samba: update to 4.13.0

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

config/rootfiles/packages/aarch64/samba

@@ -0,0 +1,820 @@
+etc/rc.d/init.d/samba
+usr/bin/cifsdd
+usr/bin/dbwrap_tool
+usr/bin/findsmb
+usr/bin/gentest
+usr/bin/ldbadd
+usr/bin/ldbdel
+usr/bin/ldbedit
+usr/bin/ldbmodify
+usr/bin/ldbrename
+usr/bin/ldbsearch
+usr/bin/locktest
+usr/bin/masktest
+usr/bin/mdfind
+usr/bin/mvxattr
+usr/bin/ndrdump
+usr/bin/net
+usr/bin/nmblookup
+usr/bin/ntlm_auth
+usr/bin/oLschema2ldif
+usr/bin/pdbedit
+usr/bin/profiles
+usr/bin/regdiff
+usr/bin/regpatch
+usr/bin/regshell
+usr/bin/regtree
+usr/bin/rpcclient
+usr/bin/samba-regedit
+usr/bin/sharesec
+usr/bin/smbcacls
+usr/bin/smbclient
+usr/bin/smbcontrol
+usr/bin/smbcquotas
+usr/bin/smbget
+usr/bin/smbpasswd
+usr/bin/smbspool
+usr/bin/smbstatus
+usr/bin/smbtar
+usr/bin/smbtorture
+usr/bin/smbtree
+usr/bin/tdbbackup
+usr/bin/tdbdump
+usr/bin/tdbrestore
+usr/bin/tdbtool
+usr/bin/testparm
+usr/bin/wbinfo
+#usr/include/samba-4.0
+#usr/include/samba-4.0/charset.h
+#usr/include/samba-4.0/core
+#usr/include/samba-4.0/core/doserr.h
+#usr/include/samba-4.0/core/error.h
+#usr/include/samba-4.0/core/hresult.h
+#usr/include/samba-4.0/core/ntstatus.h
+#usr/include/samba-4.0/core/ntstatus_gen.h
+#usr/include/samba-4.0/core/werror.h
+#usr/include/samba-4.0/core/werror_gen.h
+#usr/include/samba-4.0/credentials.h
+#usr/include/samba-4.0/dcerpc.h
+#usr/include/samba-4.0/dcesrv_core.h
+#usr/include/samba-4.0/domain_credentials.h
+#usr/include/samba-4.0/gen_ndr
+#usr/include/samba-4.0/gen_ndr/atsvc.h
+#usr/include/samba-4.0/gen_ndr/auth.h
+#usr/include/samba-4.0/gen_ndr/dcerpc.h
+#usr/include/samba-4.0/gen_ndr/drsblobs.h
+#usr/include/samba-4.0/gen_ndr/drsuapi.h
+#usr/include/samba-4.0/gen_ndr/krb5pac.h
+#usr/include/samba-4.0/gen_ndr/lsa.h
+#usr/include/samba-4.0/gen_ndr/misc.h
+#usr/include/samba-4.0/gen_ndr/nbt.h
+#usr/include/samba-4.0/gen_ndr/ndr_atsvc.h
+#usr/include/samba-4.0/gen_ndr/ndr_dcerpc.h
+#usr/include/samba-4.0/gen_ndr/ndr_drsblobs.h
+#usr/include/samba-4.0/gen_ndr/ndr_drsuapi.h
+#usr/include/samba-4.0/gen_ndr/ndr_krb5pac.h
+#usr/include/samba-4.0/gen_ndr/ndr_misc.h
+#usr/include/samba-4.0/gen_ndr/ndr_nbt.h
+#usr/include/samba-4.0/gen_ndr/ndr_samr.h
+#usr/include/samba-4.0/gen_ndr/ndr_samr_c.h
+#usr/include/samba-4.0/gen_ndr/ndr_svcctl.h
+#usr/include/samba-4.0/gen_ndr/ndr_svcctl_c.h
+#usr/include/samba-4.0/gen_ndr/netlogon.h
+#usr/include/samba-4.0/gen_ndr/samr.h
+#usr/include/samba-4.0/gen_ndr/security.h
+#usr/include/samba-4.0/gen_ndr/server_id.h
+#usr/include/samba-4.0/gen_ndr/svcctl.h
+#usr/include/samba-4.0/ldb_wrap.h
+#usr/include/samba-4.0/libsmbclient.h
+#usr/include/samba-4.0/lookup_sid.h
+#usr/include/samba-4.0/machine_sid.h
+#usr/include/samba-4.0/ndr
+#usr/include/samba-4.0/ndr.h
+#usr/include/samba-4.0/ndr/ndr_dcerpc.h
+#usr/include/samba-4.0/ndr/ndr_drsblobs.h
+#usr/include/samba-4.0/ndr/ndr_drsuapi.h
+#usr/include/samba-4.0/ndr/ndr_krb5pac.h
+#usr/include/samba-4.0/ndr/ndr_nbt.h
+#usr/include/samba-4.0/ndr/ndr_svcctl.h
+#usr/include/samba-4.0/netapi.h
+#usr/include/samba-4.0/param.h
+#usr/include/samba-4.0/passdb.h
+#usr/include/samba-4.0/policy.h
+#usr/include/samba-4.0/rpc_common.h
+#usr/include/samba-4.0/samba
+#usr/include/samba-4.0/samba/session.h
+#usr/include/samba-4.0/samba/version.h
+#usr/include/samba-4.0/share.h
+#usr/include/samba-4.0/smb2_lease_struct.h
+#usr/include/samba-4.0/smb_ldap.h
+#usr/include/samba-4.0/smbconf.h
+#usr/include/samba-4.0/smbldap.h
+#usr/include/samba-4.0/tdr.h
+#usr/include/samba-4.0/tsocket.h
+#usr/include/samba-4.0/tsocket_internal.h
+#usr/include/samba-4.0/util
+#usr/include/samba-4.0/util/attr.h
+#usr/include/samba-4.0/util/blocking.h
+#usr/include/samba-4.0/util/data_blob.h
+#usr/include/samba-4.0/util/debug.h
+#usr/include/samba-4.0/util/discard.h
+#usr/include/samba-4.0/util/fault.h
+#usr/include/samba-4.0/util/genrand.h
+#usr/include/samba-4.0/util/idtree.h
+#usr/include/samba-4.0/util/idtree_random.h
+#usr/include/samba-4.0/util/signal.h
+#usr/include/samba-4.0/util/string_wrappers.h
+#usr/include/samba-4.0/util/substitute.h
+#usr/include/samba-4.0/util/tevent_ntstatus.h
+#usr/include/samba-4.0/util/tevent_unix.h
+#usr/include/samba-4.0/util/tevent_werror.h
+#usr/include/samba-4.0/util/tfork.h
+#usr/include/samba-4.0/util/time.h
+#usr/include/samba-4.0/util_ldb.h
+#usr/include/samba-4.0/wbclient.h
+usr/lib/libdcerpc-binding.so
+usr/lib/libdcerpc-binding.so.0
+usr/lib/libdcerpc-binding.so.0.0.1
+usr/lib/libdcerpc-samr.so
+usr/lib/libdcerpc-samr.so.0
+usr/lib/libdcerpc-samr.so.0.0.1
+usr/lib/libdcerpc-server-core.so
+usr/lib/libdcerpc-server-core.so.0
+usr/lib/libdcerpc-server-core.so.0.0.1
+usr/lib/libdcerpc.so
+usr/lib/libdcerpc.so.0
+usr/lib/libdcerpc.so.0.0.1
+usr/lib/libndr-krb5pac.so
+usr/lib/libndr-krb5pac.so.0
+usr/lib/libndr-krb5pac.so.0.0.1
+usr/lib/libndr-nbt.so
+usr/lib/libndr-nbt.so.0
+usr/lib/libndr-nbt.so.0.0.1
+usr/lib/libndr-standard.so
+usr/lib/libndr-standard.so.0
+usr/lib/libndr-standard.so.0.0.1
+usr/lib/libndr.so
+usr/lib/libndr.so.1
+usr/lib/libndr.so.1.0.0
+usr/lib/libnetapi.so
+usr/lib/libnetapi.so.0
+usr/lib/libnss_winbind.so
+usr/lib/libnss_winbind.so.2
+usr/lib/libnss_wins.so
+usr/lib/libnss_wins.so.2
+usr/lib/libsamba-credentials.so
+usr/lib/libsamba-credentials.so.0
+usr/lib/libsamba-credentials.so.0.0.1
+usr/lib/libsamba-errors.so
+usr/lib/libsamba-errors.so.1
+usr/lib/libsamba-hostconfig.so
+usr/lib/libsamba-hostconfig.so.0
+usr/lib/libsamba-hostconfig.so.0.0.1
+usr/lib/libsamba-passdb.so
+usr/lib/libsamba-passdb.so.0
+usr/lib/libsamba-passdb.so.0.28.0
+usr/lib/libsamba-policy.cpython-38-aarch64-linux-gnu.so
+usr/lib/libsamba-policy.cpython-38-aarch64-linux-gnu.so.0
+usr/lib/libsamba-policy.cpython-38-aarch64-linux-gnu.so.0.0.1
+usr/lib/libsamba-util.so
+usr/lib/libsamba-util.so.0
+usr/lib/libsamba-util.so.0.0.1
+usr/lib/libsamdb.so
+usr/lib/libsamdb.so.0
+usr/lib/libsamdb.so.0.0.1
+usr/lib/libsmbclient.so
+usr/lib/libsmbclient.so.0
+usr/lib/libsmbclient.so.0.6.0
+usr/lib/libsmbconf.so
+usr/lib/libsmbconf.so.0
+usr/lib/libsmbldap.so
+usr/lib/libsmbldap.so.2
+usr/lib/libtevent-util.so
+usr/lib/libtevent-util.so.0
+usr/lib/libtevent-util.so.0.0.1
+usr/lib/libwbclient.so
+usr/lib/libwbclient.so.0
+usr/lib/libwbclient.so.0.15
+#usr/lib/pkgconfig/dcerpc.pc
+#usr/lib/pkgconfig/dcerpc_samr.pc
+#usr/lib/pkgconfig/ndr.pc
+#usr/lib/pkgconfig/ndr_krb5pac.pc
+#usr/lib/pkgconfig/ndr_nbt.pc
+#usr/lib/pkgconfig/ndr_standard.pc
+#usr/lib/pkgconfig/netapi.pc
+#usr/lib/pkgconfig/samba-credentials.pc
+#usr/lib/pkgconfig/samba-hostconfig.pc
+#usr/lib/pkgconfig/samba-policy.cpython-38-aarch64-linux-gnu.pc
+#usr/lib/pkgconfig/samba-util.pc
+#usr/lib/pkgconfig/samdb.pc
+#usr/lib/pkgconfig/smbclient.pc
+#usr/lib/pkgconfig/wbclient.pc
+usr/lib/python3.8/site-packages/_ldb_text.py
+usr/lib/python3.8/site-packages/_tdb_text.py
+usr/lib/python3.8/site-packages/_tevent.cpython-38-aarch64-linux-gnu.so
+usr/lib/python3.8/site-packages/ldb.cpython-38-aarch64-linux-gnu.so
+#usr/lib/python3.8/site-packages/samba
+usr/lib/python3.8/site-packages/samba/__init__.py
+usr/lib/python3.8/site-packages/samba/_glue.cpython-38-aarch64-linux-gnu.so
+usr/lib/python3.8/site-packages/samba/_ldb.cpython-38-aarch64-linux-gnu.so
+usr/lib/python3.8/site-packages/samba/auth.cpython-38-aarch64-linux-gnu.so
+usr/lib/python3.8/site-packages/samba/auth_util.py
+usr/lib/python3.8/site-packages/samba/colour.py
+usr/lib/python3.8/site-packages/samba/common.py
+usr/lib/python3.8/site-packages/samba/compat.py
+usr/lib/python3.8/site-packages/samba/credentials.cpython-38-aarch64-linux-gnu.so
+usr/lib/python3.8/site-packages/samba/crypto.cpython-38-aarch64-linux-gnu.so
+usr/lib/python3.8/site-packages/samba/dbchecker.py
+#usr/lib/python3.8/site-packages/samba/dcerpc
+usr/lib/python3.8/site-packages/samba/dcerpc/__init__.py
+usr/lib/python3.8/site-packages/samba/dcerpc/atsvc.cpython-38-aarch64-linux-gnu.so
+usr/lib/python3.8/site-packages/samba/dcerpc/auth.cpython-38-aarch64-linux-gnu.so
+usr/lib/python3.8/site-packages/samba/dcerpc/base.cpython-38-aarch64-linux-gnu.so
+usr/lib/python3.8/site-packages/samba/dcerpc/dcerpc.cpython-38-aarch64-linux-gnu.so
+usr/lib/python3.8/site-packages/samba/dcerpc/dfs.cpython-38-aarch64-linux-gnu.so
+usr/lib/python3.8/site-packages/samba/dcerpc/dns.cpython-38-aarch64-linux-gnu.so
+usr/lib/python3.8/site-packages/samba/dcerpc/dnsp.cpython-38-aarch64-linux-gnu.so
+usr/lib/python3.8/site-packages/samba/dcerpc/dnsserver.cpython-38-aarch64-linux-gnu.so
+usr/lib/python3.8/site-packages/samba/dcerpc/drsblobs.cpython-38-aarch64-linux-gnu.so
+usr/lib/python3.8/site-packages/samba/dcerpc/drsuapi.cpython-38-aarch64-linux-gnu.so
+usr/lib/python3.8/site-packages/samba/dcerpc/echo.cpython-38-aarch64-linux-gnu.so
+usr/lib/python3.8/site-packages/samba/dcerpc/epmapper.cpython-38-aarch64-linux-gnu.so
+usr/lib/python3.8/site-packages/samba/dcerpc/idmap.cpython-38-aarch64-linux-gnu.so
+usr/lib/python3.8/site-packages/samba/dcerpc/initshutdown.cpython-38-aarch64-linux-gnu.so
+usr/lib/python3.8/site-packages/samba/dcerpc/irpc.cpython-38-aarch64-linux-gnu.so
+usr/lib/python3.8/site-packages/samba/dcerpc/krb5pac.cpython-38-aarch64-linux-gnu.so
+usr/lib/python3.8/site-packages/samba/dcerpc/lsa.cpython-38-aarch64-linux-gnu.so
+usr/lib/python3.8/site-packages/samba/dcerpc/mdssvc.cpython-38-aarch64-linux-gnu.so
+usr/lib/python3.8/site-packages/samba/dcerpc/messaging.cpython-38-aarch64-linux-gnu.so
+usr/lib/python3.8/site-packages/samba/dcerpc/mgmt.cpython-38-aarch64-linux-gnu.so
+usr/lib/python3.8/site-packages/samba/dcerpc/misc.cpython-38-aarch64-linux-gnu.so
+usr/lib/python3.8/site-packages/samba/dcerpc/nbt.cpython-38-aarch64-linux-gnu.so
+usr/lib/python3.8/site-packages/samba/dcerpc/netlogon.cpython-38-aarch64-linux-gnu.so
+usr/lib/python3.8/site-packages/samba/dcerpc/ntlmssp.cpython-38-aarch64-linux-gnu.so
+usr/lib/python3.8/site-packages/samba/dcerpc/preg.cpython-38-aarch64-linux-gnu.so
+usr/lib/python3.8/site-packages/samba/dcerpc/samr.cpython-38-aarch64-linux-gnu.so
+usr/lib/python3.8/site-packages/samba/dcerpc/security.cpython-38-aarch64-linux-gnu.so
+usr/lib/python3.8/site-packages/samba/dcerpc/server_id.cpython-38-aarch64-linux-gnu.so
+usr/lib/python3.8/site-packages/samba/dcerpc/smb_acl.cpython-38-aarch64-linux-gnu.so
+usr/lib/python3.8/site-packages/samba/dcerpc/spoolss.cpython-38-aarch64-linux-gnu.so
+usr/lib/python3.8/site-packages/samba/dcerpc/srvsvc.cpython-38-aarch64-linux-gnu.so
+usr/lib/python3.8/site-packages/samba/dcerpc/svcctl.cpython-38-aarch64-linux-gnu.so
+usr/lib/python3.8/site-packages/samba/dcerpc/unixinfo.cpython-38-aarch64-linux-gnu.so
+usr/lib/python3.8/site-packages/samba/dcerpc/winbind.cpython-38-aarch64-linux-gnu.so
+usr/lib/python3.8/site-packages/samba/dcerpc/windows_event_ids.cpython-38-aarch64-linux-gnu.so
+usr/lib/python3.8/site-packages/samba/dcerpc/winreg.cpython-38-aarch64-linux-gnu.so
+usr/lib/python3.8/site-packages/samba/dcerpc/winspool.cpython-38-aarch64-linux-gnu.so
+usr/lib/python3.8/site-packages/samba/dcerpc/witness.cpython-38-aarch64-linux-gnu.so
+usr/lib/python3.8/site-packages/samba/dcerpc/wkssvc.cpython-38-aarch64-linux-gnu.so
+usr/lib/python3.8/site-packages/samba/dcerpc/xattr.cpython-38-aarch64-linux-gnu.so
+usr/lib/python3.8/site-packages/samba/descriptor.py
+usr/lib/python3.8/site-packages/samba/dnsserver.py
+usr/lib/python3.8/site-packages/samba/domain_update.py
+usr/lib/python3.8/site-packages/samba/drs_utils.py
+#usr/lib/python3.8/site-packages/samba/emulate
+usr/lib/python3.8/site-packages/samba/emulate/__init__.py
+usr/lib/python3.8/site-packages/samba/emulate/traffic.py
+usr/lib/python3.8/site-packages/samba/emulate/traffic_packets.py
+usr/lib/python3.8/site-packages/samba/forest_update.py
+usr/lib/python3.8/site-packages/samba/gensec.cpython-38-aarch64-linux-gnu.so
+usr/lib/python3.8/site-packages/samba/getopt.py
+usr/lib/python3.8/site-packages/samba/gp_ext_loader.py
+#usr/lib/python3.8/site-packages/samba/gp_parse
+usr/lib/python3.8/site-packages/samba/gp_parse/__init__.py
+usr/lib/python3.8/site-packages/samba/gp_parse/gp_aas.py
+usr/lib/python3.8/site-packages/samba/gp_parse/gp_csv.py
+usr/lib/python3.8/site-packages/samba/gp_parse/gp_inf.py
+usr/lib/python3.8/site-packages/samba/gp_parse/gp_ini.py
+usr/lib/python3.8/site-packages/samba/gp_parse/gp_pol.py
+usr/lib/python3.8/site-packages/samba/gp_scripts_ext.py
+usr/lib/python3.8/site-packages/samba/gp_sec_ext.py
+usr/lib/python3.8/site-packages/samba/gpclass.py
+usr/lib/python3.8/site-packages/samba/gpo.cpython-38-aarch64-linux-gnu.so
+usr/lib/python3.8/site-packages/samba/graph.py
+usr/lib/python3.8/site-packages/samba/hostconfig.py
+usr/lib/python3.8/site-packages/samba/idmap.py
+usr/lib/python3.8/site-packages/samba/join.py
+#usr/lib/python3.8/site-packages/samba/kcc
+usr/lib/python3.8/site-packages/samba/kcc/__init__.py
+usr/lib/python3.8/site-packages/samba/kcc/debug.py
+usr/lib/python3.8/site-packages/samba/kcc/graph.py
+usr/lib/python3.8/site-packages/samba/kcc/graph_utils.py
+usr/lib/python3.8/site-packages/samba/kcc/kcc_utils.py
+usr/lib/python3.8/site-packages/samba/kcc/ldif_import_export.py
+usr/lib/python3.8/site-packages/samba/logger.py
+usr/lib/python3.8/site-packages/samba/mdb_util.py
+usr/lib/python3.8/site-packages/samba/messaging.cpython-38-aarch64-linux-gnu.so
+usr/lib/python3.8/site-packages/samba/ms_display_specifiers.py
+usr/lib/python3.8/site-packages/samba/ms_forest_updates_markdown.py
+usr/lib/python3.8/site-packages/samba/ms_schema.py
+usr/lib/python3.8/site-packages/samba/ms_schema_markdown.py
+usr/lib/python3.8/site-packages/samba/ndr.py
+usr/lib/python3.8/site-packages/samba/net.cpython-38-aarch64-linux-gnu.so
+usr/lib/python3.8/site-packages/samba/netbios.cpython-38-aarch64-linux-gnu.so
+#usr/lib/python3.8/site-packages/samba/netcmd
+usr/lib/python3.8/site-packages/samba/netcmd/__init__.py
+usr/lib/python3.8/site-packages/samba/netcmd/common.py
+usr/lib/python3.8/site-packages/samba/netcmd/computer.py
+usr/lib/python3.8/site-packages/samba/netcmd/contact.py
+usr/lib/python3.8/site-packages/samba/netcmd/dbcheck.py
+usr/lib/python3.8/site-packages/samba/netcmd/delegation.py
+usr/lib/python3.8/site-packages/samba/netcmd/dns.py
+usr/lib/python3.8/site-packages/samba/netcmd/domain.py
+usr/lib/python3.8/site-packages/samba/netcmd/domain_backup.py
+usr/lib/python3.8/site-packages/samba/netcmd/drs.py
+usr/lib/python3.8/site-packages/samba/netcmd/dsacl.py
+usr/lib/python3.8/site-packages/samba/netcmd/forest.py
+usr/lib/python3.8/site-packages/samba/netcmd/fsmo.py
+usr/lib/python3.8/site-packages/samba/netcmd/gpo.py
+usr/lib/python3.8/site-packages/samba/netcmd/group.py
+usr/lib/python3.8/site-packages/samba/netcmd/ldapcmp.py
+usr/lib/python3.8/site-packages/samba/netcmd/main.py
+usr/lib/python3.8/site-packages/samba/netcmd/nettime.py
+usr/lib/python3.8/site-packages/samba/netcmd/ntacl.py
+usr/lib/python3.8/site-packages/samba/netcmd/ou.py
+usr/lib/python3.8/site-packages/samba/netcmd/processes.py
+usr/lib/python3.8/site-packages/samba/netcmd/pso.py
+usr/lib/python3.8/site-packages/samba/netcmd/rodc.py
+usr/lib/python3.8/site-packages/samba/netcmd/schema.py
+usr/lib/python3.8/site-packages/samba/netcmd/sites.py
+usr/lib/python3.8/site-packages/samba/netcmd/spn.py
+usr/lib/python3.8/site-packages/samba/netcmd/testparm.py
+usr/lib/python3.8/site-packages/samba/netcmd/user.py
+usr/lib/python3.8/site-packages/samba/netcmd/visualize.py
+usr/lib/python3.8/site-packages/samba/ntacls.py
+usr/lib/python3.8/site-packages/samba/ntstatus.cpython-38-aarch64-linux-gnu.so
+usr/lib/python3.8/site-packages/samba/param.cpython-38-aarch64-linux-gnu.so
+usr/lib/python3.8/site-packages/samba/policy.cpython-38-aarch64-linux-gnu.so
+usr/lib/python3.8/site-packages/samba/posix_eadb.cpython-38-aarch64-linux-gnu.so
+#usr/lib/python3.8/site-packages/samba/provision
+usr/lib/python3.8/site-packages/samba/provision/__init__.py
+usr/lib/python3.8/site-packages/samba/provision/backend.py
+usr/lib/python3.8/site-packages/samba/provision/common.py
+usr/lib/python3.8/site-packages/samba/provision/kerberos.py
+usr/lib/python3.8/site-packages/samba/provision/kerberos_implementation.py
+usr/lib/python3.8/site-packages/samba/provision/sambadns.py
+usr/lib/python3.8/site-packages/samba/registry.cpython-38-aarch64-linux-gnu.so
+usr/lib/python3.8/site-packages/samba/remove_dc.py
+#usr/lib/python3.8/site-packages/samba/samba3
+usr/lib/python3.8/site-packages/samba/samba3/__init__.py
+usr/lib/python3.8/site-packages/samba/samba3/libsmb_samba_internal.cpython-38-aarch64-linux-gnu.so
+usr/lib/python3.8/site-packages/samba/samba3/mdscli.cpython-38-aarch64-linux-gnu.so
+usr/lib/python3.8/site-packages/samba/samba3/param.cpython-38-aarch64-linux-gnu.so
+usr/lib/python3.8/site-packages/samba/samba3/passdb.cpython-38-aarch64-linux-gnu.so
+usr/lib/python3.8/site-packages/samba/samba3/smbd.cpython-38-aarch64-linux-gnu.so
+usr/lib/python3.8/site-packages/samba/samdb.py
+usr/lib/python3.8/site-packages/samba/schema.py
+usr/lib/python3.8/site-packages/samba/sd_utils.py
+usr/lib/python3.8/site-packages/samba/security.cpython-38-aarch64-linux-gnu.so
+usr/lib/python3.8/site-packages/samba/sites.py
+usr/lib/python3.8/site-packages/samba/subnets.py
+#usr/lib/python3.8/site-packages/samba/subunit
+usr/lib/python3.8/site-packages/samba/subunit/__init__.py
+usr/lib/python3.8/site-packages/samba/subunit/run.py
+usr/lib/python3.8/site-packages/samba/tdb_util.py
+#usr/lib/python3.8/site-packages/samba/tests
+#usr/lib/python3.8/site-packages/samba/tests/__init__.py
+#usr/lib/python3.8/site-packages/samba/tests/audit_log_base.py
+#usr/lib/python3.8/site-packages/samba/tests/audit_log_dsdb.py
+#usr/lib/python3.8/site-packages/samba/tests/audit_log_pass_change.py
