ .\"  Language: English
+ .\"
+-.TH "SMBCONTROL" "1" "09/18/2013" "Samba 3\&.6" "User Commands"
++.TH "SMBCONTROL" "1" "04/11/2016" "Samba 3\&.6" "User Commands"
+ .\" -----------------------------------------------------------------
+ .\" * Define some portability stuff
+ .\" -----------------------------------------------------------------
+@@ -48,7 +48,7 @@ is a very small program, which sends mes
+ daemon running on the system\&.
+ .SH "OPTIONS"
+ .PP
+-\-h|\-\-help
++\-?|\-\-help
+ .RS 4
+ Print a summary of command line options\&.
+ .RE
+Index: samba-3.6.23/docs/manpages/smbcquotas.1
+===================================================================
+--- samba-3.6.23.orig/docs/manpages/smbcquotas.1
++++ samba-3.6.23/docs/manpages/smbcquotas.1
+@@ -1,13 +1,13 @@
+ '\" t
+ .\"     Title: smbcquotas
+ .\"    Author: [see the "AUTHOR" section]
+-.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
+-.\"      Date: 09/18/2013
++.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
++.\"      Date: 04/11/2016
+ .\"    Manual: User Commands
+ .\"    Source: Samba 3.6
+ .\"  Language: English
+ .\"
+-.TH "SMBCQUOTAS" "1" "09/18/2013" "Samba 3\&.6" "User Commands"
++.TH "SMBCQUOTAS" "1" "04/11/2016" "Samba 3\&.6" "User Commands"
+ .\" -----------------------------------------------------------------
+ .\" * Define some portability stuff
+ .\" -----------------------------------------------------------------
+@@ -82,7 +82,7 @@ Don\*(Aqt actually do anything, only val
+ Be verbose\&.
+ .RE
+ .PP
+-\-h|\-\-help
++\-?|\-\-help
+ .RS 4
+ Print a summary of command line options\&.
+ .RE
+Index: samba-3.6.23/docs/manpages/smbd.8
+===================================================================
+--- samba-3.6.23.orig/docs/manpages/smbd.8
++++ samba-3.6.23/docs/manpages/smbd.8
+@@ -1,13 +1,13 @@
+ '\" t
+ .\"     Title: smbd
+ .\"    Author: [see the "AUTHOR" section]
+-.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
+-.\"      Date: 09/18/2013
++.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
++.\"      Date: 04/11/2016
+ .\"    Manual: System Administration tools
+ .\"    Source: Samba 3.6
+ .\"  Language: English
+ .\"
+-.TH "SMBD" "8" "09/18/2013" "Samba 3\&.6" "System Administration tools"
++.TH "SMBD" "8" "04/11/2016" "Samba 3\&.6" "System Administration tools"
+ .\" -----------------------------------------------------------------
+ .\" * Define some portability stuff
+ .\" -----------------------------------------------------------------
+@@ -130,7 +130,7 @@ Base directory name for log/debug files\
+ will be appended (e\&.g\&. log\&.smbclient, log\&.smbd, etc\&.\&.\&.)\&. The log file is never removed by the client\&.
+ .RE
+ .PP
+-\-h|\-\-help
++\-?|\-\-help
+ .RS 4
+ Print a summary of command line options\&.
+ .RE
+@@ -207,8 +207,7 @@ if this variable is not defined) as the
+ .SH "PAM INTERACTION"
+ .PP
+ Samba uses PAM for authentication (when presented with a plaintext password), for account checking (is this account disabled?) and for session management\&. The degree too which samba supports PAM is restricted by the limitations of the SMB protocol and the
+-\m[blue]\fBobey pam restrictions\fR\m[]
+-\fBsmb.conf\fR(5)
++\m[blue]\fBobey pam restrictions\fR\m[]\fBsmb.conf\fR(5)
+ parameter\&. When this is set, the following restrictions apply:
+ .sp
+ .RS 4
+@@ -359,8 +358,7 @@ configuration file within a short period
+ To shut down a user\*(Aqs
+ smbd
+ process it is recommended that
+-SIGKILL (\-9)
+-\fINOT\fR
++SIGKILL (\-9)\fINOT\fR
+ be used, except as a last resort, as this may leave the shared memory area in an inconsistent state\&. The safe way to terminate an
+ smbd
+ is to send it a SIGTERM (\-15) signal and wait for it to die on its own\&.
+Index: samba-3.6.23/docs/manpages/smbget.1
+===================================================================
+--- samba-3.6.23.orig/docs/manpages/smbget.1
++++ samba-3.6.23/docs/manpages/smbget.1
+@@ -1,13 +1,13 @@
+ '\" t
+ .\"     Title: smbget
+ .\"    Author: [see the "AUTHOR" section]
+-.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
+-.\"      Date: 09/18/2013
++.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
++.\"      Date: 04/11/2016
+ .\"    Manual: User Commands
+ .\"    Source: Samba 3.6
+ .\"  Language: English
+ .\"
+-.TH "SMBGET" "1" "09/18/2013" "Samba 3\&.6" "User Commands"
++.TH "SMBGET" "1" "04/11/2016" "Samba 3\&.6" "User Commands"
+ .\" -----------------------------------------------------------------
+ .\" * Define some portability stuff
+ .\" -----------------------------------------------------------------
+Index: samba-3.6.23/docs/manpages/smbgetrc.5
+===================================================================
+--- samba-3.6.23.orig/docs/manpages/smbgetrc.5
++++ samba-3.6.23/docs/manpages/smbgetrc.5
+@@ -1,13 +1,13 @@
+ '\" t
+ .\"     Title: smbgetrc
+ .\"    Author: [see the "AUTHOR" section]
+-.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
+-.\"      Date: 09/18/2013
++.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
++.\"      Date: 04/11/2016
+ .\"    Manual: File Formats and Conventions
+ .\"    Source: Samba 3.6
+ .\"  Language: English
+ .\"
+-.TH "SMBGETRC" "5" "09/18/2013" "Samba 3\&.6" "File Formats and Conventions"
++.TH "SMBGETRC" "5" "04/11/2016" "Samba 3\&.6" "File Formats and Conventions"
+ .\" -----------------------------------------------------------------
+ .\" * Define some portability stuff
+ .\" -----------------------------------------------------------------
+Index: samba-3.6.23/docs/manpages/smbpasswd.5
+===================================================================
+--- samba-3.6.23.orig/docs/manpages/smbpasswd.5
++++ samba-3.6.23/docs/manpages/smbpasswd.5
+@@ -1,13 +1,13 @@
+ '\" t
+ .\"     Title: smbpasswd
+ .\"    Author: [see the "AUTHOR" section]
+-.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
+-.\"      Date: 09/18/2013
++.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
++.\"      Date: 04/11/2016
+ .\"    Manual: File Formats and Conventions
+ .\"    Source: Samba 3.6
+ .\"  Language: English
+ .\"
+-.TH "SMBPASSWD" "5" "09/18/2013" "Samba 3\&.6" "File Formats and Conventions"
++.TH "SMBPASSWD" "5" "04/11/2016" "Samba 3\&.6" "File Formats and Conventions"
+ .\" -----------------------------------------------------------------
+ .\" * Define some portability stuff
+ .\" -----------------------------------------------------------------
+Index: samba-3.6.23/docs/manpages/smbpasswd.8
+===================================================================
+--- samba-3.6.23.orig/docs/manpages/smbpasswd.8
++++ samba-3.6.23/docs/manpages/smbpasswd.8
+@@ -1,13 +1,13 @@
+ '\" t
+ .\"     Title: smbpasswd
+ .\"    Author: [see the "AUTHOR" section]
+-.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
+-.\"      Date: 09/18/2013
++.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
++.\"      Date: 04/11/2016
+ .\"    Manual: System Administration tools
+ .\"    Source: Samba 3.6
+ .\"  Language: English
+ .\"
+-.TH "SMBPASSWD" "8" "09/18/2013" "Samba 3\&.6" "System Administration tools"
++.TH "SMBPASSWD" "8" "04/11/2016" "Samba 3\&.6" "System Administration tools"
+ .\" -----------------------------------------------------------------
+ .\" * Define some portability stuff
+ .\" -----------------------------------------------------------------
+Index: samba-3.6.23/docs/manpages/smbspool.8
+===================================================================
+--- samba-3.6.23.orig/docs/manpages/smbspool.8
++++ samba-3.6.23/docs/manpages/smbspool.8
+@@ -1,13 +1,13 @@
+ '\" t
+ .\"     Title: smbspool
+ .\"    Author: [see the "AUTHOR" section]
+-.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
+-.\"      Date: 09/18/2013
++.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
++.\"      Date: 04/11/2016
+ .\"    Manual: System Administration tools
+ .\"    Source: Samba 3.6
+ .\"  Language: English
+ .\"
+-.TH "SMBSPOOL" "8" "09/18/2013" "Samba 3\&.6" "System Administration tools"
++.TH "SMBSPOOL" "8" "04/11/2016" "Samba 3\&.6" "System Administration tools"
+ .\" -----------------------------------------------------------------
+ .\" * Define some portability stuff
+ .\" -----------------------------------------------------------------
+Index: samba-3.6.23/docs/manpages/smbstatus.1
+===================================================================
+--- samba-3.6.23.orig/docs/manpages/smbstatus.1
++++ samba-3.6.23/docs/manpages/smbstatus.1
+@@ -1,13 +1,13 @@
+ '\" t
+ .\"     Title: smbstatus
+ .\"    Author: [see the "AUTHOR" section]
+-.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
+-.\"      Date: 09/18/2013
++.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
++.\"      Date: 04/11/2016
+ .\"    Manual: User Commands
+ .\"    Source: Samba 3.6
+ .\"  Language: English
+ .\"
+-.TH "SMBSTATUS" "1" "09/18/2013" "Samba 3\&.6" "User Commands"
++.TH "SMBSTATUS" "1" "04/11/2016" "Samba 3\&.6" "User Commands"
+ .\" -----------------------------------------------------------------
+ .\" * Define some portability stuff
+ .\" -----------------------------------------------------------------
+@@ -114,7 +114,7 @@ processes and exit\&. Useful for scripti
+ causes smbstatus to only list shares\&.
+ .RE
+ .PP
+-\-h|\-\-help
++\-?|\-\-help
+ .RS 4
+ Print a summary of command line options\&.
+ .RE
+Index: samba-3.6.23/docs/manpages/smbtar.1
+===================================================================
+--- samba-3.6.23.orig/docs/manpages/smbtar.1
++++ samba-3.6.23/docs/manpages/smbtar.1
+@@ -1,13 +1,13 @@
+ '\" t
+ .\"     Title: smbtar
+ .\"    Author: [see the "AUTHOR" section]
+-.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
+-.\"      Date: 09/18/2013
++.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
++.\"      Date: 04/11/2016
+ .\"    Manual: User Commands
+ .\"    Source: Samba 3.6
+ .\"  Language: English
+ .\"
+-.TH "SMBTAR" "1" "09/18/2013" "Samba 3\&.6" "User Commands"
++.TH "SMBTAR" "1" "04/11/2016" "Samba 3\&.6" "User Commands"
+ .\" -----------------------------------------------------------------
+ .\" * Define some portability stuff
+ .\" -----------------------------------------------------------------
+Index: samba-3.6.23/docs/manpages/smbta-util.8
+===================================================================
+--- samba-3.6.23.orig/docs/manpages/smbta-util.8
++++ samba-3.6.23/docs/manpages/smbta-util.8
+@@ -1,13 +1,13 @@
+ '\" t
+ .\"     Title: smbta-util
+ .\"    Author: [see the "AUTHOR" section]
+-.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
+-.\"      Date: 09/18/2013
++.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
++.\"      Date: 04/11/2016
+ .\"    Manual: System Administration tools
+ .\"    Source: Samba 3.6
+ .\"  Language: English
+ .\"
+-.TH "SMBTA\-UTIL" "8" "09/18/2013" "Samba 3\&.6" "System Administration tools"
++.TH "SMBTA\-UTIL" "8" "04/11/2016" "Samba 3\&.6" "System Administration tools"
+ .\" -----------------------------------------------------------------
+ .\" * Define some portability stuff
+ .\" -----------------------------------------------------------------
+Index: samba-3.6.23/docs/manpages/smbtree.1
+===================================================================
+--- samba-3.6.23.orig/docs/manpages/smbtree.1
++++ samba-3.6.23/docs/manpages/smbtree.1
+@@ -1,13 +1,13 @@
+ '\" t
+ .\"     Title: smbtree
+ .\"    Author: [see the "AUTHOR" section]
+-.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
+-.\"      Date: 09/18/2013
++.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
++.\"      Date: 04/11/2016
+ .\"    Manual: User Commands
+ .\"    Source: Samba 3.6
+ .\"  Language: English
+ .\"
+-.TH "SMBTREE" "1" "09/18/2013" "Samba 3\&.6" "User Commands"
++.TH "SMBTREE" "1" "04/11/2016" "Samba 3\&.6" "User Commands"
+ .\" -----------------------------------------------------------------
+ .\" * Define some portability stuff
+ .\" -----------------------------------------------------------------
+@@ -153,7 +153,7 @@ rpcclient
+ to prompt for a password and type it in directly\&.
+ .RE
+ .PP
+-\-h|\-\-help
++\-?|\-\-help
+ .RS 4
+ Print a summary of command line options\&.
+ .RE
+Index: samba-3.6.23/docs/manpages/swat.8
+===================================================================
+--- samba-3.6.23.orig/docs/manpages/swat.8
++++ samba-3.6.23/docs/manpages/swat.8
+@@ -1,13 +1,13 @@
+ '\" t
+ .\"     Title: swat
+ .\"    Author: [see the "AUTHOR" section]
+-.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
+-.\"      Date: 09/18/2013
++.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
++.\"      Date: 04/11/2016
+ .\"    Manual: System Administration tools
+ .\"    Source: Samba 3.6
+ .\"  Language: English
+ .\"
+-.TH "SWAT" "8" "09/18/2013" "Samba 3\&.6" "System Administration tools"
++.TH "SWAT" "8" "04/11/2016" "Samba 3\&.6" "System Administration tools"
+ .\" -----------------------------------------------------------------
+ .\" * Define some portability stuff
+ .\" -----------------------------------------------------------------
+@@ -116,7 +116,7 @@ Base directory name for log/debug files\
+ will be appended (e\&.g\&. log\&.smbclient, log\&.smbd, etc\&.\&.\&.)\&. The log file is never removed by the client\&.
+ .RE
+ .PP
+-\-h|\-\-help
++\-?|\-\-help
+ .RS 4
+ Print a summary of command line options\&.
+ .RE
+Index: samba-3.6.23/docs/manpages/tdbbackup.8
+===================================================================
+--- samba-3.6.23.orig/docs/manpages/tdbbackup.8
++++ samba-3.6.23/docs/manpages/tdbbackup.8
+@@ -1,13 +1,13 @@
+ '\" t
+ .\"     Title: tdbbackup
+ .\"    Author: [see the "AUTHOR" section]
+-.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
+-.\"      Date: 09/18/2013
++.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
++.\"      Date: 04/11/2016
+ .\"    Manual: System Administration tools
+ .\"    Source: Samba 3.6
+ .\"  Language: English
+ .\"
+-.TH "TDBBACKUP" "8" "09/18/2013" "Samba 3\&.6" "System Administration tools"
++.TH "TDBBACKUP" "8" "04/11/2016" "Samba 3\&.6" "System Administration tools"
+ .\" -----------------------------------------------------------------
+ .\" * Define some portability stuff
+ .\" -----------------------------------------------------------------
+@@ -84,7 +84,6 @@ Samba \&.tdb files are stored in various
+ .sp -1
+ .IP \(bu 2.3
+ .\}
+-
+ secrets\&.tdb
+ \- usual location is in the /usr/local/samba/private directory, or on some systems in /etc/samba\&.
+ .RE
+@@ -97,7 +96,6 @@ secrets\&.tdb
+ .sp -1
+ .IP \(bu 2.3
+ .\}
+-
+ passdb\&.tdb
+ \- usual location is in the /usr/local/samba/private directory, or on some systems in /etc/samba\&.
+ .RE
+@@ -110,7 +108,6 @@ passdb\&.tdb
+ .sp -1
+ .IP \(bu 2.3
+ .\}
+-
+ *\&.tdb
+ located in the /usr/local/samba/var directory or on some systems in the /var/cache or /var/lib/samba directories\&.
+ .RE
+Index: samba-3.6.23/docs/manpages/tdbdump.8
+===================================================================
+--- samba-3.6.23.orig/docs/manpages/tdbdump.8
++++ samba-3.6.23/docs/manpages/tdbdump.8
+@@ -1,13 +1,13 @@
+ '\" t
+ .\"     Title: tdbdump
+ .\"    Author: [see the "AUTHOR" section]
+-.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
+-.\"      Date: 09/18/2013
++.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
++.\"      Date: 04/11/2016
+ .\"    Manual: System Administration tools
+ .\"    Source: Samba 3.6
+ .\"  Language: English
+ .\"
+-.TH "TDBDUMP" "8" "09/18/2013" "Samba 3\&.6" "System Administration tools"
++.TH "TDBDUMP" "8" "04/11/2016" "Samba 3\&.6" "System Administration tools"
+ .\" -----------------------------------------------------------------
+ .\" * Define some portability stuff
+ .\" -----------------------------------------------------------------
+Index: samba-3.6.23/docs/manpages/tdbtool.8
+===================================================================
+--- samba-3.6.23.orig/docs/manpages/tdbtool.8
++++ samba-3.6.23/docs/manpages/tdbtool.8
+@@ -1,13 +1,13 @@
+ '\" t
+ .\"     Title: tdbtool
+ .\"    Author: [see the "AUTHOR" section]
+-.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
+-.\"      Date: 09/18/2013
++.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
++.\"      Date: 04/11/2016
+ .\"    Manual: System Administration tools
+ .\"    Source: Samba 3.6
+ .\"  Language: English
+ .\"
+-.TH "TDBTOOL" "8" "09/18/2013" "Samba 3\&.6" "System Administration tools"
++.TH "TDBTOOL" "8" "04/11/2016" "Samba 3\&.6" "System Administration tools"
+ .\" -----------------------------------------------------------------
+ .\" * Define some portability stuff
+ .\" -----------------------------------------------------------------
+Index: samba-3.6.23/docs/manpages/testparm.1
+===================================================================
+--- samba-3.6.23.orig/docs/manpages/testparm.1
++++ samba-3.6.23/docs/manpages/testparm.1
+@@ -1,13 +1,13 @@
+ '\" t
+ .\"     Title: testparm
+ .\"    Author: [see the "AUTHOR" section]
+-.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
+-.\"      Date: 09/18/2013
++.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
++.\"      Date: 04/11/2016
+ .\"    Manual: User Commands
+ .\"    Source: Samba 3.6
+ .\"  Language: English
+ .\"
+-.TH "TESTPARM" "1" "09/18/2013" "Samba 3\&.6" "User Commands"
++.TH "TESTPARM" "1" "04/11/2016" "Samba 3\&.6" "User Commands"
+ .\" -----------------------------------------------------------------
+ .\" * Define some portability stuff
+ .\" -----------------------------------------------------------------
+@@ -66,7 +66,7 @@ testparm
+ will prompt for a carriage return after printing the service names and before dumping the service definitions\&.
+ .RE
+ .PP
+-\-h|\-\-help
++\-?|\-\-help
+ .RS 4
+ Print a summary of command line options\&.
+ .RE
+Index: samba-3.6.23/docs/manpages/vfs_acl_tdb.8
+===================================================================
+--- samba-3.6.23.orig/docs/manpages/vfs_acl_tdb.8
++++ samba-3.6.23/docs/manpages/vfs_acl_tdb.8
+@@ -1,13 +1,13 @@
+ '\" t
+ .\"     Title: vfs_acl_tdb
+ .\"    Author: [see the "AUTHOR" section]
+-.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
+-.\"      Date: 09/18/2013
++.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
++.\"      Date: 04/11/2016
+ .\"    Manual: System Administration tools
+ .\"    Source: Samba 3.6
+ .\"  Language: English
+ .\"
+-.TH "VFS_ACL_TDB" "8" "09/18/2013" "Samba 3\&.6" "System Administration tools"
++.TH "VFS_ACL_TDB" "8" "04/11/2016" "Samba 3\&.6" "System Administration tools"
+ .\" -----------------------------------------------------------------
+ .\" * Define some portability stuff
+ .\" -----------------------------------------------------------------
+Index: samba-3.6.23/docs/manpages/vfs_acl_xattr.8
+===================================================================
+--- samba-3.6.23.orig/docs/manpages/vfs_acl_xattr.8
++++ samba-3.6.23/docs/manpages/vfs_acl_xattr.8
+@@ -1,13 +1,13 @@
+ '\" t
+ .\"     Title: vfs_acl_xattr
+ .\"    Author: [see the "AUTHOR" section]
+-.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
+-.\"      Date: 09/18/2013
++.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
++.\"      Date: 04/11/2016
+ .\"    Manual: System Administration tools
+ .\"    Source: Samba 3.6
+ .\"  Language: English
+ .\"
+-.TH "VFS_ACL_XATTR" "8" "09/18/2013" "Samba 3\&.6" "System Administration tools"
++.TH "VFS_ACL_XATTR" "8" "04/11/2016" "Samba 3\&.6" "System Administration tools"
+ .\" -----------------------------------------------------------------
+ .\" * Define some portability stuff
+ .\" -----------------------------------------------------------------
+Index: samba-3.6.23/docs/manpages/vfs_aio_fork.8
+===================================================================
+--- samba-3.6.23.orig/docs/manpages/vfs_aio_fork.8
++++ samba-3.6.23/docs/manpages/vfs_aio_fork.8
+@@ -1,13 +1,13 @@
+ '\" t
+ .\"     Title: vfs_aio_fork
+ .\"    Author: [see the "AUTHOR" section]
+-.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
+-.\"      Date: 09/18/2013
++.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
++.\"      Date: 04/11/2016
+ .\"    Manual: System Administration tools
+ .\"    Source: Samba 3.6
+ .\"  Language: English
+ .\"
+-.TH "VFS_AIO_FORK" "8" "09/18/2013" "Samba 3\&.6" "System Administration tools"
++.TH "VFS_AIO_FORK" "8" "04/11/2016" "Samba 3\&.6" "System Administration tools"
+ .\" -----------------------------------------------------------------
+ .\" * Define some portability stuff
+ .\" -----------------------------------------------------------------
+Index: samba-3.6.23/docs/manpages/vfs_aio_pthread.8
+===================================================================
+--- samba-3.6.23.orig/docs/manpages/vfs_aio_pthread.8
++++ samba-3.6.23/docs/manpages/vfs_aio_pthread.8
+@@ -1,13 +1,13 @@
+ '\" t
+ .\"     Title: vfs_aio_pthread
+ .\"    Author: [see the "AUTHOR" section]
+-.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
+-.\"      Date: 09/18/2013
++.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
++.\"      Date: 04/11/2016
+ .\"    Manual: System Administration tools
+ .\"    Source: Samba 3.6
+ .\"  Language: English
+ .\"
+-.TH "VFS_AIO_PTHREAD" "8" "09/18/2013" "Samba 3\&.6" "System Administration tools"
++.TH "VFS_AIO_PTHREAD" "8" "04/11/2016" "Samba 3\&.6" "System Administration tools"
+ .\" -----------------------------------------------------------------
+ .\" * Define some portability stuff
+ .\" -----------------------------------------------------------------
+Index: samba-3.6.23/docs/manpages/vfs_audit.8
+===================================================================
+--- samba-3.6.23.orig/docs/manpages/vfs_audit.8
++++ samba-3.6.23/docs/manpages/vfs_audit.8
+@@ -1,13 +1,13 @@
+ '\" t
+ .\"     Title: vfs_audit
+ .\"    Author: [see the "AUTHOR" section]
+-.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
+-.\"      Date: 09/18/2013
++.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
++.\"      Date: 04/11/2016
+ .\"    Manual: System Administration tools
+ .\"    Source: Samba 3.6
+ .\"  Language: English
+ .\"
+-.TH "VFS_AUDIT" "8" "09/18/2013" "Samba 3\&.6" "System Administration tools"
++.TH "VFS_AUDIT" "8" "04/11/2016" "Samba 3\&.6" "System Administration tools"
+ .\" -----------------------------------------------------------------
+ .\" * Define some portability stuff
+ .\" -----------------------------------------------------------------
+Index: samba-3.6.23/docs/manpages/vfs_cacheprime.8
+===================================================================
+--- samba-3.6.23.orig/docs/manpages/vfs_cacheprime.8
++++ samba-3.6.23/docs/manpages/vfs_cacheprime.8
+@@ -1,13 +1,13 @@
+ '\" t
+ .\"     Title: vfs_cacheprime
+ .\"    Author: [see the "AUTHOR" section]
+-.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
+-.\"      Date: 09/18/2013
++.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
++.\"      Date: 04/11/2016
+ .\"    Manual: System Administration tools
+ .\"    Source: Samba 3.6
+ .\"  Language: English
+ .\"
+-.TH "VFS_CACHEPRIME" "8" "09/18/2013" "Samba 3\&.6" "System Administration tools"
++.TH "VFS_CACHEPRIME" "8" "04/11/2016" "Samba 3\&.6" "System Administration tools"
+ .\" -----------------------------------------------------------------
+ .\" * Define some portability stuff
+ .\" -----------------------------------------------------------------
+Index: samba-3.6.23/docs/manpages/vfs_cap.8
+===================================================================
+--- samba-3.6.23.orig/docs/manpages/vfs_cap.8
++++ samba-3.6.23/docs/manpages/vfs_cap.8
+@@ -1,13 +1,13 @@
+ '\" t
+ .\"     Title: vfs_cap
+ .\"    Author: [see the "AUTHOR" section]
+-.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
+-.\"      Date: 09/18/2013
++.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
++.\"      Date: 04/11/2016
+ .\"    Manual: System Administration tools
+ .\"    Source: Samba 3.6
+ .\"  Language: English
+ .\"
+-.TH "VFS_CAP" "8" "09/18/2013" "Samba 3\&.6" "System Administration tools"
++.TH "VFS_CAP" "8" "04/11/2016" "Samba 3\&.6" "System Administration tools"
+ .\" -----------------------------------------------------------------
+ .\" * Define some portability stuff
+ .\" -----------------------------------------------------------------
+Index: samba-3.6.23/docs/manpages/vfs_catia.8
+===================================================================
+--- samba-3.6.23.orig/docs/manpages/vfs_catia.8
++++ samba-3.6.23/docs/manpages/vfs_catia.8
+@@ -1,13 +1,13 @@
+ '\" t
+ .\"     Title: vfs_catia
+ .\"    Author: [see the "AUTHOR" section]
+-.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
+-.\"      Date: 09/18/2013
++.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
++.\"      Date: 04/11/2016
+ .\"    Manual: System Administration tools
+ .\"    Source: Samba 3.6
+ .\"  Language: English
+ .\"
+-.TH "VFS_CATIA" "8" "09/18/2013" "Samba 3\&.6" "System Administration tools"
++.TH "VFS_CATIA" "8" "04/11/2016" "Samba 3\&.6" "System Administration tools"
+ .\" -----------------------------------------------------------------
+ .\" * Define some portability stuff
+ .\" -----------------------------------------------------------------
+Index: samba-3.6.23/docs/manpages/vfs_commit.8
+===================================================================
+--- samba-3.6.23.orig/docs/manpages/vfs_commit.8
++++ samba-3.6.23/docs/manpages/vfs_commit.8
+@@ -1,13 +1,13 @@
+ '\" t
+ .\"     Title: vfs_commit
+ .\"    Author: [see the "AUTHOR" section]
+-.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
+-.\"      Date: 09/18/2013
++.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
++.\"      Date: 04/11/2016
+ .\"    Manual: System Administration tools
+ .\"    Source: Samba 3.6
+ .\"  Language: English
+ .\"
+-.TH "VFS_COMMIT" "8" "09/18/2013" "Samba 3\&.6" "System Administration tools"
++.TH "VFS_COMMIT" "8" "04/11/2016" "Samba 3\&.6" "System Administration tools"
+ .\" -----------------------------------------------------------------
+ .\" * Define some portability stuff
+ .\" -----------------------------------------------------------------
+Index: samba-3.6.23/docs/manpages/vfs_crossrename.8
+===================================================================
+--- samba-3.6.23.orig/docs/manpages/vfs_crossrename.8
++++ samba-3.6.23/docs/manpages/vfs_crossrename.8
+@@ -1,13 +1,13 @@
+ '\" t
+ .\"     Title: vfs_crossrename
+ .\"    Author: [see the "AUTHOR" section]
+-.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
+-.\"      Date: 09/18/2013
++.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
++.\"      Date: 04/11/2016
+ .\"    Manual: System Administration tools
+ .\"    Source: Samba 3.6
+ .\"  Language: English
+ .\"
+-.TH "VFS_CROSSRENAME" "8" "09/18/2013" "Samba 3\&.6" "System Administration tools"
++.TH "VFS_CROSSRENAME" "8" "04/11/2016" "Samba 3\&.6" "System Administration tools"
+ .\" -----------------------------------------------------------------
+ .\" * Define some portability stuff
+ .\" -----------------------------------------------------------------
+Index: samba-3.6.23/docs/manpages/vfs_default_quota.8
+===================================================================
+--- samba-3.6.23.orig/docs/manpages/vfs_default_quota.8
++++ samba-3.6.23/docs/manpages/vfs_default_quota.8
+@@ -1,13 +1,13 @@
+ '\" t
+ .\"     Title: vfs_default_quota
+ .\"    Author: [see the "AUTHOR" section]
+-.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
+-.\"      Date: 09/18/2013
++.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
++.\"      Date: 04/11/2016
+ .\"    Manual: System Administration tools
+ .\"    Source: Samba 3.6
+ .\"  Language: English
+ .\"
+-.TH "VFS_DEFAULT_QUOTA" "8" "09/18/2013" "Samba 3\&.6" "System Administration tools"
++.TH "VFS_DEFAULT_QUOTA" "8" "04/11/2016" "Samba 3\&.6" "System Administration tools"
+ .\" -----------------------------------------------------------------
+ .\" * Define some portability stuff
+ .\" -----------------------------------------------------------------
+Index: samba-3.6.23/docs/manpages/vfs_dirsort.8
+===================================================================
+--- samba-3.6.23.orig/docs/manpages/vfs_dirsort.8
++++ samba-3.6.23/docs/manpages/vfs_dirsort.8
+@@ -1,13 +1,13 @@
+ '\" t
+ .\"     Title: vfs_dirsort
+ .\"    Author: [see the "AUTHOR" section]
+-.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
+-.\"      Date: 09/18/2013
++.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
++.\"      Date: 04/11/2016
+ .\"    Manual: System Administration tools
+ .\"    Source: Samba 3.6
+ .\"  Language: English
+ .\"
+-.TH "VFS_DIRSORT" "8" "09/18/2013" "Samba 3\&.6" "System Administration tools"
++.TH "VFS_DIRSORT" "8" "04/11/2016" "Samba 3\&.6" "System Administration tools"
+ .\" -----------------------------------------------------------------
+ .\" * Define some portability stuff
+ .\" -----------------------------------------------------------------
+Index: samba-3.6.23/docs/manpages/vfs_extd_audit.8
+===================================================================
+--- samba-3.6.23.orig/docs/manpages/vfs_extd_audit.8
++++ samba-3.6.23/docs/manpages/vfs_extd_audit.8
+@@ -1,13 +1,13 @@
+ '\" t
+ .\"     Title: vfs_extd_audit
+ .\"    Author: [see the "AUTHOR" section]
+-.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
+-.\"      Date: 09/18/2013
++.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
++.\"      Date: 04/11/2016
+ .\"    Manual: System Administration tools
+ .\"    Source: Samba 3.6
+ .\"  Language: English
+ .\"
+-.TH "VFS_EXTD_AUDIT" "8" "09/18/2013" "Samba 3\&.6" "System Administration tools"
++.TH "VFS_EXTD_AUDIT" "8" "04/11/2016" "Samba 3\&.6" "System Administration tools"
+ .\" -----------------------------------------------------------------
+ .\" * Define some portability stuff
+ .\" -----------------------------------------------------------------
+Index: samba-3.6.23/docs/manpages/vfs_fake_perms.8
+===================================================================
+--- samba-3.6.23.orig/docs/manpages/vfs_fake_perms.8
++++ samba-3.6.23/docs/manpages/vfs_fake_perms.8
+@@ -1,13 +1,13 @@
+ '\" t
+ .\"     Title: vfs_fake_perms
+ .\"    Author: [see the "AUTHOR" section]
+-.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
+-.\"      Date: 09/18/2013
++.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
++.\"      Date: 04/11/2016
+ .\"    Manual: System Administration tools
+ .\"    Source: Samba 3.6
+ .\"  Language: English
+ .\"
+-.TH "VFS_FAKE_PERMS" "8" "09/18/2013" "Samba 3\&.6" "System Administration tools"
++.TH "VFS_FAKE_PERMS" "8" "04/11/2016" "Samba 3\&.6" "System Administration tools"
+ .\" -----------------------------------------------------------------
+ .\" * Define some portability stuff
+ .\" -----------------------------------------------------------------
+Index: samba-3.6.23/docs/manpages/vfs_fileid.8
+===================================================================
+--- samba-3.6.23.orig/docs/manpages/vfs_fileid.8
++++ samba-3.6.23/docs/manpages/vfs_fileid.8
+@@ -1,13 +1,13 @@
+ '\" t
+ .\"     Title: vfs_fileid
+ .\"    Author: [see the "AUTHOR" section]
+-.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
+-.\"      Date: 09/18/2013
++.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
++.\"      Date: 04/11/2016
+ .\"    Manual: System Administration tools
+ .\"    Source: Samba 3.6
+ .\"  Language: English
+ .\"
+-.TH "VFS_FILEID" "8" "09/18/2013" "Samba 3\&.6" "System Administration tools"
++.TH "VFS_FILEID" "8" "04/11/2016" "Samba 3\&.6" "System Administration tools"
+ .\" -----------------------------------------------------------------
+ .\" * Define some portability stuff
+ .\" -----------------------------------------------------------------
+Index: samba-3.6.23/docs/manpages/vfs_full_audit.8
+===================================================================
+--- samba-3.6.23.orig/docs/manpages/vfs_full_audit.8
++++ samba-3.6.23/docs/manpages/vfs_full_audit.8
+@@ -1,13 +1,13 @@
+ '\" t
+ .\"     Title: vfs_full_audit
+ .\"    Author: [see the "AUTHOR" section]
+-.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
+-.\"      Date: 09/18/2013
++.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
++.\"      Date: 04/11/2016
+ .\"    Manual: System Administration tools
+ .\"    Source: Samba 3.6
+ .\"  Language: English
+ .\"
+-.TH "VFS_FULL_AUDIT" "8" "09/18/2013" "Samba 3\&.6" "System Administration tools"
++.TH "VFS_FULL_AUDIT" "8" "04/11/2016" "Samba 3\&.6" "System Administration tools"
+ .\" -----------------------------------------------------------------
+ .\" * Define some portability stuff
+ .\" -----------------------------------------------------------------
+Index: samba-3.6.23/docs/manpages/vfs_gpfs.8
+===================================================================
+--- samba-3.6.23.orig/docs/manpages/vfs_gpfs.8
++++ samba-3.6.23/docs/manpages/vfs_gpfs.8
+@@ -1,13 +1,13 @@
+ '\" t
+ .\"     Title: vfs_gpfs
+ .\"    Author: [see the "AUTHOR" section]
+-.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
+-.\"      Date: 09/18/2013
++.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
++.\"      Date: 04/11/2016
+ .\"    Manual: System Administration tools
+ .\"    Source: Samba 3.6
+ .\"  Language: English
+ .\"
+-.TH "VFS_GPFS" "8" "09/18/2013" "Samba 3\&.6" "System Administration tools"
++.TH "VFS_GPFS" "8" "04/11/2016" "Samba 3\&.6" "System Administration tools"
+ .\" -----------------------------------------------------------------
+ .\" * Define some portability stuff
+ .\" -----------------------------------------------------------------
+@@ -96,7 +96,6 @@ Enable/Disable cross node sharemode hand
+ .sp -1
+ .IP \(bu 2.3
+ .\}
+-
+ yes(default)
+ \- propagate sharemodes across all GPFS nodes\&.
