From a5f9e01b561225e7766846f8a30f8966d9d97a9d Mon Sep 17 00:00:00 2001 From: eabdullin Date: Fri, 20 Jun 2025 17:11:01 +0000 Subject: [PATCH] import UBI samba-4.21.3-5.el9_6 --- .gitignore | 2 +- .samba.metadata | 2 +- SOURCES/redhat-4.20.2.patch | 927 ----- SOURCES/redhat-4.21.patch | 6211 ++++++++++++++++++++++++++++++++++ SOURCES/samba-4.20.2.tar.asc | 16 - SOURCES/samba-4.21.3.tar.asc | 16 + SPECS/samba.spec | 1482 +++----- 7 files changed, 6694 insertions(+), 1962 deletions(-) delete mode 100644 SOURCES/redhat-4.20.2.patch create mode 100644 SOURCES/redhat-4.21.patch delete mode 100644 SOURCES/samba-4.20.2.tar.asc create mode 100644 SOURCES/samba-4.21.3.tar.asc diff --git a/.gitignore b/.gitignore index f5c29b0..6bc5d98 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,2 @@ -SOURCES/samba-4.20.2.tar.xz +SOURCES/samba-4.21.3.tar.xz SOURCES/samba-pubkey_AA99442FB680B620.gpg diff --git a/.samba.metadata b/.samba.metadata index 4fab5e6..07e804b 100644 --- a/.samba.metadata +++ b/.samba.metadata @@ -1,2 +1,2 @@ -607bea15c2306b165610ebe3f617f1b29ef7f133 SOURCES/samba-4.20.2.tar.xz +c3c2f51037818ee9e1d24b5b9add13d5f86fdb01 SOURCES/samba-4.21.3.tar.xz 971f563c447eda8d144d6c9e743cd0f0488c0d9e SOURCES/samba-pubkey_AA99442FB680B620.gpg diff --git a/SOURCES/redhat-4.20.2.patch b/SOURCES/redhat-4.20.2.patch deleted file mode 100644 index a46f5ef..0000000 --- a/SOURCES/redhat-4.20.2.patch +++ /dev/null @@ -1,927 +0,0 @@ -From dddbbec2cb10b05a6ec3b4f1fcc877d60a44080a Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Pavel=20Filipensk=C3=BD?= -Date: Thu, 4 Jul 2024 11:08:03 +0200 -Subject: [PATCH 1/5] .gitlab-ci-main.yml: Add safe.directory '*' -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -This is to fix the error when pushing to personal gitlab repo: - -2024-07-04 08:16:05,460 Running: 'git clone --recursive --shared /builds/pfilipen/samba /builds/samba-testbase/master' in '/builds/pfilipen/samba' -Cloning into '/builds/samba-testbase/master'... -fatal: detected dubious ownership in repository at '/builds/pfilipen/samba/.git' -To add an exception for this directory, call: - git config --global --add safe.directory /builds/pfilipen/samba/.git -fatal: Could not read from remote repository. - -Instead of adding more and more explicit repositories -we should just allow any, we're in an isolated environment... - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=15660 - -Pair-Programmed-With: Stefan Metzmacher -Signed-off-by: Pavel Filipenský -Signed-off-by: Stefan Metzmacher -Reviewed-by: Andreas Schneider - -Autobuild-User(master): Stefan Metzmacher -Autobuild-Date(master): Wed Jul 10 10:35:00 UTC 2024 on atb-devel-224 - -(cherry picked from commit 3a21b7d9a4e7e9814d0be8c0ebf72b9821a5dc36) ---- - .gitlab-ci-main.yml | 3 +-- - 1 file changed, 1 insertion(+), 2 deletions(-) - -diff --git a/.gitlab-ci-main.yml b/.gitlab-ci-main.yml -index face2103327..08865ca2c42 100644 ---- a/.gitlab-ci-main.yml -+++ b/.gitlab-ci-main.yml -@@ -146,8 +146,7 @@ include: - - ccache -z -M 500M - - ccache -s - # We are already running .gitlab-ci directives from this repo, remove additional checks that break our CI -- - git config --global --add safe.directory `pwd` -- - git config --global --add safe.directory /builds/samba-team/devel/samba/.git -+ - git config --global --add safe.directory '*' - after_script: - - mount - - df -h --- -2.49.0 - - -From 1c69964d34d2cf66532b23ffde76a839a65b0db2 Mon Sep 17 00:00:00 2001 -From: Andreas Schneider -Date: Fri, 12 Jul 2024 14:18:26 +0200 -Subject: [PATCH 2/5] s3:printing: Allow to run samba-bgqd as a standalone - systemd service - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=15683 - -Signed-off-by: Andreas Schneider -Reviewed-by: Alexander Bokovoy -(cherry picked from commit 0a532378322661b23b3393eb2ebde29402a16e62) - -Autobuild-User(v4-20-test): Jule Anger -Autobuild-Date(v4-20-test): Tue Jul 23 08:56:24 UTC 2024 on atb-devel-224 - -(cherry picked from commit 4cf9af9186d7829f11bd07c7d6e526a51dcf0d61) ---- - source3/printing/samba-bgqd.c | 8 +++++++- - 1 file changed, 7 insertions(+), 1 deletion(-) - -diff --git a/source3/printing/samba-bgqd.c b/source3/printing/samba-bgqd.c -index 59ed0cc40db..9560fcf9e35 100644 ---- a/source3/printing/samba-bgqd.c -+++ b/source3/printing/samba-bgqd.c -@@ -253,7 +253,9 @@ int main(int argc, const char *argv[]) - log_stdout = (debug_get_log_type() == DEBUG_STDOUT); - - /* main process will notify systemd */ -- daemon_sd_notifications(false); -+ if (ready_signal_fd != -1 || watch_fd != -1) { -+ daemon_sd_notifications(false); -+ } - - if (!cmdline_daemon_cfg->fork) { - daemon_status(progname, "Starting process ... "); -@@ -325,6 +327,10 @@ int main(int argc, const char *argv[]) - goto done; - } - -+ if (!cmdline_daemon_cfg->fork) { -+ daemon_ready(progname); -+ } -+ - if (ready_signal_fd != -1) { - pid_t pid = getpid(); - ssize_t written; --- -2.49.0 - - -From 2e7ffc196aa9f241622a32ea002d96ad00799e4d Mon Sep 17 00:00:00 2001 -From: Andreas Schneider -Date: Mon, 22 Jul 2024 12:26:55 +0200 -Subject: [PATCH 3/5] s3:notifyd: Use a watcher per db record -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -This fixes a O(n²) performance regression in notifyd. The problem was -that we had a watcher per notify instance. This changes the code to have -a watcher per notify db entry. - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=14430 - -Signed-off-by: Andreas Schneider -Reviewed-by: Stefan Metzmacher - -Autobuild-User(master): Andreas Schneider -Autobuild-Date(master): Tue Oct 1 14:22:43 UTC 2024 on atb-devel-224 ---- - source3/smbd/notifyd/notifyd.c | 214 ++++++++++++++++++------- - source3/smbd/notifyd/notifyd_db.c | 5 +- - source3/smbd/notifyd/notifyd_entry.c | 51 ++++-- - source3/smbd/notifyd/notifyd_private.h | 46 ++++-- - 4 files changed, 228 insertions(+), 88 deletions(-) - -diff --git a/source3/smbd/notifyd/notifyd.c b/source3/smbd/notifyd/notifyd.c -index ca303bd4d51..b368b8390fa 100644 ---- a/source3/smbd/notifyd/notifyd.c -+++ b/source3/smbd/notifyd/notifyd.c -@@ -337,6 +337,7 @@ static bool notifyd_apply_rec_change( - struct messaging_context *msg_ctx) - { - struct db_record *rec = NULL; -+ struct notifyd_watcher watcher = {}; - struct notifyd_instance *instances = NULL; - size_t num_instances; - size_t i; -@@ -344,6 +345,7 @@ static bool notifyd_apply_rec_change( - TDB_DATA value; - NTSTATUS status; - bool ok = false; -+ bool new_watcher = false; - - if (pathlen == 0) { - DBG_WARNING("pathlen==0\n"); -@@ -374,8 +376,12 @@ static bool notifyd_apply_rec_change( - value = dbwrap_record_get_value(rec); - - if (value.dsize != 0) { -- if (!notifyd_parse_entry(value.dptr, value.dsize, NULL, -- &num_instances)) { -+ ok = notifyd_parse_entry(value.dptr, -+ value.dsize, -+ &watcher, -+ NULL, -+ &num_instances); -+ if (!ok) { - goto fail; - } - } -@@ -390,8 +396,22 @@ static bool notifyd_apply_rec_change( - goto fail; - } - -- if (value.dsize != 0) { -- memcpy(instances, value.dptr, value.dsize); -+ if (num_instances > 0) { -+ struct notifyd_instance *tmp = NULL; -+ size_t num_tmp = 0; -+ -+ ok = notifyd_parse_entry(value.dptr, -+ value.dsize, -+ NULL, -+ &tmp, -+ &num_tmp); -+ if (!ok) { -+ goto fail; -+ } -+ -+ memcpy(instances, -+ tmp, -+ sizeof(struct notifyd_instance) * num_tmp); - } - - for (i=0; ifilter, -- .internal_subdir_filter = chg->subdir_filter - }; - - num_instances += 1; - } - -- if ((instance->instance.filter != 0) || -- (instance->instance.subdir_filter != 0)) { -- int ret; -+ /* -+ * Calculate an intersection of the instances filters for the watcher. -+ */ -+ if (instance->instance.filter > 0) { -+ uint32_t filter = instance->instance.filter; -+ -+ if ((watcher.filter & filter) != filter) { -+ watcher.filter |= filter; -+ -+ new_watcher = true; -+ } -+ } -+ -+ /* -+ * Calculate an intersection of the instances subdir_filters for the -+ * watcher. -+ */ -+ if (instance->instance.subdir_filter > 0) { -+ uint32_t subdir_filter = instance->instance.subdir_filter; - -- TALLOC_FREE(instance->sys_watch); -+ if ((watcher.subdir_filter & subdir_filter) != subdir_filter) { -+ watcher.subdir_filter |= subdir_filter; - -- ret = sys_notify_watch(entries, sys_notify_ctx, path, -- &instance->internal_filter, -- &instance->internal_subdir_filter, -- notifyd_sys_callback, msg_ctx, -- &instance->sys_watch); -- if (ret != 0) { -- DBG_WARNING("sys_notify_watch for [%s] returned %s\n", -- path, strerror(errno)); -+ new_watcher = true; - } - } - - if ((instance->instance.filter == 0) && - (instance->instance.subdir_filter == 0)) { -+ uint32_t tmp_filter = 0; -+ uint32_t tmp_subdir_filter = 0; -+ - /* This is a delete request */ -- TALLOC_FREE(instance->sys_watch); - *instance = instances[num_instances-1]; - num_instances -= 1; -+ -+ for (i = 0; i < num_instances; i++) { -+ struct notifyd_instance *tmp = &instances[i]; -+ -+ tmp_filter |= tmp->instance.filter; -+ tmp_subdir_filter |= tmp->instance.subdir_filter; -+ } -+ -+ /* -+ * If the filter has changed, register a new watcher with the -+ * changed filter. -+ */ -+ if (watcher.filter != tmp_filter || -+ watcher.subdir_filter != tmp_subdir_filter) -+ { -+ watcher.filter = tmp_filter; -+ watcher.subdir_filter = tmp_subdir_filter; -+ -+ new_watcher = true; -+ } -+ } -+ -+ if (new_watcher) { -+ /* -+ * In case we removed all notify instances, we want to remove -+ * the watcher. We won't register a new one, if no filters are -+ * set anymore. -+ */ -+ -+ TALLOC_FREE(watcher.sys_watch); -+ -+ watcher.sys_filter = watcher.filter; -+ watcher.sys_subdir_filter = watcher.subdir_filter; -+ -+ /* -+ * Only register a watcher if we have filter. -+ */ -+ if (watcher.filter != 0 || watcher.subdir_filter != 0) { -+ int ret = sys_notify_watch(entries, -+ sys_notify_ctx, -+ path, -+ &watcher.sys_filter, -+ &watcher.sys_subdir_filter, -+ notifyd_sys_callback, -+ msg_ctx, -+ &watcher.sys_watch); -+ if (ret != 0) { -+ DBG_WARNING("sys_notify_watch for [%s] " -+ "returned %s\n", -+ path, -+ strerror(errno)); -+ } -+ } - } - - DBG_DEBUG("%s has %zu instances\n", path, num_instances); - - if (num_instances == 0) { -+ TALLOC_FREE(watcher.sys_watch); -+ - status = dbwrap_record_delete(rec); - if (!NT_STATUS_IS_OK(status)) { - DBG_WARNING("dbwrap_record_delete returned %s\n", -@@ -456,13 +541,21 @@ static bool notifyd_apply_rec_change( - goto fail; - } - } else { -- value = make_tdb_data( -- (uint8_t *)instances, -- sizeof(struct notifyd_instance) * num_instances); -+ struct TDB_DATA iov[2] = { -+ { -+ .dptr = (uint8_t *)&watcher, -+ .dsize = sizeof(struct notifyd_watcher), -+ }, -+ { -+ .dptr = (uint8_t *)instances, -+ .dsize = sizeof(struct notifyd_instance) * -+ num_instances, -+ }, -+ }; - -- status = dbwrap_record_store(rec, value, 0); -+ status = dbwrap_record_storev(rec, iov, ARRAY_SIZE(iov), 0); - if (!NT_STATUS_IS_OK(status)) { -- DBG_WARNING("dbwrap_record_store returned %s\n", -+ DBG_WARNING("dbwrap_record_storev returned %s\n", - nt_errstr(status)); - goto fail; - } -@@ -706,12 +799,18 @@ static void notifyd_trigger_parser(TDB_DATA key, TDB_DATA data, - .when = tstate->msg->when }; - struct iovec iov[2]; - size_t path_len = key.dsize; -+ struct notifyd_watcher watcher = {}; - struct notifyd_instance *instances = NULL; - size_t num_instances = 0; - size_t i; -+ bool ok; - -- if (!notifyd_parse_entry(data.dptr, data.dsize, &instances, -- &num_instances)) { -+ ok = notifyd_parse_entry(data.dptr, -+ data.dsize, -+ &watcher, -+ &instances, -+ &num_instances); -+ if (!ok) { - DBG_DEBUG("Could not parse notifyd_entry\n"); - return; - } -@@ -734,9 +833,11 @@ static void notifyd_trigger_parser(TDB_DATA key, TDB_DATA data, - - if (tstate->covered_by_sys_notify) { - if (tstate->recursive) { -- i_filter = instance->internal_subdir_filter; -+ i_filter = watcher.sys_subdir_filter & -+ instance->instance.subdir_filter; - } else { -- i_filter = instance->internal_filter; -+ i_filter = watcher.sys_filter & -+ instance->instance.filter; - } - } else { - if (tstate->recursive) { -@@ -1142,46 +1243,39 @@ static int notifyd_add_proxy_syswatches(struct db_record *rec, - struct db_context *db = dbwrap_record_get_db(rec); - TDB_DATA key = dbwrap_record_get_key(rec); - TDB_DATA value = dbwrap_record_get_value(rec); -- struct notifyd_instance *instances = NULL; -- size_t num_instances = 0; -- size_t i; -+ struct notifyd_watcher watcher = {}; - char path[key.dsize+1]; - bool ok; -+ int ret; - - memcpy(path, key.dptr, key.dsize); - path[key.dsize] = '\0'; - -- ok = notifyd_parse_entry(value.dptr, value.dsize, &instances, -- &num_instances); -+ /* This is a remote database, we just need the watcher. */ -+ ok = notifyd_parse_entry(value.dptr, value.dsize, &watcher, NULL, NULL); - if (!ok) { - DBG_WARNING("Could not parse notifyd entry for %s\n", path); - return 0; - } - -- for (i=0; iinstance.filter; -- uint32_t subdir_filter = instance->instance.subdir_filter; -- int ret; -+ watcher.sys_watch = NULL; -+ watcher.sys_filter = watcher.filter; -+ watcher.sys_subdir_filter = watcher.subdir_filter; - -- /* -- * This is a remote database. Pointers that we were -- * given don't make sense locally. Initialize to NULL -- * in case sys_notify_watch fails. -- */ -- instances[i].sys_watch = NULL; -- -- ret = state->sys_notify_watch( -- db, state->sys_notify_ctx, path, -- &filter, &subdir_filter, -- notifyd_sys_callback, state->msg_ctx, -- &instance->sys_watch); -- if (ret != 0) { -- DBG_WARNING("inotify_watch returned %s\n", -- strerror(errno)); -- } -+ ret = state->sys_notify_watch(db, -+ state->sys_notify_ctx, -+ path, -+ &watcher.filter, -+ &watcher.subdir_filter, -+ notifyd_sys_callback, -+ state->msg_ctx, -+ &watcher.sys_watch); -+ if (ret != 0) { -+ DBG_WARNING("inotify_watch returned %s\n", strerror(errno)); - } - -+ memcpy(value.dptr, &watcher, sizeof(struct notifyd_watcher)); -+ - return 0; - } - -@@ -1189,21 +1283,17 @@ static int notifyd_db_del_syswatches(struct db_record *rec, void *private_data) - { - TDB_DATA key = dbwrap_record_get_key(rec); - TDB_DATA value = dbwrap_record_get_value(rec); -- struct notifyd_instance *instances = NULL; -- size_t num_instances = 0; -- size_t i; -+ struct notifyd_watcher watcher = {}; - bool ok; - -- ok = notifyd_parse_entry(value.dptr, value.dsize, &instances, -- &num_instances); -+ ok = notifyd_parse_entry(value.dptr, value.dsize, &watcher, NULL, NULL); - if (!ok) { - DBG_WARNING("Could not parse notifyd entry for %.*s\n", - (int)key.dsize, (char *)key.dptr); - return 0; - } -- for (i=0; ientries database - */ - --bool notifyd_parse_entry( -- uint8_t *buf, -- size_t buflen, -- struct notifyd_instance **instances, -- size_t *num_instances) -+/** -+ * @brief Parse a notifyd database entry. -+ * -+ * The memory we pass down needs to be aligned. If it isn't aligned we can run -+ * into obscure errors as we just point into the data buffer. -+ * -+ * @param data The data to parse -+ * @param data_len The length of the data to parse -+ * @param watcher A pointer to store the watcher data or NULL. -+ * @param instances A pointer to store the array of notify instances or NULL. -+ * @param pnum_instances The number of elements in the array. If you just want -+ * the number of elements pass NULL for the watcher and instances pointers. -+ * -+ * @return true on success, false if an error occurred. -+ */ -+bool notifyd_parse_entry(uint8_t *data, -+ size_t data_len, -+ struct notifyd_watcher *watcher, -+ struct notifyd_instance **instances, -+ size_t *pnum_instances) - { -- if ((buflen % sizeof(struct notifyd_instance)) != 0) { -- DBG_WARNING("invalid buffer size: %zu\n", buflen); -+ size_t ilen; -+ -+ if (data_len < sizeof(struct notifyd_watcher)) { - return false; - } - -- if (instances != NULL) { -- *instances = (struct notifyd_instance *)buf; -+ if (watcher != NULL) { -+ *watcher = *((struct notifyd_watcher *)(uintptr_t)data); - } -- if (num_instances != NULL) { -- *num_instances = buflen / sizeof(struct notifyd_instance); -+ -+ ilen = data_len - sizeof(struct notifyd_watcher); -+ if ((ilen % sizeof(struct notifyd_instance)) != 0) { -+ return false; -+ } -+ -+ if (pnum_instances != NULL) { -+ *pnum_instances = ilen / sizeof(struct notifyd_instance); - } -+ if (instances != NULL) { -+ /* The (uintptr_t) cast removes a warning from -Wcast-align. */ -+ *instances = -+ (struct notifyd_instance *)(uintptr_t) -+ (data + sizeof(struct notifyd_watcher)); -+ } -+ - return true; - } -diff --git a/source3/smbd/notifyd/notifyd_private.h b/source3/smbd/notifyd/notifyd_private.h -index 36c08f47c54..db8e6e1c005 100644 ---- a/source3/smbd/notifyd/notifyd_private.h -+++ b/source3/smbd/notifyd/notifyd_private.h -@@ -20,30 +20,48 @@ - #include "lib/util/server_id.h" - #include "notifyd.h" - -+ - /* -- * notifyd's representation of a notify instance -+ * Representation of a watcher for a path -+ * -+ * This will be stored in the db. - */ --struct notifyd_instance { -- struct server_id client; -- struct notify_instance instance; -- -- void *sys_watch; /* inotify/fam/etc handle */ -+struct notifyd_watcher { -+ /* -+ * This is an intersections of the filter the watcher is listening for. -+ */ -+ uint32_t filter; -+ uint32_t subdir_filter; - - /* -- * Filters after sys_watch took responsibility of some bits -+ * Those are inout variables passed to the sys_watcher. The sys_watcher -+ * will remove the bits it can't handle. - */ -- uint32_t internal_filter; -- uint32_t internal_subdir_filter; -+ uint32_t sys_filter; -+ uint32_t sys_subdir_filter; -+ -+ /* The handle for inotify/fam etc. */ -+ void *sys_watch; -+}; -+ -+/* -+ * Representation of a notifyd instance -+ * -+ * This will be stored in the db. -+ */ -+struct notifyd_instance { -+ struct server_id client; -+ struct notify_instance instance; - }; - - /* - * Parse an entry in the notifyd_context->entries database - */ - --bool notifyd_parse_entry( -- uint8_t *buf, -- size_t buflen, -- struct notifyd_instance **instances, -- size_t *num_instances); -+bool notifyd_parse_entry(uint8_t *data, -+ size_t data_len, -+ struct notifyd_watcher *watcher, -+ struct notifyd_instance **instances, -+ size_t *num_instances); - - #endif --- -2.49.0 - - -From 908674e5cef83c2ad9f2073a8fd362007b8a55f4 Mon Sep 17 00:00:00 2001 -From: Jeremy Allison -Date: Wed, 15 Jan 2025 10:21:19 -0800 -Subject: [PATCH 4/5] auth: Add missing talloc_free() in error code path. -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=15782 - -Signed-off-by: Jeremy Allison -Reviewed-by: Guenther Deschner - -Autobuild-User(master): Günther Deschner -Autobuild-Date(master): Thu Jan 16 14:32:39 UTC 2025 on atb-devel-224 - -(cherry picked from commit c514ce8dcadcbbf0d86f3038d2be0f9253a76b75) ---- - auth/kerberos/kerberos_pac.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/auth/kerberos/kerberos_pac.c b/auth/kerberos/kerberos_pac.c -index b6272ac15eb..1f7d3e7ef26 100644 ---- a/auth/kerberos/kerberos_pac.c -+++ b/auth/kerberos/kerberos_pac.c -@@ -360,6 +360,7 @@ NTSTATUS kerberos_decode_pac(TALLOC_CTX *mem_ctx, - if (ret) { - DEBUG(5, ("PAC Decode: Failed to verify the service " - "signature: %s\n", error_message(ret))); -+ talloc_free(tmp_ctx); - return NT_STATUS_ACCESS_DENIED; - } - --- -2.49.0 - - -From 761dbf898d92e00385e3516b487d5c4bdd761f23 Mon Sep 17 00:00:00 2001 -From: Jeremy Allison -Date: Thu, 16 Jan 2025 16:12:31 -0800 -Subject: [PATCH 5/5] auth: Cleanup exit code paths in kerberos_decode_pac(). -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -One more memory leak missed and now fixed. tmp_ctx -must be freed once the pac data is talloc_move'd. - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=15782 - -Signed-off-by: Jeremy Allison -Reviewed-by: Jennifer Sutton -Reviewed-by: Christian Ambach -Reviewed-by: Guenther Deschner - -Autobuild-User(master): Günther Deschner -Autobuild-Date(master): Fri Jan 17 12:01:47 UTC 2025 on atb-devel-224 - -(cherry picked from commit f9eb0b248da0689c82656f3e482161c45749afb6) ---- - auth/kerberos/kerberos_pac.c | 88 ++++++++++++++++++------------------ - 1 file changed, 43 insertions(+), 45 deletions(-) - -diff --git a/auth/kerberos/kerberos_pac.c b/auth/kerberos/kerberos_pac.c -index 1f7d3e7ef26..4c61cfe838f 100644 ---- a/auth/kerberos/kerberos_pac.c -+++ b/auth/kerberos/kerberos_pac.c -@@ -137,7 +137,7 @@ NTSTATUS kerberos_decode_pac(TALLOC_CTX *mem_ctx, - time_t tgs_authtime, - struct PAC_DATA **pac_data_out) - { -- NTSTATUS status; -+ NTSTATUS status = NT_STATUS_NO_MEMORY; - enum ndr_err_code ndr_err; - krb5_error_code ret; - DATA_BLOB modified_pac_blob; -@@ -173,8 +173,8 @@ NTSTATUS kerberos_decode_pac(TALLOC_CTX *mem_ctx, - kdc_sig_wipe = talloc(tmp_ctx, struct PAC_SIGNATURE_DATA); - srv_sig_wipe = talloc(tmp_ctx, struct PAC_SIGNATURE_DATA); - if (!pac_data_raw || !pac_data || !kdc_sig_wipe || !srv_sig_wipe) { -- talloc_free(tmp_ctx); -- return NT_STATUS_NO_MEMORY; -+ status = NT_STATUS_NO_MEMORY; -+ goto out; - } - - ndr_err = ndr_pull_struct_blob(&pac_data_blob, pac_data, pac_data, -@@ -183,15 +183,14 @@ NTSTATUS kerberos_decode_pac(TALLOC_CTX *mem_ctx, - status = ndr_map_error2ntstatus(ndr_err); - DEBUG(0,("can't parse the PAC: %s\n", - nt_errstr(status))); -- talloc_free(tmp_ctx); -- return status; -+ goto out; - } - - if (pac_data->num_buffers < 4) { - /* we need logon_info, service_key and kdc_key */ - DEBUG(0,("less than 4 PAC buffers\n")); -- talloc_free(tmp_ctx); -- return NT_STATUS_INVALID_PARAMETER; -+ status = NT_STATUS_INVALID_PARAMETER; -+ goto out; - } - - ndr_err = ndr_pull_struct_blob( -@@ -201,15 +200,14 @@ NTSTATUS kerberos_decode_pac(TALLOC_CTX *mem_ctx, - status = ndr_map_error2ntstatus(ndr_err); - DEBUG(0,("can't parse the PAC: %s\n", - nt_errstr(status))); -- talloc_free(tmp_ctx); -- return status; -+ goto out; - } - - if (pac_data_raw->num_buffers < 4) { - /* we need logon_info, service_key and kdc_key */ - DEBUG(0,("less than 4 PAC buffers\n")); -- talloc_free(tmp_ctx); -- return NT_STATUS_INVALID_PARAMETER; -+ status = NT_STATUS_INVALID_PARAMETER; -+ goto out; - } - - if (pac_data->num_buffers != pac_data_raw->num_buffers) { -@@ -217,8 +215,8 @@ NTSTATUS kerberos_decode_pac(TALLOC_CTX *mem_ctx, - DEBUG(0, ("misparse! PAC_DATA has %d buffers while " - "PAC_DATA_RAW has %d\n", pac_data->num_buffers, - pac_data_raw->num_buffers)); -- talloc_free(tmp_ctx); -- return NT_STATUS_INVALID_PARAMETER; -+ status = NT_STATUS_INVALID_PARAMETER; -+ goto out; - } - - for (i=0; i < pac_data->num_buffers; i++) { -@@ -229,8 +227,8 @@ NTSTATUS kerberos_decode_pac(TALLOC_CTX *mem_ctx, - DEBUG(0, ("misparse! PAC_DATA buffer %d has type " - "%d while PAC_DATA_RAW has %d\n", i, - data_buf->type, raw_buf->type)); -- talloc_free(tmp_ctx); -- return NT_STATUS_INVALID_PARAMETER; -+ status = NT_STATUS_INVALID_PARAMETER; -+ goto out; - } - switch (data_buf->type) { - case PAC_TYPE_LOGON_INFO: -@@ -263,26 +261,26 @@ NTSTATUS kerberos_decode_pac(TALLOC_CTX *mem_ctx, - - if (!logon_info) { - DEBUG(0,("PAC no logon_info\n")); -- talloc_free(tmp_ctx); -- return NT_STATUS_INVALID_PARAMETER; -+ status = NT_STATUS_INVALID_PARAMETER; -+ goto out; - } - - if (!logon_name) { - DEBUG(0,("PAC no logon_name\n")); -- talloc_free(tmp_ctx); -- return NT_STATUS_INVALID_PARAMETER; -+ status = NT_STATUS_INVALID_PARAMETER; -+ goto out; - } - - if (!srv_sig_ptr || !srv_sig_blob) { - DEBUG(0,("PAC no srv_key\n")); -- talloc_free(tmp_ctx); -- return NT_STATUS_INVALID_PARAMETER; -+ status = NT_STATUS_INVALID_PARAMETER; -+ goto out; - } - - if (!kdc_sig_ptr || !kdc_sig_blob) { - DEBUG(0,("PAC no kdc_key\n")); -- talloc_free(tmp_ctx); -- return NT_STATUS_INVALID_PARAMETER; -+ status = NT_STATUS_INVALID_PARAMETER; -+ goto out; - } - - /* Find and zero out the signatures, -@@ -297,8 +295,7 @@ NTSTATUS kerberos_decode_pac(TALLOC_CTX *mem_ctx, - status = ndr_map_error2ntstatus(ndr_err); - DEBUG(0,("can't parse the KDC signature: %s\n", - nt_errstr(status))); -- talloc_free(tmp_ctx); -- return status; -+ goto out; - } - - ndr_err = ndr_pull_struct_blob( -@@ -308,8 +305,7 @@ NTSTATUS kerberos_decode_pac(TALLOC_CTX *mem_ctx, - status = ndr_map_error2ntstatus(ndr_err); - DEBUG(0,("can't parse the SRV signature: %s\n", - nt_errstr(status))); -- talloc_free(tmp_ctx); -- return status; -+ goto out; - } - - /* Now zero the decoded structure */ -@@ -326,8 +322,7 @@ NTSTATUS kerberos_decode_pac(TALLOC_CTX *mem_ctx, - status = ndr_map_error2ntstatus(ndr_err); - DEBUG(0,("can't repack the KDC signature: %s\n", - nt_errstr(status))); -- talloc_free(tmp_ctx); -- return status; -+ goto out; - } - ndr_err = ndr_push_struct_blob( - srv_sig_blob, pac_data_raw, srv_sig_wipe, -@@ -336,8 +331,7 @@ NTSTATUS kerberos_decode_pac(TALLOC_CTX *mem_ctx, - status = ndr_map_error2ntstatus(ndr_err); - DEBUG(0,("can't repack the SRV signature: %s\n", - nt_errstr(status))); -- talloc_free(tmp_ctx); -- return status; -+ goto out; - } - - /* push out the whole structure, but now with zero'ed signatures */ -@@ -348,8 +342,7 @@ NTSTATUS kerberos_decode_pac(TALLOC_CTX *mem_ctx, - status = ndr_map_error2ntstatus(ndr_err); - DEBUG(0,("can't repack the RAW PAC: %s\n", - nt_errstr(status))); -- talloc_free(tmp_ctx); -- return status; -+ goto out; - } - - if (service_keyblock) { -@@ -360,8 +353,8 @@ NTSTATUS kerberos_decode_pac(TALLOC_CTX *mem_ctx, - if (ret) { - DEBUG(5, ("PAC Decode: Failed to verify the service " - "signature: %s\n", error_message(ret))); -- talloc_free(tmp_ctx); -- return NT_STATUS_ACCESS_DENIED; -+ status = NT_STATUS_ACCESS_DENIED; -+ goto out; - } - - if (krbtgt_keyblock) { -@@ -371,8 +364,8 @@ NTSTATUS kerberos_decode_pac(TALLOC_CTX *mem_ctx, - if (ret) { - DEBUG(1, ("PAC Decode: Failed to verify the KDC signature: %s\n", - smb_get_krb5_error_message(context, ret, tmp_ctx))); -- talloc_free(tmp_ctx); -- return NT_STATUS_ACCESS_DENIED; -+ status = NT_STATUS_ACCESS_DENIED; -+ goto out; - } - } - } -@@ -388,8 +381,8 @@ NTSTATUS kerberos_decode_pac(TALLOC_CTX *mem_ctx, - nt_time_string(tmp_ctx, logon_name->logon_time))); - DEBUG(2, ("PAC Decode: Ticket: %s\n", - nt_time_string(tmp_ctx, tgs_authtime_nttime))); -- talloc_free(tmp_ctx); -- return NT_STATUS_ACCESS_DENIED; -+ status = NT_STATUS_ACCESS_DENIED; -+ goto out; - } - } - -@@ -401,8 +394,8 @@ NTSTATUS kerberos_decode_pac(TALLOC_CTX *mem_ctx, - if (ret) { - DEBUG(2, ("Could not unparse name from ticket to match with name from PAC: [%s]:%s\n", - logon_name->account_name, error_message(ret))); -- talloc_free(tmp_ctx); -- return NT_STATUS_INVALID_PARAMETER; -+ status = NT_STATUS_INVALID_PARAMETER; -+ goto out; - } - - bool_ret = strcmp(client_principal_string, logon_name->account_name) == 0; -@@ -413,8 +406,8 @@ NTSTATUS kerberos_decode_pac(TALLOC_CTX *mem_ctx, - logon_name->account_name, - client_principal_string)); - SAFE_FREE(client_principal_string); -- talloc_free(tmp_ctx); -- return NT_STATUS_ACCESS_DENIED; -+ status = NT_STATUS_ACCESS_DENIED; -+ goto out; - } - SAFE_FREE(client_principal_string); - -@@ -435,10 +428,15 @@ NTSTATUS kerberos_decode_pac(TALLOC_CTX *mem_ctx, - } - - if (pac_data_out) { -- *pac_data_out = talloc_steal(mem_ctx, pac_data); -+ *pac_data_out = talloc_move(mem_ctx, &pac_data); - } - -- return NT_STATUS_OK; -+ status = NT_STATUS_OK; -+ -+ out: -+ -+ TALLOC_FREE(tmp_ctx); -+ return status; - } - - NTSTATUS kerberos_pac_logon_info(TALLOC_CTX *mem_ctx, --- -2.49.0 - diff --git a/SOURCES/redhat-4.21.patch b/SOURCES/redhat-4.21.patch new file mode 100644 index 0000000..f0bbdee --- /dev/null +++ b/SOURCES/redhat-4.21.patch @@ -0,0 +1,6211 @@ +From 9032322cc713e82a316b271bb2fa0a867c69b021 Mon Sep 17 00:00:00 2001 +From: Andreas Schneider +Date: Mon, 22 Jul 2024 12:26:55 +0200 +Subject: [PATCH 01/24] s3:notifyd: Use a watcher per db record +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +This fixes a O(n²) performance regression in notifyd. The problem was +that we had a watcher per notify instance. This changes the code to have +a watcher per notify db entry. + +BUG: https://bugzilla.samba.org/show_bug.cgi?id=14430 + +Signed-off-by: Andreas Schneider +Reviewed-by: Stefan Metzmacher +(cherry picked from commit af011b987a4ad0d3753d83cc0b8d97ad64ba874a) +--- + source3/smbd/notifyd/notifyd.c | 214 ++++++++++++++++++------- + source3/smbd/notifyd/notifyd_db.c | 5 +- + source3/smbd/notifyd/notifyd_entry.c | 51 ++++-- + source3/smbd/notifyd/notifyd_private.h | 46 ++++-- + 4 files changed, 228 insertions(+), 88 deletions(-) + +diff --git a/source3/smbd/notifyd/notifyd.c b/source3/smbd/notifyd/notifyd.c +index 64dd26a7e11..0b07ab3e435 100644 +--- a/source3/smbd/notifyd/notifyd.c ++++ b/source3/smbd/notifyd/notifyd.c +@@ -337,6 +337,7 @@ static bool notifyd_apply_rec_change( + struct messaging_context *msg_ctx) + { + struct db_record *rec = NULL; ++ struct notifyd_watcher watcher = {}; + struct notifyd_instance *instances = NULL; + size_t num_instances; + size_t i; +@@ -344,6 +345,7 @@ static bool notifyd_apply_rec_change( + TDB_DATA value; + NTSTATUS status; + bool ok = false; ++ bool new_watcher = false; + + if (pathlen == 0) { + DBG_WARNING("pathlen==0\n"); +@@ -374,8 +376,12 @@ static bool notifyd_apply_rec_change( + value = dbwrap_record_get_value(rec); + + if (value.dsize != 0) { +- if (!notifyd_parse_entry(value.dptr, value.dsize, NULL, +- &num_instances)) { ++ ok = notifyd_parse_entry(value.dptr, ++ value.dsize, ++ &watcher, ++ NULL, ++ &num_instances); ++ if (!ok) { + goto fail; + } + } +@@ -390,8 +396,22 @@ static bool notifyd_apply_rec_change( + goto fail; + } + +- if (value.dsize != 0) { +- memcpy(instances, value.dptr, value.dsize); ++ if (num_instances > 0) { ++ struct notifyd_instance *tmp = NULL; ++ size_t num_tmp = 0; ++ ++ ok = notifyd_parse_entry(value.dptr, ++ value.dsize, ++ NULL, ++ &tmp, ++ &num_tmp); ++ if (!ok) { ++ goto fail; ++ } ++ ++ memcpy(instances, ++ tmp, ++ sizeof(struct notifyd_instance) * num_tmp); + } + + for (i=0; ifilter, +- .internal_subdir_filter = chg->subdir_filter + }; + + num_instances += 1; + } + +- if ((instance->instance.filter != 0) || +- (instance->instance.subdir_filter != 0)) { +- int ret; ++ /* ++ * Calculate an intersection of the instances filters for the watcher. ++ */ ++ if (instance->instance.filter > 0) { ++ uint32_t filter = instance->instance.filter; ++ ++ if ((watcher.filter & filter) != filter) { ++ watcher.filter |= filter; ++ ++ new_watcher = true; ++ } ++ } ++ ++ /* ++ * Calculate an intersection of the instances subdir_filters for the ++ * watcher. ++ */ ++ if (instance->instance.subdir_filter > 0) { ++ uint32_t subdir_filter = instance->instance.subdir_filter; + +- TALLOC_FREE(instance->sys_watch); ++ if ((watcher.subdir_filter & subdir_filter) != subdir_filter) { ++ watcher.subdir_filter |= subdir_filter; + +- ret = sys_notify_watch(entries, sys_notify_ctx, path, +- &instance->internal_filter, +- &instance->internal_subdir_filter, +- notifyd_sys_callback, msg_ctx, +- &instance->sys_watch); +- if (ret != 0) { +- DBG_WARNING("sys_notify_watch for [%s] returned %s\n", +- path, strerror(errno)); ++ new_watcher = true; + } + } + + if ((instance->instance.filter == 0) && + (instance->instance.subdir_filter == 0)) { ++ uint32_t tmp_filter = 0; ++ uint32_t tmp_subdir_filter = 0; ++ + /* This is a delete request */ +- TALLOC_FREE(instance->sys_watch); + *instance = instances[num_instances-1]; + num_instances -= 1; ++ ++ for (i = 0; i < num_instances; i++) { ++ struct notifyd_instance *tmp = &instances[i]; ++ ++ tmp_filter |= tmp->instance.filter; ++ tmp_subdir_filter |= tmp->instance.subdir_filter; ++ } ++ ++ /* ++ * If the filter has changed, register a new watcher with the ++ * changed filter. ++ */ ++ if (watcher.filter != tmp_filter || ++ watcher.subdir_filter != tmp_subdir_filter) ++ { ++ watcher.filter = tmp_filter; ++ watcher.subdir_filter = tmp_subdir_filter; ++ ++ new_watcher = true; ++ } ++ } ++ ++ if (new_watcher) { ++ /* ++ * In case we removed all notify instances, we want to remove ++ * the watcher. We won't register a new one, if no filters are ++ * set anymore. ++ */ ++ ++ TALLOC_FREE(watcher.sys_watch); ++ ++ watcher.sys_filter = watcher.filter; ++ watcher.sys_subdir_filter = watcher.subdir_filter; ++ ++ /* ++ * Only register a watcher if we have filter. ++ */ ++ if (watcher.filter != 0 || watcher.subdir_filter != 0) { ++ int ret = sys_notify_watch(entries, ++ sys_notify_ctx, ++ path, ++ &watcher.sys_filter, ++ &watcher.sys_subdir_filter, ++ notifyd_sys_callback, ++ msg_ctx, ++ &watcher.sys_watch); ++ if (ret != 0) { ++ DBG_WARNING("sys_notify_watch for [%s] " ++ "returned %s\n", ++ path, ++ strerror(errno)); ++ } ++ } + } + + DBG_DEBUG("%s has %zu instances\n", path, num_instances); + + if (num_instances == 0) { ++ TALLOC_FREE(watcher.sys_watch); ++ + status = dbwrap_record_delete(rec); + if (!NT_STATUS_IS_OK(status)) { + DBG_WARNING("dbwrap_record_delete returned %s\n", +@@ -456,13 +541,21 @@ static bool notifyd_apply_rec_change( + goto fail; + } + } else { +- value = make_tdb_data( +- (uint8_t *)instances, +- sizeof(struct notifyd_instance) * num_instances); ++ struct TDB_DATA iov[2] = { ++ { ++ .dptr = (uint8_t *)&watcher, ++ .dsize = sizeof(struct notifyd_watcher), ++ }, ++ { ++ .dptr = (uint8_t *)instances, ++ .dsize = sizeof(struct notifyd_instance) * ++ num_instances, ++ }, ++ }; + +- status = dbwrap_record_store(rec, value, 0); ++ status = dbwrap_record_storev(rec, iov, ARRAY_SIZE(iov), 0); + if (!NT_STATUS_IS_OK(status)) { +- DBG_WARNING("dbwrap_record_store returned %s\n", ++ DBG_WARNING("dbwrap_record_storev returned %s\n", + nt_errstr(status)); + goto fail; + } +@@ -706,12 +799,18 @@ static void notifyd_trigger_parser(TDB_DATA key, TDB_DATA data, + .when = tstate->msg->when }; + struct iovec iov[2]; + size_t path_len = key.dsize; ++ struct notifyd_watcher watcher = {}; + struct notifyd_instance *instances = NULL; + size_t num_instances = 0; + size_t i; ++ bool ok; + +- if (!notifyd_parse_entry(data.dptr, data.dsize, &instances, +- &num_instances)) { ++ ok = notifyd_parse_entry(data.dptr, ++ data.dsize, ++ &watcher, ++ &instances, ++ &num_instances); ++ if (!ok) { + DBG_DEBUG("Could not parse notifyd_entry\n"); + return; + } +@@ -734,9 +833,11 @@ static void notifyd_trigger_parser(TDB_DATA key, TDB_DATA data, + + if (tstate->covered_by_sys_notify) { + if (tstate->recursive) { +- i_filter = instance->internal_subdir_filter; ++ i_filter = watcher.sys_subdir_filter & ++ instance->instance.subdir_filter; + } else { +- i_filter = instance->internal_filter; ++ i_filter = watcher.sys_filter & ++ instance->instance.filter; + } + } else { + if (tstate->recursive) { +@@ -1146,46 +1247,39 @@ static int notifyd_add_proxy_syswatches(struct db_record *rec, + struct db_context *db = dbwrap_record_get_db(rec); + TDB_DATA key = dbwrap_record_get_key(rec); + TDB_DATA value = dbwrap_record_get_value(rec); +- struct notifyd_instance *instances = NULL; +- size_t num_instances = 0; +- size_t i; ++ struct notifyd_watcher watcher = {}; + char path[key.dsize+1]; + bool ok; ++ int ret; + + memcpy(path, key.dptr, key.dsize); + path[key.dsize] = '\0'; + +- ok = notifyd_parse_entry(value.dptr, value.dsize, &instances, +- &num_instances); ++ /* This is a remote database, we just need the watcher. */ ++ ok = notifyd_parse_entry(value.dptr, value.dsize, &watcher, NULL, NULL); + if (!ok) { + DBG_WARNING("Could not parse notifyd entry for %s\n", path); + return 0; + } + +- for (i=0; iinstance.filter; +- uint32_t subdir_filter = instance->instance.subdir_filter; +- int ret; ++ watcher.sys_watch = NULL; ++ watcher.sys_filter = watcher.filter; ++ watcher.sys_subdir_filter = watcher.subdir_filter; + +- /* +- * This is a remote database. Pointers that we were +- * given don't make sense locally. Initialize to NULL +- * in case sys_notify_watch fails. +- */ +- instances[i].sys_watch = NULL; +- +- ret = state->sys_notify_watch( +- db, state->sys_notify_ctx, path, +- &filter, &subdir_filter, +- notifyd_sys_callback, state->msg_ctx, +- &instance->sys_watch); +- if (ret != 0) { +- DBG_WARNING("inotify_watch returned %s\n", +- strerror(errno)); +- } ++ ret = state->sys_notify_watch(db, ++ state->sys_notify_ctx, ++ path, ++ &watcher.filter, ++ &watcher.subdir_filter, ++ notifyd_sys_callback, ++ state->msg_ctx, ++ &watcher.sys_watch); ++ if (ret != 0) { ++ DBG_WARNING("inotify_watch returned %s\n", strerror(errno)); + } + ++ memcpy(value.dptr, &watcher, sizeof(struct notifyd_watcher)); ++ + return 0; + } + +@@ -1193,21 +1287,17 @@ static int notifyd_db_del_syswatches(struct db_record *rec, void *private_data) + { + TDB_DATA key = dbwrap_record_get_key(rec); + TDB_DATA value = dbwrap_record_get_value(rec); +- struct notifyd_instance *instances = NULL; +- size_t num_instances = 0; +- size_t i; ++ struct notifyd_watcher watcher = {}; + bool ok; + +- ok = notifyd_parse_entry(value.dptr, value.dsize, &instances, +- &num_instances); ++ ok = notifyd_parse_entry(value.dptr, value.dsize, &watcher, NULL, NULL); + if (!ok) { + DBG_WARNING("Could not parse notifyd entry for %.*s\n", + (int)key.dsize, (char *)key.dptr); + return 0; + } +- for (i=0; ientries database + */ + +-bool notifyd_parse_entry( +- uint8_t *buf, +- size_t buflen, +- struct notifyd_instance **instances, +- size_t *num_instances) ++/** ++ * @brief Parse a notifyd database entry. ++ * ++ * The memory we pass down needs to be aligned. If it isn't aligned we can run ++ * into obscure errors as we just point into the data buffer. ++ * ++ * @param data The data to parse ++ * @param data_len The length of the data to parse ++ * @param watcher A pointer to store the watcher data or NULL. ++ * @param instances A pointer to store the array of notify instances or NULL. ++ * @param pnum_instances The number of elements in the array. If you just want ++ * the number of elements pass NULL for the watcher and instances pointers. ++ * ++ * @return true on success, false if an error occurred. ++ */ ++bool notifyd_parse_entry(uint8_t *data, ++ size_t data_len, ++ struct notifyd_watcher *watcher, ++ struct notifyd_instance **instances, ++ size_t *pnum_instances) + { +- if ((buflen % sizeof(struct notifyd_instance)) != 0) { +- DBG_WARNING("invalid buffer size: %zu\n", buflen); ++ size_t ilen; ++ ++ if (data_len < sizeof(struct notifyd_watcher)) { + return false; + } + +- if (instances != NULL) { +- *instances = (struct notifyd_instance *)buf; ++ if (watcher != NULL) { ++ *watcher = *((struct notifyd_watcher *)(uintptr_t)data); + } +- if (num_instances != NULL) { +- *num_instances = buflen / sizeof(struct notifyd_instance); ++ ++ ilen = data_len - sizeof(struct notifyd_watcher); ++ if ((ilen % sizeof(struct notifyd_instance)) != 0) { ++ return false; ++ } ++ ++ if (pnum_instances != NULL) { ++ *pnum_instances = ilen / sizeof(struct notifyd_instance); + } ++ if (instances != NULL) { ++ /* The (uintptr_t) cast removes a warning from -Wcast-align. */ ++ *instances = ++ (struct notifyd_instance *)(uintptr_t) ++ (data + sizeof(struct notifyd_watcher)); ++ } ++ + return true; + } +diff --git a/source3/smbd/notifyd/notifyd_private.h b/source3/smbd/notifyd/notifyd_private.h +index 36c08f47c54..db8e6e1c005 100644 +--- a/source3/smbd/notifyd/notifyd_private.h ++++ b/source3/smbd/notifyd/notifyd_private.h +@@ -20,30 +20,48 @@ + #include "lib/util/server_id.h" + #include "notifyd.h" + ++ + /* +- * notifyd's representation of a notify instance ++ * Representation of a watcher for a path ++ * ++ * This will be stored in the db. + */ +-struct notifyd_instance { +- struct server_id client; +- struct notify_instance instance; +- +- void *sys_watch; /* inotify/fam/etc handle */ ++struct notifyd_watcher { ++ /* ++ * This is an intersections of the filter the watcher is listening for. ++ */ ++ uint32_t filter; ++ uint32_t subdir_filter; + + /* +- * Filters after sys_watch took responsibility of some bits ++ * Those are inout variables passed to the sys_watcher. The sys_watcher ++ * will remove the bits it can't handle. + */ +- uint32_t internal_filter; +- uint32_t internal_subdir_filter; ++ uint32_t sys_filter; ++ uint32_t sys_subdir_filter; ++ ++ /* The handle for inotify/fam etc. */ ++ void *sys_watch; ++}; ++ ++/* ++ * Representation of a notifyd instance ++ * ++ * This will be stored in the db. ++ */ ++struct notifyd_instance { ++ struct server_id client; ++ struct notify_instance instance; + }; + + /* + * Parse an entry in the notifyd_context->entries database + */ + +-bool notifyd_parse_entry( +- uint8_t *buf, +- size_t buflen, +- struct notifyd_instance **instances, +- size_t *num_instances); ++bool notifyd_parse_entry(uint8_t *data, ++ size_t data_len, ++ struct notifyd_watcher *watcher, ++ struct notifyd_instance **instances, ++ size_t *num_instances); + + #endif +-- +2.49.0 + + +From da6309049eb21ec5cd6bdf7942203960adbc37c0 Mon Sep 17 00:00:00 2001 +From: Douglas Bagnall +Date: Thu, 5 Dec 2024 16:35:51 +1300 +Subject: [PATCH 02/24] util: add a crypt wrapper, derived from + dsdb:password_hash + +This is going to be used by the dsdb password_hash module, and exposed +to Python via pyglue. + +We're doing this because Python 3.13 has dropped crypt from the Python +standard library. + +BUG: https://bugzilla.samba.org/show_bug.cgi?id=15756 + +Reviewed-by: Andreas Schneider +(cherry picked from commit 93bc860e8f344a96d0496edbc5d463f2c5411fcd) +--- + lib/util/util_crypt.c | 90 ++++++++++++++++++++++++++++++++++++++++++ + lib/util/util_crypt.h | 5 +++ + lib/util/wscript_build | 6 +++ + 3 files changed, 101 insertions(+) + create mode 100644 lib/util/util_crypt.c + create mode 100644 lib/util/util_crypt.h + +diff --git a/lib/util/util_crypt.c b/lib/util/util_crypt.c +new file mode 100644 +index 00000000000..0f7b2d0fd31 +--- /dev/null ++++ b/lib/util/util_crypt.c +@@ -0,0 +1,90 @@ ++#include ++#include "data_blob.h" ++#include ++#include ++#include "util_crypt.h" ++ ++ ++static int crypt_as_best_we_can(const char *phrase, ++ const char *setting, ++ const char **hashp) ++{ ++ int ret = 0; ++ const char *hash = NULL; ++ ++#if defined(HAVE_CRYPT_R) || defined(HAVE_CRYPT_RN) ++ struct crypt_data crypt_data = { ++ .initialized = 0 /* working storage used by crypt */ ++ }; ++#endif ++ ++ /* ++ * crypt_r() and crypt() may return a null pointer upon error ++ * depending on how libcrypt was configured, so we prefer ++ * crypt_rn() from libcrypt / libxcrypt which always returns ++ * NULL on error. ++ * ++ * POSIX specifies returning a null pointer and setting ++ * errno. ++ * ++ * RHEL 7 (which does not use libcrypt / libxcrypt) returns a ++ * non-NULL pointer from crypt_r() on success but (always?) ++ * sets errno during internal processing in the NSS crypto ++ * subsystem. ++ * ++ * By preferring crypt_rn we avoid the 'return non-NULL but ++ * set-errno' that we otherwise cannot tell apart from the ++ * RHEL 7 behaviour. ++ */ ++ errno = 0; ++ ++#ifdef HAVE_CRYPT_RN ++ hash = crypt_rn(phrase, setting, ++ &crypt_data, ++ sizeof(crypt_data)); ++#elif HAVE_CRYPT_R ++ hash = crypt_r(phrase, setting, &crypt_data); ++#else ++ /* ++ * No crypt_r falling back to crypt, which is NOT thread safe ++ * Thread safety MT-Unsafe race:crypt ++ */ ++ hash = crypt(phrase, setting); ++#endif ++ /* ++ * On error, crypt() and crypt_r() may return a null pointer, ++ * or a pointer to an invalid hash beginning with a '*'. ++ */ ++ ret = errno; ++ errno = 0; ++ if (hash == NULL || hash[0] == '*') { ++ if (ret == 0) { ++ /* this is annoying */ ++ ret = ENOTRECOVERABLE; ++ } ++ } ++ ++ *hashp = hash; ++ return ret; ++} ++ ++ ++int talloc_crypt_blob(TALLOC_CTX *mem_ctx, ++ const char *phrase, ++ const char *setting, ++ DATA_BLOB *blob) ++{ ++ const char *hash = NULL; ++ int ret = crypt_as_best_we_can(phrase, setting, &hash); ++ if (ret != 0) { ++ blob->data = NULL; ++ blob->length = 0; ++ return ret; ++ } ++ blob->length = strlen(hash); ++ blob->data = talloc_memdup(mem_ctx, hash, blob->length); ++ if (blob->data == NULL) { ++ return ENOMEM; ++ } ++ return 0; ++} +diff --git a/lib/util/util_crypt.h b/lib/util/util_crypt.h +new file mode 100644 +index 00000000000..8c289e489e8 +--- /dev/null ++++ b/lib/util/util_crypt.h +@@ -0,0 +1,5 @@ ++ ++int talloc_crypt_blob(TALLOC_CTX *mem_ctx, ++ const char *phrase, ++ const char *cmd, ++ DATA_BLOB *blob); +diff --git a/lib/util/wscript_build b/lib/util/wscript_build +index b4fcfeaba07..7de9c0b7b17 100644 +--- a/lib/util/wscript_build ++++ b/lib/util/wscript_build +@@ -253,6 +253,12 @@ else: + private_library=True, + local_include=False) + ++ bld.SAMBA_LIBRARY('util_crypt', ++ source='util_crypt.c', ++ deps='talloc crypt', ++ private_library=True, ++ local_include=False) ++ + + bld.SAMBA_SUBSYSTEM('UNIX_PRIVS', + source='unix_privs.c', +-- +2.49.0 + + +From 334093563640f232bb337675417f1e8a410987de Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Pavel=20Filipensk=C3=BD?