[Pkg-samba-maint] Bug#870005: stretch-pu: package samba/2:4.5.12+dfsg-1
Mathieu Parent
sathieu at debian.org
Fri Jul 28 19:14:11 UTC 2017
Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian.org at packages.debian.org
Usertags: pu
Dear stable release team,
I want to upload the lastest revision of the 4.5 serie, with additionnal
packaging fixes.
All those changes are in sid.
As the debdiff is big, I'm also attaching a diff of the debian directory.
Regards
Mathieu Parent
-- System Information:
Debian Release: buster/sid
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 4.11.0-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=fr_FR.utf8, LC_CTYPE=fr_FR.utf8 (charmap=UTF-8), LANGUAGE=fr_FR.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
-------------- next part --------------
diff -Nru samba-4.5.8+dfsg/auth/gensec/spnego.c samba-4.5.12+dfsg/auth/gensec/spnego.c
--- samba-4.5.8+dfsg/auth/gensec/spnego.c 2016-09-13 10:21:35.000000000 +0200
+++ samba-4.5.12+dfsg/auth/gensec/spnego.c 2017-07-12 08:39:24.000000000 +0200
@@ -366,7 +366,7 @@
return nt_status;
}
nt_status = gensec_update_ev(spnego_state->sub_sec_security,
- ev, out_mem_ctx, in, out);
+ out_mem_ctx, ev, in, out);
return nt_status;
}
DEBUG(1, ("Failed to parse SPNEGO request\n"));
@@ -756,8 +756,8 @@
switch (spnego_state->state_position) {
case SPNEGO_FALLBACK:
- return gensec_update_ev(spnego_state->sub_sec_security, ev,
- out_mem_ctx, in, out);
+ return gensec_update_ev(spnego_state->sub_sec_security,
+ out_mem_ctx, ev, in, out);
case SPNEGO_SERVER_START:
{
NTSTATUS nt_status;
diff -Nru samba-4.5.8+dfsg/auth/ntlmssp/ntlmssp_util.c samba-4.5.12+dfsg/auth/ntlmssp/ntlmssp_util.c
--- samba-4.5.8+dfsg/auth/ntlmssp/ntlmssp_util.c 2016-08-11 09:51:04.000000000 +0200
+++ samba-4.5.12+dfsg/auth/ntlmssp/ntlmssp_util.c 2017-07-12 08:39:24.000000000 +0200
@@ -75,6 +75,27 @@
{
uint32_t missing_flags = ntlmssp_state->required_flags;
+ if (ntlmssp_state->use_ntlmv2) {
+ /*
+ * Using NTLMv2 as a client implies
+ * using NTLMSSP_NEGOTIATE_NTLM2
+ * (NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY)
+ *
+ * Note that 'use_ntlmv2' is only set
+ * true in the client case.
+ *
+ * Even if the server has a bug and does not announce
+ * it, we need to assume it's present.
+ *
+ * Note that we also have the flag
+ * in ntlmssp_state->required_flags,
+ * see gensec_ntlmssp_client_start().
+ *
+ * See bug #12862.
+ */
+ flags |= NTLMSSP_NEGOTIATE_NTLM2;
+ }
+
if (flags & NTLMSSP_NEGOTIATE_UNICODE) {
ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_UNICODE;
ntlmssp_state->neg_flags &= ~NTLMSSP_NEGOTIATE_OEM;
diff -Nru samba-4.5.8+dfsg/buildtools/wafsamba/samba_bundled.py samba-4.5.12+dfsg/buildtools/wafsamba/samba_bundled.py
--- samba-4.5.8+dfsg/buildtools/wafsamba/samba_bundled.py 2016-08-11 09:51:04.000000000 +0200
+++ samba-4.5.12+dfsg/buildtools/wafsamba/samba_bundled.py 2017-07-12 08:39:24.000000000 +0200
@@ -110,6 +110,7 @@
@conf
def CHECK_BUNDLED_SYSTEM_PKG(conf, libname, minversion='0.0.0',
+ maxversion=None, version_blacklist=[],
onlyif=None, implied_deps=None, pkg=None):
'''check if a library is available as a system library.
@@ -117,12 +118,15 @@
'''
return conf.CHECK_BUNDLED_SYSTEM(libname,
minversion=minversion,
+ maxversion=maxversion,
+ version_blacklist=version_blacklist,
onlyif=onlyif,
implied_deps=implied_deps,
pkg=pkg)
@conf
def CHECK_BUNDLED_SYSTEM(conf, libname, minversion='0.0.0',
+ maxversion=None, version_blacklist=[],
checkfunctions=None, headers=None, checkcode=None,
onlyif=None, implied_deps=None,
require_headers=True, pkg=None, set_target=True):
@@ -181,16 +185,29 @@
minversion = minimum_library_version(conf, libname, minversion)
msg = 'Checking for system %s' % libname
+ msg_ver = []
if minversion != '0.0.0':
- msg += ' >= %s' % minversion
+ msg_ver.append('>=%s' % minversion)
+ if maxversion is not None:
+ msg_ver.append('<=%s' % maxversion)
+ for v in version_blacklist:
+ msg_ver.append('!=%s' % v)
+ if msg_ver != []:
+ msg += " (%s)" % (" ".join(msg_ver))
uselib_store=libname.upper()
if pkg is None:
pkg = libname
+ version_checks = '%s >= %s' % (pkg, minversion)
+ if maxversion is not None:
+ version_checks += ' %s <= %s' % (pkg, maxversion)
+ for v in version_blacklist:
+ version_checks += ' %s != %s' % (pkg, v)
+
# try pkgconfig first
if (conf.CHECK_CFG(package=pkg,
- args='"%s >= %s" --cflags --libs' % (pkg, minversion),
+ args='"%s" --cflags --libs' % (version_checks),
msg=msg, uselib_store=uselib_store) and
check_functions_headers_code()):
if set_target:
diff -Nru samba-4.5.8+dfsg/ctdb/config/events.d/60.nfs samba-4.5.12+dfsg/ctdb/config/events.d/60.nfs
--- samba-4.5.8+dfsg/ctdb/config/events.d/60.nfs 2016-08-11 09:51:04.000000000 +0200
+++ samba-4.5.12+dfsg/ctdb/config/events.d/60.nfs 2017-07-12 08:39:24.000000000 +0200
@@ -258,20 +258,20 @@
case "$1" in
startup)
- nfs_callout "$@"
+ nfs_callout "$@" || exit $?
;;
shutdown)
- nfs_callout "$@"
+ nfs_callout "$@" || exit $?
;;
takeip)
- nfs_callout "$@"
+ nfs_callout "$@" || exit $?
ctdb_service_set_reconfigure
;;
releaseip)
- nfs_callout "$@"
+ nfs_callout "$@" || exit $?
ctdb_service_set_reconfigure
;;
diff -Nru samba-4.5.8+dfsg/ctdb/config/functions samba-4.5.12+dfsg/ctdb/config/functions
--- samba-4.5.8+dfsg/ctdb/config/functions 2016-08-11 09:51:04.000000000 +0200
+++ samba-4.5.12+dfsg/ctdb/config/functions 2017-07-12 08:39:24.000000000 +0200
@@ -150,7 +150,7 @@
*)
# Handle all syslog:* variants here too. There's no tool to do
# the lossy things, so just use logger.
- logger -t "ctdbd: ${_tag}" "$*"
+ logger -t "ctdbd: ${_tag}" "$@"
;;
esac
}
diff -Nru samba-4.5.8+dfsg/ctdb/doc/ctdb.1 samba-4.5.12+dfsg/ctdb/doc/ctdb.1
--- samba-4.5.8+dfsg/ctdb/doc/ctdb.1 2017-01-30 11:15:39.000000000 +0100
+++ samba-4.5.12+dfsg/ctdb/doc/ctdb.1 2017-07-12 11:24:02.000000000 +0200
@@ -2,12 +2,12 @@
.\" Title: ctdb
.\" Author:
.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\" Date: 01/30/2017
+.\" Date: 07/12/2017
.\" Manual: CTDB - clustered TDB database
.\" Source: ctdb
.\" Language: English
.\"
-.TH "CTDB" "1" "01/30/2017" "ctdb" "CTDB \- clustered TDB database"
+.TH "CTDB" "1" "07/12/2017" "ctdb" "CTDB \- clustered TDB database"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
@@ -64,9 +64,9 @@
.RE
.SH "OPTIONS"
.PP
-\-n \fIPNN\-LIST\fR
+\-n \fIPNN\fR
.RS 4
-The nodes specified by PNN\-LIST should be queried for the requested information\&. Default is to query the daemon running on the local host\&.
+The node specified by PNN should be queried for the requested information\&. Default is to query the daemon running on the local host\&.
.RE
.PP
\-Y
diff -Nru samba-4.5.8+dfsg/ctdb/doc/ctdb.1.html samba-4.5.12+dfsg/ctdb/doc/ctdb.1.html
--- samba-4.5.8+dfsg/ctdb/doc/ctdb.1.html 2017-01-30 11:15:40.000000000 +0100
+++ samba-4.5.12+dfsg/ctdb/doc/ctdb.1.html 2017-07-12 11:24:02.000000000 +0200
@@ -1,4 +1,4 @@
-<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>ctdb</title><meta name="generator" content="DocBook XSL Stylesheets V1.78.1"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry"><a name="ctdb.1"></a><div class="titlepage"></div><div class="refnamediv"><h2>Name</h2><p>ctdb — CTDB management utility</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><code class="command">ctdb</code> [<em class="replaceable"><code>OPTION</code></em>...] {<em class="replaceable"><code>COMMAND</code></em>} [<em class="replaceable"><code>COMMAND-ARGS</code></em>]</p></div></div><div class="refsect1"><a name="idp52620960"></a><h2>DESCRIPTION</h2><p>
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>ctdb</title><meta name="generator" content="DocBook XSL Stylesheets V1.78.1"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry"><a name="ctdb.1"></a><div class="titlepage"></div><div class="refnamediv"><h2>Name</h2><p>ctdb — CTDB management utility</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><code class="command">ctdb</code> [<em class="replaceable"><code>OPTION</code></em>...] {<em class="replaceable"><code>COMMAND</code></em>} [<em class="replaceable"><code>COMMAND-ARGS</code></em>]</p></div></div><div class="refsect1"><a name="idp54006112"></a><h2>DESCRIPTION</h2><p>
ctdb is a utility to view and manage a CTDB cluster.
</p><p>
The following terms are used when referring to nodes in a
@@ -21,8 +21,8 @@
A space separated list of at least one
<em class="parameter"><code>DB</code></em>.
</p></dd></dl></div><p>
- </p></div><div class="refsect1"><a name="idp53501536"></a><h2>OPTIONS</h2><div class="variablelist"><dl class="variablelist"><dt><span class="term">-n <em class="parameter"><code>PNN-LIST</code></em></span></dt><dd><p>
- The nodes specified by PNN-LIST should be queried for the
+ </p></div><div class="refsect1"><a name="idp51038000"></a><h2>OPTIONS</h2><div class="variablelist"><dl class="variablelist"><dt><span class="term">-n <em class="parameter"><code>PNN</code></em></span></dt><dd><p>
+ The node specified by PNN should be queried for the
requested information. Default is to query the daemon
running on the local host.
</p></dd><dt><span class="term">-Y</span></dt><dd><p>
@@ -59,21 +59,21 @@
socket to use when connecting to the local CTDB
daemon. The default is
<code class="filename">/usr/local/var/run/ctdb/ctdbd.socket</code>.
- </p></dd></dl></div></div><div class="refsect1"><a name="idp48976048"></a><h2>ADMINISTRATIVE COMMANDS</h2><p>
+ </p></dd></dl></div></div><div class="refsect1"><a name="idp50871056"></a><h2>ADMINISTRATIVE COMMANDS</h2><p>
These are commands used to monitor and administer a CTDB cluster.
- </p><div class="refsect2"><a name="idp48977104"></a><h3>pnn</h3><p>
+ </p><div class="refsect2"><a name="idp50872208"></a><h3>pnn</h3><p>
This command displays the PNN of the current node.
- </p></div><div class="refsect2"><a name="idp48978256"></a><h3>status</h3><p>
+ </p></div><div class="refsect2"><a name="idp50873408"></a><h3>status</h3><p>
This command shows the current status of all CTDB nodes based
on information from the queried node.
</p><p>
Note: If the the queried node is INACTIVE then the status
might not be current.
- </p><div class="refsect3"><a name="idp48979936"></a><h4>Node status</h4><p>
+ </p><div class="refsect3"><a name="idp50875088"></a><h4>Node status</h4><p>
This includes the number of physical nodes and the status of
each node. See <span class="citerefentry"><span class="refentrytitle">ctdb</span>(7)</span> for information
about node states.
- </p></div><div class="refsect3"><a name="idp48982192"></a><h4>Generation</h4><p>
+ </p></div><div class="refsect3"><a name="idp50877344"></a><h4>Generation</h4><p>
The generation id is a number that indicates the current generation
of a cluster instance. Each time a cluster goes through a
reconfiguration or a recovery its generation id will be changed.
@@ -94,13 +94,13 @@
All nodes start with generation "INVALID" and are not assigned a real
generation id until they have successfully been merged with a cluster
through a recovery.
- </p></div><div class="refsect3"><a name="idp48990416"></a><h4>Virtual Node Number (VNN) map</h4><p>
+ </p></div><div class="refsect3"><a name="idp50885744"></a><h4>Virtual Node Number (VNN) map</h4><p>
Consists of the number of virtual nodes and mapping from
virtual node numbers to physical node numbers. Virtual
nodes host CTDB databases. Only nodes that are
participating in the VNN map can become lmaster or dmaster
for database records.
- </p></div><div class="refsect3"><a name="idp48991840"></a><h4>Recovery mode</h4><p>
+ </p></div><div class="refsect3"><a name="idp50887216"></a><h4>Recovery mode</h4><p>
This is the current recovery mode of the cluster. There are two possible modes:
</p><p>
NORMAL - The cluster is fully operational.
@@ -120,13 +120,13 @@
databases have been recovered, the node mode will change into
NORMAL mode and the databases will be "thawed", allowing samba
to access the databases again.
- </p></div><div class="refsect3"><a name="idp48995744"></a><h4>Recovery master</h4><p>
+ </p></div><div class="refsect3"><a name="idp50891120"></a><h4>Recovery master</h4><p>
This is the cluster node that is currently designated as the recovery master. This node is responsible of monitoring the consistency of the cluster and to perform the actual recovery process when reqired.
</p><p>
Only one node at a time can be the designated recovery master. Which
node is designated the recovery master is decided by an election
process in the recovery daemons running on each node.
- </p></div><div class="refsect3"><a name="idp48997744"></a><h4>Example</h4><pre class="screen">
+ </p></div><div class="refsect3"><a name="idp50893120"></a><h4>Example</h4><pre class="screen">
# ctdb status
Number of nodes:4
pnn:0 192.168.2.200 OK (THIS NODE)
@@ -141,7 +141,7 @@
hash:3 lmaster:3
Recovery mode:NORMAL (0)
Recovery master:0
- </pre></div></div><div class="refsect2"><a name="idp48999648"></a><h3>nodestatus [<span class="optional"><em class="parameter"><code>PNN-LIST</code></em></span>]</h3><p>
+ </pre></div></div><div class="refsect2"><a name="idp50895024"></a><h3>nodestatus [<span class="optional"><em class="parameter"><code>PNN-LIST</code></em></span>]</h3><p>
This command is similar to the <span class="command"><strong>status</strong></span>
command. It displays the "node status" subset of output. The
main differences are:
@@ -159,7 +159,7 @@
A common invocation in scripts is <span class="command"><strong>ctdb nodestatus
all</strong></span> to check whether all nodes in a cluster are
healthy.
- </p><div class="refsect3"><a name="idp49007648"></a><h4>Example</h4><pre class="screen">
+ </p><div class="refsect3"><a name="idp50902976"></a><h4>Example</h4><pre class="screen">
# ctdb nodestatus
pnn:0 10.0.0.30 OK (THIS NODE)
@@ -167,28 +167,28 @@
Number of nodes:2
pnn:0 10.0.0.30 OK (THIS NODE)
pnn:1 10.0.0.31 OK
- </pre></div></div><div class="refsect2"><a name="idp49009408"></a><h3>recmaster</h3><p>
+ </pre></div></div><div class="refsect2"><a name="idp50904736"></a><h3>recmaster</h3><p>
This command shows the pnn of the node which is currently the recmaster.
</p><p>
Note: If the the queried node is INACTIVE then the status
might not be current.
- </p></div><div class="refsect2"><a name="idp49011184"></a><h3>uptime</h3><p>
+ </p></div><div class="refsect2"><a name="idp50906512"></a><h3>uptime</h3><p>
This command shows the uptime for the ctdb daemon. When the last recovery or ip-failover completed and how long it took. If the "duration" is shown as a negative number, this indicates that there is a recovery/failover in progress and it started that many seconds ago.
- </p><div class="refsect3"><a name="idp49012528"></a><h4>Example</h4><pre class="screen">
+ </p><div class="refsect3"><a name="idp50907856"></a><h4>Example</h4><pre class="screen">
# ctdb uptime
Current time of node : Thu Oct 29 10:38:54 2009
Ctdbd start time : (000 16:54:28) Wed Oct 28 17:44:26 2009
Time of last recovery/failover: (000 16:53:31) Wed Oct 28 17:45:23 2009
Duration of last recovery/failover: 2.248552 seconds
- </pre></div></div><div class="refsect2"><a name="idp54631088"></a><h3>listnodes</h3><p>
+ </pre></div></div><div class="refsect2"><a name="idp56380832"></a><h3>listnodes</h3><p>
This command shows lists the ip addresses of all the nodes in the cluster.
- </p><div class="refsect3"><a name="idp54632208"></a><h4>Example</h4><pre class="screen">
+ </p><div class="refsect3"><a name="idp56381952"></a><h4>Example</h4><pre class="screen">
# ctdb listnodes
192.168.2.200
192.168.2.201
192.168.2.202
192.168.2.203
- </pre></div></div><div class="refsect2"><a name="idp54633824"></a><h3>natgw {master|list|status}</h3><p>
+ </pre></div></div><div class="refsect2"><a name="idp56383568"></a><h3>natgw {master|list|status}</h3><p>
This command shows different aspects of NAT gateway status.
For an overview of CTDB's NAT gateway functionality please see
the <em class="citetitle">NAT GATEWAY</em> section in
@@ -220,16 +220,16 @@
pnn:1 192.168.2.201 OK
pnn:2 192.168.2.202 OK
pnn:3 192.168.2.203 OK
- </pre></dd></dl></div></div><div class="refsect2"><a name="idp54644928"></a><h3>ping</h3><p>
+ </pre></dd></dl></div></div><div class="refsect2"><a name="idp56394672"></a><h3>ping</h3><p>
This command will "ping" specified CTDB nodes in the cluster
to verify that they are running.
- </p><div class="refsect3"><a name="idp54646064"></a><h4>Example</h4><pre class="screen">
+ </p><div class="refsect3"><a name="idp56395808"></a><h4>Example</h4><pre class="screen">
# ctdb ping
response from 0 time=0.000054 sec (3 clients)
- </pre></div></div><div class="refsect2"><a name="idp54647584"></a><h3>ifaces</h3><p>
+ </pre></div></div><div class="refsect2"><a name="idp56397328"></a><h3>ifaces</h3><p>
This command will display the list of network interfaces, which could
host public addresses, along with their status.
- </p><div class="refsect3"><a name="idp54648752"></a><h4>Example</h4><pre class="screen">
+ </p><div class="refsect3"><a name="idp56398496"></a><h4>Example</h4><pre class="screen">
# ctdb ifaces
Interfaces on node 0
name:eth5 link:up references:2
@@ -243,9 +243,9 @@
|eth4|0|0|
|eth3|1|1|
|eth2|1|1|
- </pre></div></div><div class="refsect2"><a name="idp54650544"></a><h3>ip</h3><p>
+ </pre></div></div><div class="refsect2"><a name="idp56400288"></a><h3>ip</h3><p>
This command will display the list of public addresses that are provided by the cluster and which physical node is currently serving this ip. By default this command will ONLY show those public addresses that are known to the node itself. To see the full list of all public ips across the cluster you must use "ctdb ip all".
- </p><div class="refsect3"><a name="idp54651920"></a><h4>Example</h4><pre class="screen">
+ </p><div class="refsect3"><a name="idp56401664"></a><h4>Example</h4><pre class="screen">
# ctdb ip -v
Public IPs on node 0
172.31.91.82 node[1] active[] available[eth2,eth3] configured[eth2,eth3]
@@ -267,9 +267,9 @@
|172.31.92.83|0|eth5|eth5|eth4,eth5|
|172.31.92.84|1||eth5|eth4,eth5|
|172.31.92.85|0|eth5|eth5|eth4,eth5|
- </pre></div></div><div class="refsect2"><a name="idp54654464"></a><h3>ipinfo <em class="parameter"><code>IP</code></em></h3><p>
+ </pre></div></div><div class="refsect2"><a name="idp56404208"></a><h3>ipinfo <em class="parameter"><code>IP</code></em></h3><p>
This command will display details about the specified public addresses.
- </p><div class="refsect3"><a name="idp54656080"></a><h4>Example</h4><pre class="screen">
+ </p><div class="refsect3"><a name="idp56405824"></a><h4>Example</h4><pre class="screen">
# ctdb ipinfo 172.31.92.85
Public IP[172.31.92.85] info on node 0
IP:172.31.92.85
@@ -277,9 +277,9 @@
NumInterfaces:2
Interface[1]: Name:eth4 Link:down References:0
Interface[2]: Name:eth5 Link:up References:2 (active)
- </pre></div></div><div class="refsect2"><a name="idp54657824"></a><h3>scriptstatus</h3><p>
+ </pre></div></div><div class="refsect2"><a name="idp56407568"></a><h3>scriptstatus</h3><p>
This command displays which scripts where run in the previous monitoring cycle and the result of each script. If a script failed with an error, causing the node to become unhealthy, the output from that script is also shown.
- </p><div class="refsect3"><a name="idp54659104"></a><h4>Example</h4><pre class="screen">
+ </p><div class="refsect3"><a name="idp56408848"></a><h4>Example</h4><pre class="screen">
# ctdb scriptstatus
7 scripts were executed last monitoring cycle
00.ctdb Status:OK Duration:0.056 Tue Mar 24 18:56:57 2009
@@ -291,19 +291,19 @@
41.httpd Status:OK Duration:0.039 Tue Mar 24 18:56:57 2009
50.samba Status:ERROR Duration:0.082 Tue Mar 24 18:56:57 2009
OUTPUT:ERROR: Samba tcp port 445 is not responding
- </pre></div></div><div class="refsect2"><a name="idp54661328"></a><h3>disablescript <em class="parameter"><code>SCRIPT</code></em></h3><p>
+ </pre></div></div><div class="refsect2"><a name="idp56411072"></a><h3>disablescript <em class="parameter"><code>SCRIPT</code></em></h3><p>
This command is used to disable an eventscript.
</p><p>
This will take effect the next time the eventscripts are being executed so it can take a short while until this is reflected in 'scriptstatus'.
- </p></div><div class="refsect2"><a name="idp54663536"></a><h3>enablescript <em class="parameter"><code>SCRIPT</code></em></h3><p>
+ </p></div><div class="refsect2"><a name="idp56413280"></a><h3>enablescript <em class="parameter"><code>SCRIPT</code></em></h3><p>
This command is used to enable an eventscript.
</p><p>
This will take effect the next time the eventscripts are being executed so it can take a short while until this is reflected in 'scriptstatus'.
- </p></div><div class="refsect2"><a name="idp54665744"></a><h3>listvars</h3><p>
+ </p></div><div class="refsect2"><a name="idp56415488"></a><h3>listvars</h3><p>
List all tuneable variables, except the values of the obsolete tunables
like VacuumMinInterval. The obsolete tunables can be retrieved only
explicitly with the "ctdb getvar" command.
- </p><div class="refsect3"><a name="idp54666976"></a><h4>Example</h4><pre class="screen">
+ </p><div class="refsect3"><a name="idp56416720"></a><h4>Example</h4><pre class="screen">
# ctdb listvars
SeqnumInterval = 1000
ControlTimeout = 60
@@ -359,16 +359,16 @@
Samba3AvoidDeadlocks = 0
TDBMutexEnabled = 0
LockProcessesPerDB = 200
- </pre></div></div><div class="refsect2"><a name="idp54671744"></a><h3>getvar <em class="parameter"><code>NAME</code></em></h3><p>
+ </pre></div></div><div class="refsect2"><a name="idp56421488"></a><h3>getvar <em class="parameter"><code>NAME</code></em></h3><p>
Get the runtime value of a tuneable variable.
- </p><div class="refsect3"><a name="idp54673264"></a><h4>Example</h4><pre class="screen">
+ </p><div class="refsect3"><a name="idp56423008"></a><h4>Example</h4><pre class="screen">
# ctdb getvar MonitorInterval
MonitorInterval = 15
- </pre></div></div><div class="refsect2"><a name="idp54674784"></a><h3>setvar <em class="parameter"><code>NAME</code></em> <em class="parameter"><code>VALUE</code></em></h3><p>
+ </pre></div></div><div class="refsect2"><a name="idp56424528"></a><h3>setvar <em class="parameter"><code>NAME</code></em> <em class="parameter"><code>VALUE</code></em></h3><p>
Set the runtime value of a tuneable variable.
- </p><div class="refsect3"><a name="idp54676928"></a><h4>Example</h4><pre class="screen">
+ </p><div class="refsect3"><a name="idp56426672"></a><h4>Example</h4><pre class="screen">
# ctdb setvar MonitorInterval 20
- </pre></div></div><div class="refsect2"><a name="idp54678448"></a><h3>lvs {master|list|status}</h3><p>
+ </pre></div></div><div class="refsect2"><a name="idp56428192"></a><h3>lvs {master|list|status}</h3><p>
This command shows different aspects of LVS status. For an
overview of CTDB's LVS functionality please see the
<em class="citetitle">LVS</em> section in
@@ -395,7 +395,7 @@
pnn:1 10.0.0.12 UNHEALTHY
pnn:2 10.0.0.13 OK
pnn:3 10.0.0.14 OK
- </pre></dd></dl></div></div><div class="refsect2"><a name="idp54689184"></a><h3>getcapabilities</h3><p>
+ </pre></dd></dl></div></div><div class="refsect2"><a name="idp56439088"></a><h3>getcapabilities</h3><p>
This command shows the capabilities of the current node. See
the <em class="citetitle">CAPABILITIES</em> section in
<span class="citerefentry"><span class="refentrytitle">ctdb</span>(7)</span> for more details.
@@ -404,12 +404,12 @@
</p><pre class="screen">
RECMASTER: YES
LMASTER: YES
- </pre></div><div class="refsect2"><a name="idp54692624"></a><h3>statistics</h3><p>
+ </pre></div><div class="refsect2"><a name="idp56442608"></a><h3>statistics</h3><p>
Collect statistics from the CTDB daemon about
how many calls it has served. Information about
various fields in statistics can be found in
<span class="citerefentry"><span class="refentrytitle">ctdb-statistics</span>(7)</span>.
- </p><div class="refsect3"><a name="idp54694720"></a><h4>Example</h4><pre class="screen">
+ </p><div class="refsect3"><a name="idp56444704"></a><h4>Example</h4><pre class="screen">
# ctdb statistics
CTDB version 1
Current time of statistics : Tue Mar 8 15:18:51 2016
@@ -461,15 +461,15 @@
reclock_recd MIN/AVG/MAX 0.000000/0.000000/0.000000 sec out of 0
call_latency MIN/AVG/MAX 0.000044/0.002142/0.011702 sec out of 15
childwrite_latency MIN/AVG/MAX 0.000000/0.000000/0.000000 sec out of 0
- </pre></div></div><div class="refsect2"><a name="idp54698320"></a><h3>statisticsreset</h3><p>
+ </pre></div></div><div class="refsect2"><a name="idp56448304"></a><h3>statisticsreset</h3><p>
This command is used to clear all statistics counters in a node.
</p><p>
Example: ctdb statisticsreset
- </p></div><div class="refsect2"><a name="idp54699952"></a><h3>dbstatistics <em class="parameter"><code>DB</code></em></h3><p>
+ </p></div><div class="refsect2"><a name="idp56449936"></a><h3>dbstatistics <em class="parameter"><code>DB</code></em></h3><p>
Display statistics about the database DB. Information
about various fields in dbstatistics can be found in
<span class="citerefentry"><span class="refentrytitle">ctdb-statistics</span>(7)</span>.
- </p><div class="refsect3"><a name="idp54702496"></a><h4>Example</h4><pre class="screen">
+ </p><div class="refsect3"><a name="idp56452480"></a><h4>Example</h4><pre class="screen">
# ctdb dbstatistics locking.tdb
DB Statistics: locking.tdb
ro_delegations 0
@@ -485,13 +485,13 @@
vacuum_latency MIN/AVG/MAX 0.000472/0.002207/15.243570 sec out of 224530
Num Hot Keys: 1
Count:8 Key:ff5bd7cb3ee3822edc1f0000000000000000000000000000
- </pre></div></div><div class="refsect2"><a name="idp54704688"></a><h3>getreclock</h3><p>
+ </pre></div></div><div class="refsect2"><a name="idp56454672"></a><h3>getreclock</h3><p>
Show details of the recovery lock, if any.
</p><p>
Example output:
</p><pre class="screen">
/clusterfs/.ctdb/recovery.lock
- </pre></div><div class="refsect2"><a name="idp54706848"></a><h3>getdebug</h3><p>
+ </pre></div><div class="refsect2"><a name="idp56456832"></a><h3>getdebug</h3><p>
Get the current debug level for the node. the debug level controls what information is written to the log file.
</p><p>
The debug levels are mapped to the corresponding syslog levels.
@@ -501,29 +501,29 @@
The list of debug levels from highest to lowest are :
</p><p>
ERROR WARNING NOTICE INFO DEBUG
- </p></div><div class="refsect2"><a name="idp54709488"></a><h3>setdebug <em class="parameter"><code>DEBUGLEVEL</code></em></h3><p>
+ </p></div><div class="refsect2"><a name="idp56459552"></a><h3>setdebug <em class="parameter"><code>DEBUGLEVEL</code></em></h3><p>
Set the debug level of a node. This controls what information will be logged.
</p><p>
The debuglevel is one of ERROR WARNING NOTICE INFO DEBUG
- </p></div><div class="refsect2"><a name="idp54711696"></a><h3>getpid</h3><p>
+ </p></div><div class="refsect2"><a name="idp56461760"></a><h3>getpid</h3><p>
This command will return the process id of the ctdb daemon.
- </p></div><div class="refsect2"><a name="idp54712928"></a><h3>disable</h3><p>
+ </p></div><div class="refsect2"><a name="idp56462992"></a><h3>disable</h3><p>
This command is used to administratively disable a node in the cluster.
A disabled node will still participate in the cluster and host
clustered TDB records but its public ip address has been taken over by
a different node and it no longer hosts any services.
- </p></div><div class="refsect2"><a name="idp54714368"></a><h3>enable</h3><p>
+ </p></div><div class="refsect2"><a name="idp56464432"></a><h3>enable</h3><p>
Re-enable a node that has been administratively disabled.
- </p></div><div class="refsect2"><a name="idp54715600"></a><h3>stop</h3><p>
+ </p></div><div class="refsect2"><a name="idp56465664"></a><h3>stop</h3><p>
This command is used to administratively STOP a node in the cluster.
A STOPPED node is connected to the cluster but will not host any
public ip addresse, nor does it participate in the VNNMAP.
The difference between a DISABLED node and a STOPPED node is that
a STOPPED node does not host any parts of the database which means
that a recovery is required to stop/continue nodes.
- </p></div><div class="refsect2"><a name="idp54717152"></a><h3>continue</h3><p>
+ </p></div><div class="refsect2"><a name="idp56467216"></a><h3>continue</h3><p>
Re-start a node that has been administratively stopped.
- </p></div><div class="refsect2"><a name="idp54718384"></a><h3>addip <em class="parameter"><code>IPADDR</code></em>/<em class="parameter"><code>mask</code></em> <em class="parameter"><code>IFACE</code></em></h3><p>
+ </p></div><div class="refsect2"><a name="idp56468448"></a><h3>addip <em class="parameter"><code>IPADDR</code></em>/<em class="parameter"><code>mask</code></em> <em class="parameter"><code>IFACE</code></em></h3><p>
This command is used to add a new public ip to a node
during runtime. It should be followed by a <span class="command"><strong>ctdb
ipreallocate</strong></span>. This allows public addresses to be
@@ -533,7 +533,7 @@
changes will be lost next time ctdb is restarted and the public
addresses file is re-read. If you want this change to be
permanent you must also update the public addresses file manually.
- </p></div><div class="refsect2"><a name="idp54722800"></a><h3>delip <em class="parameter"><code>IPADDR</code></em></h3><p>
+ </p></div><div class="refsect2"><a name="idp56472864"></a><h3>delip <em class="parameter"><code>IPADDR</code></em></h3><p>
This command flags IPADDR for deletion from a node at runtime.
It should be followed by a <span class="command"><strong>ctdb
ipreallocate</strong></span>. If IPADDR is currently hosted by the
@@ -546,7 +546,7 @@
public addresses file is re-read. If you want this change to
be permanent you must also update the public addresses file
manually.
- </p></div><div class="refsect2"><a name="idp54726064"></a><h3>moveip <em class="parameter"><code>IPADDR</code></em> <em class="parameter"><code>PNN</code></em></h3><p>
+ </p></div><div class="refsect2"><a name="idp56476128"></a><h3>moveip <em class="parameter"><code>IPADDR</code></em> <em class="parameter"><code>PNN</code></em></h3><p>
This command can be used to manually fail a public ip address to a
specific node.
</p><p>
@@ -557,9 +557,9 @@
DeterministicIPs = 0
</p><p>
NoIPFailback = 1
- </p></div><div class="refsect2"><a name="idp54729824"></a><h3>shutdown</h3><p>
+ </p></div><div class="refsect2"><a name="idp56479888"></a><h3>shutdown</h3><p>
This command will shutdown a specific CTDB daemon.
- </p></div><div class="refsect2"><a name="idp54731056"></a><h3>setlmasterrole on|off</h3><p>
+ </p></div><div class="refsect2"><a name="idp56481120"></a><h3>setlmasterrole on|off</h3><p>
This command is used ot enable/disable the LMASTER capability for a node at runtime. This capability determines whether or not a node can be used as an LMASTER for records in the database. A node that does not have the LMASTER capability will not show up in the vnnmap.
</p><p>
Nodes will by default have this capability, but it can be stripped off nodes by the setting in the sysconfig file or by using this command.
@@ -567,13 +567,13 @@
Once this setting has been enabled/disabled, you need to perform a recovery for it to take effect.
</p><p>
See also "ctdb getcapabilities"
- </p></div><div class="refsect2"><a name="idp54733936"></a><h3>setrecmasterrole on|off</h3><p>
+ </p></div><div class="refsect2"><a name="idp56484000"></a><h3>setrecmasterrole on|off</h3><p>
This command is used ot enable/disable the RECMASTER capability for a node at runtime. This capability determines whether or not a node can be used as an RECMASTER for the cluster. A node that does not have the RECMASTER capability can not win a recmaster election. A node that already is the recmaster for the cluster when the capability is stripped off the node will remain the recmaster until the next cluster election.
</p><p>
Nodes will by default have this capability, but it can be stripped off nodes by the setting in the sysconfig file or by using this command.
</p><p>
See also "ctdb getcapabilities"
- </p></div><div class="refsect2"><a name="idp54736464"></a><h3>reloadnodes</h3><p>
+ </p></div><div class="refsect2"><a name="idp56486528"></a><h3>reloadnodes</h3><p>
This command is used when adding new nodes, or removing
existing nodes from an existing cluster.
</p><p>
@@ -622,7 +622,7 @@
</p></li><li class="listitem"><p>
Use <span class="command"><strong>ctdb status</strong></span> on all nodes and verify
that the deleted nodes are no longer listed.
- </p></li></ol></div></div><div class="refsect2"><a name="idp54756448"></a><h3>
+ </p></li></ol></div></div><div class="refsect2"><a name="idp56506512"></a><h3>
reloadips
[<span class="optional"><em class="parameter"><code>PNN-LIST</code></em></span>]
</h3><p>
@@ -635,7 +635,7 @@
Such changes must be made in 2 steps by deleting addresses in
question and re-adding then. Unfortunately this will disrupt
connections to the changed addresses.
- </p></div><div class="refsect2"><a name="idp54759248"></a><h3>getdbmap</h3><p>
+ </p></div><div class="refsect2"><a name="idp56509312"></a><h3>getdbmap</h3><p>
This command lists all clustered TDB databases that the CTDB daemon has attached to. Some databases are flagged as PERSISTENT, this means that the database stores data persistently and the data will remain across reboots. One example of such a database is secrets.tdb where information about how the cluster was joined to the domain is stored.
</p><p>
If a PERSISTENT database is not in a healthy state the database is
@@ -649,7 +649,7 @@
and (if samba or tdb-utils are installed) "tdbtool check".
</p><p>
Most databases are not persistent and only store the state information that the currently running samba daemons need. These databases are always wiped when ctdb/samba starts and when a node is rebooted.
- </p><div class="refsect3"><a name="idp54762560"></a><h4>Example</h4><pre class="screen">
+ </p><div class="refsect3"><a name="idp56512624"></a><h4>Example</h4><pre class="screen">
# ctdb getdbmap
Number of databases:10
dbid:0x435d3410 name:notify.tdb path:/usr/local/var/lib/ctdb/notify.tdb.0
@@ -670,7 +670,7 @@
# ctdb -X getdbmap
|ID|Name|Path|Persistent|Unhealthy|
|0x7bbbd26c|passdb.tdb|/usr/local/var/lib/ctdb/persistent/passdb.tdb.0|1|0|
- </pre></div></div><div class="refsect2"><a name="idp54765312"></a><h3>
+ </pre></div></div><div class="refsect2"><a name="idp56515376"></a><h3>
backupdb
<em class="parameter"><code>DB</code></em>
<em class="parameter"><code>FILE</code></em>
@@ -679,7 +679,7 @@
read back using <span class="command"><strong>restoredb</strong></span>. This is mainly
useful for backing up persistent databases such as
<code class="filename">secrets.tdb</code> and similar.
- </p></div><div class="refsect2"><a name="idp54769136"></a><h3>
+ </p></div><div class="refsect2"><a name="idp56519200"></a><h3>
restoredb
<em class="parameter"><code>FILE</code></em>
[<span class="optional"><em class="parameter"><code>DB</code></em></span>]
@@ -689,45 +689,45 @@
be restored back into the same database as it was created
from. By specifying dbname you can restore the data into a
different database.
- </p></div><div class="refsect2"><a name="idp54771952"></a><h3>setdbreadonly <em class="parameter"><code>DB</code></em></h3><p>
+ </p></div><div class="refsect2"><a name="idp56522016"></a><h3>setdbreadonly <em class="parameter"><code>DB</code></em></h3><p>
This command will enable the read-only record support for a
database. This is an experimental feature to improve
performance for contended records primarily in locking.tdb and
brlock.tdb. When enabling this feature you must set it on all
nodes in the cluster.
- </p></div><div class="refsect2"><a name="idp54773888"></a><h3>setdbsticky <em class="parameter"><code>DB</code></em></h3><p>
+ </p></div><div class="refsect2"><a name="idp56523952"></a><h3>setdbsticky <em class="parameter"><code>DB</code></em></h3><p>
This command will enable the sticky record support for the
specified database. This is an experimental feature to
improve performance for contended records primarily in
locking.tdb and brlock.tdb. When enabling this feature you
must set it on all nodes in the cluster.
- </p></div></div><div class="refsect1"><a name="idp54775968"></a><h2>INTERNAL COMMANDS</h2><p>
+ </p></div></div><div class="refsect1"><a name="idp56526032"></a><h2>INTERNAL COMMANDS</h2><p>
Internal commands are used by CTDB's scripts and are not
required for managing a CTDB cluster. Their parameters and
behaviour are subject to change.
- </p><div class="refsect2"><a name="idp54777184"></a><h3>gettickles <em class="parameter"><code>IPADDR</code></em></h3><p>
+ </p><div class="refsect2"><a name="idp56527248"></a><h3>gettickles <em class="parameter"><code>IPADDR</code></em></h3><p>
Show TCP connections that are registered with CTDB to be
"tickled" if there is a failover.
- </p></div><div class="refsect2"><a name="idp54778944"></a><h3>gratarp <em class="parameter"><code>IPADDR</code></em> <em class="parameter"><code>INTERFACE</code></em></h3><p>
+ </p></div><div class="refsect2"><a name="idp56529008"></a><h3>gratarp <em class="parameter"><code>IPADDR</code></em> <em class="parameter"><code>INTERFACE</code></em></h3><p>
Send out a gratuitous ARP for the specified interface through
the specified interface. This command is mainly used by the
ctdb eventscripts.
- </p></div><div class="refsect2"><a name="idp54781376"></a><h3>
+ </p></div><div class="refsect2"><a name="idp56531440"></a><h3>
pdelete <em class="parameter"><code>DB</code></em> <em class="parameter"><code>KEY</code></em>
</h3><p>
Delete KEY from DB.
- </p></div><div class="refsect2"><a name="idp54783776"></a><h3>
+ </p></div><div class="refsect2"><a name="idp56533840"></a><h3>
pfetch <em class="parameter"><code>DB</code></em> <em class="parameter"><code>KEY</code></em>
</h3><p>
Print the value associated with KEY in DB.
- </p></div><div class="refsect2"><a name="idp54786176"></a><h3>
+ </p></div><div class="refsect2"><a name="idp56536240"></a><h3>
pstore
<em class="parameter"><code>DB</code></em>
<em class="parameter"><code>KEY</code></em>
<em class="parameter"><code>FILE</code></em>
</h3><p>
Store KEY in DB with contents of FILE as the associated value.
- </p></div><div class="refsect2"><a name="idp54789280"></a><h3>
+ </p></div><div class="refsect2"><a name="idp56539344"></a><h3>
ptrans
<em class="parameter"><code>DB</code></em>
[<span class="optional"><em class="parameter"><code>FILE</code></em></span>]
@@ -739,7 +739,7 @@
The key and value should be separated by spaces or tabs. Each
key/value should be a printable string enclosed in
double-quotes.
- </p></div><div class="refsect2"><a name="idp54792544"></a><h3>runstate [setup|first_recovery|startup|running]</h3><p>
+ </p></div><div class="refsect2"><a name="idp56542608"></a><h3>runstate [setup|first_recovery|startup|running]</h3><p>
Print the runstate of the specified node. Runstates are used
to serialise important state transitions in CTDB, particularly
during startup.
@@ -747,16 +747,16 @@
If one or more optional runstate arguments are specified then
the node must be in one of these runstates for the command to
succeed.
- </p><div class="refsect3"><a name="idp54794272"></a><h4>Example</h4><pre class="screen">
+ </p><div class="refsect3"><a name="idp56544336"></a><h4>Example</h4><pre class="screen">
# ctdb runstate
RUNNING
- </pre></div></div><div class="refsect2"><a name="idp54795792"></a><h3>setifacelink <em class="parameter"><code>IFACE</code></em> up|down</h3><p>
+ </pre></div></div><div class="refsect2"><a name="idp56545856"></a><h3>setifacelink <em class="parameter"><code>IFACE</code></em> up|down</h3><p>
Set the internal state of network interface IFACE. This is
typically used in the <code class="filename">10.interface</code> script
in the "monitor" event.
</p><p>
Example: ctdb setifacelink eth0 up
- </p></div><div class="refsect2"><a name="idp54798672"></a><h3>tickle</h3><p>
+ </p></div><div class="refsect2"><a name="idp56548736"></a><h3>tickle</h3><p>
Read a list of TCP connections, one per line, from standard
input and send a TCP tickle to the source host for each
connection. A connection is specified as:
@@ -776,12 +776,12 @@
TCP connection has been disrupted and that the client will need
to reestablish. This greatly speeds up the time it takes for a client
to detect and reestablish after an IP failover in the ctdb cluster.
- </p></div><div class="refsect2"><a name="idp54804992"></a><h3>version</h3><p>
+ </p></div><div class="refsect2"><a name="idp56555056"></a><h3>version</h3><p>
Display the CTDB version.
- </p></div></div><div class="refsect1"><a name="idp54806272"></a><h2>DEBUGGING COMMANDS</h2><p>
+ </p></div></div><div class="refsect1"><a name="idp56556336"></a><h2>DEBUGGING COMMANDS</h2><p>
These commands are primarily used for CTDB development and testing and
should not be used for normal administration.
- </p><div class="refsect2"><a name="idp54807440"></a><h3>OPTIONS</h3><div class="variablelist"><dl class="variablelist"><dt><span class="term">--print-emptyrecords</span></dt><dd><p>
+ </p><div class="refsect2"><a name="idp56557504"></a><h3>OPTIONS</h3><div class="variablelist"><dl class="variablelist"><dt><span class="term">--print-emptyrecords</span></dt><dd><p>
This enables printing of empty records when dumping databases
with the catdb, cattbd and dumpdbbackup commands. Records with
empty data segment are considered deleted by ctdb and cleaned
@@ -799,11 +799,11 @@
This lets catdb and dumpdbbackup print the
record flags for each record. Note that cattdb always
prints the flags.
- </p></dd></dl></div></div><div class="refsect2"><a name="idp54816464"></a><h3>process-exists <em class="parameter"><code>PID</code></em></h3><p>
+ </p></dd></dl></div></div><div class="refsect2"><a name="idp56566528"></a><h3>process-exists <em class="parameter"><code>PID</code></em></h3><p>
This command checks if a specific process exists on the CTDB host. This is mainly used by Samba to check if remote instances of samba are still running or not.
- </p></div><div class="refsect2"><a name="idp54818304"></a><h3>getdbstatus <em class="parameter"><code>DB</code></em></h3><p>
+ </p></div><div class="refsect2"><a name="idp56568368"></a><h3>getdbstatus <em class="parameter"><code>DB</code></em></h3><p>
This command displays more details about a database.
- </p><div class="refsect3"><a name="idp54819904"></a><h4>Example</h4><pre class="screen">
+ </p><div class="refsect3"><a name="idp56569968"></a><h4>Example</h4><pre class="screen">
# ctdb getdbstatus test.tdb.0
dbid: 0x122224da
name: test.tdb
@@ -817,28 +817,28 @@
path: /usr/local/var/lib/ctdb/persistent/registry.tdb.0
PERSISTENT: yes
HEALTH: NO-HEALTHY-NODES - ERROR - Backup of corrupted TDB in '/usr/local/var/lib/ctdb/persistent/registry.tdb.0.corrupted.20091208091949.0Z'
- </pre></div></div><div class="refsect2"><a name="idp54821872"></a><h3>catdb <em class="parameter"><code>DB</code></em></h3><p>
+ </pre></div></div><div class="refsect2"><a name="idp56571936"></a><h3>catdb <em class="parameter"><code>DB</code></em></h3><p>
Print a dump of the clustered TDB database DB.
- </p></div><div class="refsect2"><a name="idp54823520"></a><h3>cattdb <em class="parameter"><code>DB</code></em></h3><p>
+ </p></div><div class="refsect2"><a name="idp56573584"></a><h3>cattdb <em class="parameter"><code>DB</code></em></h3><p>
Print a dump of the contents of the local TDB database DB.
- </p></div><div class="refsect2"><a name="idp54825248"></a><h3>dumpdbbackup <em class="parameter"><code>FILE</code></em></h3><p>
+ </p></div><div class="refsect2"><a name="idp56575312"></a><h3>dumpdbbackup <em class="parameter"><code>FILE</code></em></h3><p>
Print a dump of the contents from database backup FILE,
similar to <span class="command"><strong>catdb</strong></span>.
- </p></div><div class="refsect2"><a name="idp54827600"></a><h3>wipedb <em class="parameter"><code>DB</code></em></h3><p>
+ </p></div><div class="refsect2"><a name="idp56577664"></a><h3>wipedb <em class="parameter"><code>DB</code></em></h3><p>
Remove all contents of database DB.
- </p></div><div class="refsect2"><a name="idp54829248"></a><h3>recover</h3><p>
+ </p></div><div class="refsect2"><a name="idp56579312"></a><h3>recover</h3><p>
This command will trigger the recovery daemon to do a cluster
recovery.
- </p></div><div class="refsect2"><a name="idp54830496"></a><h3>ipreallocate, sync</h3><p>
+ </p></div><div class="refsect2"><a name="idp56580560"></a><h3>ipreallocate, sync</h3><p>
This command will force the recovery master to perform a full ip reallocation process and redistribute all ip addresses. This is useful to "reset" the allocations back to its default state if they have been changed using the "moveip" command. While a "recover" will also perform this reallocation, a recovery is much more hevyweight since it will also rebuild all the databases.
- </p></div><div class="refsect2"><a name="idp54832048"></a><h3>getmonmode</h3><p>
+ </p></div><div class="refsect2"><a name="idp56582112"></a><h3>getmonmode</h3><p>
This command prints the monitoring mode of a node. This
indicates when CTDB is monitoring services on the node. The
monitoring mode is either ENABLED or DISABLED.
- </p></div><div class="refsect2"><a name="idp54833392"></a><h3>attach <em class="parameter"><code>DBNAME</code></em> [persistent]</h3><p>
+ </p></div><div class="refsect2"><a name="idp56583456"></a><h3>attach <em class="parameter"><code>DBNAME</code></em> [persistent]</h3><p>
Create a new CTDB database called DBNAME and attach to it on
all nodes.
- </p></div><div class="refsect2"><a name="idp54835264"></a><h3>detach <em class="parameter"><code>DB-LIST</code></em></h3><p>
+ </p></div><div class="refsect2"><a name="idp56585328"></a><h3>detach <em class="parameter"><code>DB-LIST</code></em></h3><p>
Detach specified non-persistent database(s) from the cluster. This
command will disconnect specified database(s) on all nodes in
the cluster. This command should only be used when none of the
@@ -846,16 +846,16 @@
</p><p>
All nodes should be active and tunable AllowClientDBAccess should
be disabled on all nodes before detaching databases.
- </p></div><div class="refsect2"><a name="idp54837696"></a><h3>dumpmemory</h3><p>
+ </p></div><div class="refsect2"><a name="idp56587760"></a><h3>dumpmemory</h3><p>
This is a debugging command. This command will make the ctdb
daemon to write a fill memory allocation map to standard output.
- </p></div><div class="refsect2"><a name="idp54838992"></a><h3>rddumpmemory</h3><p>
+ </p></div><div class="refsect2"><a name="idp56589056"></a><h3>rddumpmemory</h3><p>
This is a debugging command. This command will dump the talloc memory
allocation tree for the recovery daemon to standard output.
- </p></div><div class="refsect2"><a name="idp54840304"></a><h3>eventscript <em class="parameter"><code>ARGUMENTS</code></em></h3><p>
+ </p></div><div class="refsect2"><a name="idp56590368"></a><h3>eventscript <em class="parameter"><code>ARGUMENTS</code></em></h3><p>
This is a debugging command. This command can be used to manually
invoke and run the eventscritps with arbitrary arguments.
- </p></div><div class="refsect2"><a name="idp54842096"></a><h3>ban <em class="parameter"><code>BANTIME</code></em></h3><p>
+ </p></div><div class="refsect2"><a name="idp56592160"></a><h3>ban <em class="parameter"><code>BANTIME</code></em></h3><p>
Administratively ban a node for BANTIME seconds. The node
will be unbanned after BANTIME seconds have elapsed.
</p><p>
@@ -869,21 +869,21 @@
</p><p>
To administratively exclude a node from a cluster use the
<span class="command"><strong>stop</strong></span> command.
- </p></div><div class="refsect2"><a name="idp54846080"></a><h3>unban</h3><p>
+ </p></div><div class="refsect2"><a name="idp56596144"></a><h3>unban</h3><p>
This command is used to unban a node that has either been
administratively banned using the ban command or has been
automatically banned.
- </p></div><div class="refsect2"><a name="idp54847392"></a><h3>check_srvids <em class="parameter"><code>SRVID</code></em> ...</h3><p>
+ </p></div><div class="refsect2"><a name="idp56597456"></a><h3>check_srvids <em class="parameter"><code>SRVID</code></em> ...</h3><p>
This command checks whether a set of srvid message ports are
registered on the node or not. The command takes a list of
values to check.
- </p><div class="refsect3"><a name="idp54849200"></a><h4>Example</h4><pre class="screen">
+ </p><div class="refsect3"><a name="idp56599264"></a><h4>Example</h4><pre class="screen">
# ctdb check_srvids 1 2 3 14765
Server id 0:1 does not exist
Server id 0:2 does not exist
Server id 0:3 does not exist
Server id 0:14765 exists
- </pre></div></div></div><div class="refsect1"><a name="idp54851584"></a><h2>SEE ALSO</h2><p>
+ </pre></div></div></div><div class="refsect1"><a name="idp56601648"></a><h2>SEE ALSO</h2><p>
<span class="citerefentry"><span class="refentrytitle">ctdbd</span>(1)</span>,
<span class="citerefentry"><span class="refentrytitle">onnode</span>(1)</span>,
diff -Nru samba-4.5.8+dfsg/ctdb/doc/ctdb.1.xml samba-4.5.12+dfsg/ctdb/doc/ctdb.1.xml
--- samba-4.5.8+dfsg/ctdb/doc/ctdb.1.xml 2017-01-30 10:56:26.000000000 +0100
+++ samba-4.5.12+dfsg/ctdb/doc/ctdb.1.xml 2017-06-19 15:18:24.000000000 +0200
@@ -123,10 +123,10 @@
<title>OPTIONS</title>
<variablelist>
- <varlistentry><term>-n <parameter>PNN-LIST</parameter></term>
+ <varlistentry><term>-n <parameter>PNN</parameter></term>
<listitem>
<para>
- The nodes specified by PNN-LIST should be queried for the
+ The node specified by PNN should be queried for the
requested information. Default is to query the daemon
running on the local host.
</para>
diff -Nru samba-4.5.8+dfsg/ctdb/doc/ctdb.7 samba-4.5.12+dfsg/ctdb/doc/ctdb.7
--- samba-4.5.8+dfsg/ctdb/doc/ctdb.7 2016-10-24 21:44:56.000000000 +0200
+++ samba-4.5.12+dfsg/ctdb/doc/ctdb.7 2016-07-28 14:05:07.000000000 +0200
@@ -2,12 +2,12 @@
.\" Title: ctdb
.\" Author:
.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\" Date: 10/24/2016
+.\" Date: 07/28/2016
.\" Manual: CTDB - clustered TDB database
.\" Source: ctdb
.\" Language: English
.\"
-.TH "CTDB" "7" "10/24/2016" "ctdb" "CTDB \- clustered TDB database"
+.TH "CTDB" "7" "07/28/2016" "ctdb" "CTDB \- clustered TDB database"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -Nru samba-4.5.8+dfsg/ctdb/doc/ctdb.7.html samba-4.5.12+dfsg/ctdb/doc/ctdb.7.html
--- samba-4.5.8+dfsg/ctdb/doc/ctdb.7.html 2016-10-24 21:44:56.000000000 +0200
+++ samba-4.5.12+dfsg/ctdb/doc/ctdb.7.html 2016-07-28 14:05:08.000000000 +0200
@@ -1,4 +1,4 @@
-<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>ctdb</title><meta name="generator" content="DocBook XSL Stylesheets V1.78.1"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry"><a name="ctdb.7"></a><div class="titlepage"></div><div class="refnamediv"><h2>Name</h2><p>ctdb — Clustered TDB</p></div><div class="refsect1"><a name="idp52307040"></a><h2>DESCRIPTION</h2><p>
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>ctdb</title><meta name="generator" content="DocBook XSL Stylesheets V1.78.1"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry"><a name="ctdb.7"></a><div class="titlepage"></div><div class="refnamediv"><h2>Name</h2><p>ctdb — Clustered TDB</p></div><div class="refsect1"><a name="idp51821952"></a><h2>DESCRIPTION</h2><p>
CTDB is a clustered database component in clustered Samba that
provides a high-availability load-sharing CIFS server cluster.
</p><p>
@@ -16,7 +16,7 @@
Combined with a cluster filesystem CTDB provides a full
high-availablity (HA) environment for services such as clustered
Samba, NFS and other services.
- </p></div><div class="refsect1"><a name="idp53832720"></a><h2>ANATOMY OF A CTDB CLUSTER</h2><p>
+ </p></div><div class="refsect1"><a name="idp50722832"></a><h2>ANATOMY OF A CTDB CLUSTER</h2><p>
A CTDB cluster is a collection of nodes with 2 or more network
interfaces. All nodes provide network (usually file/NAS) services
to clients. Data served by file services is stored on shared
@@ -25,7 +25,7 @@
</p><p>
CTDB provides an "all active" cluster, where services are load
balanced across all nodes.
- </p></div><div class="refsect1"><a name="idp52095024"></a><h2>Recovery Lock</h2><p>
+ </p></div><div class="refsect1"><a name="idp50157376"></a><h2>Recovery Lock</h2><p>
CTDB uses a <span class="emphasis"><em>recovery lock</em></span> to avoid a
<span class="emphasis"><em>split brain</em></span>, where a cluster becomes
partitioned and each partition attempts to operate
@@ -72,7 +72,7 @@
</p><p>
CTDB can run without a recovery lock but this is not recommended
as there will be no protection from split brains.
- </p></div><div class="refsect1"><a name="idp54092272"></a><h2>Private vs Public addresses</h2><p>
+ </p></div><div class="refsect1"><a name="idp53893632"></a><h2>Private vs Public addresses</h2><p>
Each node in a CTDB cluster has multiple IP addresses assigned
to it:
@@ -83,7 +83,7 @@
One or more public IP addresses that are used to provide
NAS or other services.
</p></li></ul></div><p>
- </p><div class="refsect2"><a name="idp54095648"></a><h3>Private address</h3><p>
+ </p><div class="refsect2"><a name="idp53897008"></a><h3>Private address</h3><p>
Each node is configured with a unique, permanently assigned
private address. This address is configured by the operating
system. This address uniquely identifies a physical node in
@@ -117,7 +117,7 @@
192.168.1.2
192.168.1.3
192.168.1.4
- </pre></div><div class="refsect2"><a name="idp54103168"></a><h3>Public addresses</h3><p>
+ </pre></div><div class="refsect2"><a name="idp49115808"></a><h3>Public addresses</h3><p>
Public addresses are used to provide services to clients.
Public addresses are not configured at the operating system
level and are not permanently associated with a particular
@@ -188,7 +188,7 @@
</p><p>
The <span class="command"><strong>ctdb ip</strong></span> command can be used to view the
current assignment of public addresses to physical nodes.
- </p></div></div><div class="refsect1"><a name="idp48934336"></a><h2>Node status</h2><p>
+ </p></div></div><div class="refsect1"><a name="idp49127968"></a><h2>Node status</h2><p>
The current status of each node in the cluster can be viewed by the
<span class="command"><strong>ctdb status</strong></span> command.
</p><p>
@@ -233,7 +233,7 @@
like a healthy (OK) node. Some interfaces to serve public
addresses are down, but at least one interface is up. See
also <span class="command"><strong>ctdb ifaces</strong></span>.
- </p></dd></dl></div></div><div class="refsect1"><a name="idp48978496"></a><h2>CAPABILITIES</h2><p>
+ </p></dd></dl></div></div><div class="refsect1"><a name="idp49087984"></a><h2>CAPABILITIES</h2><p>
Cluster nodes can have several different capabilities enabled.
These are listed below.
</p><div class="variablelist"><dl class="variablelist"><dt><span class="term">RECMASTER</span></dt><dd><p>
@@ -252,7 +252,7 @@
The RECMASTER and LMASTER capabilities can be disabled when CTDB
is used to create a cluster spanning across WAN links. In this
case CTDB acts as a WAN accelerator.
- </p></div><div class="refsect1"><a name="idp48985200"></a><h2>LVS</h2><p>
+ </p></div><div class="refsect1"><a name="idp49142256"></a><h2>LVS</h2><p>
LVS is a mode where CTDB presents one single IP address for the
entire cluster. This is an alternative to using public IP
addresses and round-robin DNS to loadbalance clients across the
@@ -326,7 +326,7 @@
reachable from a node <span class="emphasis"><em>before</em></span> you enable
LVS. Also ensure that outgoing traffic to these hosts is routed
out through the configured public interface.
- </p><div class="refsect2"><a name="idp49004224"></a><h3>Configuration</h3><p>
+ </p><div class="refsect2"><a name="idp49156560"></a><h3>Configuration</h3><p>
To activate LVS on a CTDB node you must specify the
<code class="varname">CTDB_LVS_PUBLIC_IFACE</code>,
<code class="varname">CTDB_LVS_PUBLIC_IP</code> and
@@ -360,7 +360,7 @@
192.168.1.2
192.168.1.3
192.168.1.4 slave-only
- </pre></div></div><div class="refsect1"><a name="idp49012560"></a><h2>TRACKING AND RESETTING TCP CONNECTIONS</h2><p>
+ </pre></div></div><div class="refsect1"><a name="idp55056864"></a><h2>TRACKING AND RESETTING TCP CONNECTIONS</h2><p>
CTDB tracks TCP connections from clients to public IP addresses,
on known ports. When an IP address moves from one node to
another, all existing TCP connections to that IP address are
@@ -373,7 +373,7 @@
a release and take of a public IP address on the same node.
Such connections can get out of sync with sequence and ACK
numbers, potentially causing a disruptive ACK storm.
- </p></div><div class="refsect1"><a name="idp54958912"></a><h2>NAT GATEWAY</h2><p>
+ </p></div><div class="refsect1"><a name="idp55059632"></a><h2>NAT GATEWAY</h2><p>
NAT gateway (NATGW) is an optional feature that is used to
configure fallback routing for nodes. This allows cluster nodes
to connect to external services (e.g. DNS, AD, NIS and LDAP)
@@ -390,7 +390,7 @@
extra static IP address to a public interface on every node.
This is simpler but it uses an extra IP address per node, while
NAT gateway generally uses only one extra IP address.
- </p><div class="refsect2"><a name="idp54961600"></a><h3>Operation</h3><p>
+ </p><div class="refsect2"><a name="idp55062320"></a><h3>Operation</h3><p>
One extra NATGW public address is assigned on the public
network to each NATGW group. Each NATGW group is a set of
nodes in the cluster that shares the same NATGW address to
@@ -411,7 +411,7 @@
public IP address and routes outgoing connections from
slave nodes via this IP address. It also establishes a
fallback default route.
- </p></div><div class="refsect2"><a name="idp54964608"></a><h3>Configuration</h3><p>
+ </p></div><div class="refsect2"><a name="idp55065328"></a><h3>Configuration</h3><p>
NATGW is usually configured similar to the following example configuration:
</p><pre class="screen">
CTDB_NATGW_NODES=/usr/local/etc/ctdb/natgw_nodes
@@ -430,7 +430,7 @@
See the <em class="citetitle">NAT GATEWAY</em> section in
<span class="citerefentry"><span class="refentrytitle">ctdbd.conf</span>(5)</span> for more details of
NATGW configuration.
- </p></div><div class="refsect2"><a name="idp54969376"></a><h3>Implementation details</h3><p>
+ </p></div><div class="refsect2"><a name="idp55070096"></a><h3>Implementation details</h3><p>
When the NATGW functionality is used, one of the nodes is
selected to act as a NAT gateway for all the other nodes in
the group when they need to communicate with the external
@@ -465,7 +465,7 @@
eventscript. Please see the eventscript file and the
<em class="citetitle">NAT GATEWAY</em> section in
<span class="citerefentry"><span class="refentrytitle">ctdbd.conf</span>(5)</span> for more details.
- </p></div></div><div class="refsect1"><a name="idp54977200"></a><h2>POLICY ROUTING</h2><p>
+ </p></div></div><div class="refsect1"><a name="idp55077920"></a><h2>POLICY ROUTING</h2><p>
Policy routing is an optional CTDB feature to support complex
network topologies. Public addresses may be spread across
several different networks (or VLANs) and it may not be possible
@@ -475,7 +475,7 @@
This allows routing to be specified for packets sourced from
each public address. The routes are added and removed as CTDB
moves public addresses between nodes.
- </p><div class="refsect2"><a name="idp54979424"></a><h3>Configuration variables</h3><p>
+ </p><div class="refsect2"><a name="idp55080144"></a><h3>Configuration variables</h3><p>
There are 4 configuration variables related to policy routing:
<code class="varname">CTDB_PER_IP_ROUTING_CONF</code>,
<code class="varname">CTDB_PER_IP_ROUTING_RULE_PREF</code>,
@@ -483,7 +483,7 @@
<code class="varname">CTDB_PER_IP_ROUTING_TABLE_ID_HIGH</code>. See the
<em class="citetitle">POLICY ROUTING</em> section in
<span class="citerefentry"><span class="refentrytitle">ctdbd.conf</span>(5)</span> for more details.
- </p></div><div class="refsect2"><a name="idp54983472"></a><h3>Configuration</h3><p>
+ </p></div><div class="refsect2"><a name="idp55084112"></a><h3>Configuration</h3><p>
The format of each line of
<code class="varname">CTDB_PER_IP_ROUTING_CONF</code> is:
</p><pre class="screen">
@@ -545,7 +545,7 @@
</p><pre class="screen">
192.168.1.0/24 dev eth2 scope link
default via 192.168.1.1 dev eth2
- </pre></div><div class="refsect2"><a name="idp54998768"></a><h3>Sample configuration</h3><p>
+ </pre></div><div class="refsect2"><a name="idp55099328"></a><h3>Sample configuration</h3><p>
Here is a more complete example configuration.
</p><pre class="screen">
/usr/local/etc/ctdb/public_addresses:
@@ -565,7 +565,7 @@
The routes local packets as expected, the default route is as
previously discussed, but packets to 192.168.200.0/24 are
routed via the alternate gateway 192.168.1.254.
- </p></div></div><div class="refsect1"><a name="idp55001632"></a><h2>NOTIFICATION SCRIPT</h2><p>
+ </p></div></div><div class="refsect1"><a name="idp55102192"></a><h2>NOTIFICATION SCRIPT</h2><p>
When certain state changes occur in CTDB, it can be configured
to perform arbitrary actions via a notification script. For
example, sending SNMP traps or emails when a node becomes
@@ -581,9 +581,9 @@
</p><p>
CTDB currently generates notifications after CTDB changes to
these states:
- </p><table border="0" summary="Simple list" class="simplelist"><tr><td>init</td></tr><tr><td>setup</td></tr><tr><td>startup</td></tr><tr><td>healthy</td></tr><tr><td>unhealthy</td></tr></table></div><div class="refsect1"><a name="idp55008656"></a><h2>DEBUG LEVELS</h2><p>
+ </p><table border="0" summary="Simple list" class="simplelist"><tr><td>init</td></tr><tr><td>setup</td></tr><tr><td>startup</td></tr><tr><td>healthy</td></tr><tr><td>unhealthy</td></tr></table></div><div class="refsect1"><a name="idp55109136"></a><h2>DEBUG LEVELS</h2><p>
Valid values for DEBUGLEVEL are:
- </p><table border="0" summary="Simple list" class="simplelist"><tr><td>ERR (0)</td></tr><tr><td>WARNING (1)</td></tr><tr><td>NOTICE (2)</td></tr><tr><td>INFO (3)</td></tr><tr><td>DEBUG (4)</td></tr></table></div><div class="refsect1"><a name="idp55012352"></a><h2>REMOTE CLUSTER NODES</h2><p>
+ </p><table border="0" summary="Simple list" class="simplelist"><tr><td>ERR (0)</td></tr><tr><td>WARNING (1)</td></tr><tr><td>NOTICE (2)</td></tr><tr><td>INFO (3)</td></tr><tr><td>DEBUG (4)</td></tr></table></div><div class="refsect1"><a name="idp55112832"></a><h2>REMOTE CLUSTER NODES</h2><p>
It is possible to have a CTDB cluster that spans across a WAN link.
For example where you have a CTDB cluster in your datacentre but you also
want to have one additional CTDB node located at a remote branch site.
@@ -612,7 +612,7 @@
</p><p>
Verify with the command "ctdb getcapabilities" that that node no longer
has the recmaster or the lmaster capabilities.
- </p></div><div class="refsect1"><a name="idp55017680"></a><h2>SEE ALSO</h2><p>
+ </p></div><div class="refsect1"><a name="idp55118080"></a><h2>SEE ALSO</h2><p>
<span class="citerefentry"><span class="refentrytitle">ctdb</span>(1)</span>,
<span class="citerefentry"><span class="refentrytitle">ctdbd</span>(1)</span>,
diff -Nru samba-4.5.8+dfsg/ctdb/doc/ctdbd.1 samba-4.5.12+dfsg/ctdb/doc/ctdbd.1
--- samba-4.5.8+dfsg/ctdb/doc/ctdbd.1 2016-10-24 21:44:54.000000000 +0200
+++ samba-4.5.12+dfsg/ctdb/doc/ctdbd.1 2016-07-28 14:05:05.000000000 +0200
@@ -2,12 +2,12 @@
.\" Title: ctdbd
.\" Author:
.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\" Date: 10/24/2016
+.\" Date: 07/28/2016
.\" Manual: CTDB - clustered TDB database
.\" Source: ctdb
.\" Language: English
.\"
-.TH "CTDBD" "1" "10/24/2016" "ctdb" "CTDB \- clustered TDB database"
+.TH "CTDBD" "1" "07/28/2016" "ctdb" "CTDB \- clustered TDB database"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -Nru samba-4.5.8+dfsg/ctdb/doc/ctdbd.1.html samba-4.5.12+dfsg/ctdb/doc/ctdbd.1.html
--- samba-4.5.8+dfsg/ctdb/doc/ctdbd.1.html 2016-10-24 21:44:54.000000000 +0200
+++ samba-4.5.12+dfsg/ctdb/doc/ctdbd.1.html 2016-07-28 14:05:05.000000000 +0200
@@ -1,11 +1,11 @@
-<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>ctdbd</title><meta name="generator" content="DocBook XSL Stylesheets V1.78.1"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry"><a name="ctdbd.1"></a><div class="titlepage"></div><div class="refnamediv"><h2>Name</h2><p>ctdbd — The CTDB cluster daemon</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><code class="command">ctdbd</code> [<em class="replaceable"><code>OPTION</code></em>...]</p></div></div><div class="refsect1"><a name="idp53514240"></a><h2>DESCRIPTION</h2><p>
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>ctdbd</title><meta name="generator" content="DocBook XSL Stylesheets V1.78.1"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry"><a name="ctdbd.1"></a><div class="titlepage"></div><div class="refnamediv"><h2>Name</h2><p>ctdbd — The CTDB cluster daemon</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><code class="command">ctdbd</code> [<em class="replaceable"><code>OPTION</code></em>...]</p></div></div><div class="refsect1"><a name="idp54334608"></a><h2>DESCRIPTION</h2><p>
ctdbd is the main CTDB daemon.
</p><p>
Note that ctdbd is not usually invoked directly. It is invoked
via <span class="citerefentry"><span class="refentrytitle">ctdbd_wrapper</span>(1)</span> or via the initscript.
</p><p>
See <span class="citerefentry"><span class="refentrytitle">ctdb</span>(7)</span> for an overview of CTDB.
- </p></div><div class="refsect1"><a name="idp53540288"></a><h2>GENERAL OPTIONS</h2><div class="variablelist"><dl class="variablelist"><dt><span class="term">-d, --debug=<em class="parameter"><code>DEBUGLEVEL</code></em></span></dt><dd><p>
+ </p></div><div class="refsect1"><a name="idp50549952"></a><h2>GENERAL OPTIONS</h2><div class="variablelist"><dl class="variablelist"><dt><span class="term">-d, --debug=<em class="parameter"><code>DEBUGLEVEL</code></em></span></dt><dd><p>
This option sets the debug level to DEBUGLEVEL, which
controls what will be written by the logging
subsystem. The default is 2.
@@ -193,7 +193,7 @@
The "infiniband" support is not regularly tested.
</p></dd><dt><span class="term">-?, --help</span></dt><dd><p>
Display a summary of options.
- </p></dd></dl></div></div><div class="refsect1"><a name="idp55091856"></a><h2>DEBUGGING OPTIONS</h2><div class="variablelist"><dl class="variablelist"><dt><span class="term">-i, --interactive</span></dt><dd><p>
+ </p></dd></dl></div></div><div class="refsect1"><a name="idp55831584"></a><h2>DEBUGGING OPTIONS</h2><div class="variablelist"><dl class="variablelist"><dt><span class="term">-i, --interactive</span></dt><dd><p>
Enable interactive mode. This will make ctdbd run in the
foreground and not detach from the terminal. By default
ctdbd will detach itself and run in the background as a
@@ -250,7 +250,7 @@
This is a debugging option. This option is only used when
debugging ctdbd. This enables additional debugging
capabilities and implies --nosetsched.
- </p></dd></dl></div></div><div class="refsect1"><a name="idp55113344"></a><h2>SEE ALSO</h2><p>
+ </p></dd></dl></div></div><div class="refsect1"><a name="idp55853072"></a><h2>SEE ALSO</h2><p>
<span class="citerefentry"><span class="refentrytitle">ctdb</span>(1)</span>,
<span class="citerefentry"><span class="refentrytitle">ctdbd_wrapper</span>(1)</span>,
diff -Nru samba-4.5.8+dfsg/ctdb/doc/ctdbd.conf.5 samba-4.5.12+dfsg/ctdb/doc/ctdbd.conf.5
--- samba-4.5.8+dfsg/ctdb/doc/ctdbd.conf.5 2016-10-24 21:44:56.000000000 +0200
+++ samba-4.5.12+dfsg/ctdb/doc/ctdbd.conf.5 2016-07-28 14:05:07.000000000 +0200
@@ -2,12 +2,12 @@
.\" Title: ctdbd.conf
.\" Author:
.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\" Date: 10/24/2016
+.\" Date: 07/28/2016
.\" Manual: CTDB - clustered TDB database
.\" Source: ctdb
.\" Language: English
.\"
-.TH "CTDBD\&.CONF" "5" "10/24/2016" "ctdb" "CTDB \- clustered TDB database"
+.TH "CTDBD\&.CONF" "5" "07/28/2016" "ctdb" "CTDB \- clustered TDB database"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -Nru samba-4.5.8+dfsg/ctdb/doc/ctdbd.conf.5.html samba-4.5.12+dfsg/ctdb/doc/ctdbd.conf.5.html
--- samba-4.5.8+dfsg/ctdb/doc/ctdbd.conf.5.html 2016-10-24 21:44:56.000000000 +0200
+++ samba-4.5.12+dfsg/ctdb/doc/ctdbd.conf.5.html 2016-07-28 14:05:07.000000000 +0200
@@ -1,4 +1,4 @@
-<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>ctdbd.conf</title><meta name="generator" content="DocBook XSL Stylesheets V1.78.1"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry"><a name="ctdbd.conf.5"></a><div class="titlepage"></div><div class="refnamediv"><h2>Name</h2><p>ctdbd.conf — CTDB daemon configuration file</p></div><div class="refsect1"><a name="idp57162592"></a><h2>DESCRIPTION</h2><p>
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>ctdbd.conf</title><meta name="generator" content="DocBook XSL Stylesheets V1.78.1"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry"><a name="ctdbd.conf.5"></a><div class="titlepage"></div><div class="refnamediv"><h2>Name</h2><p>ctdbd.conf — CTDB daemon configuration file</p></div><div class="refsect1"><a name="idp51821952"></a><h2>DESCRIPTION</h2><p>
This file contains CTDB configuration variables that are affect
the operation of CTDB. The default location of this file is
<code class="filename">/usr/local/etc/ctdb/ctdbd.conf</code>.
@@ -17,7 +17,7 @@
A historical alternative is
<code class="filename">/usr/local/etc/ctdb/sysconfig/ctdb</code> - this is
deprecated.