+ .RE
+@@ -109,7 +108,6 @@ yes(default)
+ .sp -1
+ .IP \(bu 2.3
+ .\}
+-
+ no
+ \- do not propagate sharemodes across all GPFS nodes\&. This should only be used if the GPFS file system is exclusively exported by Samba\&. Access by local unix application or NFS exports could lead to corrupted files\&.
+ .RE
+@@ -133,7 +131,6 @@ options to the same value\&.
+ .sp -1
+ .IP \(bu 2.3
+ .\}
+-
+ yes(default)
+ \- propagate leases across all GPFS nodes\&.
+ .RE
+@@ -146,7 +143,6 @@ yes(default)
+ .sp -1
+ .IP \(bu 2.3
+ .\}
+-
+ no
+ \- do not propagate leases across all GPFS nodes\&. This should only be used if the GPFS file system is exclusively exported by Samba\&. Access by local unix application or NFS exports could lead to corrupted files\&.
+ .RE
+@@ -166,7 +162,6 @@ Enable/Disable announcing if this FS has
+ .sp -1
+ .IP \(bu 2.3
+ .\}
+-
+ no(default)
+ \- Do not announce HSM\&.
+ .RE
+@@ -179,7 +174,6 @@ no(default)
+ .sp -1
+ .IP \(bu 2.3
+ .\}
+-
+ no
+ \- Announce HSM\&.
+ .RE
+@@ -201,7 +195,6 @@ function\&. This improves the casesensit
+ .sp -1
+ .IP \(bu 2.3
+ .\}
+-
+ yes(default)
+ \- use
+ gpfs_get_realfilename_path()\&.
+@@ -215,7 +208,6 @@ gpfs_get_realfilename_path()\&.
+ .sp -1
+ .IP \(bu 2.3
+ .\}
+-
+ no
+ \- do not use
+ gpfs_get_realfilename_path()\&. It seems that
+@@ -238,7 +230,6 @@ Enable/Disable usage of the windows attr
+ .sp -1
+ .IP \(bu 2.3
+ .\}
+-
+ no(default)
+ \- do not use GPFS windows attributes\&.
+ .RE
+@@ -251,7 +242,6 @@ no(default)
+ .sp -1
+ .IP \(bu 2.3
+ .\}
+-
+ yes
+ \- use GPFS windows attributes\&.
+ .RE
+@@ -271,7 +261,6 @@ GPFS ACLs doesn\*(Aqt know about the \*(
+ .sp -1
+ .IP \(bu 2.3
+ .\}
+-
+ yes(default)
+ \- map \*(AqAPPEND\*(Aq to \*(AqWRITE\*(Aq\&.
+ .RE
+@@ -284,7 +273,6 @@ yes(default)
+ .sp -1
+ .IP \(bu 2.3
+ .\}
+-
+ no
+ \- do not map \*(AqAPPEND\*(Aq to \*(AqWRITE\*(Aq\&.
+ .RE
+@@ -308,7 +296,6 @@ to enable an explicit check for this fla
+ .sp -1
+ .IP \(bu 2.3
+ .\}
+-
+ no(default)
+ \- ignore the DESC_DACL_PROTECTED flags\&.
+ .RE
+@@ -321,7 +308,6 @@ no(default)
+ .sp -1
+ .IP \(bu 2.3
+ .\}
+-
+ yes
+ \- reject ACLs with DESC_DACL_PROTECTED\&.
+ .RE
+Index: samba-3.6.23/docs/manpages/vfs_netatalk.8
+===================================================================
+--- samba-3.6.23.orig/docs/manpages/vfs_netatalk.8
++++ samba-3.6.23/docs/manpages/vfs_netatalk.8
+@@ -1,13 +1,13 @@
+ '\" t
+ .\"     Title: vfs_netatalk
+ .\"    Author: [see the "AUTHOR" section]
+-.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
+-.\"      Date: 09/18/2013
++.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
++.\"      Date: 04/11/2016
+ .\"    Manual: System Administration tools
+ .\"    Source: Samba 3.6
+ .\"  Language: English
+ .\"
+-.TH "VFS_NETATALK" "8" "09/18/2013" "Samba 3\&.6" "System Administration tools"
++.TH "VFS_NETATALK" "8" "04/11/2016" "Samba 3\&.6" "System Administration tools"
+ .\" -----------------------------------------------------------------
+ .\" * Define some portability stuff
+ .\" -----------------------------------------------------------------
+Index: samba-3.6.23/docs/manpages/vfs_notify_fam.8
+===================================================================
+--- samba-3.6.23.orig/docs/manpages/vfs_notify_fam.8
++++ samba-3.6.23/docs/manpages/vfs_notify_fam.8
+@@ -1,13 +1,13 @@
+ '\" t
+ .\"     Title: vfs_notify_fam
+ .\"    Author: [see the "AUTHOR" section]
+-.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
+-.\"      Date: 09/18/2013
++.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
++.\"      Date: 04/11/2016
+ .\"    Manual: System Administration tools
+ .\"    Source: Samba 3.6
+ .\"  Language: English
+ .\"
+-.TH "VFS_NOTIFY_FAM" "8" "09/18/2013" "Samba 3\&.6" "System Administration tools"
++.TH "VFS_NOTIFY_FAM" "8" "04/11/2016" "Samba 3\&.6" "System Administration tools"
+ .\" -----------------------------------------------------------------
+ .\" * Define some portability stuff
+ .\" -----------------------------------------------------------------
+Index: samba-3.6.23/docs/manpages/vfs_prealloc.8
+===================================================================
+--- samba-3.6.23.orig/docs/manpages/vfs_prealloc.8
++++ samba-3.6.23/docs/manpages/vfs_prealloc.8
+@@ -1,13 +1,13 @@
+ '\" t
+ .\"     Title: vfs_prealloc
+ .\"    Author: [see the "AUTHOR" section]
+-.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
+-.\"      Date: 09/18/2013
++.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
++.\"      Date: 04/11/2016
+ .\"    Manual: System Administration tools
+ .\"    Source: Samba 3.6
+ .\"  Language: English
+ .\"
+-.TH "VFS_PREALLOC" "8" "09/18/2013" "Samba 3\&.6" "System Administration tools"
++.TH "VFS_PREALLOC" "8" "04/11/2016" "Samba 3\&.6" "System Administration tools"
+ .\" -----------------------------------------------------------------
+ .\" * Define some portability stuff
+ .\" -----------------------------------------------------------------
+Index: samba-3.6.23/docs/manpages/vfs_preopen.8
+===================================================================
+--- samba-3.6.23.orig/docs/manpages/vfs_preopen.8
++++ samba-3.6.23/docs/manpages/vfs_preopen.8
+@@ -1,13 +1,13 @@
+ '\" t
+ .\"     Title: vfs_preopen
+ .\"    Author: [see the "AUTHOR" section]
+-.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
+-.\"      Date: 09/18/2013
++.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
++.\"      Date: 04/11/2016
+ .\"    Manual: System Administration tools
+ .\"    Source: Samba 3.6
+ .\"  Language: English
+ .\"
+-.TH "VFS_PREOPEN" "8" "09/18/2013" "Samba 3\&.6" "System Administration tools"
++.TH "VFS_PREOPEN" "8" "04/11/2016" "Samba 3\&.6" "System Administration tools"
+ .\" -----------------------------------------------------------------
+ .\" * Define some portability stuff
+ .\" -----------------------------------------------------------------
+Index: samba-3.6.23/docs/manpages/vfs_readahead.8
+===================================================================
+--- samba-3.6.23.orig/docs/manpages/vfs_readahead.8
++++ samba-3.6.23/docs/manpages/vfs_readahead.8
+@@ -1,13 +1,13 @@
+ '\" t
+ .\"     Title: vfs_readahead
+ .\"    Author: [see the "AUTHOR" section]
+-.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
+-.\"      Date: 09/18/2013
++.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
++.\"      Date: 04/11/2016
+ .\"    Manual: System Administration tools
+ .\"    Source: Samba 3.6
+ .\"  Language: English
+ .\"
+-.TH "VFS_READAHEAD" "8" "09/18/2013" "Samba 3\&.6" "System Administration tools"
++.TH "VFS_READAHEAD" "8" "04/11/2016" "Samba 3\&.6" "System Administration tools"
+ .\" -----------------------------------------------------------------
+ .\" * Define some portability stuff
+ .\" -----------------------------------------------------------------
+Index: samba-3.6.23/docs/manpages/vfs_readonly.8
+===================================================================
+--- samba-3.6.23.orig/docs/manpages/vfs_readonly.8
++++ samba-3.6.23/docs/manpages/vfs_readonly.8
+@@ -1,13 +1,13 @@
+ '\" t
+ .\"     Title: vfs_readonly
+ .\"    Author: [see the "AUTHOR" section]
+-.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
+-.\"      Date: 09/18/2013
++.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
++.\"      Date: 04/11/2016
+ .\"    Manual: System Administration tools
+ .\"    Source: Samba 3.6
+ .\"  Language: English
+ .\"
+-.TH "VFS_READONLY" "8" "09/18/2013" "Samba 3\&.6" "System Administration tools"
++.TH "VFS_READONLY" "8" "04/11/2016" "Samba 3\&.6" "System Administration tools"
+ .\" -----------------------------------------------------------------
+ .\" * Define some portability stuff
+ .\" -----------------------------------------------------------------
+Index: samba-3.6.23/docs/manpages/vfs_recycle.8
+===================================================================
+--- samba-3.6.23.orig/docs/manpages/vfs_recycle.8
++++ samba-3.6.23/docs/manpages/vfs_recycle.8
+@@ -1,13 +1,13 @@
+ '\" t
+ .\"     Title: vfs_recycle
+ .\"    Author: [see the "AUTHOR" section]
+-.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
+-.\"      Date: 09/18/2013
++.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
++.\"      Date: 04/11/2016
+ .\"    Manual: System Administration tools
+ .\"    Source: Samba 3.6
+ .\"  Language: English
+ .\"
+-.TH "VFS_RECYCLE" "8" "09/18/2013" "Samba 3\&.6" "System Administration tools"
++.TH "VFS_RECYCLE" "8" "04/11/2016" "Samba 3\&.6" "System Administration tools"
+ .\" -----------------------------------------------------------------
+ .\" * Define some portability stuff
+ .\" -----------------------------------------------------------------
+Index: samba-3.6.23/docs/manpages/vfs_scannedonly.8
+===================================================================
+--- samba-3.6.23.orig/docs/manpages/vfs_scannedonly.8
++++ samba-3.6.23/docs/manpages/vfs_scannedonly.8
+@@ -1,13 +1,13 @@
+ '\" t
+ .\"     Title: vfs_scannedonly
+ .\"    Author: [see the "AUTHOR" section]
+-.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
+-.\"      Date: 09/18/2013
++.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
++.\"      Date: 04/11/2016
+ .\"    Manual: System Administration tools
+ .\"    Source: Samba 3.6
+ .\"  Language: English
+ .\"
+-.TH "VFS_SCANNEDONLY" "8" "09/18/2013" "Samba 3\&.6" "System Administration tools"
++.TH "VFS_SCANNEDONLY" "8" "04/11/2016" "Samba 3\&.6" "System Administration tools"
+ .\" -----------------------------------------------------------------
+ .\" * Define some portability stuff
+ .\" -----------------------------------------------------------------
+Index: samba-3.6.23/docs/manpages/vfs_shadow_copy2.8
+===================================================================
+--- samba-3.6.23.orig/docs/manpages/vfs_shadow_copy2.8
++++ samba-3.6.23/docs/manpages/vfs_shadow_copy2.8
+@@ -1,13 +1,13 @@
+ '\" t
+ .\"     Title: vfs_shadow_copy2
+ .\"    Author: [see the "AUTHOR" section]
+-.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
+-.\"      Date: 09/18/2013
++.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
++.\"      Date: 04/11/2016
+ .\"    Manual: System Administration tools
+ .\"    Source: Samba 3.6
+ .\"  Language: English
+ .\"
+-.TH "VFS_SHADOW_COPY2" "8" "09/18/2013" "Samba 3\&.6" "System Administration tools"
++.TH "VFS_SHADOW_COPY2" "8" "04/11/2016" "Samba 3\&.6" "System Administration tools"
+ .\" -----------------------------------------------------------------
+ .\" * Define some portability stuff
+ .\" -----------------------------------------------------------------
+Index: samba-3.6.23/docs/manpages/vfs_shadow_copy.8
+===================================================================
+--- samba-3.6.23.orig/docs/manpages/vfs_shadow_copy.8
++++ samba-3.6.23/docs/manpages/vfs_shadow_copy.8
+@@ -1,13 +1,13 @@
+ '\" t
+ .\"     Title: vfs_shadow_copy
+ .\"    Author: [see the "AUTHOR" section]
+-.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
+-.\"      Date: 09/18/2013
++.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
++.\"      Date: 04/11/2016
+ .\"    Manual: System Administration tools
+ .\"    Source: Samba 3.6
+ .\"  Language: English
+ .\"
+-.TH "VFS_SHADOW_COPY" "8" "09/18/2013" "Samba 3\&.6" "System Administration tools"
++.TH "VFS_SHADOW_COPY" "8" "04/11/2016" "Samba 3\&.6" "System Administration tools"
+ .\" -----------------------------------------------------------------
+ .\" * Define some portability stuff
+ .\" -----------------------------------------------------------------
+Index: samba-3.6.23/docs/manpages/vfs_smb_traffic_analyzer.8
+===================================================================
+--- samba-3.6.23.orig/docs/manpages/vfs_smb_traffic_analyzer.8
++++ samba-3.6.23/docs/manpages/vfs_smb_traffic_analyzer.8
+@@ -1,13 +1,13 @@
+ '\" t
+ .\"     Title: smb_traffic_analyzer
+ .\"    Author: [see the "AUTHOR" section]
+-.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
+-.\"      Date: 09/18/2013
++.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
++.\"      Date: 04/11/2016
+ .\"    Manual: System Administration tools
+ .\"    Source: Samba 3.6
+ .\"  Language: English
+ .\"
+-.TH "SMB_TRAFFIC_ANALYZER" "8" "09/18/2013" "Samba 3\&.6" "System Administration tools"
++.TH "SMB_TRAFFIC_ANALYZER" "8" "04/11/2016" "Samba 3\&.6" "System Administration tools"
+ .\" -----------------------------------------------------------------
+ .\" * Define some portability stuff
+ .\" -----------------------------------------------------------------
+@@ -185,7 +185,6 @@ Several drawbacks have been seen with pr
+ .sp -1
+ .IP \(bu 2.3
+ .\}
+-
+ Problematic parsing \-
+ Protocol version 1 uses hyphen and comma to seperate blocks of data\&. Once there is a filename with a hyphen, you will run into problems because the receiver decodes the data in a wrong way\&.
+ .RE
+@@ -198,7 +197,6 @@ Protocol version 1 uses hyphen and comma
+ .sp -1
+ .IP \(bu 2.3
+ .\}
+-
+ Insecure network transfer \-
+ Protocol version 1 sends all it\*(Aqs data as plaintext over the network\&.
+ .RE
+@@ -211,7 +209,6 @@ Protocol version 1 sends all it\*(Aqs da
+ .sp -1
+ .IP \(bu 2.3
+ .\}
+-
+ Limited set of supported VFS operations \-
+ Protocol version 1 supports only four VFS operations\&.
+ .RE
+@@ -224,7 +221,6 @@ Protocol version 1 supports only four VF
+ .sp -1
+ .IP \(bu 2.3
+ .\}
+-
+ No subreleases of the protocol \-
+ Protocol version 1 is fixed on it\*(Aqs version, making it unable to introduce new features or bugfixes through compatible sub\-releases\&.
+ .RE
+Index: samba-3.6.23/docs/manpages/vfs_streams_depot.8
+===================================================================
+--- samba-3.6.23.orig/docs/manpages/vfs_streams_depot.8
++++ samba-3.6.23/docs/manpages/vfs_streams_depot.8
+@@ -1,13 +1,13 @@
+ '\" t
+ .\"     Title: vfs_streams_depot
+ .\"    Author: [see the "AUTHOR" section]
+-.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
+-.\"      Date: 09/18/2013
++.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
++.\"      Date: 04/11/2016
+ .\"    Manual: System Administration tools
+ .\"    Source: Samba 3.6
+ .\"  Language: English
+ .\"
+-.TH "VFS_STREAMS_DEPOT" "8" "09/18/2013" "Samba 3\&.6" "System Administration tools"
++.TH "VFS_STREAMS_DEPOT" "8" "04/11/2016" "Samba 3\&.6" "System Administration tools"
+ .\" -----------------------------------------------------------------
+ .\" * Define some portability stuff
+ .\" -----------------------------------------------------------------
+Index: samba-3.6.23/docs/manpages/vfs_streams_xattr.8
+===================================================================
+--- samba-3.6.23.orig/docs/manpages/vfs_streams_xattr.8
++++ samba-3.6.23/docs/manpages/vfs_streams_xattr.8
+@@ -1,13 +1,13 @@
+ '\" t
+ .\"     Title: vfs_streams_xattr
+ .\"    Author: [see the "AUTHOR" section]
+-.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
+-.\"      Date: 09/18/2013
++.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
++.\"      Date: 04/11/2016
+ .\"    Manual: System Administration tools
+ .\"    Source: Samba 3.6
+ .\"  Language: English
+ .\"
+-.TH "VFS_STREAMS_XATTR" "8" "09/18/2013" "Samba 3\&.6" "System Administration tools"
++.TH "VFS_STREAMS_XATTR" "8" "04/11/2016" "Samba 3\&.6" "System Administration tools"
+ .\" -----------------------------------------------------------------
+ .\" * Define some portability stuff
+ .\" -----------------------------------------------------------------
+Index: samba-3.6.23/docs/manpages/vfstest.1
+===================================================================
+--- samba-3.6.23.orig/docs/manpages/vfstest.1
++++ samba-3.6.23/docs/manpages/vfstest.1
+@@ -1,13 +1,13 @@
+ '\" t
+ .\"     Title: vfstest
+ .\"    Author: [see the "AUTHOR" section]
+-.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
+-.\"      Date: 09/18/2013
++.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
++.\"      Date: 04/11/2016
+ .\"    Manual: User Commands
+ .\"    Source: Samba 3.6
+ .\"  Language: English
+ .\"
+-.TH "VFSTEST" "1" "09/18/2013" "Samba 3\&.6" "User Commands"
++.TH "VFSTEST" "1" "04/11/2016" "Samba 3\&.6" "User Commands"
+ .\" -----------------------------------------------------------------
+ .\" * Define some portability stuff
+ .\" -----------------------------------------------------------------
+@@ -47,7 +47,7 @@ is a small command line utility that has
+ Execute the specified (colon\-separated) commands\&. See below for the commands that are available\&.
+ .RE
+ .PP
+-\-h|\-\-help
++\-?|\-\-help
+ .RS 4
+ Print a summary of command line options\&.
+ .RE
+Index: samba-3.6.23/docs/manpages/vfs_time_audit.8
+===================================================================
+--- samba-3.6.23.orig/docs/manpages/vfs_time_audit.8
++++ samba-3.6.23/docs/manpages/vfs_time_audit.8
+@@ -1,13 +1,13 @@
+ '\" t
+ .\"     Title: vfs_time_audit
+ .\"    Author: [see the "AUTHOR" section]
+-.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
+-.\"      Date: 09/18/2013
++.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
++.\"      Date: 04/11/2016
+ .\"    Manual: System Administration tools
+ .\"    Source: Samba 3.6
+ .\"  Language: English
+ .\"
+-.TH "VFS_TIME_AUDIT" "8" "09/18/2013" "Samba 3\&.6" "System Administration tools"
++.TH "VFS_TIME_AUDIT" "8" "04/11/2016" "Samba 3\&.6" "System Administration tools"
+ .\" -----------------------------------------------------------------
+ .\" * Define some portability stuff
+ .\" -----------------------------------------------------------------
+Index: samba-3.6.23/docs/manpages/vfs_xattr_tdb.8
+===================================================================
+--- samba-3.6.23.orig/docs/manpages/vfs_xattr_tdb.8
++++ samba-3.6.23/docs/manpages/vfs_xattr_tdb.8
+@@ -1,13 +1,13 @@
+ '\" t
+ .\"     Title: vfs_xattr_tdb
+ .\"    Author: [see the "AUTHOR" section]
+-.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
+-.\"      Date: 09/18/2013
++.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
++.\"      Date: 04/11/2016
+ .\"    Manual: System Administration tools
+ .\"    Source: Samba 3.6
+ .\"  Language: English
+ .\"
+-.TH "VFS_XATTR_TDB" "8" "09/18/2013" "Samba 3\&.6" "System Administration tools"
++.TH "VFS_XATTR_TDB" "8" "04/11/2016" "Samba 3\&.6" "System Administration tools"
+ .\" -----------------------------------------------------------------
+ .\" * Define some portability stuff
+ .\" -----------------------------------------------------------------
+Index: samba-3.6.23/docs/manpages/wbinfo.1
+===================================================================
+--- samba-3.6.23.orig/docs/manpages/wbinfo.1
++++ samba-3.6.23/docs/manpages/wbinfo.1
+@@ -1,13 +1,13 @@
+ '\" t
+ .\"     Title: wbinfo
+ .\"    Author: [see the "AUTHOR" section]
+-.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
+-.\"      Date: 09/18/2013
++.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
++.\"      Date: 04/11/2016
+ .\"    Manual: User Commands
+ .\"    Source: Samba 3.6
+ .\"  Language: English
+ .\"
+-.TH "WBINFO" "1" "09/18/2013" "Samba 3\&.6" "User Commands"
++.TH "WBINFO" "1" "04/11/2016" "Samba 3\&.6" "User Commands"
+ .\" -----------------------------------------------------------------
+ .\" * Define some portability stuff
+ .\" -----------------------------------------------------------------
+@@ -206,8 +206,7 @@ The
+ option queries
+ \fBwinbindd\fR(8)
+ for the SID associated with the name specified\&. Domain names can be specified before the user name by using the winbind separator character\&. For example CWDOM1/Administrator refers to the Administrator user in the domain CWDOM1\&. If no domain is specified then the domain used is the one specified in the
+-\fBsmb.conf\fR(5)
+-\fIworkgroup \fR
++\fBsmb.conf\fR(5)\fIworkgroup \fR
+ parameter\&.
+ .RE
+ .PP
+@@ -360,7 +359,7 @@ then the operation will fail\&.
+ Prints the program version number\&.
+ .RE
+ .PP
+-\-h|\-\-help
++\-?|\-\-help
+ .RS 4
+ Print a summary of command line options\&.
+ .RE
+Index: samba-3.6.23/docs/manpages/winbindd.8
+===================================================================
+--- samba-3.6.23.orig/docs/manpages/winbindd.8
++++ samba-3.6.23/docs/manpages/winbindd.8
+@@ -1,13 +1,13 @@
+ '\" t
+ .\"     Title: winbindd
+ .\"    Author: [see the "AUTHOR" section]
+-.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
+-.\"      Date: 09/18/2013
++.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
++.\"      Date: 04/11/2016
+ .\"    Manual: System Administration tools
+ .\"    Source: Samba 3.6
+ .\"  Language: English
+ .\"
+-.TH "WINBINDD" "8" "09/18/2013" "Samba 3\&.6" "System Administration tools"
++.TH "WINBINDD" "8" "04/11/2016" "Samba 3\&.6" "System Administration tools"
+ .\" -----------------------------------------------------------------
+ .\" * Define some portability stuff
+ .\" -----------------------------------------------------------------
+@@ -207,7 +207,7 @@ Base directory name for log/debug files\
+ will be appended (e\&.g\&. log\&.smbclient, log\&.smbd, etc\&.\&.\&.)\&. The log file is never removed by the client\&.
+ .RE
+ .PP
+-\-h|\-\-help
++\-?|\-\-help
+ .RS 4
+ Print a summary of command line options\&.
+ .RE
+@@ -254,7 +254,6 @@ file\&. All parameters should be specifi
+ .sp -1
+ .IP \(bu 2.3
+ .\}
+-
+ \m[blue]\fBwinbind separator\fR\m[]
+ .RE
+ .sp
+@@ -266,7 +265,6 @@ file\&. All parameters should be specifi
+ .sp -1
+ .IP \(bu 2.3
+ .\}
+-
+ \m[blue]\fBidmap config * : range\fR\m[]
+ .RE
+ .sp
+@@ -278,7 +276,6 @@ file\&. All parameters should be specifi
+ .sp -1
+ .IP \(bu 2.3
+ .\}
+-
+ \m[blue]\fBidmap config * : backend\fR\m[]
+ .RE
+ .sp
+@@ -290,7 +287,6 @@ file\&. All parameters should be specifi
+ .sp -1
+ .IP \(bu 2.3
+ .\}
+-
+ \m[blue]\fBwinbind cache time\fR\m[]
+ .RE
+ .sp
+@@ -302,7 +298,6 @@ file\&. All parameters should be specifi
+ .sp -1
+ .IP \(bu 2.3
+ .\}
+-
+ \m[blue]\fBwinbind enum users\fR\m[]
+ .RE
+ .sp
+@@ -314,7 +309,6 @@ file\&. All parameters should be specifi
+ .sp -1
+ .IP \(bu 2.3
+ .\}
+-
+ \m[blue]\fBwinbind enum groups\fR\m[]
+ .RE
+ .sp
+@@ -326,7 +320,6 @@ file\&. All parameters should be specifi
+ .sp -1
+ .IP \(bu 2.3
+ .\}
+-
+ \m[blue]\fBtemplate homedir\fR\m[]
+ .RE
+ .sp
+@@ -338,7 +331,6 @@ file\&. All parameters should be specifi
+ .sp -1
+ .IP \(bu 2.3
+ .\}
+-
+ \m[blue]\fBtemplate shell\fR\m[]
+ .RE
+ .sp
+@@ -350,7 +342,6 @@ file\&. All parameters should be specifi
+ .sp -1
+ .IP \(bu 2.3
+ .\}
+-
+ \m[blue]\fBwinbind use default domain\fR\m[]
+ .RE
+ .sp
+@@ -362,7 +353,6 @@ file\&. All parameters should be specifi
+ .sp -1
+ .IP \(bu 2.3
+ .\}
+-
+ \m[blue]\fBwinbind: rpc only\fR\m[]
+ Setting this parameter forces winbindd to use RPC instead of LDAP to retrieve information from Domain Controllers\&.
+ .RE
+Index: samba-3.6.23/docs/manpages/winbind_krb5_locator.7
+===================================================================
+--- samba-3.6.23.orig/docs/manpages/winbind_krb5_locator.7
++++ samba-3.6.23/docs/manpages/winbind_krb5_locator.7
+@@ -1,13 +1,13 @@
+ '\" t
+ .\"     Title: winbind_krb5_locator
+ .\"    Author: [see the "AUTHOR" section]
+-.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
+-.\"      Date: 09/18/2013
++.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
++.\"      Date: 04/11/2016
+ .\"    Manual: 7
+ .\"    Source: Samba 3.6
+ .\"  Language: English
+ .\"
+-.TH "WINBIND_KRB5_LOCATOR" "7" "09/18/2013" "Samba 3\&.6" "7"
++.TH "WINBIND_KRB5_LOCATOR" "7" "04/11/2016" "Samba 3\&.6" "7"
+ .\" -----------------------------------------------------------------
+ .\" * Define some portability stuff
+ .\" -----------------------------------------------------------------
+@@ -35,7 +35,6 @@ This plugin is part of the
+ \fBsamba\fR(7)
+ suite\&.
+ .PP
+-
+ winbind_krb5_locator
+ is a plugin that permits MIT and Heimdal Kerberos libraries to detect Kerberos Servers (for the KDC and kpasswd service) using the same semantics that other tools of the Samba suite use\&. This include site\-aware DNS service record lookups and caching of closest dc\&. The plugin uses the public locator API provided by most modern Kerberos implementations\&.
+ .SH "PREREQUISITES"
diff --git a/src/patches/samba/samba-3.2.0pre1-grouppwd.patch b/src/patches/samba/samba-3.2.0pre1-grouppwd.patch
new file mode 100644 (file)
index 0000000..b19a020
--- /dev/null
@@ -0,0 +1,13 @@
+Index: samba-3.6.22/source3/winbindd/winbindd_group.c
+===================================================================
+--- samba-3.6.22.orig/source3/winbindd/winbindd_group.c
++++ samba-3.6.22/source3/winbindd/winbindd_group.c
+@@ -69,7 +69,7 @@ bool fill_grent(TALLOC_CTX *mem_ctx, str
+       /* Group name and password */
+       safe_strcpy(gr->gr_name, full_group_name, sizeof(gr->gr_name) - 1);
+-      safe_strcpy(gr->gr_passwd, "x", sizeof(gr->gr_passwd) - 1);
++      safe_strcpy(gr->gr_passwd, "*", sizeof(gr->gr_passwd) - 1);
+       return True;
+ }
diff --git a/src/patches/samba/samba-3.2.0pre1-pipedir.patch b/src/patches/samba/samba-3.2.0pre1-pipedir.patch
new file mode 100644 (file)
index 0000000..a138c70
--- /dev/null
@@ -0,0 +1,13 @@
+Index: samba-3.6.6/nsswitch/winbind_struct_protocol.h
+===================================================================
+--- samba-3.6.6.orig/nsswitch/winbind_struct_protocol.h
++++ samba-3.6.6/nsswitch/winbind_struct_protocol.h
+@@ -29,7 +29,7 @@ typedef char fstring[FSTRING_LEN];
+  * is needed for launchd support -- jpeach.
+  */
+ #ifndef WINBINDD_SOCKET_DIR
+-#define WINBINDD_SOCKET_DIR  "/tmp/.winbindd"  /* Name of PF_UNIX dir */
++#define WINBINDD_SOCKET_DIR  "/var/run/winbindd"  /* Name of PF_UNIX dir */
+ #endif
+ /*
diff --git a/src/patches/samba/samba-3.2.5-inotify.patch b/src/patches/samba/samba-3.2.5-inotify.patch
new file mode 100644 (file)
index 0000000..e215f5b
--- /dev/null
@@ -0,0 +1,49 @@
+Index: samba-3.6.6/source3/smbd/notify_inotify.c
+===================================================================
+--- samba-3.6.6.orig/source3/smbd/notify_inotify.c
++++ samba-3.6.6/source3/smbd/notify_inotify.c
+@@ -77,6 +77,7 @@ struct inotify_private {
+       struct sys_notify_context *ctx;
+       int fd;
+       struct inotify_watch_context *watches;
++      bool broken_inotify;    /* Late stop for broken system */
+ };
+ struct inotify_watch_context {
+@@ -241,8 +242,15 @@ static void inotify_handler(struct event
+         filenames, and thus can't know how much to allocate
+         otherwise
+       */
+-      if (ioctl(in->fd, FIONREAD, &bufsize) != 0 || 
+-          bufsize == 0) {
++      if ((ioctl(in->fd, FIONREAD, &bufsize) != 0) && (errno == EACCES)) {
++              /*
++               * Workaround for broken system (SELinux policy bug fixed since long but it is always better not to loop on EACCES)
++               */
++              TALLOC_FREE(fde);
++              in->broken_inotify = True;
++              return;
++      }
++      if (bufsize == 0) {
+               DEBUG(0,("No data on inotify fd?!\n"));
+               TALLOC_FREE(fde);
+               return;
+@@ -300,6 +308,7 @@ static NTSTATUS inotify_setup(struct sys
+       }
+       in->ctx = ctx;
+       in->watches = NULL;
++      in->broken_inotify = False;
+       ctx->private_data = in;
+       talloc_set_destructor(in, inotify_destructor);
+@@ -394,6 +403,10 @@ NTSTATUS inotify_watch(struct sys_notify
+       in = talloc_get_type(ctx->private_data, struct inotify_private);
++      if (in->broken_inotify) {
++              return NT_STATUS_OK;
++      }
++
+       mask = inotify_map(e);
+       if (mask == 0) {
+               /* this filter can't be handled by inotify */
diff --git a/src/patches/samba/samba-3.5.11-docs.patch b/src/patches/samba/samba-3.5.11-docs.patch
new file mode 100644 (file)
index 0000000..35db3dc
--- /dev/null
@@ -0,0 +1,70 @@
+From 337e286f110f594f02ea6780900e0a95ec6794c2 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
+Date: Fri, 5 Aug 2011 12:25:52 +0200
+Subject: [PATCH] s3-docs: document --user-sidinfo wbinfo option.
+
+Guenther
+---
+ docs-xml/manpages-3/wbinfo.1.xml |    8 ++++++++
+ 1 files changed, 8 insertions(+), 0 deletions(-)
+
+Index: samba-3.6.22/docs-xml/manpages-3/wbinfo.1.xml
+===================================================================
+--- samba-3.6.22.orig/docs-xml/manpages-3/wbinfo.1.xml
++++ samba-3.6.22/docs-xml/manpages-3/wbinfo.1.xml
+@@ -47,7 +47,7 @@
+               <arg choide="opt">--online-status</arg>
+               <arg choice="opt">--own-domain</arg>
+               <arg choice="opt">-p</arg>
+-              <arg choice="opt">-P|--ping-dc</arg>
++              <arg choice="opt">--ping-dc</arg>
+               <arg choice="opt">-r user</arg>
+               <arg choide="opt">-R|--lookup-rids</arg>
+               <arg choice="opt">-s sid</arg>
+@@ -61,6 +61,7 @@
+               <arg choice="opt">--uid-info uid</arg>
+               <arg choide="opt">--usage</arg>
+               <arg choice="opt">--user-domgroups sid</arg>
++              <arg choice="opt">--user-sidinfo sid</arg>
+               <arg choice="opt">--user-sids sid</arg>
+               <arg choice="opt">-U uid</arg>
+               <arg choice="opt">-V</arg>
+@@ -414,6 +415,13 @@
+               </varlistentry>
+               <varlistentry>
++              <term>--user-sidinfo <replaceable>sid</replaceable></term>
++              <listitem><para>Get user info by sid.