= +Date: Mon, 20 Jan 2025 16:00:51 +0100 +Subject: [PATCH 03/24] s3: Add new keytab specifiers +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +BUG: https://bugzilla.samba.org/show_bug.cgi?id=15759 + +Signed-off-by: Pavel Filipenský +Reviewed-by: Andreas Schneider +Reviewed-by: Alexander Bokovoy +(cherry picked from commit 15e191736d3eaba83b2fb4b901e1df2214526b64) +--- + selftest/target/Samba3.pm | 3 +- + source3/libads/kerberos_keytab.c | 631 +++++++++++++-------- + source3/script/tests/test_update_keytab.sh | 449 +++++++++++---- + 3 files changed, 730 insertions(+), 353 deletions(-) + +diff --git a/selftest/target/Samba3.pm b/selftest/target/Samba3.pm +index 17343e63e52..cc4498ff36e 100755 +--- a/selftest/target/Samba3.pm ++++ b/selftest/target/Samba3.pm +@@ -807,7 +807,8 @@ sub provision_ad_member + \"$prefix_abs/keytab2:spn_prefixes=imap,smtp:additional_dns_hostnames:netbios_aliases:machine_password:sync_etypes\", \\ + \"$prefix_abs/keytab2k:spn_prefixes=imap,smtp:additional_dns_hostnames:sync_kvno:machine_password:sync_etypes\", \\ + \"$prefix_abs/keytab3:spns=wurst/brot\@$dcvars->{REALM}:machine_password:sync_etypes\", \\ +- \"$prefix_abs/keytab3k:spns=wurst/brot\@$dcvars->{REALM},wurst1/brot\@$dcvars->{REALM},wurst2/brot\@$dcvars->{REALM}:sync_kvno:machine_password:sync_etypes\" ++ \"$prefix_abs/keytab3k:spns=wurst/brot\@$dcvars->{REALM},wurst1/brot\@$dcvars->{REALM},wurst2/brot\@$dcvars->{REALM}:sync_kvno:machine_password:sync_etypes\", \\ ++ \"$prefix_abs/keytab4k:account_name:sync_account_name:spn_prefixes=imap,smtp:additional_dns_hostnames:netbios_aliases:spns=wurst/brot\@$dcvars->{REALM},wurst1/brot\@$dcvars->{REALM},wurst2/brot\@$dcvars->{REALM}:sync_kvno:machine_password:sync_etypes\" + "; + } + +diff --git a/source3/libads/kerberos_keytab.c b/source3/libads/kerberos_keytab.c +index dbf8af44c1f..619a7bda0d4 100644 +--- a/source3/libads/kerberos_keytab.c ++++ b/source3/libads/kerberos_keytab.c +@@ -30,6 +30,7 @@ + #include "ads.h" + #include "secrets.h" + #include "librpc/gen_ndr/ndr_secrets.h" ++#include "lib/util/string_wrappers.h" + + #ifdef HAVE_KRB5 + +@@ -41,44 +42,59 @@ + #endif + + enum spn_spec_type { +- SPN_SPEC_DEFAULT, +- SPN_SPEC_SYNC, ++ SPN_SPEC_ACCOUNT_NAME, ++ SPN_SPEC_SYNC_ACCOUNT_NAME, ++ SPN_SPEC_HOST, ++ SPN_SPEC_SYNC_UPN, ++ SPN_SPEC_SYNC_SPNS, + SPN_SPEC_FULL, +- SPN_SPEC_PREFIX ++ SPN_SPEC_PREFIX, ++ SPN_SPEC_MAX + }; + +-/* pw2kt_conf contains 1 parsed line from "sync machine password to keytab" */ +-struct pw2kt_conf { +- enum spn_spec_type spn_spec; ++/* Specifier */ ++struct pw2kt_specifier { ++ bool is_set; ++ char **spn_spec_vals; /* Array of full SPNs or prefixes */ ++}; ++ ++/* Descriptor contains 1 parsed line from "sync machine password to keytab" */ ++struct pw2kt_keytab_desc { + char *keytab; + bool sync_etypes; + bool sync_kvno; + bool additional_dns_hostnames; + bool netbios_aliases; + bool machine_password; +- char **spn_spec_array; +- size_t num_spn_spec; ++ struct pw2kt_specifier spec_array[SPN_SPEC_MAX]; + }; + +-/* State used by pw2kt */ +-struct pw2kt_state { ++/* Global state - stores initial data */ ++struct pw2kt_global_state { + /* Array of parsed lines from "sync machine password to keytab" */ +- struct pw2kt_conf *keytabs; +- size_t num_keytabs; ++ struct pw2kt_keytab_desc *keytabs; ++ /* Accumulated configuration from all keytabs */ + bool sync_etypes; + bool sync_kvno; + bool sync_spns; ++ bool sync_upn; ++ bool sync_sam_account; + /* These are from DC */ + krb5_kvno ad_kvno; + uint32_t ad_etypes; ++ char *ad_upn; ++ char *ad_sam_account; + char **ad_spn_array; + size_t ad_num_spns; + /* This is from secrets.db */ + struct secrets_domain_info1 *info; + }; + +-/* State used by pw2kt_process_keytab */ +-struct pw2kt_process_state { ++/* ++ * Manages krb5lib data created during processing of 'global state'. ++ * One instance per keytab. ++ */ ++struct pw2kt_keytab_state { + krb5_keytab keytab; + krb5_context context; + krb5_keytab_entry *array1; +@@ -88,151 +104,206 @@ struct pw2kt_process_state { + krb5_enctype preferred_etype; + }; + +-static ADS_STATUS pw2kt_scan_add_spn(TALLOC_CTX *ctx, +- const char *spn, +- struct pw2kt_conf *conf) ++static ADS_STATUS pw2kt_add_val(TALLOC_CTX *ctx, ++ struct pw2kt_specifier *spec, ++ const char *spn_val) + { +- conf->spn_spec_array = talloc_realloc(ctx, +- conf->spn_spec_array, +- char *, +- conf->num_spn_spec + 1); +- if (conf->spn_spec_array == NULL) { ++ size_t len = talloc_array_length(spec->spn_spec_vals); ++ spec->spn_spec_vals = talloc_realloc(ctx, ++ spec->spn_spec_vals, ++ char *, ++ len + 1); ++ if (spec->spn_spec_vals == NULL) { + return ADS_ERROR_NT(NT_STATUS_NO_MEMORY); + } +- conf->spn_spec_array[conf->num_spn_spec] = talloc_strdup( +- conf->spn_spec_array, spn); +- if (conf->spn_spec_array[conf->num_spn_spec] == NULL) { ++ spec->spn_spec_vals[len] = talloc_strdup(spec->spn_spec_vals, spn_val); ++ if (spec->spn_spec_vals[len] == NULL) { + return ADS_ERROR_NT(NT_STATUS_NO_MEMORY); + } +- conf->num_spn_spec++; + + return ADS_SUCCESS; + } + ++static ADS_STATUS pw2kt_scan_spec(TALLOC_CTX *ctx, ++ struct pw2kt_global_state *gstate, ++ struct pw2kt_keytab_desc *desc, ++ const char *option) ++{ ++ enum spn_spec_type spec_type; ++ struct pw2kt_specifier *spec; ++ char *vals = NULL; ++ char *tmp = NULL; ++ ADS_STATUS status; ++ ++ /* First check for options sync_kvno, sync_etypes, ... */ ++ if (strequal(option, "sync_kvno")) { ++ desc->sync_kvno = gstate->sync_kvno = true; ++ return ADS_SUCCESS; ++ } else if (strequal(option, "sync_etypes")) { ++ desc->sync_etypes = gstate->sync_etypes = true; ++ return ADS_SUCCESS; ++ } else if (strequal(option, "additional_dns_hostnames")) { ++ desc->additional_dns_hostnames = true; ++ return ADS_SUCCESS; ++ } else if (strequal(option, "netbios_aliases")) { ++ desc->netbios_aliases = true; ++ return ADS_SUCCESS; ++ } else if (strequal(option, "machine_password")) { ++ desc->machine_password = true; ++ return ADS_SUCCESS; ++ } ++ ++ vals = strchr_m(option, '='); ++ if (vals != NULL) { ++ *vals = 0; ++ vals++; ++ } ++ ++ if (strequal(option, "account_name")) { ++ spec_type = SPN_SPEC_ACCOUNT_NAME; ++ } else if (strequal(option, "sync_account_name")) { ++ spec_type = SPN_SPEC_SYNC_ACCOUNT_NAME; ++ gstate->sync_sam_account = true; ++ } else if (strequal(option, "host")) { ++ spec_type = SPN_SPEC_HOST; ++ } else if (strequal(option, "sync_upn")) { ++ spec_type = SPN_SPEC_SYNC_UPN; ++ gstate->sync_upn = true; ++ } else if (strequal(option, "sync_spns")) { ++ spec_type = SPN_SPEC_SYNC_SPNS; ++ gstate->sync_spns = true; ++ } else if (strequal(option, "spns")) { ++ spec_type = SPN_SPEC_FULL; ++ } else if (strequal(option, "spn_prefixes")) { ++ spec_type = SPN_SPEC_PREFIX; ++ } else { ++ DBG_ERR("Invalid option: '%s'\n", option); ++ return ADS_ERROR_NT(NT_STATUS_INVALID_PARAMETER); ++ } ++ ++ desc->spec_array[spec_type].is_set = true; ++ if (spec_type != SPN_SPEC_PREFIX && spec_type != SPN_SPEC_FULL) { ++ return ADS_SUCCESS; ++ } ++ if (vals == NULL) { ++ DBG_ERR("SPN specifier: %s is missing '='\n", option); ++ return ADS_ERROR_NT(NT_STATUS_INVALID_PARAMETER); ++ } ++ spec = &desc->spec_array[spec_type]; ++ ++ /* Entries are separated via ',' */ ++ while ((tmp = strchr_m(vals, ',')) != NULL) { ++ *tmp = 0; ++ tmp++; ++ status = pw2kt_add_val(ctx, spec, vals); ++ if (!ADS_ERR_OK(status)) { ++ return status; ++ } ++ vals = tmp; ++ if (*vals == 0) { ++ DBG_ERR("Invalid syntax (trailing ','): %s\n", option); ++ return ADS_ERROR_NT(NT_STATUS_INVALID_PARAMETER); ++ } ++ } ++ /* Process the last entry */ ++ return pw2kt_add_val(ctx, spec, vals); ++} ++ + /* + * Parse the smb.conf and find out if it is needed to read from DC: +- * - servicePrincipalNames ++ * - servicePrincipalName + * - msDs-KeyVersionNumber ++ * - userPrincipalName ++ * - sAMAccountName ++ * ++ * Example of a line: ++ * /etc/krb5/krb5.keytab:account_name:snps=s1@REALM.COM,spn2@REALM.ORG:host:sync_kvno:machine_password + */ +-static ADS_STATUS pw2kt_scan_line(const char *line, struct pw2kt_state *state) ++static ADS_STATUS pw2kt_scan_line(const char *line, ++ struct pw2kt_global_state *gstate) + { +- char *keytabname = NULL; +- char *spn_spec = NULL; +- char *spn_val = NULL; +- char *option = NULL; +- struct pw2kt_conf *conf = NULL; ++ char *tmp = NULL; ++ char *olist = NULL; ++ struct pw2kt_keytab_desc *desc = NULL; + ADS_STATUS status; ++ size_t num_keytabs = talloc_array_length(gstate->keytabs); + +- state->keytabs = talloc_realloc(state, +- state->keytabs, +- struct pw2kt_conf, +- state->num_keytabs + 1); +- if (state->keytabs == NULL) { ++ gstate->keytabs = talloc_realloc(gstate, ++ gstate->keytabs, ++ struct pw2kt_keytab_desc, ++ num_keytabs + 1); ++ if (gstate->keytabs == NULL) { + return ADS_ERROR_NT(NT_STATUS_NO_MEMORY); + } +- conf = &state->keytabs[state->num_keytabs]; +- state->num_keytabs++; ++ desc = &gstate->keytabs[num_keytabs]; ++ ZERO_STRUCT(*desc); + +- keytabname = talloc_strdup(state->keytabs, line); +- if (keytabname == NULL) { ++ desc->keytab = talloc_strdup(gstate->keytabs, line); ++ if (desc->keytab == NULL) { + return ADS_ERROR_NT(NT_STATUS_NO_MEMORY); + } + +- ZERO_STRUCT(*conf); +- conf->keytab = keytabname; +- spn_spec = strchr_m(keytabname, ':'); +- if (spn_spec == NULL) { +- DBG_ERR("Invalid format! ':' expected in '%s'\n", keytabname); ++ olist = strchr_m(desc->keytab, ':'); ++ if (olist == NULL) { ++ DBG_ERR("Invalid format! ':' expected in '%s'\n", line); + return ADS_ERROR_NT(NT_STATUS_INVALID_PARAMETER); + } +- *spn_spec++ = 0; +- +- /* reverse match with strrchr_m() */ +- while ((option = strrchr_m(spn_spec, ':')) != NULL) { +- *option++ = 0; +- if (strequal(option, "sync_kvno")) { +- conf->sync_kvno = state->sync_kvno = true; +- } else if (strequal(option, "sync_etypes")) { +- conf->sync_etypes = state->sync_etypes = true; +- } else if (strequal(option, "additional_dns_hostnames")) { +- conf->additional_dns_hostnames = true; +- } else if (strequal(option, "netbios_aliases")) { +- conf->netbios_aliases = true; +- } else if (strequal(option, "machine_password")) { +- conf->machine_password = true; +- } else { +- DBG_WARNING("Unknown option '%s'!\n", option); +- return ADS_ERROR_NT(NT_STATUS_INVALID_PARAMETER); +- } +- } ++ *olist = 0; ++ olist++; + +- spn_val = strchr_m(spn_spec, '='); +- if (spn_val != NULL) { +- *spn_val++ = 0; +- } ++ /* Always add 'host' principal */ ++ desc->spec_array[SPN_SPEC_HOST].is_set = true; + +- if (strcmp(spn_spec, "account_name") == 0) { +- conf->spn_spec = SPN_SPEC_DEFAULT; +- } else if (strcmp(spn_spec, "sync_spns") == 0) { +- conf->spn_spec = SPN_SPEC_SYNC; +- state->sync_spns = true; +- } else if (strcmp(spn_spec, "spns") == 0 || +- strcmp(spn_spec, "spn_prefixes") == 0) +- { +- char *spn = NULL, *tmp = NULL; +- +- conf->spn_spec = strcmp(spn_spec, "spns") == 0 +- ? SPN_SPEC_FULL +- : SPN_SPEC_PREFIX; +- conf->num_spn_spec = 0; +- spn = spn_val; +- while ((tmp = strchr_m(spn, ',')) != NULL) { +- *tmp++ = 0; +- status = pw2kt_scan_add_spn(state->keytabs, spn, conf); +- if (!ADS_ERR_OK(status)) { +- return status; +- } +- spn = tmp; ++ /* Entries are separated via ':' */ ++ while ((tmp = strchr_m(olist, ':')) != NULL) { ++ *tmp = 0; ++ tmp++; ++ status = pw2kt_scan_spec(gstate->keytabs, gstate, desc, olist); ++ if (!ADS_ERR_OK(status)) { ++ return status; ++ } ++ olist = tmp; ++ if (*olist == 0) { ++ DBG_ERR("Invalid syntax (trailing ':'): %s\n", line); ++ return ADS_ERROR_NT(NT_STATUS_INVALID_PARAMETER); + } +- /* Do not forget the last entry */ +- return pw2kt_scan_add_spn(state->keytabs, spn, conf); +- } else { +- DBG_WARNING("Invalid SPN specifier: %s\n", spn_spec); +- return ADS_ERROR_NT(NT_STATUS_INVALID_PARAMETER); + } +- +- return ADS_SUCCESS; ++ /* Process the last entry */ ++ return pw2kt_scan_spec(gstate->keytabs, gstate, desc, olist); + } + + /* +- * Fill struct pw2kt_state with defaults if "sync machine password to keytab" +- * is missing in smb.conf ++ * Fill struct pw2kt_global_state with defaults if ++ * "sync machine password to keytab" is missing in smb.conf ++ * Creates 1 keytab with 3 SPN specifiers (sync_spns, account_name, host). + */ +-static ADS_STATUS pw2kt_default_cfg(const char *name, struct pw2kt_state *state) ++static ADS_STATUS pw2kt_default_cfg(const char *name, ++ struct pw2kt_global_state *state) + { + char *keytabname = NULL; +- struct pw2kt_conf *conf = NULL; ++ struct pw2kt_keytab_desc *desc = NULL; + + state->keytabs = talloc_zero_array(state->keytabs, +- struct pw2kt_conf, ++ struct pw2kt_keytab_desc, + 1); + if (state->keytabs == NULL) { + return ADS_ERROR_NT(NT_STATUS_NO_MEMORY); + } +- conf = &state->keytabs[0]; +- state->num_keytabs = 1; ++ desc = &state->keytabs[0]; + + keytabname = talloc_strdup(state->keytabs, name); + if (keytabname == NULL) { + return ADS_ERROR_NT(NT_STATUS_NO_MEMORY); + } +- +- conf->spn_spec = SPN_SPEC_SYNC; +- conf->keytab = keytabname; +- conf->machine_password = true; +- conf->sync_kvno = state->sync_kvno = true; ++ desc->keytab = keytabname; ++ desc->machine_password = true; ++ desc->sync_kvno = state->sync_kvno = true; + state->sync_spns = true; + ++ desc->spec_array[SPN_SPEC_SYNC_SPNS].is_set = true; ++ desc->spec_array[SPN_SPEC_ACCOUNT_NAME].is_set = true; ++ desc->spec_array[SPN_SPEC_HOST].is_set = true; ++ + return ADS_SUCCESS; + } + +@@ -240,7 +311,7 @@ static ADS_STATUS pw2kt_default_cfg(const char *name, struct pw2kt_state *state) + * For the given principal add to the array entries created from all pw->keys[] + */ + static krb5_error_code pw2kt_process_add_pw( +- struct pw2kt_process_state *state2, ++ struct pw2kt_keytab_state *state2, + krb5_principal princ, + krb5_kvno vno, + struct secrets_domain_info1_password *pw) +@@ -287,11 +358,10 @@ static krb5_error_code pw2kt_process_add_pw( + * For the given principal add to the array entries based on password, + * old_password, older_password and next_change->password. + */ +-static krb5_error_code pw2kt_process_add_info( +- struct pw2kt_process_state *state2, +- krb5_kvno kvno, +- const char *princs, +- struct secrets_domain_info1 *info) ++static krb5_error_code pw2kt_process_add_info(struct pw2kt_keytab_state *state2, ++ krb5_kvno kvno, ++ const char *princs, ++ struct secrets_domain_info1 *info) + { + krb5_error_code ret; + krb5_principal princ = NULL; +@@ -336,7 +406,7 @@ static krb5_error_code pw2kt_process_add_info( + return ret; + } + +-static int pw2kt_process_state_destructor(struct pw2kt_process_state *state2) ++static int pw2kt_keytab_state_destructor(struct pw2kt_keytab_state *state2) + { + int i; + size_t len2 = talloc_array_length(state2->array2); +@@ -356,7 +426,7 @@ static int pw2kt_process_state_destructor(struct pw2kt_process_state *state2) + } + + /* Read the whole keytab to krb5_keytab_entry array */ +-static krb5_error_code pw2kt_process_kt2ar(struct pw2kt_process_state *state2) ++static krb5_error_code pw2kt_process_kt2ar(struct pw2kt_keytab_state *state2) + { + krb5_error_code ret = 0, ret2 = 0; + krb5_kt_cursor cursor; +@@ -402,18 +472,173 @@ static krb5_error_code pw2kt_process_kt2ar(struct pw2kt_process_state *state2) + return ret != 0 ? ret : ret2; + } + +-static ADS_STATUS pw2kt_process_keytab(struct pw2kt_state *state, +- struct pw2kt_conf *keytabptr) ++#define ADD_INFO(P) \ ++ ret = pw2kt_process_add_info(state2, kvno, (P), gstate->info); \ ++ if (ret != 0) { \ ++ return ADS_ERROR_KRB5(ret); \ ++ } ++ ++static ADS_STATUS pw2kt_add_prefix(struct pw2kt_global_state *gstate, ++ struct pw2kt_keytab_state *state2, ++ struct pw2kt_keytab_desc *keytabptr, ++ const char *prefix) + { + krb5_error_code ret = 0; +- krb5_kvno kvno = -1; +- size_t i, j, len1 = 0, len2 = 0; ++ krb5_kvno kvno = keytabptr->sync_kvno ? gstate->ad_kvno : -1; + char *princ_s = NULL; + const char **netbios_alias = NULL; + const char **addl_hostnames = NULL; ++ ++ /* Add prefix/dnshostname@REALM */ ++ princ_s = talloc_asprintf(talloc_tos(), ++ "%s/%s@%s", ++ prefix, ++ lp_dns_hostname(), ++ lp_realm()); ++ if (princ_s == NULL) { ++ return ADS_ERROR_KRB5(ENOMEM); ++ } ++ ADD_INFO(princ_s); ++ ++ /* Add prefix/NETBIOSNAME@REALM */ ++ princ_s = talloc_asprintf(talloc_tos(), ++ "%s/%s@%s", ++ prefix, ++ lp_netbios_name(), ++ lp_realm()); ++ if (princ_s == NULL) { ++ return ADS_ERROR_KRB5(ENOMEM); ++ } ++ ADD_INFO(princ_s); ++ ++ if (keytabptr->netbios_aliases) { ++ for (netbios_alias = lp_netbios_aliases(); ++ netbios_alias != NULL && *netbios_alias != NULL; ++ netbios_alias++) ++ { ++ fstring netbios_lower; ++ ++ fstrcpy(netbios_lower, *netbios_alias); ++ if (!strlower_m(netbios_lower)) { ++ return ADS_ERROR_NT( ++ NT_STATUS_INVALID_PARAMETER); ++ } ++ ++ /* Add prefix/NETBIOSALIAS@REALM */ ++ princ_s = talloc_asprintf(talloc_tos(), ++ "%s/%s@%s", ++ prefix, ++ *netbios_alias, ++ lp_realm()); ++ if (princ_s == NULL) { ++ return ADS_ERROR_KRB5(ENOMEM); ++ } ++ ADD_INFO(princ_s); ++ ++ /* Add prefix/netbiosalias.dnsdomain@REALM */ ++ princ_s = talloc_asprintf(talloc_tos(), ++ "%s/%s.%s@%s", ++ prefix, ++ netbios_lower, ++ lp_dnsdomain(), ++ lp_realm()); ++ if (princ_s == NULL) { ++ return ADS_ERROR_KRB5(ENOMEM); ++ } ++ ADD_INFO(princ_s); ++ } ++ } ++ ++ if (keytabptr->additional_dns_hostnames) { ++ for (addl_hostnames = lp_additional_dns_hostnames(); ++ addl_hostnames != NULL && *addl_hostnames != NULL; ++ addl_hostnames++) ++ { ++ /* Add prefix/additionalhostname@REALM */ ++ princ_s = talloc_asprintf(talloc_tos(), ++ "%s/%s@%s", ++ prefix, ++ *addl_hostnames, ++ lp_realm()); ++ if (princ_s == NULL) { ++ return ADS_ERROR_KRB5(ENOMEM); ++ } ++ ADD_INFO(princ_s); ++ } ++ } ++ return ADS_SUCCESS; ++} ++ ++static ADS_STATUS pw2kt_process_specifier(struct pw2kt_global_state *gstate, ++ struct pw2kt_keytab_state *state2, ++ struct pw2kt_keytab_desc *keytabptr, ++ enum spn_spec_type spec_type) ++{ ++ krb5_error_code ret = 0; ++ ADS_STATUS status; ++ krb5_kvno kvno = keytabptr->sync_kvno ? gstate->ad_kvno : -1; ++ struct pw2kt_specifier *spec = &keytabptr->spec_array[spec_type]; ++ size_t i, num_spn_spec_vals; ++ ++ if (!spec->is_set) { ++ return ADS_SUCCESS; ++ } ++ switch (spec_type) { ++ case SPN_SPEC_ACCOUNT_NAME: ++ ADD_INFO(gstate->info->account_name); ++ break; ++ case SPN_SPEC_SYNC_ACCOUNT_NAME: ++ ADD_INFO(gstate->ad_sam_account); ++ break; ++ case SPN_SPEC_HOST: ++ status = pw2kt_add_prefix(gstate, state2, keytabptr, "host"); ++ if (!ADS_ERR_OK(status)) { ++ return status; ++ } ++ break; ++ case SPN_SPEC_SYNC_UPN: ++ if (gstate->ad_upn != NULL) { ++ ADD_INFO(gstate->ad_upn); ++ } ++ break; ++ case SPN_SPEC_SYNC_SPNS: ++ for (i = 0; i < gstate->ad_num_spns; i++) { ++ ADD_INFO(gstate->ad_spn_array[i]); ++ } ++ break; ++ case SPN_SPEC_FULL: ++ num_spn_spec_vals = talloc_array_length(spec->spn_spec_vals); ++ for (i = 0; i < num_spn_spec_vals; i++) { ++ ADD_INFO(spec->spn_spec_vals[i]); ++ } ++ break; ++ case SPN_SPEC_PREFIX: ++ num_spn_spec_vals = talloc_array_length(spec->spn_spec_vals); ++ for (i = 0; i < num_spn_spec_vals; i++) { ++ status = pw2kt_add_prefix(gstate, ++ state2, ++ keytabptr, ++ spec->spn_spec_vals[i]); ++ if (!ADS_ERR_OK(status)) { ++ return status; ++ } ++ } ++ break; ++ default: ++ return ADS_ERROR_NT(NT_STATUS_INVALID_PARAMETER); ++ } ++ return ADS_SUCCESS; ++} ++ ++static ADS_STATUS pw2kt_process_keytab(struct pw2kt_global_state *state, ++ struct pw2kt_keytab_desc *keytabptr) ++{ ++ krb5_error_code ret = 0; ++ size_t i, j, k, len1 = 0, len2 = 0; + size_t *index_array1 = NULL; + size_t *index_array2 = NULL; +- struct pw2kt_process_state *state2 = NULL; ++ struct pw2kt_keytab_state *state2 = NULL; ++ ADS_STATUS status; + + if (!keytabptr->machine_password) { + DBG_ERR("No 'machine_password' option for '%s'. Skip it.\n", +@@ -421,11 +646,11 @@ static ADS_STATUS pw2kt_process_keytab(struct pw2kt_state *state, + return ADS_SUCCESS; + } + +- state2 = talloc_zero(state, struct pw2kt_process_state); ++ state2 = talloc_zero(state, struct pw2kt_keytab_state); + if (state2 == NULL) { + return ADS_ERROR_NT(NT_STATUS_NO_MEMORY); + } +- talloc_set_destructor(state2, pw2kt_process_state_destructor); ++ talloc_set_destructor(state2, pw2kt_keytab_state_destructor); + + ret = smb_krb5_init_context_common(&state2->context); + if (ret != 0) { +@@ -479,100 +704,11 @@ static ADS_STATUS pw2kt_process_keytab(struct pw2kt_state *state, + } + } + +- if (keytabptr->sync_kvno) { +- kvno = state->ad_kvno; +- } +- +-#define ADD_INFO(P) \ +- ret = pw2kt_process_add_info(state2, kvno, (P), state->info); \ +- if (ret != 0) { \ +- return ADS_ERROR_KRB5(ret); \ +- } +- +- /* Add ACCOUNTNAME$ entries */ +- switch (keytabptr->spn_spec) { +- case SPN_SPEC_DEFAULT: +- ADD_INFO(state->info->account_name); +- break; +- case SPN_SPEC_SYNC: +- for (i = 0; i < state->ad_num_spns; i++) { +- ADD_INFO(state->ad_spn_array[i]); +- } +- break; +- case SPN_SPEC_FULL: +- for (i = 0; i < keytabptr->num_spn_spec; i++) { +- ADD_INFO(keytabptr->spn_spec_array[i]); +- } +- break; +- case SPN_SPEC_PREFIX: +- for (i = 0; i < keytabptr->num_spn_spec; i++) { +- princ_s = talloc_asprintf(talloc_tos(), +- "%s/%s@%s", +- keytabptr->spn_spec_array[i], +- lp_netbios_name(), +- lp_realm()); +- if (princ_s == NULL) { +- return ADS_ERROR_KRB5(ENOMEM); +- } +- ADD_INFO(princ_s); +- +- if (!keytabptr->netbios_aliases) { +- goto additional_dns_hostnames; +- } +- for (netbios_alias = lp_netbios_aliases(); +- netbios_alias != NULL && *netbios_alias != NULL; +- netbios_alias++) +- { +- /* Add PREFIX/netbiosname@REALM */ +- princ_s = talloc_asprintf( +- talloc_tos(), +- "%s/%s@%s", +- keytabptr->spn_spec_array[i], +- *netbios_alias, +- lp_realm()); +- if (princ_s == NULL) { +- return ADS_ERROR_KRB5(ENOMEM); +- } +- ADD_INFO(princ_s); +- +- /* Add PREFIX/netbiosname.domainname@REALM */ +- princ_s = talloc_asprintf( +- talloc_tos(), +- "%s/%s.%s@%s", +- keytabptr->spn_spec_array[i], +- *netbios_alias, +- lp_dnsdomain(), +- lp_realm()); +- if (princ_s == NULL) { +- return ADS_ERROR_KRB5(ENOMEM); +- } +- ADD_INFO(princ_s); +- } +- +-additional_dns_hostnames: +- if (!keytabptr->additional_dns_hostnames) { +- continue; +- } +- for (addl_hostnames = lp_additional_dns_hostnames(); +- addl_hostnames != NULL && *addl_hostnames != NULL; +- addl_hostnames++) +- { +- /* Add PREFIX/netbiosname@REALM */ +- princ_s = talloc_asprintf( +- talloc_tos(), +- "%s/%s@%s", +- keytabptr->spn_spec_array[i], +- *addl_hostnames, +- lp_realm()); +- if (princ_s == NULL) { +- return ADS_ERROR_KRB5(ENOMEM); +- } +- ADD_INFO(princ_s); +- } ++ for (k = 0; k < SPN_SPEC_MAX; k++) { ++ status = pw2kt_process_specifier(state, state2, keytabptr, k); ++ if (!ADS_ERR_OK(status)) { ++ return status; + } +- break; +- default: +- return ADS_ERROR_NT(NT_STATUS_INVALID_PARAMETER); + } + + ret = smb_krb5_kt_open(state2->context, +@@ -718,7 +854,7 @@ sync_kvno: + return ADS_ERROR_KRB5(ret); + } + +-static ADS_STATUS pw2kt_get_dc_info(struct pw2kt_state *state) ++static ADS_STATUS pw2kt_get_dc_info(struct pw2kt_global_state *state) + { + ADS_STATUS status; + LDAPMessage *res = NULL; +@@ -762,7 +898,7 @@ static ADS_STATUS pw2kt_get_dc_info(struct pw2kt_state *state) + "msDS-SupportedEncryptionTypes", + &state->ad_etypes); + if (!ok) { +- DBG_WARNING("Failed to determine encryption types.\n"); ++ DBG_ERR("Failed to determine encryption types.\n"); + ads_msgfree(ads, res); + TALLOC_FREE(tmp_ctx); + return ADS_ERROR_NT(NT_STATUS_INTERNAL_ERROR); +@@ -773,7 +909,7 @@ static ADS_STATUS pw2kt_get_dc_info(struct pw2kt_state *state) + uint32_t kvno = -1; + ok = ads_pull_uint32(ads, res, "msDS-KeyVersionNumber", &kvno); + if (!ok) { +- DBG_WARNING("Failed to determine the system's kvno.\n"); ++ DBG_ERR("Failed to determine the system's kvno.\n"); + ads_msgfree(ads, res); + TALLOC_FREE(tmp_ctx); + return ADS_ERROR_NT(NT_STATUS_INTERNAL_ERROR); +@@ -787,8 +923,34 @@ static ADS_STATUS pw2kt_get_dc_info(struct pw2kt_state *state) + res, + "servicePrincipalName", + &state->ad_num_spns); +- if (state->ad_spn_array == NULL) { +- DBG_WARNING("Failed to determine SPNs.\n"); ++ if (state->ad_spn_array == NULL || state->ad_num_spns == 0) { ++ DBG_ERR("Failed to determine servicePrincipalName.\n"); ++ ads_msgfree(ads, res); ++ TALLOC_FREE(tmp_ctx); ++ return ADS_ERROR_NT(NT_STATUS_INTERNAL_ERROR); ++ } ++ } ++ ++ if (state->sync_upn) { ++ state->ad_upn = ads_pull_string(ads, ++ state, ++ res, ++ "userPrincipalName"); ++ if (state->ad_upn == NULL) { ++ DBG_ERR("Failed to determine userPrincipalName.\n"); ++ ads_msgfree(ads, res); ++ TALLOC_FREE(tmp_ctx); ++ return ADS_ERROR_NT(NT_STATUS_INTERNAL_ERROR); ++ } ++ } ++ ++ if (state->sync_sam_account) { ++ state->ad_sam_account = ads_pull_string(ads, ++ state, ++ res, ++ "sAMAccountName"); ++ if (state->ad_sam_account == NULL) { ++ DBG_ERR("Failed to determine sAMAccountName.\n"); + ads_msgfree(ads, res); + TALLOC_FREE(tmp_ctx); + return ADS_ERROR_NT(NT_STATUS_INTERNAL_ERROR); +@@ -864,13 +1026,14 @@ NTSTATUS sync_pw2keytabs(void) + TALLOC_CTX *frame = talloc_stackframe(); + const struct loadparm_substitution *lp_sub = + loadparm_s3_global_substitution(); +- struct pw2kt_state *state = NULL; ++ struct pw2kt_global_state *state = NULL; + const char **line = NULL; + const char **lp_ptr = NULL; + const char *pwsync_script = NULL; + NTSTATUS status_nt; + ADS_STATUS status_ads; + int i; ++ size_t num_keytabs; + + DBG_DEBUG("Syncing machine password from secrets to keytabs.\n"); + +@@ -879,7 +1042,7 @@ NTSTATUS sync_pw2keytabs(void) + return NT_STATUS_OK; /* nothing todo */ + } + +- state = talloc_zero(frame, struct pw2kt_state); ++ state = talloc_zero(frame, struct pw2kt_global_state); + if (state == NULL) { + TALLOC_FREE(frame); + return NT_STATUS_NO_MEMORY; +@@ -921,7 +1084,9 @@ NTSTATUS sync_pw2keytabs(void) + } + + params_ready: +- if (state->sync_etypes || state->sync_kvno || state->sync_spns) { ++ if (state->sync_etypes || state->sync_kvno || state->sync_spns || ++ state->sync_upn || state->sync_sam_account) ++ { + status_ads = pw2kt_get_dc_info(state); + if (!ADS_ERR_OK(status_ads)) { + DBG_WARNING("cannot read from DC\n"); +@@ -929,9 +1094,10 @@ params_ready: + return NT_STATUS_INTERNAL_ERROR; + } + } else { +- DBG_DEBUG("No 'sync_etypes', 'sync_kvno' and 'sync_spns' in " +- "parameter 'sync machine password to keytab' => " +- "no need to talk to DC.\n"); ++ DBG_DEBUG("No 'sync_etypes', 'sync_kvno', 'sync_spns', " ++ "'sync_upn' and 'sync_sam_account' in parameter " ++ "'sync machine password to keytab' => no need to " ++ "talk to DC.\n"); + } + + if (!secrets_init()) { +@@ -951,7 +1117,8 @@ params_ready: + return status_nt; + } + +- for (i = 0; i < state->num_keytabs; i++) { ++ num_keytabs = talloc_array_length(state->keytabs); ++ for (i = 0; i < num_keytabs; i++) { + status_ads = pw2kt_process_keytab(state, &state->keytabs[i]); + if (!ADS_ERR_OK(status_ads)) { + TALLOC_FREE(frame); +diff --git a/source3/script/tests/test_update_keytab.sh b/source3/script/tests/test_update_keytab.sh +index 2c38b53ccca..82c64984787 100755 +--- a/source3/script/tests/test_update_keytab.sh ++++ b/source3/script/tests/test_update_keytab.sh +@@ -20,208 +20,416 @@ samba_net="$BINDIR/net $CONFIGURATION" + samba_rpcclient="$BINDIR/rpcclient $CONFIGURATION" + smbclient="${BINDIR}/smbclient" + +-keytabs_sync_kvno="keytab0k keytab1k keytab2k keytab3k" ++keytabs_sync_kvno="keytab0k keytab1k keytab2k keytab3k keytab4k" + keytabs_nosync_kvno="keytab0 keytab1 keytab2 keytab3" + keytabs_all="$keytabs_sync_kvno $keytabs_nosync_kvno" + +-# default, no specifiers ++# Generate the next ~300 lines for keytab templates using these steps: ++# make testenv SELFTEST_TESTENV="ad_member_idmap_nss:local" ++# source3/script/tests/test_update_keytab.sh ADDOMAIN --configfile=st/ad_member_idmap_nss/lib/server.conf ++# and finally source it from the vim editor ++# :r! for k in keytab0 keytab0k keytab1 keytab1k keytab2 keytab2k keytab3 keytab3k keytab4k ; do (echo $k=\"\\; bin/net --configfile=st/ad_member_idmap_nss/lib/server.conf ads keytab list /path/st/ad_member_idmap_nss/$k |sort -k3 |grep -v Vno|sed 's/\$/\\$/'; echo '";'; echo ); done ++ + keytab0="\ +- -1 aes256-cts-hmac-sha1-96 ADMEMIDMAPNSS\$@ADDOM.SAMBA.EXAMPLE.COM +- -1 aes128-cts-hmac-sha1-96 ADMEMIDMAPNSS\$@ADDOM.SAMBA.EXAMPLE.COM + -1 arcfour-hmac-md5 ADMEMIDMAPNSS\$@ADDOM.SAMBA.EXAMPLE.COM +- -2 aes256-cts-hmac-sha1-96 ADMEMIDMAPNSS\$@ADDOM.SAMBA.EXAMPLE.COM +- -2 aes128-cts-hmac-sha1-96 ADMEMIDMAPNSS\$@ADDOM.SAMBA.EXAMPLE.COM + -2 arcfour-hmac-md5 ADMEMIDMAPNSS\$@ADDOM.SAMBA.EXAMPLE.COM +- -3 aes256-cts-hmac-sha1-96 ADMEMIDMAPNSS\$@ADDOM.SAMBA.EXAMPLE.COM +- -3 aes128-cts-hmac-sha1-96 ADMEMIDMAPNSS\$@ADDOM.SAMBA.EXAMPLE.COM + -3 arcfour-hmac-md5 ADMEMIDMAPNSS\$@ADDOM.SAMBA.EXAMPLE.COM ++ -1 aes128-cts-hmac-sha1-96 ADMEMIDMAPNSS\$@ADDOM.SAMBA.EXAMPLE.COM ++ -1 aes256-cts-hmac-sha1-96 ADMEMIDMAPNSS\$@ADDOM.SAMBA.EXAMPLE.COM ++ -2 aes128-cts-hmac-sha1-96 ADMEMIDMAPNSS\$@ADDOM.SAMBA.EXAMPLE.COM ++ -2 aes256-cts-hmac-sha1-96 ADMEMIDMAPNSS\$@ADDOM.SAMBA.EXAMPLE.COM ++ -3 aes128-cts-hmac-sha1-96 ADMEMIDMAPNSS\$@ADDOM.SAMBA.EXAMPLE.COM ++ -3 aes256-cts-hmac-sha1-96 ADMEMIDMAPNSS\$@ADDOM.SAMBA.EXAMPLE.COM ++ -1 arcfour-hmac-md5 host/ADMEMIDMAPNSS@ADDOM.SAMBA.EXAMPLE.COM ++ -2 arcfour-hmac-md5 host/ADMEMIDMAPNSS@ADDOM.SAMBA.EXAMPLE.COM ++ -3 arcfour-hmac-md5 host/ADMEMIDMAPNSS@ADDOM.SAMBA.EXAMPLE.COM ++ -1 aes128-cts-hmac-sha1-96 host/ADMEMIDMAPNSS@ADDOM.SAMBA.EXAMPLE.COM ++ -1 aes256-cts-hmac-sha1-96 host/ADMEMIDMAPNSS@ADDOM.SAMBA.EXAMPLE.COM ++ -2 aes128-cts-hmac-sha1-96 host/ADMEMIDMAPNSS@ADDOM.SAMBA.EXAMPLE.COM ++ -2 aes256-cts-hmac-sha1-96 host/ADMEMIDMAPNSS@ADDOM.SAMBA.EXAMPLE.COM ++ -3 aes128-cts-hmac-sha1-96 host/ADMEMIDMAPNSS@ADDOM.SAMBA.EXAMPLE.COM ++ -3 aes256-cts-hmac-sha1-96 host/ADMEMIDMAPNSS@ADDOM.SAMBA.EXAMPLE.COM ++ -1 arcfour-hmac-md5 host/admemidmapnss.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM ++ -2 arcfour-hmac-md5 host/admemidmapnss.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM ++ -3 arcfour-hmac-md5 host/admemidmapnss.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM ++ -1 aes128-cts-hmac-sha1-96 host/admemidmapnss.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM ++ -1 aes256-cts-hmac-sha1-96 host/admemidmapnss.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM ++ -2 aes128-cts-hmac-sha1-96 host/admemidmapnss.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM ++ -2 aes256-cts-hmac-sha1-96 host/admemidmapnss.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM ++ -3 aes128-cts-hmac-sha1-96 host/admemidmapnss.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM ++ -3 aes256-cts-hmac-sha1-96 host/admemidmapnss.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM + "; + +-# sync_kvno=yes + keytab0k="\ +- 5 aes256-cts-hmac-sha1-96 ADMEMIDMAPNSS\$@ADDOM.SAMBA.EXAMPLE.COM +- 3 aes256-cts-hmac-sha1-96 ADMEMIDMAPNSS\$@ADDOM.SAMBA.EXAMPLE.COM + 4 aes256-cts-hmac-sha1-96 ADMEMIDMAPNSS\$@ADDOM.SAMBA.EXAMPLE.COM ++ 5 aes256-cts-hmac-sha1-96 ADMEMIDMAPNSS\$@ADDOM.SAMBA.EXAMPLE.COM ++ 6 aes256-cts-hmac-sha1-96 ADMEMIDMAPNSS\$@ADDOM.SAMBA.EXAMPLE.COM ++ 4 aes256-cts-hmac-sha1-96 host/ADMEMIDMAPNSS@ADDOM.SAMBA.EXAMPLE.COM ++ 5 aes256-cts-hmac-sha1-96 host/ADMEMIDMAPNSS@ADDOM.SAMBA.EXAMPLE.COM ++ 6 aes256-cts-hmac-sha1-96 host/ADMEMIDMAPNSS@ADDOM.SAMBA.EXAMPLE.COM ++ 4 aes256-cts-hmac-sha1-96 host/admemidmapnss.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM ++ 5 aes256-cts-hmac-sha1-96 host/admemidmapnss.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM ++ 6 aes256-cts-hmac-sha1-96 host/admemidmapnss.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM + "; + +-# sync_spns=yes + keytab1="\ +- -1 aes256-cts-hmac-sha1-96 HOST/ADMEMIDMAPNSS.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM +- -2 aes256-cts-hmac-sha1-96 HOST/ADMEMIDMAPNSS.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM +- -3 aes256-cts-hmac-sha1-96 HOST/ADMEMIDMAPNSS.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM +- -1 aes256-cts-hmac-sha1-96 RestrictedKrbHost/ADMEMIDMAPNSS.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM ++ -1 aes256-cts-hmac-sha1-96 host/ADMEMIDMAPNSS@ADDOM.SAMBA.EXAMPLE.COM ++ -2 aes256-cts-hmac-sha1-96 host/ADMEMIDMAPNSS@ADDOM.SAMBA.EXAMPLE.COM ++ -3 aes256-cts-hmac-sha1-96 host/ADMEMIDMAPNSS@ADDOM.SAMBA.EXAMPLE.COM + -1 aes256-cts-hmac-sha1-96 HOST/ADMEMIDMAPNSS@ADDOM.SAMBA.EXAMPLE.COM + -2 aes256-cts-hmac-sha1-96 HOST/ADMEMIDMAPNSS@ADDOM.SAMBA.EXAMPLE.COM + -3 aes256-cts-hmac-sha1-96 HOST/ADMEMIDMAPNSS@ADDOM.SAMBA.EXAMPLE.COM +- -1 aes256-cts-hmac-sha1-96 RestrictedKrbHost/ADMEMIDMAPNSS@ADDOM.SAMBA.EXAMPLE.COM ++ -1 aes256-cts-hmac-sha1-96 host/admemidmapnss.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM ++ -2 aes256-cts-hmac-sha1-96 host/admemidmapnss.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM ++ -3 aes256-cts-hmac-sha1-96 host/admemidmapnss.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM ++ -1 aes256-cts-hmac-sha1-96 HOST/ADMEMIDMAPNSS.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM ++ -2 aes256-cts-hmac-sha1-96 HOST/ADMEMIDMAPNSS.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM ++ -3 aes256-cts-hmac-sha1-96 HOST/ADMEMIDMAPNSS.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM ++ -1 aes256-cts-hmac-sha1-96 HOST/host1.example.com@ADDOM.SAMBA.EXAMPLE.COM ++ -2 aes256-cts-hmac-sha1-96 HOST/host1.example.com@ADDOM.SAMBA.EXAMPLE.COM ++ -3 aes256-cts-hmac-sha1-96 HOST/host1.example.com@ADDOM.SAMBA.EXAMPLE.COM ++ -1 aes256-cts-hmac-sha1-96 HOST/host2.other.com@ADDOM.SAMBA.EXAMPLE.COM ++ -2 aes256-cts-hmac-sha1-96 HOST/host2.other.com@ADDOM.SAMBA.EXAMPLE.COM ++ -3 aes256-cts-hmac-sha1-96 HOST/host2.other.com@ADDOM.SAMBA.EXAMPLE.COM + -1 aes256-cts-hmac-sha1-96 HOST/NETBIOS1@ADDOM.SAMBA.EXAMPLE.COM + -2 aes256-cts-hmac-sha1-96 HOST/NETBIOS1@ADDOM.SAMBA.EXAMPLE.COM + -3 aes256-cts-hmac-sha1-96 HOST/NETBIOS1@ADDOM.SAMBA.EXAMPLE.COM ++ -1 aes256-cts-hmac-sha1-96 HOST/netbios1.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM ++ -2 aes256-cts-hmac-sha1-96 HOST/netbios1.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM ++ -3 aes256-cts-hmac-sha1-96 HOST/netbios1.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM + -1 aes256-cts-hmac-sha1-96 HOST/NETBIOS2@ADDOM.SAMBA.EXAMPLE.COM + -2 aes256-cts-hmac-sha1-96 HOST/NETBIOS2@ADDOM.SAMBA.EXAMPLE.COM + -3 aes256-cts-hmac-sha1-96 HOST/NETBIOS2@ADDOM.SAMBA.EXAMPLE.COM +- -2 aes256-cts-hmac-sha1-96 RestrictedKrbHost/ADMEMIDMAPNSS@ADDOM.SAMBA.EXAMPLE.COM +- -3 aes256-cts-hmac-sha1-96 RestrictedKrbHost/ADMEMIDMAPNSS@ADDOM.SAMBA.EXAMPLE.COM ++ -1 aes256-cts-hmac-sha1-96 HOST/netbios2.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM ++ -2 aes256-cts-hmac-sha1-96 HOST/netbios2.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM ++ -3 aes256-cts-hmac-sha1-96 HOST/netbios2.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM + -1 aes256-cts-hmac-sha1-96 HOST/NETBIOS3@ADDOM.SAMBA.EXAMPLE.COM + -2 aes256-cts-hmac-sha1-96 HOST/NETBIOS3@ADDOM.SAMBA.EXAMPLE.COM ++ -3 aes256-cts-hmac-sha1-96 HOST/NETBIOS3@ADDOM.SAMBA.EXAMPLE.COM ++ -1 aes256-cts-hmac-sha1-96 HOST/netbios3.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM ++ -2 aes256-cts-hmac-sha1-96 HOST/netbios3.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM ++ -3 aes256-cts-hmac-sha1-96 HOST/netbios3.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM ++ -1 aes256-cts-hmac-sha1-96 RestrictedKrbHost/ADMEMIDMAPNSS@ADDOM.SAMBA.EXAMPLE.COM ++ -2 aes256-cts-hmac-sha1-96 RestrictedKrbHost/ADMEMIDMAPNSS@ADDOM.SAMBA.EXAMPLE.COM ++ -3 aes256-cts-hmac-sha1-96 RestrictedKrbHost/ADMEMIDMAPNSS@ADDOM.SAMBA.EXAMPLE.COM ++ -1 aes256-cts-hmac-sha1-96 RestrictedKrbHost/ADMEMIDMAPNSS.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM + -2 aes256-cts-hmac-sha1-96 RestrictedKrbHost/ADMEMIDMAPNSS.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM + -3 aes256-cts-hmac-sha1-96 RestrictedKrbHost/ADMEMIDMAPNSS.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM +- -1 aes256-cts-hmac-sha1-96 HOST/NETBIOS1.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM +- -2 aes256-cts-hmac-sha1-96 HOST/NETBIOS1.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM +- -3 aes256-cts-hmac-sha1-96 HOST/NETBIOS1.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM +- -1 aes256-cts-hmac-sha1-96 HOST/NETBIOS2.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM +- -2 aes256-cts-hmac-sha1-96 HOST/NETBIOS2.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM +- -3 aes256-cts-hmac-sha1-96 HOST/NETBIOS2.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM +- -3 aes256-cts-hmac-sha1-96 HOST/NETBIOS3@ADDOM.SAMBA.EXAMPLE.COM +- -1 aes256-cts-hmac-sha1-96 HOST/NETBIOS3.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM +- -2 aes256-cts-hmac-sha1-96 HOST/NETBIOS3.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM +- -3 aes256-cts-hmac-sha1-96 HOST/NETBIOS3.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM +- -1 aes256-cts-hmac-sha1-96 HOST/host1.example.com@ADDOM.SAMBA.EXAMPLE.COM +- -2 aes256-cts-hmac-sha1-96 HOST/host1.example.com@ADDOM.SAMBA.EXAMPLE.COM +- -3 aes256-cts-hmac-sha1-96 HOST/host1.example.com@ADDOM.SAMBA.EXAMPLE.COM +- -1 aes256-cts-hmac-sha1-96 HOST/host2.other.com@ADDOM.SAMBA.EXAMPLE.COM +- -2 aes256-cts-hmac-sha1-96 HOST/host2.other.com@ADDOM.SAMBA.EXAMPLE.COM +- -3 aes256-cts-hmac-sha1-96 HOST/host2.other.com@ADDOM.SAMBA.EXAMPLE.COM + "; + +-# sync_spns=yes:sync_kvno=yes + keytab1k="\ +- 5 aes256-cts-hmac-sha1-96 HOST/ADMEMIDMAPNSS.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM +- 5 aes256-cts-hmac-sha1-96 RestrictedKrbHost/ADMEMIDMAPNSS.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM ++ 4 aes256-cts-hmac-sha1-96 host/ADMEMIDMAPNSS@ADDOM.SAMBA.EXAMPLE.COM ++ 5 aes256-cts-hmac-sha1-96 host/ADMEMIDMAPNSS@ADDOM.SAMBA.EXAMPLE.COM ++ 6 aes256-cts-hmac-sha1-96 host/ADMEMIDMAPNSS@ADDOM.SAMBA.EXAMPLE.COM ++ 4 aes256-cts-hmac-sha1-96 HOST/ADMEMIDMAPNSS@ADDOM.SAMBA.EXAMPLE.COM + 5 aes256-cts-hmac-sha1-96 HOST/ADMEMIDMAPNSS@ADDOM.SAMBA.EXAMPLE.COM +- 5 aes256-cts-hmac-sha1-96 RestrictedKrbHost/ADMEMIDMAPNSS@ADDOM.SAMBA.EXAMPLE.COM +- 5 aes256-cts-hmac-sha1-96 HOST/NETBIOS1@ADDOM.SAMBA.EXAMPLE.COM +- 5 aes256-cts-hmac-sha1-96 HOST/NETBIOS1.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM +- 5 aes256-cts-hmac-sha1-96 HOST/NETBIOS2@ADDOM.SAMBA.EXAMPLE.COM +- 5 aes256-cts-hmac-sha1-96 HOST/NETBIOS2.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM +- 5 aes256-cts-hmac-sha1-96 HOST/NETBIOS3@ADDOM.SAMBA.EXAMPLE.COM +- 5 aes256-cts-hmac-sha1-96 HOST/NETBIOS3.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM ++ 6 aes256-cts-hmac-sha1-96 HOST/ADMEMIDMAPNSS@ADDOM.SAMBA.EXAMPLE.COM ++ 4 aes256-cts-hmac-sha1-96 host/admemidmapnss.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM ++ 5 aes256-cts-hmac-sha1-96 host/admemidmapnss.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM ++ 6 aes256-cts-hmac-sha1-96 host/admemidmapnss.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM ++ 4 aes256-cts-hmac-sha1-96 HOST/ADMEMIDMAPNSS.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM ++ 5 aes256-cts-hmac-sha1-96 HOST/ADMEMIDMAPNSS.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM ++ 6 aes256-cts-hmac-sha1-96 HOST/ADMEMIDMAPNSS.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM ++ 4 aes256-cts-hmac-sha1-96 HOST/host1.example.com@ADDOM.SAMBA.EXAMPLE.COM + 5 aes256-cts-hmac-sha1-96 HOST/host1.example.com@ADDOM.SAMBA.EXAMPLE.COM ++ 6 aes256-cts-hmac-sha1-96 HOST/host1.example.com@ADDOM.SAMBA.EXAMPLE.COM ++ 4 aes256-cts-hmac-sha1-96 HOST/host2.other.com@ADDOM.SAMBA.EXAMPLE.COM + 5 aes256-cts-hmac-sha1-96 HOST/host2.other.com@ADDOM.SAMBA.EXAMPLE.COM +- 3 aes256-cts-hmac-sha1-96 HOST/ADMEMIDMAPNSS.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM +- 3 aes256-cts-hmac-sha1-96 RestrictedKrbHost/ADMEMIDMAPNSS.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM +- 3 aes256-cts-hmac-sha1-96 HOST/ADMEMIDMAPNSS@ADDOM.SAMBA.EXAMPLE.COM +- 3 aes256-cts-hmac-sha1-96 RestrictedKrbHost/ADMEMIDMAPNSS@ADDOM.SAMBA.EXAMPLE.COM +- 3 aes256-cts-hmac-sha1-96 HOST/NETBIOS1@ADDOM.SAMBA.EXAMPLE.COM +- 3 aes256-cts-hmac-sha1-96 HOST/NETBIOS1.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM +- 3 aes256-cts-hmac-sha1-96 HOST/NETBIOS2@ADDOM.SAMBA.EXAMPLE.COM +- 3 aes256-cts-hmac-sha1-96 HOST/NETBIOS2.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM +- 3 aes256-cts-hmac-sha1-96 HOST/NETBIOS3@ADDOM.SAMBA.EXAMPLE.COM +- 3 aes256-cts-hmac-sha1-96 HOST/NETBIOS3.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM +- 3 aes256-cts-hmac-sha1-96 HOST/host1.example.com@ADDOM.SAMBA.EXAMPLE.COM +- 3 aes256-cts-hmac-sha1-96 HOST/host2.other.com@ADDOM.SAMBA.EXAMPLE.COM +- 4 aes256-cts-hmac-sha1-96 HOST/ADMEMIDMAPNSS.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM +- 4 aes256-cts-hmac-sha1-96 RestrictedKrbHost/ADMEMIDMAPNSS.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM +- 4 aes256-cts-hmac-sha1-96 HOST/ADMEMIDMAPNSS@ADDOM.SAMBA.EXAMPLE.COM +- 4 aes256-cts-hmac-sha1-96 RestrictedKrbHost/ADMEMIDMAPNSS@ADDOM.SAMBA.EXAMPLE.COM ++ 6 aes256-cts-hmac-sha1-96 HOST/host2.other.com@ADDOM.SAMBA.EXAMPLE.COM + 4 aes256-cts-hmac-sha1-96 HOST/NETBIOS1@ADDOM.SAMBA.EXAMPLE.COM +- 4 aes256-cts-hmac-sha1-96 HOST/NETBIOS1.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM ++ 5 aes256-cts-hmac-sha1-96 HOST/NETBIOS1@ADDOM.SAMBA.EXAMPLE.COM ++ 6 aes256-cts-hmac-sha1-96 HOST/NETBIOS1@ADDOM.SAMBA.EXAMPLE.COM ++ 4 aes256-cts-hmac-sha1-96 HOST/netbios1.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM ++ 5 aes256-cts-hmac-sha1-96 HOST/netbios1.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM ++ 6 aes256-cts-hmac-sha1-96 HOST/netbios1.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM + 4 aes256-cts-hmac-sha1-96 HOST/NETBIOS2@ADDOM.SAMBA.EXAMPLE.COM +- 4 aes256-cts-hmac-sha1-96 HOST/NETBIOS2.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM ++ 5 aes256-cts-hmac-sha1-96 HOST/NETBIOS2@ADDOM.SAMBA.EXAMPLE.COM ++ 6 aes256-cts-hmac-sha1-96 HOST/NETBIOS2@ADDOM.SAMBA.EXAMPLE.COM ++ 4 aes256-cts-hmac-sha1-96 HOST/netbios2.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM ++ 5 aes256-cts-hmac-sha1-96 HOST/netbios2.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM ++ 6 aes256-cts-hmac-sha1-96 HOST/netbios2.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM + 4 aes256-cts-hmac-sha1-96 HOST/NETBIOS3@ADDOM.SAMBA.EXAMPLE.COM +- 4 aes256-cts-hmac-sha1-96 HOST/NETBIOS3.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM +- 4 aes256-cts-hmac-sha1-96 HOST/host1.example.com@ADDOM.SAMBA.EXAMPLE.COM +- 4 aes256-cts-hmac-sha1-96 HOST/host2.other.com@ADDOM.SAMBA.EXAMPLE.COM ++ 5 aes256-cts-hmac-sha1-96 HOST/NETBIOS3@ADDOM.SAMBA.EXAMPLE.COM ++ 6 aes256-cts-hmac-sha1-96 HOST/NETBIOS3@ADDOM.SAMBA.EXAMPLE.COM ++ 4 aes256-cts-hmac-sha1-96 HOST/netbios3.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM ++ 5 aes256-cts-hmac-sha1-96 HOST/netbios3.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM ++ 6 aes256-cts-hmac-sha1-96 HOST/netbios3.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM ++ 4 aes256-cts-hmac-sha1-96 RestrictedKrbHost/ADMEMIDMAPNSS@ADDOM.SAMBA.EXAMPLE.COM ++ 5 aes256-cts-hmac-sha1-96 RestrictedKrbHost/ADMEMIDMAPNSS@ADDOM.SAMBA.EXAMPLE.COM ++ 6 aes256-cts-hmac-sha1-96 RestrictedKrbHost/ADMEMIDMAPNSS@ADDOM.SAMBA.EXAMPLE.COM ++ 4 aes256-cts-hmac-sha1-96 RestrictedKrbHost/ADMEMIDMAPNSS.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM ++ 5 aes256-cts-hmac-sha1-96 RestrictedKrbHost/ADMEMIDMAPNSS.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM ++ 6 aes256-cts-hmac-sha1-96 RestrictedKrbHost/ADMEMIDMAPNSS.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM + "; + +-# spn_prefixes=imap,smtp + keytab2="\ ++ -1 aes256-cts-hmac-sha1-96 host/ADMEMIDMAPNSS@ADDOM.SAMBA.EXAMPLE.COM ++ -2 aes256-cts-hmac-sha1-96 host/ADMEMIDMAPNSS@ADDOM.SAMBA.EXAMPLE.COM ++ -3 aes256-cts-hmac-sha1-96 host/ADMEMIDMAPNSS@ADDOM.SAMBA.EXAMPLE.COM ++ -1 aes256-cts-hmac-sha1-96 host/admemidmapnss.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM ++ -2 aes256-cts-hmac-sha1-96 host/admemidmapnss.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM ++ -3 aes256-cts-hmac-sha1-96 host/admemidmapnss.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM ++ -1 aes256-cts-hmac-sha1-96 host/host1.example.com@ADDOM.SAMBA.EXAMPLE.COM ++ -2 aes256-cts-hmac-sha1-96 host/host1.example.com@ADDOM.SAMBA.EXAMPLE.COM ++ -3 aes256-cts-hmac-sha1-96 host/host1.example.com@ADDOM.SAMBA.EXAMPLE.COM ++ -1 aes256-cts-hmac-sha1-96 host/host2.other.com@ADDOM.SAMBA.EXAMPLE.COM ++ -2 aes256-cts-hmac-sha1-96 host/host2.other.com@ADDOM.SAMBA.EXAMPLE.COM ++ -3 aes256-cts-hmac-sha1-96 host/host2.other.com@ADDOM.SAMBA.EXAMPLE.COM ++ -1 aes256-cts-hmac-sha1-96 host/NETBIOS1@ADDOM.SAMBA.EXAMPLE.COM ++ -2 aes256-cts-hmac-sha1-96 host/NETBIOS1@ADDOM.SAMBA.EXAMPLE.COM ++ -3 aes256-cts-hmac-sha1-96 host/NETBIOS1@ADDOM.SAMBA.EXAMPLE.COM ++ -1 aes256-cts-hmac-sha1-96 host/netbios1.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM ++ -2 aes256-cts-hmac-sha1-96 host/netbios1.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM ++ -3 aes256-cts-hmac-sha1-96 host/netbios1.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM ++ -1 aes256-cts-hmac-sha1-96 host/NETBIOS2@ADDOM.SAMBA.EXAMPLE.COM ++ -2 aes256-cts-hmac-sha1-96 host/NETBIOS2@ADDOM.SAMBA.EXAMPLE.COM ++ -3 aes256-cts-hmac-sha1-96 host/NETBIOS2@ADDOM.SAMBA.EXAMPLE.COM ++ -1 aes256-cts-hmac-sha1-96 host/netbios2.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM ++ -2 aes256-cts-hmac-sha1-96 host/netbios2.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM ++ -3 aes256-cts-hmac-sha1-96 host/netbios2.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM ++ -1 aes256-cts-hmac-sha1-96 host/NETBIOS3@ADDOM.SAMBA.EXAMPLE.COM ++ -2 aes256-cts-hmac-sha1-96 host/NETBIOS3@ADDOM.SAMBA.EXAMPLE.COM ++ -3 aes256-cts-hmac-sha1-96 host/NETBIOS3@ADDOM.SAMBA.EXAMPLE.COM ++ -1 aes256-cts-hmac-sha1-96 host/netbios3.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM ++ -2 aes256-cts-hmac-sha1-96 host/netbios3.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM ++ -3 aes256-cts-hmac-sha1-96 host/netbios3.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM + -1 aes256-cts-hmac-sha1-96 imap/ADMEMIDMAPNSS@ADDOM.SAMBA.EXAMPLE.COM + -2 aes256-cts-hmac-sha1-96 imap/ADMEMIDMAPNSS@ADDOM.SAMBA.EXAMPLE.COM + -3 aes256-cts-hmac-sha1-96 imap/ADMEMIDMAPNSS@ADDOM.SAMBA.EXAMPLE.COM ++ -1 aes256-cts-hmac-sha1-96 imap/admemidmapnss.