+#usr/lib/python3.8/site-packages/samba/tests/auth.py
+#usr/lib/python3.8/site-packages/samba/tests/auth_log.py
+#usr/lib/python3.8/site-packages/samba/tests/auth_log_base.py
+#usr/lib/python3.8/site-packages/samba/tests/auth_log_ncalrpc.py
+#usr/lib/python3.8/site-packages/samba/tests/auth_log_netlogon.py
+#usr/lib/python3.8/site-packages/samba/tests/auth_log_netlogon_bad_creds.py
+#usr/lib/python3.8/site-packages/samba/tests/auth_log_pass_change.py
+#usr/lib/python3.8/site-packages/samba/tests/auth_log_samlogon.py
+#usr/lib/python3.8/site-packages/samba/tests/auth_log_winbind.py
+#usr/lib/python3.8/site-packages/samba/tests/blackbox
+#usr/lib/python3.8/site-packages/samba/tests/blackbox/__init__.py
+#usr/lib/python3.8/site-packages/samba/tests/blackbox/bug13653.py
+#usr/lib/python3.8/site-packages/samba/tests/blackbox/check_output.py
+#usr/lib/python3.8/site-packages/samba/tests/blackbox/downgradedatabase.py
+#usr/lib/python3.8/site-packages/samba/tests/blackbox/mdfind.py
+#usr/lib/python3.8/site-packages/samba/tests/blackbox/ndrdump.py
+#usr/lib/python3.8/site-packages/samba/tests/blackbox/netads_json.py
+#usr/lib/python3.8/site-packages/samba/tests/blackbox/samba_dnsupdate.py
+#usr/lib/python3.8/site-packages/samba/tests/blackbox/smbcacls.py
+#usr/lib/python3.8/site-packages/samba/tests/blackbox/smbcacls_basic.py
+#usr/lib/python3.8/site-packages/samba/tests/blackbox/smbcontrol.py
+#usr/lib/python3.8/site-packages/samba/tests/blackbox/smbcontrol_process.py
+#usr/lib/python3.8/site-packages/samba/tests/blackbox/traffic_learner.py
+#usr/lib/python3.8/site-packages/samba/tests/blackbox/traffic_replay.py
+#usr/lib/python3.8/site-packages/samba/tests/blackbox/traffic_summary.py
+#usr/lib/python3.8/site-packages/samba/tests/common.py
+#usr/lib/python3.8/site-packages/samba/tests/complex_expressions.py
+#usr/lib/python3.8/site-packages/samba/tests/core.py
+#usr/lib/python3.8/site-packages/samba/tests/credentials.py
+#usr/lib/python3.8/site-packages/samba/tests/dcerpc
+#usr/lib/python3.8/site-packages/samba/tests/dcerpc/__init__.py
+#usr/lib/python3.8/site-packages/samba/tests/dcerpc/array.py
+#usr/lib/python3.8/site-packages/samba/tests/dcerpc/bare.py
+#usr/lib/python3.8/site-packages/samba/tests/dcerpc/dnsserver.py
+#usr/lib/python3.8/site-packages/samba/tests/dcerpc/integer.py
+#usr/lib/python3.8/site-packages/samba/tests/dcerpc/mdssvc.py
+#usr/lib/python3.8/site-packages/samba/tests/dcerpc/misc.py
+#usr/lib/python3.8/site-packages/samba/tests/dcerpc/raw_protocol.py
+#usr/lib/python3.8/site-packages/samba/tests/dcerpc/raw_testcase.py
+#usr/lib/python3.8/site-packages/samba/tests/dcerpc/registry.py
+#usr/lib/python3.8/site-packages/samba/tests/dcerpc/rpc_talloc.py
+#usr/lib/python3.8/site-packages/samba/tests/dcerpc/rpcecho.py
+#usr/lib/python3.8/site-packages/samba/tests/dcerpc/sam.py
+#usr/lib/python3.8/site-packages/samba/tests/dcerpc/srvsvc.py
+#usr/lib/python3.8/site-packages/samba/tests/dcerpc/string_tests.py
+#usr/lib/python3.8/site-packages/samba/tests/dcerpc/testrpc.py
+#usr/lib/python3.8/site-packages/samba/tests/dcerpc/unix.py
+#usr/lib/python3.8/site-packages/samba/tests/dckeytab.py
+#usr/lib/python3.8/site-packages/samba/tests/dns.py
+#usr/lib/python3.8/site-packages/samba/tests/dns_base.py
+#usr/lib/python3.8/site-packages/samba/tests/dns_forwarder.py
+#usr/lib/python3.8/site-packages/samba/tests/dns_forwarder_helpers
+#usr/lib/python3.8/site-packages/samba/tests/dns_forwarder_helpers/server.py
+#usr/lib/python3.8/site-packages/samba/tests/dns_invalid.py
+#usr/lib/python3.8/site-packages/samba/tests/dns_packet.py
+#usr/lib/python3.8/site-packages/samba/tests/dns_tkey.py
+#usr/lib/python3.8/site-packages/samba/tests/dns_wildcard.py
+#usr/lib/python3.8/site-packages/samba/tests/docs.py
+#usr/lib/python3.8/site-packages/samba/tests/domain_backup.py
+#usr/lib/python3.8/site-packages/samba/tests/domain_backup_offline.py
+#usr/lib/python3.8/site-packages/samba/tests/dsdb.py
+#usr/lib/python3.8/site-packages/samba/tests/dsdb_lock.py
+#usr/lib/python3.8/site-packages/samba/tests/dsdb_schema_attributes.py
+#usr/lib/python3.8/site-packages/samba/tests/emulate
+#usr/lib/python3.8/site-packages/samba/tests/emulate/__init__.py
+#usr/lib/python3.8/site-packages/samba/tests/emulate/traffic.py
+#usr/lib/python3.8/site-packages/samba/tests/emulate/traffic_packet.py
+#usr/lib/python3.8/site-packages/samba/tests/encrypted_secrets.py
+#usr/lib/python3.8/site-packages/samba/tests/gensec.py
+#usr/lib/python3.8/site-packages/samba/tests/get_opt.py
+#usr/lib/python3.8/site-packages/samba/tests/getdcname.py
+#usr/lib/python3.8/site-packages/samba/tests/glue.py
+#usr/lib/python3.8/site-packages/samba/tests/gpo.py
+#usr/lib/python3.8/site-packages/samba/tests/graph.py
+#usr/lib/python3.8/site-packages/samba/tests/group_audit.py
+#usr/lib/python3.8/site-packages/samba/tests/hostconfig.py
+#usr/lib/python3.8/site-packages/samba/tests/join.py
+#usr/lib/python3.8/site-packages/samba/tests/kcc
+#usr/lib/python3.8/site-packages/samba/tests/kcc/__init__.py
+#usr/lib/python3.8/site-packages/samba/tests/kcc/graph.py
+#usr/lib/python3.8/site-packages/samba/tests/kcc/graph_utils.py
+#usr/lib/python3.8/site-packages/samba/tests/kcc/kcc_utils.py
+#usr/lib/python3.8/site-packages/samba/tests/kcc/ldif_import_export.py
+#usr/lib/python3.8/site-packages/samba/tests/krb5
+#usr/lib/python3.8/site-packages/samba/tests/krb5/kcrypto.py
+#usr/lib/python3.8/site-packages/samba/tests/krb5/raw_testcase.py
+#usr/lib/python3.8/site-packages/samba/tests/krb5/rfc4120_pyasn1.py
+#usr/lib/python3.8/site-packages/samba/tests/krb5/s4u_tests.py
+#usr/lib/python3.8/site-packages/samba/tests/krb5/simple_tests.py
+#usr/lib/python3.8/site-packages/samba/tests/krb5/xrealm_tests.py
+#usr/lib/python3.8/site-packages/samba/tests/krb5_credentials.py
+#usr/lib/python3.8/site-packages/samba/tests/ldap_raw.py
+#usr/lib/python3.8/site-packages/samba/tests/ldap_referrals.py
+#usr/lib/python3.8/site-packages/samba/tests/libsmb.py
+#usr/lib/python3.8/site-packages/samba/tests/loadparm.py
+#usr/lib/python3.8/site-packages/samba/tests/lsa_string.py
+#usr/lib/python3.8/site-packages/samba/tests/messaging.py
+#usr/lib/python3.8/site-packages/samba/tests/net_join.py
+#usr/lib/python3.8/site-packages/samba/tests/net_join_no_spnego.py
+#usr/lib/python3.8/site-packages/samba/tests/netbios.py
+#usr/lib/python3.8/site-packages/samba/tests/netcmd.py
+#usr/lib/python3.8/site-packages/samba/tests/netlogonsvc.py
+#usr/lib/python3.8/site-packages/samba/tests/ntacls.py
+#usr/lib/python3.8/site-packages/samba/tests/ntacls_backup.py
+#usr/lib/python3.8/site-packages/samba/tests/ntlm_auth.py
+#usr/lib/python3.8/site-packages/samba/tests/ntlm_auth_base.py
+#usr/lib/python3.8/site-packages/samba/tests/ntlm_auth_krb5.py
+#usr/lib/python3.8/site-packages/samba/tests/ntlmdisabled.py
+#usr/lib/python3.8/site-packages/samba/tests/pam_winbind.py
+#usr/lib/python3.8/site-packages/samba/tests/pam_winbind_chauthtok.py
+#usr/lib/python3.8/site-packages/samba/tests/pam_winbind_warn_pwd_expire.py
+#usr/lib/python3.8/site-packages/samba/tests/param.py
+#usr/lib/python3.8/site-packages/samba/tests/password_hash.py
+#usr/lib/python3.8/site-packages/samba/tests/password_hash_fl2003.py
+#usr/lib/python3.8/site-packages/samba/tests/password_hash_fl2008.py
+#usr/lib/python3.8/site-packages/samba/tests/password_hash_gpgme.py
+#usr/lib/python3.8/site-packages/samba/tests/password_hash_ldap.py
+#usr/lib/python3.8/site-packages/samba/tests/password_quality.py
+#usr/lib/python3.8/site-packages/samba/tests/password_test.py
+#usr/lib/python3.8/site-packages/samba/tests/policy.py
+#usr/lib/python3.8/site-packages/samba/tests/posixacl.py
+#usr/lib/python3.8/site-packages/samba/tests/prefork_restart.py
+#usr/lib/python3.8/site-packages/samba/tests/process_limits.py
+#usr/lib/python3.8/site-packages/samba/tests/provision.py
+#usr/lib/python3.8/site-packages/samba/tests/pso.py
+#usr/lib/python3.8/site-packages/samba/tests/py_credentials.py
+#usr/lib/python3.8/site-packages/samba/tests/registry.py
+#usr/lib/python3.8/site-packages/samba/tests/s3idmapdb.py
+#usr/lib/python3.8/site-packages/samba/tests/s3param.py
+#usr/lib/python3.8/site-packages/samba/tests/s3passdb.py
+#usr/lib/python3.8/site-packages/samba/tests/s3registry.py
+#usr/lib/python3.8/site-packages/samba/tests/s3windb.py
+#usr/lib/python3.8/site-packages/samba/tests/samba3sam.py
+#usr/lib/python3.8/site-packages/samba/tests/samba_tool
+#usr/lib/python3.8/site-packages/samba/tests/samba_tool/__init__.py
+#usr/lib/python3.8/site-packages/samba/tests/samba_tool/base.py
+#usr/lib/python3.8/site-packages/samba/tests/samba_tool/computer.py
+#usr/lib/python3.8/site-packages/samba/tests/samba_tool/contact.py
+#usr/lib/python3.8/site-packages/samba/tests/samba_tool/demote.py
+#usr/lib/python3.8/site-packages/samba/tests/samba_tool/dnscmd.py
+#usr/lib/python3.8/site-packages/samba/tests/samba_tool/drs_clone_dc_data_lmdb_size.py
+#usr/lib/python3.8/site-packages/samba/tests/samba_tool/dsacl.py
+#usr/lib/python3.8/site-packages/samba/tests/samba_tool/forest.py
+#usr/lib/python3.8/site-packages/samba/tests/samba_tool/fsmo.py
+#usr/lib/python3.8/site-packages/samba/tests/samba_tool/gpo.py
+#usr/lib/python3.8/site-packages/samba/tests/samba_tool/group.py
+#usr/lib/python3.8/site-packages/samba/tests/samba_tool/help.py
+#usr/lib/python3.8/site-packages/samba/tests/samba_tool/join.py
+#usr/lib/python3.8/site-packages/samba/tests/samba_tool/join_lmdb_size.py
+#usr/lib/python3.8/site-packages/samba/tests/samba_tool/ntacl.py
+#usr/lib/python3.8/site-packages/samba/tests/samba_tool/ou.py
+#usr/lib/python3.8/site-packages/samba/tests/samba_tool/passwordsettings.py
+#usr/lib/python3.8/site-packages/samba/tests/samba_tool/processes.py
+#usr/lib/python3.8/site-packages/samba/tests/samba_tool/promote_dc_lmdb_size.py
+#usr/lib/python3.8/site-packages/samba/tests/samba_tool/provision_lmdb_size.py
+#usr/lib/python3.8/site-packages/samba/tests/samba_tool/provision_password_check.py
+#usr/lib/python3.8/site-packages/samba/tests/samba_tool/rodc.py
+#usr/lib/python3.8/site-packages/samba/tests/samba_tool/schema.py
+#usr/lib/python3.8/site-packages/samba/tests/samba_tool/sites.py
+#usr/lib/python3.8/site-packages/samba/tests/samba_tool/timecmd.py
+#usr/lib/python3.8/site-packages/samba/tests/samba_tool/user.py
+#usr/lib/python3.8/site-packages/samba/tests/samba_tool/user_check_password_script.py
+#usr/lib/python3.8/site-packages/samba/tests/samba_tool/user_virtualCryptSHA.py
+#usr/lib/python3.8/site-packages/samba/tests/samba_tool/user_virtualCryptSHA_base.py
+#usr/lib/python3.8/site-packages/samba/tests/samba_tool/user_virtualCryptSHA_gpg.py
+#usr/lib/python3.8/site-packages/samba/tests/samba_tool/user_virtualCryptSHA_userPassword.py
+#usr/lib/python3.8/site-packages/samba/tests/samba_tool/user_wdigest.py
+#usr/lib/python3.8/site-packages/samba/tests/samba_tool/visualize.py
+#usr/lib/python3.8/site-packages/samba/tests/samba_tool/visualize_drs.py
+#usr/lib/python3.8/site-packages/samba/tests/samba_upgradedns_lmdb.py
+#usr/lib/python3.8/site-packages/samba/tests/samdb.py
+#usr/lib/python3.8/site-packages/samba/tests/samdb_api.py
+#usr/lib/python3.8/site-packages/samba/tests/security.py
+#usr/lib/python3.8/site-packages/samba/tests/segfault.py
+#usr/lib/python3.8/site-packages/samba/tests/smb.py
+#usr/lib/python3.8/site-packages/samba/tests/smbd_base.py
+#usr/lib/python3.8/site-packages/samba/tests/smbd_fuzztest.py
+#usr/lib/python3.8/site-packages/samba/tests/source.py
+#usr/lib/python3.8/site-packages/samba/tests/strings.py
+#usr/lib/python3.8/site-packages/samba/tests/subunitrun.py
+#usr/lib/python3.8/site-packages/samba/tests/tdb_util.py
+#usr/lib/python3.8/site-packages/samba/tests/upgrade.py
+#usr/lib/python3.8/site-packages/samba/tests/upgradeprovision.py
+#usr/lib/python3.8/site-packages/samba/tests/upgradeprovisionneeddc.py
+#usr/lib/python3.8/site-packages/samba/tests/usage.py
+#usr/lib/python3.8/site-packages/samba/tests/xattr.py
+#usr/lib/python3.8/site-packages/samba/third_party
+usr/lib/python3.8/site-packages/samba/third_party/__init__.py
+usr/lib/python3.8/site-packages/samba/third_party/iso8601
+usr/lib/python3.8/site-packages/samba/third_party/iso8601/__init__.py
+usr/lib/python3.8/site-packages/samba/third_party/iso8601/iso8601.py
+usr/lib/python3.8/site-packages/samba/third_party/iso8601/test_iso8601.py
+usr/lib/python3.8/site-packages/samba/upgrade.py
+usr/lib/python3.8/site-packages/samba/upgradehelpers.py
+usr/lib/python3.8/site-packages/samba/uptodateness.py
+usr/lib/python3.8/site-packages/samba/werror.cpython-38-aarch64-linux-gnu.so
+usr/lib/python3.8/site-packages/samba/xattr.py
+usr/lib/python3.8/site-packages/samba/xattr_native.cpython-38-aarch64-linux-gnu.so
+usr/lib/python3.8/site-packages/samba/xattr_tdb.cpython-38-aarch64-linux-gnu.so
+usr/lib/python3.8/site-packages/talloc.cpython-38-aarch64-linux-gnu.so
+usr/lib/python3.8/site-packages/tdb.cpython-38-aarch64-linux-gnu.so
+usr/lib/python3.8/site-packages/tevent.py
+#usr/lib/samba
+usr/lib/samba/idmap
+usr/lib/samba/idmap/ad.so
+usr/lib/samba/idmap/autorid.so
+usr/lib/samba/idmap/hash.so
+usr/lib/samba/idmap/rfc2307.so
+usr/lib/samba/idmap/rid.so
+usr/lib/samba/idmap/script.so
+usr/lib/samba/idmap/tdb2.so
+#usr/lib/samba/krb5
+usr/lib/samba/krb5/winbind_krb5_locator.so
+#usr/lib/samba/ldb
+usr/lib/samba/ldb/asq.so
+usr/lib/samba/ldb/ildap.so
+usr/lib/samba/ldb/ldb.so
+usr/lib/samba/ldb/ldbsamba_extensions.so
+usr/lib/samba/ldb/paged_searches.so
+usr/lib/samba/ldb/rdn_name.so
+usr/lib/samba/ldb/sample.so
+usr/lib/samba/ldb/server_sort.so
+usr/lib/samba/ldb/skel.so
+usr/lib/samba/ldb/tdb.so
+usr/lib/samba/libCHARSET3-samba4.so
+usr/lib/samba/libLIBWBCLIENT-OLD-samba4.so
+usr/lib/samba/libMESSAGING-SEND-samba4.so
+usr/lib/samba/libMESSAGING-samba4.so
+usr/lib/samba/libaddns-samba4.so
+usr/lib/samba/libads-samba4.so
+usr/lib/samba/libasn1-samba4.so.8
+usr/lib/samba/libasn1-samba4.so.8.0.0
+usr/lib/samba/libasn1util-samba4.so
+usr/lib/samba/libauth-samba4.so
+usr/lib/samba/libauth-unix-token-samba4.so
+usr/lib/samba/libauth4-samba4.so
+usr/lib/samba/libauthkrb5-samba4.so
+usr/lib/samba/libcli-cldap-samba4.so
+usr/lib/samba/libcli-ldap-common-samba4.so
+usr/lib/samba/libcli-ldap-samba4.so
+usr/lib/samba/libcli-nbt-samba4.so
+usr/lib/samba/libcli-smb-common-samba4.so
+usr/lib/samba/libcli-spoolss-samba4.so
+usr/lib/samba/libcliauth-samba4.so
+usr/lib/samba/libclidns-samba4.so
+usr/lib/samba/libcluster-samba4.so
+usr/lib/samba/libcmdline-contexts-samba4.so
+usr/lib/samba/libcmdline-credentials-samba4.so
+usr/lib/samba/libcmocka-samba4.so
+usr/lib/samba/libcom_err-samba4.so.0
+usr/lib/samba/libcom_err-samba4.so.0.25
+usr/lib/samba/libcommon-auth-samba4.so
+usr/lib/samba/libdbwrap-samba4.so
+usr/lib/samba/libdcerpc-samba-samba4.so
+usr/lib/samba/libdcerpc-samba4.so
+usr/lib/samba/libdsdb-module-samba4.so
+usr/lib/samba/libevents-samba4.so
+usr/lib/samba/libflag-mapping-samba4.so
+usr/lib/samba/libgenrand-samba4.so
+usr/lib/samba/libgensec-samba4.so
+usr/lib/samba/libgpext-samba4.so
+usr/lib/samba/libgpo-samba4.so
+usr/lib/samba/libgse-samba4.so
+usr/lib/samba/libgssapi-samba4.so.2
+usr/lib/samba/libgssapi-samba4.so.2.0.0
+usr/lib/samba/libhcrypto-samba4.so.5
+usr/lib/samba/libhcrypto-samba4.so.5.0.1
+usr/lib/samba/libhdb-samba4.so.11
+usr/lib/samba/libhdb-samba4.so.11.0.2
+usr/lib/samba/libheimbase-samba4.so.1
+usr/lib/samba/libheimbase-samba4.so.1.0.0
+usr/lib/samba/libheimntlm-samba4.so.1
+usr/lib/samba/libheimntlm-samba4.so.1.0.1
+usr/lib/samba/libhttp-samba4.so
+usr/lib/samba/libhx509-samba4.so.5
+usr/lib/samba/libhx509-samba4.so.5.0.0
+usr/lib/samba/libidmap-samba4.so
+usr/lib/samba/libinterfaces-samba4.so
+usr/lib/samba/libiov-buf-samba4.so
+usr/lib/samba/libkdc-samba4.so.2
+usr/lib/samba/libkdc-samba4.so.2.0.0
+usr/lib/samba/libkrb5-samba4.so.26
+usr/lib/samba/libkrb5-samba4.so.26.0.0
+usr/lib/samba/libkrb5samba-samba4.so
+usr/lib/samba/libldb-cmdline-samba4.so
+usr/lib/samba/libldb-key-value-samba4.so
+usr/lib/samba/libldb-tdb-err-map-samba4.so
+usr/lib/samba/libldb-tdb-int-samba4.so
+usr/lib/samba/libldb.so.2
+usr/lib/samba/libldb.so.2.2.0
+usr/lib/samba/libldbsamba-samba4.so
+usr/lib/samba/liblibcli-lsa3-samba4.so
+usr/lib/samba/liblibcli-netlogon3-samba4.so
+usr/lib/samba/liblibsmb-samba4.so
+usr/lib/samba/libmessages-dgm-samba4.so
+usr/lib/samba/libmessages-util-samba4.so
+usr/lib/samba/libmsghdr-samba4.so
+usr/lib/samba/libmsrpc3-samba4.so
+usr/lib/samba/libndr-samba-samba4.so
+usr/lib/samba/libndr-samba4.so
+usr/lib/samba/libnet-keytab-samba4.so
+usr/lib/samba/libnetif-samba4.so
+usr/lib/samba/libnpa-tstream-samba4.so
+usr/lib/samba/libnss-info-samba4.so
+usr/lib/samba/libpopt-samba3-cmdline-samba4.so
+usr/lib/samba/libpopt-samba3-samba4.so
+usr/lib/samba/libposix-eadb-samba4.so
+usr/lib/samba/libprinter-driver-samba4.so
+usr/lib/samba/libprinting-migrate-samba4.so
+usr/lib/samba/libpyldb-util.cpython-38-aarch64-linux-gnu.so.2
+usr/lib/samba/libpyldb-util.cpython-38-aarch64-linux-gnu.so.2.2.0
+usr/lib/samba/libpytalloc-util.cpython-38-aarch64-linux-gnu.so.2
+usr/lib/samba/libpytalloc-util.cpython-38-aarch64-linux-gnu.so.2.3.1
+usr/lib/samba/libregistry-samba4.so
+usr/lib/samba/libreplace-samba4.so
+usr/lib/samba/libroken-samba4.so.19
+usr/lib/samba/libroken-samba4.so.19.0.1
+usr/lib/samba/libsamba-cluster-support-samba4.so
+usr/lib/samba/libsamba-debug-samba4.so
+usr/lib/samba/libsamba-modules-samba4.so
+usr/lib/samba/libsamba-net.cpython-38-aarch64-linux-gnu-samba4.so
+usr/lib/samba/libsamba-python.cpython-38-aarch64-linux-gnu-samba4.so
+usr/lib/samba/libsamba-security-samba4.so
+usr/lib/samba/libsamba-sockets-samba4.so
+usr/lib/samba/libsamba3-util-samba4.so
+usr/lib/samba/libsamdb-common-samba4.so
+usr/lib/samba/libsecrets3-samba4.so