++              </para></listitem>
++              </varlistentry>
++
++
++              <varlistentry>
+               <term>--user-sids <replaceable>sid</replaceable></term>
+               <listitem><para>Get user group SIDs for user.
+               </para></listitem>
+Index: samba-3.6.22/docs/manpages/wbinfo.1
+===================================================================
+--- samba-3.6.22.orig/docs/manpages/wbinfo.1
++++ samba-3.6.22/docs/manpages/wbinfo.1
+@@ -31,7 +31,7 @@
+ wbinfo \- Query information from winbind daemon
+ .SH "SYNOPSIS"
+ .HP \w'\ 'u
+-wbinfo [\-a\ user%password] [\-\-all\-domains] [\-\-allocate\-gid] [\-\-allocate\-uid] [\-c] [\-\-ccache\-save] [\-\-change\-user\-password] [\-D\ domain] [\-\-domain\ domain] [\-\-dsgetdcname\ domain] [\-g] [\-\-getdcname\ domain] [\-\-get\-auth\-user] [\-G\ gid] [\-\-gid\-info] [\-\-group\-info] [\-\-help|\-?] [\-i\ user] [\-I\ ip] [\-K\ user%password] [\-\-lanman] [\-m] [\-n\ name] [\-N\ netbios\-name] [\-\-ntlmv2] [\-\-online\-status] [\-\-own\-domain] [\-p] [\-P|\-\-ping\-dc] [\-r\ user] [\-R|\-\-lookup\-rids] [\-s\ sid] [\-\-separator] [\-\-set\-auth\-user\ user%password] [\-S\ sid] [\-\-sid\-aliases] [\-\-sid\-to\-fullname] [\-t] [\-u] [\-\-uid\-info\ uid] [\-\-usage] [\-\-user\-domgroups\ sid] [\-\-user\-sids\ sid] [\-U\ uid] [\-V] [\-\-verbose] [\-Y\ sid]
++wbinfo [\-a\ user%password] [\-\-all\-domains] [\-\-allocate\-gid] [\-\-allocate\-uid] [\-c] [\-\-ccache\-save] [\-\-change\-user\-password] [\-D\ domain] [\-\-domain\ domain] [\-\-dsgetdcname\ domain] [\-g] [\-\-getdcname\ domain] [\-\-get\-auth\-user] [\-G\ gid] [\-\-gid\-info] [\-\-group\-info] [\-\-help|\-?] [\-i\ user] [\-I\ ip] [\-K\ user%password] [\-\-lanman] [\-m] [\-n\ name] [\-N\ netbios\-name] [\-\-ntlmv2] [\-\-online\-status] [\-\-own\-domain] [\-p] [\-\-ping\-dc] [\-r\ user] [\-R|\-\-lookup\-rids] [\-s\ sid] [\-\-separator] [\-\-set\-auth\-user\ user%password] [\-S\ sid] [\-\-sid\-aliases] [\-\-sid\-to\-fullname] [\-t] [\-u] [\-\-uid\-info\ uid] [\-\-usage] [\-\-user\-domgroups\ sid] [\-\-user\-sidinfo\ sid] [\-\-user\-sids\ sid] [\-U\ uid] [\-V] [\-\-verbose] [\-Y\ sid]
+ .SH "DESCRIPTION"
+ .PP
+ This tool is part of the
+@@ -328,6 +328,11 @@ Print brief help overview\&.
+ Get user domain groups\&.
+ .RE
+ .PP
++\-\-user\-sidinfo \fIsid\fR
++.RS 4
++Get user info by sid\&.
++.RE
++.PP
+ \-\-user\-sids \fIsid\fR
+ .RS 4
+ Get user group SIDs for user\&.
diff --git a/src/patches/samba/samba-3.5.11-idmapdebug.patch b/src/patches/samba/samba-3.5.11-idmapdebug.patch
new file mode 100644 (file)
index 0000000..44da0ff
--- /dev/null
@@ -0,0 +1,26 @@
+Index: samba-3.6.6/source3/winbindd/idmap.c
+===================================================================
+--- samba-3.6.6.orig/source3/winbindd/idmap.c
++++ samba-3.6.6/source3/winbindd/idmap.c
+@@ -129,7 +129,7 @@ NTSTATUS smb_register_idmap(int version,
+       for (entry = backends; entry != NULL; entry = entry->next) {
+               if (strequal(entry->name, name)) {
+-                      DEBUG(0,("Idmap module %s already registered!\n",
++                      DEBUG(5,("Idmap module %s already registered!\n",
+                                name));
+                       return NT_STATUS_OBJECT_NAME_COLLISION;
+               }
+Index: samba-3.6.6/source3/winbindd/nss_info.c
+===================================================================
+--- samba-3.6.6.orig/source3/winbindd/nss_info.c
++++ samba-3.6.6/source3/winbindd/nss_info.c
+@@ -66,7 +66,7 @@ static struct nss_function_entry *nss_ge
+       }
+       if ( nss_get_backend(name) ) {
+-              DEBUG(0,("smb_register_idmap_nss: idmap module %s "
++              DEBUG(5,("smb_register_idmap_nss: idmap module %s "
+                        "already registered!\n", name));
+               return NT_STATUS_OBJECT_NAME_COLLISION;
+       }
diff --git a/src/patches/samba/samba-3.5.11-nss_info_doc.patch b/src/patches/samba/samba-3.5.11-nss_info_doc.patch
new file mode 100644 (file)
index 0000000..50051a0
--- /dev/null
@@ -0,0 +1,75 @@
+From 47871b11df083ec6936599e1196a553379c044b3 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
+Date: Wed, 19 Oct 2011 00:19:58 +0200
+Subject: [PATCH 1/2] s3-docs: Document Services for Unix 2.0 (sfu20) nss_info
+ ldap schema support.
+
+Guenther
+---
+ docs-xml/manpages-3/idmap_ad.8.xml             |    4 +++-
+ docs-xml/smbdotconf/winbind/winbindnssinfo.xml |    5 +++--
+ 2 files changed, 6 insertions(+), 3 deletions(-)
+
+Index: samba-3.6.22/docs-xml/manpages-3/idmap_ad.8.xml
+===================================================================
+--- samba-3.6.22.orig/docs-xml/manpages-3/idmap_ad.8.xml
++++ samba-3.6.22/docs-xml/manpages-3/idmap_ad.8.xml
+@@ -63,12 +63,17 @@
+               </para></listitem>
+               </varlistentry>
+               <varlistentry>
+-              <term>schema_mode = &lt;rfc2307 | sfu &gt;</term>
++              <term>schema_mode = &lt;rfc2307 | sfu | sfu20&gt;</term>
+               <listitem><para>
+                       Defines the schema that idmap_ad should use when querying
+                       Active Directory regarding user and group information.
+                       This can be either the RFC2307 schema support included
+                       in Windows 2003 R2 or the Service for Unix (SFU) schema.
++                      For SFU 3.0 or 3.5 please choose "sfu", for SFU 2.0
++                      please choose "sfu20".
++
++                      Please note that primary group membership is currently always calculated
++                      via the "primaryGroupID" LDAP attribute.
+               </para></listitem>
+               </varlistentry>
+       </variablelist>
+Index: samba-3.6.22/docs-xml/smbdotconf/winbind/winbindnssinfo.xml
+===================================================================
+--- samba-3.6.22.orig/docs-xml/smbdotconf/winbind/winbindnssinfo.xml
++++ samba-3.6.22/docs-xml/smbdotconf/winbind/winbindnssinfo.xml
+@@ -18,14 +18,16 @@
+               </listitem>
+               <listitem>
+-                      <para><parameter moreinfo="none">&lt;sfu | rfc2307 &gt;</parameter>
++                      <para><parameter moreinfo="none">&lt;sfu | sfu20 | rfc2307 &gt;</parameter>
+                       - When Samba is running in security = ads and your Active Directory
+                       Domain Controller does support the Microsoft "Services for Unix" (SFU)
+                       LDAP schema, winbind can retrieve the login shell and the home
+-                      directory attributes directly from your Directory Server. Note that
++                      directory attributes directly from your Directory Server. For SFU 3.0 or 3.5 simply choose
++                      "sfu", if you use SFU 2.0 please choose "sfu20". Note that
+                       retrieving UID and GID from your ADS-Server requires to
+                       use <parameter moreinfo="none">idmap config DOMAIN:backend</parameter> = ad
+-                      as well.
++                      as well. The primary group membership is currently
++                      always calculated via the "primaryGroupID" LDAP attribute.
+                       </para>
+               </listitem>
+       </itemizedlist>
+Index: samba-3.6.22/docs/manpages/idmap_ad.8
+===================================================================
+--- samba-3.6.22.orig/docs/manpages/idmap_ad.8
++++ samba-3.6.22/docs/manpages/idmap_ad.8
+@@ -48,9 +48,9 @@ range = low \- high
+ Defines the available matching UID and GID range for which the backend is authoritative\&. Note that the range acts as a filter\&. If specified any UID or GID stored in AD that fall outside the range is ignored and the corresponding map is discarded\&. It is intended as a way to avoid accidental UID/GID overlaps between local and remotely defined IDs\&.
+ .RE
+ .PP
+-schema_mode = <rfc2307 | sfu >
++schema_mode = <rfc2307 | sfu | sfu20>
+ .RS 4
+-Defines the schema that idmap_ad should use when querying Active Directory regarding user and group information\&. This can be either the RFC2307 schema support included in Windows 2003 R2 or the Service for Unix (SFU) schema\&.
++Defines the schema that idmap_ad should use when querying Active Directory regarding user and group information\&. This can be either the RFC2307 schema support included in Windows 2003 R2 or the Service for Unix (SFU) schema\&. For SFU 3\&.0 or 3\&.5 please choose "sfu", for SFU 2\&.0 please choose "sfu20"\&. Please note that primary group membership is currently always calculated via the "primaryGroupID" LDAP attribute\&.
+ .RE
+ .SH "EXAMPLES"
+ .PP
diff --git a/src/patches/samba/samba-3.5.11-wbinfo_manpage.patch b/src/patches/samba/samba-3.5.11-wbinfo_manpage.patch
new file mode 100644 (file)
index 0000000..6355533
--- /dev/null
@@ -0,0 +1,65 @@
+From 21027216d43c33fac220746c32acff6b355c4e7d Mon Sep 17 00:00:00 2001
+From: Christian Ambach <ambi@samba.org>
+Date: Fri, 30 Sep 2011 17:07:05 +0200
+Subject: [PATCH] s3-docs: some corrections for wbinfo
+
+Parameters for --group-info and --gid-info were not listed
+properly in the SYNOPSIS and the OPTIONS section
+
+Autobuild-User: Christian Ambach <ambi@samba.org>
+Autobuild-Date: Fri Sep 30 18:44:34 CEST 2011 on sn-devel-104
+---
+ docs-xml/manpages-3/wbinfo.1.xml |    8 ++++----
+ 1 files changed, 4 insertions(+), 4 deletions(-)
+
+Index: samba-3.6.6/docs-xml/manpages-3/wbinfo.1.xml
+===================================================================
+--- samba-3.6.6.orig/docs-xml/manpages-3/wbinfo.1.xml
++++ samba-3.6.6/docs-xml/manpages-3/wbinfo.1.xml
+@@ -33,8 +33,8 @@
+               <arg choice="opt">--getdcname domain</arg>
+               <arg choice="opt">--get-auth-user</arg>
+               <arg choice="opt">-G gid</arg>
+-              <arg choide="opt">--gid-info</arg>
+-              <arg choide="opt">--group-info</arg>
++              <arg choide="opt">--gid-info gid</arg>
++              <arg choide="opt">--group-info group</arg>
+               <arg choice="opt">--help|-?</arg>
+               <arg choice="opt">-i user</arg>
+               <arg choice="opt">-I ip</arg>
+@@ -171,8 +171,8 @@
+               </varlistentry>
+               <varlistentry>
+-              <term>--group-info <replaceable>user</replaceable></term>
+-              <listitem><para>Get group info for user.
++              <term>--group-info <replaceable>group</replaceable></term>
++              <listitem><para>Get group info from group name.
+               </para></listitem>
+               </varlistentry>
+Index: samba-3.6.6/docs/manpages/wbinfo.1
+===================================================================
+--- samba-3.6.6.orig/docs/manpages/wbinfo.1
++++ samba-3.6.6/docs/manpages/wbinfo.1
+@@ -31,7 +31,7 @@
+ wbinfo \- Query information from winbind daemon
+ .SH "SYNOPSIS"
+ .HP \w'\ 'u
+-wbinfo [\-a\ user%password] [\-\-all\-domains] [\-\-allocate\-gid] [\-\-allocate\-uid] [\-c] [\-\-ccache\-save] [\-\-change\-user\-password] [\-D\ domain] [\-\-domain\ domain] [\-\-dsgetdcname\ domain] [\-g] [\-\-getdcname\ domain] [\-\-get\-auth\-user] [\-G\ gid] [\-\-gid\-info] [\-\-group\-info] [\-\-help|\-?] [\-i\ user] [\-I\ ip] [\-K\ user%password] [\-\-lanman] [\-m] [\-n\ name] [\-N\ netbios\-name] [\-\-ntlmv2] [\-\-online\-status] [\-\-own\-domain] [\-p] [\-\-ping\-dc] [\-r\ user] [\-R|\-\-lookup\-rids] [\-s\ sid] [\-\-separator] [\-\-set\-auth\-user\ user%password] [\-S\ sid] [\-\-sid\-aliases] [\-\-sid\-to\-fullname] [\-t] [\-u] [\-\-uid\-info\ uid] [\-\-usage] [\-\-user\-domgroups\ sid] [\-\-user\-sidinfo\ sid] [\-\-user\-sids\ sid] [\-U\ uid] [\-V] [\-\-verbose] [\-Y\ sid]
++wbinfo [\-a\ user%password] [\-\-all\-domains] [\-\-allocate\-gid] [\-\-allocate\-uid] [\-c] [\-\-ccache\-save] [\-\-change\-user\-password] [\-D\ domain] [\-\-domain\ domain] [\-\-dsgetdcname\ domain] [\-g] [\-\-getdcname\ domain] [\-\-get\-auth\-user] [\-G\ gid] [\-\-gid\-info\ gid] [\-\-group\-info\ group] [\-\-help|\-?] [\-i\ user] [\-I\ ip] [\-K\ user%password] [\-\-lanman] [\-m] [\-n\ name] [\-N\ netbios\-name] [\-\-ntlmv2] [\-\-online\-status] [\-\-own\-domain] [\-p] [\-\-ping\-dc] [\-r\ user] [\-R|\-\-lookup\-rids] [\-s\ sid] [\-\-separator] [\-\-set\-auth\-user\ user%password] [\-S\ sid] [\-\-sid\-aliases] [\-\-sid\-to\-fullname] [\-t] [\-u] [\-\-uid\-info\ uid] [\-\-usage] [\-\-user\-domgroups\ sid] [\-\-user\-sidinfo\ sid] [\-\-user\-sids\ sid] [\-U\ uid] [\-V] [\-\-verbose] [\-Y\ sid]
+ .SH "DESCRIPTION"
+ .PP
+ This tool is part of the
+@@ -130,9 +130,9 @@ Find a DC for a domain\&.
+ Get group info from gid\&.
+ .RE
+ .PP
+-\-\-group\-info \fIuser\fR
++\-\-group\-info \fIgroup\fR
+ .RS 4
+-Get group info for user\&.
++Get group info from group name\&.
+ .RE
+ .PP
+ \-g|\-\-domain\-groups
diff --git a/src/patches/samba/samba-3.5.12-dns.patch b/src/patches/samba/samba-3.5.12-dns.patch
new file mode 100644 (file)
index 0000000..d655a82
--- /dev/null
@@ -0,0 +1,27 @@
+From 1b0421a1a3d2b2e0168c0957864c16adf93e326d Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
+Date: Wed, 21 Dec 2011 15:47:35 +0100
+Subject: [PATCH] s3-dns: prevent from potentially doing wrong SRV DNS
+ lookups.
+
+With an empty sitename we asked for e.g.
+_ldap._tcp.._sites.dc._msdcs.AD.EXAMPLE.COM
+
+Guenther
+---
+ source3/libads/dns.c |    2 +-
+ 1 files changed, 1 insertions(+), 1 deletions(-)
+
+Index: samba-3.6.6/source3/libads/dns.c
+===================================================================
+--- samba-3.6.6.orig/source3/libads/dns.c
++++ samba-3.6.6/source3/libads/dns.c
+@@ -741,7 +741,7 @@ static NTSTATUS ads_dns_query_internal(T
+                                      int *numdcs )
+ {
+       char *name;
+-      if (sitename) {
++      if (sitename && strlen(sitename)) {
+               name = talloc_asprintf(ctx, "%s._tcp.%s._sites.%s._msdcs.%s",
+                                      servicename, sitename,
+                                      dc_pdc_gc_domains, realm);
diff --git a/src/patches/samba/samba-3.5.12-pam_radio_type.patch b/src/patches/samba/samba-3.5.12-pam_radio_type.patch
new file mode 100644 (file)
index 0000000..624b73f
--- /dev/null
@@ -0,0 +1,31 @@
+From 516ba47988f00f83dd4ee53556e0be6463de88ec Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
+Date: Thu, 5 Apr 2012 14:05:00 +0200
+Subject: [PATCH] nsswitch: disable HAVE_PAM_RADIO_TYPE handling until proper
+ PAM_RADIO_TYPE handling is available.
+
+ This is needed that gdm doesn't crash.
+
+Guenther
+---
+ nsswitch/pam_winbind.c |    4 +++-
+ 1 files changed, 3 insertions(+), 1 deletions(-)
+
+diff --git a/nsswitch/pam_winbind.c b/nsswitch/pam_winbind.c
+index b802036..0ed91d8 100644
+--- a/nsswitch/pam_winbind.c
++++ b/nsswitch/pam_winbind.c
+@@ -807,7 +807,9 @@ static int wbc_auth_error_to_pam_error(struct pwb_context *ctx,
+       return pam_winbind_request_log(ctx, ret, username, fn);
+ }
+-#if defined(HAVE_PAM_RADIO_TYPE)
++#if 0
++/* #if defined(HAVE_PAM_RADIO_TYPE) currently disabled until proper
++ * PAM_RADIO_TYPE is implemented - gd */
+ static bool _pam_winbind_change_pwd(struct pwb_context *ctx)
+ {
+       struct pam_message msg, *pmsg;
+-- 
+1.7.7.6
+
diff --git a/src/patches/samba/samba-3.6.18-fix_net_ads_join_segfault.patch b/src/patches/samba/samba-3.6.18-fix_net_ads_join_segfault.patch
new file mode 100644 (file)
index 0000000..dac2ede
--- /dev/null
@@ -0,0 +1,40 @@
+From 814b2c730b2f38767712a005bf328a4a04478f63 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
+Date: Fri, 17 May 2013 15:14:35 +0200
+Subject: [PATCH 1/2] s3-libads: Fail
+ create_local_private_krb5_conf_for_domain() if parameters missing.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Guenther
+
+Signed-off-by: Günther Deschner <gd@samba.org>
+Reviewed-by: Stefan Metzmacher <metze@samba.org>
+Reviewed-by: Andreas Schneider <asn@samba.org>
+(cherry picked from commit 6dc7c63efa95d0c04b542667d9b6a6621c8139bf)
+---
+ source3/libads/kerberos.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+Index: samba-3.6.22/source3/libads/kerberos.c
+===================================================================
+--- samba-3.6.22.orig/source3/libads/kerberos.c
++++ samba-3.6.22/source3/libads/kerberos.c
+@@ -866,6 +866,16 @@ bool create_local_private_krb5_conf_for_
+               return false;
+       }
++      if (realm == NULL) {
++              DEBUG(0, ("No realm has been specified! Do you really want to "
++                        "join an Active Directory server?\n"));
++              return false;
++      }
++
++      if (domain == NULL || pss == NULL || kdc_name == NULL) {
++              return false;
++      }
++
+       dname = lock_path("smb_krb5");
+       if (!dname) {
+               return false;
diff --git a/src/patches/samba/samba-3.6.19-valid_users_doc.patch b/src/patches/samba/samba-3.6.19-valid_users_doc.patch
new file mode 100644 (file)
index 0000000..602783b
--- /dev/null
@@ -0,0 +1,53 @@
+From 3c7822bac97ce4646f1b2c8419d1dae773c02c1d Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
+Date: Tue, 17 Sep 2013 12:47:58 +0200
+Subject: [PATCH] docs: point out side-effects of global "valid users" setting.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Guenther
+
+Signed-off-by: Günther Deschner <gd@samba.org>
+---
+ docs-xml/smbdotconf/security/validusers.xml | 10 ++++++++++
+ 1 file changed, 10 insertions(+)
+
+Index: samba-3.6.22/docs-xml/smbdotconf/security/validusers.xml
+===================================================================
+--- samba-3.6.22.orig/docs-xml/smbdotconf/security/validusers.xml
++++ samba-3.6.22/docs-xml/smbdotconf/security/validusers.xml
+@@ -19,6 +19,16 @@
+     The current servicename is substituted for <parameter moreinfo="none">%S</parameter>. 
+     This is useful in the [homes] section.
+     </para>
++
++    <para><emphasis>Note: </emphasis>When used in the [global] section this
++    parameter may have unwanted side effects. For example: If samba is configured as a MASTER BROWSER (see
++    <parameter moreinfo="none">local master</parameter>,
++    <parameter moreinfo="none">os level</parameter>,
++    <parameter moreinfo="none">domain master</parameter>,
++    <parameter moreinfo="none">preferred master</parameter>) this option
++    will prevent workstations from being able to browse the network.
++    </para>
++
+ </description>
+ <related>invalid users</related>
+Index: samba-3.6.22/docs/manpages/smb.conf.5
+===================================================================
+--- samba-3.6.22.orig/docs/manpages/smb.conf.5
++++ samba-3.6.22/docs/manpages/smb.conf.5
+@@ -10311,6 +10311,12 @@ list then access is denied for that user
+ The current servicename is substituted for
+ \fI%S\fR\&. This is useful in the [homes] section\&.
+ .sp
++\fINote: \fRWhen used in the [global] section this parameter may have unwanted side effects\&. For example: If samba is configured as a MASTER BROWSER (see
++\fIlocal master\fR,
++\fIos level\fR,
++\fIdomain master\fR,
++\fIpreferred master\fR) this option will prevent workstations from being able to browse the network\&.
++.sp
+ Default:
+ \fI\fIvalid users\fR\fR\fI = \fR\fI # No valid users list (anyone can login) \fR\fI \fR
+ .sp
diff --git a/src/patches/samba/samba-3.6.23-fix_libads_krb5_ipv6.patch b/src/patches/samba/samba-3.6.23-fix_libads_krb5_ipv6.patch
new file mode 100644 (file)
index 0000000..9b6d221
--- /dev/null
@@ -0,0 +1,788 @@
+From 918ac8f0ed19aeaa4718fa94fcabe87d0419d768 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
+Date: Mon, 13 Jan 2014 15:59:26 +0100
+Subject: [PATCH 1/5] PATCHSET11: s3-kerberos: remove print_kdc_line()
+ completely.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Just calling print_canonical_sockaddr() is sufficient, as it already deals with
+ipv6 as well. The port handling, which was only done for IPv6 (not IPv4), is
+removed as well. It was pointless because it always derived the port number from
+the provided address which was either a SMB (usually port 445) or LDAP
+connection. No KDC will ever run on port 389 or 445 on a Windows/Samba DC.
+Finally, the kerberos libraries that we support and build with, can deal with
+ipv6 addresses in krb5.conf, so we no longer put the (unnecessary) burden of
+resolving the DC name on the kerberos library anymore.
+
+Guenther
+
+Signed-off-by: Günther Deschner <gd@samba.org>
+Reviewed-by: Andreas Schneider <asn@samba.org>
+
+Conflicts:
+       source3/libads/kerberos.c
+---
+ source3/libads/kerberos.c | 86 +++++------------------------------------------
+ 1 file changed, 9 insertions(+), 77 deletions(-)
+
+diff --git a/source3/libads/kerberos.c b/source3/libads/kerberos.c
+index 1153ccb..064e5f7 100644
+--- a/source3/libads/kerberos.c
++++ b/source3/libads/kerberos.c
+@@ -661,73 +661,6 @@ int kerberos_kinit_password(const char *principal,
+ }
+ /************************************************************************
+-************************************************************************/
+-
+-static char *print_kdc_line(char *mem_ctx,
+-                      const char *prev_line,
+-                      const struct sockaddr_storage *pss,
+-                      const char *kdc_name)
+-{
+-      char *kdc_str = NULL;
+-
+-      if (pss->ss_family == AF_INET) {
+-              kdc_str = talloc_asprintf(mem_ctx, "%s\tkdc = %s\n",
+-                                      prev_line,
+-                                        print_canonical_sockaddr(mem_ctx, pss));
+-      } else {
+-              char addr[INET6_ADDRSTRLEN];
+-              uint16_t port = get_sockaddr_port(pss);
+-
+-              DEBUG(10,("print_kdc_line: IPv6 case for kdc_name: %s, port: %d\n",
+-                      kdc_name, port));
+-
+-              if (port != 0 && port != DEFAULT_KRB5_PORT) {
+-                      /* Currently for IPv6 we can't specify a non-default
+-                         krb5 port with an address, as this requires a ':'.
+-                         Resolve to a name. */
+-                      char hostname[MAX_DNS_NAME_LENGTH];
+-                      int ret = sys_getnameinfo((const struct sockaddr *)pss,
+-                                      sizeof(*pss),
+-                                      hostname, sizeof(hostname),
+-                                      NULL, 0,
+-                                      NI_NAMEREQD);
+-                      if (ret) {
+-                              DEBUG(0,("print_kdc_line: can't resolve name "
+-                                      "for kdc with non-default port %s. "
+-                                      "Error %s\n.",
+-                                      print_canonical_sockaddr(mem_ctx, pss),
+-                                      gai_strerror(ret)));
+-                              return NULL;
+-                      }
+-                      /* Success, use host:port */
+-                      kdc_str = talloc_asprintf(mem_ctx,
+-                                      "%s\tkdc = %s:%u\n",
+-                                      prev_line,
+-                                      hostname,
+-                                      (unsigned int)port);
+-              } else {
+-
+-                      /* no krb5 lib currently supports "kdc = ipv6 address"
+-                       * at all, so just fill in just the kdc_name if we have
+-                       * it and let the krb5 lib figure out the appropriate
+-                       * ipv6 address - gd */
+-
+-                      if (kdc_name) {
+-                              kdc_str = talloc_asprintf(mem_ctx, "%s\tkdc = %s\n",
+-                                              prev_line, kdc_name);
+-                      } else {
+-                              kdc_str = talloc_asprintf(mem_ctx, "%s\tkdc = %s\n",
+-                                              prev_line,
+-                                              print_sockaddr(addr,
+-                                                      sizeof(addr),
+-                                                      pss));
+-                      }
+-              }
+-      }
+-      return kdc_str;
+-}
+-
+-/************************************************************************
+  Create a string list of available kdc's, possibly searching by sitename.
+  Does DNS queries.
+@@ -746,7 +679,8 @@ static char *get_kdc_ip_string(char *mem_ctx,
+       struct ip_service *ip_srv_nonsite = NULL;
+       int count_site = 0;
+       int count_nonsite;
+-      char *kdc_str = print_kdc_line(mem_ctx, "", pss, kdc_name);
++      char *kdc_str = talloc_asprintf(mem_ctx, "%s\tkdc = %s\n", "",
++                                      print_canonical_sockaddr(mem_ctx, pss));
+       if (kdc_str == NULL) {
+               return NULL;
+@@ -768,10 +702,9 @@ static char *get_kdc_ip_string(char *mem_ctx,
+                       }
+                       /* Append to the string - inefficient
+                        * but not done often. */
+-                      kdc_str = print_kdc_line(mem_ctx,
+-                                              kdc_str,
+-                                              &ip_srv_site[i].ss,
+-                                              NULL);
++                      kdc_str = talloc_asprintf(mem_ctx, "%s\tkdc = %s\n",
++                                                kdc_str,
++                                                print_canonical_sockaddr(mem_ctx, &ip_srv_site[i].ss));
+                       if (!kdc_str) {
+                               SAFE_FREE(ip_srv_site);
+                               return NULL;
+@@ -806,11 +739,10 @@ static char *get_kdc_ip_string(char *mem_ctx,
+               }
+               /* Append to the string - inefficient but not done often. */
+-              kdc_str = print_kdc_line(mem_ctx,
+-                              kdc_str,
+-                              &ip_srv_nonsite[i].ss,
+-                              NULL);
+-              if (!kdc_str) {
++              kdc_str = talloc_asprintf(mem_ctx, "%s\tkdc = %s\n",
++                                        kdc_str,
++                                        print_canonical_sockaddr(mem_ctx, &ip_srv_nonsite[i].ss));
++              if (kdc_str == NULL) {
+                       SAFE_FREE(ip_srv_site);
+                       SAFE_FREE(ip_srv_nonsite);
+                       return NULL;
+-- 
+1.9.0
+
+
+From b4eba7d838b60230b9f6c9a08ef0ddc00e3e47f0 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
+Date: Fri, 7 Mar 2014 14:47:31 +0100
+Subject: [PATCH 2/5] PATCHSET11: s3-kerberos: remove unused kdc_name from
+ create_local_private_krb5_conf_for_domain().
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Guenther
+
+Signed-off-by: Günther Deschner <gd@samba.org>
+Reviewed-by: Andreas Schneider <asn@samba.org>
+
+Autobuild-User(master): Günther Deschner <gd@samba.org>
+Autobuild-Date(master): Fri Mar  7 18:43:57 CET 2014 on sn-devel-104
+
+Conflicts:
+       source3/libads/kerberos.c
+       source3/libads/kerberos_proto.h
+       source3/libnet/libnet_join.c
+       source3/winbindd/winbindd_cm.c
+---
+ source3/libads/kerberos.c       | 10 ++++------
+ source3/libads/kerberos_proto.h |  3 +--
+ source3/libnet/libnet_join.c    |  2 +-
+ source3/libsmb/namequery_dc.c   |  6 ++----
+ source3/winbindd/winbindd_cm.c  |  6 ++----
+ 5 files changed, 10 insertions(+), 17 deletions(-)
+
+diff --git a/source3/libads/kerberos.c b/source3/libads/kerberos.c
+index 064e5f7..b826cb3 100644
+--- a/source3/libads/kerberos.c
++++ b/source3/libads/kerberos.c
+@@ -671,8 +671,7 @@ int kerberos_kinit_password(const char *principal,
+ static char *get_kdc_ip_string(char *mem_ctx,
+               const char *realm,
+               const char *sitename,
+-              struct sockaddr_storage *pss,
+-              const char *kdc_name)
++              struct sockaddr_storage *pss)
+ {
+       int i;
+       struct ip_service *ip_srv_site = NULL;
+@@ -769,8 +768,7 @@ static char *get_kdc_ip_string(char *mem_ctx,
+ bool create_local_private_krb5_conf_for_domain(const char *realm,
+                                               const char *domain,
+                                               const char *sitename,
+-                                              struct sockaddr_storage *pss,
+-                                              const char *kdc_name)
++                                              struct sockaddr_storage *pss)
+ {
+       char *dname;
+       char *tmpname = NULL;
+@@ -794,7 +792,7 @@ bool create_local_private_krb5_conf_for_domain(const char *realm,
+               return false;
+       }
+-      if (domain == NULL || pss == NULL || kdc_name == NULL) {
++      if (domain == NULL || pss == NULL) {
+               return false;
+       }
+@@ -825,7 +823,7 @@ bool create_local_private_krb5_conf_for_domain(const char *realm,
+       realm_upper = talloc_strdup(fname, realm);
+       strupper_m(realm_upper);
+-      kdc_ip_string = get_kdc_ip_string(dname, realm, sitename, pss, kdc_name);
++      kdc_ip_string = get_kdc_ip_string(dname, realm, sitename, pss);
+       if (!kdc_ip_string) {
+               goto done;
+       }
+diff --git a/source3/libads/kerberos_proto.h b/source3/libads/kerberos_proto.h
+index 406669cc..90d7cd9 100644
+--- a/source3/libads/kerberos_proto.h
++++ b/source3/libads/kerberos_proto.h
+@@ -75,8 +75,7 @@ int kerberos_kinit_password(const char *principal,
+ bool create_local_private_krb5_conf_for_domain(const char *realm,
+                                               const char *domain,
+                                               const char *sitename,
+-                                              struct sockaddr_storage *pss,
+-                                              const char *kdc_name);
++                                              struct sockaddr_storage *pss);
+ /* The following definitions come from libads/authdata.c  */
+diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c
+index e84682d..f1736ec 100644
+--- a/source3/libnet/libnet_join.c
++++ b/source3/libnet/libnet_join.c
+@@ -1985,7 +1985,7 @@ static WERROR libnet_DomainJoin(TALLOC_CTX *mem_ctx,
+       create_local_private_krb5_conf_for_domain(
+               r->out.dns_domain_name, r->out.netbios_domain_name,
+-              NULL, &cli->dest_ss, cli->desthost);
++              NULL, &cli->dest_ss);
+       if (r->out.domain_is_ad && r->in.account_ou &&
+           !(r->in.join_flags & WKSSVC_JOIN_FLAGS_JOIN_UNSECURE)) {
+diff --git a/source3/libsmb/namequery_dc.c b/source3/libsmb/namequery_dc.c
+index 39b780c..149121a 100644
+--- a/source3/libsmb/namequery_dc.c
++++ b/source3/libsmb/namequery_dc.c
+@@ -111,14 +111,12 @@ static bool ads_dc_name(const char *domain,
+                               create_local_private_krb5_conf_for_domain(realm,
+                                                                       domain,
+                                                                       sitename,
+-                                                                      &ads->ldap.ss,
+-                                                                      ads->config.ldap_server_name);
++                                                                      &ads->ldap.ss);
+                       } else {
+                               create_local_private_krb5_conf_for_domain(realm,
+                                                                       domain,
+                                                                       NULL,
+-                                                                      &ads->ldap.ss,
+-                                                                      ads->config.ldap_server_name);
++                                                                      &ads->ldap.ss);
+                       }
+               }
+ #endif
+diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbindd_cm.c
+index 8271279..59f30a5 100644
+--- a/source3/winbindd/winbindd_cm.c
++++ b/source3/winbindd/winbindd_cm.c
+@@ -1226,8 +1226,7 @@ static bool dcip_to_name(TALLOC_CTX *mem_ctx,
+                                       create_local_private_krb5_conf_for_domain(domain->alt_name,
+                                                                       domain->name,
+                                                                       sitename,
+-                                                                      pss,
+-                                                                      name);
++                                                                      pss);
+                                       SAFE_FREE(sitename);
+                               } else {
+@@ -1235,8 +1234,7 @@ static bool dcip_to_name(TALLOC_CTX *mem_ctx,
+                                       create_local_private_krb5_conf_for_domain(domain->alt_name,
+                                                                       domain->name,
+                                                                       NULL,
+-                                                                      pss,
+-                                                                      name);
++                                                                      pss);
+                               }
+                               winbindd_set_locator_kdc_envs(domain);
+-- 
+1.9.0
+
+
+From db840b57e81922cea984530e2dc1b42cc99e75de Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
+Date: Wed, 2 Apr 2014 19:37:34 +0200
+Subject: [PATCH 3/5] PATCHSET11: s3-kerberos: make ipv6 support for generated
+ krb5 config files more robust.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Older MIT Kerberos libraries will add any secondary ipv6 address as
+ipv4 address, defining the (default) krb5 port 88 circumvents that.