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM ++ -2 aes256-cts-hmac-sha1-96 imap/admemidmapnss.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM ++ -3 aes256-cts-hmac-sha1-96 imap/admemidmapnss.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM ++ -1 aes256-cts-hmac-sha1-96 imap/host1.example.com@ADDOM.SAMBA.EXAMPLE.COM ++ -2 aes256-cts-hmac-sha1-96 imap/host1.example.com@ADDOM.SAMBA.EXAMPLE.COM ++ -3 aes256-cts-hmac-sha1-96 imap/host1.example.com@ADDOM.SAMBA.EXAMPLE.COM ++ -1 aes256-cts-hmac-sha1-96 imap/host2.other.com@ADDOM.SAMBA.EXAMPLE.COM ++ -2 aes256-cts-hmac-sha1-96 imap/host2.other.com@ADDOM.SAMBA.EXAMPLE.COM ++ -3 aes256-cts-hmac-sha1-96 imap/host2.other.com@ADDOM.SAMBA.EXAMPLE.COM + -1 aes256-cts-hmac-sha1-96 imap/NETBIOS1@ADDOM.SAMBA.EXAMPLE.COM + -2 aes256-cts-hmac-sha1-96 imap/NETBIOS1@ADDOM.SAMBA.EXAMPLE.COM + -3 aes256-cts-hmac-sha1-96 imap/NETBIOS1@ADDOM.SAMBA.EXAMPLE.COM ++ -1 aes256-cts-hmac-sha1-96 imap/netbios1.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM ++ -2 aes256-cts-hmac-sha1-96 imap/netbios1.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM ++ -3 aes256-cts-hmac-sha1-96 imap/netbios1.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM + -1 aes256-cts-hmac-sha1-96 imap/NETBIOS2@ADDOM.SAMBA.EXAMPLE.COM + -2 aes256-cts-hmac-sha1-96 imap/NETBIOS2@ADDOM.SAMBA.EXAMPLE.COM +- -1 aes256-cts-hmac-sha1-96 imap/NETBIOS1.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM +- -2 aes256-cts-hmac-sha1-96 imap/NETBIOS1.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM + -3 aes256-cts-hmac-sha1-96 imap/NETBIOS2@ADDOM.SAMBA.EXAMPLE.COM ++ -1 aes256-cts-hmac-sha1-96 imap/netbios2.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM ++ -2 aes256-cts-hmac-sha1-96 imap/netbios2.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM ++ -3 aes256-cts-hmac-sha1-96 imap/netbios2.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM + -1 aes256-cts-hmac-sha1-96 imap/NETBIOS3@ADDOM.SAMBA.EXAMPLE.COM +- -3 aes256-cts-hmac-sha1-96 imap/NETBIOS1.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM +- -1 aes256-cts-hmac-sha1-96 imap/NETBIOS2.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM + -2 aes256-cts-hmac-sha1-96 imap/NETBIOS3@ADDOM.SAMBA.EXAMPLE.COM + -3 aes256-cts-hmac-sha1-96 imap/NETBIOS3@ADDOM.SAMBA.EXAMPLE.COM +- -2 aes256-cts-hmac-sha1-96 imap/NETBIOS2.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM +- -3 aes256-cts-hmac-sha1-96 imap/NETBIOS2.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM +- -1 aes256-cts-hmac-sha1-96 imap/NETBIOS3.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM +- -2 aes256-cts-hmac-sha1-96 imap/NETBIOS3.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM +- -3 aes256-cts-hmac-sha1-96 imap/NETBIOS3.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM +- -1 aes256-cts-hmac-sha1-96 imap/host2.other.com@ADDOM.SAMBA.EXAMPLE.COM +- -2 aes256-cts-hmac-sha1-96 imap/host2.other.com@ADDOM.SAMBA.EXAMPLE.COM +- -1 aes256-cts-hmac-sha1-96 imap/host1.example.com@ADDOM.SAMBA.EXAMPLE.COM +- -3 aes256-cts-hmac-sha1-96 imap/host2.other.com@ADDOM.SAMBA.EXAMPLE.COM ++ -1 aes256-cts-hmac-sha1-96 imap/netbios3.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM ++ -2 aes256-cts-hmac-sha1-96 imap/netbios3.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM ++ -3 aes256-cts-hmac-sha1-96 imap/netbios3.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM + -1 aes256-cts-hmac-sha1-96 smtp/ADMEMIDMAPNSS@ADDOM.SAMBA.EXAMPLE.COM +- -2 aes256-cts-hmac-sha1-96 imap/host1.example.com@ADDOM.SAMBA.EXAMPLE.COM +- -3 aes256-cts-hmac-sha1-96 imap/host1.example.com@ADDOM.SAMBA.EXAMPLE.COM + -2 aes256-cts-hmac-sha1-96 smtp/ADMEMIDMAPNSS@ADDOM.SAMBA.EXAMPLE.COM + -3 aes256-cts-hmac-sha1-96 smtp/ADMEMIDMAPNSS@ADDOM.SAMBA.EXAMPLE.COM ++ -1 aes256-cts-hmac-sha1-96 smtp/admemidmapnss.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM ++ -2 aes256-cts-hmac-sha1-96 smtp/admemidmapnss.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM ++ -3 aes256-cts-hmac-sha1-96 smtp/admemidmapnss.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM ++ -1 aes256-cts-hmac-sha1-96 smtp/host1.example.com@ADDOM.SAMBA.EXAMPLE.COM ++ -2 aes256-cts-hmac-sha1-96 smtp/host1.example.com@ADDOM.SAMBA.EXAMPLE.COM ++ -3 aes256-cts-hmac-sha1-96 smtp/host1.example.com@ADDOM.SAMBA.EXAMPLE.COM ++ -1 aes256-cts-hmac-sha1-96 smtp/host2.other.com@ADDOM.SAMBA.EXAMPLE.COM ++ -2 aes256-cts-hmac-sha1-96 smtp/host2.other.com@ADDOM.SAMBA.EXAMPLE.COM ++ -3 aes256-cts-hmac-sha1-96 smtp/host2.other.com@ADDOM.SAMBA.EXAMPLE.COM + -1 aes256-cts-hmac-sha1-96 smtp/NETBIOS1@ADDOM.SAMBA.EXAMPLE.COM + -2 aes256-cts-hmac-sha1-96 smtp/NETBIOS1@ADDOM.SAMBA.EXAMPLE.COM + -3 aes256-cts-hmac-sha1-96 smtp/NETBIOS1@ADDOM.SAMBA.EXAMPLE.COM +- -1 aes256-cts-hmac-sha1-96 smtp/NETBIOS1.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM +- -2 aes256-cts-hmac-sha1-96 smtp/NETBIOS1.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM +- -3 aes256-cts-hmac-sha1-96 smtp/NETBIOS1.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM ++ -1 aes256-cts-hmac-sha1-96 smtp/netbios1.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM ++ -2 aes256-cts-hmac-sha1-96 smtp/netbios1.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM ++ -3 aes256-cts-hmac-sha1-96 smtp/netbios1.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM + -1 aes256-cts-hmac-sha1-96 smtp/NETBIOS2@ADDOM.SAMBA.EXAMPLE.COM + -2 aes256-cts-hmac-sha1-96 smtp/NETBIOS2@ADDOM.SAMBA.EXAMPLE.COM + -3 aes256-cts-hmac-sha1-96 smtp/NETBIOS2@ADDOM.SAMBA.EXAMPLE.COM +- -1 aes256-cts-hmac-sha1-96 smtp/NETBIOS2.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM +- -2 aes256-cts-hmac-sha1-96 smtp/NETBIOS2.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM +- -3 aes256-cts-hmac-sha1-96 smtp/NETBIOS2.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM ++ -1 aes256-cts-hmac-sha1-96 smtp/netbios2.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM ++ -2 aes256-cts-hmac-sha1-96 smtp/netbios2.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM ++ -3 aes256-cts-hmac-sha1-96 smtp/netbios2.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM + -1 aes256-cts-hmac-sha1-96 smtp/NETBIOS3@ADDOM.SAMBA.EXAMPLE.COM + -2 aes256-cts-hmac-sha1-96 smtp/NETBIOS3@ADDOM.SAMBA.EXAMPLE.COM + -3 aes256-cts-hmac-sha1-96 smtp/NETBIOS3@ADDOM.SAMBA.EXAMPLE.COM +- -1 aes256-cts-hmac-sha1-96 smtp/NETBIOS3.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM +- -2 aes256-cts-hmac-sha1-96 smtp/NETBIOS3.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM +- -3 aes256-cts-hmac-sha1-96 smtp/NETBIOS3.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM +- -1 aes256-cts-hmac-sha1-96 smtp/host1.example.com@ADDOM.SAMBA.EXAMPLE.COM +- -2 aes256-cts-hmac-sha1-96 smtp/host1.example.com@ADDOM.SAMBA.EXAMPLE.COM +- -3 aes256-cts-hmac-sha1-96 smtp/host1.example.com@ADDOM.SAMBA.EXAMPLE.COM +- -1 aes256-cts-hmac-sha1-96 smtp/host2.other.com@ADDOM.SAMBA.EXAMPLE.COM +- -2 aes256-cts-hmac-sha1-96 smtp/host2.other.com@ADDOM.SAMBA.EXAMPLE.COM +- -3 aes256-cts-hmac-sha1-96 smtp/host2.other.com@ADDOM.SAMBA.EXAMPLE.COM ++ -1 aes256-cts-hmac-sha1-96 smtp/netbios3.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM ++ -2 aes256-cts-hmac-sha1-96 smtp/netbios3.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM ++ -3 aes256-cts-hmac-sha1-96 smtp/netbios3.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM + "; + +-# spn_prefixes=imap,smtp:sync_kvno=yes + keytab2k="\ +- 5 aes256-cts-hmac-sha1-96 imap/ADMEMIDMAPNSS@ADDOM.SAMBA.EXAMPLE.COM +- 5 aes256-cts-hmac-sha1-96 imap/host1.example.com@ADDOM.SAMBA.EXAMPLE.COM +- 5 aes256-cts-hmac-sha1-96 imap/host2.other.com@ADDOM.SAMBA.EXAMPLE.COM +- 5 aes256-cts-hmac-sha1-96 smtp/ADMEMIDMAPNSS@ADDOM.SAMBA.EXAMPLE.COM +- 5 aes256-cts-hmac-sha1-96 smtp/host1.example.com@ADDOM.SAMBA.EXAMPLE.COM +- 5 aes256-cts-hmac-sha1-96 smtp/host2.other.com@ADDOM.SAMBA.EXAMPLE.COM +- 3 aes256-cts-hmac-sha1-96 imap/ADMEMIDMAPNSS@ADDOM.SAMBA.EXAMPLE.COM +- 3 aes256-cts-hmac-sha1-96 imap/host1.example.com@ADDOM.SAMBA.EXAMPLE.COM +- 3 aes256-cts-hmac-sha1-96 imap/host2.other.com@ADDOM.SAMBA.EXAMPLE.COM +- 3 aes256-cts-hmac-sha1-96 smtp/ADMEMIDMAPNSS@ADDOM.SAMBA.EXAMPLE.COM +- 3 aes256-cts-hmac-sha1-96 smtp/host1.example.com@ADDOM.SAMBA.EXAMPLE.COM +- 3 aes256-cts-hmac-sha1-96 smtp/host2.other.com@ADDOM.SAMBA.EXAMPLE.COM ++ 4 aes256-cts-hmac-sha1-96 host/ADMEMIDMAPNSS@ADDOM.SAMBA.EXAMPLE.COM ++ 5 aes256-cts-hmac-sha1-96 host/ADMEMIDMAPNSS@ADDOM.SAMBA.EXAMPLE.COM ++ 6 aes256-cts-hmac-sha1-96 host/ADMEMIDMAPNSS@ADDOM.SAMBA.EXAMPLE.COM ++ 4 aes256-cts-hmac-sha1-96 host/admemidmapnss.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM ++ 5 aes256-cts-hmac-sha1-96 host/admemidmapnss.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM ++ 6 aes256-cts-hmac-sha1-96 host/admemidmapnss.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM ++ 4 aes256-cts-hmac-sha1-96 host/host1.example.com@ADDOM.SAMBA.EXAMPLE.COM ++ 5 aes256-cts-hmac-sha1-96 host/host1.example.com@ADDOM.SAMBA.EXAMPLE.COM ++ 6 aes256-cts-hmac-sha1-96 host/host1.example.com@ADDOM.SAMBA.EXAMPLE.COM ++ 4 aes256-cts-hmac-sha1-96 host/host2.other.com@ADDOM.SAMBA.EXAMPLE.COM ++ 5 aes256-cts-hmac-sha1-96 host/host2.other.com@ADDOM.SAMBA.EXAMPLE.COM ++ 6 aes256-cts-hmac-sha1-96 host/host2.other.com@ADDOM.SAMBA.EXAMPLE.COM + 4 aes256-cts-hmac-sha1-96 imap/ADMEMIDMAPNSS@ADDOM.SAMBA.EXAMPLE.COM ++ 5 aes256-cts-hmac-sha1-96 imap/ADMEMIDMAPNSS@ADDOM.SAMBA.EXAMPLE.COM ++ 6 aes256-cts-hmac-sha1-96 imap/ADMEMIDMAPNSS@ADDOM.SAMBA.EXAMPLE.COM ++ 4 aes256-cts-hmac-sha1-96 imap/admemidmapnss.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM ++ 5 aes256-cts-hmac-sha1-96 imap/admemidmapnss.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM ++ 6 aes256-cts-hmac-sha1-96 imap/admemidmapnss.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM + 4 aes256-cts-hmac-sha1-96 imap/host1.example.com@ADDOM.SAMBA.EXAMPLE.COM ++ 5 aes256-cts-hmac-sha1-96 imap/host1.example.com@ADDOM.SAMBA.EXAMPLE.COM ++ 6 aes256-cts-hmac-sha1-96 imap/host1.example.com@ADDOM.SAMBA.EXAMPLE.COM + 4 aes256-cts-hmac-sha1-96 imap/host2.other.com@ADDOM.SAMBA.EXAMPLE.COM ++ 5 aes256-cts-hmac-sha1-96 imap/host2.other.com@ADDOM.SAMBA.EXAMPLE.COM ++ 6 aes256-cts-hmac-sha1-96 imap/host2.other.com@ADDOM.SAMBA.EXAMPLE.COM + 4 aes256-cts-hmac-sha1-96 smtp/ADMEMIDMAPNSS@ADDOM.SAMBA.EXAMPLE.COM ++ 5 aes256-cts-hmac-sha1-96 smtp/ADMEMIDMAPNSS@ADDOM.SAMBA.EXAMPLE.COM ++ 6 aes256-cts-hmac-sha1-96 smtp/ADMEMIDMAPNSS@ADDOM.SAMBA.EXAMPLE.COM ++ 4 aes256-cts-hmac-sha1-96 smtp/admemidmapnss.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM ++ 5 aes256-cts-hmac-sha1-96 smtp/admemidmapnss.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM ++ 6 aes256-cts-hmac-sha1-96 smtp/admemidmapnss.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM + 4 aes256-cts-hmac-sha1-96 smtp/host1.example.com@ADDOM.SAMBA.EXAMPLE.COM ++ 5 aes256-cts-hmac-sha1-96 smtp/host1.example.com@ADDOM.SAMBA.EXAMPLE.COM ++ 6 aes256-cts-hmac-sha1-96 smtp/host1.example.com@ADDOM.SAMBA.EXAMPLE.COM + 4 aes256-cts-hmac-sha1-96 smtp/host2.other.com@ADDOM.SAMBA.EXAMPLE.COM ++ 5 aes256-cts-hmac-sha1-96 smtp/host2.other.com@ADDOM.SAMBA.EXAMPLE.COM ++ 6 aes256-cts-hmac-sha1-96 smtp/host2.other.com@ADDOM.SAMBA.EXAMPLE.COM + "; + +-# spns=wurst/brot\@$dcvars->{REALM} + keytab3="\ ++ -1 aes256-cts-hmac-sha1-96 host/ADMEMIDMAPNSS@ADDOM.SAMBA.EXAMPLE.COM ++ -2 aes256-cts-hmac-sha1-96 host/ADMEMIDMAPNSS@ADDOM.SAMBA.EXAMPLE.COM ++ -3 aes256-cts-hmac-sha1-96 host/ADMEMIDMAPNSS@ADDOM.SAMBA.EXAMPLE.COM ++ -1 aes256-cts-hmac-sha1-96 host/admemidmapnss.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM ++ -2 aes256-cts-hmac-sha1-96 host/admemidmapnss.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM ++ -3 aes256-cts-hmac-sha1-96 host/admemidmapnss.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM + -1 aes256-cts-hmac-sha1-96 wurst/brot@ADDOM.SAMBA.EXAMPLE.COM + -2 aes256-cts-hmac-sha1-96 wurst/brot@ADDOM.SAMBA.EXAMPLE.COM + -3 aes256-cts-hmac-sha1-96 wurst/brot@ADDOM.SAMBA.EXAMPLE.COM + "; + +-# spns=wurst/brot\@$dcvars->{REALM},wurst1/brot\@$dcvars->{REALM},wurst2/brot\@$dcvars->{REALM}:sync_kvno=yes + keytab3k="\ +- 5 aes256-cts-hmac-sha1-96 wurst/brot@ADDOM.SAMBA.EXAMPLE.COM ++ 4 aes256-cts-hmac-sha1-96 host/ADMEMIDMAPNSS@ADDOM.SAMBA.EXAMPLE.COM ++ 5 aes256-cts-hmac-sha1-96 host/ADMEMIDMAPNSS@ADDOM.SAMBA.EXAMPLE.COM ++ 6 aes256-cts-hmac-sha1-96 host/ADMEMIDMAPNSS@ADDOM.SAMBA.EXAMPLE.COM ++ 4 aes256-cts-hmac-sha1-96 host/admemidmapnss.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM ++ 5 aes256-cts-hmac-sha1-96 host/admemidmapnss.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM ++ 6 aes256-cts-hmac-sha1-96 host/admemidmapnss.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM ++ 4 aes256-cts-hmac-sha1-96 wurst1/brot@ADDOM.SAMBA.EXAMPLE.COM + 5 aes256-cts-hmac-sha1-96 wurst1/brot@ADDOM.SAMBA.EXAMPLE.COM ++ 6 aes256-cts-hmac-sha1-96 wurst1/brot@ADDOM.SAMBA.EXAMPLE.COM ++ 4 aes256-cts-hmac-sha1-96 wurst2/brot@ADDOM.SAMBA.EXAMPLE.COM + 5 aes256-cts-hmac-sha1-96 wurst2/brot@ADDOM.SAMBA.EXAMPLE.COM +- 3 aes256-cts-hmac-sha1-96 wurst/brot@ADDOM.SAMBA.EXAMPLE.COM +- 3 aes256-cts-hmac-sha1-96 wurst1/brot@ADDOM.SAMBA.EXAMPLE.COM +- 3 aes256-cts-hmac-sha1-96 wurst2/brot@ADDOM.SAMBA.EXAMPLE.COM ++ 6 aes256-cts-hmac-sha1-96 wurst2/brot@ADDOM.SAMBA.EXAMPLE.COM + 4 aes256-cts-hmac-sha1-96 wurst/brot@ADDOM.SAMBA.EXAMPLE.COM ++ 5 aes256-cts-hmac-sha1-96 wurst/brot@ADDOM.SAMBA.EXAMPLE.COM ++ 6 aes256-cts-hmac-sha1-96 wurst/brot@ADDOM.SAMBA.EXAMPLE.COM ++"; ++ ++keytab4k="\ ++ 4 aes256-cts-hmac-sha1-96 ADMEMIDMAPNSS\$@ADDOM.SAMBA.EXAMPLE.COM ++ 4 aes256-cts-hmac-sha1-96 ADMEMIDMAPNSS\$@ADDOM.SAMBA.EXAMPLE.COM ++ 5 aes256-cts-hmac-sha1-96 ADMEMIDMAPNSS\$@ADDOM.SAMBA.EXAMPLE.COM ++ 5 aes256-cts-hmac-sha1-96 ADMEMIDMAPNSS\$@ADDOM.SAMBA.EXAMPLE.COM ++ 6 aes256-cts-hmac-sha1-96 ADMEMIDMAPNSS\$@ADDOM.SAMBA.EXAMPLE.COM ++ 6 aes256-cts-hmac-sha1-96 ADMEMIDMAPNSS\$@ADDOM.SAMBA.EXAMPLE.COM ++ 4 aes256-cts-hmac-sha1-96 host/ADMEMIDMAPNSS@ADDOM.SAMBA.EXAMPLE.COM ++ 5 aes256-cts-hmac-sha1-96 host/ADMEMIDMAPNSS@ADDOM.SAMBA.EXAMPLE.COM ++ 6 aes256-cts-hmac-sha1-96 host/ADMEMIDMAPNSS@ADDOM.SAMBA.EXAMPLE.COM ++ 4 aes256-cts-hmac-sha1-96 host/admemidmapnss.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM ++ 5 aes256-cts-hmac-sha1-96 host/admemidmapnss.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM ++ 6 aes256-cts-hmac-sha1-96 host/admemidmapnss.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM ++ 4 aes256-cts-hmac-sha1-96 host/host1.example.com@ADDOM.SAMBA.EXAMPLE.COM ++ 5 aes256-cts-hmac-sha1-96 host/host1.example.com@ADDOM.SAMBA.EXAMPLE.COM ++ 6 aes256-cts-hmac-sha1-96 host/host1.example.com@ADDOM.SAMBA.EXAMPLE.COM ++ 4 aes256-cts-hmac-sha1-96 host/host2.other.com@ADDOM.SAMBA.EXAMPLE.COM ++ 5 aes256-cts-hmac-sha1-96 host/host2.other.com@ADDOM.SAMBA.EXAMPLE.COM ++ 6 aes256-cts-hmac-sha1-96 host/host2.other.com@ADDOM.SAMBA.EXAMPLE.COM ++ 4 aes256-cts-hmac-sha1-96 host/NETBIOS1@ADDOM.SAMBA.EXAMPLE.COM ++ 5 aes256-cts-hmac-sha1-96 host/NETBIOS1@ADDOM.SAMBA.EXAMPLE.COM ++ 6 aes256-cts-hmac-sha1-96 host/NETBIOS1@ADDOM.SAMBA.EXAMPLE.COM ++ 4 aes256-cts-hmac-sha1-96 host/netbios1.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM ++ 5 aes256-cts-hmac-sha1-96 host/netbios1.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM ++ 6 aes256-cts-hmac-sha1-96 host/netbios1.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM ++ 4 aes256-cts-hmac-sha1-96 host/NETBIOS2@ADDOM.SAMBA.EXAMPLE.COM ++ 5 aes256-cts-hmac-sha1-96 host/NETBIOS2@ADDOM.SAMBA.EXAMPLE.COM ++ 6 aes256-cts-hmac-sha1-96 host/NETBIOS2@ADDOM.SAMBA.EXAMPLE.COM ++ 4 aes256-cts-hmac-sha1-96 host/netbios2.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM ++ 5 aes256-cts-hmac-sha1-96 host/netbios2.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM ++ 6 aes256-cts-hmac-sha1-96 host/netbios2.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM ++ 4 aes256-cts-hmac-sha1-96 host/NETBIOS3@ADDOM.SAMBA.EXAMPLE.COM ++ 5 aes256-cts-hmac-sha1-96 host/NETBIOS3@ADDOM.SAMBA.EXAMPLE.COM ++ 6 aes256-cts-hmac-sha1-96 host/NETBIOS3@ADDOM.SAMBA.EXAMPLE.COM ++ 4 aes256-cts-hmac-sha1-96 host/netbios3.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM ++ 5 aes256-cts-hmac-sha1-96 host/netbios3.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM ++ 6 aes256-cts-hmac-sha1-96 host/netbios3.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM ++ 4 aes256-cts-hmac-sha1-96 imap/ADMEMIDMAPNSS@ADDOM.SAMBA.EXAMPLE.COM ++ 5 aes256-cts-hmac-sha1-96 imap/ADMEMIDMAPNSS@ADDOM.SAMBA.EXAMPLE.COM ++ 6 aes256-cts-hmac-sha1-96 imap/ADMEMIDMAPNSS@ADDOM.SAMBA.EXAMPLE.COM ++ 4 aes256-cts-hmac-sha1-96 imap/admemidmapnss.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM ++ 5 aes256-cts-hmac-sha1-96 imap/admemidmapnss.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM ++ 6 aes256-cts-hmac-sha1-96 imap/admemidmapnss.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM ++ 4 aes256-cts-hmac-sha1-96 imap/host1.example.com@ADDOM.SAMBA.EXAMPLE.COM ++ 5 aes256-cts-hmac-sha1-96 imap/host1.example.com@ADDOM.SAMBA.EXAMPLE.COM ++ 6 aes256-cts-hmac-sha1-96 imap/host1.example.com@ADDOM.SAMBA.EXAMPLE.COM ++ 4 aes256-cts-hmac-sha1-96 imap/host2.other.com@ADDOM.SAMBA.EXAMPLE.COM ++ 5 aes256-cts-hmac-sha1-96 imap/host2.other.com@ADDOM.SAMBA.EXAMPLE.COM ++ 6 aes256-cts-hmac-sha1-96 imap/host2.other.com@ADDOM.SAMBA.EXAMPLE.COM ++ 4 aes256-cts-hmac-sha1-96 imap/NETBIOS1@ADDOM.SAMBA.EXAMPLE.COM ++ 5 aes256-cts-hmac-sha1-96 imap/NETBIOS1@ADDOM.SAMBA.EXAMPLE.COM ++ 6 aes256-cts-hmac-sha1-96 imap/NETBIOS1@ADDOM.SAMBA.EXAMPLE.COM ++ 4 aes256-cts-hmac-sha1-96 imap/netbios1.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM ++ 5 aes256-cts-hmac-sha1-96 imap/netbios1.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM ++ 6 aes256-cts-hmac-sha1-96 imap/netbios1.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM ++ 4 aes256-cts-hmac-sha1-96 imap/NETBIOS2@ADDOM.SAMBA.EXAMPLE.COM ++ 5 aes256-cts-hmac-sha1-96 imap/NETBIOS2@ADDOM.SAMBA.EXAMPLE.COM ++ 6 aes256-cts-hmac-sha1-96 imap/NETBIOS2@ADDOM.SAMBA.EXAMPLE.COM ++ 4 aes256-cts-hmac-sha1-96 imap/netbios2.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM ++ 5 aes256-cts-hmac-sha1-96 imap/netbios2.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM ++ 6 aes256-cts-hmac-sha1-96 imap/netbios2.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM ++ 4 aes256-cts-hmac-sha1-96 imap/NETBIOS3@ADDOM.SAMBA.EXAMPLE.COM ++ 5 aes256-cts-hmac-sha1-96 imap/NETBIOS3@ADDOM.SAMBA.EXAMPLE.COM ++ 6 aes256-cts-hmac-sha1-96 imap/NETBIOS3@ADDOM.SAMBA.EXAMPLE.COM ++ 4 aes256-cts-hmac-sha1-96 imap/netbios3.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM ++ 5 aes256-cts-hmac-sha1-96 imap/netbios3.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM ++ 6 aes256-cts-hmac-sha1-96 imap/netbios3.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM ++ 4 aes256-cts-hmac-sha1-96 smtp/ADMEMIDMAPNSS@ADDOM.SAMBA.EXAMPLE.COM ++ 5 aes256-cts-hmac-sha1-96 smtp/ADMEMIDMAPNSS@ADDOM.SAMBA.EXAMPLE.COM ++ 6 aes256-cts-hmac-sha1-96 smtp/ADMEMIDMAPNSS@ADDOM.SAMBA.EXAMPLE.COM ++ 4 aes256-cts-hmac-sha1-96 smtp/admemidmapnss.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM ++ 5 aes256-cts-hmac-sha1-96 smtp/admemidmapnss.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM ++ 6 aes256-cts-hmac-sha1-96 smtp/admemidmapnss.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM ++ 4 aes256-cts-hmac-sha1-96 smtp/host1.example.com@ADDOM.SAMBA.EXAMPLE.COM ++ 5 aes256-cts-hmac-sha1-96 smtp/host1.example.com@ADDOM.SAMBA.EXAMPLE.COM ++ 6 aes256-cts-hmac-sha1-96 smtp/host1.example.com@ADDOM.SAMBA.EXAMPLE.COM ++ 4 aes256-cts-hmac-sha1-96 smtp/host2.other.com@ADDOM.SAMBA.EXAMPLE.COM ++ 5 aes256-cts-hmac-sha1-96 smtp/host2.other.com@ADDOM.SAMBA.EXAMPLE.COM ++ 6 aes256-cts-hmac-sha1-96 smtp/host2.other.com@ADDOM.SAMBA.EXAMPLE.COM ++ 4 aes256-cts-hmac-sha1-96 smtp/NETBIOS1@ADDOM.SAMBA.EXAMPLE.COM ++ 5 aes256-cts-hmac-sha1-96 smtp/NETBIOS1@ADDOM.SAMBA.EXAMPLE.COM ++ 6 aes256-cts-hmac-sha1-96 smtp/NETBIOS1@ADDOM.SAMBA.EXAMPLE.COM ++ 4 aes256-cts-hmac-sha1-96 smtp/netbios1.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM ++ 5 aes256-cts-hmac-sha1-96 smtp/netbios1.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM ++ 6 aes256-cts-hmac-sha1-96 smtp/netbios1.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM ++ 4 aes256-cts-hmac-sha1-96 smtp/NETBIOS2@ADDOM.SAMBA.EXAMPLE.COM ++ 5 aes256-cts-hmac-sha1-96 smtp/NETBIOS2@ADDOM.SAMBA.EXAMPLE.COM ++ 6 aes256-cts-hmac-sha1-96 smtp/NETBIOS2@ADDOM.SAMBA.EXAMPLE.COM ++ 4 aes256-cts-hmac-sha1-96 smtp/netbios2.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM ++ 5 aes256-cts-hmac-sha1-96 smtp/netbios2.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM ++ 6 aes256-cts-hmac-sha1-96 smtp/netbios2.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM ++ 4 aes256-cts-hmac-sha1-96 smtp/NETBIOS3@ADDOM.SAMBA.EXAMPLE.COM ++ 5 aes256-cts-hmac-sha1-96 smtp/NETBIOS3@ADDOM.SAMBA.EXAMPLE.COM ++ 6 aes256-cts-hmac-sha1-96 smtp/NETBIOS3@ADDOM.SAMBA.EXAMPLE.COM ++ 4 aes256-cts-hmac-sha1-96 smtp/netbios3.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM ++ 5 aes256-cts-hmac-sha1-96 smtp/netbios3.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM ++ 6 aes256-cts-hmac-sha1-96 smtp/netbios3.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM + 4 aes256-cts-hmac-sha1-96 wurst1/brot@ADDOM.SAMBA.EXAMPLE.COM ++ 5 aes256-cts-hmac-sha1-96 wurst1/brot@ADDOM.SAMBA.EXAMPLE.COM ++ 6 aes256-cts-hmac-sha1-96 wurst1/brot@ADDOM.SAMBA.EXAMPLE.COM + 4 aes256-cts-hmac-sha1-96 wurst2/brot@ADDOM.SAMBA.EXAMPLE.COM ++ 5 aes256-cts-hmac-sha1-96 wurst2/brot@ADDOM.SAMBA.EXAMPLE.COM ++ 6 aes256-cts-hmac-sha1-96 wurst2/brot@ADDOM.SAMBA.EXAMPLE.COM ++ 4 aes256-cts-hmac-sha1-96 wurst/brot@ADDOM.SAMBA.EXAMPLE.COM ++ 5 aes256-cts-hmac-sha1-96 wurst/brot@ADDOM.SAMBA.EXAMPLE.COM ++ 6 aes256-cts-hmac-sha1-96 wurst/brot@ADDOM.SAMBA.EXAMPLE.COM + "; + + # find the biggest vno and store it into global variable vno +@@ -289,9 +497,9 @@ SED2="s/^ \+-\?[0-9]\+ \+//" + + compare_keytabs_sync_kvno() + { +- sed "$SED1" < "$1" | sort -k1rn -k3 | sed "$SED2" > "${1}.sync_kvno" +- sed "$SED1" < "$2" | sort -k1rn -k3 | sed "$SED2" > "${2}.sync_kvno" +- diff --ignore-case "${1}.sync_kvno" "${2}.sync_kvno" ++ sed "$SED1" < "$1" | sed "$SED2" | sort > "${1}.sync_kvno" ++ sed "$SED1" < "$2" | sed "$SED2" | sort > "${2}.sync_kvno" ++ diff "${1}.sync_kvno" "${2}.sync_kvno" + return $? + } + +@@ -299,7 +507,7 @@ compare_keytabs_nosync_kvno() + { + sed "$SED1" < "$1" | sort -k1rn -k3 > "${1}.nosync_kvno" + sed "$SED1" < "$2" | sort -k1rn -k3 > "${2}.nosync_kvno" +- diff --ignore-case "${1}.nosync_kvno" "${2}.nosync_kvno" ++ diff "${1}.nosync_kvno" "${2}.nosync_kvno" + return $? + } + +@@ -391,6 +599,7 @@ printf '%s' "$keytab2" > "$TMPDIR/keytab2_template" + printf '%s' "$keytab2k" > "$TMPDIR/keytab2k_template" + printf '%s' "$keytab3" > "$TMPDIR/keytab3_template" + printf '%s' "$keytab3k" > "$TMPDIR/keytab3k_template" ++printf '%s' "$keytab4k" > "$TMPDIR/keytab4k_template" + + # Other approach could e.g. compare first six entries from the template. + # The 6 entries correspond to password and old_password, each has 3 enc. types. +-- +2.49.0 + + +From f1e0fce49fbd1890da053d05c8511010cb7f2911 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Pavel=20Filipensk=C3=BD?= +Date: Tue, 14 Jan 2025 11:29:54 +0100 +Subject: [PATCH 04/24] docs-xml:smbdotconf: Document new options for 'sync + machinepassword to keytab' +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +BUG: https://bugzilla.samba.org/show_bug.cgi?id=15759 + +Signed-off-by: Pavel Filipenský +Reviewed-by: Andreas Schneider +Reviewed-by: Alexander Bokovoy + +Autobuild-User(master): Pavel Filipensky +Autobuild-Date(master): Thu Feb 13 18:45:21 UTC 2025 on atb-devel-224 + +(cherry picked from commit 7a662e097be5e0d3f7779fa544486968b8f57063) +--- + docs-xml/manpages/net.8.xml | 24 +++++------ + .../security/syncmachinepasswordtokeytab.xml | 42 ++++++++++++------- + 2 files changed, 38 insertions(+), 28 deletions(-) + +diff --git a/docs-xml/manpages/net.8.xml b/docs-xml/manpages/net.8.xml +index f388644172f..8091368a48e 100644 +--- a/docs-xml/manpages/net.8.xml ++++ b/docs-xml/manpages/net.8.xml +@@ -1549,29 +1549,25 @@ to show in the result. + + + Since Samba 4.21.0, keytab file is created as specified in . The keytab is created only for ++name="sync machine password to keytab"/> . The keytab can be created only when ++machine password is available in secrets.tdb, i.e. only for + secrets only and + secrets and keytab. With + the smb.conf default values for secrets + only and + (default is empty) the keytab is not generated at all. Keytab with a default +-name and SPNs synced from AD is created for secrets and keytab if is missing. ++name containing: SPNs synced from AD, account name COMPUTER$ and principal ++host/dns_hostname is created for secrets ++and keytab if is missing. + + +-Till Samba 4.20.0, two more entries were created by default: the machinename of +-the client (ending with '$') and the UPN (host/domain@REALM). If these two +-entries are still needed, each must be specified in an own keytab file. +-Example below will generate three keytab files that contain SPNs synced from +-AD, host UPN and machine$ SPN: ++Till Samba 4.20, these entries were created by default: the account name ++COMPUTER$, 'host' principal and SPNs synced from AD. Example below generates ++such keytab ('host' is added implicitly): + + +- +-/etc/krb5.keytab0:sync_spns:machine_password, +-/etc/krb5.keytab1:spns=host/smb.com@SMB.COM:machine_password, +-/etc/krb5.keytab2:account_name:machine_password +- ++/etc/krb5.keytab:account_name:sync_spns:sync_kvno:machine_password + + + No changes are made to the computer AD account. +diff --git a/docs-xml/smbdotconf/security/syncmachinepasswordtokeytab.xml b/docs-xml/smbdotconf/security/syncmachinepasswordtokeytab.xml +index f7dc30023d4..02eaf3162c0 100644 +--- a/docs-xml/smbdotconf/security/syncmachinepasswordtokeytab.xml ++++ b/docs-xml/smbdotconf/security/syncmachinepasswordtokeytab.xml +@@ -24,36 +24,49 @@ synchronization. + + Each string has this form: + +-absolute_path_to_keytab:spn_spec[:sync_etypes][:sync_kvno][:netbios_aliases][:additional_dns_hostnames][:machine_password] ++absolute_path_to_keytab:spn_spec[:spn_spec]*[:sync_etypes][:sync_kvno][:netbios_aliases][:additional_dns_hostnames][:machine_password] + + +-where spn_spec can have exactly one of these four forms: ++spn_spec can be specified multiple times (separated using ':') and each spn_spec can have exactly one of these forms: + + account_name ++sync_account_name ++sync_upn + sync_spns + spn_prefixes=value1[,value2[...]] + spns=value1[,value2[...]] + +-No other combinations are allowed. + + + +-Specifiers: ++Every keytab contains the 'host' principal and principals according the specification below: + +-account_name - creates entry using principal 'computer$@REALM'. +-sync_spns - uses principals received from AD DC. +-spn_prefixes - creates principals from the prefixes and adds netbios_aliases or additional_dns_hostnames if specified. +-spns - creates only the principals defined in the list. ++account_name - COMPUTER$@REALM ++sync_account_name - uses attribute "sAMAccountName" from AD ++host - always present, no need to specify it explicitly ++ the 'host' principal is created for the same variants (netbios name, dns hostname, netbiosalias, additional_dns_hostname) as in spn_prefixes ++sync_upn - uses attribute "userPrincipalName" (if exists in AD) ++sync_spns - uses attribute "servicePrincipalName" (if exists in AD) ++spn_prefixes - creates these two principals from each prefix. e.g.: ++ prefix/@REALM ++ prefix/@REALM ++ with :netbios_aliases for each netbiosalias in ++ prefix/netbiosalias@REALM ++ prefix/netbiosalias.dnsdomain@REALM ++ with :additional_dns_hostnames for each additionaldnshostname in ++ prefix/additionaldnshostname@REALM ++spns - creates only the principals defined in the list + ++'account_name' and 'sync_account_name' are the same, just the source differs (secrets.tdb vs. AD). + + + + Options: + +-sync_etypes - parameter "msDS-SupportedEncryptionTypes" is read from DC and is used to find the highest common enc type for AD and KRB5 lib. +-sync_kvno - the key version number ("msDS-KeyVersionNumber") is synchronized from DC, otherwise is set to -1. +-netbios_aliases - evaluated only for SPN_SPEC_PREFIX. If present, PREFIX/netbiosname@REALM and PREFIX/netbiosname.domainname@REALM are added for each alias. See +-additional_dns_hostnames - evaluated only for SPN_SPEC_PREFIX. If present, PREFIX/dnshostname@REALM is added for each dns name. See ++sync_etypes - attribute "msDS-SupportedEncryptionTypes" is read from AD and is used to find the highest common enc type for AD and KRB5 lib. ++sync_kvno - attribute "msDS-KeyVersionNumber" from AD is used to set KVNO. If this option is missing, KVNO is set to -1. ++netbios_aliases - evaluated only for spn_prefixes (see details above) and for the 'host' principal. ++additional_dns_hostnames - evaluated only for spn_prefixes (see details above) and for the 'host' principal. + machine_password - mandatory, if missing the entry is ignored. For future use. + + +@@ -68,7 +81,8 @@ Example: + "/path/to/keytab4:spn_prefixes=imap,smtp:machine_password", + "/path/to/keytab5:spn_prefixes=imap,smtp:netbios_aliases:additional_dns_hostnames:sync_kvno:machine_password", + "/path/to/keytab6:spns=wurst/brot@REALM:machine_password", +-"/path/to/keytab7:spns=wurst/brot@REALM,wurst2/brot@REALM:sync_kvno:machine_password" ++"/path/to/keytab7:spns=wurst/brot@REALM,wurst2/brot@REALM:sync_kvno:machine_password", ++"/path/to/keytab8:account_name:sync_account_name:host:sync_upn:sync_spns:spn_prefixes=cifs,http:spns=wurst/brot@REALM:sync_kvno:machine_password" + + If sync_etypes or sync_kvno or sync_spns is present then winbind connects to DC. For "offline domain join" it might be useful not to use these options. + +@@ -80,7 +94,7 @@ If no value is present and is different + + + winbind uses value +- /path/to/keytab:sync_spns:sync_kvno:machine_password ++ /path/to/keytab:host:account_name:sync_spns:sync_kvno:machine_password + where the path to the keytab is obtained either from the krb5 library or from + . + +-- +2.49.0 + + +From 4dc163e87824aac33107767881d4a47033c5d9dd Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Pavel=20Filipensk=C3=BD?= +Date: Fri, 14 Feb 2025 17:28:54 +0100 +Subject: [PATCH 05/24] s3:libads: Remove specifier for 'host' principal from + 'sync machine password to keytab' +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Use specifier 'spn_prefixes=host' instead of 'host' + +BUG: https://bugzilla.samba.org/show_bug.cgi?id=15759 + +Signed-off-by: Pavel Filipenský +Reviewed-by: Stefan Metzmacher +(cherry picked from commit ccc3b2b2fba7b5d223c79bffc0f655490aed19cf) +--- + selftest/target/Samba3.pm | 6 +-- + source3/libads/kerberos_keytab.c | 21 +++------- + source3/script/tests/test_update_keytab.sh | 48 ---------------------- + 3 files changed, 9 insertions(+), 66 deletions(-) + +diff --git a/selftest/target/Samba3.pm b/selftest/target/Samba3.pm +index cc4498ff36e..6650690fbb7 100755 +--- a/selftest/target/Samba3.pm ++++ b/selftest/target/Samba3.pm +@@ -804,11 +804,11 @@ sub provision_ad_member + \"$prefix_abs/keytab0k:account_name:sync_kvno:machine_password:sync_etypes\", \\ + \"$prefix_abs/keytab1:sync_spns:machine_password:sync_etypes\", \\ + \"$prefix_abs/keytab1k:sync_spns:sync_kvno:machine_password:sync_etypes\", \\ +- \"$prefix_abs/keytab2:spn_prefixes=imap,smtp:additional_dns_hostnames:netbios_aliases:machine_password:sync_etypes\", \\ +- \"$prefix_abs/keytab2k:spn_prefixes=imap,smtp:additional_dns_hostnames:sync_kvno:machine_password:sync_etypes\", \\ ++ \"$prefix_abs/keytab2:spn_prefixes=host,imap,smtp:additional_dns_hostnames:netbios_aliases:machine_password:sync_etypes\", \\ ++ \"$prefix_abs/keytab2k:spn_prefixes=host,imap,smtp:additional_dns_hostnames:sync_kvno:machine_password:sync_etypes\", \\ + \"$prefix_abs/keytab3:spns=wurst/brot\@$dcvars->{REALM}:machine_password:sync_etypes\", \\ + \"$prefix_abs/keytab3k:spns=wurst/brot\@$dcvars->{REALM},wurst1/brot\@$dcvars->{REALM},wurst2/brot\@$dcvars->{REALM}:sync_kvno:machine_password:sync_etypes\", \\ +- \"$prefix_abs/keytab4k:account_name:sync_account_name:spn_prefixes=imap,smtp:additional_dns_hostnames:netbios_aliases:spns=wurst/brot\@$dcvars->{REALM},wurst1/brot\@$dcvars->{REALM},wurst2/brot\@$dcvars->{REALM}:sync_kvno:machine_password:sync_etypes\" ++ \"$prefix_abs/keytab4k:account_name:sync_account_name:spn_prefixes=host,imap,smtp:additional_dns_hostnames:netbios_aliases:spns=wurst/brot\@$dcvars->{REALM},wurst1/brot\@$dcvars->{REALM},wurst2/brot\@$dcvars->{REALM}:sync_kvno:machine_password:sync_etypes\" + "; + } + +diff --git a/source3/libads/kerberos_keytab.c b/source3/libads/kerberos_keytab.c +index 619a7bda0d4..5913db299ad 100644 +--- a/source3/libads/kerberos_keytab.c ++++ b/source3/libads/kerberos_keytab.c +@@ -44,7 +44,6 @@ + enum spn_spec_type { + SPN_SPEC_ACCOUNT_NAME, + SPN_SPEC_SYNC_ACCOUNT_NAME, +- SPN_SPEC_HOST, + SPN_SPEC_SYNC_UPN, + SPN_SPEC_SYNC_SPNS, + SPN_SPEC_FULL, +@@ -164,8 +163,6 @@ static ADS_STATUS pw2kt_scan_spec(TALLOC_CTX *ctx, + } else if (strequal(option, "sync_account_name")) { + spec_type = SPN_SPEC_SYNC_ACCOUNT_NAME; + gstate->sync_sam_account = true; +- } else if (strequal(option, "host")) { +- spec_type = SPN_SPEC_HOST; + } else if (strequal(option, "sync_upn")) { + spec_type = SPN_SPEC_SYNC_UPN; + gstate->sync_upn = true; +@@ -251,9 +248,6 @@ static ADS_STATUS pw2kt_scan_line(const char *line, + *olist = 0; + olist++; + +- /* Always add 'host' principal */ +- desc->spec_array[SPN_SPEC_HOST].is_set = true; +- + /* Entries are separated via ':' */ + while ((tmp = strchr_m(olist, ':')) != NULL) { + *tmp = 0; +@@ -275,7 +269,8 @@ static ADS_STATUS pw2kt_scan_line(const char *line, + /* + * Fill struct pw2kt_global_state with defaults if + * "sync machine password to keytab" is missing in smb.conf +- * Creates 1 keytab with 3 SPN specifiers (sync_spns, account_name, host). ++ * Creates 1 keytab with these SPN specifiers: ++ * sync_spns:account_name:spn_prefixes=host:sync_kvno:machine_password + */ + static ADS_STATUS pw2kt_default_cfg(const char *name, + struct pw2kt_global_state *state) +@@ -302,9 +297,11 @@ static ADS_STATUS pw2kt_default_cfg(const char *name, + + desc->spec_array[SPN_SPEC_SYNC_SPNS].is_set = true; + desc->spec_array[SPN_SPEC_ACCOUNT_NAME].is_set = true; +- desc->spec_array[SPN_SPEC_HOST].is_set = true; ++ desc->spec_array[SPN_SPEC_PREFIX].is_set = true; + +- return ADS_SUCCESS; ++ return pw2kt_add_val(state->keytabs, ++ &desc->spec_array[SPN_SPEC_PREFIX], ++ "host"); + } + + /* +@@ -590,12 +587,6 @@ static ADS_STATUS pw2kt_process_specifier(struct pw2kt_global_state *gstate, + case SPN_SPEC_SYNC_ACCOUNT_NAME: + ADD_INFO(gstate->ad_sam_account); + break; +- case SPN_SPEC_HOST: +- status = pw2kt_add_prefix(gstate, state2, keytabptr, "host"); +- if (!ADS_ERR_OK(status)) { +- return status; +- } +- break; + case SPN_SPEC_SYNC_UPN: + if (gstate->ad_upn != NULL) { + ADD_INFO(gstate->ad_upn); +diff --git a/source3/script/tests/test_update_keytab.sh b/source3/script/tests/test_update_keytab.sh +index 82c64984787..21edf8b8882 100755 +--- a/source3/script/tests/test_update_keytab.sh ++++ b/source3/script/tests/test_update_keytab.sh +@@ -40,48 +40,18 @@ keytab0="\ + -2 aes256-cts-hmac-sha1-96 ADMEMIDMAPNSS\$@ADDOM.SAMBA.EXAMPLE.COM + -3 aes128-cts-hmac-sha1-96 ADMEMIDMAPNSS\$@ADDOM.SAMBA.EXAMPLE.COM + -3 aes256-cts-hmac-sha1-96 ADMEMIDMAPNSS\$@ADDOM.SAMBA.EXAMPLE.COM +- -1 arcfour-hmac-md5 host/ADMEMIDMAPNSS@ADDOM.SAMBA.EXAMPLE.COM +- -2 arcfour-hmac-md5 host/ADMEMIDMAPNSS@ADDOM.SAMBA.EXAMPLE.COM +- -3 arcfour-hmac-md5 host/ADMEMIDMAPNSS@ADDOM.SAMBA.EXAMPLE.COM +- -1 aes128-cts-hmac-sha1-96 host/ADMEMIDMAPNSS@ADDOM.SAMBA.EXAMPLE.COM +- -1 aes256-cts-hmac-sha1-96 host/ADMEMIDMAPNSS@ADDOM.SAMBA.EXAMPLE.COM +- -2 aes128-cts-hmac-sha1-96 host/ADMEMIDMAPNSS@ADDOM.SAMBA.EXAMPLE.COM +- -2 aes256-cts-hmac-sha1-96 host/ADMEMIDMAPNSS@ADDOM.SAMBA.EXAMPLE.COM +- -3 aes128-cts-hmac-sha1-96 host/ADMEMIDMAPNSS@ADDOM.SAMBA.EXAMPLE.COM +- -3 aes256-cts-hmac-sha1-96 host/ADMEMIDMAPNSS@ADDOM.SAMBA.EXAMPLE.COM +- -1 arcfour-hmac-md5 host/admemidmapnss.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM +- -2 arcfour-hmac-md5 host/admemidmapnss.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM +- -3 arcfour-hmac-md5 host/admemidmapnss.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM +- -1 aes128-cts-hmac-sha1-96 host/admemidmapnss.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM +- -1 aes256-cts-hmac-sha1-96 host/admemidmapnss.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM +- -2 aes128-cts-hmac-sha1-96 host/admemidmapnss.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM +- -2 aes256-cts-hmac-sha1-96 host/admemidmapnss.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM +- -3 aes128-cts-hmac-sha1-96 host/admemidmapnss.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM +- -3 aes256-cts-hmac-sha1-96 host/admemidmapnss.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM + "; + + keytab0k="\ + 4 aes256-cts-hmac-sha1-96 ADMEMIDMAPNSS\$@ADDOM.SAMBA.EXAMPLE.COM + 5 aes256-cts-hmac-sha1-96 ADMEMIDMAPNSS\$@ADDOM.SAMBA.EXAMPLE.COM + 6 aes256-cts-hmac-sha1-96 ADMEMIDMAPNSS\$@ADDOM.SAMBA.EXAMPLE.COM +- 4 aes256-cts-hmac-sha1-96 host/ADMEMIDMAPNSS@ADDOM.SAMBA.EXAMPLE.COM +- 5 aes256-cts-hmac-sha1-96 host/ADMEMIDMAPNSS@ADDOM.SAMBA.EXAMPLE.COM +- 6 aes256-cts-hmac-sha1-96 host/ADMEMIDMAPNSS@ADDOM.SAMBA.EXAMPLE.COM +- 4 aes256-cts-hmac-sha1-96 host/admemidmapnss.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM +- 5 aes256-cts-hmac-sha1-96 host/admemidmapnss.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM +- 6 aes256-cts-hmac-sha1-96 host/admemidmapnss.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM + "; + + keytab1="\ +- -1 aes256-cts-hmac-sha1-96 host/ADMEMIDMAPNSS@ADDOM.SAMBA.EXAMPLE.COM +- -2 aes256-cts-hmac-sha1-96 host/ADMEMIDMAPNSS@ADDOM.SAMBA.EXAMPLE.COM +- -3 aes256-cts-hmac-sha1-96 host/ADMEMIDMAPNSS@ADDOM.SAMBA.EXAMPLE.COM + -1 aes256-cts-hmac-sha1-96 HOST/ADMEMIDMAPNSS@ADDOM.SAMBA.EXAMPLE.COM + -2 aes256-cts-hmac-sha1-96 HOST/ADMEMIDMAPNSS@ADDOM.SAMBA.EXAMPLE.COM + -3 aes256-cts-hmac-sha1-96 HOST/ADMEMIDMAPNSS@ADDOM.SAMBA.EXAMPLE.COM +- -1 aes256-cts-hmac-sha1-96 host/admemidmapnss.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM +- -2 aes256-cts-hmac-sha1-96 host/admemidmapnss.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM +- -3 aes256-cts-hmac-sha1-96 host/admemidmapnss.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM + -1 aes256-cts-hmac-sha1-96 HOST/ADMEMIDMAPNSS.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM + -2 aes256-cts-hmac-sha1-96 HOST/ADMEMIDMAPNSS.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM + -3 aes256-cts-hmac-sha1-96 HOST/ADMEMIDMAPNSS.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM +@@ -118,15 +88,9 @@ keytab1="\ + "; + + keytab1k="\ +- 4 aes256-cts-hmac-sha1-96 host/ADMEMIDMAPNSS@ADDOM.SAMBA.EXAMPLE.COM +- 5 aes256-cts-hmac-sha1-96 host/ADMEMIDMAPNSS@ADDOM.SAMBA.EXAMPLE.COM +- 6 aes256-cts-hmac-sha1-96 host/ADMEMIDMAPNSS@ADDOM.SAMBA.EXAMPLE.COM + 4 aes256-cts-hmac-sha1-96 HOST/ADMEMIDMAPNSS@ADDOM.SAMBA.EXAMPLE.COM + 5 aes256-cts-hmac-sha1-96 HOST/ADMEMIDMAPNSS@ADDOM.SAMBA.EXAMPLE.COM + 6 aes256-cts-hmac-sha1-96 HOST/ADMEMIDMAPNSS@ADDOM.SAMBA.EXAMPLE.COM +- 4 aes256-cts-hmac-sha1-96 host/admemidmapnss.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM +- 5 aes256-cts-hmac-sha1-96 host/admemidmapnss.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM +- 6 aes256-cts-hmac-sha1-96 host/admemidmapnss.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM + 4 aes256-cts-hmac-sha1-96 HOST/ADMEMIDMAPNSS.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM + 5 aes256-cts-hmac-sha1-96 HOST/ADMEMIDMAPNSS.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM + 6 aes256-cts-hmac-sha1-96 HOST/ADMEMIDMAPNSS.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM +@@ -295,24 +259,12 @@ keytab2k="\ + "; + + keytab3="\ +- -1 aes256-cts-hmac-sha1-96 host/ADMEMIDMAPNSS@ADDOM.SAMBA.EXAMPLE.COM +- -2 aes256-cts-hmac-sha1-96 host/ADMEMIDMAPNSS@ADDOM.SAMBA.EXAMPLE.COM +- -3 aes256-cts-hmac-sha1-96 host/ADMEMIDMAPNSS@ADDOM.SAMBA.EXAMPLE.COM +- -1 aes256-cts-hmac-sha1-96 host/admemidmapnss.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM +- -2 aes256-cts-hmac-sha1-96 host/admemidmapnss.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM +- -3 aes256-cts-hmac-sha1-96 host/admemidmapnss.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM + -1 aes256-cts-hmac-sha1-96 wurst/brot@ADDOM.SAMBA.EXAMPLE.COM + -2 aes256-cts-hmac-sha1-96 wurst/brot@ADDOM.SAMBA.EXAMPLE.COM + -3 aes256-cts-hmac-sha1-96 wurst/brot@ADDOM.SAMBA.EXAMPLE.COM + "; + + keytab3k="\ +- 4 aes256-cts-hmac-sha1-96 host/ADMEMIDMAPNSS@ADDOM.SAMBA.EXAMPLE.COM +- 5 aes256-cts-hmac-sha1-96 host/ADMEMIDMAPNSS@ADDOM.SAMBA.EXAMPLE.COM +- 6 aes256-cts-hmac-sha1-96 host/ADMEMIDMAPNSS@ADDOM.SAMBA.EXAMPLE.COM +- 4 aes256-cts-hmac-sha1-96 host/admemidmapnss.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM +- 5 aes256-cts-hmac-sha1-96 host/admemidmapnss.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM +- 6 aes256-cts-hmac-sha1-96 host/admemidmapnss.addom.samba.example.com@ADDOM.SAMBA.EXAMPLE.COM + 4 aes256-cts-hmac-sha1-96 wurst1/brot@ADDOM.SAMBA.EXAMPLE.COM + 5 aes256-cts-hmac-sha1-96 wurst1/brot@ADDOM.SAMBA.EXAMPLE.COM + 6 aes256-cts-hmac-sha1-96 wurst1/brot@ADDOM.SAMBA.EXAMPLE.COM +-- +2.49.0 + + +From 8bb9f6f5d9f5db755dfd950260288dfd746cfbb6 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Pavel=20Filipensk=C3=BD?= +Date: Fri, 14 Feb 2025 17:27:26 +0100 +Subject: [PATCH 06/24] docs: Update documentation for 'sync machine password + to keytab' +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Use specifier 'spn_prefixes=host' instead of 'host' + +BUG: https://bugzilla.samba.org/show_bug.cgi?id=15759 + +Signed-off-by: Pavel Filipenský +Reviewed-by: Stefan Metzmacher + +Autobuild-User(master): Pavel Filipensky +Autobuild-Date(master): Sat Feb 15 19:21:56 UTC 2025 on atb-devel-224 + +(cherry picked from commit 7cae7aad1ca6dcd5e0a3a102f36af74fa49a2c2b) +--- + docs-xml/manpages/net.8.xml | 4 ++-- + .../security/syncmachinepasswordtokeytab.xml | 11 +++++------ + 2 files changed, 7 insertions(+), 8 deletions(-) + +diff --git a/docs-xml/manpages/net.8.xml b/docs-xml/manpages/net.8.xml +index 8091368a48e..a5f004d6e12 100644 +--- a/docs-xml/manpages/net.8.xml ++++ b/docs-xml/manpages/net.8.xml +@@ -1564,10 +1564,10 @@ keytab"/> is missing. + + Till Samba 4.20, these entries were created by default: the account name + COMPUTER$, 'host' principal and SPNs synced from AD. Example below generates +-such keytab ('host' is added implicitly): ++such keytab: + + +-/etc/krb5.keytab:account_name:sync_spns:sync_kvno:machine_password ++/etc/krb5.keytab:spn_prefixes=host:account_name:sync_spns:sync_kvno:machine_password + + + No changes are made to the computer AD account. +diff --git a/docs-xml/smbdotconf/security/syncmachinepasswordtokeytab.xml b/docs-xml/smbdotconf/security/syncmachinepasswordtokeytab.xml +index 02eaf3162c0..ec3fffc1119 100644 +--- a/docs-xml/smbdotconf/security/syncmachinepasswordtokeytab.xml ++++ b/docs-xml/smbdotconf/security/syncmachinepasswordtokeytab.xml +@@ -39,12 +39,10 @@ spns=value1[,value2[...]] + + + +-Every keytab contains the 'host' principal and principals according the specification below: ++Every keytab contains principals according the specification below: + + account_name - COMPUTER$@REALM + sync_account_name - uses attribute "sAMAccountName" from AD +-host - always present, no need to specify it explicitly +- the 'host' principal is created for the same variants (netbios name, dns hostname, netbiosalias, additional_dns_hostname) as in spn_prefixes + sync_upn - uses attribute "userPrincipalName" (if exists in AD) + sync_spns - uses attribute "servicePrincipalName" (if exists in AD) + spn_prefixes - creates these two principals from each prefix. e.g.: +@@ -55,6 +53,7 @@ spn_prefixes - creates these two principals from each prefix. e.g.: + prefix/netbiosalias.dnsdomain@REALM + with :additional_dns_hostnames for each additionaldnshostname in + prefix/additionaldnshostname@REALM ++ - 'host' principal should be created using specifier spn_prefixes + spns - creates only the principals defined in the list + + 'account_name' and 'sync_account_name' are the same, just the source differs (secrets.tdb vs. AD). +@@ -65,8 +64,8 @@ Options: + + sync_etypes - attribute "msDS-SupportedEncryptionTypes" is read from AD and is used to find the highest common enc type for AD and KRB5 lib. + sync_kvno - attribute "msDS-KeyVersionNumber" from AD is used to set KVNO. If this option is missing, KVNO is set to -1. +-netbios_aliases - evaluated only for spn_prefixes (see details above) and for the 'host' principal. +-additional_dns_hostnames - evaluated only for spn_prefixes (see details above) and for the 'host' principal. ++netbios_aliases - evaluated only for spn_prefixes (see details above). ++additional_dns_hostnames - evaluated only for spn_prefixes (see details above). + machine_password - mandatory, if missing the entry is ignored. For future use. + + +@@ -82,7 +81,7 @@ Example: + "/path/to/keytab5:spn_prefixes=imap,smtp:netbios_aliases:additional_dns_hostnames:sync_kvno:machine_password", + "/path/to/keytab6:spns=wurst/brot@REALM:machine_password", + "/path/to/keytab7:spns=wurst/brot@REALM,wurst2/brot@REALM:sync_kvno:machine_password", +-"/path/to/keytab8:account_name:sync_account_name:host:sync_upn:sync_spns:spn_prefixes=cifs,http:spns=wurst/brot@REALM:sync_kvno:machine_password" ++"/path/to/keytab8:sync_account_name:sync_upn:sync_spns:spn_prefixes=host,cifs,http:spns=wurst/brot@REALM:sync_kvno:machine_password" + + If sync_etypes or sync_kvno or sync_spns is present then winbind connects to DC. For "offline domain join" it might be useful not to use these options. + +-- +2.49.0 + + +From 205bed2a3a8cb8d2ff9651244aab02b2f9f602ae Mon Sep 17 00:00:00 2001 +From: Jeremy Allison +Date: Wed, 15 Jan 2025 10:21:19 -0800 +Subject: [PATCH 07/24] auth: Add missing talloc_free() in error code path. +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +BUG: https://bugzilla.samba.org/show_bug.cgi?id=15782 + +Signed-off-by: Jeremy Allison +Reviewed-by: Guenther Deschner + +Autobuild-User(master): Günther Deschner +Autobuild-Date(master): Thu Jan 16 14:32:39 UTC 2025 on atb-devel-224 + +(cherry picked from commit c514ce8dcadcbbf0d86f3038d2be0f9253a76b75) +--- + auth/kerberos/kerberos_pac.