- </p></div><div class="refsect1"><a name="idp55886976"></a><h2>
+ </p></div><div class="refsect1"><a name="idp50156576"></a><h2>
INITSCRIPT CONFIGURATION
</h2><p>
Some options must be available to the initscript so they need to
@@ -32,14 +32,14 @@
</p><p>
Default is <code class="filename">/usr/local/var/run/ctdb/ctdbd.pid</code>.
Corresponds to <code class="option">--pidfile</code>.
- </p></dd></dl></div></div><div class="refsect1"><a name="idp52398880"></a><h2>
+ </p></dd></dl></div></div><div class="refsect1"><a name="idp53890800"></a><h2>
GLOBAL CONFIGURATION
</h2><p>
These options may be used in the initscripts, daemon and
scripts.
</p><div class="variablelist"><dl class="variablelist"><dt><span class="term">CTDB_BASE=<em class="parameter"><code>DIRECTORY</code></em></span></dt><dd><p>
DIRECTORY containing CTDB scripts and configuration files.
- </p></dd></dl></div></div><div class="refsect1"><a name="idp57007296"></a><h2>
+ </p></dd></dl></div></div><div class="refsect1"><a name="idp53894512"></a><h2>
DAEMON CONFIGURATION
</h2><p>
Variables in this section are processed by
@@ -214,7 +214,7 @@
"setup" event before this timeout then it is killed.
</p><p>
Defaults is 10.
- </p></dd></dl></div></div><div class="refsect1"><a name="idp57882464"></a><h2>NETWORK CONFIGURATION</h2><div class="refsect2"><a name="idp57883104"></a><h3>NAT GATEWAY</h3><p>
+ </p></dd></dl></div></div><div class="refsect1"><a name="idp55068560"></a><h2>NETWORK CONFIGURATION</h2><div class="refsect2"><a name="idp55069200"></a><h3>NAT GATEWAY</h3><p>
NAT gateway is used to configure fallback routing for nodes
when they do not host any public IP addresses. For example,
it allows unhealthy nodes to reliably communicate with
@@ -298,7 +298,7 @@
route to avoid this.
</p><p>
No default.
- </p></dd></dl></div><div class="refsect3"><a name="idp57909328"></a><h4>Example</h4><pre class="screen">
+ </p></dd></dl></div><div class="refsect3"><a name="idp55095424"></a><h4>Example</h4><pre class="screen">
CTDB_NATGW_NODES=/usr/local/etc/ctdb/natgw_nodes
CTDB_NATGW_PRIVATE_NETWORK=192.168.1.0/24
CTDB_NATGW_DEFAULT_GATEWAY=10.0.0.1
@@ -317,7 +317,7 @@
</pre><p>
Note that <code class="varname">CTDB_NATGW_DEFAULT_GATEWAY</code> is
not specified.
- </p></div></div><div class="refsect2"><a name="idp57913232"></a><h3>POLICY ROUTING</h3><p>
+ </p></div></div><div class="refsect2"><a name="idp55099328"></a><h3>POLICY ROUTING</h3><p>
A node running CTDB may be a component of a complex network
topology. In particular, public addresses may be spread
across several different networks (or VLANs) and it may not be
@@ -381,15 +381,15 @@
manipulate).
</p><p>
No default, usually 1000 and 9000.
- </p></dd></dl></div><div class="refsect3"><a name="idp57935168"></a><h4>Example</h4><pre class="screen">
+ </p></dd></dl></div><div class="refsect3"><a name="idp55121264"></a><h4>Example</h4><pre class="screen">
CTDB_PER_IP_ROUTING_CONF=/usr/local/etc/ctdb/policy_routing
CTDB_PER_IP_ROUTING_RULE_PREF=100
CTDB_PER_IP_ROUTING_TABLE_ID_LOW=1000
CTDB_PER_IP_ROUTING_TABLE_ID_HIGH=9000
- </pre></div></div><div class="refsect2"><a name="idp57936880"></a><h3>LVS</h3><p>
+ </pre></div></div><div class="refsect2"><a name="idp55122976"></a><h3>LVS</h3><p>
For a general description see the <em class="citetitle">LVS</em>
section in <span class="citerefentry"><span class="refentrytitle">ctdb</span>(7)</span>.
- </p><div class="refsect3"><a name="idp57939184"></a><h4>Eventscript</h4><table border="0" summary="Simple list" class="simplelist"><tr><td><code class="filename">91.lvs</code></td></tr></table></div><div class="variablelist"><dl class="variablelist"><dt><span class="term">CTDB_LVS_NODES=<em class="parameter"><code>FILENAME</code></em></span></dt><dd><p>
+ </p><div class="refsect3"><a name="idp55125280"></a><h4>Eventscript</h4><table border="0" summary="Simple list" class="simplelist"><tr><td><code class="filename">91.lvs</code></td></tr></table></div><div class="variablelist"><dl class="variablelist"><dt><span class="term">CTDB_LVS_NODES=<em class="parameter"><code>FILENAME</code></em></span></dt><dd><p>
FILENAME contains the list of nodes that belong to the
same LVS group.
</p><p>
@@ -417,7 +417,7 @@
</p></dd><dt><span class="term">CTDB_LVS_PUBLIC_IP=<em class="parameter"><code>IPADDR</code></em></span></dt><dd><p>
CTDB_LVS_PUBLIC_IP is the LVS public address. No
default.
- </p></dd></dl></div></div><div class="refsect2"><a name="idp57953536"></a><h3>MISCELLANEOUS NETWORK CONFIGURATION</h3><div class="variablelist"><dl class="variablelist"><dt><span class="term">CTDB_PARTIALLY_ONLINE_INTERFACES=yes|no</span></dt><dd><p>
+ </p></dd></dl></div></div><div class="refsect2"><a name="idp55139536"></a><h3>MISCELLANEOUS NETWORK CONFIGURATION</h3><div class="variablelist"><dl class="variablelist"><dt><span class="term">CTDB_PARTIALLY_ONLINE_INTERFACES=yes|no</span></dt><dd><p>
Whether one or more offline interfaces should cause a
monitor event to fail if there are other interfaces that
are up. If this is "yes" and a node has some interfaces
@@ -430,7 +430,7 @@
to be up.
</p><p>
Default is "no".
- </p></dd></dl></div></div></div><div class="refsect1"><a name="idp57958288"></a><h2>SERVICE CONFIGURATION</h2><p>
+ </p></dd></dl></div></div></div><div class="refsect1"><a name="idp55144288"></a><h2>SERVICE CONFIGURATION</h2><p>
CTDB can be configured to manage and/or monitor various NAS (and
other) services via its eventscripts.
</p><p>
@@ -439,7 +439,7 @@
monitor the service and CTDB will do any required
reconfiguration of the service when public IP addresses are
failed over.
- </p><div class="refsect2"><a name="idp57960144"></a><h3>SAMBA</h3><div class="refsect3"><a name="idp57960784"></a><h4>Eventscripts</h4><table border="0" summary="Simple list" class="simplelist"><tr><td><code class="filename">49.winbind</code></td></tr><tr><td><code class="filename">50.samba</code></td></tr></table></div><div class="variablelist"><dl class="variablelist"><dt><span class="term">CTDB_MANAGES_SAMBA=yes|no</span></dt><dd><p>
+ </p><div class="refsect2"><a name="idp55146144"></a><h3>SAMBA</h3><div class="refsect3"><a name="idp55146784"></a><h4>Eventscripts</h4><table border="0" summary="Simple list" class="simplelist"><tr><td><code class="filename">49.winbind</code></td></tr><tr><td><code class="filename">50.samba</code></td></tr></table></div><div class="variablelist"><dl class="variablelist"><dt><span class="term">CTDB_MANAGES_SAMBA=yes|no</span></dt><dd><p>
Should CTDB manage Samba?
</p><p>
Default is no.
@@ -471,11 +471,11 @@
Distribution specific SERVICE for managing winbindd.
</p><p>
Default is "winbind".
- </p></dd></dl></div></div><div class="refsect2"><a name="idp57980288"></a><h3>NFS</h3><p>
+ </p></dd></dl></div></div><div class="refsect2"><a name="idp55166288"></a><h3>NFS</h3><p>
This includes parameters for the kernel NFS server.
Alternative NFS subsystems (such as <a class="ulink" href="https://github.com/nfs-ganesha/nfs-ganesha/wiki" target="_top">NFS-Ganesha</a>)
can be integrated using <code class="varname">CTDB_NFS_CALLOUT</code>.
- </p><div class="refsect3"><a name="idp57982432"></a><h4>Eventscript</h4><table border="0" summary="Simple list" class="simplelist"><tr><td><code class="filename">60.nfs</code></td></tr></table></div><div class="variablelist"><dl class="variablelist"><dt><span class="term">CTDB_MANAGES_NFS=yes|no</span></dt><dd><p>
+ </p><div class="refsect3"><a name="idp55168432"></a><h4>Eventscript</h4><table border="0" summary="Simple list" class="simplelist"><tr><td><code class="filename">60.nfs</code></td></tr></table></div><div class="variablelist"><dl class="variablelist"><dt><span class="term">CTDB_MANAGES_NFS=yes|no</span></dt><dd><p>
Should CTDB manage NFS?
</p><p>
Default is no.
@@ -515,16 +515,16 @@
</p></dd><dt><span class="term">CTDB_NFS_STATE_MNT=<em class="parameter"><code>DIR</code></em></span></dt><dd><p>
The directory where a clustered NFS' shared state will be
located. No default.
- </p></dd></dl></div></div><div class="refsect2"><a name="idp58005744"></a><h3>APACHE HTTPD</h3><p>
+ </p></dd></dl></div></div><div class="refsect2"><a name="idp55191744"></a><h3>APACHE HTTPD</h3><p>
CTDB can manage the Apache web server.
- </p><div class="refsect3"><a name="idp58006768"></a><h4>Eventscript</h4><table border="0" summary="Simple list" class="simplelist"><tr><td><code class="filename">41.httpd</code></td></tr></table></div><div class="variablelist"><dl class="variablelist"><dt><span class="term">CTDB_MANAGES_HTTPD=yes|no</span></dt><dd><p>
+ </p><div class="refsect3"><a name="idp55192768"></a><h4>Eventscript</h4><table border="0" summary="Simple list" class="simplelist"><tr><td><code class="filename">41.httpd</code></td></tr></table></div><div class="variablelist"><dl class="variablelist"><dt><span class="term">CTDB_MANAGES_HTTPD=yes|no</span></dt><dd><p>
Should CTDB manage the Apache web server?
</p><p>
Default is no.
- </p></dd></dl></div></div><div class="refsect2"><a name="idp58011344"></a><h3>CLAMAV</h3><p>
+ </p></dd></dl></div></div><div class="refsect2"><a name="idp55197344"></a><h3>CLAMAV</h3><p>
CTDB has support to manage the popular anti-virus daemon
ClamAV.
- </p><div class="refsect3"><a name="idp58012464"></a><h4>Eventscript</h4><table border="0" summary="Simple list" class="simplelist"><tr><td><code class="filename">31.clamd</code></td></tr></table><p>
+ </p><div class="refsect3"><a name="idp55198464"></a><h4>Eventscript</h4><table border="0" summary="Simple list" class="simplelist"><tr><td><code class="filename">31.clamd</code></td></tr></table><p>
This eventscript is not enabled by default. Use
<span class="command"><strong>ctdb enablescript</strong></span> to enable it.
</p></div><div class="variablelist"><dl class="variablelist"><dt><span class="term">CTDB_MANAGES_CLAMD=yes|no</span></dt><dd><p>
@@ -535,9 +535,9 @@
FILENAME is the socket to monitor ClamAV.
</p><p>
No default.
- </p></dd></dl></div></div><div class="refsect2"><a name="idp58020544"></a><h3>ISCSI</h3><p>
+ </p></dd></dl></div></div><div class="refsect2"><a name="idp55206544"></a><h3>ISCSI</h3><p>
CTDB has support for managing the Linux iSCSI tgtd service.
- </p><div class="refsect3"><a name="idp58021648"></a><h4>Eventscript</h4><table border="0" summary="Simple list" class="simplelist"><tr><td><code class="filename">70.iscsi</code></td></tr></table></div><div class="variablelist"><dl class="variablelist"><dt><span class="term">CTDB_MANAGES_ISCSI=yes|no</span></dt><dd><p>
+ </p><div class="refsect3"><a name="idp55207648"></a><h4>Eventscript</h4><table border="0" summary="Simple list" class="simplelist"><tr><td><code class="filename">70.iscsi</code></td></tr></table></div><div class="variablelist"><dl class="variablelist"><dt><span class="term">CTDB_MANAGES_ISCSI=yes|no</span></dt><dd><p>
Should CTDB manage iSCSI tgtd?
</p><p>
Default is no.
@@ -546,23 +546,23 @@
tgtd for each public IP address.
</p><p>
No default.
- </p></dd></dl></div></div><div class="refsect2"><a name="idp58028768"></a><h3>MULTIPATHD</h3><p>
+ </p></dd></dl></div></div><div class="refsect2"><a name="idp55214768"></a><h3>MULTIPATHD</h3><p>
CTDB can monitor multipath devices to ensure that active paths
are available.
- </p><div class="refsect3"><a name="idp58029888"></a><h4>Eventscript</h4><table border="0" summary="Simple list" class="simplelist"><tr><td><code class="filename">20.multipathd</code></td></tr></table><p>
+ </p><div class="refsect3"><a name="idp55215888"></a><h4>Eventscript</h4><table border="0" summary="Simple list" class="simplelist"><tr><td><code class="filename">20.multipathd</code></td></tr></table><p>
This eventscript is not enabled by default. Use
<span class="command"><strong>ctdb enablescript</strong></span> to enable it.
</p></div><div class="variablelist"><dl class="variablelist"><dt><span class="term">CTDB_MONITOR_MPDEVICES=<em class="parameter"><code>MP-DEVICE-LIST</code></em></span></dt><dd><p>
MP-DEVICE-LIST is a list of multipath devices for CTDB to monitor?
</p><p>
No default.
- </p></dd></dl></div></div><div class="refsect2"><a name="idp58036144"></a><h3>VSFTPD</h3><p>
+ </p></dd></dl></div></div><div class="refsect2"><a name="idp55222144"></a><h3>VSFTPD</h3><p>
CTDB can manage the vsftpd FTP server.
- </p><div class="refsect3"><a name="idp58037168"></a><h4>Eventscript</h4><table border="0" summary="Simple list" class="simplelist"><tr><td><code class="filename">40.vsftpd</code></td></tr></table></div><div class="variablelist"><dl class="variablelist"><dt><span class="term">CTDB_MANAGES_VSFTPD=yes|no</span></dt><dd><p>
+ </p><div class="refsect3"><a name="idp55223168"></a><h4>Eventscript</h4><table border="0" summary="Simple list" class="simplelist"><tr><td><code class="filename">40.vsftpd</code></td></tr></table></div><div class="variablelist"><dl class="variablelist"><dt><span class="term">CTDB_MANAGES_VSFTPD=yes|no</span></dt><dd><p>
Should CTDB manage the vsftpd FTP server?
</p><p>
Default is no.
- </p></dd></dl></div></div><div class="refsect2"><a name="idp58041744"></a><h3>
+ </p></dd></dl></div></div><div class="refsect2"><a name="idp55227744"></a><h3>
SYSTEM RESOURCE MONITORING CONFIGURATION
</h3><p>
CTDB can experience seemingly random (performance and other)
@@ -575,7 +575,7 @@
Some checks are enabled by default. It is recommended that
these checks remain enabled or are augmented by extra checks.
There is no supported way of completely disabling the checks.
- </p><div class="refsect3"><a name="idp58043728"></a><h4>Eventscripts</h4><table border="0" summary="Simple list" class="simplelist"><tr><td><code class="filename">05.system</code></td></tr></table><p>
+ </p><div class="refsect3"><a name="idp55229728"></a><h4>Eventscripts</h4><table border="0" summary="Simple list" class="simplelist"><tr><td><code class="filename">05.system</code></td></tr></table><p>
Filesystem and memory usage monitoring is in
<code class="filename">05.system</code>.
</p></div><div class="variablelist"><dl class="variablelist"><dt><span class="term">CTDB_MONITOR_FILESYSTEM_USAGE=<em class="parameter"><code>FS-LIMIT-LIST</code></em></span></dt><dd><p>
@@ -614,7 +614,7 @@
</p><p>
Default is 25, so warnings will be logged when swap
usage reaches 25%.
- </p></dd></dl></div></div><div class="refsect2"><a name="idp58061888"></a><h3>MISCELLANEOUS SERVICE-RELATED CONFIGURATION</h3><div class="variablelist"><dl class="variablelist"><dt><span class="term">CTDB_MANAGED_SERVICES=<em class="parameter"><code>SERVICE-LIST</code></em></span></dt><dd><p>
+ </p></dd></dl></div></div><div class="refsect2"><a name="idp55247888"></a><h3>MISCELLANEOUS SERVICE-RELATED CONFIGURATION</h3><div class="variablelist"><dl class="variablelist"><dt><span class="term">CTDB_MANAGED_SERVICES=<em class="parameter"><code>SERVICE-LIST</code></em></span></dt><dd><p>
SERVICE-LIST is a space-separated list of SERVICEs that
CTDB should manage. This can be used as an alternative
to the
@@ -627,7 +627,7 @@
managed or unmanaged.
</p><p>
Default is no.
- </p></dd></dl></div></div></div><div class="refsect1"><a name="idp58068416"></a><h2>
+ </p></dd></dl></div></div></div><div class="refsect1"><a name="idp55254416"></a><h2>
TUNABLES CONFIGURATION
</h2><p>
CTDB tunables (see
@@ -643,7 +643,7 @@
</p><pre class="screen">
CTDB_SET_MonitorInterval=20
</pre><p>
- </p></div><div class="refsect1"><a name="idp58073200"></a><h2>
+ </p></div><div class="refsect1"><a name="idp55259200"></a><h2>
DEBUG AND TEST
</h2><p>
Variable in this section are for debugging and testing CTDB.
@@ -750,7 +750,7 @@
runtime.
</p><p>
Defaults to <code class="filename">/usr/local/var/lib/ctdb</code>.
- </p></dd></dl></div></div><div class="refsect1"><a name="idp58121616"></a><h2>FILES</h2><table border="0" summary="Simple list" class="simplelist"><tr><td><code class="filename">/usr/local/etc/ctdb/ctdbd.conf</code></td></tr><tr><td><code class="filename">/etc/sysconfig/ctdb</code></td></tr><tr><td><code class="filename">/etc/default/ctdb</code></td></tr><tr><td><code class="filename">/usr/local/etc/ctdb/sysconfig/ctdb</code></td></tr></table></div><div class="refsect1"><a name="idp58126016"></a><h2>SEE ALSO</h2><p>
+ </p></dd></dl></div></div><div class="refsect1"><a name="idp55307616"></a><h2>FILES</h2><table border="0" summary="Simple list" class="simplelist"><tr><td><code class="filename">/usr/local/etc/ctdb/ctdbd.conf</code></td></tr><tr><td><code class="filename">/etc/sysconfig/ctdb</code></td></tr><tr><td><code class="filename">/etc/default/ctdb</code></td></tr><tr><td><code class="filename">/usr/local/etc/ctdb/sysconfig/ctdb</code></td></tr></table></div><div class="refsect1"><a name="idp55312016"></a><h2>SEE ALSO</h2><p>
<span class="citerefentry"><span class="refentrytitle">ctdbd</span>(1)</span>,
<span class="citerefentry"><span class="refentrytitle">ctdbd_wrapper</span>(1)</span>,
diff -Nru samba-4.5.8+dfsg/ctdb/doc/ctdb_diagnostics.1 samba-4.5.12+dfsg/ctdb/doc/ctdb_diagnostics.1
--- samba-4.5.8+dfsg/ctdb/doc/ctdb_diagnostics.1 2016-10-24 21:44:53.000000000 +0200
+++ samba-4.5.12+dfsg/ctdb/doc/ctdb_diagnostics.1 2016-07-28 14:05:04.000000000 +0200
@@ -2,12 +2,12 @@
.\" Title: ctdb_diagnostics
.\" Author:
.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\" Date: 10/24/2016
+.\" Date: 07/28/2016
.\" Manual: CTDB - clustered TDB database
.\" Source: ctdb
.\" Language: English
.\"
-.TH "CTDB_DIAGNOSTICS" "1" "10/24/2016" "ctdb" "CTDB \- clustered TDB database"
+.TH "CTDB_DIAGNOSTICS" "1" "07/28/2016" "ctdb" "CTDB \- clustered TDB database"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -Nru samba-4.5.8+dfsg/ctdb/doc/ctdb_diagnostics.1.html samba-4.5.12+dfsg/ctdb/doc/ctdb_diagnostics.1.html
--- samba-4.5.8+dfsg/ctdb/doc/ctdb_diagnostics.1.html 2016-10-24 21:44:54.000000000 +0200
+++ samba-4.5.12+dfsg/ctdb/doc/ctdb_diagnostics.1.html 2016-07-28 14:05:05.000000000 +0200
@@ -1,10 +1,10 @@
-<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>ctdb_diagnostics</title><meta name="generator" content="DocBook XSL Stylesheets V1.78.1"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry"><a name="ctdb_diagnostics.1"></a><div class="titlepage"></div><div class="refnamediv"><h2>Name</h2><p>ctdb_diagnostics — dump diagnostic information about CTDB/Samba installation</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><code class="command">ctdb_diagnostics</code> [OPTIONS] ... </p></div></div><div class="refsect1"><a name="idp51553344"></a><h2>DESCRIPTION</h2><p>
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>ctdb_diagnostics</title><meta name="generator" content="DocBook XSL Stylesheets V1.78.1"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry"><a name="ctdb_diagnostics.1"></a><div class="titlepage"></div><div class="refnamediv"><h2>Name</h2><p>ctdb_diagnostics — dump diagnostic information about CTDB/Samba installation</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><code class="command">ctdb_diagnostics</code> [OPTIONS] ... </p></div></div><div class="refsect1"><a name="idp53382064"></a><h2>DESCRIPTION</h2><p>
ctdb_diagnostics is used to dump diagnostic information about a
clustered Samba installation. This includes configuration
files, output of relevant commands and logs. This information
can be used to check the correctness of the configuration and to
diagnose problems.
- </p></div><div class="refsect1"><a name="idp53511312"></a><h2>OPTIONS</h2><div class="variablelist"><dl class="variablelist"><dt><span class="term">-n <nodes></span></dt><dd><p>
+ </p></div><div class="refsect1"><a name="idp53996944"></a><h2>OPTIONS</h2><div class="variablelist"><dl class="variablelist"><dt><span class="term">-n <nodes></span></dt><dd><p>
Comma separated list of nodes to operate on
</p></dd><dt><span class="term">-c</span></dt><dd><p>
Ignore comment lines (starting with '#') in file comparisons
@@ -12,7 +12,7 @@
Ignore whitespace in file comparisons
</p></dd><dt><span class="term">--no-ads</span></dt><dd><p>
Do not use commands that assume an Active Directory Server
- </p></dd></dl></div></div><div class="refsect1"><a name="idp51176224"></a><h2>SEE ALSO</h2><p>
+ </p></dd></dl></div></div><div class="refsect1"><a name="idp53724064"></a><h2>SEE ALSO</h2><p>
<span class="citerefentry"><span class="refentrytitle">ctdb</span>(1)</span>,
<span class="citerefentry"><span class="refentrytitle">ctdb</span>(7)</span>,
<a class="ulink" href="https://ctdb.samba.org/" target="_top">https://ctdb.samba.org/</a>
diff -Nru samba-4.5.8+dfsg/ctdb/doc/ctdbd_wrapper.1 samba-4.5.12+dfsg/ctdb/doc/ctdbd_wrapper.1
--- samba-4.5.8+dfsg/ctdb/doc/ctdbd_wrapper.1 2016-10-24 21:44:54.000000000 +0200
+++ samba-4.5.12+dfsg/ctdb/doc/ctdbd_wrapper.1 2016-07-28 14:05:05.000000000 +0200
@@ -2,12 +2,12 @@
.\" Title: ctdbd_wrapper
.\" Author:
.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\" Date: 10/24/2016
+.\" Date: 07/28/2016
.\" Manual: CTDB - clustered TDB database
.\" Source: ctdb
.\" Language: English
.\"
-.TH "CTDBD_WRAPPER" "1" "10/24/2016" "ctdb" "CTDB \- clustered TDB database"
+.TH "CTDBD_WRAPPER" "1" "07/28/2016" "ctdb" "CTDB \- clustered TDB database"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -Nru samba-4.5.8+dfsg/ctdb/doc/ctdbd_wrapper.1.html samba-4.5.12+dfsg/ctdb/doc/ctdbd_wrapper.1.html
--- samba-4.5.8+dfsg/ctdb/doc/ctdbd_wrapper.1.html 2016-10-24 21:44:54.000000000 +0200
+++ samba-4.5.12+dfsg/ctdb/doc/ctdbd_wrapper.1.html 2016-07-28 14:05:05.000000000 +0200
@@ -1,4 +1,4 @@
-<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>ctdbd_wrapper</title><meta name="generator" content="DocBook XSL Stylesheets V1.78.1"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry"><a name="ctdbd_wrapper.1"></a><div class="titlepage"></div><div class="refnamediv"><h2>Name</h2><p>ctdbd_wrapper — Wrapper for ctdbd</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><code class="command">ctdbd_wrapper</code> {<em class="replaceable"><code>PIDFILE</code></em>} { start | stop }</p></div></div><div class="refsect1"><a name="idp53449616"></a><h2>DESCRIPTION</h2><p>
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>ctdbd_wrapper</title><meta name="generator" content="DocBook XSL Stylesheets V1.78.1"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry"><a name="ctdbd_wrapper.1"></a><div class="titlepage"></div><div class="refnamediv"><h2>Name</h2><p>ctdbd_wrapper — Wrapper for ctdbd</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><code class="command">ctdbd_wrapper</code> {<em class="replaceable"><code>PIDFILE</code></em>} { start | stop }</p></div></div><div class="refsect1"><a name="idp53021808"></a><h2>DESCRIPTION</h2><p>
ctdbd_wrapper is used to start or stop the main CTDB daemon.
</p><p>
<em class="replaceable"><code>PIDFILE</code></em> specifies the location of the
@@ -9,7 +9,7 @@
<span class="citerefentry"><span class="refentrytitle">ctdbd.conf</span>(5)</span>.
</p><p>
See <span class="citerefentry"><span class="refentrytitle">ctdb</span>(7)</span> for an overview of CTDB.
- </p></div><div class="refsect1"><a name="idp50034528"></a><h2>SEE ALSO</h2><p>
+ </p></div><div class="refsect1"><a name="idp54553952"></a><h2>SEE ALSO</h2><p>
<span class="citerefentry"><span class="refentrytitle">ctdbd</span>(1)</span>,
<span class="citerefentry"><span class="refentrytitle">ctdbd.conf</span>(5)</span>,
diff -Nru samba-4.5.8+dfsg/ctdb/doc/ctdb-statistics.7 samba-4.5.12+dfsg/ctdb/doc/ctdb-statistics.7
--- samba-4.5.8+dfsg/ctdb/doc/ctdb-statistics.7 2016-10-24 21:44:57.000000000 +0200
+++ samba-4.5.12+dfsg/ctdb/doc/ctdb-statistics.7 2016-07-28 14:05:08.000000000 +0200
@@ -2,12 +2,12 @@
.\" Title: ctdb-statistics
.\" Author:
.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\" Date: 10/24/2016
+.\" Date: 07/28/2016
.\" Manual: CTDB - clustered TDB database
.\" Source: ctdb
.\" Language: English
.\"
-.TH "CTDB\-STATISTICS" "7" "10/24/2016" "ctdb" "CTDB \- clustered TDB database"
+.TH "CTDB\-STATISTICS" "7" "07/28/2016" "ctdb" "CTDB \- clustered TDB database"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -Nru samba-4.5.8+dfsg/ctdb/doc/ctdb-statistics.7.html samba-4.5.12+dfsg/ctdb/doc/ctdb-statistics.7.html
--- samba-4.5.8+dfsg/ctdb/doc/ctdb-statistics.7.html 2016-10-24 21:44:57.000000000 +0200
+++ samba-4.5.12+dfsg/ctdb/doc/ctdb-statistics.7.html 2016-07-28 14:05:08.000000000 +0200
@@ -1,10 +1,10 @@
-<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>ctdb-statistics</title><meta name="generator" content="DocBook XSL Stylesheets V1.78.1"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry"><a name="ctdb-statistics.7"></a><div class="titlepage"></div><div class="refnamediv"><h2>Name</h2><p>ctdb-statistics — CTDB statistics output</p></div><div class="refsect1"><a name="idp51736928"></a><h2>OVERALL STATISTICS</h2><p>
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>ctdb-statistics</title><meta name="generator" content="DocBook XSL Stylesheets V1.78.1"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry"><a name="ctdb-statistics.7"></a><div class="titlepage"></div><div class="refnamediv"><h2>Name</h2><p>ctdb-statistics — CTDB statistics output</p></div><div class="refsect1"><a name="idp56986160"></a><h2>OVERALL STATISTICS</h2><p>
CTDB maintains information about various messages communicated
and some of the important operations per node. See the
<span class="citerefentry"><span class="refentrytitle">ctdb</span>(1)</span> commands
<span class="command"><strong>statistics</strong></span> and <span class="command"><strong>statisticsreset</strong></span>
for displaying statistics.
- </p><div class="refsect2"><a name="idp53602192"></a><h3>Example: ctdb statistics</h3><pre class="screen">
+ </p><div class="refsect2"><a name="idp57414512"></a><h3>Example: ctdb statistics</h3><pre class="screen">
CTDB version 1
Current time of statistics : Fri Sep 12 13:32:32 2014
Statistics collected since : (000 01:49:20) Fri Sep 12 11:43:12 2014
@@ -55,151 +55,151 @@
reclock_recd MIN/AVG/MAX 0.000000/0.000000/0.000000 sec out of 0
call_latency MIN/AVG/MAX 0.000006/0.000719/4.562991 sec out of 126626
childwrite_latency MIN/AVG/MAX 0.014527/0.014527/0.014527 sec out of 1
- </pre></div><div class="refsect2"><a name="idp52335104"></a><h3>CTDB version</h3><p>
+ </pre></div><div class="refsect2"><a name="idp56217280"></a><h3>CTDB version</h3><p>
Version of the ctdb protocol used by the node.
- </p></div><div class="refsect2"><a name="idp52375424"></a><h3>Current time of statistics</h3><p>
+ </p></div><div class="refsect2"><a name="idp57148592"></a><h3>Current time of statistics</h3><p>
Time when the statistics are generated.
</p><p>
This is useful when collecting statistics output periodically
for post-processing.
- </p></div><div class="refsect2"><a name="idp52189088"></a><h3>Statistics collected since</h3><p>
+ </p></div><div class="refsect2"><a name="idp58302496"></a><h3>Statistics collected since</h3><p>
Time when ctdb was started or the last time statistics was reset.
The output shows the duration and the timestamp.
- </p></div><div class="refsect2"><a name="idp52514544"></a><h3>num_clients</h3><p>
+ </p></div><div class="refsect2"><a name="idp58400256"></a><h3>num_clients</h3><p>
Number of processes currently connected to CTDB's unix socket.
This includes recovery daemon, ctdb tool and samba processes
(smbd, winbindd).
- </p></div><div class="refsect2"><a name="idp51634192"></a><h3>frozen</h3><p>
+ </p></div><div class="refsect2"><a name="idp56435520"></a><h3>frozen</h3><p>
1 if the the databases are currently frozen, 0 otherwise.
- </p></div><div class="refsect2"><a name="idp52151008"></a><h3>recovering</h3><p>
+ </p></div><div class="refsect2"><a name="idp58533648"></a><h3>recovering</h3><p>
1 if recovery is active, 0 otherwise.
- </p></div><div class="refsect2"><a name="idp50006640"></a><h3>num_recoveries</h3><p>
+ </p></div><div class="refsect2"><a name="idp57018336"></a><h3>num_recoveries</h3><p>
Number of recoveries since the start of ctdb or since the last
statistics reset.
- </p></div><div class="refsect2"><a name="idp49088672"></a><h3>client_packets_sent</h3><p>
+ </p></div><div class="refsect2"><a name="idp54484384"></a><h3>client_packets_sent</h3><p>
Number of packets sent to client processes via unix domain socket.
- </p></div><div class="refsect2"><a name="idp49089856"></a><h3>client_packets_recv</h3><p>
+ </p></div><div class="refsect2"><a name="idp54404224"></a><h3>client_packets_recv</h3><p>
Number of packets received from client processes via unix domain socket.
- </p></div><div class="refsect2"><a name="idp49091040"></a><h3>node_packets_sent</h3><p>
+ </p></div><div class="refsect2"><a name="idp54405408"></a><h3>node_packets_sent</h3><p>
Number of packets sent to the other nodes in the cluster via TCP.
- </p></div><div class="refsect2"><a name="idp50939712"></a><h3>node_packets_recv</h3><p>
+ </p></div><div class="refsect2"><a name="idp54446336"></a><h3>node_packets_recv</h3><p>
Number of packets received from the other nodes in the cluster via TCP.
- </p></div><div class="refsect2"><a name="idp50940896"></a><h3>keepalive_packets_sent</h3><p>
+ </p></div><div class="refsect2"><a name="idp54447520"></a><h3>keepalive_packets_sent</h3><p>
Number of keepalive messages sent to other nodes.
</p><p>
CTDB periodically sends keepalive messages to other nodes.
See <em class="citetitle">KeepaliveInterval</em> tunable in
<span class="citerefentry"><span class="refentrytitle">ctdb-tunables</span>(7)</span> for more details.
- </p></div><div class="refsect2"><a name="idp50943840"></a><h3>keepalive_packets_recv</h3><p>
+ </p></div><div class="refsect2"><a name="idp54450464"></a><h3>keepalive_packets_recv</h3><p>
Number of keepalive messages received from other nodes.
- </p></div><div class="refsect2"><a name="idp50945024"></a><h3>node</h3><p>
+ </p></div><div class="refsect2"><a name="idp54451648"></a><h3>node</h3><p>
This section lists various types of messages processed which
originated from other nodes via TCP.
- </p><div class="refsect3"><a name="idp50946208"></a><h4>req_call</h4><p>
+ </p><div class="refsect3"><a name="idp54452832"></a><h4>req_call</h4><p>
Number of REQ_CALL messages from the other nodes.
- </p></div><div class="refsect3"><a name="idp50947392"></a><h4>reply_call</h4><p>
+ </p></div><div class="refsect3"><a name="idp55253984"></a><h4>reply_call</h4><p>
Number of REPLY_CALL messages from the other nodes.
- </p></div><div class="refsect3"><a name="idp50948576"></a><h4>req_dmaster</h4><p>
+ </p></div><div class="refsect3"><a name="idp55255168"></a><h4>req_dmaster</h4><p>
Number of REQ_DMASTER messages from the other nodes.
- </p></div><div class="refsect3"><a name="idp50949760"></a><h4>reply_dmaster</h4><p>
+ </p></div><div class="refsect3"><a name="idp55256432"></a><h4>reply_dmaster</h4><p>
Number of REPLY_DMASTER messages from the other nodes.
- </p></div><div class="refsect3"><a name="idp50950944"></a><h4>reply_error</h4><p>
+ </p></div><div class="refsect3"><a name="idp55257696"></a><h4>reply_error</h4><p>
Number of REPLY_ERROR messages from the other nodes.
- </p></div><div class="refsect3"><a name="idp50952128"></a><h4>req_message</h4><p>
+ </p></div><div class="refsect3"><a name="idp55258960"></a><h4>req_message</h4><p>
Number of REQ_MESSAGE messages from the other nodes.
- </p></div><div class="refsect3"><a name="idp50953392"></a><h4>req_control</h4><p>
+ </p></div><div class="refsect3"><a name="idp55260224"></a><h4>req_control</h4><p>
Number of REQ_CONTROL messages from the other nodes.
- </p></div><div class="refsect3"><a name="idp50954656"></a><h4>reply_control</h4><p>
+ </p></div><div class="refsect3"><a name="idp54321472"></a><h4>reply_control</h4><p>
Number of REPLY_CONTROL messages from the other nodes.
- </p></div></div><div class="refsect2"><a name="idp48968896"></a><h3>client</h3><p>
+ </p></div></div><div class="refsect2"><a name="idp54322864"></a><h3>client</h3><p>
This section lists various types of messages processed which
originated from clients via unix domain socket.
- </p><div class="refsect3"><a name="idp48970080"></a><h4>req_call</h4><p>
+ </p><div class="refsect3"><a name="idp54324048"></a><h4>req_call</h4><p>
Number of REQ_CALL messages from the clients.
- </p></div><div class="refsect3"><a name="idp48971344"></a><h4>req_message</h4><p>
+ </p></div><div class="refsect3"><a name="idp54325312"></a><h4>req_message</h4><p>
Number of REQ_MESSAGE messages from the clients.
- </p></div><div class="refsect3"><a name="idp48972608"></a><h4>req_control</h4><p>
+ </p></div><div class="refsect3"><a name="idp54326576"></a><h4>req_control</h4><p>
Number of REQ_CONTROL messages from the clients.
- </p></div></div><div class="refsect2"><a name="idp48974000"></a><h3>timeouts</h3><p>
+ </p></div></div><div class="refsect2"><a name="idp54327968"></a><h3>timeouts</h3><p>
This section lists timeouts occurred when sending various messages.
- </p><div class="refsect3"><a name="idp48975152"></a><h4>call</h4><p>
+ </p><div class="refsect3"><a name="idp54329120"></a><h4>call</h4><p>
Number of timeouts for REQ_CALL messages.
- </p></div><div class="refsect3"><a name="idp48976416"></a><h4>control</h4><p>
+ </p></div><div class="refsect3"><a name="idp54330384"></a><h4>control</h4><p>
Number of timeouts for REQ_CONTROL messages.
- </p></div><div class="refsect3"><a name="idp48977680"></a><h4>traverse</h4><p>
+ </p></div><div class="refsect3"><a name="idp54331648"></a><h4>traverse</h4><p>
Number of timeouts for database traverse operations.
- </p></div></div><div class="refsect2"><a name="idp48979072"></a><h3>locks</h3><p>
+ </p></div></div><div class="refsect2"><a name="idp54333040"></a><h3>locks</h3><p>
This section lists locking statistics.
- </p><div class="refsect3"><a name="idp48980128"></a><h4>num_calls</h4><p>
+ </p><div class="refsect3"><a name="idp54334096"></a><h4>num_calls</h4><p>
Number of completed lock calls. This includes database locks
and record locks.
- </p></div><div class="refsect3"><a name="idp48981424"></a><h4>num_current</h4><p>
+ </p></div><div class="refsect3"><a name="idp54335280"></a><h4>num_current</h4><p>
Number of scheduled lock calls. This includes database locks
and record locks.
- </p></div><div class="refsect3"><a name="idp48982720"></a><h4>num_pending</h4><p>
+ </p></div><div class="refsect3"><a name="idp54336576"></a><h4>num_pending</h4><p>
Number of queued lock calls. This includes database locks and
record locks.
- </p></div><div class="refsect3"><a name="idp48984016"></a><h4>num_failed</h4><p>
+ </p></div><div class="refsect3"><a name="idp54337872"></a><h4>num_failed</h4><p>
Number of failed lock calls. This includes database locks and
record locks.
- </p></div></div><div class="refsect2"><a name="idp48990144"></a><h3>total_calls</h3><p>
+ </p></div></div><div class="refsect2"><a name="idp54344208"></a><h3>total_calls</h3><p>
Number of req_call messages processed from clients. This number
should be same as client --> req_call.
- </p></div><div class="refsect2"><a name="idp48991424"></a><h3>pending_calls</h3><p>
+ </p></div><div class="refsect2"><a name="idp54345520"></a><h3>pending_calls</h3><p>
Number of req_call messages which are currenly being processed.
This number indicates the number of record migrations in flight.
- </p></div><div class="refsect2"><a name="idp48992768"></a><h3>childwrite_calls</h3><p>
+ </p></div><div class="refsect2"><a name="idp54346864"></a><h3>childwrite_calls</h3><p>
Number of record update calls. Record update calls are used to
update a record under a transaction.
- </p></div><div class="refsect2"><a name="idp48994080"></a><h3>pending_childwrite_calls</h3><p>
+ </p></div><div class="refsect2"><a name="idp54348176"></a><h3>pending_childwrite_calls</h3><p>
Number of record update calls currently active.
- </p></div><div class="refsect2"><a name="idp48995312"></a><h3>memory_used</h3><p>
+ </p></div><div class="refsect2"><a name="idp54349456"></a><h3>memory_used</h3><p>
The amount of memory in bytes currently used by CTDB using
talloc. This includes all the memory used for CTDB's internal
data structures. This does not include the memory mapped TDB
databases.
- </p></div><div class="refsect2"><a name="idp48996720"></a><h3>max_hop_count</h3><p>
+ </p></div><div class="refsect2"><a name="idp54350864"></a><h3>max_hop_count</h3><p>
The maximum number of hops required for a record migration request
to obtain the record. High numbers indicate record contention.
- </p></div><div class="refsect2"><a name="idp48998064"></a><h3>total_ro_delegations</h3><p>
+ </p></div><div class="refsect2"><a name="idp54352208"></a><h3>total_ro_delegations</h3><p>
Number of readonly delegations created.
- </p></div><div class="refsect2"><a name="idp48999248"></a><h3>total_ro_revokes</h3><p>
+ </p></div><div class="refsect2"><a name="idp54353392"></a><h3>total_ro_revokes</h3><p>
Number of readonly delegations that were revoked. The difference
between total_ro_revokes and total_ro_delegations gives the
number of currently active readonly delegations.
- </p></div><div class="refsect2"><a name="idp49000640"></a><h3>hop_count_buckets</h3><p>
+ </p></div><div class="refsect2"><a name="idp54354784"></a><h3>hop_count_buckets</h3><p>
Distribution of migration requests based on hop counts values.
Buckets are 1, < 4, < 8, < 16, < 32, < 64, <
128, < 256, < 512, ≥ 512.
- </p></div><div class="refsect2"><a name="idp49002064"></a><h3>lock_buckets</h3><p>
+ </p></div><div class="refsect2"><a name="idp54356048"></a><h3>lock_buckets</h3><p>
Distribution of record lock requests based on time required to
obtain locks. Buckets are < 1ms, < 10ms, < 100ms,
< 1s, < 2s, < 4s, < 8s, < 16s, < 32s, <
64s, ≥ 64s.
- </p></div><div class="refsect2"><a name="idp49003456"></a><h3>locks_latency</h3><p>
+ </p></div><div class="refsect2"><a name="idp54357728"></a><h3>locks_latency</h3><p>
The minimum, the average and the maximum time (in seconds)
required to obtain record locks.
- </p></div><div class="refsect2"><a name="idp49004720"></a><h3>reclock_ctdbd</h3><p>
+ </p></div><div class="refsect2"><a name="idp54358992"></a><h3>reclock_ctdbd</h3><p>
The minimum, the average and the maximum time (in seconds)
required to check if recovery lock is still held by recovery
daemon when recovery mode is changed. This check is done in ctdb daemon.
- </p></div><div class="refsect2"><a name="idp49006096"></a><h3>reclock_recd</h3><p>
+ </p></div><div class="refsect2"><a name="idp54360368"></a><h3>reclock_recd</h3><p>
The minimum, the average and the maximum time (in seconds)
required to check if recovery lock is still held by recovery
daemon during recovery. This check is done in recovery daemon.
- </p></div><div class="refsect2"><a name="idp49008240"></a><h3>call_latency</h3><p>
+ </p></div><div class="refsect2"><a name="idp54362512"></a><h3>call_latency</h3><p>
The minimum, the average and the maximum time (in seconds) required
to process a REQ_CALL message from client. This includes the time
required to migrate a record from remote node, if the record is
not available on the local node.
- </p></div><div class="refsect2"><a name="idp49009680"></a><h3>childwrite_latency</h3><p>Default: 0</p><p>
+ </p></div><div class="refsect2"><a name="idp54363952"></a><h3>childwrite_latency</h3><p>Default: 0</p><p>
The minimum, the average and the maximum time (in seconds)
required to update records under a transaction.
- </p></div></div><div class="refsect1"><a name="idp49011536"></a><h2>DATABASE STATISTICS</h2><p>
+ </p></div></div><div class="refsect1"><a name="idp54365808"></a><h2>DATABASE STATISTICS</h2><p>
CTDB maintains per database statistics about important operations.
See the <span class="citerefentry"><span class="refentrytitle">ctdb</span>(1)</span> command
<span class="command"><strong>dbstatistics</strong></span> for displaying database statistics.
- </p><div class="refsect2"><a name="idp54878976"></a><h3>Example: ctdb dbstatistics notify_index.tdb</h3><pre class="screen">
+ </p><div class="refsect2"><a name="idp59896224"></a><h3>Example: ctdb dbstatistics notify_index.tdb</h3><pre class="screen">
DB Statistics: notify_index.tdb
ro_delegations 0
ro_revokes 0
@@ -215,45 +215,45 @@
Count:7 Key:2f636c75737465726673
Count:18 Key:2f636c757374657266732f64617461
Count:7 Key:2f636c757374657266732f646174612f636c69656e7473
- </pre></div><div class="refsect2"><a name="idp54881008"></a><h3>DB Statistics</h3><p>
+ </pre></div><div class="refsect2"><a name="idp59898256"></a><h3>DB Statistics</h3><p>
Name of the database.
- </p></div><div class="refsect2"><a name="idp54882160"></a><h3>ro_delegations</h3><p>
+ </p></div><div class="refsect2"><a name="idp59899408"></a><h3>ro_delegations</h3><p>
Number of readonly delegations created in the database.
- </p></div><div class="refsect2"><a name="idp54883312"></a><h3>ro_revokes</h3><p>
+ </p></div><div class="refsect2"><a name="idp59900560"></a><h3>ro_revokes</h3><p>
Number of readonly delegations revoked. The difference in
ro_delegations and ro_revokes indicates the currently active
readonly delegations.
- </p></div><div class="refsect2"><a name="idp54884640"></a><h3>locks</h3><p>
+ </p></div><div class="refsect2"><a name="idp59901888"></a><h3>locks</h3><p>
This section lists locking statistics.
- </p><div class="refsect3"><a name="idp54885664"></a><h4>total</h4><p>
+ </p><div class="refsect3"><a name="idp59902912"></a><h4>total</h4><p>
Number of completed lock calls. This includes database locks
and record locks.
- </p></div><div class="refsect3"><a name="idp54886928"></a><h4>failed</h4><p>
+ </p></div><div class="refsect3"><a name="idp59904176"></a><h4>failed</h4><p>
Number of failed lock calls. This includes database locks and
record locks.
- </p></div><div class="refsect3"><a name="idp54888192"></a><h4>current</h4><p>
+ </p></div><div class="refsect3"><a name="idp59905440"></a><h4>current</h4><p>
Number of scheduled lock calls. This includes database locks
and record locks.
- </p></div><div class="refsect3"><a name="idp54889456"></a><h4>pending</h4><p>
+ </p></div><div class="refsect3"><a name="idp59906704"></a><h4>pending</h4><p>
Number of queued lock calls. This includes database locks and
record locks.
- </p></div></div><div class="refsect2"><a name="idp54890848"></a><h3>hop_count_buckets</h3><p>
+ </p></div></div><div class="refsect2"><a name="idp59908096"></a><h3>hop_count_buckets</h3><p>
Distribution of migration requests based on hop counts values.
Buckets are 1, < 4, < 8, < 16, < 32, < 64, <
128, < 256, < 512, ≥ 512.
- </p></div><div class="refsect2"><a name="idp54892208"></a><h3>lock_buckets</h3><p>
+ </p></div><div class="refsect2"><a name="idp59909456"></a><h3>lock_buckets</h3><p>
Distribution of record lock requests based on time required to
obtain locks. Buckets are < 1ms, < 10ms, < 100ms,
< 1s, < 2s, < 4s, < 8s, < 16s, < 32s, <
64s, ≥ 64s.
- </p></div><div class="refsect2"><a name="idp54893632"></a><h3>locks_latency</h3><p>
+ </p></div><div class="refsect2"><a name="idp59910880"></a><h3>locks_latency</h3><p>
The minimum, the average and the maximum time (in seconds)
required to obtain record locks.
- </p></div><div class="refsect2"><a name="idp54894896"></a><h3>Num Hot Keys</h3><p>
+ </p></div><div class="refsect2"><a name="idp59912144"></a><h3>Num Hot Keys</h3><p>
Number of contended records determined by hop count. CTDB keeps
track of top 10 hot records and the output shows hex encoded
keys for the hot records.
- </p></div></div><div class="refsect1"><a name="idp54896368"></a><h2>SEE ALSO</h2><p>
+ </p></div></div><div class="refsect1"><a name="idp59913616"></a><h2>SEE ALSO</h2><p>
<span class="citerefentry"><span class="refentrytitle">ctdb</span>(1)</span>,
<span class="citerefentry"><span class="refentrytitle">ctdbd</span>(1)</span>,
diff -Nru samba-4.5.8+dfsg/ctdb/doc/ctdb-tunables.7 samba-4.5.12+dfsg/ctdb/doc/ctdb-tunables.7
--- samba-4.5.8+dfsg/ctdb/doc/ctdb-tunables.7 2016-10-24 21:44:57.000000000 +0200
+++ samba-4.5.12+dfsg/ctdb/doc/ctdb-tunables.7 2016-07-28 14:05:08.000000000 +0200
@@ -2,12 +2,12 @@
.\" Title: ctdb-tunables
.\" Author:
.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\" Date: 10/24/2016
+.\" Date: 07/28/2016
.\" Manual: CTDB - clustered TDB database
.\" Source: ctdb
.\" Language: English
.\"
-.TH "CTDB\-TUNABLES" "7" "10/24/2016" "ctdb" "CTDB \- clustered TDB database"
+.TH "CTDB\-TUNABLES" "7" "07/28/2016" "ctdb" "CTDB \- clustered TDB database"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -Nru samba-4.5.8+dfsg/ctdb/doc/ctdb-tunables.7.html samba-4.5.12+dfsg/ctdb/doc/ctdb-tunables.7.html
--- samba-4.5.8+dfsg/ctdb/doc/ctdb-tunables.7.html 2016-10-24 21:44:57.000000000 +0200
+++ samba-4.5.12+dfsg/ctdb/doc/ctdb-tunables.7.html 2016-07-28 14:05:08.000000000 +0200
@@ -1,4 +1,4 @@
-<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>ctdb-tunables</title><meta name="generator" content="DocBook XSL Stylesheets V1.78.1"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry"><a name="ctdb-tunables.7"></a><div class="titlepage"></div><div class="refnamediv"><h2>Name</h2><p>ctdb-tunables — CTDB tunable configuration variables</p></div><div class="refsect1"><a name="idp51736928"></a><h2>DESCRIPTION</h2><p>
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>ctdb-tunables</title><meta name="generator" content="DocBook XSL Stylesheets V1.78.1"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry"><a name="ctdb-tunables.7"></a><div class="titlepage"></div><div class="refnamediv"><h2>Name</h2><p>ctdb-tunables — CTDB tunable configuration variables</p></div><div class="refsect1"><a name="idp53685360"></a><h2>DESCRIPTION</h2><p>
CTDB's behaviour can be configured by setting run-time tunable
variables. This lists and describes all tunables. See the
<span class="citerefentry"><span class="refentrytitle">ctdb</span>(1)</span>
@@ -6,37 +6,37 @@
<span class="command"><strong>getvar</strong></span> commands for more details.
</p><p>
The tunable variables are listed alphabetically.
- </p><div class="refsect2"><a name="idp52744848"></a><h3>AllowClientDBAttach</h3><p>Default: 1</p><p>
+ </p><div class="refsect2"><a name="idp52870560"></a><h3>AllowClientDBAttach</h3><p>Default: 1</p><p>
When set to 0, clients are not allowed to attach to any databases.
This can be used to temporarily block any new processes from
attaching to and accessing the databases. This is mainly used
for detaching a volatile database using 'ctdb detach'.
- </p></div><div class="refsect2"><a name="idp52375424"></a><h3>AllowUnhealthyDBRead</h3><p>Default: 0</p><p>
+ </p></div><div class="refsect2"><a name="idp53408816"></a><h3>AllowUnhealthyDBRead</h3><p>Default: 0</p><p>
When set to 1, ctdb allows database traverses to read unhealthy
databases. By default, ctdb does not allow reading records from
unhealthy databases.
- </p></div><div class="refsect2"><a name="idp51755456"></a><h3>ControlTimeout</h3><p>Default: 60</p><p>
+ </p></div><div class="refsect2"><a name="idp51204704"></a><h3>ControlTimeout</h3><p>Default: 60</p><p>
This is the default setting for timeout for when sending a
control message to either the local or a remote ctdb daemon.
- </p></div><div class="refsect2"><a name="idp53604368"></a><h3>DatabaseHashSize</h3><p>Default: 100001</p><p>
+ </p></div><div class="refsect2"><a name="idp53489536"></a><h3>DatabaseHashSize</h3><p>Default: 100001</p><p>
Number of the hash chains for the local store of the tdbs that
ctdb manages.
- </p></div><div class="refsect2"><a name="idp53442928"></a><h3>DatabaseMaxDead</h3><p>Default: 5</p><p>
+ </p></div><div class="refsect2"><a name="idp49129360"></a><h3>DatabaseMaxDead</h3><p>Default: 5</p><p>
Maximum number of dead records per hash chain for the tdb databses
managed by ctdb.
- </p></div><div class="refsect2"><a name="idp50004960"></a><h3>DBRecordCountWarn</h3><p>Default: 100000</p><p>
+ </p></div><div class="refsect2"><a name="idp49047616"></a><h3>DBRecordCountWarn</h3><p>Default: 100000</p><p>
When set to non-zero, ctdb will log a warning during recovery if
a database has more than this many records. This will produce a
warning if a database grows uncontrollably with orphaned records.
- </p></div><div class="refsect2"><a name="idp50006784"></a><h3>DBRecordSizeWarn</h3><p>Default: 10000000</p><p>
+ </p></div><div class="refsect2"><a name="idp49049440"></a><h3>DBRecordSizeWarn</h3><p>Default: 10000000</p><p>
When set to non-zero, ctdb will log a warning during recovery
if a single record is bigger than this size. This will produce
a warning if a database record grows uncontrollably.
- </p></div><div class="refsect2"><a name="idp49089280"></a><h3>DBSizeWarn</h3><p>Default: 1000000000</p><p>
+ </p></div><div class="refsect2"><a name="idp49091168"></a><h3>DBSizeWarn</h3><p>Default: 1000000000</p><p>
When set to non-zero, ctdb will log a warning during recovery if
a database size is bigger than this. This will produce a warning
if a database grows uncontrollably.
- </p></div><div class="refsect2"><a name="idp49091072"></a><h3>DeferredAttachTO</h3><p>Default: 120</p><p>
+ </p></div><div class="refsect2"><a name="idp49092960"></a><h3>DeferredAttachTO</h3><p>Default: 120</p><p>
When databases are frozen we do not allow clients to attach to
the databases. Instead of returning an error immediately to the
client, the attach request from the client is deferred until
@@ -45,7 +45,7 @@
</p><p>
This timeout controls how long we will defer the request from the
client before timing it out and returning an error to the client.
- </p></div><div class="refsect2"><a name="idp50940960"></a><h3>DeterministicIPs</h3><p>Default: 0</p><p>
+ </p></div><div class="refsect2"><a name="idp49095392"></a><h3>DeterministicIPs</h3><p>Default: 0</p><p>
When set to 1, ctdb will try to keep public IP addresses locked
to specific nodes as far as possible. This makes it easier
for debugging since you can know that as long as all nodes are
@@ -56,7 +56,7 @@
of public IP assignment changes in the cluster. This tunable may
increase the number of IP failover/failbacks that are performed
on the cluster by a small margin.
- </p></div><div class="refsect2"><a name="idp50943536"></a><h3>DisableIPFailover</h3><p>Default: 0</p><p>
+ </p></div><div class="refsect2"><a name="idp49097968"></a><h3>DisableIPFailover</h3><p>Default: 0</p><p>
When set to non-zero, ctdb will not perform failover or
failback. Even if a node fails while holding public IPs, ctdb
will not recover the IPs or assign them to another node.
@@ -66,19 +66,19 @@
nodes. This leads to a service outage until the administrator
has manually performed IP failover to replacement nodes using the
'ctdb moveip' command.
- </p></div><div class="refsect2"><a name="idp50946032"></a><h3>ElectionTimeout</h3><p>Default: 3</p><p>
+ </p></div><div class="refsect2"><a name="idp50047616"></a><h3>ElectionTimeout</h3><p>Default: 3</p><p>
The number of seconds to wait for the election of recovery
master to complete. If the election is not completed during this
interval, then that round of election fails and ctdb starts a
new election.
- </p></div><div class="refsect2"><a name="idp50947856"></a><h3>EnableBans</h3><p>Default: 1</p><p>
+ </p></div><div class="refsect2"><a name="idp50049408"></a><h3>EnableBans</h3><p>Default: 1</p><p>
This parameter allows ctdb to ban a node if the node is misbehaving.
</p><p>
When set to 0, this disables banning completely in the cluster
and thus nodes can not get banned, even it they break. Don't
set to 0 unless you know what you are doing. You should set
this to the same value on all nodes to avoid unexpected behaviour.
- </p></div><div class="refsect2"><a name="idp50950112"></a><h3>EventScriptTimeout</h3><p>Default: 30</p><p>
+ </p></div><div class="refsect2"><a name="idp50051664"></a><h3>EventScriptTimeout</h3><p>Default: 30</p><p>
Maximum time in seconds to allow an event to run before timing
out. This is the total time for all enabled scripts that are
run for an event, not just a single event script.
@@ -87,7 +87,7 @@
"releaseip", "startrecovery", "recovered") and converted to
success. The logic here is that the callers of these events
implement their own additional timeout.
- </p></div><div class="refsect2"><a name="idp50952544"></a><h3>FetchCollapse</h3><p>Default: 1</p><p>
+ </p></div><div class="refsect2"><a name="idp50054096"></a><h3>FetchCollapse</h3><p>Default: 1</p><p>
This parameter is used to avoid multiple migration requests for
the same record from a single node. All the record requests for
the same record are queued up and processed when the record is
@@ -100,7 +100,7 @@
bounce that record around very fast, and poor performance.
This can improve performance and reduce CPU utilization for
certain workloads.
- </p></div><div class="refsect2"><a name="idp50955216"></a><h3>HopcountMakeSticky</h3><p>Default: 50</p><p>
+ </p></div><div class="refsect2"><a name="idp48969392"></a><h3>HopcountMakeSticky</h3><p>Default: 50</p><p>
For database(s) marked STICKY (using 'ctdb setdbsticky'),
any record that is migrating so fast that hopcount
exceeds this limit is marked as STICKY record for
@@ -112,10 +112,10 @@
This will improve performance for certain workloads, such as
locking.tdb if many clients are opening/closing the same file
concurrently.
- </p></div><div class="refsect2"><a name="idp48971248"></a><h3>KeepaliveInterval</h3><p>Default: 5</p><p>
+ </p></div><div class="refsect2"><a name="idp48972656"></a><h3>KeepaliveInterval</h3><p>Default: 5</p><p>
How often in seconds should the nodes send keep-alive packets to
each other.
- </p></div><div class="refsect2"><a name="idp48972848"></a><h3>KeepaliveLimit</h3><p>Default: 5</p><p>
+ </p></div><div class="refsect2"><a name="idp48974256"></a><h3>KeepaliveLimit</h3><p>Default: 5</p><p>
After how many keepalive intervals without any traffic should
a node wait until marking the peer as DISCONNECTED.
</p><p>
@@ -126,31 +126,31 @@
a recovery. This limit should not be set too high to enable
early detection and avoid any application timeouts (e.g. SMB1)
to kick in before the fail over is completed.
- </p></div><div class="refsect2"><a name="idp48976160"></a><h3>LCP2PublicIPs</h3><p>Default: 1</p><p>
+ </p></div><div class="refsect2"><a name="idp48977520"></a><h3>LCP2PublicIPs</h3><p>Default: 1</p><p>
When set to 1, ctdb uses the LCP2 ip allocation algorithm.
- </p></div><div class="refsect2"><a name="idp48977760"></a><h3>LockProcessesPerDB</h3><p>Default: 200</p><p>
+ </p></div><div class="refsect2"><a name="idp48979120"></a><h3>LockProcessesPerDB</h3><p>Default: 200</p><p>
This is the maximum number of lock helper processes ctdb will
create for obtaining record locks. When ctdb cannot get a record
lock without blocking, it creates a helper process that waits
for the lock to be obtained.
- </p></div><div class="refsect2"><a name="idp48979600"></a><h3>LogLatencyMs</h3><p>Default: 0</p><p>
+ </p></div><div class="refsect2"><a name="idp48980960"></a><h3>LogLatencyMs</h3><p>Default: 0</p><p>
When set to non-zero, ctdb will log if certains operations
take longer than this value, in milliseconds, to complete.
These operations include "process a record request from client",
"take a record or database lock", "update a persistent database
record" and "vaccum a database".
- </p></div><div class="refsect2"><a name="idp48981504"></a><h3>MaxQueueDropMsg</h3><p>Default: 1000000</p><p>
+ </p></div><div class="refsect2"><a name="idp48982864"></a><h3>MaxQueueDropMsg</h3><p>Default: 1000000</p><p>
This is the maximum number of messages to be queued up for
a client before ctdb will treat the client as hung and will
terminate the client connection.
- </p></div><div class="refsect2"><a name="idp48983280"></a><h3>MonitorInterval</h3><p>Default: 15</p><p>
+ </p></div><div class="refsect2"><a name="idp48989696"></a><h3>MonitorInterval</h3><p>Default: 15</p><p>
How often should ctdb run the 'monitor' event in seconds to check
for a node's health.
- </p></div><div class="refsect2"><a name="idp48984992"></a><h3>MonitorTimeoutCount</h3><p>Default: 20</p><p>
+ </p></div><div class="refsect2"><a name="idp48991296"></a><h3>MonitorTimeoutCount</h3><p>Default: 20</p><p>
How many 'monitor' events in a row need to timeout before a node
is flagged as UNHEALTHY. This setting is useful if scripts can
not be written so that they do not hang for benign reasons.
- </p></div><div class="refsect2"><a name="idp48991568"></a><h3>NoIPFailback</h3><p>Default: 0</p><p>
+ </p></div><div class="refsect2"><a name="idp48993104"></a><h3>NoIPFailback</h3><p>Default: 0</p><p>
When set to 1, ctdb will not perform failback of IP addresses
when a node becomes healthy. When a node becomes UNHEALTHY,
ctdb WILL perform failover of public IP addresses, but when the
@@ -168,7 +168,7 @@
until there is manual intervention from the administrator. When
this parameter is set, you can manually fail public IP addresses
over to the new node(s) using the 'ctdb moveip' command.
- </p></div><div class="refsect2"><a name="idp48994960"></a><h3>NoIPHostOnAllDisabled</h3><p>Default: 0</p><p>
+ </p></div><div class="refsect2"><a name="idp48996496"></a><h3>NoIPHostOnAllDisabled</h3><p>Default: 0</p><p>
If no nodes are HEALTHY then by default ctdb will happily host
public IPs on disabled (unhealthy or administratively disabled)
nodes. This can cause problems, for example if the underlying
@@ -176,19 +176,19 @@
that node is disabled, any IPs hosted by this node will be
released and the node will not takeover any IPs until it is no
longer disabled.
- </p></div><div class="refsect2"><a name="idp48996976"></a><h3>NoIPTakeover</h3><p>Default: 0</p><p>
+ </p></div><div class="refsect2"><a name="idp48998512"></a><h3>NoIPTakeover</h3><p>Default: 0</p><p>
When set to 1, ctdb will not allow IP addresses to be failed
over onto this node. Any IP addresses that the node currently
hosts will remain on the node but no new IP addresses can be
failed over to the node.
- </p></div><div class="refsect2"><a name="idp48998816"></a><h3>PullDBPreallocation</h3><p>Default: 10*1024*1024</p><p>
+ </p></div><div class="refsect2"><a name="idp49000352"></a><h3>PullDBPreallocation</h3><p>Default: 10*1024*1024</p><p>
This is the size of a record buffer to pre-allocate for sending
reply to PULLDB control. Usually record buffer starts with size
of the first record and gets reallocated every time a new record
is added to the record buffer. For a large number of records,
this can be very inefficient to grow the record buffer one record
at a time.
- </p></div><div class="refsect2"><a name="idp49000784"></a><h3>QueueBufferSize</h3><p>Default: 1024</p><p>
+ </p></div><div class="refsect2"><a name="idp49002320"></a><h3>QueueBufferSize</h3><p>Default: 1024</p><p>
This is the maximum amount of data (in bytes) ctdb will read
from a socket at a time.
</p><p>
@@ -197,29 +197,29 @@
then this tunable value should be increased. However, large
values can keep ctdb busy processing packets and prevent ctdb
from handling other events.
- </p></div><div class="refsect2"><a name="idp49003184"></a><h3>RecBufferSizeLimit</h3><p>Default: 1000000</p><p>
+ </p></div><div class="refsect2"><a name="idp49004720"></a><h3>RecBufferSizeLimit</h3><p>Default: 1000000</p><p>
This is the limit on the size of the record buffer to be sent
in various controls. This limit is used by new controls used
for recovery and controls used in vacuuming.
- </p></div><div class="refsect2"><a name="idp49005008"></a><h3>RecdFailCount</h3><p>Default: 10</p><p>
+ </p></div><div class="refsect2"><a name="idp49006544"></a><h3>RecdFailCount</h3><p>Default: 10</p><p>
If the recovery daemon has failed to ping the main dameon for
this many consecutive intervals, the main daemon will consider
the recovery daemon as hung and will try to restart it to recover.
- </p></div><div class="refsect2"><a name="idp49006832"></a><h3>RecdPingTimeout</h3><p>Default: 60</p><p>
+ </p></div><div class="refsect2"><a name="idp49008368"></a><h3>RecdPingTimeout</h3><p>Default: 60</p><p>
If the main dameon has not heard a "ping" from the recovery dameon
for this many seconds, the main dameon will log a message that
the recovery daemon is potentially hung. This also increments a
counter which is checked against <code class="varname">RecdFailCount</code>
for detection of hung recovery daemon.
- </p></div><div class="refsect2"><a name="idp49009104"></a><h3>RecLockLatencyMs</h3><p>Default: 1000</p><p>
+ </p></div><div class="refsect2"><a name="idp49010640"></a><h3>RecLockLatencyMs</h3><p>Default: 1000</p><p>
When using a reclock file for split brain prevention, if set
to non-zero this tunable will make the recovery dameon log a
message if the fcntl() call to lock/testlock the recovery file
takes longer than this number of milliseconds.
- </p></div><div class="refsect2"><a name="idp49010960"></a><h3>RecoverInterval</h3><p>Default: 1</p><p>
+ </p></div><div class="refsect2"><a name="idp54933664"></a><h3>RecoverInterval</h3><p>Default: 1</p><p>
How frequently in seconds should the recovery daemon perform the
consistency checks to determine if it should perform a recovery.
- </p></div><div class="refsect2"><a name="idp49012720"></a><h3>RecoverPDBBySeqNum</h3><p>Default: 1</p><p>
+ </p></div><div class="refsect2"><a name="idp54935360"></a><h3>RecoverPDBBySeqNum</h3><p>Default: 1</p><p>
When set to zero, database recovery for persistent databases is
record-by-record and recovery process simply collects the most
recent version of every individual record.
@@ -232,13 +232,13 @@
</p><p>
By default, recovery of persistent databses is done using
__db_sequence_number__ record.
- </p></div><div class="refsect2"><a name="idp54880384"></a><h3>RecoverTimeout</h3><p>Default: 120</p><p>
+ </p></div><div class="refsect2"><a name="idp54938288"></a><h3>RecoverTimeout</h3><p>Default: 120</p><p>
This is the default setting for timeouts for controls when sent
from the recovery daemon. We allow longer control timeouts from
the recovery daemon than from normal use since the recovery
dameon often use controls that can take a lot longer than normal
controls.
- </p></div><div class="refsect2"><a name="idp54882208"></a><h3>RecoveryBanPeriod</h3><p>Default: 300</p><p>
+ </p></div><div class="refsect2"><a name="idp54940112"></a><h3>RecoveryBanPeriod</h3><p>Default: 300</p><p>
The duration in seconds for which a node is banned if the node
fails during recovery. After this time has elapsed the node will
automatically get unbanned and will attempt to rejoin the cluster.
@@ -246,26 +246,26 @@
A node usually gets banned due to real problems with the node.
Don't set this value too small. Otherwise, a problematic node
will try to re-join cluster too soon causing unnecessary recoveries.
- </p></div><div class="refsect2"><a name="idp54884608"></a><h3>RecoveryDropAllIPs</h3><p>Default: 120</p><p>
+ </p></div><div class="refsect2"><a name="idp54942512"></a><h3>RecoveryDropAllIPs</h3><p>Default: 120</p><p>
If a node is stuck in recovery, or stopped, or banned, for this
many seconds, then ctdb will release all public addresses on
that node.
- </p></div><div class="refsect2"><a name="idp54886304"></a><h3>RecoveryGracePeriod</h3><p>Default: 120</p><p>
+ </p></div><div class="refsect2"><a name="idp54944208"></a><h3>RecoveryGracePeriod</h3><p>Default: 120</p><p>
During recoveries, if a node has not caused recovery failures
during the last grace period in seconds, any records of
transgressions that the node has caused recovery failures will be
forgiven. This resets the ban-counter back to zero for that node.
- </p></div><div class="refsect2"><a name="idp54888144"></a><h3>RepackLimit</h3><p>Default: 10000</p><p>
+ </p></div><div class="refsect2"><a name="idp54946048"></a><h3>RepackLimit</h3><p>Default: 10000</p><p>
During vacuuming, if the number of freelist records are more than
<code class="varname">RepackLimit</code>, then the database is repacked
to get rid of the freelist records to avoid fragmentation.
</p><p>
Databases are repacked only if both <code class="varname">RepackLimit</code>
and <code class="varname">VacuumLimit</code> are exceeded.
- </p></div><div class="refsect2"><a name="idp54891344"></a><h3>RerecoveryTimeout</h3><p>Default: 10</p><p>
+ </p></div><div class="refsect2"><a name="idp54949248"></a><h3>RerecoveryTimeout</h3><p>Default: 10</p><p>
Once a recovery has completed, no additional recoveries are
permitted until this timeout in seconds has expired.
- </p></div><div class="refsect2"><a name="idp54893024"></a><h3>SeqnumInterval</h3><p>Default: 1000</p><p>
+ </p></div><div class="refsect2"><a name="idp54950928"></a><h3>SeqnumInterval</h3><p>Default: 1000</p><p>
Some databases have seqnum tracking enabled, so that samba will
be able to detect asynchronously when there has been updates
to the database. Everytime a database is updated its sequence
@@ -274,57 +274,57 @@
This tunable is used to specify in milliseconds how frequently
ctdb will send out updates to remote nodes to inform them that
the sequence number is increased.
- </p></div><div class="refsect2"><a name="idp54895376"></a><h3>StatHistoryInterval</h3><p>Default: 1</p><p>
+ </p></div><div class="refsect2"><a name="idp54953280"></a><h3>StatHistoryInterval</h3><p>Default: 1</p><p>
Granularity of the statistics collected in the statistics
history. This is reported by 'ctdb stats' command.
- </p></div><div class="refsect2"><a name="idp54897040"></a><h3>StickyDuration</h3><p>Default: 600</p><p>
+ </p></div><div class="refsect2"><a name="idp54954944"></a><h3>StickyDuration</h3><p>Default: 600</p><p>
Once a record has been marked STICKY, this is the duration in
seconds, the record will be flagged as a STICKY record.
- </p></div><div class="refsect2"><a name="idp54898720"></a><h3>StickyPindown</h3><p>Default: 200</p><p>
+ </p></div><div class="refsect2"><a name="idp54956624"></a><h3>StickyPindown</h3><p>Default: 200</p><p>
Once a STICKY record has been migrated onto a node, it will be
pinned down on that node for this number of milliseconds. Any
request from other nodes to migrate the record off the node will
be deferred.
- </p></div><div class="refsect2"><a name="idp54900480"></a><h3>TakeoverTimeout</h3><p>Default: 9</p><p>
+ </p></div><div class="refsect2"><a name="idp54958384"></a><h3>TakeoverTimeout</h3><p>Default: 9</p><p>
This is the duration in seconds in which ctdb tries to complete IP
failover.
- </p></div><div class="refsect2"><a name="idp54902016"></a><h3>TDBMutexEnabled</h3><p>Default: 0</p><p>
+ </p></div><div class="refsect2"><a name="idp54960016"></a><h3>TDBMutexEnabled</h3><p>Default: 0</p><p>
This paramter enables TDB_MUTEX_LOCKING feature on volatile
databases if the robust mutexes are supported. This optimizes the
record locking using robust mutexes and is much more efficient
that using posix locks.
- </p></div><div class="refsect2"><a name="idp54903792"></a><h3>TickleUpdateInterval</h3><p>Default: 20</p><p>
+ </p></div><div class="refsect2"><a name="idp54961792"></a><h3>TickleUpdateInterval</h3><p>Default: 20</p><p>
Every <code class="varname">TickleUpdateInterval</code> seconds, ctdb
synchronizes the client connection information across nodes.
- </p></div><div class="refsect2"><a name="idp54905808"></a><h3>TraverseTimeout</h3><p>Default: 20</p><p>
+ </p></div><div class="refsect2"><a name="idp54963808"></a><h3>TraverseTimeout</h3><p>Default: 20</p><p>
This is the duration in seconds for which a database traverse
is allowed to run. If the traverse does not complete during
this interval, ctdb will abort the traverse.
- </p></div><div class="refsect2"><a name="idp54907536"></a><h3>VacuumFastPathCount</h3><p>Default: 60</p><p>
+ </p></div><div class="refsect2"><a name="idp54965536"></a><h3>VacuumFastPathCount</h3><p>Default: 60</p><p>
During a vacuuming run, ctdb usually processes only the records
marked for deletion also called the fast path vacuuming. After
finishing <code class="varname">VacuumFastPathCount</code> number of fast
path vacuuming runs, ctdb will trigger a scan of complete database
for any empty records that need to be deleted.
- </p></div><div class="refsect2"><a name="idp54909792"></a><h3>VacuumInterval</h3><p>Default: 10</p><p>
+ </p></div><div class="refsect2"><a name="idp54967792"></a><h3>VacuumInterval</h3><p>Default: 10</p><p>
Periodic interval in seconds when vacuuming is triggered for
volatile databases.
- </p></div><div class="refsect2"><a name="idp54911456"></a><h3>VacuumLimit</h3><p>Default: 5000</p><p>
+ </p></div><div class="refsect2"><a name="idp54969456"></a><h3>VacuumLimit</h3><p>Default: 5000</p><p>
During vacuuming, if the number of deleted records are more than
<code class="varname">VacuumLimit</code>, then databases are repacked to
avoid fragmentation.
</p><p>
Databases are repacked only if both <code class="varname">RepackLimit</code>
and <code class="varname">VacuumLimit</code> are exceeded.
- </p></div><div class="refsect2"><a name="idp54914624"></a><h3>VacuumMaxRunTime</h3><p>Default: 120</p><p>
+ </p></div><div class="refsect2"><a name="idp54972624"></a><h3>VacuumMaxRunTime</h3><p>Default: 120</p><p>
The maximum time in seconds for which the vacuuming process is
allowed to run. If vacuuming process takes longer than this
value, then the vacuuming process is terminated.
- </p></div><div class="refsect2"><a name="idp54916384"></a><h3>VerboseMemoryNames</h3><p>Default: 0</p><p>
+ </p></div><div class="refsect2"><a name="idp54974384"></a><h3>VerboseMemoryNames</h3><p>Default: 0</p><p>
When set to non-zero, ctdb assigns verbose names for some of
the talloc allocated memory objects. These names are visible
in the talloc memory report generated by 'ctdb dumpmemory'.