+
+Guenther
+
+Signed-off-by: Günther Deschner <gd@samba.org>
+Reviewed-by: Andreas Schneider <asn@samba.org>
+
+Autobuild-User(master): Günther Deschner <gd@samba.org>
+Autobuild-Date(master): Fri Apr  4 16:33:12 CEST 2014 on sn-devel-104
+
+Conflicts:
+       source3/libads/kerberos.c
+---
+ source3/libads/kerberos.c | 29 +++++++++++++++++++++++++++--
+ 1 file changed, 27 insertions(+), 2 deletions(-)
+
+diff --git a/source3/libads/kerberos.c b/source3/libads/kerberos.c
+index b826cb3..5e34aa3 100644
+--- a/source3/libads/kerberos.c
++++ b/source3/libads/kerberos.c
+@@ -668,6 +668,31 @@ int kerberos_kinit_password(const char *principal,
+ ************************************************************************/
++/* print_canonical_sockaddr prints an ipv6 addr in the form of
++* [ipv6.addr]. This string, when put in a generated krb5.conf file is not
++* always properly dealt with by some older krb5 libraries. Adding the hard-coded
++* portnumber workarounds the issue. - gd */
++
++static char *print_canonical_sockaddr_with_port(TALLOC_CTX *mem_ctx,
++                                              const struct sockaddr_storage *pss)
++{
++      char *str = NULL;
++
++      str = print_canonical_sockaddr(mem_ctx, pss);
++      if (str == NULL) {
++              return NULL;
++      }
++
++      if (pss->ss_family != AF_INET6) {
++              return str;
++      }
++
++#if defined(HAVE_IPV6)
++      str = talloc_asprintf_append(str, ":88");
++#endif
++      return str;
++}
++
+ static char *get_kdc_ip_string(char *mem_ctx,
+               const char *realm,
+               const char *sitename,
+@@ -679,7 +704,7 @@ static char *get_kdc_ip_string(char *mem_ctx,
+       int count_site = 0;
+       int count_nonsite;
+       char *kdc_str = talloc_asprintf(mem_ctx, "%s\tkdc = %s\n", "",
+-                                      print_canonical_sockaddr(mem_ctx, pss));
++                                      print_canonical_sockaddr_with_port(mem_ctx, pss));
+       if (kdc_str == NULL) {
+               return NULL;
+@@ -740,7 +765,7 @@ static char *get_kdc_ip_string(char *mem_ctx,
+               /* Append to the string - inefficient but not done often. */
+               kdc_str = talloc_asprintf(mem_ctx, "%s\tkdc = %s\n",
+                                         kdc_str,
+-                                        print_canonical_sockaddr(mem_ctx, &ip_srv_nonsite[i].ss));
++                                        print_canonical_sockaddr_with_port(mem_ctx, &ip_srv_nonsite[i].ss));
+               if (kdc_str == NULL) {
+                       SAFE_FREE(ip_srv_site);
+                       SAFE_FREE(ip_srv_nonsite);
+-- 
+1.9.0
+
+
+From 208f1d7b5ae557bf34a39c847aeb1925ce4cb171 Mon Sep 17 00:00:00 2001
+From: Andrew Bartlett <abartlet@samba.org>
+Date: Tue, 26 Apr 2011 17:03:32 +1000
+Subject: [PATCH 4/5] PATCHSET11: s3-libads Pass a struct sockaddr_storage to
+ cldap routines
+
+This avoids these routines doing a DNS lookup that has already been
+done, and ensures that the emulated DNS lookup isn't thrown away.
+
+Andrew Bartlett
+---
+ source3/libads/cldap.c                | 14 ++++--------
+ source3/libads/cldap.h                |  4 ++--
+ source3/libads/ldap.c                 | 41 ++++++++++-------------------------
+ source3/libsmb/dsgetdcname.c          |  3 ++-
+ source3/utils/net_ads.c               |  7 +++---
+ source3/winbindd/idmap_adex/gc_util.c | 12 +++++++++-
+ 6 files changed, 33 insertions(+), 48 deletions(-)
+
+diff --git a/source3/libads/cldap.c b/source3/libads/cldap.c
+index 5d2e900..03fa17c 100644
+--- a/source3/libads/cldap.c
++++ b/source3/libads/cldap.c
+@@ -30,7 +30,7 @@
+ *******************************************************************/
+ bool ads_cldap_netlogon(TALLOC_CTX *mem_ctx,
+-                      const char *server,
++                      struct sockaddr_storage *ss,
+                       const char *realm,
+                       uint32_t nt_version,
+                       struct netlogon_samlogon_response **_reply)
+@@ -39,18 +39,12 @@ bool ads_cldap_netlogon(TALLOC_CTX *mem_ctx,
+       struct cldap_netlogon io;
+       struct netlogon_samlogon_response *reply;
+       NTSTATUS status;
+-      struct sockaddr_storage ss;
+       char addrstr[INET6_ADDRSTRLEN];
+       const char *dest_str;
+       int ret;
+       struct tsocket_address *dest_addr;
+-      if (!interpret_string_addr_prefer_ipv4(&ss, server, 0)) {
+-              DEBUG(2,("Failed to resolve[%s] into an address for cldap\n",
+-                      server));
+-              return false;
+-      }
+-      dest_str = print_sockaddr(addrstr, sizeof(addrstr), &ss);
++      dest_str = print_sockaddr(addrstr, sizeof(addrstr), ss);
+       ret = tsocket_address_inet_from_strings(mem_ctx, "ip",
+                                               dest_str, LDAP_PORT,
+@@ -113,7 +107,7 @@ failed:
+ *******************************************************************/
+ bool ads_cldap_netlogon_5(TALLOC_CTX *mem_ctx,
+-                        const char *server,
++                        struct sockaddr_storage *ss,
+                         const char *realm,
+                         struct NETLOGON_SAM_LOGON_RESPONSE_EX *reply5)
+ {
+@@ -121,7 +115,7 @@ bool ads_cldap_netlogon_5(TALLOC_CTX *mem_ctx,
+       struct netlogon_samlogon_response *reply = NULL;
+       bool ret;
+-      ret = ads_cldap_netlogon(mem_ctx, server, realm, nt_version, &reply);
++      ret = ads_cldap_netlogon(mem_ctx, ss, realm, nt_version, &reply);
+       if (!ret) {
+               return false;
+       }
+diff --git a/source3/libads/cldap.h b/source3/libads/cldap.h
+index d2ad4b0..60e1c56 100644
+--- a/source3/libads/cldap.h
++++ b/source3/libads/cldap.h
+@@ -27,12 +27,12 @@
+ /* The following definitions come from libads/cldap.c  */
+ bool ads_cldap_netlogon(TALLOC_CTX *mem_ctx,
+-                      const char *server,
++                      struct sockaddr_storage *ss,
+                       const char *realm,
+                       uint32_t nt_version,
+                       struct netlogon_samlogon_response **reply);
+ bool ads_cldap_netlogon_5(TALLOC_CTX *mem_ctx,
+-                        const char *server,
++                        struct sockaddr_storage *ss,
+                         const char *realm,
+                         struct NETLOGON_SAM_LOGON_RESPONSE_EX *reply5);
+diff --git a/source3/libads/ldap.c b/source3/libads/ldap.c
+index b841c84..0db0bcd 100644
+--- a/source3/libads/ldap.c
++++ b/source3/libads/ldap.c
+@@ -196,45 +196,32 @@ bool ads_closest_dc(ADS_STRUCT *ads)
+  */
+ static bool ads_try_connect(ADS_STRUCT *ads, const char *server, bool gc)
+ {
+-      char *srv;
+       struct NETLOGON_SAM_LOGON_RESPONSE_EX cldap_reply;
+       TALLOC_CTX *frame = talloc_stackframe();
+       bool ret = false;
++      struct sockaddr_storage ss;
++      char addr[INET6_ADDRSTRLEN];
+       if (!server || !*server) {
+               TALLOC_FREE(frame);
+               return False;
+       }
+-      if (!is_ipaddress(server)) {
+-              struct sockaddr_storage ss;
+-              char addr[INET6_ADDRSTRLEN];
+-
+-              if (!resolve_name(server, &ss, 0x20, true)) {
+-                      DEBUG(5,("ads_try_connect: unable to resolve name %s\n",
+-                              server ));
+-                      TALLOC_FREE(frame);
+-                      return false;
+-              }
+-              print_sockaddr(addr, sizeof(addr), &ss);
+-              srv = talloc_strdup(frame, addr);
+-      } else {
+-              /* this copes with inet_ntoa brokenness */
+-              srv = talloc_strdup(frame, server);
+-      }
+-
+-      if (!srv) {
++      if (!resolve_name(server, &ss, 0x20, true)) {
++              DEBUG(5,("ads_try_connect: unable to resolve name %s\n",
++                       server ));
+               TALLOC_FREE(frame);
+               return false;
+       }
++      print_sockaddr(addr, sizeof(addr), &ss);
+       DEBUG(5,("ads_try_connect: sending CLDAP request to %s (realm: %s)\n", 
+-              srv, ads->server.realm));
++              addr, ads->server.realm));
+       ZERO_STRUCT( cldap_reply );
+-      if ( !ads_cldap_netlogon_5(frame, srv, ads->server.realm, &cldap_reply ) ) {
+-              DEBUG(3,("ads_try_connect: CLDAP request %s failed.\n", srv));
++      if ( !ads_cldap_netlogon_5(frame, &ss, ads->server.realm, &cldap_reply ) ) {
++              DEBUG(3,("ads_try_connect: CLDAP request %s failed.\n", addr));
+               ret = false;
+               goto out;
+       }
+@@ -243,7 +230,7 @@ static bool ads_try_connect(ADS_STRUCT *ads, const char *server, bool gc)
+       if ( !(cldap_reply.server_type & NBT_SERVER_LDAP) ) {
+               DEBUG(1,("ads_try_connect: %s's CLDAP reply says it is not an LDAP server!\n",
+-                      srv));
++                      addr));
+               ret = false;
+               goto out;
+       }
+@@ -273,13 +260,7 @@ static bool ads_try_connect(ADS_STRUCT *ads, const char *server, bool gc)
+       ads->server.workgroup          = SMB_STRDUP(cldap_reply.domain_name);
+       ads->ldap.port = gc ? LDAP_GC_PORT : LDAP_PORT;
+-      if (!interpret_string_addr(&ads->ldap.ss, srv, 0)) {
+-              DEBUG(1,("ads_try_connect: unable to convert %s "
+-                      "to an address\n",
+-                      srv));
+-              ret = false;
+-              goto out;
+-      }
++      ads->ldap.ss = ss;
+       /* Store our site name. */
+       sitename_store( cldap_reply.domain_name, cldap_reply.client_site);
+diff --git a/source3/libsmb/dsgetdcname.c b/source3/libsmb/dsgetdcname.c
+index 841a179..2f8b8dc 100644
+--- a/source3/libsmb/dsgetdcname.c
++++ b/source3/libsmb/dsgetdcname.c
+@@ -863,9 +863,10 @@ static NTSTATUS process_dc_dns(TALLOC_CTX *mem_ctx,
+       for (i=0; i<num_dcs; i++) {
++
+               DEBUG(10,("LDAP ping to %s\n", dclist[i].hostname));
+-              if (ads_cldap_netlogon(mem_ctx, dclist[i].hostname,
++              if (ads_cldap_netlogon(mem_ctx, &dclist[i].ss,
+                                       domain_name,
+                                       nt_version,
+                                       &r))
+diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c
+index 8f8b7b4..816349d 100644
+--- a/source3/utils/net_ads.c
++++ b/source3/utils/net_ads.c
+@@ -62,7 +62,8 @@ static int net_ads_cldap_netlogon(struct net_context *c, ADS_STRUCT *ads)
+       struct NETLOGON_SAM_LOGON_RESPONSE_EX reply;
+       print_sockaddr(addr, sizeof(addr), &ads->ldap.ss);
+-      if ( !ads_cldap_netlogon_5(talloc_tos(), addr, ads->server.realm, &reply ) ) {
++
++      if ( !ads_cldap_netlogon_5(talloc_tos(), &ads->ldap.ss, ads->server.realm, &reply ) ) {
+               d_fprintf(stderr, _("CLDAP query failed!\n"));
+               return -1;
+       }
+@@ -385,7 +386,6 @@ int net_ads_check(struct net_context *c)
+ static int net_ads_workgroup(struct net_context *c, int argc, const char **argv)
+ {
+       ADS_STRUCT *ads;
+-      char addr[INET6_ADDRSTRLEN];
+       struct NETLOGON_SAM_LOGON_RESPONSE_EX reply;
+       if (c->display_usage) {
+@@ -407,8 +407,7 @@ static int net_ads_workgroup(struct net_context *c, int argc, const char **argv)
+               ads->ldap.port = 389;
+       }
+-      print_sockaddr(addr, sizeof(addr), &ads->ldap.ss);
+-      if ( !ads_cldap_netlogon_5(talloc_tos(), addr, ads->server.realm, &reply ) ) {
++      if ( !ads_cldap_netlogon_5(talloc_tos(), &ads->ldap.ss, ads->server.realm, &reply ) ) {
+               d_fprintf(stderr, _("CLDAP query failed!\n"));
+               ads_destroy(&ads);
+               return -1;
+diff --git a/source3/winbindd/idmap_adex/gc_util.c b/source3/winbindd/idmap_adex/gc_util.c
+index 77b318c..e625265 100644
+--- a/source3/winbindd/idmap_adex/gc_util.c
++++ b/source3/winbindd/idmap_adex/gc_util.c
+@@ -107,6 +107,7 @@ done:
+       NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL;
+       struct NETLOGON_SAM_LOGON_RESPONSE_EX cldap_reply;
+       TALLOC_CTX *frame = talloc_stackframe();
++      struct sockaddr_storage ss;
+       if (!gc || !domain) {
+               return NT_STATUS_INVALID_PARAMETER;
+@@ -126,8 +127,17 @@ done:
+       nt_status = ads_ntstatus(ads_status);
+       BAIL_ON_NTSTATUS_ERROR(nt_status);
++      if (!resolve_name(ads->config.ldap_server_name, &ss, 0x20, true)) {
++              DEBUG(5,("gc_find_forest_root: unable to resolve name %s\n",
++                       ads->config.ldap_server_name));
++              nt_status = NT_STATUS_IO_TIMEOUT;
++              /* This matches the old code which did the resolve in
++               * ads_cldap_netlogon_5 */
++              BAIL_ON_NTSTATUS_ERROR(nt_status);
++      }
++
+       if (!ads_cldap_netlogon_5(frame,
+-                                ads->config.ldap_server_name,
++                                &ss,
+                                 ads->config.realm,
+                                 &cldap_reply))
+       {
+-- 
+1.9.0
+
+
+From 4eb02e7caa83b725988dd9f659b3568873522a30 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
+Date: Wed, 16 Apr 2014 16:07:14 +0200
+Subject: [PATCH 5/5] PATCHSET11: s3-libads: allow ads_try_connect() to re-use
+ a resolved ip address.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Pass down a struct sockaddr_storage to ads_try_connect.
+
+Guenther
+
+Signed-off-by: Günther Deschner <gd@samba.org>
+Reviewed-by: Andreas Schneider <asn@samba.org>
+
+Autobuild-User(master): Günther Deschner <gd@samba.org>
+Autobuild-Date(master): Thu Apr 17 19:56:16 CEST 2014 on sn-devel-104
+---
+ source3/libads/ldap.c | 44 ++++++++++++++++++++++++++------------------
+ 1 file changed, 26 insertions(+), 18 deletions(-)
+
+diff --git a/source3/libads/ldap.c b/source3/libads/ldap.c
+index 0db0bcd..f8349cf 100644
+--- a/source3/libads/ldap.c
++++ b/source3/libads/ldap.c
+@@ -194,33 +194,27 @@ bool ads_closest_dc(ADS_STRUCT *ads)
+   try a connection to a given ldap server, returning True and setting the servers IP
+   in the ads struct if successful
+  */
+-static bool ads_try_connect(ADS_STRUCT *ads, const char *server, bool gc)
++static bool ads_try_connect(ADS_STRUCT *ads, bool gc,
++                          struct sockaddr_storage *ss)
+ {
+       struct NETLOGON_SAM_LOGON_RESPONSE_EX cldap_reply;
+       TALLOC_CTX *frame = talloc_stackframe();
+       bool ret = false;
+-      struct sockaddr_storage ss;
+       char addr[INET6_ADDRSTRLEN];
+-      if (!server || !*server) {
++      if (ss == NULL) {
+               TALLOC_FREE(frame);
+               return False;
+       }
+-      if (!resolve_name(server, &ss, 0x20, true)) {
+-              DEBUG(5,("ads_try_connect: unable to resolve name %s\n",
+-                       server ));
+-              TALLOC_FREE(frame);
+-              return false;
+-      }
+-      print_sockaddr(addr, sizeof(addr), &ss);
++      print_sockaddr(addr, sizeof(addr), ss);
+       DEBUG(5,("ads_try_connect: sending CLDAP request to %s (realm: %s)\n", 
+               addr, ads->server.realm));
+       ZERO_STRUCT( cldap_reply );
+-      if ( !ads_cldap_netlogon_5(frame, &ss, ads->server.realm, &cldap_reply ) ) {
++      if ( !ads_cldap_netlogon_5(frame, ss, ads->server.realm, &cldap_reply ) ) {
+               DEBUG(3,("ads_try_connect: CLDAP request %s failed.\n", addr));
+               ret = false;
+               goto out;
+@@ -260,7 +254,7 @@ static bool ads_try_connect(ADS_STRUCT *ads, const char *server, bool gc)
+       ads->server.workgroup          = SMB_STRDUP(cldap_reply.domain_name);
+       ads->ldap.port = gc ? LDAP_GC_PORT : LDAP_PORT;
+-      ads->ldap.ss = ss;
++      ads->ldap.ss = *ss;
+       /* Store our site name. */
+       sitename_store( cldap_reply.domain_name, cldap_reply.client_site);
+@@ -292,6 +286,7 @@ static NTSTATUS ads_find_dc(ADS_STRUCT *ads)
+       bool use_own_domain = False;
+       char *sitename;
+       NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
++      bool ok = false;
+       /* if the realm and workgroup are both empty, assume they are ours */
+@@ -345,12 +340,14 @@ static NTSTATUS ads_find_dc(ADS_STRUCT *ads)
+               DEBUG(6,("ads_find_dc: (ldap) looking for %s '%s'\n",
+                       (got_realm ? "realm" : "domain"), realm));
+-              if (get_dc_name(domain, realm, srv_name, &ip_out)) {
++              ok = get_dc_name(domain, realm, srv_name, &ip_out);
++              if (ok) {
+                       /*
+                        * we call ads_try_connect() to fill in the
+                        * ads->config details
+                        */
+-                      if (ads_try_connect(ads, srv_name, false)) {
++                      ok = ads_try_connect(ads, false, &ip_out);
++                      if (ok) {
+                               return NT_STATUS_OK;
+                       }
+               }
+@@ -406,7 +403,8 @@ static NTSTATUS ads_find_dc(ADS_STRUCT *ads)
+                       }
+               }
+-              if ( ads_try_connect(ads, server, false) ) {
++              ok = ads_try_connect(ads, false, &ip_list[i].ss);
++              if (ok) {
+                       SAFE_FREE(ip_list);
+                       SAFE_FREE(sitename);
+                       return NT_STATUS_OK;
+@@ -591,9 +589,19 @@ ADS_STATUS ads_connect(ADS_STRUCT *ads)
+               TALLOC_FREE(s);
+       }
+-      if (ads->server.ldap_server)
+-      {
+-              if (ads_try_connect(ads, ads->server.ldap_server, ads->server.gc)) {
++      if (ads->server.ldap_server) {
++              bool ok = false;
++              struct sockaddr_storage ss;
++
++              ok = resolve_name(ads->server.ldap_server, &ss, 0x20, true);
++              if (!ok) {
++                      DEBUG(5,("ads_connect: unable to resolve name %s\n",
++                               ads->server.ldap_server));
++                      status = ADS_ERROR_NT(NT_STATUS_NOT_FOUND);
++                      goto out;
++              }
++              ok = ads_try_connect(ads, ads->server.gc, &ss);
++              if (ok) {
+                       goto got_connection;
+               }
+-- 
+1.9.0
+
+diff --git a/source3/libads/kerberos.c b/source3/libads/kerberos.c
+index b826cb3..5e34aa3 100644
+--- a/source3/libads/kerberos.c
++++ b/source3/libads/kerberos.c
+@@ -827,10 +827,6 @@
+               return false;
+       }
+-      if (domain == NULL || pss == NULL || kdc_name == NULL) {
+-              return false;
+-      }
+-
+       dname = lock_path("smb_krb5");
+       if (!dname) {
+               return false;
diff --git a/src/patches/samba/samba-3.6.23-gecos.patch b/src/patches/samba/samba-3.6.23-gecos.patch
new file mode 100644 (file)
index 0000000..2ecfe86
--- /dev/null
@@ -0,0 +1,42 @@
+From 02da0b0ae947f30480b1246de22e865491e479f0 Mon Sep 17 00:00:00 2001
+From: Andreas Schneider <asn@samba.org>
+Date: Wed, 12 Feb 2014 13:26:02 +0100
+Subject: [PATCH] PATCHSET12: s3-winbind: Use strlcpy to avoid log entry.
+
+The full_name from Windows can be longer than 255 chars which results in
+a warning on log level 0 that we have a string overflow. This will avoid
+the warning. However we should fix this sooner or later on the protocol
+level to have no limit.
+
+Signed-off-by: Andreas Schneider <asn@samba.org>
+Reviewed-by: Volker Lendecke <vl@samba.org>
+
+Conflicts:
+       source3/winbindd/wb_fill_pwent.c
+---
+ source3/winbindd/wb_fill_pwent.c | 9 +++++++--
+ 1 file changed, 7 insertions(+), 2 deletions(-)
+
+diff --git a/source3/winbindd/wb_fill_pwent.c b/source3/winbindd/wb_fill_pwent.c
+index 9634317..9d42b31 100644
+--- a/source3/winbindd/wb_fill_pwent.c
++++ b/source3/winbindd/wb_fill_pwent.c
+@@ -141,8 +141,13 @@ static void wb_fill_pwent_getgrsid_done(struct tevent_req *subreq)
+                                    true);
+       }
+-      fstrcpy(state->pw->pw_name, output_username);
+-      fstrcpy(state->pw->pw_gecos, state->info->full_name);
++      strlcpy(state->pw->pw_name,
++              output_username,
++              sizeof(state->pw->pw_name));
++      /* FIXME The full_name can be longer than 255 chars */
++      strlcpy(state->pw->pw_gecos,
++              state->info->full_name ? state->info->full_name : "",
++              sizeof(state->pw->pw_gecos));
+       /* Home directory and shell */
+       ok = fillup_pw_field(lp_template_homedir(),
+-- 
+1.9.3
+
diff --git a/src/patches/samba/samba-3.6.23-glusterfs.patch b/src/patches/samba/samba-3.6.23-glusterfs.patch
new file mode 100644 (file)
index 0000000..2b82064
--- /dev/null
@@ -0,0 +1,2318 @@
+From f2f684d4eadadeebf725b513bf4945ccf0aa7371 Mon Sep 17 00:00:00 2001
+From: Anand Avati <avati@redhat.com>
+Date: Wed, 29 May 2013 07:21:46 -0400
+Subject: [PATCH 1/9] PATCHSET13: vfs_glusterfs: Samba VFS module for glusterfs
+
+Implement a Samba VFS plugin for glusterfs based on gluster's gfapi.
+This is a "bottom" vfs plugin (not something to be stacked on top of
+another module), and translates (most) calls into closest actions
+on gfapi.
+
+Reviewed-by: Andrew Bartlett <abartlet@samba.org>
+Reviewed-by: Simo Sorce <idra@samba.org>
+Signed-off-by: Anand Avati <avati@redhat.com>
+---
+ source3/Makefile.in             |    5 +
+ source3/configure.in            |   23 +
+ source3/modules/vfs_glusterfs.c | 1461 +++++++++++++++++++++++++++++++++++++++
+ source3/modules/wscript_build   |    9 +
+ source3/wscript                 |   22 +
+ 5 files changed, 1520 insertions(+)
+ create mode 100644 source3/modules/vfs_glusterfs.c
+
+diff --git a/source3/Makefile.in b/source3/Makefile.in
+index 9e8e03d..27bc43e 100644
+--- a/source3/Makefile.in
++++ b/source3/Makefile.in
+@@ -848,6 +848,7 @@ VFS_SCANNEDONLY_OBJ = modules/vfs_scannedonly.o
+ VFS_CROSSRENAME_OBJ = modules/vfs_crossrename.o
+ VFS_LINUX_XFS_SGID_OBJ = modules/vfs_linux_xfs_sgid.o
+ VFS_TIME_AUDIT_OBJ = modules/vfs_time_audit.o
++VFS_GLUSTERFS_OBJ = modules/vfs_glusterfs.o
+ PAM_ERRORS_OBJ = ../libcli/auth/pam_errors.o
+ PLAINTEXT_AUTH_OBJ = auth/pampass.o auth/pass_check.o $(PAM_ERRORS_OBJ)
+@@ -3191,6 +3192,10 @@ bin/time_audit.@SHLIBEXT@: $(BINARY_PREREQS) $(VFS_TIME_AUDIT_OBJ)
+       @echo "Building plugin $@"
+       @$(SHLD_MODULE) $(VFS_TIME_AUDIT_OBJ)
++bin/glusterfs.@SHLIBEXT@: $(BINARY_PREREQS) $(VFS_GLUSTERFS_OBJ)
++      @echo "Building plugin $@"
++      $(SHLD_MODULE) $(VFS_GLUSTERFS_OBJ) @GLUSTERFS_LIBS@
++
+ #########################################################
+ ## IdMap NSS plugins
+diff --git a/source3/configure.in b/source3/configure.in
+index 42c23e3..3cc78e9 100644
+--- a/source3/configure.in
++++ b/source3/configure.in
+@@ -6688,6 +6688,29 @@
+ fi
++#############
++AC_ARG_ENABLE([glusterfs],
++       AC_HELP_STRING([--disable-glusterfs],[Do not build vfs_glusterfs module]))
++
++GLUTERFS_LIBS=""
++
++if test "x$enable_glusterfs" != "xno"; then
++   PKG_CHECK_MODULES([GLFS], [glusterfs-api >= 4], glfs_found=yes, glfs_found=no)
++fi
++
++if test "x$enable_glusterfs" = "xyes" -a "x$glfs_found" != "xyes"; then
++   echo "GFAPI not found in build system"
++   exit 1
++fi
++
++if test "x$glfs_found" = "xyes"; then
++    CFLAGS="$CFLAGS $GLFS_CFLAGS"
++    GLUSTERFS_LIBS="$GLFS_LIBS"
++    default_shared_modules="$default_shared_modules vfs_glusterfs"
++fi
++AC_SUBST(GLUSTERFS_LIBS)
++
++
+ #################################################
+ # Set pthread stuff
+@@ -7007,6 +7030,7 @@
+ SMB_MODULE(vfs_crossrename, \$(VFS_CROSSRENAME_OBJ), "bin/crossrename.$SHLIBEXT", VFS)
+ SMB_MODULE(vfs_linux_xfs_sgid, \$(VFS_LINUX_XFS_SGID_OBJ), "bin/linux_xfs_sgid.$SHLIBEXT", VFS)
+ SMB_MODULE(vfs_time_audit, \$(VFS_TIME_AUDIT_OBJ), "bin/time_audit.$SHLIBEXT", VFS)
++SMB_MODULE(vfs_glusterfs, \$(VFS_GLUSTERFS_OBJ), "bin/glusterfs.$SHLIBEXT", VFS)
+ SMB_SUBSYSTEM(VFS,smbd/vfs.o)
+diff --git a/source3/modules/vfs_glusterfs.c b/source3/modules/vfs_glusterfs.c
+new file mode 100644
+index 0000000..4beac1d
+--- /dev/null
++++ b/source3/modules/vfs_glusterfs.c
+@@ -0,0 +1,1461 @@
++/*
++   Unix SMB/CIFS implementation.
++
++   Wrap GlusterFS GFAPI calls in vfs functions.
++
++   Copyright (c) 2013 Anand Avati <avati@redhat.com>
++
++   This program is free software; you can redistribute it and/or modify
++   it under the terms of the GNU General Public License as published by
++   the Free Software Foundation; either version 3 of the License, or
++   (at your option) any later version.
++
++   This program is distributed in the hope that it will be useful,
++   but WITHOUT ANY WARRANTY; without even the implied warranty of
++   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++   GNU General Public License for more details.
++
++   You should have received a copy of the GNU General Public License
++   along with this program.  If not, see <http://www.gnu.org/licenses/>.
++*/
++
++#include "includes.h"
++#include "smbd/smbd.h"
++#include <stdio.h>
++#include "api/glfs.h"
++
++#define DEFAULT_VOLFILE_SERVER "localhost"
++
++/*
++  TODO
++  ----
++  Short term:
++  - AIO support
++  - sendfile/recvfile support
++*/
++
++/* Helpers to provide 'integer' fds */
++
++/* This is global. gfapi's FD operations do not
++   require filesystem context.