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/auth/kerberos/kerberos_pac.c b/auth/kerberos/kerberos_pac.c +index b6272ac15eb..1f7d3e7ef26 100644 +--- a/auth/kerberos/kerberos_pac.c ++++ b/auth/kerberos/kerberos_pac.c +@@ -360,6 +360,7 @@ NTSTATUS kerberos_decode_pac(TALLOC_CTX *mem_ctx, + if (ret) { + DEBUG(5, ("PAC Decode: Failed to verify the service " + "signature: %s\n", error_message(ret))); ++ talloc_free(tmp_ctx); + return NT_STATUS_ACCESS_DENIED; + } + +-- +2.49.0 + + +From b531c84559e2391c38e4c7640610462046d2d7c6 Mon Sep 17 00:00:00 2001 +From: Jeremy Allison +Date: Thu, 16 Jan 2025 16:12:31 -0800 +Subject: [PATCH 08/24] auth: Cleanup exit code paths in kerberos_decode_pac(). +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +One more memory leak missed and now fixed. tmp_ctx +must be freed once the pac data is talloc_move'd. + +BUG: https://bugzilla.samba.org/show_bug.cgi?id=15782 + +Signed-off-by: Jeremy Allison +Reviewed-by: Jennifer Sutton +Reviewed-by: Christian Ambach +Reviewed-by: Guenther Deschner + +Autobuild-User(master): Günther Deschner +Autobuild-Date(master): Fri Jan 17 12:01:47 UTC 2025 on atb-devel-224 + +(cherry picked from commit f9eb0b248da0689c82656f3e482161c45749afb6) +--- + auth/kerberos/kerberos_pac.c | 88 ++++++++++++++++++------------------ + 1 file changed, 43 insertions(+), 45 deletions(-) + +diff --git a/auth/kerberos/kerberos_pac.c b/auth/kerberos/kerberos_pac.c +index 1f7d3e7ef26..4c61cfe838f 100644 +--- a/auth/kerberos/kerberos_pac.c ++++ b/auth/kerberos/kerberos_pac.c +@@ -137,7 +137,7 @@ NTSTATUS kerberos_decode_pac(TALLOC_CTX *mem_ctx, + time_t tgs_authtime, + struct PAC_DATA **pac_data_out) + { +- NTSTATUS status; ++ NTSTATUS status = NT_STATUS_NO_MEMORY; + enum ndr_err_code ndr_err; + krb5_error_code ret; + DATA_BLOB modified_pac_blob; +@@ -173,8 +173,8 @@ NTSTATUS kerberos_decode_pac(TALLOC_CTX *mem_ctx, + kdc_sig_wipe = talloc(tmp_ctx, struct PAC_SIGNATURE_DATA); + srv_sig_wipe = talloc(tmp_ctx, struct PAC_SIGNATURE_DATA); + if (!pac_data_raw || !pac_data || !kdc_sig_wipe || !srv_sig_wipe) { +- talloc_free(tmp_ctx); +- return NT_STATUS_NO_MEMORY; ++ status = NT_STATUS_NO_MEMORY; ++ goto out; + } + + ndr_err = ndr_pull_struct_blob(&pac_data_blob, pac_data, pac_data, +@@ -183,15 +183,14 @@ NTSTATUS kerberos_decode_pac(TALLOC_CTX *mem_ctx, + status = ndr_map_error2ntstatus(ndr_err); + DEBUG(0,("can't parse the PAC: %s\n", + nt_errstr(status))); +- talloc_free(tmp_ctx); +- return status; ++ goto out; + } + + if (pac_data->num_buffers < 4) { + /* we need logon_info, service_key and kdc_key */ + DEBUG(0,("less than 4 PAC buffers\n")); +- talloc_free(tmp_ctx); +- return NT_STATUS_INVALID_PARAMETER; ++ status = NT_STATUS_INVALID_PARAMETER; ++ goto out; + } + + ndr_err = ndr_pull_struct_blob( +@@ -201,15 +200,14 @@ NTSTATUS kerberos_decode_pac(TALLOC_CTX *mem_ctx, + status = ndr_map_error2ntstatus(ndr_err); + DEBUG(0,("can't parse the PAC: %s\n", + nt_errstr(status))); +- talloc_free(tmp_ctx); +- return status; ++ goto out; + } + + if (pac_data_raw->num_buffers < 4) { + /* we need logon_info, service_key and kdc_key */ + DEBUG(0,("less than 4 PAC buffers\n")); +- talloc_free(tmp_ctx); +- return NT_STATUS_INVALID_PARAMETER; ++ status = NT_STATUS_INVALID_PARAMETER; ++ goto out; + } + + if (pac_data->num_buffers != pac_data_raw->num_buffers) { +@@ -217,8 +215,8 @@ NTSTATUS kerberos_decode_pac(TALLOC_CTX *mem_ctx, + DEBUG(0, ("misparse! PAC_DATA has %d buffers while " + "PAC_DATA_RAW has %d\n", pac_data->num_buffers, + pac_data_raw->num_buffers)); +- talloc_free(tmp_ctx); +- return NT_STATUS_INVALID_PARAMETER; ++ status = NT_STATUS_INVALID_PARAMETER; ++ goto out; + } + + for (i=0; i < pac_data->num_buffers; i++) { +@@ -229,8 +227,8 @@ NTSTATUS kerberos_decode_pac(TALLOC_CTX *mem_ctx, + DEBUG(0, ("misparse! PAC_DATA buffer %d has type " + "%d while PAC_DATA_RAW has %d\n", i, + data_buf->type, raw_buf->type)); +- talloc_free(tmp_ctx); +- return NT_STATUS_INVALID_PARAMETER; ++ status = NT_STATUS_INVALID_PARAMETER; ++ goto out; + } + switch (data_buf->type) { + case PAC_TYPE_LOGON_INFO: +@@ -263,26 +261,26 @@ NTSTATUS kerberos_decode_pac(TALLOC_CTX *mem_ctx, + + if (!logon_info) { + DEBUG(0,("PAC no logon_info\n")); +- talloc_free(tmp_ctx); +- return NT_STATUS_INVALID_PARAMETER; ++ status = NT_STATUS_INVALID_PARAMETER; ++ goto out; + } + + if (!logon_name) { + DEBUG(0,("PAC no logon_name\n")); +- talloc_free(tmp_ctx); +- return NT_STATUS_INVALID_PARAMETER; ++ status = NT_STATUS_INVALID_PARAMETER; ++ goto out; + } + + if (!srv_sig_ptr || !srv_sig_blob) { + DEBUG(0,("PAC no srv_key\n")); +- talloc_free(tmp_ctx); +- return NT_STATUS_INVALID_PARAMETER; ++ status = NT_STATUS_INVALID_PARAMETER; ++ goto out; + } + + if (!kdc_sig_ptr || !kdc_sig_blob) { + DEBUG(0,("PAC no kdc_key\n")); +- talloc_free(tmp_ctx); +- return NT_STATUS_INVALID_PARAMETER; ++ status = NT_STATUS_INVALID_PARAMETER; ++ goto out; + } + + /* Find and zero out the signatures, +@@ -297,8 +295,7 @@ NTSTATUS kerberos_decode_pac(TALLOC_CTX *mem_ctx, + status = ndr_map_error2ntstatus(ndr_err); + DEBUG(0,("can't parse the KDC signature: %s\n", + nt_errstr(status))); +- talloc_free(tmp_ctx); +- return status; ++ goto out; + } + + ndr_err = ndr_pull_struct_blob( +@@ -308,8 +305,7 @@ NTSTATUS kerberos_decode_pac(TALLOC_CTX *mem_ctx, + status = ndr_map_error2ntstatus(ndr_err); + DEBUG(0,("can't parse the SRV signature: %s\n", + nt_errstr(status))); +- talloc_free(tmp_ctx); +- return status; ++ goto out; + } + + /* Now zero the decoded structure */ +@@ -326,8 +322,7 @@ NTSTATUS kerberos_decode_pac(TALLOC_CTX *mem_ctx, + status = ndr_map_error2ntstatus(ndr_err); + DEBUG(0,("can't repack the KDC signature: %s\n", + nt_errstr(status))); +- talloc_free(tmp_ctx); +- return status; ++ goto out; + } + ndr_err = ndr_push_struct_blob( + srv_sig_blob, pac_data_raw, srv_sig_wipe, +@@ -336,8 +331,7 @@ NTSTATUS kerberos_decode_pac(TALLOC_CTX *mem_ctx, + status = ndr_map_error2ntstatus(ndr_err); + DEBUG(0,("can't repack the SRV signature: %s\n", + nt_errstr(status))); +- talloc_free(tmp_ctx); +- return status; ++ goto out; + } + + /* push out the whole structure, but now with zero'ed signatures */ +@@ -348,8 +342,7 @@ NTSTATUS kerberos_decode_pac(TALLOC_CTX *mem_ctx, + status = ndr_map_error2ntstatus(ndr_err); + DEBUG(0,("can't repack the RAW PAC: %s\n", + nt_errstr(status))); +- talloc_free(tmp_ctx); +- return status; ++ goto out; + } + + if (service_keyblock) { +@@ -360,8 +353,8 @@ NTSTATUS kerberos_decode_pac(TALLOC_CTX *mem_ctx, + if (ret) { + DEBUG(5, ("PAC Decode: Failed to verify the service " + "signature: %s\n", error_message(ret))); +- talloc_free(tmp_ctx); +- return NT_STATUS_ACCESS_DENIED; ++ status = NT_STATUS_ACCESS_DENIED; ++ goto out; + } + + if (krbtgt_keyblock) { +@@ -371,8 +364,8 @@ NTSTATUS kerberos_decode_pac(TALLOC_CTX *mem_ctx, + if (ret) { + DEBUG(1, ("PAC Decode: Failed to verify the KDC signature: %s\n", + smb_get_krb5_error_message(context, ret, tmp_ctx))); +- talloc_free(tmp_ctx); +- return NT_STATUS_ACCESS_DENIED; ++ status = NT_STATUS_ACCESS_DENIED; ++ goto out; + } + } + } +@@ -388,8 +381,8 @@ NTSTATUS kerberos_decode_pac(TALLOC_CTX *mem_ctx, + nt_time_string(tmp_ctx, logon_name->logon_time))); + DEBUG(2, ("PAC Decode: Ticket: %s\n", + nt_time_string(tmp_ctx, tgs_authtime_nttime))); +- talloc_free(tmp_ctx); +- return NT_STATUS_ACCESS_DENIED; ++ status = NT_STATUS_ACCESS_DENIED; ++ goto out; + } + } + +@@ -401,8 +394,8 @@ NTSTATUS kerberos_decode_pac(TALLOC_CTX *mem_ctx, + if (ret) { + DEBUG(2, ("Could not unparse name from ticket to match with name from PAC: [%s]:%s\n", + logon_name->account_name, error_message(ret))); +- talloc_free(tmp_ctx); +- return NT_STATUS_INVALID_PARAMETER; ++ status = NT_STATUS_INVALID_PARAMETER; ++ goto out; + } + + bool_ret = strcmp(client_principal_string, logon_name->account_name) == 0; +@@ -413,8 +406,8 @@ NTSTATUS kerberos_decode_pac(TALLOC_CTX *mem_ctx, + logon_name->account_name, + client_principal_string)); + SAFE_FREE(client_principal_string); +- talloc_free(tmp_ctx); +- return NT_STATUS_ACCESS_DENIED; ++ status = NT_STATUS_ACCESS_DENIED; ++ goto out; + } + SAFE_FREE(client_principal_string); + +@@ -435,10 +428,15 @@ NTSTATUS kerberos_decode_pac(TALLOC_CTX *mem_ctx, + } + + if (pac_data_out) { +- *pac_data_out = talloc_steal(mem_ctx, pac_data); ++ *pac_data_out = talloc_move(mem_ctx, &pac_data); + } + +- return NT_STATUS_OK; ++ status = NT_STATUS_OK; ++ ++ out: ++ ++ TALLOC_FREE(tmp_ctx); ++ return status; + } + + NTSTATUS kerberos_pac_logon_info(TALLOC_CTX *mem_ctx, +-- +2.49.0 + + +From ffdb675281389635e34b6f06d68222db5f2e83a5 Mon Sep 17 00:00:00 2001 +From: Ralph Boehme +Date: Thu, 9 Jan 2025 08:57:17 +0100 +Subject: [PATCH 09/24] dbwrap: check for option "tdb_hash_size:DBNAME.tdb" in + db_open() + +BUG: https://bugzilla.samba.org/show_bug.cgi?id=15767 + +Signed-off-by: Ralph Boehme +Reviewed-by: Stefan Metzmacher +(cherry picked from commit 7eb135c42d530a16e80e165d9e8e99d920797f12) +--- + source3/lib/dbwrap/dbwrap_open.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/source3/lib/dbwrap/dbwrap_open.c b/source3/lib/dbwrap/dbwrap_open.c +index 52c8a94aeff..91556f22819 100644 +--- a/source3/lib/dbwrap/dbwrap_open.c ++++ b/source3/lib/dbwrap/dbwrap_open.c +@@ -80,6 +80,11 @@ struct db_context *db_open(TALLOC_CTX *mem_ctx, + base = name; + } + ++ hash_size = lp_parm_int(GLOBAL_SECTION_SNUM, ++ "tdb_hash_size", ++ base, ++ hash_size); ++ + if (tdb_flags & TDB_CLEAR_IF_FIRST) { + bool try_readonly = false; + +-- +2.49.0 + + +From fd7331e9e50c130d98b490c3cc1d8fa77ec575a1 Mon Sep 17 00:00:00 2001 +From: Ralph Boehme +Date: Thu, 9 Jan 2025 12:27:43 +0100 +Subject: [PATCH 10/24] smbtorture: add test "open-brlock-deadlock" + +smbtorture reproducer for bug 15767. As it needs a very specific setup that +can't easily be done in selftest, the test is only executed when manually called +with + + --option=torture:open_brlock_deadlock_timemout=SEC + +To prepare the setup for the test set: + + tdb_hash_size:locking.tdb = 1 + tdb_hash_size:brlock.tdb = 1 + +and remove both tdb from disk which is needed so the TDBs get recreated with the +new hash_size. + +BUG: https://bugzilla.samba.org/show_bug.cgi?id=15767 + +Signed-off-by: Ralph Boehme +Reviewed-by: Stefan Metzmacher +(cherry picked from commit 7c60498cee7dca5770d4d1f623c472d585ae9cae) +--- + source4/torture/smb2/lock.c | 283 ++++++++++++++++++++++++++++++++++++ + 1 file changed, 283 insertions(+) + +diff --git a/source4/torture/smb2/lock.c b/source4/torture/smb2/lock.c +index eac0d557fc3..e5cf61a471a 100644 +--- a/source4/torture/smb2/lock.c ++++ b/source4/torture/smb2/lock.c +@@ -3465,6 +3465,288 @@ done: + return ret; + } + ++struct open_brlock_deadlock_state { ++ bool stop; ++ bool ok; ++ struct torture_context *tctx; ++ struct smb2_tree *tree1; ++ struct smb2_tree *tree2; ++ struct smb2_create cr; ++ struct smb2_request *cr_req; ++ struct smb2_close cl; ++ struct smb2_request *cl_req; ++ ++ struct smb2_lock_element el; ++ struct smb2_lock lock; ++ struct smb2_request *lock_req; ++}; ++ ++static void test_open_brlock_deadlock_loop_opened(struct smb2_request *req); ++ ++static void test_open_brlock_deadlock_loop_open( ++ struct open_brlock_deadlock_state *state) ++{ ++ if (state->stop) { ++ return; ++ } ++ ++ state->cr_req = smb2_create_send(state->tree1, &state->cr); ++ torture_assert_goto(state->tctx, state->cr_req != NULL, state->ok, failed, ++ "smb2_create_send failed\n"); ++ ++ state->cr_req->async.fn = test_open_brlock_deadlock_loop_opened; ++ state->cr_req->async.private_data = state; ++ return; ++failed: ++ state->stop = true; ++} ++ ++static void test_open_brlock_deadlock_loop_close( ++ struct open_brlock_deadlock_state *state); ++ ++static void test_open_brlock_deadlock_loop_opened(struct smb2_request *req) ++{ ++ struct open_brlock_deadlock_state *state = req->async.private_data; ++ TALLOC_CTX *frame = talloc_stackframe(); ++ NTSTATUS status; ++ ++ status = smb2_create_recv(req, frame, &state->cr); ++ torture_assert_ntstatus_ok_goto(state->tctx, status, ++ state->ok, failed, __location__); ++ state->cr_req = NULL; ++ ++ TALLOC_FREE(frame); ++ test_open_brlock_deadlock_loop_close(state); ++ return; ++ ++failed: ++ state->stop = true; ++ TALLOC_FREE(frame); ++} ++ ++static void test_open_brlock_deadlock_loop_closed(struct smb2_request *req); ++ ++static void test_open_brlock_deadlock_loop_close( ++ struct open_brlock_deadlock_state *state) ++{ ++ if (state->stop) { ++ return; ++ } ++ ++ state->cl.in.file = state->cr.out.file; ++ state->cl_req = smb2_close_send(state->tree1, &state->cl); ++ torture_assert_goto(state->tctx, state->cl_req != NULL, state->ok, failed, ++ "smb2_create_send failed\n"); ++ ++ state->cl_req->async.fn = test_open_brlock_deadlock_loop_closed; ++ state->cl_req->async.private_data = state; ++ return; ++failed: ++ state->stop = true; ++} ++ ++static void test_open_brlock_deadlock_loop_closed(struct smb2_request *req) ++{ ++ struct open_brlock_deadlock_state *state = req->async.private_data; ++ TALLOC_CTX *frame = talloc_stackframe(); ++ NTSTATUS status; ++ ++ status = smb2_close_recv(req, &state->cl); ++ torture_assert_ntstatus_ok_goto(state->tctx, status, ++ state->ok, failed, __location__); ++ state->cl_req = NULL; ++ ++ TALLOC_FREE(frame); ++ test_open_brlock_deadlock_loop_open(state); ++ return; ++ ++failed: ++ state->stop = true; ++ TALLOC_FREE(frame); ++} ++ ++static void test_open_brlock_deadlock_loop_locked(struct smb2_request *req); ++ ++static void test_open_brlock_deadlock_loop_lock( ++ struct open_brlock_deadlock_state *state) ++{ ++ if (state->stop) { ++ return; ++ } ++ ++ state->el.flags = SMB2_LOCK_FLAG_EXCLUSIVE; ++ ++ state->lock_req = smb2_lock_send(state->tree2, &state->lock); ++ torture_assert_goto(state->tctx, state->lock_req != NULL, ++ state->ok, failed, ++ "smb2_create_send failed\n"); ++ ++ state->lock_req->async.fn = test_open_brlock_deadlock_loop_locked; ++ state->lock_req->async.private_data = state; ++ return; ++failed: ++ state->stop = true; ++} ++ ++static void test_open_brlock_deadlock_loop_unlock( ++ struct open_brlock_deadlock_state *state); ++ ++static void test_open_brlock_deadlock_loop_locked(struct smb2_request *req) ++{ ++ struct open_brlock_deadlock_state *state = req->async.private_data; ++ TALLOC_CTX *frame = talloc_stackframe(); ++ NTSTATUS status; ++ ++ status = smb2_lock_recv(req, &state->lock); ++ torture_assert_ntstatus_ok_goto(state->tctx, status, ++ state->ok, failed, __location__); ++ state->lock_req = NULL; ++ ++ TALLOC_FREE(frame); ++ test_open_brlock_deadlock_loop_unlock(state); ++ return; ++ ++failed: ++ state->stop = true; ++ TALLOC_FREE(frame); ++} ++ ++static void test_open_brlock_deadlock_loop_unlocked(struct smb2_request *req); ++ ++static void test_open_brlock_deadlock_loop_unlock( ++ struct open_brlock_deadlock_state *state) ++{ ++ if (state->stop) { ++ return; ++ } ++ ++ state->el.flags = SMB2_LOCK_FLAG_UNLOCK; ++ ++ state->lock_req = smb2_lock_send(state->tree2, &state->lock); ++ torture_assert_goto(state->tctx, state->lock_req != NULL, ++ state->ok, failed, ++ "smb2_create_send failed\n"); ++ ++ state->lock_req->async.fn = test_open_brlock_deadlock_loop_unlocked; ++ state->lock_req->async.private_data = state; ++ return; ++failed: ++ state->stop = true; ++} ++ ++static void test_open_brlock_deadlock_loop_unlocked(struct smb2_request *req) ++{ ++ struct open_brlock_deadlock_state *state = req->async.private_data; ++ TALLOC_CTX *frame = talloc_stackframe(); ++ NTSTATUS status; ++ ++ status = smb2_lock_recv(req, &state->lock); ++ torture_assert_ntstatus_ok_goto(state->tctx, status, ++ state->ok, failed, __location__); ++ state->lock_req = NULL; ++ ++ TALLOC_FREE(frame); ++ test_open_brlock_deadlock_loop_lock(state); ++ return; ++ ++failed: ++ state->stop = true; ++ TALLOC_FREE(frame); ++} ++ ++ ++static void test_open_brlock_deadlock_timeout(struct tevent_context *ev, ++ struct tevent_timer *te, ++ struct timeval current_time, ++ void *private_data) ++{ ++ struct open_brlock_deadlock_state *state = private_data; ++ state->stop = true; ++} ++ ++static bool test_open_brlock_deadlock(struct torture_context *tctx, ++ struct smb2_tree *tree1, ++ struct smb2_tree *tree2) ++{ ++ int timeout_sec = torture_setting_int(tctx, "open_brlock_deadlock_timemout", 0); ++ const char *fname1 = BASEDIR "\\test_open_brlock_deadlock1.txt"; ++ const char *fname2 = BASEDIR "\\test_open_brlock_deadlock2.txt"; ++ struct open_brlock_deadlock_state state; ++ struct smb2_handle h = {}; ++ uint8_t buf[200]; ++ struct tevent_timer *te = NULL; ++ NTSTATUS status; ++ bool ret = true; ++ ++ if (timeout_sec == 0) { ++ torture_skip_goto(tctx, done, "Test skipped, pass '--option=torture:open_brlock_deadlock_timemout=SEC' to run\n"); ++ } ++ ++ state = (struct open_brlock_deadlock_state) { ++ .tctx = tctx, ++ .tree1 = tree1, ++ .tree2 = tree2, ++ }; ++ ++ ret = smb2_util_setup_dir(tctx, tree1, BASEDIR); ++ torture_assert_goto(tctx, ret, ret, done, ++ "smb2_util_setup_dir failed"); ++ ++ status = torture_smb2_testfile(tree1, fname1, &h); ++ torture_assert_ntstatus_ok_goto(tctx, status, ret, done, ++ "torture_smb2_testfile failed"); ++ status = smb2_util_close(tree1, h); ++ torture_assert_ntstatus_ok_goto(tctx, status, ret, done, ++ "smb2_util_close failed"); ++ ++ status = torture_smb2_testfile(tree2, fname2, &h); ++ torture_assert_ntstatus_ok_goto(tctx, status, ret, done, ++ "torture_smb2_testfile failed"); ++ ++ status = smb2_util_write(tree2, h, buf, 0, ARRAY_SIZE(buf)); ++ torture_assert_ntstatus_ok_goto(tctx, status, ret, done, ++ "smb2_util_write failed"); ++ ++ state.cr = (struct smb2_create) { ++ .in.desired_access = SEC_FILE_READ_DATA, ++ .in.share_access = NTCREATEX_SHARE_ACCESS_MASK, ++ .in.create_disposition = NTCREATEX_DISP_OPEN, ++ .in.fname = fname1, ++ }; ++ ++ state.el = (struct smb2_lock_element) { ++ .length = 1, ++ .offset = 0, ++ }; ++ state.lock = (struct smb2_lock) { ++ .in.locks = &state.el, ++ .in.lock_count = 1, ++ .in.file.handle = h, ++ }; ++ ++ te = tevent_add_timer(tctx->ev, ++ tctx, ++ timeval_current_ofs(timeout_sec, 0), ++ test_open_brlock_deadlock_timeout, ++ &state); ++ torture_assert_goto(tctx, te != NULL, ret, done, __location__); ++ ++ test_open_brlock_deadlock_loop_open(&state); ++ test_open_brlock_deadlock_loop_lock(&state); ++ ++ while (!state.stop) { ++ int rc = tevent_loop_once(tctx->ev); ++ torture_assert_int_equal(tctx, rc, 0, "tevent_loop_once"); ++ } ++ ++done: ++ if (!smb2_util_handle_empty(h)) { ++ smb2_util_close(tree2, h); ++ } ++ smb2_deltree(tree1, BASEDIR); ++ return ret; ++} ++ + /* basic testing of SMB2 locking + */ + struct torture_suite *torture_smb2_lock_init(TALLOC_CTX *ctx) +@@ -3506,6 +3788,7 @@ struct torture_suite *torture_smb2_lock_init(TALLOC_CTX *ctx) + torture_suite_add_1smb2_test(suite, "replay_smb3_specification_multi", + test_replay_smb3_specification_multi); + torture_suite_add_1smb2_test(suite, "ctdb-delrec-deadlock", test_deadlock); ++ torture_suite_add_2smb2_test(suite, "open-brlock-deadlock", test_open_brlock_deadlock); + + suite->description = talloc_strdup(suite, "SMB2-LOCK tests"); + +-- +2.49.0 + + +From fe9563bc0140fbbb2aa5a6342a1948984c59043a Mon Sep 17 00:00:00 2001 +From: Stefan Metzmacher +Date: Mon, 6 Jan 2025 15:59:27 +0100 +Subject: [PATCH 11/24] s3/brlock: split out brl_get_locks_readonly_parse() + +BUG: https://bugzilla.samba.org/show_bug.cgi?id=15767 + +Pair-Programmed-With: Ralph Boehme +Signed-off-by: Ralph Boehme +Signed-off-by: Stefan Metzmacher +(cherry picked from commit 94e7cbcc32b73e4d56e7209e04d22d4270a6eb5b) +--- + source3/locking/brlock.c | 43 ++++++++++++++++++++++++++-------------- + 1 file changed, 28 insertions(+), 15 deletions(-) + +diff --git a/source3/locking/brlock.c b/source3/locking/brlock.c +index b0295174954..c75b83c048d 100644 +--- a/source3/locking/brlock.c ++++ b/source3/locking/brlock.c +@@ -1768,29 +1768,18 @@ static void brl_get_locks_readonly_parser(TDB_DATA key, TDB_DATA data, + *state->br_lock = br_lck; + } + +-struct byte_range_lock *brl_get_locks_readonly(files_struct *fsp) ++static struct byte_range_lock *brl_get_locks_readonly_parse(TALLOC_CTX *mem_ctx, ++ files_struct *fsp) + { + struct byte_range_lock *br_lock = NULL; + struct brl_get_locks_readonly_state state; + NTSTATUS status; + +- DEBUG(10, ("seqnum=%d, fsp->brlock_seqnum=%d\n", +- dbwrap_get_seqnum(brlock_db), fsp->brlock_seqnum)); +- +- if ((fsp->brlock_rec != NULL) +- && (dbwrap_get_seqnum(brlock_db) == fsp->brlock_seqnum)) { +- /* +- * We have cached the brlock_rec and the database did not +- * change. +- */ +- return fsp->brlock_rec; +- } +- + /* + * Parse the record fresh from the database + */ + +- state.mem_ctx = fsp; ++ state.mem_ctx = mem_ctx; + state.br_lock = &br_lock; + + status = dbwrap_parse_record( +@@ -1803,7 +1792,7 @@ struct byte_range_lock *brl_get_locks_readonly(files_struct *fsp) + /* + * No locks on this file. Return an empty br_lock. + */ +- br_lock = talloc_zero(fsp, struct byte_range_lock); ++ br_lock = talloc_zero(mem_ctx, struct byte_range_lock); + if (br_lock == NULL) { + return NULL; + } +@@ -1821,6 +1810,30 @@ struct byte_range_lock *brl_get_locks_readonly(files_struct *fsp) + br_lock->modified = false; + br_lock->record = NULL; + ++ return br_lock; ++} ++ ++struct byte_range_lock *brl_get_locks_readonly(files_struct *fsp) ++{ ++ struct byte_range_lock *br_lock = NULL; ++ ++ DEBUG(10, ("seqnum=%d, fsp->brlock_seqnum=%d\n", ++ dbwrap_get_seqnum(brlock_db), fsp->brlock_seqnum)); ++ ++ if ((fsp->brlock_rec != NULL) ++ && (dbwrap_get_seqnum(brlock_db) == fsp->brlock_seqnum)) { ++ /* ++ * We have cached the brlock_rec and the database did not ++ * change. ++ */ ++ return fsp->brlock_rec; ++ } ++ ++ br_lock = brl_get_locks_readonly_parse(fsp, fsp); ++ if (br_lock == NULL) { ++ return NULL; ++ } ++ + /* + * Cache the brlock struct, invalidated when the dbwrap_seqnum + * changes. See beginning of this routine. +-- +2.49.0 + + +From 2c3e6fed2b1fc6e854293446ed74b9e98900815e Mon Sep 17 00:00:00 2001 +From: Stefan Metzmacher +Date: Mon, 6 Jan 2025 17:07:11 +0100 +Subject: [PATCH 12/24] s3/brlock: add brl_req_set() + +BUG: https://bugzilla.samba.org/show_bug.cgi?id=15767 + +Signed-off-by: Stefan Metzmacher +Reviewed-by: Ralph Boehme +(cherry picked from commit c9c04c7d75dee0c3e6e843b581624a3852042057) +--- + source3/locking/brlock.c | 9 +++++++++ + source3/locking/proto.h | 3 +++ + 2 files changed, 12 insertions(+) + +diff --git a/source3/locking/brlock.c b/source3/locking/brlock.c +index c75b83c048d..51d9dc2e599 100644 +--- a/source3/locking/brlock.c ++++ b/source3/locking/brlock.c +@@ -84,6 +84,15 @@ struct files_struct *brl_fsp(struct byte_range_lock *brl) + return brl->fsp; + } + ++ ++void brl_req_set(struct byte_range_lock *br_lck, ++ TALLOC_CTX *req_mem_ctx, ++ const struct GUID *req_guid) ++{ ++ br_lck->req_mem_ctx = req_mem_ctx; ++ br_lck->req_guid = req_guid; ++} ++ + TALLOC_CTX *brl_req_mem_ctx(const struct byte_range_lock *brl) + { + if (brl->req_mem_ctx == NULL) { +diff --git a/source3/locking/proto.h b/source3/locking/proto.h +index 7fc177d7aa6..3413596baed 100644 +--- a/source3/locking/proto.h ++++ b/source3/locking/proto.h +@@ -32,6 +32,9 @@ void brl_shutdown(void); + + unsigned int brl_num_locks(const struct byte_range_lock *brl); + struct files_struct *brl_fsp(struct byte_range_lock *brl); ++void brl_req_set(struct byte_range_lock *br_lck, ++ TALLOC_CTX *req_mem_ctx, ++ const struct GUID *req_guid); + TALLOC_CTX *brl_req_mem_ctx(const struct byte_range_lock *brl); + const struct GUID *brl_req_guid(const struct byte_range_lock *brl); + +-- +2.49.0 + + +From 1a3c7565c112ba2bf6342c93f74b1888fb1dcdfc Mon Sep 17 00:00:00 2001 +From: Ralph Boehme +Date: Sat, 1 Feb 2025 10:37:40 +0100 +Subject: [PATCH 13/24] s3/brlock: add share_mode_do_locked_brl() + +BUG: https://bugzilla.samba.org/show_bug.cgi?id=15767 + +Pair-Programmed-With: Stefan Metzmacher +Signed-off-by: Ralph Boehme +Signed-off-by: Stefan Metzmacher +(cherry picked from commit e17fb732c89f8b34de00904383044de3c4f85bd0) +--- + source3/locking/brlock.c | 103 +++++++++++++++++++++++++++++++++++++++ + source3/locking/proto.h | 8 +++ + 2 files changed, 111 insertions(+) + +diff --git a/source3/locking/brlock.c b/source3/locking/brlock.c +index 51d9dc2e599..fcbce52f9c1 100644 +--- a/source3/locking/brlock.c ++++ b/source3/locking/brlock.c +@@ -34,6 +34,7 @@ + #include "serverid.h" + #include "messages.h" + #include "util_tdb.h" ++#include "source3/locking/share_mode_lock.h" + + #undef DBGC_CLASS + #define DBGC_CLASS DBGC_LOCKING +@@ -1927,3 +1928,105 @@ done: + talloc_free(frame); + return ret; + } ++ ++struct share_mode_do_locked_brl_state { ++ share_mode_do_locked_brl_fn_t cb; ++ void *cb_data; ++ struct files_struct *fsp; ++ NTSTATUS status; ++}; ++ ++static void share_mode_do_locked_brl_fn(struct share_mode_lock *lck, ++ void *private_data) ++{ ++ struct share_mode_do_locked_brl_state *state = private_data; ++ struct byte_range_lock *br_lck = NULL; ++ TDB_DATA key = make_tdb_data((uint8_t *)&state->fsp->file_id, ++ sizeof(state->fsp->file_id)); ++ ++ if (lp_locking(state->fsp->conn->params) && ++ state->fsp->fsp_flags.can_lock) ++ { ++ br_lck = brl_get_locks_readonly_parse(talloc_tos(), ++ state->fsp); ++ if (br_lck == NULL) { ++ state->status = NT_STATUS_NO_MEMORY; ++ return; ++ } ++ } ++ ++ state->cb(lck, br_lck, state->cb_data); ++ ++ if (br_lck == NULL || !br_lck->modified) { ++ TALLOC_FREE(br_lck); ++ return; ++ } ++ ++ br_lck->record = dbwrap_fetch_locked(brlock_db, br_lck, key); ++ if (br_lck->record == NULL) { ++ DBG_ERR("Could not lock byte range lock entry for '%s'\n", ++ fsp_str_dbg(state->fsp)); ++ TALLOC_FREE(br_lck); ++ state->status = NT_STATUS_INTERNAL_DB_ERROR; ++ return; ++ } ++ ++ byte_range_lock_flush(br_lck); ++ share_mode_wakeup_waiters(br_lck->fsp->file_id); ++ TALLOC_FREE(br_lck); ++} ++ ++/* ++ * Run cb with a glock'ed locking.tdb record, providing both a share_mode_lock ++ * and a br_lck object. An initial read-only, but upgradable, br_lck object is ++ * fetched from brlock.tdb while holding the glock on the locking.tdb record. ++ * ++ * This function only ever hold one low-level TDB chainlock at a time on either ++ * locking.tdb or brlock.tdb, so it can't run afoul any lock order violations. ++ * ++ * Note that br_lck argument in the callback might be NULL in case lp_locking() ++ * is disabled, the fsp doesn't allow locking or is a directory, so either ++ * the caller or the callback have to check for this. ++ */ ++NTSTATUS share_mode_do_locked_brl(files_struct *fsp, ++ share_mode_do_locked_brl_fn_t cb, ++ void *cb_data) ++{ ++ static bool recursion_guard; ++ TALLOC_CTX *frame = NULL; ++ struct share_mode_do_locked_brl_state state = { ++ .fsp = fsp, ++ .cb = cb, ++ .cb_data = cb_data, ++ }; ++ NTSTATUS status; ++ ++ SMB_ASSERT(!recursion_guard); ++ ++ /* silently return ok on print files as we don't do locking there */ ++ if (fsp->print_file) { ++ return NT_STATUS_OK; ++ } ++ ++ frame = talloc_stackframe(); ++ ++ recursion_guard = true; ++ status = share_mode_do_locked_vfs_allowed( ++ fsp->file_id, ++ share_mode_do_locked_brl_fn, ++ &state); ++ recursion_guard = false; ++ if (!NT_STATUS_IS_OK(status)) { ++ DBG_ERR("share_mode_do_locked_vfs_allowed() failed for %s - %s\n", ++ fsp_str_dbg(fsp), nt_errstr(status)); ++ TALLOC_FREE(frame); ++ return status; ++ } ++ if (!NT_STATUS_IS_OK(state.status)) { ++ TALLOC_FREE(frame); ++ return state.status; ++ } ++ ++ TALLOC_FREE(frame); ++ return NT_STATUS_OK; ++} +diff --git a/source3/locking/proto.h b/source3/locking/proto.h +index 3413596baed..c9d769ba53f 100644 +--- a/source3/locking/proto.h ++++ b/source3/locking/proto.h +@@ -87,6 +87,14 @@ struct byte_range_lock *brl_get_locks_for_locking(TALLOC_CTX *mem_ctx, + files_struct *fsp, + TALLOC_CTX *req_mem_ctx, + const struct GUID *req_guid); ++struct share_mode_lock; ++typedef void (*share_mode_do_locked_brl_fn_t)( ++ struct share_mode_lock *lck, ++ struct byte_range_lock *br_lck, /* br_lck can be NULL */ ++ void *private_data); ++NTSTATUS share_mode_do_locked_brl(files_struct *fsp, ++ share_mode_do_locked_brl_fn_t fn, ++ void *private_data); + struct byte_range_lock *brl_get_locks(TALLOC_CTX *mem_ctx, + files_struct *fsp); + struct byte_range_lock *brl_get_locks_readonly(files_struct *fsp); +-- +2.49.0 + + +From f29fdf9d8da34db5b129f2ccd00a597dcfe68e55 Mon Sep 17 00:00:00 2001 +From: Ralph Boehme +Date: Wed, 8 Jan 2025 15:43:04 +0100 +Subject: [PATCH 14/24] s3/brlock: don't increment current_lock_count if + do_lock_fn() failed + +Also only assign psmblctx and pblocker_pid if the lock request failed. + +BUG: https://bugzilla.samba.org/show_bug.cgi?id=15767 + +Signed-off-by: Ralph Boehme +Reviewed-by: Stefan Metzmacher +(cherry picked from commit 3a0c6e99de4377f44bc29766b6ceb79040caed9f) +--- + source3/locking/locking.c | 20 +++++++++++--------- + 1 file changed, 11 insertions(+), 9 deletions(-) + +diff --git a/source3/locking/locking.c b/source3/locking/locking.c +index 41b54b14c6b..ea692711627 100644 +--- a/source3/locking/locking.c ++++ b/source3/locking/locking.c +@@ -344,19 +344,21 @@ NTSTATUS do_lock(files_struct *fsp, + nt_errstr(status)); + return status; + } +- +- if (psmblctx != NULL) { +- *psmblctx = state.blocker_smblctx; +- } +- if (pblocker_pid != NULL) { +- *pblocker_pid = state.blocker_pid; ++ if (!NT_STATUS_IS_OK(state.status)) { ++ DBG_DEBUG("do_lock_fn returned %s\n", ++ nt_errstr(state.status)); ++ if (psmblctx != NULL) { ++ *psmblctx = state.blocker_smblctx; ++ } ++ if (pblocker_pid != NULL) { ++ *pblocker_pid = state.blocker_pid; ++ } ++ return state.status; + } + +- DBG_DEBUG("returning status=%s\n", nt_errstr(state.status)); +- + increment_current_lock_count(fsp, lock_flav); + +- return state.status; ++ return NT_STATUS_OK; + } + + /**************************************************************************** +-- +2.49.0 + + +From 68a48f73a8987db27d80d13f2871fd9c057df196 Mon Sep 17 00:00:00 2001 +From: Ralph Boehme +Date: Wed, 29 Jan 2025 06:13:29 +0100 +Subject: [PATCH 15/24] s3/locking: add brl_set_modified() + +BUG: https://bugzilla.samba.org/show_bug.cgi?id=15767 + +Signed-off-by: Ralph Boehme +Reviewed-by: Stefan Metzmacher +(cherry picked from commit 2772f147c9b13cd2160181c4f7905b54ab765054) +--- + source3/locking/brlock.c | 5 +++++ + source3/locking/proto.h | 1 + + 2 files changed, 6 insertions(+) + +diff --git a/source3/locking/brlock.c b/source3/locking/brlock.c +index fcbce52f9c1..0e58339b108 100644 +--- a/source3/locking/brlock.c ++++ b/source3/locking/brlock.c +@@ -2030,3 +2030,8 @@ NTSTATUS share_mode_do_locked_brl(files_struct *fsp, + TALLOC_FREE(frame); + return NT_STATUS_OK; + } ++ ++void brl_set_modified(struct byte_range_lock *br_lck, bool modified) ++{ ++ br_lck->modified = modified; ++} +diff --git a/source3/locking/proto.h b/source3/locking/proto.h +index c9d769ba53f..c74539c8161 100644 +--- a/source3/locking/proto.h ++++ b/source3/locking/proto.h +@@ -99,6 +99,7 @@ struct byte_range_lock *brl_get_locks(TALLOC_CTX *mem_ctx, + files_struct *fsp); + struct byte_range_lock *brl_get_locks_readonly(files_struct *fsp); + bool brl_cleanup_disconnected(struct file_id fid, uint64_t open_persistent_id); ++void brl_set_modified(struct byte_range_lock *br_lck, bool modified); + + /* The following definitions come from locking/locking.c */ + +-- +2.49.0 + + +From 4888165536438d742e46be57087dbc2b29bd190c Mon Sep 17 00:00:00 2001 +From: Ralph Boehme +Date: Wed, 29 Jan 2025 06:13:44 +0100 +Subject: [PATCH 16/24] smbd: use share_mode_do_locked_brl() + +Fix a deadlock that can happen if two clients happen to open and byte-range-lock +two different files whos record in locking.tdb and brlock.tdb happen to sit on +the same hashchain. + +The deadlock was introduced by commit +680c7907325b433856ac1dd916ab63e671fbe4ab. Before, we used share_mode_do_locked() +in do_lock() which meant we acquired a chainlock on locking.tdb before getting a +chainlock on brlock.tdb via brl_get_locks_for_locking(), so the TDB chainlock +order invariant was always uphold. + +The following race between specific client requests lead to the deadlock. + +Client A) issues a byte-range-lock request on a file: + +A1) glock locking.tdb (via _share_mode_do_locked_vfs_allowed()) +A2) chainlock brlock.tdb (via brl_lock()) +A3) attempt to chainlock locking.tdb (via share_mode_g_lock_dump()) +[1] + +Client B) opens a different (!) file: + +B1) glock and chainlock locking.tdb (via _share_mode_entry_prepare_lock()) +B2) attempt to chainlock brlock.tdb (via file_has_brlocks()) +[2] + +The glock from A1 is per record and hence doesn't synchronize with the glock +from B1 as it is for a different file and hence a different record, subsequently +A2 and A3 violate the lock order constraint + +To avoid the chainlock lock order violation in the second client we modify the +br-lock code to not take the brlock.tdb chainlock from step A2 via +br_get_locks() for the whole time we process the request. Instead we just fetch +the br-locks via br_get_locks_readonly(), so when running into +contend_level2_oplocks_begin_default() to check for leases and looking into +locking.tdb we don't hold a brlock.tdb chainlock. + +Or im simpler terms, we only ever take at most one low-level TDB chainlock at a +time: + +Byte-range-lock code calls share_mode_do_locked_brl(..., cb_fn, ...): +1) chainlock locking.tdb +2) glock locking.tdb (via share_mode_do_locked_vfs_allowed()) +3) chainunlock locking.tdb +4) share_mode_do_locked_brl_fn() -> brl_get_locks_readonly_parse(): + a) chainlock brlock.tdb + b) parse record and store in-memory copy + c) chainunlock brlock.tdb +5) run cb_fn() +6) chainlock brlock.tdb: + a) br_lck->record = dbwrap_fetch_locked(brlock_db, ...) + b) store modifed br_lck from 5) via byte_range_lock_flush() +7) chainunlock brlock.tdb +8) chainlock locking.tdb +9) gunlock locking.tdb +10) chainunlock locking.tdb + +All access to brlock.tdb is synchronized correctly via glocks on the locking.tdb +record of the file (step 3)), so operations still appear atomic to clients. + +As a result of using share_mode_do_locked_brl(), the functions do_[un]lock() -> +brl_[un]lock() now loop over the same br_lck object in memory, avoiding +repeatedly fetching and storing the locks per loop. + +[1] +Full SBT: + + #0 0x00007fffa0cecbb0 in __pthread_mutex_lock_full () from /lib64/glibc-hwcaps/power9/libpthread-2.28.so + #1 0x00007fffa0a73cf8 in chain_mutex_lock (m=, m@entry=0x7fff9ae071b0, waitflag=, waitflag@entry=true) at ../../lib/tdb/common/mutex.c:182 + #2 0x00007fffa0a7432c in tdb_mutex_lock (tdb=0x1543ba120, rw=, off=, len=, waitflag=, pret=0x7fffd7df3858) at ../../lib/tdb/common/mutex.c:234 + #3 0x00007fffa0a6812c in fcntl_lock (waitflag=, len=1, off=376608, rw=0, tdb=0x1543ba120) at ../../lib/tdb/common/lock.c:200 + #4 tdb_brlock (tdb=0x1543ba120, rw_type=, offset=, len=1, flags=) at ../../lib/tdb/common/lock.c:200 + #5 0x00007fffa0a68af8 in tdb_nest_lock (flags=, ltype=0, offset=, tdb=0x1543ba120) at ../../lib/tdb/common/lock.c:390 + #6 tdb_nest_lock (tdb=0x1543ba120, offset=, ltype=, flags=) at ../../lib/tdb/common/lock.c:336 + #7 0x00007fffa0a69088 in tdb_lock_list (tdb=0x1543ba120, list=, ltype=, waitflag=) at ../../lib/tdb/common/lock.c:482 + #8 0x00007fffa0a69198 in tdb_lock (tdb=0x1543ba120, list=, ltype=) at ../../lib/tdb/common/lock.c:500 + #9 0x00007fffa0a64b50 in tdb_find_lock_hash (tdb=, tdb@entry=0x1543ba120, key=..., hash=, locktype=, locktype@entry=0, rec=, rec@entry=0x7fffd7df3ab0) at ../../lib/tdb/common/tdb.c:165 + #10 0x00007fffa0a64ed0 in tdb_parse_record (tdb=0x1543ba120, key=..., parser=0x7fffa0e74470 , private_data=0x7fffd7df3b18) at ../../lib/tdb/common/tdb.c:329 + #11 0x00007fffa0e74cbc in db_ctdb_ltdb_parse (db=, private_data=0x7fffd7df3b70, parser=0x7fffa0e76470 , key=...) at ../../source3/lib/dbwrap/dbwrap_ctdb.c:170 + #12 db_ctdb_try_parse_local_record (ctx=ctx@entry=0x1543d4580, key=..., state=state@entry=0x7fffd7df3b70) at ../../source3/lib/dbwrap/dbwrap_ctdb.c:1385 + #13 0x00007fffa0e76024 in db_ctdb_parse_record (db=, key=..., parser=0x7fffa1313910 , private_data=0x7fffd7df3c08) at ../../source3/lib/dbwrap/dbwrap_ctdb.c:1425 + #14 0x00007fffa0884760 in dbwrap_parse_record (db=, key=..., parser=, private_data=) at ../../lib/dbwrap/dbwrap.c:454 + #15 0x00007fffa1313ab4 in dbwrap_watched_parse_record (db=0x1543a7160, key=..., parser=0x7fffa13187d0 , private_data=0x7fffd7df3ce8) at ../../source3/lib/dbwrap/dbwrap_watch.c:783 + #16 0x00007fffa0884760 in dbwrap_parse_record (db=, key=..., parser=, private_data=) at ../../lib/dbwrap/dbwrap.c:454 + #17 0x00007fffa131c004 in g_lock_dump (ctx=, key=..., fn=0x7fffa14f3d70 , private_data=0x7fffd7df3dd8) at ../../source3/lib/g_lock.c:1653 + #18 0x00007fffa14f434c in share_mode_g_lock_dump (key=..., fn=0x7fffa14f3d70 , private_data=0x7fffd7df3dd8) at ../../source3/locking/share_mode_lock.c:96 + #19 0x00007fffa14f8d44 in fsp_update_share_mode_flags (fsp=0x15433c550) at ../../source3/locking/share_mode_lock.c:1181 + #20 file_has_read_lease (fsp=0x15433c550) at ../../source3/locking/share_mode_lock.c:1207 + #21 0x00007fffa15ccc98 in contend_level2_oplocks_begin_default (type=, fsp=0x15433c550) at ../../source3/smbd/smb2_oplock.c:1282 + #22 smbd_contend_level2_oplocks_begin (fsp=0x15433c550, type=) at ../../source3/smbd/smb2_oplock.c:1338 + #23 0x00007fffa0dd0b54 in contend_level2_oplocks_begin (fsp=, type=) at ../../source3/lib/smbd_shim.c:72 + #24 0x00007fffa14ecfd0 in brl_lock_windows_default (br_lck=0x154421330, plock=0x7fffd7df4250) at ../../source3/locking/brlock.c:457 + #25 0x00007fffa150b70c in vfswrap_brl_lock_windows (handle=, br_lck=, plock=) at ../../source3/modules/vfs_default.c:3424 + #26 0x00007fffa1561910 in smb_vfs_call_brl_lock_windows (handle=, br_lck=, plock=) at ../../source3/smbd/vfs.c:2686 + #27 0x00007fff9c0a7350 in smb_time_audit_brl_lock_windows (handle=, br_lck=0x154421330, plock=0x7fffd7df4250) at ../../source3/modules/vfs_time_audit.c:1740 + #28 0x00007fffa1561910 in smb_vfs_call_brl_lock_windows (handle=, br_lck=, plock=) at ../../source3/smbd/vfs.c:2686 + #29 0x00007fffa14ed410 in brl_lock (br_lck=0x154421330, smblctx=3102281601, pid=..., start=0, size=18446744073709551615, lock_type=, lock_flav=WINDOWS_LOCK, blocker_pid=0x7fffd7df4540, psmblctx=0x7fffd7df4558) at ../../source3/locking/brlock.c:1004 + #30 0x00007fffa14e7b18 in do_lock_fn (lck=, private_data=0x7fffd7df4508) at ../../source3/locking/locking.c:271 + #31 0x00007fffa14fcd94 in _share_mode_do_locked_vfs_allowed (id=..., fn=0x7fffa14e7a60 , private_data=0x7fffd7df4508, location=) at ../../source3/locking/share_mode_lock.c:2927 + #32 0x00007fffa14e918c in do_lock (fsp=0x15433c550, req_mem_ctx=, req_guid=, smblctx=, count=18446744073709551615, offset=0, lock_type=, lock_flav=, pblocker_pid=0x7fffd7df46f0, + psmblctx=0x7fffd7df46d8) at ../../source3/locking/locking.c:335 + #33 0x00007fffa155381c in smbd_do_locks_try (fsp=0x15433c550, num_locks=, locks=0x1543bc310, blocker_idx=0x7fffd7df46d6, blocking_pid=0x7fffd7df46f0, blocking_smblctx=0x7fffd7df46d8) at ../../source3/smbd/blocking.c:46 + #34 0x00007fffa159dc90 in smbd_smb2_lock_try (req=req@entry=0x1543bc080) at ../../source3/smbd/smb2_lock.c:590 + #35 0x00007fffa159ee8c in smbd_smb2_lock_send (in_locks=, in_lock_count=1, in_lock_sequence=, fsp=0x15433c550, smb2req=0x1543532e0, ev=0x154328120, mem_ctx=0x1543532e0) at ../../source3/smbd/smb2_lock.c:488 + #36 smbd_smb2_request_process_lock (req=0x1543532e0) at ../../source3/smbd/smb2_lock.c:150 + #37 0x00007fffa158a368 in smbd_smb2_request_dispatch (req=0x1543532e0) at ../../source3/smbd/smb2_server.c:3515 + #38 0x00007fffa158c540 in smbd_smb2_io_handler (fde_flags=, xconn=0x154313f30) at ../../source3/smbd/smb2_server.c:5112 + #39 smbd_smb2_connection_handler (ev=, fde=, flags=, private_data=) at ../../source3/smbd/smb2_server.c:5150 + #40 0x00007fffa1198b2c in tevent_common_invoke_fd_handler (fde=0x1543670f0, flags=, removed=0x0) at ../../lib/tevent/tevent_fd.c:158 + #41 0x00007fffa11a2b9c in epoll_event_loop (tvalp=0x7fffd7df4b28, epoll_ev=0x1543b4e80) at ../../lib/tevent/tevent_epoll.c:730 + #42 epoll_event_loop_once (ev=, location=) at ../../lib/tevent/tevent_epoll.c:946 + #43 0x00007fffa11a0090 in std_event_loop_once (ev=0x154328120, location=0x7fffa1668db8 "../../source3/smbd/smb2_process.c:2158") at ../../lib/tevent/tevent_standard.c:110 + #44 0x00007fffa119744c in _tevent_loop_once (ev=0x154328120, location=0x7fffa1668db8 "../../source3/smbd/smb2_process.c:2158") at ../../lib/tevent/tevent.c:823 + #45 0x00007fffa1197884 in tevent_common_loop_wait (ev=, location=) at ../../lib/tevent/tevent.c:950 + #46 0x00007fffa119ffc0 in std_event_loop_wait (ev=0x154328120, location=0x7fffa1668db8 "../../source3/smbd/smb2_process.c:2158") at ../../lib/tevent/tevent_standard.c:141 + #47 0x00007fffa1197978 in _tevent_loop_wait (ev=, location=) at ../../lib/tevent/tevent.c:971 + #48 0x00007fffa15737fc in smbd_process (ev_ctx=0x154328120, msg_ctx=, sock_fd=, interactive=) at ../../source3/smbd/smb2_process.c:2158 + #49 0x000000011db5c554 in smbd_accept_connection (ev=0x154328120, fde=, flags=, private_data=) at ../../source3/smbd/server.c:1150 + #50 0x00007fffa1198b2c in tevent_common_invoke_fd_handler (fde=0x1543ac2d0, flags=, removed=0x0) at ../../lib/tevent/tevent_fd.c:158 + #51 0x00007fffa11a2b9c in epoll_event_loop (tvalp=0x7fffd7df4f98, epoll_ev=0x154328350) at ../../lib/tevent/tevent_epoll.c:730 + #52 epoll_event_loop_once (ev=, location=) at ../../lib/tevent/tevent_epoll.c:946 + #53 0x00007fffa11a0090 in std_event_loop_once (ev=0x154328120, location=0x11db60b50 "../../source3/smbd/server.c:1499") at ../../lib/tevent/tevent_standard.c:110 + #54 0x00007fffa119744c in _tevent_loop_once (ev=0x154328120, location=0x11db60b50 "../../source3/smbd/server.c:1499") at ../../lib/tevent/tevent.c:823 + #55 0x00007fffa1197884 in tevent_common_loop_wait (ev=, location=) at ../../lib/tevent/tevent.c:950 + #56 0x00007fffa119ffc0 in std_event_loop_wait (ev=0x154328120, location=0x11db60b50 "../../source3/smbd/server.c:1499") at ../../lib/tevent/tevent_standard.c:141 + #57 0x00007fffa1197978 in _tevent_loop_wait (ev=, location=) at ../../lib/tevent/tevent.c:971 + #58 0x000000011db58c54 in smbd_parent_loop (parent=, ev_ctx=0x154328120) at ../../source3/smbd/server.c:1499 + #59 main (argc=, argv=) at ../../source3/smbd/server.c:2258 + +[2] +Full SBT: + + #0 0x00007fffa0cecbb0 in __pthread_mutex_lock_full () from /lib64/glibc-hwcaps/power9/libpthread-2.28.so + #1 0x00007fffa0a73cf8 in chain_mutex_lock (m=, m@entry=0x7fff9b3a71b0, waitflag=, waitflag@entry=true) at ../../lib/tdb/common/mutex.c:182 + #2 0x00007fffa0a7432c in tdb_mutex_lock (tdb=0x1543c6900, rw=, off=, len=, waitflag=, pret=0x7fffd7df2e28) at ../../lib/tdb/common/mutex.c:234 + #3 0x00007fffa0a6812c in fcntl_lock (waitflag=, len=1, off=376608, rw=0, tdb=0x1543c6900) at ../../lib/tdb/common/lock.c:200 + #4 tdb_brlock (tdb=0x1543c6900, rw_type=, offset=, len=1, flags=) at ../../lib/tdb/common/lock.c:200 + #5 0x00007fffa0a68af8 in tdb_nest_lock (flags=, ltype=0, offset=, tdb=0x1543c6900) at ../../lib/tdb/common/lock.c:390 + #6 tdb_nest_lock (tdb=0x1543c6900, offset=, ltype=, flags=) at ../../lib/tdb/common/lock.c:336 + #7 0x00007fffa0a69088 in tdb_lock_list (tdb=0x1543c6900, list=, ltype=, waitflag=) at ../../lib/tdb/common/lock.c:482 + #8 0x00007fffa0a69198 in tdb_lock (tdb=0x1543c6900, list=, ltype=) at ../../lib/tdb/common/lock.c:500 + #9 0x00007fffa0a64b50 in tdb_find_lock_hash (tdb=, tdb@entry=0x1543c6900, key=..., hash=, locktype=, locktype@entry=0, rec=, rec@entry=0x7fffd7df3080) at ../../lib/tdb/common/tdb.c:165 + #10 0x00007fffa0a64ed0 in tdb_parse_record (tdb=0x1543c6900, key=..., parser=0x7fffa0e74470 , private_data=0x7fffd7df30e8) at ../../lib/tdb/common/tdb.c:329 + #11 0x00007fffa0e74cbc in db_ctdb_ltdb_parse (db=, private_data=0x7fffd7df3140, parser=0x7fffa0e76470 , key=...) at ../../source3/lib/dbwrap/dbwrap_ctdb.c:170 + #12 db_ctdb_try_parse_local_record (ctx=ctx@entry=0x154328fc0, key=..., state=state@entry=0x7fffd7df3140) at ../../source3/lib/dbwrap/dbwrap_ctdb.c:1385 + #13 0x00007fffa0e76024 in db_ctdb_parse_record (db=, key=..., parser=0x7fffa14ec820 , private_data=0x7fffd7df3218) at ../../source3/lib/dbwrap/dbwrap_ctdb.c:1425 + #14 0x00007fffa0884760 in dbwrap_parse_record (db=, key=..., parser=, private_data=) at ../../lib/dbwrap/dbwrap.c:454 + #15 0x00007fffa14ef5bc in brl_get_locks_readonly (fsp=0x1543d01e0) at ../../source3/locking/brlock.c:1884 + #16 0x00007fffa1546968 in file_has_brlocks (fsp=0x1543d01e0) at ../../source3/smbd/open.c:2232 + #17 delay_for_oplock (pgranted=, poplock_type=, first_open_attempt=, create_disposition=1, have_sharing_violation=false, lck=0x7fffd7df3ce8, lease=0x0, oplock_request=0, fsp=0x1543d01e0) at ../../source3/smbd/open.c:2749 + #18 handle_share_mode_lease (pgranted=, poplock_type=, first_open_attempt=, lease=0x0, oplock_request=0, share_access=7, access_mask=131201, create_disposition=1, lck=0x7fffd7df3ce8, fsp=0x1543d01e0) at ../../source3/smbd/open.c:2865 + #19 check_and_store_share_mode (first_open_attempt=, lease=0x0, oplock_request=0, share_access=7, access_mask=131201, create_disposition=1, lck=0x7fffd7df3ce8, req=0x154414800, fsp=0x1543d01e0) at ../../source3/smbd/open.c:3333 + #20 open_ntcreate_lock_add_entry (lck=0x7fffd7df3ce8, keep_locked=0x7fffd7df3ad0, private_data=0x7fffd7df3cc8) at ../../source3/smbd/open.c:3688 + #21 0x00007fffa14f6248 in share_mode_entry_prepare_lock_fn (glck=0x7fffd7df35b8, cb_private=0x7fffd7df3a88) at ../../source3/locking/share_mode_lock.c:2978 + #22 0x00007fffa1317680 in g_lock_lock_cb_run_and_store (cb_state=cb_state@entry=0x7fffd7df35b8) at ../../source3/lib/g_lock.c:597 + #23 0x00007fffa1319df8 in g_lock_lock_simple_fn (rec=0x7fffd7df3798, value=..., private_data=0x7fffd7df39a0) at ../../source3/lib/g_lock.c:1212 + #24 0x00007fffa13160e0 in dbwrap_watched_do_locked_fn (backend_rec=, backend_value=..., private_data=0x7fffd7df3768) at ../../source3/lib/dbwrap/dbwrap_watch.c:458 + #25 0x00007fffa0884e48 in dbwrap_do_locked (db=, key=..., fn=0x7fffa1316080 , private_data=0x7fffd7df3768) at ../../lib/dbwrap/dbwrap.c:602 + #26 0x00007fffa1315274 in dbwrap_watched_do_locked (db=0x1543a7160, key=..., fn=0x7fffa1319ca0 , private_data=0x7fffd7df39a0) at ../../source3/lib/dbwrap/dbwrap_watch.c:480 + #27 0x00007fffa0884d60 in dbwrap_do_locked (db=, key=..., fn=, private_data=) at ../../lib/dbwrap/dbwrap.c:582 + #28 0x00007fffa131b458 in g_lock_lock (ctx=0x1543cc630, key=..., type=, timeout=..., cb_fn=0x7fffa14f6190 , cb_private=0x7fffd7df3a88) at ../../source3/lib/g_lock.c:1267 + #29 0x00007fffa14fd060 in _share_mode_entry_prepare_lock (prepare_state=0x7fffd7df3cc8, id=..., servicepath=, smb_fname=, old_write_time=, fn=, private_data=0x7fffd7df3cc8, location=0x7fffa165b880 "../../source3/smbd/open.c:4292") at ../../source3/locking/share_mode_lock.c:3033 + #30 0x00007fffa15491e0 in open_file_ntcreate (conn=conn@entry=0x154382050, req=req@entry=0x154414800, access_mask=, access_mask@entry=131201, share_access=share_access@entry=7, create_disposition=create_disposition@entry=1, create_options=create_options@entry=0, new_dos_attributes=, new_dos_attributes@entry=128, oplock_request=oplock_request@entry=0, lease=, lease@entry=0x0, private_flags=, private_flags@entry=0, parent_dir_fname=, smb_fname_atname=, pinfo=, pinfo@entry=0x7fffd7df3f1c, fsp=, fsp@entry=0x1543d01e0) at ../../source3/smbd/open.c:4286 + #31 0x00007fffa154b94c in create_file_unixpath (conn=conn@entry=0x154382050, req=req@entry=0x154414800, dirfsp=dirfsp@entry=0x15439a7f0, smb_fname=smb_fname@entry=0x154416300, access_mask=access_mask@entry=131201, share_access=share_access@entry=7, create_disposition=create_disposition@entry=1, create_options=create_options@entry=0, file_attributes=file_attributes@entry=128, oplock_request=, oplock_request@entry=0, lease=, lease@entry=0x0, allocation_size=allocation_size@entry=0, private_flags=private_flags@entry=0, sd=sd@entry=0x0, ea_list=ea_list@entry=0x0, result=result@entry=0x7fffd7df4168, pinfo=pinfo@entry=0x7fffd7df4160) at ../../source3/smbd/open.c:6290 + #32 0x00007fffa154dfac in create_file_default (conn=0x154382050, req=0x154414800, dirfsp=0x15439a7f0, smb_fname=0x154416300, access_mask=, share_access=, create_disposition=, create_options=, file_attributes=128, oplock_request=0, lease=0x0, allocation_size=0, private_flags=0, sd=0x0, ea_list=0x0, result=0x1544144e8, pinfo=0x1544144fc, in_context_blobs=0x7fffd7df4798, out_context_blobs=0x154414710) at ../../source3/smbd/open.c:6609 + #33 0x00007fffa150972c in vfswrap_create_file (handle=, req=, dirfsp=, smb_fname=, access_mask=, share_access=, create_disposition=, create_options=, file_attributes=128, oplock_request=0, lease=0x0, allocation_size=0, private_flags=0, sd=0x0, ea_list=0x0, result=0x1544144e8, pinfo=0x1544144fc, in_context_blobs=0x7fffd7df4798, out_context_blobs=0x154414710) at ../../source3/modules/vfs_default.c:776 + #34 0x00007fffa1559cbc in smb_vfs_call_create_file (handle=, req=, dirfsp=, smb_fname=, access_mask=, share_access=, create_disposition=, create_options=, file_attributes=128, oplock_request=0, lease=0x0, allocation_size=0, private_flags=0, sd=0x0, ea_list=0x0, result=0x1544144e8, pinfo=0x1544144fc, in_context_blobs=0x7fffd7df4798, out_context_blobs=0x154414710) at ../../source3/smbd/vfs.c:1560 + #35 0x00007fff9c0a9ec4 in smb_time_audit_create_file (handle=0x154426820, req=0x154414800, dirfsp=0x15439a7f0, fname=0x154416300, access_mask=, share_access=, create_disposition=, create_options=, file_attributes=128, oplock_request=0, lease=0x0, allocation_size=0, private_flags=0, sd=0x0, ea_list=0x0, result_fsp=0x1544144e8, pinfo=0x1544144fc, in_context_blobs=0x7fffd7df4798, out_context_blobs=0x154414710) at ../../source3/modules/vfs_time_audit.c:634 + #36 0x00007fffa1559cbc in smb_vfs_call_create_file (handle=, req=, dirfsp=, smb_fname=, access_mask=, share_access=, create_disposition=, create_options=, file_attributes=128, oplock_request=0, lease=0x0, allocation_size=0, private_flags=0, sd=0x0, ea_list=0x0, result=0x1544144e8, pinfo=0x1544144fc, in_context_blobs=0x7fffd7df4798, out_context_blobs=0x154414710) at ../../source3/smbd/vfs.c:1560 + #37 0x00007fffa1597aa8 in smbd_smb2_create_send (in_context_blobs=..., in_name=0x154413ca0, in_create_options=, in_create_disposition=, in_share_access=, in_file_attributes=, in_desired_access=, in_impersonation_level=, in_oplock_level=, smb2req=0x154413770, ev=0x154328120, mem_ctx=0x154413770) at ../../source3/smbd/smb2_create.c:1115 + #38 smbd_smb2_request_process_create (smb2req=0x154413770) at ../../source3/smbd/smb2_create.c:291 + #39 0x00007fffa158a628 in smbd_smb2_request_dispatch (req=0x154413770) at ../../source3/smbd/smb2_server.c:3485 + #40 0x00007fffa158c540 in smbd_smb2_io_handler (fde_flags=, xconn=0x154313f30) at ../../source3/smbd/smb2_server.c:5112 + #41 smbd_smb2_connection_handler (ev=, fde=, flags=, private_data=) at ../../source3/smbd/smb2_server.c:5150 + #42 0x00007fffa1198b2c in tevent_common_invoke_fd_handler (fde=0x15435add0, flags=, removed=0x0) at ../../lib/tevent/tevent_fd.c:158 + #43 0x00007fffa11a2b9c in epoll_event_loop (tvalp=0x7fffd7df4b28, epoll_ev=0x1543b4e80) at ../../lib/tevent/tevent_epoll.c:730 + #44 epoll_event_loop_once (ev=, location=) at ../../lib/tevent/tevent_epoll.c:946 + #45 0x00007fffa11a0090 in std_event_loop_once (ev=0x154328120, location=0x7fffa1668db8 "../../source3/smbd/smb2_process.c:2158") at ../../lib/tevent/tevent_standard.c:110 + #46 0x00007fffa119744c in _tevent_loop_once (ev=0x154328120, location=0x7fffa1668db8 "../../source3/smbd/smb2_process.c:2158") at ../../lib/tevent/tevent.c:823 + #47 0x00007fffa1197884 in tevent_common_loop_wait (ev=, location=) at ../../lib/tevent/tevent.c:950 + #48 0x00007fffa119ffc0 in std_event_loop_wait (ev=0x154328120, location=0x7fffa1668db8 "../../source3/smbd/smb2_process.c:2158") at ../../lib/tevent/tevent_standard.c:141 + #49 0x00007fffa1197978 in _tevent_loop_wait (ev=, location=) at ../../lib/tevent/tevent.c:971 + #50 0x00007fffa15737fc in smbd_process (ev_ctx=0x154328120, msg_ctx=, sock_fd=, interactive=) at ../../source3/smbd/smb2_process.c:2158 + #51 0x000000011db5c554 in smbd_accept_connection (ev=0x154328120, fde=, flags=, private_data=) at ../../source3/smbd/server.c:1150 + #52 0x00007fffa1198b2c in tevent_common_invoke_fd_handler (fde=0x1543ac2d0, flags=, removed=0x0) at ../../lib/tevent/tevent_fd.c:158 + #53 0x00007fffa11a2b9c in epoll_event_loop (tvalp=0x7fffd7df4f98, epoll_ev=0x154328350) at ../../lib/tevent/tevent_epoll.c:730 + #54 epoll_event_loop_once (ev=, location=) at ../../lib/tevent/tevent_epoll.c:946 + #55 0x00007fffa11a0090 in std_event_loop_once (ev=0x154328120, location=0x11db60b50 "../../source3/smbd/server.c:1499") at ../../lib/tevent/tevent_standard.c:110 + #56 0x00007fffa119744c in _tevent_loop_once (ev=0x154328120, location=0x11db60b50 "../../source3/smbd/server.c:1499") at ../../lib/tevent/tevent.c:823 + #57 0x00007fffa1197884 in tevent_common_loop_wait (ev=, location=) at ../../lib/tevent/tevent.c:950 + #58 0x00007fffa119ffc0 in std_event_loop_wait (ev=0x154328120, location=0x11db60b50 "../../source3/smbd/server.c:1499") at ../../lib/tevent/tevent_standard.c:141 + #59 0x00007fffa1197978 in _tevent_loop_wait (ev=, location=) at ../../lib/tevent/tevent.c:971 + #60 0x000000011db58c54 in smbd_parent_loop (parent=, ev_ctx=0x154328120) at ../../source3/smbd/server.c:1499 + #61 main (argc=, argv=) at ../../source3/smbd/server.c:2258 + +BUG: https://bugzilla.samba.org/show_bug.cgi?id=15767 + +Pair-Programmed-With: Stefan Metzmacher +Signed-off-by: Ralph Boehme +Signed-off-by: Stefan Metzmacher +(backported from commit 2eef298ff4c5baf15c7d29c65fb021dbed5b0a93) +[slow@samba.org: changed argument of share_mode_watch_send()] +[slow@samba.org: small context change in vfs_fruit] +--- + source3/locking/locking.c | 109 +++++-------------- + source3/locking/proto.h | 4 +- + source3/modules/vfs_fruit.c | 91 +++++++++++----- + source3/smbd/blocking.c | 202 +++++++++++++++++++----------------- + source3/smbd/proto.h | 19 ++-- + source3/smbd/smb2_lock.c | 77 +++++++++----- + source3/smbd/smb2_reply.c | 53 ++++++---- + 7 files changed, 293 insertions(+), 262 deletions(-) + +diff --git a/source3/locking/locking.c b/source3/locking/locking.c +index ea692711627..ffb89378cb5 100644 +--- a/source3/locking/locking.c ++++ b/source3/locking/locking.c +@@ -241,52 +241,7 @@ static void decrement_current_lock_count(files_struct *fsp, + Utility function called by locking requests. + ****************************************************************************/ + +-struct do_lock_state { +- struct files_struct *fsp; +- TALLOC_CTX *req_mem_ctx; +- const struct GUID *req_guid; +- uint64_t smblctx; +- uint64_t count; +- uint64_t offset; +- enum brl_type lock_type; +- enum brl_flavour lock_flav; +- +- struct server_id blocker_pid; +- uint64_t blocker_smblctx; +- NTSTATUS status; +-}; +- +-static void do_lock_fn( +- struct share_mode_lock *lck, +- void *private_data) +-{ +- struct do_lock_state *state = private_data; +- struct byte_range_lock *br_lck = NULL; +- +- br_lck = brl_get_locks_for_locking(talloc_tos(), +- state->fsp, +- state->req_mem_ctx, +- state->req_guid); +- if (br_lck == NULL) { +- state->status = NT_STATUS_NO_MEMORY; +- return; +- } +- +- state->status = brl_lock( +- br_lck, +- state->smblctx, +- messaging_server_id(state->fsp->conn->sconn->msg_ctx), +- state->offset, +- state->count, +- state->lock_type, +- state->lock_flav, +- &state->blocker_pid, +- &state->blocker_smblctx); +- +- TALLOC_FREE(br_lck); +-} +- +-NTSTATUS do_lock(files_struct *fsp, ++NTSTATUS do_lock(struct byte_range_lock *br_lck, + TALLOC_CTX *req_mem_ctx, + const struct GUID *req_guid, + uint64_t smblctx, +@@ -297,22 +252,13 @@ NTSTATUS do_lock(files_struct *fsp, + struct server_id *pblocker_pid, + uint64_t *psmblctx) + { +- struct do_lock_state state = { +- .fsp = fsp, +- .req_mem_ctx = req_mem_ctx, +- .req_guid = req_guid, +- .smblctx = smblctx, +- .count = count, +- .offset = offset, +- .lock_type = lock_type, +- .lock_flav = lock_flav, +- }; ++ files_struct *fsp = brl_fsp(br_lck); ++ struct server_id blocker_pid; ++ uint64_t blocker_smblctx; + NTSTATUS status; + +- /* silently return ok on print files as we don't do locking there */ +- if (fsp->print_file) { +- return NT_STATUS_OK; +- } ++ SMB_ASSERT(req_mem_ctx != NULL); ++ SMB_ASSERT(req_guid != NULL); + + if (!fsp->fsp_flags.can_lock) { + if (fsp->fsp_flags.is_directory) { +@@ -336,25 +282,27 @@ NTSTATUS do_lock(files_struct *fsp, + fsp_fnum_dbg(fsp), + fsp_str_dbg(fsp)); + +- status = share_mode_do_locked_vfs_allowed(fsp->file_id, +- do_lock_fn, +- &state); +- if (!NT_STATUS_IS_OK(status)) { +- DBG_DEBUG("share_mode_do_locked returned %s\n", +- nt_errstr(status)); +- return status; +- } +- if (!NT_STATUS_IS_OK(state.status)) { +- DBG_DEBUG("do_lock_fn returned %s\n", +- nt_errstr(state.status)); ++ brl_req_set(br_lck, req_mem_ctx, req_guid); ++ status = brl_lock(br_lck, ++ smblctx, ++ messaging_server_id(fsp->conn->sconn->msg_ctx), ++ offset, ++ count, ++ lock_type, ++ lock_flav, ++ &blocker_pid, ++ &blocker_smblctx); ++ brl_req_set(br_lck, NULL, NULL); ++ if (!NT_STATUS_IS_OK(status)) { ++ DBG_DEBUG("brl_lock failed: %s\n", nt_errstr(status)); + if (psmblctx != NULL) { +- *psmblctx = state.blocker_smblctx; ++ *psmblctx = blocker_smblctx; + } + if (pblocker_pid != NULL) { +- *pblocker_pid = state.blocker_pid; ++ *pblocker_pid = blocker_pid; + } +- return state.status; +- } ++ return status; ++ } + + increment_current_lock_count(fsp, lock_flav); + +@@ -365,14 +313,14 @@ NTSTATUS do_lock(files_struct *fsp, + Utility function called by unlocking requests. + ****************************************************************************/ + +-NTSTATUS do_unlock(files_struct *fsp, ++NTSTATUS do_unlock(struct byte_range_lock *br_lck, + uint64_t smblctx, + uint64_t count, + uint64_t offset, + enum brl_flavour lock_flav) + { ++ files_struct *fsp = brl_fsp(br_lck); + bool ok = False; +- struct byte_range_lock *br_lck = NULL; + + if (!fsp->fsp_flags.can_lock) { + return fsp->fsp_flags.is_directory ? +@@ -391,11 +339,6 @@ NTSTATUS do_unlock(files_struct *fsp, + fsp_fnum_dbg(fsp), + fsp_str_dbg(fsp)); + +- br_lck = brl_get_locks(talloc_tos(), fsp); +- if (!br_lck) { +- return NT_STATUS_NO_MEMORY; +- } +- + ok = brl_unlock(br_lck, + smblctx, + messaging_server_id(fsp->conn->sconn->msg_ctx), +@@ -403,8 +346,6 @@ NTSTATUS do_unlock(files_struct *fsp, + count, + lock_flav); + +- TALLOC_FREE(br_lck); +- + if (!ok) { + DEBUG(10,("do_unlock: returning ERRlock.\n" )); + return NT_STATUS_RANGE_NOT_LOCKED; +diff --git a/source3/locking/proto.h b/source3/locking/proto.h +index c74539c8161..e332abf34ec 100644 +--- a/source3/locking/proto.h ++++ b/source3/locking/proto.h +@@ -120,7 +120,7 @@ NTSTATUS query_lock(files_struct *fsp, + uint64_t *poffset, + enum brl_type *plock_type, + enum brl_flavour lock_flav); +-NTSTATUS do_lock(files_struct *fsp, ++NTSTATUS do_lock(struct byte_range_lock *br_lck, + TALLOC_CTX *req_mem_ctx, + const struct GUID *req_guid, + uint64_t smblctx, +@@ -130,7 +130,7 @@ NTSTATUS do_lock(files_struct *fsp, + enum brl_flavour lock_flav, + struct server_id *pblocker_pid, + uint64_t *psmblctx); +-NTSTATUS do_unlock(files_struct *fsp, ++NTSTATUS do_unlock(struct byte_range_lock *br_lck, + uint64_t smblctx, + uint64_t count, + uint64_t offset, +diff --git a/source3/modules/vfs_fruit.c b/source3/modules/vfs_fruit.c +index b63fff7f95d..e85c26c9dc0 100644 +--- a/source3/modules/vfs_fruit.c ++++ b/source3/modules/vfs_fruit.c +@@ -629,11 +629,21 @@ static bool test_netatalk_lock(files_struct *fsp, off_t in_offset) + return false; + } + +-static NTSTATUS fruit_check_access(vfs_handle_struct *handle, +- files_struct *fsp, +- uint32_t access_mask, +- uint32_t share_mode) ++struct check_access_state { ++ NTSTATUS status; ++ files_struct *fsp; ++ uint32_t access_mask; ++ uint32_t share_mode; ++}; ++ ++static void fruit_check_access(struct share_mode_lock *lck, ++ struct byte_range_lock *br_lck, ++ void *private_data) + { ++ struct check_access_state *state = private_data; ++ files_struct *fsp = state->fsp; ++ uint32_t access_mask = state->access_mask; ++ uint32_t share_mode = state->share_mode; + NTSTATUS status = NT_STATUS_OK; + off_t off; + bool share_for_read = (share_mode & FILE_SHARE_READ); +@@ -647,6 +657,14 @@ static NTSTATUS fruit_check_access(vfs_handle_struct *handle, + /* FIXME: hardcoded data fork, add resource fork */ + enum apple_fork fork_type = APPLE_FORK_DATA; + ++ /* ++ * The caller has checked fsp->fsp_flags.can_lock and lp_locking so ++ * br_lck has to be there! ++ */ ++ SMB_ASSERT(br_lck != NULL); ++ ++ state->status = NT_STATUS_OK; ++ + DBG_DEBUG("fruit_check_access: %s, am: %s/%s, sm: 0x%x\n", + fsp_str_dbg(fsp), + access_mask & FILE_READ_DATA ? "READ" :"-", +@@ -654,7 +672,7 @@ static NTSTATUS fruit_check_access(vfs_handle_struct *handle, + share_mode); + + if (fsp_get_io_fd(fsp) == -1) { +- return NT_STATUS_OK; ++ return; + } + + /* Read NetATalk opens and deny modes on the file. */ +@@ -677,22 +695,26 @@ static NTSTATUS fruit_check_access(vfs_handle_struct *handle, + /* If there are any conflicts - sharing violation. */ + if ((access_mask & FILE_READ_DATA) && + netatalk_already_open_with_deny_read) { +- return NT_STATUS_SHARING_VIOLATION; ++ state->status = NT_STATUS_SHARING_VIOLATION; ++ return; + } + + if (!share_for_read && + netatalk_already_open_for_reading) { +- return NT_STATUS_SHARING_VIOLATION; ++ state->status = NT_STATUS_SHARING_VIOLATION; ++ return; + } + + if ((access_mask & FILE_WRITE_DATA) && + netatalk_already_open_with_deny_write) { +- return NT_STATUS_SHARING_VIOLATION; ++ state->status = NT_STATUS_SHARING_VIOLATION; ++ return; + } + + if (!share_for_write && + netatalk_already_open_for_writing) { +- return NT_STATUS_SHARING_VIOLATION; ++ state->status = NT_STATUS_SHARING_VIOLATION; ++ return; + } + + if (!(access_mask & FILE_READ_DATA)) { +@@ -700,15 +722,16 @@ static NTSTATUS fruit_check_access(vfs_handle_struct *handle, + * Nothing we can do here, we need read access + * to set locks. + */ +- return NT_STATUS_OK; ++ return; + } + + /* Set NetAtalk locks matching our access */ + if (access_mask & FILE_READ_DATA) { + off = access_to_netatalk_brl(fork_type, FILE_READ_DATA); + req_guid.time_hi_and_version = __LINE__; ++ + status = do_lock( +- fsp, ++ br_lck, + talloc_tos(), + &req_guid, + fsp->op->global->open_persistent_id, +@@ -718,17 +741,18 @@ static NTSTATUS fruit_check_access(vfs_handle_struct *handle, + POSIX_LOCK, + NULL, + NULL); +- + if (!NT_STATUS_IS_OK(status)) { +- return status; ++ state->status = status; ++ return; + } + } + + if (!share_for_read) { + off = denymode_to_netatalk_brl(fork_type, DENY_READ); + req_guid.time_hi_and_version = __LINE__; ++ + status = do_lock( +- fsp, ++ br_lck, + talloc_tos(), + &req_guid, + fsp->op->global->open_persistent_id, +@@ -738,17 +762,18 @@ static NTSTATUS fruit_check_access(vfs_handle_struct *handle, + POSIX_LOCK, + NULL, + NULL); +- + if (!NT_STATUS_IS_OK(status)) { +- return status; ++ state->status = status; ++ return; + } + } + + if (access_mask & FILE_WRITE_DATA) { + off = access_to_netatalk_brl(fork_type, FILE_WRITE_DATA); + req_guid.time_hi_and_version = __LINE__; ++ + status = do_lock( +- fsp, ++ br_lck, + talloc_tos(), + &req_guid, + fsp->op->global->open_persistent_id, +@@ -758,17 +783,18 @@ static NTSTATUS fruit_check_access(vfs_handle_struct *handle, + POSIX_LOCK, + NULL, + NULL); +- + if (!NT_STATUS_IS_OK(status)) { +- return status; ++ state->status = status; ++ return; + } + } + + if (!share_for_write) { + off = denymode_to_netatalk_brl(fork_type, DENY_WRITE); + req_guid.time_hi_and_version = __LINE__; ++ + status = do_lock( +- fsp, ++ br_lck, + talloc_tos(), + &req_guid, + fsp->op->global->open_persistent_id, +@@ -778,13 +804,11 @@ static NTSTATUS fruit_check_access(vfs_handle_struct *handle, + POSIX_LOCK, + NULL, + NULL); +- + if (!NT_STATUS_IS_OK(status)) { +- return status; ++ state->status = status; ++ return; + } + } +- +- return NT_STATUS_OK; + } + + static NTSTATUS check_aapl(vfs_handle_struct *handle, +@@ -4376,16 +4400,27 @@ static NTSTATUS fruit_create_file(vfs_handle_struct *handle, + } + + if ((config->locking == FRUIT_LOCKING_NETATALK) && ++ lp_locking(fsp->conn->params) && ++ fsp->fsp_flags.can_lock && + (fsp->op != NULL) && + !fsp->fsp_flags.is_pathref) + { +- status = fruit_check_access( +- handle, *result, +- access_mask, +- share_access); ++ struct check_access_state state = (struct check_access_state) { ++ .fsp = fsp, ++ .access_mask = access_mask, ++ .share_mode = share_access, ++ }; ++ ++ status = share_mode_do_locked_brl(fsp, ++ fruit_check_access, ++ &state); + if (!NT_STATUS_IS_OK(status)) { + goto fail; + } ++ if (!NT_STATUS_IS_OK(state.status)) { ++ status = state.status; ++ goto fail; ++ } + } + + return status; +diff --git a/source3/smbd/blocking.c b/source3/smbd/blocking.c +index 8b41288bfbf..c9d9aff98b7 100644 +--- a/source3/smbd/blocking.c ++++ b/source3/smbd/blocking.c +@@ -29,31 +29,27 @@ + #undef DBGC_CLASS + #define DBGC_CLASS DBGC_LOCKING + +-NTSTATUS smbd_do_locks_try( +- struct files_struct *fsp, +- uint16_t num_locks, +- struct smbd_lock_element *locks, +- uint16_t *blocker_idx, +- struct server_id *blocking_pid, +- uint64_t *blocking_smblctx) ++NTSTATUS smbd_do_locks_try(struct byte_range_lock *br_lck, ++ struct smbd_do_locks_state *state) + { +- NTSTATUS status = NT_STATUS_OK; ++ bool unlock_ok; + uint16_t i; ++ NTSTATUS status = NT_STATUS_OK; + +- for (i=0; inum_locks; i++) { ++ struct smbd_lock_element *e = &state->locks[i]; + + status = do_lock( +- fsp, +- locks, /* req_mem_ctx */ ++ br_lck, ++ state->locks, /* req_mem_ctx */ + &e->req_guid, + e->smblctx, + e->count, + e->offset, + e->brltype, + e->lock_flav, +- blocking_pid, +- blocking_smblctx); ++ &state->blocking_pid, ++ &state->blocking_smblctx); + if (!NT_STATUS_IS_OK(status)) { + break; + } +@@ -63,18 +59,35 @@ NTSTATUS smbd_do_locks_try( + return NT_STATUS_OK; + } + +- *blocker_idx = i; ++ state->blocker_idx = i; ++ unlock_ok = true; + + /* + * Undo the locks we successfully got + */ + for (i = i-1; i != UINT16_MAX; i--) { +- struct smbd_lock_element *e = &locks[i]; +- do_unlock(fsp, +- e->smblctx, +- e->count, +- e->offset, +- e->lock_flav); ++ struct smbd_lock_element *e = &state->locks[i]; ++ NTSTATUS ulstatus; ++ ++ ulstatus = do_unlock(br_lck, ++ e->smblctx, ++ e->count, ++ e->offset, ++ e->lock_flav); ++ if (!NT_STATUS_IS_OK(ulstatus)) { ++ DBG_DEBUG("Failed to undo lock flavour %s lock " ++ "type %s start=%"PRIu64" len=%"PRIu64" " ++ "requested for file [%s]\n", ++ lock_flav_name(e->lock_flav), ++ lock_type_name(e->brltype), ++ e->offset, ++ e->count, ++ fsp_str_dbg(brl_fsp(br_lck))); ++ unlock_ok = false; ++ } ++ } ++ if (unlock_ok) { ++ brl_set_modified(br_lck, false); + } + + return status; +@@ -118,13 +131,6 @@ static void smbd_smb1_do_locks_try(struct tevent_req *req); + static void smbd_smb1_do_locks_retry(struct tevent_req *subreq); + static void smbd_smb1_blocked_locks_cleanup( + struct tevent_req *req, enum tevent_req_state req_state); +-static NTSTATUS smbd_smb1_do_locks_check( +- struct files_struct *fsp, +- uint16_t num_locks, +- struct smbd_lock_element *locks, +- uint16_t *blocker_idx, +- struct server_id *blocking_pid, +- uint64_t *blocking_smblctx); + + static void smbd_smb1_do_locks_setup_timeout( + struct smbd_smb1_do_locks_state *state, +@@ -378,18 +384,35 @@ static NTSTATUS smbd_smb1_do_locks_check_blocked( + return NT_STATUS_OK; + } + +-static NTSTATUS smbd_smb1_do_locks_check( +- struct files_struct *fsp, +- uint16_t num_locks, +- struct smbd_lock_element *locks, +- uint16_t *blocker_idx, +- struct server_id *blocking_pid, +- uint64_t *blocking_smblctx) ++static void smbd_smb1_do_locks_try_fn(struct share_mode_lock *lck, ++ struct byte_range_lock *br_lck, ++ void *private_data) + { ++ struct tevent_req *req = talloc_get_type_abort( ++ private_data, struct tevent_req); ++ struct smbd_smb1_do_locks_state *state = tevent_req_data( ++ req, struct smbd_smb1_do_locks_state); ++ struct smbd_do_locks_state brl_state; ++ struct files_struct *fsp = state->fsp; + struct tevent_req **blocked = fsp->blocked_smb1_lock_reqs; + size_t num_blocked = talloc_array_length(blocked); +- NTSTATUS status; ++ struct timeval endtime = { 0 }; ++ struct tevent_req *subreq = NULL; + size_t bi; ++ NTSTATUS status; ++ bool ok; ++ bool expired; ++ ++ /* ++ * The caller has checked fsp->fsp_flags.can_lock and lp_locking so ++ * br_lck has to be there! ++ */ ++ SMB_ASSERT(br_lck != NULL); ++ ++ brl_state = (struct smbd_do_locks_state) { ++ .num_locks = state->num_locks, ++ .locks = state->locks, ++ }; + + /* + * We check the pending/blocked requests +@@ -404,8 +427,8 @@ static NTSTATUS smbd_smb1_do_locks_check( + tevent_req_data(blocked[bi], + struct smbd_smb1_do_locks_state); + +- if (blocked_state->locks == locks) { +- SMB_ASSERT(blocked_state->num_locks == num_locks); ++ if (blocked_state->locks == state->locks) { ++ SMB_ASSERT(blocked_state->num_locks == state->num_locks); + + /* + * We found ourself... +@@ -416,61 +439,24 @@ static NTSTATUS smbd_smb1_do_locks_check( + status = smbd_smb1_do_locks_check_blocked( + blocked_state->num_locks, + blocked_state->locks, +- num_locks, +- locks, +- blocker_idx, +- blocking_smblctx); ++ state->num_locks, ++ state->locks, ++ &brl_state.blocker_idx, ++ &brl_state.blocking_smblctx); + if (!NT_STATUS_IS_OK(status)) { +- *blocking_pid = messaging_server_id( +- fsp->conn->sconn->msg_ctx); +- return status; ++ brl_state.blocking_pid = messaging_server_id( ++ fsp->conn->sconn->msg_ctx); ++ goto check_retry; + } + } + +- status = smbd_do_locks_try( +- fsp, +- num_locks, +- locks, +- blocker_idx, +- blocking_pid, +- blocking_smblctx); +- if (!NT_STATUS_IS_OK(status)) { +- return status; +- } +- +- return NT_STATUS_OK; +-} +- +-static void smbd_smb1_do_locks_try(struct tevent_req *req) +-{ +- struct smbd_smb1_do_locks_state *state = tevent_req_data( +- req, struct smbd_smb1_do_locks_state); +- struct files_struct *fsp = state->fsp; +- struct share_mode_lock *lck; +- struct timeval endtime = { 0 }; +- struct server_id blocking_pid = { 0 }; +- uint64_t blocking_smblctx = 0; +- struct tevent_req *subreq = NULL; +- NTSTATUS status; +- bool ok; +- bool expired; +- +- lck = get_existing_share_mode_lock(state, fsp->file_id); +- if (tevent_req_nomem(lck, req)) { +- DBG_DEBUG("Could not get share mode lock\n"); +- return; +- } +- +- status = smbd_smb1_do_locks_check( +- fsp, +- state->num_locks, +- state->locks, +- &state->blocker, +- &blocking_pid, +- &blocking_smblctx); ++ status = smbd_do_locks_try(br_lck, &brl_state); + if (NT_STATUS_IS_OK(status)) { + goto done; + } ++ ++ state->blocker = brl_state.blocker_idx; ++ + if (NT_STATUS_EQUAL(status, NT_STATUS_RETRY)) { + /* + * We got NT_STATUS_RETRY, +@@ -494,8 +480,8 @@ static void smbd_smb1_do_locks_try(struct tevent_req *req) + * locking.tdb may cause retries. + */ + +- if (blocking_smblctx != UINT64_MAX) { +- SMB_ASSERT(blocking_smblctx == 0); ++ if (brl_state.blocking_smblctx != UINT64_MAX) { ++ SMB_ASSERT(brl_state.blocking_smblctx == 0); + goto setup_retry; + } + +@@ -516,6 +502,8 @@ static void smbd_smb1_do_locks_try(struct tevent_req *req) + endtime = timeval_current_ofs_msec(state->retry_msecs); + goto setup_retry; + } ++ ++check_retry: + if (!ERROR_WAS_LOCK_DENIED(status)) { + goto done; + } +@@ -529,7 +517,7 @@ static void smbd_smb1_do_locks_try(struct tevent_req *req) + smbd_smb1_do_locks_setup_timeout(state, &state->locks[state->blocker]); + DBG_DEBUG("timeout=%"PRIu32", blocking_smblctx=%"PRIu64"\n", + state->timeout, +- blocking_smblctx); ++ brl_state.blocking_smblctx); + + /* + * The client specified timeout expired +@@ -554,7 +542,7 @@ static void smbd_smb1_do_locks_try(struct tevent_req *req) + + endtime = state->endtime; + +- if (blocking_smblctx == UINT64_MAX) { ++ if (brl_state.blocking_smblctx == UINT64_MAX) { + struct timeval tmp; + + smbd_smb1_do_locks_update_polling_msecs(state); +@@ -568,11 +556,11 @@ static void smbd_smb1_do_locks_try(struct tevent_req *req) + + setup_retry: + subreq = share_mode_watch_send( +- state, state->ev, lck, blocking_pid); ++ state, state->ev, lck, brl_state.blocking_pid); + if (tevent_req_nomem(subreq, req)) { ++ status = NT_STATUS_NO_MEMORY; + goto done; + } +- TALLOC_FREE(lck); + tevent_req_set_callback(subreq, smbd_smb1_do_locks_retry, req); + + if (timeval_is_zero(&endtime)) { +@@ -586,10 +574,38 @@ setup_retry: + } + return; + done: +- TALLOC_FREE(lck); + smbd_smb1_brl_finish_by_req(req, status); + } + ++static void smbd_smb1_do_locks_try(struct tevent_req *req) ++{ ++ struct smbd_smb1_do_locks_state *state = tevent_req_data( ++ req, struct smbd_smb1_do_locks_state); ++ NTSTATUS status; ++ ++ if (!state->fsp->fsp_flags.can_lock) { ++ if (state->fsp->fsp_flags.is_directory) { ++ return smbd_smb1_brl_finish_by_req(req, ++ NT_STATUS_INVALID_DEVICE_REQUEST); ++ } ++ return smbd_smb1_brl_finish_by_req(req, ++ NT_STATUS_INVALID_HANDLE); ++ } ++ ++ if (!lp_locking(state->fsp->conn->params)) { ++ return smbd_smb1_brl_finish_by_req(req, NT_STATUS_OK); ++ } ++ ++ status = share_mode_do_locked_brl(state->fsp, ++ smbd_smb1_do_locks_try_fn, ++ req); ++ if (!NT_STATUS_IS_OK(status)) { ++ smbd_smb1_brl_finish_by_req(req, status); ++ return; ++ } ++ return; ++} ++ + static void smbd_smb1_do_locks_retry(struct tevent_req *subreq) + { + struct tevent_req *req = tevent_req_callback_data( +diff --git a/source3/smbd/proto.h b/source3/smbd/proto.h +index 90387aeb6c3..5faf651b007 100644 +--- a/source3/smbd/proto.h ++++ b/source3/smbd/proto.h +@@ -86,13 +86,18 @@ ssize_t pwrite_fsync_recv(struct tevent_req *req, int *perr); + + /* The following definitions come from smbd/blocking.c */ + +-NTSTATUS smbd_do_locks_try( +- struct files_struct *fsp, +- uint16_t num_locks, +- struct smbd_lock_element *locks, +- uint16_t *blocker_idx, +- struct server_id *blocking_pid, +- uint64_t *blocking_smblctx); ++struct smbd_do_locks_state { ++ uint16_t num_locks; ++ struct smbd_lock_element *locks; ++ NTSTATUS status; ++ uint16_t blocker_idx; ++ struct server_id blocking_pid; ++ uint64_t blocking_smblctx; ++}; ++ ++NTSTATUS smbd_do_locks_try(struct byte_range_lock *br_lck, ++ struct smbd_do_locks_state *state); ++ + struct tevent_req *smbd_smb1_do_locks_send( + TALLOC_CTX *mem_ctx, + struct tevent_context *ev, +diff --git a/source3/smbd/smb2_lock.c b/source3/smbd/smb2_lock.c +index c9d810f71ba..14f912bf2da 100644 +--- a/source3/smbd/smb2_lock.c ++++ b/source3/smbd/smb2_lock.c +@@ -569,33 +569,32 @@ static void smbd_smb2_lock_update_polling_msecs( + state->polling_msecs += v_min; + } + +-static void smbd_smb2_lock_try(struct tevent_req *req) ++static void smbd_do_locks_try_fn(struct share_mode_lock *lck, ++ struct byte_range_lock *br_lck, ++ void *private_data) + { ++ struct tevent_req *req = talloc_get_type_abort( ++ private_data, struct tevent_req); + struct smbd_smb2_lock_state *state = tevent_req_data( + req, struct smbd_smb2_lock_state); +- struct share_mode_lock *lck = NULL; +- uint16_t blocker_idx; +- struct server_id blocking_pid = { 0 }; +- uint64_t blocking_smblctx; +- NTSTATUS status; ++ struct smbd_do_locks_state brl_state; + struct tevent_req *subreq = NULL; + struct timeval endtime = { 0 }; ++ NTSTATUS status; + +- lck = get_existing_share_mode_lock( +- talloc_tos(), state->fsp->file_id); +- if (tevent_req_nomem(lck, req)) { +- return; +- } ++ /* ++ * The caller has checked fsp->fsp_flags.can_lock and lp_locking so ++ * br_lck has to be there! ++ */ ++ SMB_ASSERT(br_lck != NULL); + +- status = smbd_do_locks_try( +- state->fsp, +- state->lock_count, +- state->locks, +- &blocker_idx, +- &blocking_pid, +- &blocking_smblctx); ++ brl_state = (struct smbd_do_locks_state) { ++ .num_locks = state->lock_count, ++ .locks = state->locks, ++ }; ++ ++ status = smbd_do_locks_try(br_lck, &brl_state); + if (NT_STATUS_IS_OK(status)) { +- TALLOC_FREE(lck); + tevent_req_done(req); + return; + } +@@ -622,8 +621,8 @@ static void smbd_smb2_lock_try(struct tevent_req *req) + * locking.tdb may cause retries. + */ + +- if (blocking_smblctx != UINT64_MAX) { +- SMB_ASSERT(blocking_smblctx == 0); ++ if (brl_state.blocking_smblctx != UINT64_MAX) { ++ SMB_ASSERT(brl_state.blocking_smblctx == 0); + goto setup_retry; + } + +@@ -658,7 +657,6 @@ static void smbd_smb2_lock_try(struct tevent_req *req) + status = NT_STATUS_LOCK_NOT_GRANTED; + } + if (!NT_STATUS_EQUAL(status, NT_STATUS_LOCK_NOT_GRANTED)) { +- TALLOC_FREE(lck); + tevent_req_nterror(req, status); + return; + } +@@ -670,12 +668,11 @@ static void smbd_smb2_lock_try(struct tevent_req *req) + state->retry_msecs = 0; + + if (!state->blocking) { +- TALLOC_FREE(lck); + tevent_req_nterror(req, status); + return; + } + +- if (blocking_smblctx == UINT64_MAX) { ++ if (brl_state.blocking_smblctx == UINT64_MAX) { + smbd_smb2_lock_update_polling_msecs(state); + + DBG_DEBUG("Blocked on a posix lock. Retry in %"PRIu32" msecs\n", +@@ -688,8 +685,7 @@ setup_retry: + DBG_DEBUG("Watching share mode lock\n"); + + subreq = share_mode_watch_send( +- state, state->ev, lck, blocking_pid); +- TALLOC_FREE(lck); ++ state, state->ev, lck, brl_state.blocking_pid); + if (tevent_req_nomem(subreq, req)) { + return; + } +@@ -708,6 +704,35 @@ setup_retry: + } + } + ++static void smbd_smb2_lock_try(struct tevent_req *req) ++{ ++ struct smbd_smb2_lock_state *state = tevent_req_data( ++ req, struct smbd_smb2_lock_state); ++ NTSTATUS status; ++ ++ if (!state->fsp->fsp_flags.can_lock) { ++ if (state->fsp->fsp_flags.is_directory) { ++ tevent_req_nterror(req, ++ NT_STATUS_INVALID_DEVICE_REQUEST); ++ return; ++ } ++ tevent_req_nterror(req, NT_STATUS_INVALID_HANDLE); ++ return; ++ } ++ ++ if (!lp_locking(state->fsp->conn->params)) { ++ return tevent_req_done(req); ++ } ++ ++ status = share_mode_do_locked_brl(state->fsp, ++ smbd_do_locks_try_fn, ++ req); ++ if (!NT_STATUS_IS_OK(status)) { ++ tevent_req_nterror(req, status); ++ return; ++ } ++} ++ + static void smbd_smb2_lock_retry(struct tevent_req *subreq) + { + struct tevent_req *req = tevent_req_callback_data( +diff --git a/source3/smbd/smb2_reply.c b/source3/smbd/smb2_reply.c +index 2b65fb30d76..3de36a7d673 100644 +--- a/source3/smbd/smb2_reply.c ++++ b/source3/smbd/smb2_reply.c +@@ -2122,23 +2122,22 @@ uint64_t get_lock_offset(const uint8_t *data, int data_offset, + return offset; + } + +-struct smbd_do_unlocking_state { +- struct files_struct *fsp; +- uint16_t num_ulocks; +- struct smbd_lock_element *ulocks; +- NTSTATUS status; +-}; +- +-static void smbd_do_unlocking_fn( +- struct share_mode_lock *lck, +- void *private_data) ++static void smbd_do_unlocking_fn(struct share_mode_lock *lck, ++ struct byte_range_lock *br_lck, ++ void *private_data) + { +- struct smbd_do_unlocking_state *state = private_data; +- struct files_struct *fsp = state->fsp; ++ struct smbd_do_locks_state *state = private_data; ++ struct files_struct *fsp = brl_fsp(br_lck); + uint16_t i; + +- for (i = 0; i < state->num_ulocks; i++) { +- struct smbd_lock_element *e = &state->ulocks[i]; ++ /* ++ * The caller has checked fsp->fsp_flags.can_lock and lp_locking so ++ * br_lck has to be there! ++ */ ++ SMB_ASSERT(br_lck != NULL); ++ ++ for (i = 0; i < state->num_locks; i++) { ++ struct smbd_lock_element *e = &state->locks[i]; + + DBG_DEBUG("unlock start=%"PRIu64", len=%"PRIu64" for " + "pid %"PRIu64", file %s\n", +@@ -2154,7 +2153,7 @@ static void smbd_do_unlocking_fn( + } + + state->status = do_unlock( +- fsp, e->smblctx, e->count, e->offset, e->lock_flav); ++ br_lck, e->smblctx, e->count, e->offset, e->lock_flav); + + DBG_DEBUG("do_unlock returned %s\n", + nt_errstr(state->status)); +@@ -2172,20 +2171,30 @@ NTSTATUS smbd_do_unlocking(struct smb_request *req, + uint16_t num_ulocks, + struct smbd_lock_element *ulocks) + { +- struct smbd_do_unlocking_state state = { +- .fsp = fsp, +- .num_ulocks = num_ulocks, +- .ulocks = ulocks, ++ struct smbd_do_locks_state state = { ++ .num_locks = num_ulocks, ++ .locks = ulocks, + }; + NTSTATUS status; + + DBG_NOTICE("%s num_ulocks=%"PRIu16"\n", fsp_fnum_dbg(fsp), num_ulocks); + +- status = share_mode_do_locked_vfs_allowed( +- fsp->file_id, smbd_do_unlocking_fn, &state); ++ if (!fsp->fsp_flags.can_lock) { ++ if (fsp->fsp_flags.is_directory) { ++ return NT_STATUS_INVALID_DEVICE_REQUEST; ++ } ++ return NT_STATUS_INVALID_HANDLE; ++ } ++ ++ if (!lp_locking(fsp->conn->params)) { ++ return NT_STATUS_OK; ++ } + ++ status = share_mode_do_locked_brl(fsp, ++ smbd_do_unlocking_fn, ++ &state); + if (!NT_STATUS_IS_OK(status)) { +- DBG_DEBUG("share_mode_do_locked_vfs_allowed failed: %s\n", ++ DBG_DEBUG("share_mode_do_locked_brl failed: %s\n", + nt_errstr(status)); + return status; + } +-- +2.49.0 + + +From 45211424de82b03e187369286034b7c49136ba5f Mon Sep 17 00:00:00 2001 +From: Stefan Metzmacher +Date: Wed, 8 Jan 2025 12:51:37 +0100 +Subject: [PATCH 17/24] s3/brlock: remove brl_get_locks_for_locking() + +BUG: https://bugzilla.samba.org/show_bug.cgi?id=15767 + +Pair-Programmed-With: Ralph Boehme +Signed-off-by: Ralph Boehme +Signed-off-by: Stefan Metzmacher +(cherry picked from commit 0c4c430c50e15d591a0d871a5f3e59e8be0d0a83) +--- + source3/locking/brlock.c | 19 ------------------- + source3/locking/proto.h | 4 ---- + 2 files changed, 23 deletions(-) + +diff --git a/source3/locking/brlock.c b/source3/locking/brlock.c +index 0e58339b108..b9decbc9e2a 100644 +--- a/source3/locking/brlock.c ++++ b/source3/locking/brlock.c +@@ -1733,25 +1733,6 @@ struct byte_range_lock *brl_get_locks(TALLOC_CTX *mem_ctx, files_struct *fsp) + return br_lck; + } + +-struct byte_range_lock *brl_get_locks_for_locking(TALLOC_CTX *mem_ctx, +- files_struct *fsp, +- TALLOC_CTX *req_mem_ctx, +- const struct GUID *req_guid) +-{ +- struct byte_range_lock *br_lck = NULL; +- +- br_lck = brl_get_locks(mem_ctx, fsp); +- if (br_lck == NULL) { +- return NULL; +- } +- SMB_ASSERT(req_mem_ctx != NULL); +- br_lck->req_mem_ctx = req_mem_ctx; +- SMB_ASSERT(req_guid != NULL); +- br_lck->req_guid = req_guid; +- +- return br_lck; +-} +- + struct brl_get_locks_readonly_state { + TALLOC_CTX *mem_ctx; + struct byte_range_lock **br_lock; +diff --git a/source3/locking/proto.h b/source3/locking/proto.h +index e332abf34ec..44b43c1b1e2 100644 +--- a/source3/locking/proto.h ++++ b/source3/locking/proto.h +@@ -83,10 +83,6 @@ int brl_forall(void (*fn)(struct file_id id, struct server_id pid, + br_off start, br_off size, + void *private_data), + void *private_data); +-struct byte_range_lock *brl_get_locks_for_locking(TALLOC_CTX *mem_ctx, +- files_struct *fsp, +- TALLOC_CTX *req_mem_ctx, +- const struct GUID *req_guid); + struct share_mode_lock; + typedef void (*share_mode_do_locked_brl_fn_t)( + struct share_mode_lock *lck, +-- +2.49.0 + + +From ef4e89916360c8d7f2372c8508c8a79dfd995c47 Mon Sep 17 00:00:00 2001 +From: Ralph Boehme +Date: Mon, 27 Jan 2025 15:22:26 +0100 +Subject: [PATCH 18/24] smbd: call locking_close_file() while still holding a + glock on the locking.tdb record + +BUG: https://bugzilla.samba.org/show_bug.cgi?id=15767 + +Signed-off-by: Ralph Boehme +Reviewed-by: Stefan Metzmacher +(cherry picked from commit 4d680b6c17ee7674b9686aec2b69038f89e1989a) +--- + source3/smbd/close.c | 26 +++++++++++++++++++------- + 1 file changed, 19 insertions(+), 7 deletions(-) + +diff --git a/source3/smbd/close.c b/source3/smbd/close.c +index 1b027a319a4..964c3530e8d 100644 +--- a/source3/smbd/close.c ++++ b/source3/smbd/close.c +@@ -303,6 +303,17 @@ static void close_share_mode_lock_prepare(struct share_mode_lock *lck, + */ + *keep_locked = false; + ++ if (fsp->current_lock_count > 0) { ++ /* ++ * Remove the byte-range locks under the glock ++ */ ++ *keep_locked = true; ++ } ++ ++ if (fh_get_refcount(fsp->fh) > 1) { ++ return; ++ } ++ + if (fsp->oplock_type != NO_OPLOCK) { + ok = remove_share_oplock(lck, fsp); + if (!ok) { +@@ -453,6 +464,12 @@ static NTSTATUS close_remove_share_mode(files_struct *fsp, + return status; + } + ++ locking_close_file(fsp, close_type); ++ ++ if (fh_get_refcount(fsp->fh) > 1) { ++ goto done; ++ } ++ + /* Remove the oplock before potentially deleting the file. */ + if (fsp->oplock_type != NO_OPLOCK) { + release_file_oplock(fsp); +@@ -890,13 +907,8 @@ static NTSTATUS close_normal_file(struct smb_request *req, files_struct *fsp, + the same handle we only have one share mode. Ensure we only remove + the share mode on the last close. */ + +- if (fh_get_refcount(fsp->fh) == 1) { +- /* Should we return on error here... ? */ +- tmp = close_remove_share_mode(fsp, close_type); +- status = ntstatus_keeperror(status, tmp); +- } +- +- locking_close_file(fsp, close_type); ++ tmp = close_remove_share_mode(fsp, close_type); ++ status = ntstatus_keeperror(status, tmp); + + /* + * Ensure pending modtime is set before closing underlying fd. +-- +2.49.0 + + +From 96d3bacbd967b355c91bc1d9e583edb1cdd3bd19 Mon Sep 17 00:00:00 2001 +From: Ralph Boehme +Date: Thu, 30 Jan 2025 17:35:26 +0100 +Subject: [PATCH 19/24] s3/locking: prepare brl_locktest() for upgradable + read-only locks + +BUG: https://bugzilla.samba.org/show_bug.cgi?id=15767 + +Signed-off-by: Ralph Boehme +Reviewed-by: Stefan Metzmacher +(cherry picked from commit 8f9387ceb5c94c7db92ab342e33c64b858c301b1) +--- + source3/locking/brlock.c | 5 +++-- + source3/locking/locking.c | 4 ++-- + source3/locking/proto.h | 3 ++- + 3 files changed, 7 insertions(+), 5 deletions(-) + +diff --git a/source3/locking/brlock.c b/source3/locking/brlock.c +index b9decbc9e2a..92621c41577 100644 +--- a/source3/locking/brlock.c ++++ b/source3/locking/brlock.c +@@ -1192,7 +1192,8 @@ bool brl_unlock(struct byte_range_lock *br_lck, + ****************************************************************************/ + + bool brl_locktest(struct byte_range_lock *br_lck, +- const struct lock_struct *rw_probe) ++ const struct lock_struct *rw_probe, ++ bool upgradable) + { + bool ret = True; + unsigned int i; +@@ -1205,7 +1206,7 @@ bool brl_locktest(struct byte_range_lock *br_lck, + * Our own locks don't conflict. + */ + if (brl_conflict_other(&locks[i], rw_probe)) { +- if (br_lck->record == NULL) { ++ if (!upgradable) { + /* readonly */ + return false; + } +diff --git a/source3/locking/locking.c b/source3/locking/locking.c +index ffb89378cb5..993d3a96591 100644 +--- a/source3/locking/locking.c ++++ b/source3/locking/locking.c +@@ -145,7 +145,7 @@ bool strict_lock_check_default(files_struct *fsp, struct lock_struct *plock) + if (!br_lck) { + return true; + } +- ret = brl_locktest(br_lck, plock); ++ ret = brl_locktest(br_lck, plock, false); + + if (!ret) { + /* +@@ -156,7 +156,7 @@ bool strict_lock_check_default(files_struct *fsp, struct lock_struct *plock) + if (br_lck == NULL) { + return true; + } +- ret = brl_locktest(br_lck, plock); ++ ret = brl_locktest(br_lck, plock, true); + TALLOC_FREE(br_lck); + } + +diff --git a/source3/locking/proto.h b/source3/locking/proto.h +index 44b43c1b1e2..44808171f1a 100644 +--- a/source3/locking/proto.h ++++ b/source3/locking/proto.h +@@ -66,7 +66,8 @@ bool brl_unlock(struct byte_range_lock *br_lck, + bool brl_unlock_windows_default(struct byte_range_lock *br_lck, + const struct lock_struct *plock); + bool brl_locktest(struct byte_range_lock *br_lck, +- const struct lock_struct *rw_probe); ++ const struct lock_struct *rw_probe, ++ bool upgradable); + NTSTATUS brl_lockquery(struct byte_range_lock *br_lck, + uint64_t *psmblctx, + struct server_id pid, +-- +2.49.0 + + +From b88988bcc9ce1fa0b8152e0eb89cb496f675fbc1 Mon Sep 17 00:00:00 2001 +From: Ralph Boehme +Date: Wed, 2 Apr 2025 12:43:15 +0200 +Subject: [PATCH 20/24] smbd: check can_lock in strict_lock_check_default() + +BUG: https://bugzilla.samba.org/show_bug.cgi?id=15767 + +Pair-Programmed-With: Stefan Metzmacher +Signed-off-by: Ralph Boehme +Signed-off-by: Stefan Metzmacher +(cherry picked from commit 678f28c1af7c160ffdcb0e4baa0a7d4b9906f2e5) +--- + source3/locking/locking.