- </p></div></div><div class="refsect1"><a name="idp54918256"></a><h2>SEE ALSO</h2><p>
+ </p></div></div><div class="refsect1"><a name="idp54976256"></a><h2>SEE ALSO</h2><p>
<span class="citerefentry"><span class="refentrytitle">ctdb</span>(1)</span>,
<span class="citerefentry"><span class="refentrytitle">ctdbd</span>(1)</span>,
diff -Nru samba-4.5.8+dfsg/ctdb/doc/ltdbtool.1 samba-4.5.12+dfsg/ctdb/doc/ltdbtool.1
--- samba-4.5.8+dfsg/ctdb/doc/ltdbtool.1 2016-10-24 21:44:55.000000000 +0200
+++ samba-4.5.12+dfsg/ctdb/doc/ltdbtool.1 2016-07-28 14:05:06.000000000 +0200
@@ -2,12 +2,12 @@
.\" Title: ltdbtool
.\" Author:
.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\" Date: 10/24/2016
+.\" Date: 07/28/2016
.\" Manual: CTDB - clustered TDB database
.\" Source: ctdb
.\" Language: English
.\"
-.TH "LTDBTOOL" "1" "10/24/2016" "ctdb" "CTDB \- clustered TDB database"
+.TH "LTDBTOOL" "1" "07/28/2016" "ctdb" "CTDB \- clustered TDB database"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -Nru samba-4.5.8+dfsg/ctdb/doc/ltdbtool.1.html samba-4.5.12+dfsg/ctdb/doc/ltdbtool.1.html
--- samba-4.5.8+dfsg/ctdb/doc/ltdbtool.1.html 2016-10-24 21:44:55.000000000 +0200
+++ samba-4.5.12+dfsg/ctdb/doc/ltdbtool.1.html 2016-07-28 14:05:06.000000000 +0200
@@ -1,4 +1,4 @@
-<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>ltdbtool</title><meta name="generator" content="DocBook XSL Stylesheets V1.78.1"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry"><a name="ltdbtool.1"></a><div class="titlepage"></div><div class="refnamediv"><h2>Name</h2><p>ltdbtool — manipulate CTDB's local TDB files</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><code class="command">ltdbtool</code> [<em class="replaceable"><code>OPTION</code></em>...] {<em class="replaceable"><code>COMMAND</code></em>} [<em class="replaceable"><code>COMMAND-ARGS</code></em>]</p></div></div><div class="refsect1"><a name="idp53920608"></a><h2>DESCRIPTION</h2><p>
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>ltdbtool</title><meta name="generator" content="DocBook XSL Stylesheets V1.78.1"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry"><a name="ltdbtool.1"></a><div class="titlepage"></div><div class="refnamediv"><h2>Name</h2><p>ltdbtool — manipulate CTDB's local TDB files</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><code class="command">ltdbtool</code> [<em class="replaceable"><code>OPTION</code></em>...] {<em class="replaceable"><code>COMMAND</code></em>} [<em class="replaceable"><code>COMMAND-ARGS</code></em>]</p></div></div><div class="refsect1"><a name="idp52739584"></a><h2>DESCRIPTION</h2><p>
ltdbtool is a utility to manipulate CTDB's local TDB databases
(LTDBs) without connecting to a CTDB daemon.
</p><p>
@@ -11,7 +11,7 @@
by adding or removing CTDB headers and
</p></li><li class="listitem"><p>convert between 64 and 32 bit LTDBs where the CTDB record
headers differ by 4 bytes of padding.
- </p></li></ul></div></div><div class="refsect1"><a name="idp53086496"></a><h2>OPTIONS</h2><div class="variablelist"><dl class="variablelist"><dt><span class="term">-e</span></dt><dd><p>
+ </p></li></ul></div></div><div class="refsect1"><a name="idp52407952"></a><h2>OPTIONS</h2><div class="variablelist"><dl class="variablelist"><dt><span class="term">-e</span></dt><dd><p>
Dump empty records. These are normally excluded.
</p></dd><dt><span class="term">-p</span></dt><dd><p>
Dump with header information, similar to "ctdb catdb".
@@ -37,7 +37,7 @@
output database in bytes.
</p></dd><dt><span class="term">-h</span></dt><dd><p>
Print help text.
- </p></dd></dl></div></div><div class="refsect1"><a name="idp53956544"></a><h2>COMMANDS</h2><div class="variablelist"><dl class="variablelist"><dt><span class="term">help</span></dt><dd><p>
+ </p></dd></dl></div></div><div class="refsect1"><a name="idp48965232"></a><h2>COMMANDS</h2><div class="variablelist"><dl class="variablelist"><dt><span class="term">help</span></dt><dd><p>
Print help text.
</p></dd><dt><span class="term">dump <em class="parameter"><code>IDB</code></em></span></dt><dd><p>
Dump the contents of an LTDB input file IDB to standard
@@ -47,7 +47,7 @@
</span></dt><dd><p>
Copy an LTDB input file IDB to output file ODB, optionally
adding or removing CTDB headers.
- </p></dd></dl></div></div><div class="refsect1"><a name="idp49116096"></a><h2>EXAMPLES</h2><p>
+ </p></dd></dl></div></div><div class="refsect1"><a name="idp48973104"></a><h2>EXAMPLES</h2><p>
Print a local tdb in "tdbdump" style:
</p><pre class="screen">
ltdbtool dump idmap2.tdb.0
@@ -75,7 +75,7 @@
Add a default header:
</p><pre class="screen">
ltdbtool convert -s0 idmap.tdb idmap2.tdb.0
- </pre></div><div class="refsect1"><a name="idp49124272"></a><h2>SEE ALSO</h2><p>
+ </pre></div><div class="refsect1"><a name="idp48981280"></a><h2>SEE ALSO</h2><p>
<span class="citerefentry"><span class="refentrytitle">ctdb</span>(1)</span>,
<span class="citerefentry"><span class="refentrytitle">tdbdump</span>(1)</span>,
diff -Nru samba-4.5.8+dfsg/ctdb/doc/onnode.1 samba-4.5.12+dfsg/ctdb/doc/onnode.1
--- samba-4.5.8+dfsg/ctdb/doc/onnode.1 2016-10-24 21:44:55.000000000 +0200
+++ samba-4.5.12+dfsg/ctdb/doc/onnode.1 2016-07-28 14:05:06.000000000 +0200
@@ -2,12 +2,12 @@
.\" Title: onnode
.\" Author:
.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\" Date: 10/24/2016
+.\" Date: 07/28/2016
.\" Manual: CTDB - clustered TDB database
.\" Source: ctdb
.\" Language: English
.\"
-.TH "ONNODE" "1" "10/24/2016" "ctdb" "CTDB \- clustered TDB database"
+.TH "ONNODE" "1" "07/28/2016" "ctdb" "CTDB \- clustered TDB database"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -Nru samba-4.5.8+dfsg/ctdb/doc/onnode.1.html samba-4.5.12+dfsg/ctdb/doc/onnode.1.html
--- samba-4.5.8+dfsg/ctdb/doc/onnode.1.html 2016-10-24 21:44:55.000000000 +0200
+++ samba-4.5.12+dfsg/ctdb/doc/onnode.1.html 2016-07-28 14:05:06.000000000 +0200
@@ -1,4 +1,4 @@
-<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>onnode</title><meta name="generator" content="DocBook XSL Stylesheets V1.78.1"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry"><a name="onnode.1"></a><div class="titlepage"></div><div class="refnamediv"><h2>Name</h2><p>onnode — run commands on CTDB cluster nodes</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><code class="command">onnode</code> [<em class="replaceable"><code>OPTION</code></em>...] {<em class="replaceable"><code>NODES</code></em>} {<em class="replaceable"><code>COMMAND</code></em>}</p></div></div><div class="refsect1"><a name="idp54282944"></a><h2>DESCRIPTION</h2><p>
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>onnode</title><meta name="generator" content="DocBook XSL Stylesheets V1.78.1"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry"><a name="onnode.1"></a><div class="titlepage"></div><div class="refnamediv"><h2>Name</h2><p>onnode — run commands on CTDB cluster nodes</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><code class="command">onnode</code> [<em class="replaceable"><code>OPTION</code></em>...] {<em class="replaceable"><code>NODES</code></em>} {<em class="replaceable"><code>COMMAND</code></em>}</p></div></div><div class="refsect1"><a name="idp51690912"></a><h2>DESCRIPTION</h2><p>
onnode is a utility to run commands on a specific node of a CTDB
cluster, or on all nodes.
</p><p>
@@ -9,7 +9,7 @@
<em class="replaceable"><code>COMMAND</code></em> can be any shell command. The
onnode utility uses ssh or rsh to connect to the remote nodes
and run the command.
- </p></div><div class="refsect1"><a name="idp53232544"></a><h2>OPTIONS</h2><div class="variablelist"><dl class="variablelist"><dt><span class="term">-c</span></dt><dd><p>
+ </p></div><div class="refsect1"><a name="idp50620800"></a><h2>OPTIONS</h2><div class="variablelist"><dl class="variablelist"><dt><span class="term">-c</span></dt><dd><p>
Execute COMMAND in the current working directory on the
specified nodes.
</p></dd><dt><span class="term">-f <em class="parameter"><code>FILENAME</code></em></span></dt><dd><p>
@@ -49,7 +49,7 @@
more than one node is specified.
</p></dd><dt><span class="term">-h, --help</span></dt><dd><p>
Show a short usage guide.
- </p></dd></dl></div></div><div class="refsect1"><a name="idp53951696"></a><h2>NODES SPECIFICATION</h2><p>
+ </p></dd></dl></div></div><div class="refsect1"><a name="idp53752096"></a><h2>NODES SPECIFICATION</h2><p>
Nodes can be specified via numeric node numbers (from 0 to N-1)
or mnemonics. Multiple nodes are specified using lists of
nodes, separated by commas, and ranges of numeric node numbers,
@@ -68,7 +68,7 @@
unhealthy.
</p></dd><dt><span class="term">con | connected</span></dt><dd><p>
All nodes that are not disconnected.
- </p></dd></dl></div></div><div class="refsect1"><a name="idp53960112"></a><h2>EXAMPLES</h2><p>
+ </p></dd></dl></div></div><div class="refsect1"><a name="idp48967744"></a><h2>EXAMPLES</h2><p>
The following command would show the process ID of ctdbd on all nodes
</p><pre class="screen">
onnode all ctdb getpid
@@ -87,14 +87,14 @@
directory, in parallel, on nodes 0, 2, 3 and 4.
</p><pre class="screen">
onnode -c -p 0,2-4 ./foo
- </pre></div><div class="refsect1"><a name="idp49117136"></a><h2>ENVIRONMENT</h2><div class="variablelist"><dl class="variablelist"><dt><span class="term"><code class="envar">CTDB_BASE</code></span></dt><dd><p>
+ </pre></div><div class="refsect1"><a name="idp48973200"></a><h2>ENVIRONMENT</h2><div class="variablelist"><dl class="variablelist"><dt><span class="term"><code class="envar">CTDB_BASE</code></span></dt><dd><p>
Directory containing CTDB configuration files. The
default is <code class="filename">/usr/local/etc/ctdb</code>.
</p></dd><dt><span class="term"><code class="envar">CTDB_NODES_FILE</code></span></dt><dd><p>
Name of alternative nodes file to use instead of the
default. See the <em class="citetitle">FILES</em> section for
more details.
- </p></dd></dl></div></div><div class="refsect1"><a name="idp49122640"></a><h2>FILES</h2><div class="variablelist"><dl class="variablelist"><dt><span class="term"><code class="filename">/usr/local/etc/ctdb/nodes</code></span></dt><dd><p>
+ </p></dd></dl></div></div><div class="refsect1"><a name="idp48978704"></a><h2>FILES</h2><div class="variablelist"><dl class="variablelist"><dt><span class="term"><code class="filename">/usr/local/etc/ctdb/nodes</code></span></dt><dd><p>
Default file containing a list of each node's IP address
or hostname.
</p><p>
@@ -119,7 +119,7 @@
<code class="envar">SSH</code> to something other than "ssh". In this
case the -t option is ignored. For example, the
administrator may choose to use use rsh instead of ssh.
- </p></dd></dl></div></div><div class="refsect1"><a name="idp49139504"></a><h2>SEE ALSO</h2><p>
+ </p></dd></dl></div></div><div class="refsect1"><a name="idp48995664"></a><h2>SEE ALSO</h2><p>
<span class="citerefentry"><span class="refentrytitle">ctdb</span>(7)</span>,
<a class="ulink" href="http://ctdb.samba.org/" target="_top">http://ctdb.samba.org/</a>
diff -Nru samba-4.5.8+dfsg/ctdb/doc/ping_pong.1 samba-4.5.12+dfsg/ctdb/doc/ping_pong.1
--- samba-4.5.8+dfsg/ctdb/doc/ping_pong.1 2016-10-24 21:44:55.000000000 +0200
+++ samba-4.5.12+dfsg/ctdb/doc/ping_pong.1 2016-07-28 14:05:07.000000000 +0200
@@ -2,12 +2,12 @@
.\" Title: ping_pong
.\" Author:
.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\" Date: 10/24/2016
+.\" Date: 07/28/2016
.\" Manual: CTDB - clustered TDB database
.\" Source: ctdb
.\" Language: English
.\"
-.TH "PING_PONG" "1" "10/24/2016" "ctdb" "CTDB \- clustered TDB database"
+.TH "PING_PONG" "1" "07/28/2016" "ctdb" "CTDB \- clustered TDB database"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -Nru samba-4.5.8+dfsg/ctdb/doc/ping_pong.1.html samba-4.5.12+dfsg/ctdb/doc/ping_pong.1.html
--- samba-4.5.8+dfsg/ctdb/doc/ping_pong.1.html 2016-10-24 21:44:56.000000000 +0200
+++ samba-4.5.12+dfsg/ctdb/doc/ping_pong.1.html 2016-07-28 14:05:07.000000000 +0200
@@ -1,4 +1,4 @@
-<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>ping_pong</title><meta name="generator" content="DocBook XSL Stylesheets V1.78.1"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry"><a name="ping_pong.1"></a><div class="titlepage"></div><div class="refnamediv"><h2>Name</h2><p>ping_pong — measures the ping-pong byte range lock latency</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><code class="command">ping_pong</code> { -r | -w | -rw } [-m] [-c] {<em class="replaceable"><code>FILENAME</code></em>} {<em class="replaceable"><code>NUM-LOCKS</code></em>}</p></div></div><div class="refsect1"><a name="idp53223488"></a><h2>DESCRIPTION</h2><p>
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>ping_pong</title><meta name="generator" content="DocBook XSL Stylesheets V1.78.1"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry"><a name="ping_pong.1"></a><div class="titlepage"></div><div class="refnamediv"><h2>Name</h2><p>ping_pong — measures the ping-pong byte range lock latency</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><code class="command">ping_pong</code> { -r | -w | -rw } [-m] [-c] {<em class="replaceable"><code>FILENAME</code></em>} {<em class="replaceable"><code>NUM-LOCKS</code></em>}</p></div></div><div class="refsect1"><a name="idp49229760"></a><h2>DESCRIPTION</h2><p>
ping_pong measures the byte range lock latency. It is especially
useful on a cluster of nodes sharing a common lock manager as it
will give some indication of the lock manager's performance
@@ -9,7 +9,7 @@
</p><p>
NUM-LOCKS is the number of byte range locks, so needs to be
(strictly) greater than the number of nodes in the cluster.
- </p></div><div class="refsect1"><a name="idp52751904"></a><h2>OPTIONS</h2><div class="variablelist"><dl class="variablelist"><dt><span class="term">-r</span></dt><dd><p>
+ </p></div><div class="refsect1"><a name="idp53881136"></a><h2>OPTIONS</h2><div class="variablelist"><dl class="variablelist"><dt><span class="term">-r</span></dt><dd><p>
test read performance
</p></dd><dt><span class="term">-w</span></dt><dd><p>
test write performance
@@ -17,7 +17,7 @@
use mmap
</p></dd><dt><span class="term">-c</span></dt><dd><p>
validate the locks
- </p></dd></dl></div></div><div class="refsect1"><a name="idp49227264"></a><h2>EXAMPLES</h2><p>
+ </p></dd></dl></div></div><div class="refsect1"><a name="idp53888784"></a><h2>EXAMPLES</h2><p>
Testing lock coherence
</p><pre class="screen">
ping_pong test.dat N
@@ -29,7 +29,7 @@
Testing IO coherence
</p><pre class="screen">
ping_pong -rw test.dat N
- </pre></div><div class="refsect1"><a name="idp53939312"></a><h2>SEE ALSO</h2><p>
+ </pre></div><div class="refsect1"><a name="idp53892944"></a><h2>SEE ALSO</h2><p>
<span class="citerefentry"><span class="refentrytitle">ctdb</span>(7)</span>,
<a class="ulink" href="https://wiki.samba.org/index.php/Ping_pong" target="_top">https://wiki.samba.org/index.php/Ping_pong</a>
diff -Nru samba-4.5.8+dfsg/ctdb/server/ctdb_call.c samba-4.5.12+dfsg/ctdb/server/ctdb_call.c
--- samba-4.5.8+dfsg/ctdb/server/ctdb_call.c 2016-08-11 09:51:04.000000000 +0200
+++ samba-4.5.12+dfsg/ctdb/server/ctdb_call.c 2017-07-12 08:39:24.000000000 +0200
@@ -1561,6 +1561,7 @@
struct revokechild_deferred_call {
+ struct revokechild_deferred_call *prev, *next;
struct ctdb_context *ctdb;
struct ctdb_req_header *hdr;
deferred_requeue_fn fn;
@@ -1576,48 +1577,31 @@
int fd[2];
pid_t child;
TDB_DATA key;
-};
-
-struct revokechild_requeue_handle {
- struct ctdb_context *ctdb;
- struct ctdb_req_header *hdr;
- deferred_requeue_fn fn;
- void *ctx;
+ struct revokechild_deferred_call *deferred_call_list;
};
static void deferred_call_requeue(struct tevent_context *ev,
struct tevent_timer *te,
struct timeval t, void *private_data)
{
- struct revokechild_requeue_handle *requeue_handle = talloc_get_type(private_data, struct revokechild_requeue_handle);
+ struct revokechild_deferred_call *dlist = talloc_get_type_abort(
+ private_data, struct revokechild_deferred_call);
- requeue_handle->fn(requeue_handle->ctx, requeue_handle->hdr);
- talloc_free(requeue_handle);
-}
-
-static int deferred_call_destructor(struct revokechild_deferred_call *deferred_call)
-{
- struct ctdb_context *ctdb = deferred_call->ctdb;
- struct revokechild_requeue_handle *requeue_handle = talloc(ctdb, struct revokechild_requeue_handle);
- struct ctdb_req_call_old *c = (struct ctdb_req_call_old *)deferred_call->hdr;
-
- requeue_handle->ctdb = ctdb;
- requeue_handle->hdr = deferred_call->hdr;
- requeue_handle->fn = deferred_call->fn;
- requeue_handle->ctx = deferred_call->ctx;
- talloc_steal(requeue_handle, requeue_handle->hdr);
-
- /* when revoking, any READONLY requests have 1 second grace to let read/write finish first */
- tevent_add_timer(ctdb->ev, requeue_handle,
- timeval_current_ofs(c->flags & CTDB_WANT_READONLY ? 1 : 0, 0),
- deferred_call_requeue, requeue_handle);
+ while (dlist != NULL) {
+ struct revokechild_deferred_call *dcall = dlist;
- return 0;
+ DLIST_REMOVE(dlist, dcall);
+ dcall->fn(dcall->ctx, dcall->hdr);
+ talloc_free(dcall);
+ }
}
static int revokechild_destructor(struct revokechild_handle *rc)
{
+ struct revokechild_deferred_call *now_list = NULL;
+ struct revokechild_deferred_call *delay_list = NULL;
+
if (rc->fde != NULL) {
talloc_free(rc->fde);
}
@@ -1631,6 +1615,48 @@
ctdb_kill(rc->ctdb, rc->child, SIGKILL);
DLIST_REMOVE(rc->ctdb_db->revokechild_active, rc);
+
+ while (rc->deferred_call_list != NULL) {
+ struct revokechild_deferred_call *dcall;
+
+ dcall = rc->deferred_call_list;
+ DLIST_REMOVE(rc->deferred_call_list, dcall);
+
+ /* If revoke is successful, then first process all the calls
+ * that need write access, and delay readonly requests by 1
+ * second grace.
+ *
+ * If revoke is unsuccessful, most likely because of node
+ * failure, delay all the pending requests, so database can
+ * be recovered.
+ */
+
+ if (rc->status == 0) {
+ struct ctdb_req_call_old *c;
+
+ c = (struct ctdb_req_call_old *)dcall->hdr;
+ if (c->flags & CTDB_WANT_READONLY) {
+ DLIST_ADD(delay_list, dcall);
+ } else {
+ DLIST_ADD(now_list, dcall);
+ }
+ } else {
+ DLIST_ADD(delay_list, dcall);
+ }
+ }
+
+ if (now_list != NULL) {
+ tevent_add_timer(rc->ctdb->ev, rc->ctdb_db,
+ tevent_timeval_current_ofs(0, 0),
+ deferred_call_requeue, now_list);
+ }
+
+ if (delay_list != NULL) {
+ tevent_add_timer(rc->ctdb->ev, rc->ctdb_db,
+ tevent_timeval_current_ofs(1, 0),
+ deferred_call_requeue, delay_list);
+ }
+
return 0;
}
@@ -1909,19 +1935,18 @@
return -1;
}
- deferred_call = talloc(rc, struct revokechild_deferred_call);
+ deferred_call = talloc(ctdb_db, struct revokechild_deferred_call);
if (deferred_call == NULL) {
DEBUG(DEBUG_ERR,("Failed to allocate deferred call structure for revoking record\n"));
return -1;
}
deferred_call->ctdb = ctdb;
- deferred_call->hdr = hdr;
+ deferred_call->hdr = talloc_steal(deferred_call, hdr);
deferred_call->fn = fn;
deferred_call->ctx = call_context;
- talloc_set_destructor(deferred_call, deferred_call_destructor);
- talloc_steal(deferred_call, hdr);
+ DLIST_ADD(rc->deferred_call_list, deferred_call);
return 0;
}
diff -Nru samba-4.5.8+dfsg/ctdb/server/ctdb_recover.c samba-4.5.12+dfsg/ctdb/server/ctdb_recover.c
--- samba-4.5.8+dfsg/ctdb/server/ctdb_recover.c 2016-08-11 09:51:04.000000000 +0200
+++ samba-4.5.12+dfsg/ctdb/server/ctdb_recover.c 2017-07-12 08:39:24.000000000 +0200
@@ -856,26 +856,27 @@
struct set_recmode_state *state;
struct ctdb_cluster_mutex_handle *h;
+ if (recmode == ctdb->recovery_mode) {
+ DEBUG(DEBUG_INFO,
+ ("Recovery mode already set to %s\n",
+ recmode == CTDB_RECOVERY_NORMAL ? "NORMAL" : "ACTIVE"));
+ return 0;
+ }
+
+ DEBUG(DEBUG_NOTICE,
+ ("Recovery mode set to %s\n",
+ recmode == CTDB_RECOVERY_NORMAL ? "NORMAL" : "ACTIVE"));
+
/* if we enter recovery but stay in recovery for too long
we will eventually drop all our ip addresses
*/
- if (recmode == CTDB_RECOVERY_NORMAL) {
- talloc_free(ctdb->release_ips_ctx);
- ctdb->release_ips_ctx = NULL;
- } else {
+ if (recmode == CTDB_RECOVERY_ACTIVE) {
if (ctdb_deferred_drop_all_ips(ctdb) != 0) {
- DEBUG(DEBUG_ERR,("Failed to set up deferred drop all ips\n"));
+ DEBUG(DEBUG_ERR,
+ ("Failed to set up deferred drop all ips\n"));
}
- }
-
- if (recmode != ctdb->recovery_mode) {
- DEBUG(DEBUG_NOTICE,(__location__ " Recovery mode set to %s\n",
- recmode==CTDB_RECOVERY_NORMAL?"NORMAL":"ACTIVE"));
- }
- if (recmode != CTDB_RECOVERY_NORMAL ||
- ctdb->recovery_mode != CTDB_RECOVERY_ACTIVE) {
- ctdb->recovery_mode = recmode;
+ ctdb->recovery_mode = CTDB_RECOVERY_ACTIVE;
return 0;
}
@@ -884,6 +885,8 @@
* Therefore, what follows is special handling when setting
* recovery mode back to normal */
+ TALLOC_FREE(ctdb->release_ips_ctx);
+
for (ctdb_db = ctdb->db_list; ctdb_db != NULL; ctdb_db = ctdb_db->next) {
if (ctdb_db->generation != ctdb->vnn_map->generation) {
DEBUG(DEBUG_ERR,
diff -Nru samba-4.5.8+dfsg/ctdb/server/ctdb_recoverd.c samba-4.5.12+dfsg/ctdb/server/ctdb_recoverd.c
--- samba-4.5.8+dfsg/ctdb/server/ctdb_recoverd.c 2016-08-11 09:51:04.000000000 +0200
+++ samba-4.5.12+dfsg/ctdb/server/ctdb_recoverd.c 2017-07-12 08:39:24.000000000 +0200
@@ -2596,6 +2596,13 @@
return;
}
+ ret = ctdb_ctrl_getrecmode(ctdb, mem_ctx, CONTROL_TIMEOUT(),
+ CTDB_CURRENT_NODE, &ctdb->recovery_mode);
+ if (ret != 0) {
+ DEBUG(DEBUG_ERR, ("Failed to read recmode from local node\n"));
+ return;
+ }
+
/* if the local daemon is STOPPED or BANNED, we verify that the databases are
also frozen and that the recmode is set to active.
*/
@@ -2608,10 +2615,6 @@
*/
rec->priority_time = timeval_current();
- ret = ctdb_ctrl_getrecmode(ctdb, mem_ctx, CONTROL_TIMEOUT(), CTDB_CURRENT_NODE, &ctdb->recovery_mode);
- if (ret != 0) {
- DEBUG(DEBUG_ERR,(__location__ " Failed to read recmode from local node\n"));
- }
if (ctdb->recovery_mode == CTDB_RECOVERY_NORMAL) {
DEBUG(DEBUG_ERR,("Node is stopped or banned but recovery mode is not active. Activate recovery mode and lock databases\n"));
@@ -2655,9 +2658,11 @@
return;
}
- /* Check if an IP takeover run is needed and trigger one if
- * necessary */
- verify_local_ip_allocation(ctdb, rec, pnn, nodemap);
+ if (ctdb->recovery_mode == CTDB_RECOVERY_NORMAL) {
+ /* Check if an IP takeover run is needed and trigger one if
+ * necessary */
+ verify_local_ip_allocation(ctdb, rec, pnn, nodemap);
+ }
/* if we are not the recmaster then we do not need to check
if recovery is needed
diff -Nru samba-4.5.8+dfsg/ctdb/server/ctdb_recovery_helper.c samba-4.5.12+dfsg/ctdb/server/ctdb_recovery_helper.c
--- samba-4.5.8+dfsg/ctdb/server/ctdb_recovery_helper.c 2016-12-05 09:18:44.000000000 +0100
+++ samba-4.5.12+dfsg/ctdb/server/ctdb_recovery_helper.c 2017-07-12 08:39:24.000000000 +0200
@@ -1647,6 +1647,7 @@
if (ret2 != 0) {
LOG("control FREEZE_DB failed for db %s on node %u,"
" ret=%d\n", state->db_name, pnn, ret2);
+ state->ban_credits[pnn] += 1;
} else {
LOG("control FREEZE_DB failed for db %s, ret=%d\n",
state->db_name, ret);
diff -Nru samba-4.5.8+dfsg/ctdb/tests/eventscripts/06.nfs.releaseip.001.sh samba-4.5.12+dfsg/ctdb/tests/eventscripts/06.nfs.releaseip.001.sh
--- samba-4.5.8+dfsg/ctdb/tests/eventscripts/06.nfs.releaseip.001.sh 1970-01-01 01:00:00.000000000 +0100
+++ samba-4.5.12+dfsg/ctdb/tests/eventscripts/06.nfs.releaseip.001.sh 2017-07-12 08:39:24.000000000 +0200
@@ -0,0 +1,12 @@
+#!/bin/sh
+
+. "${TEST_SCRIPTS_DIR}/unit.sh"
+
+define_test "callout is 'true'"
+
+setup_nfs
+
+export CTDB_NFS_CALLOUT="true"
+
+ok_null
+simple_test
diff -Nru samba-4.5.8+dfsg/ctdb/tests/eventscripts/06.nfs.releaseip.002.sh samba-4.5.12+dfsg/ctdb/tests/eventscripts/06.nfs.releaseip.002.sh
--- samba-4.5.8+dfsg/ctdb/tests/eventscripts/06.nfs.releaseip.002.sh 1970-01-01 01:00:00.000000000 +0100
+++ samba-4.5.12+dfsg/ctdb/tests/eventscripts/06.nfs.releaseip.002.sh 2017-07-12 08:39:24.000000000 +0200
@@ -0,0 +1,12 @@
+#!/bin/sh
+
+. "${TEST_SCRIPTS_DIR}/unit.sh"
+
+define_test "callout is 'false', causes releaseip-pre to fail"
+
+setup_nfs
+
+export CTDB_NFS_CALLOUT="echo releaseip-pre ; false"
+
+required_result 1 "releaseip-pre"
+simple_test
diff -Nru samba-4.5.8+dfsg/ctdb/tests/eventscripts/06.nfs.takeip.001.sh samba-4.5.12+dfsg/ctdb/tests/eventscripts/06.nfs.takeip.001.sh
--- samba-4.5.8+dfsg/ctdb/tests/eventscripts/06.nfs.takeip.001.sh 1970-01-01 01:00:00.000000000 +0100
+++ samba-4.5.12+dfsg/ctdb/tests/eventscripts/06.nfs.takeip.001.sh 2017-07-12 08:39:24.000000000 +0200
@@ -0,0 +1,12 @@
+#!/bin/sh
+
+. "${TEST_SCRIPTS_DIR}/unit.sh"
+
+define_test "callout is 'true'"
+
+setup_nfs
+
+export CTDB_NFS_CALLOUT="true"
+
+ok_null
+simple_test
diff -Nru samba-4.5.8+dfsg/ctdb/tests/eventscripts/06.nfs.takeip.002.sh samba-4.5.12+dfsg/ctdb/tests/eventscripts/06.nfs.takeip.002.sh
--- samba-4.5.8+dfsg/ctdb/tests/eventscripts/06.nfs.takeip.002.sh 1970-01-01 01:00:00.000000000 +0100
+++ samba-4.5.12+dfsg/ctdb/tests/eventscripts/06.nfs.takeip.002.sh 2017-07-12 08:39:24.000000000 +0200
@@ -0,0 +1,12 @@
+#!/bin/sh
+
+. "${TEST_SCRIPTS_DIR}/unit.sh"
+
+define_test "callout is 'false', causes takeip-pre to fail"
+
+setup_nfs
+
+export CTDB_NFS_CALLOUT="echo takeip-pre ; false"
+
+required_result 1 "takeip-pre"
+simple_test
diff -Nru samba-4.5.8+dfsg/ctdb/tests/eventscripts/60.nfs.monitor.109.sh samba-4.5.12+dfsg/ctdb/tests/eventscripts/60.nfs.monitor.109.sh
--- samba-4.5.8+dfsg/ctdb/tests/eventscripts/60.nfs.monitor.109.sh 1970-01-01 01:00:00.000000000 +0100
+++ samba-4.5.12+dfsg/ctdb/tests/eventscripts/60.nfs.monitor.109.sh 2017-07-12 08:39:24.000000000 +0200
@@ -0,0 +1,12 @@
+#!/bin/sh
+
+. "${TEST_SCRIPTS_DIR}/unit.sh"
+
+define_test "callout is 'false', causes monitor-post to fail"
+
+setup_nfs
+
+export CTDB_NFS_CALLOUT="echo monitor-post ; false"
+
+required_result 1 "monitor-post"
+simple_test
diff -Nru samba-4.5.8+dfsg/ctdb/tests/eventscripts/60.nfs.releaseip.001.sh samba-4.5.12+dfsg/ctdb/tests/eventscripts/60.nfs.releaseip.001.sh
--- samba-4.5.8+dfsg/ctdb/tests/eventscripts/60.nfs.releaseip.001.sh 1970-01-01 01:00:00.000000000 +0100
+++ samba-4.5.12+dfsg/ctdb/tests/eventscripts/60.nfs.releaseip.001.sh 2017-07-12 08:39:24.000000000 +0200
@@ -0,0 +1,12 @@
+#!/bin/sh
+
+. "${TEST_SCRIPTS_DIR}/unit.sh"
+
+define_test "callout is 'true'"
+
+setup_nfs
+
+export CTDB_NFS_CALLOUT="true"
+
+ok_null
+simple_test
diff -Nru samba-4.5.8+dfsg/ctdb/tests/eventscripts/60.nfs.releaseip.002.sh samba-4.5.12+dfsg/ctdb/tests/eventscripts/60.nfs.releaseip.002.sh
--- samba-4.5.8+dfsg/ctdb/tests/eventscripts/60.nfs.releaseip.002.sh 1970-01-01 01:00:00.000000000 +0100
+++ samba-4.5.12+dfsg/ctdb/tests/eventscripts/60.nfs.releaseip.002.sh 2017-07-12 08:39:24.000000000 +0200
@@ -0,0 +1,12 @@
+#!/bin/sh
+
+. "${TEST_SCRIPTS_DIR}/unit.sh"
+
+define_test "callout is 'false', causes releaseip to fail"
+
+setup_nfs
+
+export CTDB_NFS_CALLOUT="echo releaseip ; false"
+
+required_result 1 "releaseip"
+simple_test
diff -Nru samba-4.5.8+dfsg/ctdb/tests/eventscripts/60.nfs.shutdown.001.sh samba-4.5.12+dfsg/ctdb/tests/eventscripts/60.nfs.shutdown.001.sh
--- samba-4.5.8+dfsg/ctdb/tests/eventscripts/60.nfs.shutdown.001.sh 1970-01-01 01:00:00.000000000 +0100
+++ samba-4.5.12+dfsg/ctdb/tests/eventscripts/60.nfs.shutdown.001.sh 2017-07-12 08:39:24.000000000 +0200
@@ -0,0 +1,12 @@
+#!/bin/sh
+
+. "${TEST_SCRIPTS_DIR}/unit.sh"
+
+define_test "callout is 'true'"
+
+setup_nfs
+
+export CTDB_NFS_CALLOUT="true"
+
+ok_null
+simple_test
diff -Nru samba-4.5.8+dfsg/ctdb/tests/eventscripts/60.nfs.shutdown.002.sh samba-4.5.12+dfsg/ctdb/tests/eventscripts/60.nfs.shutdown.002.sh
--- samba-4.5.8+dfsg/ctdb/tests/eventscripts/60.nfs.shutdown.002.sh 1970-01-01 01:00:00.000000000 +0100
+++ samba-4.5.12+dfsg/ctdb/tests/eventscripts/60.nfs.shutdown.002.sh 2017-07-12 08:39:24.000000000 +0200
@@ -0,0 +1,12 @@
+#!/bin/sh
+
+. "${TEST_SCRIPTS_DIR}/unit.sh"
+
+define_test "callout is 'false', causes shutdown to fail"
+
+setup_nfs
+
+export CTDB_NFS_CALLOUT="echo shutdown ; false"
+
+required_result 1 "shutdown"
+simple_test
diff -Nru samba-4.5.8+dfsg/ctdb/tests/eventscripts/60.nfs.startup.001.sh samba-4.5.12+dfsg/ctdb/tests/eventscripts/60.nfs.startup.001.sh
--- samba-4.5.8+dfsg/ctdb/tests/eventscripts/60.nfs.startup.001.sh 1970-01-01 01:00:00.000000000 +0100
+++ samba-4.5.12+dfsg/ctdb/tests/eventscripts/60.nfs.startup.001.sh 2017-07-12 08:39:24.000000000 +0200
@@ -0,0 +1,12 @@
+#!/bin/sh
+
+. "${TEST_SCRIPTS_DIR}/unit.sh"
+
+define_test "callout is 'true'"
+
+setup_nfs
+
+export CTDB_NFS_CALLOUT="true"
+
+ok_null
+simple_test
diff -Nru samba-4.5.8+dfsg/ctdb/tests/eventscripts/60.nfs.startup.002.sh samba-4.5.12+dfsg/ctdb/tests/eventscripts/60.nfs.startup.002.sh
--- samba-4.5.8+dfsg/ctdb/tests/eventscripts/60.nfs.startup.002.sh 1970-01-01 01:00:00.000000000 +0100
+++ samba-4.5.12+dfsg/ctdb/tests/eventscripts/60.nfs.startup.002.sh 2017-07-12 08:39:24.000000000 +0200
@@ -0,0 +1,12 @@
+#!/bin/sh
+
+. "${TEST_SCRIPTS_DIR}/unit.sh"
+
+define_test "callout is 'false', causes startup to fail"
+
+setup_nfs
+
+export CTDB_NFS_CALLOUT="echo startup ; false"
+
+required_result 1 "startup"
+simple_test
diff -Nru samba-4.5.8+dfsg/ctdb/tests/eventscripts/60.nfs.takeip.001.sh samba-4.5.12+dfsg/ctdb/tests/eventscripts/60.nfs.takeip.001.sh
--- samba-4.5.8+dfsg/ctdb/tests/eventscripts/60.nfs.takeip.001.sh 1970-01-01 01:00:00.000000000 +0100
+++ samba-4.5.12+dfsg/ctdb/tests/eventscripts/60.nfs.takeip.001.sh 2017-07-12 08:39:24.000000000 +0200
@@ -0,0 +1,12 @@
+#!/bin/sh
+
+. "${TEST_SCRIPTS_DIR}/unit.sh"
+
+define_test "callout is 'true'"
+
+setup_nfs
+
+export CTDB_NFS_CALLOUT="true"
+
+ok_null
+simple_test
diff -Nru samba-4.5.8+dfsg/ctdb/tests/eventscripts/60.nfs.takeip.002.sh samba-4.5.12+dfsg/ctdb/tests/eventscripts/60.nfs.takeip.002.sh
--- samba-4.5.8+dfsg/ctdb/tests/eventscripts/60.nfs.takeip.002.sh 1970-01-01 01:00:00.000000000 +0100
+++ samba-4.5.12+dfsg/ctdb/tests/eventscripts/60.nfs.takeip.002.sh 2017-07-12 08:39:24.000000000 +0200
@@ -0,0 +1,12 @@
+#!/bin/sh
+
+. "${TEST_SCRIPTS_DIR}/unit.sh"
+
+define_test "callout is 'false', causes takeip to fail"
+
+setup_nfs
+
+export CTDB_NFS_CALLOUT="echo takeip ; false"
+
+required_result 1 "takeip"
+simple_test
diff -Nru samba-4.5.8+dfsg/ctdb/tests/eventscripts/etc-ctdb/functions samba-4.5.12+dfsg/ctdb/tests/eventscripts/etc-ctdb/functions
--- samba-4.5.8+dfsg/ctdb/tests/eventscripts/etc-ctdb/functions 2016-08-11 09:51:04.000000000 +0200
+++ samba-4.5.12+dfsg/ctdb/tests/eventscripts/etc-ctdb/functions 2017-07-12 08:39:24.000000000 +0200
@@ -150,7 +150,7 @@
*)
# Handle all syslog:* variants here too. There's no tool to do
# the lossy things, so just use logger.
- logger -t "ctdbd: ${_tag}" "$*"
+ logger -t "ctdbd: ${_tag}" "$@"
;;
esac
}
diff -Nru samba-4.5.8+dfsg/ctdb/tests/onnode/functions samba-4.5.12+dfsg/ctdb/tests/onnode/functions
--- samba-4.5.8+dfsg/ctdb/tests/onnode/functions 2016-08-11 09:51:04.000000000 +0200
+++ samba-4.5.12+dfsg/ctdb/tests/onnode/functions 2017-07-12 08:39:24.000000000 +0200
@@ -150,7 +150,7 @@
*)
# Handle all syslog:* variants here too. There's no tool to do
# the lossy things, so just use logger.
- logger -t "ctdbd: ${_tag}" "$*"
+ logger -t "ctdbd: ${_tag}" "$@"
;;
esac
}
diff -Nru samba-4.5.8+dfsg/ctdb/tests/simple/functions samba-4.5.12+dfsg/ctdb/tests/simple/functions
--- samba-4.5.8+dfsg/ctdb/tests/simple/functions 2016-08-11 09:51:04.000000000 +0200
+++ samba-4.5.12+dfsg/ctdb/tests/simple/functions 2017-07-12 08:39:24.000000000 +0200
@@ -150,7 +150,7 @@
*)
# Handle all syslog:* variants here too. There's no tool to do
# the lossy things, so just use logger.
- logger -t "ctdbd: ${_tag}" "$*"
+ logger -t "ctdbd: ${_tag}" "$@"
;;
esac
}
diff -Nru samba-4.5.8+dfsg/ctdb/tests/tool/ctdb.nodestatus.003.sh samba-4.5.12+dfsg/ctdb/tests/tool/ctdb.nodestatus.003.sh
--- samba-4.5.8+dfsg/ctdb/tests/tool/ctdb.nodestatus.003.sh 1970-01-01 01:00:00.000000000 +0100
+++ samba-4.5.12+dfsg/ctdb/tests/tool/ctdb.nodestatus.003.sh 2017-07-12 08:39:24.000000000 +0200
@@ -0,0 +1,33 @@
+#!/bin/sh
+
+. "${TEST_SCRIPTS_DIR}/unit.sh"
+
+define_test "all, 3 nodes, 1 unhealthy"
+
+setup_ctdbd <<EOF
+NODEMAP
+0 192.168.20.41 0x2
+1 192.168.20.42 0x0
+2 192.168.20.43 0x0 CURRENT RECMASTER
+
+IFACES
+:Name:LinkStatus:References:
+:eth2:1:2:
+:eth1:1:4:
+EOF
+
+required_result 2 <<EOF
+Number of nodes:3
+pnn:0 192.168.20.41 UNHEALTHY
+pnn:1 192.168.20.42 OK
+pnn:2 192.168.20.43 OK (THIS NODE)
+EOF
+simple_test all
+
+required_result 2 <<EOF
+|Node|IP|Disconnected|Banned|Disabled|Unhealthy|Stopped|Inactive|PartiallyOnline|ThisNode|
+|0|192.168.20.41|0|0|0|1|0|0|0|N|
+|1|192.168.20.42|0|0|0|0|0|0|0|N|
+|2|192.168.20.43|0|0|0|0|0|0|0|Y|
+EOF
+simple_test -X all
diff -Nru samba-4.5.8+dfsg/ctdb/tests/tool/ctdb.nodestatus.004.sh samba-4.5.12+dfsg/ctdb/tests/tool/ctdb.nodestatus.004.sh
--- samba-4.5.8+dfsg/ctdb/tests/tool/ctdb.nodestatus.004.sh 1970-01-01 01:00:00.000000000 +0100
+++ samba-4.5.12+dfsg/ctdb/tests/tool/ctdb.nodestatus.004.sh 2017-07-12 08:39:24.000000000 +0200
@@ -0,0 +1,28 @@
+#!/bin/sh
+
+. "${TEST_SCRIPTS_DIR}/unit.sh"
+
+define_test "current, 3 nodes, node 0 unhealthy"
+
+setup_ctdbd <<EOF
+NODEMAP
+0 192.168.20.41 0x2
+1 192.168.20.42 0x0
+2 192.168.20.43 0x0 CURRENT RECMASTER
+
+IFACES
+:Name:LinkStatus:References:
+:eth2:1:2:
+:eth1:1:4:
+EOF
+
+required_result 0 <<EOF
+pnn:2 192.168.20.43 OK (THIS NODE)
+EOF
+simple_test
+
+required_result 0 <<EOF
+|Node|IP|Disconnected|Banned|Disabled|Unhealthy|Stopped|Inactive|PartiallyOnline|ThisNode|
+|2|192.168.20.43|0|0|0|0|0|0|0|Y|
+EOF
+simple_test -X
diff -Nru samba-4.5.8+dfsg/ctdb/tests/tool/ctdb.nodestatus.005.sh samba-4.5.12+dfsg/ctdb/tests/tool/ctdb.nodestatus.005.sh
--- samba-4.5.8+dfsg/ctdb/tests/tool/ctdb.nodestatus.005.sh 1970-01-01 01:00:00.000000000 +0100
+++ samba-4.5.12+dfsg/ctdb/tests/tool/ctdb.nodestatus.005.sh 2017-07-12 08:39:24.000000000 +0200
@@ -0,0 +1,28 @@
+#!/bin/sh
+
+. "${TEST_SCRIPTS_DIR}/unit.sh"
+
+define_test "current, 3 nodes, node 0 unhealthy, query node 0"
+
+setup_ctdbd <<EOF
+NODEMAP
+0 192.168.20.41 0x2
+1 192.168.20.42 0x0
+2 192.168.20.43 0x0 CURRENT RECMASTER
+
+IFACES
+:Name:LinkStatus:References:
+:eth2:1:2:
+:eth1:1:4:
+EOF
+
+required_result 2 <<EOF
+pnn:0 192.168.20.41 UNHEALTHY
+EOF
+simple_test 0
+
+required_result 2 <<EOF
+|Node|IP|Disconnected|Banned|Disabled|Unhealthy|Stopped|Inactive|PartiallyOnline|ThisNode|
+|0|192.168.20.41|0|0|0|1|0|0|0|N|
+EOF
+simple_test -X 0
diff -Nru samba-4.5.8+dfsg/ctdb/tests/tool/ctdb.nodestatus.006.sh samba-4.5.12+dfsg/ctdb/tests/tool/ctdb.nodestatus.006.sh
--- samba-4.5.8+dfsg/ctdb/tests/tool/ctdb.nodestatus.006.sh 1970-01-01 01:00:00.000000000 +0100
+++ samba-4.5.12+dfsg/ctdb/tests/tool/ctdb.nodestatus.006.sh 2017-07-12 08:39:24.000000000 +0200
@@ -0,0 +1,40 @@
+#!/bin/sh
+
+. "${TEST_SCRIPTS_DIR}/unit.sh"
+
+define_test "current, 3 nodes, node 0 disabled+stopped, various queries"
+
+setup_ctdbd <<EOF
+NODEMAP
+0 192.168.20.41 0x24
+1 192.168.20.42 0x0
+2 192.168.20.43 0x0 CURRENT RECMASTER
+
+IFACES
+:Name:LinkStatus:References:
+:eth2:1:2:
+:eth1:1:4:
+EOF
+
+required_result 36 <<EOF
+pnn:0 192.168.20.41 DISABLED|STOPPED|INACTIVE
+EOF
+simple_test 0
+
+required_result 36 <<EOF
+|Node|IP|Disconnected|Banned|Disabled|Unhealthy|Stopped|Inactive|PartiallyOnline|ThisNode|
+|0|192.168.20.41|0|0|1|0|1|1|0|N|
+EOF
+simple_test -X 0
+
+required_result 36 <<EOF
+pnn:0 192.168.20.41 DISABLED|STOPPED|INACTIVE
+pnn:1 192.168.20.42 OK
+EOF
+simple_test 0,1
+
+required_result 0 <<EOF
+pnn:1 192.168.20.42 OK
+pnn:2 192.168.20.43 OK (THIS NODE)
+EOF
+simple_test 1,2
diff -Nru samba-4.5.8+dfsg/ctdb/tools/ctdb.c samba-4.5.12+dfsg/ctdb/tools/ctdb.c
--- samba-4.5.8+dfsg/ctdb/tools/ctdb.c 2017-01-17 20:55:44.000000000 +0100
+++ samba-4.5.12+dfsg/ctdb/tools/ctdb.c 2017-07-12 08:39:24.000000000 +0200
@@ -774,7 +774,8 @@
}
static void print_nodemap(TALLOC_CTX *mem_ctx, struct ctdb_context *ctdb,
- struct ctdb_node_map *nodemap, uint32_t mypnn)
+ struct ctdb_node_map *nodemap, uint32_t mypnn,
+ bool print_header)
{
struct ctdb_node_and_flags *node;
int num_deleted_nodes = 0;
@@ -786,11 +787,14 @@
}
}
- if (num_deleted_nodes == 0) {
- printf("Number of nodes:%d\n", nodemap->num);
- } else {
- printf("Number of nodes:%d (including %d deleted nodes)\n",
- nodemap->num, num_deleted_nodes);
+ if (print_header) {
+ if (num_deleted_nodes == 0) {
+ printf("Number of nodes:%d\n", nodemap->num);
+ } else {
+ printf("Number of nodes:%d "
+ "(including %d deleted nodes)\n",
+ nodemap->num, num_deleted_nodes);
+ }
}
for (i=0; i<nodemap->num; i++) {
@@ -816,7 +820,7 @@
{
int i;
- print_nodemap(mem_ctx, ctdb, nodemap, mypnn);
+ print_nodemap(mem_ctx, ctdb, nodemap, mypnn, true);
if (vnnmap->generation == INVALID_GENERATION) {
printf("Generation:INVALID\n");
@@ -5813,6 +5817,7 @@
const char *nodestring = NULL;
struct ctdb_node_map *nodemap;
int ret, i;
+ bool print_hdr = false;
if (argc > 1) {
usage("nodestatus");
@@ -5820,21 +5825,19 @@
if (argc == 1) {
nodestring = argv[0];
+ if (strcmp(nodestring, "all") == 0) {
+ print_hdr = true;
+ }
}
if (! parse_nodestring(mem_ctx, ctdb, nodestring, &nodemap)) {
return 1;
}
- nodemap = get_nodemap(ctdb, false);
- if (nodemap == NULL) {
- return 1;
- }
-
if (options.machinereadable) {
print_nodemap_machine(mem_ctx, ctdb, nodemap, ctdb->cmd_pnn);
} else {
- print_nodemap(mem_ctx, ctdb, nodemap, ctdb->cmd_pnn);
+ print_nodemap(mem_ctx, ctdb, nodemap, ctdb->cmd_pnn, print_hdr);
}
ret = 0;
diff -Nru samba-4.5.8+dfsg/debian/changelog samba-4.5.12+dfsg/debian/changelog
--- samba-4.5.8+dfsg/debian/changelog 2017-07-13 14:43:44.000000000 +0200
+++ samba-4.5.12+dfsg/debian/changelog 2017-07-27 12:20:43.000000000 +0200
@@ -1,3 +1,25 @@
+samba (2:4.5.12+dfsg-1) stretch-security; urgency=medium
+
+ * gbp.conf: change debian-branch to stretch
+ * New upstream version
+ - Remove CVE-2017-11103-Orpheus-Lyre-KDC-REP-service-name-val.patch, merged
+ - Remove CVE-2017-7494.patch, merged
+ - Fix "Non-kerberos logins fails on winbind 4.X when krb5_auth is
+ configured in PAM" (Closes: #739768)
+ * Stability fixes backported from sid:
+ - Properly quote subshell invocation in samba-common.preinst
+ (Closes: #771689)
+ - Fix typo s/DESTIDR/DESTDIR/ in d/rules
+ - sysv: Use --pidfile in addition to --exec to avoid matching daemons in
+ containers (Closes: #810794)
+ - Fix libpam-winbind.prerm to be multiarch-safe (Closes: #647430)
+ - Add missing logrotate for /var/log/samba/log.samba (Closes: #803924)
+ - Fix outdated DNS Root servers (Closes: #865406)
+ - Fix logrotate for /var/log/samba/log.samba to send SIGHUP to all processes
+ of the service (systemd only)
+
+ -- Mathieu Parent <sathieu at debian.org> Thu, 27 Jul 2017 12:20:43 +0200
+
samba (2:4.5.8+dfsg-2+deb9u1) stretch-security; urgency=high
* This is a security release in order to address the following defect:
diff -Nru samba-4.5.8+dfsg/debian/gbp.conf samba-4.5.12+dfsg/debian/gbp.conf
--- samba-4.5.8+dfsg/debian/gbp.conf 2017-07-13 14:43:44.000000000 +0200
+++ samba-4.5.12+dfsg/debian/gbp.conf 2017-07-27 12:20:43.000000000 +0200
@@ -13,4 +13,5 @@
'*chm',
]
filter-pristine-tar = True
-debian-branch = master
+debian-branch = stretch
+merge-mode = merge
diff -Nru samba-4.5.8+dfsg/debian/libpam-winbind.prerm samba-4.5.12+dfsg/debian/libpam-winbind.prerm
--- samba-4.5.8+dfsg/debian/libpam-winbind.prerm 2017-06-12 10:00:10.000000000 +0200
+++ samba-4.5.12+dfsg/debian/libpam-winbind.prerm 2017-07-27 12:20:43.000000000 +0200
@@ -2,7 +2,7 @@
set -e
-if [ "$1" = remove ]; then
+if [ "$1" = remove ] && [ "${DPKG_MAINTSCRIPT_PACKAGE_REFCOUNT:-1}" = 1 ]; then
pam-auth-update --package --remove winbind
fi
diff -Nru samba-4.5.8+dfsg/debian/patches/CVE-2017-11103-Orpheus-Lyre-KDC-REP-service-name-val.patch samba-4.5.12+dfsg/debian/patches/CVE-2017-11103-Orpheus-Lyre-KDC-REP-service-name-val.patch
--- samba-4.5.8+dfsg/debian/patches/CVE-2017-11103-Orpheus-Lyre-KDC-REP-service-name-val.patch 2017-07-13 14:43:44.000000000 +0200
+++ samba-4.5.12+dfsg/debian/patches/CVE-2017-11103-Orpheus-Lyre-KDC-REP-service-name-val.patch 1970-01-01 01:00:00.000000000 +0100
@@ -1,42 +0,0 @@
-From 229735bf7dc2ec1ce7e6074491f151784f46e7de Mon Sep 17 00:00:00 2001
-From: Jeffrey Altman <jaltman at secure-endpoints.com>
-Date: Wed, 12 Apr 2017 15:40:42 -0400
-Subject: [PATCH] CVE-2017-11103: Orpheus' Lyre KDC-REP service name validation
-
-In _krb5_extract_ticket() the KDC-REP service name must be obtained from
-encrypted version stored in 'enc_part' instead of the unencrypted version
-stored in 'ticket'. Use of the unecrypted version provides an
-opportunity for successful server impersonation and other attacks.
-
-Identified by Jeffrey Altman, Viktor Duchovni and Nico Williams.
-
-Change-Id: I45ef61e8a46e0f6588d64b5bd572a24c7432547c
-
-BUG: https://bugzilla.samba.org/show_bug.cgi?id=12894
-(based on heimdal commit 6dd3eb836bbb80a00ffced4ad57077a1cdf227ea)
-
-Signed-off-by: Andrew Bartlett <abartlet at samba.org>
-Reviewed-by: Garming Sam <garming at catalyst.net.nz>
-Reviewed-by: Stefan Metzmacher <metze at samba.org>
----
- source4/heimdal/lib/krb5/ticket.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/source4/heimdal/lib/krb5/ticket.c b/source4/heimdal/lib/krb5/ticket.c
-index 064bbfbb33c..5a317c7b971 100644
---- a/source4/heimdal/lib/krb5/ticket.c
-+++ b/source4/heimdal/lib/krb5/ticket.c
-@@ -641,8 +641,8 @@ _krb5_extract_ticket(krb5_context context,
- /* check server referral and save principal */
- ret = _krb5_principalname2krb5_principal (context,
- &tmp_principal,
-- rep->kdc_rep.ticket.sname,
-- rep->kdc_rep.ticket.realm);
-+ rep->enc_part.sname,
-+ rep->enc_part.srealm);
- if (ret)
- goto out;
- if((flags & EXTRACT_TICKET_ALLOW_SERVER_MISMATCH) == 0){
---
-2.13.2
-
diff -Nru samba-4.5.8+dfsg/debian/patches/CVE-2017-7494.patch samba-4.5.12+dfsg/debian/patches/CVE-2017-7494.patch
--- samba-4.5.8+dfsg/debian/patches/CVE-2017-7494.patch 2017-07-13 14:43:44.000000000 +0200
+++ samba-4.5.12+dfsg/debian/patches/CVE-2017-7494.patch 1970-01-01 01:00:00.000000000 +0100
@@ -1,33 +0,0 @@
-From d2bc9f3afe23ee04d237ae9f4511fbe59a27ff54 Mon Sep 17 00:00:00 2001
-From: Volker Lendecke <vl at samba.org>
-Date: Mon, 8 May 2017 21:40:40 +0200
-Subject: [PATCH] CVE-2017-7494: rpc_server3: Refuse to open pipe names with /
- inside
-
-Bug: https://bugzilla.samba.org/show_bug.cgi?id=12780
-
-Signed-off-by: Volker Lendecke <vl at samba.org>
-Reviewed-by: Jeremy Allison <jra at samba.org>
-Reviewed-by: Stefan Metzmacher <metze at samba.org>
----
- source3/rpc_server/srv_pipe.c | 5 +++++
- 1 file changed, 5 insertions(+)
-
-diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c
-index 0633b5f..c3f0cd8 100644
---- a/source3/rpc_server/srv_pipe.c
-+++ b/source3/rpc_server/srv_pipe.c
-@@ -475,6 +475,11 @@ bool is_known_pipename(const char *pipename, struct ndr_syntax_id *syntax)
- {
- NTSTATUS status;
-
-+ if (strchr(pipename, '/')) {
-+ DEBUG(1, ("Refusing open on pipe %s\n", pipename));
-+ return false;
-+ }
-+
- if (lp_disable_spoolss() && strequal(pipename, "spoolss")) {
- DEBUG(10, ("refusing spoolss access\n"));
- return false;
---
-1.9.1
diff -Nru samba-4.5.8+dfsg/debian/patches/provision-Update-root-DNS-servers-list.patch samba-4.5.12+dfsg/debian/patches/provision-Update-root-DNS-servers-list.patch
--- samba-4.5.8+dfsg/debian/patches/provision-Update-root-DNS-servers-list.patch 1970-01-01 01:00:00.000000000 +0100
+++ samba-4.5.12+dfsg/debian/patches/provision-Update-root-DNS-servers-list.patch 2017-07-27 12:20:43.000000000 +0200
@@ -0,0 +1,56 @@
+From 0098a7b5564b60b3b29d3f1767adfd538d3ff55d Mon Sep 17 00:00:00 2001
+From: Amitay Isaacs <amitay at gmail.com>
+Date: Thu, 8 Jun 2017 22:59:56 +1000
+Subject: [PATCH] provision: Update root DNS servers list
+
+Signed-off-by: Amitay Isaacs <amitay at gmail.com>
+Reviewed-by: Andrew Bartlett <abartlet at samba.org>
+---
+ python/samba/provision/sambadns.py | 14 +++++++++++---
+ 1 file changed, 11 insertions(+), 3 deletions(-)
+
+diff --git a/python/samba/provision/sambadns.py b/python/samba/provision/sambadns.py
+index 2c69dd4e910..961f37e16a6 100644
+--- a/python/samba/provision/sambadns.py
++++ b/python/samba/provision/sambadns.py
+@@ -317,15 +317,16 @@ def add_dns_container(samdb, domaindn, prefix, domain_sid, dnsadmins_sid, forest
+
+
+ def add_rootservers(samdb, domaindn, prefix):
++ # https://www.internic.net/zones/named.root
+ rootservers = {}
+ rootservers["a.root-servers.net"] = "198.41.0.4"
+ rootservers["b.root-servers.net"] = "192.228.79.201"
+ rootservers["c.root-servers.net"] = "192.33.4.12"
+- rootservers["d.root-servers.net"] = "128.8.10.90"
++ rootservers["d.root-servers.net"] = "199.7.91.13"
+ rootservers["e.root-servers.net"] = "192.203.230.10"
+ rootservers["f.root-servers.net"] = "192.5.5.241"
+ rootservers["g.root-servers.net"] = "192.112.36.4"
+- rootservers["h.root-servers.net"] = "128.63.2.53"
++ rootservers["h.root-servers.net"] = "198.97.190.53"
+ rootservers["i.root-servers.net"] = "192.36.148.17"
+ rootservers["j.root-servers.net"] = "192.58.128.30"
+ rootservers["k.root-servers.net"] = "193.0.14.129"
+@@ -334,10 +335,17 @@ def add_rootservers(samdb, domaindn, prefix):
+
+ rootservers_v6 = {}
+ rootservers_v6["a.root-servers.net"] = "2001:503:ba3e::2:30"
++ rootservers_v6["b.root-servers.net"] = "2001:500:84::b"
++ rootservers_v6["c.root-servers.net"] = "2001:500:2::c"
++ rootservers_v6["d.root-servers.net"] = "2001:500:2d::d"
++ rootservers_v6["e.root-servers.net"] = "2001:500:a8::e"
+ rootservers_v6["f.root-servers.net"] = "2001:500:2f::f"
+- rootservers_v6["h.root-servers.net"] = "2001:500:1::803f:235"
++ rootservers_v6["g.root-servers.net"] = "2001:500:12::d0d"
++ rootservers_v6["h.root-servers.net"] = "2001:500:1::53"
++ rootservers_v6["i.root-servers.net"] = "2001:7fe::53"
+ rootservers_v6["j.root-servers.net"] = "2001:503:c27::2:30"
+ rootservers_v6["k.root-servers.net"] = "2001:7fd::1"
++ rootservers_v6["l.root-servers.net"] = "2001:500:9f::42"
+ rootservers_v6["m.root-servers.net"] = "2001:dc3::35"
+
+ container_dn = "DC=RootDNSServers,CN=MicrosoftDNS,%s,%s" % (prefix, domaindn)
+--
+2.13.2
+
diff -Nru samba-4.5.8+dfsg/debian/patches/series samba-4.5.12+dfsg/debian/patches/series
--- samba-4.5.8+dfsg/debian/patches/series 2017-07-13 14:43:44.000000000 +0200
+++ samba-4.5.12+dfsg/debian/patches/series 2017-07-27 12:20:43.000000000 +0200
@@ -15,5 +15,4 @@
Add-documentation-to-systemd-Unit-files.patch
fix_kill_path_in_units.patch
nmbd-requires-a-working-network.patch
-CVE-2017-7494.patch
-CVE-2017-11103-Orpheus-Lyre-KDC-REP-service-name-val.patch
+provision-Update-root-DNS-servers-list.patch
diff -Nru samba-4.5.8+dfsg/debian/rules samba-4.5.12+dfsg/debian/rules
--- samba-4.5.8+dfsg/debian/rules 2017-07-13 14:43:44.000000000 +0200
+++ samba-4.5.12+dfsg/debian/rules 2017-07-27 12:20:43.000000000 +0200
@@ -162,7 +162,7 @@
install -m644 debian/samba.ufw.profile $(DESTDIR)/etc/ufw/applications.d/samba
# use upstream version of smb.conf.5 if there is no built version
# this is a temporary workaround for #750593 in xsltproc
- [ -e $(DESTIDR)/usr/share/man/man5/smb.conf.5 ] || \
+ [ -e $(DESTDIR)/usr/share/man/man5/smb.conf.5 ] || \
cp docs/manpages/smb.conf.5 $(DESTDIR)/usr/share/man/man5/smb.conf.5
# Tests that shouldn't be installed
rm -f $(DESTDIR)/usr/bin/async_connect_send_test
diff -Nru samba-4.5.8+dfsg/debian/samba-common.preinst samba-4.5.12+dfsg/debian/samba-common.preinst
--- samba-4.5.8+dfsg/debian/samba-common.preinst 2017-07-13 14:41:12.000000000 +0200
+++ samba-4.5.12+dfsg/debian/samba-common.preinst 2017-07-27 12:20:43.000000000 +0200
@@ -2,7 +2,7 @@
set -e
-if [ $(readlink -f /etc/dhcp/dhclient-enter-hooks.d/samba) = /etc/dhcp3/dhclient-enter-hooks.d/samba ] \
+if [ "$(readlink -f /etc/dhcp/dhclient-enter-hooks.d/samba)" = /etc/dhcp3/dhclient-enter-hooks.d/samba ] \
&& dpkg --compare-versions "$2" le-nl 2:4.1.4+dfsg-2~
then
rm -f /etc/dhcp/dhclient-enter-hooks.d/samba
diff -Nru samba-4.5.8+dfsg/debian/samba.logrotate samba-4.5.12+dfsg/debian/samba.logrotate
--- samba-4.5.8+dfsg/debian/samba.logrotate 2017-07-13 14:43:44.000000000 +0200
+++ samba-4.5.12+dfsg/debian/samba.logrotate 2017-07-27 12:20:43.000000000 +0200
@@ -21,3 +21,20 @@
delaycompress
notifempty
}
+
+/var/log/samba/log.samba {
+ weekly
+ missingok
+ rotate 7
+ postrotate
+ if [ -d /run/systemd/system ] && command systemctl >/dev/null 2>&1 && systemctl is-active --quiet samba-ad-dc; then
+ systemctl kill --kill-who all --signal=SIGHUP samba-ad-dc
+ elsif [ -f /var/run/samba/samba.pid ]; then
+ # This only sends to main pid, See #803924
+ kill -HUP `cat /var/run/samba/samba.pid`
+ fi
+ endscript
+ compress
+ delaycompress
+ notifempty
+}
diff -Nru samba-4.5.8+dfsg/debian/samba.nmbd.init samba-4.5.12+dfsg/debian/samba.nmbd.init
--- samba-4.5.8+dfsg/debian/samba.nmbd.init 2017-07-13 14:43:44.000000000 +0200
+++ samba-4.5.12+dfsg/debian/samba.nmbd.init 2017-07-27 12:20:43.000000000 +0200
@@ -43,7 +43,7 @@
# Make sure we have our PIDDIR, even if it's on a tmpfs
install -o root -g root -m 755 -d $PIDDIR
- if ! start-stop-daemon --start --quiet --oknodo --exec /usr/sbin/nmbd -- -D
+ if ! start-stop-daemon --start --quiet --oknodo --exec /usr/sbin/nmbd --pidfile $NMBDPID -- -D
then
log_end_msg 1
exit 1
diff -Nru samba-4.5.8+dfsg/debian/samba.samba-ad-dc.init samba-4.5.12+dfsg/debian/samba.samba-ad-dc.init
--- samba-4.5.8+dfsg/debian/samba.samba-ad-dc.init 2017-07-13 14:43:44.000000000 +0200
+++ samba-4.5.12+dfsg/debian/samba.samba-ad-dc.init 2017-07-27 12:20:43.000000000 +0200
@@ -55,7 +55,7 @@
# Make sure we have our PIDDIR, even if it's on a tmpfs
install -o root -g root -m 755 -d $PIDDIR
- if ! start-stop-daemon --start --quiet --oknodo --exec /usr/sbin/samba -- -D; then
+ if ! start-stop-daemon --start --quiet --oknodo --exec /usr/sbin/samba --pidfile $SAMBAPID -- -D; then
log_end_msg 1
exit 1
fi
diff -Nru samba-4.5.8+dfsg/debian/samba.smbd.init samba-4.5.12+dfsg/debian/samba.smbd.init
--- samba-4.5.8+dfsg/debian/samba.smbd.init 2017-07-13 14:43:44.000000000 +0200
+++ samba-4.5.12+dfsg/debian/samba.smbd.init 2017-07-27 12:20:43.000000000 +0200
@@ -38,7 +38,7 @@
# Make sure we have our PIDDIR, even if it's on a tmpfs
install -o root -g root -m 755 -d $PIDDIR
- if ! start-stop-daemon --start --quiet --oknodo --exec /usr/sbin/smbd -- -D; then
+ if ! start-stop-daemon --start --quiet --oknodo --exec /usr/sbin/smbd --pidfile $SMBDPID -- -D; then
log_end_msg 1
exit 1
fi
diff -Nru samba-4.5.8+dfsg/debian/winbind.init samba-4.5.12+dfsg/debian/winbind.init
--- samba-4.5.8+dfsg/debian/winbind.init 2017-07-13 14:43:44.000000000 +0200
+++ samba-4.5.12+dfsg/debian/winbind.init 2017-07-27 12:20:43.000000000 +0200
@@ -40,7 +40,7 @@
fi
log_daemon_msg "Starting the Winbind daemon" "winbind"
- start-stop-daemon --start --quiet --oknodo --exec $DAEMON -- $WINBINDD_OPTS
+ start-stop-daemon --start --quiet --oknodo --exec $DAEMON --pidfile $WINBINDPID -- $WINBINDD_OPTS
log_end_msg $?
;;
@@ -50,7 +50,7 @@
exit 0
fi
log_daemon_msg "Stopping the Winbind daemon" "winbind"
- start-stop-daemon --stop --quiet --oknodo --exec $DAEMON
+ start-stop-daemon --stop --quiet --oknodo --exec $DAEMON --pidfile $WINBINDPID
log_end_msg $?
;;
diff -Nru samba-4.5.8+dfsg/docs/manpages/cifsdd.8 samba-4.5.12+dfsg/docs/manpages/cifsdd.8
--- samba-4.5.8+dfsg/docs/manpages/cifsdd.8 2017-03-31 08:29:39.000000000 +0200
+++ samba-4.5.12+dfsg/docs/manpages/cifsdd.8 2017-07-12 11:24:13.000000000 +0200
@@ -2,12 +2,12 @@
.\" Title: cifsdd
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\" Date: 03/31/2017
+.\" Date: 07/12/2017
.\" Manual: System Administration tools
.\" Source: Samba 4.5
.\" Language: English
.\"
-.TH "CIFSDD" "8" "03/31/2017" "Samba 4\&.5" "System Administration tools"
+.TH "CIFSDD" "8" "07/12/2017" "Samba 4\&.5" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -Nru samba-4.5.8+dfsg/docs/manpages/dbwrap_tool.1 samba-4.5.12+dfsg/docs/manpages/dbwrap_tool.1
--- samba-4.5.8+dfsg/docs/manpages/dbwrap_tool.1 2017-03-31 08:29:39.000000000 +0200
+++ samba-4.5.12+dfsg/docs/manpages/dbwrap_tool.1 2017-07-12 11:24:14.000000000 +0200
@@ -2,12 +2,12 @@
.\" Title: dbwrap_tool
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\" Date: 03/31/2017
+.\" Date: 07/12/2017
.\" Manual: System Administration tools
.\" Source: Samba 4.5
.\" Language: English
.\"
-.TH "DBWRAP_TOOL" "1" "03/31/2017" "Samba 4\&.5" "System Administration tools"
+.TH "DBWRAP_TOOL" "1" "07/12/2017" "Samba 4\&.5" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
@@ -185,6 +185,58 @@
.sp
Exactly one of \-\-persistent and \-\-non\-persistent must be specified\&.
.RE
+.PP
+\-d|\-\-debuglevel=level
+.RS 4
+\fIlevel\fR
+is an integer from 0 to 10\&. The default value if this parameter is not specified is 1\&.
+.sp
+The higher this value, the more detail will be logged to the log files about the activities of the server\&. At level 0, only critical errors and serious warnings will be logged\&. Level 1 is a reasonable level for day\-to\-day running \- it generates a small amount of information about operations carried out\&.
+.sp
+Levels above 1 will generate considerable amounts of log data, and should only be used when investigating a problem\&. Levels above 3 are designed for use only by developers and generate HUGE amounts of log data, most of which is extremely cryptic\&.
+.sp
+Note that specifying this parameter here will override the
+\m[blue]\fBlog level\fR\m[]
+parameter in the
+smb\&.conf
+file\&.
+.RE
+.PP
+\-V|\-\-version
+.RS 4
+Prints the program version number\&.
+.RE
+.PP
+\-s|\-\-configfile=<configuration file>
+.RS 4
+The file specified contains the configuration details required by the server\&. The information in this file includes server\-specific information such as what printcap file to use, as well as descriptions of all the services that the server is to provide\&. See
+smb\&.conf
+for more information\&. The default configuration file name is determined at compile time\&.
+.RE
+.PP
+\-l|\-\-log\-basename=logdirectory
+.RS 4
+Base directory name for log/debug files\&. The extension
+\fB"\&.progname"\fR
+will be appended (e\&.g\&. log\&.smbclient, log\&.smbd, etc\&.\&.\&.)\&. The log file is never removed by the client\&.
+.RE
+.PP
+\-\-option=<name>=<value>
+.RS 4
+Set the
+\fBsmb.conf\fR(5)
+option "<name>" to value "<value>" from the command line\&. This overrides compiled\-in defaults and options read from the configuration file\&.
+.RE
+.PP
+\-?|\-\-help
+.RS 4
+Print a summary of command line options\&.
+.RE
+.PP
+\-\-usage
+.RS 4
+Display brief usage message\&.