++*/
++static glfs_fd_t **glfd_fd;
++static int glfd_fd_size;
++static int glfd_fd_used;
++static int glfd_fd_store(glfs_fd_t *glfd)
++{
++      int i;
++      void *tmp;
++
++      if (glfd_fd_size == glfd_fd_used) {
++              if (glfd_fd_size >= INT_MAX - 1) {
++                      errno = ENOMEM;
++                      return -1;
++              }
++
++              tmp = talloc_realloc(glfd_fd, glfd_fd, glfs_fd_t *,
++                                   glfd_fd_size + 1);
++              if (tmp == NULL) {
++                      errno = ENOMEM;
++                      return -1;
++              }
++
++              glfd_fd = tmp;
++              glfd_fd[glfd_fd_size] = 0;
++              glfd_fd_size++;
++      }
++
++      for (i = 0; i < glfd_fd_size; i++) {
++              if (!glfd_fd[i]) {
++                      break;
++              }
++      }
++      glfd_fd_used++;
++      glfd_fd[i] = glfd;
++      return i;
++}
++
++static glfs_fd_t *glfd_fd_get(int i)
++{
++      if (i < 0 || i >= glfd_fd_size) {
++              return NULL;
++      }
++      return glfd_fd[i];
++}
++
++static glfs_fd_t *glfd_fd_clear(int i)
++{
++      glfs_fd_t *glfd = NULL;
++
++      if (i < 0 || i >= glfd_fd_size) {
++              return NULL;
++      }
++
++      glfd = glfd_fd[i];
++      glfd_fd[i] = 0;
++      glfd_fd_used--;
++      return glfd;
++}
++
++/* Helper to convert stat to stat_ex */
++
++static void smb_stat_ex_from_stat(struct stat_ex *dst, const struct stat *src)
++{
++      ZERO_STRUCTP(dst);
++
++      dst->st_ex_dev = src->st_dev;
++      dst->st_ex_ino = src->st_ino;
++      dst->st_ex_mode = src->st_mode;
++      dst->st_ex_nlink = src->st_nlink;
++      dst->st_ex_uid = src->st_uid;
++      dst->st_ex_gid = src->st_gid;
++      dst->st_ex_rdev = src->st_rdev;
++      dst->st_ex_size = src->st_size;
++      dst->st_ex_atime.tv_sec = src->st_atime;
++#ifdef STAT_HAVE_NSEC
++      dst->st_ex_atime.tv_nsec = src->st_atime_nsec;
++#endif
++      dst->st_ex_mtime.tv_sec = src->st_mtime;
++#ifdef STAT_HAVE_NSEC
++      dst->st_ex_mtime.tv_nsec = src->st_mtime_nsec;
++#endif
++      dst->st_ex_ctime.tv_sec = src->st_ctime;
++#ifdef STAT_HAVE_NSEC
++      dst->st_ex_ctime.tv_nsec = src->st_ctime_nsec;
++#endif
++      dst->st_ex_btime.tv_sec = src->st_mtime;
++#ifdef STAT_HAVE_NSEC
++      dst->st_ex_btime.tv_nsec = src->st_mtime_nsec;
++#endif
++      dst->st_ex_blksize = src->st_blksize;
++      dst->st_ex_blocks = src->st_blocks;
++}
++
++/* pre-opened glfs_t */
++
++static struct glfs_preopened {
++      char *volume;
++      glfs_t *fs;
++      int ref;
++      struct glfs_preopened *next, *prev;
++} *glfs_preopened;
++
++
++int glfs_set_preopened(const char *volume, glfs_t *fs)
++{
++      struct glfs_preopened *entry = NULL;
++
++      entry = talloc_zero(NULL, struct glfs_preopened);
++      if (!entry) {
++              errno = ENOMEM;
++              return -1;
++      }
++
++      entry->volume = talloc_strdup(entry, volume);
++      if (!entry->volume) {
++              talloc_free(entry);
++              errno = ENOMEM;
++              return -1;
++      }
++
++      entry->fs = fs;
++      entry->ref = 1;
++
++      DLIST_ADD(glfs_preopened, entry);
++
++      return 0;
++}
++
++static glfs_t *glfs_find_preopened(const char *volume)
++{
++      struct glfs_preopened *entry = NULL;
++
++      for (entry = glfs_preopened; entry; entry = entry->next) {
++              if (strcmp(entry->volume, volume) == 0) {
++                      entry->ref++;
++                      return entry->fs;
++              }
++      }
++
++      return NULL;
++}
++
++static void glfs_clear_preopened(glfs_t *fs)
++{
++      int i;
++      struct glfs_preopened *entry = NULL;
++
++      for (entry = glfs_preopened; entry; entry = entry->next) {
++              if (entry->fs == fs) {
++                      if (--entry->ref)
++                              return;
++
++                      DLIST_REMOVE(glfs_preopened, entry);
++
++                      glfs_fini(entry->fs);
++                      talloc_free(entry);
++              }
++      }
++}
++
++/* Disk Operations */
++
++static int vfs_gluster_connect(struct vfs_handle_struct *handle,
++                             const char *service, const char *user)
++{
++      const char *volfile_server;
++      const char *volume;
++      const char *logfile;
++      int loglevel;
++      glfs_t *fs;
++      int ret;
++
++      logfile = lp_parm_const_string(SNUM(handle->conn), "glusterfs",
++                                     "logfile", NULL);
++
++      loglevel = lp_parm_int(SNUM(handle->conn), "glusterfs", "loglevel", -1);
++
++      volfile_server = lp_parm_const_string(SNUM(handle->conn), "glusterfs",
++                                            "volfile_server", NULL);
++      if (volfile_server == NULL) {
++              volfile_server = DEFAULT_VOLFILE_SERVER;
++      }
++
++      volume = lp_parm_const_string(SNUM(handle->conn), "glusterfs", "volume",
++                                    NULL);
++      if (volume == NULL) {
++              volume = service;
++      }
++
++      fs = glfs_find_preopened(volume);
++      if (fs) {
++              goto found;
++      }
++
++      fs = glfs_new(volume);
++      if (fs == NULL) {
++              return -1;
++      }
++
++      ret = glfs_set_volfile_server(fs, "tcp", volfile_server, 0);
++      if (ret < 0) {
++              DEBUG(0, ("Failed to set volfile_server %s\n", volfile_server));
++              glfs_fini(fs);
++              return -1;
++      }
++
++      ret = glfs_set_xlator_option(fs, "*-md-cache", "cache-posix-acl",
++                                   "true");
++      if (ret < 0) {
++              DEBUG(0, ("%s: Failed to set xlator options\n", volume));
++              glfs_fini(fs);
++              return -1;
++      }
++
++      ret = glfs_set_logging(fs, logfile, loglevel);
++      if (ret < 0) {
++              DEBUG(0, ("%s: Failed to set logfile %s loglevel %d\n",
++                        volume, logfile, loglevel));
++              glfs_fini(fs);
++              return -1;
++      }
++
++      ret = glfs_init(fs);
++      if (ret < 0) {
++              DEBUG(0, ("%s: Failed to initialize volume (%s)\n",
++                        volume, strerror(errno)));
++              glfs_fini(fs);
++              return -1;
++      }
++
++      ret = glfs_set_preopened(volume, fs);
++      if (ret < 0) {
++              DEBUG(0, ("%s: Failed to register volume (%s)\n",
++                        volume, strerror(errno)));
++              glfs_fini(fs);
++              return -1;
++      }
++found:
++      DEBUG(0, ("%s: Initialized volume from server %s\n",
++                volume, volfile_server));
++      handle->data = fs;
++      return 0;
++}
++
++static void vfs_gluster_disconnect(struct vfs_handle_struct *handle)
++{
++      glfs_t *fs = NULL;
++
++      fs = handle->data;
++
++      glfs_clear_preopened(fs);
++}
++
++static uint64_t
++vfs_gluster_disk_free(struct vfs_handle_struct *handle, const char *path,
++                    bool small_query, uint64_t *bsize_p, uint64_t *dfree_p,
++                    uint64_t *dsize_p)
++{
++      struct statvfs statvfs = { 0, };
++      uint64_t dfree = 0;
++      int ret;
++
++      ret = glfs_statvfs(handle->data, path, &statvfs);
++      if (ret < 0) {
++              DEBUG(0, ("glfs_statvfs(%s) failed: %s\n",
++                        path, strerror(errno)));
++              return -1;
++      }
++
++      dfree = statvfs.f_bsize * statvfs.f_bavail;
++
++      if (bsize_p) {
++              *bsize_p = statvfs.f_bsize;
++      }
++      if (dfree_p) {
++              *dfree_p = dfree;
++      }
++      if (dsize_p) {
++              *dsize_p = statvfs.f_bsize * statvfs.f_blocks;
++      }
++
++      return dfree;
++}
++
++static int
++vfs_gluster_get_quota(struct vfs_handle_struct *handle,
++                    enum SMB_QUOTA_TYPE qtype, unid_t id, SMB_DISK_QUOTA *qt)
++{
++      errno = ENOSYS;
++      return -1;
++}
++
++static int
++vfs_gluster_set_quota(struct vfs_handle_struct *handle,
++                    enum SMB_QUOTA_TYPE qtype, unid_t id, SMB_DISK_QUOTA *qt)
++{
++      errno = ENOSYS;
++      return -1;
++}
++
++static int vfs_gluster_statvfs(struct vfs_handle_struct *handle,
++                             const char *path,
++                             struct vfs_statvfs_struct *vfs_statvfs)
++{
++      struct statvfs statvfs = { 0, };
++      int ret;
++
++      ret = glfs_statvfs(handle->data, path, &statvfs);
++      if (ret < 0) {
++              DEBUG(0, ("glfs_statvfs(%s) failed: %s\n",
++                        path, strerror(errno)));
++              return -1;
++      }
++
++      ZERO_STRUCTP(vfs_statvfs);
++
++      vfs_statvfs->OptimalTransferSize = statvfs.f_frsize;
++      vfs_statvfs->BlockSize = statvfs.f_bsize;
++      vfs_statvfs->TotalBlocks = statvfs.f_blocks;
++      vfs_statvfs->BlocksAvail = statvfs.f_bfree;
++      vfs_statvfs->UserBlocksAvail = statvfs.f_bavail;
++      vfs_statvfs->TotalFileNodes = statvfs.f_files;
++      vfs_statvfs->FreeFileNodes = statvfs.f_ffree;
++      vfs_statvfs->FsIdentifier = statvfs.f_fsid;
++      vfs_statvfs->FsCapabilities =
++          FILE_CASE_SENSITIVE_SEARCH | FILE_CASE_PRESERVED_NAMES;
++
++      return ret;
++}
++
++static uint32_t vfs_gluster_fs_capabilities(struct vfs_handle_struct *handle,
++                                          enum timestamp_set_resolution *p_ts_res)
++{
++      uint32_t caps = FILE_CASE_SENSITIVE_SEARCH | FILE_CASE_PRESERVED_NAMES;
++
++#ifdef STAT_HAVE_NSEC
++      *p_ts_res = TIMESTAMP_SET_NT_OR_BETTER;
++#endif
++
++      return caps;
++}
++
++static DIR *vfs_gluster_opendir(struct vfs_handle_struct *handle,
++                              const char *path, const char *mask,
++                              uint32 attributes)
++{
++      glfs_fd_t *fd;
++
++      fd = glfs_opendir(handle->data, path);
++      if (fd == NULL) {
++              DEBUG(0, ("glfs_opendir(%s) failed: %s\n",
++                        path, strerror(errno)));
++      }
++
++      return (DIR *) fd;
++}
++
++static DIR *vfs_gluster_fdopendir(struct vfs_handle_struct *handle,
++                                files_struct *fsp, const char *mask,
++                                uint32 attributes)
++{
++      return (DIR *) glfd_fd_get(fsp->fh->fd);
++}
++
++static int vfs_gluster_closedir(struct vfs_handle_struct *handle, DIR *dirp)
++{
++      return glfs_closedir((void *)dirp);
++}
++
++static SMB_STRUCT_DIRENT *vfs_gluster_readdir(struct vfs_handle_struct *handle,
++                                            SMB_STRUCT_DIR *dirp,
++                                            SMB_STRUCT_STAT *sbuf)
++{
++      char direntbuf[512];
++      int ret;
++      struct stat stat;
++      struct dirent *dirent = 0;
++      static SMB_STRUCT_DIRENT result;
++
++      if (sbuf != NULL) {
++              ret = glfs_readdirplus_r((void *)dirp, &stat, (void *)direntbuf,
++                                       &dirent);
++      } else {
++              ret = glfs_readdir_r((void *)dirp, (void *)direntbuf, &dirent);
++      }
++
++      if (ret < 0 || (dirent == NULL)) {
++              return NULL;
++      }
++
++      if (sbuf != NULL) {
++              smb_stat_ex_from_stat(sbuf, &stat);
++      }
++
++      result.d_ino = dirent->d_ino;
++      result.d_off = dirent->d_off;
++      result.d_reclen = dirent->d_reclen;
++      result.d_type = dirent->d_type;
++      strncpy(result.d_name, dirent->d_name, 256);
++
++      return &result;
++}
++
++static long vfs_gluster_telldir(struct vfs_handle_struct *handle, DIR *dirp)
++{
++      return glfs_telldir((void *)dirp);
++}
++
++static void vfs_gluster_seekdir(struct vfs_handle_struct *handle, DIR *dirp,
++                              long offset)
++{
++      glfs_seekdir((void *)dirp, offset);
++}
++
++static void vfs_gluster_rewinddir(struct vfs_handle_struct *handle,
++                                DIR *dirp)
++{
++      glfs_seekdir((void *)dirp, 0);
++}
++
++static void vfs_gluster_init_search_op(struct vfs_handle_struct *handle,
++                                     DIR *dirp)
++{
++      return;
++}
++
++static int vfs_gluster_mkdir(struct vfs_handle_struct *handle, const char *path,
++                           mode_t mode)
++{
++      return glfs_mkdir(handle->data, path, mode);
++}
++
++static int vfs_gluster_rmdir(struct vfs_handle_struct *handle, const char *path)
++{
++      return glfs_rmdir(handle->data, path);
++}
++
++static int vfs_gluster_open(struct vfs_handle_struct *handle,
++                          struct smb_filename *smb_fname, files_struct *fsp,
++                          int flags, mode_t mode)
++{
++      glfs_fd_t *glfd;
++
++      if (flags & O_DIRECTORY) {
++              glfd = glfs_opendir(handle->data, smb_fname->base_name);
++      } else if (flags & O_CREAT) {
++              glfd = glfs_creat(handle->data, smb_fname->base_name, flags,
++                                mode);
++      } else {
++              glfd = glfs_open(handle->data, smb_fname->base_name, flags);
++      }
++
++      if (glfd == NULL) {
++              DEBUG(0, ("glfs_{open[dir],creat}(%s) failed: %s\n",
++                        smb_fname->base_name, strerror(errno)));
++              return -1;
++      }
++
++      return glfd_fd_store(glfd);
++}
++
++static int vfs_gluster_close(struct vfs_handle_struct *handle,
++                           files_struct *fsp)
++{
++      return glfs_close(glfd_fd_clear(fsp->fh->fd));
++}
++
++static ssize_t vfs_gluster_read(struct vfs_handle_struct *handle,
++                              files_struct *fsp, void *data, size_t n)
++{
++      return glfs_read(glfd_fd_get(fsp->fh->fd), data, n, 0);
++}
++
++static ssize_t vfs_gluster_pread(struct vfs_handle_struct *handle,
++                               files_struct *fsp, void *data, size_t n,
++                               off_t offset)
++{
++      return glfs_pread(glfd_fd_get(fsp->fh->fd), data, n, offset, 0);
++}
++
++static ssize_t vfs_gluster_write(struct vfs_handle_struct *handle,
++                               files_struct *fsp, const void *data, size_t n)
++{
++      return glfs_write(glfd_fd_get(fsp->fh->fd), data, n, 0);
++}
++
++static ssize_t vfs_gluster_pwrite(struct vfs_handle_struct *handle,
++                                files_struct *fsp, const void *data, size_t n,
++                                off_t offset)
++{
++      return glfs_pwrite(glfd_fd_get(fsp->fh->fd), data, n, offset, 0);
++}
++
++static off_t vfs_gluster_lseek(struct vfs_handle_struct *handle,
++                             files_struct *fsp, off_t offset, int whence)
++{
++      return glfs_lseek(glfd_fd_get(fsp->fh->fd), offset, whence);
++}
++
++static ssize_t vfs_gluster_sendfile(struct vfs_handle_struct *handle, int tofd,
++                                  files_struct *fromfsp, const DATA_BLOB *hdr,
++                                  off_t offset, size_t n)
++{
++      errno = ENOTSUP;
++      return -1;
++}
++
++static ssize_t vfs_gluster_recvfile(struct vfs_handle_struct *handle,
++                                  int fromfd, files_struct *tofsp,
++                                  off_t offset, size_t n)
++{
++      errno = ENOTSUP;
++      return -1;
++}
++
++static int vfs_gluster_rename(struct vfs_handle_struct *handle,
++                            const struct smb_filename *smb_fname_src,
++                            const struct smb_filename *smb_fname_dst)
++{
++      return glfs_rename(handle->data, smb_fname_src->base_name,
++                         smb_fname_dst->base_name);
++}
++
++static int vfs_gluster_fsync(struct vfs_handle_struct *handle,
++                           files_struct *fsp)
++{
++      return glfs_fsync(glfd_fd_get(fsp->fh->fd));
++}
++
++static int vfs_gluster_stat(struct vfs_handle_struct *handle,
++                          struct smb_filename *smb_fname)
++{
++      struct stat st;
++      int ret;
++
++      ret = glfs_stat(handle->data, smb_fname->base_name, &st);
++      if (ret == 0) {
++              smb_stat_ex_from_stat(&smb_fname->st, &st);
++      }
++      if (ret < 0 && errno != ENOENT) {
++              DEBUG(0, ("glfs_stat(%s) failed: %s\n",
++                        smb_fname->base_name, strerror(errno)));
++      }
++      return ret;
++}
++
++static int vfs_gluster_fstat(struct vfs_handle_struct *handle,
++                           files_struct *fsp, SMB_STRUCT_STAT *sbuf)
++{
++      struct stat st;
++      int ret;
++
++      ret = glfs_fstat(glfd_fd_get(fsp->fh->fd), &st);
++      if (ret == 0) {
++              smb_stat_ex_from_stat(sbuf, &st);
++      }
++      if (ret < 0) {
++              DEBUG(0, ("glfs_ftat(%d) failed: %s\n",
++                        fsp->fh->fd, strerror(errno)));
++      }
++      return ret;
++}
++
++static int vfs_gluster_lstat(struct vfs_handle_struct *handle,
++                           struct smb_filename *smb_fname)
++{
++      struct stat st;
++      int ret;
++
++      ret = glfs_lstat(handle->data, smb_fname->base_name, &st);
++      if (ret == 0) {
++              smb_stat_ex_from_stat(&smb_fname->st, &st);
++      }
++      if (ret < 0 && errno != ENOENT) {
++              DEBUG(0, ("glfs_lstat(%s) failed: %s\n",
++                        smb_fname->base_name, strerror(errno)));
++      }
++
++      return ret;
++}
++
++static uint64_t vfs_gluster_get_alloc_size(struct vfs_handle_struct *handle,
++                                         files_struct *fsp,
++                                         const SMB_STRUCT_STAT *sbuf)
++{
++      return sbuf->st_ex_blocks * 512;
++}
++
++static int vfs_gluster_unlink(struct vfs_handle_struct *handle,
++                            const struct smb_filename *smb_fname)
++{
++      return glfs_unlink(handle->data, smb_fname->base_name);
++}
++
++static int vfs_gluster_chmod(struct vfs_handle_struct *handle,
++                           const char *path, mode_t mode)
++{
++      return glfs_chmod(handle->data, path, mode);
++}
++
++static int vfs_gluster_fchmod(struct vfs_handle_struct *handle,
++                            files_struct *fsp, mode_t mode)
++{
++      return glfs_fchmod(glfd_fd_get(fsp->fh->fd), mode);
++}
++
++static int vfs_gluster_chown(struct vfs_handle_struct *handle,
++                           const char *path, uid_t uid, gid_t gid)
++{
++      return glfs_chown(handle->data, path, uid, gid);
++}
++
++static int vfs_gluster_fchown(struct vfs_handle_struct *handle,
++                            files_struct *fsp, uid_t uid, gid_t gid)
++{
++      return glfs_fchown(glfd_fd_get(fsp->fh->fd), uid, gid);
++}
++
++static int vfs_gluster_lchown(struct vfs_handle_struct *handle,
++                            const char *path, uid_t uid, gid_t gid)
++{
++      return glfs_lchown(handle->data, path, uid, gid);
++}
++
++static int vfs_gluster_chdir(struct vfs_handle_struct *handle, const char *path)
++{
++      return glfs_chdir(handle->data, path);
++}
++
++static char *vfs_gluster_getwd(struct vfs_handle_struct *handle, char *path)
++{
++      return glfs_getcwd(handle->data, path, PATH_MAX);
++}
++
++static int vfs_gluster_ntimes(struct vfs_handle_struct *handle,
++                            const struct smb_filename *smb_fname,
++                            struct smb_file_time *ft)
++{
++      struct timespec times[2];
++
++      times[0].tv_sec = ft->atime.tv_sec;
++      times[0].tv_nsec = ft->atime.tv_nsec;
++      times[1].tv_sec = ft->mtime.tv_sec;
++      times[1].tv_nsec = ft->mtime.tv_nsec;
++
++      return glfs_utimens(handle->data, smb_fname->base_name, times);
++}
++
++static int vfs_gluster_ftruncate(struct vfs_handle_struct *handle,
++                               files_struct *fsp, off_t offset)
++{
++      return glfs_ftruncate(glfd_fd_get(fsp->fh->fd), offset);
++}
++
++static int vfs_gluster_fallocate(struct vfs_handle_struct *handle,
++                               struct files_struct *fsp,
++                               enum vfs_fallocate_mode mode,
++                               off_t offset, off_t len)
++{
++      errno = ENOTSUP;
++      return -1;
++}
++
++static char *vfs_gluster_realpath(struct vfs_handle_struct *handle,
++                                const char *path)
++{
++      return glfs_realpath(handle->data, path, 0);
++}
++
++static bool vfs_gluster_lock(struct vfs_handle_struct *handle,
++                           files_struct *fsp, int op, off_t offset,
++                           off_t count, int type)
++{
++      struct flock flock = { 0, };
++      int ret;
++
++      flock.l_type = type;
++      flock.l_whence = SEEK_SET;
++      flock.l_start = offset;
++      flock.l_len = count;
++      flock.l_pid = 0;
++
++      ret = glfs_posix_lock(glfd_fd_get(fsp->fh->fd), op, &flock);
++
++      if (op == F_GETLK) {
++              /* lock query, true if someone else has locked */
++              if ((ret != -1) &&
++                  (flock.l_type != F_UNLCK) &&
++                  (flock.l_pid != 0) && (flock.l_pid != getpid()))
++                      return true;
++              /* not me */
++              return false;
++      }
++
++      if (ret == -1) {
++              return false;
++      }
++
++      return true;
++}
++
++static int vfs_gluster_kernel_flock(struct vfs_handle_struct *handle,
++                                  files_struct *fsp, uint32 share_mode,
++                                  uint32_t access_mask)
++{
++      return 0;
++}
++
++static int vfs_gluster_linux_setlease(struct vfs_handle_struct *handle,
++                                    files_struct *fsp, int leasetype)
++{
++      errno = ENOSYS;
++      return -1;
++}
++
++static bool vfs_gluster_getlock(struct vfs_handle_struct *handle,
++                              files_struct *fsp, off_t *poffset,
++                              off_t *pcount, int *ptype, pid_t *ppid)
++{
++      struct flock flock = { 0, };
++      int ret;
++
++      flock.l_type = *ptype;
++      flock.l_whence = SEEK_SET;
++      flock.l_start = *poffset;
++      flock.l_len = *pcount;
++      flock.l_pid = 0;
++
++      ret = glfs_posix_lock(glfd_fd_get(fsp->fh->fd), F_GETLK, &flock);
++
++      if (ret == -1) {
++              return false;
++      }
++
++      *ptype = flock.l_type;
++      *poffset = flock.l_start;
++      *pcount = flock.l_len;
++      *ppid = flock.l_pid;
++
++      return true;
++}
++
++static int vfs_gluster_symlink(struct vfs_handle_struct *handle,
++                             const char *oldpath, const char *newpath)
++{
++      return glfs_symlink(handle->data, oldpath, newpath);
++}
++
++static int vfs_gluster_readlink(struct vfs_handle_struct *handle,
++                              const char *path, char *buf, size_t bufsiz)
++{
++      return glfs_readlink(handle->data, path, buf, bufsiz);
++}
++
++static int vfs_gluster_link(struct vfs_handle_struct *handle,
++                          const char *oldpath, const char *newpath)
++{
++      return glfs_link(handle->data, oldpath, newpath);
++}
++
++static int vfs_gluster_mknod(struct vfs_handle_struct *handle, const char *path,
++                           mode_t mode, SMB_DEV_T dev)
++{
++      return glfs_mknod(handle->data, path, mode, dev);
++}
++
++static NTSTATUS vfs_gluster_notify_watch(struct vfs_handle_struct *vfs_handle,
++                                       struct sys_notify_context *ctx,
++                                       struct notify_entry *e,
++                                       void (*callback) (struct sys_notify_context *ctx,
++                                                         void *private_data,
++                                                         struct notify_event *ev),
++                                       void *private_data, void *handle)
++{
++      return NT_STATUS_NOT_IMPLEMENTED;
++}
++
++static int vfs_gluster_chflags(struct vfs_handle_struct *handle,
++                             const char *path, unsigned int flags)
++{
++      errno = ENOSYS;
++      return -1;
++}
++
++static int vfs_gluster_get_real_filename(struct vfs_handle_struct *handle,
++                                       const char *path, const char *name,
++                                       TALLOC_CTX *mem_ctx, char **found_name)
++{
++      int ret;
++      char key_buf[NAME_MAX + 64];
++      char val_buf[NAME_MAX + 1];
++
++      if (strlen(name) >= NAME_MAX) {
++              errno = ENAMETOOLONG;
++              return -1;
++      }
++
++      snprintf(key_buf, NAME_MAX + 64,
++               "user.glusterfs.get_real_filename:%s", name);
++
++      ret = glfs_getxattr(handle->data, path, key_buf, val_buf, NAME_MAX + 1);
++      if (ret == -1 && errno == ENODATA) {
++              errno = EOPNOTSUPP;
++              return -1;
++      }
++
++      *found_name = talloc_strdup(mem_ctx, val_buf);
++      if (found_name[0] == NULL) {
++              errno = ENOMEM;
++              return -1;
++      }
++      return 0;
++}
++
++static const char *vfs_gluster_connectpath(struct vfs_handle_struct *handle,
++                                         const char *filename)
++{
++      return handle->conn->connectpath;
++}
++
++/* EA Operations */
++
++static ssize_t vfs_gluster_getxattr(struct vfs_handle_struct *handle,
++                                  const char *path, const char *name,
++                                  void *value, size_t size)
++{
++      return glfs_getxattr(handle->data, path, name, value, size);
++}
++
++static ssize_t vfs_gluster_lgetxattr(struct vfs_handle_struct *handle,
++                                   const char *path, const char *name,
++                                   void *value, size_t size)
++{
++      return glfs_lgetxattr(handle->data, path, name, value, size);
++}
++
++static ssize_t vfs_gluster_fgetxattr(struct vfs_handle_struct *handle,
++                                   files_struct *fsp, const char *name,
++                                   void *value, size_t size)
++{
++      return glfs_fgetxattr(glfd_fd_get(fsp->fh->fd), name, value, size);
++}
++
++static ssize_t vfs_gluster_listxattr(struct vfs_handle_struct *handle,
++                                   const char *path, char *list, size_t size)
++{
++      return glfs_listxattr(handle->data, path, list, size);
++}
++
++static ssize_t vfs_gluster_llistxattr(struct vfs_handle_struct *handle,
++                                    const char *path, char *list, size_t size)
++{
++      return glfs_llistxattr(handle->data, path, list, size);
++}
++
++static ssize_t vfs_gluster_flistxattr(struct vfs_handle_struct *handle,
++                                    files_struct *fsp, char *list,
++                                    size_t size)
++{
++      return glfs_flistxattr(glfd_fd_get(fsp->fh->fd), list, size);
++}
++
++static int vfs_gluster_removexattr(struct vfs_handle_struct *handle,
++                                 const char *path, const char *name)
++{
++      return glfs_removexattr(handle->data, path, name);
++}
++
++static int vfs_gluster_lremovexattr(struct vfs_handle_struct *handle,
++                                  const char *path, const char *name)
++{
++      return glfs_lremovexattr(handle->data, path, name);
++}
++
++static int vfs_gluster_fremovexattr(struct vfs_handle_struct *handle,
++                                  files_struct *fsp, const char *name)
++{
++      return glfs_fremovexattr(glfd_fd_get(fsp->fh->fd), name);
++}
++
++static int vfs_gluster_setxattr(struct vfs_handle_struct *handle,
++                              const char *path, const char *name,
++                              const void *value, size_t size, int flags)
++{
++      return glfs_setxattr(handle->data, path, name, value, size, flags);
++}
++
++static int vfs_gluster_lsetxattr(struct vfs_handle_struct *handle,
++                               const char *path, const char *name,
++                               const void *value, size_t size, int flags)
++{
++      return glfs_lsetxattr(handle->data, path, name, value, size, flags);
++}
++
++static int vfs_gluster_fsetxattr(struct vfs_handle_struct *handle,
++                               files_struct *fsp, const char *name,
++                               const void *value, size_t size, int flags)
++{
++      return glfs_fsetxattr(glfd_fd_get(fsp->fh->fd), name, value, size,
++                            flags);
++}
++
++/* AIO Operations */
++
++static bool vfs_gluster_aio_force(struct vfs_handle_struct *handle,
++                                files_struct *fsp)
++{
++      return false;
++}
++
++/* Offline Operations */
++
++static bool vfs_gluster_is_offline(struct vfs_handle_struct *handle,
++                                 const struct smb_filename *fname,
++                                 SMB_STRUCT_STAT *sbuf)
++{
++      return false;
++}
++
++static int vfs_gluster_set_offline(struct vfs_handle_struct *handle,
++                                 const struct smb_filename *fname)
++{
++      errno = ENOTSUP;
++      return -1;
++}
++
++/* Posix ACL Operations */
++
++#define GLUSTER_ACL_VERSION 2
++#define GLUSTER_ACL_READ    0x04
++#define GLUSTER_ACL_WRITE   0x02
++#define GLUSTER_ACL_EXECUTE 0x01
++
++#define GLUSTER_ACL_UNDEFINED_TAG  0x00
++#define GLUSTER_ACL_USER_OBJ       0x01
++#define GLUSTER_ACL_USER           0x02
++#define GLUSTER_ACL_GROUP_OBJ      0x04
++#define GLUSTER_ACL_GROUP          0x08
++#define GLUSTER_ACL_MASK           0x10
++#define GLUSTER_ACL_OTHER          0x20
++
++#define GLUSTER_ACL_UNDEFINED_ID  (-1)
++
++struct gluster_ace {
++      uint16_t tag;
++      uint16_t perm;
++      uint32_t id;
++};
++
++struct gluster_acl_header {
++      uint32_t version;
++      struct gluster_ace entries[];
++};
++
++static SMB_ACL_T gluster_to_smb_acl(const char *buf, size_t xattr_size)
++{
++      int count;
++      size_t size;
++      struct gluster_ace *ace;
++      struct smb_acl_entry *smb_ace;
++      struct gluster_acl_header *hdr;
++      struct smb_acl_t *result;
++      int i;
++      uint16_t tag;
++      uint16_t perm;
++      uint32_t id;
++
++      size = xattr_size;
++
++      if (size < sizeof(*hdr)) {
++              /* ACL should be at least as big as the header */
++              errno = EINVAL;
++              return NULL;
++      }
++
++      size -= sizeof(*hdr);
++
++      if (size % sizeof(*ace)) {
++              /* Size of entries must strictly be a multiple of
++                 size of an ACE
++              */
++              errno = EINVAL;
++              return NULL;
++      }
++
++      count = size / sizeof(*ace);
++
++      hdr = (void *)buf;
++
++      if (ntohl(hdr->version) != GLUSTER_ACL_VERSION) {
++              DEBUG(0, ("Unknown gluster ACL version: %d\n",
++                        ntohl(hdr->version)));
++              return NULL;
++      }
++
++      result = SMB_MALLOC(sizeof(struct smb_acl_t) + (sizeof(struct smb_acl_entry) * count));
++      if (!result) {
++              errno = ENOMEM;
++              return NULL;
++      }
++
++      result->count = count;
++
++      smb_ace = result->acl;
++      ace = hdr->entries;
++
++      for (i = 0; i < count; i++) {
++              tag = ntohs(ace->tag);
++
++              switch(tag) {
++              case GLUSTER_ACL_USER:
++                      smb_ace->a_type = SMB_ACL_USER;
++                      break;
++              case GLUSTER_ACL_USER_OBJ:
++                      smb_ace->a_type = SMB_ACL_USER_OBJ;
++                      break;
++              case GLUSTER_ACL_GROUP:
++                      smb_ace->a_type = SMB_ACL_GROUP;
++                      break;
++              case GLUSTER_ACL_GROUP_OBJ:
++                      smb_ace->a_type = SMB_ACL_GROUP_OBJ;
++                      break;
++              case GLUSTER_ACL_OTHER:
++                      smb_ace->a_type = SMB_ACL_OTHER;
++                      break;
++              case GLUSTER_ACL_MASK:
++                      smb_ace->a_type = SMB_ACL_MASK;
++                      break;
++              default:
++                      DEBUG(0, ("unknown tag type %d\n", (unsigned int) tag));
++                      return NULL;
++              }
++
++              id = ntohl(ace->id);
++
++              switch(smb_ace->a_type) {
++              case SMB_ACL_USER:
++                      smb_ace->uid = id;
++                      break;
++              case SMB_ACL_GROUP:
++                      smb_ace->gid = id;
++                      break;
++              default:
++                      break;
++              }
++
++              perm = ntohs(ace->perm);
++
++              smb_ace->a_perm = 0;
++              smb_ace->a_perm |=
++                      ((perm & GLUSTER_ACL_READ) ? SMB_ACL_READ : 0);
++              smb_ace->a_perm |=
++                      ((perm & GLUSTER_ACL_WRITE) ? SMB_ACL_WRITE : 0);
++              smb_ace->a_perm |=
++                      ((perm & GLUSTER_ACL_EXECUTE) ? SMB_ACL_EXECUTE : 0);
++
++              ace++;
++              smb_ace++;
++      }
++
++      return result;
++}
++
++static ssize_t smb_to_gluster_acl(SMB_ACL_T theacl, char *buf, size_t len)
++{
++      ssize_t size;
++      struct gluster_ace *ace;
++      struct smb_acl_entry *smb_ace;
++      struct gluster_acl_header *hdr;
++      int i;
++      int count;
++      uint16_t tag;
++      uint16_t perm;
++      uint32_t id;
++
++      count = theacl->count;
++
++      size = sizeof(*hdr) + (count * sizeof(*ace));
++      if (!buf) {
++              return size;
++      }
++
++      if (len < size) {
++              errno = ERANGE;
++              return -1;
++      }
++
++      hdr = (void *)buf;
++      ace = hdr->entries;
++      smb_ace = theacl->acl;
++
++      hdr->version = htonl(GLUSTER_ACL_VERSION);
++
++      for (i = 0; i < count; i++) {
++              switch(smb_ace->a_type) {