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/source3/locking/locking.c b/source3/locking/locking.c +index 993d3a96591..ce2ccaccd11 100644 +--- a/source3/locking/locking.c ++++ b/source3/locking/locking.c +@@ -117,7 +117,10 @@ bool strict_lock_check_default(files_struct *fsp, struct lock_struct *plock) + return True; + } + +- if (!lp_locking(fsp->conn->params) || !strict_locking) { ++ if (!lp_locking(fsp->conn->params) || ++ !strict_locking || ++ !fsp->fsp_flags.can_lock) ++ { + return True; + } + +-- +2.49.0 + + +From e5d8f12b8ecfcd52ec8dc32147b1f2c6d8115c37 Mon Sep 17 00:00:00 2001 +From: Ralph Boehme +Date: Thu, 30 Jan 2025 07:40:32 +0100 +Subject: [PATCH 21/24] smbd: use share_mode_do_locked_brl() in + strict_lock_check_default() + +BUG: https://bugzilla.samba.org/show_bug.cgi?id=15767 + +Signed-off-by: Ralph Boehme +Reviewed-by: Stefan Metzmacher +(cherry picked from commit 56bb20c87a733ab8f7efedd881ea0ecaf51b2ba8) +--- + source3/locking/locking.c | 43 +++++++++++++++++++++++++++++++++------ + 1 file changed, 37 insertions(+), 6 deletions(-) + +diff --git a/source3/locking/locking.c b/source3/locking/locking.c +index ce2ccaccd11..ddaa5405f02 100644 +--- a/source3/locking/locking.c ++++ b/source3/locking/locking.c +@@ -107,10 +107,32 @@ void init_strict_lock_struct(files_struct *fsp, + }; + } + ++struct strict_lock_check_state { ++ bool ret; ++ files_struct *fsp; ++ struct lock_struct *plock; ++}; ++ ++static void strict_lock_check_default_fn(struct share_mode_lock *lck, ++ struct byte_range_lock *br_lck, ++ void *private_data) ++{ ++ struct strict_lock_check_state *state = private_data; ++ ++ /* ++ * The caller has checked fsp->fsp_flags.can_lock and lp_locking so ++ * br_lck has to be there! ++ */ ++ SMB_ASSERT(br_lck != NULL); ++ ++ state->ret = brl_locktest(br_lck, state->plock, true); ++} ++ + bool strict_lock_check_default(files_struct *fsp, struct lock_struct *plock) + { + struct byte_range_lock *br_lck; + int strict_locking = lp_strict_locking(fsp->conn->params); ++ NTSTATUS status; + bool ret = False; + + if (plock->size == 0) { +@@ -149,18 +171,27 @@ bool strict_lock_check_default(files_struct *fsp, struct lock_struct *plock) + return true; + } + ret = brl_locktest(br_lck, plock, false); +- + if (!ret) { + /* + * We got a lock conflict. Retry with rw locks to enable + * autocleanup. This is the slow path anyway. + */ +- br_lck = brl_get_locks(talloc_tos(), fsp); +- if (br_lck == NULL) { +- return true; ++ ++ struct strict_lock_check_state state = ++ (struct strict_lock_check_state) { ++ .fsp = fsp, ++ .plock = plock, ++ }; ++ ++ status = share_mode_do_locked_brl(fsp, ++ strict_lock_check_default_fn, ++ &state); ++ if (!NT_STATUS_IS_OK(status)) { ++ DBG_ERR("share_mode_do_locked_brl [%s] failed: %s\n", ++ fsp_str_dbg(fsp), nt_errstr(status)); ++ state.ret = false; + } +- ret = brl_locktest(br_lck, plock, true); +- TALLOC_FREE(br_lck); ++ ret = state.ret; + } + + DBG_DEBUG("flavour = %s brl start=%" PRIu64 " " +-- +2.49.0 + + +From c26eded8448722126d73f3113da6b27378185475 Mon Sep 17 00:00:00 2001 +From: Ralph Boehme +Date: Tue, 28 Jan 2025 11:19:05 +0100 +Subject: [PATCH 22/24] smbd: use share_mode_do_locked_brl() in + vfs_default_durable_disconnect() + +BUG: https://bugzilla.samba.org/show_bug.cgi?id=15767 + +Signed-off-by: Ralph Boehme +Reviewed-by: Stefan Metzmacher +(backported from commit 393379fc9c726eb781fd1bfb3a70ea2802739aff) +[slow@samba.org: conflict due to removed delayed write time handling] +--- + source3/locking/brlock.c | 14 +---- + source3/locking/proto.h | 9 ++- + source3/smbd/durable.c | 117 ++++++++++++++++++++++++--------------- + 3 files changed, 82 insertions(+), 58 deletions(-) + +diff --git a/source3/locking/brlock.c b/source3/locking/brlock.c +index 92621c41577..4dcae87691b 100644 +--- a/source3/locking/brlock.c ++++ b/source3/locking/brlock.c +@@ -1368,14 +1368,14 @@ void brl_close_fnum(struct byte_range_lock *br_lck) + } + } + +-bool brl_mark_disconnected(struct files_struct *fsp) ++bool brl_mark_disconnected(struct files_struct *fsp, ++ struct byte_range_lock *br_lck) + { + uint32_t tid = fsp->conn->cnum; + uint64_t smblctx; + uint64_t fnum = fsp->fnum; + unsigned int i; + struct server_id self = messaging_server_id(fsp->conn->sconn->msg_ctx); +- struct byte_range_lock *br_lck = NULL; + + if (fsp->op == NULL) { + return false; +@@ -1391,11 +1391,6 @@ bool brl_mark_disconnected(struct files_struct *fsp) + return true; + } + +- br_lck = brl_get_locks(talloc_tos(), fsp); +- if (br_lck == NULL) { +- return false; +- } +- + for (i=0; i < br_lck->num_locks; i++) { + struct lock_struct *lock = &br_lck->lock_data[i]; + +@@ -1405,22 +1400,18 @@ bool brl_mark_disconnected(struct files_struct *fsp) + */ + + if (lock->context.smblctx != smblctx) { +- TALLOC_FREE(br_lck); + return false; + } + + if (lock->context.tid != tid) { +- TALLOC_FREE(br_lck); + return false; + } + + if (!server_id_equal(&lock->context.pid, &self)) { +- TALLOC_FREE(br_lck); + return false; + } + + if (lock->fnum != fnum) { +- TALLOC_FREE(br_lck); + return false; + } + +@@ -1430,7 +1421,6 @@ bool brl_mark_disconnected(struct files_struct *fsp) + } + + br_lck->modified = true; +- TALLOC_FREE(br_lck); + return true; + } + +diff --git a/source3/locking/proto.h b/source3/locking/proto.h +index 44808171f1a..d3b4e02bc26 100644 +--- a/source3/locking/proto.h ++++ b/source3/locking/proto.h +@@ -75,7 +75,14 @@ NTSTATUS brl_lockquery(struct byte_range_lock *br_lck, + br_off *psize, + enum brl_type *plock_type, + enum brl_flavour lock_flav); +-bool brl_mark_disconnected(struct files_struct *fsp); ++ ++struct brl_connectstate { ++ bool ok; ++ struct files_struct *fsp; ++}; ++ ++bool brl_mark_disconnected(struct files_struct *fsp, ++ struct byte_range_lock *br_lck); + bool brl_reconnect_disconnected(struct files_struct *fsp); + void brl_close_fnum(struct byte_range_lock *br_lck); + int brl_forall(void (*fn)(struct file_id id, struct server_id pid, +diff --git a/source3/smbd/durable.c b/source3/smbd/durable.c +index bd0c9f58e24..d315cb21ccc 100644 +--- a/source3/smbd/durable.c ++++ b/source3/smbd/durable.c +@@ -133,6 +133,63 @@ NTSTATUS vfs_default_durable_cookie(struct files_struct *fsp, + return NT_STATUS_OK; + } + ++struct durable_disconnect_state { ++ NTSTATUS status; ++ struct files_struct *fsp; ++}; ++ ++static void default_durable_disconnect_fn(struct share_mode_lock *lck, ++ struct byte_range_lock *br_lck, ++ void *private_data) ++{ ++ struct durable_disconnect_state *state = private_data; ++ struct files_struct *fsp = state->fsp; ++ struct smb_file_time ft; ++ bool ok; ++ ++ /* Ensure any pending write time updates are done. */ ++ if (fsp->update_write_time_event) { ++ fsp_flush_write_time_update(fsp); ++ } ++ ++ ++ init_smb_file_time(&ft); ++ ++ if (fsp->fsp_flags.write_time_forced) { ++ NTTIME mtime = share_mode_changed_write_time(lck); ++ ft.mtime = nt_time_to_full_timespec(mtime); ++ } else if (fsp->fsp_flags.update_write_time_on_close) { ++ if (is_omit_timespec(&fsp->close_write_time)) { ++ ft.mtime = timespec_current(); ++ } else { ++ ft.mtime = fsp->close_write_time; ++ } ++ } ++ ++ if (!is_omit_timespec(&ft.mtime)) { ++ round_timespec(fsp->conn->ts_res, &ft.mtime); ++ file_ntimes(fsp->conn, fsp, &ft); ++ } ++ ++ ok = mark_share_mode_disconnected(lck, fsp); ++ if (!ok) { ++ state->status = NT_STATUS_UNSUCCESSFUL; ++ return; ++ } ++ ++ if (br_lck == NULL) { ++ state->status = NT_STATUS_OK; ++ return; ++ } ++ ++ ok = brl_mark_disconnected(fsp, br_lck); ++ if (!ok) { ++ state->status = NT_STATUS_UNSUCCESSFUL; ++ return; ++ } ++ state->status = NT_STATUS_OK; ++} ++ + NTSTATUS vfs_default_durable_disconnect(struct files_struct *fsp, + const DATA_BLOB old_cookie, + TALLOC_CTX *mem_ctx, +@@ -143,8 +200,7 @@ NTSTATUS vfs_default_durable_disconnect(struct files_struct *fsp, + enum ndr_err_code ndr_err; + struct vfs_default_durable_cookie cookie; + DATA_BLOB new_cookie_blob = data_blob_null; +- struct share_mode_lock *lck; +- bool ok; ++ struct durable_disconnect_state state; + + *new_cookie = data_blob_null; + +@@ -198,52 +254,23 @@ NTSTATUS vfs_default_durable_disconnect(struct files_struct *fsp, + return NT_STATUS_NOT_SUPPORTED; + } + +- /* Ensure any pending write time updates are done. */ +- if (fsp->update_write_time_event) { +- fsp_flush_write_time_update(fsp); +- } ++ state = (struct durable_disconnect_state) { ++ .fsp = fsp, ++ }; + +- /* +- * The above checks are done in mark_share_mode_disconnected() too +- * but we want to avoid getting the lock if possible +- */ +- lck = get_existing_share_mode_lock(talloc_tos(), fsp->file_id); +- if (lck != NULL) { +- struct smb_file_time ft; +- +- init_smb_file_time(&ft); +- +- if (fsp->fsp_flags.write_time_forced) { +- NTTIME mtime = share_mode_changed_write_time(lck); +- ft.mtime = nt_time_to_full_timespec(mtime); +- } else if (fsp->fsp_flags.update_write_time_on_close) { +- if (is_omit_timespec(&fsp->close_write_time)) { +- ft.mtime = timespec_current(); +- } else { +- ft.mtime = fsp->close_write_time; +- } +- } +- +- if (!is_omit_timespec(&ft.mtime)) { +- round_timespec(conn->ts_res, &ft.mtime); +- file_ntimes(conn, fsp, &ft); +- } +- +- ok = mark_share_mode_disconnected(lck, fsp); +- if (!ok) { +- TALLOC_FREE(lck); +- } +- } +- if (lck != NULL) { +- ok = brl_mark_disconnected(fsp); +- if (!ok) { +- TALLOC_FREE(lck); +- } ++ status = share_mode_do_locked_brl(fsp, ++ default_durable_disconnect_fn, ++ &state); ++ if (!NT_STATUS_IS_OK(status)) { ++ DBG_ERR("share_mode_do_locked_brl [%s] failed: %s\n", ++ fsp_str_dbg(fsp), nt_errstr(status)); ++ return status; + } +- if (lck == NULL) { +- return NT_STATUS_NOT_SUPPORTED; ++ if (!NT_STATUS_IS_OK(state.status)) { ++ DBG_ERR("default_durable_disconnect_fn [%s] failed: %s\n", ++ fsp_str_dbg(fsp), nt_errstr(state.status)); ++ return state.status; + } +- TALLOC_FREE(lck); + + status = vfs_stat_fsp(fsp); + if (!NT_STATUS_IS_OK(status)) { +-- +2.49.0 + + +From 33afc50416b09f2c025975fd7a98686f046005ae Mon Sep 17 00:00:00 2001 +From: Ralph Boehme +Date: Wed, 2 Apr 2025 14:52:03 +0200 +Subject: [PATCH 23/24] smbd: use share_mode_do_locked_brl() in + vfs_default_durable_reconnect() + +BUG: https://bugzilla.samba.org/show_bug.cgi?id=15767 + +Signed-off-by: Ralph Boehme +Reviewed-by: Stefan Metzmacher +(backported from commit dc03a06ffcc79d0818ae4a36fe3f2df705144138) +[slow@samba.org: conflict due to removed delayed write time handling] +[slow@samba.org: conflict due to filename_convert_dirfsp_rel()] +--- + source3/locking/brlock.c | 15 +- + source3/locking/proto.h | 3 +- + source3/smbd/durable.c | 439 ++++++++++++++++++++------------------- + 3 files changed, 234 insertions(+), 223 deletions(-) + +diff --git a/source3/locking/brlock.c b/source3/locking/brlock.c +index 4dcae87691b..edc5c34ebc3 100644 +--- a/source3/locking/brlock.c ++++ b/source3/locking/brlock.c +@@ -1424,14 +1424,14 @@ bool brl_mark_disconnected(struct files_struct *fsp, + return true; + } + +-bool brl_reconnect_disconnected(struct files_struct *fsp) ++bool brl_reconnect_disconnected(struct files_struct *fsp, ++ struct byte_range_lock *br_lck) + { + uint32_t tid = fsp->conn->cnum; + uint64_t smblctx; + uint64_t fnum = fsp->fnum; + unsigned int i; + struct server_id self = messaging_server_id(fsp->conn->sconn->msg_ctx); +- struct byte_range_lock *br_lck = NULL; + + if (fsp->op == NULL) { + return false; +@@ -1449,13 +1449,7 @@ bool brl_reconnect_disconnected(struct files_struct *fsp) + * them instead. + */ + +- br_lck = brl_get_locks(talloc_tos(), fsp); +- if (br_lck == NULL) { +- return false; +- } +- + if (br_lck->num_locks == 0) { +- TALLOC_FREE(br_lck); + return true; + } + +@@ -1468,22 +1462,18 @@ bool brl_reconnect_disconnected(struct files_struct *fsp) + */ + + if (lock->context.smblctx != smblctx) { +- TALLOC_FREE(br_lck); + return false; + } + + if (lock->context.tid != TID_FIELD_INVALID) { +- TALLOC_FREE(br_lck); + return false; + } + + if (!server_id_is_disconnected(&lock->context.pid)) { +- TALLOC_FREE(br_lck); + return false; + } + + if (lock->fnum != FNUM_FIELD_INVALID) { +- TALLOC_FREE(br_lck); + return false; + } + +@@ -1494,7 +1484,6 @@ bool brl_reconnect_disconnected(struct files_struct *fsp) + + fsp->current_lock_count = br_lck->num_locks; + br_lck->modified = true; +- TALLOC_FREE(br_lck); + return true; + } + +diff --git a/source3/locking/proto.h b/source3/locking/proto.h +index d3b4e02bc26..37d382833fc 100644 +--- a/source3/locking/proto.h ++++ b/source3/locking/proto.h +@@ -83,7 +83,8 @@ struct brl_connectstate { + + bool brl_mark_disconnected(struct files_struct *fsp, + struct byte_range_lock *br_lck); +-bool brl_reconnect_disconnected(struct files_struct *fsp); ++bool brl_reconnect_disconnected(struct files_struct *fsp, ++ struct byte_range_lock *br_lck); + void brl_close_fnum(struct byte_range_lock *br_lck); + int brl_forall(void (*fn)(struct file_id id, struct server_id pid, + enum brl_type lock_type, +diff --git a/source3/smbd/durable.c b/source3/smbd/durable.c +index d315cb21ccc..82777d3b81b 100644 +--- a/source3/smbd/durable.c ++++ b/source3/smbd/durable.c +@@ -563,121 +563,42 @@ static bool durable_reconnect_fn( + return false; /* Look at potential other entries */ + } + +-NTSTATUS vfs_default_durable_reconnect(struct connection_struct *conn, +- struct smb_request *smb1req, +- struct smbXsrv_open *op, +- const DATA_BLOB old_cookie, +- TALLOC_CTX *mem_ctx, +- files_struct **result, +- DATA_BLOB *new_cookie) ++struct vfs_default_durable_reconnect_state { ++ NTSTATUS status; ++ TALLOC_CTX *mem_ctx; ++ struct smb_request *smb1req; ++ struct smbXsrv_open *op; ++ struct vfs_default_durable_cookie cookie; ++ struct files_struct *fsp; ++ DATA_BLOB new_cookie_blob; ++}; ++ ++static void vfs_default_durable_reconnect_fn(struct share_mode_lock *lck, ++ struct byte_range_lock *br_lck, ++ void *private_data) + { ++ struct vfs_default_durable_reconnect_state *state = private_data; + const struct loadparm_substitution *lp_sub = + loadparm_s3_global_substitution(); +- struct share_mode_lock *lck; ++ struct files_struct *fsp = state->fsp; + struct share_mode_entry e = { .pid = { .pid = 0, }}; +- struct durable_reconnect_state rstate = { .op = op, .e = &e, }; +- struct files_struct *fsp = NULL; +- NTSTATUS status; +- bool ok; +- int ret; ++ struct durable_reconnect_state rstate = { .op = state->op, .e = &e, }; + struct vfs_open_how how = { .flags = 0, }; + struct file_id file_id; +- struct smb_filename *smb_fname = NULL; +- enum ndr_err_code ndr_err; +- struct vfs_default_durable_cookie cookie; +- DATA_BLOB new_cookie_blob = data_blob_null; + bool have_share_mode_entry = false; +- +- *result = NULL; +- *new_cookie = data_blob_null; +- +- if (!lp_durable_handles(SNUM(conn))) { +- return NT_STATUS_NOT_SUPPORTED; +- } +- +- /* +- * the checks for kernel oplocks +- * and similar things are done +- * in the vfs_default_durable_cookie() +- * call below. +- */ +- +- ndr_err = ndr_pull_struct_blob_all( +- &old_cookie, +- talloc_tos(), +- &cookie, +- (ndr_pull_flags_fn_t)ndr_pull_vfs_default_durable_cookie); +- if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { +- status = ndr_map_error2ntstatus(ndr_err); +- return status; +- } +- +- if (strcmp(cookie.magic, VFS_DEFAULT_DURABLE_COOKIE_MAGIC) != 0) { +- return NT_STATUS_INVALID_PARAMETER; +- } +- +- if (cookie.version != VFS_DEFAULT_DURABLE_COOKIE_VERSION) { +- return NT_STATUS_INVALID_PARAMETER; +- } +- +- if (!cookie.allow_reconnect) { +- return NT_STATUS_OBJECT_NAME_NOT_FOUND; +- } +- +- if (strcmp(cookie.servicepath, conn->connectpath) != 0) { +- return NT_STATUS_OBJECT_NAME_NOT_FOUND; +- } +- +- /* Create an smb_filename with stream_name == NULL. */ +- smb_fname = synthetic_smb_fname(talloc_tos(), +- cookie.base_name, +- NULL, +- NULL, +- 0, +- 0); +- if (smb_fname == NULL) { +- return NT_STATUS_NO_MEMORY; +- } +- +- ret = SMB_VFS_LSTAT(conn, smb_fname); +- if (ret == -1) { +- status = map_nt_error_from_unix_common(errno); +- DEBUG(1, ("Unable to lstat stream: %s => %s\n", +- smb_fname_str_dbg(smb_fname), +- nt_errstr(status))); +- return status; +- } +- +- if (!S_ISREG(smb_fname->st.st_ex_mode)) { +- return NT_STATUS_OBJECT_NAME_NOT_FOUND; +- } +- +- file_id = vfs_file_id_from_sbuf(conn, &smb_fname->st); +- if (!file_id_equal(&cookie.id, &file_id)) { +- return NT_STATUS_OBJECT_NAME_NOT_FOUND; +- } +- +- /* +- * 1. check entry in locking.tdb +- */ +- +- lck = get_existing_share_mode_lock(mem_ctx, file_id); +- if (lck == NULL) { +- DEBUG(5, ("vfs_default_durable_reconnect: share-mode lock " +- "not obtained from db\n")); +- return NT_STATUS_OBJECT_NAME_NOT_FOUND; +- } ++ int ret; ++ bool ok; + + ok = share_mode_forall_entries(lck, durable_reconnect_fn, &rstate); + if (!ok) { + DBG_WARNING("share_mode_forall_entries failed\n"); +- status = NT_STATUS_INTERNAL_DB_ERROR; ++ state->status = NT_STATUS_INTERNAL_DB_ERROR; + goto fail; + } + + if (e.pid.pid == 0) { + DBG_WARNING("Did not find a unique valid share mode entry\n"); +- status = NT_STATUS_OBJECT_NAME_NOT_FOUND; ++ state->status = NT_STATUS_OBJECT_NAME_NOT_FOUND; + goto fail; + } + +@@ -685,69 +606,36 @@ NTSTATUS vfs_default_durable_reconnect(struct connection_struct *conn, + DEBUG(5, ("vfs_default_durable_reconnect: denying durable " + "reconnect for handle that was not marked " + "disconnected (e.g. smbd or cluster node died)\n")); +- status = NT_STATUS_OBJECT_NAME_NOT_FOUND; ++ state->status = NT_STATUS_OBJECT_NAME_NOT_FOUND; + goto fail; + } + +- if (e.share_file_id != op->global->open_persistent_id) { ++ if (e.share_file_id != state->op->global->open_persistent_id) { + DBG_INFO("denying durable " + "share_file_id changed %"PRIu64" != %"PRIu64" " + "(e.g. another client had opened the file)\n", + e.share_file_id, +- op->global->open_persistent_id); +- status = NT_STATUS_OBJECT_NAME_NOT_FOUND; ++ state->op->global->open_persistent_id); ++ state->status = NT_STATUS_OBJECT_NAME_NOT_FOUND; + goto fail; + } + + if ((e.access_mask & (FILE_WRITE_DATA|FILE_APPEND_DATA)) && +- !CAN_WRITE(conn)) ++ !CAN_WRITE(fsp->conn)) + { + DEBUG(5, ("vfs_default_durable_reconnect: denying durable " + "share[%s] is not writeable anymore\n", +- lp_servicename(talloc_tos(), lp_sub, SNUM(conn)))); +- status = NT_STATUS_OBJECT_NAME_NOT_FOUND; +- goto fail; +- } +- +- /* +- * 2. proceed with opening file +- */ +- +- status = fsp_new(conn, conn, &fsp); +- if (!NT_STATUS_IS_OK(status)) { +- DEBUG(0, ("vfs_default_durable_reconnect: failed to create " +- "new fsp: %s\n", nt_errstr(status))); ++ lp_servicename(talloc_tos(), lp_sub, SNUM(fsp->conn)))); ++ state->status = NT_STATUS_OBJECT_NAME_NOT_FOUND; + goto fail; + } + + fh_set_private_options(fsp->fh, e.private_options); +- fsp->file_id = file_id; +- fsp->file_pid = smb1req->smbpid; +- fsp->vuid = smb1req->vuid; + fsp->open_time = e.time; + fsp->access_mask = e.access_mask; + fsp->fsp_flags.can_read = ((fsp->access_mask & FILE_READ_DATA) != 0); + fsp->fsp_flags.can_write = ((fsp->access_mask & (FILE_WRITE_DATA|FILE_APPEND_DATA)) != 0); +- fsp->fnum = op->local_id; +- fsp_set_gen_id(fsp); + +- /* +- * TODO: +- * Do we need to store the modified flag in the DB? +- */ +- fsp->fsp_flags.modified = false; +- /* +- * no durables for directories +- */ +- fsp->fsp_flags.is_directory = false; +- /* +- * For normal files, can_lock == !is_directory +- */ +- fsp->fsp_flags.can_lock = true; +- /* +- * We do not support aio write behind for smb2 +- */ +- fsp->fsp_flags.aio_write_behind = false; + fsp->oplock_type = e.op_type; + + if (fsp->oplock_type == LEASE_OPLOCK) { +@@ -760,21 +648,21 @@ NTSTATUS vfs_default_durable_reconnect(struct connection_struct *conn, + */ + if (!GUID_equal(fsp_client_guid(fsp), + &e.client_guid)) { +- status = NT_STATUS_OBJECT_NAME_NOT_FOUND; ++ state->status = NT_STATUS_OBJECT_NAME_NOT_FOUND; + goto fail; + } + +- status = leases_db_get( ++ state->status = leases_db_get( + &e.client_guid, + &e.lease_key, +- &file_id, ++ &fsp->file_id, + ¤t_state, /* current_state */ + NULL, /* breaking */ + NULL, /* breaking_to_requested */ + NULL, /* breaking_to_required */ + &lease_version, /* lease_version */ + &epoch); /* epoch */ +- if (!NT_STATUS_IS_OK(status)) { ++ if (!NT_STATUS_IS_OK(state->status)) { + goto fail; + } + +@@ -785,53 +673,46 @@ NTSTATUS vfs_default_durable_reconnect(struct connection_struct *conn, + lease_version, + epoch); + if (fsp->lease == NULL) { +- status = NT_STATUS_NO_MEMORY; ++ state->status = NT_STATUS_NO_MEMORY; + goto fail; + } + } + +- fsp->initial_allocation_size = cookie.initial_allocation_size; +- fh_set_position_information(fsp->fh, cookie.position_information); ++ fsp->initial_allocation_size = state->cookie.initial_allocation_size; ++ fh_set_position_information(fsp->fh, state->cookie.position_information); + fsp->fsp_flags.update_write_time_triggered = +- cookie.update_write_time_triggered; ++ state->cookie.update_write_time_triggered; + fsp->fsp_flags.update_write_time_on_close = +- cookie.update_write_time_on_close; +- fsp->fsp_flags.write_time_forced = cookie.write_time_forced; ++ state->cookie.update_write_time_on_close; ++ fsp->fsp_flags.write_time_forced = state->cookie.write_time_forced; + fsp->close_write_time = nt_time_to_full_timespec( +- cookie.close_write_time); ++ state->cookie.close_write_time); + +- status = fsp_set_smb_fname(fsp, smb_fname); +- if (!NT_STATUS_IS_OK(status)) { +- DEBUG(0, ("vfs_default_durable_reconnect: " +- "fsp_set_smb_fname failed: %s\n", +- nt_errstr(status))); +- goto fail; +- } +- +- op->compat = fsp; +- fsp->op = op; ++ state->op->compat = fsp; ++ fsp->op = state->op; + + ok = reset_share_mode_entry( + lck, + e.pid, + e.share_file_id, +- messaging_server_id(conn->sconn->msg_ctx), +- smb1req->mid, ++ messaging_server_id(fsp->conn->sconn->msg_ctx), ++ state->smb1req->mid, + fh_get_gen_id(fsp->fh)); + if (!ok) { + DBG_DEBUG("Could not set new share_mode_entry values\n"); +- status = NT_STATUS_INTERNAL_ERROR; ++ state->status = NT_STATUS_INTERNAL_ERROR; + goto fail; + } + have_share_mode_entry = true; + +- ok = brl_reconnect_disconnected(fsp); +- if (!ok) { +- status = NT_STATUS_INTERNAL_ERROR; +- DEBUG(1, ("vfs_default_durable_reconnect: " +- "failed to reopen brlocks: %s\n", +- nt_errstr(status))); +- goto fail; ++ if (br_lck != NULL) { ++ ok = brl_reconnect_disconnected(fsp, br_lck); ++ if (!ok) { ++ state->status = NT_STATUS_INTERNAL_ERROR; ++ DBG_ERR("failed to reopen brlocks: %s\n", ++ nt_errstr(state->status)); ++ goto fail; ++ } + } + + /* +@@ -845,10 +726,9 @@ NTSTATUS vfs_default_durable_reconnect(struct connection_struct *conn, + how.flags = O_RDONLY; + } + +- status = fd_openat(conn->cwd_fsp, fsp->fsp_name, fsp, &how); +- if (!NT_STATUS_IS_OK(status)) { +- DEBUG(1, ("vfs_default_durable_reconnect: failed to open " +- "file: %s\n", nt_errstr(status))); ++ state->status = fd_openat(fsp->conn->cwd_fsp, fsp->fsp_name, fsp, &how); ++ if (!NT_STATUS_IS_OK(state->status)) { ++ DBG_ERR("failed to open file: %s\n", nt_errstr(state->status)); + goto fail; + } + +@@ -863,70 +743,66 @@ NTSTATUS vfs_default_durable_reconnect(struct connection_struct *conn, + + ret = SMB_VFS_FSTAT(fsp, &fsp->fsp_name->st); + if (ret == -1) { +- status = map_nt_error_from_unix_common(errno); +- DEBUG(1, ("Unable to fstat stream: %s => %s\n", +- smb_fname_str_dbg(smb_fname), +- nt_errstr(status))); ++ state->status = map_nt_error_from_unix_common(errno); ++ DBG_ERR("Unable to fstat stream: %s => %s\n", ++ fsp_str_dbg(fsp), ++ nt_errstr(state->status)); + goto fail; + } + + if (!S_ISREG(fsp->fsp_name->st.st_ex_mode)) { +- status = NT_STATUS_OBJECT_NAME_NOT_FOUND; ++ state->status = NT_STATUS_OBJECT_NAME_NOT_FOUND; + goto fail; + } + +- file_id = vfs_file_id_from_sbuf(conn, &fsp->fsp_name->st); +- if (!file_id_equal(&cookie.id, &file_id)) { +- status = NT_STATUS_OBJECT_NAME_NOT_FOUND; ++ file_id = vfs_file_id_from_sbuf(fsp->conn, &fsp->fsp_name->st); ++ if (!file_id_equal(&state->cookie.id, &file_id)) { ++ state->status = NT_STATUS_OBJECT_NAME_NOT_FOUND; + goto fail; + } + + (void)fdos_mode(fsp); + +- ok = vfs_default_durable_reconnect_check_stat(&cookie.stat_info, ++ ok = vfs_default_durable_reconnect_check_stat(&state->cookie.stat_info, + &fsp->fsp_name->st, + fsp_str_dbg(fsp)); + if (!ok) { +- status = NT_STATUS_OBJECT_NAME_NOT_FOUND; ++ state->status = NT_STATUS_OBJECT_NAME_NOT_FOUND; + goto fail; + } + +- status = set_file_oplock(fsp); +- if (!NT_STATUS_IS_OK(status)) { ++ state->status = set_file_oplock(fsp); ++ if (!NT_STATUS_IS_OK(state->status)) { + goto fail; + } + +- status = vfs_default_durable_cookie(fsp, mem_ctx, &new_cookie_blob); +- if (!NT_STATUS_IS_OK(status)) { +- DEBUG(1, ("vfs_default_durable_reconnect: " +- "vfs_default_durable_cookie - %s\n", +- nt_errstr(status))); ++ state->status = vfs_default_durable_cookie(fsp, ++ state->mem_ctx, ++ &state->new_cookie_blob); ++ if (!NT_STATUS_IS_OK(state->status)) { ++ DBG_ERR("vfs_default_durable_cookie - %s\n", ++ nt_errstr(state->status)); + goto fail; + } + +- smb1req->chain_fsp = fsp; +- smb1req->smb2req->compat_chain_fsp = fsp; +- +- DEBUG(10, ("vfs_default_durable_reconnect: opened file '%s'\n", +- fsp_str_dbg(fsp))); ++ state->smb1req->chain_fsp = fsp; ++ state->smb1req->smb2req->compat_chain_fsp = fsp; + +- TALLOC_FREE(lck); ++ DBG_DEBUG("opened file '%s'\n", fsp_str_dbg(fsp)); + + fsp->fsp_flags.is_fsa = true; + +- *result = fsp; +- *new_cookie = new_cookie_blob; +- +- return NT_STATUS_OK; ++ state->status = NT_STATUS_OK; ++ return; + + fail: +- if (fsp != NULL && have_share_mode_entry) { ++ if (have_share_mode_entry) { + /* + * Something is screwed up, delete the sharemode entry. + */ + del_share_mode(lck, fsp); + } +- if (fsp != NULL && fsp_get_pathref_fd(fsp) != -1) { ++ if (fsp_get_pathref_fd(fsp) != -1) { + NTSTATUS close_status; + close_status = fd_close(fsp); + if (!NT_STATUS_IS_OK(close_status)) { +@@ -934,11 +810,156 @@ fail: + nt_errstr(close_status)); + } + } +- TALLOC_FREE(lck); +- if (fsp != NULL) { +- op->compat = NULL; +- fsp->op = NULL; +- file_free(smb1req, fsp); ++ state->op->compat = NULL; ++ fsp->op = NULL; ++} ++ ++NTSTATUS vfs_default_durable_reconnect(struct connection_struct *conn, ++ struct smb_request *smb1req, ++ struct smbXsrv_open *op, ++ const DATA_BLOB old_cookie, ++ TALLOC_CTX *mem_ctx, ++ files_struct **result, ++ DATA_BLOB *new_cookie) ++{ ++ struct vfs_default_durable_reconnect_state state; ++ struct smb_filename *smb_fname = NULL; ++ struct file_id file_id; ++ NTSTATUS status; ++ enum ndr_err_code ndr_err; ++ int ret; ++ ++ *result = NULL; ++ *new_cookie = data_blob_null; ++ ++ if (!lp_durable_handles(SNUM(conn))) { ++ return NT_STATUS_NOT_SUPPORTED; ++ } ++ ++ state = (struct vfs_default_durable_reconnect_state) { ++ .mem_ctx = mem_ctx, ++ .smb1req = smb1req, ++ .op = op, ++ }; ++ ++ /* ++ * the checks for kernel oplocks ++ * and similar things are done ++ * in the vfs_default_durable_cookie() ++ * call below. ++ */ ++ ++ ndr_err = ndr_pull_struct_blob_all( ++ &old_cookie, ++ talloc_tos(), ++ &state.cookie, ++ (ndr_pull_flags_fn_t)ndr_pull_vfs_default_durable_cookie); ++ if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { ++ status = ndr_map_error2ntstatus(ndr_err); ++ return status; + } +- return status; ++ ++ if (strcmp(state.cookie.magic, VFS_DEFAULT_DURABLE_COOKIE_MAGIC) != 0) { ++ return NT_STATUS_INVALID_PARAMETER; ++ } ++ ++ if (state.cookie.version != VFS_DEFAULT_DURABLE_COOKIE_VERSION) { ++ return NT_STATUS_INVALID_PARAMETER; ++ } ++ ++ if (!state.cookie.allow_reconnect) { ++ return NT_STATUS_OBJECT_NAME_NOT_FOUND; ++ } ++ ++ if (strcmp(state.cookie.servicepath, conn->connectpath) != 0) { ++ return NT_STATUS_OBJECT_NAME_NOT_FOUND; ++ } ++ ++ /* Create an smb_filename with stream_name == NULL. */ ++ smb_fname = synthetic_smb_fname(talloc_tos(), ++ state.cookie.base_name, ++ NULL, ++ NULL, ++ 0, ++ 0); ++ if (smb_fname == NULL) { ++ return NT_STATUS_NO_MEMORY; ++ } ++ ++ ret = SMB_VFS_LSTAT(conn, smb_fname); ++ if (ret == -1) { ++ status = map_nt_error_from_unix_common(errno); ++ DEBUG(1, ("Unable to lstat stream: %s => %s\n", ++ smb_fname_str_dbg(smb_fname), ++ nt_errstr(status))); ++ return status; ++ } ++ if (!S_ISREG(smb_fname->st.st_ex_mode)) { ++ return NT_STATUS_OBJECT_NAME_NOT_FOUND; ++ } ++ ++ file_id = vfs_file_id_from_sbuf(conn, &smb_fname->st); ++ if (!file_id_equal(&state.cookie.id, &file_id)) { ++ return NT_STATUS_OBJECT_NAME_NOT_FOUND; ++ } ++ ++ status = fsp_new(conn, conn, &state.fsp); ++ if (!NT_STATUS_IS_OK(status)) { ++ DBG_ERR("failed to create new fsp: %s\n", ++ nt_errstr(status)); ++ return status; ++ } ++ state.fsp->file_id = file_id; ++ state.fsp->file_pid = smb1req->smbpid; ++ state.fsp->vuid = smb1req->vuid; ++ state.fsp->fnum = op->local_id; ++ fsp_set_gen_id(state.fsp); ++ ++ status = fsp_set_smb_fname(state.fsp, smb_fname); ++ if (!NT_STATUS_IS_OK(status)) { ++ DBG_ERR("fsp_set_smb_fname failed: %s\n", ++ nt_errstr(status)); ++ file_free(smb1req, state.fsp); ++ return status; ++ } ++ ++ /* ++ * TODO: ++ * Do we need to store the modified flag in the DB? ++ */ ++ state.fsp->fsp_flags.modified = false; ++ /* ++ * no durables for directories ++ */ ++ state.fsp->fsp_flags.is_directory = false; ++ /* ++ * For normal files, can_lock == !is_directory ++ */ ++ state.fsp->fsp_flags.can_lock = true; ++ /* ++ * We do not support aio write behind for smb2 ++ */ ++ state.fsp->fsp_flags.aio_write_behind = false; ++ ++ status = share_mode_do_locked_brl(state.fsp, ++ vfs_default_durable_reconnect_fn, ++ &state); ++ if (!NT_STATUS_IS_OK(status)) { ++ DBG_ERR("share_mode_do_locked_brl [%s] failed: %s\n", ++ smb_fname_str_dbg(smb_fname), nt_errstr(status)); ++ file_free(smb1req, state.fsp); ++ return status; ++ } ++ if (!NT_STATUS_IS_OK(state.status)) { ++ DBG_ERR("default_durable_reconnect_fn [%s] failed: %s\n", ++ smb_fname_str_dbg(smb_fname), ++ nt_errstr(state.status)); ++ file_free(smb1req, state.fsp); ++ return state.status; ++ } ++ ++ *result = state.fsp; ++ *new_cookie = state.new_cookie_blob; ++ ++ return NT_STATUS_OK; + } +-- +2.49.0 + + +From 810c9268742b761d3e32aedb624d343bdf51d467 Mon Sep 17 00:00:00 2001 +From: Ralph Boehme +Date: Tue, 28 Jan 2025 14:48:39 +0100 +Subject: [PATCH 24/24] s3:rpc_server/srvsvc: use brl_get_locks_readonly() + instead of brl_get_locks() + +No need to keep the record locked longer then needed. + +BUG: https://bugzilla.samba.org/show_bug.cgi?id=15767 + +Signed-off-by: Ralph Boehme +Reviewed-by: Stefan Metzmacher +(cherry picked from commit c36cc2b6720a2cfe54ce52a500dc499418e27e34) +--- + source3/rpc_server/srvsvc/srv_srvsvc_nt.c | 12 +++++++++--- + 1 file changed, 9 insertions(+), 3 deletions(-) + +diff --git a/source3/rpc_server/srvsvc/srv_srvsvc_nt.c b/source3/rpc_server/srvsvc/srv_srvsvc_nt.c +index 1129576f751..b19baf9e625 100644 +--- a/source3/rpc_server/srvsvc/srv_srvsvc_nt.c ++++ b/source3/rpc_server/srvsvc/srv_srvsvc_nt.c +@@ -192,17 +192,23 @@ static WERROR net_enum_files(TALLOC_CTX *ctx, + /* need to count the number of locks on a file */ + + for (i=0; i<(*ctr3)->count; i++) { +- struct files_struct fsp = { .file_id = f_enum_cnt.fids[i], }; ++ struct files_struct *fsp = NULL; + struct byte_range_lock *brl = NULL; + +- brl = brl_get_locks(ctx, &fsp); ++ fsp = talloc_zero(talloc_tos(), struct files_struct); ++ if (fsp == NULL) { ++ return WERR_NOT_ENOUGH_MEMORY; ++ } ++ fsp->file_id = f_enum_cnt.fids[i]; ++ ++ brl = brl_get_locks_readonly(fsp); + if (brl == NULL) { + continue; + } + + (*ctr3)->array[i].num_locks = brl_num_locks(brl); +- + TALLOC_FREE(brl); ++ TALLOC_FREE(fsp); + } + + return WERR_OK; +-- +2.49.0 + diff --git a/SOURCES/samba-4.20.2.tar.asc b/SOURCES/samba-4.20.2.tar.asc deleted file mode 100644 index 4f87006..0000000 --- a/SOURCES/samba-4.20.2.tar.asc +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQIzBAABCgAdFiEEgfXigyvSVFoYl7cTqplEL7aAtiAFAmZy684ACgkQqplEL7aA -tiDXDw/+KleJ11LLq5ZlXMlj11niRCETErY8cuoZ9VX04lfRwRBnplpKKLSQuFit -5HeY5ED65DhbpGzPfLPx7xOw4wyFc/bXhHPTgF3Ybj8TKkEcaMmkpD3V8FPa4NAt -vNZ3alLQLP//kgRXnqeV9pfa4slx17G6WeBLbpd8b4SbgPMgokJt7hL3nWfBrFE9 -p6B+TKZcwfoCn9ufz1UxMpBFtpSK0yF0S7CQcdv3JrBNIYhULuXbnAnLCHcH1RqW -xreoxZPnMx+SrYb0iHyKbkMsDujCqBKm9CyS13Yt9DjI49lv0pBwQFnaqtR4Xm/D -BU2XIWLLInUecxtUOBtsa046h55fLQPgkb+WYob++iA9r91y4JAZIiAxdVrNLsxR -BiFUxkL7EPtyptT84xNjpQ3CTZuw8tlHu/sJ1/XHRUFMtRGjiMqJp7ULsVQDfwET -7T+HHrVHNstddb9A6WfM8qSItoMfGUlYyzTQ2d3OmrbGRnB0qf+zg9DI+vXv5Itx -M23we8ljSadCnc/kqz3Z6gefI538WWDnbXIljRqDxuzwaSXhMd4heG+xIAAO0Of5 -ziyCVQ/n8gnyXQmC82Xlebc3mYki8UoyYWdbVNJZAOEo/LuBql1OkjOhkhMcBDmr -qvD6f+0+MA4nydmVhI/q/pmo7nAUD3SAxmRKrVTwjpjcAnZ4IGw= -=CGiK ------END PGP SIGNATURE----- diff --git a/SOURCES/samba-4.21.3.tar.asc b/SOURCES/samba-4.21.3.tar.asc new file mode 100644 index 0000000..a9ae09f --- /dev/null +++ b/SOURCES/samba-4.21.3.tar.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCgAdFiEEgfXigyvSVFoYl7cTqplEL7aAtiAFAmd796YACgkQqplEL7aA +tiAdpA/9EodazpG4Vo534WW3aKiBxEWt0LzGjDZ6GUbTpCRIJE+a/a36rxbAgHFH +Mpc9mVnCI6/UWv1plnsLwNG4RnC/o0tDrw2ttvIX/ZEiWEPWU38sgfZ+vlwX1r2B +3Hi7Uym4br0SmPwrep5kPfjnE396ftlnC6YMHXZ+tg3i6y8m6msr8rEB8ejLx7RF +qXtJ/YO4HK2DrE51l/Ziyav9FwBgVoE9Sl0oXwLoUX5lhWh6qNe8Qz+bd0s36x1e +5w+ocSNuD2ph5uO1W+pmdOJyMgq8QFchOwxdHi454nRrelp7Kwtb2ARBHrFwoQ+V +kinQlufJ0sb59imso65Tl3EGuuV61CUQgGx9Ln9/wBMXdiPDNhi/H+ikH2AeVzpz +DFuL9WEU/HYT4thCKlNox5T8s90/95vT5MlN2q/CJhFjIti6mb7iM9uxatGFzUBI +A3OxPRc9IbORTEPYxLzsuPrxo+bcFXg0Go8SoNa4W3NYIehMDqnuWOOnC/ixleta +ig635ivxl5owC1CC/GzilBnJ/Tq4bzbZOrYDeYCYa5FkXv9EaTIT9JQcRr0LJcDS +Z43RoD9g9tG6tIea0XyAaPkfVillfnf70vcuelxycl3bhhuvSZUQ+8cqQ0vuUg1V +pcclEjCcgIecIR9r2zSv5S5EldS7hQ6t5pCC5KcJKyeq+LLaj5s= +=DkSu +-----END PGP SIGNATURE----- diff --git a/SPECS/samba.spec b/SPECS/samba.spec index 30bf993..00ce1e3 100644 --- a/SPECS/samba.spec +++ b/SPECS/samba.spec @@ -1,3 +1,13 @@ +## START: Set by rpmautospec +## (rpmautospec version 0.6.5) +## RPMAUTOSPEC: autorelease, autochangelog +%define autorelease(e:s:pb:n) %{?-p:0.}%{lua: + release_number = 5; + base_release_number = tonumber(rpm.expand("%{?-b*}%{!?-b:1}")); + print(release_number + base_release_number - 1); +}%{?-e:.%{-e*}}%{?-s:.%{-s*}}%{!?-n:%{?dist}} +## END: Set by rpmautospec + # The testsuite is disabled by default. # # To build and run the tests use: @@ -8,7 +18,7 @@ # %bcond_with testsuite -# Build with internal talloc, tevent, tdb and ldb. +# Build with internal talloc, tevent, tdb # # fedpkg mockbuild --with=testsuite --with=includelibs # or @@ -55,9 +65,7 @@ # Build vfs_ceph module and ctdb cepth mutex helper by default on 64bit Fedora %if 0%{?fedora} -# ppc64le excluded pending resolution of https://gcc.gnu.org/bugzilla/show_bug.cgi?id=104172 -#%%ifarch aarch64 ppc64le s390x x86_64 -%ifarch aarch64 s390x x86_64 riscv64 +%ifarch aarch64 ppc64le s390x x86_64 riscv64 %bcond_without vfs_cephfs %bcond_without ceph_mutex %else @@ -144,16 +152,30 @@ %bcond_with gpupdate %endif -%define samba_requires_eq() %(LC_ALL="C" echo '%*' | xargs -r rpm -q --qf 'Requires: %%{name} = %%{epoch}:%%{version}\\n' | sed -e 's/ (none):/ /' -e 's/ 0:/ /' | grep -v "is not") +%ifarch aarch64 ppc64le s390x x86_64 +%bcond lmdb 1 +%else +%bcond lmdb 0 +%endif + +%global samba_version 4.21.3 + +# The release field is extended: +# [.][.]%%{?dist}[.] +# Square brackets indicate an optional item. +# +# The autorelease macro accepts these parameters to allow packagers to specify +# those added fields: +# +# -p: Designates a pre-release, i.e. pkgrel will be prefixed with '0.'. +# -e : Allows specifying the extraver portion of the release. +# -b : Allows specifying a custom base release number (the +# default is 1). +%global samba_release %autorelease -%global samba_version 4.20.2 -%global baserelease 2 -# This should be rc1 or %%nil %global pre_release %nil - -%global samba_release %{baserelease} %if "x%{?pre_release}" != "x" -%global samba_release 0.%{baserelease}.%{pre_release} +%global samba_release %autorelease -p -e %pre_release %endif @@ -164,13 +186,14 @@ %global libdcerpc_so_version 0 %global libndr_krb5pac_so_version 0 %global libndr_nbt_so_version 0 -%global libndr_so_version 4 +%global libndr_so_version 5 %global libndr_standard_so_version 0 %global libnetapi_so_version 1 %global libsamba_credentials_so_version 1 %global libsamba_errors_so_version 1 %global libsamba_hostconfig_so_version 0 %global libsamba_passdb_so_version 0 +%global libsamba_policy_so_version 0 %global libsamba_util_so_version 0 %global libsamdb_so_version 0 %global libsmbconf_so_version 0 @@ -181,9 +204,8 @@ %global libwbclient_so_version 0 %global talloc_version 2.4.2 -%global tdb_version 1.4.10 +%global tdb_version 1.4.12 %global tevent_version 0.16.1 -%global ldb_version 2.9.1 %global required_mit_krb5 1.20.1 @@ -205,7 +227,7 @@ Name: samba Version: %{samba_version} -Release: %{samba_release}%{?dist}.1 +Release: %{samba_release} %if 0%{?fedora} Epoch: 2 @@ -242,11 +264,11 @@ Source202: samba.abignore # # git clone git@gitlab.com:samba-redhat/samba.git # cd samba -# git checkout v4-20-redhat -# git format-patch --stdout -l1 --no-renames -N > redhat-4.20.2.patch +# git checkout v4-21-redhat +# git format-patch --stdout -l1 --no-renames -N > redhat-4.21.patch # where N is number of commits -Patch0: redhat-4.20.2.patch +Patch0: redhat-4.21.patch Requires(pre): %{name}-common = %{samba_depver} Requires: %{name}-common = %{samba_depver} @@ -255,6 +277,7 @@ Requires: %{name}-common-tools = %{samba_depver} Requires: %{name}-client-libs = %{samba_depver} Requires: %{name}-libs = %{samba_depver} Requires: %{name}-dcerpc = %{samba_depver} +Requires: libldb = %{samba_depver} Requires: libnetapi = %{samba_depver} %if %{with libwbclient} Requires(post): libwbclient = %{samba_depver} @@ -291,6 +314,7 @@ BuildRequires: bison BuildRequires: cups-devel BuildRequires: dbus-devel BuildRequires: docbook-style-xsl +BuildRequires: doxygen BuildRequires: e2fsprogs-devel BuildRequires: flex BuildRequires: gawk @@ -309,7 +333,10 @@ BuildRequires: libcmocka-devel BuildRequires: libtirpc-devel BuildRequires: libuuid-devel BuildRequires: libxslt +%if %{with lmdb} BuildRequires: lmdb +BuildRequires: lmdb-devel >= 0.9.16 +%endif %if %{with winexe} BuildRequires: mingw32-gcc BuildRequires: mingw64-gcc @@ -389,20 +416,9 @@ BuildRequires: python3-tevent >= %{tevent_version} BuildRequires: libtdb-devel >= %{tdb_version} BuildRequires: python3-tdb >= %{tdb_version} - -BuildRequires: libldb-devel >= %{ldb_version} -BuildRequires: python3-ldb >= %{ldb_version} -BuildRequires: python3-ldb-devel >= %{ldb_version} %endif -%if %{with includelibs} || %{with testsuite} -# lmdb-devel is required for the mdb ldb module, if samba is configured -# to build includelibs we need lmdb-devel for building that module on our own -BuildRequires: lmdb-devel -#endif without includelibs -%endif - -%if %{with dc} || %{with testsuite} +%if %{with dc} BuildRequires: bind BuildRequires: krb5-server >= %{required_mit_krb5} %if 0%{?fedora} || 0%{?rhel} >= 9 @@ -417,11 +433,38 @@ BuildRequires: python3-setproctitle %if %{without includelibs} BuildRequires: tdb-tools -BuildRequires: ldb-tools #endif without includelibs %endif -#endif with dc || with testsuite +#endif with dc +%endif + +%if %{with testsuite} +BuildRequires: bind-utils +BuildRequires: glibc-langpack-en +BuildRequires: git +BuildRequires: gnutls-utils +BuildRequires: jq +BuildRequires: krb5-pkinit +BuildRequires: krb5-workstation +BuildRequires: lmdb +BuildRequires: nss_wrapper +BuildRequires: pam_wrapper +BuildRequires: perl-Archive-Tar +BuildRequires: perl-Digest-MD5 +BuildRequires: perl-ExtUtils-MakeMaker +BuildRequires: perl-JSON +BuildRequires: perl-JSON-Parse +BuildRequires: perl-Parse-Yapp +BuildRequires: perl-Test-Base +BuildRequires: psmisc +BuildRequires: python3-libpamtest +BuildRequires: resolv_wrapper +BuildRequires: rsync +BuildRequires: socket_wrapper +BuildRequires: sudo +BuildRequires: uid_wrapper +#endif with testsuite %endif # filter out perl requirements pulled in from examples in the docdir. @@ -440,6 +483,7 @@ Requires(pre): %{name}-common = %{samba_depver} Requires: %{name}-common = %{samba_depver} Requires: %{name}-common-libs = %{samba_depver} Requires: %{name}-client-libs = %{samba_depver} +Requires: libldb = %{samba_depver} %if %{with libsmbclient} Requires: libsmbclient = %{samba_depver} %endif @@ -466,6 +510,7 @@ Summary: Samba client libraries Requires(pre): %{name}-common = %{samba_depver} Requires: %{name}-common = %{samba_depver} Requires: %{name}-common-libs = %{samba_depver} +Requires: libldb = %{samba_depver} %if %{with libwbclient} Requires: libwbclient = %{samba_depver} %endif @@ -500,6 +545,7 @@ Summary: Libraries used by both Samba servers and clients Requires(pre): samba-common = %{samba_depver} Requires: samba-common = %{samba_depver} Requires: %{name}-client-libs = %{samba_depver} +Requires: libldb = %{samba_depver} %if %{with libwbclient} Requires: libwbclient = %{samba_depver} %endif @@ -540,6 +586,7 @@ Requires: samba-common-libs = %{samba_depver} Requires: samba-client-libs = %{samba_depver} Requires: samba-libs = %{samba_depver} Requires: samba-ldb-ldap-modules = %{samba_depver} +Requires: libldb = %{samba_depver} Requires: libnetapi = %{samba_depver} %if %{with libwbclient} Requires: libwbclient = %{samba_depver} @@ -559,7 +606,9 @@ Requires: python3-%{name} = %{samba_depver} Requires: python3-%{name}-dc = %{samba_depver} %if %{with dc} # samba-tool needs mdb_copy and tdbackup for domain backup or upgrade provision +%if %{with lmdb} Requires: lmdb +%endif Requires: tdb-tools Requires: python3-gpg %endif @@ -574,6 +623,7 @@ Summary: DCE RPC binaries Requires: samba-common-libs = %{samba_depver} Requires: samba-client-libs = %{samba_depver} Requires: samba-libs = %{samba_depver} +Requires: libldb = %{samba_depver} Requires: libnetapi = %{samba_depver} %if %{with libwbclient} Requires: libwbclient = %{samba_depver} @@ -603,11 +653,7 @@ Requires: libwbclient = %{samba_depver} Requires: ldb-tools Requires: python3-setproctitle -# Force using libldb version to be the same as build version -# Otherwise LDB modules will not be loaded and samba-tool will fail -# See bug 1507420 -%samba_requires_eq libldb - +Requires: libldb = %{samba_depver} Requires: python3-%{name} = %{samba_depver} Requires: python3-%{name}-dc = %{samba_depver} Requires: krb5-server >= %{required_mit_krb5} @@ -638,6 +684,8 @@ Summary: Samba AD Domain Controller Libraries Requires: %{name}-client-libs = %{samba_depver} Requires: %{name}-common-libs = %{samba_depver} Requires: %{name}-libs = %{samba_depver} +Requires: libldb = %{samba_depver} +Requires: libwbclient = %{samba_depver} Provides: samba4-dc-libs = %{samba_depver} Obsoletes: samba4-dc-libs < %{samba_depver} @@ -658,6 +706,8 @@ Requires: %{name}-dc-libs = %{samba_depver} Requires: %{name}-dc = %{samba_depver} Requires: %{name}-libs = %{samba_depver} Requires: bind +Requires: libldb = %{samba_depver} +Requires: libwbclient = %{samba_depver} Provides: bundled(libreplace) @@ -672,13 +722,13 @@ name server related details of Samba AD. Summary: Developer tools for Samba libraries Requires: %{name}-libs = %{samba_depver} Requires: %{name}-client-libs = %{samba_depver} -%if %{with dc} Requires: %{name}-dc-libs = %{samba_depver} -%endif Requires: libnetapi = %{samba_depver} Provides: samba4-devel = %{samba_depver} Obsoletes: samba4-devel < %{samba_depver} +Provides: python3-samba-devel = %{samba_depver} +Obsoletes: python3-samba-devel < %{samba_depver} %description devel The %{name}-devel package contains the header files for the libraries @@ -692,6 +742,8 @@ Summary: Samba VFS module for Ceph distributed storage system Requires: %{name} = %{samba_depver} Requires: %{name}-client-libs = %{samba_depver} Requires: %{name}-libs = %{samba_depver} +Requires: libldb = %{samba_depver} +Requires: libwbclient = %{samba_depver} Provides: bundled(libreplace) @@ -707,6 +759,8 @@ Summary: Samba VFS module for io_uring Requires: %{name} = %{samba_depver} Requires: %{name}-libs = %{samba_depver} Requires: %{name}-client-libs = %{samba_depver} +Requires: libldb = %{samba_depver} +Requires: libwbclient = %{samba_depver} Provides: bundled(libreplace) @@ -725,6 +779,7 @@ Requires: %{name} = %{samba_depver} Requires: %{name}-common-libs = %{samba_depver} Requires: %{name}-client-libs = %{samba_depver} Requires: %{name}-libs = %{samba_depver} +Requires: libldb = %{samba_depver} %if %{with libwbclient} Requires: libwbclient = %{samba_depver} %endif @@ -776,6 +831,8 @@ the Kerberos credentials cache of the user issuing the print job. Summary: Samba ldap modules for ldb Requires: %{name}-client-libs = %{samba_depver} Requires: %{name}-common-libs = %{samba_depver} +Requires: libldb = %{samba_depver} +Requires: libwbclient = %{samba_depver} %description ldb-ldap-modules This package contains the ldb ldap modules required by samba-tool and @@ -786,6 +843,7 @@ samba-gpupdate. Summary: Samba libraries Requires: %{name}-common-libs = %{samba_depver} Requires: %{name}-client-libs = %{samba_depver} +Requires: libldb = %{samba_depver} %if %{with libwbclient} Requires: libwbclient = %{samba_depver} %endif @@ -806,6 +864,8 @@ Requires(pre): %{name}-common = %{samba_depver} Requires: %{name}-common = %{samba_depver} Requires: %{name}-common-libs = %{samba_depver} Requires: %{name}-client-libs = %{samba_depver} +Requires: libldb = %{samba_depver} +Requires: libwbclient = %{samba_depver} %description -n libnetapi This contains the NETAPI library from the Samba suite. @@ -826,6 +886,7 @@ Requires(pre): %{name}-common = %{samba_depver} Requires: %{name}-common = %{samba_depver} Requires: %{name}-common-libs = %{samba_depver} Requires: %{name}-client-libs = %{samba_depver} +Requires: libldb = %{samba_depver} %if %{with libwbclient} Requires: libwbclient = %{samba_depver} %endif @@ -883,6 +944,7 @@ Requires: python3-requests Requires: python3-talloc Requires: python3-tdb Requires: python3-tevent +Requires: libldb = %{samba_depver} %if %{with libsmbclient} Requires: libsmbclient = %{samba_depver} %endif @@ -896,13 +958,6 @@ Provides: bundled(libreplace) The python3-%{name} package contains the Python 3 libraries needed by programs that use SMB, RPC and other Samba provided protocols in Python 3 programs. -%package -n python3-%{name}-devel -Summary: Samba python devel files -Requires: python3-%{name} = %{samba_depver} - -%description -n python3-%{name}-devel -The python3-%{name}-devel package contains the Python 3 devel files. - %package -n python3-samba-test Summary: Samba Python libraries Requires: python3-%{name} = %{samba_depver} @@ -920,6 +975,8 @@ Requires: %{name}-dc-libs = %{samba_depver} Requires: python3-%{name} = %{samba_depver} # for ms_forest_updates_markdown.py and ms_schema_markdown.py Requires: python3-markdown +Requires: libldb = %{samba_depver} +Requires: libwbclient = %{samba_depver} %description -n python3-samba-dc The python3-%{name}-dc package contains the Python libraries needed by programs @@ -955,6 +1012,7 @@ Requires: %{name}-test-libs = %{samba_depver} Requires: %{name}-dc-libs = %{samba_depver} %endif Requires: %{name}-libs = %{samba_depver} +Requires: libldb = %{samba_depver} Requires: libnetapi = %{samba_depver} %if %{with libsmbclient} Requires: libsmbclient = %{samba_depver} @@ -980,6 +1038,7 @@ Summary: Libraries need by the testing tools for Samba servers and clients Requires: %{name}-common-libs = %{samba_depver} Requires: %{name}-client-libs = %{samba_depver} Requires: %{name}-libs = %{samba_depver} +Requires: libldb = %{samba_depver} %if %{with libwbclient} Requires: libwbclient = %{samba_depver} %endif @@ -1017,6 +1076,7 @@ Requires: %{name}-libs = %{samba_depver} Requires(post): %{name}-libs = %{samba_depver} Requires: %{name}-winbind-modules = %{samba_depver} Suggests: %{name}-tools = %{samba_depver} +Requires: libldb = %{samba_depver} %if %{with libwbclient} Requires(post): libwbclient = %{samba_depver} @@ -1045,6 +1105,7 @@ Requires: %{name}-common-libs = %{samba_depver} Requires: %{name}-client-libs = %{samba_depver} Requires: %{name}-libs = %{samba_depver} Requires: %{name}-winbind = %{samba_depver} +Requires: libldb = %{samba_depver} %if %{with libwbclient} Requires: libwbclient = %{samba_depver} %endif @@ -1068,6 +1129,7 @@ Requires: %{name}-winbind = %{samba_depver} Requires: %{name}-libs = %{samba_depver} %endif Requires: samba-client-libs = %{samba_depver} +Requires: libldb = %{samba_depver} Provides: samba4-winbind-krb5-locator = %{samba_depver} Obsoletes: samba4-winbind-krb5-locator < %{samba_depver} @@ -1110,6 +1172,8 @@ Summary: Samba Winexe Windows Binary License: GPL-3.0-only Requires: %{name}-client-libs = %{samba_depver} Requires: %{name}-common-libs = %{samba_depver} +Requires: libldb = %{samba_depver} +Requires: libwbclient = %{samba_depver} Provides: bundled(libreplace) @@ -1155,30 +1219,6 @@ projects to store temporary data. If an application is already using TDB for temporary data it is very easy to convert that application to be cluster aware and use CTDB instead. -%if %{with testsuite} -### CTDB-TEST -%package -n ctdb-tests -Summary: CTDB clustered database test suite - -Requires: %{name}-common-libs = %{samba_depver} -Requires: %{name}-client-libs = %{samba_depver} - -Requires: ctdb = %{samba_depver} -Recommends: nc - -Provides: ctdb-devel = %{samba_depver} -Obsoletes: ctdb-devel < %{samba_depver} - -%description -n ctdb-tests -Test suite for CTDB. -CTDB is a cluster implementation of the TDB database used by Samba and other -projects to store temporary data. If an application is already using TDB for -temporary data it is very easy to convert that application to be cluster aware -and use CTDB instead. - -#endif with testsuite -%endif - %if %{with pcp_pmda} %package -n ctdb-pcp-pmda @@ -1221,7 +1261,71 @@ Support for using an existing CEPH cluster as a mutex helper for CTDB #endif with clustering %endif +### LIBLDB +%package -n libldb +Summary: A schema-less, ldap like, API and database +License: LGPL-3.0-or-later +Requires: libtalloc%{?