+usr/lib/samba/libserver-id-db-samba4.so
+usr/lib/samba/libserver-role-samba4.so
+usr/lib/samba/libshares-samba4.so
+usr/lib/samba/libsmb-transport-samba4.so
+usr/lib/samba/libsmbclient-raw-samba4.so
+usr/lib/samba/libsmbd-base-samba4.so
+usr/lib/samba/libsmbd-conn-samba4.so
+usr/lib/samba/libsmbd-shim-samba4.so
+usr/lib/samba/libsmbldaphelper-samba4.so
+usr/lib/samba/libsmbpasswdparser-samba4.so
+usr/lib/samba/libsocket-blocking-samba4.so
+usr/lib/samba/libsys-rw-samba4.so
+usr/lib/samba/libtalloc-report-printf-samba4.so
+usr/lib/samba/libtalloc-report-samba4.so
+usr/lib/samba/libtalloc.so.2
+usr/lib/samba/libtalloc.so.2.3.1
+usr/lib/samba/libtdb-wrap-samba4.so
+usr/lib/samba/libtdb.so.1
+usr/lib/samba/libtdb.so.1.4.3
+usr/lib/samba/libtevent.so.0
+usr/lib/samba/libtevent.so.0.10.2
+usr/lib/samba/libtime-basic-samba4.so
+usr/lib/samba/libtorture-samba4.so
+usr/lib/samba/libtrusts-util-samba4.so
+usr/lib/samba/libutil-cmdline-samba4.so
+usr/lib/samba/libutil-reg-samba4.so
+usr/lib/samba/libutil-setid-samba4.so
+usr/lib/samba/libutil-tdb-samba4.so
+usr/lib/samba/libwinbind-client-samba4.so
+usr/lib/samba/libwind-samba4.so.0
+usr/lib/samba/libwind-samba4.so.0.0.0
+usr/lib/samba/libxattr-tdb-samba4.so
+usr/lib/samba/nss_info
+usr/lib/samba/nss_info/hash.so
+usr/lib/samba/nss_info/rfc2307.so
+usr/lib/samba/nss_info/sfu.so
+usr/lib/samba/nss_info/sfu20.so
+#usr/lib/samba/vfs
+usr/lib/samba/vfs/acl_tdb.so
+usr/lib/samba/vfs/acl_xattr.so
+usr/lib/samba/vfs/aio_fork.so
+usr/lib/samba/vfs/aio_pthread.so
+usr/lib/samba/vfs/audit.so
+usr/lib/samba/vfs/btrfs.so
+usr/lib/samba/vfs/cap.so
+usr/lib/samba/vfs/catia.so
+usr/lib/samba/vfs/commit.so
+usr/lib/samba/vfs/crossrename.so
+usr/lib/samba/vfs/default_quota.so
+usr/lib/samba/vfs/dirsort.so
+usr/lib/samba/vfs/expand_msdfs.so
+usr/lib/samba/vfs/extd_audit.so
+usr/lib/samba/vfs/fake_perms.so
+usr/lib/samba/vfs/fileid.so
+usr/lib/samba/vfs/fruit.so
+usr/lib/samba/vfs/full_audit.so
+usr/lib/samba/vfs/glusterfs_fuse.so
+usr/lib/samba/vfs/gpfs.so
+usr/lib/samba/vfs/linux_xfs_sgid.so
+usr/lib/samba/vfs/media_harmony.so
+usr/lib/samba/vfs/offline.so
+usr/lib/samba/vfs/preopen.so
+usr/lib/samba/vfs/readahead.so
+usr/lib/samba/vfs/readonly.so
+usr/lib/samba/vfs/recycle.so
+usr/lib/samba/vfs/shadow_copy.so
+usr/lib/samba/vfs/shadow_copy2.so
+usr/lib/samba/vfs/shell_snap.so
+usr/lib/samba/vfs/snapper.so
+usr/lib/samba/vfs/streams_depot.so
+usr/lib/samba/vfs/streams_xattr.so
+usr/lib/samba/vfs/syncops.so
+usr/lib/samba/vfs/time_audit.so
+usr/lib/samba/vfs/unityed_media.so
+usr/lib/samba/vfs/virusfilter.so
+usr/lib/samba/vfs/widelinks.so
+usr/lib/samba/vfs/worm.so
+usr/lib/samba/vfs/xattr_tdb.so
+usr/lib/security
+usr/lib/security/pam_winbind.so
+#usr/libexec/samba
+usr/libexec/samba/smbspool_krb5_wrapper
+usr/sbin/eventlogadm
+usr/sbin/nmbd
+usr/sbin/samba-gpupdate
+usr/sbin/smbd
+usr/sbin/winbindd
+var/ipfire/backup/addons/includes/samba
+#var/ipfire/samba
+var/ipfire/samba/default.global
+var/ipfire/samba/default.pdc
+var/ipfire/samba/default.printer
+var/ipfire/samba/default.settings
+var/ipfire/samba/default.shares
+var/ipfire/samba/global
+var/ipfire/samba/pdc
+var/ipfire/samba/printer
+#var/ipfire/samba/private
+var/ipfire/samba/private/secrets.tdb
+var/ipfire/samba/private/smbpasswd
+var/ipfire/samba/settings
+var/ipfire/samba/shares
+var/ipfire/samba/smb.conf
+var/ipfire/samba/smb.conf.default
+var/lib/samba
+var/lib/samba/bind-dns
+var/lib/samba/private
+var/lib/samba/winbindd_privileged
+var/log/samba
+var/nmbd
+srv/web/ipfire/cgi-bin/samba.cgi
+srv/web/ipfire/cgi-bin/sambahlp.cgi
+var/ipfire/menu.d/EX-samba.menu
+usr/local/bin/sambactrl

config/rootfiles/packages/armv5tel/samba

@@ -0,0 +1,820 @@
+etc/rc.d/init.d/samba
+usr/bin/cifsdd
+usr/bin/dbwrap_tool
+usr/bin/findsmb
+usr/bin/gentest
+usr/bin/ldbadd
+usr/bin/ldbdel
+usr/bin/ldbedit
+usr/bin/ldbmodify
+usr/bin/ldbrename
+usr/bin/ldbsearch
+usr/bin/locktest
+usr/bin/masktest
+usr/bin/mdfind
+usr/bin/mvxattr
+usr/bin/ndrdump
+usr/bin/net
+usr/bin/nmblookup
+usr/bin/ntlm_auth
+usr/bin/oLschema2ldif
+usr/bin/pdbedit
+usr/bin/profiles
+usr/bin/regdiff
+usr/bin/regpatch
+usr/bin/regshell
+usr/bin/regtree
+usr/bin/rpcclient
+usr/bin/samba-regedit
+usr/bin/sharesec
+usr/bin/smbcacls
+usr/bin/smbclient
+usr/bin/smbcontrol
+usr/bin/smbcquotas
+usr/bin/smbget
+usr/bin/smbpasswd
+usr/bin/smbspool
+usr/bin/smbstatus
+usr/bin/smbtar
+usr/bin/smbtorture
+usr/bin/smbtree
+usr/bin/tdbbackup
+usr/bin/tdbdump
+usr/bin/tdbrestore
+usr/bin/tdbtool
+usr/bin/testparm
+usr/bin/wbinfo
+#usr/include/samba-4.0
+#usr/include/samba-4.0/charset.h
+#usr/include/samba-4.0/core
+#usr/include/samba-4.0/core/doserr.h
+#usr/include/samba-4.0/core/error.h
+#usr/include/samba-4.0/core/hresult.h
+#usr/include/samba-4.0/core/ntstatus.h
+#usr/include/samba-4.0/core/ntstatus_gen.h
+#usr/include/samba-4.0/core/werror.h
+#usr/include/samba-4.0/core/werror_gen.h
+#usr/include/samba-4.0/credentials.h
+#usr/include/samba-4.0/dcerpc.h
+#usr/include/samba-4.0/dcesrv_core.h
+#usr/include/samba-4.0/domain_credentials.h
+#usr/include/samba-4.0/gen_ndr
+#usr/include/samba-4.0/gen_ndr/atsvc.h
+#usr/include/samba-4.0/gen_ndr/auth.h
+#usr/include/samba-4.0/gen_ndr/dcerpc.h
+#usr/include/samba-4.0/gen_ndr/drsblobs.h
+#usr/include/samba-4.0/gen_ndr/drsuapi.h
+#usr/include/samba-4.0/gen_ndr/krb5pac.h
+#usr/include/samba-4.0/gen_ndr/lsa.h
+#usr/include/samba-4.0/gen_ndr/misc.h
+#usr/include/samba-4.0/gen_ndr/nbt.h
+#usr/include/samba-4.0/gen_ndr/ndr_atsvc.h
+#usr/include/samba-4.0/gen_ndr/ndr_dcerpc.h
+#usr/include/samba-4.0/gen_ndr/ndr_drsblobs.h
+#usr/include/samba-4.0/gen_ndr/ndr_drsuapi.h
+#usr/include/samba-4.0/gen_ndr/ndr_krb5pac.h
+#usr/include/samba-4.0/gen_ndr/ndr_misc.h
+#usr/include/samba-4.0/gen_ndr/ndr_nbt.h
+#usr/include/samba-4.0/gen_ndr/ndr_samr.h
+#usr/include/samba-4.0/gen_ndr/ndr_samr_c.h
+#usr/include/samba-4.0/gen_ndr/ndr_svcctl.h
+#usr/include/samba-4.0/gen_ndr/ndr_svcctl_c.h
+#usr/include/samba-4.0/gen_ndr/netlogon.h
+#usr/include/samba-4.0/gen_ndr/samr.h
+#usr/include/samba-4.0/gen_ndr/security.h
+#usr/include/samba-4.0/gen_ndr/server_id.h
+#usr/include/samba-4.0/gen_ndr/svcctl.h
+#usr/include/samba-4.0/ldb_wrap.h
+#usr/include/samba-4.0/libsmbclient.h
+#usr/include/samba-4.0/lookup_sid.h
+#usr/include/samba-4.0/machine_sid.h
+#usr/include/samba-4.0/ndr
+#usr/include/samba-4.0/ndr.h
+#usr/include/samba-4.0/ndr/ndr_dcerpc.h
+#usr/include/samba-4.0/ndr/ndr_drsblobs.h
+#usr/include/samba-4.0/ndr/ndr_drsuapi.h
+#usr/include/samba-4.0/ndr/ndr_krb5pac.h
+#usr/include/samba-4.0/ndr/ndr_nbt.h
+#usr/include/samba-4.0/ndr/ndr_svcctl.h
+#usr/include/samba-4.0/netapi.h
+#usr/include/samba-4.0/param.h
+#usr/include/samba-4.0/passdb.h
+#usr/include/samba-4.0/policy.h
+#usr/include/samba-4.0/rpc_common.h
+#usr/include/samba-4.0/samba
+#usr/include/samba-4.0/samba/session.h
+#usr/include/samba-4.0/samba/version.h
+#usr/include/samba-4.0/share.h
+#usr/include/samba-4.0/smb2_lease_struct.h
+#usr/include/samba-4.0/smb_ldap.h
+#usr/include/samba-4.0/smbconf.h
+#usr/include/samba-4.0/smbldap.h
+#usr/include/samba-4.0/tdr.h
+#usr/include/samba-4.0/tsocket.h
+#usr/include/samba-4.0/tsocket_internal.h
+#usr/include/samba-4.0/util
+#usr/include/samba-4.0/util/attr.h
+#usr/include/samba-4.0/util/blocking.h
+#usr/include/samba-4.0/util/data_blob.h
+#usr/include/samba-4.0/util/debug.h
+#usr/include/samba-4.0/util/discard.h
+#usr/include/samba-4.0/util/fault.h
+#usr/include/samba-4.0/util/genrand.h
+#usr/include/samba-4.0/util/idtree.h
+#usr/include/samba-4.0/util/idtree_random.h
+#usr/include/samba-4.0/util/signal.h
+#usr/include/samba-4.0/util/string_wrappers.h
+#usr/include/samba-4.0/util/substitute.h
+#usr/include/samba-4.0/util/tevent_ntstatus.h
+#usr/include/samba-4.0/util/tevent_unix.h
+#usr/include/samba-4.0/util/tevent_werror.h
+#usr/include/samba-4.0/util/tfork.h
+#usr/include/samba-4.0/util/time.h
+#usr/include/samba-4.0/util_ldb.h
+#usr/include/samba-4.0/wbclient.h
+usr/lib/libdcerpc-binding.so
+usr/lib/libdcerpc-binding.so.0
+usr/lib/libdcerpc-binding.so.0.0.1
+usr/lib/libdcerpc-samr.so
+usr/lib/libdcerpc-samr.so.0
+usr/lib/libdcerpc-samr.so.0.0.1
+usr/lib/libdcerpc-server-core.so
+usr/lib/libdcerpc-server-core.so.0
+usr/lib/libdcerpc-server-core.so.0.0.1
+usr/lib/libdcerpc.so
+usr/lib/libdcerpc.so.0
+usr/lib/libdcerpc.so.0.0.1
+usr/lib/libndr-krb5pac.so
+usr/lib/libndr-krb5pac.so.0
+usr/lib/libndr-krb5pac.so.0.0.1
+usr/lib/libndr-nbt.so
+usr/lib/libndr-nbt.so.0
+usr/lib/libndr-nbt.so.0.0.1
+usr/lib/libndr-standard.so
+usr/lib/libndr-standard.so.0
+usr/lib/libndr-standard.so.0.0.1
+usr/lib/libndr.so
+usr/lib/libndr.so.1
+usr/lib/libndr.so.1.0.0
+usr/lib/libnetapi.so
+usr/lib/libnetapi.so.0
+usr/lib/libnss_winbind.so
+usr/lib/libnss_winbind.so.2
+usr/lib/libnss_wins.so
+usr/lib/libnss_wins.so.2
+usr/lib/libsamba-credentials.so
+usr/lib/libsamba-credentials.so.0
+usr/lib/libsamba-credentials.so.0.0.1
+usr/lib/libsamba-errors.so
+usr/lib/libsamba-errors.so.1
+usr/lib/libsamba-hostconfig.so
+usr/lib/libsamba-hostconfig.so.0
+usr/lib/libsamba-hostconfig.so.0.0.1
+usr/lib/libsamba-passdb.so
+usr/lib/libsamba-passdb.so.0
+usr/lib/libsamba-passdb.so.0.28.0
+usr/lib/libsamba-policy.cpython-38-arm-linux-gnueabi.so
+usr/lib/libsamba-policy.cpython-38-arm-linux-gnueabi.so.0
+usr/lib/libsamba-policy.cpython-38-arm-linux-gnueabi.so.0.0.1
+usr/lib/libsamba-util.so
+usr/lib/libsamba-util.so.0
+usr/lib/libsamba-util.so.0.0.1
+usr/lib/libsamdb.so
+usr/lib/libsamdb.so.0
+usr/lib/libsamdb.so.0.0.1
+usr/lib/libsmbclient.so
+usr/lib/libsmbclient.so.0
+usr/lib/libsmbclient.so.0.6.0
+usr/lib/libsmbconf.so
+usr/lib/libsmbconf.so.0
+usr/lib/libsmbldap.so
+usr/lib/libsmbldap.so.2
+usr/lib/libtevent-util.so
+usr/lib/libtevent-util.so.0
+usr/lib/libtevent-util.so.0.0.1
+usr/lib/libwbclient.so
+usr/lib/libwbclient.so.0
+usr/lib/libwbclient.so.0.15
+#usr/lib/pkgconfig/dcerpc.pc
+#usr/lib/pkgconfig/dcerpc_samr.pc
+#usr/lib/pkgconfig/ndr.pc
+#usr/lib/pkgconfig/ndr_krb5pac.pc
+#usr/lib/pkgconfig/ndr_nbt.pc
+#usr/lib/pkgconfig/ndr_standard.pc
+#usr/lib/pkgconfig/netapi.pc
+#usr/lib/pkgconfig/samba-credentials.pc
+#usr/lib/pkgconfig/samba-hostconfig.pc
+#usr/lib/pkgconfig/samba-policy.cpython-38-arm-linux-gnueabi.pc
+#usr/lib/pkgconfig/samba-util.pc
+#usr/lib/pkgconfig/samdb.pc
+#usr/lib/pkgconfig/smbclient.pc
+#usr/lib/pkgconfig/wbclient.pc
+usr/lib/python3.8/site-packages/_ldb_text.py
+usr/lib/python3.8/site-packages/_tdb_text.py
+usr/lib/python3.8/site-packages/_tevent.cpython-38-arm-linux-gnueabi.so
+usr/lib/python3.8/site-packages/ldb.cpython-38-arm-linux-gnueabi.so
+#usr/lib/python3.8/site-packages/samba
+usr/lib/python3.8/site-packages/samba/__init__.py
+usr/lib/python3.8/site-packages/samba/_glue.cpython-38-arm-linux-gnueabi.so
+usr/lib/python3.8/site-packages/samba/_ldb.cpython-38-arm-linux-gnueabi.so
+usr/lib/python3.8/site-packages/samba/auth.cpython-38-arm-linux-gnueabi.so
+usr/lib/python3.8/site-packages/samba/auth_util.py
+usr/lib/python3.8/site-packages/samba/colour.py
+usr/lib/python3.8/site-packages/samba/common.py
+usr/lib/python3.8/site-packages/samba/compat.py
+usr/lib/python3.8/site-packages/samba/credentials.cpython-38-arm-linux-gnueabi.so
+usr/lib/python3.8/site-packages/samba/crypto.cpython-38-arm-linux-gnueabi.so
+usr/lib/python3.8/site-packages/samba/dbchecker.py
+#usr/lib/python3.8/site-packages/samba/dcerpc
+usr/lib/python3.8/site-packages/samba/dcerpc/__init__.py
+usr/lib/python3.8/site-packages/samba/dcerpc/atsvc.cpython-38-arm-linux-gnueabi.so
+usr/lib/python3.8/site-packages/samba/dcerpc/auth.cpython-38-arm-linux-gnueabi.so
+usr/lib/python3.8/site-packages/samba/dcerpc/base.cpython-38-arm-linux-gnueabi.so
+usr/lib/python3.8/site-packages/samba/dcerpc/dcerpc.cpython-38-arm-linux-gnueabi.so
+usr/lib/python3.8/site-packages/samba/dcerpc/dfs.cpython-38-arm-linux-gnueabi.so
+usr/lib/python3.8/site-packages/samba/dcerpc/dns.cpython-38-arm-linux-gnueabi.so
+usr/lib/python3.8/site-packages/samba/dcerpc/dnsp.cpython-38-arm-linux-gnueabi.so
+usr/lib/python3.8/site-packages/samba/dcerpc/dnsserver.cpython-38-arm-linux-gnueabi.so
+usr/lib/python3.8/site-packages/samba/dcerpc/drsblobs.cpython-38-arm-linux-gnueabi.so
+usr/lib/python3.8/site-packages/samba/dcerpc/drsuapi.cpython-38-arm-linux-gnueabi.so
+usr/lib/python3.8/site-packages/samba/dcerpc/echo.cpython-38-arm-linux-gnueabi.so
+usr/lib/python3.8/site-packages/samba/dcerpc/epmapper.cpython-38-arm-linux-gnueabi.so
+usr/lib/python3.8/site-packages/samba/dcerpc/idmap.cpython-38-arm-linux-gnueabi.so
+usr/lib/python3.8/site-packages/samba/dcerpc/initshutdown.cpython-38-arm-linux-gnueabi.so
+usr/lib/python3.8/site-packages/samba/dcerpc/irpc.cpython-38-arm-linux-gnueabi.so
+usr/lib/python3.8/site-packages/samba/dcerpc/krb5pac.cpython-38-arm-linux-gnueabi.so
+usr/lib/python3.8/site-packages/samba/dcerpc/lsa.cpython-38-arm-linux-gnueabi.so
+usr/lib/python3.8/site-packages/samba/dcerpc/mdssvc.cpython-38-arm-linux-gnueabi.so
+usr/lib/python3.8/site-packages/samba/dcerpc/messaging.cpython-38-arm-linux-gnueabi.so
+usr/lib/python3.8/site-packages/samba/dcerpc/mgmt.cpython-38-arm-linux-gnueabi.so
+usr/lib/python3.8/site-packages/samba/dcerpc/misc.cpython-38-arm-linux-gnueabi.so
+usr/lib/python3.8/site-packages/samba/dcerpc/nbt.cpython-38-arm-linux-gnueabi.so
+usr/lib/python3.8/site-packages/samba/dcerpc/netlogon.cpython-38-arm-linux-gnueabi.so
+usr/lib/python3.8/site-packages/samba/dcerpc/ntlmssp.cpython-38-arm-linux-gnueabi.so
+usr/lib/python3.8/site-packages/samba/dcerpc/preg.cpython-38-arm-linux-gnueabi.so
+usr/lib/python3.8/site-packages/samba/dcerpc/samr.cpython-38-arm-linux-gnueabi.so
+usr/lib/python3.8/site-packages/samba/dcerpc/security.cpython-38-arm-linux-gnueabi.so
+usr/lib/python3.8/site-packages/samba/dcerpc/server_id.cpython-38-arm-linux-gnueabi.so
+usr/lib/python3.8/site-packages/samba/dcerpc/smb_acl.cpython-38-arm-linux-gnueabi.so
+usr/lib/python3.8/site-packages/samba/dcerpc/spoolss.cpython-38-arm-linux-gnueabi.so
+usr/lib/python3.8/site-packages/samba/dcerpc/srvsvc.cpython-38-arm-linux-gnueabi.so
+usr/lib/python3.8/site-packages/samba/dcerpc/svcctl.cpython-38-arm-linux-gnueabi.so
+usr/lib/python3.8/site-packages/samba/dcerpc/unixinfo.cpython-38-arm-linux-gnueabi.so
+usr/lib/python3.8/site-packages/samba/dcerpc/winbind.cpython-38-arm-linux-gnueabi.so
+usr/lib/python3.8/site-packages/samba/dcerpc/windows_event_ids.cpython-38-arm-linux-gnueabi.so
+usr/lib/python3.8/site-packages/samba/dcerpc/winreg.cpython-38-arm-linux-gnueabi.so
+usr/lib/python3.8/site-packages/samba/dcerpc/winspool.cpython-38-arm-linux-gnueabi.so
+usr/lib/python3.8/site-packages/samba/dcerpc/witness.cpython-38-arm-linux-gnueabi.so
+usr/lib/python3.8/site-packages/samba/dcerpc/wkssvc.cpython-38-arm-linux-gnueabi.so
+usr/lib/python3.8/site-packages/samba/dcerpc/xattr.cpython-38-arm-linux-gnueabi.so
+usr/lib/python3.8/site-packages/samba/descriptor.py
+usr/lib/python3.8/site-packages/samba/dnsserver.py
+usr/lib/python3.8/site-packages/samba/domain_update.py
+usr/lib/python3.8/site-packages/samba/drs_utils.py
+#usr/lib/python3.8/site-packages/samba/emulate
+usr/lib/python3.8/site-packages/samba/emulate/__init__.py
+usr/lib/python3.8/site-packages/samba/emulate/traffic.py
+usr/lib/python3.8/site-packages/samba/emulate/traffic_packets.py
+usr/lib/python3.8/site-packages/samba/forest_update.py
+usr/lib/python3.8/site-packages/samba/gensec.cpython-38-arm-linux-gnueabi.so
+usr/lib/python3.8/site-packages/samba/getopt.py
+usr/lib/python3.8/site-packages/samba/gp_ext_loader.py
+#usr/lib/python3.8/site-packages/samba/gp_parse
+usr/lib/python3.8/site-packages/samba/gp_parse/__init__.py
+usr/lib/python3.8/site-packages/samba/gp_parse/gp_aas.py
+usr/lib/python3.8/site-packages/samba/gp_parse/gp_csv.py
+usr/lib/python3.8/site-packages/samba/gp_parse/gp_inf.py
+usr/lib/python3.8/site-packages/samba/gp_parse/gp_ini.py
+usr/lib/python3.8/site-packages/samba/gp_parse/gp_pol.py
+usr/lib/python3.8/site-packages/samba/gp_scripts_ext.py
+usr/lib/python3.8/site-packages/samba/gp_sec_ext.py
+usr/lib/python3.8/site-packages/samba/gpclass.py
+usr/lib/python3.8/site-packages/samba/gpo.cpython-38-arm-linux-gnueabi.so
+usr/lib/python3.8/site-packages/samba/graph.py
+usr/lib/python3.8/site-packages/samba/hostconfig.py
+usr/lib/python3.8/site-packages/samba/idmap.py
+usr/lib/python3.8/site-packages/samba/join.py
+#usr/lib/python3.8/site-packages/samba/kcc
+usr/lib/python3.8/site-packages/samba/kcc/__init__.py
+usr/lib/python3.8/site-packages/samba/kcc/debug.py
+usr/lib/python3.8/site-packages/samba/kcc/graph.py
+usr/lib/python3.8/site-packages/samba/kcc/graph_utils.py
+usr/lib/python3.8/site-packages/samba/kcc/kcc_utils.py
+usr/lib/python3.8/site-packages/samba/kcc/ldif_import_export.py
+usr/lib/python3.8/site-packages/samba/logger.py
+usr/lib/python3.8/site-packages/samba/mdb_util.py
+usr/lib/python3.8/site-packages/samba/messaging.cpython-38-arm-linux-gnueabi.so
+usr/lib/python3.8/site-packages/samba/ms_display_specifiers.py
+usr/lib/python3.8/site-packages/samba/ms_forest_updates_markdown.py
+usr/lib/python3.8/site-packages/samba/ms_schema.py
+usr/lib/python3.8/site-packages/samba/ms_schema_markdown.py
+usr/lib/python3.8/site-packages/samba/ndr.py
+usr/lib/python3.8/site-packages/samba/net.cpython-38-arm-linux-gnueabi.so
+usr/lib/python3.8/site-packages/samba/netbios.cpython-38-arm-linux-gnueabi.so
+#usr/lib/python3.8/site-packages/samba/netcmd
+usr/lib/python3.8/site-packages/samba/netcmd/__init__.py
+usr/lib/python3.8/site-packages/samba/netcmd/common.py
+usr/lib/python3.8/site-packages/samba/netcmd/computer.py
+usr/lib/python3.8/site-packages/samba/netcmd/contact.py
+usr/lib/python3.8/site-packages/samba/netcmd/dbcheck.py
+usr/lib/python3.8/site-packages/samba/netcmd/delegation.py
+usr/lib/python3.8/site-packages/samba/netcmd/dns.py