++              case SMB_ACL_USER:
++                      tag = GLUSTER_ACL_USER;
++                      break;
++              case SMB_ACL_USER_OBJ:
++                      tag = GLUSTER_ACL_USER_OBJ;
++                      break;
++              case SMB_ACL_GROUP:
++                      tag = GLUSTER_ACL_GROUP;
++                      break;
++              case SMB_ACL_GROUP_OBJ:
++                      tag = GLUSTER_ACL_GROUP_OBJ;
++                      break;
++              case SMB_ACL_OTHER:
++                      tag = GLUSTER_ACL_OTHER;
++                      break;
++              case SMB_ACL_MASK:
++                      tag = GLUSTER_ACL_MASK;
++                      break;
++              default:
++                      DEBUG(0, ("Unknown tag value %d\n",
++                                smb_ace->a_type));
++                      errno = EINVAL;
++                      return -1;
++              }
++
++              ace->tag = ntohs(tag);
++
++              switch(smb_ace->a_type) {
++              case SMB_ACL_USER:
++                      id = smb_ace->uid;
++                      break;
++              case SMB_ACL_GROUP:
++                      id = smb_ace->gid;
++                      break;
++              default:
++                      id = GLUSTER_ACL_UNDEFINED_ID;
++                      break;
++              }
++
++              ace->id = ntohl(id);
++
++              ace->perm = 0;
++              ace->perm |=
++                      ((smb_ace->a_perm & SMB_ACL_READ) ? GLUSTER_ACL_READ : 0);
++              ace->perm |=
++                      ((smb_ace->a_perm & SMB_ACL_WRITE) ? GLUSTER_ACL_WRITE : 0);
++              ace->perm |=
++                      ((smb_ace->a_perm & SMB_ACL_EXECUTE) ? GLUSTER_ACL_EXECUTE : 0);
++
++              ace++;
++              smb_ace++;
++      }
++
++      return size;
++}
++
++
++static SMB_ACL_T vfs_gluster_sys_acl_get_file(struct vfs_handle_struct *handle,
++                                            const char *path_p,
++                                            SMB_ACL_TYPE_T type)
++{
++      struct smb_acl_t *result;
++      char *buf;
++      char *key;
++      ssize_t ret;
++
++      switch (type) {
++      case SMB_ACL_TYPE_ACCESS:
++              key = "system.posix_acl_access";
++              break;
++      case SMB_ACL_TYPE_DEFAULT:
++              key = "system.posix_acl_default";
++              break;
++      default:
++              errno = EINVAL;
++              return NULL;
++      }
++
++      ret = glfs_getxattr(handle->data, path_p, key, 0, 0);
++      if (ret <= 0) {
++              return NULL;
++      }
++
++      buf = alloca(ret);
++      ret = glfs_getxattr(handle->data, path_p, key, buf, ret);
++      if (ret <= 0) {
++              return NULL;
++      }
++
++      result = gluster_to_smb_acl(buf, ret);
++
++      return result;
++}
++
++static SMB_ACL_T vfs_gluster_sys_acl_get_fd(struct vfs_handle_struct *handle,
++                                          struct files_struct *fsp)
++{
++      struct smb_acl_t *result;
++      int ret;
++      char *buf;
++
++      ret = glfs_fgetxattr(glfd_fd_get(fsp->fh->fd),
++                           "system.posix_acl_access", 0, 0);
++      if (ret <= 0) {
++              return NULL;
++      }
++
++      buf = alloca(ret);
++      ret = glfs_fgetxattr(glfd_fd_get(fsp->fh->fd),
++                           "system.posix_acl_access", buf, ret);
++      if (ret <= 0) {
++              return NULL;
++      }
++
++      result = gluster_to_smb_acl(buf, ret);
++
++      return result;
++}
++
++static int vfs_gluster_sys_acl_set_file(struct vfs_handle_struct *handle,
++                                      const char *name,
++                                      SMB_ACL_TYPE_T acltype,
++                                      SMB_ACL_T theacl)
++{
++      int ret;
++      char *key;
++      char *buf;
++      ssize_t size;
++
++      switch (acltype) {
++      case SMB_ACL_TYPE_ACCESS:
++              key = "system.posix_acl_access";
++              break;
++      case SMB_ACL_TYPE_DEFAULT:
++              key = "system.posix_acl_default";
++              break;
++      default:
++              errno = EINVAL;
++              return -1;
++      }
++
++      size = smb_to_gluster_acl(theacl, 0, 0);
++      buf = alloca(size);
++
++      size = smb_to_gluster_acl(theacl, buf, size);
++      if (size == -1) {
++              return -1;
++      }
++
++      ret = glfs_setxattr(handle->data, name, key, buf, size, 0);
++
++      return ret;
++}
++
++static int vfs_gluster_sys_acl_set_fd(struct vfs_handle_struct *handle,
++                                    struct files_struct *fsp,
++                                    SMB_ACL_T theacl)
++{
++      int ret;
++      char *buf;
++      ssize_t size;
++
++      size = smb_to_gluster_acl(theacl, 0, 0);
++      buf = alloca(size);
++
++      size = smb_to_gluster_acl(theacl, buf, size);
++      if (size == -1) {
++              return -1;
++      }
++
++      ret = glfs_fsetxattr(glfd_fd_get(fsp->fh->fd),
++                           "system.posix_acl_access", buf, size, 0);
++      return ret;
++}
++
++static int vfs_gluster_sys_acl_delete_def_file(struct vfs_handle_struct *handle,
++                                             const char *path)
++{
++      return glfs_removexattr(handle->data, path, "system.posix_acl_default");
++}
++
++static struct vfs_fn_pointers glusterfs_fns = {
++
++      /* Disk Operations */
++
++      .connect_fn = vfs_gluster_connect,
++      .disconnect = vfs_gluster_disconnect,
++      .disk_free = vfs_gluster_disk_free,
++      .get_quota = vfs_gluster_get_quota,
++      .set_quota = vfs_gluster_set_quota,
++      .statvfs = vfs_gluster_statvfs,
++      .fs_capabilities = vfs_gluster_fs_capabilities,
++
++      /* Directory Operations */
++
++      .opendir = vfs_gluster_opendir,
++      .fdopendir = vfs_gluster_fdopendir,
++      .readdir = vfs_gluster_readdir,
++      .seekdir = vfs_gluster_seekdir,
++      .telldir = vfs_gluster_telldir,
++      .rewind_dir = vfs_gluster_rewinddir,
++      .mkdir = vfs_gluster_mkdir,
++      .rmdir = vfs_gluster_rmdir,
++      .closedir = vfs_gluster_closedir,
++      .init_search_op = vfs_gluster_init_search_op,
++
++      /* File Operations */
++
++      .open_fn = vfs_gluster_open,
++      .create_file = NULL,
++      .close_fn = vfs_gluster_close,
++      .vfs_read = vfs_gluster_read,
++      .pread = vfs_gluster_pread,
++      .write = vfs_gluster_write,
++      .pwrite = vfs_gluster_pwrite,
++      .lseek = vfs_gluster_lseek,
++      .sendfile = vfs_gluster_sendfile,
++      .recvfile = vfs_gluster_recvfile,
++      .rename = vfs_gluster_rename,
++      .fsync = vfs_gluster_fsync,
++      .stat = vfs_gluster_stat,
++      .fstat = vfs_gluster_fstat,
++      .lstat = vfs_gluster_lstat,
++      .get_alloc_size = vfs_gluster_get_alloc_size,
++      .unlink = vfs_gluster_unlink,
++
++      .chmod = vfs_gluster_chmod,
++      .fchmod = vfs_gluster_fchmod,
++      .chown = vfs_gluster_chown,
++      .fchown = vfs_gluster_fchown,
++      .lchown = vfs_gluster_lchown,
++      .chdir = vfs_gluster_chdir,
++      .getwd = vfs_gluster_getwd,
++      .ntimes = vfs_gluster_ntimes,
++      .ftruncate = vfs_gluster_ftruncate,
++      .fallocate = vfs_gluster_fallocate,
++      .lock = vfs_gluster_lock,
++      .kernel_flock = vfs_gluster_kernel_flock,
++      .linux_setlease = vfs_gluster_linux_setlease,
++      .getlock = vfs_gluster_getlock,
++      .symlink = vfs_gluster_symlink,
++      .vfs_readlink = vfs_gluster_readlink,
++      .link = vfs_gluster_link,
++      .mknod = vfs_gluster_mknod,
++      .realpath = vfs_gluster_realpath,
++      .notify_watch = vfs_gluster_notify_watch,
++      .chflags = vfs_gluster_chflags,
++      .file_id_create = NULL,
++      .streaminfo = NULL,
++      .get_real_filename = vfs_gluster_get_real_filename,
++      .connectpath = vfs_gluster_connectpath,
++
++      .brl_lock_windows = NULL,
++      .brl_unlock_windows = NULL,
++      .brl_cancel_windows = NULL,
++      .strict_lock = NULL,
++      .strict_unlock = NULL,
++      .translate_name = NULL,
++
++      /* NT ACL Operations */
++      .fget_nt_acl = NULL,
++      .get_nt_acl = NULL,
++      .fset_nt_acl = NULL,
++
++      /* Posix ACL Operations */
++      .chmod_acl = NULL,      /* passthrough to default */
++      .fchmod_acl = NULL,     /* passthrough to default */
++
++      .sys_acl_get_entry = NULL,
++      .sys_acl_get_tag_type = NULL,
++      .sys_acl_get_permset = NULL,
++      .sys_acl_get_qualifier = NULL,
++      .sys_acl_get_file = vfs_gluster_sys_acl_get_file,
++      .sys_acl_get_fd = vfs_gluster_sys_acl_get_fd,
++      .sys_acl_clear_perms = NULL,
++      .sys_acl_add_perm = NULL,
++      .sys_acl_to_text = NULL,
++      .sys_acl_init = NULL,
++      .sys_acl_create_entry = NULL,
++      .sys_acl_set_tag_type = NULL,
++      .sys_acl_set_qualifier = NULL,
++      .sys_acl_set_permset = NULL,
++      .sys_acl_valid = NULL,
++      .sys_acl_set_file = vfs_gluster_sys_acl_set_file,
++      .sys_acl_set_fd = vfs_gluster_sys_acl_set_fd,
++      .sys_acl_delete_def_file = vfs_gluster_sys_acl_delete_def_file,
++      .sys_acl_get_perm = NULL,
++      .sys_acl_free_text = NULL,
++      .sys_acl_free_acl = NULL,
++      .sys_acl_free_qualifier = NULL,
++
++      /* EA Operations */
++      .getxattr = vfs_gluster_getxattr,
++      .lgetxattr = vfs_gluster_lgetxattr,
++      .fgetxattr = vfs_gluster_fgetxattr,
++      .listxattr = vfs_gluster_listxattr,
++      .llistxattr = vfs_gluster_llistxattr,
++      .flistxattr = vfs_gluster_flistxattr,
++      .removexattr = vfs_gluster_removexattr,
++      .lremovexattr = vfs_gluster_lremovexattr,
++      .fremovexattr = vfs_gluster_fremovexattr,
++      .setxattr = vfs_gluster_setxattr,
++      .lsetxattr = vfs_gluster_lsetxattr,
++      .fsetxattr = vfs_gluster_fsetxattr,
++
++      /* AIO Operations */
++      .aio_read = NULL,
++      .aio_write = NULL,
++      .aio_return_fn = NULL,
++      .aio_cancel = NULL,
++      .aio_error_fn = NULL,
++      .aio_fsync = NULL,
++      .aio_suspend = NULL,
++      .aio_force = vfs_gluster_aio_force,
++
++      /* Offline Operations */
++      .is_offline = vfs_gluster_is_offline,
++      .set_offline = vfs_gluster_set_offline,
++};
++
++NTSTATUS vfs_glusterfs_init(void);
++NTSTATUS vfs_glusterfs_init(void)
++{
++      return smb_register_vfs(SMB_VFS_INTERFACE_VERSION,
++                              "glusterfs", &glusterfs_fns);
++}
+diff --git a/source3/modules/wscript_build b/source3/modules/wscript_build
+index ff7163f..31c93be 100644
+--- a/source3/modules/wscript_build
++++ b/source3/modules/wscript_build
+@@ -50,6 +50,7 @@ VFS_SCANNEDONLY_SRC = 'vfs_scannedonly.c'
+ VFS_CROSSRENAME_SRC = 'vfs_crossrename.c'
+ VFS_LINUX_XFS_SGID_SRC = 'vfs_linux_xfs_sgid.c'
+ VFS_TIME_AUDIT_SRC = 'vfs_time_audit.c'
++VFS_GLUSTERFS_SRC = 'vfs_glusterfs.c'
+ bld.SAMBA3_SUBSYSTEM('NFS4_ACLS',
+@@ -408,6 +409,14 @@ bld.SAMBA3_MODULE('vfs_time_audit',
+                  internal_module=bld.SAMBA3_IS_STATIC_MODULE('vfs_time_audit'),
+                  enabled=bld.SAMBA3_IS_ENABLED_MODULE('vfs_time_audit'))
++bld.SAMBA3_MODULE('vfs_glusterfs',
++                  subsystem='vfs',
++                  source=VFS_GLUSTERFS_SRC,
++                  deps='samba-util gfapi',
++                  init_function='',
++                  internal_module=bld.SAMBA3_IS_STATIC_MODULE('vfs_glusterfs'),
++                  enabled=bld.SAMBA3_IS_ENABLED_MODULE('vfs_glusterfs'),
++                  allow_undefined_symbols=False)
+ CHARSET_WEIRD_SRC = 'weird.c'
+diff --git a/source3/wscript b/source3/wscript
+index bcc6ce1..7e34db5 100644
+--- a/source3/wscript
++++ b/source3/wscript
+@@ -60,6 +60,7 @@ def set_options(opt):
+     opt.SAMBA3_ADD_OPTION('automount')
+     opt.SAMBA3_ADD_OPTION('aio-support')
+     opt.SAMBA3_ADD_OPTION('profiling-data')
++    opt.SAMBA3_ADD_OPTION('glusterfs', with_name="enable", without_name="disable", default=True)
+     opt.SAMBA3_ADD_OPTION('cluster-support')
+@@ -1701,6 +1702,24 @@ main() {
+         conf.undefine('CLUSTER_SUPPORT')
++    #
++    # Checking for GlusterFS
++    #
++    if Options.options.with_glusterfs:
++        conf.check_cfg(package='glusterfs-api', args='"glusterfs-api >= 4" --cflags --libs',
++                       msg='Checking for glusterfs-api >= 4', uselib_store="GFAPI")
++        conf.CHECK_HEADERS('api/glfs.h', lib='gfapi')
++        conf.CHECK_LIB('gfapi', shlib=True)
++
++        if conf.CONFIG_SET('HAVE_API_GLFS_H'):
++            conf.DEFINE('HAVE_GLUSTERFS', '1')
++        else:
++            conf.SET_TARGET_TYPE('gfapi', 'EMPTY')
++            conf.undefine('HAVE_GLUSTERFS')
++    else:
++        conf.SET_TARGET_TYPE('gfapi', 'EMPTY')
++        conf.undefine('HAVE_GLUSTERFS')
++
+     conf.CHECK_CODE('__attribute__((destructor)) static void cleanup(void) { }',
+                   'HAVE_FUNCTION_ATTRIBUTE_DESTRUCTOR',
+@@ -1794,6 +1813,9 @@ main() {
+     if conf.CONFIG_SET('HAVE_GPFS'):
+       default_shared_modules.extend(TO_LIST('vfs_gpfs vfs_gpfs_hsm_notify'))
++    if conf.CONFIG_SET('HAVE_GLUSTERFS'):
++        default_shared_modules.extend(TO_LIST('vfs_glusterfs'))
++
+     explicit_shared_modules = TO_LIST(Options.options.shared_modules, delimiter=',')
+     explicit_static_modules = TO_LIST(Options.options.static_modules, delimiter=',')
+-- 
+1.9.3
+
+
+From e2b70ae1e9b072173de2b7d6140381b910d436b4 Mon Sep 17 00:00:00 2001
+From: Raghavendra Talur <rtalur@redhat.com>
+Date: Thu, 20 Jun 2013 17:58:15 -0700
+Subject: [PATCH 2/9] PATCHSET13: vfs_glusterfs: New file creation fix.
+
+When a new document is created in explorer, a check for file_exist is made.
+vfs_gluster_get_real_filename was returning 0 even when the file did not
+exist.
+---
+ source3/modules/vfs_glusterfs.c | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/source3/modules/vfs_glusterfs.c b/source3/modules/vfs_glusterfs.c
+index 4beac1d..3752940 100644
+--- a/source3/modules/vfs_glusterfs.c
++++ b/source3/modules/vfs_glusterfs.c
+@@ -839,8 +839,10 @@ static int vfs_gluster_get_real_filename(struct vfs_handle_struct *handle,
+                "user.glusterfs.get_real_filename:%s", name);
+       ret = glfs_getxattr(handle->data, path, key_buf, val_buf, NAME_MAX + 1);
+-      if (ret == -1 && errno == ENODATA) {
+-              errno = EOPNOTSUPP;
++      if (ret == -1) {
++              if (errno == ENODATA) {
++                      errno = EOPNOTSUPP;
++              }
+               return -1;
+       }
+-- 
+1.9.3
+
+
+From e963ec42b17cdc7369e4b79387447bb3ddc99d2a Mon Sep 17 00:00:00 2001
+From: susant <spalai@redhat.com>
+Date: Wed, 7 Aug 2013 01:00:31 -0500
+Subject: [PATCH 3/9] PATCHSET13: vfs_glusterfs: Volume capacity reported to
+ Windows is incorrect
+
+VFS plugin was sending the actual size of the volume instead of the
+total number of block units because of which windows was getting the
+wrong volume capacity.
+
+Signed-off-by: susant <spalai@redhat.com>
+Reviewed-by: Anand Avati <avati@redhat.com>
+---
+ source3/modules/vfs_glusterfs.c | 11 ++++-------
+ 1 file changed, 4 insertions(+), 7 deletions(-)
+
+diff --git a/source3/modules/vfs_glusterfs.c b/source3/modules/vfs_glusterfs.c
+index 3752940..1502776 100644
+--- a/source3/modules/vfs_glusterfs.c
++++ b/source3/modules/vfs_glusterfs.c
+@@ -297,7 +297,6 @@ vfs_gluster_disk_free(struct vfs_handle_struct *handle, const char *path,
+                     uint64_t *dsize_p)
+ {
+       struct statvfs statvfs = { 0, };
+-      uint64_t dfree = 0;
+       int ret;
+       ret = glfs_statvfs(handle->data, path, &statvfs);
+@@ -307,19 +306,17 @@ vfs_gluster_disk_free(struct vfs_handle_struct *handle, const char *path,
+               return -1;
+       }
+-      dfree = statvfs.f_bsize * statvfs.f_bavail;
+-
+       if (bsize_p) {
+-              *bsize_p = statvfs.f_bsize;
++              *bsize_p = (uint64_t)statvfs.f_bsize; /* Block size */
+       }
+       if (dfree_p) {
+-              *dfree_p = dfree;
++              *dfree_p = (uint64_t)statvfs.f_bavail; /* Available Block units */
+       }
+       if (dsize_p) {
+-              *dsize_p = statvfs.f_bsize * statvfs.f_blocks;
++              *dsize_p = (uint64_t)statvfs.f_blocks; /* Total Block units */
+       }
+-      return dfree;
++      return (uint64_t)statvfs.f_bavail;
+ }
+ static int
+-- 
+1.9.3
+
+
+From 1d41227866ede7ae14857105abd6b322e8e41525 Mon Sep 17 00:00:00 2001
+From: Anand Avati <avati@redhat.com>
+Date: Mon, 12 Aug 2013 14:59:24 -0500
+Subject: [PATCH 4/9] PATCHSET13: vfs_glusterfs: Implement proper
+ mashalling/unmarshalling of ACLs
+
+Use the primitives available in Samba byteorder.h for implementing
+proper (un)marshalling of ACL xattrs.
+
+Signed-off-by: Anand Avati <avati@redhat.com>
+Reviewed-by: Raghavendra Talur <rtalur@redhat.com>
+Reviewed-by: Jeremy Allison <jra@samba.org>
+Tested-by: "Jose A. Rivera" <jarrpa@redhat.com>
+---
+ source3/modules/vfs_glusterfs.c | 154 +++++++++++++++++++++++++++++-----------
+ 1 file changed, 112 insertions(+), 42 deletions(-)
+
+diff --git a/source3/modules/vfs_glusterfs.c b/source3/modules/vfs_glusterfs.c
+index 1502776..1b81d06 100644
+--- a/source3/modules/vfs_glusterfs.c
++++ b/source3/modules/vfs_glusterfs.c
+@@ -963,13 +963,36 @@ static int vfs_gluster_set_offline(struct vfs_handle_struct *handle,
+       return -1;
+ }
+-/* Posix ACL Operations */
++/*
++  Gluster ACL Format:
++
++  Size = 4 (header) + N * 8 (entry)
++
++  Offset  Size    Field (Little Endian)
++  -------------------------------------
++  0-3     4-byte  Version
++
++  4-5     2-byte  Entry-1 tag
++  6-7     2-byte  Entry-1 perm
++  8-11    4-byte  Entry-1 id
++
++  12-13   2-byte  Entry-2 tag
++  14-15   2-byte  Entry-2 perm
++  16-19   4-byte  Entry-2 id
++  ...
++
++ */
++
++/* header version */
+ #define GLUSTER_ACL_VERSION 2
++
++/* perm bits */
+ #define GLUSTER_ACL_READ    0x04
+ #define GLUSTER_ACL_WRITE   0x02
+ #define GLUSTER_ACL_EXECUTE 0x01
++/* tag values */
+ #define GLUSTER_ACL_UNDEFINED_TAG  0x00
+ #define GLUSTER_ACL_USER_OBJ       0x01
+ #define GLUSTER_ACL_USER           0x02
+@@ -980,57 +1003,48 @@ static int vfs_gluster_set_offline(struct vfs_handle_struct *handle,
+ #define GLUSTER_ACL_UNDEFINED_ID  (-1)
+-struct gluster_ace {
+-      uint16_t tag;
+-      uint16_t perm;
+-      uint32_t id;
+-};
+-
+-struct gluster_acl_header {
+-      uint32_t version;
+-      struct gluster_ace entries[];
+-};
++#define GLUSTER_ACL_HEADER_SIZE    4
++#define GLUSTER_ACL_ENTRY_SIZE     8
+ static SMB_ACL_T gluster_to_smb_acl(const char *buf, size_t xattr_size)
+ {
+       int count;
+       size_t size;
+-      struct gluster_ace *ace;
+       struct smb_acl_entry *smb_ace;
+-      struct gluster_acl_header *hdr;
+       struct smb_acl_t *result;
+       int i;
++      int offset;
+       uint16_t tag;
+       uint16_t perm;
+       uint32_t id;
+       size = xattr_size;
+-      if (size < sizeof(*hdr)) {
+-              /* ACL should be at least as big as the header */
++      if (size < GLUSTER_ACL_HEADER_SIZE) {
++              /* ACL should be at least as big as the header (4 bytes) */
+               errno = EINVAL;
+               return NULL;
+       }
+-      size -= sizeof(*hdr);
++      size -= GLUSTER_ACL_HEADER_SIZE; /* size of header = 4 bytes */
+-      if (size % sizeof(*ace)) {
++      if (size % GLUSTER_ACL_ENTRY_SIZE) {
+               /* Size of entries must strictly be a multiple of
+-                 size of an ACE
++                 size of an ACE (8 bytes)
+               */
+               errno = EINVAL;
+               return NULL;
+       }
+-      count = size / sizeof(*ace);
+-
+-      hdr = (void *)buf;
++      count = size / GLUSTER_ACL_ENTRY_SIZE;
+-      if (ntohl(hdr->version) != GLUSTER_ACL_VERSION) {
++      /* Version is the first 4 bytes of the ACL */
++      if (IVAL(buf, 0) != GLUSTER_ACL_VERSION) {
+               DEBUG(0, ("Unknown gluster ACL version: %d\n",
+-                        ntohl(hdr->version)));
++                        IVAL(buf, 0)));
+               return NULL;
+       }
++      offset = GLUSTER_ACL_HEADER_SIZE;
+       result = SMB_MALLOC(sizeof(struct smb_acl_t) + (sizeof(struct smb_acl_entry) * count));
+       if (!result) {
+@@ -1041,10 +1055,19 @@ static SMB_ACL_T gluster_to_smb_acl(const char *buf, size_t xattr_size)
+       result->count = count;
+       smb_ace = result->acl;
+-      ace = hdr->entries;
+       for (i = 0; i < count; i++) {
+-              tag = ntohs(ace->tag);
++              /* TAG is the first 2 bytes of an entry */
++              tag = SVAL(buf, offset);
++              offset += 2;
++
++              /* PERM is the next 2 bytes of an entry */
++              perm = SVAL(buf, offset);
++              offset += 2;
++
++              /* ID is the last 4 bytes of an entry */
++              id = IVAL(buf, offset);
++              offset += 4;
+               switch(tag) {
+               case GLUSTER_ACL_USER:
+@@ -1070,7 +1093,6 @@ static SMB_ACL_T gluster_to_smb_acl(const char *buf, size_t xattr_size)
+                       return NULL;
+               }
+-              id = ntohl(ace->id);
+               switch(smb_ace->a_type) {
+               case SMB_ACL_USER:
+@@ -1083,8 +1105,6 @@ static SMB_ACL_T gluster_to_smb_acl(const char *buf, size_t xattr_size)
+                       break;
+               }
+-              perm = ntohs(ace->perm);
+-
+               smb_ace->a_perm = 0;
+               smb_ace->a_perm |=
+                       ((perm & GLUSTER_ACL_READ) ? SMB_ACL_READ : 0);
+@@ -1093,28 +1113,61 @@ static SMB_ACL_T gluster_to_smb_acl(const char *buf, size_t xattr_size)
+               smb_ace->a_perm |=
+                       ((perm & GLUSTER_ACL_EXECUTE) ? SMB_ACL_EXECUTE : 0);
+-              ace++;
+               smb_ace++;
+       }
+       return result;
+ }
++
++static int gluster_ace_cmp(const void *left, const void *right)
++{
++      int ret = 0;
++      uint16_t tag_left, tag_right;
++      uint32_t id_left, id_right;
++
++      /*
++        Sorting precedence:
++
++         - Smaller TAG values must be earlier.
++
++         - Within same TAG, smaller identifiers must be earlier, E.g:
++           UID 0 entry must be earlier than UID 200
++           GID 17 entry must be earlier than GID 19
++      */
++
++      /* TAG is the first element in the entry */
++      tag_left = SVAL(left, 0);
++      tag_right = SVAL(right, 0);
++
++      ret = (tag_left - tag_right);
++      if (!ret) {
++              /* ID is the third element in the entry, after two short
++                 integers (tag and perm), i.e at offset 4.
++              */
++              id_left = IVAL(left, 4);
++              id_right = IVAL(right, 4);
++              ret = id_left - id_right;
++      }
++
++      return ret;
++}
++
++
+ static ssize_t smb_to_gluster_acl(SMB_ACL_T theacl, char *buf, size_t len)
+ {
+       ssize_t size;
+-      struct gluster_ace *ace;
+       struct smb_acl_entry *smb_ace;
+-      struct gluster_acl_header *hdr;
+       int i;
+       int count;
+       uint16_t tag;
+       uint16_t perm;
+       uint32_t id;
++      int offset;
+       count = theacl->count;
+-      size = sizeof(*hdr) + (count * sizeof(*ace));
++      size = GLUSTER_ACL_HEADER_SIZE + (count * GLUSTER_ACL_ENTRY_SIZE);
+       if (!buf) {
+               return size;
+       }
+@@ -1124,13 +1177,14 @@ static ssize_t smb_to_gluster_acl(SMB_ACL_T theacl, char *buf, size_t len)
+               return -1;
+       }
+-      hdr = (void *)buf;
+-      ace = hdr->entries;
+       smb_ace = theacl->acl;
+-      hdr->version = htonl(GLUSTER_ACL_VERSION);
++      /* Version is the first 4 bytes of the ACL */
++      SIVAL(buf, 0, GLUSTER_ACL_VERSION);
++      offset = GLUSTER_ACL_HEADER_SIZE;
+       for (i = 0; i < count; i++) {
++              /* Calculate tag */
+               switch(smb_ace->a_type) {
+               case SMB_ACL_USER:
+                       tag = GLUSTER_ACL_USER;
+@@ -1157,8 +1211,8 @@ static ssize_t smb_to_gluster_acl(SMB_ACL_T theacl, char *buf, size_t len)
+                       return -1;
+               }
+-              ace->tag = ntohs(tag);
++              /* Calculate id */
+               switch(smb_ace->a_type) {
+               case SMB_ACL_USER:
+                       id = smb_ace->uid;
+@@ -1171,20 +1225,36 @@ static ssize_t smb_to_gluster_acl(SMB_ACL_T theacl, char *buf, size_t len)
+                       break;
+               }
+-              ace->id = ntohl(id);
++              /* Calculate perm */
++              perm = 0;
+-              ace->perm = 0;
+-              ace->perm |=
++              perm |=
+                       ((smb_ace->a_perm & SMB_ACL_READ) ? GLUSTER_ACL_READ : 0);
+-              ace->perm |=
++              perm |=
+                       ((smb_ace->a_perm & SMB_ACL_WRITE) ? GLUSTER_ACL_WRITE : 0);
+-              ace->perm |=
++              perm |=
+                       ((smb_ace->a_perm & SMB_ACL_EXECUTE) ? GLUSTER_ACL_EXECUTE : 0);
+-              ace++;
++
++              /* TAG is the first 2 bytes of an entry */
++              SSVAL(buf, offset, tag);
++              offset += 2;
++
++              /* PERM is the next 2 bytes of an entry */
++              SSVAL(buf, offset, perm);
++              offset += 2;
++
++              /* ID is the last 4 bytes of an entry */
++              SIVAL(buf, offset, id);
++              offset += 4;
++
+               smb_ace++;
+       }
++      /* Skip the header, sort @count number of 8-byte entries */
++      qsort(buf+GLUSTER_ACL_HEADER_SIZE, count, GLUSTER_ACL_ENTRY_SIZE,
++            gluster_ace_cmp);
++
+       return size;
+ }
+-- 
+1.9.3
+
+
+From 26673935299da8ce830ff9d0ea5df18f52092092 Mon Sep 17 00:00:00 2001
+From: "Christopher R. Hertel" <crh@redhat.com>
+Date: Thu, 29 Aug 2013 11:01:24 -0500
+Subject: [PATCH 5/9] PATCHSET13: vfs_glusterfs: Fix excessive debug output
+ from vfs_gluster_open().
+
+The vfs_gluster_open() function generates a debug message (at level 0)
+for every failed attempt to open a pathname.  This includes cases in
+which attempts are made to open a directory as a file (those attempts
+are retried calling vfs_gluster_opendir()).  The result is that the log
+file fills with messages about failed attempts to open directories,
+because they are directories.  This patch ensures that failed attempts
+to open directories as files are logged at log level 4, not 0.  In
+addition, other failed open attempts are logged at level 1, not 0.
+
+Signed-off-by: Christopher R. Hertel <crh@redhat.com>
+Reviewed-by : Susant Palai <spalai@redhat.com>
+Reviewed-by : Raghavendra Talur <rtalur@redhat.com>
+Reviewed-by : Jose A. Rivera <jarrpa@redhat.com>
+---
+ source3/modules/vfs_glusterfs.c | 3 ---
+ 1 file changed, 3 deletions(-)
+
+diff --git a/source3/modules/vfs_glusterfs.c b/source3/modules/vfs_glusterfs.c
+index 1b81d06..b92c7fd 100644
+--- a/source3/modules/vfs_glusterfs.c
++++ b/source3/modules/vfs_glusterfs.c
+@@ -488,11 +488,8 @@ static int vfs_gluster_open(struct vfs_handle_struct *handle,
+       }
+       if (glfd == NULL) {
+-              DEBUG(0, ("glfs_{open[dir],creat}(%s) failed: %s\n",
+-                        smb_fname->base_name, strerror(errno)));
+               return -1;
+       }
+-
+       return glfd_fd_store(glfd);
+ }
+-- 
+1.9.3
+
+
+From f396be725dd8e8f93b0eed1b23fcf0a0f61303a9 Mon Sep 17 00:00:00 2001
+From: Andreas Schneider <asn@samba.org>
+Date: Mon, 4 Nov 2013 12:32:05 +0100
+Subject: [PATCH 6/9] PATCHSET13: vfs: Fix some build warnings in glusterfs.
+
+Signed-off-by: Andreas Schneider <asn@samba.org>
+Reviewed-by: David Disseldorp <ddiss@samba.org>
+---
+ source3/modules/vfs_glusterfs.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/source3/modules/vfs_glusterfs.c b/source3/modules/vfs_glusterfs.c
+index b92c7fd..4b8da4a 100644
+--- a/source3/modules/vfs_glusterfs.c
++++ b/source3/modules/vfs_glusterfs.c
+@@ -1262,7 +1262,7 @@ static SMB_ACL_T vfs_gluster_sys_acl_get_file(struct vfs_handle_struct *handle,
+ {
+       struct smb_acl_t *result;
+       char *buf;
+-      char *key;
++      const char *key;
+       ssize_t ret;
+       switch (type) {
+@@ -1324,7 +1324,7 @@ static int vfs_gluster_sys_acl_set_file(struct vfs_handle_struct *handle,
+                                       SMB_ACL_T theacl)
+ {
+       int ret;
+-      char *key;
++      const char *key;
+       char *buf;
+       ssize_t size;
+-- 
+1.9.3
+
+
+From 2b136f8999e171d15736d0a532353799b7251ae2 Mon Sep 17 00:00:00 2001
+From: Andreas Schneider <asn@samba.org>
+Date: Fri, 15 Nov 2013 17:02:19 +0100
+Subject: [PATCH 7/9] PATCHSET13: s3-vfs: Make glfs_set_preopened() static.
+
+Signed-off-by: Andreas Schneider <asn@samba.org>
+Reviewed-by: Jeremy Allison <jra@samba.org>
+---
+ source3/modules/vfs_glusterfs.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/source3/modules/vfs_glusterfs.c b/source3/modules/vfs_glusterfs.c
+index 4b8da4a..ef505a3 100644
+--- a/source3/modules/vfs_glusterfs.c
++++ b/source3/modules/vfs_glusterfs.c
+@@ -141,7 +141,7 @@ static struct glfs_preopened {
+ } *glfs_preopened;
+-int glfs_set_preopened(const char *volume, glfs_t *fs)
++static int glfs_set_preopened(const char *volume, glfs_t *fs)
+ {
+       struct glfs_preopened *entry = NULL;
+-- 
+1.9.3
+
+
+From 9b2c8854a5a27e4fdbe5191abf174d3152b0edfd Mon Sep 17 00:00:00 2001
+From: Poornima Gurusiddaiah <pgurusid@redhat.com>
+Date: Sun, 24 Nov 2013 21:37:53 +0000
+Subject: [PATCH 8/9] PATCHSET13: vfs_glusterfs: Enable per client log file
+
+In Samba configuration file, one of the options of gluster type is
+log file, the value of this option was not allowed to contain any
+variables, as a result all the clients would have a single log file,
+which complicated debugging.
+In this patch, variable substitution is performed for gluster log file.
+Hence allowing user to customise the gluster log file name.
+
+Signed-off-by: Poornima Gurusiddaiah <pgurusid@redhat.com>
+Reviewed-by: Ira Cooper <ira@samba.org>
+---
+ source3/modules/vfs_glusterfs.c | 41 ++++++++++++++++++++++-------------------
+ 1 file changed, 22 insertions(+), 19 deletions(-)
+
+diff --git a/source3/modules/vfs_glusterfs.c b/source3/modules/vfs_glusterfs.c
+index ef505a3..3757968 100644
+--- a/source3/modules/vfs_glusterfs.c
++++ b/source3/modules/vfs_glusterfs.c
+@@ -205,12 +205,12 @@ static int vfs_gluster_connect(struct vfs_handle_struct *handle,
+ {
+       const char *volfile_server;
+       const char *volume;
+-      const char *logfile;
++      char *logfile;
+       int loglevel;
+       glfs_t *fs;
+-      int ret;
++      int ret = 0;
+-      logfile = lp_parm_const_string(SNUM(handle->conn), "glusterfs",
++      logfile = lp_parm_talloc_string(SNUM(handle->conn), "glusterfs",
+                                      "logfile", NULL);
+       loglevel = lp_parm_int(SNUM(handle->conn), "glusterfs", "loglevel", -1);
+@@ -229,57 +229,60 @@ static int vfs_gluster_connect(struct vfs_handle_struct *handle,
+       fs = glfs_find_preopened(volume);
+       if (fs) {
+-              goto found;
++              goto done;
+       }
+       fs = glfs_new(volume);
+       if (fs == NULL) {
+-              return -1;
++              ret = -1;
++              goto done;
+       }
+       ret = glfs_set_volfile_server(fs, "tcp", volfile_server, 0);
+       if (ret < 0) {
+               DEBUG(0, ("Failed to set volfile_server %s\n", volfile_server));
+-              glfs_fini(fs);
+-              return -1;
++              goto done;
+       }
+       ret = glfs_set_xlator_option(fs, "*-md-cache", "cache-posix-acl",
+                                    "true");
+       if (ret < 0) {
+               DEBUG(0, ("%s: Failed to set xlator options\n", volume));
+-              glfs_fini(fs);
+-              return -1;
++              goto done;
+       }
+       ret = glfs_set_logging(fs, logfile, loglevel);
+       if (ret < 0) {
+               DEBUG(0, ("%s: Failed to set logfile %s loglevel %d\n",
+                         volume, logfile, loglevel));
+-              glfs_fini(fs);
+-              return -1;
++              goto done;
+       }
+       ret = glfs_init(fs);
+       if (ret < 0) {
+               DEBUG(0, ("%s: Failed to initialize volume (%s)\n",
+                         volume, strerror(errno)));
+-              glfs_fini(fs);
+-              return -1;
++              goto done;
+       }
+       ret = glfs_set_preopened(volume, fs);
+       if (ret < 0) {
+               DEBUG(0, ("%s: Failed to register volume (%s)\n",
+                         volume, strerror(errno)));
+-              glfs_fini(fs);
++              goto done;
++      }
++done:
++      talloc_free(logfile);
++      if (ret < 0) {
++              if (fs)
++                      glfs_fini(fs);
+               return -1;
++      } else {
++              DEBUG(0, ("%s: Initialized volume from server %s\n",
++                         volume, volfile_server));
++              handle->data = fs;
++              return 0;
+       }
+-found:
+-      DEBUG(0, ("%s: Initialized volume from server %s\n",
+-                volume, volfile_server));
+-      handle->data = fs;
+-      return 0;
+ }
+ static void vfs_gluster_disconnect(struct vfs_handle_struct *handle)
+-- 
+1.9.3
+
+
+From 8577c573dcd44e26579a6594b83a6d582faef14c Mon Sep 17 00:00:00 2001
+From: Niels de Vos <ndevos@redhat.com>
+Date: Fri, 10 Jan 2014 16:26:18 +0100
+Subject: [PATCH 9/9] PATCHSET13: vfs/glusterfs: in case atime is not passed,
+ set it to the current atime
+
+The Linux CIFS client does not pass an updated atime when a write() is
+done. This causes the vfs/glusterfs module to set the atime to -1 on the
+Gluster backend, resulting in an atime far in the future (year 2106).