_isa} >= %{talloc_version} +Requires: libtdb%{?_isa} >= %{tdb_version} +Requires: libtevent%{?_isa} >= %{tevent_version} +Provides: bundled(libreplace) +Obsoletes: libldb < 0:2.10 +Provides: libldb = 0:2.10 +Provides: libldb = %{samba_depver} + +%description -n libldb +An extensible library that implements an LDAP like API to access remote LDAP +servers, or use local tdb databases. + +### LIBLDB-DEVEL +%package -n libldb-devel +Summary: Developer tools for the LDB library +License: LGPL-3.0-or-later +Requires: libldb%{?_isa} = %{samba_depver} +Requires: libtdb-devel%{?_isa} >= %{tdb_version} +Requires: libtalloc-devel%{?_isa} >= %{talloc_version} +Requires: libtevent-devel%{?_isa} >= %{tevent_version} + +Obsoletes: libldb-devel < 0:2.10 +Provides: libldb-devel = 0:2.10 +Provides: libldb-devel = %{samba_depver} + +%description -n libldb-devel +Header files needed to develop programs that link against the LDB library. + +### LDB-TOOLS +%package -n ldb-tools +Summary: Tools to manage LDB files +License: LGPL-3.0-or-later +Requires: libldb%{?_isa} = %{samba_depver} +Obsoletes: ldb-tools < 0:2.10 +Provides: ldb-tools = %{samba_depver} + +%description -n ldb-tools +Tools to manage LDB files + +### PYTHON3-LDB +%package -n python3-ldb +Summary: Python bindings for the LDB library +License: LGPL-3.0-or-later +Requires: libldb%{?_isa} = %{samba_depver} +Requires: python3-tdb%{?_isa} >= %{tdb_version} +Requires: samba-client-libs = %{samba_depver} +%{?python_provide:%python_provide python3-ldb} + +Obsoletes: python3-ldb < 0:2.10 +Provides: python3-ldb = %{samba_depver} +# These were the C bindings, only used by Samba +Obsoletes: python-ldb-devel-common < 2.10 +Provides: python-ldb-devel-common = 2.10 +Provides: python-ldb-devel-common = %{samba_depver} +Obsoletes: python3-ldb-devel < 2.10 +Provides: python3-ldb-devel = 2.10 +Provides: python3-ldb-devel = %{samba_depver} + +%description -n python3-ldb +Python bindings for the LDB library %prep %if 0%{?fedora} || 0%{?rhel} >= 9 @@ -1239,16 +1343,14 @@ rm -rfv third_party/heimdal %global _talloc_lib ,talloc,pytalloc,pytalloc-util %global _tevent_lib ,tevent,pytevent %global _tdb_lib ,tdb,pytdb -%global _ldb_lib ,ldb,pyldb,pyldb-util %else %global _talloc_lib ,!talloc,!pytalloc,!pytalloc-util %global _tevent_lib ,!tevent,!pytevent %global _tdb_lib ,!tdb,!pytdb -%global _ldb_lib ,!ldb,!pyldb,!pyldb-util #endif with includelibs %endif -%global _samba_libraries !popt%{_talloc_lib}%{_tevent_lib}%{_tdb_lib}%{_ldb_lib} +%global _samba_bundled_libraries !popt%{_talloc_lib}%{_tevent_lib}%{_tdb_lib} %global _samba_idmap_modules idmap_ad,idmap_rid,idmap_ldap,idmap_hash,idmap_tdb2 %global _samba_pdb_modules pdb_tdbsam,pdb_ldap,pdb_smbpasswd,pdb_wbc_sam,pdb_samba4 @@ -1274,7 +1376,8 @@ rm -rfv third_party/heimdal %global _libwbclient wbclient, %endif -%global _samba_private_libraries %{_libsmbclient}%{_libwbclient} +%global _default_private_libraries !ldb,!dcerpc-samr,!samba-policy,!tevent-util,!dcerpc,!samba-hostconfig,!samba-credentials,!dcerpc_server,!samdb, +%global _samba_private_libraries %{_default_private_libraries}%{_libsmbclient}%{_libwbclient} # TODO: resolve underlinked python modules export python_LDFLAGS="$(echo %{__global_ldflags} | sed -e 's/-Wl,-z,defs//g')" @@ -1311,14 +1414,12 @@ fi --with-cachedir=/var/lib/samba \ --disable-rpath-install \ --with-shared-modules=%{_samba_modules} \ - --bundled-libraries=%{_samba_libraries} \ + --bundled-libraries=%{_samba_bundled_libraries} \ + --private-libraries=%{_samba_private_libraries} \ --with-pam \ --with-pie \ --with-relro \ --without-fam \ -%if (%{without libsmbclient}) || (%{without libwbclient}) - --private-libraries=%{_samba_private_libraries} \ -%endif --with-system-mitkrb5 \ --with-experimental-mit-ad-dc \ %if %{without dc} && %{without testsuite} @@ -1364,7 +1465,12 @@ pushd pidl %make_build popd +pushd lib/ldb +doxygen Doxyfile +popd + %install +%if !%{with testsuite} # Do not use %%make_install, make is just a wrapper around waf in Samba! %{__make} %{?_smp_mflags} %{_make_verbose} install DESTDIR=%{buildroot} @@ -1474,10 +1580,7 @@ rm -f %{buildroot}%{_mandir}/man8/vfs_ceph_snapshots.8* /sbin/ldconfig -N -n %{buildroot}%{_libdir} %if %{without dc} && %{without testsuite} -for f in samba/libsamba-net-samba4.so \ - samba/libsamba-python-samba4.so \ - libsamba-policy.so* \ - pkgconfig/samba-policy.pc ; do +for f in samba/libsamba-python-private-samba.so; do rm -f %{buildroot}%{_libdir}/$f done #endif without dc @@ -1498,8 +1601,23 @@ rm -f %{buildroot}%{perl_archlib}/vendor_perl/auto/Parse/Pidl/.packlist rm -rf %{buildroot}%{perl_vendorlib}/Parse/Yapp popd -%if %{with testsuite} +# Install libldb manpages +cp -a lib/ldb/apidocs/man/* %{buildroot}%{_mandir} +# Remove manpages we don't want +rm -f %{buildroot}%{_mandir}/man3/_* +rm -f %{buildroot}%{_mandir}/man3/PyLdb* + +# CTDB +%if %{with clustering} +touch %{buildroot}%{_libexecdir}/ctdb/statd_callout +#endif with clustering +%endif + +#endif !with testsuite +%endif + %check +%if %{with testsuite} # # samba3.smb2.timestamps.*: # @@ -1519,10 +1637,12 @@ export TDB_NO_FSYNC=1 export NMBD_DONT_LOG_STDOUT=1 export SMBD_DONT_LOG_STDOUT=1 export WINBINDD_DONT_LOG_STDOUT=1 +export SAMBA_DCERPCD_DONT_LOG_STDOUT=1 %{__make} %{?_smp_mflags} test FAIL_IMMEDIATELY=1 #endif with testsuite %endif +%if !%{with testsuite} %post %systemd_post samba-bgqd.service %systemd_post smb.service @@ -1566,7 +1686,7 @@ fi %ldconfig_scriptlets common-libs -%if %{with dc} || %{with testsuite} +%if %{with dc} %ldconfig_scriptlets dc-libs %post dc @@ -1656,6 +1776,8 @@ fi %systemd_postun_with_restart ctdb.service %endif +%ldconfig_scriptlets -n libldb +%ldconfig_scriptlets -n python3-ldb ### SAMBA %files @@ -1666,7 +1788,7 @@ fi %{_sbindir}/eventlogadm %{_sbindir}/nmbd %{_sbindir}/smbd -%if %{with dc} || %{with testsuite} +%if %{with dc} # This is only used by vfs_dfs_samba4 %{_libdir}/samba/libdfs-server-ad-private-samba.so %endif @@ -1684,7 +1806,7 @@ fi %{_libdir}/samba/vfs/commit.so %{_libdir}/samba/vfs/crossrename.so %{_libdir}/samba/vfs/default_quota.so -%if %{with dc} || %{with testsuite} +%if %{with dc} %{_libdir}/samba/vfs/dfs_samba4.so %endif %{_libdir}/samba/vfs/dirsort.so @@ -1717,10 +1839,6 @@ fi %{_libdir}/samba/vfs/worm.so %{_libdir}/samba/vfs/xattr_tdb.so -%if %{with testsuite} -%{_libdir}/samba/vfs/nfs4acl_xattr.so -%endif - %dir %{_libexecdir}/samba %{_libexecdir}/samba/samba-bgqd @@ -1956,7 +2074,7 @@ fi %{_libdir}/samba/libtdb-wrap-private-samba.so %{_libdir}/samba/libtime-basic-private-samba.so %{_libdir}/samba/libtorture-private-samba.so -%{_libdir}/samba/libtrusts-util-private-samba.so +%{_libdir}/samba/libutil-crypt-private-samba.so %{_libdir}/samba/libutil-reg-private-samba.so %{_libdir}/samba/libutil-setid-private-samba.so %{_libdir}/samba/libutil-tdb-private-samba.so @@ -1978,16 +2096,6 @@ fi %{_libdir}/samba/libtdb-private-samba.so %{_libdir}/samba/libtevent-private-samba.so -%{_libdir}/samba/ldb/asq.so -%{_libdir}/samba/ldb/ldb.so -%{_libdir}/samba/ldb/mdb.so -%{_libdir}/samba/ldb/paged_searches.so -%{_libdir}/samba/ldb/rdn_name.so -%{_libdir}/samba/ldb/sample.so -%{_libdir}/samba/ldb/server_sort.so -%{_libdir}/samba/ldb/skel.so -%{_libdir}/samba/ldb/tdb.so - %{_mandir}/man3/ldb.3.gz %{_mandir}/man3/talloc.3.gz #endif with includelibs @@ -2063,16 +2171,13 @@ fi %{_libexecdir}/samba/rpcd_fsrvp %{_libexecdir}/samba/rpcd_lsad %{_libexecdir}/samba/rpcd_mdssvc -%if %{with testsuite} -%{_libexecdir}/samba/rpcd_rpcecho -%endif %{_libexecdir}/samba/rpcd_spoolss %{_libexecdir}/samba/rpcd_winreg %{_libexecdir}/samba/rpcd_witness %{_mandir}/man8/samba-dcerpcd.8* ### DC -%if %{with dc} || %{with testsuite} +%if %{with dc} %files dc %{_unitdir}/samba.service %{_sbindir}/samba @@ -2150,22 +2255,20 @@ fi %license source4/setup/ad-schema/licence.txt %{_datadir}/samba/setup -#endif with dc || with testsuite +#endif with dc %endif ### DC-LIBS %files dc-libs +%{_libdir}/libsamba-policy.so.%{libsamba_policy_so_version}* %{_libdir}/samba/libauth4-private-samba.so +%{_libdir}/samba/libsamba-net-private-samba.so -%if %{with dc} || %{with testsuite} +%if %{with dc} %{_libdir}/samba/libdb-glue-private-samba.so %{_libdir}/samba/libpac-private-samba.so %{_libdir}/samba/libprocess-model-private-samba.so %{_libdir}/samba/libservice-private-samba.so -%if %{with testsuite} -%{_libdir}/samba/libntvfs-private-samba.so -%endif - %dir %{_libdir}/samba/process_model %{_libdir}/samba/process_model/prefork.so %{_libdir}/samba/process_model/standard.so @@ -2184,10 +2287,6 @@ fi %{_libdir}/samba/service/winbindd.so %{_libdir}/samba/service/wrepl.so -%if %{with testsuite} -%{_libdir}/samba/service/smb.so -%endif - %{_libdir}/libdcerpc-server.so.* %{_libdir}/samba/libad-claims-private-samba.so %{_libdir}/samba/libauthn-policy-util-private-samba.so @@ -2315,12 +2414,14 @@ fi %{_libdir}/pkgconfig/ndr_standard.pc %{_libdir}/pkgconfig/samba-credentials.pc %{_libdir}/pkgconfig/samba-hostconfig.pc +%{_libdir}/pkgconfig/samba-policy.pc %{_libdir}/pkgconfig/samba-util.pc %{_libdir}/pkgconfig/samdb.pc %{_libdir}/libsamba-passdb.so +%{_libdir}/libsamba-policy.so %{_libdir}/libsmbldap.so -%if %{with dc} || %{with testsuite} +%if %{with dc} %{_includedir}/samba-4.0/dcerpc_server.h %{_libdir}/libdcerpc-server.so %{_libdir}/pkgconfig/dcerpc_server.pc @@ -2340,8 +2441,10 @@ fi %if %{with vfs_cephfs} %files vfs-cephfs %{_libdir}/samba/vfs/ceph.so +%{_libdir}/samba/vfs/ceph_new.so %{_libdir}/samba/vfs/ceph_snapshots.so %{_mandir}/man8/vfs_ceph.8* +%{_mandir}/man8/vfs_ceph_new.8* %{_mandir}/man8/vfs_ceph_snapshots.8* %endif @@ -2376,6 +2479,7 @@ fi %files ldb-ldap-modules %{_libdir}/samba/ldb/ldbsamba_extensions.so %{_libdir}/samba/ldb/ildap.so +%{_libdir}/samba/ldb/ldap.so ### LIBS %files libs @@ -2495,6 +2599,7 @@ fi %{python3_sitearch}/samba/__pycache__/hostconfig.*.pyc %{python3_sitearch}/samba/__pycache__/idmap.*.pyc %{python3_sitearch}/samba/__pycache__/join.*.pyc +%{python3_sitearch}/samba/__pycache__/lsa_utils.*.pyc %{python3_sitearch}/samba/__pycache__/logger.*.pyc %{python3_sitearch}/samba/__pycache__/mdb_util.*.pyc %{python3_sitearch}/samba/__pycache__/ms_display_specifiers.*.pyc @@ -2508,7 +2613,6 @@ fi %{python3_sitearch}/samba/__pycache__/sites.*.pyc %{python3_sitearch}/samba/__pycache__/subnets.*.pyc %{python3_sitearch}/samba/__pycache__/tdb_util.*.pyc -%{python3_sitearch}/samba/__pycache__/trust_utils.*.pyc %{python3_sitearch}/samba/__pycache__/upgrade.*.pyc %{python3_sitearch}/samba/__pycache__/upgradehelpers.*.pyc %{python3_sitearch}/samba/__pycache__/xattr.*.pyc @@ -2556,6 +2660,7 @@ fi %{python3_sitearch}/samba/dcerpc/ntlmssp.*.so %{python3_sitearch}/samba/dcerpc/preg.*.so %{python3_sitearch}/samba/dcerpc/samr.*.so +%{python3_sitearch}/samba/dcerpc/schannel.*.so %{python3_sitearch}/samba/dcerpc/security.*.so %{python3_sitearch}/samba/dcerpc/server_id.*.so %{python3_sitearch}/samba/dcerpc/smb_acl.*.so @@ -2574,6 +2679,53 @@ fi %{python3_sitearch}/samba/dcerpc/xattr.*.so %{python3_sitearch}/samba/descriptor.py %{python3_sitearch}/samba/dnsresolver.py +%dir %{python3_sitearch}/samba/domain +%{python3_sitearch}/samba/domain/__init__.py +%{python3_sitearch}/samba/domain/__pycache__/__init__.*.pyc +%{python3_sitearch}/samba/domain/models/__init__.py +%{python3_sitearch}/samba/domain/models/__pycache__/__init__.*.pyc +%{python3_sitearch}/samba/domain/models/__pycache__/auth_policy.*.pyc +%{python3_sitearch}/samba/domain/models/__pycache__/auth_silo.*.pyc +%{python3_sitearch}/samba/domain/models/__pycache__/claim_type.*.pyc +%{python3_sitearch}/samba/domain/models/__pycache__/computer.*.pyc +%{python3_sitearch}/samba/domain/models/__pycache__/constants.*.pyc +%{python3_sitearch}/samba/domain/models/__pycache__/container.*.pyc +%{python3_sitearch}/samba/domain/models/__pycache__/exceptions.*.pyc +%{python3_sitearch}/samba/domain/models/__pycache__/fields.*.pyc +%{python3_sitearch}/samba/domain/models/__pycache__/gmsa.*.pyc +%{python3_sitearch}/samba/domain/models/__pycache__/group.*.pyc +%{python3_sitearch}/samba/domain/models/__pycache__/model.*.pyc +%{python3_sitearch}/samba/domain/models/__pycache__/org.*.pyc +%{python3_sitearch}/samba/domain/models/__pycache__/person.*.pyc +%{python3_sitearch}/samba/domain/models/__pycache__/query.*.pyc +%{python3_sitearch}/samba/domain/models/__pycache__/registry.*.pyc +%{python3_sitearch}/samba/domain/models/__pycache__/schema.*.pyc +%{python3_sitearch}/samba/domain/models/__pycache__/site.*.pyc +%{python3_sitearch}/samba/domain/models/__pycache__/subnet.*.pyc +%{python3_sitearch}/samba/domain/models/__pycache__/types.*.pyc +%{python3_sitearch}/samba/domain/models/__pycache__/user.*.pyc +%{python3_sitearch}/samba/domain/models/__pycache__/value_type.*.pyc +%{python3_sitearch}/samba/domain/models/auth_policy.py +%{python3_sitearch}/samba/domain/models/auth_silo.py +%{python3_sitearch}/samba/domain/models/claim_type.py +%{python3_sitearch}/samba/domain/models/computer.py +%{python3_sitearch}/samba/domain/models/constants.py +%{python3_sitearch}/samba/domain/models/container.py +%{python3_sitearch}/samba/domain/models/exceptions.py +%{python3_sitearch}/samba/domain/models/fields.py +%{python3_sitearch}/samba/domain/models/gmsa.py +%{python3_sitearch}/samba/domain/models/group.py +%{python3_sitearch}/samba/domain/models/model.py +%{python3_sitearch}/samba/domain/models/org.py +%{python3_sitearch}/samba/domain/models/person.py +%{python3_sitearch}/samba/domain/models/query.py +%{python3_sitearch}/samba/domain/models/registry.py +%{python3_sitearch}/samba/domain/models/schema.py +%{python3_sitearch}/samba/domain/models/site.py +%{python3_sitearch}/samba/domain/models/subnet.py +%{python3_sitearch}/samba/domain/models/types.py +%{python3_sitearch}/samba/domain/models/user.py +%{python3_sitearch}/samba/domain/models/value_type.py %{python3_sitearch}/samba/drs_utils.py %{python3_sitearch}/samba/dsdb.*.so %{python3_sitearch}/samba/dsdb_dns.*.so @@ -2585,6 +2737,7 @@ fi %{python3_sitearch}/samba/hostconfig.py %{python3_sitearch}/samba/idmap.py %{python3_sitearch}/samba/join.py +%{python3_sitearch}/samba/lsa_utils.py %{python3_sitearch}/samba/messaging.*.so %{python3_sitearch}/samba/ndr.py %{python3_sitearch}/samba/net.*.so @@ -2737,12 +2890,30 @@ fi %{python3_sitearch}/samba/netcmd/domain/auth/__init__.py %dir %{python3_sitearch}/samba/netcmd/domain/auth/__pycache__ %{python3_sitearch}/samba/netcmd/domain/auth/__pycache__/__init__.*.pyc -%{python3_sitearch}/samba/netcmd/domain/auth/__pycache__/policy.*.pyc -%{python3_sitearch}/samba/netcmd/domain/auth/__pycache__/silo.*.pyc -%{python3_sitearch}/samba/netcmd/domain/auth/__pycache__/silo_member.*.pyc -%{python3_sitearch}/samba/netcmd/domain/auth/policy.py -%{python3_sitearch}/samba/netcmd/domain/auth/silo.py -%{python3_sitearch}/samba/netcmd/domain/auth/silo_member.py +%dir %{python3_sitearch}/samba/netcmd/domain/auth/policy +%{python3_sitearch}/samba/netcmd/domain/auth/policy/computer_allowed_to_authenticate_to.py +%{python3_sitearch}/samba/netcmd/domain/auth/policy/__init__.py +%{python3_sitearch}/samba/netcmd/domain/auth/policy/policy.py +%dir %{python3_sitearch}/samba/netcmd/domain/auth/policy/__pycache__ +%{python3_sitearch}/samba/netcmd/domain/auth/policy/__pycache__/computer_allowed_to_authenticate_to.*.pyc +%{python3_sitearch}/samba/netcmd/domain/auth/policy/__pycache__/__init__.*.pyc +%{python3_sitearch}/samba/netcmd/domain/auth/policy/__pycache__/policy.*.pyc +%{python3_sitearch}/samba/netcmd/domain/auth/policy/__pycache__/service_allowed_to_authenticate_from.*.pyc +%{python3_sitearch}/samba/netcmd/domain/auth/policy/__pycache__/service_allowed_to_authenticate_to.*.pyc +%{python3_sitearch}/samba/netcmd/domain/auth/policy/__pycache__/user_allowed_to_authenticate_from.*.pyc +%{python3_sitearch}/samba/netcmd/domain/auth/policy/__pycache__/user_allowed_to_authenticate_to.*.pyc +%{python3_sitearch}/samba/netcmd/domain/auth/policy/service_allowed_to_authenticate_from.py +%{python3_sitearch}/samba/netcmd/domain/auth/policy/service_allowed_to_authenticate_to.py +%{python3_sitearch}/samba/netcmd/domain/auth/policy/user_allowed_to_authenticate_from.py +%{python3_sitearch}/samba/netcmd/domain/auth/policy/user_allowed_to_authenticate_to.py +%dir %{python3_sitearch}/samba/netcmd/domain/auth/silo +%{python3_sitearch}/samba/netcmd/domain/auth/silo/__init__.py +%{python3_sitearch}/samba/netcmd/domain/auth/silo/member.py +%dir %{python3_sitearch}/samba/netcmd/domain/auth/silo/__pycache__ +%{python3_sitearch}/samba/netcmd/domain/auth/silo/__pycache__/__init__.*.pyc +%{python3_sitearch}/samba/netcmd/domain/auth/silo/__pycache__/member.*.pyc +%{python3_sitearch}/samba/netcmd/domain/auth/silo/__pycache__/silo.*.pyc +%{python3_sitearch}/samba/netcmd/domain/auth/silo/silo.py %{python3_sitearch}/samba/netcmd/domain/backup.py %dir %{python3_sitearch}/samba/netcmd/domain/claim %{python3_sitearch}/samba/netcmd/domain/claim/__init__.py @@ -2759,39 +2930,15 @@ fi %{python3_sitearch}/samba/netcmd/domain/functional_prep.py %{python3_sitearch}/samba/netcmd/domain/info.py %{python3_sitearch}/samba/netcmd/domain/join.py +%dir %{python3_sitearch}/samba/netcmd/domain/kds +%{python3_sitearch}/samba/netcmd/domain/kds/__init__.py +%dir %{python3_sitearch}/samba/netcmd/domain/kds/__pycache__ +%{python3_sitearch}/samba/netcmd/domain/kds/__pycache__/__init__.*.pyc +%{python3_sitearch}/samba/netcmd/domain/kds/__pycache__/root_key.*.pyc +%{python3_sitearch}/samba/netcmd/domain/kds/root_key.py %{python3_sitearch}/samba/netcmd/domain/keytab.py %{python3_sitearch}/samba/netcmd/domain/leave.py %{python3_sitearch}/samba/netcmd/domain/level.py -%dir %{python3_sitearch}/samba/netcmd/domain/models -%{python3_sitearch}/samba/netcmd/domain/models/__init__.py -%dir %{python3_sitearch}/samba/netcmd/domain/models/__pycache__ -%{python3_sitearch}/samba/netcmd/domain/models/__pycache__/__init__.*.pyc -%{python3_sitearch}/samba/netcmd/domain/models/__pycache__/auth_policy.*.pyc -%{python3_sitearch}/samba/netcmd/domain/models/__pycache__/auth_silo.*.pyc -%{python3_sitearch}/samba/netcmd/domain/models/__pycache__/claim_type.*.pyc -%{python3_sitearch}/samba/netcmd/domain/models/__pycache__/exceptions.*.pyc -%{python3_sitearch}/samba/netcmd/domain/models/__pycache__/fields.*.pyc -%{python3_sitearch}/samba/netcmd/domain/models/__pycache__/group.*.pyc -%{python3_sitearch}/samba/netcmd/domain/models/__pycache__/model.*.pyc -%{python3_sitearch}/samba/netcmd/domain/models/__pycache__/query.*.pyc -%{python3_sitearch}/samba/netcmd/domain/models/__pycache__/schema.*.pyc -%{python3_sitearch}/samba/netcmd/domain/models/__pycache__/site.*.pyc -%{python3_sitearch}/samba/netcmd/domain/models/__pycache__/subnet.*.pyc -%{python3_sitearch}/samba/netcmd/domain/models/__pycache__/user.*.pyc -%{python3_sitearch}/samba/netcmd/domain/models/__pycache__/value_type.*.pyc -%{python3_sitearch}/samba/netcmd/domain/models/auth_policy.py -%{python3_sitearch}/samba/netcmd/domain/models/auth_silo.py -%{python3_sitearch}/samba/netcmd/domain/models/claim_type.py -%{python3_sitearch}/samba/netcmd/domain/models/exceptions.py -%{python3_sitearch}/samba/netcmd/domain/models/fields.py -%{python3_sitearch}/samba/netcmd/domain/models/group.py -%{python3_sitearch}/samba/netcmd/domain/models/model.py -%{python3_sitearch}/samba/netcmd/domain/models/query.py -%{python3_sitearch}/samba/netcmd/domain/models/schema.py -%{python3_sitearch}/samba/netcmd/domain/models/site.py -%{python3_sitearch}/samba/netcmd/domain/models/subnet.py -%{python3_sitearch}/samba/netcmd/domain/models/user.py -%{python3_sitearch}/samba/netcmd/domain/models/value_type.py %{python3_sitearch}/samba/netcmd/domain/passwordsettings.py %{python3_sitearch}/samba/netcmd/domain/provision.py %{python3_sitearch}/samba/netcmd/domain/samba3upgrade.py @@ -2816,6 +2963,13 @@ fi %{python3_sitearch}/samba/netcmd/pso.py %{python3_sitearch}/samba/netcmd/rodc.py %{python3_sitearch}/samba/netcmd/schema.py +%dir %{python3_sitearch}/samba/netcmd/service_account +%{python3_sitearch}/samba/netcmd/service_account/__init__.py +%{python3_sitearch}/samba/netcmd/service_account/__pycache__/__init__.*.pyc +%{python3_sitearch}/samba/netcmd/service_account/__pycache__/group_msa_membership.*.pyc +%{python3_sitearch}/samba/netcmd/service_account/__pycache__/service_account.*.pyc +%{python3_sitearch}/samba/netcmd/service_account/group_msa_membership.py +%{python3_sitearch}/samba/netcmd/service_account/service_account.py %{python3_sitearch}/samba/netcmd/shell.py %{python3_sitearch}/samba/netcmd/sites.py %{python3_sitearch}/samba/netcmd/spn.py @@ -2912,20 +3066,17 @@ fi %{python3_sitearch}/samba/subunit/__pycache__/run.*.pyc %{python3_sitearch}/samba/subunit/run.py %{python3_sitearch}/samba/tdb_util.py -%{python3_sitearch}/samba/trust_utils.py %{python3_sitearch}/samba/upgrade.py %{python3_sitearch}/samba/upgradehelpers.py %{python3_sitearch}/samba/werror.*.so %{python3_sitearch}/samba/xattr.py %{python3_sitearch}/samba/xattr_native.*.so %{python3_sitearch}/samba/xattr_tdb.*.so -%{_libdir}/libsamba-policy.cpython*.so.* -%{_libdir}/samba/libsamba-net.cpython*.so +%{_libdir}/samba/libsamba-net-join.cpython*.so %{_libdir}/samba/libsamba-python.cpython*.so %if %{with includelibs} %{_libdir}/samba/libpyldb-util.cpython*.so -%{_libdir}/samba/libpytalloc-util.cpython*.so %{python3_sitearch}/__pycache__/_ldb_text*.pyc %{python3_sitearch}/__pycache__/_tdb_text*.pyc @@ -2934,16 +3085,13 @@ fi %{python3_sitearch}/_tdb_text.py %{python3_sitearch}/_tevent.cpython*.so %{python3_sitearch}/ldb.cpython*.so -%{python3_sitearch}/talloc.cpython*.so +#FIXME why is it missing? +#%{python3_sitearch}/talloc.cpython*.so %{python3_sitearch}/tdb.cpython*.so %{python3_sitearch}/tevent.py #endif with includelibs %endif -%files -n python3-%{name}-devel -%{_libdir}/libsamba-policy.*.so -%{_libdir}/pkgconfig/samba-policy.*.pc - %files -n python3-%{name}-dc %{python3_sitearch}/samba/samdb.py %{python3_sitearch}/samba/schema.py @@ -2959,7 +3107,7 @@ fi %{python3_sitearch}/samba/__pycache__/uptodateness.*.pyc %{python3_sitearch}/samba/dcerpc/dnsserver.*.so -%if %{with dc} || %{with testsuite} +%if %{with dc} %{python3_sitearch}/samba/dckeytab.*.so %endif %{python3_sitearch}/samba/domain_update.py @@ -3042,6 +3190,8 @@ fi %{python3_sitearch}/samba/tests/__pycache__/dsdb_api.*.pyc %{python3_sitearch}/samba/tests/__pycache__/dsdb_dns.*.pyc %{python3_sitearch}/samba/tests/__pycache__/dsdb_lock.*.pyc +%{python3_sitearch}/samba/tests/__pycache__/dsdb_quiet_env_tests.*.pyc +%{python3_sitearch}/samba/tests/__pycache__/dsdb_quiet_provision_tests.*.pyc %{python3_sitearch}/samba/tests/__pycache__/dsdb_schema_attributes.*.pyc %{python3_sitearch}/samba/tests/__pycache__/docs.*.pyc %{python3_sitearch}/samba/tests/__pycache__/domain_backup.*.pyc @@ -3160,6 +3310,7 @@ fi %{python3_sitearch}/samba/tests/blackbox/__pycache__/check_output.*.pyc %{python3_sitearch}/samba/tests/blackbox/__pycache__/claims.*.pyc %{python3_sitearch}/samba/tests/blackbox/__pycache__/downgradedatabase.*.pyc +%{python3_sitearch}/samba/tests/blackbox/__pycache__/gmsa.*.pyc %{python3_sitearch}/samba/tests/blackbox/__pycache__/http_chunk.*.pyc %{python3_sitearch}/samba/tests/blackbox/__pycache__/http_content.*.pyc %{python3_sitearch}/samba/tests/blackbox/__pycache__/mdsearch.*.pyc @@ -3183,6 +3334,7 @@ fi %{python3_sitearch}/samba/tests/blackbox/check_output.py %{python3_sitearch}/samba/tests/blackbox/claims.py %{python3_sitearch}/samba/tests/blackbox/downgradedatabase.py +%{python3_sitearch}/samba/tests/blackbox/gmsa.py %{python3_sitearch}/samba/tests/blackbox/http_chunk.py %{python3_sitearch}/samba/tests/blackbox/http_content.py %{python3_sitearch}/samba/tests/blackbox/mdsearch.py @@ -3217,11 +3369,11 @@ fi %{python3_sitearch}/samba/tests/dcerpc/__pycache__/__init__.*.pyc %{python3_sitearch}/samba/tests/dcerpc/__pycache__/array.*.pyc %{python3_sitearch}/samba/tests/dcerpc/__pycache__/bare.*.pyc -%{python3_sitearch}/samba/tests/dcerpc/__pycache__/createtrustrelax.*.pyc %{python3_sitearch}/samba/tests/dcerpc/__pycache__/binding.*.pyc %{python3_sitearch}/samba/tests/dcerpc/__pycache__/dnsserver.*.pyc %{python3_sitearch}/samba/tests/dcerpc/__pycache__/integer.*.pyc %{python3_sitearch}/samba/tests/dcerpc/__pycache__/lsa.*.pyc +%{python3_sitearch}/samba/tests/dcerpc/__pycache__/lsa_utils.*.pyc %{python3_sitearch}/samba/tests/dcerpc/__pycache__/mdssvc.*.pyc %{python3_sitearch}/samba/tests/dcerpc/__pycache__/misc.*.pyc %{python3_sitearch}/samba/tests/dcerpc/__pycache__/raw_protocol.*.pyc @@ -3238,10 +3390,10 @@ fi %{python3_sitearch}/samba/tests/dcerpc/array.py %{python3_sitearch}/samba/tests/dcerpc/bare.py %{python3_sitearch}/samba/tests/dcerpc/binding.py -%{python3_sitearch}/samba/tests/dcerpc/createtrustrelax.py %{python3_sitearch}/samba/tests/dcerpc/dnsserver.py %{python3_sitearch}/samba/tests/dcerpc/integer.py %{python3_sitearch}/samba/tests/dcerpc/lsa.py +%{python3_sitearch}/samba/tests/dcerpc/lsa_utils.py %{python3_sitearch}/samba/tests/dcerpc/mdssvc.py %{python3_sitearch}/samba/tests/dcerpc/misc.py %{python3_sitearch}/samba/tests/dcerpc/raw_protocol.py @@ -3272,6 +3424,8 @@ fi %{python3_sitearch}/samba/tests/dsdb_dns.py %{python3_sitearch}/samba/tests/dsdb_lock.py %{python3_sitearch}/samba/tests/dsdb_schema_attributes.py +%{python3_sitearch}/samba/tests/dsdb_quiet_env_tests.py +%{python3_sitearch}/samba/tests/dsdb_quiet_provision_tests.py %{python3_sitearch}/samba/tests/docs.py %{python3_sitearch}/samba/tests/domain_backup.py %{python3_sitearch}/samba/tests/domain_backup_offline.py @@ -3322,6 +3476,7 @@ fi %{python3_sitearch}/samba/tests/krb5/__pycache__/etype_tests.*.pyc %{python3_sitearch}/samba/tests/krb5/__pycache__/fast_tests.*.pyc %{python3_sitearch}/samba/tests/krb5/__pycache__/gkdi_tests.*.pyc +%{python3_sitearch}/samba/tests/krb5/__pycache__/gmsa_tests.*.pyc %{python3_sitearch}/samba/tests/krb5/__pycache__/group_tests.*.pyc %{python3_sitearch}/samba/tests/krb5/__pycache__/kcrypto.*.pyc %{python3_sitearch}/samba/tests/krb5/__pycache__/kdc_base_test.*.pyc @@ -3363,6 +3518,7 @@ fi %{python3_sitearch}/samba/tests/krb5/etype_tests.py %{python3_sitearch}/samba/tests/krb5/fast_tests.py %{python3_sitearch}/samba/tests/krb5/gkdi_tests.py +%{python3_sitearch}/samba/tests/krb5/gmsa_tests.py %{python3_sitearch}/samba/tests/krb5/group_tests.py %{python3_sitearch}/samba/tests/krb5/kcrypto.py %{python3_sitearch}/samba/tests/krb5/kdc_base_test.py @@ -3466,6 +3622,7 @@ fi %{python3_sitearch}/samba/tests/samba_tool/__pycache__/domain_auth_policy.*.pyc %{python3_sitearch}/samba/tests/samba_tool/__pycache__/domain_auth_silo.*.pyc %{python3_sitearch}/samba/tests/samba_tool/__pycache__/domain_claim.*.pyc +%{python3_sitearch}/samba/tests/samba_tool/__pycache__/domain_kds_root_key.*.pyc %{python3_sitearch}/samba/tests/samba_tool/__pycache__/domain_models.*.pyc %{python3_sitearch}/samba/tests/samba_tool/__pycache__/drs_clone_dc_data_lmdb_size.*.pyc %{python3_sitearch}/samba/tests/samba_tool/__pycache__/dsacl.*.pyc @@ -3488,6 +3645,7 @@ fi %{python3_sitearch}/samba/tests/samba_tool/__pycache__/provision_userPassword_crypt.*.pyc %{python3_sitearch}/samba/tests/samba_tool/__pycache__/rodc.*.pyc %{python3_sitearch}/samba/tests/samba_tool/__pycache__/schema.*.pyc +%{python3_sitearch}/samba/tests/samba_tool/__pycache__/service_account.*.pyc %{python3_sitearch}/samba/tests/samba_tool/__pycache__/silo_base.*.pyc %{python3_sitearch}/samba/tests/samba_tool/__pycache__/sites.*.pyc %{python3_sitearch}/samba/tests/samba_tool/__pycache__/timecmd.*.pyc @@ -3512,6 +3670,7 @@ fi %{python3_sitearch}/samba/tests/samba_tool/domain_auth_policy.py %{python3_sitearch}/samba/tests/samba_tool/domain_auth_silo.py %{python3_sitearch}/samba/tests/samba_tool/domain_claim.py +%{python3_sitearch}/samba/tests/samba_tool/domain_kds_root_key.py %{python3_sitearch}/samba/tests/samba_tool/domain_models.py %{python3_sitearch}/samba/tests/samba_tool/drs_clone_dc_data_lmdb_size.py %{python3_sitearch}/samba/tests/samba_tool/dsacl.py @@ -3534,6 +3693,7 @@ fi %{python3_sitearch}/samba/tests/samba_tool/provision_userPassword_crypt.py %{python3_sitearch}/samba/tests/samba_tool/rodc.py %{python3_sitearch}/samba/tests/samba_tool/schema.py +%{python3_sitearch}/samba/tests/samba_tool/service_account.py %{python3_sitearch}/samba/tests/samba_tool/silo_base.py %{python3_sitearch}/samba/tests/samba_tool/sites.py %{python3_sitearch}/samba/tests/samba_tool/timecmd.py @@ -3591,21 +3751,12 @@ fi %{_mandir}/man1/ndrdump.1* %{_mandir}/man1/smbtorture.1* -%if %{with testsuite} -%{_mandir}/man1/vfstest.1* -# files to ignore in testsuite mode -%{_libdir}/samba/libnss-wrapper.so -%{_libdir}/samba/libsocket-wrapper.so -%{_libdir}/samba/libuid-wrapper.so -%endif - ### TEST-LIBS %files test-libs -%if %{with dc} || %{with testsuite} +%if %{with dc} %{_libdir}/samba/libdlz-bind9-for-torture-private-samba.so -%else -%{_libdir}/samba/libdsdb-module-private-samba.so %endif +%{_libdir}/samba/libdsdb-module-private-samba.so ### USERSHARES %files usershares @@ -3670,8 +3821,7 @@ fi %{_sysconfdir}/ctdb/functions %{_sysconfdir}/ctdb/nfs-linux-kernel-callout -%{_sysconfdir}/ctdb/statd-callout -%config %{_sysconfdir}/sudoers.d/ctdb +%ghost %{_sysconfdir}/ctdb/statd-callout # CTDB scripts, no config files # script with executable bit means activated @@ -3711,6 +3861,8 @@ fi %{_libexecdir}/ctdb/ctdb_recovery_helper %{_libexecdir}/ctdb/ctdb_takeover_helper %{_libexecdir}/ctdb/smnotify +%{_libexecdir}/ctdb/statd_callout +%{_libexecdir}/ctdb/statd_callout_helper %{_libexecdir}/ctdb/tdb_mutex_check %dir %{_localstatedir}/lib/ctdb/ @@ -3741,7 +3893,6 @@ fi %{_datadir}/ctdb/events/legacy/00.ctdb.script %{_datadir}/ctdb/events/legacy/01.reclock.script %{_datadir}/ctdb/events/legacy/05.system.script -%{_datadir}/ctdb/events/legacy/06.nfs.script %{_datadir}/ctdb/events/legacy/10.interface.script %{_datadir}/ctdb/events/legacy/11.natgw.script %{_datadir}/ctdb/events/legacy/11.routing.script @@ -3750,6 +3901,7 @@ fi %{_datadir}/ctdb/events/legacy/31.clamd.script %{_datadir}/ctdb/events/legacy/40.vsftpd.script %{_datadir}/ctdb/events/legacy/41.httpd.script +%{_datadir}/ctdb/events/legacy/46.update-keytabs.script %{_datadir}/ctdb/events/legacy/47.samba-dcerpcd.script %{_datadir}/ctdb/events/legacy/48.netbios.script %{_datadir}/ctdb/events/legacy/49.winbind.script @@ -3757,820 +3909,8 @@ fi %{_datadir}/ctdb/events/legacy/60.nfs.script %{_datadir}/ctdb/events/legacy/70.iscsi.script %{_datadir}/ctdb/events/legacy/91.lvs.script - -%if %{with testsuite} -%files -n ctdb-tests -%doc ctdb/tests/README -%{_bindir}/ctdb_local_daemons -%{_bindir}/ctdb_run_tests -%{_bindir}/ctdb_run_cluster_tests - -%dir %{_libexecdir}/ctdb -%dir %{_libexecdir}/ctdb/tests -%{_libexecdir}/ctdb/tests/cluster_mutex_test -%{_libexecdir}/ctdb/tests/cmdline_test -%{_libexecdir}/ctdb/tests/comm_client_test -%{_libexecdir}/ctdb/tests/comm_server_test -%{_libexecdir}/ctdb/tests/comm_test -%{_libexecdir}/ctdb/tests/conf_test -%{_libexecdir}/ctdb/tests/ctdb-db-test -%{_libexecdir}/ctdb/tests/ctdb_io_test -%{_libexecdir}/ctdb/tests/ctdb_packet_parse -%{_libexecdir}/ctdb/tests/ctdb_takeover_tests -%{_libexecdir}/ctdb/tests/db_hash_test -%{_libexecdir}/ctdb/tests/dummy_client -%{_libexecdir}/ctdb/tests/errcode -%{_libexecdir}/ctdb/tests/event_protocol_test -%{_libexecdir}/ctdb/tests/event_script_test -%{_libexecdir}/ctdb/tests/fake_ctdbd -%{_libexecdir}/ctdb/tests/fetch_loop -%{_libexecdir}/ctdb/tests/fetch_loop_key -%{_libexecdir}/ctdb/tests/fetch_readonly -%{_libexecdir}/ctdb/tests/fetch_readonly_loop -%{_libexecdir}/ctdb/tests/fetch_ring -%{_libexecdir}/ctdb/tests/g_lock_loop -%{_libexecdir}/ctdb/tests/hash_count_test -%{_libexecdir}/ctdb/tests/line_test -%{_libexecdir}/ctdb/tests/lock_tdb -%{_libexecdir}/ctdb/tests/message_ring -%{_libexecdir}/ctdb/tests/pidfile_test -%{_libexecdir}/ctdb/tests/pkt_read_test -%{_libexecdir}/ctdb/tests/pkt_write_test -%{_libexecdir}/ctdb/tests/porting_tests -%{_libexecdir}/ctdb/tests/protocol_basic_test -%{_libexecdir}/ctdb/tests/protocol_ctdb_compat_test -%{_libexecdir}/ctdb/tests/protocol_ctdb_test -%{_libexecdir}/ctdb/tests/protocol_types_compat_test -%{_libexecdir}/ctdb/tests/protocol_types_test -%{_libexecdir}/ctdb/tests/protocol_util_test -%{_libexecdir}/ctdb/tests/rb_test -%{_libexecdir}/ctdb/tests/reqid_test -%{_libexecdir}/ctdb/tests/run_event_test -%{_libexecdir}/ctdb/tests/run_proc_test -%{_libexecdir}/ctdb/tests/sigcode -%{_libexecdir}/ctdb/tests/sock_daemon_test -%{_libexecdir}/ctdb/tests/sock_io_test -%{_libexecdir}/ctdb/tests/srvid_test -%{_libexecdir}/ctdb/tests/system_socket_test -%{_libexecdir}/ctdb/tests/tmon_ping_test -%{_libexecdir}/ctdb/tests/tmon_test -%{_libexecdir}/ctdb/tests/transaction_loop -%{_libexecdir}/ctdb/tests/tunable_test -%{_libexecdir}/ctdb/tests/tunnel_cmd -%{_libexecdir}/ctdb/tests/tunnel_test -%{_libexecdir}/ctdb/tests/update_record -%{_libexecdir}/ctdb/tests/update_record_persistent - -%dir %{_datadir}/ctdb/tests -%dir %{_datadir}/ctdb/tests/CLUSTER -%dir %{_datadir}/ctdb/tests/CLUSTER/complex -%{_datadir}/ctdb/tests/CLUSTER/complex/11_ctdb_delip_removes_ip.sh -%{_datadir}/ctdb/tests/CLUSTER/complex/18_ctdb_reloadips.sh -%{_datadir}/ctdb/tests/CLUSTER/complex/30_nfs_tickle_killtcp.sh -%{_datadir}/ctdb/tests/CLUSTER/complex/31_nfs_tickle.sh -%{_datadir}/ctdb/tests/CLUSTER/complex/32_cifs_tickle.sh -%{_datadir}/ctdb/tests/CLUSTER/complex/33_gratuitous_arp.sh -%{_datadir}/ctdb/tests/CLUSTER/complex/34_nfs_tickle_restart.sh -%{_datadir}/ctdb/tests/CLUSTER/complex/36_smb_reset_server.sh -%{_datadir}/ctdb/tests/CLUSTER/complex/37_nfs_reset_server.sh -%{_datadir}/ctdb/tests/CLUSTER/complex/41_failover_ping_discrete.sh -%{_datadir}/ctdb/tests/CLUSTER/complex/42_failover_ssh_hostname.sh -%{_datadir}/ctdb/tests/CLUSTER/complex/43_failover_nfs_basic.sh -%{_datadir}/ctdb/tests/CLUSTER/complex/44_failover_nfs_oneway.sh -%{_datadir}/ctdb/tests/CLUSTER/complex/45_failover_nfs_kill.sh -%{_datadir}/ctdb/tests/CLUSTER/complex/60_rogueip_releaseip.sh -%{_datadir}/ctdb/tests/CLUSTER/complex/61_rogueip_takeip.sh -%{_datadir}/ctdb/tests/CLUSTER/complex/README - -%dir %{_datadir}/ctdb/tests/CLUSTER/complex/scripts -%{_datadir}/ctdb/tests/CLUSTER/complex/scripts/local.bash - -%dir %{_datadir}/ctdb/tests/etc-ctdb -%dir %{_datadir}/ctdb/tests/etc-ctdb/events -%dir %{_datadir}/ctdb/tests/etc-ctdb/events/legacy -%{_datadir}/ctdb/tests/etc-ctdb/events/legacy/00.test.script -%dir %{_datadir}/ctdb/tests/INTEGRATION -%dir %{_datadir}/ctdb/tests/INTEGRATION/database -%{_datadir}/ctdb/tests/INTEGRATION/database/basics.001.attach.sh -%{_datadir}/ctdb/tests/INTEGRATION/database/basics.002.attach.sh -%{_datadir}/ctdb/tests/INTEGRATION/database/basics.003.detach.sh -%{_datadir}/ctdb/tests/INTEGRATION/database/basics.004.wipe.sh -%{_datadir}/ctdb/tests/INTEGRATION/database/basics.010.backup_restore.sh -%{_datadir}/ctdb/tests/INTEGRATION/database/fetch.001.ring.sh -%{_datadir}/ctdb/tests/INTEGRATION/database/fetch.002.ring-hotkeys.sh -%{_datadir}/ctdb/tests/INTEGRATION/database/readonly.001.basic.sh -%{_datadir}/ctdb/tests/INTEGRATION/database/recovery.001.volatile.sh -%{_datadir}/ctdb/tests/INTEGRATION/database/recovery.002.large.sh -%{_datadir}/ctdb/tests/INTEGRATION/database/recovery.003.no_resurrect.sh -%{_datadir}/ctdb/tests/INTEGRATION/database/recovery.010.persistent.sh -%{_datadir}/ctdb/tests/INTEGRATION/database/recovery.011.continue.sh -%dir %{_datadir}/ctdb/tests/INTEGRATION/database/scripts -%{_datadir}/ctdb/tests/INTEGRATION/database/scripts/local.bash -%{_datadir}/ctdb/tests/INTEGRATION/database/transaction.001.ptrans.sh -%{_datadir}/ctdb/tests/INTEGRATION/database/transaction.002.loop.sh -%{_datadir}/ctdb/tests/INTEGRATION/database/transaction.003.loop_recovery.sh -%{_datadir}/ctdb/tests/INTEGRATION/database/transaction.004.update_record.sh -%{_datadir}/ctdb/tests/INTEGRATION/database/transaction.010.loop_recovery.sh -%{_datadir}/ctdb/tests/INTEGRATION/database/traverse.001.one.sh -%{_datadir}/ctdb/tests/INTEGRATION/database/traverse.002.many.sh -%{_datadir}/ctdb/tests/INTEGRATION/database/vacuum.001.fast.sh -%{_datadir}/ctdb/tests/INTEGRATION/database/vacuum.002.full.sh -%{_datadir}/ctdb/tests/INTEGRATION/database/vacuum.003.recreate.sh -%{_datadir}/ctdb/tests/INTEGRATION/database/vacuum.030.locked.sh -%{_datadir}/ctdb/tests/INTEGRATION/database/vacuum.031.locked.sh -%{_datadir}/ctdb/tests/INTEGRATION/database/vacuum.032.locked.sh -%{_datadir}/ctdb/tests/INTEGRATION/database/vacuum.033.locked.sh -%{_datadir}/ctdb/tests/INTEGRATION/database/vacuum.034.locked.sh -%dir %{_datadir}/ctdb/tests/INTEGRATION/failover -%{_datadir}/ctdb/tests/INTEGRATION/failover/pubips.001.list.sh -%{_datadir}/ctdb/tests/INTEGRATION/failover/pubips.010.addip.sh -%{_datadir}/ctdb/tests/INTEGRATION/failover/pubips.011.delip.sh -%{_datadir}/ctdb/tests/INTEGRATION/failover/pubips.012.reloadips.sh -%{_datadir}/ctdb/tests/INTEGRATION/failover/pubips.013.failover_noop.sh -%{_datadir}/ctdb/tests/INTEGRATION/failover/pubips.014.iface_gc.sh -%{_datadir}/ctdb/tests/INTEGRATION/failover/pubips.020.moveip.sh -%{_datadir}/ctdb/tests/INTEGRATION/failover/pubips.030.disable_enable.sh -%{_datadir}/ctdb/tests/INTEGRATION/failover/pubips.032.stop_continue.sh -%{_datadir}/ctdb/tests/INTEGRATION/failover/pubips.040.NoIPTakeover.sh -%{_datadir}/ctdb/tests/INTEGRATION/failover/pubips.050.missing_ip.sh -%dir %{_datadir}/ctdb/tests/INTEGRATION/simple -%{_datadir}/ctdb/tests/INTEGRATION/simple/basics.000.onnode.sh -%{_datadir}/ctdb/tests/INTEGRATION/simple/basics.001.listnodes.sh -%{_datadir}/ctdb/tests/INTEGRATION/simple/basics.002.tunables.sh -%{_datadir}/ctdb/tests/INTEGRATION/simple/basics.003.ping.sh -%{_datadir}/ctdb/tests/INTEGRATION/simple/basics.004.getpid.sh -%{_datadir}/ctdb/tests/INTEGRATION/simple/basics.005.process_exists.sh -%{_datadir}/ctdb/tests/INTEGRATION/simple/basics.010.statistics.sh -%{_datadir}/ctdb/tests/INTEGRATION/simple/basics.011.statistics_reset.sh -%{_datadir}/ctdb/tests/INTEGRATION/simple/cluster.001.stop_leader_yield.sh -%{_datadir}/ctdb/tests/INTEGRATION/simple/cluster.002.ban_leader_yield.sh -%{_datadir}/ctdb/tests/INTEGRATION/simple/cluster.003.capability_leader_yield.sh -%{_datadir}/ctdb/tests/INTEGRATION/simple/cluster.006.stop_leader_yield_no_lock.sh -%{_datadir}/ctdb/tests/INTEGRATION/simple/cluster.007.ban_leader_yield_no_lock.sh -%{_datadir}/ctdb/tests/INTEGRATION/simple/cluster.008.capability_leader_yield_no_lock.sh -%{_datadir}/ctdb/tests/INTEGRATION/simple/cluster.010.getrelock.sh -%{_datadir}/ctdb/tests/INTEGRATION/simple/cluster.012.reclock_command.sh -%{_datadir}/ctdb/tests/INTEGRATION/simple/cluster.015.reclock_remove_lock.sh -%{_datadir}/ctdb/tests/INTEGRATION/simple/cluster.016.reclock_move_lock_dir.sh -%{_datadir}/ctdb/tests/INTEGRATION/simple/cluster.020.message_ring.sh -%{_datadir}/ctdb/tests/INTEGRATION/simple/cluster.021.tunnel_ring.sh -%{_datadir}/ctdb/tests/INTEGRATION/simple/cluster.030.node_stall_leader_timeout.sh -%{_datadir}/ctdb/tests/INTEGRATION/simple/cluster.090.unreachable.sh -%{_datadir}/ctdb/tests/INTEGRATION/simple/cluster.091.version_check.sh -%{_datadir}/ctdb/tests/INTEGRATION/simple/debug.001.getdebug.sh -%{_datadir}/ctdb/tests/INTEGRATION/simple/debug.002.setdebug.sh -%{_datadir}/ctdb/tests/INTEGRATION/simple/debug.003.dumpmemory.sh -%{_datadir}/ctdb/tests/INTEGRATION/simple/eventscripts.001.zero_scripts.sh -%{_datadir}/ctdb/tests/INTEGRATION/simple/eventscripts.090.debug_hung.sh -%{_datadir}/ctdb/tests/INTEGRATION/simple/README -%dir %{_datadir}/ctdb/tests/scripts -%{_datadir}/ctdb/tests/scripts/cluster.bash -%{_datadir}/ctdb/tests/scripts/common.sh -%{_datadir}/ctdb/tests/scripts/integration.bash -%{_datadir}/ctdb/tests/scripts/integration_local_daemons.bash -%{_datadir}/ctdb/tests/scripts/integration_real_cluster.bash -%{_datadir}/ctdb/tests/scripts/script_install_paths.sh -%{_datadir}/ctdb/tests/scripts/test_wrap -%{_datadir}/ctdb/tests/scripts/unit.sh -%dir %{_datadir}/ctdb/tests/UNIT -%dir %{_datadir}/ctdb/tests/UNIT/cunit -%{_datadir}/ctdb/tests/UNIT/cunit/cluster_mutex_001.sh -%{_datadir}/ctdb/tests/UNIT/cunit/cluster_mutex_002.sh -%{_datadir}/ctdb/tests/UNIT/cunit/cluster_mutex_003.sh -%{_datadir}/ctdb/tests/UNIT/cunit/cmdline_test_001.sh -%{_datadir}/ctdb/tests/UNIT/cunit/comm_test_001.sh -%{_datadir}/ctdb/tests/UNIT/cunit/comm_test_002.sh -%{_datadir}/ctdb/tests/UNIT/cunit/conf_test_001.sh -%{_datadir}/ctdb/tests/UNIT/cunit/config_test_001.sh -%{_datadir}/ctdb/tests/UNIT/cunit/config_test_002.sh -%{_datadir}/ctdb/tests/UNIT/cunit/config_test_003.sh -%{_datadir}/ctdb/tests/UNIT/cunit/config_test_004.sh -%{_datadir}/ctdb/tests/UNIT/cunit/config_test_005.sh -%{_datadir}/ctdb/tests/UNIT/cunit/config_test_006.sh -%{_datadir}/ctdb/tests/UNIT/cunit/config_test_007.sh -%{_datadir}/ctdb/tests/UNIT/cunit/ctdb_io_test_001.sh -%{_datadir}/ctdb/tests/UNIT/cunit/db_hash_test_001.sh -%{_datadir}/ctdb/tests/UNIT/cunit/event_protocol_test_001.sh -%{_datadir}/ctdb/tests/UNIT/cunit/event_script_test_001.sh -%{_datadir}/ctdb/tests/UNIT/cunit/hash_count_test_001.sh -%{_datadir}/ctdb/tests/UNIT/cunit/line_test_001.sh -%{_datadir}/ctdb/tests/UNIT/cunit/path_tests_001.sh -%{_datadir}/ctdb/tests/UNIT/cunit/pidfile_test_001.sh -%{_datadir}/ctdb/tests/UNIT/cunit/pkt_read_001.sh -%{_datadir}/ctdb/tests/UNIT/cunit/pkt_write_001.sh -%{_datadir}/ctdb/tests/UNIT/cunit/porting_tests_001.sh -%{_datadir}/ctdb/tests/UNIT/cunit/protocol_test_001.sh -%{_datadir}/ctdb/tests/UNIT/cunit/protocol_test_002.sh -%{_datadir}/ctdb/tests/UNIT/cunit/protocol_test_012.sh -%{_datadir}/ctdb/tests/UNIT/cunit/protocol_test_101.sh -%{_datadir}/ctdb/tests/UNIT/cunit/protocol_test_111.sh -%{_datadir}/ctdb/tests/UNIT/cunit/protocol_test_201.sh -%{_datadir}/ctdb/tests/UNIT/cunit/rb_test_001.sh -%{_datadir}/ctdb/tests/UNIT/cunit/reqid_test_001.sh -%{_datadir}/ctdb/tests/UNIT/cunit/run_event_001.sh -%{_datadir}/ctdb/tests/UNIT/cunit/run_proc_001.sh -%{_datadir}/ctdb/tests/UNIT/cunit/sock_daemon_test_001.sh -%{_datadir}/ctdb/tests/UNIT/cunit/sock_io_test_001.sh -%{_datadir}/ctdb/tests/UNIT/cunit/srvid_test_001.sh -%{_datadir}/ctdb/tests/UNIT/cunit/system_socket_test_001.sh -%{_datadir}/ctdb/tests/UNIT/cunit/system_socket_test_002.sh -%{_datadir}/ctdb/tests/UNIT/cunit/system_socket_test_003.sh -%{_datadir}/ctdb/tests/UNIT/cunit/tmon_test_001.sh -%{_datadir}/ctdb/tests/UNIT/cunit/tmon_test_002.sh -%{_datadir}/ctdb/tests/UNIT/cunit/tunable_test_001.sh -%dir %{_datadir}/ctdb/tests/UNIT/eventd -%dir %{_datadir}/ctdb/tests/UNIT/eventd/etc-ctdb -%{_datadir}/ctdb/tests/UNIT/eventd/etc-ctdb/ctdb.conf -%{_datadir}/ctdb/tests/UNIT/eventd/etc-ctdb/debug-script.sh -%dir %{_datadir}/ctdb/tests/UNIT/eventd/etc-ctdb/events -%dir %{_datadir}/ctdb/tests/UNIT/eventd/etc-ctdb/events/data -%{_datadir}/ctdb/tests/UNIT/eventd/etc-ctdb/events/data/03.notalink.script -%{_datadir}/ctdb/tests/UNIT/eventd/etc-ctdb/events/data/README -%dir %{_datadir}/ctdb/tests/UNIT/eventd/etc-ctdb/events/empty -%{_datadir}/ctdb/tests/UNIT/eventd/etc-ctdb/events/empty/README -%dir %{_datadir}/ctdb/tests/UNIT/eventd/etc-ctdb/events/multi -%{_datadir}/ctdb/tests/UNIT/eventd/etc-ctdb/events/multi/01.test.script -%{_datadir}/ctdb/tests/UNIT/eventd/etc-ctdb/events/multi/02.test.script -%{_datadir}/ctdb/tests/UNIT/eventd/etc-ctdb/events/multi/03.test.script -%dir %{_datadir}/ctdb/tests/UNIT/eventd/etc-ctdb/events/random -%{_datadir}/ctdb/tests/UNIT/eventd/etc-ctdb/events/random/01.disabled.script -%{_datadir}/ctdb/tests/UNIT/eventd/etc-ctdb/events/random/02.enabled.script -%{_datadir}/ctdb/tests/UNIT/eventd/etc-ctdb/events/random/a.script -%{_datadir}/ctdb/tests/UNIT/eventd/etc-ctdb/events/random/README.script -%dir %{_datadir}/ctdb/tests/UNIT/eventd/etc-ctdb/share -%dir %{_datadir}/ctdb/tests/UNIT/eventd/etc-ctdb/share/events -%dir %{_datadir}/ctdb/tests/UNIT/eventd/etc-ctdb/share/events/data -%{_datadir}/ctdb/tests/UNIT/eventd/etc-ctdb/share/events/data/01.dummy.script -%{_datadir}/ctdb/tests/UNIT/eventd/etc-ctdb/share/events/data/02.disabled.script -%dir %{_datadir}/ctdb/tests/UNIT/eventd/etc-ctdb/share/events/empty -%{_datadir}/ctdb/tests/UNIT/eventd/etc-ctdb/share/events/empty/README -%dir %{_datadir}/ctdb/tests/UNIT/eventd/etc-ctdb/share/events/random -%{_datadir}/ctdb/tests/UNIT/eventd/etc-ctdb/share/events/random/01.disabled.script -%{_datadir}/ctdb/tests/UNIT/eventd/etc-ctdb/share/events/random/02.enabled.script -%{_datadir}/ctdb/tests/UNIT/eventd/etc-ctdb/share/events/random/a.script -%{_datadir}/ctdb/tests/UNIT/eventd/etc-ctdb/share/events/random/README.script -%{_datadir}/ctdb/tests/UNIT/eventd/eventd_001.sh -%{_datadir}/ctdb/tests/UNIT/eventd/eventd_002.sh -%{_datadir}/ctdb/tests/UNIT/eventd/eventd_003.sh -%{_datadir}/ctdb/tests/UNIT/eventd/eventd_004.sh -%{_datadir}/ctdb/tests/UNIT/eventd/eventd_005.sh -%{_datadir}/ctdb/tests/UNIT/eventd/eventd_006.sh -%{_datadir}/ctdb/tests/UNIT/eventd/eventd_007.sh -%{_datadir}/ctdb/tests/UNIT/eventd/eventd_008.sh -%{_datadir}/ctdb/tests/UNIT/eventd/eventd_009.sh -%{_datadir}/ctdb/tests/UNIT/eventd/eventd_011.sh -%{_datadir}/ctdb/tests/UNIT/eventd/eventd_012.sh -%{_datadir}/ctdb/tests/UNIT/eventd/eventd_013.sh -%{_datadir}/ctdb/tests/UNIT/eventd/eventd_014.sh -%{_datadir}/ctdb/tests/UNIT/eventd/eventd_021.sh -%{_datadir}/ctdb/tests/UNIT/eventd/eventd_022.sh -%{_datadir}/ctdb/tests/UNIT/eventd/eventd_023.sh -%{_datadir}/ctdb/tests/UNIT/eventd/eventd_024.sh -%{_datadir}/ctdb/tests/UNIT/eventd/eventd_031.sh -%{_datadir}/ctdb/tests/UNIT/eventd/eventd_032.sh -%{_datadir}/ctdb/tests/UNIT/eventd/eventd_033.sh -%{_datadir}/ctdb/tests/UNIT/eventd/eventd_041.sh -%{_datadir}/ctdb/tests/UNIT/eventd/eventd_042.sh -%{_datadir}/ctdb/tests/UNIT/eventd/eventd_043.sh -%{_datadir}/ctdb/tests/UNIT/eventd/eventd_044.sh -%{_datadir}/ctdb/tests/UNIT/eventd/eventd_051.sh -%{_datadir}/ctdb/tests/UNIT/eventd/eventd_052.sh -%{_datadir}/ctdb/tests/UNIT/eventd/README -%dir %{_datadir}/ctdb/tests/UNIT/eventd/scripts -%{_datadir}/ctdb/tests/UNIT/eventd/scripts/local.sh -%dir %{_datadir}/ctdb/tests/UNIT/eventscripts -%{_datadir}/ctdb/tests/UNIT/eventscripts/00.ctdb.init.001.