+usr/lib/python3.8/site-packages/samba/netcmd/domain.py
+usr/lib/python3.8/site-packages/samba/netcmd/domain_backup.py
+usr/lib/python3.8/site-packages/samba/netcmd/drs.py
+usr/lib/python3.8/site-packages/samba/netcmd/dsacl.py
+usr/lib/python3.8/site-packages/samba/netcmd/forest.py
+usr/lib/python3.8/site-packages/samba/netcmd/fsmo.py
+usr/lib/python3.8/site-packages/samba/netcmd/gpo.py
+usr/lib/python3.8/site-packages/samba/netcmd/group.py
+usr/lib/python3.8/site-packages/samba/netcmd/ldapcmp.py
+usr/lib/python3.8/site-packages/samba/netcmd/main.py
+usr/lib/python3.8/site-packages/samba/netcmd/nettime.py
+usr/lib/python3.8/site-packages/samba/netcmd/ntacl.py
+usr/lib/python3.8/site-packages/samba/netcmd/ou.py
+usr/lib/python3.8/site-packages/samba/netcmd/processes.py
+usr/lib/python3.8/site-packages/samba/netcmd/pso.py
+usr/lib/python3.8/site-packages/samba/netcmd/rodc.py
+usr/lib/python3.8/site-packages/samba/netcmd/schema.py
+usr/lib/python3.8/site-packages/samba/netcmd/sites.py
+usr/lib/python3.8/site-packages/samba/netcmd/spn.py
+usr/lib/python3.8/site-packages/samba/netcmd/testparm.py
+usr/lib/python3.8/site-packages/samba/netcmd/user.py
+usr/lib/python3.8/site-packages/samba/netcmd/visualize.py
+usr/lib/python3.8/site-packages/samba/ntacls.py
+usr/lib/python3.8/site-packages/samba/ntstatus.cpython-38-arm-linux-gnueabi.so
+usr/lib/python3.8/site-packages/samba/param.cpython-38-arm-linux-gnueabi.so
+usr/lib/python3.8/site-packages/samba/policy.cpython-38-arm-linux-gnueabi.so
+usr/lib/python3.8/site-packages/samba/posix_eadb.cpython-38-arm-linux-gnueabi.so
+#usr/lib/python3.8/site-packages/samba/provision
+usr/lib/python3.8/site-packages/samba/provision/__init__.py
+usr/lib/python3.8/site-packages/samba/provision/backend.py
+usr/lib/python3.8/site-packages/samba/provision/common.py
+usr/lib/python3.8/site-packages/samba/provision/kerberos.py
+usr/lib/python3.8/site-packages/samba/provision/kerberos_implementation.py
+usr/lib/python3.8/site-packages/samba/provision/sambadns.py
+usr/lib/python3.8/site-packages/samba/registry.cpython-38-arm-linux-gnueabi.so
+usr/lib/python3.8/site-packages/samba/remove_dc.py
+#usr/lib/python3.8/site-packages/samba/samba3
+usr/lib/python3.8/site-packages/samba/samba3/__init__.py
+usr/lib/python3.8/site-packages/samba/samba3/libsmb_samba_internal.cpython-38-arm-linux-gnueabi.so
+usr/lib/python3.8/site-packages/samba/samba3/mdscli.cpython-38-arm-linux-gnueabi.so
+usr/lib/python3.8/site-packages/samba/samba3/param.cpython-38-arm-linux-gnueabi.so
+usr/lib/python3.8/site-packages/samba/samba3/passdb.cpython-38-arm-linux-gnueabi.so
+usr/lib/python3.8/site-packages/samba/samba3/smbd.cpython-38-arm-linux-gnueabi.so
+usr/lib/python3.8/site-packages/samba/samdb.py
+usr/lib/python3.8/site-packages/samba/schema.py
+usr/lib/python3.8/site-packages/samba/sd_utils.py
+usr/lib/python3.8/site-packages/samba/security.cpython-38-arm-linux-gnueabi.so
+usr/lib/python3.8/site-packages/samba/sites.py
+usr/lib/python3.8/site-packages/samba/subnets.py
+#usr/lib/python3.8/site-packages/samba/subunit
+usr/lib/python3.8/site-packages/samba/subunit/__init__.py
+usr/lib/python3.8/site-packages/samba/subunit/run.py
+usr/lib/python3.8/site-packages/samba/tdb_util.py
+#usr/lib/python3.8/site-packages/samba/tests
+#usr/lib/python3.8/site-packages/samba/tests/__init__.py
+#usr/lib/python3.8/site-packages/samba/tests/audit_log_base.py
+#usr/lib/python3.8/site-packages/samba/tests/audit_log_dsdb.py
+#usr/lib/python3.8/site-packages/samba/tests/audit_log_pass_change.py
+#usr/lib/python3.8/site-packages/samba/tests/auth.py
+#usr/lib/python3.8/site-packages/samba/tests/auth_log.py
+#usr/lib/python3.8/site-packages/samba/tests/auth_log_base.py
+#usr/lib/python3.8/site-packages/samba/tests/auth_log_ncalrpc.py
+#usr/lib/python3.8/site-packages/samba/tests/auth_log_netlogon.py
+#usr/lib/python3.8/site-packages/samba/tests/auth_log_netlogon_bad_creds.py
+#usr/lib/python3.8/site-packages/samba/tests/auth_log_pass_change.py
+#usr/lib/python3.8/site-packages/samba/tests/auth_log_samlogon.py
+#usr/lib/python3.8/site-packages/samba/tests/auth_log_winbind.py
+#usr/lib/python3.8/site-packages/samba/tests/blackbox
+#usr/lib/python3.8/site-packages/samba/tests/blackbox/__init__.py
+#usr/lib/python3.8/site-packages/samba/tests/blackbox/bug13653.py
+#usr/lib/python3.8/site-packages/samba/tests/blackbox/check_output.py
+#usr/lib/python3.8/site-packages/samba/tests/blackbox/downgradedatabase.py
+#usr/lib/python3.8/site-packages/samba/tests/blackbox/mdfind.py
+#usr/lib/python3.8/site-packages/samba/tests/blackbox/ndrdump.py
+#usr/lib/python3.8/site-packages/samba/tests/blackbox/netads_json.py
+#usr/lib/python3.8/site-packages/samba/tests/blackbox/samba_dnsupdate.py
+#usr/lib/python3.8/site-packages/samba/tests/blackbox/smbcacls.py
+#usr/lib/python3.8/site-packages/samba/tests/blackbox/smbcacls_basic.py
+#usr/lib/python3.8/site-packages/samba/tests/blackbox/smbcontrol.py
+#usr/lib/python3.8/site-packages/samba/tests/blackbox/smbcontrol_process.py
+#usr/lib/python3.8/site-packages/samba/tests/blackbox/traffic_learner.py
+#usr/lib/python3.8/site-packages/samba/tests/blackbox/traffic_replay.py
+#usr/lib/python3.8/site-packages/samba/tests/blackbox/traffic_summary.py
+#usr/lib/python3.8/site-packages/samba/tests/common.py
+#usr/lib/python3.8/site-packages/samba/tests/complex_expressions.py
+#usr/lib/python3.8/site-packages/samba/tests/core.py
+#usr/lib/python3.8/site-packages/samba/tests/credentials.py
+#usr/lib/python3.8/site-packages/samba/tests/dcerpc
+#usr/lib/python3.8/site-packages/samba/tests/dcerpc/__init__.py
+#usr/lib/python3.8/site-packages/samba/tests/dcerpc/array.py
+#usr/lib/python3.8/site-packages/samba/tests/dcerpc/bare.py
+#usr/lib/python3.8/site-packages/samba/tests/dcerpc/dnsserver.py
+#usr/lib/python3.8/site-packages/samba/tests/dcerpc/integer.py
+#usr/lib/python3.8/site-packages/samba/tests/dcerpc/mdssvc.py
+#usr/lib/python3.8/site-packages/samba/tests/dcerpc/misc.py
+#usr/lib/python3.8/site-packages/samba/tests/dcerpc/raw_protocol.py
+#usr/lib/python3.8/site-packages/samba/tests/dcerpc/raw_testcase.py
+#usr/lib/python3.8/site-packages/samba/tests/dcerpc/registry.py
+#usr/lib/python3.8/site-packages/samba/tests/dcerpc/rpc_talloc.py
+#usr/lib/python3.8/site-packages/samba/tests/dcerpc/rpcecho.py
+#usr/lib/python3.8/site-packages/samba/tests/dcerpc/sam.py
+#usr/lib/python3.8/site-packages/samba/tests/dcerpc/srvsvc.py
+#usr/lib/python3.8/site-packages/samba/tests/dcerpc/string_tests.py
+#usr/lib/python3.8/site-packages/samba/tests/dcerpc/testrpc.py
+#usr/lib/python3.8/site-packages/samba/tests/dcerpc/unix.py
+#usr/lib/python3.8/site-packages/samba/tests/dckeytab.py
+#usr/lib/python3.8/site-packages/samba/tests/dns.py
+#usr/lib/python3.8/site-packages/samba/tests/dns_base.py
+#usr/lib/python3.8/site-packages/samba/tests/dns_forwarder.py
+#usr/lib/python3.8/site-packages/samba/tests/dns_forwarder_helpers
+#usr/lib/python3.8/site-packages/samba/tests/dns_forwarder_helpers/server.py
+#usr/lib/python3.8/site-packages/samba/tests/dns_invalid.py
+#usr/lib/python3.8/site-packages/samba/tests/dns_packet.py
+#usr/lib/python3.8/site-packages/samba/tests/dns_tkey.py
+#usr/lib/python3.8/site-packages/samba/tests/dns_wildcard.py
+#usr/lib/python3.8/site-packages/samba/tests/docs.py
+#usr/lib/python3.8/site-packages/samba/tests/domain_backup.py
+#usr/lib/python3.8/site-packages/samba/tests/domain_backup_offline.py
+#usr/lib/python3.8/site-packages/samba/tests/dsdb.py
+#usr/lib/python3.8/site-packages/samba/tests/dsdb_lock.py
+#usr/lib/python3.8/site-packages/samba/tests/dsdb_schema_attributes.py
+#usr/lib/python3.8/site-packages/samba/tests/emulate
+#usr/lib/python3.8/site-packages/samba/tests/emulate/__init__.py
+#usr/lib/python3.8/site-packages/samba/tests/emulate/traffic.py
+#usr/lib/python3.8/site-packages/samba/tests/emulate/traffic_packet.py
+#usr/lib/python3.8/site-packages/samba/tests/encrypted_secrets.py
+#usr/lib/python3.8/site-packages/samba/tests/gensec.py
+#usr/lib/python3.8/site-packages/samba/tests/get_opt.py
+#usr/lib/python3.8/site-packages/samba/tests/getdcname.py
+#usr/lib/python3.8/site-packages/samba/tests/glue.py
+#usr/lib/python3.8/site-packages/samba/tests/gpo.py
+#usr/lib/python3.8/site-packages/samba/tests/graph.py
+#usr/lib/python3.8/site-packages/samba/tests/group_audit.py
+#usr/lib/python3.8/site-packages/samba/tests/hostconfig.py
+#usr/lib/python3.8/site-packages/samba/tests/join.py
+#usr/lib/python3.8/site-packages/samba/tests/kcc
+#usr/lib/python3.8/site-packages/samba/tests/kcc/__init__.py
+#usr/lib/python3.8/site-packages/samba/tests/kcc/graph.py
+#usr/lib/python3.8/site-packages/samba/tests/kcc/graph_utils.py
+#usr/lib/python3.8/site-packages/samba/tests/kcc/kcc_utils.py
+#usr/lib/python3.8/site-packages/samba/tests/kcc/ldif_import_export.py
+#usr/lib/python3.8/site-packages/samba/tests/krb5
+#usr/lib/python3.8/site-packages/samba/tests/krb5/kcrypto.py
+#usr/lib/python3.8/site-packages/samba/tests/krb5/raw_testcase.py
+#usr/lib/python3.8/site-packages/samba/tests/krb5/rfc4120_pyasn1.py
+#usr/lib/python3.8/site-packages/samba/tests/krb5/s4u_tests.py
+#usr/lib/python3.8/site-packages/samba/tests/krb5/simple_tests.py
+#usr/lib/python3.8/site-packages/samba/tests/krb5/xrealm_tests.py
+#usr/lib/python3.8/site-packages/samba/tests/krb5_credentials.py
+#usr/lib/python3.8/site-packages/samba/tests/ldap_raw.py
+#usr/lib/python3.8/site-packages/samba/tests/ldap_referrals.py
+#usr/lib/python3.8/site-packages/samba/tests/libsmb.py
+#usr/lib/python3.8/site-packages/samba/tests/loadparm.py
+#usr/lib/python3.8/site-packages/samba/tests/lsa_string.py
+#usr/lib/python3.8/site-packages/samba/tests/messaging.py
+#usr/lib/python3.8/site-packages/samba/tests/net_join.py
+#usr/lib/python3.8/site-packages/samba/tests/net_join_no_spnego.py
+#usr/lib/python3.8/site-packages/samba/tests/netbios.py
+#usr/lib/python3.8/site-packages/samba/tests/netcmd.py
+#usr/lib/python3.8/site-packages/samba/tests/netlogonsvc.py
+#usr/lib/python3.8/site-packages/samba/tests/ntacls.py
+#usr/lib/python3.8/site-packages/samba/tests/ntacls_backup.py
+#usr/lib/python3.8/site-packages/samba/tests/ntlm_auth.py
+#usr/lib/python3.8/site-packages/samba/tests/ntlm_auth_base.py
+#usr/lib/python3.8/site-packages/samba/tests/ntlm_auth_krb5.py
+#usr/lib/python3.8/site-packages/samba/tests/ntlmdisabled.py
+#usr/lib/python3.8/site-packages/samba/tests/pam_winbind.py
+#usr/lib/python3.8/site-packages/samba/tests/pam_winbind_chauthtok.py
+#usr/lib/python3.8/site-packages/samba/tests/pam_winbind_warn_pwd_expire.py
+#usr/lib/python3.8/site-packages/samba/tests/param.py
+#usr/lib/python3.8/site-packages/samba/tests/password_hash.py
+#usr/lib/python3.8/site-packages/samba/tests/password_hash_fl2003.py
+#usr/lib/python3.8/site-packages/samba/tests/password_hash_fl2008.py
+#usr/lib/python3.8/site-packages/samba/tests/password_hash_gpgme.py
+#usr/lib/python3.8/site-packages/samba/tests/password_hash_ldap.py
+#usr/lib/python3.8/site-packages/samba/tests/password_quality.py
+#usr/lib/python3.8/site-packages/samba/tests/password_test.py
+#usr/lib/python3.8/site-packages/samba/tests/policy.py
+#usr/lib/python3.8/site-packages/samba/tests/posixacl.py
+#usr/lib/python3.8/site-packages/samba/tests/prefork_restart.py
+#usr/lib/python3.8/site-packages/samba/tests/process_limits.py
+#usr/lib/python3.8/site-packages/samba/tests/provision.py
+#usr/lib/python3.8/site-packages/samba/tests/pso.py
+#usr/lib/python3.8/site-packages/samba/tests/py_credentials.py
+#usr/lib/python3.8/site-packages/samba/tests/registry.py
+#usr/lib/python3.8/site-packages/samba/tests/s3idmapdb.py
+#usr/lib/python3.8/site-packages/samba/tests/s3param.py
+#usr/lib/python3.8/site-packages/samba/tests/s3passdb.py
+#usr/lib/python3.8/site-packages/samba/tests/s3registry.py
+#usr/lib/python3.8/site-packages/samba/tests/s3windb.py
+#usr/lib/python3.8/site-packages/samba/tests/samba3sam.py
+#usr/lib/python3.8/site-packages/samba/tests/samba_tool
+#usr/lib/python3.8/site-packages/samba/tests/samba_tool/__init__.py
+#usr/lib/python3.8/site-packages/samba/tests/samba_tool/base.py
+#usr/lib/python3.8/site-packages/samba/tests/samba_tool/computer.py
+#usr/lib/python3.8/site-packages/samba/tests/samba_tool/contact.py
+#usr/lib/python3.8/site-packages/samba/tests/samba_tool/demote.py
+#usr/lib/python3.8/site-packages/samba/tests/samba_tool/dnscmd.py
+#usr/lib/python3.8/site-packages/samba/tests/samba_tool/drs_clone_dc_data_lmdb_size.py
+#usr/lib/python3.8/site-packages/samba/tests/samba_tool/dsacl.py
+#usr/lib/python3.8/site-packages/samba/tests/samba_tool/forest.py
+#usr/lib/python3.8/site-packages/samba/tests/samba_tool/fsmo.py
+#usr/lib/python3.8/site-packages/samba/tests/samba_tool/gpo.py
+#usr/lib/python3.8/site-packages/samba/tests/samba_tool/group.py
+#usr/lib/python3.8/site-packages/samba/tests/samba_tool/help.py
+#usr/lib/python3.8/site-packages/samba/tests/samba_tool/join.py
+#usr/lib/python3.8/site-packages/samba/tests/samba_tool/join_lmdb_size.py
+#usr/lib/python3.8/site-packages/samba/tests/samba_tool/ntacl.py
+#usr/lib/python3.8/site-packages/samba/tests/samba_tool/ou.py
+#usr/lib/python3.8/site-packages/samba/tests/samba_tool/passwordsettings.py
+#usr/lib/python3.8/site-packages/samba/tests/samba_tool/processes.py
+#usr/lib/python3.8/site-packages/samba/tests/samba_tool/promote_dc_lmdb_size.py
+#usr/lib/python3.8/site-packages/samba/tests/samba_tool/provision_lmdb_size.py
+#usr/lib/python3.8/site-packages/samba/tests/samba_tool/provision_password_check.py
+#usr/lib/python3.8/site-packages/samba/tests/samba_tool/rodc.py
+#usr/lib/python3.8/site-packages/samba/tests/samba_tool/schema.py
+#usr/lib/python3.8/site-packages/samba/tests/samba_tool/sites.py
+#usr/lib/python3.8/site-packages/samba/tests/samba_tool/timecmd.py
+#usr/lib/python3.8/site-packages/samba/tests/samba_tool/user.py
+#usr/lib/python3.8/site-packages/samba/tests/samba_tool/user_check_password_script.py
+#usr/lib/python3.8/site-packages/samba/tests/samba_tool/user_virtualCryptSHA.py
+#usr/lib/python3.8/site-packages/samba/tests/samba_tool/user_virtualCryptSHA_base.py
+#usr/lib/python3.8/site-packages/samba/tests/samba_tool/user_virtualCryptSHA_gpg.py
+#usr/lib/python3.8/site-packages/samba/tests/samba_tool/user_virtualCryptSHA_userPassword.py
+#usr/lib/python3.8/site-packages/samba/tests/samba_tool/user_wdigest.py
+#usr/lib/python3.8/site-packages/samba/tests/samba_tool/visualize.py
+#usr/lib/python3.8/site-packages/samba/tests/samba_tool/visualize_drs.py
+#usr/lib/python3.8/site-packages/samba/tests/samba_upgradedns_lmdb.py
+#usr/lib/python3.8/site-packages/samba/tests/samdb.py
+#usr/lib/python3.8/site-packages/samba/tests/samdb_api.py
+#usr/lib/python3.8/site-packages/samba/tests/security.py
+#usr/lib/python3.8/site-packages/samba/tests/segfault.py
+#usr/lib/python3.8/site-packages/samba/tests/smb.py
+#usr/lib/python3.8/site-packages/samba/tests/smbd_base.py
+#usr/lib/python3.8/site-packages/samba/tests/smbd_fuzztest.py
+#usr/lib/python3.8/site-packages/samba/tests/source.py
+#usr/lib/python3.8/site-packages/samba/tests/strings.py
+#usr/lib/python3.8/site-packages/samba/tests/subunitrun.py
+#usr/lib/python3.8/site-packages/samba/tests/tdb_util.py
+#usr/lib/python3.8/site-packages/samba/tests/upgrade.py
+#usr/lib/python3.8/site-packages/samba/tests/upgradeprovision.py
+#usr/lib/python3.8/site-packages/samba/tests/upgradeprovisionneeddc.py
+#usr/lib/python3.8/site-packages/samba/tests/usage.py
+#usr/lib/python3.8/site-packages/samba/tests/xattr.py
+#usr/lib/python3.8/site-packages/samba/third_party
+usr/lib/python3.8/site-packages/samba/third_party/__init__.py
+usr/lib/python3.8/site-packages/samba/third_party/iso8601
+usr/lib/python3.8/site-packages/samba/third_party/iso8601/__init__.py
+usr/lib/python3.8/site-packages/samba/third_party/iso8601/iso8601.py
+usr/lib/python3.8/site-packages/samba/third_party/iso8601/test_iso8601.py
+usr/lib/python3.8/site-packages/samba/upgrade.py
+usr/lib/python3.8/site-packages/samba/upgradehelpers.py
+usr/lib/python3.8/site-packages/samba/uptodateness.py
+usr/lib/python3.8/site-packages/samba/werror.cpython-38-arm-linux-gnueabi.so
+usr/lib/python3.8/site-packages/samba/xattr.py
+usr/lib/python3.8/site-packages/samba/xattr_native.cpython-38-arm-linux-gnueabi.so
+usr/lib/python3.8/site-packages/samba/xattr_tdb.cpython-38-arm-linux-gnueabi.so
+usr/lib/python3.8/site-packages/talloc.cpython-38-arm-linux-gnueabi.so
+usr/lib/python3.8/site-packages/tdb.cpython-38-arm-linux-gnueabi.so
+usr/lib/python3.8/site-packages/tevent.py
+#usr/lib/samba
+usr/lib/samba/idmap
+usr/lib/samba/idmap/ad.so
+usr/lib/samba/idmap/autorid.so
+usr/lib/samba/idmap/hash.so
+usr/lib/samba/idmap/rfc2307.so
+usr/lib/samba/idmap/rid.so
+usr/lib/samba/idmap/script.so
+usr/lib/samba/idmap/tdb2.so
+#usr/lib/samba/krb5
+usr/lib/samba/krb5/winbind_krb5_locator.so
+#usr/lib/samba/ldb
+usr/lib/samba/ldb/asq.so
+usr/lib/samba/ldb/ildap.so
+usr/lib/samba/ldb/ldb.so
+usr/lib/samba/ldb/ldbsamba_extensions.so
+usr/lib/samba/ldb/paged_searches.so
+usr/lib/samba/ldb/rdn_name.so
+usr/lib/samba/ldb/sample.so
+usr/lib/samba/ldb/server_sort.so
+usr/lib/samba/ldb/skel.so
+usr/lib/samba/ldb/tdb.so
+usr/lib/samba/libCHARSET3-samba4.so
+usr/lib/samba/libLIBWBCLIENT-OLD-samba4.so
+usr/lib/samba/libMESSAGING-SEND-samba4.so
+usr/lib/samba/libMESSAGING-samba4.so
+usr/lib/samba/libaddns-samba4.so
+usr/lib/samba/libads-samba4.so
+usr/lib/samba/libasn1-samba4.so.8
+usr/lib/samba/libasn1-samba4.so.8.0.0
+usr/lib/samba/libasn1util-samba4.so
+usr/lib/samba/libauth-samba4.so
+usr/lib/samba/libauth-unix-token-samba4.so
+usr/lib/samba/libauth4-samba4.so
+usr/lib/samba/libauthkrb5-samba4.so
+usr/lib/samba/libcli-cldap-samba4.so
+usr/lib/samba/libcli-ldap-common-samba4.so
+usr/lib/samba/libcli-ldap-samba4.so