+
+Signed-off-by: Niels de Vos <ndevos@redhat.com>
+Reviewed-by: Ira Cooper <ira@samba.org>
+Reviewed-by: Jeremy Allison <jra@samba.org>
+
+Autobuild-User(master): Jeremy Allison <jra@samba.org>
+Autobuild-Date(master): Wed Jan 15 21:31:30 CET 2014 on sn-devel-104
+---
+ source3/modules/vfs_glusterfs.c | 26 ++++++++++++++++++++++----
+ 1 file changed, 22 insertions(+), 4 deletions(-)
+
+diff --git a/source3/modules/vfs_glusterfs.c b/source3/modules/vfs_glusterfs.c
+index 3757968..24f80dd 100644
+--- a/source3/modules/vfs_glusterfs.c
++++ b/source3/modules/vfs_glusterfs.c
+@@ -675,10 +675,28 @@ static int vfs_gluster_ntimes(struct vfs_handle_struct *handle,
+ {
+       struct timespec times[2];
+-      times[0].tv_sec = ft->atime.tv_sec;
+-      times[0].tv_nsec = ft->atime.tv_nsec;
+-      times[1].tv_sec = ft->mtime.tv_sec;
+-      times[1].tv_nsec = ft->mtime.tv_nsec;
++      if (null_timespec(ft->atime)) {
++              times[0].tv_sec = smb_fname->st.st_ex_atime.tv_sec;
++              times[0].tv_nsec = smb_fname->st.st_ex_atime.tv_nsec;
++      } else {
++              times[0].tv_sec = ft->atime.tv_sec;
++              times[0].tv_nsec = ft->atime.tv_nsec;
++      }
++
++      if (null_timespec(ft->mtime)) {
++              times[1].tv_sec = smb_fname->st.st_ex_mtime.tv_sec;
++              times[1].tv_nsec = smb_fname->st.st_ex_mtime.tv_nsec;
++      } else {
++              times[1].tv_sec = ft->mtime.tv_sec;
++              times[1].tv_nsec = ft->mtime.tv_nsec;
++      }
++
++      if ((timespec_compare(&times[0],
++                            &smb_fname->st.st_ex_atime) == 0) &&
++          (timespec_compare(&times[1],
++                            &smb_fname->st.st_ex_mtime) == 0)) {
++              return 0;
++      }
+       return glfs_utimens(handle->data, smb_fname->base_name, times);
+ }
+-- 
+1.9.3
+
diff --git a/src/patches/samba/samba-3.6.23-libsmbclient.patch b/src/patches/samba/samba-3.6.23-libsmbclient.patch
new file mode 100644 (file)
index 0000000..61107c5
--- /dev/null
@@ -0,0 +1,36 @@
+From b2b00b1d7871f7557fe7e8f616fa46a8e5ebd298 Mon Sep 17 00:00:00 2001
+From: Andreas Schneider <asn@samba.org>
+Date: Wed, 28 May 2014 16:02:15 +0200
+Subject: [PATCH] PATCHSET10: s3-libsmbclient: Always initialize globals.
+
+This fixes cases where we dereference NULL pointers of globals which
+were not initialized.
+---
+ source3/libsmb/libsmb_context.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/source3/libsmb/libsmb_context.c b/source3/libsmb/libsmb_context.c
+index 6c20d65..888c2ef 100644
+--- a/source3/libsmb/libsmb_context.c
++++ b/source3/libsmb/libsmb_context.c
+@@ -76,7 +76,7 @@ SMBC_module_init(void * punused)
+          * defaults ...
+          */
+-        if (!lp_load(get_dyn_CONFIGFILE(), True, False, False, False)) {
++        if (!lp_load(get_dyn_CONFIGFILE(), True, False, False, True)) {
+             DEBUG(5, ("Could not load config file: %s\n",
+                       get_dyn_CONFIGFILE()));
+         } else if (home) {
+@@ -89,7 +89,7 @@ SMBC_module_init(void * punused)
+             if (asprintf(&conf,
+                          "%s/.smb/smb.conf.append",
+                          home) > 0) {
+-                if (!lp_load(conf, True, False, False, False)) {
++                if (!lp_load(conf, True, False, False, True)) {
+                     DEBUG(10,
+                           ("Could not append config file: "
+                            "%s\n",
+-- 
+1.9.3
+
diff --git a/src/patches/samba/samba-3.6.26-smb2_case_sensitive.patch b/src/patches/samba/samba-3.6.26-smb2_case_sensitive.patch
new file mode 100644 (file)
index 0000000..ee27bd4
--- /dev/null
@@ -0,0 +1,118 @@
+From 3432aafbf86b4d3a559838d81b3ebc039e72a412 Mon Sep 17 00:00:00 2001
+From: Jeremy Allison <jra@samba.org>
+Date: Tue, 10 Jun 2014 14:41:45 -0700
+Subject: [PATCH 1/2] s3: smbd - SMB[2|3]. Ensure a \ or / can't be found
+ anywhere in a search path, not just at the start.
+
+Signed-off-by: Jeremy Allison <jra@samba.org>
+---
+ source3/smbd/smb2_find.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/source3/smbd/smb2_find.c b/source3/smbd/smb2_find.c
+index 59e5b66..b0ab7a8 100644
+--- a/source3/smbd/smb2_find.c
++++ b/source3/smbd/smb2_find.c
+@@ -255,11 +255,11 @@ static struct tevent_req *smbd_smb2_find_send(TALLOC_CTX *mem_ctx,
+               tevent_req_nterror(req, NT_STATUS_OBJECT_NAME_INVALID);
+               return tevent_req_post(req, ev);
+       }
+-      if (strcmp(in_file_name, "\\") == 0) {
++      if (strchr_m(in_file_name, '\\') != NULL) {
+               tevent_req_nterror(req, NT_STATUS_OBJECT_NAME_INVALID);
+               return tevent_req_post(req, ev);
+       }
+-      if (strcmp(in_file_name, "/") == 0) {
++      if (strchr_m(in_file_name, '/') != NULL) {
+               tevent_req_nterror(req, NT_STATUS_OBJECT_NAME_INVALID);
+               return tevent_req_post(req, ev);
+       }
+-- 
+1.9.3
+
+
+From 190d0f39bb400a373c8f4d6847e2980c0df8da2b Mon Sep 17 00:00:00 2001
+From: Jeremy Allison <jra@samba.org>
+Date: Tue, 10 Jun 2014 15:58:15 -0700
+Subject: [PATCH 2/2] s3: smbd : SMB2 - fix SMB2_SEARCH when searching non
+ wildcard string with a case-canonicalized share.
+
+We need to go through filename_convert() in order for the filename
+canonicalization to be done on a non-wildcard search string (as is
+done in the SMB1 findfirst code path).
+
+Fixes Bug #10650 - "case sensitive = True" option doesn't work with "max protocol = SMB2" or higher in large directories.
+
+https://bugzilla.samba.org/show_bug.cgi?id=10650
+
+Signed-off-by: Jeremy Allison <jra@samba.org>
+---
+ source3/smbd/smb2_find.c | 38 +++++++++++++++++++++++++++++++++++---
+ 1 file changed, 35 insertions(+), 3 deletions(-)
+
+diff --git a/source3/smbd/smb2_find.c b/source3/smbd/smb2_find.c
+index b0ab7a8..6fe6545 100644
+--- a/source3/smbd/smb2_find.c
++++ b/source3/smbd/smb2_find.c
+@@ -229,6 +229,7 @@ static struct tevent_req *smbd_smb2_find_send(TALLOC_CTX *mem_ctx,
+       uint32_t dirtype = FILE_ATTRIBUTE_HIDDEN | FILE_ATTRIBUTE_SYSTEM | FILE_ATTRIBUTE_DIRECTORY;
+       bool dont_descend = false;
+       bool ask_sharemode = true;
++      bool wcard_has_wild;
+       req = tevent_req_create(mem_ctx, &state,
+                               struct smbd_smb2_find_state);
+@@ -303,16 +304,47 @@ static struct tevent_req *smbd_smb2_find_send(TALLOC_CTX *mem_ctx,
+               dptr_CloseDir(fsp);
+       }
++      wcard_has_wild = ms_has_wild(in_file_name);
++
++      /* Ensure we've canonicalized any search path if not a wildcard. */
++      if (!wcard_has_wild) {
++              struct smb_filename *smb_fname = NULL;
++              const char *fullpath;
++
++              if (ISDOT(fsp->fsp_name->base_name)) {
++                      fullpath = in_file_name;
++              } else {
++                      fullpath = talloc_asprintf(state,
++                                      "%s/%s",
++                                      fsp->fsp_name->base_name,
++                                      in_file_name);
++              }
++              if (tevent_req_nomem(fullpath, req)) {
++                      return tevent_req_post(req, ev);
++              }
++              status = filename_convert(state,
++                              conn,
++                              false, /* Not a DFS path. */
++                              fullpath,
++                              UCF_SAVE_LCOMP | UCF_ALWAYS_ALLOW_WCARD_LCOMP,
++                              &wcard_has_wild,
++                              &smb_fname);
++
++              if (!NT_STATUS_IS_OK(status)) {
++                      tevent_req_nterror(req, status);
++                      return tevent_req_post(req, ev);
++              }
++
++              in_file_name = smb_fname->original_lcomp;
++      }
++
+       if (fsp->dptr == NULL) {
+-              bool wcard_has_wild;
+               if (!(fsp->access_mask & SEC_DIR_LIST)) {
+                       tevent_req_nterror(req, NT_STATUS_ACCESS_DENIED);
+                       return tevent_req_post(req, ev);
+               }
+-              wcard_has_wild = ms_has_wild(in_file_name);
+-
+               status = dptr_create(conn,
+                                    fsp,
+                                    fsp->fsp_name->base_name,
+-- 
+1.9.3
+
diff --git a/src/patches/samba/samba-3.6.99-2110-ntlmssp-session-setup-nas.patch b/src/patches/samba/samba-3.6.99-2110-ntlmssp-session-setup-nas.patch
new file mode 100644 (file)
index 0000000..2b6ce6a
--- /dev/null
@@ -0,0 +1,39 @@
+From ce2b7dad823e3af00884bc0c75851eec7445ec88 Mon Sep 17 00:00:00 2001
+From: Andreas Schneider <asn@samba.org>
+Date: Mon, 31 Oct 2016 12:25:35 +0100
+Subject: [PATCH] s3-libsmb Allow SESSION KEY setup without signing
+
+This is not supported by NetApp or EMC NAS systems. They do not
+implement the protocol correctly. So work around their broken
+implementations.
+
+Signed-off-by: Andreas Schneider <asn@samba.org>
+---
+ source3/libsmb/ntlmssp.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/source3/libsmb/ntlmssp.c b/source3/libsmb/ntlmssp.c
+index 7e58990..446d02d 100644
+--- a/source3/libsmb/ntlmssp.c
++++ b/source3/libsmb/ntlmssp.c
+@@ -206,7 +206,7 @@ void ntlmssp_want_feature_list(struct ntlmssp_state *ntlmssp_state, char *featur
+        * also add  NTLMSSP_NEGOTIATE_SEAL here. JRA.
+        */
+       if (in_list("NTLMSSP_FEATURE_SESSION_KEY", feature_list, True)) {
+-              ntlmssp_state->required_flags |= NTLMSSP_NEGOTIATE_SIGN;
++              ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SIGN;
+       }
+       if (in_list("NTLMSSP_FEATURE_SIGN", feature_list, True)) {
+               ntlmssp_state->required_flags |= NTLMSSP_NEGOTIATE_SIGN;
+@@ -231,7 +231,7 @@ void ntlmssp_want_feature(struct ntlmssp_state *ntlmssp_state, uint32_t feature)
+ {
+       /* As per JRA's comment above */
+       if (feature & NTLMSSP_FEATURE_SESSION_KEY) {
+-              ntlmssp_state->required_flags |= NTLMSSP_NEGOTIATE_SIGN;
++              ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SIGN;
+       }
+       if (feature & NTLMSSP_FEATURE_SIGN) {
+               ntlmssp_state->required_flags |= NTLMSSP_NEGOTIATE_SIGN;
+-- 
+2.10.1
+
diff --git a/src/patches/samba/samba-3.6.99-add_spoolss_os_version.patch b/src/patches/samba/samba-3.6.99-add_spoolss_os_version.patch
new file mode 100644 (file)
index 0000000..3953b29
--- /dev/null
@@ -0,0 +1,53 @@
+From e5d6a3914151217e1487d9a444c2ced4cfd89491 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
+Date: Sat, 19 Jan 2013 01:37:29 +0100
+Subject: [PATCH 19/20] PATCHSET9: s3-spoolss: Make it easier to manipulate the
+ returned OSVersion at runtime.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Guenther
+
+Signed-off-by: Günther Deschner <gd@samba.org>
+Reviewed-by: Andreas Schneider <asn@samba.org>
+Signed-off-by: Andreas Schneider <asn@samba.org>
+---
+ source3/rpc_server/spoolss/srv_spoolss_nt.c | 14 +++++++++++---
+ 1 file changed, 11 insertions(+), 3 deletions(-)
+
+diff --git a/source3/rpc_server/spoolss/srv_spoolss_nt.c b/source3/rpc_server/spoolss/srv_spoolss_nt.c
+index 8372c43..0c4b582 100644
+--- a/source3/rpc_server/spoolss/srv_spoolss_nt.c
++++ b/source3/rpc_server/spoolss/srv_spoolss_nt.c
+@@ -2352,9 +2352,13 @@ static WERROR getprinterdata_printer_server(TALLOC_CTX *mem_ctx,
+               enum ndr_err_code ndr_err;
+               struct spoolss_OSVersion os;
+-              os.major                = 5;    /* Windows 2000 == 5.0 */
+-              os.minor                = 0;
+-              os.build                = 2195; /* build */
++              os.major                = lp_parm_int(GLOBAL_SECTION_SNUM,
++                                                    "spoolss", "os_major", 5);
++                                                    /* Windows 2000 == 5.0 */
++              os.minor                = lp_parm_int(GLOBAL_SECTION_SNUM,
++                                                    "spoolss", "os_minor", 0);
++              os.build                = lp_parm_int(GLOBAL_SECTION_SNUM,
++                                                    "spoolss", "os_build", 2195);
+               os.extra_string         = "";   /* leave extra string empty */
+               ndr_err = ndr_push_struct_blob(&blob, mem_ctx, &os,
+@@ -2363,6 +2367,10 @@ static WERROR getprinterdata_printer_server(TALLOC_CTX *mem_ctx,
+                       return WERR_GENERAL_FAILURE;
+               }
++              if (DEBUGLEVEL >= 10) {
++                      NDR_PRINT_DEBUG(spoolss_OSVersion, &os);
++              }
++
+               *type = REG_BINARY;
+               data->binary = blob;
+-- 
+1.9.0
+
diff --git a/src/patches/samba/samba-3.6.99-add_timeout_option_to_smbclient.patch b/src/patches/samba/samba-3.6.99-add_timeout_option_to_smbclient.patch
new file mode 100644 (file)
index 0000000..7175ca8
--- /dev/null
@@ -0,0 +1,147 @@
+commit e8f6a7df1b5ae7f7275ac59b8c21b82de1922c3b
+Author:     Jeremy Allison <jra@samba.org>
+AuthorDate: Fri Aug 16 13:49:39 2013 -0700
+Commit:     Andreas Schneider <asn@samba.org>
+CommitDate: Wed Feb 5 11:50:28 2014 +0100
+
+    Add new "timeout" command and -t option to smbclient to set the per-operation timeout.
+    
+    This is needed as once SMB3 encryption is selected the server
+    response time can be very slow when requesting large numbers
+    (256) of large encrypted packets (1MB) from a Windows 2012
+    virtual machine. This allows clients to tune their allowable
+    wait time.
+    
+    Signed-off-by: Jeremy Allison <jra@samba.org>
+    Reviewed-by: Michael Adam <obnox@samba.org>
+    (cherry picked from commit d9c88a56dc451be09e8c9fc9aa8857e312fcb444)
+---
+ source3/client/client.c | 44 ++++++++++++++++++++++++++++++++++++++++----
+ 1 file changed, 40 insertions(+), 4 deletions(-)
+
+diff --git a/source3/client/client.c b/source3/client/client.c
+index f6e42f6..aa16b14 100644
+--- a/source3/client/client.c
++++ b/source3/client/client.c
+@@ -54,7 +54,12 @@ static bool grepable = false;
+ static char *cmdstr = NULL;
+ const char *cmd_ptr = NULL;
++/* 30 second timeout on most commands */
++#define CLIENT_TIMEOUT (30*1000)
++#define SHORT_TIMEOUT (5*1000)
++
+ static int io_bufsize = 524288;
++static int io_timeout = (CLIENT_TIMEOUT/1000); /* Per operation timeout (in seconds). */
+ static int name_type = 0x20;
+ static int max_protocol = PROTOCOL_NT1;
+@@ -64,10 +69,6 @@ static int cmd_help(void);
+ #define CREATE_ACCESS_READ READ_CONTROL_ACCESS
+-/* 30 second timeout on most commands */
+-#define CLIENT_TIMEOUT (30*1000)
+-#define SHORT_TIMEOUT (5*1000)
+-
+ /* value for unused fid field in trans2 secondary request */
+ #define FID_UNUSED (0xFFFF)
+@@ -4264,6 +4265,31 @@ int cmd_iosize(void)
+ }
+ /****************************************************************************
++ timeout command
++***************************************************************************/
++
++static int cmd_timeout(void)
++{
++      TALLOC_CTX *ctx = talloc_tos();
++      char *buf;
++
++      if (!next_token_talloc(ctx, &cmd_ptr,&buf,NULL)) {
++              unsigned int old_timeout = cli_set_timeout(cli, 0);
++              cli_set_timeout(cli, old_timeout);
++              d_printf("timeout <n> (per-operation timeout "
++                      "in seconds - currently %u).\n",
++                      old_timeout/1000);
++              return 1;
++      }
++
++      io_timeout = strtol(buf,NULL,0);
++      cli_set_timeout(cli, io_timeout*1000);
++      d_printf("io_timeout per operation is now %d\n", io_timeout);
++      return 0;
++}
++
++
++/****************************************************************************
+ history
+ ****************************************************************************/
+ static int cmd_history(void)
+@@ -4369,6 +4395,7 @@ static struct {
+   {"symlink",cmd_symlink,"<oldname> <newname> create a UNIX symlink",{COMPL_REMOTE,COMPL_REMOTE}},
+   {"tar",cmd_tar,"tar <c|x>[IXFqbgNan] current directory to/from <file name>",{COMPL_NONE,COMPL_NONE}},
+   {"tarmode",cmd_tarmode,"<full|inc|reset|noreset> tar's behaviour towards archive bits",{COMPL_NONE,COMPL_NONE}},
++  {"timeout",cmd_timeout,"timeout <number> - set the per-operation timeout in seconds (default 20)",{COMPL_NONE,COMPL_NONE}},
+   {"translate",cmd_translate,"toggle text translation for printing",{COMPL_NONE,COMPL_NONE}},
+   {"unlock",cmd_unlock,"unlock <fnum> <hex-start> <hex-len> : remove a POSIX lock",{COMPL_REMOTE,COMPL_REMOTE}},
+   {"volume",cmd_volume,"print the volume name",{COMPL_NONE,COMPL_NONE}},
+@@ -4465,6 +4492,7 @@ static int process_command_string(const char *cmd_in)
+               if (!cli) {
+                       return 1;
+               }
++              cli_set_timeout(cli, io_timeout*1000);
+       }
+       while (cmd[0] != '\0')    {
+@@ -4942,6 +4970,8 @@ static int process(const char *base_directory)
+               return 1;
+       }
++      cli_set_timeout(cli, io_timeout*1000);
++
+       if (base_directory && *base_directory) {
+               rc = do_cd(base_directory);
+               if (rc) {
+@@ -4972,6 +5002,7 @@ static int do_host_query(const char *query_host)
+       if (!cli)
+               return 1;
++      cli_set_timeout(cli, io_timeout*1000);
+       browse_host(true);
+       /* Ensure that the host can do IPv4 */
+@@ -5003,6 +5034,7 @@ static int do_host_query(const char *query_host)
+               return 1;
+       }
++      cli_set_timeout(cli, io_timeout*1000);
+       list_servers(lp_workgroup());
+       cli_shutdown(cli);
+@@ -5026,6 +5058,7 @@ static int do_tar_op(const char *base_directory)
+                       max_protocol, port, name_type);
+               if (!cli)
+                       return 1;
++              cli_set_timeout(cli, io_timeout*1000);
+       }
+       recurse=true;
+@@ -5091,6 +5124,8 @@ static int do_message_op(struct user_auth_info *a_info)
+               return 1;
+       }
++      cli_set_timeout(cli, io_timeout*1000);
++
+       send_message(get_cmdline_auth_info_username(a_info));
+       cli_shutdown(cli);
+@@ -5127,6 +5162,7 @@ static int do_message_op(struct user_auth_info *a_info)
+               { "directory", 'D', POPT_ARG_STRING, NULL, 'D', "Start from directory", "DIR" },
+               { "command", 'c', POPT_ARG_STRING, &cmdstr, 'c', "Execute semicolon separated commands" }, 
+               { "send-buffer", 'b', POPT_ARG_INT, &io_bufsize, 'b', "Changes the transmit/send buffer", "BYTES" },
++              { "timeout", 't', POPT_ARG_INT, &io_timeout, 'b', "Changes the per-operation timeout", "SECONDS" },
+               { "port", 'p', POPT_ARG_INT, &port, 'p', "Port to connect to", "PORT" },
+               { "grepable", 'g', POPT_ARG_NONE, NULL, 'g', "Produce grepable output" },
+                 { "browse", 'B', POPT_ARG_NONE, NULL, 'B', "Browse SMB servers using DNS" },
diff --git a/src/patches/samba/samba-3.6.99-asserted_identity_sid-S-1-18-1.patch b/src/patches/samba/samba-3.6.99-asserted_identity_sid-S-1-18-1.patch
new file mode 100644 (file)
index 0000000..19e5f1a
--- /dev/null
@@ -0,0 +1,223 @@
+From ed26d110b814e2cf0413bd9665bd08bda271ba01 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
+Date: Fri, 15 Jan 2016 14:46:07 +0100
+Subject: [PATCH 1/3] security: Add Asserted Identity sids (S-1-18)
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Bug: https://bugzilla.samba.org/show_bug.cgi?id=11677
+
+definitions taken from [MS-DTYP]: Windows Data Types,
+2.4.2.4 Well-Known SID Structures.
+
+Guenther
+
+Signed-off-by: Günther Deschner <gd@samba.org>
+---
+ libcli/security/dom_sid.h  | 3 +++
+ libcli/security/util_sid.c | 8 ++++++++
+ librpc/idl/security.idl    | 3 +++
+ 3 files changed, 14 insertions(+)
+
+diff --git a/libcli/security/dom_sid.h b/libcli/security/dom_sid.h
+index 04571c2..503b621 100644
+--- a/libcli/security/dom_sid.h
++++ b/libcli/security/dom_sid.h
+@@ -35,6 +35,9 @@ extern const struct dom_sid global_sid_System;
+ extern const struct dom_sid global_sid_NULL;
+ extern const struct dom_sid global_sid_Authenticated_Users;
+ extern const struct dom_sid global_sid_Network;
++extern const struct dom_sid global_sid_Asserted_Identity;
++extern const struct dom_sid global_sid_Asserted_Identity_Service;
++extern const struct dom_sid global_sid_Asserted_Identity_Authentication_Authority;
+ extern const struct dom_sid global_sid_Creator_Owner;
+ extern const struct dom_sid global_sid_Creator_Group;
+ extern const struct dom_sid global_sid_Anonymous;
+diff --git a/libcli/security/util_sid.c b/libcli/security/util_sid.c
+index cf1f7f3..5a41ef7 100644
+--- a/libcli/security/util_sid.c
++++ b/libcli/security/util_sid.c
+@@ -53,6 +53,14 @@ const struct dom_sid global_sid_Authenticated_Users =       /* All authenticated rids
+ const struct dom_sid global_sid_Restriced =                   /* Restriced Code */
+ { 1, 1, {0,0,0,0,0,5}, {12,0,0,0,0,0,0,0,0,0,0,0,0,0,0}};
+ #endif
++
++const struct dom_sid global_sid_Asserted_Identity =       /* Asserted Identity */
++{ 1, 0, {0,0,0,0,0,18}, {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0}};
++const struct dom_sid global_sid_Asserted_Identity_Service =   /* Asserted Identity Service */
++{ 1, 1, {0,0,0,0,0,18}, {1,0,0,0,0,0,0,0,0,0,0,0,0,0,0}};
++const struct dom_sid global_sid_Asserted_Identity_Authentication_Authority =  /* Asserted Identity Authentication Authority */
++{ 1, 1, {0,0,0,0,0,18}, {2,0,0,0,0,0,0,0,0,0,0,0,0,0,0}};
++
+ const struct dom_sid global_sid_Network =                     /* Network rids */
+ { 1, 1, {0,0,0,0,0,5}, {2,0,0,0,0,0,0,0,0,0,0,0,0,0,0}};
+diff --git a/librpc/idl/security.idl b/librpc/idl/security.idl
+index 0ea79a3..7df773e 100644
+--- a/librpc/idl/security.idl
++++ b/librpc/idl/security.idl
+@@ -277,6 +277,9 @@ interface security
+       const string SID_NT_TRUSTED_INSTALLER =
+               "S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464";
++      const string SID_AUTHENTICATION_AUTHORITY_ASSERTED_IDENTITY = "S-1-18-1";
++      const string SID_SERVICE_ASSERTED_IDENTITY = "S-1-18-2";
++
+       /* well-known domain RIDs */
+       const int DOMAIN_RID_LOGON                   = 9;
+       const int DOMAIN_RID_ENTERPRISE_READONLY_DCS = 498;
+-- 
+2.5.0
+
+
+From be247c05146c45bcea5c06a38ff07e8f0c934ab6 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
+Date: Fri, 15 Jan 2016 14:43:12 +0100
+Subject: [PATCH 2/3] s3-util: add helper functions to deal with the S-1-18
+ domain.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Bug: https://bugzilla.samba.org/show_bug.cgi?id=11677
+
+Guenther
+
+Signed-off-by: Günther Deschner <gd@samba.org>
+---
+ source3/Makefile.in            |  2 +-
+ source3/include/proto.h        |  5 +++++
+ source3/lib/util_specialsids.c | 40 ++++++++++++++++++++++++++++++++++++++++
+ source3/wscript_build          |  1 +
+ 4 files changed, 47 insertions(+), 1 deletion(-)
+ create mode 100644 source3/lib/util_specialsids.c
+
+diff --git a/source3/Makefile.in b/source3/Makefile.in
+index 9e8e03d..8df2bff 100644
+--- a/source3/Makefile.in
++++ b/source3/Makefile.in
+@@ -456,7 +456,7 @@ LIB_OBJ = $(LIBSAMBAUTIL_OBJ) $(UTIL_OBJ) $(CRYPTO_OBJ) \
+         lib/access.o lib/smbrun.o \
+         lib/bitmap.o lib/dprintf.o $(UTIL_REG_OBJ) \
+         lib/wins_srv.o \
+-        lib/util_str.o lib/clobber.o lib/util_sid.o \
++        lib/util_str.o lib/clobber.o lib/util_sid.o lib/util_specialsids.o \
+         lib/util_unistr.o ../lib/util/charset/codepoints.o lib/util_file.o \
+         lib/util.o lib/util_cmdline.o lib/util_names.o \
+         lib/util_sock.o lib/sock_exec.o lib/util_sec.o \
+diff --git a/source3/include/proto.h b/source3/include/proto.h
+index 7303e76..8cd162b 100644
+--- a/source3/include/proto.h
++++ b/source3/include/proto.h
+@@ -1937,6 +1937,11 @@ bool sid_check_is_in_unix_groups(const struct dom_sid *sid);
+ const char *unix_groups_domain_name(void);
+ bool lookup_unix_group_name(const char *name, struct dom_sid *sid);
++/* The following definitions come from lib/util_specialsids.c  */
++bool sid_check_is_asserted_identity(const struct dom_sid *sid);
++bool sid_check_is_in_asserted_identity(const struct dom_sid *sid);
++const char *asserted_identity_domain_name(void);
++
+ /* The following definitions come from lib/filename_util.c */
+ NTSTATUS get_full_smb_filename(TALLOC_CTX *ctx, const struct smb_filename *smb_fname,
+diff --git a/source3/lib/util_specialsids.c b/source3/lib/util_specialsids.c
+new file mode 100644
+index 0000000..4c402d6
+--- /dev/null
++++ b/source3/lib/util_specialsids.c
+@@ -0,0 +1,40 @@
++/*
++   Unix SMB/CIFS implementation.
++   Copyright (C) Guenther Deschner 2016
++
++   This program is free software; you can redistribute it and/or modify
++   it under the terms of the GNU General Public License as published by
++   the Free Software Foundation; either version 3 of the License, or
++   (at your option) any later version.
++
++   This program is distributed in the hope that it will be useful,
++   but WITHOUT ANY WARRANTY; without even the implied warranty of
++   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++   GNU General Public License for more details.
++
++   You should have received a copy of the GNU General Public License
++   along with this program.  If not, see <http://www.gnu.org/licenses/>.
++*/
++
++#include "includes.h"
++#include "../libcli/security/security.h"
++
++bool sid_check_is_asserted_identity(const struct dom_sid *sid)
++{
++      return dom_sid_equal(sid, &global_sid_Asserted_Identity);
++}
++
++bool sid_check_is_in_asserted_identity(const struct dom_sid *sid)
++{
++      struct dom_sid dom_sid;
++
++      sid_copy(&dom_sid, sid);
++      sid_split_rid(&dom_sid, NULL);
++
++      return sid_check_is_asserted_identity(&dom_sid);
++}
++
++const char *asserted_identity_domain_name(void)
++{
++      return "Asserted Identity";
++}
+diff --git a/source3/wscript_build b/source3/wscript_build
+index 40935d1..ceccbb5 100755
+--- a/source3/wscript_build
++++ b/source3/wscript_build
+@@ -74,6 +74,7 @@ LIB_SRC = '''
+           lib/bitmap.c lib/dprintf.c
+           lib/wins_srv.c
+           lib/clobber.c lib/util_sid.c
++          lib/util_specialsids.c
+           lib/util_file.c
+           lib/util.c lib/util_cmdline.c lib/util_names.c
+           lib/util_sock.c lib/sock_exec.c lib/util_sec.c
+-- 
+2.5.0
+
+
+From bb5c28c8d45be8e26abe37e4873c4b1c59fff782 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
+Date: Fri, 15 Jan 2016 14:43:48 +0100
+Subject: [PATCH 3/3] s3-util: skip S-1-18 sids in token generaion in
+ sid_array_from_info3().
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Bug: https://bugzilla.samba.org/show_bug.cgi?id=11677
+
+Guenther
+
+Signed-off-by: Günther Deschner <gd@samba.org>
+---
+ source3/lib/util_sid.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/source3/lib/util_sid.c b/source3/lib/util_sid.c
+index f051b7a..92fbc76 100644
+--- a/source3/lib/util_sid.c
++++ b/source3/lib/util_sid.c
+@@ -190,6 +190,11 @@ NTSTATUS sid_array_from_info3(TALLOC_CTX *mem_ctx,
+          */
+       for (i = 0; i < info3->sidcount; i++) {
++
++              if (sid_check_is_in_asserted_identity(info3->sids[i].sid)) {
++                      continue;
++              }
++
+               status = add_sid_to_array(mem_ctx, info3->sids[i].sid,
+                                     &sid_array, &num_sids);
+               if (!NT_STATUS_IS_OK(status)) {
+-- 
+2.5.0
+
diff --git a/src/patches/samba/samba-3.6.99-bug-1117059.patch b/src/patches/samba/samba-3.6.99-bug-1117059.patch
new file mode 100644 (file)
index 0000000..4941e66
--- /dev/null
@@ -0,0 +1,86 @@
+From 7f0edd8c68cd20a136a33d692f32ee2ffc30db76 Mon Sep 17 00:00:00 2001
+From: Michael Adam <obnox@samba.org>
+Date: Mon, 19 Jan 2015 13:51:55 +0100
+Subject: [PATCH] s3:winbind:grent: don't stop group enumeration when a group
+ has no gid
+
+simply continue with the next group
+
+Note: this patch introduces some code duplication to make it
+easier to create minimal backport patch. Subsequent patches
+will provide some refactoring to reduce the duplication.