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/00.ctdb.init.002.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/00.ctdb.init.003.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/00.ctdb.init.004.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/00.ctdb.init.005.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/00.ctdb.init.006.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/00.ctdb.init.007.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/00.ctdb.init.008.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/00.ctdb.init.009.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/01.reclock.init.001.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/01.reclock.init.002.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/01.reclock.init.003.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/05.system.monitor.001.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/05.system.monitor.002.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/05.system.monitor.003.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/05.system.monitor.004.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/05.system.monitor.005.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/05.system.monitor.006.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/05.system.monitor.007.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/05.system.monitor.011.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/05.system.monitor.012.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/05.system.monitor.014.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/05.system.monitor.015.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/05.system.monitor.017.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/05.system.monitor.018.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/06.nfs.releaseip.001.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/06.nfs.releaseip.002.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/06.nfs.takeip.001.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/06.nfs.takeip.002.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/10.interface.010.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/10.interface.011.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/10.interface.012.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/10.interface.013.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/10.interface.init.001.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/10.interface.init.002.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/10.interface.init.021.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/10.interface.init.022.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/10.interface.init.023.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/10.interface.monitor.001.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/10.interface.monitor.002.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/10.interface.monitor.003.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/10.interface.monitor.004.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/10.interface.monitor.005.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/10.interface.monitor.006.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/10.interface.monitor.009.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/10.interface.monitor.010.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/10.interface.monitor.011.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/10.interface.monitor.012.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/10.interface.monitor.013.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/10.interface.monitor.014.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/10.interface.monitor.015.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/10.interface.monitor.016.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/10.interface.monitor.017.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/10.interface.monitor.018.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/10.interface.multi.001.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/10.interface.releaseip.001.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/10.interface.releaseip.002.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/10.interface.startup.001.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/10.interface.startup.002.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/10.interface.takeip.001.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/10.interface.takeip.002.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/10.interface.takeip.003.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/11.natgw.001.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/11.natgw.002.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/11.natgw.003.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/11.natgw.004.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/11.natgw.011.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/11.natgw.012.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/11.natgw.013.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/11.natgw.014.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/11.natgw.015.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/11.natgw.021.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/11.natgw.022.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/11.natgw.023.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/11.natgw.024.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/11.natgw.025.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/11.natgw.031.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/11.natgw.041.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/11.natgw.042.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/11.natgw.051.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/11.natgw.052.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/11.natgw.053.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/11.natgw.054.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/13.per_ip_routing.001.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/13.per_ip_routing.002.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/13.per_ip_routing.003.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/13.per_ip_routing.004.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/13.per_ip_routing.005.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/13.per_ip_routing.006.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/13.per_ip_routing.007.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/13.per_ip_routing.008.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/13.per_ip_routing.009.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/13.per_ip_routing.010.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/13.per_ip_routing.011.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/13.per_ip_routing.012.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/13.per_ip_routing.013.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/13.per_ip_routing.014.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/13.per_ip_routing.015.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/13.per_ip_routing.016.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/13.per_ip_routing.017.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/13.per_ip_routing.018.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/13.per_ip_routing.019.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/13.per_ip_routing.021.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/13.per_ip_routing.022.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/13.per_ip_routing.023.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/13.per_ip_routing.024.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/20.multipathd.monitor.001.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/20.multipathd.monitor.002.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/20.multipathd.monitor.003.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/20.multipathd.monitor.004.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/31.clamd.monitor.002.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/31.clamd.monitor.003.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/40.vsftpd.monitor.002.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/40.vsftpd.shutdown.002.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/40.vsftpd.startup.002.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/41.httpd.monitor.002.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/41.httpd.shutdown.002.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/41.httpd.startup.002.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/48.netbios.shutdown.011.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/48.netbios.startup.011.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/49.winbind.monitor.101.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/49.winbind.monitor.102.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/49.winbind.shutdown.002.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/49.winbind.startup.002.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/50.samba.monitor.101.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/50.samba.monitor.103.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/50.samba.monitor.104.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/50.samba.monitor.105.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/50.samba.monitor.106.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/50.samba.monitor.110.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/50.samba.monitor.111.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/50.samba.monitor.112.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/50.samba.monitor.113.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/50.samba.shutdown.001.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/50.samba.shutdown.002.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/50.samba.shutdown.011.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/50.samba.startup.011.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/60.nfs.monitor.101.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/60.nfs.monitor.102.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/60.nfs.monitor.103.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/60.nfs.monitor.104.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/60.nfs.monitor.105.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/60.nfs.monitor.106.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/60.nfs.monitor.107.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/60.nfs.monitor.108.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/60.nfs.monitor.109.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/60.nfs.monitor.111.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/60.nfs.monitor.112.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/60.nfs.monitor.113.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/60.nfs.monitor.114.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/60.nfs.monitor.121.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/60.nfs.monitor.122.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/60.nfs.monitor.131.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/60.nfs.monitor.132.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/60.nfs.monitor.141.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/60.nfs.monitor.142.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/60.nfs.monitor.143.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/60.nfs.monitor.144.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/60.nfs.monitor.151.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/60.nfs.monitor.152.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/60.nfs.monitor.153.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/60.nfs.monitor.161.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/60.nfs.monitor.162.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/60.nfs.multi.001.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/60.nfs.multi.002.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/60.nfs.releaseip.001.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/60.nfs.releaseip.002.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/60.nfs.shutdown.001.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/60.nfs.shutdown.002.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/60.nfs.startup.001.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/60.nfs.startup.002.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/60.nfs.takeip.001.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/60.nfs.takeip.002.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/91.lvs.001.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/91.lvs.ipreallocated.011.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/91.lvs.ipreallocated.012.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/91.lvs.ipreallocated.013.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/91.lvs.ipreallocated.014.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/91.lvs.monitor.001.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/91.lvs.monitor.002.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/91.lvs.monitor.003.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/91.lvs.shutdown.001.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/91.lvs.shutdown.002.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/91.lvs.startup.001.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/91.lvs.startup.002.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/debug_locks.sh.001.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/debug_locks.sh.002.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/debug_locks.sh.003.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/debug_locks.sh.004.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/debug_locks.sh.005.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/debug_locks.sh.006.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/debug_locks.sh.007.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/debug_locks.sh.008.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/debug_locks.sh.021.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/debug_locks.sh.022.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/debug_locks.sh.023.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/debug_locks.sh.024.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/debug_locks.sh.025.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/debug_locks.sh.026.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/debug_locks.sh.027.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/debug_locks.sh.028.sh -%dir %{_datadir}/ctdb/tests/UNIT/eventscripts/etc -%dir %{_datadir}/ctdb/tests/UNIT/eventscripts/etc-ctdb -%{_datadir}/ctdb/tests/UNIT/eventscripts/etc-ctdb/public_addresses -%{_datadir}/ctdb/tests/UNIT/eventscripts/etc-ctdb/rc.local -%dir %{_datadir}/ctdb/tests/UNIT/eventscripts/etc/init.d -%{_datadir}/ctdb/tests/UNIT/eventscripts/etc/init.d/nfs -%{_datadir}/ctdb/tests/UNIT/eventscripts/etc/init.d/nfslock -%dir %{_datadir}/ctdb/tests/UNIT/eventscripts/etc/samba -%{_datadir}/ctdb/tests/UNIT/eventscripts/etc/samba/smb.conf -%dir %{_datadir}/ctdb/tests/UNIT/eventscripts/etc/sysconfig -%{_datadir}/ctdb/tests/UNIT/eventscripts/etc/sysconfig/nfs -%{_datadir}/ctdb/tests/UNIT/eventscripts/README -%dir %{_datadir}/ctdb/tests/UNIT/eventscripts/scripts -%{_datadir}/ctdb/tests/UNIT/eventscripts/scripts/00.ctdb.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/scripts/01.reclock.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/scripts/05.system.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/scripts/06.nfs.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/scripts/10.interface.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/scripts/11.natgw.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/scripts/13.per_ip_routing.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/scripts/20.multipathd.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/scripts/31.clamd.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/scripts/40.vsftpd.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/scripts/41.httpd.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/scripts/48.netbios.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/scripts/49.winbind.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/scripts/50.samba.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/scripts/60.nfs.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/scripts/91.lvs.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/scripts/debug_locks.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/scripts/local.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/scripts/statd-callout.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/statd-callout.001.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/statd-callout.002.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/statd-callout.003.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/statd-callout.004.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/statd-callout.005.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/statd-callout.006.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/statd-callout.007.sh -%dir %{_datadir}/ctdb/tests/UNIT/eventscripts/stubs -%{_datadir}/ctdb/tests/UNIT/eventscripts/stubs/ctdb -%{_datadir}/ctdb/tests/UNIT/eventscripts/stubs/ctdb-config -%{_datadir}/ctdb/tests/UNIT/eventscripts/stubs/ctdb_killtcp -%{_datadir}/ctdb/tests/UNIT/eventscripts/stubs/ctdb_lvs -%{_datadir}/ctdb/tests/UNIT/eventscripts/stubs/ctdb_natgw -%{_datadir}/ctdb/tests/UNIT/eventscripts/stubs/date -%{_datadir}/ctdb/tests/UNIT/eventscripts/stubs/df -%{_datadir}/ctdb/tests/UNIT/eventscripts/stubs/ethtool -%{_datadir}/ctdb/tests/UNIT/eventscripts/stubs/exportfs -%{_datadir}/ctdb/tests/UNIT/eventscripts/stubs/gstack -%{_datadir}/ctdb/tests/UNIT/eventscripts/stubs/id -%{_datadir}/ctdb/tests/UNIT/eventscripts/stubs/ip -%{_datadir}/ctdb/tests/UNIT/eventscripts/stubs/ip6tables -%{_datadir}/ctdb/tests/UNIT/eventscripts/stubs/iptables -%{_datadir}/ctdb/tests/UNIT/eventscripts/stubs/ipvsadm -%{_datadir}/ctdb/tests/UNIT/eventscripts/stubs/kill -%{_datadir}/ctdb/tests/UNIT/eventscripts/stubs/killall -%{_datadir}/ctdb/tests/UNIT/eventscripts/stubs/multipath -%{_datadir}/ctdb/tests/UNIT/eventscripts/stubs/net -%{_datadir}/ctdb/tests/UNIT/eventscripts/stubs/nfs-fake-callout -%{_datadir}/ctdb/tests/UNIT/eventscripts/stubs/nfsconf -%{_datadir}/ctdb/tests/UNIT/eventscripts/stubs/pidof -%{_datadir}/ctdb/tests/UNIT/eventscripts/stubs/pkill -%{_datadir}/ctdb/tests/UNIT/eventscripts/stubs/ps -%{_datadir}/ctdb/tests/UNIT/eventscripts/stubs/rm -%{_datadir}/ctdb/tests/UNIT/eventscripts/stubs/rpc.lockd -%{_datadir}/ctdb/tests/UNIT/eventscripts/stubs/rpc.mountd -%{_datadir}/ctdb/tests/UNIT/eventscripts/stubs/rpc.rquotad -%{_datadir}/ctdb/tests/UNIT/eventscripts/stubs/rpc.statd -%{_datadir}/ctdb/tests/UNIT/eventscripts/stubs/rpcinfo -%{_datadir}/ctdb/tests/UNIT/eventscripts/stubs/service -%{_datadir}/ctdb/tests/UNIT/eventscripts/stubs/sleep -%{_datadir}/ctdb/tests/UNIT/eventscripts/stubs/smnotify -%{_datadir}/ctdb/tests/UNIT/eventscripts/stubs/ss -%{_datadir}/ctdb/tests/UNIT/eventscripts/stubs/stat -%{_datadir}/ctdb/tests/UNIT/eventscripts/stubs/tdb_mutex_check -%{_datadir}/ctdb/tests/UNIT/eventscripts/stubs/tdbdump -%{_datadir}/ctdb/tests/UNIT/eventscripts/stubs/tdbtool -%{_datadir}/ctdb/tests/UNIT/eventscripts/stubs/testparm -%{_datadir}/ctdb/tests/UNIT/eventscripts/stubs/timeout -%{_datadir}/ctdb/tests/UNIT/eventscripts/stubs/wbinfo -%dir %{_datadir}/ctdb/tests/UNIT/onnode -%{_datadir}/ctdb/tests/UNIT/onnode/0001.sh -%{_datadir}/ctdb/tests/UNIT/onnode/0002.sh -%{_datadir}/ctdb/tests/UNIT/onnode/0003.sh -%{_datadir}/ctdb/tests/UNIT/onnode/0004.sh -%{_datadir}/ctdb/tests/UNIT/onnode/0005.sh -%{_datadir}/ctdb/tests/UNIT/onnode/0006.sh -%{_datadir}/ctdb/tests/UNIT/onnode/0010.sh -%{_datadir}/ctdb/tests/UNIT/onnode/0011.sh -%{_datadir}/ctdb/tests/UNIT/onnode/0070.sh -%{_datadir}/ctdb/tests/UNIT/onnode/0071.sh -%{_datadir}/ctdb/tests/UNIT/onnode/0072.sh -%{_datadir}/ctdb/tests/UNIT/onnode/0075.sh -%dir %{_datadir}/ctdb/tests/UNIT/onnode/etc-ctdb -%{_datadir}/ctdb/tests/UNIT/onnode/etc-ctdb/nodes -%dir %{_datadir}/ctdb/tests/UNIT/onnode/scripts -%{_datadir}/ctdb/tests/UNIT/onnode/scripts/local.sh -%dir %{_datadir}/ctdb/tests/UNIT/onnode/stubs -%{_datadir}/ctdb/tests/UNIT/onnode/stubs/ctdb -%{_datadir}/ctdb/tests/UNIT/onnode/stubs/ssh -%dir %{_datadir}/ctdb/tests/UNIT/shellcheck -%{_datadir}/ctdb/tests/UNIT/shellcheck/base_scripts.sh -%{_datadir}/ctdb/tests/UNIT/shellcheck/ctdb_helpers.sh -%{_datadir}/ctdb/tests/UNIT/shellcheck/event_scripts.sh -%{_datadir}/ctdb/tests/UNIT/shellcheck/functions.sh -%{_datadir}/ctdb/tests/UNIT/shellcheck/init_script.sh -%dir %{_datadir}/ctdb/tests/UNIT/shellcheck/scripts -%{_datadir}/ctdb/tests/UNIT/shellcheck/scripts/local.sh -%{_datadir}/ctdb/tests/UNIT/shellcheck/tests.sh -%{_datadir}/ctdb/tests/UNIT/shellcheck/tools.sh -%dir %{_datadir}/ctdb/tests/UNIT/takeover -%{_datadir}/ctdb/tests/UNIT/takeover/det.001.sh -%{_datadir}/ctdb/tests/UNIT/takeover/det.002.sh -%{_datadir}/ctdb/tests/UNIT/takeover/det.003.sh -%dir %{_datadir}/ctdb/tests/UNIT/takeover_helper -%{_datadir}/ctdb/tests/UNIT/takeover_helper/000.sh -%{_datadir}/ctdb/tests/UNIT/takeover_helper/010.sh -%{_datadir}/ctdb/tests/UNIT/takeover_helper/011.sh -%{_datadir}/ctdb/tests/UNIT/takeover_helper/012.sh -%{_datadir}/ctdb/tests/UNIT/takeover_helper/013.sh -%{_datadir}/ctdb/tests/UNIT/takeover_helper/014.sh -%{_datadir}/ctdb/tests/UNIT/takeover_helper/016.sh -%{_datadir}/ctdb/tests/UNIT/takeover_helper/017.sh -%{_datadir}/ctdb/tests/UNIT/takeover_helper/018.sh -%{_datadir}/ctdb/tests/UNIT/takeover_helper/019.sh -%{_datadir}/ctdb/tests/UNIT/takeover_helper/021.sh -%{_datadir}/ctdb/tests/UNIT/takeover_helper/022.sh -%{_datadir}/ctdb/tests/UNIT/takeover_helper/023.sh -%{_datadir}/ctdb/tests/UNIT/takeover_helper/024.sh -%{_datadir}/ctdb/tests/UNIT/takeover_helper/025.sh -%{_datadir}/ctdb/tests/UNIT/takeover_helper/026.sh -%{_datadir}/ctdb/tests/UNIT/takeover_helper/027.sh -%{_datadir}/ctdb/tests/UNIT/takeover_helper/028.sh -%{_datadir}/ctdb/tests/UNIT/takeover_helper/030.sh -%{_datadir}/ctdb/tests/UNIT/takeover_helper/031.sh -%{_datadir}/ctdb/tests/UNIT/takeover_helper/110.sh -%{_datadir}/ctdb/tests/UNIT/takeover_helper/111.sh -%{_datadir}/ctdb/tests/UNIT/takeover_helper/120.sh -%{_datadir}/ctdb/tests/UNIT/takeover_helper/121.sh -%{_datadir}/ctdb/tests/UNIT/takeover_helper/122.sh -%{_datadir}/ctdb/tests/UNIT/takeover_helper/130.sh -%{_datadir}/ctdb/tests/UNIT/takeover_helper/131.sh -%{_datadir}/ctdb/tests/UNIT/takeover_helper/132.sh -%{_datadir}/ctdb/tests/UNIT/takeover_helper/140.sh -%{_datadir}/ctdb/tests/UNIT/takeover_helper/150.sh -%{_datadir}/ctdb/tests/UNIT/takeover_helper/160.sh -%{_datadir}/ctdb/tests/UNIT/takeover_helper/210.sh -%{_datadir}/ctdb/tests/UNIT/takeover_helper/211.sh -%{_datadir}/ctdb/tests/UNIT/takeover_helper/220.sh -%{_datadir}/ctdb/tests/UNIT/takeover_helper/230.sh -%{_datadir}/ctdb/tests/UNIT/takeover_helper/240.sh -%{_datadir}/ctdb/tests/UNIT/takeover_helper/250.sh -%{_datadir}/ctdb/tests/UNIT/takeover_helper/260.sh -%dir %{_datadir}/ctdb/tests/UNIT/takeover_helper/scripts -%{_datadir}/ctdb/tests/UNIT/takeover_helper/scripts/local.sh -%{_datadir}/ctdb/tests/UNIT/takeover/lcp2.001.sh -%{_datadir}/ctdb/tests/UNIT/takeover/lcp2.002.sh -%{_datadir}/ctdb/tests/UNIT/takeover/lcp2.003.sh -%{_datadir}/ctdb/tests/UNIT/takeover/lcp2.004.sh -%{_datadir}/ctdb/tests/UNIT/takeover/lcp2.005.sh -%{_datadir}/ctdb/tests/UNIT/takeover/lcp2.006.sh -%{_datadir}/ctdb/tests/UNIT/takeover/lcp2.007.sh -%{_datadir}/ctdb/tests/UNIT/takeover/lcp2.008.sh -%{_datadir}/ctdb/tests/UNIT/takeover/lcp2.009.sh -%{_datadir}/ctdb/tests/UNIT/takeover/lcp2.010.sh -%{_datadir}/ctdb/tests/UNIT/takeover/lcp2.011.sh -%{_datadir}/ctdb/tests/UNIT/takeover/lcp2.012.sh -%{_datadir}/ctdb/tests/UNIT/takeover/lcp2.013.sh -%{_datadir}/ctdb/tests/UNIT/takeover/lcp2.014.sh -%{_datadir}/ctdb/tests/UNIT/takeover/lcp2.015.sh -%{_datadir}/ctdb/tests/UNIT/takeover/lcp2.016.sh -%{_datadir}/ctdb/tests/UNIT/takeover/lcp2.024.sh -%{_datadir}/ctdb/tests/UNIT/takeover/lcp2.025.sh -%{_datadir}/ctdb/tests/UNIT/takeover/lcp2.027.sh -%{_datadir}/ctdb/tests/UNIT/takeover/lcp2.028.sh -%{_datadir}/ctdb/tests/UNIT/takeover/lcp2.029.sh -%{_datadir}/ctdb/tests/UNIT/takeover/lcp2.030.sh -%{_datadir}/ctdb/tests/UNIT/takeover/lcp2.031.sh -%{_datadir}/ctdb/tests/UNIT/takeover/lcp2.032.sh -%{_datadir}/ctdb/tests/UNIT/takeover/lcp2.033.sh -%{_datadir}/ctdb/tests/UNIT/takeover/lcp2.034.sh -%{_datadir}/ctdb/tests/UNIT/takeover/lcp2.035.sh -%{_datadir}/ctdb/tests/UNIT/takeover/nondet.001.sh -%{_datadir}/ctdb/tests/UNIT/takeover/nondet.002.sh -%{_datadir}/ctdb/tests/UNIT/takeover/nondet.003.sh -%{_datadir}/ctdb/tests/UNIT/takeover/README -%dir %{_datadir}/ctdb/tests/UNIT/takeover/scripts -%{_datadir}/ctdb/tests/UNIT/takeover/scripts/local.sh -%dir %{_datadir}/ctdb/tests/UNIT/tool -%{_datadir}/ctdb/tests/UNIT/tool/ctdb.attach.001.sh -%{_datadir}/ctdb/tests/UNIT/tool/ctdb.attach.002.sh -%{_datadir}/ctdb/tests/UNIT/tool/ctdb.attach.003.sh -%{_datadir}/ctdb/tests/UNIT/tool/ctdb.ban.001.sh -%{_datadir}/ctdb/tests/UNIT/tool/ctdb.ban.002.sh -%{_datadir}/ctdb/tests/UNIT/tool/ctdb.ban.003.sh -%{_datadir}/ctdb/tests/UNIT/tool/ctdb.catdb.001.sh -%{_datadir}/ctdb/tests/UNIT/tool/ctdb.catdb.002.sh -%{_datadir}/ctdb/tests/UNIT/tool/ctdb.cattdb.001.sh -%{_datadir}/ctdb/tests/UNIT/tool/ctdb.cattdb.002.sh -%{_datadir}/ctdb/tests/UNIT/tool/ctdb.continue.001.sh -%{_datadir}/ctdb/tests/UNIT/tool/ctdb.continue.002.sh -%{_datadir}/ctdb/tests/UNIT/tool/ctdb.continue.003.sh -%{_datadir}/ctdb/tests/UNIT/tool/ctdb.deletekey.001.sh -%{_datadir}/ctdb/tests/UNIT/tool/ctdb.disable.001.sh -%{_datadir}/ctdb/tests/UNIT/tool/ctdb.disable.002.sh -%{_datadir}/ctdb/tests/UNIT/tool/ctdb.disable.003.sh -%{_datadir}/ctdb/tests/UNIT/tool/ctdb.disable.004.sh -%{_datadir}/ctdb/tests/UNIT/tool/ctdb.enable.001.sh -%{_datadir}/ctdb/tests/UNIT/tool/ctdb.enable.002.sh -%{_datadir}/ctdb/tests/UNIT/tool/ctdb.enable.003.sh -%{_datadir}/ctdb/tests/UNIT/tool/ctdb.getcapabilities.001.sh -%{_datadir}/ctdb/tests/UNIT/tool/ctdb.getcapabilities.002.sh -%{_datadir}/ctdb/tests/UNIT/tool/ctdb.getcapabilities.003.sh -%{_datadir}/ctdb/tests/UNIT/tool/ctdb.getcapabilities.004.sh -%{_datadir}/ctdb/tests/UNIT/tool/ctdb.getdbmap.001.sh -%{_datadir}/ctdb/tests/UNIT/tool/ctdb.getdbseqnum.001.sh -%{_datadir}/ctdb/tests/UNIT/tool/ctdb.getdbseqnum.002.sh -%{_datadir}/ctdb/tests/UNIT/tool/ctdb.getdbstatus.001.sh -%{_datadir}/ctdb/tests/UNIT/tool/ctdb.getdbstatus.002.sh -%{_datadir}/ctdb/tests/UNIT/tool/ctdb.getpid.001.sh -%{_datadir}/ctdb/tests/UNIT/tool/ctdb.getpid.010.sh -%{_datadir}/ctdb/tests/UNIT/tool/ctdb.getreclock.001.sh -%{_datadir}/ctdb/tests/UNIT/tool/ctdb.getreclock.002.sh -%{_datadir}/ctdb/tests/UNIT/tool/ctdb.getvar.001.sh -%{_datadir}/ctdb/tests/UNIT/tool/ctdb.getvar.002.sh -%{_datadir}/ctdb/tests/UNIT/tool/ctdb.ifaces.001.sh -%{_datadir}/ctdb/tests/UNIT/tool/ctdb.ip.001.sh -%{_datadir}/ctdb/tests/UNIT/tool/ctdb.ip.002.sh -%{_datadir}/ctdb/tests/UNIT/tool/ctdb.ip.003.sh -%{_datadir}/ctdb/tests/UNIT/tool/ctdb.ip.004.sh -%{_datadir}/ctdb/tests/UNIT/tool/ctdb.ip.005.sh -%{_datadir}/ctdb/tests/UNIT/tool/ctdb.ip.006.sh -%{_datadir}/ctdb/tests/UNIT/tool/ctdb.ip.007.sh -%{_datadir}/ctdb/tests/UNIT/tool/ctdb.ipinfo.001.sh -%{_datadir}/ctdb/tests/UNIT/tool/ctdb.ipinfo.002.sh -%{_datadir}/ctdb/tests/UNIT/tool/ctdb.ipinfo.003.sh -%{_datadir}/ctdb/tests/UNIT/tool/ctdb.leader.001.sh -%{_datadir}/ctdb/tests/UNIT/tool/ctdb.leader.002.sh -%{_datadir}/ctdb/tests/UNIT/tool/ctdb.listnodes.001.sh -%{_datadir}/ctdb/tests/UNIT/tool/ctdb.listnodes.002.sh -%{_datadir}/ctdb/tests/UNIT/tool/ctdb.listvars.001.sh -%{_datadir}/ctdb/tests/UNIT/tool/ctdb.lvs.001.sh -%{_datadir}/ctdb/tests/UNIT/tool/ctdb.lvs.002.sh -%{_datadir}/ctdb/tests/UNIT/tool/ctdb.lvs.003.sh -%{_datadir}/ctdb/tests/UNIT/tool/ctdb.lvs.004.sh -%{_datadir}/ctdb/tests/UNIT/tool/ctdb.lvs.005.sh -%{_datadir}/ctdb/tests/UNIT/tool/ctdb.lvs.006.sh -%{_datadir}/ctdb/tests/UNIT/tool/ctdb.lvs.007.sh -%{_datadir}/ctdb/tests/UNIT/tool/ctdb.lvs.008.sh -%{_datadir}/ctdb/tests/UNIT/tool/ctdb.lvs.010.sh -%{_datadir}/ctdb/tests/UNIT/tool/ctdb.natgw.001.sh -%{_datadir}/ctdb/tests/UNIT/tool/ctdb.natgw.002.sh -%{_datadir}/ctdb/tests/UNIT/tool/ctdb.natgw.003.sh -%{_datadir}/ctdb/tests/UNIT/tool/ctdb.natgw.004.sh -%{_datadir}/ctdb/tests/UNIT/tool/ctdb.natgw.005.sh -%{_datadir}/ctdb/tests/UNIT/tool/ctdb.natgw.006.sh -%{_datadir}/ctdb/tests/UNIT/tool/ctdb.natgw.007.sh -%{_datadir}/ctdb/tests/UNIT/tool/ctdb.natgw.008.sh -%{_datadir}/ctdb/tests/UNIT/tool/ctdb.natgw.010.sh -%{_datadir}/ctdb/tests/UNIT/tool/ctdb.nodestatus.001.sh -%{_datadir}/ctdb/tests/UNIT/tool/ctdb.nodestatus.002.sh -%{_datadir}/ctdb/tests/UNIT/tool/ctdb.nodestatus.003.sh -%{_datadir}/ctdb/tests/UNIT/tool/ctdb.nodestatus.004.sh -%{_datadir}/ctdb/tests/UNIT/tool/ctdb.nodestatus.005.sh -%{_datadir}/ctdb/tests/UNIT/tool/ctdb.nodestatus.006.sh -%{_datadir}/ctdb/tests/UNIT/tool/ctdb.nodestatus.007.sh -%{_datadir}/ctdb/tests/UNIT/tool/ctdb.pdelete.001.sh -%{_datadir}/ctdb/tests/UNIT/tool/ctdb.ping.001.sh -%{_datadir}/ctdb/tests/UNIT/tool/ctdb.pnn.001.sh -%{_datadir}/ctdb/tests/UNIT/tool/ctdb.process-exists.001.sh -%{_datadir}/ctdb/tests/UNIT/tool/ctdb.process-exists.002.sh -%{_datadir}/ctdb/tests/UNIT/tool/ctdb.process-exists.003.sh -%{_datadir}/ctdb/tests/UNIT/tool/ctdb.pstore.001.sh -%{_datadir}/ctdb/tests/UNIT/tool/ctdb.ptrans.001.sh -%{_datadir}/ctdb/tests/UNIT/tool/ctdb.readkey.001.sh -%{_datadir}/ctdb/tests/UNIT/tool/ctdb.recover.001.sh -%{_datadir}/ctdb/tests/UNIT/tool/ctdb.reloadnodes.001.sh -%{_datadir}/ctdb/tests/UNIT/tool/ctdb.reloadnodes.002.sh -%{_datadir}/ctdb/tests/UNIT/tool/ctdb.reloadnodes.003.sh -%{_datadir}/ctdb/tests/UNIT/tool/ctdb.reloadnodes.011.sh -%{_datadir}/ctdb/tests/UNIT/tool/ctdb.reloadnodes.012.sh -%{_datadir}/ctdb/tests/UNIT/tool/ctdb.reloadnodes.013.sh -%{_datadir}/ctdb/tests/UNIT/tool/ctdb.reloadnodes.014.sh -%{_datadir}/ctdb/tests/UNIT/tool/ctdb.reloadnodes.015.sh -%{_datadir}/ctdb/tests/UNIT/tool/ctdb.reloadnodes.016.sh -%{_datadir}/ctdb/tests/UNIT/tool/ctdb.reloadnodes.017.sh -%{_datadir}/ctdb/tests/UNIT/tool/ctdb.reloadnodes.018.sh -%{_datadir}/ctdb/tests/UNIT/tool/ctdb.reloadnodes.019.sh -%{_datadir}/ctdb/tests/UNIT/tool/ctdb.reloadnodes.020.sh -%{_datadir}/ctdb/tests/UNIT/tool/ctdb.reloadnodes.021.sh -%{_datadir}/ctdb/tests/UNIT/tool/ctdb.reloadnodes.023.sh -%{_datadir}/ctdb/tests/UNIT/tool/ctdb.reloadnodes.024.sh -%{_datadir}/ctdb/tests/UNIT/tool/ctdb.runstate.001.sh -%{_datadir}/ctdb/tests/UNIT/tool/ctdb.runstate.002.sh -%{_datadir}/ctdb/tests/UNIT/tool/ctdb.runstate.003.sh -%{_datadir}/ctdb/tests/UNIT/tool/ctdb.runstate.004.sh -%{_datadir}/ctdb/tests/UNIT/tool/ctdb.runstate.005.sh -%{_datadir}/ctdb/tests/UNIT/tool/ctdb.setdbreadonly.001.sh -%{_datadir}/ctdb/tests/UNIT/tool/ctdb.setdbreadonly.002.sh -%{_datadir}/ctdb/tests/UNIT/tool/ctdb.setdbreadonly.003.sh -%{_datadir}/ctdb/tests/UNIT/tool/ctdb.setdbreadonly.004.sh -%{_datadir}/ctdb/tests/UNIT/tool/ctdb.setdbreadonly.005.sh -%{_datadir}/ctdb/tests/UNIT/tool/ctdb.setdbsticky.001.sh -%{_datadir}/ctdb/tests/UNIT/tool/ctdb.setdbsticky.002.sh -%{_datadir}/ctdb/tests/UNIT/tool/ctdb.setdbsticky.003.sh -%{_datadir}/ctdb/tests/UNIT/tool/ctdb.setdbsticky.004.sh -%{_datadir}/ctdb/tests/UNIT/tool/ctdb.setdbsticky.005.sh -%{_datadir}/ctdb/tests/UNIT/tool/ctdb.setdebug.001.sh -%{_datadir}/ctdb/tests/UNIT/tool/ctdb.setdebug.002.sh -%{_datadir}/ctdb/tests/UNIT/tool/ctdb.setdebug.003.sh -%{_datadir}/ctdb/tests/UNIT/tool/ctdb.setifacelink.001.sh -%{_datadir}/ctdb/tests/UNIT/tool/ctdb.setifacelink.002.sh -%{_datadir}/ctdb/tests/UNIT/tool/ctdb.setvar.001.sh -%{_datadir}/ctdb/tests/UNIT/tool/ctdb.setvar.002.sh -%{_datadir}/ctdb/tests/UNIT/tool/ctdb.status.001.sh -%{_datadir}/ctdb/tests/UNIT/tool/ctdb.status.002.sh -%{_datadir}/ctdb/tests/UNIT/tool/ctdb.status.003.sh -%{_datadir}/ctdb/tests/UNIT/tool/ctdb.stop.001.sh -%{_datadir}/ctdb/tests/UNIT/tool/ctdb.stop.002.sh -%{_datadir}/ctdb/tests/UNIT/tool/ctdb.stop.003.sh -%{_datadir}/ctdb/tests/UNIT/tool/ctdb.unban.001.sh -%{_datadir}/ctdb/tests/UNIT/tool/ctdb.unban.002.sh -%{_datadir}/ctdb/tests/UNIT/tool/ctdb.unban.003.sh -%{_datadir}/ctdb/tests/UNIT/tool/ctdb.uptime.001.sh -%{_datadir}/ctdb/tests/UNIT/tool/ctdb.writekey.001.sh -%{_datadir}/ctdb/tests/UNIT/tool/README -%dir %{_datadir}/ctdb/tests/UNIT/tool/scripts -%{_datadir}/ctdb/tests/UNIT/tool/scripts/local.sh -#endif with selftest -%endif +%dir %{_datadir}/ctdb/scripts +%{_datadir}/ctdb/scripts/winbind_ctdb_updatekeytab.sh %if %{with pcp_pmda} %files -n ctdb-pcp-pmda @@ -4609,15 +3949,122 @@ fi %{_mandir}/man1/winexe.1.gz %endif +%files -n libldb +%{_libdir}/libldb.so.* +%dir %{_libdir}/samba +%{_libdir}/samba/libldb-key-value-private-samba.so +%{_libdir}/samba/libldb-tdb-err-map-private-samba.so +%{_libdir}/samba/libldb-tdb-int-private-samba.so +%if %{with lmdb} +%{_libdir}/samba/libldb-mdb-int-private-samba.so +%endif + +%dir %{_libdir}/samba/ldb +%{_libdir}/samba/ldb/asq.so +%{_libdir}/samba/ldb/ldb.so +%if %{with lmdb} +%{_libdir}/samba/ldb/mdb.so +%endif +%{_libdir}/samba/ldb/paged_searches.so +%{_libdir}/samba/ldb/rdn_name.so +%{_libdir}/samba/ldb/sample.so +%{_libdir}/samba/ldb/server_sort.so +%{_libdir}/samba/ldb/skel.so +%{_libdir}/samba/ldb/tdb.so + +%files -n libldb-devel +%{_includedir}/samba-4.0/ldb_module.h +%{_includedir}/samba-4.0/ldb_handlers.h +%{_includedir}/samba-4.0/ldb_errors.h +%{_includedir}/samba-4.0/ldb_version.h +%{_includedir}/samba-4.0/ldb.h +%{_libdir}/libldb.so + +%{_libdir}/pkgconfig/ldb.pc +%{_mandir}/man3/ldb*.gz +%{_mandir}/man3/ldif*.gz + +%files -n ldb-tools +%{_bindir}/ldbadd +%{_bindir}/ldbdel +%{_bindir}/ldbedit +%{_bindir}/ldbmodify +%{_bindir}/ldbrename +%{_bindir}/ldbsearch +%{_libdir}/samba/libldb-cmdline-private-samba.so +%{_mandir}/man1/ldbadd.1.* +%{_mandir}/man1/ldbdel.1.* +%{_mandir}/man1/ldbedit.1.* +%{_mandir}/man1/ldbmodify.1.* +%{_mandir}/man1/ldbrename.1.* +%{_mandir}/man1/ldbsearch.1.* + +%files -n python3-ldb +%{python3_sitearch}/ldb.cpython-*.so +%{_libdir}/samba/libpyldb-util.cpython-*-private-samba.so +%{python3_sitearch}/_ldb_text.py +%{python3_sitearch}/__pycache__/_ldb_text.cpython-*.py* +#endif !with testsuite +%endif + %changelog -* Fri Apr 11 2025 Pavel Filipenský - 4.20.2-2.1 -- resolves: RHEL-85347 - Fix winbind memory leak +## START: Generated by rpmautospec +* Wed Apr 16 2025 Pavel Filipenský - 0:4.21.3-5 +- resolves: RHEL-75587 - Fix deadlock between two smbd processes -* Wed Oct 02 2024 Andreas Schneider - 4.20.2-2 -- resolves: RHEL-59912 - Fix performance issue in notifyd +* Mon Mar 31 2025 Pavel Filipenský - 0:4.21.3-4 +- resolves: RHEL-85348 - Fix winbindd memory leak -* Wed Oct 02 2024 Andreas Schneider - 4.20.2-2 -* resolves: RHEL-59913 - Package cert directories used by samba-gpupdate +* Mon Feb 17 2025 Pavel Filipenský - 0:4.21.3-3 +- resolves: RHEL-78773 - Fix keytab generation + +* Wed Jan 08 2025 Pavel Filipenský - 0:4.21.3-2 +- resolves: RHEL-73073 - Fix vfs_crossrename + +* Wed Jan 08 2025 Pavel Filipenský - 0:4.21.3-1 +- Update to version 4.21.3 +- related: RHEL-59788 + +* Mon Nov 25 2024 Pavel Filipenský - 0:4.21.2-3 +- resolves: RHEL-4216 - Fix libsmbclient for mounting CIFS share from gnome + +* Mon Nov 25 2024 Pavel Filipenský - 0:4.21.2-2 +- resolves: RHEL-68069 - Fix winexe + +* Mon Nov 25 2024 Pavel Filipenský - 0:4.21.2-1 +- Update to version 4.21.2 +- related: RHEL-59788 + +* Tue Oct 22 2024 Pavel Filipenský - 0:4.21.1-4 +- Add Requires: libwbclient + +* Tue Oct 22 2024 Pavel Filipenský - 0:4.21.1-3 +- Fix samba 4.20 -> 4.21 upgrade for the removed python3-samba-devel + +* Tue Oct 15 2024 Pavel Filipenský - 0:4.21.1-2 +- Fix several rpminspect warnings + +* Mon Oct 14 2024 Pavel Filipenský - 0:4.21.1-1 +- Update to version 4.21.1 +- related: RHEL-59788 + +* Thu Oct 03 2024 Pavel Filipenský - 0:4.21.0-5 +- resolves: RHEL-59911 - Fix smbd-notifyd O(n*n) performance issue + +* Thu Oct 03 2024 Pavel Filipenský - 0:4.21.0-4 +- resolves: RHEL-59778- Package certs directories in samba-common for + gpupdate + +* Thu Oct 03 2024 Pavel Filipenský - 0:4.21.0-3 +- resolves: RHEL-2226 - [RFE] update keytab entries when renewing the + machine account password + +* Thu Oct 03 2024 Pavel Filipenský - 0:4.21.0-2 +- related: RHEL-59788 - Build with ceph again for ppc64le + +* Fri Sep 27 2024 Pavel Filipenský - 0:4.21.0-1 +- Update to version 4.21.0 +- resolves: RHEL-59788 * Thu Aug 01 2024 Pavel Filipenský - 4.20.2-2 - resolves: RHEL-47757 - Allow to run samba-bgqd as a standalone systemd service @@ -6367,7 +5814,7 @@ fi - Numerous improvements and bugfixes included - package libsmbsharemodes too - remove smbldap-tools as they are already packaged separately in Fedora -- Fix bug 245506 +- Fix bug 245506 * Tue Oct 2 2007 Simo Sorce 3.0.26a-1.fc8 - rebuild with AD DNS Update support @@ -6769,7 +6216,7 @@ fi bugzilla #121356 * Mon Apr 5 2004 Jay Fenlason 3.0.3-2.pre2 -- New upstream version +- New upstream version - Updated configure line to remove --with-fhs and to explicitly set all the directories that --with-fhs was setting. We were overriding most of them anyway. This closes #118598 @@ -6787,7 +6234,7 @@ fi * Mon Feb 16 2004 Jay Fenlason 3.0.2a-1 - Upgrade to 3.0.2a -* Mon Feb 16 2004 Karsten Hopp 3.0.2-7 +* Mon Feb 16 2004 Karsten Hopp 3.0.2-7 - fix ownership in -common package * Fri Feb 13 2004 Elliot Lee @@ -6923,7 +6370,7 @@ fi * Fri Jul 26 2002 Trond Eivind Glomsrød 2.2.5-7 - Enable VFS support and compile the "recycling" module (#69796) -- more selective includes of the examples dir +- more selective includes of the examples dir * Tue Jul 23 2002 Trond Eivind Glomsrød 2.2.5-6 - Fix the lpq parser for better handling of LPRng systems (#69352) @@ -6944,11 +6391,11 @@ fi - 2.2.5 * Fri Jun 14 2002 Trond Eivind Glomsrød 2.2.4-5 -- Move the post/preun of winbind into the -common subpackage, +- Move the post/preun of winbind into the -common subpackage, where the script is (#66128) * Tue Jun 4 2002 Trond Eivind Glomsrød 2.2.4-4 -- Fix pidfile locations so it runs properly again (2.2.4 +- Fix pidfile locations so it runs properly again (2.2.4 added a new directtive - #65007) * Thu May 23 2002 Tim Powers @@ -6969,7 +6416,7 @@ fi - Add libsmbclient.a w/headerfile for KDE (#62202) * Tue Mar 26 2002 Trond Eivind Glomsrød 2.2.3a-4 -- Make the logrotate script look the correct place for the pid files +- Make the logrotate script look the correct place for the pid files * Thu Mar 14 2002 Nalin Dahyabhai 2.2.3a-3 - include interfaces.o in pam_smbpass.so, which needs symbols from interfaces.o @@ -6992,12 +6439,12 @@ fi * Tue Nov 13 2001 Trond Eivind Glomsrød 2.2.2-6 - Move winbind files to samba-common. Add separate initscript for - winbind + winbind - Fixes for winbind - protect global variables with mutex, use more secure getenv * Thu Nov 8 2001 Trond Eivind Glomsrød 2.2.2-5 -- Teach smbadduser about "getent passwd" +- Teach smbadduser about "getent passwd" - Fix more pid-file references - Add (conditional) winbindd startup to the initscript, configured in /etc/sysconfig/samba @@ -7028,8 +6475,8 @@ fi encrypted passwords off the choice is available. (#31351) * Wed Aug 8 2001 Trond Eivind Glomsrød -- Use /var/cache/samba instead of /var/lock/samba -- Remove "domain controller" keyword from smb.conf, it's +- Use /var/cache/samba instead of /var/lock/samba +- Remove "domain controller" keyword from smb.conf, it's deprecated (from #13704) - Sync some examples with smb.conf.default - Fix password synchronization (#16987) @@ -7069,26 +6516,26 @@ fi * Fri Jun 8 2001 Preston Brown - enable encypted passwords by default -* Thu Jun 7 2001 Helge Deller +* Thu Jun 7 2001 Helge Deller - build as 2.2.0-1 release - skip the documentation-directories docbook, manpages and yodldocs - don't include *.sgml documentation in package - moved codepage-directory to /usr/share/samba/codepages -- make it compile with glibc-2.2.3-10 and kernel-headers-2.4.2-2 +- make it compile with glibc-2.2.3-10 and kernel-headers-2.4.2-2 -* Mon May 21 2001 Helge Deller +* Mon May 21 2001 Helge Deller - updated to samba 2.2.0 - moved codepages to %%{_datadir}/samba/codepages - use all available CPUs for building rpm packages - use %%{_xxx} defines at most places in spec-file - "License:" replaces "Copyright:" - dropped excludearch sparc -- de-activated japanese patches 100 and 200 for now +- de-activated japanese patches 100 and 200 for now (they need to be fixed and tested wth 2.2.0) - separated swat.desktop file from spec-file and added german translations - moved /etc/sysconfig/samba to a separate source-file -- use htmlview instead of direct call to netscape in +- use htmlview instead of direct call to netscape in swat.desktop-file * Mon May 7 2001 Bill Nottingham @@ -7178,7 +6625,7 @@ fi * Sat Jul 15 2000 Bill Nottingham - move initscript back -- remove 'Using Samba' book from %%doc +- remove 'Using Samba' book from %%doc - move stuff to /etc/samba (#13708) - default configuration tweaks (#13704) - some logrotate tweaks @@ -7357,7 +6804,7 @@ fi * Tue Mar 23 1999 Bill Nottingham - logrotate changes -* Sun Mar 21 1999 Cristian Gafton +* Sun Mar 21 1999 Cristian Gafton - auto rebuild in the new build environment (release 3) * Fri Mar 19 1999 Preston Brown @@ -7418,3 +6865,4 @@ fi - Added smbadduser command (missed from all previous RPMs) - Doooh! - Added smbuser file and smb.conf file updates for username map +## END: Generated by rpmautospec