+.RE
.SH "COMMANDS"
.SS "fetch"
.HP \w'\ 'u
diff -Nru samba-4.5.8+dfsg/docs/manpages/eventlogadm.8 samba-4.5.12+dfsg/docs/manpages/eventlogadm.8
--- samba-4.5.8+dfsg/docs/manpages/eventlogadm.8 2017-03-31 08:29:39.000000000 +0200
+++ samba-4.5.12+dfsg/docs/manpages/eventlogadm.8 2017-07-12 11:24:14.000000000 +0200
@@ -2,12 +2,12 @@
.\" Title: eventlogadm
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\" Date: 03/31/2017
+.\" Date: 07/12/2017
.\" Manual: System Administration tools
.\" Source: Samba 4.5
.\" Language: English
.\"
-.TH "EVENTLOGADM" "8" "03/31/2017" "Samba 4\&.5" "System Administration tools"
+.TH "EVENTLOGADM" "8" "07/12/2017" "Samba 4\&.5" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -Nru samba-4.5.8+dfsg/docs/manpages/findsmb.1 samba-4.5.12+dfsg/docs/manpages/findsmb.1
--- samba-4.5.8+dfsg/docs/manpages/findsmb.1 2017-03-31 08:29:40.000000000 +0200
+++ samba-4.5.12+dfsg/docs/manpages/findsmb.1 2017-07-12 11:24:14.000000000 +0200
@@ -2,12 +2,12 @@
.\" Title: findsmb
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\" Date: 03/31/2017
+.\" Date: 07/12/2017
.\" Manual: User Commands
.\" Source: Samba 4.5
.\" Language: English
.\"
-.TH "FINDSMB" "1" "03/31/2017" "Samba 4\&.5" "User Commands"
+.TH "FINDSMB" "1" "07/12/2017" "Samba 4\&.5" "User Commands"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -Nru samba-4.5.8+dfsg/docs/manpages/idmap_ad.8 samba-4.5.12+dfsg/docs/manpages/idmap_ad.8
--- samba-4.5.8+dfsg/docs/manpages/idmap_ad.8 2017-03-31 08:29:40.000000000 +0200
+++ samba-4.5.12+dfsg/docs/manpages/idmap_ad.8 2017-07-12 11:24:15.000000000 +0200
@@ -2,12 +2,12 @@
.\" Title: idmap_ad
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\" Date: 03/31/2017
+.\" Date: 07/12/2017
.\" Manual: System Administration tools
.\" Source: Samba 4.5
.\" Language: English
.\"
-.TH "IDMAP_AD" "8" "03/31/2017" "Samba 4\&.5" "System Administration tools"
+.TH "IDMAP_AD" "8" "07/12/2017" "Samba 4\&.5" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -Nru samba-4.5.8+dfsg/docs/manpages/idmap_autorid.8 samba-4.5.12+dfsg/docs/manpages/idmap_autorid.8
--- samba-4.5.8+dfsg/docs/manpages/idmap_autorid.8 2017-03-31 08:29:40.000000000 +0200
+++ samba-4.5.12+dfsg/docs/manpages/idmap_autorid.8 2017-07-12 11:24:15.000000000 +0200
@@ -2,12 +2,12 @@
.\" Title: idmap_autorid
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\" Date: 03/31/2017
+.\" Date: 07/12/2017
.\" Manual: System Administration tools
.\" Source: Samba 4.5
.\" Language: English
.\"
-.TH "IDMAP_AUTORID" "8" "03/31/2017" "Samba 4\&.5" "System Administration tools"
+.TH "IDMAP_AUTORID" "8" "07/12/2017" "Samba 4\&.5" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -Nru samba-4.5.8+dfsg/docs/manpages/idmap_hash.8 samba-4.5.12+dfsg/docs/manpages/idmap_hash.8
--- samba-4.5.8+dfsg/docs/manpages/idmap_hash.8 2017-03-31 08:29:40.000000000 +0200
+++ samba-4.5.12+dfsg/docs/manpages/idmap_hash.8 2017-07-12 11:24:15.000000000 +0200
@@ -2,12 +2,12 @@
.\" Title: idmap_hash
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\" Date: 03/31/2017
+.\" Date: 07/12/2017
.\" Manual: System Administration tools
.\" Source: Samba 4.5
.\" Language: English
.\"
-.TH "IDMAP_HASH" "8" "03/31/2017" "Samba 4\&.5" "System Administration tools"
+.TH "IDMAP_HASH" "8" "07/12/2017" "Samba 4\&.5" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -Nru samba-4.5.8+dfsg/docs/manpages/idmap_ldap.8 samba-4.5.12+dfsg/docs/manpages/idmap_ldap.8
--- samba-4.5.8+dfsg/docs/manpages/idmap_ldap.8 2017-03-31 08:29:41.000000000 +0200
+++ samba-4.5.12+dfsg/docs/manpages/idmap_ldap.8 2017-07-12 11:24:15.000000000 +0200
@@ -2,12 +2,12 @@
.\" Title: idmap_ldap
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\" Date: 03/31/2017
+.\" Date: 07/12/2017
.\" Manual: System Administration tools
.\" Source: Samba 4.5
.\" Language: English
.\"
-.TH "IDMAP_LDAP" "8" "03/31/2017" "Samba 4\&.5" "System Administration tools"
+.TH "IDMAP_LDAP" "8" "07/12/2017" "Samba 4\&.5" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -Nru samba-4.5.8+dfsg/docs/manpages/idmap_nss.8 samba-4.5.12+dfsg/docs/manpages/idmap_nss.8
--- samba-4.5.8+dfsg/docs/manpages/idmap_nss.8 2017-03-31 08:29:41.000000000 +0200
+++ samba-4.5.12+dfsg/docs/manpages/idmap_nss.8 2017-07-12 11:24:16.000000000 +0200
@@ -2,12 +2,12 @@
.\" Title: idmap_nss
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\" Date: 03/31/2017
+.\" Date: 07/12/2017
.\" Manual: System Administration tools
.\" Source: Samba 4.5
.\" Language: English
.\"
-.TH "IDMAP_NSS" "8" "03/31/2017" "Samba 4\&.5" "System Administration tools"
+.TH "IDMAP_NSS" "8" "07/12/2017" "Samba 4\&.5" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -Nru samba-4.5.8+dfsg/docs/manpages/idmap_rfc2307.8 samba-4.5.12+dfsg/docs/manpages/idmap_rfc2307.8
--- samba-4.5.8+dfsg/docs/manpages/idmap_rfc2307.8 2017-03-31 08:29:41.000000000 +0200
+++ samba-4.5.12+dfsg/docs/manpages/idmap_rfc2307.8 2017-07-12 11:24:16.000000000 +0200
@@ -2,12 +2,12 @@
.\" Title: idmap_rfc2307
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\" Date: 03/31/2017
+.\" Date: 07/12/2017
.\" Manual: System Administration tools
.\" Source: Samba 4.5
.\" Language: English
.\"
-.TH "IDMAP_RFC2307" "8" "03/31/2017" "Samba 4\&.5" "System Administration tools"
+.TH "IDMAP_RFC2307" "8" "07/12/2017" "Samba 4\&.5" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -Nru samba-4.5.8+dfsg/docs/manpages/idmap_rid.8 samba-4.5.12+dfsg/docs/manpages/idmap_rid.8
--- samba-4.5.8+dfsg/docs/manpages/idmap_rid.8 2017-03-31 08:29:41.000000000 +0200
+++ samba-4.5.12+dfsg/docs/manpages/idmap_rid.8 2017-07-12 11:24:16.000000000 +0200
@@ -2,12 +2,12 @@
.\" Title: idmap_rid
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\" Date: 03/31/2017
+.\" Date: 07/12/2017
.\" Manual: System Administration tools
.\" Source: Samba 4.5
.\" Language: English
.\"
-.TH "IDMAP_RID" "8" "03/31/2017" "Samba 4\&.5" "System Administration tools"
+.TH "IDMAP_RID" "8" "07/12/2017" "Samba 4\&.5" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -Nru samba-4.5.8+dfsg/docs/manpages/idmap_script.8 samba-4.5.12+dfsg/docs/manpages/idmap_script.8
--- samba-4.5.8+dfsg/docs/manpages/idmap_script.8 2017-03-31 08:29:41.000000000 +0200
+++ samba-4.5.12+dfsg/docs/manpages/idmap_script.8 2017-07-12 11:24:16.000000000 +0200
@@ -2,12 +2,12 @@
.\" Title: idmap_script
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\" Date: 03/31/2017
+.\" Date: 07/12/2017
.\" Manual: System Administration tools
.\" Source: Samba 4.5
.\" Language: English
.\"
-.TH "IDMAP_SCRIPT" "8" "03/31/2017" "Samba 4\&.5" "System Administration tools"
+.TH "IDMAP_SCRIPT" "8" "07/12/2017" "Samba 4\&.5" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -Nru samba-4.5.8+dfsg/docs/manpages/idmap_tdb2.8 samba-4.5.12+dfsg/docs/manpages/idmap_tdb2.8
--- samba-4.5.8+dfsg/docs/manpages/idmap_tdb2.8 2017-03-31 08:29:42.000000000 +0200
+++ samba-4.5.12+dfsg/docs/manpages/idmap_tdb2.8 2017-07-12 11:24:17.000000000 +0200
@@ -2,12 +2,12 @@
.\" Title: idmap_tdb2
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\" Date: 03/31/2017
+.\" Date: 07/12/2017
.\" Manual: System Administration tools
.\" Source: Samba 4.5
.\" Language: English
.\"
-.TH "IDMAP_TDB2" "8" "03/31/2017" "Samba 4\&.5" "System Administration tools"
+.TH "IDMAP_TDB2" "8" "07/12/2017" "Samba 4\&.5" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -Nru samba-4.5.8+dfsg/docs/manpages/idmap_tdb.8 samba-4.5.12+dfsg/docs/manpages/idmap_tdb.8
--- samba-4.5.8+dfsg/docs/manpages/idmap_tdb.8 2017-03-31 08:29:42.000000000 +0200
+++ samba-4.5.12+dfsg/docs/manpages/idmap_tdb.8 2017-07-12 11:24:17.000000000 +0200
@@ -2,12 +2,12 @@
.\" Title: idmap_tdb
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\" Date: 03/31/2017
+.\" Date: 07/12/2017
.\" Manual: System Administration tools
.\" Source: Samba 4.5
.\" Language: English
.\"
-.TH "IDMAP_TDB" "8" "03/31/2017" "Samba 4\&.5" "System Administration tools"
+.TH "IDMAP_TDB" "8" "07/12/2017" "Samba 4\&.5" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -Nru samba-4.5.8+dfsg/docs/manpages/libsmbclient.7 samba-4.5.12+dfsg/docs/manpages/libsmbclient.7
--- samba-4.5.8+dfsg/docs/manpages/libsmbclient.7 2017-03-31 08:29:42.000000000 +0200
+++ samba-4.5.12+dfsg/docs/manpages/libsmbclient.7 2017-07-12 11:24:17.000000000 +0200
@@ -2,12 +2,12 @@
.\" Title: libsmbclient
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\" Date: 03/31/2017
+.\" Date: 07/12/2017
.\" Manual: 7
.\" Source: Samba 4.5
.\" Language: English
.\"
-.TH "LIBSMBCLIENT" "7" "03/31/2017" "Samba 4\&.5" "7"
+.TH "LIBSMBCLIENT" "7" "07/12/2017" "Samba 4\&.5" "7"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -Nru samba-4.5.8+dfsg/docs/manpages/lmhosts.5 samba-4.5.12+dfsg/docs/manpages/lmhosts.5
--- samba-4.5.8+dfsg/docs/manpages/lmhosts.5 2017-03-31 08:29:42.000000000 +0200
+++ samba-4.5.12+dfsg/docs/manpages/lmhosts.5 2017-07-12 11:24:17.000000000 +0200
@@ -2,12 +2,12 @@
.\" Title: lmhosts
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\" Date: 03/31/2017
+.\" Date: 07/12/2017
.\" Manual: File Formats and Conventions
.\" Source: Samba 4.5
.\" Language: English
.\"
-.TH "LMHOSTS" "5" "03/31/2017" "Samba 4\&.5" "File Formats and Conventions"
+.TH "LMHOSTS" "5" "07/12/2017" "Samba 4\&.5" "File Formats and Conventions"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -Nru samba-4.5.8+dfsg/docs/manpages/log2pcap.1 samba-4.5.12+dfsg/docs/manpages/log2pcap.1
--- samba-4.5.8+dfsg/docs/manpages/log2pcap.1 2017-03-31 08:29:43.000000000 +0200
+++ samba-4.5.12+dfsg/docs/manpages/log2pcap.1 2017-07-12 11:24:18.000000000 +0200
@@ -2,12 +2,12 @@
.\" Title: log2pcap
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\" Date: 03/31/2017
+.\" Date: 07/12/2017
.\" Manual: User Commands
.\" Source: Samba 4.5
.\" Language: English
.\"
-.TH "LOG2PCAP" "1" "03/31/2017" "Samba 4\&.5" "User Commands"
+.TH "LOG2PCAP" "1" "07/12/2017" "Samba 4\&.5" "User Commands"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
@@ -73,6 +73,11 @@
.RS 4
Name of the output file to write the pcap (or hexdump) data to\&. If this argument is not specified, output data will be written to stdout\&.
.RE
+.PP
+\-?|\-\-help
+.RS 4
+Print a summary of command line options\&.
+.RE
.SH "EXAMPLES"
.PP
Extract all network traffic from all samba log files:
diff -Nru samba-4.5.8+dfsg/docs/manpages/net.8 samba-4.5.12+dfsg/docs/manpages/net.8
--- samba-4.5.8+dfsg/docs/manpages/net.8 2017-03-31 08:29:43.000000000 +0200
+++ samba-4.5.12+dfsg/docs/manpages/net.8 2017-07-12 11:24:18.000000000 +0200
@@ -2,12 +2,12 @@
.\" Title: net
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\" Date: 03/31/2017
+.\" Date: 07/12/2017
.\" Manual: System Administration tools
.\" Source: Samba 4.5
.\" Language: English
.\"
-.TH "NET" "8" "03/31/2017" "Samba 4\&.5" "System Administration tools"
+.TH "NET" "8" "07/12/2017" "Samba 4\&.5" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
@@ -41,6 +41,16 @@
The Samba net utility is meant to work just like the net utility available for windows and DOS\&. The first argument should be used to specify the protocol to use when executing a certain command\&. ADS is used for ActiveDirectory, RAP is using for old (Win9x/NT3) clients and RPC can be used for NT4 and Windows 2000\&. If this argument is omitted, net will try to determine it automatically\&. Not all commands are available on all protocols\&.
.SH "OPTIONS"
.PP
+\-?|\-\-help
+.RS 4
+Print a summary of command line options\&.
+.RE
+.PP
+\-k|\-\-kerberos
+.RS 4
+Try to authenticate with kerberos\&. Only useful in an Active Directory environment\&.
+.RE
+.PP
\-w|\-\-workgroup target\-workgroup
.RS 4
Sets target workgroup or domain\&. You have to specify either this option or the IP address or the name of a server\&.
@@ -66,6 +76,23 @@
Port on the target server to connect to (usually 139 or 445)\&. Defaults to trying 445 first, then 139\&.
.RE
.PP
+\-n|\-\-netbiosname <primary NetBIOS name>
+.RS 4
+This option allows you to override the NetBIOS name that Samba uses for itself\&. This is identical to setting the
+\m[blue]\fBnetbios name\fR\m[]
+parameter in the
+smb\&.conf
+file\&. However, a command line setting will take precedence over settings in
+smb\&.conf\&.
+.RE
+.PP
+\-s|\-\-configfile=<configuration file>
+.RS 4
+The file specified contains the configuration details required by the server\&. The information in this file includes server\-specific information such as what printcap file to use, as well as descriptions of all the services that the server is to provide\&. See
+smb\&.conf
+for more information\&. The default configuration file name is determined at compile time\&.
+.RE
+.PP
\-S|\-\-server server
.RS 4
Name of target server\&. You should specify either this option or a target workgroup or a target IP address\&.
@@ -255,6 +282,53 @@
.RS 4
Do not perform DNS updates as part of "net ads join"\&.
.RE
+.PP
+\-e|\-\-encrypt
+.RS 4
+This command line parameter requires the remote server support the UNIX extensions or that the SMB3 protocol has been selected\&. Requests that the connection be encrypted\&. Negotiates SMB encryption using either SMB3 or POSIX extensions via GSSAPI\&. Uses the given credentials for the encryption negotiation (either kerberos or NTLMv1/v2 if given domain/username/password triple\&. Fails the connection if encryption cannot be negotiated\&.
+.RE
+.PP
+\-d|\-\-debuglevel=level
+.RS 4
+\fIlevel\fR
+is an integer from 0 to 10\&. The default value if this parameter is not specified is 1\&.
+.sp
+The higher this value, the more detail will be logged to the log files about the activities of the server\&. At level 0, only critical errors and serious warnings will be logged\&. Level 1 is a reasonable level for day\-to\-day running \- it generates a small amount of information about operations carried out\&.
+.sp
+Levels above 1 will generate considerable amounts of log data, and should only be used when investigating a problem\&. Levels above 3 are designed for use only by developers and generate HUGE amounts of log data, most of which is extremely cryptic\&.
+.sp
+Note that specifying this parameter here will override the
+\m[blue]\fBlog level\fR\m[]
+parameter in the
+smb\&.conf
+file\&.
+.RE
+.PP
+\-V|\-\-version
+.RS 4
+Prints the program version number\&.
+.RE
+.PP
+\-s|\-\-configfile=<configuration file>
+.RS 4
+The file specified contains the configuration details required by the server\&. The information in this file includes server\-specific information such as what printcap file to use, as well as descriptions of all the services that the server is to provide\&. See
+smb\&.conf
+for more information\&. The default configuration file name is determined at compile time\&.
+.RE
+.PP
+\-l|\-\-log\-basename=logdirectory
+.RS 4
+Base directory name for log/debug files\&. The extension
+\fB"\&.progname"\fR
+will be appended (e\&.g\&. log\&.smbclient, log\&.smbd, etc\&.\&.\&.)\&. The log file is never removed by the client\&.
+.RE
+.PP
+\-\-option=<name>=<value>
+.RS 4
+Set the
+\fBsmb.conf\fR(5)
+option "<name>" to value "<value>" from the command line\&. This overrides compiled\-in defaults and options read from the configuration file\&.
+.RE
.SH "COMMANDS"
.SS "CHANGESECRETPW"
.PP
@@ -379,6 +453,22 @@
.SS "RAP VALIDATE \fIuser\fR [\fIpassword\fR]"
.PP
Validate whether the specified user can log in to the remote server\&. If the password is not specified on the commandline, it will be prompted\&.
+.if n \{\
+.sp
+.\}
+.RS 4
+.it 1 an-trap
+.nr an-no-space-flag 1
+.nr an-break-flag 1
+.br
+.ps +1
+\fBNote\fR
+.ps -1
+.br
+.PP
+Currently NOT implemented\&.
+.sp .5v
+.RE
.SS "RAP GROUPMEMBER"
.SS "RAP GROUPMEMBER LIST GROUP"
.PP
@@ -394,13 +484,61 @@
Execute the specified
\fIcommand\fR
on the remote server\&. Only works with OS/2 servers\&.
+.if n \{\
+.sp
+.\}
+.RS 4
+.it 1 an-trap
+.nr an-no-space-flag 1
+.nr an-break-flag 1
+.br
+.ps +1
+\fBNote\fR
+.ps -1
+.br
+.PP
+Currently NOT implemented\&.
+.sp .5v
+.RE
.SS "RAP SERVICE"
.SS "RAP SERVICE START NAME [arguments...]"
.PP
Start the specified service on the remote server\&. Not implemented yet\&.
+.if n \{\
+.sp
+.\}
+.RS 4
+.it 1 an-trap
+.nr an-no-space-flag 1
+.nr an-break-flag 1
+.br
+.ps +1
+\fBNote\fR
+.ps -1
+.br
+.PP
+Currently NOT implemented\&.
+.sp .5v
+.RE
.SS "RAP SERVICE STOP"
.PP
Stop the specified service on the remote server\&.
+.if n \{\
+.sp
+.\}
+.RS 4
+.it 1 an-trap
+.nr an-no-space-flag 1
+.nr an-break-flag 1
+.br
+.ps +1
+\fBNote\fR
+.ps -1
+.br
+.PP
+Currently NOT implemented\&.
+.sp .5v
+.RE
.SS "RAP PASSWORD \fIUSER\fR \fIOLDPASS\fR \fINEWPASS\fR"
.PP
Change password of
diff -Nru samba-4.5.8+dfsg/docs/manpages/nmbd.8 samba-4.5.12+dfsg/docs/manpages/nmbd.8
--- samba-4.5.8+dfsg/docs/manpages/nmbd.8 2017-03-31 08:29:43.000000000 +0200
+++ samba-4.5.12+dfsg/docs/manpages/nmbd.8 2017-07-12 11:24:18.000000000 +0200
@@ -2,12 +2,12 @@
.\" Title: nmbd
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\" Date: 03/31/2017
+.\" Date: 07/12/2017
.\" Manual: System Administration tools
.\" Source: Samba 4.5
.\" Language: English
.\"
-.TH "NMBD" "8" "03/31/2017" "Samba 4\&.5" "System Administration tools"
+.TH "NMBD" "8" "07/12/2017" "Samba 4\&.5" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
@@ -47,7 +47,8 @@
nmbd
will listen for such requests, and if its own NetBIOS name is specified it will respond with the IP number of the host it is running on\&. Its "own NetBIOS name" is by default the primary DNS name of the host it is running on, but this can be overridden by the
\m[blue]\fBnetbios name\fR\m[]
-in \&. Thus
+in
+smb\&.conf\&. Thus
nmbd
will reply to broadcast queries for its own name(s)\&. Additional names for
nmbd
@@ -105,6 +106,16 @@
parameter had been given\&.
.RE
.PP
+\-?|\-\-help
+.RS 4
+Print a summary of command line options\&.
+.RE
+.PP
+\-\-usage
+.RS 4
+Display brief usage message\&.
+.RE
+.PP
\-H|\-\-hosts <filename>
.RS 4
NetBIOS lmhosts file\&. The lmhosts file is a list of NetBIOS names to IP addresses that is loaded by the nmbd server and used via the name resolution mechanism
@@ -127,6 +138,48 @@
man page for details on the contents of this file\&.
.RE
.PP
+\-d|\-\-debuglevel=level
+.RS 4
+\fIlevel\fR
+is an integer from 0 to 10\&. The default value if this parameter is not specified is 0\&.
+.sp
+The higher this value, the more detail will be logged to the log files about the activities of the server\&. At level 0, only critical errors and serious warnings will be logged\&. Level 1 is a reasonable level for day\-to\-day running \- it generates a small amount of information about operations carried out\&.
+.sp
+Levels above 1 will generate considerable amounts of log data, and should only be used when investigating a problem\&. Levels above 3 are designed for use only by developers and generate HUGE amounts of log data, most of which is extremely cryptic\&.
+.sp
+Note that specifying this parameter here will override the
+\m[blue]\fBlog level\fR\m[]
+parameter in the
+smb\&.conf
+file\&.
+.RE
+.PP
+\-V|\-\-version
+.RS 4
+Prints the program version number\&.
+.RE
+.PP
+\-s|\-\-configfile=<configuration file>
+.RS 4
+The file specified contains the configuration details required by the server\&. The information in this file includes server\-specific information such as what printcap file to use, as well as descriptions of all the services that the server is to provide\&. See
+smb\&.conf
+for more information\&. The default configuration file name is determined at compile time\&.
+.RE
+.PP
+\-l|\-\-log\-basename=logdirectory
+.RS 4
+Base directory name for log/debug files\&. The extension
+\fB"\&.progname"\fR
+will be appended (e\&.g\&. log\&.smbclient, log\&.smbd, etc\&.\&.\&.)\&. The log file is never removed by the client\&.
+.RE
+.PP
+\-\-option=<name>=<value>
+.RS 4
+Set the
+\fBsmb.conf\fR(5)
+option "<name>" to value "<value>" from the command line\&. This overrides compiled\-in defaults and options read from the configuration file\&.
+.RE
+.PP
\-p|\-\-port <UDP port number>
.RS 4
UDP port number is a positive integer value\&. This option changes the default UDP port number (normally 137) that
diff -Nru samba-4.5.8+dfsg/docs/manpages/nmblookup.1 samba-4.5.12+dfsg/docs/manpages/nmblookup.1
--- samba-4.5.8+dfsg/docs/manpages/nmblookup.1 2017-03-31 08:29:44.000000000 +0200
+++ samba-4.5.12+dfsg/docs/manpages/nmblookup.1 2017-07-12 11:24:19.000000000 +0200
@@ -2,12 +2,12 @@
.\" Title: nmblookup
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\" Date: 03/31/2017
+.\" Date: 07/12/2017
.\" Manual: User Commands
.\" Source: Samba 4.5
.\" Language: English
.\"
-.TH "NMBLOOKUP" "1" "03/31/2017" "Samba 4\&.5" "User Commands"
+.TH "NMBLOOKUP" "1" "07/12/2017" "Samba 4\&.5" "User Commands"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
@@ -78,6 +78,47 @@
as an IP Address and do a node status query on this address\&.
.RE
.PP
+\-n|\-\-netbiosname <primary NetBIOS name>
+.RS 4
+This option allows you to override the NetBIOS name that Samba uses for itself\&. This is identical to setting the
+\m[blue]\fBnetbios name\fR\m[]
+parameter in the
+smb\&.conf
+file\&. However, a command line setting will take precedence over settings in
+smb\&.conf\&.
+.RE
+.PP
+\-i|\-\-scope <scope>
+.RS 4
+This specifies a NetBIOS scope that
+nmblookup
+will use to communicate with when generating NetBIOS names\&. For details on the use of NetBIOS scopes, see rfc1001\&.txt and rfc1002\&.txt\&. NetBIOS scopes are
+\fIvery\fR
+rarely used, only set this parameter if you are the system administrator in charge of all the NetBIOS systems you communicate with\&.
+.RE
+.PP
+\-W|\-\-workgroup=domain
+.RS 4
+Set the SMB domain of the username\&. This overrides the default domain which is the domain defined in smb\&.conf\&. If the domain specified is the same as the servers NetBIOS name, it causes the client to log on using the servers local SAM (as opposed to the Domain SAM)\&.
+.RE
+.PP
+\-O|\-\-socket\-options socket options
+.RS 4
+TCP socket options to set on the client socket\&. See the socket options parameter in the
+smb\&.conf
+manual page for the list of valid options\&.
+.RE
+.PP
+\-?|\-\-help
+.RS 4
+Print a summary of command line options\&.
+.RE
+.PP
+\-\-usage
+.RS 4
+Display brief usage message\&.
+.RE
+.PP
\-B|\-\-broadcast <broadcast address>
.RS 4
Send the query to the given broadcast address\&. Without this option the default behavior of nmblookup is to send the query to the broadcast address of the network interfaces as either auto\-detected or defined in the
@@ -95,6 +136,48 @@
option) is needed to query a WINS server\&.
.RE
.PP
+\-d|\-\-debuglevel=level
+.RS 4
+\fIlevel\fR
+is an integer from 0 to 10\&. The default value if this parameter is not specified is 0\&.
+.sp
+The higher this value, the more detail will be logged to the log files about the activities of the server\&. At level 0, only critical errors and serious warnings will be logged\&. Level 1 is a reasonable level for day\-to\-day running \- it generates a small amount of information about operations carried out\&.
+.sp
+Levels above 1 will generate considerable amounts of log data, and should only be used when investigating a problem\&. Levels above 3 are designed for use only by developers and generate HUGE amounts of log data, most of which is extremely cryptic\&.
+.sp
+Note that specifying this parameter here will override the
+\m[blue]\fBlog level\fR\m[]
+parameter in the
+smb\&.conf
+file\&.
+.RE
+.PP
+\-V|\-\-version
+.RS 4
+Prints the program version number\&.
+.RE
+.PP
+\-s|\-\-configfile=<configuration file>
+.RS 4
+The file specified contains the configuration details required by the server\&. The information in this file includes server\-specific information such as what printcap file to use, as well as descriptions of all the services that the server is to provide\&. See
+smb\&.conf
+for more information\&. The default configuration file name is determined at compile time\&.
+.RE
+.PP
+\-l|\-\-log\-basename=logdirectory
+.RS 4
+Base directory name for log/debug files\&. The extension
+\fB"\&.progname"\fR
+will be appended (e\&.g\&. log\&.smbclient, log\&.smbd, etc\&.\&.\&.)\&. The log file is never removed by the client\&.
+.RE
+.PP
+\-\-option=<name>=<value>
+.RS 4
+Set the
+\fBsmb.conf\fR(5)
+option "<name>" to value "<value>" from the command line\&. This overrides compiled\-in defaults and options read from the configuration file\&.
+.RE
+.PP
\-T|\-\-translate
.RS 4
This causes any IP addresses found in the lookup to be looked up via a reverse DNS lookup into a DNS name, and printed out before each
diff -Nru samba-4.5.8+dfsg/docs/manpages/ntlm_auth.1 samba-4.5.12+dfsg/docs/manpages/ntlm_auth.1
--- samba-4.5.8+dfsg/docs/manpages/ntlm_auth.1 2017-03-31 08:29:44.000000000 +0200
+++ samba-4.5.12+dfsg/docs/manpages/ntlm_auth.1 2017-07-12 11:24:19.000000000 +0200
@@ -2,12 +2,12 @@
.\" Title: ntlm_auth
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\" Date: 03/31/2017
+.\" Date: 07/12/2017
.\" Manual: User Commands
.\" Source: Samba 4.5
.\" Language: English
.\"
-.TH "NTLM_AUTH" "1" "03/31/2017" "Samba 4\&.5" "User Commands"
+.TH "NTLM_AUTH" "1" "07/12/2017" "Samba 4\&.5" "User Commands"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
@@ -344,7 +344,24 @@
.PP
\-\-configfile=<configuration file>
.RS 4
-The file specified contains the configuration details required by the server\&. The information in this file includes server\-specific information such as what printcap file to use, as well as descriptions of all the services that the server is to provide\&. See for more information\&. The default configuration file name is determined at compile time\&.
+The file specified contains the configuration details required by the server\&. The information in this file includes server\-specific information such as what printcap file to use, as well as descriptions of all the services that the server is to provide\&. See
+smb\&.conf
+for more information\&. The default configuration file name is determined at compile time\&.
+.RE
+.PP
+\-V|\-\-version
+.RS 4
+Prints the program version number\&.
+.RE
+.PP
+\-?|\-\-help
+.RS 4
+Print a summary of command line options\&.
+.RE
+.PP
+\-\-usage
+.RS 4
+Display brief usage message\&.
.RE
.SH "EXAMPLE SETUP"
.PP
diff -Nru samba-4.5.8+dfsg/docs/manpages/pam_winbind.8 samba-4.5.12+dfsg/docs/manpages/pam_winbind.8
--- samba-4.5.8+dfsg/docs/manpages/pam_winbind.8 2017-03-31 08:29:44.000000000 +0200
+++ samba-4.5.12+dfsg/docs/manpages/pam_winbind.8 2017-07-12 11:24:19.000000000 +0200
@@ -2,12 +2,12 @@
.\" Title: pam_winbind
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\" Date: 03/31/2017
+.\" Date: 07/12/2017
.\" Manual: 8
.\" Source: Samba 4.5
.\" Language: English
.\"
-.TH "PAM_WINBIND" "8" "03/31/2017" "Samba 4\&.5" "8"
+.TH "PAM_WINBIND" "8" "07/12/2017" "Samba 4\&.5" "8"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -Nru samba-4.5.8+dfsg/docs/manpages/pam_winbind.conf.5 samba-4.5.12+dfsg/docs/manpages/pam_winbind.conf.5
--- samba-4.5.8+dfsg/docs/manpages/pam_winbind.conf.5 2017-03-31 08:29:44.000000000 +0200
+++ samba-4.5.12+dfsg/docs/manpages/pam_winbind.conf.5 2017-07-12 11:24:19.000000000 +0200
@@ -2,12 +2,12 @@
.\" Title: pam_winbind.conf
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\" Date: 03/31/2017
+.\" Date: 07/12/2017
.\" Manual: 5
.\" Source: Samba 4.5
.\" Language: English
.\"
-.TH "PAM_WINBIND\&.CONF" "5" "03/31/2017" "Samba 4\&.5" "5"
+.TH "PAM_WINBIND\&.CONF" "5" "07/12/2017" "Samba 4\&.5" "5"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -Nru samba-4.5.8+dfsg/docs/manpages/pdbedit.8 samba-4.5.12+dfsg/docs/manpages/pdbedit.8
--- samba-4.5.8+dfsg/docs/manpages/pdbedit.8 2017-03-31 08:29:44.000000000 +0200
+++ samba-4.5.12+dfsg/docs/manpages/pdbedit.8 2017-07-12 11:24:20.000000000 +0200
@@ -2,12 +2,12 @@
.\" Title: pdbedit
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\" Date: 03/31/2017
+.\" Date: 07/12/2017
.\" Manual: System Administration tools
.\" Source: Samba 4.5
.\" Language: English
.\"
-.TH "PDBEDIT" "8" "03/31/2017" "Samba 4\&.5" "System Administration tools"
+.TH "PDBEDIT" "8" "07/12/2017" "Samba 4\&.5" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
@@ -560,6 +560,58 @@
.RS 4
This option is currently not being used\&.
.RE
+.PP
+\-?|\-\-help
+.RS 4
+Print a summary of command line options\&.
+.RE
+.PP
+\-\-usage
+.RS 4
+Display brief usage message\&.
+.RE
+.PP
+\-d|\-\-debuglevel=level
+.RS 4
+\fIlevel\fR
+is an integer from 0 to 10\&. The default value if this parameter is not specified is 0\&.
+.sp
+The higher this value, the more detail will be logged to the log files about the activities of the server\&. At level 0, only critical errors and serious warnings will be logged\&. Level 1 is a reasonable level for day\-to\-day running \- it generates a small amount of information about operations carried out\&.
+.sp
+Levels above 1 will generate considerable amounts of log data, and should only be used when investigating a problem\&. Levels above 3 are designed for use only by developers and generate HUGE amounts of log data, most of which is extremely cryptic\&.
+.sp
+Note that specifying this parameter here will override the
+\m[blue]\fBlog level\fR\m[]
+parameter in the
+smb\&.conf
+file\&.
+.RE
+.PP
+\-V|\-\-version
+.RS 4
+Prints the program version number\&.
+.RE
+.PP
+\-s|\-\-configfile=<configuration file>
+.RS 4
+The file specified contains the configuration details required by the server\&. The information in this file includes server\-specific information such as what printcap file to use, as well as descriptions of all the services that the server is to provide\&. See
+smb\&.conf
+for more information\&. The default configuration file name is determined at compile time\&.
+.RE
+.PP
+\-l|\-\-log\-basename=logdirectory
+.RS 4
+Base directory name for log/debug files\&. The extension
+\fB"\&.progname"\fR
+will be appended (e\&.g\&. log\&.smbclient, log\&.smbd, etc\&.\&.\&.)\&. The log file is never removed by the client\&.
+.RE
+.PP
+\-\-option=<name>=<value>
+.RS 4
+Set the
+\fBsmb.conf\fR(5)
+option "<name>" to value "<value>" from the command line\&. This overrides compiled\-in defaults and options read from the configuration file\&.
+.RE
.SH "NOTES"
.PP
This command may be used only by root\&.
diff -Nru samba-4.5.8+dfsg/docs/manpages/profiles.1 samba-4.5.12+dfsg/docs/manpages/profiles.1
--- samba-4.5.8+dfsg/docs/manpages/profiles.1 2017-03-31 08:29:45.000000000 +0200
+++ samba-4.5.12+dfsg/docs/manpages/profiles.1 2017-07-12 11:24:20.000000000 +0200
@@ -2,12 +2,12 @@
.\" Title: profiles
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\" Date: 03/31/2017
+.\" Date: 07/12/2017
.\" Manual: User Commands
.\" Source: Samba 4.5
.\" Language: English
.\"
-.TH "PROFILES" "1" "03/31/2017" "Samba 4\&.5" "User Commands"
+.TH "PROFILES" "1" "07/12/2017" "Samba 4\&.5" "User Commands"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
@@ -58,6 +58,58 @@
file
by SID2\&.
.RE
+.PP
+\-d|\-\-debuglevel=level
+.RS 4
+\fIlevel\fR
+is an integer from 0 to 10\&. The default value if this parameter is not specified is 1\&.
+.sp
+The higher this value, the more detail will be logged to the log files about the activities of the server\&. At level 0, only critical errors and serious warnings will be logged\&. Level 1 is a reasonable level for day\-to\-day running \- it generates a small amount of information about operations carried out\&.
+.sp
+Levels above 1 will generate considerable amounts of log data, and should only be used when investigating a problem\&. Levels above 3 are designed for use only by developers and generate HUGE amounts of log data, most of which is extremely cryptic\&.
+.sp
+Note that specifying this parameter here will override the
+\m[blue]\fBlog level\fR\m[]
+parameter in the
+smb\&.conf
+file\&.
+.RE
+.PP
+\-V|\-\-version
+.RS 4
+Prints the program version number\&.
+.RE
+.PP
+\-s|\-\-configfile=<configuration file>
+.RS 4
+The file specified contains the configuration details required by the server\&. The information in this file includes server\-specific information such as what printcap file to use, as well as descriptions of all the services that the server is to provide\&. See
+smb\&.conf
+for more information\&. The default configuration file name is determined at compile time\&.
+.RE
+.PP
+\-l|\-\-log\-basename=logdirectory
+.RS 4
+Base directory name for log/debug files\&. The extension
+\fB"\&.progname"\fR
+will be appended (e\&.g\&. log\&.smbclient, log\&.smbd, etc\&.\&.\&.)\&. The log file is never removed by the client\&.
+.RE
+.PP
+\-\-option=<name>=<value>
+.RS 4
+Set the
+\fBsmb.conf\fR(5)
+option "<name>" to value "<value>" from the command line\&. This overrides compiled\-in defaults and options read from the configuration file\&.
+.RE
+.PP
+\-?|\-\-help
+.RS 4
+Print a summary of command line options\&.
+.RE
+.PP
+\-\-usage
+.RS 4
+Display brief usage message\&.
+.RE
.SH "VERSION"
.PP
This man page is correct for version 3 of the Samba suite\&.
diff -Nru samba-4.5.8+dfsg/docs/manpages/rpcclient.1 samba-4.5.12+dfsg/docs/manpages/rpcclient.1
--- samba-4.5.8+dfsg/docs/manpages/rpcclient.1 2017-03-31 08:29:45.000000000 +0200
+++ samba-4.5.12+dfsg/docs/manpages/rpcclient.1 2017-07-12 11:24:20.000000000 +0200
@@ -2,12 +2,12 @@
.\" Title: rpcclient
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\" Date: 03/31/2017
+.\" Date: 07/12/2017
.\" Manual: User Commands
.\" Source: Samba 4.5
.\" Language: English
.\"
-.TH "RPCCLIENT" "1" "03/31/2017" "Samba 4\&.5" "User Commands"
+.TH "RPCCLIENT" "1" "07/12/2017" "Samba 4\&.5" "User Commands"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
@@ -71,6 +71,170 @@
.RS 4
This number is the TCP port number that will be used when making connections to the server\&. The standard (well\-known) TCP port number for an SMB/CIFS server is 139, which is the default\&.
.RE
+.PP
+\-d|\-\-debuglevel=level
+.RS 4
+\fIlevel\fR
+is an integer from 0 to 10\&. The default value if this parameter is not specified is 0\&.
+.sp
+The higher this value, the more detail will be logged to the log files about the activities of the server\&. At level 0, only critical errors and serious warnings will be logged\&. Level 1 is a reasonable level for day\-to\-day running \- it generates a small amount of information about operations carried out\&.
+.sp
+Levels above 1 will generate considerable amounts of log data, and should only be used when investigating a problem\&. Levels above 3 are designed for use only by developers and generate HUGE amounts of log data, most of which is extremely cryptic\&.
+.sp
+Note that specifying this parameter here will override the
+\m[blue]\fBlog level\fR\m[]
+parameter in the
+smb\&.conf
+file\&.
+.RE
+.PP
+\-V|\-\-version
+.RS 4
+Prints the program version number\&.
+.RE
+.PP
+\-s|\-\-configfile=<configuration file>
+.RS 4
+The file specified contains the configuration details required by the server\&. The information in this file includes server\-specific information such as what printcap file to use, as well as descriptions of all the services that the server is to provide\&. See
+smb\&.conf
+for more information\&. The default configuration file name is determined at compile time\&.
+.RE
+.PP
+\-l|\-\-log\-basename=logdirectory
+.RS 4
+Base directory name for log/debug files\&. The extension
+\fB"\&.progname"\fR
+will be appended (e\&.g\&. log\&.smbclient, log\&.smbd, etc\&.\&.\&.)\&. The log file is never removed by the client\&.
+.RE
+.PP
+\-\-option=<name>=<value>
+.RS 4
+Set the
+\fBsmb.conf\fR(5)
+option "<name>" to value "<value>" from the command line\&. This overrides compiled\-in defaults and options read from the configuration file\&.
+.RE
+.PP
+\-N|\-\-no\-pass
+.RS 4
+If specified, this parameter suppresses the normal password prompt from the client to the user\&. This is useful when accessing a service that does not require a password\&.
+.sp
+Unless a password is specified on the command line or this parameter is specified, the client will request a password\&.
+.sp
+If a password is specified on the command line and this option is also defined the password on the command line will be silently ingnored and no password will be used\&.
+.RE
+.PP
+\-k|\-\-kerberos
+.RS 4
+Try to authenticate with kerberos\&. Only useful in an Active Directory environment\&.
+.RE
+.PP
+\-C|\-\-use\-ccache
+.RS 4
+Try to use the credentials cached by winbind\&.
+.RE
+.PP
+\-A|\-\-authentication\-file=filename
+.RS 4
+This option allows you to specify a file from which to read the username and password used in the connection\&. The format of the file is
+.sp
+.if n \{\
+.RS 4
+.\}
+.nf
+username = <value>
+password = <value>
+domain = <value>
+.fi
+.if n \{\
+.RE
+.\}
+.sp
+Make certain that the permissions on the file restrict access from unwanted users\&.
+.RE
+.PP
+\-U|\-\-user=username[%password]
+.RS 4
+Sets the SMB username or username and password\&.
+.sp
+If %password is not specified, the user will be prompted\&. The client will first check the
+\fBUSER\fR
+environment variable, then the
+\fBLOGNAME\fR
+variable and if either exists, the string is uppercased\&. If these environmental variables are not found, the username
+\fBGUEST\fR
+is used\&.
+.sp
+A third option is to use a credentials file which contains the plaintext of the username and password\&. This option is mainly provided for scripts where the admin does not wish to pass the credentials on the command line or via environment variables\&. If this method is used, make certain that the permissions on the file restrict access from unwanted users\&. See the
+\fI\-A\fR
+for more details\&.
+.sp
+Be cautious about including passwords in scripts\&. Also, on many systems the command line of a running process may be seen via the
+ps
+command\&. To be safe always allow
+rpcclient
+to prompt for a password and type it in directly\&.
+.RE
+.PP
+\-S|\-\-signing on|off|required
+.RS 4
+Set the client signing state\&.
+.RE
+.PP
+\-P|\-\-machine\-pass
+.RS 4
+Use stored machine account password\&.
+.RE
+.PP
+\-e|\-\-encrypt
+.RS 4
+This command line parameter requires the remote server support the UNIX extensions or that the SMB3 protocol has been selected\&. Requests that the connection be encrypted\&. Negotiates SMB encryption using either SMB3 or POSIX extensions via GSSAPI\&. Uses the given credentials for the encryption negotiation (either kerberos or NTLMv1/v2 if given domain/username/password triple\&. Fails the connection if encryption cannot be negotiated\&.
+.RE
+.PP
+\-\-pw\-nt\-hash
+.RS 4
+The supplied password is the NT hash\&.
+.RE
+.PP
+\-n|\-\-netbiosname <primary NetBIOS name>
+.RS 4
+This option allows you to override the NetBIOS name that Samba uses for itself\&. This is identical to setting the
+\m[blue]\fBnetbios name\fR\m[]
+parameter in the
+smb\&.conf
+file\&. However, a command line setting will take precedence over settings in
+smb\&.conf\&.
+.RE
+.PP
+\-i|\-\-scope <scope>
+.RS 4
+This specifies a NetBIOS scope that
+nmblookup
+will use to communicate with when generating NetBIOS names\&. For details on the use of NetBIOS scopes, see rfc1001\&.txt and rfc1002\&.txt\&. NetBIOS scopes are
+\fIvery\fR
+rarely used, only set this parameter if you are the system administrator in charge of all the NetBIOS systems you communicate with\&.
+.RE
+.PP
+\-W|\-\-workgroup=domain
+.RS 4
+Set the SMB domain of the username\&. This overrides the default domain which is the domain defined in smb\&.conf\&. If the domain specified is the same as the servers NetBIOS name, it causes the client to log on using the servers local SAM (as opposed to the Domain SAM)\&.
+.RE
+.PP
+\-O|\-\-socket\-options socket options
+.RS 4
+TCP socket options to set on the client socket\&. See the socket options parameter in the
+smb\&.conf
+manual page for the list of valid options\&.
+.RE
+.PP
+\-?|\-\-help
+.RS 4
+Print a summary of command line options\&.
+.RE
+.PP
+\-\-usage
+.RS 4
+Display brief usage message\&.
+.RE
.SH "COMMANDS"
.SS "LSARPC"
.PP
diff -Nru samba-4.5.8+dfsg/docs/manpages/samba.7 samba-4.5.12+dfsg/docs/manpages/samba.7
--- samba-4.5.8+dfsg/docs/manpages/samba.7 2017-03-31 08:29:46.000000000 +0200
+++ samba-4.5.12+dfsg/docs/manpages/samba.7 2017-07-12 11:24:21.000000000 +0200
@@ -2,12 +2,12 @@
.\" Title: samba
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\" Date: 03/31/2017
+.\" Date: 07/12/2017
.\" Manual: Miscellanea
.\" Source: Samba 4.5
.\" Language: English
.\"
-.TH "SAMBA" "7" "03/31/2017" "Samba 4\&.5" "Miscellanea"
+.TH "SAMBA" "7" "07/12/2017" "Samba 4\&.5" "Miscellanea"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -Nru samba-4.5.8+dfsg/docs/manpages/samba.8 samba-4.5.12+dfsg/docs/manpages/samba.8
--- samba-4.5.8+dfsg/docs/manpages/samba.8 2017-03-31 08:29:46.000000000 +0200
+++ samba-4.5.12+dfsg/docs/manpages/samba.8 2017-07-12 11:24:21.000000000 +0200
@@ -2,12 +2,12 @@
.\" Title: samba
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\" Date: 03/31/2017
+.\" Date: 07/12/2017
.\" Manual: System Administration tools
.\" Source: Samba 4.5
.\" Language: English
.\"
-.TH "SAMBA" "8" "03/31/2017" "Samba 4\&.5" "System Administration tools"
+.TH "SAMBA" "8" "07/12/2017" "Samba 4\&.5" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
@@ -109,6 +109,58 @@
.RS 4
Enable full talloc leak reporting on exit\&.
.RE
+.PP
+\-d|\-\-debuglevel=level
+.RS 4
+\fIlevel\fR
+is an integer from 0 to 10\&. The default value if this parameter is not specified is 0\&.
+.sp
+The higher this value, the more detail will be logged to the log files about the activities of the server\&. At level 0, only critical errors and serious warnings will be logged\&. Level 1 is a reasonable level for day\-to\-day running \- it generates a small amount of information about operations carried out\&.
+.sp
+Levels above 1 will generate considerable amounts of log data, and should only be used when investigating a problem\&. Levels above 3 are designed for use only by developers and generate HUGE amounts of log data, most of which is extremely cryptic\&.
+.sp
+Note that specifying this parameter here will override the
+\m[blue]\fBlog level\fR\m[]
+parameter in the
+smb\&.conf
+file\&.
+.RE
+.PP
+\-V|\-\-version
+.RS 4
+Prints the program version number\&.
+.RE
+.PP
+\-s|\-\-configfile=<configuration file>
+.RS 4
+The file specified contains the configuration details required by the server\&. The information in this file includes server\-specific information such as what printcap file to use, as well as descriptions of all the services that the server is to provide\&. See
+smb\&.conf
+for more information\&. The default configuration file name is determined at compile time\&.
+.RE
+.PP
+\-l|\-\-log\-basename=logdirectory
+.RS 4
+Base directory name for log/debug files\&. The extension
+\fB"\&.progname"\fR
+will be appended (e\&.g\&. log\&.smbclient, log\&.smbd, etc\&.\&.\&.)\&. The log file is never removed by the client\&.
+.RE
+.PP
+\-\-option=<name>=<value>
+.RS 4
+Set the
+\fBsmb.conf\fR(5)
+option "<name>" to value "<value>" from the command line\&. This overrides compiled\-in defaults and options read from the configuration file\&.
+.RE
+.PP
+\-?|\-\-help
+.RS 4
+Print a summary of command line options\&.
+.RE
+.PP
+\-\-usage
+.RS 4
+Display brief usage message\&.
+.RE
.SH "FILES"
.PP
/etc/rc
diff -Nru samba-4.5.8+dfsg/docs/manpages/samba-regedit.8 samba-4.5.12+dfsg/docs/manpages/samba-regedit.8
--- samba-4.5.8+dfsg/docs/manpages/samba-regedit.8 2017-03-31 08:29:45.000000000 +0200
+++ samba-4.5.12+dfsg/docs/manpages/samba-regedit.8 2017-07-12 11:24:20.000000000 +0200
@@ -2,12 +2,12 @@
.\" Title: samba-regedit
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\" Date: 03/31/2017
+.\" Date: 07/12/2017
.\" Manual: System Administration tools
.\" Source: Samba 4.5
.\" Language: English
.\"
-.TH "SAMBA\-REGEDIT" "8" "03/31/2017" "Samba 4\&.5" "System Administration tools"
+.TH "SAMBA\-REGEDIT" "8" "07/12/2017" "Samba 4\&.5" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
@@ -42,10 +42,169 @@
is a ncurses based tool to manage the Samba registry\&. It can be used to show/edit registry keys/subkeys and their values\&.
.SH "OPTIONS"
.PP
+\-?|\-\-help
+.RS 4
+Print a summary of command line options\&.
+.RE
+.PP
+\-d|\-\-debuglevel=level
+.RS 4
+\fIlevel\fR
+is an integer from 0 to 10\&. The default value if this parameter is not specified is 1\&.
+.sp
+The higher this value, the more detail will be logged to the log files about the activities of the server\&. At level 0, only critical errors and serious warnings will be logged\&. Level 1 is a reasonable level for day\-to\-day running \- it generates a small amount of information about operations carried out\&.
+.sp
+Levels above 1 will generate considerable amounts of log data, and should only be used when investigating a problem\&. Levels above 3 are designed for use only by developers and generate HUGE amounts of log data, most of which is extremely cryptic\&.
+.sp
+Note that specifying this parameter here will override the
+\m[blue]\fBlog level\fR\m[]
+parameter in the
+smb\&.conf
+file\&.
+.RE
+.PP
\-\-usage
.RS 4
Display brief usage message\&.
.RE
+.PP
+\-V|\-\-version
+.RS 4
+Prints the program version number\&.
+.RE
+.PP
+\-s|\-\-configfile=<configuration file>
+.RS 4
+The file specified contains the configuration details required by the server\&. The information in this file includes server\-specific information such as what printcap file to use, as well as descriptions of all the services that the server is to provide\&. See
+smb\&.conf
+for more information\&. The default configuration file name is determined at compile time\&.
+.RE
+.PP
+\-l|\-\-log\-basename=logdirectory
+.RS 4
+Base directory name for log/debug files\&. The extension
+\fB"\&.progname"\fR
+will be appended (e\&.g\&. log\&.smbclient, log\&.smbd, etc\&.\&.\&.)\&. The log file is never removed by the client\&.
+.RE
+.PP
+\-\-option=<name>=<value>
+.RS 4
+Set the
+\fBsmb.conf\fR(5)
+option "<name>" to value "<value>" from the command line\&. This overrides compiled\-in defaults and options read from the configuration file\&.
+.RE
+.PP
+\-n|\-\-netbiosname <primary NetBIOS name>
+.RS 4
+This option allows you to override the NetBIOS name that Samba uses for itself\&. This is identical to setting the
+\m[blue]\fBnetbios name\fR\m[]
+parameter in the
+smb\&.conf
+file\&. However, a command line setting will take precedence over settings in
+smb\&.conf\&.
+.RE
+.PP
+\-i|\-\-scope <scope>
+.RS 4
+This specifies a NetBIOS scope that
+nmblookup
+will use to communicate with when generating NetBIOS names\&. For details on the use of NetBIOS scopes, see rfc1001\&.txt and rfc1002\&.txt\&. NetBIOS scopes are
+\fIvery\fR
+rarely used, only set this parameter if you are the system administrator in charge of all the NetBIOS systems you communicate with\&.
+.RE
+.PP
+\-W|\-\-workgroup=domain
+.RS 4
+Set the SMB domain of the username\&. This overrides the default domain which is the domain defined in smb\&.conf\&. If the domain specified is the same as the servers NetBIOS name, it causes the client to log on using the servers local SAM (as opposed to the Domain SAM)\&.
+.RE
+.PP
+\-O|\-\-socket\-options socket options
+.RS 4
+TCP socket options to set on the client socket\&. See the socket options parameter in the
+smb\&.conf
+manual page for the list of valid options\&.
+.RE
+.PP
+\-N|\-\-no\-pass
+.RS 4
+If specified, this parameter suppresses the normal password prompt from the client to the user\&. This is useful when accessing a service that does not require a password\&.
+.sp
+Unless a password is specified on the command line or this parameter is specified, the client will request a password\&.
+.sp
+If a password is specified on the command line and this option is also defined the password on the command line will be silently ingnored and no password will be used\&.
+.RE
+.PP
+\-k|\-\-kerberos
+.RS 4
+Try to authenticate with kerberos\&. Only useful in an Active Directory environment\&.
+.RE
+.PP
+\-C|\-\-use\-ccache
+.RS 4
+Try to use the credentials cached by winbind\&.
+.RE
+.PP
+\-A|\-\-authentication\-file=filename
+.RS 4
+This option allows you to specify a file from which to read the username and password used in the connection\&. The format of the file is
+.sp
+.if n \{\
+.RS 4
+.\}
+.nf
+username = <value>
+password = <value>
+domain = <value>
+.fi
+.if n \{\
+.RE
+.\}
+.sp
+Make certain that the permissions on the file restrict access from unwanted users\&.
+.RE
+.PP
+\-U|\-\-user=username[%password]
+.RS 4
+Sets the SMB username or username and password\&.
+.sp
+If %password is not specified, the user will be prompted\&. The client will first check the
+\fBUSER\fR
+environment variable, then the
+\fBLOGNAME\fR
+variable and if either exists, the string is uppercased\&. If these environmental variables are not found, the username
+\fBGUEST\fR
+is used\&.
+.sp
+A third option is to use a credentials file which contains the plaintext of the username and password\&. This option is mainly provided for scripts where the admin does not wish to pass the credentials on the command line or via environment variables\&. If this method is used, make certain that the permissions on the file restrict access from unwanted users\&. See the
+\fI\-A\fR
+for more details\&.
+.sp
+Be cautious about including passwords in scripts\&. Also, on many systems the command line of a running process may be seen via the
+ps
+command\&. To be safe always allow
+rpcclient
+to prompt for a password and type it in directly\&.
+.RE
+.PP
+\-S|\-\-signing on|off|required
+.RS 4
+Set the client signing state\&.
+.RE
+.PP
+\-P|\-\-machine\-pass
+.RS 4
+Use stored machine account password\&.
+.RE
+.PP
+\-e|\-\-encrypt
+.RS 4
+This command line parameter requires the remote server support the UNIX extensions or that the SMB3 protocol has been selected\&. Requests that the connection be encrypted\&. Negotiates SMB encryption using either SMB3 or POSIX extensions via GSSAPI\&. Uses the given credentials for the encryption negotiation (either kerberos or NTLMv1/v2 if given domain/username/password triple\&. Fails the connection if encryption cannot be negotiated\&.
+.RE
+.PP
+\-\-pw\-nt\-hash
+.RS 4
+The supplied password is the NT hash\&.
+.RE
.SH "VERSION"
.PP
This man page is correct for version 4 of the Samba suite\&.
diff -Nru samba-4.5.8+dfsg/docs/manpages/samba-tool.8 samba-4.5.12+dfsg/docs/manpages/samba-tool.8
--- samba-4.5.8+dfsg/docs/manpages/samba-tool.8 2017-03-31 08:29:45.000000000 +0200
+++ samba-4.5.12+dfsg/docs/manpages/samba-tool.8 2017-07-12 11:24:21.000000000 +0200
@@ -2,12 +2,12 @@
.\" Title: samba-tool
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\" Date: 03/31/2017
+.\" Date: 07/12/2017
.\" Manual: System Administration tools
.\" Source: Samba 4.5
.\" Language: English
.\"
-.TH "SAMBA\-TOOL" "8" "03/31/2017" "Samba 4\&.5" "System Administration tools"
+.TH "SAMBA\-TOOL" "8" "07/12/2017" "Samba 4\&.5" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
@@ -83,6 +83,48 @@
.RS 4
IP address of the server
.RE
+.PP
+\-d|\-\-debuglevel=level
+.RS 4
+\fIlevel\fR
+is an integer from 0 to 10\&. The default value if this parameter is not specified is 1\&.
+.sp
+The higher this value, the more detail will be logged to the log files about the activities of the server\&. At level 0, only critical errors and serious warnings will be logged\&. Level 1 is a reasonable level for day\-to\-day running \- it generates a small amount of information about operations carried out\&.
+.sp
+Levels above 1 will generate considerable amounts of log data, and should only be used when investigating a problem\&. Levels above 3 are designed for use only by developers and generate HUGE amounts of log data, most of which is extremely cryptic\&.
+.sp
+Note that specifying this parameter here will override the
+\m[blue]\fBlog level\fR\m[]
+parameter in the
+smb\&.conf
+file\&.
+.RE
+.PP
+\-V|\-\-version
+.RS 4
+Prints the program version number\&.
+.RE
+.PP
+\-s|\-\-configfile=<configuration file>
+.RS 4
+The file specified contains the configuration details required by the server\&. The information in this file includes server\-specific information such as what printcap file to use, as well as descriptions of all the services that the server is to provide\&. See
+smb\&.conf
+for more information\&. The default configuration file name is determined at compile time\&.
+.RE
+.PP
+\-l|\-\-log\-basename=logdirectory
+.RS 4
+Base directory name for log/debug files\&. The extension
+\fB"\&.progname"\fR
+will be appended (e\&.g\&. log\&.smbclient, log\&.smbd, etc\&.\&.\&.)\&. The log file is never removed by the client\&.
+.RE
+.PP
+\-\-option=<name>=<value>
+.RS 4
+Set the
+\fBsmb.conf\fR(5)
+option "<name>" to value "<value>" from the command line\&. This overrides compiled\-in defaults and options read from the configuration file\&.
+.RE
.SH "COMMANDS"
.SS "dbcheck"
.PP
diff -Nru samba-4.5.8+dfsg/docs/manpages/sharesec.1 samba-4.5.12+dfsg/docs/manpages/sharesec.1
--- samba-4.5.8+dfsg/docs/manpages/sharesec.1 2017-03-31 08:29:46.000000000 +0200
+++ samba-4.5.12+dfsg/docs/manpages/sharesec.1 2017-07-12 11:24:22.000000000 +0200
@@ -2,12 +2,12 @@
.\" Title: sharesec
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\" Date: 03/31/2017
+.\" Date: 07/12/2017
.\" Manual: User Commands
.\" Source: Samba 4.5
.\" Language: English
.\"
-.TH "SHARESEC" "1" "03/31/2017" "Samba 4\&.5" "User Commands"
+.TH "SHARESEC" "1" "07/12/2017" "Samba 4\&.5" "User Commands"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
@@ -101,6 +101,53 @@
.RS 4
List a share acl in SDDL format\&.
.RE
+.PP
+\-?|\-\-help
+.RS 4
+Print a summary of command line options\&.
+.RE
+.PP
+\-d|\-\-debuglevel=level
+.RS 4
+\fIlevel\fR
+is an integer from 0 to 10\&. The default value if this parameter is not specified is 0\&.
+.sp
+The higher this value, the more detail will be logged to the log files about the activities of the server\&. At level 0, only critical errors and serious warnings will be logged\&. Level 1 is a reasonable level for day\-to\-day running \- it generates a small amount of information about operations carried out\&.
+.sp
+Levels above 1 will generate considerable amounts of log data, and should only be used when investigating a problem\&. Levels above 3 are designed for use only by developers and generate HUGE amounts of log data, most of which is extremely cryptic\&.
+.sp
+Note that specifying this parameter here will override the
+\m[blue]\fBlog level\fR\m[]
+parameter in the
+smb\&.conf
+file\&.
+.RE
+.PP
+\-V|\-\-version
+.RS 4
+Prints the program version number\&.
+.RE
+.PP
+\-s|\-\-configfile=<configuration file>
+.RS 4
+The file specified contains the configuration details required by the server\&. The information in this file includes server\-specific information such as what printcap file to use, as well as descriptions of all the services that the server is to provide\&. See
+smb\&.conf
+for more information\&. The default configuration file name is determined at compile time\&.
+.RE
+.PP
+\-l|\-\-log\-basename=logdirectory
+.RS 4
+Base directory name for log/debug files\&. The extension
+\fB"\&.progname"\fR
+will be appended (e\&.g\&. log\&.smbclient, log\&.smbd, etc\&.\&.\&.)\&. The log file is never removed by the client\&.
+.RE
+.PP
+\-\-option=<name>=<value>
+.RS 4
+Set the
+\fBsmb.conf\fR(5)
+option "<name>" to value "<value>" from the command line\&. This overrides compiled\-in defaults and options read from the configuration file\&.
+.RE
.SH "ACL FORMAT"
.PP
The format of an ACL is one or more ACL entries separated by either commas or newlines\&. An ACL entry is one of the following:
diff -Nru samba-4.5.8+dfsg/docs/manpages/smbcacls.1 samba-4.5.12+dfsg/docs/manpages/smbcacls.1
--- samba-4.5.8+dfsg/docs/manpages/smbcacls.1 2017-03-31 08:29:50.000000000 +0200
+++ samba-4.5.12+dfsg/docs/manpages/smbcacls.1 2017-07-12 11:24:25.000000000 +0200
@@ -2,12 +2,12 @@
.\" Title: smbcacls
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\" Date: 03/31/2017
+.\" Date: 07/12/2017
.\" Manual: User Commands
.\" Source: Samba 4.5
.\" Language: English
.\"
-.TH "SMBCACLS" "1" "03/31/2017" "Samba 4\&.5" "User Commands"
+.TH "SMBCACLS" "1" "07/12/2017" "Samba 4\&.5" "User Commands"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
@@ -126,6 +126,170 @@
.RS 4
SID used for sddl processing\&.
.RE
+.PP
+\-d|\-\-debuglevel=level
+.RS 4
+\fIlevel\fR
+is an integer from 0 to 10\&. The default value if this parameter is not specified is 0\&.
+.sp
+The higher this value, the more detail will be logged to the log files about the activities of the server\&. At level 0, only critical errors and serious warnings will be logged\&. Level 1 is a reasonable level for day\-to\-day running \- it generates a small amount of information about operations carried out\&.
+.sp
+Levels above 1 will generate considerable amounts of log data, and should only be used when investigating a problem\&. Levels above 3 are designed for use only by developers and generate HUGE amounts of log data, most of which is extremely cryptic\&.
+.sp
+Note that specifying this parameter here will override the
+\m[blue]\fBlog level\fR\m[]
+parameter in the
+smb\&.conf
+file\&.
+.RE
+.PP
+\-V|\-\-version
+.RS 4
+Prints the program version number\&.
+.RE
+.PP
+\-s|\-\-configfile=<configuration file>
+.RS 4
+The file specified contains the configuration details required by the server\&. The information in this file includes server\-specific information such as what printcap file to use, as well as descriptions of all the services that the server is to provide\&. See
+smb\&.conf
+for more information\&. The default configuration file name is determined at compile time\&.
+.RE
+.PP
+\-l|\-\-log\-basename=logdirectory
+.RS 4
+Base directory name for log/debug files\&. The extension
+\fB"\&.progname"\fR
+will be appended (e\&.g\&. log\&.smbclient, log\&.smbd, etc\&.\&.\&.)\&. The log file is never removed by the client\&.
+.RE
+.PP
+\-\-option=<name>=<value>
+.RS 4
+Set the
+\fBsmb.conf\fR(5)
+option "<name>" to value "<value>" from the command line\&. This overrides compiled\-in defaults and options read from the configuration file\&.
+.RE
+.PP
+\-N|\-\-no\-pass
+.RS 4
+If specified, this parameter suppresses the normal password prompt from the client to the user\&. This is useful when accessing a service that does not require a password\&.
+.sp
+Unless a password is specified on the command line or this parameter is specified, the client will request a password\&.
+.sp
+If a password is specified on the command line and this option is also defined the password on the command line will be silently ingnored and no password will be used\&.
+.RE
+.PP
+\-k|\-\-kerberos
+.RS 4
+Try to authenticate with kerberos\&. Only useful in an Active Directory environment\&.
+.RE
+.PP
+\-C|\-\-use\-ccache
+.RS 4
+Try to use the credentials cached by winbind\&.
+.RE
+.PP
+\-A|\-\-authentication\-file=filename
+.RS 4
+This option allows you to specify a file from which to read the username and password used in the connection\&. The format of the file is
+.sp
+.if n \{\
+.RS 4
+.\}
+.nf
+username = <value>
+password = <value>
+domain = <value>
+.fi
+.if n \{\
+.RE
+.\}
+.sp
+Make certain that the permissions on the file restrict access from unwanted users\&.
+.RE
+.PP
+\-U|\-\-user=username[%password]
+.RS 4
+Sets the SMB username or username and password\&.
+.sp
+If %password is not specified, the user will be prompted\&. The client will first check the
+\fBUSER\fR
+environment variable, then the
+\fBLOGNAME\fR
+variable and if either exists, the string is uppercased\&. If these environmental variables are not found, the username
+\fBGUEST\fR
+is used\&.
+.sp
+A third option is to use a credentials file which contains the plaintext of the username and password\&. This option is mainly provided for scripts where the admin does not wish to pass the credentials on the command line or via environment variables\&. If this method is used, make certain that the permissions on the file restrict access from unwanted users\&. See the
+\fI\-A\fR
+for more details\&.
+.sp
+Be cautious about including passwords in scripts\&. Also, on many systems the command line of a running process may be seen via the
+ps
+command\&. To be safe always allow
+rpcclient
+to prompt for a password and type it in directly\&.
+.RE
+.PP
+\-S|\-\-signing on|off|required
+.RS 4
+Set the client signing state\&.
+.RE
+.PP
+\-P|\-\-machine\-pass
+.RS 4
+Use stored machine account password\&.
+.RE
+.PP
+\-e|\-\-encrypt
+.RS 4
+This command line parameter requires the remote server support the UNIX extensions or that the SMB3 protocol has been selected\&. Requests that the connection be encrypted\&. Negotiates SMB encryption using either SMB3 or POSIX extensions via GSSAPI\&. Uses the given credentials for the encryption negotiation (either kerberos or NTLMv1/v2 if given domain/username/password triple\&. Fails the connection if encryption cannot be negotiated\&.
+.RE
+.PP
+\-\-pw\-nt\-hash
+.RS 4
+The supplied password is the NT hash\&.
+.RE
+.PP
+\-n|\-\-netbiosname <primary NetBIOS name>
+.RS 4
+This option allows you to override the NetBIOS name that Samba uses for itself\&. This is identical to setting the
+\m[blue]\fBnetbios name\fR\m[]
+parameter in the
+smb\&.conf
+file\&. However, a command line setting will take precedence over settings in
+smb\&.conf\&.
+.RE
+.PP
+\-i|\-\-scope <scope>
+.RS 4
+This specifies a NetBIOS scope that
+nmblookup
+will use to communicate with when generating NetBIOS names\&. For details on the use of NetBIOS scopes, see rfc1001\&.txt and rfc1002\&.txt\&. NetBIOS scopes are
+\fIvery\fR
+rarely used, only set this parameter if you are the system administrator in charge of all the NetBIOS systems you communicate with\&.
+.RE
+.PP
+\-W|\-\-workgroup=domain
+.RS 4
+Set the SMB domain of the username\&. This overrides the default domain which is the domain defined in smb\&.conf\&. If the domain specified is the same as the servers NetBIOS name, it causes the client to log on using the servers local SAM (as opposed to the Domain SAM)\&.
+.RE
+.PP
+\-O|\-\-socket\-options socket options
+.RS 4
+TCP socket options to set on the client socket\&. See the socket options parameter in the
+smb\&.conf
+manual page for the list of valid options\&.
+.RE
+.PP
+\-?|\-\-help
+.RS 4
+Print a summary of command line options\&.
+.RE
+.PP
+\-\-usage
+.RS 4
+Display brief usage message\&.
+.RE
.SH "ACL FORMAT"
.PP
The format of an ACL is one or more entries separated by either commas or newlines\&. An ACL entry is one of the following:
diff -Nru samba-4.5.8+dfsg/docs/manpages/smbclient.1 samba-4.5.12+dfsg/docs/manpages/smbclient.1
--- samba-4.5.8+dfsg/docs/manpages/smbclient.1 2017-03-31 08:29:50.000000000 +0200
+++ samba-4.5.12+dfsg/docs/manpages/smbclient.1 2017-07-12 11:24:26.000000000 +0200
@@ -2,12 +2,12 @@
.\" Title: smbclient
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\" Date: 03/31/2017
+.\" Date: 07/12/2017
.\" Manual: User Commands
.\" Source: Samba 4.5
.\" Language: English
.\"
-.TH "SMBCLIENT" "1" "03/31/2017" "Samba 4\&.5" "User Commands"
+.TH "SMBCLIENT" "1" "07/12/2017" "Samba 4\&.5" "User Commands"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
@@ -245,6 +245,170 @@
Browse SMB servers using DNS\&.
.RE
.PP
+\-d|\-\-debuglevel=level
+.RS 4
+\fIlevel\fR
+is an integer from 0 to 10\&. The default value if this parameter is not specified is 1\&.
+.sp
+The higher this value, the more detail will be logged to the log files about the activities of the server\&. At level 0, only critical errors and serious warnings will be logged\&. Level 1 is a reasonable level for day\-to\-day running \- it generates a small amount of information about operations carried out\&.
+.sp
+Levels above 1 will generate considerable amounts of log data, and should only be used when investigating a problem\&. Levels above 3 are designed for use only by developers and generate HUGE amounts of log data, most of which is extremely cryptic\&.
+.sp
+Note that specifying this parameter here will override the
+\m[blue]\fBlog level\fR\m[]
+parameter in the
+smb\&.conf
+file\&.
+.RE
+.PP
+\-V|\-\-version
+.RS 4
+Prints the program version number\&.
+.RE
+.PP
+\-s|\-\-configfile=<configuration file>
+.RS 4
+The file specified contains the configuration details required by the server\&. The information in this file includes server\-specific information such as what printcap file to use, as well as descriptions of all the services that the server is to provide\&. See
+smb\&.conf
+for more information\&. The default configuration file name is determined at compile time\&.
+.RE
+.PP
+\-l|\-\-log\-basename=logdirectory
+.RS 4
+Base directory name for log/debug files\&. The extension
+\fB"\&.progname"\fR
+will be appended (e\&.g\&. log\&.smbclient, log\&.smbd, etc\&.\&.\&.)\&. The log file is never removed by the client\&.
+.RE
+.PP
+\-\-option=<name>=<value>
+.RS 4
+Set the
+\fBsmb.conf\fR(5)
+option "<name>" to value "<value>" from the command line\&. This overrides compiled\-in defaults and options read from the configuration file\&.
+.RE
+.PP
+\-N|\-\-no\-pass
+.RS 4
+If specified, this parameter suppresses the normal password prompt from the client to the user\&. This is useful when accessing a service that does not require a password\&.
+.sp
+Unless a password is specified on the command line or this parameter is specified, the client will request a password\&.
+.sp
+If a password is specified on the command line and this option is also defined the password on the command line will be silently ingnored and no password will be used\&.
+.RE
+.PP
+\-k|\-\-kerberos
+.RS 4
+Try to authenticate with kerberos\&. Only useful in an Active Directory environment\&.
+.RE
+.PP
+\-C|\-\-use\-ccache
+.RS 4
+Try to use the credentials cached by winbind\&.
+.RE
+.PP
+\-A|\-\-authentication\-file=filename
+.RS 4
+This option allows you to specify a file from which to read the username and password used in the connection\&. The format of the file is
+.sp
+.if n \{\
+.RS 4
+.\}
+.nf
+username = <value>
+password = <value>
+domain = <value>
+.fi
+.if n \{\
+.RE
+.\}
+.sp
+Make certain that the permissions on the file restrict access from unwanted users\&.
+.RE
+.PP
+\-U|\-\-user=username[%password]
+.RS 4
+Sets the SMB username or username and password\&.
+.sp
+If %password is not specified, the user will be prompted\&. The client will first check the
+\fBUSER\fR
+environment variable, then the
+\fBLOGNAME\fR
+variable and if either exists, the string is uppercased\&. If these environmental variables are not found, the username
+\fBGUEST\fR
+is used\&.
+.sp
+A third option is to use a credentials file which contains the plaintext of the username and password\&. This option is mainly provided for scripts where the admin does not wish to pass the credentials on the command line or via environment variables\&. If this method is used, make certain that the permissions on the file restrict access from unwanted users\&. See the
+\fI\-A\fR
+for more details\&.
+.sp
+Be cautious about including passwords in scripts\&. Also, on many systems the command line of a running process may be seen via the
+ps
+command\&. To be safe always allow
+rpcclient
+to prompt for a password and type it in directly\&.
+.RE
+.PP
+\-S|\-\-signing on|off|required
+.RS 4
+Set the client signing state\&.
+.RE
+.PP
+\-P|\-\-machine\-pass
+.RS 4
+Use stored machine account password\&.
+.RE
+.PP
+\-e|\-\-encrypt
+.RS 4
+This command line parameter requires the remote server support the UNIX extensions or that the SMB3 protocol has been selected\&. Requests that the connection be encrypted\&. Negotiates SMB encryption using either SMB3 or POSIX extensions via GSSAPI\&. Uses the given credentials for the encryption negotiation (either kerberos or NTLMv1/v2 if given domain/username/password triple\&. Fails the connection if encryption cannot be negotiated\&.
+.RE
+.PP
+\-\-pw\-nt\-hash
+.RS 4
+The supplied password is the NT hash\&.
+.RE
+.PP
+\-n|\-\-netbiosname <primary NetBIOS name>
+.RS 4
+This option allows you to override the NetBIOS name that Samba uses for itself\&. This is identical to setting the
+\m[blue]\fBnetbios name\fR\m[]
+parameter in the
+smb\&.conf
+file\&. However, a command line setting will take precedence over settings in
+smb\&.conf\&.
+.RE
+.PP
+\-i|\-\-scope <scope>
+.RS 4
+This specifies a NetBIOS scope that
+nmblookup
+will use to communicate with when generating NetBIOS names\&. For details on the use of NetBIOS scopes, see rfc1001\&.txt and rfc1002\&.txt\&. NetBIOS scopes are
+\fIvery\fR
+rarely used, only set this parameter if you are the system administrator in charge of all the NetBIOS systems you communicate with\&.
+.RE
+.PP
+\-W|\-\-workgroup=domain
+.RS 4
+Set the SMB domain of the username\&. This overrides the default domain which is the domain defined in smb\&.conf\&. If the domain specified is the same as the servers NetBIOS name, it causes the client to log on using the servers local SAM (as opposed to the Domain SAM)\&.
+.RE
+.PP
+\-O|\-\-socket\-options socket options
+.RS 4
+TCP socket options to set on the client socket\&. See the socket options parameter in the
+smb\&.conf
+manual page for the list of valid options\&.
+.RE
+.PP
+\-?|\-\-help
+.RS 4
+Print a summary of command line options\&.
+.RE
+.PP
+\-\-usage
+.RS 4
+Display brief usage message\&.
+.RE
+.PP
\-t|\-\-timeout <timeout\-seconds>
.RS 4
This allows the user to tune the default timeout used for each SMB request\&. The default setting is 20 seconds\&. Increase it if requests to the server sometimes time out\&. This can happen when SMB3 encryption is selected and smbclient is overwhelming the server with requests\&. This can also be set using the
diff -Nru samba-4.5.8+dfsg/docs/manpages/smb.conf.5 samba-4.5.12+dfsg/docs/manpages/smb.conf.5
--- samba-4.5.8+dfsg/docs/manpages/smb.conf.5 2017-03-31 08:29:49.000000000 +0200
+++ samba-4.5.12+dfsg/docs/manpages/smb.conf.5 2017-07-12 11:24:25.000000000 +0200
@@ -2,12 +2,12 @@
.\" Title: smb.conf
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\" Date: 03/31/2017
+.\" Date: 07/12/2017
.\" Manual: File Formats and Conventions
.\" Source: Samba 4.5
.\" Language: English
.\"
-.TH "SMB\&.CONF" "5" "03/31/2017" "Samba 4\&.5" "File Formats and Conventions"
+.TH "SMB\&.CONF" "5" "07/12/2017" "Samba 4\&.5" "File Formats and Conventions"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -Nru samba-4.5.8+dfsg/docs/manpages/smbcontrol.1 samba-4.5.12+dfsg/docs/manpages/smbcontrol.1
--- samba-4.5.8+dfsg/docs/manpages/smbcontrol.1 2017-03-31 08:29:50.000000000 +0200
+++ samba-4.5.12+dfsg/docs/manpages/smbcontrol.1 2017-07-12 11:24:26.000000000 +0200
@@ -2,12 +2,12 @@
.\" Title: smbcontrol
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\" Date: 03/31/2017
+.\" Date: 07/12/2017
.\" Manual: User Commands
.\" Source: Samba 4.5
.\" Language: English
.\"
-.TH "SMBCONTROL" "1" "03/31/2017" "Samba 4\&.5" "User Commands"
+.TH "SMBCONTROL" "1" "07/12/2017" "Samba 4\&.5" "User Commands"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
@@ -48,6 +48,65 @@
daemon running on the system\&.
.SH "OPTIONS"
.PP
+\-?|\-\-help
+.RS 4
+Print a summary of command line options\&.
+.RE
+.PP
+\-\-usage
+.RS 4
+Display brief usage message\&.
+.RE
+.PP
+\-s|\-\-configfile=<configuration file>
+.RS 4
+The file specified contains the configuration details required by the server\&. The information in this file includes server\-specific information such as what printcap file to use, as well as descriptions of all the services that the server is to provide\&. See
+smb\&.conf
+for more information\&. The default configuration file name is determined at compile time\&.