+
+BUG: https://bugzilla.samba.org/show_bug.cgi?id=8905
+
+Signed-off-by: Michael Adam <obnox@samba.org>
+---
+ source3/winbindd/wb_next_grent.c | 51 +++++++++++++++++++++++++++++++++++++++-
+ 1 file changed, 50 insertions(+), 1 deletion(-)
+
+diff --git a/source3/winbindd/wb_next_grent.c b/source3/winbindd/wb_next_grent.c
+index 2b3799a..f52d2d1 100644
+--- a/source3/winbindd/wb_next_grent.c
++++ b/source3/winbindd/wb_next_grent.c
+@@ -168,9 +168,58 @@ static void wb_next_grent_getgrsid_done(struct tevent_req *subreq)
+       status = wb_getgrsid_recv(subreq, talloc_tos(), &domname, &name,
+                                 &state->gr->gr_gid, &state->members);
+       TALLOC_FREE(subreq);
+-      if (tevent_req_nterror(req, status)) {
++
++      if (NT_STATUS_EQUAL(status, NT_STATUS_NONE_MAPPED)) {
++              state->gstate->next_group += 1;
++
++              if (state->gstate->next_group >= state->gstate->num_groups) {
++                      TALLOC_FREE(state->gstate->groups);
++
++                      if (state->gstate->domain == NULL) {
++                              state->gstate->domain = domain_list();
++                      } else {
++                              state->gstate->domain = state->gstate->domain->next;
++                      }
++
++                      if ((state->gstate->domain != NULL) &&
++                          sid_check_is_domain(&state->gstate->domain->sid))
++                      {
++                              state->gstate->domain = state->gstate->domain->next;
++                      }
++
++                      if (state->gstate->domain == NULL) {
++                              tevent_req_nterror(req,
++                                                 NT_STATUS_NO_MORE_ENTRIES);
++                              return;
++                      }
++
++                      subreq = dcerpc_wbint_QueryGroupList_send(
++                              state, state->ev,
++                              dom_child_handle(state->gstate->domain),
++                              &state->next_groups);
++                      if (tevent_req_nomem(subreq, req)) {
++                              return;
++                      }
++
++                      tevent_req_set_callback(subreq,
++                                              wb_next_grent_fetch_done, req);
++                      return;
++              }
++
++              subreq = wb_getgrsid_send(
++                      state, state->ev,
++                      &state->gstate->groups[state->gstate->next_group].sid,
++                      state->max_nesting);
++              if (tevent_req_nomem(subreq, req)) {
++                      return;
++              }
++              tevent_req_set_callback(subreq, wb_next_grent_getgrsid_done,
++                                      req);
++              return;
++      } else if (tevent_req_nterror(req, status)) {
+               return;
+       }
++
+       if (!fill_grent(talloc_tos(), state->gr, domname, name,
+                       state->gr->gr_gid)) {
+               DEBUG(5, ("fill_grent failed\n"));
+-- 
+2.1.0
+
diff --git a/src/patches/samba/samba-3.6.99-bug-1192211.patch b/src/patches/samba/samba-3.6.99-bug-1192211.patch
new file mode 100644 (file)
index 0000000..a14f736
--- /dev/null
@@ -0,0 +1,42 @@
+From a5b116fe3107a56e1d881906e77d9731b0c6b2c2 Mon Sep 17 00:00:00 2001
+From: Michael Adam <obnox@samba.org>
+Date: Sat, 1 Jun 2013 02:14:41 +0200
+Subject: [PATCH] shadow_copy2: implement disk_free
+
+Signed-off-by: Michael Adam <obnox@samba.org>
+---
+ source3/modules/vfs_shadow_copy2.c | 11 +++++++++++
+ 1 file changed, 11 insertions(+)
+
+diff --git a/source3/modules/vfs_shadow_copy2.c b/source3/modules/vfs_shadow_copy2.c
+index fedfb53..7fd4dd5 100644
+--- a/source3/modules/vfs_shadow_copy2.c
++++ b/source3/modules/vfs_shadow_copy2.c
+@@ -944,6 +944,16 @@ static int shadow_copy2_get_shadow_copy2_data(vfs_handle_struct *handle,
+       return 0;
+ }
++static uint64_t shadow_copy2_disk_free(vfs_handle_struct *handle,
++                                     const char *fname, bool small_query,
++                                     uint64_t *bsize, uint64_t *dfree,
++                                     uint64_t *dsize)
++{
++      SHADOW2_NEXT(DISK_FREE,
++                   (handle, name, small_query, bsize, dfree, dsize),
++                   uint64_t, 0);
++}
++
+ static struct vfs_fn_pointers vfs_shadow_copy2_fns = {
+         .opendir = shadow_copy2_opendir,
+         .mkdir = shadow_copy2_mkdir,
+@@ -975,6 +985,7 @@ static struct vfs_fn_pointers vfs_shadow_copy2_fns = {
+         .get_nt_acl = shadow_copy2_get_nt_acl,
+         .chmod_acl = shadow_copy2_chmod_acl,
+       .get_shadow_copy_data = shadow_copy2_get_shadow_copy2_data,
++      .disk_free = shadow_copy2_disk_free,
+ };
+ NTSTATUS vfs_shadow_copy2_init(void);
+-- 
+2.1.0
+
diff --git a/src/patches/samba/samba-3.6.99-doc_netbios_name_length_limit.patch b/src/patches/samba/samba-3.6.99-doc_netbios_name_length_limit.patch
new file mode 100644 (file)
index 0000000..22330f1
--- /dev/null
@@ -0,0 +1,257 @@
+From caea507e6b57a82e059803e307f87fd39affde9c Mon Sep 17 00:00:00 2001
+From: Andreas Schneider <asn@samba.org>
+Date: Wed, 15 Jul 2015 13:22:40 +0200
+Subject: [PATCH] PATCHSET31: docs: Documents length limitations for NetBIOS
+ name
+
+BUG: https://bugzilla.samba.org/show_bug.cgi?id=11401
+
+Signed-off-by: Andreas Schneider <asn@samba.org>
+Reviewed-by: Michael Adam <obnox@samba.org>
+
+Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
+Autobuild-Date(master): Wed Jul 15 19:35:48 CEST 2015 on sn-devel-104
+---
+ docs-xml/smbdotconf/base/netbiosname.xml | 2 ++
+ 1 file changed, 2 insertions(+)
+
+Index: samba-3.6.23/docs-xml/smbdotconf/base/netbiosname.xml
+===================================================================
+--- samba-3.6.23.orig/docs-xml/smbdotconf/base/netbiosname.xml
++++ samba-3.6.23/docs-xml/smbdotconf/base/netbiosname.xml
+@@ -9,6 +9,8 @@
+               the hosts DNS name) will be the name that these services are advertised under.
+               </para>
++              <para>Note that the maximum length for a NetBIOS name is 15 charactars.</para>
++
+               <para>
+               There is a bug in Samba-3 that breaks operation of browsing and access to shares if the netbios name
+               is set to the literal name <literal>PIPE</literal>. To avoid this problem, do not name your Samba-3
+Index: samba-3.6.23/docs/manpages/smb.conf.5
+===================================================================
+--- samba-3.6.23.orig/docs/manpages/smb.conf.5
++++ samba-3.6.23/docs/manpages/smb.conf.5
+@@ -1,13 +1,13 @@
+ '\" t
+ .\"     Title: smb.conf
+ .\"    Author: [see the "AUTHOR" section]
+-.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
+-.\"      Date: 09/18/2013
++.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
++.\"      Date: 10/15/2015
+ .\"    Manual: File Formats and Conventions
+ .\"    Source: Samba 3.6
+ .\"  Language: English
+ .\"
+-.TH "SMB\&.CONF" "5" "09/18/2013" "Samba 3\&.6" "File Formats and Conventions"
++.TH "SMB\&.CONF" "5" "10/15/2015" "Samba 3\&.6" "File Formats and Conventions"
+ .\" -----------------------------------------------------------------
+ .\" * Define some portability stuff
+ .\" -----------------------------------------------------------------
+@@ -1201,8 +1201,7 @@ add user to group script (G)
+ .PP
+ .RS 4
+ Full path to the script that will be called when a user is added to a group using the Windows NT domain administration tools\&. It will be run by
+-\fBsmbd\fR(8)
+-\fIAS ROOT\fR\&. Any
++\fBsmbd\fR(8)\fIAS ROOT\fR\&. Any
+ \fI%g\fR
+ will be replaced with the group name and any
+ \fI%u\fR
+@@ -1563,8 +1562,7 @@ smbpasswd
+ will fail to connect in it\*(Aqs default mode\&.
+ smbpasswd
+ can be forced to use the primary IP interface of the local host by using its
+-\fBsmbpasswd\fR(8)
+-\fI\-r \fR\fI\fIremote machine\fR\fR
++\fBsmbpasswd\fR(8)\fI\-r \fR\fI\fIremote machine\fR\fR
+ parameter, with
+ \fIremote machine\fR
+ set to the IP name of the primary interface of the local host\&.
+@@ -1868,8 +1866,7 @@ and
+ \fIseal\fR
+ are only available if Samba has been compiled against a modern OpenLDAP version (2\&.3\&.x or higher)\&.
+ .sp
+-This option is needed in the case of Domain Controllers enforcing the usage of signed LDAP connections (e\&.g\&. Windows 2000 SP3 or higher)\&. LDAP sign and seal can be controlled with the registry key "HKLM\eSystem\eCurrentControlSet\eServices\e
+-NTDS\eParameters\eLDAPServerIntegrity" on the Windows server side\&.
++This option is needed in the case of Domain Controllers enforcing the usage of signed LDAP connections (e\&.g\&. Windows 2000 SP3 or higher)\&. LDAP sign and seal can be controlled with the registry key "HKLM\eSystem\eCurrentControlSet\eServices\eNTDS\eParameters\eLDAPServerIntegrity" on the Windows server side\&.
+ .sp
+ Depending on the used KRB5 library (MIT and older Heimdal versions) it is possible that the message "integrity only" is not supported\&. In this case,
+ \fIsign\fR
+@@ -2513,8 +2510,7 @@ delete group script (G)
+ .PP
+ .RS 4
+ This is the full pathname to a script that will be run
+-\fIAS ROOT\fR
+-\fBsmbd\fR(8)
++\fIAS ROOT\fR\fBsmbd\fR(8)
+ when a group is requested to be deleted\&. It will expand any
+ \fI%g\fR
+ to the group name passed\&. This script is only useful for installations using the Windows NT domain administration tools\&.
+@@ -2633,8 +2629,7 @@ delete user from group script (G)
+ .PP
+ .RS 4
+ Full path to the script that will be called when a user is removed from a group using the Windows NT domain administration tools\&. It will be run by
+-\fBsmbd\fR(8)
+-\fIAS ROOT\fR\&. Any
++\fBsmbd\fR(8)\fIAS ROOT\fR\&. Any
+ \fI%g\fR
+ will be replaced with the group name and any
+ \fI%u\fR
+@@ -4895,8 +4890,7 @@ script\&.
+ LDAP connections should be secured where possible\&. This may be done setting
+ \fIeither\fR
+ this parameter to
+-\fIStart_tls\fR
+-\fIor\fR
++\fIStart_tls\fR\fIor\fR
+ by specifying
+ \fIldaps://\fR
+ in the URL argument of
+@@ -4935,9 +4929,7 @@ Please note that this parameter does onl
+ \fIrpc\fR
+ methods\&. To enable the LDAPv3 StartTLS extended operation (RFC2830) for
+ \fIads\fR, set
+-\m[blue]\fBldap ssl = yes\fR\m[]
+-\fIand\fR
+-\m[blue]\fBldap ssl ads = yes\fR\m[]\&. See
++\m[blue]\fBldap ssl = yes\fR\m[]\fIand\fR\m[blue]\fBldap ssl ads = yes\fR\m[]\&. See
+ smb\&.conf(5)
+ for more information on
+ \m[blue]\fBldap ssl ads\fR\m[]\&.
+@@ -5100,8 +5092,7 @@ in elections for local master browser\&.
+ Setting this value to
+ \fBno\fR
+ will cause
+-nmbd
+-\fInever\fR
++nmbd\fInever\fR
+ to become a local master browser\&.
+ .sp
+ Default:
+@@ -5463,7 +5454,6 @@ logon home (G)
+ .RS 4
+ This parameter specifies the home directory location when a Win95/98 or NT Workstation logs into a Samba PDC\&. It allows you to do
+ .sp
+-
+ C:\e>\fBNET USE H: /HOME\fR
+ .sp
+ from a command prompt, for example\&.
+@@ -5472,7 +5462,6 @@ This option takes the standard substitut
+ .sp
+ This parameter can be used with Win9X workstations to ensure that roaming profiles are stored in a subdirectory of the user\*(Aqs home directory\&. This is done in the following way:
+ .sp
+-
+ logon home = \e\e%N\e%U\eprofile
+ .sp
+ This tells Samba to return the above string, with substitutions made when a client requests the info, generally in a NetUserGetInfo request\&. Win9X clients truncate the info to \e\eserver\eshare when a user does
+@@ -6050,7 +6039,6 @@ The three settings are :
+ .sp -1
+ .IP \(bu 2.3
+ .\}
+-
+ \fBYes\fR
+ \- The read only DOS attribute is mapped to the inverse of the user or owner write bit in the unix permission mode set\&. If the owner write bit is not set, the read only attribute is reported as being set on the file\&. If the read only DOS attribute is set, Samba sets the owner, group and others write bits to zero\&. Write bits set in an ACL are ignored by Samba\&. If the read only DOS attribute is unset, Samba simply sets the write bit of the owner to one\&.
+ .RE
+@@ -6063,7 +6051,6 @@ The three settings are :
+ .sp -1
+ .IP \(bu 2.3
+ .\}
+-
+ \fBPermissions\fR
+ \- The read only DOS attribute is mapped to the effective permissions of the connecting user, as evaluated by
+ \fBsmbd\fR(8)
+@@ -6078,7 +6065,6 @@ by reading the unix permissions and POSI
+ .sp -1
+ .IP \(bu 2.3
+ .\}
+-
+ \fBNo\fR
+ \- The read only DOS attribute is unaffected by permissions, and can only be set by the
+ \m[blue]\fBstore dos attributes\fR\m[]
+@@ -6732,7 +6718,6 @@ The options are: "lmhosts", "host", "win
+ .sp -1
+ .IP \(bu 2.3
+ .\}
+-
+ \fBlmhosts\fR
+ : Lookup an IP address in the Samba lmhosts file\&. If the line in lmhosts has no name type attached to the NetBIOS name (see the manpage for lmhosts for details) then any name type matches for lookup\&.
+ .RE
+@@ -6745,7 +6730,6 @@ The options are: "lmhosts", "host", "win
+ .sp -1
+ .IP \(bu 2.3
+ .\}
+-
+ \fBhost\fR
+ : Do a standard host name to IP address resolution, using the system
+ /etc/hosts, NIS, or DNS lookups\&. This method of name resolution is operating system depended for instance on IRIX or Solaris this may be controlled by the
+@@ -6833,6 +6817,8 @@ netbios name (G)
+ .RS 4
+ This sets the NetBIOS name by which a Samba server is known\&. By default it is the same as the first component of the host\*(Aqs DNS name\&. If a machine is a browse server or logon server this name (or the first component of the hosts DNS name) will be the name that these services are advertised under\&.
+ .sp
++Note that the maximum length for a NetBIOS name is 15 charactars\&.
++.sp
+ There is a bug in Samba\-3 that breaks operation of browsing and access to shares if the netbios name is set to the literal name
+ PIPE\&. To avoid this problem, do not name your Samba\-3 server
+ PIPE\&.
+@@ -7639,7 +7625,6 @@ This option specifies a command to be ru
+ .sp
+ An interesting example is to send the users a welcome message every time they log in\&. Maybe a message of the day? Here is an example:
+ .sp
+-
+ preexec = csh \-c \*(Aqecho \e"Welcome to %S!\e" | /usr/local/samba/bin/smbclient \-M %m \-I %I\*(Aq &
+ .sp
+ Of course, this could get annoying after a while :\-)
+@@ -8452,9 +8437,7 @@ rpc_server (G)
+ Defines what kind of rpc server to use for a named pipe\&. The rpc_server prefix must be followed by the pipe name, and a value\&.
+ .sp
+ Three possible values are currently supported:
+-embedded
+-daemon
+-external
++embeddeddaemonexternal
+ .sp
+ The classic method is to run every pipe as an internal function
+ \fIembedded\fR
+@@ -8632,8 +8615,7 @@ security = share
+ server)\&. Instead, the clients send authentication information (passwords) on a per\-share basis, at the time they attempt to connect to that share\&.
+ .sp
+ Note that
+-smbd
+-\fIALWAYS\fR
++smbd\fIALWAYS\fR
+ uses a valid UNIX user to act on behalf of the client, even in
+ security = share
+ level security\&.
+@@ -10177,8 +10159,6 @@ This parameter specifies the absolute pa
+ .sp
+ For example, a valid usershare directory might be /usr/local/samba/lib/usershares, set up as follows\&.
+ .sp
+-
+-.sp
+ .if n \{\
+ .RS 4
+ .\}
+@@ -10650,10 +10630,10 @@ and
+ .sp -1
+ .IP \(bu 2.3
+ .\}
+-\fI<sfu | rfc2307 >\fR
+-\- When Samba is running in security = ads and your Active Directory Domain Controller does support the Microsoft "Services for Unix" (SFU) LDAP schema, winbind can retrieve the login shell and the home directory attributes directly from your Directory Server\&. Note that retrieving UID and GID from your ADS\-Server requires to use
++\fI<sfu | sfu20 | rfc2307 >\fR
++\- When Samba is running in security = ads and your Active Directory Domain Controller does support the Microsoft "Services for Unix" (SFU) LDAP schema, winbind can retrieve the login shell and the home directory attributes directly from your Directory Server\&. For SFU 3\&.0 or 3\&.5 simply choose "sfu", if you use SFU 2\&.0 please choose "sfu20"\&. Note that retrieving UID and GID from your ADS\-Server requires to use
+ \fIidmap config DOMAIN:backend\fR
+-= ad as well\&.
++= ad as well\&. The primary group membership is currently always calculated via the "primaryGroupID" LDAP attribute\&.
+ .RE
+ .sp
+ .RE
+@@ -11036,7 +11016,6 @@ special sections make life for an admini
+ This man page is correct for version 3 of the Samba suite\&.
+ .SH "SEE ALSO"
+ .PP
+-
+ \fBsamba\fR(7),
+ \fBsmbpasswd\fR(8),
+ \fBswat\fR(8),
diff --git a/src/patches/samba/samba-3.6.99-fix_dirsort_ea-support.patch b/src/patches/samba/samba-3.6.99-fix_dirsort_ea-support.patch
new file mode 100644 (file)
index 0000000..5683ae6
--- /dev/null
@@ -0,0 +1,314 @@
+From 252499c1513c45764d039af8732cd97b37c8c494 Mon Sep 17 00:00:00 2001
+From: Volker Lendecke <vl@samba.org>
+Date: Thu, 9 Feb 2017 15:40:39 +0100
+Subject: [PATCH 1/3] smbd: Streamline get_ea_names_from_file
+
+Signed-off-by: Volker Lendecke <vl@samba.org>
+Reviewed-by: Ralph Boehme <slow@samba.org>
+Backported-by: Andreas Schneider <asn@samba.org>
+Backported-from: 27daed8fcf95eed2df112dc1c30c3a40b5c9565b
+---
+ source3/smbd/trans2.c | 89 +++++++++++++++++++++++++++++----------------------
+ 1 file changed, 51 insertions(+), 38 deletions(-)
+
+diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c
+index 98fd2af..49cfe9f 100644
+--- a/source3/smbd/trans2.c
++++ b/source3/smbd/trans2.c
+@@ -201,12 +201,14 @@ NTSTATUS get_ea_names_from_file(TALLOC_CTX *mem_ctx, connection_struct *conn,
+                               files_struct *fsp, const char *fname,
+                               char ***pnames, size_t *pnum_names)
+ {
++      char smallbuf[1024];
+       /* Get a list of all xattrs. Max namesize is 64k. */
+       size_t ea_namelist_size = 1024;
+-      char *ea_namelist = NULL;
++      char *ea_namelist = smallbuf;
++      char *to_free = NULL;
+       char *p;
+-      char **names, **tmp;
++      char **names;
+       size_t num_names;
+       ssize_t sizeret = -1;
+       NTSTATUS status;
+@@ -228,25 +230,24 @@ NTSTATUS get_ea_names_from_file(TALLOC_CTX *mem_ctx, connection_struct *conn,
+               return NT_STATUS_OK;
+       }
+-      /*
+-       * TALLOC the result early to get the talloc hierarchy right.
+-       */
+-
+-      names = TALLOC_ARRAY(mem_ctx, char *, 1);
+-      if (names == NULL) {
+-              DEBUG(0, ("talloc failed\n"));
+-              return NT_STATUS_NO_MEMORY;
++      if (fsp && fsp->fh->fd != -1) {
++              sizeret = SMB_VFS_FLISTXATTR(fsp, ea_namelist,
++                                           ea_namelist_size);
++      } else {
++              sizeret = SMB_VFS_LISTXATTR(conn,
++                                          fname,
++                                          ea_namelist,
++                                          ea_namelist_size);
+       }
+-      while (ea_namelist_size <= 65536) {
+-
+-              ea_namelist = TALLOC_REALLOC_ARRAY(
+-                      names, ea_namelist, char, ea_namelist_size);
++      if ((sizeret == -1) && (errno == ERANGE)) {
++              ea_namelist_size = 65536;
++              ea_namelist = TALLOC_ARRAY(mem_ctx, char, ea_namelist_size);
+               if (ea_namelist == NULL) {
+                       DEBUG(0, ("talloc failed\n"));
+-                      TALLOC_FREE(names);
+                       return NT_STATUS_NO_MEMORY;
+               }
++              to_free = ea_namelist;
+               if (fsp && fsp->fh->fd != -1) {
+                       sizeret = SMB_VFS_FLISTXATTR(fsp, ea_namelist,
+@@ -255,25 +256,18 @@ NTSTATUS get_ea_names_from_file(TALLOC_CTX *mem_ctx, connection_struct *conn,
+                       sizeret = SMB_VFS_LISTXATTR(conn, fname, ea_namelist,
+                                                   ea_namelist_size);
+               }
+-
+-              if ((sizeret == -1) && (errno == ERANGE)) {
+-                      ea_namelist_size *= 2;
+-              }
+-              else {
+-                      break;
+-              }
+       }
+       if (sizeret == -1) {
+-              TALLOC_FREE(names);
+-              return map_nt_error_from_unix(errno);
++              status = map_nt_error_from_unix(errno);
++              TALLOC_FREE(to_free);
++              return status;
+       }
+-      DEBUG(10, ("get_ea_list_from_file: ea_namelist size = %u\n",
+-                 (unsigned int)sizeret));
++      DEBUG(10, ("ea_namelist size = %zd\n", sizeret));
+       if (sizeret == 0) {
+-              TALLOC_FREE(names);
++              TALLOC_FREE(to_free);
+               return NT_STATUS_OK;
+       }
+@@ -282,7 +276,7 @@ NTSTATUS get_ea_names_from_file(TALLOC_CTX *mem_ctx, connection_struct *conn,
+        */
+       if (ea_namelist[sizeret-1] != '\0') {
+-              TALLOC_FREE(names);
++              TALLOC_FREE(to_free);
+               return NT_STATUS_INTERNAL_ERROR;
+       }
+@@ -295,26 +289,45 @@ NTSTATUS get_ea_names_from_file(TALLOC_CTX *mem_ctx, connection_struct *conn,
+               num_names += 1;
+       }
+-      tmp = TALLOC_REALLOC_ARRAY(mem_ctx, names, char *, num_names);
+-      if (tmp == NULL) {
++      *pnum_names = num_names;
++
++      if (pnames == NULL) {
++              TALLOC_FREE(to_free);
++              return NT_STATUS_OK;
++      }
++
++      names = TALLOC_ARRAY(mem_ctx, char *, num_names);
++      if (names == NULL) {
+               DEBUG(0, ("talloc failed\n"));
+-              TALLOC_FREE(names);
++              TALLOC_FREE(to_free);
+               return NT_STATUS_NO_MEMORY;
+       }
+-      names = tmp;
++      if (ea_namelist == smallbuf) {
++              ea_namelist = talloc_memdup(names, smallbuf, sizeret);
++              if (ea_namelist == NULL) {
++                      TALLOC_FREE(names);
++                      return NT_STATUS_NO_MEMORY;
++              }
++      } else {
++              talloc_steal(names, ea_namelist);
++
++              ea_namelist = talloc_realloc(names, ea_namelist, char,
++                                           sizeret);
++              if (ea_namelist == NULL) {
++                      TALLOC_FREE(names);
++                      return NT_STATUS_NO_MEMORY;
++              }
++      }
++
+       num_names = 0;
+       for (p = ea_namelist; p - ea_namelist < sizeret; p += strlen(p)+1) {
+               names[num_names++] = p;
+       }
+-      if (pnames) {
+-              *pnames = names;
+-      } else {
+-              TALLOC_FREE(names);
+-      }
+-      *pnum_names = num_names;
++      *pnames = names;
++
+       return NT_STATUS_OK;
+ }
+-- 
+2.9.3
+
+
+From 17563ab22ad19b34e1d9a1d12b2594c4186718b6 Mon Sep 17 00:00:00 2001
+From: Volker Lendecke <vl@samba.org>
+Date: Tue, 25 Oct 2016 12:28:12 +0200
+Subject: [PATCH 2/3] lib/util/charset: Optimize next_codepoint for the ascii
+ case
+
+Signed-off-by: Volker Lendecke <vl@samba.org>
+Reviewed-by: Ralph Boehme <slow@samba.org>
+
+(cherry picked from commit 07d9a909ba6853fb0b96f6d86e4cf0d5d1b35b28)
+---
+ lib/util/charset/codepoints.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/lib/util/charset/codepoints.c b/lib/util/charset/codepoints.c
+index 5ee95a8..7d157a3 100644
+--- a/lib/util/charset/codepoints.c
++++ b/lib/util/charset/codepoints.c
+@@ -495,6 +495,10 @@ _PUBLIC_ codepoint_t next_codepoint_ext(const char *str, charset_t src_charset,
+ _PUBLIC_ codepoint_t next_codepoint(const char *str, size_t *size)
+ {
++      if ((str[0] & 0x80) == 0) {
++              *size = 1;
++              return str[0];
++      }
+       return next_codepoint_convenience(get_iconv_convenience(), str, size);
+ }
+-- 
+2.9.3
+
+
+From ac8f6faa891fd282fb39ccb8e75a364bf97a5f2b Mon Sep 17 00:00:00 2001
+From: Andreas Schneider <asn@samba.org>
+Date: Thu, 9 Feb 2017 15:05:01 +0100
+Subject: [PATCH 3/3] s3-vfs: Only walk the directory once in
+ open_and_sort_dir()
+
+On a slow filesystem or network filesystem this can make a huge
+difference.
+
+BUG: https://bugzilla.samba.org/show_bug.cgi?id=12571
+
+Signed-off-by: Andreas Schneider <asn@samba.org>
+---
+ source3/modules/vfs_dirsort.c | 61 +++++++++++++++++++++++++++----------------
+ 1 file changed, 38 insertions(+), 23 deletions(-)
+
+diff --git a/source3/modules/vfs_dirsort.c b/source3/modules/vfs_dirsort.c
+index 698e96b..66582e6 100644
+--- a/source3/modules/vfs_dirsort.c
++++ b/source3/modules/vfs_dirsort.c
+@@ -68,8 +68,10 @@ static bool get_sorted_dir_mtime(vfs_handle_struct *handle,
+ static bool open_and_sort_dir(vfs_handle_struct *handle,
+                               struct dirsort_privates *data)
+ {
+-      unsigned int i = 0;
+-      unsigned int total_count = 0;
++      uint32_t total_count = 0;
++      /* This should be enough for most use cases */
++      uint32_t dirent_allocated = 64;
++      SMB_STRUCT_DIRENT *dp;
+       data->number_of_entries = 0;
+@@ -77,38 +79,51 @@ static bool open_and_sort_dir(vfs_handle_struct *handle,
+               return false;
+       }
+-      while (SMB_VFS_NEXT_READDIR(handle, data->source_directory, NULL)
+-             != NULL) {
+-              total_count++;
+-      }
+-
+-      if (total_count == 0) {
++      dp = SMB_VFS_NEXT_READDIR(handle, data->source_directory, NULL);
++      if (dp == NULL) {
+               return false;
+       }
+-      /* Open the underlying directory and count the number of entries
+-         Skip back to the beginning as we'll read it again */
+-      SMB_VFS_NEXT_REWINDDIR(handle, data->source_directory);
+-
+       /* Set up an array and read the directory entries into it */
+       TALLOC_FREE(data->directory_list); /* destroy previous cache if needed */
+       data->directory_list = talloc_zero_array(data,
+                                                SMB_STRUCT_DIRENT,
+-                                               total_count);
+-      if (!data->directory_list) {
++                                               dirent_allocated);
++      if (data->directory_list == NULL) {
+               return false;
+       }
+-      for (i = 0; i < total_count; i++) {
+-              SMB_STRUCT_DIRENT *dp = SMB_VFS_NEXT_READDIR(handle,
+-                                              data->source_directory,
+-                                              NULL);
+-              if (dp == NULL) {
+-                      break;
++
++      do {
++              if (total_count >= dirent_allocated) {
++                      struct dirent *dlist;
++
++                      /*
++                       * Be memory friendly.
++                       *
++                       * We should not double the amount of memory. With a lot
++                       * of files we reach easily 50MB, and doubling will
++                       * get much bigger just for a few files more.
++                       *
++                       * For 200k files this means 50 memory reallocations.
++                       */
++                      dirent_allocated += 4096;
++
++                      dlist = talloc_realloc(data,
++                                             data->directory_list,
++                                             SMB_STRUCT_DIRENT,
++                                             dirent_allocated);
++                      if (dlist == NULL) {
++                              break;
++                      }
++                      data->directory_list = dlist;
+               }
+-              data->directory_list[i] = *dp;
+-      }
++              data->directory_list[total_count] = *dp;
++
++              total_count++;
++              dp = SMB_VFS_NEXT_READDIR(handle, data->source_directory, NULL);
++      } while (dp != NULL);
+-      data->number_of_entries = i;
++      data->number_of_entries = total_count;
+       /* Sort the directory entries by name */
+       TYPESAFE_QSORT(data->directory_list, data->number_of_entries, compare_dirent);
+-- 
+2.9.3
+
diff --git a/src/patches/samba/samba-3.6.99-fix_dropbox_share.patch b/src/patches/samba/samba-3.6.99-fix_dropbox_share.patch
new file mode 100644 (file)
index 0000000..564ecb4
--- /dev/null
@@ -0,0 +1,271 @@
+From 8f286450a223d002358f6dfe81b770fee86c3c85 Mon Sep 17 00:00:00 2001
+From: Volker Lendecke <vl@samba.org>
+Date: Tue, 3 Dec 2013 13:20:17 +0100
+Subject: [PATCH 1/3] PATCHSET15: smbd: Fix regression for the dropbox case.
+
+We need to allow to save a file to a directory with perm -wx.
+
+BUG: https://bugzilla.samba.org/show_bug.cgi?id=10297
+
+Signed-off-by: Volker Lendecke <vl@samba.org>
+Reviewed-by: Jeremy Allison <jra@samba.org>
+Reviewed-by: Andreas Schneider <asn@samba.org>
+(cherry picked from commit 5b49fe24c906cbae12beff7a1b45de6809258cab)
+---
+ source3/smbd/filename.c | 10 +++++-----
+ 1 file changed, 5 insertions(+), 5 deletions(-)
+
+diff --git a/source3/smbd/filename.c b/source3/smbd/filename.c
+index 8ef0c0a..ca19369 100644
+--- a/source3/smbd/filename.c
++++ b/source3/smbd/filename.c
+@@ -716,7 +716,10 @@ NTSTATUS unix_convert(TALLOC_CTX *ctx,
+                                * here.
+                                */
+                               if (errno == EACCES) {
+-                                      if (ucf_flags & UCF_CREATING_FILE) {
++                                      if ((ucf_flags & UCF_CREATING_FILE) == 0) {
++                                              status = NT_STATUS_ACCESS_DENIED;
++                                              goto fail;
++                                      } else {
+                                               /*
+                                                * This is the dropbox
+                                                * behaviour. A dropbox is a
+@@ -728,11 +731,8 @@ NTSTATUS unix_convert(TALLOC_CTX *ctx,
+                                                * nevertheless want to allow
+                                                * users creating a file.
+                                                */
+-                                              status = NT_STATUS_OBJECT_PATH_NOT_FOUND;
+-                                      } else {
+-                                              status = NT_STATUS_ACCESS_DENIED;
++                                              errno = 0;
+                                       }
+-                                      goto fail;
+                               }
+                               if ((errno != 0) && (errno != ENOENT)) {
+-- 
+1.9.3
+
+
+From 38674e8f208a7e8f2ead72266292f30b7ea33c87 Mon Sep 17 00:00:00 2001
+From: Jeremy Allison <jra@samba.org>
+Date: Tue, 3 Dec 2013 10:19:09 -0800
+Subject: [PATCH 2/3] PATCHSET15: smbd: change flag name from UCF_CREATING_FILE
+ to UCF_PREP_CREATEFILE
+
+In preparation to using it for all open calls.
+
+BUG: https://bugzilla.samba.org/show_bug.cgi?id=10297
+
+Signed-off-by: Jeremy Allison <jra@samba.org>
+Reviewed-by: Volker Lendecke <vl@samba.org>
+(cherry picked from commit 874318a97868e08837a1febb1be8e8a167b5ae0f)
+---
+ source3/include/smb.h      |  2 +-
+ source3/smbd/filename.c    |  2 +-
+ source3/smbd/nttrans.c     |  4 ++--
+ source3/smbd/reply.c       | 10 +++++-----
+ source3/smbd/smb2_create.c |  2 +-
+ 5 files changed, 10 insertions(+), 10 deletions(-)
+
+diff --git a/source3/include/smb.h b/source3/include/smb.h
+index 2d04373..559e061 100644
+--- a/source3/include/smb.h
++++ b/source3/include/smb.h
+@@ -1716,7 +1716,7 @@ struct smb_file_time {
+ #define UCF_COND_ALLOW_WCARD_LCOMP    0x00000004
+ #define UCF_POSIX_PATHNAMES           0x00000008
+ #define UCF_UNIX_NAME_LOOKUP          0x00000010
+-#define UCF_CREATING_FILE             0x00000020
++#define UCF_PREP_CREATEFILE           0x00000020
+ /*
+  * smb_filename
+diff --git a/source3/smbd/filename.c b/source3/smbd/filename.c
+index ca19369..2e68e52 100644
+--- a/source3/smbd/filename.c
++++ b/source3/smbd/filename.c
+@@ -716,7 +716,7 @@ NTSTATUS unix_convert(TALLOC_CTX *ctx,
+                                * here.
+                                */
+                               if (errno == EACCES) {
+-                                      if ((ucf_flags & UCF_CREATING_FILE) == 0) {
++                                      if ((ucf_flags & UCF_PREP_CREATEFILE) == 0) {
+                                               status = NT_STATUS_ACCESS_DENIED;
+                                               goto fail;
+                                       } else {
+diff --git a/source3/smbd/nttrans.c b/source3/smbd/nttrans.c
+index 4c145e0..f5da720 100644
+--- a/source3/smbd/nttrans.c
++++ b/source3/smbd/nttrans.c
+@@ -537,7 +537,7 @@ void reply_ntcreate_and_X(struct smb_request *req)
+                               req->flags2 & FLAGS2_DFS_PATHNAMES,
+                               fname,
+                               (create_disposition == FILE_CREATE)
+-                                      ? UCF_CREATING_FILE : 0,
++                                ? UCF_PREP_CREATEFILE : 0,
+                               NULL,
+                               &smb_fname);
+@@ -1167,7 +116