+usr/lib/samba/libcli-nbt-samba4.so
+usr/lib/samba/libcli-smb-common-samba4.so
+usr/lib/samba/libcli-spoolss-samba4.so
+usr/lib/samba/libcliauth-samba4.so
+usr/lib/samba/libclidns-samba4.so
+usr/lib/samba/libcluster-samba4.so
+usr/lib/samba/libcmdline-contexts-samba4.so
+usr/lib/samba/libcmdline-credentials-samba4.so
+usr/lib/samba/libcmocka-samba4.so
+usr/lib/samba/libcom_err-samba4.so.0
+usr/lib/samba/libcom_err-samba4.so.0.25
+usr/lib/samba/libcommon-auth-samba4.so
+usr/lib/samba/libdbwrap-samba4.so
+usr/lib/samba/libdcerpc-samba-samba4.so
+usr/lib/samba/libdcerpc-samba4.so
+usr/lib/samba/libdsdb-module-samba4.so
+usr/lib/samba/libevents-samba4.so
+usr/lib/samba/libflag-mapping-samba4.so
+usr/lib/samba/libgenrand-samba4.so
+usr/lib/samba/libgensec-samba4.so
+usr/lib/samba/libgpext-samba4.so
+usr/lib/samba/libgpo-samba4.so
+usr/lib/samba/libgse-samba4.so
+usr/lib/samba/libgssapi-samba4.so.2
+usr/lib/samba/libgssapi-samba4.so.2.0.0
+usr/lib/samba/libhcrypto-samba4.so.5
+usr/lib/samba/libhcrypto-samba4.so.5.0.1
+usr/lib/samba/libhdb-samba4.so.11
+usr/lib/samba/libhdb-samba4.so.11.0.2
+usr/lib/samba/libheimbase-samba4.so.1
+usr/lib/samba/libheimbase-samba4.so.1.0.0
+usr/lib/samba/libheimntlm-samba4.so.1
+usr/lib/samba/libheimntlm-samba4.so.1.0.1
+usr/lib/samba/libhttp-samba4.so
+usr/lib/samba/libhx509-samba4.so.5
+usr/lib/samba/libhx509-samba4.so.5.0.0
+usr/lib/samba/libidmap-samba4.so
+usr/lib/samba/libinterfaces-samba4.so
+usr/lib/samba/libiov-buf-samba4.so
+usr/lib/samba/libkdc-samba4.so.2
+usr/lib/samba/libkdc-samba4.so.2.0.0
+usr/lib/samba/libkrb5-samba4.so.26
+usr/lib/samba/libkrb5-samba4.so.26.0.0
+usr/lib/samba/libkrb5samba-samba4.so
+usr/lib/samba/libldb-cmdline-samba4.so
+usr/lib/samba/libldb-key-value-samba4.so
+usr/lib/samba/libldb-tdb-err-map-samba4.so
+usr/lib/samba/libldb-tdb-int-samba4.so
+usr/lib/samba/libldb.so.2
+usr/lib/samba/libldb.so.2.2.0
+usr/lib/samba/libldbsamba-samba4.so
+usr/lib/samba/liblibcli-lsa3-samba4.so
+usr/lib/samba/liblibcli-netlogon3-samba4.so
+usr/lib/samba/liblibsmb-samba4.so
+usr/lib/samba/libmessages-dgm-samba4.so
+usr/lib/samba/libmessages-util-samba4.so
+usr/lib/samba/libmsghdr-samba4.so
+usr/lib/samba/libmsrpc3-samba4.so
+usr/lib/samba/libndr-samba-samba4.so
+usr/lib/samba/libndr-samba4.so
+usr/lib/samba/libnet-keytab-samba4.so
+usr/lib/samba/libnetif-samba4.so
+usr/lib/samba/libnpa-tstream-samba4.so
+usr/lib/samba/libnss-info-samba4.so
+usr/lib/samba/libpopt-samba3-cmdline-samba4.so
+usr/lib/samba/libpopt-samba3-samba4.so
+usr/lib/samba/libposix-eadb-samba4.so
+usr/lib/samba/libprinter-driver-samba4.so
+usr/lib/samba/libprinting-migrate-samba4.so
+usr/lib/samba/libpyldb-util.cpython-38-arm-linux-gnueabi.so.2
+usr/lib/samba/libpyldb-util.cpython-38-arm-linux-gnueabi.so.2.2.0
+usr/lib/samba/libpytalloc-util.cpython-38-arm-linux-gnueabi.so.2
+usr/lib/samba/libpytalloc-util.cpython-38-arm-linux-gnueabi.so.2.3.1
+usr/lib/samba/libregistry-samba4.so
+usr/lib/samba/libreplace-samba4.so
+usr/lib/samba/libroken-samba4.so.19
+usr/lib/samba/libroken-samba4.so.19.0.1
+usr/lib/samba/libsamba-cluster-support-samba4.so
+usr/lib/samba/libsamba-debug-samba4.so
+usr/lib/samba/libsamba-modules-samba4.so
+usr/lib/samba/libsamba-net.cpython-38-arm-linux-gnueabi-samba4.so
+usr/lib/samba/libsamba-python.cpython-38-arm-linux-gnueabi-samba4.so
+usr/lib/samba/libsamba-security-samba4.so
+usr/lib/samba/libsamba-sockets-samba4.so
+usr/lib/samba/libsamba3-util-samba4.so
+usr/lib/samba/libsamdb-common-samba4.so
+usr/lib/samba/libsecrets3-samba4.so
+usr/lib/samba/libserver-id-db-samba4.so
+usr/lib/samba/libserver-role-samba4.so
+usr/lib/samba/libshares-samba4.so
+usr/lib/samba/libsmb-transport-samba4.so
+usr/lib/samba/libsmbclient-raw-samba4.so
+usr/lib/samba/libsmbd-base-samba4.so
+usr/lib/samba/libsmbd-conn-samba4.so
+usr/lib/samba/libsmbd-shim-samba4.so
+usr/lib/samba/libsmbldaphelper-samba4.so
+usr/lib/samba/libsmbpasswdparser-samba4.so
+usr/lib/samba/libsocket-blocking-samba4.so
+usr/lib/samba/libsys-rw-samba4.so
+usr/lib/samba/libtalloc-report-printf-samba4.so
+usr/lib/samba/libtalloc-report-samba4.so
+usr/lib/samba/libtalloc.so.2
+usr/lib/samba/libtalloc.so.2.3.1
+usr/lib/samba/libtdb-wrap-samba4.so
+usr/lib/samba/libtdb.so.1
+usr/lib/samba/libtdb.so.1.4.3
+usr/lib/samba/libtevent.so.0
+usr/lib/samba/libtevent.so.0.10.2
+usr/lib/samba/libtime-basic-samba4.so
+usr/lib/samba/libtorture-samba4.so
+usr/lib/samba/libtrusts-util-samba4.so
+usr/lib/samba/libutil-cmdline-samba4.so
+usr/lib/samba/libutil-reg-samba4.so
+usr/lib/samba/libutil-setid-samba4.so
+usr/lib/samba/libutil-tdb-samba4.so
+usr/lib/samba/libwinbind-client-samba4.so
+usr/lib/samba/libwind-samba4.so.0
+usr/lib/samba/libwind-samba4.so.0.0.0
+usr/lib/samba/libxattr-tdb-samba4.so
+usr/lib/samba/nss_info
+usr/lib/samba/nss_info/hash.so
+usr/lib/samba/nss_info/rfc2307.so
+usr/lib/samba/nss_info/sfu.so
+usr/lib/samba/nss_info/sfu20.so
+#usr/lib/samba/vfs
+usr/lib/samba/vfs/acl_tdb.so
+usr/lib/samba/vfs/acl_xattr.so
+usr/lib/samba/vfs/aio_fork.so
+usr/lib/samba/vfs/aio_pthread.so
+usr/lib/samba/vfs/audit.so
+usr/lib/samba/vfs/btrfs.so
+usr/lib/samba/vfs/cap.so
+usr/lib/samba/vfs/catia.so
+usr/lib/samba/vfs/commit.so
+usr/lib/samba/vfs/crossrename.so
+usr/lib/samba/vfs/default_quota.so
+usr/lib/samba/vfs/dirsort.so
+usr/lib/samba/vfs/expand_msdfs.so
+usr/lib/samba/vfs/extd_audit.so
+usr/lib/samba/vfs/fake_perms.so
+usr/lib/samba/vfs/fileid.so
+usr/lib/samba/vfs/fruit.so
+usr/lib/samba/vfs/full_audit.so
+usr/lib/samba/vfs/glusterfs_fuse.so
+usr/lib/samba/vfs/gpfs.so
+usr/lib/samba/vfs/linux_xfs_sgid.so
+usr/lib/samba/vfs/media_harmony.so
+usr/lib/samba/vfs/offline.so
+usr/lib/samba/vfs/preopen.so
+usr/lib/samba/vfs/readahead.so
+usr/lib/samba/vfs/readonly.so
+usr/lib/samba/vfs/recycle.so
+usr/lib/samba/vfs/shadow_copy.so
+usr/lib/samba/vfs/shadow_copy2.so
+usr/lib/samba/vfs/shell_snap.so
+usr/lib/samba/vfs/snapper.so
+usr/lib/samba/vfs/streams_depot.so
+usr/lib/samba/vfs/streams_xattr.so
+usr/lib/samba/vfs/syncops.so
+usr/lib/samba/vfs/time_audit.so
+usr/lib/samba/vfs/unityed_media.so
+usr/lib/samba/vfs/virusfilter.so
+usr/lib/samba/vfs/widelinks.so
+usr/lib/samba/vfs/worm.so
+usr/lib/samba/vfs/xattr_tdb.so
+usr/lib/security
+usr/lib/security/pam_winbind.so
+#usr/libexec/samba
+usr/libexec/samba/smbspool_krb5_wrapper
+usr/sbin/eventlogadm
+usr/sbin/nmbd
+usr/sbin/samba-gpupdate
+usr/sbin/smbd
+usr/sbin/winbindd
+var/ipfire/backup/addons/includes/samba
+#var/ipfire/samba
+var/ipfire/samba/default.global
+var/ipfire/samba/default.pdc
+var/ipfire/samba/default.printer
+var/ipfire/samba/default.settings
+var/ipfire/samba/default.shares
+var/ipfire/samba/global
+var/ipfire/samba/pdc
+var/ipfire/samba/printer
+#var/ipfire/samba/private
+var/ipfire/samba/private/secrets.tdb
+var/ipfire/samba/private/smbpasswd
+var/ipfire/samba/settings
+var/ipfire/samba/shares
+var/ipfire/samba/smb.conf
+var/ipfire/samba/smb.conf.default
+var/lib/samba
+var/lib/samba/bind-dns
+var/lib/samba/private
+var/lib/samba/winbindd_privileged
+var/log/samba
+var/nmbd
+srv/web/ipfire/cgi-bin/samba.cgi
+srv/web/ipfire/cgi-bin/sambahlp.cgi
+var/ipfire/menu.d/EX-samba.menu
+usr/local/bin/sambactrl

config/rootfiles/packages/i586/samba

@@ -0,0 +1,820 @@
+etc/rc.d/init.d/samba
+usr/bin/cifsdd
+usr/bin/dbwrap_tool
+usr/bin/findsmb
+usr/bin/gentest
+usr/bin/ldbadd
+usr/bin/ldbdel
+usr/bin/ldbedit
+usr/bin/ldbmodify
+usr/bin/ldbrename
+usr/bin/ldbsearch
+usr/bin/locktest
+usr/bin/masktest
+usr/bin/mdfind
+usr/bin/mvxattr
+usr/bin/ndrdump
+usr/bin/net
+usr/bin/nmblookup
+usr/bin/ntlm_auth
+usr/bin/oLschema2ldif
+usr/bin/pdbedit
+usr/bin/profiles
+usr/bin/regdiff
+usr/bin/regpatch
+usr/bin/regshell
+usr/bin/regtree
+usr/bin/rpcclient
+usr/bin/samba-regedit
+usr/bin/sharesec
+usr/bin/smbcacls
+usr/bin/smbclient
+usr/bin/smbcontrol
+usr/bin/smbcquotas
+usr/bin/smbget
+usr/bin/smbpasswd
+usr/bin/smbspool
+usr/bin/smbstatus
+usr/bin/smbtar
+usr/bin/smbtorture
+usr/bin/smbtree
+usr/bin/tdbbackup
+usr/bin/tdbdump
+usr/bin/tdbrestore
+usr/bin/tdbtool
+usr/bin/testparm
+usr/bin/wbinfo
+#usr/include/samba-4.0
+#usr/include/samba-4.0/charset.h
+#usr/include/samba-4.0/core
+#usr/include/samba-4.0/core/doserr.h
+#usr/include/samba-4.0/core/error.h
+#usr/include/samba-4.0/core/hresult.h
+#usr/include/samba-4.0/core/ntstatus.h
+#usr/include/samba-4.0/core/ntstatus_gen.h
+#usr/include/samba-4.0/core/werror.h
+#usr/include/samba-4.0/core/werror_gen.h
+#usr/include/samba-4.0/credentials.h
+#usr/include/samba-4.0/dcerpc.h
+#usr/include/samba-4.0/dcesrv_core.h
+#usr/include/samba-4.0/domain_credentials.h
+#usr/include/samba-4.0/gen_ndr
+#usr/include/samba-4.0/gen_ndr/atsvc.h
+#usr/include/samba-4.0/gen_ndr/auth.h
+#usr/include/samba-4.0/gen_ndr/dcerpc.h
+#usr/include/samba-4.0/gen_ndr/drsblobs.h
+#usr/include/samba-4.0/gen_ndr/drsuapi.h
+#usr/include/samba-4.0/gen_ndr/krb5pac.h
+#usr/include/samba-4.0/gen_ndr/lsa.h
+#usr/include/samba-4.0/gen_ndr/misc.h
+#usr/include/samba-4.0/gen_ndr/nbt.h
+#usr/include/samba-4.0/gen_ndr/ndr_atsvc.h
+#usr/include/samba-4.0/gen_ndr/ndr_dcerpc.h
+#usr/include/samba-4.0/gen_ndr/ndr_drsblobs.h
+#usr/include/samba-4.0/gen_ndr/ndr_drsuapi.h
+#usr/include/samba-4.0/gen_ndr/ndr_krb5pac.h
+#usr/include/samba-4.0/gen_ndr/ndr_misc.h
+#usr/include/samba-4.0/gen_ndr/ndr_nbt.h
+#usr/include/samba-4.0/gen_ndr/ndr_samr.h
+#usr/include/samba-4.0/gen_ndr/ndr_samr_c.h
+#usr/include/samba-4.0/gen_ndr/ndr_svcctl.h
+#usr/include/samba-4.0/gen_ndr/ndr_svcctl_c.h
+#usr/include/samba-4.0/gen_ndr/netlogon.h
+#usr/include/samba-4.0/gen_ndr/samr.h
+#usr/include/samba-4.0/gen_ndr/security.h
+#usr/include/samba-4.0/gen_ndr/server_id.h
+#usr/include/samba-4.0/gen_ndr/svcctl.h
+#usr/include/samba-4.0/ldb_wrap.h
+#usr/include/samba-4.0/libsmbclient.h
+#usr/include/samba-4.0/lookup_sid.h
+#usr/include/samba-4.0/machine_sid.h
+#usr/include/samba-4.0/ndr
+#usr/include/samba-4.0/ndr.h
+#usr/include/samba-4.0/ndr/ndr_dcerpc.h
+#usr/include/samba-4.0/ndr/ndr_drsblobs.h
+#usr/include/samba-4.0/ndr/ndr_drsuapi.h
+#usr/include/samba-4.0/ndr/ndr_krb5pac.h
+#usr/include/samba-4.0/ndr/ndr_nbt.h
+#usr/include/samba-4.0/ndr/ndr_svcctl.h
+#usr/include/samba-4.0/netapi.h
+#usr/include/samba-4.0/param.h
+#usr/include/samba-4.0/passdb.h
+#usr/include/samba-4.0/policy.h
+#usr/include/samba-4.0/rpc_common.h
+#usr/include/samba-4.0/samba
+#usr/include/samba-4.0/samba/session.h
+#usr/include/samba-4.0/samba/version.h
+#usr/include/samba-4.0/share.h
+#usr/include/samba-4.0/smb2_lease_struct.h
+#usr/include/samba-4.0/smb_ldap.h
+#usr/include/samba-4.0/smbconf.h
+#usr/include/samba-4.0/smbldap.h
+#usr/include/samba-4.0/tdr.h
+#usr/include/samba-4.0/tsocket.h
+#usr/include/samba-4.0/tsocket_internal.h
+#usr/include/samba-4.0/util
+#usr/include/samba-4.0/util/attr.h
+#usr/include/samba-4.0/util/blocking.h
+#usr/include/samba-4.0/util/data_blob.h
+#usr/include/samba-4.0/util/debug.h
+#usr/include/samba-4.0/util/discard.h
+#usr/include/samba-4.0/util/fault.h
+#usr/include/samba-4.0/util/genrand.h
+#usr/include/samba-4.0/util/idtree.h
+#usr/include/samba-4.0/util/idtree_random.h
+#usr/include/samba-4.0/util/signal.h
+#usr/include/samba-4.0/util/string_wrappers.h
+#usr/include/samba-4.0/util/substitute.h
+#usr/include/samba-4.0/util/tevent_ntstatus.h
+#usr/include/samba-4.0/util/tevent_unix.h
+#usr/include/samba-4.0/util/tevent_werror.h
+#usr/include/samba-4.0/util/tfork.h
+#usr/include/samba-4.0/util/time.h
+#usr/include/samba-4.0/util_ldb.h
+#usr/include/samba-4.0/wbclient.h
+usr/lib/libdcerpc-binding.so
+usr/lib/libdcerpc-binding.so.0
+usr/lib/libdcerpc-binding.so.0.0.1
+usr/lib/libdcerpc-samr.so
+usr/lib/libdcerpc-samr.so.0
+usr/lib/libdcerpc-samr.so.0.0.1
+usr/lib/libdcerpc-server-core.so
+usr/lib/libdcerpc-server-core.so.0
+usr/lib/libdcerpc-server-core.so.0.0.1
+usr/lib/libdcerpc.so
+usr/lib/libdcerpc.so.0
+usr/lib/libdcerpc.so.0.0.1
+usr/lib/libndr-krb5pac.so
+usr/lib/libndr-krb5pac.so.0
+usr/lib/libndr-krb5pac.so.0.0.1
+usr/lib/libndr-nbt.so
+usr/lib/libndr-nbt.so.0
+usr/lib/libndr-nbt.so.0.0.1
+usr/lib/libndr-standard.so
+usr/lib/libndr-standard.so.0
+usr/lib/libndr-standard.so.0.0.1
+usr/lib/libndr.so
+usr/lib/libndr.so.1
+usr/lib/libndr.so.1.0.0
+usr/lib/libnetapi.so
+usr/lib/libnetapi.so.0
+usr/lib/libnss_winbind.so
+usr/lib/libnss_winbind.so.2
+usr/lib/libnss_wins.so
+usr/lib/libnss_wins.so.2
+usr/lib/libsamba-credentials.so
+usr/lib/libsamba-credentials.so.0
+usr/lib/libsamba-credentials.so.0.0.1
+usr/lib/libsamba-errors.so
+usr/lib/libsamba-errors.so.1
+usr/lib/libsamba-hostconfig.so
+usr/lib/libsamba-hostconfig.so.0
+usr/lib/libsamba-hostconfig.so.0.0.1
+usr/lib/libsamba-passdb.so
+usr/lib/libsamba-passdb.so.0
+usr/lib/libsamba-passdb.so.0.28.0
+usr/lib/libsamba-policy.cpython-38-i386-linux-gnu.so
+usr/lib/libsamba-policy.cpython-38-i386-linux-gnu.so.0
+usr/lib/libsamba-policy.cpython-38-i386-linux-gnu.so.0.0.1
+usr/lib/libsamba-util.so
+usr/lib/libsamba-util.so.0
+usr/lib/libsamba-util.so.0.0.1
+usr/lib/libsamdb.so
+usr/lib/libsamdb.so.0
+usr/lib/libsamdb.so.0.0.1
+usr/lib/libsmbclient.so
+usr/lib/libsmbclient.so.0
+usr/lib/libsmbclient.so.0.6.0
+usr/lib/libsmbconf.so
+usr/lib/libsmbconf.so.0
+usr/lib/libsmbldap.so
+usr/lib/libsmbldap.so.2
+usr/lib/libtevent-util.so
+usr/lib/libtevent-util.so.0
+usr/lib/libtevent-util.so.0.0.1
+usr/lib/libwbclient.so
+usr/lib/libwbclient.so.0
+usr/lib/libwbclient.so.0.15
+#usr/lib/pkgconfig/dcerpc.pc
+#usr/lib/pkgconfig/dcerpc_samr.pc
+#usr/lib/pkgconfig/ndr.pc
+#usr/lib/pkgconfig/ndr_krb5pac.pc
+#usr/lib/pkgconfig/ndr_nbt.pc
+#usr/lib/pkgconfig/ndr_standard.pc
+#usr/lib/pkgconfig/netapi.pc
+#usr/lib/pkgconfig/samba-credentials.pc
+#usr/lib/pkgconfig/samba-hostconfig.pc
+#usr/lib/pkgconfig/samba-policy.cpython-38-i386-linux-gnu.pc
+#usr/lib/pkgconfig/samba-util.pc
+#usr/lib/pkgconfig/samdb.pc
+#usr/lib/pkgconfig/smbclient.pc
+#usr/lib/pkgconfig/wbclient.pc
+usr/lib/python3.8/site-packages/_ldb_text.py
+usr/lib/python3.8/site-packages/_tdb_text.py
+usr/lib/python3.8/site-packages/_tevent.cpython-38-i386-linux-gnu.so
+usr/lib/python3.8/site-packages/ldb.cpython-38-i386-linux-gnu.so
+#usr/lib/python3.8/site-packages/samba
+usr/lib/python3.8/site-packages/samba/__init__.py
+usr/lib/python3.8/site-packages/samba/_glue.cpython-38-i386-linux-gnu.so
+usr/lib/python3.8/site-packages/samba/_ldb.cpython-38-i386-linux-gnu.so
+usr/lib/python3.8/site-packages/samba/auth.cpython-38-i386-linux-gnu.so
+usr/lib/python3.8/site-packages/samba/auth_util.py
+usr/lib/python3.8/site-packages/samba/colour.py
+usr/lib/python3.8/site-packages/samba/common.py
+usr/lib/python3.8/site-packages/samba/compat.py
+usr/lib/python3.8/site-packages/samba/credentials.cpython-38-i386-linux-gnu.so
+usr/lib/python3.8/site-packages/samba/crypto.cpython-38-i386-linux-gnu.so
+usr/lib/python3.8/site-packages/samba/dbchecker.py
+#usr/lib/python3.8/site-packages/samba/dcerpc
+usr/lib/python3.8/site-packages/samba/dcerpc/__init__.py
+usr/lib/python3.8/site-packages/samba/dcerpc/atsvc.cpython-38-i386-linux-gnu.so
+usr/lib/python3.8/site-packages/samba/dcerpc/auth.cpython-38-i386-linux-gnu.so
+usr/lib/python3.8/site-packages/samba/dcerpc/base.cpython-38-i386-linux-gnu.so
+usr/lib/python3.8/site-packages/samba/dcerpc/dcerpc.cpython-38-i386-linux-gnu.so
+usr/lib/python3.8/site-packages/samba/dcerpc/dfs.cpython-38-i386-linux-gnu.so
+usr/lib/python3.8/site-packages/samba/dcerpc/dns.cpython-38-i386-linux-gnu.so
+usr/lib/python3.8/site-packages/samba/dcerpc/dnsp.cpython-38-i386-linux-gnu.so
+usr/lib/python3.8/site-packages/samba/dcerpc/dnsserver.cpython-38-i386-linux-gnu.so
+usr/lib/python3.8/site-packages/samba/dcerpc/drsblobs.cpython-38-i386-linux-gnu.so
+usr/lib/python3.8/site-packages/samba/dcerpc/drsuapi.cpython-38-i386-linux-gnu.so
+usr/lib/python3.8/site-packages/samba/dcerpc/echo.cpython-38-i386-linux-gnu.so
+usr/lib/python3.8/site-packages/samba/dcerpc/epmapper.cpython-38-i386-linux-gnu.so
+usr/lib/python3.8/site-packages/samba/dcerpc/idmap.cpython-38-i386-linux-gnu.so
+usr/lib/python3.8/site-packages/samba/dcerpc/initshutdown.cpython-38-i386-linux-gnu.so
+usr/lib/python3.8/site-packages/samba/dcerpc/irpc.cpython-38-i386-linux-gnu.so
+usr/lib/python3.8/site-packages/samba/dcerpc/krb5pac.cpython-38-i386-linux-gnu.so
+usr/lib/python3.8/site-packages/samba/dcerpc/lsa.cpython-38-i386-linux-gnu.so
+usr/lib/python3.8/site-packages/samba/dcerpc/mdssvc.cpython-38-i386-linux-gnu.so
+usr/lib/python3.8/site-packages/samba/dcerpc/messaging.cpython-38-i386-linux-gnu.so
+usr/lib/python3.8/site-packages/samba/dcerpc/mgmt.cpython-38-i386-linux-gnu.so
+usr/lib/python3.8/site-packages/samba/dcerpc/misc.cpython-38-i386-linux-gnu.so
+usr/lib/python3.8/site-packages/samba/dcerpc/nbt.cpython-38-i386-linux-gnu.so
+usr/lib/python3.8/site-packages/samba/dcerpc/netlogon.cpython-38-i386-linux-gnu.so
+usr/lib/python3.8/site-packages/samba/dcerpc/ntlmssp.cpython-38-i386-linux-gnu.so
+usr/lib/python3.8/site-packages/samba/dcerpc/preg.cpython-38-i386-linux-gnu.so
+usr/lib/python3.8/site-packages/samba/dcerpc/samr.cpython-38-i386-linux-gnu.so
+usr/lib/python3.8/site-packages/samba/dcerpc/security.cpython-38-i386-linux-gnu.so
+usr/lib/python3.8/site-packages/samba/dcerpc/server_id.cpython-38-i386-linux-gnu.so
+usr/lib/python3.8/site-packages/samba/dcerpc/smb_acl.cpython-38-i386-linux-gnu.so
+usr/lib/python3.8/site-packages/samba/dcerpc/spoolss.cpython-38-i386-linux-gnu.so
+usr/lib/python3.8/site-packages/samba/dcerpc/srvsvc.cpython-38-i386-linux-gnu.so
+usr/lib/python3.8/site-packages/samba/dcerpc/svcctl.cpython-38-i386-linux-gnu.so
+usr/lib/python3.8/site-packages/samba/dcerpc/unixinfo.cpython-38-i386-linux-gnu.so
+usr/lib/python3.8/site-packages/samba/dcerpc/winbind.cpython-38-i386-linux-gnu.so
+usr/lib/python3.8/site-packages/samba/dcerpc/windows_event_ids.cpython-38-i386-linux-gnu.so