+.RE
+.PP
+\-d|\-\-debuglevel=level
+.RS 4
+\fIlevel\fR
+is an integer from 0 to 10\&. The default value if this parameter is not specified is 1\&.
+.sp
+The higher this value, the more detail will be logged to the log files about the activities of the server\&. At level 0, only critical errors and serious warnings will be logged\&. Level 1 is a reasonable level for day\-to\-day running \- it generates a small amount of information about operations carried out\&.
+.sp
+Levels above 1 will generate considerable amounts of log data, and should only be used when investigating a problem\&. Levels above 3 are designed for use only by developers and generate HUGE amounts of log data, most of which is extremely cryptic\&.
+.sp
+Note that specifying this parameter here will override the
+\m[blue]\fBlog level\fR\m[]
+parameter in the
+smb\&.conf
+file\&.
+.RE
+.PP
+\-V|\-\-version
+.RS 4
+Prints the program version number\&.
+.RE
+.PP
+\-s|\-\-configfile=<configuration file>
+.RS 4
+The file specified contains the configuration details required by the server\&. The information in this file includes server\-specific information such as what printcap file to use, as well as descriptions of all the services that the server is to provide\&. See
+smb\&.conf
+for more information\&. The default configuration file name is determined at compile time\&.
+.RE
+.PP
+\-l|\-\-log\-basename=logdirectory
+.RS 4
+Base directory name for log/debug files\&. The extension
+\fB"\&.progname"\fR
+will be appended (e\&.g\&. log\&.smbclient, log\&.smbd, etc\&.\&.\&.)\&. The log file is never removed by the client\&.
+.RE
+.PP
+\-\-option=<name>=<value>
+.RS 4
+Set the
+\fBsmb.conf\fR(5)
+option "<name>" to value "<value>" from the command line\&. This overrides compiled\-in defaults and options read from the configuration file\&.
+.RE
+.PP
\-t|\-\-timeout
.RS 4
Set timeout to seconds\&.
diff -Nru samba-4.5.8+dfsg/docs/manpages/smbcquotas.1 samba-4.5.12+dfsg/docs/manpages/smbcquotas.1
--- samba-4.5.8+dfsg/docs/manpages/smbcquotas.1 2017-03-31 08:29:50.000000000 +0200
+++ samba-4.5.12+dfsg/docs/manpages/smbcquotas.1 2017-07-12 11:24:26.000000000 +0200
@@ -2,12 +2,12 @@
.\" Title: smbcquotas
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\" Date: 03/31/2017
+.\" Date: 07/12/2017
.\" Manual: User Commands
.\" Source: Samba 4.5
.\" Language: English
.\"
-.TH "SMBCQUOTAS" "1" "03/31/2017" "Samba 4\&.5" "User Commands"
+.TH "SMBCQUOTAS" "1" "07/12/2017" "Samba 4\&.5" "User Commands"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
@@ -81,6 +81,139 @@
.RS 4
Be verbose\&.
.RE
+.PP
+\-d|\-\-debuglevel=level
+.RS 4
+\fIlevel\fR
+is an integer from 0 to 10\&. The default value if this parameter is not specified is 0\&.
+.sp
+The higher this value, the more detail will be logged to the log files about the activities of the server\&. At level 0, only critical errors and serious warnings will be logged\&. Level 1 is a reasonable level for day\-to\-day running \- it generates a small amount of information about operations carried out\&.
+.sp
+Levels above 1 will generate considerable amounts of log data, and should only be used when investigating a problem\&. Levels above 3 are designed for use only by developers and generate HUGE amounts of log data, most of which is extremely cryptic\&.
+.sp
+Note that specifying this parameter here will override the
+\m[blue]\fBlog level\fR\m[]
+parameter in the
+smb\&.conf
+file\&.
+.RE
+.PP
+\-V|\-\-version
+.RS 4
+Prints the program version number\&.
+.RE
+.PP
+\-s|\-\-configfile=<configuration file>
+.RS 4
+The file specified contains the configuration details required by the server\&. The information in this file includes server\-specific information such as what printcap file to use, as well as descriptions of all the services that the server is to provide\&. See
+smb\&.conf
+for more information\&. The default configuration file name is determined at compile time\&.
+.RE
+.PP
+\-l|\-\-log\-basename=logdirectory
+.RS 4
+Base directory name for log/debug files\&. The extension
+\fB"\&.progname"\fR
+will be appended (e\&.g\&. log\&.smbclient, log\&.smbd, etc\&.\&.\&.)\&. The log file is never removed by the client\&.
+.RE
+.PP
+\-\-option=<name>=<value>
+.RS 4
+Set the
+\fBsmb.conf\fR(5)
+option "<name>" to value "<value>" from the command line\&. This overrides compiled\-in defaults and options read from the configuration file\&.
+.RE
+.PP
+\-N|\-\-no\-pass
+.RS 4
+If specified, this parameter suppresses the normal password prompt from the client to the user\&. This is useful when accessing a service that does not require a password\&.
+.sp
+Unless a password is specified on the command line or this parameter is specified, the client will request a password\&.
+.sp
+If a password is specified on the command line and this option is also defined the password on the command line will be silently ingnored and no password will be used\&.
+.RE
+.PP
+\-k|\-\-kerberos
+.RS 4
+Try to authenticate with kerberos\&. Only useful in an Active Directory environment\&.
+.RE
+.PP
+\-C|\-\-use\-ccache
+.RS 4
+Try to use the credentials cached by winbind\&.
+.RE
+.PP
+\-A|\-\-authentication\-file=filename
+.RS 4
+This option allows you to specify a file from which to read the username and password used in the connection\&. The format of the file is
+.sp
+.if n \{\
+.RS 4
+.\}
+.nf
+username = <value>
+password = <value>
+domain = <value>
+.fi
+.if n \{\
+.RE
+.\}
+.sp
+Make certain that the permissions on the file restrict access from unwanted users\&.
+.RE
+.PP
+\-U|\-\-user=username[%password]
+.RS 4
+Sets the SMB username or username and password\&.
+.sp
+If %password is not specified, the user will be prompted\&. The client will first check the
+\fBUSER\fR
+environment variable, then the
+\fBLOGNAME\fR
+variable and if either exists, the string is uppercased\&. If these environmental variables are not found, the username
+\fBGUEST\fR
+is used\&.
+.sp
+A third option is to use a credentials file which contains the plaintext of the username and password\&. This option is mainly provided for scripts where the admin does not wish to pass the credentials on the command line or via environment variables\&. If this method is used, make certain that the permissions on the file restrict access from unwanted users\&. See the
+\fI\-A\fR
+for more details\&.
+.sp
+Be cautious about including passwords in scripts\&. Also, on many systems the command line of a running process may be seen via the
+ps
+command\&. To be safe always allow
+rpcclient
+to prompt for a password and type it in directly\&.
+.RE
+.PP
+\-S|\-\-signing on|off|required
+.RS 4
+Set the client signing state\&.
+.RE
+.PP
+\-P|\-\-machine\-pass
+.RS 4
+Use stored machine account password\&.
+.RE
+.PP
+\-e|\-\-encrypt
+.RS 4
+This command line parameter requires the remote server support the UNIX extensions or that the SMB3 protocol has been selected\&. Requests that the connection be encrypted\&. Negotiates SMB encryption using either SMB3 or POSIX extensions via GSSAPI\&. Uses the given credentials for the encryption negotiation (either kerberos or NTLMv1/v2 if given domain/username/password triple\&. Fails the connection if encryption cannot be negotiated\&.
+.RE
+.PP
+\-\-pw\-nt\-hash
+.RS 4
+The supplied password is the NT hash\&.
+.RE
+.PP
+\-?|\-\-help
+.RS 4
+Print a summary of command line options\&.
+.RE
+.PP
+\-\-usage
+.RS 4
+Display brief usage message\&.
+.RE
.SH "QUOTA_SET_COMMAND"
.PP
The format of an the QUOTA_SET_COMMAND is an operation name followed by a set of parameters specific to that operation\&.
diff -Nru samba-4.5.8+dfsg/docs/manpages/smbd.8 samba-4.5.12+dfsg/docs/manpages/smbd.8
--- samba-4.5.8+dfsg/docs/manpages/smbd.8 2017-03-31 08:29:51.000000000 +0200
+++ samba-4.5.12+dfsg/docs/manpages/smbd.8 2017-07-12 11:24:26.000000000 +0200
@@ -2,12 +2,12 @@
.\" Title: smbd
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\" Date: 03/31/2017
+.\" Date: 07/12/2017
.\" Manual: System Administration tools
.\" Source: Samba 4.5
.\" Language: English
.\"
-.TH "SMBD" "8" "03/31/2017" "Samba 4\&.5" "System Administration tools"
+.TH "SMBD" "8" "07/12/2017" "Samba 4\&.5" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
@@ -95,6 +95,58 @@
parameter had been given\&.
.RE
.PP
+\-d|\-\-debuglevel=level
+.RS 4
+\fIlevel\fR
+is an integer from 0 to 10\&. The default value if this parameter is not specified is 0\&.
+.sp
+The higher this value, the more detail will be logged to the log files about the activities of the server\&. At level 0, only critical errors and serious warnings will be logged\&. Level 1 is a reasonable level for day\-to\-day running \- it generates a small amount of information about operations carried out\&.
+.sp
+Levels above 1 will generate considerable amounts of log data, and should only be used when investigating a problem\&. Levels above 3 are designed for use only by developers and generate HUGE amounts of log data, most of which is extremely cryptic\&.
+.sp
+Note that specifying this parameter here will override the
+\m[blue]\fBlog level\fR\m[]
+parameter in the
+smb\&.conf
+file\&.
+.RE
+.PP
+\-V|\-\-version
+.RS 4
+Prints the program version number\&.
+.RE
+.PP
+\-s|\-\-configfile=<configuration file>
+.RS 4
+The file specified contains the configuration details required by the server\&. The information in this file includes server\-specific information such as what printcap file to use, as well as descriptions of all the services that the server is to provide\&. See
+smb\&.conf
+for more information\&. The default configuration file name is determined at compile time\&.
+.RE
+.PP
+\-l|\-\-log\-basename=logdirectory
+.RS 4
+Base directory name for log/debug files\&. The extension
+\fB"\&.progname"\fR
+will be appended (e\&.g\&. log\&.smbclient, log\&.smbd, etc\&.\&.\&.)\&. The log file is never removed by the client\&.
+.RE
+.PP
+\-\-option=<name>=<value>
+.RS 4
+Set the
+\fBsmb.conf\fR(5)
+option "<name>" to value "<value>" from the command line\&. This overrides compiled\-in defaults and options read from the configuration file\&.
+.RE
+.PP
+\-?|\-\-help
+.RS 4
+Print a summary of command line options\&.
+.RE
+.PP
+\-\-usage
+.RS 4
+Display brief usage message\&.
+.RE
+.PP
\-\-no\-process\-group
.RS 4
Do not create a new process group for smbd\&.
@@ -111,6 +163,7 @@
is a space or comma\-separated list of TCP ports smbd should listen on\&. The default value is taken from the
\m[blue]\fBports\fR\m[]
parameter in
+smb\&.conf
.sp
The default ports are 139 (used for SMB over NetBIOS over TCP) and port 445 (used for plain SMB over TCP)\&.
.RE
diff -Nru samba-4.5.8+dfsg/docs/manpages/smbget.1 samba-4.5.12+dfsg/docs/manpages/smbget.1
--- samba-4.5.8+dfsg/docs/manpages/smbget.1 2017-03-31 08:29:51.000000000 +0200
+++ samba-4.5.12+dfsg/docs/manpages/smbget.1 2017-07-12 11:24:27.000000000 +0200
@@ -2,12 +2,12 @@
.\" Title: smbget
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\" Date: 03/31/2017
+.\" Date: 07/12/2017
.\" Manual: User Commands
.\" Source: Samba 4.5
.\" Language: English
.\"
-.TH "SMBGET" "1" "03/31/2017" "Samba 4\&.5" "User Commands"
+.TH "SMBGET" "1" "07/12/2017" "Samba 4\&.5" "User Commands"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
@@ -128,6 +128,11 @@
.RS 4
Download only when remote file is newer than local file or local file is missing\&.
.RE
+.PP
+\-e|\-\-encrypt
+.RS 4
+This command line parameter requires the remote server support the UNIX extensions or that the SMB3 protocol has been selected\&. Requests that the connection be encrypted\&. Negotiates SMB encryption using either SMB3 or POSIX extensions via GSSAPI\&. Uses the given credentials for the encryption negotiation (either kerberos or NTLMv1/v2 if given domain/username/password triple\&. Fails the connection if encryption cannot be negotiated\&.
+.RE
.SH "SMB URLS"
.PP
SMB URL\*(Aqs should be specified in the following format:
diff -Nru samba-4.5.8+dfsg/docs/manpages/smbgetrc.5 samba-4.5.12+dfsg/docs/manpages/smbgetrc.5
--- samba-4.5.8+dfsg/docs/manpages/smbgetrc.5 2017-03-31 08:29:51.000000000 +0200
+++ samba-4.5.12+dfsg/docs/manpages/smbgetrc.5 2017-07-12 11:24:27.000000000 +0200
@@ -2,12 +2,12 @@
.\" Title: smbgetrc
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\" Date: 03/31/2017
+.\" Date: 07/12/2017
.\" Manual: File Formats and Conventions
.\" Source: Samba 4.5
.\" Language: English
.\"
-.TH "SMBGETRC" "5" "03/31/2017" "Samba 4\&.5" "File Formats and Conventions"
+.TH "SMBGETRC" "5" "07/12/2017" "Samba 4\&.5" "File Formats and Conventions"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -Nru samba-4.5.8+dfsg/docs/manpages/smbpasswd.5 samba-4.5.12+dfsg/docs/manpages/smbpasswd.5
--- samba-4.5.8+dfsg/docs/manpages/smbpasswd.5 2017-03-31 08:29:51.000000000 +0200
+++ samba-4.5.12+dfsg/docs/manpages/smbpasswd.5 2017-07-12 11:24:27.000000000 +0200
@@ -2,12 +2,12 @@
.\" Title: smbpasswd
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\" Date: 03/31/2017
+.\" Date: 07/12/2017
.\" Manual: File Formats and Conventions
.\" Source: Samba 4.5
.\" Language: English
.\"
-.TH "SMBPASSWD" "5" "03/31/2017" "Samba 4\&.5" "File Formats and Conventions"
+.TH "SMBPASSWD" "5" "07/12/2017" "Samba 4\&.5" "File Formats and Conventions"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -Nru samba-4.5.8+dfsg/docs/manpages/smbpasswd.8 samba-4.5.12+dfsg/docs/manpages/smbpasswd.8
--- samba-4.5.8+dfsg/docs/manpages/smbpasswd.8 2017-03-31 08:29:52.000000000 +0200
+++ samba-4.5.12+dfsg/docs/manpages/smbpasswd.8 2017-07-12 11:24:27.000000000 +0200
@@ -2,12 +2,12 @@
.\" Title: smbpasswd
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\" Date: 03/31/2017
+.\" Date: 07/12/2017
.\" Manual: System Administration tools
.\" Source: Samba 4.5
.\" Language: English
.\"
-.TH "SMBPASSWD" "8" "03/31/2017" "Samba 4\&.5" "System Administration tools"
+.TH "SMBPASSWD" "8" "07/12/2017" "Samba 4\&.5" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
@@ -74,7 +74,9 @@
.PP
\-c
.RS 4
-This option can be used to specify the path and file name of the configuration file when it is important to use other than the default file and / or location\&.
+This option can be used to specify the path and file name of the
+smb\&.conf
+configuration file when it is important to use other than the default file and / or location\&.
.RE
.PP
\-x
diff -Nru samba-4.5.8+dfsg/docs/manpages/smbspool.8 samba-4.5.12+dfsg/docs/manpages/smbspool.8
--- samba-4.5.8+dfsg/docs/manpages/smbspool.8 2017-03-31 08:29:52.000000000 +0200
+++ samba-4.5.12+dfsg/docs/manpages/smbspool.8 2017-07-12 11:24:28.000000000 +0200
@@ -2,12 +2,12 @@
.\" Title: smbspool
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\" Date: 03/31/2017
+.\" Date: 07/12/2017
.\" Manual: System Administration tools
.\" Source: Samba 4.5
.\" Language: English
.\"
-.TH "SMBSPOOL" "8" "03/31/2017" "Samba 4\&.5" "System Administration tools"
+.TH "SMBSPOOL" "8" "07/12/2017" "Samba 4\&.5" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -Nru samba-4.5.8+dfsg/docs/manpages/smbspool_krb5_wrapper.8 samba-4.5.12+dfsg/docs/manpages/smbspool_krb5_wrapper.8
--- samba-4.5.8+dfsg/docs/manpages/smbspool_krb5_wrapper.8 2017-03-31 08:29:52.000000000 +0200
+++ samba-4.5.12+dfsg/docs/manpages/smbspool_krb5_wrapper.8 2017-07-12 11:24:28.000000000 +0200
@@ -2,12 +2,12 @@
.\" Title: smbspool_krb5_wrapper
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\" Date: 03/31/2017
+.\" Date: 07/12/2017
.\" Manual: System Administration tools
.\" Source: Samba 4.5
.\" Language: English
.\"
-.TH "SMBSPOOL_KRB5_WRAPPE" "8" "03/31/2017" "Samba 4\&.5" "System Administration tools"
+.TH "SMBSPOOL_KRB5_WRAPPE" "8" "07/12/2017" "Samba 4\&.5" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -Nru samba-4.5.8+dfsg/docs/manpages/smbstatus.1 samba-4.5.12+dfsg/docs/manpages/smbstatus.1
--- samba-4.5.8+dfsg/docs/manpages/smbstatus.1 2017-03-31 08:29:52.000000000 +0200
+++ samba-4.5.12+dfsg/docs/manpages/smbstatus.1 2017-07-12 11:24:28.000000000 +0200
@@ -2,12 +2,12 @@
.\" Title: smbstatus
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\" Date: 03/31/2017
+.\" Date: 07/12/2017
.\" Manual: User Commands
.\" Source: Samba 4.5
.\" Language: English
.\"
-.TH "SMBSTATUS" "1" "03/31/2017" "Samba 4\&.5" "User Commands"
+.TH "SMBSTATUS" "1" "07/12/2017" "Samba 4\&.5" "User Commands"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
@@ -57,6 +57,48 @@
gives brief output\&.
.RE
.PP
+\-d|\-\-debuglevel=level
+.RS 4
+\fIlevel\fR
+is an integer from 0 to 10\&. The default value if this parameter is not specified is 0\&.
+.sp
+The higher this value, the more detail will be logged to the log files about the activities of the server\&. At level 0, only critical errors and serious warnings will be logged\&. Level 1 is a reasonable level for day\-to\-day running \- it generates a small amount of information about operations carried out\&.
+.sp
+Levels above 1 will generate considerable amounts of log data, and should only be used when investigating a problem\&. Levels above 3 are designed for use only by developers and generate HUGE amounts of log data, most of which is extremely cryptic\&.
+.sp
+Note that specifying this parameter here will override the
+\m[blue]\fBlog level\fR\m[]
+parameter in the
+smb\&.conf
+file\&.
+.RE
+.PP
+\-V|\-\-version
+.RS 4
+Prints the program version number\&.
+.RE
+.PP
+\-s|\-\-configfile=<configuration file>
+.RS 4
+The file specified contains the configuration details required by the server\&. The information in this file includes server\-specific information such as what printcap file to use, as well as descriptions of all the services that the server is to provide\&. See
+smb\&.conf
+for more information\&. The default configuration file name is determined at compile time\&.
+.RE
+.PP
+\-l|\-\-log\-basename=logdirectory
+.RS 4
+Base directory name for log/debug files\&. The extension
+\fB"\&.progname"\fR
+will be appended (e\&.g\&. log\&.smbclient, log\&.smbd, etc\&.\&.\&.)\&. The log file is never removed by the client\&.
+.RE
+.PP
+\-\-option=<name>=<value>
+.RS 4
+Set the
+\fBsmb.conf\fR(5)
+option "<name>" to value "<value>" from the command line\&. This overrides compiled\-in defaults and options read from the configuration file\&.
+.RE
+.PP
\-v|\-\-verbose
.RS 4
gives verbose output\&.
@@ -94,6 +136,11 @@
causes smbstatus to not check if the status data is valid by checking if the processes that the status data refer to all still exist\&. This speeds up execution on busy systems and clusters but might display stale data of processes that died without cleaning up properly\&.
.RE
.PP
+\-?|\-\-help
+.RS 4
+Print a summary of command line options\&.
+.RE
+.PP
\-u|\-\-user=<username>
.RS 4
selects information relevant to
diff -Nru samba-4.5.8+dfsg/docs/manpages/smbtar.1 samba-4.5.12+dfsg/docs/manpages/smbtar.1
--- samba-4.5.8+dfsg/docs/manpages/smbtar.1 2017-03-31 08:29:52.000000000 +0200
+++ samba-4.5.12+dfsg/docs/manpages/smbtar.1 2017-07-12 11:24:29.000000000 +0200
@@ -2,12 +2,12 @@
.\" Title: smbtar
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\" Date: 03/31/2017
+.\" Date: 07/12/2017
.\" Manual: User Commands
.\" Source: Samba 4.5
.\" Language: English
.\"
-.TH "SMBTAR" "1" "03/31/2017" "Samba 4\&.5" "User Commands"
+.TH "SMBTAR" "1" "07/12/2017" "Samba 4\&.5" "User Commands"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -Nru samba-4.5.8+dfsg/docs/manpages/smbtree.1 samba-4.5.12+dfsg/docs/manpages/smbtree.1
--- samba-4.5.8+dfsg/docs/manpages/smbtree.1 2017-03-31 08:29:53.000000000 +0200
+++ samba-4.5.12+dfsg/docs/manpages/smbtree.1 2017-07-12 11:24:29.000000000 +0200
@@ -2,12 +2,12 @@
.\" Title: smbtree
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\" Date: 03/31/2017
+.\" Date: 07/12/2017
.\" Manual: User Commands
.\" Source: Samba 4.5
.\" Language: English
.\"
-.TH "SMBTREE" "1" "03/31/2017" "Samba 4\&.5" "User Commands"
+.TH "SMBTREE" "1" "07/12/2017" "Samba 4\&.5" "User Commands"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
@@ -56,6 +56,139 @@
.RS 4
Only print a list of all the domains and servers responding on broadcast or known by the master browser\&.
.RE
+.PP
+\-d|\-\-debuglevel=level
+.RS 4
+\fIlevel\fR
+is an integer from 0 to 10\&. The default value if this parameter is not specified is 0\&.
+.sp
+The higher this value, the more detail will be logged to the log files about the activities of the server\&. At level 0, only critical errors and serious warnings will be logged\&. Level 1 is a reasonable level for day\-to\-day running \- it generates a small amount of information about operations carried out\&.
+.sp
+Levels above 1 will generate considerable amounts of log data, and should only be used when investigating a problem\&. Levels above 3 are designed for use only by developers and generate HUGE amounts of log data, most of which is extremely cryptic\&.
+.sp
+Note that specifying this parameter here will override the
+\m[blue]\fBlog level\fR\m[]
+parameter in the
+smb\&.conf
+file\&.
+.RE
+.PP
+\-V|\-\-version
+.RS 4
+Prints the program version number\&.
+.RE
+.PP
+\-s|\-\-configfile=<configuration file>
+.RS 4
+The file specified contains the configuration details required by the server\&. The information in this file includes server\-specific information such as what printcap file to use, as well as descriptions of all the services that the server is to provide\&. See
+smb\&.conf
+for more information\&. The default configuration file name is determined at compile time\&.
+.RE
+.PP
+\-l|\-\-log\-basename=logdirectory
+.RS 4
+Base directory name for log/debug files\&. The extension
+\fB"\&.progname"\fR
+will be appended (e\&.g\&. log\&.smbclient, log\&.smbd, etc\&.\&.\&.)\&. The log file is never removed by the client\&.
+.RE
+.PP
+\-\-option=<name>=<value>
+.RS 4
+Set the
+\fBsmb.conf\fR(5)
+option "<name>" to value "<value>" from the command line\&. This overrides compiled\-in defaults and options read from the configuration file\&.
+.RE
+.PP
+\-N|\-\-no\-pass
+.RS 4
+If specified, this parameter suppresses the normal password prompt from the client to the user\&. This is useful when accessing a service that does not require a password\&.
+.sp
+Unless a password is specified on the command line or this parameter is specified, the client will request a password\&.
+.sp
+If a password is specified on the command line and this option is also defined the password on the command line will be silently ingnored and no password will be used\&.
+.RE
+.PP
+\-k|\-\-kerberos
+.RS 4
+Try to authenticate with kerberos\&. Only useful in an Active Directory environment\&.
+.RE
+.PP
+\-C|\-\-use\-ccache
+.RS 4
+Try to use the credentials cached by winbind\&.
+.RE
+.PP
+\-A|\-\-authentication\-file=filename
+.RS 4
+This option allows you to specify a file from which to read the username and password used in the connection\&. The format of the file is
+.sp
+.if n \{\
+.RS 4
+.\}
+.nf
+username = <value>
+password = <value>
+domain = <value>
+.fi
+.if n \{\
+.RE
+.\}
+.sp
+Make certain that the permissions on the file restrict access from unwanted users\&.
+.RE
+.PP
+\-U|\-\-user=username[%password]
+.RS 4
+Sets the SMB username or username and password\&.
+.sp
+If %password is not specified, the user will be prompted\&. The client will first check the
+\fBUSER\fR
+environment variable, then the
+\fBLOGNAME\fR
+variable and if either exists, the string is uppercased\&. If these environmental variables are not found, the username
+\fBGUEST\fR
+is used\&.
+.sp
+A third option is to use a credentials file which contains the plaintext of the username and password\&. This option is mainly provided for scripts where the admin does not wish to pass the credentials on the command line or via environment variables\&. If this method is used, make certain that the permissions on the file restrict access from unwanted users\&. See the
+\fI\-A\fR
+for more details\&.
+.sp
+Be cautious about including passwords in scripts\&. Also, on many systems the command line of a running process may be seen via the
+ps
+command\&. To be safe always allow
+rpcclient
+to prompt for a password and type it in directly\&.
+.RE
+.PP
+\-S|\-\-signing on|off|required
+.RS 4
+Set the client signing state\&.
+.RE
+.PP
+\-P|\-\-machine\-pass
+.RS 4
+Use stored machine account password\&.
+.RE
+.PP
+\-e|\-\-encrypt
+.RS 4
+This command line parameter requires the remote server support the UNIX extensions or that the SMB3 protocol has been selected\&. Requests that the connection be encrypted\&. Negotiates SMB encryption using either SMB3 or POSIX extensions via GSSAPI\&. Uses the given credentials for the encryption negotiation (either kerberos or NTLMv1/v2 if given domain/username/password triple\&. Fails the connection if encryption cannot be negotiated\&.
+.RE
+.PP
+\-\-pw\-nt\-hash
+.RS 4
+The supplied password is the NT hash\&.
+.RE
+.PP
+\-?|\-\-help
+.RS 4
+Print a summary of command line options\&.
+.RE
+.PP
+\-\-usage
+.RS 4
+Display brief usage message\&.
+.RE
.SH "VERSION"
.PP
This man page is correct for version 3 of the Samba suite\&.
diff -Nru samba-4.5.8+dfsg/docs/manpages/testparm.1 samba-4.5.12+dfsg/docs/manpages/testparm.1
--- samba-4.5.8+dfsg/docs/manpages/testparm.1 2017-03-31 08:29:53.000000000 +0200
+++ samba-4.5.12+dfsg/docs/manpages/testparm.1 2017-07-12 11:24:29.000000000 +0200
@@ -2,12 +2,12 @@
.\" Title: testparm
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\" Date: 03/31/2017
+.\" Date: 07/12/2017
.\" Manual: User Commands
.\" Source: Samba 4.5
.\" Language: English
.\"
-.TH "TESTPARM" "1" "03/31/2017" "Samba 4\&.5" "User Commands"
+.TH "TESTPARM" "1" "07/12/2017" "Samba 4\&.5" "User Commands"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
@@ -66,6 +66,44 @@
will prompt for a carriage return after printing the service names and before dumping the service definitions\&.
.RE
.PP
+\-V|\-\-version
+.RS 4
+Prints the program version number\&.
+.RE
+.PP
+\-\-option=<name>=<value>
+.RS 4
+Set the
+\fBsmb.conf\fR(5)
+option "<name>" to value "<value>" from the command line\&. This overrides compiled\-in defaults and options read from the configuration file\&.
+.RE
+.PP
+\-?|\-\-help
+.RS 4
+Print a summary of command line options\&.
+.RE
+.PP
+\-\-usage
+.RS 4
+Display brief usage message\&.
+.RE
+.PP
+\-d|\-\-debuglevel=level
+.RS 4
+\fIlevel\fR
+is an integer from 0 to 10\&. The default value if this parameter is not specified is 1\&.
+.sp
+The higher this value, the more detail will be logged to the log files about the activities of the server\&. At level 0, only critical errors and serious warnings will be logged\&. Level 1 is a reasonable level for day\-to\-day running \- it generates a small amount of information about operations carried out\&.
+.sp
+Levels above 1 will generate considerable amounts of log data, and should only be used when investigating a problem\&. Levels above 3 are designed for use only by developers and generate HUGE amounts of log data, most of which is extremely cryptic\&.
+.sp
+Note that specifying this parameter here will override the
+\m[blue]\fBlog level\fR\m[]
+parameter in the
+smb\&.conf
+file\&.
+.RE
+.PP
\-v|\-\-verbose
.RS 4
If this option is specified, testparm will also output all options that were not used in
diff -Nru samba-4.5.8+dfsg/docs/manpages/vfs_acl_tdb.8 samba-4.5.12+dfsg/docs/manpages/vfs_acl_tdb.8
--- samba-4.5.8+dfsg/docs/manpages/vfs_acl_tdb.8 2017-03-31 08:29:53.000000000 +0200
+++ samba-4.5.12+dfsg/docs/manpages/vfs_acl_tdb.8 2017-07-12 11:24:29.000000000 +0200
@@ -2,12 +2,12 @@
.\" Title: vfs_acl_tdb
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\" Date: 03/31/2017
+.\" Date: 07/12/2017
.\" Manual: System Administration tools
.\" Source: Samba 4.5
.\" Language: English
.\"
-.TH "VFS_ACL_TDB" "8" "03/31/2017" "Samba 4\&.5" "System Administration tools"
+.TH "VFS_ACL_TDB" "8" "07/12/2017" "Samba 4\&.5" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -Nru samba-4.5.8+dfsg/docs/manpages/vfs_acl_xattr.8 samba-4.5.12+dfsg/docs/manpages/vfs_acl_xattr.8
--- samba-4.5.8+dfsg/docs/manpages/vfs_acl_xattr.8 2017-03-31 08:29:53.000000000 +0200
+++ samba-4.5.12+dfsg/docs/manpages/vfs_acl_xattr.8 2017-07-12 11:24:30.000000000 +0200
@@ -2,12 +2,12 @@
.\" Title: vfs_acl_xattr
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\" Date: 03/31/2017
+.\" Date: 07/12/2017
.\" Manual: System Administration tools
.\" Source: Samba 4.5
.\" Language: English
.\"
-.TH "VFS_ACL_XATTR" "8" "03/31/2017" "Samba 4\&.5" "System Administration tools"
+.TH "VFS_ACL_XATTR" "8" "07/12/2017" "Samba 4\&.5" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -Nru samba-4.5.8+dfsg/docs/manpages/vfs_aio_fork.8 samba-4.5.12+dfsg/docs/manpages/vfs_aio_fork.8
--- samba-4.5.8+dfsg/docs/manpages/vfs_aio_fork.8 2017-03-31 08:29:54.000000000 +0200
+++ samba-4.5.12+dfsg/docs/manpages/vfs_aio_fork.8 2017-07-12 11:24:30.000000000 +0200
@@ -2,12 +2,12 @@
.\" Title: vfs_aio_fork
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\" Date: 03/31/2017
+.\" Date: 07/12/2017
.\" Manual: System Administration tools
.\" Source: Samba 4.5
.\" Language: English
.\"
-.TH "VFS_AIO_FORK" "8" "03/31/2017" "Samba 4\&.5" "System Administration tools"
+.TH "VFS_AIO_FORK" "8" "07/12/2017" "Samba 4\&.5" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -Nru samba-4.5.8+dfsg/docs/manpages/vfs_aio_linux.8 samba-4.5.12+dfsg/docs/manpages/vfs_aio_linux.8
--- samba-4.5.8+dfsg/docs/manpages/vfs_aio_linux.8 2017-03-31 08:29:54.000000000 +0200
+++ samba-4.5.12+dfsg/docs/manpages/vfs_aio_linux.8 2017-07-12 11:24:30.000000000 +0200
@@ -2,12 +2,12 @@
.\" Title: vfs_aio_linux
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\" Date: 03/31/2017
+.\" Date: 07/12/2017
.\" Manual: System Administration tools
.\" Source: Samba 4.5
.\" Language: English
.\"
-.TH "VFS_AIO_LINUX" "8" "03/31/2017" "Samba 4\&.5" "System Administration tools"
+.TH "VFS_AIO_LINUX" "8" "07/12/2017" "Samba 4\&.5" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -Nru samba-4.5.8+dfsg/docs/manpages/vfs_aio_pthread.8 samba-4.5.12+dfsg/docs/manpages/vfs_aio_pthread.8
--- samba-4.5.8+dfsg/docs/manpages/vfs_aio_pthread.8 2017-03-31 08:29:54.000000000 +0200
+++ samba-4.5.12+dfsg/docs/manpages/vfs_aio_pthread.8 2017-07-12 11:24:30.000000000 +0200
@@ -2,12 +2,12 @@
.\" Title: vfs_aio_pthread
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\" Date: 03/31/2017
+.\" Date: 07/12/2017
.\" Manual: System Administration tools
.\" Source: Samba 4.5
.\" Language: English
.\"
-.TH "VFS_AIO_PTHREAD" "8" "03/31/2017" "Samba 4\&.5" "System Administration tools"
+.TH "VFS_AIO_PTHREAD" "8" "07/12/2017" "Samba 4\&.5" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -Nru samba-4.5.8+dfsg/docs/manpages/vfs_audit.8 samba-4.5.12+dfsg/docs/manpages/vfs_audit.8
--- samba-4.5.8+dfsg/docs/manpages/vfs_audit.8 2017-03-31 08:29:54.000000000 +0200
+++ samba-4.5.12+dfsg/docs/manpages/vfs_audit.8 2017-07-12 11:24:31.000000000 +0200
@@ -2,12 +2,12 @@
.\" Title: vfs_audit
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\" Date: 03/31/2017
+.\" Date: 07/12/2017
.\" Manual: System Administration tools
.\" Source: Samba 4.5
.\" Language: English
.\"
-.TH "VFS_AUDIT" "8" "03/31/2017" "Samba 4\&.5" "System Administration tools"
+.TH "VFS_AUDIT" "8" "07/12/2017" "Samba 4\&.5" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -Nru samba-4.5.8+dfsg/docs/manpages/vfs_btrfs.8 samba-4.5.12+dfsg/docs/manpages/vfs_btrfs.8
--- samba-4.5.8+dfsg/docs/manpages/vfs_btrfs.8 2017-03-31 08:29:54.000000000 +0200
+++ samba-4.5.12+dfsg/docs/manpages/vfs_btrfs.8 2017-07-12 11:24:31.000000000 +0200
@@ -2,12 +2,12 @@
.\" Title: vfs_btrfs
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\" Date: 03/31/2017
+.\" Date: 07/12/2017
.\" Manual: System Administration tools
.\" Source: Samba 4.5
.\" Language: English
.\"
-.TH "VFS_BTRFS" "8" "03/31/2017" "Samba 4\&.5" "System Administration tools"
+.TH "VFS_BTRFS" "8" "07/12/2017" "Samba 4\&.5" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -Nru samba-4.5.8+dfsg/docs/manpages/vfs_cacheprime.8 samba-4.5.12+dfsg/docs/manpages/vfs_cacheprime.8
--- samba-4.5.8+dfsg/docs/manpages/vfs_cacheprime.8 2017-03-31 08:29:55.000000000 +0200
+++ samba-4.5.12+dfsg/docs/manpages/vfs_cacheprime.8 2017-07-12 11:24:31.000000000 +0200
@@ -2,12 +2,12 @@
.\" Title: vfs_cacheprime
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\" Date: 03/31/2017
+.\" Date: 07/12/2017
.\" Manual: System Administration tools
.\" Source: Samba 4.5
.\" Language: English
.\"
-.TH "VFS_CACHEPRIME" "8" "03/31/2017" "Samba 4\&.5" "System Administration tools"
+.TH "VFS_CACHEPRIME" "8" "07/12/2017" "Samba 4\&.5" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -Nru samba-4.5.8+dfsg/docs/manpages/vfs_cap.8 samba-4.5.12+dfsg/docs/manpages/vfs_cap.8
--- samba-4.5.8+dfsg/docs/manpages/vfs_cap.8 2017-03-31 08:29:55.000000000 +0200
+++ samba-4.5.12+dfsg/docs/manpages/vfs_cap.8 2017-07-12 11:24:31.000000000 +0200
@@ -2,12 +2,12 @@
.\" Title: vfs_cap
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\" Date: 03/31/2017
+.\" Date: 07/12/2017
.\" Manual: System Administration tools
.\" Source: Samba 4.5
.\" Language: English
.\"
-.TH "VFS_CAP" "8" "03/31/2017" "Samba 4\&.5" "System Administration tools"
+.TH "VFS_CAP" "8" "07/12/2017" "Samba 4\&.5" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -Nru samba-4.5.8+dfsg/docs/manpages/vfs_catia.8 samba-4.5.12+dfsg/docs/manpages/vfs_catia.8
--- samba-4.5.8+dfsg/docs/manpages/vfs_catia.8 2017-03-31 08:29:55.000000000 +0200
+++ samba-4.5.12+dfsg/docs/manpages/vfs_catia.8 2017-07-12 11:24:32.000000000 +0200
@@ -2,12 +2,12 @@
.\" Title: vfs_catia
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\" Date: 03/31/2017
+.\" Date: 07/12/2017
.\" Manual: System Administration tools
.\" Source: Samba 4.5
.\" Language: English
.\"
-.TH "VFS_CATIA" "8" "03/31/2017" "Samba 4\&.5" "System Administration tools"
+.TH "VFS_CATIA" "8" "07/12/2017" "Samba 4\&.5" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -Nru samba-4.5.8+dfsg/docs/manpages/vfs_ceph.8 samba-4.5.12+dfsg/docs/manpages/vfs_ceph.8
--- samba-4.5.8+dfsg/docs/manpages/vfs_ceph.8 2017-03-31 08:29:55.000000000 +0200
+++ samba-4.5.12+dfsg/docs/manpages/vfs_ceph.8 2017-07-12 11:24:32.000000000 +0200
@@ -2,12 +2,12 @@
.\" Title: vfs_ceph
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\" Date: 03/31/2017
+.\" Date: 07/12/2017
.\" Manual: System Administration tools
.\" Source: Samba 4.5
.\" Language: English
.\"
-.TH "VFS_CEPH" "8" "03/31/2017" "Samba 4\&.5" "System Administration tools"
+.TH "VFS_CEPH" "8" "07/12/2017" "Samba 4\&.5" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -Nru samba-4.5.8+dfsg/docs/manpages/vfs_commit.8 samba-4.5.12+dfsg/docs/manpages/vfs_commit.8
--- samba-4.5.8+dfsg/docs/manpages/vfs_commit.8 2017-03-31 08:29:56.000000000 +0200
+++ samba-4.5.12+dfsg/docs/manpages/vfs_commit.8 2017-07-12 11:24:32.000000000 +0200
@@ -2,12 +2,12 @@
.\" Title: vfs_commit
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\" Date: 03/31/2017
+.\" Date: 07/12/2017
.\" Manual: System Administration tools
.\" Source: Samba 4.5
.\" Language: English
.\"
-.TH "VFS_COMMIT" "8" "03/31/2017" "Samba 4\&.5" "System Administration tools"
+.TH "VFS_COMMIT" "8" "07/12/2017" "Samba 4\&.5" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -Nru samba-4.5.8+dfsg/docs/manpages/vfs_crossrename.8 samba-4.5.12+dfsg/docs/manpages/vfs_crossrename.8
--- samba-4.5.8+dfsg/docs/manpages/vfs_crossrename.8 2017-03-31 08:29:56.000000000 +0200
+++ samba-4.5.12+dfsg/docs/manpages/vfs_crossrename.8 2017-07-12 11:24:32.000000000 +0200
@@ -2,12 +2,12 @@
.\" Title: vfs_crossrename
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\" Date: 03/31/2017
+.\" Date: 07/12/2017
.\" Manual: System Administration tools
.\" Source: Samba 4.5
.\" Language: English
.\"
-.TH "VFS_CROSSRENAME" "8" "03/31/2017" "Samba 4\&.5" "System Administration tools"
+.TH "VFS_CROSSRENAME" "8" "07/12/2017" "Samba 4\&.5" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -Nru samba-4.5.8+dfsg/docs/manpages/vfs_default_quota.8 samba-4.5.12+dfsg/docs/manpages/vfs_default_quota.8
--- samba-4.5.8+dfsg/docs/manpages/vfs_default_quota.8 2017-03-31 08:29:56.000000000 +0200
+++ samba-4.5.12+dfsg/docs/manpages/vfs_default_quota.8 2017-07-12 11:24:33.000000000 +0200
@@ -2,12 +2,12 @@
.\" Title: vfs_default_quota
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\" Date: 03/31/2017
+.\" Date: 07/12/2017
.\" Manual: System Administration tools
.\" Source: Samba 4.5
.\" Language: English
.\"
-.TH "VFS_DEFAULT_QUOTA" "8" "03/31/2017" "Samba 4\&.5" "System Administration tools"
+.TH "VFS_DEFAULT_QUOTA" "8" "07/12/2017" "Samba 4\&.5" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -Nru samba-4.5.8+dfsg/docs/manpages/vfs_dirsort.8 samba-4.5.12+dfsg/docs/manpages/vfs_dirsort.8
--- samba-4.5.8+dfsg/docs/manpages/vfs_dirsort.8 2017-03-31 08:29:56.000000000 +0200
+++ samba-4.5.12+dfsg/docs/manpages/vfs_dirsort.8 2017-07-12 11:24:33.000000000 +0200
@@ -2,12 +2,12 @@
.\" Title: vfs_dirsort
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\" Date: 03/31/2017
+.\" Date: 07/12/2017
.\" Manual: System Administration tools
.\" Source: Samba 4.5
.\" Language: English
.\"
-.TH "VFS_DIRSORT" "8" "03/31/2017" "Samba 4\&.5" "System Administration tools"
+.TH "VFS_DIRSORT" "8" "07/12/2017" "Samba 4\&.5" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -Nru samba-4.5.8+dfsg/docs/manpages/vfs_extd_audit.8 samba-4.5.12+dfsg/docs/manpages/vfs_extd_audit.8
--- samba-4.5.8+dfsg/docs/manpages/vfs_extd_audit.8 2017-03-31 08:29:56.000000000 +0200
+++ samba-4.5.12+dfsg/docs/manpages/vfs_extd_audit.8 2017-07-12 11:24:33.000000000 +0200
@@ -2,12 +2,12 @@
.\" Title: vfs_extd_audit
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\" Date: 03/31/2017
+.\" Date: 07/12/2017
.\" Manual: System Administration tools
.\" Source: Samba 4.5
.\" Language: English
.\"
-.TH "VFS_EXTD_AUDIT" "8" "03/31/2017" "Samba 4\&.5" "System Administration tools"
+.TH "VFS_EXTD_AUDIT" "8" "07/12/2017" "Samba 4\&.5" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -Nru samba-4.5.8+dfsg/docs/manpages/vfs_fake_perms.8 samba-4.5.12+dfsg/docs/manpages/vfs_fake_perms.8
--- samba-4.5.8+dfsg/docs/manpages/vfs_fake_perms.8 2017-03-31 08:29:57.000000000 +0200
+++ samba-4.5.12+dfsg/docs/manpages/vfs_fake_perms.8 2017-07-12 11:24:33.000000000 +0200
@@ -2,12 +2,12 @@
.\" Title: vfs_fake_perms
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\" Date: 03/31/2017
+.\" Date: 07/12/2017
.\" Manual: System Administration tools
.\" Source: Samba 4.5
.\" Language: English
.\"
-.TH "VFS_FAKE_PERMS" "8" "03/31/2017" "Samba 4\&.5" "System Administration tools"
+.TH "VFS_FAKE_PERMS" "8" "07/12/2017" "Samba 4\&.5" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -Nru samba-4.5.8+dfsg/docs/manpages/vfs_fileid.8 samba-4.5.12+dfsg/docs/manpages/vfs_fileid.8
--- samba-4.5.8+dfsg/docs/manpages/vfs_fileid.8 2017-03-31 08:29:57.000000000 +0200
+++ samba-4.5.12+dfsg/docs/manpages/vfs_fileid.8 2017-07-12 11:24:34.000000000 +0200
@@ -2,12 +2,12 @@
.\" Title: vfs_fileid
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\" Date: 03/31/2017
+.\" Date: 07/12/2017
.\" Manual: System Administration tools
.\" Source: Samba 4.5
.\" Language: English
.\"
-.TH "VFS_FILEID" "8" "03/31/2017" "Samba 4\&.5" "System Administration tools"
+.TH "VFS_FILEID" "8" "07/12/2017" "Samba 4\&.5" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -Nru samba-4.5.8+dfsg/docs/manpages/vfs_fruit.8 samba-4.5.12+dfsg/docs/manpages/vfs_fruit.8
--- samba-4.5.8+dfsg/docs/manpages/vfs_fruit.8 2017-03-31 08:29:57.000000000 +0200
+++ samba-4.5.12+dfsg/docs/manpages/vfs_fruit.8 2017-07-12 11:24:34.000000000 +0200
@@ -2,12 +2,12 @@
.\" Title: vfs_fruit
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\" Date: 03/31/2017
+.\" Date: 07/12/2017
.\" Manual: System Administration tools
.\" Source: Samba 4.5
.\" Language: English
.\"
-.TH "VFS_FRUIT" "8" "03/31/2017" "Samba 4\&.5" "System Administration tools"
+.TH "VFS_FRUIT" "8" "07/12/2017" "Samba 4\&.5" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
@@ -70,8 +70,117 @@
fruit:locking = netatalk\&.
.PP
This module is not stackable other then described in this manpage\&.
+.SH "GLOBAL OPTIONS"
+.PP
+The following options must be set in the global smb\&.conf section and won\*(Aqt take effect when set per share\&.
+.PP
+fruit:aapl = yes | no
+.RS 4
+A
+\fIglobal\fR
+option whether to enable Apple\*(Aqs SMB2+ extension codenamed AAPL\&. Default
+\fIyes\fR\&. This extension enhances several deficiencies when connecting from Macs:
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+directory enumeration is enriched with Mac relevant filesystem metadata (UNIX mode, FinderInfo, resource fork size and effective permission), as a result the Mac client doesn\*(Aqt need to fetch this metadata individuallly per directory entry resulting in an often tremendous performance increase\&.
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+The ability to query and modify the UNIX mode of directory entries\&.
+.RE
+.sp
+.RE
+There\*(Aqs a set of per share options that come into play when
+\fIfruit:aapl\fR
+is enabled\&. These opions, listed below, can be used to disable the computation of specific Mac metadata in the directory enumeration context, all are enabled by default:
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+readdir_attr:aapl_rsize = yes | no
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+readdir_attr:aapl_finder_info = yes | no
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+readdir_attr:aapl_max_access = yes | no
+.RE
+.sp
+.RE
+See below for a description of these options\&.
+.RE
+.PP
+fruit:nfs_aces = yes | no
+.RS 4
+A
+\fIglobal\fR
+option whether support for querying and modifying the UNIX mode of directory entries via NFS ACEs is enabled, default
+\fIyes\fR\&.
+.RE
+.PP
+fruit:copyfile = yes | no
+.RS 4
+A
+\fIglobal\fR
+option whether to enable OS X specific copychunk ioctl that requests a copy of a whole file along with all attached metadata\&.
+.sp
+WARNING: the copyfile request is blocking the client while the server does the copy\&.
+.sp
+\&.
+ The default is
+\fIno\fR\&.
+.RE
+.PP
+fruit:zero_file_id = yes | no
+.RS 4
+A
+\fIglobal\fR
+option whether to return zero to queries of on\-disk file identifier, if the client has negotiated AAPL\&.
+.sp
+Mac applications and / or the Mac SMB client code expect the on\-disk file identifier to have the semantics of HFS+ Catalog Node Identifier (CNID)\&. Samba doesn\*(Aqt provide those semantics, and that occasionally cause usability issues or even data loss\&. Returning a file identifier of zero causes the Mac client to stop using and trusting the file id returned from the server\&.
+.sp
+The default is
+\fIyes\fR\&.
+.RE
.SH "OPTIONS"
.PP
+The following options can be set either in the global smb\&.conf section or per share\&.
+.PP
fruit:resource = [ file | xattr | stream ]
.RS 4
Controls where the OS X resource fork is stored\&.
@@ -232,78 +341,6 @@
.RE
.RE
.PP
-fruit:aapl = yes | no
-.RS 4
-A global option whether to enable Apple\*(Aqs SMB2+ extension codenamed AAPL\&. Default
-\fIyes\fR\&. This extension enhances several deficiencies when connecting from Macs:
-.sp
-.RS 4
-.ie n \{\
-\h'-04'\(bu\h'+03'\c
-.\}
-.el \{\
-.sp -1
-.IP \(bu 2.3
-.\}
-directory enumeration is enriched with Mac relevant filesystem metadata (UNIX mode, FinderInfo, resource fork size and effective permission), as a result the Mac client doesn\*(Aqt need to fetch this metadata individuallly per directory entry resulting in an often tremendous performance increase\&.
-.RE
-.sp
-.RS 4
-.ie n \{\
-\h'-04'\(bu\h'+03'\c
-.\}
-.el \{\
-.sp -1
-.IP \(bu 2.3
-.\}
-The ability to query and modify the UNIX mode of directory entries\&.
-.RE
-.sp
-.RE
-There\*(Aqs a set of per share options that can be used to disable the computation of specific Mac metadata in the directory enumeration context, all are enabled by default:
-.sp
-.RS 4
-.ie n \{\
-\h'-04'\(bu\h'+03'\c
-.\}
-.el \{\
-.sp -1
-.IP \(bu 2.3
-.\}
-readdir_attr:aapl_rsize = true | false
-.RE
-.sp
-.RS 4
-.ie n \{\
-\h'-04'\(bu\h'+03'\c
-.\}
-.el \{\
-.sp -1
-.IP \(bu 2.3
-.\}
-readdir_attr:aapl_finder_info = true | false
-.RE
-.sp
-.RS 4
-.ie n \{\
-\h'-04'\(bu\h'+03'\c
-.\}
-.el \{\
-.sp -1
-.IP \(bu 2.3
-.\}
-readdir_attr:aapl_max_access = true | false
-.RE
-.sp
-.RE
-.RE
-.PP
-fruit:nfs_aces = yes | no
-.RS 4
-Whether support for querying and modifying the UNIX mode of directory entries via NFS ACEs is enabled, default
-\fIyes\fR\&.
-.RE
-.PP
fruit:veto_appledouble = yes | no
.RS 4
\fINote:\fR
@@ -324,20 +361,33 @@
\fIyes\fR\&.
.RE
.PP
-fruit:copyfile = yes | no
+fruit:posix_rename = yes | no
.RS 4
-Whether to enable OS X specific copychunk ioctl that requests a copy of a whole file along with all attached metadata\&.
+Whether to enable POSIX directory rename behaviour for OS X clients\&. Without this, directories can\*(Aqt be renamed if any client has any file inside it (recursive!) open\&.
.sp
-WARNING: the copyfile request is blocking the client while the server does the copy\&.
+The default is
+\fIyes\fR\&.
+.RE
+.PP
+readdir_attr:aapl_rsize = yes | no
+.RS 4
+Return resource fork size in SMB2 FIND responses\&.
.sp
-\&.
- The default is
-\fIno\fR\&.
+The default is
+\fIyes\fR\&.
.RE
.PP
-fruit:posix_rename = yes | no
+readdir_attr:aapl_finder_info = yes | no
.RS 4
-Whether to enable POSIX directory rename behaviour for OS X clients\&. Without this, directories can\*(Aqt be renamed if any client has any file inside it (recursive!) open\&.
+Return FinderInfo in SMB2 FIND responses\&.
+.sp
+The default is
+\fIyes\fR\&.
+.RE
+.PP
+readdir_attr:aapl_max_access = yes | no
+.RS 4
+Return the user\*(Aqs effective maximum permissions in SMB2 FIND responses\&. This is an expensive computation, setting this to off pretends the use has maximum effective permissions\&.
.sp
The default is
\fIyes\fR\&.
diff -Nru samba-4.5.8+dfsg/docs/manpages/vfs_full_audit.8 samba-4.5.12+dfsg/docs/manpages/vfs_full_audit.8
--- samba-4.5.8+dfsg/docs/manpages/vfs_full_audit.8 2017-03-31 08:29:57.000000000 +0200
+++ samba-4.5.12+dfsg/docs/manpages/vfs_full_audit.8 2017-07-12 11:24:34.000000000 +0200
@@ -2,12 +2,12 @@
.\" Title: vfs_full_audit
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\" Date: 03/31/2017
+.\" Date: 07/12/2017
.\" Manual: System Administration tools
.\" Source: Samba 4.5
.\" Language: English
.\"
-.TH "VFS_FULL_AUDIT" "8" "03/31/2017" "Samba 4\&.5" "System Administration tools"
+.TH "VFS_FULL_AUDIT" "8" "07/12/2017" "Samba 4\&.5" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -Nru samba-4.5.8+dfsg/docs/manpages/vfs_glusterfs.8 samba-4.5.12+dfsg/docs/manpages/vfs_glusterfs.8
--- samba-4.5.8+dfsg/docs/manpages/vfs_glusterfs.8 2017-03-31 08:29:58.000000000 +0200
+++ samba-4.5.12+dfsg/docs/manpages/vfs_glusterfs.8 2017-07-12 11:24:34.000000000 +0200
@@ -2,12 +2,12 @@
.\" Title: vfs_glusterfs
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\" Date: 03/31/2017
+.\" Date: 07/12/2017
.\" Manual: System Administration tools
.\" Source: Samba 4.5
.\" Language: English
.\"
-.TH "VFS_GLUSTERFS" "8" "03/31/2017" "Samba 4\&.5" "System Administration tools"
+.TH "VFS_GLUSTERFS" "8" "07/12/2017" "Samba 4\&.5" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -Nru samba-4.5.8+dfsg/docs/manpages/vfs_gpfs.8 samba-4.5.12+dfsg/docs/manpages/vfs_gpfs.8
--- samba-4.5.8+dfsg/docs/manpages/vfs_gpfs.8 2017-03-31 08:29:58.000000000 +0200
+++ samba-4.5.12+dfsg/docs/manpages/vfs_gpfs.8 2017-07-12 11:24:35.000000000 +0200
@@ -2,12 +2,12 @@
.\" Title: vfs_gpfs
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\" Date: 03/31/2017
+.\" Date: 07/12/2017
.\" Manual: System Administration tools
.\" Source: Samba 4.5
.\" Language: English
.\"
-.TH "VFS_GPFS" "8" "03/31/2017" "Samba 4\&.5" "System Administration tools"
+.TH "VFS_GPFS" "8" "07/12/2017" "Samba 4\&.5" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -Nru samba-4.5.8+dfsg/docs/manpages/vfs_linux_xfs_sgid.8 samba-4.5.12+dfsg/docs/manpages/vfs_linux_xfs_sgid.8
--- samba-4.5.8+dfsg/docs/manpages/vfs_linux_xfs_sgid.8 2017-03-31 08:29:58.000000000 +0200
+++ samba-4.5.12+dfsg/docs/manpages/vfs_linux_xfs_sgid.8 2017-07-12 11:24:35.000000000 +0200
@@ -2,12 +2,12 @@
.\" Title: vfs_syncops
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\" Date: 03/31/2017
+.\" Date: 07/12/2017
.\" Manual: System Administration tools
.\" Source: Samba 4.5
.\" Language: English
.\"
-.TH "VFS_SYNCOPS" "8" "03/31/2017" "Samba 4\&.5" "System Administration tools"
+.TH "VFS_SYNCOPS" "8" "07/12/2017" "Samba 4\&.5" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -Nru samba-4.5.8+dfsg/docs/manpages/vfs_media_harmony.8 samba-4.5.12+dfsg/docs/manpages/vfs_media_harmony.8
--- samba-4.5.8+dfsg/docs/manpages/vfs_media_harmony.8 2017-03-31 08:29:58.000000000 +0200
+++ samba-4.5.12+dfsg/docs/manpages/vfs_media_harmony.8 2017-07-12 11:24:35.000000000 +0200
@@ -2,12 +2,12 @@
.\" Title: vfs_media_harmony
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\" Date: 03/31/2017
+.\" Date: 07/12/2017
.\" Manual: System Administration tools
.\" Source: Samba 4.5
.\" Language: English
.\"
-.TH "VFS_MEDIA_HARMONY" "8" "03/31/2017" "Samba 4\&.5" "System Administration tools"
+.TH "VFS_MEDIA_HARMONY" "8" "07/12/2017" "Samba 4\&.5" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -Nru samba-4.5.8+dfsg/docs/manpages/vfs_netatalk.8 samba-4.5.12+dfsg/docs/manpages/vfs_netatalk.8
--- samba-4.5.8+dfsg/docs/manpages/vfs_netatalk.8 2017-03-31 08:29:58.000000000 +0200
+++ samba-4.5.12+dfsg/docs/manpages/vfs_netatalk.8 2017-07-12 11:24:35.000000000 +0200
@@ -2,12 +2,12 @@
.\" Title: vfs_netatalk
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\" Date: 03/31/2017
+.\" Date: 07/12/2017
.\" Manual: System Administration tools
.\" Source: Samba 4.5
.\" Language: English
.\"
-.TH "VFS_NETATALK" "8" "03/31/2017" "Samba 4\&.5" "System Administration tools"
+.TH "VFS_NETATALK" "8" "07/12/2017" "Samba 4\&.5" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -Nru samba-4.5.8+dfsg/docs/manpages/vfs_offline.8 samba-4.5.12+dfsg/docs/manpages/vfs_offline.8
--- samba-4.5.8+dfsg/docs/manpages/vfs_offline.8 2017-03-31 08:29:59.000000000 +0200
+++ samba-4.5.12+dfsg/docs/manpages/vfs_offline.8 2017-07-12 11:24:36.000000000 +0200
@@ -2,12 +2,12 @@
.\" Title: vfs_offline
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\" Date: 03/31/2017
+.\" Date: 07/12/2017
.\" Manual: System Administration tools
.\" Source: Samba 4.5
.\" Language: English
.\"
-.TH "VFS_OFFLINE" "8" "03/31/2017" "Samba 4\&.5" "System Administration tools"
+.TH "VFS_OFFLINE" "8" "07/12/2017" "Samba 4\&.5" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -Nru samba-4.5.8+dfsg/docs/manpages/vfs_prealloc.8 samba-4.5.12+dfsg/docs/manpages/vfs_prealloc.8
--- samba-4.5.8+dfsg/docs/manpages/vfs_prealloc.8 2017-03-31 08:29:59.000000000 +0200
+++ samba-4.5.12+dfsg/docs/manpages/vfs_prealloc.8 2017-07-12 11:24:36.000000000 +0200
@@ -2,12 +2,12 @@
.\" Title: vfs_prealloc
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\" Date: 03/31/2017
+.\" Date: 07/12/2017
.\" Manual: System Administration tools
.\" Source: Samba 4.5
.\" Language: English
.\"
-.TH "VFS_PREALLOC" "8" "03/31/2017" "Samba 4\&.5" "System Administration tools"
+.TH "VFS_PREALLOC" "8" "07/12/2017" "Samba 4\&.5" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -Nru samba-4.5.8+dfsg/docs/manpages/vfs_preopen.8 samba-4.5.12+dfsg/docs/manpages/vfs_preopen.8
--- samba-4.5.8+dfsg/docs/manpages/vfs_preopen.8 2017-03-31 08:29:59.000000000 +0200
+++ samba-4.5.12+dfsg/docs/manpages/vfs_preopen.8 2017-07-12 11:24:36.000000000 +0200
@@ -2,12 +2,12 @@
.\" Title: vfs_preopen
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\" Date: 03/31/2017
+.\" Date: 07/12/2017
.\" Manual: System Administration tools
.\" Source: Samba 4.5
.\" Language: English
.\"
-.TH "VFS_PREOPEN" "8" "03/31/2017" "Samba 4\&.5" "System Administration tools"
+.TH "VFS_PREOPEN" "8" "07/12/2017" "Samba 4\&.5" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -Nru samba-4.5.8+dfsg/docs/manpages/vfs_readahead.8 samba-4.5.12+dfsg/docs/manpages/vfs_readahead.8
--- samba-4.5.8+dfsg/docs/manpages/vfs_readahead.8 2017-03-31 08:29:59.000000000 +0200
+++ samba-4.5.12+dfsg/docs/manpages/vfs_readahead.8 2017-07-12 11:24:36.000000000 +0200
@@ -2,12 +2,12 @@
.\" Title: vfs_readahead
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\" Date: 03/31/2017
+.\" Date: 07/12/2017
.\" Manual: System Administration tools
.\" Source: Samba 4.5
.\" Language: English
.\"
-.TH "VFS_READAHEAD" "8" "03/31/2017" "Samba 4\&.5" "System Administration tools"
+.TH "VFS_READAHEAD" "8" "07/12/2017" "Samba 4\&.5" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -Nru samba-4.5.8+dfsg/docs/manpages/vfs_readonly.8 samba-4.5.12+dfsg/docs/manpages/vfs_readonly.8
--- samba-4.5.8+dfsg/docs/manpages/vfs_readonly.8 2017-03-31 08:30:00.000000000 +0200
+++ samba-4.5.12+dfsg/docs/manpages/vfs_readonly.8 2017-07-12 11:24:37.000000000 +0200
@@ -2,12 +2,12 @@
.\" Title: vfs_readonly
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\" Date: 03/31/2017
+.\" Date: 07/12/2017
.\" Manual: System Administration tools
.\" Source: Samba 4.5
.\" Language: English
.\"
-.TH "VFS_READONLY" "8" "03/31/2017" "Samba 4\&.5" "System Administration tools"
+.TH "VFS_READONLY" "8" "07/12/2017" "Samba 4\&.5" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -Nru samba-4.5.8+dfsg/docs/manpages/vfs_recycle.8 samba-4.5.12+dfsg/docs/manpages/vfs_recycle.8
--- samba-4.5.8+dfsg/docs/manpages/vfs_recycle.8 2017-03-31 08:30:00.000000000 +0200
+++ samba-4.5.12+dfsg/docs/manpages/vfs_recycle.8 2017-07-12 11:24:37.000000000 +0200
@@ -2,12 +2,12 @@
.\" Title: vfs_recycle
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\" Date: 03/31/2017
+.\" Date: 07/12/2017
.\" Manual: System Administration tools
.\" Source: Samba 4.5
.\" Language: English
.\"
-.TH "VFS_RECYCLE" "8" "03/31/2017" "Samba 4\&.5" "System Administration tools"
+.TH "VFS_RECYCLE" "8" "07/12/2017" "Samba 4\&.5" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -Nru samba-4.5.8+dfsg/docs/manpages/vfs_shadow_copy2.8 samba-4.5.12+dfsg/docs/manpages/vfs_shadow_copy2.8
--- samba-4.5.8+dfsg/docs/manpages/vfs_shadow_copy2.8 2017-03-31 08:30:00.000000000 +0200
+++ samba-4.5.12+dfsg/docs/manpages/vfs_shadow_copy2.8 2017-07-12 11:24:37.000000000 +0200
@@ -2,12 +2,12 @@
.\" Title: vfs_shadow_copy2
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\" Date: 03/31/2017
+.\" Date: 07/12/2017
.\" Manual: System Administration tools
.\" Source: Samba 4.5
.\" Language: English
.\"
-.TH "VFS_SHADOW_COPY2" "8" "03/31/2017" "Samba 4\&.5" "System Administration tools"
+.TH "VFS_SHADOW_COPY2" "8" "07/12/2017" "Samba 4\&.5" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -Nru samba-4.5.8+dfsg/docs/manpages/vfs_shadow_copy.8 samba-4.5.12+dfsg/docs/manpages/vfs_shadow_copy.8
--- samba-4.5.8+dfsg/docs/manpages/vfs_shadow_copy.8 2017-03-31 08:30:00.000000000 +0200
+++ samba-4.5.12+dfsg/docs/manpages/vfs_shadow_copy.8 2017-07-12 11:24:37.000000000 +0200
@@ -2,12 +2,12 @@
.\" Title: vfs_shadow_copy
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\" Date: 03/31/2017
+.\" Date: 07/12/2017
.\" Manual: System Administration tools
.\" Source: Samba 4.5
.\" Language: English
.\"
-.TH "VFS_SHADOW_COPY" "8" "03/31/2017" "Samba 4\&.5" "System Administration tools"
+.TH "VFS_SHADOW_COPY" "8" "07/12/2017" "Samba 4\&.5" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -Nru samba-4.5.8+dfsg/docs/manpages/vfs_shell_snap.8 samba-4.5.12+dfsg/docs/manpages/vfs_shell_snap.8
--- samba-4.5.8+dfsg/docs/manpages/vfs_shell_snap.8 2017-03-31 08:30:00.000000000 +0200
+++ samba-4.5.12+dfsg/docs/manpages/vfs_shell_snap.8 2017-07-12 11:24:38.000000000 +0200
@@ -2,12 +2,12 @@
.\" Title: vfs_shell_snap
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\" Date: 03/31/2017
+.\" Date: 07/12/2017
.\" Manual: System Administration tools
.\" Source: Samba 4.5
.\" Language: English
.\"
-.TH "VFS_SHELL_SNAP" "8" "03/31/2017" "Samba 4\&.5" "System Administration tools"
+.TH "VFS_SHELL_SNAP" "8" "07/12/2017" "Samba 4\&.5" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -Nru samba-4.5.8+dfsg/docs/manpages/vfs_snapper.8 samba-4.5.12+dfsg/docs/manpages/vfs_snapper.8
--- samba-4.5.8+dfsg/docs/manpages/vfs_snapper.8 2017-03-31 08:30:01.000000000 +0200
+++ samba-4.5.12+dfsg/docs/manpages/vfs_snapper.8 2017-07-12 11:24:38.000000000 +0200
@@ -2,12 +2,12 @@
.\" Title: vfs_snapper
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\" Date: 03/31/2017
+.\" Date: 07/12/2017
.\" Manual: System Administration tools
.\" Source: Samba 4.5
.\" Language: English
.\"
-.TH "VFS_SNAPPER" "8" "03/31/2017" "Samba 4\&.5" "System Administration tools"
+.TH "VFS_SNAPPER" "8" "07/12/2017" "Samba 4\&.5" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -Nru samba-4.5.8+dfsg/docs/manpages/vfs_streams_depot.8 samba-4.5.12+dfsg/docs/manpages/vfs_streams_depot.8
--- samba-4.5.8+dfsg/docs/manpages/vfs_streams_depot.8 2017-03-31 08:30:01.000000000 +0200
+++ samba-4.5.12+dfsg/docs/manpages/vfs_streams_depot.8 2017-07-12 11:24:38.000000000 +0200
@@ -2,12 +2,12 @@
.\" Title: vfs_streams_depot
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\" Date: 03/31/2017
+.\" Date: 07/12/2017
.\" Manual: System Administration tools
.\" Source: Samba 4.5
.\" Language: English
.\"
-.TH "VFS_STREAMS_DEPOT" "8" "03/31/2017" "Samba 4\&.5" "System Administration tools"
+.TH "VFS_STREAMS_DEPOT" "8" "07/12/2017" "Samba 4\&.5" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -Nru samba-4.5.8+dfsg/docs/manpages/vfs_streams_xattr.8 samba-4.5.12+dfsg/docs/manpages/vfs_streams_xattr.8
--- samba-4.5.8+dfsg/docs/manpages/vfs_streams_xattr.8 2017-03-31 08:30:01.000000000 +0200
+++ samba-4.5.12+dfsg/docs/manpages/vfs_streams_xattr.8 2017-07-12 11:24:38.000000000 +0200
@@ -2,12 +2,12 @@
.\" Title: vfs_streams_xattr
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\" Date: 03/31/2017
+.\" Date: 07/12/2017
.\" Manual: System Administration tools
.\" Source: Samba 4.5
.\" Language: English
.\"
-.TH "VFS_STREAMS_XATTR" "8" "03/31/2017" "Samba 4\&.5" "System Administration tools"
+.TH "VFS_STREAMS_XATTR" "8" "07/12/2017" "Samba 4\&.5" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -Nru samba-4.5.8+dfsg/docs/manpages/vfs_syncops.8 samba-4.5.12+dfsg/docs/manpages/vfs_syncops.8
--- samba-4.5.8+dfsg/docs/manpages/vfs_syncops.8 2017-03-31 08:30:01.000000000 +0200
+++ samba-4.5.12+dfsg/docs/manpages/vfs_syncops.8 2017-07-12 11:24:39.000000000 +0200
@@ -2,12 +2,12 @@
.\" Title: vfs_syncops
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\" Date: 03/31/2017
+.\" Date: 07/12/2017
.\" Manual: System Administration tools
.\" Source: Samba 4.5
.\" Language: English
.\"
-.TH "VFS_SYNCOPS" "8" "03/31/2017" "Samba 4\&.5" "System Administration tools"
+.TH "VFS_SYNCOPS" "8" "07/12/2017" "Samba 4\&.5" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -Nru samba-4.5.8+dfsg/docs/manpages/vfstest.1 samba-4.5.12+dfsg/docs/manpages/vfstest.1
--- samba-4.5.8+dfsg/docs/manpages/vfstest.1 2017-03-31 08:30:03.000000000 +0200
+++ samba-4.5.12+dfsg/docs/manpages/vfstest.1 2017-07-12 11:24:40.000000000 +0200
@@ -2,12 +2,12 @@
.\" Title: vfstest
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\" Date: 03/31/2017
+.\" Date: 07/12/2017
.\" Manual: User Commands
.\" Source: Samba 4.5
.\" Language: English
.\"
-.TH "VFSTEST" "1" "03/31/2017" "Samba 4\&.5" "User Commands"
+.TH "VFSTEST" "1" "07/12/2017" "Samba 4\&.5" "User Commands"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
@@ -47,12 +47,59 @@
Execute the specified (\fBsemicolon\fR\-separated) commands\&. See below for the commands that are available\&.
.RE
.PP
+\-?|\-\-help
+.RS 4
+Print a summary of command line options\&.
+.RE
+.PP
\-l|\-\-logfile=logbasename
.RS 4
File name for log/debug files\&. The extension
\fB\*(Aq\&.client\*(Aq\fR
will be appended\&. The log file is never removed by the client\&.
.RE
+.PP
+\-d|\-\-debuglevel=level
+.RS 4
+\fIlevel\fR
+is an integer from 0 to 10\&. The default value if this parameter is not specified is 0\&.
+.sp
+The higher this value, the more detail will be logged to the log files about the activities of the server\&. At level 0, only critical errors and serious warnings will be logged\&. Level 1 is a reasonable level for day\-to\-day running \- it generates a small amount of information about operations carried out\&.
+.sp
+Levels above 1 will generate considerable amounts of log data, and should only be used when investigating a problem\&. Levels above 3 are designed for use only by developers and generate HUGE amounts of log data, most of which is extremely cryptic\&.
+.sp
+Note that specifying this parameter here will override the
+\m[blue]\fBlog level\fR\m[]
+parameter in the
+smb\&.conf
+file\&.
+.RE
+.PP
+\-V|\-\-version
+.RS 4
+Prints the program version number\&.
+.RE
+.PP
+\-s|\-\-configfile=<configuration file>
+.RS 4
+The file specified contains the configuration details required by the server\&. The information in this file includes server\-specific information such as what printcap file to use, as well as descriptions of all the services that the server is to provide\&. See
+smb\&.conf
+for more information\&. The default configuration file name is determined at compile time\&.
+.RE
+.PP
+\-l|\-\-log\-basename=logdirectory
+.RS 4
+Base directory name for log/debug files\&. The extension
+\fB"\&.progname"\fR
+will be appended (e\&.g\&. log\&.smbclient, log\&.smbd, etc\&.\&.\&.)\&. The log file is never removed by the client\&.
+.RE
+.PP
+\-\-option=<name>=<value>
+.RS 4
+Set the
+\fBsmb.conf\fR(5)
+option "<name>" to value "<value>" from the command line\&. This overrides compiled\-in defaults and options read from the configuration file\&.
+.RE
.SH "COMMANDS"
.PP
\fIVFS COMMANDS\fR
diff -Nru samba-4.5.8+dfsg/docs/manpages/vfs_time_audit.8 samba-4.5.12+dfsg/docs/manpages/vfs_time_audit.8
--- samba-4.5.8+dfsg/docs/manpages/vfs_time_audit.8 2017-03-31 08:30:02.000000000 +0200
+++ samba-4.5.12+dfsg/docs/manpages/vfs_time_audit.8 2017-07-12 11:24:39.000000000 +0200
@@ -2,12 +2,12 @@
.\" Title: vfs_time_audit
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\" Date: 03/31/2017
+.\" Date: 07/12/2017
.\" Manual: System Administration tools
.\" Source: Samba 4.5
.\" Language: English
.\"
-.TH "VFS_TIME_AUDIT" "8" "03/31/2017" "Samba 4\&.5" "System Administration tools"
+.TH "VFS_TIME_AUDIT" "8" "07/12/2017" "Samba 4\&.5" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -Nru samba-4.5.8+dfsg/docs/manpages/vfs_tsmsm.8 samba-4.5.12+dfsg/docs/manpages/vfs_tsmsm.8
--- samba-4.5.8+dfsg/docs/manpages/vfs_tsmsm.8 2017-03-31 08:30:02.000000000 +0200
+++ samba-4.5.12+dfsg/docs/manpages/vfs_tsmsm.8 2017-07-12 11:24:39.000000000 +0200
@@ -2,12 +2,12 @@
.\" Title: vfs_tsmsm
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\" Date: 03/31/2017
+.\" Date: 07/12/2017
.\" Manual: System Administration tools
.\" Source: Samba 4.5
.\" Language: English
.\"
-.TH "VFS_TSMSM" "8" "03/31/2017" "Samba 4\&.5" "System Administration tools"
+.TH "VFS_TSMSM" "8" "07/12/2017" "Samba 4\&.5" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -Nru samba-4.5.8+dfsg/docs/manpages/vfs_unityed_media.8 samba-4.5.12+dfsg/docs/manpages/vfs_unityed_media.8
--- samba-4.5.8+dfsg/docs/manpages/vfs_unityed_media.8 2017-03-31 08:30:02.000000000 +0200
+++ samba-4.5.12+dfsg/docs/manpages/vfs_unityed_media.8 2017-07-12 11:24:39.000000000 +0200
@@ -2,12 +2,12 @@
.\" Title: vfs_unityed_media
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\" Date: 03/31/2017
+.\" Date: 07/12/2017
.\" Manual: System Administration tools
.\" Source: Samba 4.5
.\" Language: English
.\"
-.TH "VFS_UNITYED_MEDIA" "8" "03/31/2017" "Samba 4\&.5" "System Administration tools"
+.TH "VFS_UNITYED_MEDIA" "8" "07/12/2017" "Samba 4\&.5" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -Nru samba-4.5.8+dfsg/docs/manpages/vfs_worm.8 samba-4.5.12+dfsg/docs/manpages/vfs_worm.8
--- samba-4.5.8+dfsg/docs/manpages/vfs_worm.8 2017-03-31 08:30:02.000000000 +0200
+++ samba-4.5.12+dfsg/docs/manpages/vfs_worm.8 2017-07-12 11:24:40.000000000 +0200
@@ -2,12 +2,12 @@
.\" Title: vfs_worm
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\" Date: 03/31/2017
+.\" Date: 07/12/2017
.\" Manual: System Administration tools
.\" Source: Samba 4.5
.\" Language: English
.\"
-.TH "VFS_WORM" "8" "03/31/2017" "Samba 4\&.5" "System Administration tools"
+.TH "VFS_WORM" "8" "07/12/2017" "Samba 4\&.5" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -Nru samba-4.5.8+dfsg/docs/manpages/vfs_xattr_tdb.8 samba-4.5.12+dfsg/docs/manpages/vfs_xattr_tdb.8
--- samba-4.5.8+dfsg/docs/manpages/vfs_xattr_tdb.8 2017-03-31 08:30:03.000000000 +0200
+++ samba-4.5.12+dfsg/docs/manpages/vfs_xattr_tdb.8 2017-07-12 11:24:40.000000000 +0200
@@ -2,12 +2,12 @@
.\" Title: vfs_xattr_tdb
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\" Date: 03/31/2017
+.\" Date: 07/12/2017
.\" Manual: System Administration tools
.\" Source: Samba 4.5
.\" Language: English
.\"
-.TH "VFS_XATTR_TDB" "8" "03/31/2017" "Samba 4\&.5" "System Administration tools"
+.TH "VFS_XATTR_TDB" "8" "07/12/2017" "Samba 4\&.5" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -Nru samba-4.5.8+dfsg/docs/manpages/vfs_zfsacl.8 samba-4.5.12+dfsg/docs/manpages/vfs_zfsacl.8
--- samba-4.5.8+dfsg/docs/manpages/vfs_zfsacl.8 2017-03-31 08:30:03.000000000 +0200
+++ samba-4.5.12+dfsg/docs/manpages/vfs_zfsacl.8 2017-07-12 11:24:40.000000000 +0200
@@ -2,12 +2,12 @@
.\" Title: vfs_zfsacl
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\" Date: 03/31/2017
+.\" Date: 07/12/2017
.\" Manual: System Administration tools
.\" Source: Samba 4.5
.\" Language: English
.\"
-.TH "VFS_ZFSACL" "8" "03/31/2017" "Samba 4\&.5" "System Administration tools"
+.TH "VFS_ZFSACL" "8" "07/12/2017" "Samba 4\&.5" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -Nru samba-4.5.8+dfsg/docs/manpages/wbinfo.1 samba-4.5.12+dfsg/docs/manpages/wbinfo.1
--- samba-4.5.8+dfsg/docs/manpages/wbinfo.1 2017-03-31 08:30:03.000000000 +0200
+++ samba-4.5.12+dfsg/docs/manpages/wbinfo.1 2017-07-12 11:24:41.000000000 +0200
@@ -2,12 +2,12 @@
.\" Title: wbinfo
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\" Date: 03/31/2017
+.\" Date: 07/12/2017
.\" Manual: User Commands
.\" Source: Samba 4.5
.\" Language: English
.\"
-.TH "WBINFO" "1" "03/31/2017" "Samba 4\&.5" "User Commands"
+.TH "WBINFO" "1" "07/12/2017" "Samba 4\&.5" "User Commands"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
@@ -415,6 +415,16 @@
\fBwinbindd\fR(8)
then the operation will fail\&.
.RE
+.PP
+\-V|\-\-version
+.RS 4
+Prints the program version number\&.
+.RE
+.PP
+\-?|\-\-help
+.RS 4
+Print a summary of command line options\&.
+.RE
.SH "EXIT STATUS"
.PP
The wbinfo program returns 0 if the operation succeeded, or 1 if the operation failed\&. If the
diff -Nru samba-4.5.8+dfsg/docs/manpages/winbindd.8 samba-4.5.12+dfsg/docs/manpages/winbindd.8
--- samba-4.5.8+dfsg/docs/manpages/winbindd.8 2017-03-31 08:30:04.000000000 +0200
+++ samba-4.5.12+dfsg/docs/manpages/winbindd.8 2017-07-12 11:24:41.000000000 +0200
@@ -2,12 +2,12 @@
.\" Title: winbindd
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\" Date: 03/31/2017
+.\" Date: 07/12/2017
.\" Manual: System Administration tools
.\" Source: Samba 4.5
.\" Language: English
.\"
-.TH "WINBINDD" "8" "03/31/2017" "Samba 4\&.5" "System Administration tools"
+.TH "WINBINDD" "8" "07/12/2017" "Samba 4\&.5" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
@@ -172,6 +172,58 @@
to log to standard output rather than a file\&.
.RE
.PP
+\-d|\-\-debuglevel=level
+.RS 4
+\fIlevel\fR
+is an integer from 0 to 10\&. The default value if this parameter is not specified is 0\&.
+.sp
+The higher this value, the more detail will be logged to the log files about the activities of the server\&. At level 0, only critical errors and serious warnings will be logged\&. Level 1 is a reasonable level for day\-to\-day running \- it generates a small amount of information about operations carried out\&.
+.sp
+Levels above 1 will generate considerable amounts of log data, and should only be used when investigating a problem\&. Levels above 3 are designed for use only by developers and generate HUGE amounts of log data, most of which is extremely cryptic\&.
+.sp
+Note that specifying this parameter here will override the
+\m[blue]\fBlog level\fR\m[]
+parameter in the
+smb\&.conf
+file\&.
+.RE
+.PP
+\-V|\-\-version
+.RS 4
+Prints the program version number\&.
+.RE
+.PP
+\-s|\-\-configfile=<configuration file>
+.RS 4
+The file specified contains the configuration details required by the server\&. The information in this file includes server\-specific information such as what printcap file to use, as well as descriptions of all the services that the server is to provide\&. See
+smb\&.conf
+for more information\&. The default configuration file name is determined at compile time\&.
+.RE
+.PP
+\-l|\-\-log\-basename=logdirectory
+.RS 4
+Base directory name for log/debug files\&. The extension
+\fB"\&.progname"\fR
+will be appended (e\&.g\&. log\&.smbclient, log\&.smbd, etc\&.\&.\&.)\&. The log file is never removed by the client\&.
+.RE
+.PP
+\-\-option=<name>=<value>
+.RS 4
+Set the
+\fBsmb.conf\fR(5)
+option "<name>" to value "<value>" from the command line\&. This overrides compiled\-in defaults and options read from the configuration file\&.
+.RE
+.PP
+\-?|\-\-help
+.RS 4
+Print a summary of command line options\&.
+.RE
+.PP
+\-\-usage
+.RS 4
+Display brief usage message\&.
+.RE
+.PP
\-i|\-\-interactive
.RS 4
Tells
diff -Nru samba-4.5.8+dfsg/docs/manpages/winbind_krb5_locator.7 samba-4.5.12+dfsg/docs/manpages/winbind_krb5_locator.7
--- samba-4.5.8+dfsg/docs/manpages/winbind_krb5_locator.7 2017-03-31 08:30:03.000000000 +0200
+++ samba-4.5.12+dfsg/docs/manpages/winbind_krb5_locator.7 2017-07-12 11:24:41.000000000 +0200
@@ -2,12 +2,12 @@
.\" Title: winbind_krb5_locator
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\" Date: 03/31/2017
+.\" Date: 07/12/2017
.\" Manual: 7
.\" Source: Samba 4.5
.\" Language: English
.\"
-.TH "WINBIND_KRB5_LOCATOR" "7" "03/31/2017" "Samba 4\&.5" "7"
+.TH "WINBIND_KRB5_LOCATOR" "7" "07/12/2017" "Samba 4\&.5" "7"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -Nru samba-4.5.8+dfsg/docs-xml/manpages/vfs_fruit.8.xml samba-4.5.12+dfsg/docs-xml/manpages/vfs_fruit.8.xml
--- samba-4.5.8+dfsg/docs-xml/manpages/vfs_fruit.8.xml 2017-03-09 10:21:43.000000000 +0100
+++ samba-4.5.12+dfsg/docs-xml/manpages/vfs_fruit.8.xml 2017-05-22 19:48:32.000000000 +0200
@@ -79,8 +79,98 @@
</refsect1>
<refsect1>
+ <title>GLOBAL OPTIONS</title>
+
+ <para>The following options must be set in the global smb.conf section
+ and won't take effect when set per share.</para>
+
+ <variablelist>
+
+ <varlistentry>
+ <term>fruit:aapl = yes | no</term>
+ <listitem>
+ <para>A <emphasis>global</emphasis> option whether to enable Apple's SMB2+
+ extension codenamed AAPL. Default
+ <emphasis>yes</emphasis>. This extension enhances
+ several deficiencies when connecting from Macs:</para>
+
+ <itemizedlist>
+ <listitem><para>directory enumeration is enriched with
+ Mac relevant filesystem metadata (UNIX mode,
+ FinderInfo, resource fork size and effective
+ permission), as a result the Mac client doesn't need
+ to fetch this metadata individuallly per directory
+ entry resulting in an often tremendous performance
+ increase.</para></listitem>
+
+ <listitem><para>The ability to query and modify the
+ UNIX mode of directory entries.</para></listitem>
+ </itemizedlist>
+
+ <para>There's a set of per share options that come into play when
+ <emphasis>fruit:aapl</emphasis> is enabled. These opions, listed
+ below, can be used to disable the computation of specific Mac
+ metadata in the directory enumeration context, all are enabled by
+ default:</para>
+
+ <itemizedlist>
+ <listitem><para>readdir_attr:aapl_rsize = yes | no</para></listitem>
+ <listitem><para>readdir_attr:aapl_finder_info = yes | no</para></listitem>
+ <listitem><para>readdir_attr:aapl_max_access = yes | no</para></listitem>
+ </itemizedlist>
+
+ <para>See below for a description of these options.</para>
+
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>fruit:nfs_aces = yes | no</term>
+ <listitem>
+ <para>A <emphasis>global</emphasis> option whether support for
+ querying and modifying the UNIX mode of directory entries via NFS
+ ACEs is enabled, default <emphasis>yes</emphasis>.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>fruit:copyfile = yes | no</term>
+ <listitem>
+ <para>A <emphasis>global</emphasis> option whether to enable OS X
+ specific copychunk ioctl that requests a copy of a whole file
+ along with all attached metadata.</para>
+ <para>WARNING: the copyfile request is blocking the
+ client while the server does the copy.</para>.
+ <para>The default is <emphasis>no</emphasis>.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>fruit:zero_file_id = yes | no</term>
+ <listitem>
+ <para>A <emphasis>global</emphasis> option whether to return
+ zero to queries of on-disk file identifier, if the client
+ has negotiated AAPL.</para>
+ <para>Mac applications and / or the Mac SMB
+ client code expect the on-disk file identifier to have the
+ semantics of HFS+ Catalog Node Identifier (CNID). Samba
+ doesn't provide those semantics, and that occasionally cause
+ usability issues or even data loss. Returning a file identifier
+ of zero causes the Mac client to stop using and trusting the
+ file id returned from the server.</para>
+ <para>The default is <emphasis>yes</emphasis>.</para>
+ </listitem>
+ </varlistentry>
+
+ </variablelist>
+</refsect1>
+
+<refsect1>
<title>OPTIONS</title>
+ <para>The following options can be set either in the global smb.conf section
+ or per share.</para>
+
<variablelist>
<varlistentry>
@@ -189,50 +279,6 @@
</varlistentry>
<varlistentry>
- <term>fruit:aapl = yes | no</term>
- <listitem>
- <para>A global option whether to enable Apple's SMB2+
- extension codenamed AAPL. Default
- <emphasis>yes</emphasis>. This extension enhances
- several deficiencies when connecting from Macs:</para>
-
- <itemizedlist>
- <listitem><para>directory enumeration is enriched with
- Mac relevant filesystem metadata (UNIX mode,
- FinderInfo, resource fork size and effective
- permission), as a result the Mac client doesn't need
- to fetch this metadata individuallly per directory
- entry resulting in an often tremendous performance
- increase.</para></listitem>
-
- <listitem><para>The ability to query and modify the
- UNIX mode of directory entries.</para></listitem>
- </itemizedlist>
-
- <para>There's a set of per share options that can be
- used to disable the computation of specific Mac metadata
- in the directory enumeration context, all are enabled by
- default:</para>
-
- <itemizedlist>
- <listitem><para>readdir_attr:aapl_rsize = true | false</para></listitem>
- <listitem><para>readdir_attr:aapl_finder_info = true | false</para></listitem>
- <listitem><para>readdir_attr:aapl_max_access = true | false</para></listitem>
- </itemizedlist>
-
- </listitem>
- </varlistentry>
-
- <varlistentry>
- <term>fruit:nfs_aces = yes | no</term>
- <listitem>
- <para>Whether support for querying and modifying the
- UNIX mode of directory entries via NFS ACEs is enabled,
- default <emphasis>yes</emphasis>.</para>
- </listitem>
- </varlistentry>
-
- <varlistentry>
<term>fruit:veto_appledouble = yes | no</term>
<listitem>
<para><emphasis>Note:</emphasis> this option only applies when
@@ -254,18 +300,6 @@
</varlistentry>
<varlistentry>
- <term>fruit:copyfile = yes | no</term>
- <listitem>
- <para>Whether to enable OS X specific copychunk ioctl
- that requests a copy of a whole file along with all
- attached metadata.</para>
- <para>WARNING: the copyfile request is blocking the
- client while the server does the copy.</para>.
- <para>The default is <emphasis>no</emphasis>.</para>
- </listitem>
- </varlistentry>
-
- <varlistentry>
<term>fruit:posix_rename = yes | no</term>
<listitem>
<para>Whether to enable POSIX directory rename behaviour
@@ -275,6 +309,32 @@
<para>The default is <emphasis>yes</emphasis>.</para>
</listitem>
</varlistentry>
+
+ <varlistentry>
+ <term>readdir_attr:aapl_rsize = yes | no</term>
+ <listitem>
+ <para>Return resource fork size in SMB2 FIND responses.</para>
+ <para>The default is <emphasis>yes</emphasis>.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>readdir_attr:aapl_finder_info = yes | no</term>
+ <listitem>
+ <para>Return FinderInfo in SMB2 FIND responses.</para>
+ <para>The default is <emphasis>yes</emphasis>.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>readdir_attr:aapl_max_access = yes | no</term>
+ <listitem>
+ <para>Return the user's effective maximum permissions in SMB2 FIND
+ responses. This is an expensive computation, setting this to off
+ pretends the use has maximum effective permissions.</para>
+ <para>The default is <emphasis>yes</emphasis>.</para>
+ </listitem>
+ </varlistentry>
</variablelist>
</refsect1>
diff -Nru samba-4.5.8+dfsg/lib/ldb/wscript samba-4.5.12+dfsg/lib/ldb/wscript
--- samba-4.5.8+dfsg/lib/ldb/wscript 2016-08-11 09:51:04.000000000 +0200
+++ samba-4.5.12+dfsg/lib/ldb/wscript 2017-07-12 08:39:24.000000000 +0200
@@ -55,11 +55,26 @@
conf.env.standalone_ldb = conf.IN_LAUNCH_DIR()
if not conf.env.standalone_ldb:
- if conf.CHECK_BUNDLED_SYSTEM_PKG('pyldb-util', minversion=VERSION,
+ #
+ # ldb >= 1.2.0 (as well as 1.1.30 and 1.1.31) are
+ # incompatible with Samba < 4.7
+ #
+ # See https://bugzilla.samba.org/show_bug.cgi?id=12859
+ #
+ maxversion = "1.1.99"
+ version_blacklist = ["1.1.30", "1.1.31"]
+
+ if conf.CHECK_BUNDLED_SYSTEM_PKG('pyldb-util',
+ minversion=VERSION,
+ maxversion=maxversion,
+ version_blacklist=version_blacklist,
onlyif='talloc tdb tevent',
implied_deps='replace talloc tdb tevent ldb'):
conf.define('USING_SYSTEM_PYLDB_UTIL', 1)
- if conf.CHECK_BUNDLED_SYSTEM_PKG('ldb', minversion=VERSION,
+ if conf.CHECK_BUNDLED_SYSTEM_PKG('ldb',
+ minversion=VERSION,
+ maxversion=maxversion,
+ version_blacklist=version_blacklist,
onlyif='talloc tdb tevent pyldb-util',
implied_deps='replace talloc tdb tevent'):
conf.define('USING_SYSTEM_LDB', 1)
diff -Nru samba-4.5.8+dfsg/lib/replace/replace.h samba-4.5.12+dfsg/lib/replace/replace.h
--- samba-4.5.8+dfsg/lib/replace/replace.h 2016-08-11 09:51:04.000000000 +0200
+++ samba-4.5.12+dfsg/lib/replace/replace.h 2017-05-22 19:48:32.000000000 +0200
@@ -171,6 +171,10 @@
#include <sys/types.h>
#endif
+#ifdef HAVE_SYS_SYSMACROS_H
+#include <sys/sysmacros.h>
+#endif
+
#ifdef HAVE_SETPROCTITLE_H
#include <setproctitle.h>
#endif
diff -Nru samba-4.5.8+dfsg/lib/torture/torture.h samba-4.5.12+dfsg/lib/torture/torture.h
--- samba-4.5.8+dfsg/lib/torture/torture.h 2017-03-09 10:21:43.000000000 +0100
+++ samba-4.5.12+dfsg/lib/torture/torture.h 2017-05-22 19:48:32.000000000 +0200
@@ -367,6 +367,16 @@
} \
} while(0)
+#define torture_assert_mem_not_equal_goto(torture_ctx,got,expected,len,ret,label,cmt) \
+ do { const void *__got = (got), *__expected = (expected); \
+ if (memcmp(__got, __expected, len) == 0) { \
+ torture_result(torture_ctx, TORTURE_FAIL, \
+ __location__": "#got" of len %d unexpectedly matches "#expected": %s", (int)len, cmt); \
+ ret = false; \
+ goto label; \
+ } \
+ } while(0)
+
static inline void torture_dump_data_str_cb(const char *buf, void *private_data)
{
char **dump = (char **)private_data;
diff -Nru samba-4.5.8+dfsg/lib/util/debug.c samba-4.5.12+dfsg/lib/util/debug.c
--- samba-4.5.8+dfsg/lib/util/debug.c 2016-08-11 09:51:04.000000000 +0200
+++ samba-4.5.12+dfsg/lib/util/debug.c 2017-06-19 15:18:24.000000000 +0200
@@ -396,7 +396,7 @@
* a buffer without the newline character.
*/
len = MIN(strlen(msg), FORMAT_BUFR_SIZE - 1);
- if (msg[len - 1] == '\n') {
+ if ((len > 0) && (msg[len - 1] == '\n')) {
len--;
}
diff -Nru samba-4.5.8+dfsg/libcli/smb/smbXcli_base.c samba-4.5.12+dfsg/libcli/smb/smbXcli_base.c
--- samba-4.5.8+dfsg/libcli/smb/smbXcli_base.c 2016-08-11 09:51:04.000000000 +0200
+++ samba-4.5.12+dfsg/libcli/smb/smbXcli_base.c 2017-07-12 08:39:24.000000000 +0200
@@ -5192,6 +5192,21 @@
tevent_req_done(req);
return;
}
+ if (NT_STATUS_EQUAL(status, NT_STATUS_NOT_SUPPORTED)) {
+ /*
+ * The response was signed, but not supported
+ *
+ * This might be returned by older Windows versions or by
+ * NetApp SMB server implementations.
+ *
+ * See
+ *
+ * https://blogs.msdn.microsoft.com/openspecification/2012/06/28/smb3-secure-dialect-negotiation/
+ *
+ */
+ tevent_req_done(req);
+ return;
+ }
if (tevent_req_nterror(req, status)) {
return;
}
@@ -5974,6 +5989,38 @@
return tcon;
}
+/*
+ * Return a deep structure copy of a struct smbXcli_tcon *
+ */
+
+struct smbXcli_tcon *smbXcli_tcon_copy(TALLOC_CTX *mem_ctx,
+ const struct smbXcli_tcon *tcon_in)
+{
+ struct smbXcli_tcon *tcon;
+
+ tcon = talloc_memdup(mem_ctx, tcon_in, sizeof(struct smbXcli_tcon));
+ if (tcon == NULL) {
+ return NULL;
+ }
+
+ /* Deal with the SMB1 strings. */
+ if (tcon_in->smb1.service != NULL) {
+ tcon->smb1.service = talloc_strdup(tcon, tcon_in->smb1.service);
+ if (tcon->smb1.service == NULL) {
+ TALLOC_FREE(tcon);
+ return NULL;
+ }
+ }
+ if (tcon->smb1.fs_type != NULL) {
+ tcon->smb1.fs_type = talloc_strdup(tcon, tcon_in->smb1.fs_type);
+ if (tcon->smb1.fs_type == NULL) {
+ TALLOC_FREE(tcon);
+ return NULL;
+ }
+ }
+ return tcon;
+}
+
void smbXcli_tcon_set_fs_attributes(struct smbXcli_tcon *tcon,
uint32_t fs_attributes)
{
@@ -6052,6 +6099,11 @@
return tcon->smb2.tcon_id;
}
+void smb2cli_tcon_set_id(struct smbXcli_tcon *tcon, uint32_t tcon_id)
+{
+ tcon->smb2.tcon_id = tcon_id;
+}
+
uint32_t smb2cli_tcon_capabilities(struct smbXcli_tcon *tcon)
{
return tcon->smb2.capabilities;
diff -Nru samba-4.5.8+dfsg/libcli/smb/smbXcli_base.h samba-4.5.12+dfsg/libcli/smb/smbXcli_base.h
--- samba-4.5.8+dfsg/libcli/smb/smbXcli_base.h 2016-08-11 09:51:04.000000000 +0200
+++ samba-4.5.12+dfsg/libcli/smb/smbXcli_base.h 2017-07-12 08:39:24.000000000 +0200
@@ -431,6 +431,8 @@
NTSTATUS smb2cli_session_encryption_on(struct smbXcli_session *session);
struct smbXcli_tcon *smbXcli_tcon_create(TALLOC_CTX *mem_ctx);
+struct smbXcli_tcon *smbXcli_tcon_copy(TALLOC_CTX *mem_ctx,
+ const struct smbXcli_tcon *tcon_in);
void smbXcli_tcon_set_fs_attributes(struct smbXcli_tcon *tcon,
uint32_t fs_attributes);
uint32_t smbXcli_tcon_get_fs_attributes(struct smbXcli_tcon *tcon);
@@ -445,6 +447,7 @@
const char *service,
const char *fs_type);
uint32_t smb2cli_tcon_current_id(struct smbXcli_tcon *tcon);
+void smb2cli_tcon_set_id(struct smbXcli_tcon *tcon, uint32_t tcon_id);
uint32_t smb2cli_tcon_capabilities(struct smbXcli_tcon *tcon);
uint32_t smb2cli_tcon_flags(struct smbXcli_tcon *tcon);
void smb2cli_tcon_set_values(struct smbXcli_tcon *tcon,
diff -Nru samba-4.5.8+dfsg/libgpo/gpo_ldap.c samba-4.5.12+dfsg/libgpo/gpo_ldap.c
--- samba-4.5.8+dfsg/libgpo/gpo_ldap.c 2016-08-11 09:51:04.000000000 +0200
+++ samba-4.5.12+dfsg/libgpo/gpo_ldap.c 2017-05-22 19:48:32.000000000 +0200
@@ -424,24 +424,30 @@
ADS_ERROR_HAVE_NO_MEMORY(gpo->ds_path);
if (!ads_pull_uint32(ads, res, "versionNumber", &gpo->version)) {
- return ADS_ERROR(LDAP_NO_MEMORY);
+ return ADS_ERROR(LDAP_NO_SUCH_ATTRIBUTE);
}
if (!ads_pull_uint32(ads, res, "flags", &gpo->options)) {
- return ADS_ERROR(LDAP_NO_MEMORY);
+ return ADS_ERROR(LDAP_NO_SUCH_ATTRIBUTE);
}
gpo->file_sys_path = ads_pull_string(ads, mem_ctx, res,
"gPCFileSysPath");
- ADS_ERROR_HAVE_NO_MEMORY(gpo->file_sys_path);
+ if (gpo->file_sys_path == NULL) {
+ return ADS_ERROR(LDAP_NO_SUCH_ATTRIBUTE);
+ }
gpo->display_name = ads_pull_string(ads, mem_ctx, res,
"displayName");
- ADS_ERROR_HAVE_NO_MEMORY(gpo->display_name);
+ if (gpo->display_name == NULL) {
+ return ADS_ERROR(LDAP_NO_SUCH_ATTRIBUTE);
+ }
gpo->name = ads_pull_string(ads, mem_ctx, res,
"name");
- ADS_ERROR_HAVE_NO_MEMORY(gpo->name);
+ if (gpo->name == NULL) {
+ return ADS_ERROR(LDAP_NO_SUCH_ATTRIBUTE);
+ }
gpo->machine_extensions = ads_pull_string(ads, mem_ctx, res,
"gPCMachineExtensionNames");
@@ -450,7 +456,9 @@
ads_pull_sd(ads, mem_ctx, res, "ntSecurityDescriptor",
&gpo->security_descriptor);
- ADS_ERROR_HAVE_NO_MEMORY(gpo->security_descriptor);
+ if (gpo->security_descriptor == NULL) {
+ return ADS_ERROR(LDAP_NO_SUCH_ATTRIBUTE);
+ }
return ADS_ERROR(LDAP_SUCCESS);
}
@@ -586,6 +594,13 @@
if (!ADS_ERR_OK(status)) {
DEBUG(10,("failed to get gpo: %s\n",
gp_link->link_names[i]));
+ if ((status.error_type == ENUM_ADS_ERROR_LDAP) &&
+ (status.err.rc == LDAP_NO_SUCH_ATTRIBUTE)) {
+ DEBUG(10,("skipping empty gpo: %s\n",
+ gp_link->link_names[i]));
+ talloc_free(new_gpo);
+ continue;
+ }
return status;
}
diff -Nru samba-4.5.8+dfsg/nsswitch/pam_winbind.c samba-4.5.12+dfsg/nsswitch/pam_winbind.c
--- samba-4.5.8+dfsg/nsswitch/pam_winbind.c 2017-01-17 20:55:44.000000000 +0100
+++ samba-4.5.12+dfsg/nsswitch/pam_winbind.c 2017-05-22 19:48:32.000000000 +0200
@@ -1002,7 +1002,6 @@
static void _pam_warn_password_expiry(struct pwb_context *ctx,
const struct wbcAuthUserInfo *info,
- const struct wbcUserPasswordPolicyInfo *policy,
int warn_pwd_expire,
bool *already_expired,
bool *change_pwd)
@@ -1010,7 +1009,7 @@
time_t now = time(NULL);
time_t next_change = 0;
- if (!info || !policy) {
+ if (info == NULL) {
return;
}
@@ -1042,23 +1041,6 @@
return;
}
- /* now check for the global password policy */
- /* good catch from Ralf Haferkamp: an expiry of "never" is translated
- * to -1 */
- if ((policy->expire == (int64_t)-1) ||
- (policy->expire == 0)) {
- return;
- }
-
- next_change = info->pass_last_set_time + policy->expire;
-
- if (_pam_send_password_expiry_message(ctx, next_change, now,
- warn_pwd_expire,
- already_expired,
- change_pwd)) {
- return;
- }
-
/* no warning sent */
}
@@ -1694,23 +1676,17 @@
const int warn_pwd_expire,
struct wbcAuthErrorInfo **p_error,
struct wbcLogonUserInfo **p_info,
- struct wbcUserPasswordPolicyInfo **p_policy,
time_t *pwd_last_set,
char **user_ret)
{
wbcErr wbc_status;
-
struct wbcLogonUserParams logon;
char membership_of[1024];
uid_t user_uid = -1;
- uint32_t flags = WBFLAG_PAM_INFO3_TEXT |
- WBFLAG_PAM_GET_PWD_POLICY;
-
+ uint32_t flags = WBFLAG_PAM_INFO3_TEXT;
struct wbcLogonUserInfo *info = NULL;
struct wbcAuthUserInfo *user_info = NULL;
struct wbcAuthErrorInfo *error = NULL;
- struct wbcUserPasswordPolicyInfo *policy = NULL;
-
int ret = PAM_AUTH_ERR;
int i;
const char *codes[] = {
@@ -1843,7 +1819,7 @@
&logon,
&info,
&error,
- &policy);
+ NULL);
ret = wbc_auth_error_to_pam_error(ctx, error, wbc_status,
user, "wbcLogonUser");
wbcFreeMemory(logon.blobs);
@@ -1861,10 +1837,6 @@
*p_info = info;
}
- if (p_policy && policy) {
- *p_policy = policy;
- }
-
if (p_error && error) {
/* We want to process the error in the caller. */
*p_error = error;
@@ -1879,13 +1851,13 @@
}
}
- if ((ret == PAM_SUCCESS) && user_info && policy && info) {
+ if ((ret == PAM_SUCCESS) && user_info && info) {
bool already_expired = false;
bool change_pwd = false;
/* warn a user if the password is about to expire soon */
- _pam_warn_password_expiry(ctx, user_info, policy,
+ _pam_warn_password_expiry(ctx, user_info,
warn_pwd_expire,
&already_expired,
&change_pwd);
@@ -1893,15 +1865,15 @@
if (already_expired == true) {
SMB_TIME_T last_set = user_info->pass_last_set_time;
+ SMB_TIME_T must_set = user_info->pass_must_change_time;
_pam_log_debug(ctx, LOG_DEBUG,
"Password has expired "
"(Password was last set: %lld, "
- "the policy says it should expire here "
+ "it must be changed here "
"%lld (now it's: %ld))\n",
(long long int)last_set,
- (long long int)last_set +
- policy->expire,
+ (long long int)must_set,
(long)time(NULL));
return PAM_AUTHTOK_EXPIRED;
@@ -1940,9 +1912,6 @@
if (info && !p_info) {
wbcFreeMemory(info);
}
- if (policy && !p_policy) {
- wbcFreeMemory(policy);
- }
return ret;
}
@@ -2734,8 +2703,7 @@
/* Now use the username to look up password */
retval = winbind_auth_request(ctx, real_username, password,
member, cctype, warn_pwd_expire,
- NULL, NULL, NULL,
- NULL, &username_ret);
+ NULL, NULL, NULL, &username_ret);
if (retval == PAM_NEW_AUTHTOK_REQD ||
retval == PAM_AUTHTOK_EXPIRED) {
@@ -3145,7 +3113,7 @@
ret = winbind_auth_request(ctx, user, pass_old,
NULL, NULL, 0,
- &error, NULL, NULL,
+ &error, NULL,
&pwdlastset_prelim, NULL);
if (ret != PAM_ACCT_EXPIRED &&
@@ -3253,7 +3221,6 @@
const char *cctype = NULL;
int warn_pwd_expire;
struct wbcLogonUserInfo *info = NULL;
- struct wbcUserPasswordPolicyInfo *policy = NULL;
member = get_member_from_config(ctx);
cctype = get_krb5_cc_type_from_config(ctx);
@@ -3269,7 +3236,7 @@
ret = winbind_auth_request(ctx, user, pass_new,
member, cctype, 0,
- &error, &info, &policy,
+ &error, &info,
NULL, &username_ret);
pass_old = pass_new = NULL;
@@ -3283,7 +3250,7 @@
/* warn a user if the password is about to
* expire soon */
- _pam_warn_password_expiry(ctx, user_info, policy,
+ _pam_warn_password_expiry(ctx, user_info,
warn_pwd_expire,
NULL, NULL);
@@ -3309,7 +3276,6 @@
wbcFreeMemory(info->blobs);
}
wbcFreeMemory(info);
- wbcFreeMemory(policy);
goto out;
}
diff -Nru samba-4.5.8+dfsg/nsswitch/tests/test_idmap_rfc2307.sh samba-4.5.12+dfsg/nsswitch/tests/test_idmap_rfc2307.sh
--- samba-4.5.8+dfsg/nsswitch/tests/test_idmap_rfc2307.sh 2016-08-11 09:51:04.000000000 +0200
+++ samba-4.5.12+dfsg/nsswitch/tests/test_idmap_rfc2307.sh 2017-06-19 15:18:24.000000000 +0200
@@ -1,7 +1,9 @@
#!/bin/sh
# Test id mapping through idmap_rfc2307 module
-if [ $# -lt 9 ]; then
- echo Usage: $0 DOMAIN USERNAME UID USERNAME2 UID2 GROUPNAME GID GROUPNAME2 GID2 LDAPPREFIX DC_SERVER DC_USERNAME DC_PASSWORD
+if [ $# -lt 15 ]; then
+ echo Usage: $0 DOMAIN USERNAME UID USERNAME2 UID2 \
+ GROUPNAME GID GROUPNAME2 GID2 GID_START NUMGROUPS \
+ LDAPPREFIX DC_SERVER DC_USERNAME DC_PASSWORD
exit 1
fi
@@ -15,12 +17,20 @@
GROUPNAME2="$8"
GROUPGID2="$9"
shift 9
-LDAPPREFIX="$1"
-DC_SERVER="$2"
-DC_USERNAME="$3"
-DC_PASSWORD="$4"
+GID_START="$1"
+NUMGROUPS="$2"
+LDAPPREFIX="$3"
+DC_SERVER="$4"
+DC_USERNAME="$5"
+DC_PASSWORD="$6"
wbinfo="$VALGRIND $BINDIR/wbinfo"
+net="$VALGRIND $BINDIR/net"
+
+ldbsearch="ldbsearch"
+if [ -x "$BINDIR/ldbsearch" ]; then
+ ldbsearch="$BINDIR/ldbsearch"
+fi
ldbadd="ldbadd"
if [ -x "$BINDIR/ldbadd" ]; then
@@ -37,22 +47,23 @@
. `dirname $0`/../../testprogs/blackbox/subunit.sh
# Delete LDAP records
-$VALGRIND $ldbdel -H ldap://$DC_SERVER -U$DOMAIN/$DC_USERNAME%$DC_PASSWORD "cn=$USERNAME,$LDAPPREFIX"
-$VALGRIND $ldbdel -H ldap://$DC_SERVER -U$DOMAIN/$DC_USERNAME%$DC_PASSWORD "cn=$USERNAME2,$LDAPPREFIX"
-$VALGRIND $ldbdel -H ldap://$DC_SERVER -U$DOMAIN/$DC_USERNAME%$DC_PASSWORD "cn=$GROUPNAME,$LDAPPREFIX"
-$VALGRIND $ldbdel -H ldap://$DC_SERVER -U$DOMAIN/$DC_USERNAME%$DC_PASSWORD "cn=$GROUPNAME2,$LDAPPREFIX"
+$VALGRIND $ldbsearch -H ldap://$DC_SERVER -U$DOMAIN/$DC_USERNAME%$DC_PASSWORD \
+ -s one -b "$LDAPPREFIX" | grep '^dn:' | cut -d ' ' -f 2- |
+ xargs -d '\n' -n 1 -IDEL_DN \
+ $ldbdel -H ldap://$DC_SERVER -U$DOMAIN/$DC_USERNAME%$DC_PASSWORD \
+ "DEL_DN"
$VALGRIND $ldbdel -H ldap://$DC_SERVER -U$DOMAIN/$DC_USERNAME%$DC_PASSWORD "$LDAPPREFIX"
# Add id mapping information to LDAP
-cat > $PREFIX/tmpldb <<EOF
+testit "add ldap prefix" $VALGRIND $ldbadd -H ldap://$DC_SERVER \
+ -U$DOMAIN/$DC_USERNAME%$DC_PASSWORD <<EOF
dn: $LDAPPREFIX
objectclass: organizationalUnit
EOF
-testit "add ldap prefix" $VALGRIND $ldbadd -H ldap://$DC_SERVER -U$DOMAIN/$DC_USERNAME%$DC_PASSWORD $PREFIX/tmpldb
-
-cat > $PREFIX/tmpldb <<EOF
+testit "add ldap user mapping record" $VALGRIND $ldbadd -H ldap://$DC_SERVER \
+ -U$DOMAIN/$DC_USERNAME%$DC_PASSWORD <<EOF
dn: cn=$USERNAME,$LDAPPREFIX
objectClass: organizationalPerson
objectClass: posixAccount
@@ -64,9 +75,8 @@
homeDirectory: /home/admin
EOF
-testit "add ldap user mapping record" $VALGRIND $ldbadd -H ldap://$DC_SERVER -U$DOMAIN/$DC_USERNAME%$DC_PASSWORD $PREFIX/tmpldb
-
-cat > $PREFIX/tmpldb <<EOF
+testit "add second ldap user mapping record" $VALGRIND $ldbadd \
+ -H ldap://$DC_SERVER -U$DOMAIN/$DC_USERNAME%$DC_PASSWORD <<EOF
dn: cn=$USERNAME2,$LDAPPREFIX
objectClass: organizationalPerson
objectClass: posixAccount
@@ -78,9 +88,8 @@
homeDirectory: /home/admin
EOF
-testit "add second ldap user mapping record" $VALGRIND $ldbadd -H ldap://$DC_SERVER -U$DOMAIN/$DC_USERNAME%$DC_PASSWORD $PREFIX/tmpldb
-
-cat > $PREFIX/tmpldb <<EOF
+testit "add ldap group mapping record" $VALGRIND $ldbadd \
+ -H ldap://$DC_SERVER -U$DOMAIN/$DC_USERNAME%$DC_PASSWORD <<EOF
dn: cn=$GROUPNAME,$LDAPPREFIX
objectClass: posixGroup
objectClass: groupOfNames
@@ -89,9 +98,8 @@
member: cn=$USERNAME,$LDAPPREFIX
EOF
-testit "add ldap group mapping record" $VALGRIND $ldbadd -H ldap://$DC_SERVER -U$DOMAIN/$DC_USERNAME%$DC_PASSWORD $PREFIX/tmpldb
-
-cat > $PREFIX/tmpldb <<EOF
+testit "add second ldap group mapping record" $VALGRIND $ldbadd \
+ -H ldap://$DC_SERVER -U$DOMAIN/$DC_USERNAME%$DC_PASSWORD <<EOF
dn: cn=$GROUPNAME2,$LDAPPREFIX
objectClass: posixGroup
objectClass: groupOfNames
@@ -100,10 +108,6 @@
member: cn=$USERNAME,$LDAPPREFIX
EOF
-testit "add second ldap group mapping record" $VALGRIND $ldbadd -H ldap://$DC_SERVER -U$DOMAIN/$DC_USERNAME%$DC_PASSWORD $PREFIX/tmpldb
-
-rm -f $PREFIX/tmpldbmodify
-
testit "wbinfo --name-to-sid" $wbinfo --name-to-sid "$DOMAIN/$USERNAME" || failed=$(expr $failed + 1)
user_sid=$($wbinfo -n "$DOMAIN/$USERNAME" | cut -d " " -f1)
echo "$DOMAIN/$USERNAME resolved to $user_sid"
@@ -147,11 +151,75 @@
testit "test $group_name2 = $DOMAIN/$GROUPNAME2" test "$(echo $group_name2 | tr A-Z a-z)" = "$(echo $DOMAIN/$GROUPNAME2 | tr A-Z a-z)" || failed=$(expr $failed + 1)
+i=0
+while [ ${i} -lt ${NUMGROUPS} ] ; do
+ GRP=$(printf "test_rfc2307_group_%3.3d" "$i")
+ GRP_GID=$(expr "$GID_START" + "$i")
+ testit "Add group $GRP" $net rpc group add "$GRP" -S "$DC_SERVER" \
+ -U"${DOMAIN}\\${DC_USERNAME}"%"${DC_PASSWORD}" ||
+ failed=$(expr $failed + 1)
+ testit "Add groupmem $GRP $USERNAME" \
+ $net rpc group addmem "$GRP" "$USERNAME" \
+ -S "$DC_SERVER" \
+ -U"${DOMAIN}\\${DC_USERNAME}"%"${DC_PASSWORD}" ||
+ failed=$(expr $failed + 1)
+ testit "Add group object for $GRP $GRP_GID" \
+ $VALGRIND $ldbadd \
+ -H ldap://$DC_SERVER -U$DOMAIN/$DC_USERNAME%$DC_PASSWORD <<EOF
+dn: cn=$GRP,$LDAPPREFIX
+objectClass: posixGroup
+objectClass: groupOfNames
+cn: $GRP
+gidNumber: $GRP_GID
+member: cn=$USERNAME,$LDAPPREFIX
+EOF
+ i=$(expr "$i" + 1)
+done
+
+# Test whether wbinfo --xids-to-sids finds everything
+
+GIDS=""
+i=0
+while [ ${i} -lt ${NUMGROUPS} ] ; do
+ GIDS="$GIDS g$(expr ${i} + ${GID_START})"
+ i=$(expr "$i" + 1)
+done
+NUM_VALID_SIDS=$($wbinfo --unix-ids-to-sids="$GIDS" | grep -v ^S-0-0 | wc -l)
+
+testit "Count number of valid sids found" \
+ test ${NUM_VALID_SIDS} = ${NUMGROUPS} ||
+ failed=$(expr $failed + 1)
+
+# Test whether wbinfo -r shows all groups
+
+EXPECTED_USERGROUPS="1000000/1000001/2000002/"
+i=0
+while [ ${i} -lt ${NUMGROUPS} ] ; do
+ EXPECTED_USERGROUPS="$EXPECTED_USERGROUPS$(expr ${i} + ${GID_START})/"
+ i=$(expr "$i" + 1)
+done
+
+USERGROUPS=$($wbinfo -r $DOMAIN/$USERNAME | sort -n | tr '\n' '/')
+
+testit "Testing for expected group memberships" \
+ test "$USERGROUPS" = "$EXPECTED_USERGROUPS" ||
+ failed=$(expr $failed + 1)
+
+i=0
+while [ ${i} -lt ${NUMGROUPS} ] ; do
+ GRP=$(printf "test_rfc2307_group_%3.3d" ${i})
+ testit "Del group $GRP" $net rpc group delete "$GRP" -S "$DC_SERVER" \
+ -U"${DOMAIN}\\${DC_USERNAME}"%"${DC_PASSWORD}" ||
+ failed=$(expr $failed + 1)
+ i=$(expr "$i" + 1)
+done
+
# Delete LDAP records
-$VALGRIND $ldbdel -H ldap://$DC_SERVER -U$DOMAIN/$DC_USERNAME%$DC_PASSWORD "cn=$USERNAME,$LDAPPREFIX"
-$VALGRIND $ldbdel -H ldap://$DC_SERVER -U$DOMAIN/$DC_USERNAME%$DC_PASSWORD "cn=$USERNAME2,$LDAPPREFIX"
-$VALGRIND $ldbdel -H ldap://$DC_SERVER -U$DOMAIN/$DC_USERNAME%$DC_PASSWORD "cn=$GROUPNAME,$LDAPPREFIX"
-$VALGRIND $ldbdel -H ldap://$DC_SERVER -U$DOMAIN/$DC_USERNAME%$DC_PASSWORD "cn=$GROUPNAME2,$LDAPPREFIX"
+$VALGRIND $ldbsearch -H ldap://$DC_SERVER -U$DOMAIN/$DC_USERNAME%$DC_PASSWORD \
+ -s one -b "$LDAPPREFIX" | grep '^dn:' | cut -d ' ' -f 2- |
+ xargs -d '\n' -n 1 -IDEL_DN \
+ $ldbdel -H ldap://$DC_SERVER -U$DOMAIN/$DC_USERNAME%$DC_PASSWORD \
+ "DEL_DN"
$VALGRIND $ldbdel -H ldap://$DC_SERVER -U$DOMAIN/$DC_USERNAME%$DC_PASSWORD "$LDAPPREFIX"
exit $failed
diff -Nru samba-4.5.8+dfsg/nsswitch/tests/test_idmap_rid.sh samba-4.5.12+dfsg/nsswitch/tests/test_idmap_rid.sh
--- samba-4.5.8+dfsg/nsswitch/tests/test_idmap_rid.sh 1970-01-01 01:00:00.000000000 +0100
+++ samba-4.5.12+dfsg/nsswitch/tests/test_idmap_rid.sh 2017-06-19 15:18:24.000000000 +0200
@@ -0,0 +1,66 @@
+#!/bin/sh
+#
+# Test id mapping with various SIDs and idmap_rid
+#
+
+if [ $# -lt 1 ]; then
+ echo Usage: $0 DOMAIN RANGE_START
+ exit 1
+fi
+
+DOMAIN="$1"
+RANGE_START="$2"
+
+wbinfo="$VALGRIND $BINDIR/wbinfo"
+failed=0
+
+. `dirname $0`/../../testprogs/blackbox/subunit.sh
+
+DOMAIN_SID=$($wbinfo -n "@$DOMAIN" | cut -f 1 -d " ")
+if [ $? -ne 0 ] ; then
+ echo "Could not find domain SID" | subunit_fail_test "test_idmap_rid"
+ exit 1
+fi
+
+# Find an unused uid and SID
+RID=66666
+MAX_RID=77777
+while true ; do
+ id $RID
+ if [ $? -ne 0 ] ; then
+ SID="$DOMAIN_SID-$RID"
+ $wbinfo -s $SID
+ if [ $? -ne 0 ] ; then
+ break
+ fi
+ fi
+ RID=$(expr $RID + 1)
+ if [ $RID -eq $MAX_RID ] ; then
+ echo "Could not find free SID" | subunit_fail_test "test_idmap_rid"
+ exit 1
+ fi
+done
+
+#
+# Test 1: Using non-existing SID to check backend returns a mapping
+#
+
+EXPECTED_ID=$(expr $RID + $RANGE_START)
+out="$($wbinfo --sids-to-unix-ids=$SID)"
+echo "wbinfo returned: \"$out\", expecting \"$SID -> uid/gid $EXPECTED_ID\""
+test "$out" = "$SID -> uid/gid $EXPECTED_ID"
+ret=$?
+testit "Unknown RID from primary domain returns a mapping" test $ret -eq 0 || failed=$(expr $failed + 1)
+
+#
+# Test 2: Using bogus SID with bad domain part to check idmap backend does not generate a mapping
+#
+
+SID=S-1-5-21-1111-2222-3333-666
+out="$($wbinfo --sids-to-unix-ids=$SID)"
+echo "wbinfo returned: \"$out\", expecting \"$SID -> unmapped\""
+test "$out" = "$SID -> unmapped"
+ret=$?
+testit "Bogus SID returns unmapped" test $ret -eq 0 || failed=$(expr $failed + 1)
+
+exit $failed
diff -Nru samba-4.5.8+dfsg/nsswitch/tests/test_wbinfo.sh samba-4.5.12+dfsg/nsswitch/tests/test_wbinfo.sh
--- samba-4.5.8+dfsg/nsswitch/tests/test_wbinfo.sh 2016-08-11 09:51:04.000000000 +0200
+++ samba-4.5.12+dfsg/nsswitch/tests/test_wbinfo.sh 2017-06-19 15:18:24.000000000 +0200
@@ -82,6 +82,31 @@
echo "success: wbinfo -s check for sane mapping"
fi
+while read SID ; do
+ read NAME
+
+ testit "wbinfo -s $SID against $TARGET" $wbinfo -s $SID || failed=`expr $failed + 1`
+
+ RESOLVED_NAME=`$wbinfo -s $SID | tr a-z A-Z`
+ echo "$SID resolved to $RESOLVED_NAME"
+
+ echo "test: wbinfo -s $SID against $TARGET"
+ if test x"$RESOLVED_NAME" != x"$NAME" ; then
+ echo "$RESOLVED_NAME does not match $NAME"
+ echo "failure: wbinfo -s $SID against $TARGET"
+ failed=`expr $failed + 1`
+ else
+ echo "success: wbinfo -s $SID against $TARGET"
+ fi
+done <<EOF
+S-1-1-0
+/EVERYONE 5
+S-1-3-1
+/CREATOR GROUP 5
+S-1-5-1
+NT AUTHORITY/DIALUP 5
+EOF
+
testit "wbinfo -n on the returned name against $TARGET" $wbinfo -n $admin_name || failed=`expr $failed + 1`
test_sid=`$wbinfo -n $tested_name | cut -d " " -f1`
diff -Nru samba-4.5.8+dfsg/nsswitch/wscript_build samba-4.5.12+dfsg/nsswitch/wscript_build
--- samba-4.5.8+dfsg/nsswitch/wscript_build 2016-08-11 09:51:04.000000000 +0200
+++ samba-4.5.12+dfsg/nsswitch/wscript_build 2017-06-19 15:18:24.000000000 +0200
@@ -42,7 +42,7 @@
bld.SAMBA3_LIBRARY('nss_wins',
keep_underscore=True,
source='wins.c',
- deps='''wbclient''',
+ deps='wbclient replace',
public_headers=[],
public_headers_install=False,
pc_files=[],
diff -Nru samba-4.5.8+dfsg/python/samba/netcmd/user.py samba-4.5.12+dfsg/python/samba/netcmd/user.py
--- samba-4.5.8+dfsg/python/samba/netcmd/user.py 2017-03-09 10:21:43.000000000 +0100
+++ samba-4.5.12+dfsg/python/samba/netcmd/user.py 2017-07-12 08:39:24.000000000 +0200
@@ -1604,7 +1604,7 @@
return
def run_sync_command(dn, ldif):
- log_msg("Call Popen[%s] for %s\n" % (dn, self.sync_command))
+ log_msg("Call Popen[%s] for %s\n" % (self.sync_command, dn))
sync_command_p = Popen(self.sync_command,
stdin=PIPE,
stdout=PIPE,
@@ -1848,7 +1848,7 @@
def sync_loop(wait):
notify_attrs = ["name", "uSNCreated", "uSNChanged", "objectClass"]
- notify_controls = ["notification:1"]
+ notify_controls = ["notification:1", "show_recycled:1"]
notify_handle = self.samdb.search_iterator(expression="objectClass=*",
scope=ldb.SCOPE_SUBTREE,
attrs=notify_attrs,
diff -Nru samba-4.5.8+dfsg/selftest/knownfail samba-4.5.12+dfsg/selftest/knownfail
--- samba-4.5.8+dfsg/selftest/knownfail 2017-03-02 11:11:40.000000000 +0100
+++ samba-4.5.12+dfsg/selftest/knownfail 2017-06-19 15:18:24.000000000 +0200
@@ -22,14 +22,12 @@
^samba3.raw.samba3hide.samba3hide\((nt4_dc|ad_dc)\) # This test fails against an smbd environment with NT ACLs enabled
^samba3.raw.samba3closeerr.samba3closeerr\(nt4_dc\) # This test fails against an smbd environment with NT ACLs enabled
^samba3.raw.acls nfs4acl_xattr-simple.INHERITFLAGS\(nt4_dc\) # This (and the follow nfs4acl_xattr tests fail because our NFSv4 backend isn't a complete mapping yet.
-^samba3.raw.acls nfs4acl_xattr-simple.sd\(nt4_dc\)
^samba3.raw.acls nfs4acl_xattr-simple.create_file\(nt4_dc\)
^samba3.raw.acls nfs4acl_xattr-simple.create_dir\(nt4_dc\)
^samba3.raw.acls nfs4acl_xattr-simple.nulldacl\(nt4_dc\)
^samba3.raw.acls nfs4acl_xattr-simple.generic\(nt4_dc\)
^samba3.raw.acls nfs4acl_xattr-simple.inheritance\(nt4_dc\)
^samba3.raw.acls nfs4acl_xattr-special.INHERITFLAGS\(nt4_dc\)
-^samba3.raw.acls nfs4acl_xattr-special.sd\(nt4_dc\)
^samba3.raw.acls nfs4acl_xattr-special.create_file\(nt4_dc\)
^samba3.raw.acls nfs4acl_xattr-special.create_dir\(nt4_dc\)
^samba3.raw.acls nfs4acl_xattr-special.nulldacl\(nt4_dc\)
@@ -217,10 +215,6 @@
#
^samba4.winbind.struct.domain_info\(s4member:local\)
^samba4.winbind.struct.getdcname\(s4member:local\)
-^samba.blackbox.wbinfo\(s4member:local\).wbinfo -r against s4member\(s4member:local\)
-^samba.blackbox.wbinfo\(s4member:local\).wbinfo --user-sids against s4member\(s4member:local\)
-^samba.wbinfo_simple.\(s4member:local\).--user-groups
-^samba.nss.test using winbind\(s4member:local\)
#
# These fail since ad_dc_ntvfs assigns the local user's uid to SAMBADOMAIN/Administrator
# hence we have a duplicate UID in nsswitch.
diff -Nru samba-4.5.8+dfsg/selftest/target/Samba3.pm samba-4.5.12+dfsg/selftest/target/Samba3.pm
--- samba-4.5.8+dfsg/selftest/target/Samba3.pm 2017-03-31 08:25:18.000000000 +0200
+++ samba-4.5.12+dfsg/selftest/target/Samba3.pm 2017-07-12 08:39:24.000000000 +0200
@@ -465,6 +465,8 @@
security = ads
workgroup = $dcvars->{DOMAIN}
realm = $dcvars->{REALM}
+ idmap cache time = 0
+ idmap negative cache time = 0
idmap config * : backend = autorid
idmap config * : range = 1000000-1999999
idmap config * : rangesize = 100000
@@ -541,6 +543,94 @@
return $ret;
}
+sub setup_ad_member_idmap_rid($$$$)
+{
+ my ($self, $prefix, $dcvars) = @_;
+
+ # If we didn't build with ADS, pretend this env was never available
+ if (not $self->have_ads()) {
+ return "UNKNOWN";
+ }
+
+ print "PROVISIONING S3 AD MEMBER WITH idmap_rid config...";
+
+ my $member_options = "
+ security = ads
+ workgroup = $dcvars->{DOMAIN}
+ realm = $dcvars->{REALM}
+ idmap config * : backend = tdb
+ idmap config * : range = 1000000-1999999
+ idmap config $dcvars->{DOMAIN} : backend = rid
+ idmap config $dcvars->{DOMAIN} : range = 2000000-2999999
+";
+
+ my $ret = $self->provision($prefix,
+ "IDMAPRIDMEMBER",
+ "loCalMemberPass",
+ $member_options,
+ $dcvars->{SERVER_IP},
+ $dcvars->{SERVER_IPV6});
+
+ $ret or return undef;
+
+ close(USERMAP);
+ $ret->{DOMAIN} = $dcvars->{DOMAIN};
+ $ret->{REALM} = $dcvars->{REALM};
+
+ my $ctx;
+ my $prefix_abs = abs_path($prefix);
+ $ctx = {};
+ $ctx->{krb5_conf} = "$prefix_abs/lib/krb5.conf";
+ $ctx->{domain} = $dcvars->{DOMAIN};
+ $ctx->{realm} = $dcvars->{REALM};
+ $ctx->{dnsname} = lc($dcvars->{REALM});
+ $ctx->{kdc_ipv4} = $dcvars->{SERVER_IP};
+ $ctx->{kdc_ipv6} = $dcvars->{SERVER_IPV6};
+ $ctx->{krb5_ccname} = "$prefix_abs/krb5cc_%{uid}";
+ Samba::mk_krb5_conf($ctx, "");
+
+ $ret->{KRB5_CONFIG} = $ctx->{krb5_conf};
+
+ my $net = Samba::bindir_path($self, "net");
+ my $cmd = "";
+ $cmd .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$ret->{SOCKET_WRAPPER_DEFAULT_IFACE}\" ";
+ if (defined($ret->{RESOLV_WRAPPER_CONF})) {
+ $cmd .= "RESOLV_WRAPPER_CONF=\"$ret->{RESOLV_WRAPPER_CONF}\" ";
+ } else {
+ $cmd .= "RESOLV_WRAPPER_HOSTS=\"$ret->{RESOLV_WRAPPER_HOSTS}\" ";
+ }
+ $cmd .= "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" ";
+ $cmd .= "SELFTEST_WINBINDD_SOCKET_DIR=\"$ret->{SELFTEST_WINBINDD_SOCKET_DIR}\" ";
+ $cmd .= "$net join $ret->{CONFIGURATION}";
+ $cmd .= " -U$dcvars->{USERNAME}\%$dcvars->{PASSWORD}";
+
+ if (system($cmd) != 0) {
+ warn("Join failed\n$cmd");
+ return undef;
+ }
+
+ # We need world access to this share, as otherwise the domain
+ # administrator from the AD domain provided by Samba4 can't
+ # access the share for tests.
+ chmod 0777, "$prefix/share";
+
+ if (not $self->check_or_start($ret, "yes", "yes", "yes")) {
+ return undef;
+ }
+
+ $ret->{DC_SERVER} = $dcvars->{SERVER};
+ $ret->{DC_SERVER_IP} = $dcvars->{SERVER_IP};
+ $ret->{DC_SERVER_IPV6} = $dcvars->{SERVER_IPV6};
+ $ret->{DC_NETBIOSNAME} = $dcvars->{NETBIOSNAME};
+ $ret->{DC_USERNAME} = $dcvars->{USERNAME};
+ $ret->{DC_PASSWORD} = $dcvars->{PASSWORD};
+
+ # Special case, this is called from Samba4.pm but needs to use the Samba3 check_env and get_log_env
+ $ret->{target} = $self;
+
+ return $ret;
+}
+
sub setup_simpleserver($$)
{
my ($self, $path) = @_;
@@ -1210,6 +1300,9 @@
my $nosymlinks_shrdir="$shrdir/nosymlinks";
push(@dirs,$nosymlinks_shrdir);
+ my $local_symlinks_shrdir="$shrdir/local_symlinks";
+ push(@dirs,$local_symlinks_shrdir);
+
# this gets autocreated by winbindd
my $wbsockdir="$prefix_abs/winbindd";
my $wbsockprivdir="$lockdir/winbindd_privileged";
@@ -1831,6 +1924,18 @@
copy = tmp
acl_xattr:ignore system acls = yes
acl_xattr:default acl style = windows
+[nosymlinks]
+ copy = tmp
+ path = $nosymlinks_shrdir
+ follow symlinks = no
+[local_symlinks]
+ copy = tmp
+ path = $local_symlinks_shrdir
+ follow symlinks = yes
+[kernel_oplocks]
+ copy = tmp
+ kernel oplocks = yes
+ vfs objects = streams_xattr xattr_tdb
";
close(CONF);
diff -Nru samba-4.5.8+dfsg/selftest/target/Samba4.pm samba-4.5.12+dfsg/selftest/target/Samba4.pm
--- samba-4.5.8+dfsg/selftest/target/Samba4.pm 2017-01-30 10:56:26.000000000 +0100
+++ samba-4.5.12+dfsg/selftest/target/Samba4.pm 2017-06-19 15:18:24.000000000 +0200
@@ -2002,6 +2002,12 @@
}
return $target3->setup_admember_rfc2307("$path/ad_member_rfc2307",
$self->{vars}->{ad_dc_ntvfs}, 34);
+ } elsif ($envname eq "ad_member_idmap_rid") {
+ if (not defined($self->{vars}->{ad_dc})) {
+ $self->setup_ad_dc("$path/ad_dc");
+ }
+ return $target3->setup_ad_member_idmap_rid("$path/ad_member_idmap_rid",
+ $self->{vars}->{ad_dc});
} elsif ($envname eq "none") {
return $self->setup_none("$path/none");
} else {
diff -Nru samba-4.5.8+dfsg/selftest/target/Samba.pm samba-4.5.12+dfsg/selftest/target/Samba.pm
--- samba-4.5.8+dfsg/selftest/target/Samba.pm 2016-10-24 21:37:30.000000000 +0200
+++ samba-4.5.12+dfsg/selftest/target/Samba.pm 2017-06-19 15:18:24.000000000 +0200
@@ -283,6 +283,7 @@
# 11-16 used by selftest.pl for client interfaces
+ $interfaces{"idmapridmember"} = 20;
$interfaces{"localdc"} = 21;
$interfaces{"localvampiredc"} = 22;
$interfaces{"s4member"} = 23;
diff -Nru samba-4.5.8+dfsg/source3/client/client.c samba-4.5.12+dfsg/source3/client/client.c
--- samba-4.5.8+dfsg/source3/client/client.c 2016-09-13 10:21:35.000000000 +0200
+++ samba-4.5.12+dfsg/source3/client/client.c 2017-07-12 08:39:24.000000000 +0200
@@ -4673,7 +4673,10 @@
d_printf("no tcon currently\n");
}
} else {
- uint16_t tid = atoi(tid_str);
+ uint32_t tid = atoi(tid_str);
+ if (!cli_state_has_tcon(cli)) {
+ d_printf("no tcon currently\n");
+ }
cli_state_set_tid(cli, tid);
}
diff -Nru samba-4.5.8+dfsg/source3/include/lsa.h samba-4.5.12+dfsg/source3/include/lsa.h
--- samba-4.5.8+dfsg/source3/include/lsa.h 2016-08-11 09:51:04.000000000 +0200
+++ samba-4.5.12+dfsg/source3/include/lsa.h 2017-06-19 15:18:24.000000000 +0200
@@ -22,4 +22,8 @@
const char *dom_name,
struct dom_sid *dom_sid);
+#define NT_STATUS_LOOKUP_ERR(status) \
+ (!NT_STATUS_IS_OK(status) && \
+ !NT_STATUS_EQUAL(status, STATUS_SOME_UNMAPPED) && \
+ !NT_STATUS_EQUAL(status, NT_STATUS_NONE_MAPPED))
#endif
diff -Nru samba-4.5.8+dfsg/source3/include/tldap.h samba-4.5.12+dfsg/source3/include/tldap.h
--- samba-4.5.8+dfsg/source3/include/tldap.h 2016-08-11 09:51:04.000000000 +0200
+++ samba-4.5.12+dfsg/source3/include/tldap.h 2017-05-22 19:48:32.000000000 +0200
@@ -47,9 +47,15 @@
DATA_BLOB *values;
};
+#if defined(HAVE_IMMEDIATE_STRUCTURES)
typedef struct { uint8_t rc; } TLDAPRC;
#define TLDAP_RC(x) ((TLDAPRC){.rc = x})
#define TLDAP_RC_V(x) ((x).rc)
+#else
+typedef uint8_t TLDAPRC;
+#define TLDAP_RC(x) (x)
+#define TLDAP_RC_V(x) (x)
+#endif
#define TLDAP_RC_EQUAL(x,y) (TLDAP_RC_V(x)==TLDAP_RC_V(y))
#define TLDAP_RC_IS_SUCCESS(x) TLDAP_RC_EQUAL(x,TLDAP_SUCCESS)
diff -Nru samba-4.5.8+dfsg/source3/lib/cleanupdb.c samba-4.5.12+dfsg/source3/lib/cleanupdb.c
--- samba-4.5.8+dfsg/source3/lib/cleanupdb.c 2016-08-11 09:51:04.000000000 +0200
+++ samba-4.5.12+dfsg/source3/lib/cleanupdb.c 2017-06-19 15:18:24.000000000 +0200
@@ -61,7 +61,7 @@
struct cleanup_key key = { .pid = pid };
struct cleanup_rec rec = { .pid = pid, .unclean = unclean };
TDB_DATA tdbkey = { .dptr = (uint8_t *)&key, .dsize = sizeof(key) };
- TDB_DATA tdbdata = { .dptr = (uint8_t *)&key, .dsize = sizeof(rec) };
+ TDB_DATA tdbdata = { .dptr = (uint8_t *)&rec, .dsize = sizeof(rec) };
int result;
db = cleanup_db();
diff -Nru samba-4.5.8+dfsg/source3/lib/dbwrap/dbwrap_watch.c samba-4.5.12+dfsg/source3/lib/dbwrap/dbwrap_watch.c
--- samba-4.5.8+dfsg/source3/lib/dbwrap/dbwrap_watch.c 2016-08-11 09:51:04.000000000 +0200
+++ samba-4.5.12+dfsg/source3/lib/dbwrap/dbwrap_watch.c 2017-05-22 19:48:32.000000000 +0200
@@ -278,7 +278,7 @@
num_watchers = dbwrap_watched_parse(subrec_value, NULL, 0, NULL, NULL);
if (num_watchers == -1) {
/* Fresh or invalid record */
- rec->value = (TDB_DATA) {};
+ rec->value = (TDB_DATA) { 0 };
return rec;
}
diff -Nru samba-4.5.8+dfsg/source3/lib/substitute.c samba-4.5.12+dfsg/source3/lib/substitute.c
--- samba-4.5.8+dfsg/source3/lib/substitute.c 2016-10-24 21:37:30.000000000 +0200
+++ samba-4.5.12+dfsg/source3/lib/substitute.c 2017-06-19 15:18:24.000000000 +0200
@@ -524,9 +524,10 @@
group_name = gidtoname(pass->pw_gid);
if (is_domain_name) {
- p = strchr_m(group_name, *sep);
- if (p != NULL) {
- group_name = p + 1;
+ char *group_sep;
+ group_sep = strchr_m(group_name, *sep);
+ if (group_sep != NULL) {
+ group_name = group_sep + 1;
}
}
a_string = realloc_string_sub(a_string,
diff -Nru samba-4.5.8+dfsg/source3/lib/system.c samba-4.5.12+dfsg/source3/lib/system.c
--- samba-4.5.8+dfsg/source3/lib/system.c 2016-08-11 09:51:04.000000000 +0200
+++ samba-4.5.12+dfsg/source3/lib/system.c 2017-06-19 15:18:24.000000000 +0200
@@ -790,12 +790,11 @@
static int sys_broken_getgroups(int setlen, gid_t *gidset)
{
- GID_T gid;
GID_T *group_list;
int i, ngroups;
if(setlen == 0) {
- return getgroups(setlen, &gid);
+ return getgroups(0, NULL);
}
/*
@@ -808,9 +807,6 @@
return -1;
}
- if (setlen == 0)
- setlen = groups_max();
-
if((group_list = SMB_MALLOC_ARRAY(GID_T, setlen)) == NULL) {
DEBUG(0,("sys_getgroups: Malloc fail.\n"));
return -1;
@@ -823,6 +819,12 @@
return -1;
}
+ /*
+ * We're safe here as if ngroups > setlen then
+ * getgroups *must* return EINVAL.
+ * pubs.opengroup.org/onlinepubs/009695399/functions/getgroups.html
+ */
+
for(i = 0; i < ngroups; i++)
gidset[i] = (gid_t)group_list[i];
diff -Nru samba-4.5.8+dfsg/source3/lib/util_sd.c samba-4.5.12+dfsg/source3/lib/util_sd.c
--- samba-4.5.8+dfsg/source3/lib/util_sd.c 2016-08-11 09:51:04.000000000 +0200
+++ samba-4.5.12+dfsg/source3/lib/util_sd.c 2017-07-12 08:39:24.000000000 +0200
@@ -84,7 +84,7 @@
enum lsa_SidType *type,
char **domain, char **name)
{
- uint16_t orig_cnum = cli_state_get_tid(cli);
+ struct smbXcli_tcon *orig_tcon = NULL;
struct rpc_pipe_client *p = NULL;
struct policy_handle handle;
NTSTATUS status;
@@ -93,6 +93,14 @@
char **domains;
char **names;
+ if (cli_state_has_tcon(cli)) {
+ orig_tcon = cli_state_save_tcon(cli);
+ if (orig_tcon == NULL) {
+ status = NT_STATUS_NO_MEMORY;
+ goto tcon_fail;
+ }
+ }
+
status = cli_tree_connect(cli, "IPC$", "?????", "", 0);
if (!NT_STATUS_IS_OK(status)) {
goto tcon_fail;
@@ -125,7 +133,7 @@
TALLOC_FREE(p);
cli_tdis(cli);
tcon_fail:
- cli_state_set_tid(cli, orig_cnum);
+ cli_state_restore_tcon(cli, orig_tcon);
TALLOC_FREE(frame);
return status;
}
@@ -165,7 +173,7 @@
enum lsa_SidType *type,
struct dom_sid *sid)
{
- uint16_t orig_cnum = cli_state_get_tid(cli);
+ struct smbXcli_tcon *orig_tcon = NULL;
struct rpc_pipe_client *p;
struct policy_handle handle;
NTSTATUS status;
@@ -173,6 +181,14 @@
struct dom_sid *sids;
enum lsa_SidType *types;
+ if (cli_state_has_tcon(cli)) {
+ orig_tcon = cli_state_save_tcon(cli);
+ if (orig_tcon == NULL) {
+ status = NT_STATUS_NO_MEMORY;
+ goto tcon_fail;
+ }
+ }
+
status = cli_tree_connect(cli, "IPC$", "?????", "", 0);
if (!NT_STATUS_IS_OK(status)) {
goto tcon_fail;
@@ -204,7 +220,7 @@
TALLOC_FREE(p);
cli_tdis(cli);
tcon_fail:
- cli_state_set_tid(cli, orig_cnum);
+ cli_state_restore_tcon(cli, orig_tcon);
TALLOC_FREE(frame);
return status;
}
diff -Nru samba-4.5.8+dfsg/source3/librpc/crypto/gse_krb5.c samba-4.5.12+dfsg/source3/librpc/crypto/gse_krb5.c
--- samba-4.5.8+dfsg/source3/librpc/crypto/gse_krb5.c 2016-08-11 09:51:04.000000000 +0200
+++ samba-4.5.12+dfsg/source3/librpc/crypto/gse_krb5.c 2017-07-12 08:39:24.000000000 +0200
@@ -447,6 +447,14 @@
if (ret) {
DEBUG(1, (__location__ ": krb5_kt_start_seq_get failed (%s)\n",
error_message(ret)));
+ /*
+ * krb5_kt_start_seq_get() may leaves bogus data
+ * in kt_cursor. And we want to use the all_zero()
+ * logic below.
+ *
+ * See bug #10490
+ */
+ ZERO_STRUCT(kt_cursor);
goto out;
}
diff -Nru samba-4.5.8+dfsg/source3/librpc/idl/open_files.idl samba-4.5.12+dfsg/source3/librpc/idl/open_files.idl
--- samba-4.5.8+dfsg/source3/librpc/idl/open_files.idl 2016-08-11 09:51:04.000000000 +0200
+++ samba-4.5.12+dfsg/source3/librpc/idl/open_files.idl 2017-07-12 08:39:24.000000000 +0200
@@ -62,7 +62,7 @@
* to store this share_mode_entry on disk.
*/
[skip] boolean8 stale;
- [skip] share_mode_lease *lease;
+ [ignore] share_mode_lease *lease;
} share_mode_entry;
typedef [public] struct {
diff -Nru samba-4.5.8+dfsg/source3/libsmb/cliconnect.c samba-4.5.12+dfsg/source3/libsmb/cliconnect.c
--- samba-4.5.8+dfsg/source3/libsmb/cliconnect.c 2016-09-13 10:21:35.000000000 +0200
+++ samba-4.5.12+dfsg/source3/libsmb/cliconnect.c 2017-07-12 08:39:24.000000000 +0200
@@ -2437,6 +2437,13 @@
state->cli = cli;
vwv = state->vwv;
+ TALLOC_FREE(cli->smb1.tcon);
+ cli->smb1.tcon = smbXcli_tcon_create(cli);
+ if (tevent_req_nomem(cli->smb1.tcon, req)) {
+ return tevent_req_post(req, ev);
+ }
+ smb1cli_tcon_set_id(cli->smb1.tcon, UINT16_MAX);
+
cli->share = talloc_strdup(cli, share);
if (!cli->share) {
return NULL;
@@ -2740,6 +2747,7 @@
if (smbXcli_conn_protocol(cli->conn) >= PROTOCOL_SMB2_02) {
char *unc;
+ TALLOC_FREE(cli->smb2.tcon);
cli->smb2.tcon = smbXcli_tcon_create(cli);
if (tevent_req_nomem(cli->smb2.tcon, req)) {
return tevent_req_post(req, ev);
@@ -2899,7 +2907,7 @@
tevent_req_nterror(req, status);
return;
}
- cli_state_set_tid(state->cli, UINT16_MAX);
+ TALLOC_FREE(state->cli->smb1.tcon);
tevent_req_done(req);
}
@@ -2915,10 +2923,14 @@
NTSTATUS status = NT_STATUS_NO_MEMORY;
if (smbXcli_conn_protocol(cli->conn) >= PROTOCOL_SMB2_02) {
- return smb2cli_tdis(cli->conn,
+ status = smb2cli_tdis(cli->conn,
cli->timeout,
cli->smb2.session,
cli->smb2.tcon);
+ if (NT_STATUS_IS_OK(status)) {
+ TALLOC_FREE(cli->smb2.tcon);
+ }
+ return status;
}
if (smbXcli_conn_has_async_calls(cli->conn)) {
@@ -3579,6 +3591,13 @@
return tevent_req_post(req, ev);
}
+ TALLOC_FREE(cli->smb1.tcon);
+ cli->smb1.tcon = smbXcli_tcon_create(cli);
+ if (tevent_req_nomem(cli->smb1.tcon, req)) {
+ return tevent_req_post(req, ev);
+ }
+ smb1cli_tcon_set_id(cli->smb1.tcon, UINT16_MAX);
+
bytes = talloc_array(state, uint8_t, 0);
bytes = smb_bytes_push_bytes(bytes, 4, NULL, 0);
bytes = smb_bytes_push_str(bytes, smbXcli_conn_use_unicode(cli->conn),
diff -Nru samba-4.5.8+dfsg/source3/libsmb/clidfs.c samba-4.5.12+dfsg/source3/libsmb/clidfs.c
--- samba-4.5.8+dfsg/source3/libsmb/clidfs.c 2016-08-11 09:51:04.000000000 +0200
+++ samba-4.5.12+dfsg/source3/libsmb/clidfs.c 2017-07-12 08:39:24.000000000 +0200
@@ -1179,7 +1179,7 @@
size_t consumed = 0;
char *fullpath = NULL;
bool res;
- uint16_t cnum;
+ struct smbXcli_tcon *orig_tcon = NULL;
char *newextrapath = NULL;
NTSTATUS status;
const char *remote_name;
@@ -1189,7 +1189,6 @@
}
remote_name = smbXcli_conn_remote_name(cli->conn);
- cnum = cli_state_get_tid(cli);
/* special case. never check for a referral on the IPC$ share */
@@ -1204,9 +1203,18 @@
return false;
}
+ /* Store tcon state. */
+ if (cli_state_has_tcon(cli)) {
+ orig_tcon = cli_state_save_tcon(cli);
+ if (orig_tcon == NULL) {
+ return false;
+ }
+ }
+
/* check for the referral */
if (!NT_STATUS_IS_OK(cli_tree_connect(cli, "IPC$", "IPC", NULL, 0))) {
+ cli_state_restore_tcon(cli, orig_tcon);
return false;
}
@@ -1217,6 +1225,7 @@
domain,
"IPC$");
if (!NT_STATUS_IS_OK(status)) {
+ cli_state_restore_tcon(cli, orig_tcon);
return false;
}
}
@@ -1226,12 +1235,13 @@
res = NT_STATUS_IS_OK(status);
status = cli_tdis(cli);
+
+ cli_state_restore_tcon(cli, orig_tcon);
+
if (!NT_STATUS_IS_OK(status)) {
return false;
}
- cli_state_set_tid(cli, cnum);
-
if (!res || !num_refs) {
return false;
}
diff -Nru samba-4.5.8+dfsg/source3/libsmb/clientgen.c samba-4.5.12+dfsg/source3/libsmb/clientgen.c
--- samba-4.5.8+dfsg/source3/libsmb/clientgen.c 2016-09-13 10:21:35.000000000 +0200
+++ samba-4.5.12+dfsg/source3/libsmb/clientgen.c 2017-07-12 08:39:24.000000000 +0200
@@ -227,11 +227,6 @@
cli->smb1.pid = (uint32_t)getpid();
cli->smb1.vc_num = cli->smb1.pid;
- cli->smb1.tcon = smbXcli_tcon_create(cli);
- if (cli->smb1.tcon == NULL) {
- goto error;
- }
- smb1cli_tcon_set_id(cli->smb1.tcon, UINT16_MAX);
cli->smb1.session = smbXcli_session_create(cli, cli->conn);
if (cli->smb1.session == NULL) {
goto error;
@@ -341,27 +336,69 @@
bool cli_state_has_tcon(struct cli_state *cli)
{
- uint16_t tid = cli_state_get_tid(cli);
-
- if (tid == UINT16_MAX) {
- return false;
+ uint32_t tid;
+ if (smbXcli_conn_protocol(cli->conn) >= PROTOCOL_SMB2_02) {
+ if (cli->smb2.tcon == NULL) {
+ return false;
+ }
+ tid = cli_state_get_tid(cli);
+ if (tid == UINT32_MAX) {
+ return false;
+ }
+ } else {
+ if (cli->smb1.tcon == NULL) {
+ return false;
+ }
+ tid = cli_state_get_tid(cli);
+ if (tid == UINT16_MAX) {
+ return false;
+ }
}
-
return true;
}
-uint16_t cli_state_get_tid(struct cli_state *cli)
+uint32_t cli_state_get_tid(struct cli_state *cli)
{
- return smb1cli_tcon_current_id(cli->smb1.tcon);
+ if (smbXcli_conn_protocol(cli->conn) >= PROTOCOL_SMB2_02) {
+ return smb2cli_tcon_current_id(cli->smb2.tcon);
+ } else {
+ return (uint32_t)smb1cli_tcon_current_id(cli->smb1.tcon);
+ }
}
-uint16_t cli_state_set_tid(struct cli_state *cli, uint16_t tid)
+uint32_t cli_state_set_tid(struct cli_state *cli, uint32_t tid)
{
- uint16_t ret = smb1cli_tcon_current_id(cli->smb1.tcon);
- smb1cli_tcon_set_id(cli->smb1.tcon, tid);
+ uint32_t ret;
+ if (smbXcli_conn_protocol(cli->conn) >= PROTOCOL_SMB2_02) {
+ ret = smb2cli_tcon_current_id(cli->smb2.tcon);
+ smb2cli_tcon_set_id(cli->smb1.tcon, tid);
+ } else {
+ ret = smb1cli_tcon_current_id(cli->smb1.tcon);
+ smb1cli_tcon_set_id(cli->smb1.tcon, tid);
+ }
return ret;
}
+struct smbXcli_tcon *cli_state_save_tcon(struct cli_state *cli)
+{
+ if (smbXcli_conn_protocol(cli->conn) >= PROTOCOL_SMB2_02) {
+ return smbXcli_tcon_copy(cli, cli->smb2.tcon);
+ } else {
+ return smbXcli_tcon_copy(cli, cli->smb1.tcon);
+ }
+}
+
+void cli_state_restore_tcon(struct cli_state *cli, struct smbXcli_tcon *tcon)
+{
+ if (smbXcli_conn_protocol(cli->conn) >= PROTOCOL_SMB2_02) {
+ TALLOC_FREE(cli->smb2.tcon);
+ cli->smb2.tcon = tcon;
+ } else {
+ TALLOC_FREE(cli->smb1.tcon);
+ cli->smb1.tcon = tcon;
+ }
+}
+
uint16_t cli_state_get_uid(struct cli_state *cli)
{
return smb1cli_session_current_id(cli->smb1.session);
diff -Nru samba-4.5.8+dfsg/source3/libsmb/proto.h samba-4.5.12+dfsg/source3/libsmb/proto.h
--- samba-4.5.8+dfsg/source3/libsmb/proto.h 2016-09-13 10:21:35.000000000 +0200
+++ samba-4.5.12+dfsg/source3/libsmb/proto.h 2017-07-12 08:39:24.000000000 +0200
@@ -175,8 +175,11 @@
uint32_t cli_setpid(struct cli_state *cli, uint32_t pid);
uint32_t cli_getpid(struct cli_state *cli);
bool cli_state_has_tcon(struct cli_state *cli);
-uint16_t cli_state_get_tid(struct cli_state *cli);
-uint16_t cli_state_set_tid(struct cli_state *cli, uint16_t tid);
+uint32_t cli_state_get_tid(struct cli_state *cli);
+uint32_t cli_state_set_tid(struct cli_state *cli, uint32_t tid);
+struct smbXcli_tcon;
+struct smbXcli_tcon *cli_state_save_tcon(struct cli_state *cli);
+void cli_state_restore_tcon(struct cli_state *cli, struct smbXcli_tcon *tcon);
uint16_t cli_state_get_uid(struct cli_state *cli);
uint16_t cli_state_set_uid(struct cli_state *cli, uint16_t uid);
bool cli_set_case_sensitive(struct cli_state *cli, bool case_sensitive);
diff -Nru samba-4.5.8+dfsg/source3/locking/leases_util.c samba-4.5.12+dfsg/source3/locking/leases_util.c
--- samba-4.5.8+dfsg/source3/locking/leases_util.c 1970-01-01 01:00:00.000000000 +0100
+++ samba-4.5.12+dfsg/source3/locking/leases_util.c 2017-06-19 15:18:24.000000000 +0200
@@ -0,0 +1,72 @@
+/*
+ Unix SMB/CIFS implementation.