+usr/lib/python3.8/site-packages/samba/dcerpc/winreg.cpython-38-i386-linux-gnu.so
+usr/lib/python3.8/site-packages/samba/dcerpc/winspool.cpython-38-i386-linux-gnu.so
+usr/lib/python3.8/site-packages/samba/dcerpc/witness.cpython-38-i386-linux-gnu.so
+usr/lib/python3.8/site-packages/samba/dcerpc/wkssvc.cpython-38-i386-linux-gnu.so
+usr/lib/python3.8/site-packages/samba/dcerpc/xattr.cpython-38-i386-linux-gnu.so
+usr/lib/python3.8/site-packages/samba/descriptor.py
+usr/lib/python3.8/site-packages/samba/dnsserver.py
+usr/lib/python3.8/site-packages/samba/domain_update.py
+usr/lib/python3.8/site-packages/samba/drs_utils.py
+#usr/lib/python3.8/site-packages/samba/emulate
+usr/lib/python3.8/site-packages/samba/emulate/__init__.py
+usr/lib/python3.8/site-packages/samba/emulate/traffic.py
+usr/lib/python3.8/site-packages/samba/emulate/traffic_packets.py
+usr/lib/python3.8/site-packages/samba/forest_update.py
+usr/lib/python3.8/site-packages/samba/gensec.cpython-38-i386-linux-gnu.so
+usr/lib/python3.8/site-packages/samba/getopt.py
+usr/lib/python3.8/site-packages/samba/gp_ext_loader.py
+#usr/lib/python3.8/site-packages/samba/gp_parse
+usr/lib/python3.8/site-packages/samba/gp_parse/__init__.py
+usr/lib/python3.8/site-packages/samba/gp_parse/gp_aas.py
+usr/lib/python3.8/site-packages/samba/gp_parse/gp_csv.py
+usr/lib/python3.8/site-packages/samba/gp_parse/gp_inf.py
+usr/lib/python3.8/site-packages/samba/gp_parse/gp_ini.py
+usr/lib/python3.8/site-packages/samba/gp_parse/gp_pol.py
+usr/lib/python3.8/site-packages/samba/gp_scripts_ext.py
+usr/lib/python3.8/site-packages/samba/gp_sec_ext.py
+usr/lib/python3.8/site-packages/samba/gpclass.py
+usr/lib/python3.8/site-packages/samba/gpo.cpython-38-i386-linux-gnu.so
+usr/lib/python3.8/site-packages/samba/graph.py
+usr/lib/python3.8/site-packages/samba/hostconfig.py
+usr/lib/python3.8/site-packages/samba/idmap.py
+usr/lib/python3.8/site-packages/samba/join.py
+#usr/lib/python3.8/site-packages/samba/kcc
+usr/lib/python3.8/site-packages/samba/kcc/__init__.py
+usr/lib/python3.8/site-packages/samba/kcc/debug.py
+usr/lib/python3.8/site-packages/samba/kcc/graph.py
+usr/lib/python3.8/site-packages/samba/kcc/graph_utils.py
+usr/lib/python3.8/site-packages/samba/kcc/kcc_utils.py
+usr/lib/python3.8/site-packages/samba/kcc/ldif_import_export.py
+usr/lib/python3.8/site-packages/samba/logger.py
+usr/lib/python3.8/site-packages/samba/mdb_util.py
+usr/lib/python3.8/site-packages/samba/messaging.cpython-38-i386-linux-gnu.so
+usr/lib/python3.8/site-packages/samba/ms_display_specifiers.py
+usr/lib/python3.8/site-packages/samba/ms_forest_updates_markdown.py
+usr/lib/python3.8/site-packages/samba/ms_schema.py
+usr/lib/python3.8/site-packages/samba/ms_schema_markdown.py
+usr/lib/python3.8/site-packages/samba/ndr.py
+usr/lib/python3.8/site-packages/samba/net.cpython-38-i386-linux-gnu.so
+usr/lib/python3.8/site-packages/samba/netbios.cpython-38-i386-linux-gnu.so
+#usr/lib/python3.8/site-packages/samba/netcmd
+usr/lib/python3.8/site-packages/samba/netcmd/__init__.py
+usr/lib/python3.8/site-packages/samba/netcmd/common.py
+usr/lib/python3.8/site-packages/samba/netcmd/computer.py
+usr/lib/python3.8/site-packages/samba/netcmd/contact.py
+usr/lib/python3.8/site-packages/samba/netcmd/dbcheck.py
+usr/lib/python3.8/site-packages/samba/netcmd/delegation.py
+usr/lib/python3.8/site-packages/samba/netcmd/dns.py
+usr/lib/python3.8/site-packages/samba/netcmd/domain.py
+usr/lib/python3.8/site-packages/samba/netcmd/domain_backup.py
+usr/lib/python3.8/site-packages/samba/netcmd/drs.py
+usr/lib/python3.8/site-packages/samba/netcmd/dsacl.py
+usr/lib/python3.8/site-packages/samba/netcmd/forest.py
+usr/lib/python3.8/site-packages/samba/netcmd/fsmo.py
+usr/lib/python3.8/site-packages/samba/netcmd/gpo.py
+usr/lib/python3.8/site-packages/samba/netcmd/group.py
+usr/lib/python3.8/site-packages/samba/netcmd/ldapcmp.py
+usr/lib/python3.8/site-packages/samba/netcmd/main.py
+usr/lib/python3.8/site-packages/samba/netcmd/nettime.py
+usr/lib/python3.8/site-packages/samba/netcmd/ntacl.py
+usr/lib/python3.8/site-packages/samba/netcmd/ou.py
+usr/lib/python3.8/site-packages/samba/netcmd/processes.py
+usr/lib/python3.8/site-packages/samba/netcmd/pso.py
+usr/lib/python3.8/site-packages/samba/netcmd/rodc.py
+usr/lib/python3.8/site-packages/samba/netcmd/schema.py
+usr/lib/python3.8/site-packages/samba/netcmd/sites.py
+usr/lib/python3.8/site-packages/samba/netcmd/spn.py
+usr/lib/python3.8/site-packages/samba/netcmd/testparm.py
+usr/lib/python3.8/site-packages/samba/netcmd/user.py
+usr/lib/python3.8/site-packages/samba/netcmd/visualize.py
+usr/lib/python3.8/site-packages/samba/ntacls.py
+usr/lib/python3.8/site-packages/samba/ntstatus.cpython-38-i386-linux-gnu.so
+usr/lib/python3.8/site-packages/samba/param.cpython-38-i386-linux-gnu.so
+usr/lib/python3.8/site-packages/samba/policy.cpython-38-i386-linux-gnu.so
+usr/lib/python3.8/site-packages/samba/posix_eadb.cpython-38-i386-linux-gnu.so
+#usr/lib/python3.8/site-packages/samba/provision
+usr/lib/python3.8/site-packages/samba/provision/__init__.py
+usr/lib/python3.8/site-packages/samba/provision/backend.py
+usr/lib/python3.8/site-packages/samba/provision/common.py
+usr/lib/python3.8/site-packages/samba/provision/kerberos.py
+usr/lib/python3.8/site-packages/samba/provision/kerberos_implementation.py
+usr/lib/python3.8/site-packages/samba/provision/sambadns.py
+usr/lib/python3.8/site-packages/samba/registry.cpython-38-i386-linux-gnu.so
+usr/lib/python3.8/site-packages/samba/remove_dc.py
+#usr/lib/python3.8/site-packages/samba/samba3
+usr/lib/python3.8/site-packages/samba/samba3/__init__.py
+usr/lib/python3.8/site-packages/samba/samba3/libsmb_samba_internal.cpython-38-i386-linux-gnu.so
+usr/lib/python3.8/site-packages/samba/samba3/mdscli.cpython-38-i386-linux-gnu.so
+usr/lib/python3.8/site-packages/samba/samba3/param.cpython-38-i386-linux-gnu.so
+usr/lib/python3.8/site-packages/samba/samba3/passdb.cpython-38-i386-linux-gnu.so
+usr/lib/python3.8/site-packages/samba/samba3/smbd.cpython-38-i386-linux-gnu.so
+usr/lib/python3.8/site-packages/samba/samdb.py
+usr/lib/python3.8/site-packages/samba/schema.py
+usr/lib/python3.8/site-packages/samba/sd_utils.py
+usr/lib/python3.8/site-packages/samba/security.cpython-38-i386-linux-gnu.so
+usr/lib/python3.8/site-packages/samba/sites.py
+usr/lib/python3.8/site-packages/samba/subnets.py
+#usr/lib/python3.8/site-packages/samba/subunit
+usr/lib/python3.8/site-packages/samba/subunit/__init__.py
+usr/lib/python3.8/site-packages/samba/subunit/run.py
+usr/lib/python3.8/site-packages/samba/tdb_util.py
+#usr/lib/python3.8/site-packages/samba/tests
+#usr/lib/python3.8/site-packages/samba/tests/__init__.py
+#usr/lib/python3.8/site-packages/samba/tests/audit_log_base.py
+#usr/lib/python3.8/site-packages/samba/tests/audit_log_dsdb.py
+#usr/lib/python3.8/site-packages/samba/tests/audit_log_pass_change.py
+#usr/lib/python3.8/site-packages/samba/tests/auth.py
+#usr/lib/python3.8/site-packages/samba/tests/auth_log.py
+#usr/lib/python3.8/site-packages/samba/tests/auth_log_base.py
+#usr/lib/python3.8/site-packages/samba/tests/auth_log_ncalrpc.py
+#usr/lib/python3.8/site-packages/samba/tests/auth_log_netlogon.py
+#usr/lib/python3.8/site-packages/samba/tests/auth_log_netlogon_bad_creds.py
+#usr/lib/python3.8/site-packages/samba/tests/auth_log_pass_change.py
+#usr/lib/python3.8/site-packages/samba/tests/auth_log_samlogon.py
+#usr/lib/python3.8/site-packages/samba/tests/auth_log_winbind.py
+#usr/lib/python3.8/site-packages/samba/tests/blackbox
+#usr/lib/python3.8/site-packages/samba/tests/blackbox/__init__.py
+#usr/lib/python3.8/site-packages/samba/tests/blackbox/bug13653.py
+#usr/lib/python3.8/site-packages/samba/tests/blackbox/check_output.py
+#usr/lib/python3.8/site-packages/samba/tests/blackbox/downgradedatabase.py
+#usr/lib/python3.8/site-packages/samba/tests/blackbox/mdfind.py
+#usr/lib/python3.8/site-packages/samba/tests/blackbox/ndrdump.py
+#usr/lib/python3.8/site-packages/samba/tests/blackbox/netads_json.py
+#usr/lib/python3.8/site-packages/samba/tests/blackbox/samba_dnsupdate.py
+#usr/lib/python3.8/site-packages/samba/tests/blackbox/smbcacls.py
+#usr/lib/python3.8/site-packages/samba/tests/blackbox/smbcacls_basic.py
+#usr/lib/python3.8/site-packages/samba/tests/blackbox/smbcontrol.py
+#usr/lib/python3.8/site-packages/samba/tests/blackbox/smbcontrol_process.py
+#usr/lib/python3.8/site-packages/samba/tests/blackbox/traffic_learner.py
+#usr/lib/python3.8/site-packages/samba/tests/blackbox/traffic_replay.py
+#usr/lib/python3.8/site-packages/samba/tests/blackbox/traffic_summary.py
+#usr/lib/python3.8/site-packages/samba/tests/common.py
+#usr/lib/python3.8/site-packages/samba/tests/complex_expressions.py
+#usr/lib/python3.8/site-packages/samba/tests/core.py
+#usr/lib/python3.8/site-packages/samba/tests/credentials.py
+#usr/lib/python3.8/site-packages/samba/tests/dcerpc
+#usr/lib/python3.8/site-packages/samba/tests/dcerpc/__init__.py
+#usr/lib/python3.8/site-packages/samba/tests/dcerpc/array.py
+#usr/lib/python3.8/site-packages/samba/tests/dcerpc/bare.py
+#usr/lib/python3.8/site-packages/samba/tests/dcerpc/dnsserver.py
+#usr/lib/python3.8/site-packages/samba/tests/dcerpc/integer.py
+#usr/lib/python3.8/site-packages/samba/tests/dcerpc/mdssvc.py
+#usr/lib/python3.8/site-packages/samba/tests/dcerpc/misc.py
+#usr/lib/python3.8/site-packages/samba/tests/dcerpc/raw_protocol.py
+#usr/lib/python3.8/site-packages/samba/tests/dcerpc/raw_testcase.py
+#usr/lib/python3.8/site-packages/samba/tests/dcerpc/registry.py
+#usr/lib/python3.8/site-packages/samba/tests/dcerpc/rpc_talloc.py
+#usr/lib/python3.8/site-packages/samba/tests/dcerpc/rpcecho.py
+#usr/lib/python3.8/site-packages/samba/tests/dcerpc/sam.py
+#usr/lib/python3.8/site-packages/samba/tests/dcerpc/srvsvc.py
+#usr/lib/python3.8/site-packages/samba/tests/dcerpc/string_tests.py
+#usr/lib/python3.8/site-packages/samba/tests/dcerpc/testrpc.py
+#usr/lib/python3.8/site-packages/samba/tests/dcerpc/unix.py
+#usr/lib/python3.8/site-packages/samba/tests/dckeytab.py
+#usr/lib/python3.8/site-packages/samba/tests/dns.py
+#usr/lib/python3.8/site-packages/samba/tests/dns_base.py
+#usr/lib/python3.8/site-packages/samba/tests/dns_forwarder.py
+#usr/lib/python3.8/site-packages/samba/tests/dns_forwarder_helpers
+#usr/lib/python3.8/site-packages/samba/tests/dns_forwarder_helpers/server.py
+#usr/lib/python3.8/site-packages/samba/tests/dns_invalid.py
+#usr/lib/python3.8/site-packages/samba/tests/dns_packet.py
+#usr/lib/python3.8/site-packages/samba/tests/dns_tkey.py
+#usr/lib/python3.8/site-packages/samba/tests/dns_wildcard.py
+#usr/lib/python3.8/site-packages/samba/tests/docs.py
+#usr/lib/python3.8/site-packages/samba/tests/domain_backup.py
+#usr/lib/python3.8/site-packages/samba/tests/domain_backup_offline.py
+#usr/lib/python3.8/site-packages/samba/tests/dsdb.py
+#usr/lib/python3.8/site-packages/samba/tests/dsdb_lock.py
+#usr/lib/python3.8/site-packages/samba/tests/dsdb_schema_attributes.py
+#usr/lib/python3.8/site-packages/samba/tests/emulate
+#usr/lib/python3.8/site-packages/samba/tests/emulate/__init__.py
+#usr/lib/python3.8/site-packages/samba/tests/emulate/traffic.py
+#usr/lib/python3.8/site-packages/samba/tests/emulate/traffic_packet.py
+#usr/lib/python3.8/site-packages/samba/tests/encrypted_secrets.py
+#usr/lib/python3.8/site-packages/samba/tests/gensec.py
+#usr/lib/python3.8/site-packages/samba/tests/get_opt.py
+#usr/lib/python3.8/site-packages/samba/tests/getdcname.py
+#usr/lib/python3.8/site-packages/samba/tests/glue.py
+#usr/lib/python3.8/site-packages/samba/tests/gpo.py
+#usr/lib/python3.8/site-packages/samba/tests/graph.py
+#usr/lib/python3.8/site-packages/samba/tests/group_audit.py
+#usr/lib/python3.8/site-packages/samba/tests/hostconfig.py
+#usr/lib/python3.8/site-packages/samba/tests/join.py
+#usr/lib/python3.8/site-packages/samba/tests/kcc
+#usr/lib/python3.8/site-packages/samba/tests/kcc/__init__.py
+#usr/lib/python3.8/site-packages/samba/tests/kcc/graph.py
+#usr/lib/python3.8/site-packages/samba/tests/kcc/graph_utils.py
+#usr/lib/python3.8/site-packages/samba/tests/kcc/kcc_utils.py
+#usr/lib/python3.8/site-packages/samba/tests/kcc/ldif_import_export.py
+#usr/lib/python3.8/site-packages/samba/tests/krb5
+#usr/lib/python3.8/site-packages/samba/tests/krb5/kcrypto.py
+#usr/lib/python3.8/site-packages/samba/tests/krb5/raw_testcase.py
+#usr/lib/python3.8/site-packages/samba/tests/krb5/rfc4120_pyasn1.py
+#usr/lib/python3.8/site-packages/samba/tests/krb5/s4u_tests.py
+#usr/lib/python3.8/site-packages/samba/tests/krb5/simple_tests.py
+#usr/lib/python3.8/site-packages/samba/tests/krb5/xrealm_tests.py
+#usr/lib/python3.8/site-packages/samba/tests/krb5_credentials.py
+#usr/lib/python3.8/site-packages/samba/tests/ldap_raw.py
+#usr/lib/python3.8/site-packages/samba/tests/ldap_referrals.py
+#usr/lib/python3.8/site-packages/samba/tests/libsmb.py
+#usr/lib/python3.8/site-packages/samba/tests/loadparm.py
+#usr/lib/python3.8/site-packages/samba/tests/lsa_string.py
+#usr/lib/python3.8/site-packages/samba/tests/messaging.py
+#usr/lib/python3.8/site-packages/samba/tests/net_join.py
+#usr/lib/python3.8/site-packages/samba/tests/net_join_no_spnego.py
+#usr/lib/python3.8/site-packages/samba/tests/netbios.py
+#usr/lib/python3.8/site-packages/samba/tests/netcmd.py
+#usr/lib/python3.8/site-packages/samba/tests/netlogonsvc.py
+#usr/lib/python3.8/site-packages/samba/tests/ntacls.py
+#usr/lib/python3.8/site-packages/samba/tests/ntacls_backup.py
+#usr/lib/python3.8/site-packages/samba/tests/ntlm_auth.py
+#usr/lib/python3.8/site-packages/samba/tests/ntlm_auth_base.py
+#usr/lib/python3.8/site-packages/samba/tests/ntlm_auth_krb5.py
+#usr/lib/python3.8/site-packages/samba/tests/ntlmdisabled.py
+#usr/lib/python3.8/site-packages/samba/tests/pam_winbind.py
+#usr/lib/python3.8/site-packages/samba/tests/pam_winbind_chauthtok.py
+#usr/lib/python3.8/site-packages/samba/tests/pam_winbind_warn_pwd_expire.py
+#usr/lib/python3.8/site-packages/samba/tests/param.py
+#usr/lib/python3.8/site-packages/samba/tests/password_hash.py
+#usr/lib/python3.8/site-packages/samba/tests/password_hash_fl2003.py
+#usr/lib/python3.8/site-packages/samba/tests/password_hash_fl2008.py
+#usr/lib/python3.8/site-packages/samba/tests/password_hash_gpgme.py
+#usr/lib/python3.8/site-packages/samba/tests/password_hash_ldap.py
+#usr/lib/python3.8/site-packages/samba/tests/password_quality.py
+#usr/lib/python3.8/site-packages/samba/tests/password_test.py
+#usr/lib/python3.8/site-packages/samba/tests/policy.py
+#usr/lib/python3.8/site-packages/samba/tests/posixacl.py
+#usr/lib/python3.8/site-packages/samba/tests/prefork_restart.py
+#usr/lib/python3.8/site-packages/samba/tests/process_limits.py
+#usr/lib/python3.8/site-packages/samba/tests/provision.py
+#usr/lib/python3.8/site-packages/samba/tests/pso.py
+#usr/lib/python3.8/site-packages/samba/tests/py_credentials.py
+#usr/lib/python3.8/site-packages/samba/tests/registry.py
+#usr/lib/python3.8/site-packages/samba/tests/s3idmapdb.py
+#usr/lib/python3.8/site-packages/samba/tests/s3param.py
+#usr/lib/python3.8/site-packages/samba/tests/s3passdb.py
+#usr/lib/python3.8/site-packages/samba/tests/s3registry.py
+#usr/lib/python3.8/site-packages/samba/tests/s3windb.py
+#usr/lib/python3.8/site-packages/samba/tests/samba3sam.py
+#usr/lib/python3.8/site-packages/samba/tests/samba_tool
+#usr/lib/python3.8/site-packages/samba/tests/samba_tool/__init__.py
+#usr/lib/python3.8/site-packages/samba/tests/samba_tool/base.py
+#usr/lib/python3.8/site-packages/samba/tests/samba_tool/computer.py
+#usr/lib/python3.8/site-packages/samba/tests/samba_tool/contact.py
+#usr/lib/python3.8/site-packages/samba/tests/samba_tool/demote.py
+#usr/lib/python3.8/site-packages/samba/tests/samba_tool/dnscmd.py
+#usr/lib/python3.8/site-packages/samba/tests/samba_tool/drs_clone_dc_data_lmdb_size.py
+#usr/lib/python3.8/site-packages/samba/tests/samba_tool/dsacl.py
+#usr/lib/python3.8/site-packages/samba/tests/samba_tool/forest.py
+#usr/lib/python3.8/site-packages/samba/tests/samba_tool/fsmo.py
+#usr/lib/python3.8/site-packages/samba/tests/samba_tool/gpo.py
+#usr/lib/python3.8/site-packages/samba/tests/samba_tool/group.py
+#usr/lib/python3.8/site-packages/samba/tests/samba_tool/help.py
+#usr/lib/python3.8/site-packages/samba/tests/samba_tool/join.py
+#usr/lib/python3.8/site-packages/samba/tests/samba_tool/join_lmdb_size.py
+#usr/lib/python3.8/site-packages/samba/tests/samba_tool/ntacl.py
+#usr/lib/python3.8/site-packages/samba/tests/samba_tool/ou.py
+#usr/lib/python3.8/site-packages/samba/tests/samba_tool/passwordsettings.py
+#usr/lib/python3.8/site-packages/samba/tests/samba_tool/processes.py
+#usr/lib/python3.8/site-packages/samba/tests/samba_tool/promote_dc_lmdb_size.py
+#usr/lib/python3.8/site-packages/samba/tests/samba_tool/provision_lmdb_size.py
+#usr/lib/python3.8/site-packages/samba/tests/samba_tool/provision_password_check.py
+#usr/lib/python3.8/site-packages/samba/tests/samba_tool/rodc.py
+#usr/lib/python3.8/site-packages/samba/tests/samba_tool/schema.py
+#usr/lib/python3.8/site-packages/samba/tests/samba_tool/sites.py
+#usr/lib/python3.8/site-packages/samba/tests/samba_tool/timecmd.py
+#usr/lib/python3.8/site-packages/samba/tests/samba_tool/user.py
+#usr/lib/python3.8/site-packages/samba/tests/samba_tool/user_check_password_script.py
+#usr/lib/python3.8/site-packages/samba/tests/samba_tool/user_virtualCryptSHA.py
+#usr/lib/python3.8/site-packages/samba/tests/samba_tool/user_virtualCryptSHA_base.py
+#usr/lib/python3.8/site-packages/samba/tests/samba_tool/user_virtualCryptSHA_gpg.py
+#usr/lib/python3.8/site-packages/samba/tests/samba_tool/user_virtualCryptSHA_userPassword.py
+#usr/lib/python3.8/site-packages/samba/tests/samba_tool/user_wdigest.py
+#usr/lib/python3.8/site-packages/samba/tests/samba_tool/visualize.py