+ Lease utility functions
+
+ Copyright (C) Jeremy Allison 2017.
+ Copyright (C) Stefan (metze) Metzmacher 2017.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#define DBGC_CLASS DBGC_LOCKING
+#include "includes.h"
+#include "../librpc/gen_ndr/open_files.h"
+#include "locking/proto.h"
+
+uint32_t map_oplock_to_lease_type(uint16_t op_type)
+{
+ uint32_t ret;
+
+ switch(op_type) {
+ case BATCH_OPLOCK:
+ case BATCH_OPLOCK|EXCLUSIVE_OPLOCK:
+ ret = SMB2_LEASE_READ|SMB2_LEASE_WRITE|SMB2_LEASE_HANDLE;
+ break;
+ case EXCLUSIVE_OPLOCK:
+ ret = SMB2_LEASE_READ|SMB2_LEASE_WRITE;
+ break;
+ case LEVEL_II_OPLOCK:
+ ret = SMB2_LEASE_READ;
+ break;
+ default:
+ ret = SMB2_LEASE_NONE;
+ break;
+ }
+ return ret;
+}
+
+uint32_t fsp_lease_type(const struct files_struct *fsp)
+{
+ if (fsp->oplock_type == LEASE_OPLOCK) {
+ return fsp->lease->lease.lease_state;
+ }
+ return map_oplock_to_lease_type(fsp->oplock_type);
+}
+
+uint32_t lease_type_is_exclusive(uint32_t lease_type)
+{
+ if ((lease_type & (SMB2_LEASE_READ | SMB2_LEASE_WRITE)) ==
+ (SMB2_LEASE_READ | SMB2_LEASE_WRITE)) {
+ return true;
+ }
+
+ return false;
+}
+
+bool fsp_lease_type_is_exclusive(const struct files_struct *fsp)
+{
+ uint32_t lease_type = fsp_lease_type(fsp);
+
+ return lease_type_is_exclusive(lease_type);
+}
diff -Nru samba-4.5.8+dfsg/source3/locking/locking.c samba-4.5.12+dfsg/source3/locking/locking.c
--- samba-4.5.8+dfsg/source3/locking/locking.c 2016-08-11 09:51:04.000000000 +0200
+++ samba-4.5.12+dfsg/source3/locking/locking.c 2017-07-12 08:39:24.000000000 +0200
@@ -118,17 +118,21 @@
}
if (strict_locking == Auto) {
- if (EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type) &&
- (plock->lock_type == READ_LOCK ||
- plock->lock_type == WRITE_LOCK)) {
- DEBUG(10, ("is_locked: optimisation - exclusive oplock "
- "on file %s\n", fsp_str_dbg(fsp)));
+ uint32_t lease_type = fsp_lease_type(fsp);
+
+ if ((lease_type & SMB2_LEASE_READ) &&
+ (plock->lock_type == READ_LOCK))
+ {
+ DBG_DEBUG("optimisation - read lease on file %s\n",
+ fsp_str_dbg(fsp));
return true;
}
- if ((fsp->oplock_type == LEVEL_II_OPLOCK) &&
- (plock->lock_type == READ_LOCK)) {
- DEBUG(10, ("is_locked: optimisation - level II oplock "
- "on file %s\n", fsp_str_dbg(fsp)));
+
+ if ((lease_type & SMB2_LEASE_WRITE) &&
+ (plock->lock_type == WRITE_LOCK))
+ {
+ DBG_DEBUG("optimisation - write lease on file %s\n",
+ fsp_str_dbg(fsp));
return true;
}
}
@@ -854,7 +858,7 @@
return true;
}
-static struct share_mode_entry *find_share_mode_entry(
+struct share_mode_entry *find_share_mode_entry(
struct share_mode_lock *lck, files_struct *fsp)
{
struct share_mode_data *d = lck->data;
diff -Nru samba-4.5.8+dfsg/source3/locking/proto.h samba-4.5.12+dfsg/source3/locking/proto.h
--- samba-4.5.8+dfsg/source3/locking/proto.h 2016-08-11 09:51:04.000000000 +0200
+++ samba-4.5.12+dfsg/source3/locking/proto.h 2017-07-12 08:39:24.000000000 +0200
@@ -169,6 +169,8 @@
bool set_share_mode(struct share_mode_lock *lck, struct files_struct *fsp,
uid_t uid, uint64_t mid, uint16_t op_type,
uint32_t lease_idx);
+struct share_mode_entry *find_share_mode_entry(struct share_mode_lock *lck,
+ files_struct *fsp);
void remove_stale_share_mode_entries(struct share_mode_data *d);
bool del_share_mode(struct share_mode_lock *lck, files_struct *fsp);
bool mark_share_mode_disconnected(struct share_mode_lock *lck,
@@ -248,4 +250,10 @@
const struct lock_struct *plocks,
int num_locks);
+/* The following definitions come from locking/leases_util.c */
+uint32_t map_oplock_to_lease_type(uint16_t op_type);
+uint32_t fsp_lease_type(const struct files_struct *fsp);
+uint32_t lease_type_is_exclusive(uint32_t lease_type);
+bool fsp_lease_type_is_exclusive(const struct files_struct *fsp);
+
#endif /* _LOCKING_PROTO_H_ */
diff -Nru samba-4.5.8+dfsg/source3/locking/share_mode_lock.c samba-4.5.12+dfsg/source3/locking/share_mode_lock.c
--- samba-4.5.8+dfsg/source3/locking/share_mode_lock.c 2016-08-11 09:51:04.000000000 +0200
+++ samba-4.5.12+dfsg/source3/locking/share_mode_lock.c 2017-07-12 08:39:24.000000000 +0200
@@ -322,8 +322,8 @@
}
/*
- * Initialize the values that are [skip] in the idl. The NDR code does
- * not initialize them.
+ * Initialize the values that are [skip] or [ignore]
+ * in the idl. The NDR code does not initialize them.
*/
for (i=0; i<d->num_share_modes; i++) {
diff -Nru samba-4.5.8+dfsg/source3/modules/vfs_acl_tdb.c samba-4.5.12+dfsg/source3/modules/vfs_acl_tdb.c
--- samba-4.5.8+dfsg/source3/modules/vfs_acl_tdb.c 2016-09-13 10:21:35.000000000 +0200
+++ samba-4.5.12+dfsg/source3/modules/vfs_acl_tdb.c 2017-06-19 15:18:24.000000000 +0200
@@ -342,12 +342,30 @@
return -1);
if (config->ignore_system_acls) {
- DBG_NOTICE("setting 'create mask = 0666', "
- "'directory mask = 0777', "
+ mode_t create_mask = lp_create_mask(SNUM(handle->conn));
+ char *create_mask_str = NULL;
+
+ if ((create_mask & 0666) != 0666) {
+ create_mask |= 0666;
+ create_mask_str = talloc_asprintf(handle, "0%o",
+ create_mask);
+ if (create_mask_str == NULL) {
+ DBG_ERR("talloc_asprintf failed\n");
+ return -1;
+ }
+
+ DBG_NOTICE("setting 'create mask = %s'\n", create_mask_str);
+
+ lp_do_parameter (SNUM(handle->conn),
+ "create mask", create_mask_str);
+
+ TALLOC_FREE(create_mask_str);
+ }
+
+ DBG_NOTICE("setting 'directory mask = 0777', "
"'store dos attributes = yes' and all "
"'map ...' options to 'no'\n");
- lp_do_parameter(SNUM(handle->conn), "create mask", "0666");
lp_do_parameter(SNUM(handle->conn), "directory mask", "0777");
lp_do_parameter(SNUM(handle->conn), "map archive", "no");
lp_do_parameter(SNUM(handle->conn), "map hidden", "no");
diff -Nru samba-4.5.8+dfsg/source3/modules/vfs_acl_xattr.c samba-4.5.12+dfsg/source3/modules/vfs_acl_xattr.c
--- samba-4.5.8+dfsg/source3/modules/vfs_acl_xattr.c 2016-09-13 10:21:35.000000000 +0200
+++ samba-4.5.12+dfsg/source3/modules/vfs_acl_xattr.c 2017-06-19 15:18:24.000000000 +0200
@@ -37,17 +37,45 @@
Pull a security descriptor into a DATA_BLOB from a xattr.
*******************************************************************/
+static ssize_t getxattr_do(vfs_handle_struct *handle,
+ files_struct *fsp,
+ const struct smb_filename *smb_fname,
+ const char *xattr_name,
+ uint8_t *val,
+ size_t size)
+{
+ ssize_t sizeret;
+ int saved_errno = 0;
+
+ become_root();
+ if (fsp && fsp->fh->fd != -1) {
+ sizeret = SMB_VFS_FGETXATTR(fsp, xattr_name, val, size);
+ } else {
+ sizeret = SMB_VFS_GETXATTR(handle->conn, smb_fname->base_name,
+ XATTR_NTACL_NAME, val, size);
+ }
+ if (sizeret == -1) {
+ saved_errno = errno;
+ }
+ unbecome_root();
+
+ if (saved_errno != 0) {
+ errno = saved_errno;
+ }
+
+ return sizeret;
+}
+
static NTSTATUS get_acl_blob(TALLOC_CTX *ctx,
vfs_handle_struct *handle,
files_struct *fsp,
const struct smb_filename *smb_fname,
DATA_BLOB *pblob)
{
- size_t size = 1024;
+ size_t size = 4096;
uint8_t *val = NULL;
uint8_t *tmp;
ssize_t sizeret;
- int saved_errno = 0;
ZERO_STRUCTP(pblob);
@@ -60,35 +88,41 @@
}
val = tmp;
- become_root();
- if (fsp && fsp->fh->fd != -1) {
- sizeret = SMB_VFS_FGETXATTR(fsp, XATTR_NTACL_NAME, val, size);
- } else {
- sizeret = SMB_VFS_GETXATTR(handle->conn, smb_fname->base_name,
- XATTR_NTACL_NAME, val, size);
+ sizeret =
+ getxattr_do(handle, fsp, smb_fname, XATTR_NTACL_NAME, val, size);
+
+ if (sizeret >= 0) {
+ pblob->data = val;
+ pblob->length = sizeret;
+ return NT_STATUS_OK;
}
- if (sizeret == -1) {
- saved_errno = errno;
+
+ if (errno != ERANGE) {
+ goto err;
}
- unbecome_root();
- /* Max ACL size is 65536 bytes. */
- if (sizeret == -1) {
- errno = saved_errno;
- if ((errno == ERANGE) && (size != 65536)) {
- /* Too small, try again. */
- size = 65536;
- goto again;
- }
+ /* Too small, try again. */
+ sizeret =
+ getxattr_do(handle, fsp, smb_fname, XATTR_NTACL_NAME, NULL, 0);
+ if (sizeret < 0) {
+ goto err;
+ }
- /* Real error - exit here. */
- TALLOC_FREE(val);
- return map_nt_error_from_unix(errno);
+ if (size < sizeret) {
+ size = sizeret;
}
- pblob->data = val;
- pblob->length = sizeret;
- return NT_STATUS_OK;
+ if (size > 65536) {
+ /* Max ACL size is 65536 bytes. */
+ errno = ERANGE;
+ goto err;
+ }
+
+ goto again;
+ err:
+ /* Real error - exit here. */
+ TALLOC_FREE(val);
+ return map_nt_error_from_unix(errno);
}
/*******************************************************************
@@ -209,12 +243,30 @@
return -1);
if (config->ignore_system_acls) {
- DBG_NOTICE("setting 'create mask = 0666', "
- "'directory mask = 0777', "
+ mode_t create_mask = lp_create_mask(SNUM(handle->conn));
+ char *create_mask_str = NULL;
+
+ if ((create_mask & 0666) != 0666) {
+ create_mask |= 0666;
+ create_mask_str = talloc_asprintf(handle, "0%o",
+ create_mask);
+ if (create_mask_str == NULL) {
+ DBG_ERR("talloc_asprintf failed\n");
+ return -1;
+ }
+
+ DBG_NOTICE("setting 'create mask = %s'\n", create_mask_str);
+
+ lp_do_parameter (SNUM(handle->conn),
+ "create mask", create_mask_str);
+
+ TALLOC_FREE(create_mask_str);
+ }
+
+ DBG_NOTICE("setting 'directory mask = 0777', "
"'store dos attributes = yes' and all "
"'map ...' options to 'no'\n");
- lp_do_parameter(SNUM(handle->conn), "create mask", "0666");
lp_do_parameter(SNUM(handle->conn), "directory mask", "0777");
lp_do_parameter(SNUM(handle->conn), "map archive", "no");
lp_do_parameter(SNUM(handle->conn), "map hidden", "no");
diff -Nru samba-4.5.8+dfsg/source3/modules/vfs_catia.c samba-4.5.12+dfsg/source3/modules/vfs_catia.c
--- samba-4.5.8+dfsg/source3/modules/vfs_catia.c 2017-03-09 10:21:43.000000000 +0100
+++ samba-4.5.12+dfsg/source3/modules/vfs_catia.c 2017-07-12 08:39:24.000000000 +0200
@@ -1316,19 +1316,29 @@
const char *name, void *value, size_t size)
{
char *mapped_name = NULL;
+ char *mapped_ea_name = NULL;
NTSTATUS status;
ssize_t ret;
status = catia_string_replace_allocate(handle->conn,
- name, &mapped_name, vfs_translate_to_unix);
+ path, &mapped_name, vfs_translate_to_unix);
if (!NT_STATUS_IS_OK(status)) {
errno = map_errno_from_nt_status(status);
return -1;
}
+ status = catia_string_replace_allocate(handle->conn,
+ name, &mapped_ea_name, vfs_translate_to_unix);
+ if (!NT_STATUS_IS_OK(status)) {
+ TALLOC_FREE(mapped_name);
+ errno = map_errno_from_nt_status(status);
+ return -1;
+ }
- ret = SMB_VFS_NEXT_GETXATTR(handle, path, mapped_name, value, size);
+ ret = SMB_VFS_NEXT_GETXATTR(handle, mapped_name,
+ mapped_ea_name, value, size);
TALLOC_FREE(mapped_name);
+ TALLOC_FREE(mapped_ea_name);
return ret;
}
@@ -1360,19 +1370,28 @@
const char *name)
{
char *mapped_name = NULL;
+ char *mapped_ea_name = NULL;
NTSTATUS status;
ssize_t ret;
status = catia_string_replace_allocate(handle->conn,
- name, &mapped_name, vfs_translate_to_unix);
+ path, &mapped_name, vfs_translate_to_unix);
if (!NT_STATUS_IS_OK(status)) {
errno = map_errno_from_nt_status(status);
return -1;
}
+ status = catia_string_replace_allocate(handle->conn,
+ name, &mapped_ea_name, vfs_translate_to_unix);
+ if (!NT_STATUS_IS_OK(status)) {
+ TALLOC_FREE(mapped_name);
+ errno = map_errno_from_nt_status(status);
+ return -1;
+ }
- ret = SMB_VFS_NEXT_REMOVEXATTR(handle, path, mapped_name);
+ ret = SMB_VFS_NEXT_REMOVEXATTR(handle, mapped_name, mapped_ea_name);
TALLOC_FREE(mapped_name);
+ TALLOC_FREE(mapped_ea_name);
return ret;
}
@@ -1383,19 +1402,29 @@
int flags)
{
char *mapped_name = NULL;
+ char *mapped_ea_name = NULL;
NTSTATUS status;
ssize_t ret;
status = catia_string_replace_allocate(handle->conn,
- name, &mapped_name, vfs_translate_to_unix);
+ path, &mapped_name, vfs_translate_to_unix);
if (!NT_STATUS_IS_OK(status)) {
errno = map_errno_from_nt_status(status);
return -1;
}
+ status = catia_string_replace_allocate(handle->conn,
+ name, &mapped_ea_name, vfs_translate_to_unix);
+ if (!NT_STATUS_IS_OK(status)) {
+ TALLOC_FREE(mapped_name);
+ errno = map_errno_from_nt_status(status);
+ return -1;
+ }
- ret = SMB_VFS_NEXT_SETXATTR(handle, path, mapped_name, value, size, flags);
+ ret = SMB_VFS_NEXT_SETXATTR(handle, mapped_name, mapped_ea_name,
+ value, size, flags);
TALLOC_FREE(mapped_name);
+ TALLOC_FREE(mapped_ea_name);
return ret;
}
diff -Nru samba-4.5.8+dfsg/source3/modules/vfs_expand_msdfs.c samba-4.5.12+dfsg/source3/modules/vfs_expand_msdfs.c
--- samba-4.5.8+dfsg/source3/modules/vfs_expand_msdfs.c 2016-08-11 09:51:04.000000000 +0200
+++ samba-4.5.12+dfsg/source3/modules/vfs_expand_msdfs.c 2017-05-22 19:48:32.000000000 +0200
@@ -147,8 +147,7 @@
return NULL;
}
- targethost = read_target_host(
- ctx, raddr, mapfilename);
+ targethost = read_target_host(ctx, mapfilename, raddr);
if (targethost == NULL) {
DEBUG(1, ("Could not expand target host from file %s\n",
mapfilename));
diff -Nru samba-4.5.8+dfsg/source3/modules/vfs_fruit.c samba-4.5.12+dfsg/source3/modules/vfs_fruit.c
--- samba-4.5.8+dfsg/source3/modules/vfs_fruit.c 2017-03-09 10:21:43.000000000 +0100
+++ samba-4.5.12+dfsg/source3/modules/vfs_fruit.c 2017-06-19 15:18:24.000000000 +0200
@@ -137,6 +137,7 @@
bool copyfile_enabled;
bool veto_appledouble;
bool posix_rename;
+ bool aapl_zero_file_id;
/*
* Additional options, all enabled by default,
@@ -1576,6 +1577,9 @@
config->posix_rename = lp_parm_bool(
SNUM(handle->conn), FRUIT_PARAM_TYPE_NAME, "posix_rename", true);
+ config->aapl_zero_file_id =
+ lp_parm_bool(-1, FRUIT_PARAM_TYPE_NAME, "zero_file_id", true);
+
config->readdir_attr_rsize = lp_parm_bool(
SNUM(handle->conn), "readdir_attr", "aapl_rsize", true);
@@ -2182,9 +2186,23 @@
}
if (req_bitmap & SMB2_CRTCTX_AAPL_VOLUME_CAPS) {
- SBVAL(p, 0,
- lp_case_sensitive(SNUM(handle->conn->tcon->compat)) ?
- SMB2_CRTCTX_AAPL_CASE_SENSITIVE : 0);
+ int val = lp_case_sensitive(SNUM(handle->conn->tcon->compat));
+ uint64_t caps = 0;
+
+ switch (val) {
+ case Auto:
+ break;
+
+ case True:
+ caps |= SMB2_CRTCTX_AAPL_CASE_SENSITIVE;
+ break;
+
+ default:
+ break;
+ }
+
+ SBVAL(p, 0, caps);
+
ok = data_blob_append(req, &blob, p, 8);
if (!ok) {
return NT_STATUS_UNSUCCESSFUL;
@@ -2221,6 +2239,9 @@
blob);
if (NT_STATUS_IS_OK(status)) {
global_fruit_config.nego_aapl = true;
+ if (config->aapl_zero_file_id) {
+ aapl_force_zero_file_id(handle->conn->sconn);
+ }
}
return status;
@@ -2948,6 +2969,20 @@
SMB_VFS_HANDLE_GET_DATA(handle, config,
struct fruit_config_data, return -1);
+ if (((flags & O_ACCMODE) == O_RDONLY)
+ && (flags & O_CREAT)
+ && !VALID_STAT(fsp->fsp_name->st))
+ {
+ /*
+ * This means the stream doesn't exist. macOS SMB server fails
+ * this with NT_STATUS_OBJECT_NAME_NOT_FOUND, so must we. Cf bug
+ * 12565 and the test for this combination in
+ * test_rfork_create().
+ */
+ errno = ENOENT;
+ return -1;
+ }
+
switch (config->rsrc) {
case FRUIT_RSRC_STREAM:
fd = SMB_VFS_NEXT_OPEN(handle, smb_fname, fsp, flags, mode);
diff -Nru samba-4.5.8+dfsg/source3/modules/vfs_shadow_copy2.c samba-4.5.12+dfsg/source3/modules/vfs_shadow_copy2.c
--- samba-4.5.8+dfsg/source3/modules/vfs_shadow_copy2.c 2017-03-09 10:21:43.000000000 +0100
+++ samba-4.5.12+dfsg/source3/modules/vfs_shadow_copy2.c 2017-06-19 15:18:24.000000000 +0200
@@ -444,7 +444,11 @@
if (memcmp(abs_path, cwd, cwd_len) != 0) {
return false;
}
- if (abs_path[cwd_len] != '/' && abs_path[cwd_len] != '\0') {
+ /* The cwd_len != 1 case is for $cwd == '/' */
+ if (cwd_len != 1 &&
+ abs_path[cwd_len] != '/' &&
+ abs_path[cwd_len] != '\0')
+ {
return false;
}
if (abs_path[cwd_len] == '/') {
@@ -667,10 +671,11 @@
* with a path prefix.
*/
if (pstripped != NULL) {
- if (len_before_gmt > 0) {
+ if (len_before_gmt > 1) {
/*
- * There is a slash before
- * the @GMT-. Remove it.
+ * There is a path (and not only a slash)
+ * before the @GMT-. Remove the trailing
+ * slash character.
*/
len_before_gmt -= 1;
}
@@ -684,7 +689,7 @@
if (make_relative_path(priv->shadow_cwd,
stripped) == false) {
DEBUG(10, (__location__ ": path '%s' "
- "doesn't start with cwd '%s\n",
+ "doesn't start with cwd '%s'\n",
stripped, priv->shadow_cwd));
ret = false;
errno = ENOENT;
@@ -726,7 +731,7 @@
if (make_relative_path(priv->shadow_cwd,
stripped) == false) {
DEBUG(10, (__location__ ": path '%s' "
- "doesn't start with cwd '%s\n",
+ "doesn't start with cwd '%s'\n",
stripped, priv->shadow_cwd));
ret = false;
errno = ENOENT;
diff -Nru samba-4.5.8+dfsg/source3/modules/vfs_xattr_tdb.c samba-4.5.12+dfsg/source3/modules/vfs_xattr_tdb.c
--- samba-4.5.8+dfsg/source3/modules/vfs_xattr_tdb.c 2016-08-11 09:51:04.000000000 +0200
+++ samba-4.5.12+dfsg/source3/modules/vfs_xattr_tdb.c 2017-06-19 15:18:24.000000000 +0200
@@ -85,6 +85,12 @@
TALLOC_FREE(frame);
return -1;
}
+
+ if (size == 0) {
+ TALLOC_FREE(frame);
+ return xattr_size;
+ }
+
if (blob.length > size) {
TALLOC_FREE(frame);
errno = ERANGE;
@@ -125,6 +131,12 @@
TALLOC_FREE(frame);
return -1;
}
+
+ if (size == 0) {
+ TALLOC_FREE(frame);
+ return xattr_size;
+ }
+
if (blob.length > size) {
TALLOC_FREE(frame);
errno = ERANGE;
diff -Nru samba-4.5.8+dfsg/source3/rpc_client/cli_lsarpc.c samba-4.5.12+dfsg/source3/rpc_client/cli_lsarpc.c
--- samba-4.5.8+dfsg/source3/rpc_client/cli_lsarpc.c 2016-08-11 09:51:04.000000000 +0200
+++ samba-4.5.12+dfsg/source3/rpc_client/cli_lsarpc.c 2017-06-19 15:18:24.000000000 +0200
@@ -28,6 +28,7 @@
#include "rpc_client/cli_lsarpc.h"
#include "rpc_client/init_lsa.h"
#include "../libcli/security/security.h"
+#include "lsa.h"
/** @defgroup lsa LSA - Local Security Architecture
* @ingroup rpc_client
@@ -221,7 +222,7 @@
return status;
}
- if(!NT_STATUS_IS_ERR(result)) {
+ if (!NT_STATUS_LOOKUP_ERR(result)) {
lsa_names.count = lsa_names2.count;
lsa_names.names = talloc_array(mem_ctx,
struct lsa_TranslatedName,
@@ -256,10 +257,7 @@
return status;
}
- if (!NT_STATUS_IS_OK(result) &&
- !NT_STATUS_EQUAL(result, NT_STATUS_NONE_MAPPED) &&
- !NT_STATUS_EQUAL(result, STATUS_SOME_UNMAPPED))
- {
+ if (NT_STATUS_LOOKUP_ERR(result)) {
*presult = result;
return status;
}
diff -Nru samba-4.5.8+dfsg/source3/rpc_server/srv_pipe.c samba-4.5.12+dfsg/source3/rpc_server/srv_pipe.c
--- samba-4.5.8+dfsg/source3/rpc_server/srv_pipe.c 2016-08-11 09:51:04.000000000 +0200
+++ samba-4.5.12+dfsg/source3/rpc_server/srv_pipe.c 2017-06-19 15:18:24.000000000 +0200
@@ -476,6 +476,11 @@
{
NTSTATUS status;
+ if (strchr(pipename, '/')) {
+ DEBUG(1, ("Refusing open on pipe %s\n", pipename));
+ return false;
+ }
+
if (lp_disable_spoolss() && strequal(pipename, "spoolss")) {
DEBUG(10, ("refusing spoolss access\n"));
return false;
diff -Nru samba-4.5.8+dfsg/source3/script/tests/test_large_acl.sh samba-4.5.12+dfsg/source3/script/tests/test_large_acl.sh
--- samba-4.5.8+dfsg/source3/script/tests/test_large_acl.sh 1970-01-01 01:00:00.000000000 +0100
+++ samba-4.5.12+dfsg/source3/script/tests/test_large_acl.sh 2017-06-19 15:18:24.000000000 +0200
@@ -0,0 +1,59 @@
+#!/bin/bash
+#
+# Blackbox test for fetching a large ACL
+#
+
+if [ $# -lt 5 ]; then
+cat <<EOF
+Usage: $0 SERVER USERNAME PASSWORD SMBCLIENT SMBCACLS PARAMS
+EOF
+exit 1;
+fi
+
+SERVER=${1}
+USERNAME=${2}
+PASSWORD=${3}
+SMBCLIENT=${4}
+SMBCACLS=${5}
+shift 5
+ADDARGS="$*"
+SMBCLIENT="$VALGRIND ${SMBCLIENT} ${ADDARGS}"
+SMBCACLS="$VALGRIND ${SMBCACLS} ${ADDARGS}"
+
+incdir=`dirname $0`/../../../testprogs/blackbox
+. $incdir/subunit.sh
+
+# build a file to work with
+build_files()
+{
+ touch large_acl
+ $SMBCLIENT //$SERVER/acl_xattr_ign_sysacl_windows -U $USERNAME%$PASSWORD -c 'put large_acl' > /dev/null 2>&1
+ rm -rf large_acl > /dev/null
+}
+
+cleanup()
+{
+ $SMBCLIENT //$SERVER/acl_xattr_ign_sysacl_windows -U $USERNAME%$PASSWORD -c 'rm large_acl' > /dev/null 2>&1
+}
+
+build_files
+
+test_large_acl()
+{
+ #An ACL with 200 entries, ~7K
+ new_acl=$(seq 1001 1200 | sed -r -e '1 i\D:(A;;0x001f01ff;;;WD)' -e 's/(.*)/(A;;0x001f01ff;;;S-1-5-21-11111111-22222222-33333333-\1)/' | tr -d '\n')
+ $SMBCACLS //$SERVER/acl_xattr_ign_sysacl_windows -U $USERNAME%$PASSWORD --sddl -S $new_acl large_acl
+ actual_acl=$($SMBCACLS //$SERVER/acl_xattr_ign_sysacl_windows -U $USERNAME%$PASSWORD --sddl --numeric large_acl 2>/dev/null | sed -rn 's/.*(D:.*)/\1/p' | tr -d '\n')
+ if [ ! "$new_acl" = "$actual_acl" ] ; then
+ echo -e "expected:\n$new_acl\nactual:\n$actual_acl\n"
+ return 1
+ fi
+}
+
+failed=0
+
+testit "able to retrieve a large ACL if VFS supports it" test_large_acl || failed=`expr $failed + 1`
+
+cleanup
+
+exit $failed
diff -Nru samba-4.5.8+dfsg/source3/script/tests/test_smbclient_s3.sh samba-4.5.12+dfsg/source3/script/tests/test_smbclient_s3.sh
--- samba-4.5.8+dfsg/source3/script/tests/test_smbclient_s3.sh 2017-03-31 08:25:18.000000000 +0200
+++ samba-4.5.12+dfsg/source3/script/tests/test_smbclient_s3.sh 2017-07-12 08:39:24.000000000 +0200
@@ -346,6 +346,17 @@
tmpfile=$PREFIX/smbclient.in.$$
prompt=" msdfs-target "
+ cmd='$SMBCLIENT "$@" -U$USERNAME%$PASSWORD //$SERVER/msdfs-share -I $SERVER_IP $ADDARGS -m nt1 -c dir 2>&1'
+ out=`eval $cmd`
+ ret=$?
+
+ if [ $ret != 0 ] ; then
+ echo "$out"
+ echo "failed listing msfds-share\ with error $ret"
+ false
+ return
+ fi
+
cat > $tmpfile <<EOF
ls
cd \\msdfs-src1
@@ -1204,6 +1215,57 @@
fi
}
+# Test we can follow normal symlinks.
+# Bug: https://bugzilla.samba.org/show_bug.cgi?id=12860
+# Note - this needs to be tested over SMB3, not SMB1.
+
+test_local_symlinks()
+{
+# Setup test dirs.
+ LOCAL_RAWARGS="${CONFIGURATION} -mSMB3"
+ LOCAL_ADDARGS="${LOCAL_RAWARGS} $*"
+
+ test_dir="$LOCAL_PATH/local_symlinks/test"
+
+ slink_name="$test_dir/sym_name"
+ slink_target_dir="$test_dir/dir1"
+
+ rm -rf $test_dir
+
+ mkdir -p $test_dir
+ mkdir $slink_target_dir
+ ln -s $slink_target_dir $slink_name
+
+# Can we cd into the symlink name and ls ?
+ tmpfile=$PREFIX/smbclient_interactive_prompt_commands
+ cat > $tmpfile <<EOF
+cd test\\sym_name
+ls
+quit
+EOF
+ cmd='CLI_FORCE_INTERACTIVE=yes $SMBCLIENT "$@" -U$USERNAME%$PASSWORD //$SERVER/local_symlinks -I $SERVER_IP $LOCAL_ADDARGS < $tmpfile 2>&1'
+ eval echo "$cmd"
+ out=`eval $cmd`
+ ret=$?
+ rm -f $tmpfile
+
+ if [ $ret -ne 0 ] ; then
+ echo "$out"
+ echo "failed accessing local_symlinks with error $ret"
+ false
+ return
+ fi
+
+ echo "$out" | grep 'NT_STATUS_'
+ ret=$?
+ if [ $ret -eq 0 ] ; then
+ echo "$out"
+ echo "failed - got an NT_STATUS error"
+ false
+ return
+ fi
+}
+
LOGDIR_PREFIX=test_smbclient_s3
# possibly remove old logdirs:
@@ -1307,6 +1369,10 @@
test_nosymlinks || \
failed=`expr $failed + 1`
+testit "follow local symlinks" \
+ test_local_symlinks || \
+ failed=`expr $failed + 1`
+
testit "rm -rf $LOGDIR" \
rm -rf $LOGDIR || \
failed=`expr $failed + 1`
diff -Nru samba-4.5.8+dfsg/source3/script/tests/test_wbinfo_sids2xids_int.py samba-4.5.12+dfsg/source3/script/tests/test_wbinfo_sids2xids_int.py
--- samba-4.5.8+dfsg/source3/script/tests/test_wbinfo_sids2xids_int.py 2016-08-11 09:51:04.000000000 +0200
+++ samba-4.5.12+dfsg/source3/script/tests/test_wbinfo_sids2xids_int.py 2017-06-19 15:18:24.000000000 +0200
@@ -29,7 +29,7 @@
#print domain
#print domsid
-sids=[ domsid + '-512', 'S-1-5-32-545', domsid + '-513' ]
+sids=[ domsid + '-512', 'S-1-5-32-545', domsid + '-513', 'S-1-1-0', 'S-1-3-1', 'S-1-5-1' ]
flush_cache()
diff -Nru samba-4.5.8+dfsg/source3/selftest/tests.py samba-4.5.12+dfsg/source3/selftest/tests.py
--- samba-4.5.8+dfsg/source3/selftest/tests.py 2017-03-09 10:21:43.000000000 +0100
+++ samba-4.5.12+dfsg/source3/selftest/tests.py 2017-06-19 15:18:24.000000000 +0200
@@ -36,6 +36,26 @@
selftesthelpers.plansmbtorture4testsuite(
name, env, options, target='samba3', modname=modname)
+# find config.h
+try:
+ config_h = os.environ["CONFIG_H"]
+except KeyError:
+ samba4bindir = bindir()
+ config_h = os.path.join(samba4bindir, "default/include/config.h")
+
+# check available features
+config_hash = dict()
+f = open(config_h, 'r')
+try:
+ lines = f.readlines()
+ config_hash = dict((x[0], ' '.join(x[1:]))
+ for x in map(lambda line: line.strip().split(' ')[1:],
+ filter(lambda line: (line[0:7] == '#define') and (len(line.split(' ')) > 2), lines)))
+finally:
+ f.close()
+
+have_libarchive = ("HAVE_LIBARCHIVE" in config_hash)
+have_linux_kernel_oplocks = ("HAVE_KERNEL_OPLOCKS_LINUX" in config_hash)
plantestsuite("samba3.blackbox.success", "nt4_dc:local", [os.path.join(samba3srcdir, "script/tests/test_success.sh")])
plantestsuite("samba3.blackbox.failure", "nt4_dc:local", [os.path.join(samba3srcdir, "script/tests/test_failure.sh")])
@@ -199,24 +219,12 @@
plantestsuite("samba3.blackbox.netshareenum (%s)" % env, env, [os.path.join(samba3srcdir, "script/tests/test_shareenum.sh"), '$SERVER', '$USERNAME', '$PASSWORD', rpcclient])
plantestsuite("samba3.blackbox.acl_xattr (%s)" % env, env, [os.path.join(samba3srcdir, "script/tests/test_acl_xattr.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$PREFIX', smbclient3, smbcacls])
plantestsuite("samba3.blackbox.smb2.not_casesensitive (%s)" % env, env, [os.path.join(samba3srcdir, "script/tests/test_smb2_not_casesensitive.sh"), '//$SERVER/tmp', '$SERVER_IP', '$USERNAME', '$PASSWORD', '$LOCAL_PATH', smbclient3])
+ plantestsuite("samba3.blackbox.large_acl (%s)" % env, env, [os.path.join(samba3srcdir, "script/tests/test_large_acl.sh"), '$SERVER', '$USERNAME', '$PASSWORD', smbclient3, smbcacls])
#
# tar command tests
#
- # find config.h
- try:
- config_h = os.environ["CONFIG_H"]
- except KeyError:
- config_h = os.path.join(samba4bindir, "default/include/config.h")
-
- # see if libarchive is supported
- f = open(config_h, 'r')
- try:
- have_libarchive = ("HAVE_LIBARCHIVE 1" in f.read())
- finally:
- f.close()
-
# tar command enabled only if built with libarchive
if have_libarchive:
# Test smbclient/tarmode
@@ -314,7 +322,7 @@
local = ["local.nss"]
-idmap = ["idmap.rfc2307", "idmap.alloc"]
+idmap = ["idmap.rfc2307", "idmap.alloc", "idmap.rid"]
rap = ["rap.basic", "rap.rpc", "rap.printing", "rap.sam"]
@@ -324,7 +332,7 @@
libsmbclient = ["libsmbclient"]
-vfs = ["vfs.fruit", "vfs.acl_xattr", "vfs.fruit_netatalk"]
+vfs = ["vfs.fruit", "vfs.acl_xattr", "vfs.fruit_netatalk", "vfs.fruit_file_id"]
tests= base + raw + smb2 + rpc + unix + local + rap + nbt + libsmbclient + idmap + vfs
@@ -381,9 +389,21 @@
plansmbtorture4testsuite(t, "nt4_dc", '//$SERVER_IP/write-list-tmp -U$USERNAME%$PASSWORD')
plansmbtorture4testsuite(t, "ad_dc", '//$SERVER/tmp -U$USERNAME%$PASSWORD')
elif t == "idmap.rfc2307":
- plantestsuite(t, "ad_member_rfc2307", [os.path.join(samba3srcdir, "../nsswitch/tests/test_idmap_rfc2307.sh"), '$DOMAIN', 'Administrator', '2000000', 'Guest', '2000001', '"Domain Users"', '2000002', 'DnsAdmins', '2000003', 'ou=idmap,dc=samba,dc=example,dc=com', '$DC_SERVER', '$DC_USERNAME', '$DC_PASSWORD'])
+ plantestsuite(t, "ad_member_rfc2307",
+ [os.path.join(samba3srcdir,
+ "../nsswitch/tests/test_idmap_rfc2307.sh"),
+ '$DOMAIN',
+ 'Administrator', '2000000',
+ 'Guest', '2000001',
+ '"Domain Users"', '2000002',
+ 'DnsAdmins', '2000003',
+ '2000005', '35',
+ 'ou=idmap,dc=samba,dc=example,dc=com',
+ '$DC_SERVER', '$DC_USERNAME', '$DC_PASSWORD'])
elif t == "idmap.alloc":
plantestsuite(t, "ad_member_rfc2307", [os.path.join(samba3srcdir, "../nsswitch/tests/test_idmap_nss.sh"), '$DOMAIN'])
+ elif t == "idmap.rid":
+ plantestsuite(t, "ad_member_idmap_rid", [os.path.join(samba3srcdir, "../nsswitch/tests/test_idmap_rid.sh"), '$DOMAIN', '2000000'])
elif t == "raw.acls":
plansmbtorture4testsuite(t, "nt4_dc", '//$SERVER_IP/tmp -U$USERNAME%$PASSWORD')
plansmbtorture4testsuite(t, "nt4_dc", '//$SERVER_IP/nfs4acl_simple -U$USERNAME%$PASSWORD', description='nfs4acl_xattr-simple')
@@ -412,6 +432,8 @@
plansmbtorture4testsuite(t, "nt4_dc", '//$SERVER_IP/vfs_fruit_stream_depot --option=torture:share2=vfs_wo_fruit_stream_depot -U$USERNAME%$PASSWORD', 'streams_depot')
elif t == "vfs.fruit_netatalk":
plansmbtorture4testsuite(t, "nt4_dc", '//$SERVER_IP/vfs_fruit -U$USERNAME%$PASSWORD --option=torture:localdir=$SELFTEST_PREFIX/nt4_dc/share')
+ elif t == "vfs.fruit_file_id":
+ plansmbtorture4testsuite(t, "nt4_dc", '//$SERVER_IP/vfs_fruit -U$USERNAME%$PASSWORD')
elif t == "rpc.schannel_anon_setpw":
plansmbtorture4testsuite(t, "nt4_dc", '//$SERVER_IP/tmp -U$%', description="anonymous password set")
plansmbtorture4testsuite(t, "nt4_dc_schannel", '//$SERVER_IP/tmp -U$%', description="anonymous password set (schannel enforced server-side)")
@@ -426,6 +448,9 @@
plansmbtorture4testsuite(t, "ad_dc", '//$SERVER/tmp -U$USERNAME%$PASSWORD --signing=required')
elif t == "smb2.dosmode":
plansmbtorture4testsuite(t, "simpleserver", '//$SERVER/dosmode -U$USERNAME%$PASSWORD')
+ elif t == "smb2.kernel-oplocks":
+ if have_linux_kernel_oplocks:
+ plansmbtorture4testsuite(t, "nt4_dc", '//$SERVER/kernel_oplocks -U$USERNAME%$PASSWORD')
elif t == "vfs.acl_xattr":
plansmbtorture4testsuite(t, "nt4_dc", '//$SERVER_IP/tmp -U$USERNAME%$PASSWORD')
else:
diff -Nru samba-4.5.8+dfsg/source3/smbd/files.c samba-4.5.12+dfsg/source3/smbd/files.c
--- samba-4.5.8+dfsg/source3/smbd/files.c 2016-08-11 09:51:04.000000000 +0200
+++ samba-4.5.12+dfsg/source3/smbd/files.c 2017-07-12 08:39:24.000000000 +0200
@@ -552,9 +552,7 @@
* Clear all possible chained fsp
* pointers in the SMB2 request queue.
*/
- if (req != NULL && req->smb2req) {
- remove_smb2_chained_fsp(fsp);
- }
+ remove_smb2_chained_fsp(fsp);
/* Drop all remaining extensions. */
vfs_remove_all_fsp_extensions(fsp);
@@ -785,14 +783,6 @@
return &fsp->conn->sconn->client->connections->smb2.client.guid;
}
-uint32_t fsp_lease_type(struct files_struct *fsp)
-{
- if (fsp->oplock_type == LEASE_OPLOCK) {
- return fsp->lease->lease.lease_state;
- }
- return map_oplock_to_lease_type(fsp->oplock_type);
-}
-
size_t fsp_fullbasepath(struct files_struct *fsp, char *buf, size_t buflen)
{
int len;
diff -Nru samba-4.5.8+dfsg/source3/smbd/globals.h samba-4.5.12+dfsg/source3/smbd/globals.h
--- samba-4.5.8+dfsg/source3/smbd/globals.h 2016-08-11 09:51:04.000000000 +0200
+++ samba-4.5.12+dfsg/source3/smbd/globals.h 2017-05-22 19:48:32.000000000 +0200
@@ -862,6 +862,7 @@
struct messaging_context *msg_ctx;
struct notify_context *notify_ctx;
bool using_smb2;
+ bool aapl_zero_file_id; /* Apple-specific */
int trans_num;
size_t num_users;
diff -Nru samba-4.5.8+dfsg/source3/smbd/msdfs.c samba-4.5.12+dfsg/source3/smbd/msdfs.c
--- samba-4.5.8+dfsg/source3/smbd/msdfs.c 2016-08-11 09:51:04.000000000 +0200
+++ samba-4.5.12+dfsg/source3/smbd/msdfs.c 2017-06-19 15:18:24.000000000 +0200
@@ -888,7 +888,7 @@
}
status = dfs_path_lookup(ctx, conn, path_in, pdp,
- search_wcard_flag, NULL, NULL);
+ ucf_flags, NULL, NULL);
if (!NT_STATUS_IS_OK(status)) {
if (NT_STATUS_EQUAL(status, NT_STATUS_PATH_NOT_COVERED)) {
DEBUG(3,("dfs_redirect: Redirecting %s\n", path_in));
@@ -1073,7 +1073,7 @@
* NT_STATUS_PATH_NOT_COVERED. */
status = dfs_path_lookup(ctx, conn, dfs_path, pdp,
- False, consumedcntp, &targetpath);
+ 0, consumedcntp, &targetpath);
if (!NT_STATUS_EQUAL(status, NT_STATUS_PATH_NOT_COVERED)) {
DEBUG(3,("get_referred_path: No valid referrals for path %s\n",
diff -Nru samba-4.5.8+dfsg/source3/smbd/negprot.c samba-4.5.12+dfsg/source3/smbd/negprot.c
--- samba-4.5.8+dfsg/source3/smbd/negprot.c 2017-03-09 10:21:43.000000000 +0100
+++ samba-4.5.12+dfsg/source3/smbd/negprot.c 2017-05-22 19:48:32.000000000 +0200
@@ -723,17 +723,26 @@
break;
}
- if(choice != -1) {
- fstrcpy(remote_proto,supported_protocols[protocol].short_name);
- reload_services(sconn, conn_snum_used, true);
- supported_protocols[protocol].proto_reply_fn(req, choice);
- DEBUG(3,("Selected protocol %s\n",supported_protocols[protocol].proto_name));
- } else {
- DEBUG(0,("No protocol supported !\n"));
+ if (choice == -1) {
+ bool ok;
+
+ DBG_NOTICE("No protocol supported !\n");
reply_outbuf(req, 1, 0);
SSVAL(req->outbuf, smb_vwv0, choice);
+
+ ok = srv_send_smb(xconn, (char *)req->outbuf,
+ false, 0, false, NULL);
+ if (!ok) {
+ DBG_NOTICE("srv_send_smb failed\n");
+ }
+ exit_server_cleanly("no protocol supported\n");
}
+ fstrcpy(remote_proto,supported_protocols[protocol].short_name);
+ reload_services(sconn, conn_snum_used, true);
+ supported_protocols[protocol].proto_reply_fn(req, choice);
+ DEBUG(3,("Selected protocol %s\n",supported_protocols[protocol].proto_name));
+
DEBUG( 5, ( "negprot index=%d\n", choice ) );
/* We always have xconn->smb1.signing_state also for >= SMB2_02 */
diff -Nru samba-4.5.8+dfsg/source3/smbd/notifyd/notifyd.c samba-4.5.12+dfsg/source3/smbd/notifyd/notifyd.c
--- samba-4.5.8+dfsg/source3/smbd/notifyd/notifyd.c 2016-08-11 09:51:04.000000000 +0200
+++ samba-4.5.12+dfsg/source3/smbd/notifyd/notifyd.c 2017-06-19 15:18:24.000000000 +0200
@@ -732,7 +732,8 @@
{
struct notifyd_trigger_state *tstate = private_data;
- struct notify_event_msg msg = { .action = tstate->msg->action };
+ struct notify_event_msg msg = { .action = tstate->msg->action,
+ .when = tstate->msg->when };
struct iovec iov[2];
size_t path_len = key.dsize;
struct notifyd_instance *instances = NULL;
diff -Nru samba-4.5.8+dfsg/source3/smbd/notify_inotify.c samba-4.5.12+dfsg/source3/smbd/notify_inotify.c
--- samba-4.5.8+dfsg/source3/smbd/notify_inotify.c 2016-08-11 09:51:04.000000000 +0200
+++ samba-4.5.12+dfsg/source3/smbd/notify_inotify.c 2017-06-19 15:18:24.000000000 +0200
@@ -97,7 +97,7 @@
uint32_t filter = 0;
for (i = 0; i < ARRAY_SIZE(inotify_mapping); i++) {
- if (inotify_mapping[0].inotify_mask & mask) {
+ if (inotify_mapping[i].inotify_mask & mask) {
filter |= inotify_mapping[i].notify_mask;
}
}
diff -Nru samba-4.5.8+dfsg/source3/smbd/open.c samba-4.5.12+dfsg/source3/smbd/open.c
--- samba-4.5.8+dfsg/source3/smbd/open.c 2017-03-31 08:25:18.000000000 +0200
+++ samba-4.5.12+dfsg/source3/smbd/open.c 2017-07-12 08:39:24.000000000 +0200
@@ -44,6 +44,13 @@
bool delayed_for_oplocks;
bool async_open;
struct file_id id;
+
+ /*
+ * Timer for async opens, needed because they don't use a watch on
+ * a locking.tdb record. This is currently only used for real async
+ * opens and just terminates smbd if the async open times out.
+ */
+ struct tevent_timer *te;
};
/****************************************************************************
@@ -572,7 +579,18 @@
if (fd == -1) {
saved_errno = link_errno_convert(errno);
- if (saved_errno == ELOOP) {
+ /*
+ * Trying to open a symlink to a directory with O_NOFOLLOW and
+ * O_DIRECTORY can return either of ELOOP and ENOTDIR. So
+ * ENOTDIR really means: might be a symlink, but we're not sure.
+ * In this case, we just assume there's a symlink. If we were
+ * wrong, process_symlink_open() will return EINVAL. We check
+ * this below, and fall back to returning the initial
+ * saved_errno.
+ *
+ * BUG: https://bugzilla.samba.org/show_bug.cgi?id=12860
+ */
+ if (saved_errno == ELOOP || saved_errno == ENOTDIR) {
if (fsp->posix_flags & FSP_POSIX_FLAGS_OPEN) {
/* Never follow symlinks on posix open. */
goto out;
@@ -582,7 +600,7 @@
goto out;
}
/*
- * We have a symlink. Follow in userspace
+ * We may have a symlink. Follow in userspace
* to ensure it's under the share definition.
*/
fd = process_symlink_open(conn,
@@ -593,6 +611,15 @@
mode,
link_depth);
if (fd == -1) {
+ if (saved_errno == ENOTDIR &&
+ errno == EINVAL) {
+ /*
+ * O_DIRECTORY on neither a directory,
+ * nor a symlink. Just return
+ * saved_errno from initial open()
+ */
+ goto out;
+ }
saved_errno =
link_errno_convert(errno);
}
@@ -1807,6 +1834,23 @@
return delay;
}
+/**
+ * Return lease or oplock state from a share mode
+ **/
+static uint32_t get_lease_type_from_share_mode(const struct share_mode_data *d)
+{
+ uint32_t e_lease_type = 0;
+ uint32_t i;
+
+ for (i=0; i < d->num_share_modes; i++) {
+ struct share_mode_entry *e = &d->share_modes[i];
+
+ e_lease_type |= get_lease_type(d, e);
+ }
+
+ return e_lease_type;
+}
+
static bool file_has_brlocks(files_struct *fsp)
{
struct byte_range_lock *br_lck;
@@ -2195,71 +2239,112 @@
return (timeval_compare(&end_time, &now) < 0);
}
+static struct deferred_open_record *deferred_open_record_create(
+ bool delayed_for_oplocks,
+ bool async_open,
+ struct file_id id)
+{
+ struct deferred_open_record *record = NULL;
+
+ record = talloc(NULL, struct deferred_open_record);
+ if (record == NULL) {
+ return NULL;
+ }
+
+ *record = (struct deferred_open_record) {
+ .delayed_for_oplocks = delayed_for_oplocks,
+ .async_open = async_open,
+ .id = id,
+ };
+
+ return record;
+}
+
struct defer_open_state {
struct smbXsrv_connection *xconn;
uint64_t mid;
+ struct file_id file_id;
+ struct timeval request_time;
+ struct timeval timeout;
+ bool kernel_oplock;
+ uint32_t lease_type;
};
static void defer_open_done(struct tevent_req *req);
-/****************************************************************************
- Handle the 1 second delay in returning a SHARING_VIOLATION error.
-****************************************************************************/
-
+/**
+ * Defer an open and watch a locking.tdb record
+ *
+ * This defers an open that gets rescheduled once the locking.tdb record watch
+ * is triggered by a change to the record.
+ *
+ * It is used to defer opens that triggered an oplock break and for the SMB1
+ * sharing violation delay.
+ **/
static void defer_open(struct share_mode_lock *lck,
struct timeval request_time,
struct timeval timeout,
struct smb_request *req,
- struct deferred_open_record *state)
-{
- struct deferred_open_record *open_rec;
+ bool delayed_for_oplocks,
+ bool kernel_oplock,
+ struct file_id id)
+{
+ struct deferred_open_record *open_rec = NULL;
+ struct timeval abs_timeout;
+ struct defer_open_state *watch_state;
+ struct tevent_req *watch_req;
+ bool ok;
- DEBUG(10,("defer_open_sharing_error: time [%u.%06u] adding deferred "
- "open entry for mid %llu\n",
- (unsigned int)request_time.tv_sec,
- (unsigned int)request_time.tv_usec,
- (unsigned long long)req->mid));
+ abs_timeout = timeval_sum(&request_time, &timeout);
- open_rec = talloc(NULL, struct deferred_open_record);
+ DBG_DEBUG("request time [%s] timeout [%s] mid [%" PRIu64 "] "
+ "delayed_for_oplocks [%s] kernel_oplock [%s] file_id [%s]\n",
+ timeval_string(talloc_tos(), &request_time, false),
+ timeval_string(talloc_tos(), &abs_timeout, false),
+ req->mid,
+ delayed_for_oplocks ? "yes" : "no",
+ kernel_oplock ? "yes" : "no",
+ file_id_string_tos(&id));
+
+ open_rec = deferred_open_record_create(delayed_for_oplocks,
+ false,
+ id);
if (open_rec == NULL) {
TALLOC_FREE(lck);
exit_server("talloc failed");
}
- *open_rec = *state;
-
- if (lck) {
- struct defer_open_state *watch_state;
- struct tevent_req *watch_req;
- bool ret;
-
- watch_state = talloc(open_rec, struct defer_open_state);
- if (watch_state == NULL) {
- exit_server("talloc failed");
- }
- watch_state->xconn = req->xconn;
- watch_state->mid = req->mid;
-
- DEBUG(10, ("defering mid %llu\n",
- (unsigned long long)req->mid));
-
- watch_req = dbwrap_watched_watch_send(
- watch_state, req->sconn->ev_ctx, lck->data->record,
- (struct server_id){0});
- if (watch_req == NULL) {
- exit_server("Could not watch share mode record");
- }
- tevent_req_set_callback(watch_req, defer_open_done,
- watch_state);
+ watch_state = talloc(open_rec, struct defer_open_state);
+ if (watch_state == NULL) {
+ exit_server("talloc failed");
+ }
+ watch_state->xconn = req->xconn;
+ watch_state->mid = req->mid;
+ watch_state->file_id = lck->data->id;
+ watch_state->request_time = request_time;
+ watch_state->timeout = timeout;
+ watch_state->kernel_oplock = kernel_oplock;
+ watch_state->lease_type = get_lease_type_from_share_mode(lck->data);
+
+ DBG_DEBUG("defering mid %" PRIu64 "\n", req->mid);
+
+ watch_req = dbwrap_watched_watch_send(watch_state,
+ req->sconn->ev_ctx,
+ lck->data->record,
+ (struct server_id){0});
+ if (watch_req == NULL) {
+ exit_server("Could not watch share mode record");
+ }
+ tevent_req_set_callback(watch_req, defer_open_done, watch_state);
- ret = tevent_req_set_endtime(
- watch_req, req->sconn->ev_ctx,
- timeval_sum(&request_time, &timeout));
- SMB_ASSERT(ret);
+ ok = tevent_req_set_endtime(watch_req, req->sconn->ev_ctx, abs_timeout);
+ if (!ok) {
+ exit_server("tevent_req_set_endtime failed");
}
- if (!push_deferred_open_message_smb(req, request_time, timeout,
- state->id, open_rec)) {
+ ok = push_deferred_open_message_smb(req, request_time, timeout,
+ open_rec->id, open_rec);
+ if (!ok) {
TALLOC_FREE(lck);
exit_server("push_deferred_open_message_smb failed");
}
@@ -2269,8 +2354,12 @@
{
struct defer_open_state *state = tevent_req_callback_data(
req, struct defer_open_state);
+ struct tevent_req *watch_req = NULL;
+ struct share_mode_lock *lck = NULL;
+ bool schedule_req = true;
+ struct timeval timeout;
NTSTATUS status;
- bool ret;
+ bool ok;
status = dbwrap_watched_watch_recv(req, talloc_tos(), NULL, NULL,
NULL);
@@ -2282,15 +2371,108 @@
* Even if it failed, retry anyway. TODO: We need a way to
* tell a re-scheduled open about that error.
*/
+ if (NT_STATUS_EQUAL(status, NT_STATUS_IO_TIMEOUT) &&
+ state->kernel_oplock)
+ {
+ /*
+ * If we reschedule but the kernel oplock is still hold
+ * we would block in the second open as that will be a
+ * blocking open attempt.
+ */
+ exit_server("Kernel oplock holder didn't "
+ "respond to break message");
+ }
}
- DEBUG(10, ("scheduling mid %llu\n", (unsigned long long)state->mid));
+ if (state->kernel_oplock) {
+ lck = get_existing_share_mode_lock(talloc_tos(), state->file_id);
+ if (lck != NULL) {
+ uint32_t lease_type;
+
+ lease_type = get_lease_type_from_share_mode(lck->data);
- ret = schedule_deferred_open_message_smb(state->xconn, state->mid);
- SMB_ASSERT(ret);
- TALLOC_FREE(state);
+ if ((lease_type != 0) &&
+ (lease_type == state->lease_type))
+ {
+ DBG_DEBUG("Unchanged lease: %" PRIu32 "\n",
+ lease_type);
+ schedule_req = false;
+ }
+ }
+ }
+
+ if (schedule_req) {
+ DBG_DEBUG("scheduling mid %" PRIu64 "\n", state->mid);
+
+ ok = schedule_deferred_open_message_smb(state->xconn,
+ state->mid);
+ if (!ok) {
+ exit_server("schedule_deferred_open_message_smb failed");
+ }
+ TALLOC_FREE(lck);
+ TALLOC_FREE(state);
+ return;
+ }
+
+ DBG_DEBUG("Keep waiting for oplock release for [%s/%s%s] "
+ "mid: %" PRIu64 "\n",
+ lck->data->servicepath,
+ lck->data->base_name,
+ lck->data->stream_name ? lck->data->stream_name : "",
+ state->mid);
+
+ watch_req = dbwrap_watched_watch_send(state,
+ state->xconn->ev_ctx,
+ lck->data->record,
+ (struct server_id){0});
+ if (watch_req == NULL) {
+ exit_server("Could not watch share mode record");
+ }
+ tevent_req_set_callback(watch_req, defer_open_done, state);
+
+ timeout = timeval_sum(&state->request_time, &state->timeout);
+ ok = tevent_req_set_endtime(watch_req, state->xconn->ev_ctx, timeout);
+ if (!ok) {
+ exit_server("tevent_req_set_endtime failed");
+ }
+
+ TALLOC_FREE(lck);
}
+/**
+ * Reschedule an open for immediate execution
+ **/
+static void retry_open(struct timeval request_time,
+ struct smb_request *req,
+ struct file_id id)
+{
+ struct deferred_open_record *open_rec = NULL;
+ bool ok;
+
+ DBG_DEBUG("request time [%s] mid [%" PRIu64 "] file_id [%s]\n",
+ timeval_string(talloc_tos(), &request_time, false),
+ req->mid,
+ file_id_string_tos(&id));
+
+ open_rec = deferred_open_record_create(false, false, id);
+ if (open_rec == NULL) {
+ exit_server("talloc failed");
+ }
+
+ ok = push_deferred_open_message_smb(req,
+ request_time,
+ timeval_set(0, 0),
+ id,
+ open_rec);
+ if (!ok) {
+ exit_server("push_deferred_open_message_smb failed");
+ }
+
+ ok = schedule_deferred_open_message_smb(req->xconn, req->mid);
+ if (!ok) {
+ exit_server("schedule_deferred_open_message_smb failed");
+ }
+}
/****************************************************************************
On overwrite open ensure that the attributes match.
@@ -2405,10 +2587,9 @@
static void schedule_defer_open(struct share_mode_lock *lck,
struct file_id id,
struct timeval request_time,
- struct smb_request *req)
+ struct smb_request *req,
+ bool kernel_oplock)
{
- struct deferred_open_record state;
-
/* This is a relative time, added to the absolute
request_time value to get the absolute timeout time.
Note that if this is the second or greater time we enter
@@ -2427,38 +2608,54 @@
timeout = timeval_set(OPLOCK_BREAK_TIMEOUT*2, 0);
- /* Nothing actually uses state.delayed_for_oplocks
- but it's handy to differentiate in debug messages
- between a 30 second delay due to oplock break, and
- a 1 second delay for share mode conflicts. */
-
- state.delayed_for_oplocks = True;
- state.async_open = false;
- state.id = id;
-
- if (!request_timed_out(request_time, timeout)) {
- defer_open(lck, request_time, timeout, req, &state);
+ if (request_timed_out(request_time, timeout)) {
+ return;
}
+
+ defer_open(lck, request_time, timeout, req, true, kernel_oplock, id);
}
/****************************************************************************
Reschedule an open call that went asynchronous.
****************************************************************************/
+static void schedule_async_open_timer(struct tevent_context *ev,
+ struct tevent_timer *te,
+ struct timeval current_time,
+ void *private_data)
+{
+ exit_server("async open timeout");
+}
+
static void schedule_async_open(struct timeval request_time,
struct smb_request *req)
{
- struct deferred_open_record state;
- struct timeval timeout;
+ struct deferred_open_record *open_rec = NULL;
+ struct timeval timeout = timeval_set(20, 0);
+ bool ok;
- timeout = timeval_set(20, 0);
+ if (request_timed_out(request_time, timeout)) {
+ return;
+ }
- ZERO_STRUCT(state);
- state.delayed_for_oplocks = false;
- state.async_open = true;
+ open_rec = deferred_open_record_create(false, true, (struct file_id){0});
+ if (open_rec == NULL) {
+ exit_server("deferred_open_record_create failed");
+ }
- if (!request_timed_out(request_time, timeout)) {
- defer_open(NULL, request_time, timeout, req, &state);
+ ok = push_deferred_open_message_smb(req, request_time, timeout,
+ (struct file_id){0}, open_rec);
+ if (!ok) {
+ exit_server("push_deferred_open_message_smb failed");
+ }
+
+ open_rec->te = tevent_add_timer(req->sconn->ev_ctx,
+ req,
+ timeval_current_ofs(20, 0),
+ schedule_async_open_timer,
+ open_rec);
+ if (open_rec->te == NULL) {
+ exit_server("tevent_add_timer failed");
}
}
@@ -3060,10 +3257,16 @@
open_access_mask, &new_file_created);
if (NT_STATUS_EQUAL(fsp_open, NT_STATUS_NETWORK_BUSY)) {
- struct deferred_open_record state;
+ bool delay;
/*
- * EWOULDBLOCK/EAGAIN maps to NETWORK_BUSY.
+ * This handles the kernel oplock case:
+ *
+ * the file has an active kernel oplock and the open() returned
+ * EWOULDBLOCK/EAGAIN which maps to NETWORK_BUSY.
+ *
+ * "Samba locking.tdb oplocks" are handled below after acquiring
+ * the sharemode lock with get_share_mode_lock().
*/
if (file_existed && S_ISFIFO(fsp->fsp_name->st.st_ex_mode)) {
DEBUG(10, ("FIFO busy\n"));
@@ -3080,11 +3283,7 @@
lck = get_existing_share_mode_lock(talloc_tos(), fsp->file_id);
if (lck == NULL) {
- state.delayed_for_oplocks = false;
- state.async_open = false;
- state.id = fsp->file_id;
- defer_open(NULL, request_time, timeval_set(0, 0),
- req, &state);
+ retry_open(request_time, req, fsp->file_id);
DEBUG(10, ("No share mode lock found after "
"EWOULDBLOCK, retrying sync\n"));
return NT_STATUS_SHARING_VIOLATION;
@@ -3094,10 +3293,12 @@
smb_panic("validate_oplock_types failed");
}
- if (delay_for_oplock(fsp, 0, lease, lck, false,
- create_disposition, first_open_attempt)) {
+ delay = delay_for_oplock(fsp, 0, lease, lck, false,
+ create_disposition,
+ first_open_attempt);
+ if (delay) {
schedule_defer_open(lck, fsp->file_id, request_time,
- req);
+ req, true);
TALLOC_FREE(lck);
DEBUG(10, ("Sent oplock break request to kernel "
"oplock holder\n"));
@@ -3108,10 +3309,8 @@
* No oplock from Samba around. Immediately retry with
* a blocking open.
*/
- state.delayed_for_oplocks = false;
- state.async_open = false;
- state.id = fsp->file_id;
- defer_open(lck, request_time, timeval_set(0, 0), req, &state);
+ retry_open(request_time, req, fsp->file_id);
+
TALLOC_FREE(lck);
DEBUG(10, ("No Samba oplock around after EWOULDBLOCK. "
"Retrying sync\n"));
@@ -3216,15 +3415,27 @@
file_existed = true;
}
- if ((req != NULL) &&
- delay_for_oplock(
- fsp, oplock_request, lease, lck,
- NT_STATUS_EQUAL(status, NT_STATUS_SHARING_VIOLATION),
- create_disposition, first_open_attempt)) {
- schedule_defer_open(lck, fsp->file_id, request_time, req);
- TALLOC_FREE(lck);
- fd_close(fsp);
- return NT_STATUS_SHARING_VIOLATION;
+ if (req != NULL) {
+ /*
+ * Handle oplocks, deferring the request if delay_for_oplock()
+ * triggered a break message and we have to wait for the break
+ * response.
+ */
+ bool delay;
+ bool sharing_violation = NT_STATUS_EQUAL(
+ status, NT_STATUS_SHARING_VIOLATION);
+
+ delay = delay_for_oplock(fsp, oplock_request, lease, lck,
+ sharing_violation,
+ create_disposition,
+ first_open_attempt);
+ if (delay) {
+ schedule_defer_open(lck, fsp->file_id,
+ request_time, req, false);
+ TALLOC_FREE(lck);
+ fd_close(fsp);
+ return NT_STATUS_SHARING_VIOLATION;
+ }
}
if (!NT_STATUS_IS_OK(status)) {
@@ -3304,7 +3515,6 @@
!conn->sconn->using_smb2 &&
lp_defer_sharing_violations()) {
struct timeval timeout;
- struct deferred_open_record state;
int timeout_usecs;
/* this is a hack to speed up torture tests
@@ -3323,20 +3533,9 @@
timeout = timeval_set(0, timeout_usecs);
- /* Nothing actually uses state.delayed_for_oplocks
- but it's handy to differentiate in debug messages
- between a 30 second delay due to oplock break, and
- a 1 second delay for share mode conflicts. */
-
- state.delayed_for_oplocks = False;
- state.async_open = false;
- state.id = id;
-
- if ((req != NULL)
- && !request_timed_out(request_time,
- timeout)) {
- defer_open(lck, request_time, timeout,
- req, &state);
+ if (!request_timed_out(request_time, timeout)) {
+ defer_open(lck, request_time, timeout, req,
+ false, false, id);
}
}
diff -Nru samba-4.5.8+dfsg/source3/smbd/oplock.c samba-4.5.12+dfsg/source3/smbd/oplock.c
--- samba-4.5.8+dfsg/source3/smbd/oplock.c 2016-09-13 10:21:35.000000000 +0200
+++ samba-4.5.12+dfsg/source3/smbd/oplock.c 2017-07-12 08:39:24.000000000 +0200
@@ -25,6 +25,7 @@
#include "smbd/globals.h"
#include "messages.h"
#include "../librpc/gen_ndr/open_files.h"
+#include "../librpc/gen_ndr/ndr_open_files.h"
/*
* helper function used by the kernel oplock backends to post the break message
@@ -149,29 +150,8 @@
TALLOC_FREE(fsp->oplock_timeout);
}
-uint32_t map_oplock_to_lease_type(uint16_t op_type)
-{
- uint32_t ret;
-
- switch(op_type) {
- case BATCH_OPLOCK:
- case BATCH_OPLOCK|EXCLUSIVE_OPLOCK:
- ret = SMB2_LEASE_READ|SMB2_LEASE_WRITE|SMB2_LEASE_HANDLE;
- break;
- case EXCLUSIVE_OPLOCK:
- ret = SMB2_LEASE_READ|SMB2_LEASE_WRITE;
- break;
- case LEVEL_II_OPLOCK:
- ret = SMB2_LEASE_READ;
- break;
- default:
- ret = SMB2_LEASE_NONE;
- break;
- }
- return ret;
-}
-
-uint32_t get_lease_type(struct share_mode_data *d, struct share_mode_entry *e)
+uint32_t get_lease_type(const struct share_mode_data *d,
+ const struct share_mode_entry *e)
{
if (e->op_type == LEASE_OPLOCK) {
return d->leases[e->lease_idx].current_state;
@@ -186,13 +166,39 @@
uint32_t num_read_oplocks = 0;
uint32_t i;
- if (EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
+ if (fsp_lease_type_is_exclusive(fsp)) {
+ const struct share_mode_entry *e = NULL;
+ uint32_t e_lease_type = 0;
+
/*
- * If we're the only one, we don't need a brlock entry
+ * If we're fully exclusive, we don't need a brlock entry
*/
remove_stale_share_mode_entries(d);
- SMB_ASSERT(d->num_share_modes == 1);
- SMB_ASSERT(EXCLUSIVE_OPLOCK_TYPE(d->share_modes[0].op_type));
+
+ e = find_share_mode_entry(lck, fsp);
+ if (e != NULL) {
+ e_lease_type = get_lease_type(d, e);
+ }
+
+ if (!lease_type_is_exclusive(e_lease_type)) {
+ char *timestr = NULL;
+
+ timestr = timeval_string(talloc_tos(),
+ &fsp->open_time,
+ true);
+
+ NDR_PRINT_DEBUG(share_mode_data, d);
+ DBG_ERR("file [%s] file_id [%s] gen_id [%lu] "
+ "open_time[%s] lease_type [0x%x] "
+ "oplock_type [0x%x]\n",
+ fsp_str_dbg(fsp),
+ file_id_string_tos(&fsp->file_id),
+ fsp->fh->gen_id, timestr,
+ e_lease_type, fsp->oplock_type);
+
+ smb_panic("Found non-exclusive lease");
+ }
+
return true;
}
@@ -1064,7 +1070,7 @@
* the shared memory area whilst doing this.
*/
- if (EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
+ if (fsp_lease_type_is_exclusive(fsp)) {
/*
* There can't be any level2 oplocks, we're alone.
*/
diff -Nru samba-4.5.8+dfsg/source3/smbd/proto.h samba-4.5.12+dfsg/source3/smbd/proto.h
--- samba-4.5.8+dfsg/source3/smbd/proto.h 2017-03-31 08:25:18.000000000 +0200
+++ samba-4.5.12+dfsg/source3/smbd/proto.h 2017-05-22 19:48:32.000000000 +0200
@@ -409,7 +409,6 @@
NTSTATUS fsp_set_smb_fname(struct files_struct *fsp,
const struct smb_filename *smb_fname_in);
const struct GUID *fsp_client_guid(const files_struct *fsp);
-uint32_t fsp_lease_type(struct files_struct *fsp);
size_t fsp_fullbasepath(struct files_struct *fsp, char *buf, size_t buflen);
/* The following definitions come from smbd/ipc.c */
@@ -703,8 +702,8 @@
/* The following definitions come from smbd/oplock.c */
-uint32_t map_oplock_to_lease_type(uint16_t op_type);
-uint32_t get_lease_type(struct share_mode_data *d, struct share_mode_entry *e);
+uint32_t get_lease_type(const struct share_mode_data *d,
+ const struct share_mode_entry *e);
bool update_num_read_oplocks(files_struct *fsp, struct share_mode_lock *lck);
void break_kernel_oplock(struct messaging_context *msg_ctx, files_struct *fsp);
@@ -1133,6 +1132,7 @@
uint32_t access_mask);
uint64_t smb_roundup(connection_struct *conn, uint64_t val);
uint64_t get_FileIndex(connection_struct *conn, const SMB_STRUCT_STAT *psbuf);
+void aapl_force_zero_file_id(struct smbd_server_connection *sconn);
bool samba_private_attr_name(const char *unix_ea_name);
NTSTATUS get_ea_value(TALLOC_CTX *mem_ctx, connection_struct *conn,
files_struct *fsp, const char *fname,
diff -Nru samba-4.5.8+dfsg/source3/smbd/sec_ctx.c samba-4.5.12+dfsg/source3/smbd/sec_ctx.c
--- samba-4.5.8+dfsg/source3/smbd/sec_ctx.c 2016-08-11 09:51:04.000000000 +0200
+++ samba-4.5.12+dfsg/source3/smbd/sec_ctx.c 2017-06-19 15:18:24.000000000 +0200
@@ -139,7 +139,6 @@
static int get_current_groups(gid_t gid, uint32_t *p_ngroups, gid_t **p_groups)
{
int i;
- gid_t grp;
int ngroups;
gid_t *groups = NULL;
@@ -153,7 +152,7 @@
set_effective_gid(gid);
samba_setgid(gid);
- ngroups = sys_getgroups(0,&grp);
+ ngroups = sys_getgroups(0, NULL);
if (ngroups <= 0) {
goto fail;
}
diff -Nru samba-4.5.8+dfsg/source3/smbd/smb2_create.c samba-4.5.12+dfsg/source3/smbd/smb2_create.c
--- samba-4.5.8+dfsg/source3/smbd/smb2_create.c 2016-12-05 09:18:44.000000000 +0100
+++ samba-4.5.12+dfsg/source3/smbd/smb2_create.c 2017-07-12 08:39:24.000000000 +0200
@@ -483,35 +483,38 @@
requested_oplock_level = in_oplock_level;
}
+ req = tevent_req_create(mem_ctx, &state,
+ struct smbd_smb2_create_state);
+ if (req == NULL) {
+ return NULL;
+ }
+ state->smb2req = smb2req;
+
+ smb1req = smbd_smb2_fake_smb_request(smb2req);
+ if (tevent_req_nomem(smb1req, req)) {
+ return tevent_req_post(req, ev);
+ }
+ state->smb1req = smb1req;
if (smb2req->subreq == NULL) {
- /* New create call. */
- req = tevent_req_create(mem_ctx, &state,
- struct smbd_smb2_create_state);
- if (req == NULL) {
- return NULL;
- }
- state->smb2req = smb2req;
-
- smb1req = smbd_smb2_fake_smb_request(smb2req);
- if (tevent_req_nomem(smb1req, req)) {
- return tevent_req_post(req, ev);
- }
- state->smb1req = smb1req;
- smb2req->subreq = req;
DEBUG(10,("smbd_smb2_create: name[%s]\n",
in_name));
} else {
- /* Re-entrant create call. */
- req = smb2req->subreq;
- state = tevent_req_data(req,
- struct smbd_smb2_create_state);
- smb1req = state->smb1req;
- TALLOC_FREE(state->out_context_blobs);
+ struct smbd_smb2_create_state *old_state = tevent_req_data(
+ smb2req->subreq, struct smbd_smb2_create_state);
+
DEBUG(10,("smbd_smb2_create_send: reentrant for file %s\n",
in_name ));
+
+ state->id = old_state->id;
+ state->request_time = old_state->request_time;
+ state->open_rec = talloc_move(state, &old_state->open_rec);
+ state->open_was_deferred = old_state->open_was_deferred;
}
+ TALLOC_FREE(smb2req->subreq);
+ smb2req->subreq = req;
+
state->out_context_blobs = talloc_zero(state, struct smb2_create_blobs);
if (tevent_req_nomem(state->out_context_blobs, req)) {
return tevent_req_post(req, ev);
diff -Nru samba-4.5.8+dfsg/source3/smbd/smb2_ioctl_network_fs.c samba-4.5.12+dfsg/source3/smbd/smb2_ioctl_network_fs.c
--- samba-4.5.8+dfsg/source3/smbd/smb2_ioctl_network_fs.c 2016-09-13 10:21:35.000000000 +0200
+++ samba-4.5.12+dfsg/source3/smbd/smb2_ioctl_network_fs.c 2017-07-12 08:39:24.000000000 +0200
@@ -510,6 +510,23 @@
NTSTATUS status;
enum protocol_types protocol = PROTOCOL_NONE;
+ if (lp_server_max_protocol() <= PROTOCOL_SMB2_02) {
+ /*
+ * With SMB 2.02 we didn't get the
+ * capabitities, client guid, security mode
+ * and dialects the client would have offered.
+ *
+ * So we behave compatible with a true
+ * SMB 2.02 server and return NT_STATUS_FILE_CLOSED.
+ *
+ * As SMB >= 2.10 offers the two phase SMB2 Negotiate
+ * we keep supporting FSCTL_VALIDATE_NEGOTIATE_INFO
+ * starting with SMB 2.10, while Windows only supports
+ * it starting with SMB > 2.10.
+ */
+ return NT_STATUS_FILE_CLOSED;
+ }
+
if (in_input->length < 0x18) {
return NT_STATUS_INVALID_PARAMETER;
}
diff -Nru samba-4.5.8+dfsg/source3/smbd/smb2_sesssetup.c samba-4.5.12+dfsg/source3/smbd/smb2_sesssetup.c
--- samba-4.5.8+dfsg/source3/smbd/smb2_sesssetup.c 2016-08-11 09:51:04.000000000 +0200
+++ samba-4.5.12+dfsg/source3/smbd/smb2_sesssetup.c 2017-07-12 08:39:24.000000000 +0200
@@ -483,6 +483,7 @@
global_client_caps |= (CAP_LEVEL_II_OPLOCKS|CAP_STATUS32);
*out_session_id = session->global->session_wire_id;
+ smb2req->last_session_id = session->global->session_wire_id;
return NT_STATUS_OK;
}
diff -Nru samba-4.5.8+dfsg/source3/smbd/smb2_tcon.c samba-4.5.12+dfsg/source3/smbd/smb2_tcon.c
--- samba-4.5.8+dfsg/source3/smbd/smb2_tcon.c 2017-03-09 10:21:43.000000000 +0100
+++ samba-4.5.12+dfsg/source3/smbd/smb2_tcon.c 2017-07-12 08:39:24.000000000 +0200
@@ -381,6 +381,8 @@
*out_maximal_access = tcon->compat->share_access;
*out_tree_id = tcon->global->tcon_wire_id;
+ req->last_tid = tcon->global->tcon_wire_id;
+
return NT_STATUS_OK;
}
diff -Nru samba-4.5.8+dfsg/source3/smbd/trans2.c samba-4.5.12+dfsg/source3/smbd/trans2.c
--- samba-4.5.8+dfsg/source3/smbd/trans2.c 2016-10-24 21:37:30.000000000 +0200
+++ samba-4.5.12+dfsg/source3/smbd/trans2.c 2017-05-22 19:48:32.000000000 +0200
@@ -138,6 +138,9 @@
uint64_t get_FileIndex(connection_struct *conn, const SMB_STRUCT_STAT *psbuf)
{
uint64_t file_index;
+ if (conn->sconn->aapl_zero_file_id) {
+ return 0;
+ }
if (conn->base_share_dev == psbuf->st_ex_dev) {
return (uint64_t)psbuf->st_ex_ino;
}
@@ -146,6 +149,17 @@
return file_index;
}
+
+/********************************************************************
+ Globally (for this connection / multi-channel) disable file-ID
+ calculation. This is required to be global because it serves
+ Macs in AAPL mode, which is globally set.
+********************************************************************/
+void aapl_force_zero_file_id(struct smbd_server_connection *sconn)
+{
+ sconn->aapl_zero_file_id = true;
+}
+
/****************************************************************************
Utility functions for dealing with extended attributes.
****************************************************************************/
diff -Nru samba-4.5.8+dfsg/source3/torture/test_smb2.c samba-4.5.12+dfsg/source3/torture/test_smb2.c
--- samba-4.5.8+dfsg/source3/torture/test_smb2.c 2017-01-17 20:55:44.000000000 +0100
+++ samba-4.5.12+dfsg/source3/torture/test_smb2.c 2017-07-12 08:39:24.000000000 +0200
@@ -172,7 +172,10 @@
}
saved_tid = smb2cli_tcon_current_id(cli->smb2.tcon);
- saved_tcon = cli->smb2.tcon;
+ saved_tcon = cli_state_save_tcon(cli);
+ if (saved_tcon == NULL) {
+ return false;
+ }
cli->smb2.tcon = smbXcli_tcon_create(cli);
smb2cli_tcon_set_values(cli->smb2.tcon,
NULL, /* session */
@@ -189,8 +192,7 @@
printf("smb2cli_tdis returned %s\n", nt_errstr(status));
return false;
}
- talloc_free(cli->smb2.tcon);
- cli->smb2.tcon = saved_tcon;
+ cli_state_restore_tcon(cli, saved_tcon);
status = smb2cli_tdis(cli->conn,
cli->timeout,
diff -Nru samba-4.5.8+dfsg/source3/torture/torture.c samba-4.5.12+dfsg/source3/torture/torture.c
--- samba-4.5.8+dfsg/source3/torture/torture.c 2017-03-09 10:21:43.000000000 +0100
+++ samba-4.5.12+dfsg/source3/torture/torture.c 2017-07-12 08:39:24.000000000 +0200
@@ -1309,7 +1309,8 @@
static struct cli_state *cli;
const char *fname = "\\tcontest.tmp";
uint16_t fnum1;
- uint16_t cnum1, cnum2, cnum3;
+ uint32_t cnum1, cnum2, cnum3;
+ struct smbXcli_tcon *orig_tcon = NULL;
uint16_t vuid1, vuid2;
char buf[4];
bool ret = True;
@@ -1341,6 +1342,11 @@
return False;
}
+ orig_tcon = cli_state_save_tcon(cli);
+ if (orig_tcon == NULL) {
+ return false;
+ }
+
status = cli_tree_connect(cli, share, "?????",
password, strlen(password)+1);
if (!NT_STATUS_IS_OK(status)) {
@@ -1409,6 +1415,8 @@
return False;
}
+ cli_state_restore_tcon(cli, orig_tcon);
+
cli_state_set_tid(cli, cnum1);
if (!torture_close_connection(cli)) {
@@ -2769,8 +2777,8 @@
struct cli_state *cli;
uint16_t new_vuid;
uint16_t saved_vuid;
- uint16_t new_cnum;
- uint16_t saved_cnum;
+ uint32_t new_cnum;
+ uint32_t saved_cnum;
const char *fname = "\\fdsess.tst";
const char *fname1 = "\\fdsess1.tst";
uint16_t fnum1;
@@ -8873,8 +8881,9 @@
{
static struct cli_state *cli;
int16_t old_vuid;
- int16_t old_cnum;
+ int32_t old_cnum;
bool correct = True;
+ struct smbXcli_tcon *orig_tcon = NULL;
NTSTATUS status;
printf("starting uid regression test\n");
@@ -8915,6 +8924,11 @@
}
old_cnum = cli_state_get_tid(cli);
+ orig_tcon = cli_state_save_tcon(cli);
+ if (orig_tcon == NULL) {
+ correct = false;
+ goto out;
+ }
/* Now try a SMBtdis with the invald vuid set to zero. */
cli_state_set_uid(cli, 0);
@@ -8927,9 +8941,11 @@
} else {
d_printf("First tdis failed (%s)\n", nt_errstr(status));
correct = false;
+ cli_state_restore_tcon(cli, orig_tcon);
goto out;
}
+ cli_state_restore_tcon(cli, orig_tcon);
cli_state_set_uid(cli, old_vuid);
cli_state_set_tid(cli, old_cnum);
diff -Nru samba-4.5.8+dfsg/source3/utils/net_rpc.c samba-4.5.12+dfsg/source3/utils/net_rpc.c
--- samba-4.5.8+dfsg/source3/utils/net_rpc.c 2016-08-11 09:51:04.000000000 +0200
+++ samba-4.5.12+dfsg/source3/utils/net_rpc.c 2017-07-12 08:39:24.000000000 +0200
@@ -5101,7 +5101,7 @@
union srvsvc_NetShareInfo info;
WERROR result;
NTSTATUS status;
- uint16_t cnum;
+ struct smbXcli_tcon *orig_tcon = NULL;
struct dcerpc_binding_handle *b = pipe_hnd->binding_handle;
status = dcerpc_srvsvc_NetShareGetInfo(b, mem_ctx,
@@ -5123,9 +5123,15 @@
netname));
}
- cnum = cli_state_get_tid(cli);
+ if (cli_state_has_tcon(cli)) {
+ orig_tcon = cli_state_save_tcon(cli);
+ if (orig_tcon == NULL) {
+ return;
+ }
+ }
if (!NT_STATUS_IS_OK(cli_tree_connect(cli, netname, "A:", "", 0))) {
+ cli_state_restore_tcon(cli, orig_tcon);
return;
}
@@ -5168,7 +5174,7 @@
if (fnum != (uint16_t)-1)
cli_close(cli, fnum);
cli_tdis(cli);
- cli_state_set_tid(cli, cnum);
+ cli_state_restore_tcon(cli, orig_tcon);
return;
}
diff -Nru samba-4.5.8+dfsg/source3/utils/smbcacls.c samba-4.5.12+dfsg/source3/utils/smbcacls.c
--- samba-4.5.8+dfsg/source3/utils/smbcacls.c 2016-08-11 09:51:04.000000000 +0200
+++ samba-4.5.12+dfsg/source3/utils/smbcacls.c 2017-07-12 08:39:24.000000000 +0200
@@ -51,12 +51,20 @@
struct dom_sid *sid)
{
union lsa_PolicyInformation *info = NULL;
- uint16_t orig_cnum = cli_state_get_tid(cli);
+ struct smbXcli_tcon *orig_tcon = NULL;
struct rpc_pipe_client *rpc_pipe = NULL;
struct policy_handle handle;
NTSTATUS status, result;
TALLOC_CTX *frame = talloc_stackframe();
+ if (cli_state_has_tcon(cli)) {
+ orig_tcon = cli_state_save_tcon(cli);
+ if (orig_tcon == NULL) {
+ status = NT_STATUS_NO_MEMORY;
+ goto done;
+ }
+ }
+
status = cli_tree_connect(cli, "IPC$", "?????", "", 0);
if (!NT_STATUS_IS_OK(status)) {
goto done;
@@ -88,7 +96,7 @@
TALLOC_FREE(rpc_pipe);
cli_tdis(cli);
done:
- cli_state_set_tid(cli, orig_cnum);
+ cli_state_restore_tcon(cli, orig_tcon);
TALLOC_FREE(frame);
return status;
}
diff -Nru samba-4.5.8+dfsg/source3/winbindd/idmap_rfc2307.c samba-4.5.12+dfsg/source3/winbindd/idmap_rfc2307.c
--- samba-4.5.8+dfsg/source3/winbindd/idmap_rfc2307.c 2016-08-11 09:51:04.000000000 +0200
+++ samba-4.5.12+dfsg/source3/winbindd/idmap_rfc2307.c 2017-06-19 15:18:24.000000000 +0200
@@ -236,7 +236,7 @@
if (i == 0) {
entry = ldap_first_entry(ctx->ldap, result);
} else {
- entry = ldap_next_entry(ctx->ldap, result);
+ entry = ldap_next_entry(ctx->ldap, entry);
}
if (!entry) {
DEBUG(2, ("Unable to fetch entry.\n"));
@@ -521,10 +521,7 @@
DEBUG(10, ("Looking for name %s, type %d\n", name, type));
- for (i = 0; i < IDMAP_LDAP_MAX_IDS; i++) {
- if (maps[i].map == NULL) { /* end of the run */
- return NULL;
- }
+ for (i = 0; maps[i].map != NULL; i++) {
DEBUG(10, ("Entry %d: name %s, type %d\n",
i, maps[i].name, maps[i].type));
if (type == maps[i].type && strcmp(name, maps[i].name) == 0) {
@@ -556,7 +553,7 @@
if (i == 0) {
entry = ldap_first_entry(ctx->ldap, result);
} else {
- entry = ldap_next_entry(ctx->ldap, result);
+ entry = ldap_next_entry(ctx->ldap, entry);
}
if (!entry) {
DEBUG(2, ("Unable to fetch entry.\n"));
diff -Nru samba-4.5.8+dfsg/source3/winbindd/idmap_util.c samba-4.5.12+dfsg/source3/winbindd/idmap_util.c
--- samba-4.5.8+dfsg/source3/winbindd/idmap_util.c 2016-09-13 10:21:35.000000000 +0200
+++ samba-4.5.12+dfsg/source3/winbindd/idmap_util.c 2017-06-19 15:18:24.000000000 +0200
@@ -52,10 +52,7 @@
{
int i;
- for (i = 0; i < IDMAP_LDAP_MAX_IDS; i++) {
- if (maps[i] == NULL) { /* end of the run */
- return NULL;
- }
+ for (i = 0; maps[i] != NULL; i++) {
if ((maps[i]->xid.type == type) && (maps[i]->xid.id == id)) {
return maps[i];
}
diff -Nru samba-4.5.8+dfsg/source3/winbindd/wb_lookupsids.c samba-4.5.12+dfsg/source3/winbindd/wb_lookupsids.c
--- samba-4.5.8+dfsg/source3/winbindd/wb_lookupsids.c 2016-08-11 09:51:04.000000000 +0200
+++ samba-4.5.12+dfsg/source3/winbindd/wb_lookupsids.c 2017-06-19 15:18:24.000000000 +0200
@@ -72,8 +72,6 @@
* wbint_LookupSid. Preallocated with num_sids.
*/
uint32_t *single_sids;
- /* Pointer into the "domains" array above*/
- struct wb_lookupsids_domain **single_domains;
uint32_t num_single_sids;
uint32_t single_sids_done;
@@ -129,12 +127,6 @@
if (tevent_req_nomem(state->single_sids, req)) {
return tevent_req_post(req, ev);
}
- state->single_domains = talloc_zero_array(state,
- struct wb_lookupsids_domain *,
- num_sids);
- if (tevent_req_nomem(state->single_domains, req)) {
- return tevent_req_post(req, ev);
- }
state->res_domains = talloc_zero(state, struct lsa_RefDomainList);
if (tevent_req_nomem(state->res_domains, req)) {
@@ -292,7 +284,10 @@
sid_check_is_in_unix_users(sid) ||
sid_check_is_unix_users(sid) ||
sid_check_is_in_builtin(sid) ||
- sid_check_is_builtin(sid)) {
+ sid_check_is_builtin(sid) ||
+ sid_check_is_wellknown_domain(sid, NULL) ||
+ sid_check_is_in_wellknown_domain(sid))
+ {
/*
* These are locally done piece by piece anyway, no
* need for bulk optimizations.
@@ -463,7 +458,6 @@
state->single_sids[state->num_single_sids] =
res_sid_index;
- state->single_domains[state->num_single_sids] = d;
state->num_single_sids += 1;
}
state->domains_done += 1;
@@ -523,12 +517,13 @@
&domain_name, &name);
TALLOC_FREE(subreq);
if (!NT_STATUS_IS_OK(status)) {
- struct wb_lookupsids_domain *wb_domain;
+ struct winbindd_domain *wb_domain = NULL;
const char *tmpname;
type = SID_NAME_UNKNOWN;
- wb_domain = state->single_domains[state->single_sids_done];
+ res_sid_index = state->single_sids[state->single_sids_done];
+ wb_domain = find_domain_from_sid_noinit(&state->sids[res_sid_index]);
if (wb_domain != NULL) {
/*
* If the lookupsid failed because the rid not
@@ -540,7 +535,7 @@
* name in the idmap backend to figure out
* which domain to use in processing.
*/
- tmpname = wb_domain->domain->name;
+ tmpname = wb_domain->name;
} else {
tmpname = "";
}
diff -Nru samba-4.5.8+dfsg/source3/winbindd/winbindd_cm.c samba-4.5.12+dfsg/source3/winbindd/winbindd_cm.c
--- samba-4.5.8+dfsg/source3/winbindd/winbindd_cm.c 2017-03-09 10:21:43.000000000 +0100
+++ samba-4.5.12+dfsg/source3/winbindd/winbindd_cm.c 2017-07-12 08:39:24.000000000 +0200
@@ -2979,10 +2979,12 @@
conn = &domain->conn;
- if (conn->lsa_pipe_tcp &&
+ /*
+ * rpccli_is_connected handles more error cases
+ */
+ if (rpccli_is_connected(conn->lsa_pipe_tcp) &&
conn->lsa_pipe_tcp->transport->transport == NCACN_IP_TCP &&
- conn->lsa_pipe_tcp->auth->auth_level >= DCERPC_AUTH_LEVEL_INTEGRITY &&
- rpccli_is_connected(conn->lsa_pipe_tcp)) {
+ conn->lsa_pipe_tcp->auth->auth_level >= DCERPC_AUTH_LEVEL_INTEGRITY) {
goto done;
}
diff -Nru samba-4.5.8+dfsg/source3/winbindd/winbindd_pam.c samba-4.5.12+dfsg/source3/winbindd/winbindd_pam.c
--- samba-4.5.8+dfsg/source3/winbindd/winbindd_pam.c 2016-10-24 21:37:30.000000000 +0200
+++ samba-4.5.12+dfsg/source3/winbindd/winbindd_pam.c 2017-06-19 15:18:24.000000000 +0200
@@ -1907,7 +1907,7 @@
-- jerry */
result = NT_STATUS_NOT_SUPPORTED;
- if (our_domain == domain ) {
+ if (strequal(name_domain, our_domain->name)) {
result = fillup_password_policy(
our_domain, state->response);
}
@@ -1915,8 +1915,9 @@
if (!NT_STATUS_IS_OK(result)
&& !NT_STATUS_EQUAL(result, NT_STATUS_NOT_SUPPORTED) )
{
- DEBUG(10,("Failed to get password policies for domain %s: %s\n",
- domain->name, nt_errstr(result)));
+ DBG_DEBUG("Failed to get password policies for "
+ "domain %s: %s\n", our_domain->name,
+ nt_errstr(result));
goto done;
}
}
diff -Nru samba-4.5.8+dfsg/source3/winbindd/winbindd_rpc.c samba-4.5.12+dfsg/source3/winbindd/winbindd_rpc.c
--- samba-4.5.8+dfsg/source3/winbindd/winbindd_rpc.c 2016-12-05 09:18:44.000000000 +0100
+++ samba-4.5.12+dfsg/source3/winbindd/winbindd_rpc.c 2017-06-19 15:18:24.000000000 +0200
@@ -32,6 +32,7 @@
#include "rpc_client/cli_samr.h"
#include "rpc_client/cli_lsarpc.h"
#include "../libcli/security/security.h"
+#include "lsa.h"
/* Query display info for a domain */
NTSTATUS rpc_query_user_list(TALLOC_CTX *mem_ctx,
@@ -1107,7 +1108,7 @@
if (!NT_STATUS_IS_OK(status)) {
return status;
}
- if (NT_STATUS_IS_ERR(result)) {
+ if (NT_STATUS_LOOKUP_ERR(result)) {
return result;
}
if (sids->num_sids != lsa_names2.count) {
@@ -1136,7 +1137,7 @@
return NT_STATUS_INVALID_NETWORK_RESPONSE;
}
}
- return result;
+ return NT_STATUS_OK;
}
NTSTATUS rpc_lookup_sids(TALLOC_CTX *mem_ctx,
@@ -1169,7 +1170,7 @@
if (!NT_STATUS_IS_OK(status)) {
return status;
}
- if (NT_STATUS_IS_ERR(result)) {
+ if (NT_STATUS_LOOKUP_ERR(result)) {
return result;
}
@@ -1189,5 +1190,5 @@
}
}
- return result;
+ return NT_STATUS_OK;
}
diff -Nru samba-4.5.8+dfsg/source3/winbindd/winbindd_util.c samba-4.5.12+dfsg/source3/winbindd/winbindd_util.c
--- samba-4.5.8+dfsg/source3/winbindd/winbindd_util.c 2017-03-09 10:21:43.000000000 +0100
+++ samba-4.5.12+dfsg/source3/winbindd/winbindd_util.c 2017-06-19 15:18:24.000000000 +0200
@@ -802,6 +802,7 @@
bool init_domain_list(void)
{
int role = lp_server_role();
+ struct pdb_domain_info *pdb_domain_info = NULL;
NTSTATUS status;
/* Free existing list */
@@ -814,15 +815,24 @@
/* Local SAM */
+ /*
+ * In case the passdb backend is passdb_dsdb the domain SID comes from
+ * dsdb, not from secrets.tdb. As we use the domain SID in various
+ * places, we must ensure the domain SID is migrated from dsdb to
+ * secrets.tdb before get_global_sam_sid() is called the first time.
+ *
+ * The migration is done as part of the passdb_dsdb initialisation,
+ * calling pdb_get_domain_info() triggers it.
+ */
+ pdb_domain_info = pdb_get_domain_info(talloc_tos());
+
if ( role == ROLE_ACTIVE_DIRECTORY_DC ) {
struct winbindd_domain *domain;
enum netr_SchannelType sec_chan_type;
const char *account_name;
struct samr_Password current_nt_hash;
- struct pdb_domain_info *pdb_domain_info;
bool ok;
- pdb_domain_info = pdb_get_domain_info(talloc_tos());
if (pdb_domain_info == NULL) {
DEBUG(0, ("Failed to fetch our own, local AD "
"domain info from sam.ldb\n"));
@@ -1041,12 +1051,19 @@
struct winbindd_domain *find_lookup_domain_from_sid(const struct dom_sid *sid)
{
- /* SIDs in the S-1-22-{1,2} domain should be handled by our passdb */
+ DBG_DEBUG("SID [%s]\n", sid_string_dbg(sid));
+
+ /*
+ * SIDs in the S-1-22-{1,2} domain and well-known SIDs should be handled
+ * by our passdb.
+ */
if ( sid_check_is_in_unix_groups(sid) ||
sid_check_is_unix_groups(sid) ||
sid_check_is_in_unix_users(sid) ||
- sid_check_is_unix_users(sid) )
+ sid_check_is_unix_users(sid) ||
+ sid_check_is_wellknown_domain(sid, NULL) ||
+ sid_check_is_in_wellknown_domain(sid) )
{
return find_domain_from_sid(get_global_sam_sid());
}
@@ -1055,8 +1072,6 @@
* one to contact the external DC's. On member servers the internal
* domains are different: These are part of the local SAM. */
- DEBUG(10, ("find_lookup_domain_from_sid(%s)\n", sid_string_dbg(sid)));
-
if (IS_DC || is_internal_domain(sid) || is_in_internal_domain(sid)) {
DEBUG(10, ("calling find_domain_from_sid\n"));
return find_domain_from_sid(sid);
diff -Nru samba-4.5.8+dfsg/source3/wscript samba-4.5.12+dfsg/source3/wscript
--- samba-4.5.8+dfsg/source3/wscript 2016-08-11 09:51:04.000000000 +0200
+++ samba-4.5.12+dfsg/source3/wscript 2017-05-22 19:48:32.000000000 +0200
@@ -160,11 +160,11 @@
#include <sys/types.h>
#include <fcntl.h>
#include <signal.h>
-#ifndef F_NOTIFY
-#define F_NOTIFY 1026
+#ifndef F_GETLEASE
+#define F_GETLEASE 1025
#endif
main() {
- exit(fcntl(open("/tmp", O_RDONLY), F_NOTIFY, 0) == -1 ? 1 : 0);
+ exit(fcntl(open("/tmp", O_RDONLY), F_GETLEASE, 0) == -1 ? 1 : 0);
}''', 'HAVE_KERNEL_OPLOCKS_LINUX', addmain=False, execute=True,
msg="Checking for Linux kernel oplocks")
diff -Nru samba-4.5.8+dfsg/source3/wscript_build samba-4.5.12+dfsg/source3/wscript_build
--- samba-4.5.8+dfsg/source3/wscript_build 2017-03-09 10:21:43.000000000 +0100
+++ samba-4.5.12+dfsg/source3/wscript_build 2017-05-22 19:48:32.000000000 +0200
@@ -629,6 +629,7 @@
RPC_SERVICE
NDR_SMBXSRV
LEASES_DB
+ LEASES_UTIL
LIBASYS
sysquotas
NDR_SMB_ACL
@@ -650,6 +651,7 @@
tdb
talloc
LEASES_DB
+ LEASES_UTIL
NDR_OPEN_FILES
FNAME_UTIL''')
@@ -657,6 +659,10 @@
source='locking/leases_db.c',
deps='NDR_LEASES_DB')
+bld.SAMBA3_SUBSYSTEM('LEASES_UTIL',
+ source='locking/leases_util.c',
+ deps='NDR_OPEN_FILES')
+
if bld.CONFIG_GET("WITH_PROFILE"):
bld.SAMBA3_SUBSYSTEM('PROFILE',
source='profile/profile.c',
diff -Nru samba-4.5.8+dfsg/source4/heimdal/lib/krb5/ticket.c samba-4.5.12+dfsg/source4/heimdal/lib/krb5/ticket.c
--- samba-4.5.8+dfsg/source4/heimdal/lib/krb5/ticket.c 2016-08-11 09:51:05.000000000 +0200
+++ samba-4.5.12+dfsg/source4/heimdal/lib/krb5/ticket.c 2017-07-12 10:52:14.000000000 +0200
@@ -641,8 +641,8 @@
/* check server referral and save principal */
ret = _krb5_principalname2krb5_principal (context,
&tmp_principal,
- rep->kdc_rep.ticket.sname,
- rep->kdc_rep.ticket.realm);
+ rep->enc_part.sname,
+ rep->enc_part.srealm);
if (ret)
goto out;
if((flags & EXTRACT_TICKET_ALLOW_SERVER_MISMATCH) == 0){
diff -Nru samba-4.5.8+dfsg/source4/selftest/tests.py samba-4.5.12+dfsg/source4/selftest/tests.py
--- samba-4.5.8+dfsg/source4/selftest/tests.py 2017-03-09 10:21:43.000000000 +0100
+++ samba-4.5.12+dfsg/source4/selftest/tests.py 2017-05-22 19:48:32.000000000 +0200
@@ -301,7 +301,7 @@
ntvfsargs = ["--option=torture:sharedelay=100000", "--option=torture:oplocktimeout=3", "--option=torture:writetimeupdatedelay=500000"]
# Filter smb2 tests that should not run against ad_dc_ntvfs
-smb2_s3only = ["smb2.change_notify_disabled", "smb2.dosmode"]
+smb2_s3only = ["smb2.change_notify_disabled", "smb2.dosmode", "smb2.kernel-oplocks"]
smb2 = [x for x in smbtorture4_testsuites("smb2.") if x not in smb2_s3only]
#The QFILEINFO-IPC test needs to be on ipc$
diff -Nru samba-4.5.8+dfsg/source4/torture/smb2/lease.c samba-4.5.12+dfsg/source4/torture/smb2/lease.c
--- samba-4.5.8+dfsg/source4/torture/smb2/lease.c 2016-08-11 09:51:05.000000000 +0200
+++ samba-4.5.12+dfsg/source4/torture/smb2/lease.c 2017-07-12 08:39:24.000000000 +0200
@@ -989,6 +989,87 @@
return ret;
}
+static bool test_lease_statopen2(struct torture_context *tctx,
+ struct smb2_tree *tree)
+{
+ TALLOC_CTX *mem_ctx = talloc_new(tctx);
+ struct smb2_create io;
+ struct smb2_lease ls;
+ struct smb2_handle h1 = {{0}};
+ struct smb2_handle h2 = {{0}};
+ struct smb2_handle h3 = {{0}};
+ NTSTATUS status;
+ const char *fname = "lease_statopen2.dat";
+ bool ret = true;
+ uint32_t caps;
+
+ caps = smb2cli_conn_server_capabilities(
+ tree->session->transport->conn);
+ if (!(caps & SMB2_CAP_LEASING)) {
+ torture_skip(tctx, "leases are not supported");
+ }
+
+ smb2_util_unlink(tree, fname);
+ ZERO_STRUCT(break_info);
+ tree->session->transport->lease.handler = torture_lease_handler;
+ tree->session->transport->lease.private_data = tree;
+
+ status = torture_smb2_testfile(tree, fname, &h1);
+ torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+ "smb2_create failed\n");
+ smb2_util_close(tree, h1);
+ ZERO_STRUCT(h1);
+
+ /* Open file with RWH lease. */
+ smb2_lease_create_share(&io, &ls, false, fname,
+ smb2_util_share_access("RWD"),
+ LEASE1,
+ smb2_util_lease_state("RWH"));
+ io.in.desired_access = SEC_FILE_WRITE_DATA;
+ status = smb2_create(tree, mem_ctx, &io);
+ torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+ "smb2_create failed\n");
+ h1 = io.out.file.handle;
+ CHECK_LEASE(&io, "RWH", true, LEASE1, 0);
+
+ /* Stat open */
+ ZERO_STRUCT(io);
+ io.in.desired_access = FILE_READ_ATTRIBUTES;
+ io.in.share_access = NTCREATEX_SHARE_ACCESS_MASK;
+ io.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+ io.in.create_disposition = NTCREATEX_DISP_OPEN;
+ io.in.fname = fname;
+ status = smb2_create(tree, mem_ctx, &io);
+ torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+ "smb2_create failed\n");
+ h2 = io.out.file.handle;
+
+ /* Open file with RWH lease. */
+ smb2_lease_create_share(&io, &ls, false, fname,
+ smb2_util_share_access("RWD"),
+ LEASE1,
+ smb2_util_lease_state("RWH"));
+ io.in.desired_access = SEC_FILE_WRITE_DATA;
+ status = smb2_create(tree, mem_ctx, &io);
+ torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+ "smb2_create failed\n");
+ h3 = io.out.file.handle;
+ CHECK_LEASE(&io, "RWH", true, LEASE1, 0);
+
+done:
+ if (!smb2_util_handle_empty(h3)) {
+ smb2_util_close(tree, h3);
+ }
+ if (!smb2_util_handle_empty(h2)) {
+ smb2_util_close(tree, h2);
+ }
+ if (!smb2_util_handle_empty(h1)) {
+ smb2_util_close(tree, h1);
+ }
+ smb2_util_unlink(tree, fname);
+ talloc_free(mem_ctx);
+ return ret;
+}
static void torture_oplock_break_callback(struct smb2_request *req)
{
@@ -3901,6 +3982,7 @@
torture_suite_add_1smb2_test(suite, "nobreakself",
test_lease_nobreakself);
torture_suite_add_1smb2_test(suite, "statopen", test_lease_statopen);
+ torture_suite_add_1smb2_test(suite, "statopen2", test_lease_statopen2);
torture_suite_add_1smb2_test(suite, "upgrade", test_lease_upgrade);
torture_suite_add_1smb2_test(suite, "upgrade2", test_lease_upgrade2);
torture_suite_add_1smb2_test(suite, "upgrade3", test_lease_upgrade3);
diff -Nru samba-4.5.8+dfsg/source4/torture/smb2/oplock.c samba-4.5.12+dfsg/source4/torture/smb2/oplock.c
--- samba-4.5.8+dfsg/source4/torture/smb2/oplock.c 2016-08-11 09:51:05.000000000 +0200
+++ samba-4.5.12+dfsg/source4/torture/smb2/oplock.c 2017-05-22 19:48:32.000000000 +0200
@@ -4204,3 +4204,143 @@
talloc_free(mem_ctx);
return true;
}
+
+
+static bool test_smb2_kernel_oplocks1(struct torture_context *tctx,
+ struct smb2_tree *tree)
+{
+ const char *fname = "test_kernel_oplock1.dat";
+ NTSTATUS status;
+ bool ret = true;
+ struct smb2_create create;
+ struct smb2_handle h1 = {{0}}, h2 = {{0}};
+
+ smb2_util_unlink(tree, fname);
+
+ tree->session->transport->oplock.handler = torture_oplock_handler;
+ tree->session->transport->oplock.private_data = tree;
+ ZERO_STRUCT(break_info);
+
+ ZERO_STRUCT(create);
+ create.in.desired_access = SEC_RIGHTS_FILE_ALL;
+ create.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+ create.in.share_access = NTCREATEX_SHARE_ACCESS_NONE;
+ create.in.create_disposition = NTCREATEX_DISP_OPEN_IF;
+ create.in.impersonation_level = SMB2_IMPERSONATION_ANONYMOUS;
+ create.in.fname = fname;
+ create.in.oplock_level = SMB2_OPLOCK_LEVEL_EXCLUSIVE;
+
+ status = smb2_create(tree, tctx, &create);
+ torture_assert_ntstatus_ok_goto(tctx, status, ret, done, "Error opening the file\n");
+ h1 = create.out.file.handle;
+
+ torture_assert_goto(tctx, create.out.oplock_level == SMB2_OPLOCK_LEVEL_EXCLUSIVE, ret, done,
+ "Oplock level is not SMB2_OPLOCK_LEVEL_EXCLUSIVE\n");
+
+ ZERO_STRUCT(create);
+ create.in.desired_access = SEC_RIGHTS_FILE_ALL;
+ create.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+ create.in.share_access = NTCREATEX_SHARE_ACCESS_MASK;
+ create.in.create_disposition = NTCREATEX_DISP_OPEN_IF;
+ create.in.impersonation_level = SMB2_IMPERSONATION_ANONYMOUS;
+ create.in.fname = fname;
+
+ status = smb2_create(tree, tctx, &create);
+ torture_assert_ntstatus_equal_goto(tctx, status, NT_STATUS_SHARING_VIOLATION, ret, done,
+ "Open didn't return NT_STATUS_SHARING_VIOLATION\n");
+ h2 = create.out.file.handle;
+
+ torture_wait_for_oplock_break(tctx);
+ if (break_info.count != 0) {
+ torture_warning(tctx, "Open caused oplock break\n");
+ }
+
+ smb2_util_close(tree, h1);
+ smb2_util_close(tree, h2);
+
+done:
+ if (!smb2_util_handle_empty(h1)) {
+ smb2_util_close(tree, h1);
+ }
+ if (!smb2_util_handle_empty(h2)) {
+ smb2_util_close(tree, h2);
+ }
+ smb2_util_unlink(tree, fname);
+ return ret;
+}
+
+static bool test_smb2_kernel_oplocks2(struct torture_context *tctx,
+ struct smb2_tree *tree)
+{
+ const char *fname = "test_kernel_oplock2.dat";
+ const char *sname = "test_kernel_oplock2.dat:foo";
+ NTSTATUS status;
+ bool ret = true;
+ struct smb2_create create;
+ struct smb2_handle h1 = {{0}}, h2 = {{0}};
+
+ smb2_util_unlink(tree, fname);
+
+ tree->session->transport->oplock.handler = torture_oplock_handler;
+ tree->session->transport->oplock.private_data = tree;
+ ZERO_STRUCT(break_info);
+
+ ZERO_STRUCT(create);
+ create.in.desired_access = SEC_RIGHTS_FILE_ALL;
+ create.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+ create.in.share_access = NTCREATEX_SHARE_ACCESS_NONE;
+ create.in.create_disposition = NTCREATEX_DISP_OPEN_IF;
+ create.in.impersonation_level = SMB2_IMPERSONATION_ANONYMOUS;
+ create.in.fname = fname;
+ create.in.oplock_level = SMB2_OPLOCK_LEVEL_EXCLUSIVE;
+
+ status = smb2_create(tree, tctx, &create);
+ torture_assert_ntstatus_ok_goto(tctx, status, ret, done, "Error opening the file\n");
+ h1 = create.out.file.handle;
+
+ torture_assert_goto(tctx, create.out.oplock_level == SMB2_OPLOCK_LEVEL_EXCLUSIVE, ret, done,
+ "Oplock level is not SMB2_OPLOCK_LEVEL_EXCLUSIVE\n");
+
+ ZERO_STRUCT(create);
+ create.in.desired_access = SEC_RIGHTS_FILE_ALL;
+ create.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+ create.in.share_access = NTCREATEX_SHARE_ACCESS_MASK;
+ create.in.create_disposition = NTCREATEX_DISP_OPEN_IF;
+ create.in.impersonation_level = SMB2_IMPERSONATION_ANONYMOUS;
+ create.in.fname = sname;
+
+ status = smb2_create(tree, tctx, &create);
+ torture_assert_ntstatus_ok_goto(tctx, status, ret, done, "Error opening the file\n");
+ h2 = create.out.file.handle;
+
+ torture_wait_for_oplock_break(tctx);
+ if (break_info.count != 0) {
+ torture_warning(tctx, "Stream open caused oplock break\n");
+ }
+
+ smb2_util_close(tree, h1);
+ smb2_util_close(tree, h2);
+
+done:
+ if (!smb2_util_handle_empty(h1)) {
+ smb2_util_close(tree, h1);
+ }
+ if (!smb2_util_handle_empty(h2)) {
+ smb2_util_close(tree, h2);
+ }
+ smb2_util_unlink(tree, fname);
+ return ret;
+}
+
+struct torture_suite *torture_smb2_kernel_oplocks_init(void)
+{
+ struct torture_suite *suite =
+ torture_suite_create(talloc_autofree_context(), "kernel-oplocks");
+
+ torture_suite_add_1smb2_test(suite, "kernel_oplocks1", test_smb2_kernel_oplocks1);
+ torture_suite_add_1smb2_test(suite, "kernel_oplocks2", test_smb2_kernel_oplocks2);
+
+ suite->description = talloc_strdup(suite, "SMB2-KERNEL-OPLOCK tests");
+
+ return suite;
+}
diff -Nru samba-4.5.8+dfsg/source4/torture/smb2/smb2.c samba-4.5.12+dfsg/source4/torture/smb2/smb2.c
--- samba-4.5.8+dfsg/source4/torture/smb2/smb2.c 2016-08-11 09:51:05.000000000 +0200
+++ samba-4.5.12+dfsg/source4/torture/smb2/smb2.c 2017-05-22 19:48:32.000000000 +0200
@@ -163,6 +163,7 @@
torture_suite_add_suite(suite, torture_smb2_lease_init());
torture_suite_add_suite(suite, torture_smb2_compound_init());
torture_suite_add_suite(suite, torture_smb2_oplocks_init());
+ torture_suite_add_suite(suite, torture_smb2_kernel_oplocks_init());
torture_suite_add_suite(suite, torture_smb2_streams_init());
torture_suite_add_suite(suite, torture_smb2_ioctl_init());
torture_suite_add_suite(suite, torture_smb2_rename_init());
diff -Nru samba-4.5.8+dfsg/source4/torture/vfs/fruit.c samba-4.5.12+dfsg/source4/torture/vfs/fruit.c
--- samba-4.5.8+dfsg/source4/torture/vfs/fruit.c 2017-03-09 10:21:43.000000000 +0100
+++ samba-4.5.12+dfsg/source4/torture/vfs/fruit.c 2017-06-19 15:18:24.000000000 +0200
@@ -1814,6 +1814,77 @@
return ret;
}
+static bool test_rfork_create_ro(struct torture_context *tctx,
+ struct smb2_tree *tree)
+{
+ TALLOC_CTX *mem_ctx = talloc_new(tctx);
+ const char *fname = BASEDIR "\\torture_rfork_create";
+ const char *rfork = BASEDIR "\\torture_rfork_create" AFPRESOURCE_STREAM;
+ NTSTATUS status;
+ struct smb2_handle testdirh;
+ bool ret = true;
+ struct smb2_create create;
+
+ smb2_util_unlink(tree, fname);
+ status = torture_smb2_testdir(tree, BASEDIR, &testdirh);
+ torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+ "torture_smb2_testdir\n");
+ smb2_util_close(tree, testdirh);
+
+ ret = torture_setup_file(mem_ctx, tree, fname, false);
+ if (ret == false) {
+ goto done;
+ }
+
+ torture_comment(tctx, "(%s) Try opening read-only with "
+ "open_if create disposition, should return ENOENT\n",
+ __location__);
+
+ ZERO_STRUCT(create);
+ create.in.fname = rfork;
+ create.in.create_disposition = NTCREATEX_DISP_OPEN_IF;
+ create.in.desired_access = SEC_FILE_READ_DATA | SEC_STD_READ_CONTROL;
+ create.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+ create.in.share_access = FILE_SHARE_READ | FILE_SHARE_DELETE;
+ status = smb2_create(tree, mem_ctx, &(create));
+ torture_assert_ntstatus_equal_goto(tctx, status,
+ NT_STATUS_OBJECT_NAME_NOT_FOUND,
+ ret, done, "smb2_create failed\n");
+
+ torture_comment(tctx, "(%s) Now write something to the "
+ "rsrc stream, then the same open should succeed\n",
+ __location__);
+
+ ret = write_stream(tree, __location__, tctx, mem_ctx,
+ fname, AFPRESOURCE_STREAM_NAME,
+ 0, 3, "foo");
+ torture_assert_goto(tctx, ret == true, ret, done,
+ "write_stream failed\n");
+
+ ret = check_stream(tree, __location__, tctx, mem_ctx,
+ fname, AFPRESOURCE_STREAM,
+ 0, 3, 0, 3, "foo");
+ torture_assert_goto(tctx, ret == true, ret, done, "check_stream");
+
+ ZERO_STRUCT(create);
+ create.in.fname = rfork;
+ create.in.create_disposition = NTCREATEX_DISP_OPEN_IF;
+ create.in.desired_access = SEC_FILE_READ_DATA | SEC_STD_READ_CONTROL;
+ create.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+ create.in.share_access = FILE_SHARE_READ | FILE_SHARE_DELETE;
+ status = smb2_create(tree, mem_ctx, &(create));
+ torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+ "smb2_create failed\n");
+
+ smb2_util_close(tree, create.out.file.handle);
+
+done:
+ smb2_util_unlink(tree, fname);
+ smb2_deltree(tree, BASEDIR);
+ talloc_free(mem_ctx);
+ return ret;
+}
+
static bool test_adouble_conversion(struct torture_context *tctx,
struct smb2_tree *tree)
{
@@ -1997,9 +2068,9 @@
}
aapl_vol_caps = BVAL(aapl->data.data, 24);
- if (aapl_vol_caps != SMB2_CRTCTX_AAPL_CASE_SENSITIVE) {
+ if (aapl_vol_caps != 0) {
/* this will fail on a case insensitive fs ... */
- torture_warning(tctx,
+ torture_result(tctx, TORTURE_FAIL,
"(%s) unexpected vol_caps: %d",
__location__, (int)aapl_vol_caps);
}
@@ -3914,6 +3985,63 @@
return ret;
}
+static bool test_zero_file_id(struct torture_context *tctx,
+ struct smb2_tree *tree)
+{
+ const char *fname = "filtest_file_id";
+ struct smb2_create create = {0};
+ NTSTATUS status;
+ bool ret = true;
+ uint8_t zero_file_id[8] = {0};
+
+ torture_comment(tctx, "Testing zero file id\n");
+
+ ret = torture_setup_file(tctx, tree, fname, false);
+ torture_assert_goto(tctx, ret == true, ret, done, "torture_setup_file");
+
+ ZERO_STRUCT(create);
+ create.in.desired_access = SEC_FILE_READ_ATTRIBUTE;
+ create.in.share_access = NTCREATEX_SHARE_ACCESS_MASK;
+ create.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+ create.in.create_disposition = NTCREATEX_DISP_OPEN;
+ create.in.fname = fname;
+ create.in.query_on_disk_id = true;
+
+ status = smb2_create(tree, tctx, &create);
+ torture_assert_ntstatus_equal_goto(tctx, status, NT_STATUS_OK, ret,
+ done,
+ "test file could not be opened");
+ torture_assert_mem_not_equal_goto(tctx, create.out.on_disk_id,
+ zero_file_id, 8, ret, done,
+ "unexpected zero file id");
+
+ smb2_util_close(tree, create.out.file.handle);
+
+ ret = enable_aapl(tctx, tree);
+ torture_assert(tctx, ret == true, "enable_aapl failed");
+
+ ZERO_STRUCT(create);
+ create.in.desired_access = SEC_FILE_READ_ATTRIBUTE;
+ create.in.share_access = NTCREATEX_SHARE_ACCESS_MASK;
+ create.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+ create.in.create_disposition = NTCREATEX_DISP_OPEN;
+ create.in.fname = fname;
+ create.in.query_on_disk_id = true;
+
+ status = smb2_create(tree, tctx, &create);
+ torture_assert_ntstatus_equal_goto(
+ tctx, status, NT_STATUS_OK, ret, done,
+ "test file could not be opened with AAPL");
+ torture_assert_mem_equal_goto(tctx, create.out.on_disk_id, zero_file_id,
+ 8, ret, done, "non-zero file id");
+
+ smb2_util_close(tree, create.out.file.handle);
+
+done:
+ smb2_util_unlink(tree, fname);
+ return ret;
+}
+
/*
* Note: This test depends on "vfs objects = catia fruit streams_xattr". For
* some tests torture must be run on the host it tests and takes an additional
@@ -3950,8 +4078,8 @@
torture_suite_add_1smb2_test(suite, "delete", test_delete_file_with_rfork);
torture_suite_add_1smb2_test(suite, "read open rsrc after rename", test_rename_and_read_rsrc);
torture_suite_add_1smb2_test(suite, "readdir_attr with names with illegal ntfs characters", test_readdir_attr_illegal_ntfs);
-
torture_suite_add_2ns_smb2_test(suite, "invalid AFP_AfpInfo", test_invalid_afpinfo);
+ torture_suite_add_1smb2_test(suite, "creating rsrc with read-only access", test_rfork_create_ro);
return suite;
}
@@ -3968,3 +4096,18 @@
return suite;
}
+
+struct torture_suite *torture_vfs_fruit_file_id(void)
+{
+ struct torture_suite *suite =
+ torture_suite_create(talloc_autofree_context(), "fruit_file_id");
+
+ suite->description =
+ talloc_strdup(suite, "vfs_fruit tests for on-disk file ID that "
+ "require fruit:zero_file_id=yes");
+
+ torture_suite_add_1smb2_test(suite, "zero file id if AAPL negotiated",
+ test_zero_file_id);
+
+ return suite;
+}
diff -Nru samba-4.5.8+dfsg/source4/torture/vfs/vfs.c samba-4.5.12+dfsg/source4/torture/vfs/vfs.c
--- samba-4.5.8+dfsg/source4/torture/vfs/vfs.c 2017-03-09 10:21:43.000000000 +0100
+++ samba-4.5.12+dfsg/source4/torture/vfs/vfs.c 2017-05-22 19:48:32.000000000 +0200
@@ -111,6 +111,7 @@
torture_suite_add_suite(suite, torture_vfs_fruit());
torture_suite_add_suite(suite, torture_vfs_fruit_netatalk());
torture_suite_add_suite(suite, torture_acl_xattr());
+ torture_suite_add_suite(suite, torture_vfs_fruit_file_id());
torture_register_suite(suite);
diff -Nru samba-4.5.8+dfsg/VERSION samba-4.5.12+dfsg/VERSION
--- samba-4.5.8+dfsg/VERSION 2017-03-31 08:28:41.000000000 +0200
+++ samba-4.5.12+dfsg/VERSION 2017-07-12 10:57:09.000000000 +0200
@@ -25,7 +25,7 @@
########################################################
SAMBA_VERSION_MAJOR=4
SAMBA_VERSION_MINOR=5
-SAMBA_VERSION_RELEASE=8
+SAMBA_VERSION_RELEASE=12
########################################################
# If a official release has a serious bug #
diff -Nru samba-4.5.8+dfsg/WHATSNEW.txt samba-4.5.12+dfsg/WHATSNEW.txt
--- samba-4.5.8+dfsg/WHATSNEW.txt 2017-03-31 08:27:26.000000000 +0200
+++ samba-4.5.12+dfsg/WHATSNEW.txt 2017-07-12 10:54:46.000000000 +0200
@@ -1,3 +1,287 @@
+ ==============================
+ Release Notes for Samba 4.5.12
+ July 12, 2017
+ ==============================
+
+
+This is a security release in order to address the following defect:
+
+o CVE-2017-11103 (Orpheus' Lyre mutual authentication validation bypass)
+
+=======
+Details
+=======
+
+o CVE-2017-11103 (Heimdal):
+ All versions of Samba from 4.0.0 onwards using embedded Heimdal
+ Kerberos are vulnerable to a man-in-the-middle attack impersonating
+ a trusted server, who may gain elevated access to the domain by
+ returning malicious replication or authorization data.
+
+ Samba binaries built against MIT Kerberos are not vulnerable.
+
+
+Changes since 4.5.11:
+---------------------
+
+o Jeffrey Altman <jaltman at secure-endpoints.com>
+ * BUG 12894: CVE-2017-11103: Orpheus' Lyre KDC-REP service name validation
+
+
+#######################################
+Reporting bugs & Development Discussion
+#######################################
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical IRC channel on irc.freenode.net.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored. All bug reports should
+be filed under the "Samba 4.1 and newer" product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+======================================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+======================================================================
+
+
+Release notes for older releases follow:
+----------------------------------------
+
+ ==============================
+ Release Notes for Samba 4.5.11
+ July 6, 2017
+ ==============================
+
+
+This is the latest stable release of the Samba 4.5 release series.
+
+
+Changes since 4.5.10:
+---------------------
+
+o Jeremy Allison <jra at samba.org>
+ * BUG 12793: s3: smbd: Fix open_files.idl to correctly ignore
+ share_mode_lease *lease in share_mode_entry.
+ * BUG 12804: s3: VFS: Catia: Ensure path name is also converted.
+ * BUG 12818: s3: smbd: When deleting an fsp pointer ensure we don't keep
+ any references to it around.
+ * BUG 12831: s3: libsmb: Correctly save and restore connection tcon
+ in 'smbclient', 'smbcacls' and 'smbtorture3'.
+
+o Ralph Boehme <slow at samba.org>
+ * BUG 12798: s3/smbd: Fix exclusive lease optimisation.
+
+o Amitay Isaacs <amitay at gmail.com>
+ * BUG 12856: ctdb-scripts: Don't send empty argument string to logger.
+ * BUG 12857: ctdb-recovery: Do not run local ip verification when in
+ recovery.
+
+o Daniel Kobras <d.kobras at science-computing.de>
+ * BUG 12860: s3: smbd: Fix regression with non-wide symlinks to directories
+ over SMB3.
+
+o Stefan Metzmacher <metze at samba.org>
+ * BUG 12768: samba-tool: Fix log message of 'samba-tool user syncpasswords'.
+ * BUG 12772: s3:smbd: unimplement FSCTL_VALIDATE_NEGOTIATE_INFO with
+ "server max protocol = SMB2_02".
+ * BUG 12788: auth/spnego: Fix gensec_update_ev() argument order for
+ the SPNEGO_FALLBACK case.
+ * BUG 12832: s3:smb2_create: Avoid reusing the 'tevent_req' within
+ smbd_smb2_create_send().
+ * BUG 12844: Related requests with TreeConnect fail with
+ NETWORK_NAME_DELETED.
+ * BUG 12845: Related requests with SessionSetup fail with INTERNAL_ERROR.
+ * BUG 12859: ldb: protect Samba < 4.7 against incompatible ldb
+ versions and require ldb < 1.2.0.
+ * BUG 12862: auth/ntlmssp: Enforce NTLMSSP_NEGOTIATE_NTLM2 for the NTLMv2
+ client case.
+
+o Michael Saxl <mike at mwsys.mine.bz>
+ * BUG 10490: s3:gse_krb5: Fix a possible crash in
+ fill_mem_keytab_from_system_keytab().
+
+o Andreas Schneider <asn at samba.org>
+ * BUG 12808: libcli:smb2: Gracefully handle not supported for
+ FSCTL_VALIDATE_NEGOTIATE_INFO.
+
+o Martin Schwenke <martin at meltin.net>
+ * BUG 12802: 'ctdb nodestatus' incorrectly displays status for all nodes
+ with wrong exit code.
+ * BUG 12837: ctdb-scripts: NFS call-out failures should cause event failure.
+
+o Richard Sharpe <richard.sharpe at primarydata.com>
+ * BUG 15852: There are valid paths where conn->lsa_pipe_tcp->transport
+ is NULL.
+
+
+#######################################
+Reporting bugs & Development Discussion
+#######################################
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical IRC channel on irc.freenode.net.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored. All bug reports should
+be filed under the Samba 4.1 and newer product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+======================================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+======================================================================
+
+
+----------------------------------------------------------------------
+
+
+ ==============================
+ Release Notes for Samba 4.5.10
+ May 24, 2017
+ ==============================
+
+
+This is a security release in order to address the following defect:
+
+o CVE-2017-7494 (Remote code execution from a writable share)
+
+=======
+Details
+=======
+
+o CVE-2017-7494:
+ All versions of Samba from 3.5.0 onwards are vulnerable to a remote
+ code execution vulnerability, allowing a malicious client to upload a
+ shared library to a writable share, and then cause the server to load
+ and execute it.
+
+
+Changes since 4.5.9:
+--------------------
+
+o Volker Lendecke <vl at samba.org>
+ * BUG 12780: CVE-2017-7494: Avoid remote code execution from a writable
+ share.
+
+
+#######################################
+Reporting bugs & Development Discussion
+#######################################
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical IRC channel on irc.freenode.net.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored. All bug reports should
+be filed under the Samba 4.1 and newer product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+======================================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+======================================================================
+
+
+----------------------------------------------------------------------
+
+
+ =============================
+ Release Notes for Samba 4.5.9
+ May 18, 2017
+ =============================
+
+
+This is the latest stable release of the Samba 4.5 release series.
+
+
+Changes since 4.5.8:
+--------------------
+
+o Michael Adam <obnox at samba.org>
+ * BUG 12743: vfs_shadow_copy2 fails to list snapshots from shares with
+ GlusterFS backend.
+
+o Jeremy Allison <jra at samba.org>
+ * BUG 12747: Wrong use of getgroups causes buffer overflow.
+
+o Hanno B?ck <hanno at hboeck.de>
+ * BUG 12746: lib: debug: Avoid negative array access.
+ * BUG 12748: cleanupdb: Fix a memory read error.
+
+o Ralph Boehme <slow at samba.org>
+ * BUG 11961: idmap_autorid allocates ids for unknown SIDs from other backends.
+ * BUG 12562: vfs_acl_common should force "create mask = 0777".
+ * BUG 12565: vfs_fruit: resource fork open request with
+ flags=O_CREAT|O_RDONLY.
+ * BUG 12727: Lookup-domain for well-known SIDs on a DC.
+ * BUG 12728: winbindd: Fix error handling in rpc_lookup_sids().
+ * BUG 12729: winbindd: Trigger possible passdb_dsdb initialisation.
+ * BUG 12749: Can't case-rename files with vfs_fruit.
+ * BUG 12766: s3/smbd: Update exclusive oplock optimisation to the lease area.
+
+o Amitay Isaacs <amitay at gmail.com>
+ * BUG 12733: ctdb-docs: Fix documentation of "-n" option to 'ctdb tool'.
+
+o Shilpa Krishnareddy <skrishnareddy at panzura.com>
+ * BUG 12756: notify: Fix ordering of events in notifyd.
+
+o Volker Lendecke <vl at samba.org>
+ * BUG 12276: lib: Fix CID 1373623 Dereference after null check.
+ * BUG 12558: smbd: Fix smb1 findfirst with DFS.
+ * BUG 12757: idmap_rfc2307: Fix lookup of more than two SIDs.
+
+o Stefan Metzmacher <metze at samba.org>
+ * BUG 12767: samba-tool: Let 'samba-tool user syncpasswords' report deletions
+ immediately.
+ * BUG 12725: pam_winbind: no longer use wbcUserPasswordPolicyInfo when
+ authenticating.
+
+o Doug Nazar <nazard at nazar.ca>
+ * BUG 12760: s3: smbd: inotify_map_mask_to_filter incorrectly indexes an
+ array.
+
+o Christof Schmitt <cs at samba.org>
+ * BUG 12725: winbindd: Fix password policy for pam authentication.
+
+o Andreas Schneider <asn at samba.org>
+ * BUG 12277: waf: Explicitly link libreplace against libnss_wins.so.
+
+o Uri Simchoni <uri at samba.org>
+ * BUG 12737: vfs_acl_xattr - failure to get ACL on Linux if memory is
+ fragmented.
+
+
+#######################################
+Reporting bugs & Development Discussion
+#######################################
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical IRC channel on irc.freenode.net.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored. All bug reports should
+be filed under the Samba 4.1 and newer product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+======================================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+======================================================================
+
+
+----------------------------------------------------------------------
+
+
=============================
Release Notes for Samba 4.5.8
March 31, 2017
@@ -36,8 +320,8 @@
======================================================================
-Release notes for older releases follow:
-----------------------------------------
+----------------------------------------------------------------------
+
=============================
Release Notes for Samba 4.5.7
-------------- next part --------------
diff --git a/debian/changelog b/debian/changelog
index 53cf8637662..631e13e69fa 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,25 @@
+samba (2:4.5.12+dfsg-1) stretch-security; urgency=medium
+
+ * gbp.conf: change debian-branch to stretch
+ * New upstream version
+ - Remove CVE-2017-11103-Orpheus-Lyre-KDC-REP-service-name-val.patch, merged
+ - Remove CVE-2017-7494.patch, merged
+ - Fix "Non-kerberos logins fails on winbind 4.X when krb5_auth is
+ configured in PAM" (Closes: #739768)
+ * Stability fixes backported from sid:
+ - Properly quote subshell invocation in samba-common.preinst
+ (Closes: #771689)
+ - Fix typo s/DESTIDR/DESTDIR/ in d/rules
+ - sysv: Use --pidfile in addition to --exec to avoid matching daemons in
+ containers (Closes: #810794)
+ - Fix libpam-winbind.prerm to be multiarch-safe (Closes: #647430)
+ - Add missing logrotate for /var/log/samba/log.samba (Closes: #803924)
+ - Fix outdated DNS Root servers (Closes: #865406)
+ - Fix logrotate for /var/log/samba/log.samba to send SIGHUP to all processes
+ of the service (systemd only)
+
+ -- Mathieu Parent <sathieu at debian.org> Thu, 27 Jul 2017 12:20:43 +0200
+
samba (2:4.5.8+dfsg-2+deb9u1) stretch-security; urgency=high
* This is a security release in order to address the following defect:
diff --git a/debian/gbp.conf b/debian/gbp.conf
index db0c2537bf5..74ea46ff3b3 100644
--- a/debian/gbp.conf
+++ b/debian/gbp.conf
@@ -13,4 +13,5 @@ filter = [
'*chm',
]
filter-pristine-tar = True
-debian-branch = master
+debian-branch = stretch
+merge-mode = merge
diff --git a/debian/libpam-winbind.prerm b/debian/libpam-winbind.prerm
index e4d8a9fcee4..ad655ca524b 100644
--- a/debian/libpam-winbind.prerm
+++ b/debian/libpam-winbind.prerm
@@ -2,7 +2,7 @@
set -e
-if [ "$1" = remove ]; then
+if [ "$1" = remove ] && [ "${DPKG_MAINTSCRIPT_PACKAGE_REFCOUNT:-1}" = 1 ]; then
pam-auth-update --package --remove winbind
fi
diff --git a/debian/patches/CVE-2017-11103-Orpheus-Lyre-KDC-REP-service-name-val.patch b/debian/patches/CVE-2017-11103-Orpheus-Lyre-KDC-REP-service-name-val.patch
deleted file mode 100644
index ff665e686f8..00000000000
--- a/debian/patches/CVE-2017-11103-Orpheus-Lyre-KDC-REP-service-name-val.patch
+++ /dev/null
@@ -1,42 +0,0 @@
-From 229735bf7dc2ec1ce7e6074491f151784f46e7de Mon Sep 17 00:00:00 2001
-From: Jeffrey Altman <jaltman at secure-endpoints.com>
-Date: Wed, 12 Apr 2017 15:40:42 -0400
-Subject: [PATCH] CVE-2017-11103: Orpheus' Lyre KDC-REP service name validation
-
-In _krb5_extract_ticket() the KDC-REP service name must be obtained from
-encrypted version stored in 'enc_part' instead of the unencrypted version
-stored in 'ticket'. Use of the unecrypted version provides an
-opportunity for successful server impersonation and other attacks.
-
-Identified by Jeffrey Altman, Viktor Duchovni and Nico Williams.
-
-Change-Id: I45ef61e8a46e0f6588d64b5bd572a24c7432547c
-
-BUG: https://bugzilla.samba.org/show_bug.cgi?id=12894
-(based on heimdal commit 6dd3eb836bbb80a00ffced4ad57077a1cdf227ea)
-
-Signed-off-by: Andrew Bartlett <abartlet at samba.org>
-Reviewed-by: Garming Sam <garming at catalyst.net.nz>
-Reviewed-by: Stefan Metzmacher <metze at samba.org>
----
- source4/heimdal/lib/krb5/ticket.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/source4/heimdal/lib/krb5/ticket.c b/source4/heimdal/lib/krb5/ticket.c
-index 064bbfbb33c..5a317c7b971 100644
---- a/source4/heimdal/lib/krb5/ticket.c
-+++ b/source4/heimdal/lib/krb5/ticket.c
-@@ -641,8 +641,8 @@ _krb5_extract_ticket(krb5_context context,
- /* check server referral and save principal */
- ret = _krb5_principalname2krb5_principal (context,
- &tmp_principal,
-- rep->kdc_rep.ticket.sname,
-- rep->kdc_rep.ticket.realm);
-+ rep->enc_part.sname,
-+ rep->enc_part.srealm);
- if (ret)
- goto out;
- if((flags & EXTRACT_TICKET_ALLOW_SERVER_MISMATCH) == 0){
---
-2.13.2
-
diff --git a/debian/patches/CVE-2017-7494.patch b/debian/patches/CVE-2017-7494.patch
deleted file mode 100644
index 0e7dd8edac2..00000000000
--- a/debian/patches/CVE-2017-7494.patch
+++ /dev/null
@@ -1,33 +0,0 @@
-From d2bc9f3afe23ee04d237ae9f4511fbe59a27ff54 Mon Sep 17 00:00:00 2001
-From: Volker Lendecke <vl at samba.org>
-Date: Mon, 8 May 2017 21:40:40 +0200
-Subject: [PATCH] CVE-2017-7494: rpc_server3: Refuse to open pipe names with /
- inside
-
-Bug: https://bugzilla.samba.org/show_bug.cgi?id=12780
-
-Signed-off-by: Volker Lendecke <vl at samba.org>
-Reviewed-by: Jeremy Allison <jra at samba.org>
-Reviewed-by: Stefan Metzmacher <metze at samba.org>
----
- source3/rpc_server/srv_pipe.c | 5 +++++
- 1 file changed, 5 insertions(+)
-
-diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c
-index 0633b5f..c3f0cd8 100644
---- a/source3/rpc_server/srv_pipe.c
-+++ b/source3/rpc_server/srv_pipe.c
-@@ -475,6 +475,11 @@ bool is_known_pipename(const char *pipename, struct ndr_syntax_id *syntax)
- {
- NTSTATUS status;
-
-+ if (strchr(pipename, '/')) {
-+ DEBUG(1, ("Refusing open on pipe %s\n", pipename));
-+ return false;
-+ }
-+
- if (lp_disable_spoolss() && strequal(pipename, "spoolss")) {
- DEBUG(10, ("refusing spoolss access\n"));
- return false;
---
-1.9.1
diff --git a/debian/patches/provision-Update-root-DNS-servers-list.patch b/debian/patches/provision-Update-root-DNS-servers-list.patch
new file mode 100644
index 00000000000..db89de2844b
--- /dev/null
+++ b/debian/patches/provision-Update-root-DNS-servers-list.patch
@@ -0,0 +1,56 @@
+From 0098a7b5564b60b3b29d3f1767adfd538d3ff55d Mon Sep 17 00:00:00 2001
+From: Amitay Isaacs <amitay at gmail.com>
+Date: Thu, 8 Jun 2017 22:59:56 +1000
+Subject: [PATCH] provision: Update root DNS servers list
+
+Signed-off-by: Amitay Isaacs <amitay at gmail.com>
+Reviewed-by: Andrew Bartlett <abartlet at samba.org>
+---
+ python/samba/provision/sambadns.py | 14 +++++++++++---
+ 1 file changed, 11 insertions(+), 3 deletions(-)
+
+diff --git a/python/samba/provision/sambadns.py b/python/samba/provision/sambadns.py
+index 2c69dd4e910..961f37e16a6 100644
+--- a/python/samba/provision/sambadns.py
++++ b/python/samba/provision/sambadns.py
+@@ -317,15 +317,16 @@ def add_dns_container(samdb, domaindn, prefix, domain_sid, dnsadmins_sid, forest
+
+
+ def add_rootservers(samdb, domaindn, prefix):
++ # https://www.internic.net/zones/named.root
+ rootservers = {}
+ rootservers["a.root-servers.net"] = "198.41.0.4"
+ rootservers["b.root-servers.net"] = "192.228.79.201"
+ rootservers["c.root-servers.net"] = "192.33.4.12"
+- rootservers["d.root-servers.net"] = "128.8.10.90"
++ rootservers["d.root-servers.net"] = "199.7.91.13"
+ rootservers["e.root-servers.net"] = "192.203.230.10"
+ rootservers["f.root-servers.net"] = "192.5.5.241"
+ rootservers["g.root-servers.net"] = "192.112.36.4"
+- rootservers["h.root-servers.net"] = "128.63.2.53"
++ rootservers["h.root-servers.net"] = "198.97.190.53"
+ rootservers["i.root-servers.net"] = "192.36.148.17"
+ rootservers["j.root-servers.net"] = "192.58.128.30"
+ rootservers["k.root-servers.net"] = "193.0.14.129"
+@@ -334,10 +335,17 @@ def add_rootservers(samdb, domaindn, prefix):
+
+ rootservers_v6 = {}
+ rootservers_v6["a.root-servers.net"] = "2001:503:ba3e::2:30"
++ rootservers_v6["b.root-servers.net"] = "2001:500:84::b"
++ rootservers_v6["c.root-servers.net"] = "2001:500:2::c"
++ rootservers_v6["d.root-servers.net"] = "2001:500:2d::d"
++ rootservers_v6["e.root-servers.net"] = "2001:500:a8::e"
+ rootservers_v6["f.root-servers.net"] = "2001:500:2f::f"
+- rootservers_v6["h.root-servers.net"] = "2001:500:1::803f:235"
++ rootservers_v6["g.root-servers.net"] = "2001:500:12::d0d"
++ rootservers_v6["h.root-servers.net"] = "2001:500:1::53"
++ rootservers_v6["i.root-servers.net"] = "2001:7fe::53"
+ rootservers_v6["j.root-servers.net"] = "2001:503:c27::2:30"
+ rootservers_v6["k.root-servers.net"] = "2001:7fd::1"
++ rootservers_v6["l.root-servers.net"] = "2001:500:9f::42"
+ rootservers_v6["m.root-servers.net"] = "2001:dc3::35"
+
+ container_dn = "DC=RootDNSServers,CN=MicrosoftDNS,%s,%s" % (prefix, domaindn)
+--
+2.13.2
+
diff --git a/debian/patches/series b/debian/patches/series
index fac1ea803fb..cba4f6d0601 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -15,5 +15,4 @@ systemd-syslog.target-is-obsolete.patch
Add-documentation-to-systemd-Unit-files.patch
fix_kill_path_in_units.patch
nmbd-requires-a-working-network.patch
-CVE-2017-7494.patch
-CVE-2017-11103-Orpheus-Lyre-KDC-REP-service-name-val.patch
+provision-Update-root-DNS-servers-list.patch
diff --git a/debian/rules b/debian/rules
index 0f659a19093..61271460f1b 100755
--- a/debian/rules
+++ b/debian/rules
@@ -162,7 +162,7 @@ override_dh_install:
install -m644 debian/samba.ufw.profile $(DESTDIR)/etc/ufw/applications.d/samba
# use upstream version of smb.conf.5 if there is no built version
# this is a temporary workaround for #750593 in xsltproc
- [ -e $(DESTIDR)/usr/share/man/man5/smb.conf.5 ] || \
+ [ -e $(DESTDIR)/usr/share/man/man5/smb.conf.5 ] || \
cp docs/manpages/smb.conf.5 $(DESTDIR)/usr/share/man/man5/smb.conf.5
# Tests that shouldn't be installed
rm -f $(DESTDIR)/usr/bin/async_connect_send_test
diff --git a/debian/samba-common.preinst b/debian/samba-common.preinst
index afa292ad400..c4d04820711 100644
--- a/debian/samba-common.preinst
+++ b/debian/samba-common.preinst
@@ -2,7 +2,7 @@
set -e
-if [ $(readlink -f /etc/dhcp/dhclient-enter-hooks.d/samba) = /etc/dhcp3/dhclient-enter-hooks.d/samba ] \
+if [ "$(readlink -f /etc/dhcp/dhclient-enter-hooks.d/samba)" = /etc/dhcp3/dhclient-enter-hooks.d/samba ] \
&& dpkg --compare-versions "$2" le-nl 2:4.1.4+dfsg-2~
then
rm -f /etc/dhcp/dhclient-enter-hooks.d/samba
diff --git a/debian/samba.logrotate b/debian/samba.logrotate
index d34f7857800..0b0ed9b6198 100644
--- a/debian/samba.logrotate
+++ b/debian/samba.logrotate
@@ -21,3 +21,20 @@
delaycompress
notifempty
}
+
+/var/log/samba/log.samba {
+ weekly
+ missingok
+ rotate 7
+ postrotate
+ if [ -d /run/systemd/system ] && command systemctl >/dev/null 2>&1 && systemctl is-active --quiet samba-ad-dc; then
+ systemctl kill --kill-who all --signal=SIGHUP samba-ad-dc
+ elsif [ -f /var/run/samba/samba.pid ]; then
+ # This only sends to main pid, See #803924
+ kill -HUP `cat /var/run/samba/samba.pid`
+ fi
+ endscript
+ compress
+ delaycompress
+ notifempty
+}
diff --git a/debian/samba.nmbd.init b/debian/samba.nmbd.init
index 4834858fdfd..45ee2d04fde 100644
--- a/debian/samba.nmbd.init
+++ b/debian/samba.nmbd.init
@@ -43,7 +43,7 @@ case $1 in
# Make sure we have our PIDDIR, even if it's on a tmpfs
install -o root -g root -m 755 -d $PIDDIR
- if ! start-stop-daemon --start --quiet --oknodo --exec /usr/sbin/nmbd -- -D
+ if ! start-stop-daemon --start --quiet --oknodo --exec /usr/sbin/nmbd --pidfile $NMBDPID -- -D
then
log_end_msg 1
exit 1
diff --git a/debian/samba.samba-ad-dc.init b/debian/samba.samba-ad-dc.init
index 4408dee3144..437e4874cb8 100644
--- a/debian/samba.samba-ad-dc.init
+++ b/debian/samba.samba-ad-dc.init
@@ -55,7 +55,7 @@ case "$1" in
# Make sure we have our PIDDIR, even if it's on a tmpfs
install -o root -g root -m 755 -d $PIDDIR
- if ! start-stop-daemon --start --quiet --oknodo --exec /usr/sbin/samba -- -D; then
+ if ! start-stop-daemon --start --quiet --oknodo --exec /usr/sbin/samba --pidfile $SAMBAPID -- -D; then
log_end_msg 1
exit 1
fi
diff --git a/debian/samba.smbd.init b/debian/samba.smbd.init
index f3606209ecc..59582d69c45 100644
--- a/debian/samba.smbd.init
+++ b/debian/samba.smbd.init
@@ -38,7 +38,7 @@ case $1 in
# Make sure we have our PIDDIR, even if it's on a tmpfs
install -o root -g root -m 755 -d $PIDDIR
- if ! start-stop-daemon --start --quiet --oknodo --exec /usr/sbin/smbd -- -D; then
+ if ! start-stop-daemon --start --quiet --oknodo --exec /usr/sbin/smbd --pidfile $SMBDPID -- -D; then
log_end_msg 1
exit 1
fi
diff --git a/debian/winbind.init b/debian/winbind.init
index 505dcca5cd8..d16a13bfaee 100644
--- a/debian/winbind.init
+++ b/debian/winbind.init
@@ -40,7 +40,7 @@ case "$1" in
fi
log_daemon_msg "Starting the Winbind daemon" "winbind"
- start-stop-daemon --start --quiet --oknodo --exec $DAEMON -- $WINBINDD_OPTS
+ start-stop-daemon --start --quiet --oknodo --exec $DAEMON --pidfile $WINBINDPID -- $WINBINDD_OPTS
log_end_msg $?
;;
@@ -50,7 +50,7 @@ case "$1" in
exit 0
fi
log_daemon_msg "Stopping the Winbind daemon" "winbind"
- start-stop-daemon --stop --quiet --oknodo --exec $DAEMON
+ start-stop-daemon --stop --quiet --oknodo --exec $DAEMON --pidfile $WINBINDPID
log_end_msg $?
;;
More information about the Pkg-samba-maint
mailing list