+#usr/lib/python3.8/site-packages/samba/tests/samba_tool/visualize_drs.py
+#usr/lib/python3.8/site-packages/samba/tests/samba_upgradedns_lmdb.py
+#usr/lib/python3.8/site-packages/samba/tests/samdb.py
+#usr/lib/python3.8/site-packages/samba/tests/samdb_api.py
+#usr/lib/python3.8/site-packages/samba/tests/security.py
+#usr/lib/python3.8/site-packages/samba/tests/segfault.py
+#usr/lib/python3.8/site-packages/samba/tests/smb.py
+#usr/lib/python3.8/site-packages/samba/tests/smbd_base.py
+#usr/lib/python3.8/site-packages/samba/tests/smbd_fuzztest.py
+#usr/lib/python3.8/site-packages/samba/tests/source.py
+#usr/lib/python3.8/site-packages/samba/tests/strings.py
+#usr/lib/python3.8/site-packages/samba/tests/subunitrun.py
+#usr/lib/python3.8/site-packages/samba/tests/tdb_util.py
+#usr/lib/python3.8/site-packages/samba/tests/upgrade.py
+#usr/lib/python3.8/site-packages/samba/tests/upgradeprovision.py
+#usr/lib/python3.8/site-packages/samba/tests/upgradeprovisionneeddc.py
+#usr/lib/python3.8/site-packages/samba/tests/usage.py
+#usr/lib/python3.8/site-packages/samba/tests/xattr.py
+#usr/lib/python3.8/site-packages/samba/third_party
+usr/lib/python3.8/site-packages/samba/third_party/__init__.py
+usr/lib/python3.8/site-packages/samba/third_party/iso8601
+usr/lib/python3.8/site-packages/samba/third_party/iso8601/__init__.py
+usr/lib/python3.8/site-packages/samba/third_party/iso8601/iso8601.py
+usr/lib/python3.8/site-packages/samba/third_party/iso8601/test_iso8601.py
+usr/lib/python3.8/site-packages/samba/upgrade.py
+usr/lib/python3.8/site-packages/samba/upgradehelpers.py
+usr/lib/python3.8/site-packages/samba/uptodateness.py
+usr/lib/python3.8/site-packages/samba/werror.cpython-38-i386-linux-gnu.so
+usr/lib/python3.8/site-packages/samba/xattr.py
+usr/lib/python3.8/site-packages/samba/xattr_native.cpython-38-i386-linux-gnu.so
+usr/lib/python3.8/site-packages/samba/xattr_tdb.cpython-38-i386-linux-gnu.so
+usr/lib/python3.8/site-packages/talloc.cpython-38-i386-linux-gnu.so
+usr/lib/python3.8/site-packages/tdb.cpython-38-i386-linux-gnu.so
+usr/lib/python3.8/site-packages/tevent.py
+#usr/lib/samba
+usr/lib/samba/idmap
+usr/lib/samba/idmap/ad.so
+usr/lib/samba/idmap/autorid.so
+usr/lib/samba/idmap/hash.so
+usr/lib/samba/idmap/rfc2307.so
+usr/lib/samba/idmap/rid.so
+usr/lib/samba/idmap/script.so
+usr/lib/samba/idmap/tdb2.so
+#usr/lib/samba/krb5
+usr/lib/samba/krb5/winbind_krb5_locator.so
+#usr/lib/samba/ldb
+usr/lib/samba/ldb/asq.so
+usr/lib/samba/ldb/ildap.so
+usr/lib/samba/ldb/ldb.so
+usr/lib/samba/ldb/ldbsamba_extensions.so
+usr/lib/samba/ldb/paged_searches.so
+usr/lib/samba/ldb/rdn_name.so
+usr/lib/samba/ldb/sample.so
+usr/lib/samba/ldb/server_sort.so
+usr/lib/samba/ldb/skel.so
+usr/lib/samba/ldb/tdb.so
+usr/lib/samba/libCHARSET3-samba4.so
+usr/lib/samba/libLIBWBCLIENT-OLD-samba4.so
+usr/lib/samba/libMESSAGING-SEND-samba4.so
+usr/lib/samba/libMESSAGING-samba4.so
+usr/lib/samba/libaddns-samba4.so
+usr/lib/samba/libads-samba4.so
+usr/lib/samba/libasn1-samba4.so.8
+usr/lib/samba/libasn1-samba4.so.8.0.0
+usr/lib/samba/libasn1util-samba4.so
+usr/lib/samba/libauth-samba4.so
+usr/lib/samba/libauth-unix-token-samba4.so
+usr/lib/samba/libauth4-samba4.so
+usr/lib/samba/libauthkrb5-samba4.so
+usr/lib/samba/libcli-cldap-samba4.so
+usr/lib/samba/libcli-ldap-common-samba4.so
+usr/lib/samba/libcli-ldap-samba4.so
+usr/lib/samba/libcli-nbt-samba4.so
+usr/lib/samba/libcli-smb-common-samba4.so
+usr/lib/samba/libcli-spoolss-samba4.so
+usr/lib/samba/libcliauth-samba4.so
+usr/lib/samba/libclidns-samba4.so
+usr/lib/samba/libcluster-samba4.so
+usr/lib/samba/libcmdline-contexts-samba4.so
+usr/lib/samba/libcmdline-credentials-samba4.so
+usr/lib/samba/libcmocka-samba4.so
+usr/lib/samba/libcom_err-samba4.so.0
+usr/lib/samba/libcom_err-samba4.so.0.25
+usr/lib/samba/libcommon-auth-samba4.so
+usr/lib/samba/libdbwrap-samba4.so
+usr/lib/samba/libdcerpc-samba-samba4.so
+usr/lib/samba/libdcerpc-samba4.so
+usr/lib/samba/libdsdb-module-samba4.so
+usr/lib/samba/libevents-samba4.so
+usr/lib/samba/libflag-mapping-samba4.so
+usr/lib/samba/libgenrand-samba4.so
+usr/lib/samba/libgensec-samba4.so
+usr/lib/samba/libgpext-samba4.so
+usr/lib/samba/libgpo-samba4.so
+usr/lib/samba/libgse-samba4.so
+usr/lib/samba/libgssapi-samba4.so.2
+usr/lib/samba/libgssapi-samba4.so.2.0.0
+usr/lib/samba/libhcrypto-samba4.so.5
+usr/lib/samba/libhcrypto-samba4.so.5.0.1
+usr/lib/samba/libhdb-samba4.so.11
+usr/lib/samba/libhdb-samba4.so.11.0.2
+usr/lib/samba/libheimbase-samba4.so.1
+usr/lib/samba/libheimbase-samba4.so.1.0.0
+usr/lib/samba/libheimntlm-samba4.so.1
+usr/lib/samba/libheimntlm-samba4.so.1.0.1
+usr/lib/samba/libhttp-samba4.so
+usr/lib/samba/libhx509-samba4.so.5
+usr/lib/samba/libhx509-samba4.so.5.0.0
+usr/lib/samba/libidmap-samba4.so
+usr/lib/samba/libinterfaces-samba4.so
+usr/lib/samba/libiov-buf-samba4.so
+usr/lib/samba/libkdc-samba4.so.2
+usr/lib/samba/libkdc-samba4.so.2.0.0
+usr/lib/samba/libkrb5-samba4.so.26
+usr/lib/samba/libkrb5-samba4.so.26.0.0
+usr/lib/samba/libkrb5samba-samba4.so
+usr/lib/samba/libldb-cmdline-samba4.so
+usr/lib/samba/libldb-key-value-samba4.so
+usr/lib/samba/libldb-tdb-err-map-samba4.so
+usr/lib/samba/libldb-tdb-int-samba4.so
+usr/lib/samba/libldb.so.2
+usr/lib/samba/libldb.so.2.2.0
+usr/lib/samba/libldbsamba-samba4.so
+usr/lib/samba/liblibcli-lsa3-samba4.so
+usr/lib/samba/liblibcli-netlogon3-samba4.so
+usr/lib/samba/liblibsmb-samba4.so
+usr/lib/samba/libmessages-dgm-samba4.so
+usr/lib/samba/libmessages-util-samba4.so
+usr/lib/samba/libmsghdr-samba4.so
+usr/lib/samba/libmsrpc3-samba4.so
+usr/lib/samba/libndr-samba-samba4.so
+usr/lib/samba/libndr-samba4.so
+usr/lib/samba/libnet-keytab-samba4.so
+usr/lib/samba/libnetif-samba4.so
+usr/lib/samba/libnpa-tstream-samba4.so
+usr/lib/samba/libnss-info-samba4.so
+usr/lib/samba/libpopt-samba3-cmdline-samba4.so
+usr/lib/samba/libpopt-samba3-samba4.so
+usr/lib/samba/libposix-eadb-samba4.so
+usr/lib/samba/libprinter-driver-samba4.so
+usr/lib/samba/libprinting-migrate-samba4.so
+usr/lib/samba/libpyldb-util.cpython-38-i386-linux-gnu.so.2
+usr/lib/samba/libpyldb-util.cpython-38-i386-linux-gnu.so.2.2.0
+usr/lib/samba/libpytalloc-util.cpython-38-i386-linux-gnu.so.2
+usr/lib/samba/libpytalloc-util.cpython-38-i386-linux-gnu.so.2.3.1
+usr/lib/samba/libregistry-samba4.so
+usr/lib/samba/libreplace-samba4.so
+usr/lib/samba/libroken-samba4.so.19
+usr/lib/samba/libroken-samba4.so.19.0.1
+usr/lib/samba/libsamba-cluster-support-samba4.so
+usr/lib/samba/libsamba-debug-samba4.so
+usr/lib/samba/libsamba-modules-samba4.so
+usr/lib/samba/libsamba-net.cpython-38-i386-linux-gnu-samba4.so
+usr/lib/samba/libsamba-python.cpython-38-i386-linux-gnu-samba4.so
+usr/lib/samba/libsamba-security-samba4.so
+usr/lib/samba/libsamba-sockets-samba4.so
+usr/lib/samba/libsamba3-util-samba4.so
+usr/lib/samba/libsamdb-common-samba4.so
+usr/lib/samba/libsecrets3-samba4.so
+usr/lib/samba/libserver-id-db-samba4.so
+usr/lib/samba/libserver-role-samba4.so
+usr/lib/samba/libshares-samba4.so
+usr/lib/samba/libsmb-transport-samba4.so
+usr/lib/samba/libsmbclient-raw-samba4.so
+usr/lib/samba/libsmbd-base-samba4.so
+usr/lib/samba/libsmbd-conn-samba4.so
+usr/lib/samba/libsmbd-shim-samba4.so
+usr/lib/samba/libsmbldaphelper-samba4.so
+usr/lib/samba/libsmbpasswdparser-samba4.so
+usr/lib/samba/libsocket-blocking-samba4.so
+usr/lib/samba/libsys-rw-samba4.so
+usr/lib/samba/libtalloc-report-printf-samba4.so
+usr/lib/samba/libtalloc-report-samba4.so
+usr/lib/samba/libtalloc.so.2
+usr/lib/samba/libtalloc.so.2.3.1
+usr/lib/samba/libtdb-wrap-samba4.so
+usr/lib/samba/libtdb.so.1
+usr/lib/samba/libtdb.so.1.4.3
+usr/lib/samba/libtevent.so.0
+usr/lib/samba/libtevent.so.0.10.2
+usr/lib/samba/libtime-basic-samba4.so
+usr/lib/samba/libtorture-samba4.so
+usr/lib/samba/libtrusts-util-samba4.so
+usr/lib/samba/libutil-cmdline-samba4.so
+usr/lib/samba/libutil-reg-samba4.so
+usr/lib/samba/libutil-setid-samba4.so
+usr/lib/samba/libutil-tdb-samba4.so
+usr/lib/samba/libwinbind-client-samba4.so
+usr/lib/samba/libwind-samba4.so.0
+usr/lib/samba/libwind-samba4.so.0.0.0
+usr/lib/samba/libxattr-tdb-samba4.so
+usr/lib/samba/nss_info
+usr/lib/samba/nss_info/hash.so
+usr/lib/samba/nss_info/rfc2307.so
+usr/lib/samba/nss_info/sfu.so
+usr/lib/samba/nss_info/sfu20.so
+#usr/lib/samba/vfs
+usr/lib/samba/vfs/acl_tdb.so
+usr/lib/samba/vfs/acl_xattr.so
+usr/lib/samba/vfs/aio_fork.so
+usr/lib/samba/vfs/aio_pthread.so
+usr/lib/samba/vfs/audit.so
+usr/lib/samba/vfs/btrfs.so
+usr/lib/samba/vfs/cap.so
+usr/lib/samba/vfs/catia.so
+usr/lib/samba/vfs/commit.so
+usr/lib/samba/vfs/crossrename.so
+usr/lib/samba/vfs/default_quota.so
+usr/lib/samba/vfs/dirsort.so
+usr/lib/samba/vfs/expand_msdfs.so
+usr/lib/samba/vfs/extd_audit.so
+usr/lib/samba/vfs/fake_perms.so
+usr/lib/samba/vfs/fileid.so
+usr/lib/samba/vfs/fruit.so
+usr/lib/samba/vfs/full_audit.so
+usr/lib/samba/vfs/glusterfs_fuse.so
+usr/lib/samba/vfs/gpfs.so
+usr/lib/samba/vfs/linux_xfs_sgid.so
+usr/lib/samba/vfs/media_harmony.so
+usr/lib/samba/vfs/offline.so
+usr/lib/samba/vfs/preopen.so
+usr/lib/samba/vfs/readahead.so
+usr/lib/samba/vfs/readonly.so
+usr/lib/samba/vfs/recycle.so
+usr/lib/samba/vfs/shadow_copy.so
+usr/lib/samba/vfs/shadow_copy2.so
+usr/lib/samba/vfs/shell_snap.so
+usr/lib/samba/vfs/snapper.so
+usr/lib/samba/vfs/streams_depot.so
+usr/lib/samba/vfs/streams_xattr.so
+usr/lib/samba/vfs/syncops.so
+usr/lib/samba/vfs/time_audit.so
+usr/lib/samba/vfs/unityed_media.so
+usr/lib/samba/vfs/virusfilter.so
+usr/lib/samba/vfs/widelinks.so
+usr/lib/samba/vfs/worm.so
+usr/lib/samba/vfs/xattr_tdb.so
+usr/lib/security
+usr/lib/security/pam_winbind.so
+#usr/libexec/samba
+usr/libexec/samba/smbspool_krb5_wrapper
+usr/sbin/eventlogadm
+usr/sbin/nmbd
+usr/sbin/samba-gpupdate
+usr/sbin/smbd
+usr/sbin/winbindd
+var/ipfire/backup/addons/includes/samba
+#var/ipfire/samba
+var/ipfire/samba/default.global
+var/ipfire/samba/default.pdc
+var/ipfire/samba/default.printer
+var/ipfire/samba/default.settings
+var/ipfire/samba/default.shares
+var/ipfire/samba/global
+var/ipfire/samba/pdc
+var/ipfire/samba/printer
+#var/ipfire/samba/private
+var/ipfire/samba/private/secrets.tdb
+var/ipfire/samba/private/smbpasswd
+var/ipfire/samba/settings
+var/ipfire/samba/shares
+var/ipfire/samba/smb.conf
+var/ipfire/samba/smb.conf.default
+var/lib/samba
+var/lib/samba/bind-dns
+var/lib/samba/private
+var/lib/samba/winbindd_privileged
+var/log/samba
+var/nmbd
+srv/web/ipfire/cgi-bin/samba.cgi
+srv/web/ipfire/cgi-bin/sambahlp.cgi
+var/ipfire/menu.d/EX-samba.menu
+usr/local/bin/sambactrl

config/rootfiles/packages/samba

@@ -1,229 +0,0 @@
-usr/bin/eventlogadm
-usr/bin/findsmb
-usr/bin/net
-usr/bin/nmblookup
-usr/bin/ntlm_auth
-usr/bin/pdbedit
-usr/bin/profiles
-usr/bin/rpcclient
-usr/bin/sharesec
-usr/bin/smbcacls
-usr/bin/smbclient
-usr/bin/smbcontrol
-usr/bin/smbcquotas
-usr/bin/smbget
-usr/bin/smbpasswd
-usr/bin/smbspool
-usr/bin/smbstatus
-usr/bin/smbta-util
-usr/bin/smbtar
-usr/bin/smbtree
-usr/bin/tdbbackup
-usr/bin/tdbdump
-usr/bin/tdbrestore
-usr/bin/tdbtool
-usr/bin/testparm
-usr/bin/wbinfo
-#usr/include/libsmbclient.h
-#usr/include/netapi.h
-#usr/include/smb_share_modes.h
-#usr/include/talloc.h
-#usr/include/tdb.h
-#usr/include/tevent.h
-#usr/include/tevent_internal.h
-#usr/include/wbclient.h
-usr/lib/libnetapi.so
-usr/lib/libnetapi.so.0
-usr/lib/libsmbclient.so
-usr/lib/libsmbclient.so.0
-usr/lib/libsmbsharemodes.so
-usr/lib/libsmbsharemodes.so.0
-usr/lib/libtalloc.so
-usr/lib/libtalloc.so.2
-usr/lib/libtalloc.so.2.0.5
-usr/lib/libtdb.so
-usr/lib/libtdb.so.1
-usr/lib/libtdb.so.1.2.9
-usr/lib/libtevent.so
-usr/lib/libtevent.so.0
-usr/lib/libtevent.so.0.9.11
-usr/lib/libwbclient.so
-usr/lib/libwbclient.so.0
-#usr/lib/samba
-#usr/lib/samba/auth
-usr/lib/samba/auth/script.so
-#usr/lib/samba/charset
-usr/lib/samba/charset/CP437.so
-usr/lib/samba/charset/CP850.so
-usr/lib/samba/gpext
-usr/lib/samba/idmap
-usr/lib/samba/idmap/autorid.so
-usr/lib/samba/lowcase.dat
-usr/lib/samba/nss_info
-usr/lib/samba/pdb
-usr/lib/samba/perfcount
-usr/lib/samba/upcase.dat
-usr/lib/samba/valid.dat
-#usr/lib/samba/vfs
-usr/lib/samba/vfs/acl_tdb.so
-usr/lib/samba/vfs/acl_xattr.so
-usr/lib/samba/vfs/audit.so
-usr/lib/samba/vfs/cap.so
-usr/lib/samba/vfs/catia.so
-usr/lib/samba/vfs/crossrename.so
-usr/lib/samba/vfs/default_quota.so
-usr/lib/samba/vfs/dirsort.so
-usr/lib/samba/vfs/expand_msdfs.so
-usr/lib/samba/vfs/extd_audit.so
-usr/lib/samba/vfs/fake_perms.so
-usr/lib/samba/vfs/fileid.so
-usr/lib/samba/vfs/full_audit.so
-usr/lib/samba/vfs/linux_xfs_sgid.so
-usr/lib/samba/vfs/netatalk.so
-usr/lib/samba/vfs/preopen.so
-usr/lib/samba/vfs/readahead.so
-usr/lib/samba/vfs/readonly.so
-usr/lib/samba/vfs/recycle.so
-usr/lib/samba/vfs/scannedonly.so
-usr/lib/samba/vfs/shadow_copy.so
-usr/lib/samba/vfs/shadow_copy2.so
-usr/lib/samba/vfs/smb_traffic_analyzer.so
-usr/lib/samba/vfs/streams_depot.so
-usr/lib/samba/vfs/streams_xattr.so
-usr/lib/samba/vfs/syncops.so
-usr/lib/samba/vfs/time_audit.so
-usr/lib/samba/vfs/xattr_tdb.so
-usr/lib/security
-usr/lib/security/pam_smbpass.so
-usr/lib/security/pam_winbind.so
-usr/sbin/nmbd
-usr/sbin/smbd
-usr/sbin/winbindd
-#usr/share/locale/ar/LC_MESSAGES/pam_winbind.mo
-#usr/share/locale/cs/LC_MESSAGES/pam_winbind.mo
-#usr/share/locale/da/LC_MESSAGES/pam_winbind.mo
-#usr/share/locale/de/LC_MESSAGES/net.mo
-#usr/share/locale/de/LC_MESSAGES/pam_winbind.mo
-#usr/share/locale/es/LC_MESSAGES/pam_winbind.mo
-#usr/share/locale/fi/LC_MESSAGES/pam_winbind.mo
-#usr/share/locale/fr/LC_MESSAGES/pam_winbind.mo
-#usr/share/locale/hu/LC_MESSAGES/pam_winbind.mo
-#usr/share/locale/it/LC_MESSAGES/pam_winbind.mo
-#usr/share/locale/ja/LC_MESSAGES/pam_winbind.mo
-#usr/share/locale/ko/LC_MESSAGES/pam_winbind.mo
-#usr/share/locale/nb/LC_MESSAGES/pam_winbind.mo
-#usr/share/locale/nl/LC_MESSAGES/pam_winbind.mo
-#usr/share/locale/pl/LC_MESSAGES/pam_winbind.mo
-#usr/share/locale/pt_BR/LC_MESSAGES/pam_winbind.mo
-#usr/share/locale/ru/LC_MESSAGES/pam_winbind.mo
-#usr/share/locale/sv/LC_MESSAGES/pam_winbind.mo
-#usr/share/locale/zh_CN/LC_MESSAGES/pam_winbind.mo
-#usr/share/locale/zh_TW/LC_MESSAGES/pam_winbind.mo
-#usr/share/man/man1/dbwrap_tool.1
-#usr/share/man/man1/findsmb.1
-#usr/share/man/man1/log2pcap.1
-#usr/share/man/man1/nmblookup.1
-#usr/share/man/man1/ntlm_auth.1
-#usr/share/man/man1/profiles.1
-#usr/share/man/man1/rpcclient.1
-#usr/share/man/man1/sharesec.1
-#usr/share/man/man1/smbcacls.1
-#usr/share/man/man1/smbclient.1
-#usr/share/man/man1/smbcontrol.1
-#usr/share/man/man1/smbcquotas.1
-#usr/share/man/man1/smbget.1
-#usr/share/man/man1/smbstatus.1
-#usr/share/man/man1/smbtar.1
-#usr/share/man/man1/smbtree.1
-#usr/share/man/man1/testparm.1
-#usr/share/man/man1/vfstest.1
-#usr/share/man/man1/wbinfo.1
-#usr/share/man/man5/lmhosts.5
-#usr/share/man/man5/pam_winbind.conf.5
-#usr/share/man/man5/smb.conf.5
-#usr/share/man/man5/smbgetrc.5
-#usr/share/man/man5/smbpasswd.5
-#usr/share/man/man7/libsmbclient.7
-#usr/share/man/man7/samba.7
-#usr/share/man/man7/winbind_krb5_locator.7
-#usr/share/man/man8/eventlogadm.8
-#usr/share/man/man8/idmap_ad.8
-#usr/share/man/man8/idmap_adex.8
-#usr/share/man/man8/idmap_autorid.8
-#usr/share/man/man8/idmap_hash.8
-#usr/share/man/man8/idmap_ldap.8
-#usr/share/man/man8/idmap_nss.8
-#usr/share/man/man8/idmap_rid.8
-#usr/share/man/man8/idmap_tdb.8
-#usr/share/man/man8/idmap_tdb2.8
-#usr/share/man/man8/net.8
-#usr/share/man/man8/nmbd.8
-#usr/share/man/man8/pam_winbind.8
-#usr/share/man/man8/pdbedit.8
-#usr/share/man/man8/smbd.8
-#usr/share/man/man8/smbpasswd.8
-#usr/share/man/man8/smbspool.8
-#usr/share/man/man8/smbta-util.8
-#usr/share/man/man8/swat.8
-#usr/share/man/man8/tdbbackup.8
-#usr/share/man/man8/tdbdump.8
-#usr/share/man/man8/tdbtool.8
-#usr/share/man/man8/vfs_acl_tdb.8
-#usr/share/man/man8/vfs_acl_xattr.8
-#usr/share/man/man8/vfs_aio_fork.8
-#usr/share/man/man8/vfs_aio_pthread.8
-#usr/share/man/man8/vfs_audit.8
-#usr/share/man/man8/vfs_cacheprime.8
-#usr/share/man/man8/vfs_cap.8
-#usr/share/man/man8/vfs_catia.8
-#usr/share/man/man8/vfs_commit.8
-#usr/share/man/man8/vfs_crossrename.8
-#usr/share/man/man8/vfs_default_quota.8
-#usr/share/man/man8/vfs_dirsort.8
-#usr/share/man/man8/vfs_extd_audit.8
-#usr/share/man/man8/vfs_fake_perms.8
-#usr/share/man/man8/vfs_fileid.8
-#usr/share/man/man8/vfs_full_audit.8
-#usr/share/man/man8/vfs_gpfs.8
-#usr/share/man/man8/vfs_netatalk.8
-#usr/share/man/man8/vfs_notify_fam.8
-#usr/share/man/man8/vfs_prealloc.8
-#usr/share/man/man8/vfs_preopen.8
-#usr/share/man/man8/vfs_readahead.8
-#usr/share/man/man8/vfs_readonly.8
-#usr/share/man/man8/vfs_recycle.8
-#usr/share/man/man8/vfs_scannedonly.8
-#usr/share/man/man8/vfs_shadow_copy.8
-#usr/share/man/man8/vfs_shadow_copy2.8
-#usr/share/man/man8/vfs_smb_traffic_analyzer.8
-#usr/share/man/man8/vfs_streams_depot.8
-#usr/share/man/man8/vfs_streams_xattr.8
-#usr/share/man/man8/vfs_time_audit.8
-#usr/share/man/man8/vfs_xattr_tdb.8
-#usr/share/man/man8/winbindd.8
-var/ipfire/backup/addons/includes/samba
-#var/ipfire/samba
-var/ipfire/samba/default.global
-var/ipfire/samba/default.pdc
-var/ipfire/samba/default.printer
-var/ipfire/samba/default.settings
-var/ipfire/samba/default.shares
-var/ipfire/samba/global
-var/ipfire/samba/pdc
-var/ipfire/samba/printer
-#var/ipfire/samba/private
-var/ipfire/samba/private/secrets.tdb
-var/ipfire/samba/private/smbpasswd
-var/ipfire/samba/settings
-var/ipfire/samba/shares
-var/ipfire/samba/smb.conf
-var/ipfire/samba/smb.conf.default
-var/lib/samba
-var/lib/samba/winbindd_privileged
-var/log/samba
-var/nmbd
-etc/rc.d/init.d/samba
-srv/web/ipfire/cgi-bin/samba.cgi
-srv/web/ipfire/cgi-bin/sambahlp.cgi
-var/ipfire/menu.d/EX-samba.menu
-usr/local/bin/sambactrl

config/rootfiles/packages/x86_64/samba

@@ -0,0 +1,820 @@
+etc/rc.d/init.d/samba
+usr/bin/cifsdd
+usr/bin/dbwrap_tool
+usr/bin/findsmb
+usr/bin/gentest
+usr/bin/ldbadd
+usr/bin/ldbdel
+usr/bin/ldbedit
+usr/bin/ldbmodify
+usr/bin/ldbrename
+usr/bin/ldbsearch
+usr/bin/locktest
+usr/bin/masktest
+usr/bin/mdfind
+usr/bin/mvxattr
+usr/bin/ndrdump
+usr/bin/net
+usr/bin/nmblookup
+usr/bin/ntlm_auth
+usr/bin/oLschema2ldif
+usr/bin/pdbedit
+usr/bin/profiles
+usr/bin/regdiff
+usr/bin/regpatch
+usr/bin/regshell
+usr/bin/regtree
+usr/bin/rpcclient
+usr/bin/samba-regedit
+usr/bin/sharesec
+usr/bin/smbcacls
+usr/bin/smbclient
+usr/bin/smbcontrol
+usr/bin/smbcquotas
+usr/bin/smbget
+usr/bin/smbpasswd
+usr/bin/smbspool
+usr/bin/smbstatus
+usr/bin/smbtar
+usr/bin/smbtorture
+usr/bin/smbtree
+usr/bin/tdbbackup
+usr/bin/tdbdump
+usr/bin/tdbrestore
+usr/bin/tdbtool
+usr/bin/testparm
+usr/bin/wbinfo
+#usr/include/samba-4.0
+#usr/include/samba-4.0/charset.h
+#usr/include/samba-4.0/core
+#usr/include/samba-4.0/core/doserr.h
+#usr/include/samba-4.0/core/error.h
+#usr/include/samba-4.0/core/hresult.h
+#usr/include/samba-4.0/core/ntstatus.h
+#usr/include/samba-4.0/core/ntstatus_gen.h
+#usr/include/samba-4.0/core/werror.h
+#usr/include/samba-4.0/core/werror_gen.h
+#usr/include/samba-4.0/credentials.h
+#usr/include/samba-4.0/dcerpc.h
+#usr/include/samba-4.0/dcesrv_core.h
+#usr/include/samba-4.0/domain_credentials.h
+#usr/include/samba-4.0/gen_ndr
+#usr/include/samba-4.0/gen_ndr/atsvc.h
+#usr/include/samba-4.0/gen_ndr/auth.h
+#usr/include/samba-4.0/gen_ndr/dcerpc.h
+#usr/include/samba-4.0/gen_ndr/drsblobs.h
+#usr/include/samba-4.0/gen_ndr/drsuapi.h
+#usr/include/samba-4.0/gen_ndr/krb5pac.h
+#usr/include/samba-4.0/gen_ndr/lsa.h
+#usr/include/samba-4.0/gen_ndr/misc.h
+#usr/include/samba-4.0/gen_ndr/nbt.h
+#usr/include/samba-4.0/gen_ndr/ndr_atsvc.h
+#usr/include/samba-4.0/gen_ndr/ndr_dcerpc.h
+#usr/include/samba-4.0/gen_ndr/ndr_drsblobs.h
+#usr/include/samba-4.0/gen_ndr/ndr_drsuapi.h
+#usr/include/samba-4.0/gen_ndr/ndr_krb5pac.h
+#usr/include/samba-4.0/gen_ndr/ndr_misc.h
+#usr/include/samba-4.0/gen_ndr/ndr_nbt.h
+#usr/include/samba-4.0/gen_ndr/ndr_samr.h
+#usr/include/samba-4.0/gen_ndr/ndr_samr_c.h
+#usr/include/samba-4.0/gen_ndr/ndr_svcctl.h
+#usr/include/samba-4.0/gen_ndr/ndr_svcctl_c.h
+#usr/include/samba-4.0/gen_ndr/netlogon.h
+#usr/include/samba-4.0/gen_ndr/samr.h
+#usr/include/samba-4.0/gen_ndr/security.h
+#usr/include/samba-4.0/gen_ndr/server_id.h
+#usr/include/samba-4.0/gen_ndr/svcctl.h
+#usr/include/samba-4.0/ldb_wrap.h
+#usr/include/samba-4.0/libsmbclient.h
+#usr/include/samba-4.0/lookup_sid.h
+#usr/include/samba-4.0/machine_sid.h
+#usr/include/samba-4.0/ndr
+#usr/include/samba-4.0/ndr.h
+#usr/include/samba-4.0/ndr/ndr_dcerpc.h
+#usr/include/samba-4.0/ndr/ndr_drsblobs.h
+#usr/include/samba-4.0/ndr/ndr_drsuapi.h
+#usr/include/samba-4.0/ndr/ndr_krb5pac.h
+#usr/include/samba-4.0/ndr/ndr_nbt.h
+#usr/include/samba-4.0/ndr/ndr_svcctl.h
+#usr/include/samba-4.0/netapi.h
+#usr/include/samba-4.0/param.h
+#usr/include/samba-4.0/passdb.h
+#usr/include/samba-4.0/policy.h
+#usr/include/samba-4.0/rpc_common.h
+#usr/include/samba-4.0/samba
+#usr/include/samba-4.0/samba/session.h
+#usr/include/samba-4.0/samba/version.h
+#usr/include/samba-4.0/share.h
+#usr/include/samba-4.0/smb2_lease_struct.h
+#usr/include/samba-4.0/smb_ldap.h
+#usr/include/samba-4.0/smbconf.h
+#usr/include/samba-4.0/smbldap.h
+#usr/include/samba-4.0/tdr.h
+#usr/include/samba-4.0/tsocket.h
+#usr/include/samba-4.0/tsocket_internal.h
+#usr/include/samba-4.0/util
+#usr/include/samba-4.0/util/attr.h
+#usr/include/samba-4.0/util/blocking.h
+#usr/include/samba-4.0/util/data_blob.h
+#usr/include/samba-4.0/util/debug.h
+#usr/include/samba-4.0/util/discard.h
+#usr/include/samba-4.0/util/fault.h
+#usr/include/samba-4.0/util/genrand.h
+#usr/include/samba-4.0/util/idtree.h
+#usr/include/samba-4.0/util/idtree_random.h
+#usr/include/samba-4.0/util/signal.h
+#usr/include/samba-4.0/util/string_wrappers.h
+#usr/include/samba-4.0/util/substitute.h
+#usr/include/samba-4.0/util/tevent_ntstatus.h
+#usr/include/samba-4.0/util/tevent_unix.h
+#usr/include/samba-4.0/util/tevent_werror.h
+#usr/include/samba-4.0/util/tfork.h
+#usr/include/samba-4.0/util/time.h
+#usr/include/samba-4.0/util_ldb.h
+#usr/include/samba-4.0/wbclient.h
+usr/lib/libdcerpc-binding.so
+usr/lib/libdcerpc-binding.so.0
+usr/lib/libdcerpc-binding.so.0.0.1
+usr/lib/libdcerpc-samr.so
+usr/lib/libdcerpc-samr.so.0
+usr/lib/libdcerpc-samr.so.0.0.1
+usr/lib/libdcerpc-server-core.so
+usr/lib/libdcerpc-server-core.so.0
+usr/lib/libdcerpc-server-core.so.0.0.1
+usr/lib/libdcerpc.so
+usr/lib/libdcerpc.so.0
+usr/lib/libdcerpc.so.0.0.1
+usr/lib/libndr-krb5pac.so
+usr/lib/libndr-krb5pac.so.0
+usr/lib/libndr-krb5pac.so.0.0.1
+usr/lib/libndr-nbt.so
+usr/lib/libndr-nbt.so.0
+usr/lib/libndr-nbt.so.0.0.1
+usr/lib/libndr-standard.so
+usr/lib/libndr-standard.so.0
+usr/lib/libndr-standard.so.0.0.1
+usr/lib/libndr.so
+usr/lib/libndr.so.1
+usr/lib/libndr.so.1.0.0
+usr/lib/libnetapi.so
+usr/lib/libnetapi.so.0
+usr/lib/libnss_winbind.so
+usr/lib/libnss_winbind.so.2
+usr/lib/libnss_wins.so
+usr/lib/libnss_wins.so.2
+usr/lib/libsamba-credentials.so
+usr/lib/libsamba-credentials.so.0
+usr/lib/libsamba-credentials.so.0.0.1
+usr/lib/libsamba-errors.so
+usr/lib/libsamba-errors.so.1
+usr/lib/libsamba-hostconfig.so
+usr/lib/libsamba-hostconfig.so.0
+usr/lib/libsamba-hostconfig.so.0.0.1
+usr/lib/libsamba-passdb.so
+usr/lib/libsamba-passdb.so.0
+usr/lib/libsamba-passdb.so.0.28.0
+usr/lib/libsamba-policy.cpython-38-x86-64-linux-gnu.so
+usr/lib/libsamba-policy.cpython-38-x86-64-linux-gnu.so.0
+usr/lib/libsamba-policy.cpython-38-x86-64-linux-gnu.so.0.0.1
+usr/lib/libsamba-util.so
+usr/lib/libsamba-util.so.0
+usr/lib/libsamba-util.so.0.0.1
+usr/lib/libsamdb.so
+usr/lib/libsamdb.so.0
+usr/lib/libsamdb.so.0.0.1
+usr/lib/libsmbclient.so
+usr/lib/libsmbclient.so.0
+usr/lib/libsmbclient.so.0.6.0
+usr/lib/libsmbconf.so
+usr/lib/libsmbconf.so.0
+usr/lib/libsmbldap.so
+usr/lib/libsmbldap.so.2
+usr/lib/libtevent-util.so
+usr/lib/libtevent-util.so.0
+usr/lib/libtevent-util.so.0.0.1
+usr/lib/libwbclient.so
+usr/lib/libwbclient.so.0
+usr/lib/libwbclient.so.0.15
+#usr/lib/pkgconfig/dcerpc.pc
+#usr/lib/pkgconfig/dcerpc_samr.pc
+#usr/lib/pkgconfig/ndr.pc
+#usr/lib/pkgconfig/ndr_krb5pac.pc
+#usr/lib/pkgconfig/ndr_nbt.pc
+#usr/lib/pkgconfig/ndr_standard.pc
+#usr/lib/pkgconfig/netapi.pc
+#usr/lib/pkgconfig/samba-credentials.pc
+#usr/lib/pkgconfig/samba-hostconfig.pc
+#usr/lib/pkgconfig/samba-policy.cpython-38-x86_64-linux-gnu.pc
+#usr/lib/pkgconfig/samba-util.pc
+#usr/lib/pkgconfig/samdb.pc
+#usr/lib/pkgconfig/smbclient.pc
+#usr/lib/pkgconfig/wbclient.pc
+usr/lib/python3.8/site-packages/_ldb_text.py
+usr/lib/python3.8/site-packages/_tdb_text.py
+usr/lib/python3.8/site-packages/_tevent.cpython-38-x86_64-linux-gnu.so
+usr/lib/python3.8/site-packages/ldb.cpython-38-x86_64-linux-gnu.so
+#usr/lib/python3.8/site-packages/samba
+usr/lib/python3.8/site-packages/samba/__init__.py
+usr/lib/python3.8/site-packages/samba/_glue.cpython-38-x86_64-linux-gnu.so
+usr/lib/python3.8/site-packages/samba/_ldb.cpython-38-x86_64-linux-gnu.so
+usr/lib/python3.8/site-packages/samba/auth.cpython-38-x86_64-linux-gnu.so
+usr/lib/python3.8/site-packages/samba/auth_util.py
+usr/lib/python3.8/site-packages/samba/colour.py
+usr/lib/python3.8/site-packages/samba/common.py
+usr/lib/python3.8/site-packages/samba/compat.py
+usr/lib/python3.8/site-packages/samba/credentials.cpython-38-x86_64-linux-gnu.so
+usr/lib/python3.8/site-packages/samba/crypto.cpython-38-x86_64-linux-gnu.so
+usr/lib/python3.8/site-packages/samba/dbchecker.py
+#usr/lib/python3.8/site-packages/samba/dcerpc
+usr/lib/python3.8/site-packages/samba/dcerpc/__init__.py
+usr/lib/python3.8/site-packages/samba/dcerpc/atsvc.cpython-38-x86_64-linux-gnu.so
+usr/lib/python3.8/site-packages/samba/dcerpc/auth.cpython-38-x86_64-linux-gnu.so
+usr/lib/python3.8/site-packages/samba/dcerpc/base.cpython-38-x86_64-linux-gnu.so
+usr/lib/python3.8/site-packages/samba/dcerpc/dcerpc.cpython-38-x86_64-linux-gnu.so
+usr/lib/python3.8/site-packages/samba/dcerpc/dfs.cpython-38-x86_64-linux-gnu.so
+usr/lib/python3.8/site-packages/samba/dcerpc/dns.cpython-38-x86_64-linux-gnu.so
+usr/lib/python3.8/site-packages/samba/dcerpc/dnsp.cpython-38-x86_64-linux-gnu.so
+usr/lib/python3.8/site-packages/samba/dcerpc/dnsserver.cpython-38-x86_64-linux-gnu.so
+usr/lib/python3.8/site-packages/samba/dcerpc/drsblobs.cpython-38-x86_64-linux-gnu.so
+usr/lib/python3.8/site-packages/samba/dcerpc/drsuapi.cpython-38-x86_64-linux-gnu.so
+usr/lib/python3.8/site-packages/samba/dcerpc/echo.cpython-38-x86_64-linux-gnu.so
+usr/lib/python3.8/site-packages/samba/dcerpc/epmapper.cpython-38-x86_64-linux-gnu.so
+usr/lib/python3.8/site-packages/samba/dcerpc/idmap.cpython-38-x86_64-linux-gnu.so
+usr/lib/python3.8/site-packages/samba/dcerpc/initshutdown.cpython-38-x86_64-linux-gnu.so
+usr/lib/python3.8/site-packages/samba/dcerpc/irpc.cpython-38-x86_64-linux-gnu.so
+usr/lib/python3.8/site-packages/samba/dcerpc/krb5pac.cpython-38-x86_64-linux-gnu.so
+usr/lib/python3.8/site-packages/samba/dcerpc/lsa.cpython-38-x86_64-linux-gnu.so
+usr/lib/python3.8/site-packages/samba/dcerpc/mdssvc.cpython-38-x86_64-linux-gnu.so
+usr/lib/python3.8/site-packages/samba/dcerpc/messaging.cpython-38-x86_64-linux-gnu.so
+usr/lib/python3.8/site-packages/samba/dcerpc/mgmt.cpython-38-x86_64-linux-gnu.so
+usr/lib/python3.8/site-packages/samba/dcerpc/misc.cpython-38-x86_64-linux-gnu.so
+usr/lib/python3.8/site-packages/samba/dcerpc/nbt.cpython-38-x86_64-linux-gnu.so
+usr/lib/python3.8/site-packages/samba/dcerpc/netlogon.cpython-38-x86_64-linux-gnu.so
+usr/lib/python3.8/site-packages/samba/dcerpc/ntlmssp.cpython-38-x86_64-linux-gnu.so
+usr/lib/python3.8/site-packages/samba/dcerpc/preg.cpython-38-x86_64-linux-gnu.so
+usr/lib/python3.8/site-packages/samba/dcerpc/samr.cpython-38-x86_64-linux-gnu.so
+usr/lib/python3.8/site-packages/samba/dcerpc/security.cpython-38-x86_64-linux-gnu.so
+usr/lib/python3.8/site-packages/samba/dcerpc/server_id.cpython-38-x86_64-linux-gnu.so
+usr/lib/python3.8/site-packages/samba/dcerpc/smb_acl.cpython-38-x86_64-linux-gnu.so
+usr/lib/python3.8/site-packages/samba/dcerpc/spoolss.cpython-38-x86_64-linux-gnu.so
+usr/lib/python3.8/site-packages/samba/dcerpc/srvsvc.cpython-38-x86_64-linux-gnu.so
+usr/lib/python3.8/site-packages/samba/dcerpc/svcctl.cpython-38-x86_64-linux-gnu.so
+usr/lib/python3.8/site-packages/samba/dcerpc/unixinfo.cpython-38-x86_64-linux-gnu.so
+usr/lib/python3.8/site-packages/samba/dcerpc/winbind.cpython-38-x86_64-linux-gnu.so
+usr/lib/python3.8/site-packages/samba/dcerpc/windows_event_ids.cpython-38-x86_64-linux-gnu.so
+usr/lib/python3.8/site-packages/samba/dcerpc/winreg.cpython-38-x86_64-linux-gnu.so
+usr/lib/python3.8/site-packages/samba/dcerpc/winspool.cpython-38-x86_64-linux-gnu.so
+usr/lib/python3.8/site-packages/samba/dcerpc/witness.cpython-38-x86_64-linux-gnu.so
+usr/lib/python3.8/site-packages/samba/dcerpc/wkssvc.cpython-38-x86_64-linux-gnu.so
+usr/lib/python3.8/site-packages/samba/dcerpc/xattr.cpython-38-x86_64-linux-gnu.so
+usr/lib/python3.8/site-packages/samba/descriptor.py
+usr/lib/python3.8/site-packages/samba/dnsserver.py
+usr/lib/python3.8/site-packages/samba/domain_update.py
+usr/lib/python3.8/site-packages/samba/drs_utils.py
+#usr/lib/python3.8/site-packages/samba/emulate
+usr/lib/python3.8/site-packages/samba/emulate/__init__.py
+usr/lib/python3.8/site-packages/samba/emulate/traffic.py
+usr/lib/python3.8/site-packages/samba/emulate/traffic_packets.py
+usr/lib/python3.8/site-packages/samba/forest_update.py
+usr/lib/python3.8/site-packages/samba/gensec.cpython-38-x86_64-linux-gnu.so
+usr/lib/python3.8/site-packages/samba/getopt.py
+usr/lib/python3.8/site-packages/samba/gp_ext_loader.py
+#usr/lib/python3.8/site-packages/samba/gp_parse
+usr/lib/python3.8/site-packages/samba/gp_parse/__init__.py
+usr/lib/python3.8/site-packages/samba/gp_parse/gp_aas.py
+usr/lib/python3.8/site-packages/samba/gp_parse/gp_csv.py
+usr/lib/python3.8/site-packages/samba/gp_parse/gp_inf.py
+usr/lib/python3.8/site-packages/samba/gp_parse/gp_ini.py
+usr/lib/python3.8/site-packages/samba/gp_parse/gp_pol.py
+usr/lib/python3.8/site-packages/samba/gp_scripts_ext.py
+usr/lib/python3.8/site-packages/samba/gp_sec_ext.py
+usr/lib/python3.8/site-packages/samba/gpclass.py
+usr/lib/python3.8/site-packages/samba/gpo.cpython-38-x86_64-linux-gnu.so
+usr/lib/python3.8/site-packages/samba/graph.py
+usr/lib/python3.8/site-packages/samba/hostconfig.py
+usr/lib/python3.8/site-packages/samba/idmap.py
+usr/lib/python3.8/site-packages/samba/join.py
+#usr/lib/python3.8/site-packages/samba/kcc
+usr/lib/python3.8/site-packages/samba/kcc/__init__.py
+usr/lib/python3.8/site-packages/samba/kcc/debug.py
+usr/lib/python3.8/site-packages/samba/kcc/graph.py
+usr/lib/python3.8/site-packages/samba/kcc/graph_utils.py
+usr/lib/python3.8/site-packages/samba/kcc/kcc_utils.py
+usr/lib/python3.8/site-packages/samba/kcc/ldif_import_export.py
+usr/lib/python3.8/site-packages/samba/logger.py
+usr/lib/python3.8/site-packages/samba/mdb_util.py
+usr/lib/python3.8/site-packages/samba/messaging.cpython-38-x86_64-linux-gnu.so
+usr/lib/python3.8/site-packages/samba/ms_display_specifiers.py
+usr/lib/python3.8/site-packages/samba/ms_forest_updates_markdown.py
+usr/lib/python3.8/site-packages/samba/ms_schema.py
+usr/lib/python3.8/site-packages/samba/ms_schema_markdown.py
+usr/lib/python3.8/site-packages/samba/ndr.py
+usr/lib/python3.8/site-packages/samba/net.cpython-38-x86_64-linux-gnu.so
+usr/lib/python3.8/site-packages/samba/netbios.cpython-38-x86_64-linux-gnu.so
+#usr/lib/python3.8/site-packages/samba/netcmd
+usr/lib/python3.8/site-packages/samba/netcmd/__init__.py
+usr/lib/python3.8/site-packages/samba/netcmd/common.py
+usr/lib/python3.8/site-packages/samba/netcmd/computer.py
+usr/lib/python3.8/site-packages/samba/netcmd/contact.py
+usr/lib/python3.8/site-packages/samba/netcmd/dbcheck.py
+usr/lib/python3.8/site-packages/samba/netcmd/delegation.py
+usr/lib/python3.8/site-packages/samba/netcmd/dns.py
+usr/lib/python3.8/site-packages/samba/netcmd/domain.py
+usr/lib/python3.8/site-packages/samba/netcmd/domain_backup.py
+usr/lib/python3.8/site-packages/samba/netcmd/drs.py
+usr/lib/python3.8/site-packages/samba/netcmd/dsacl.py
+usr/lib/python3.8/site-packages/samba/netcmd/forest.py
+usr/lib/python3.8/site-packages/samba/netcmd/fsmo.py
+usr/lib/python3.8/site-packages/samba/netcmd/gpo.py
+usr/lib/python3.8/site-packages/samba/netcmd/group.py
+usr/lib/python3.8/site-packages/samba/netcmd/ldapcmp.py
+usr/lib/python3.8/site-packages/samba/netcmd/main.py
+usr/lib/python3.8/site-packages/samba/netcmd/nettime.py
+usr/lib/python3.8/site-packages/samba/netcmd/ntacl.py
+usr/lib/python3.8/site-packages/samba/netcmd/ou.py
+usr/lib/python3.8/site-packages/samba/netcmd/processes.py
+usr/lib/python3.8/site-packages/samba/netcmd/pso.py
+usr/lib/python3.8/site-packages/samba/netcmd/rodc.py
+usr/lib/python3.8/site-packages/samba/netcmd/schema.py
+usr/lib/python3.8/site-packages/samba/netcmd/sites.py
+usr/lib/python3.8/site-packages/samba/netcmd/spn.py
+usr/lib/python3.8/site-packages/samba/netcmd/testparm.py
+usr/lib/python3.8/site-packages/samba/netcmd/user.py
+usr/lib/python3.8/site-packages/samba/netcmd/visualize.py
+usr/lib/python3.8/site-packages/samba/ntacls.py
+usr/lib/python3.8/site-packages/samba/ntstatus.cpython-38-x86_64-linux-gnu.so
+usr/lib/python3.8/site-packages/samba/param.cpython-38-x86_64-linux-gnu.so
+usr/lib/python3.8/site-packages/samba/policy.cpython-38-x86_64-linux-gnu.so
+usr/lib/python3.8/site-packages/samba/posix_eadb.cpython-38-x86_64-linux-gnu.so
+#usr/lib/python3.8/site-packages/samba/provision
+usr/lib/python3.8/site-packages/samba/provision/__init__.py
+usr/lib/python3.8/site-packages/samba/provision/backend.py
+usr/lib/python3.8/site-packages/samba/provision/common.py
+usr/lib/python3.8/site-packages/samba/provision/kerberos.py
+usr/lib/python3.8/site-packages/samba/provision/kerberos_implementation.py
+usr/lib/python3.8/site-packages/samba/provision/sambadns.py
+usr/lib/python3.8/site-packages/samba/registry.cpython-38-x86_64-linux-gnu.so
+usr/lib/python3.8/site-packages/samba/remove_dc.py
+#usr/lib/python3.8/site-packages/samba/samba3
+usr/lib/python3.8/site-packages/samba/samba3/__init__.py
+usr/lib/python3.8/site-packages/samba/samba3/libsmb_samba_internal.cpython-38-x86_64-linux-gnu.so
+usr/lib/python3.8/site-packages/samba/samba3/mdscli.cpython-38-x86_64-linux-gnu.so
+usr/lib/python3.8/site-packages/samba/samba3/param.cpython-38-x86_64-linux-gnu.so
+usr/lib/python3.8/site-packages/samba/samba3/passdb.cpython-38-x86_64-linux-gnu.so
+usr/lib/python3.8/site-packages/samba/samba3/smbd.cpython-38-x86_64-linux-gnu.so
+usr/lib/python3.8/site-packages/samba/samdb.py
+usr/lib/python3.8/site-packages/samba/schema.py
+usr/lib/python3.8/site-packages/samba/sd_utils.py
+usr/lib/python3.8/site-packages/samba/security.cpython-38-x86_64-linux-gnu.so
+usr/lib/python3.8/site-packages/samba/sites.py
+usr/lib/python3.8/site-packages/samba/subnets.py
+#usr/lib/python3.8/site-packages/samba/subunit
+usr/lib/python3.8/site-packages/samba/subunit/__init__.py
+usr/lib/python3.8/site-packages/samba/subunit/run.py
+usr/lib/python3.8/site-packages/samba/tdb_util.py
+#usr/lib/python3.8/site-packages/samba/tests
+#usr/lib/python3.8/site-packages/samba/tests/__init__.py
+#usr/lib/python3.8/site-packages/samba/tests/audit_log_base.py
+#usr/lib/python3.8/site-packages/samba/tests/audit_log_dsdb.py
+#usr/lib/python3.8/site-packages/samba/tests/audit_log_pass_change.py
+#usr/lib/python3.8/site-packages/samba/tests/auth.py
+#usr/lib/python3.8/site-packages/samba/tests/auth_log.py
+#usr/lib/python3.8/site-packages/samba/tests/auth_log_base.py
+#usr/lib/python3.8/site-packages/samba/tests/auth_log_ncalrpc.py
+#usr/lib/python3.8/site-packages/samba/tests/auth_log_netlogon.py
+#usr/lib/python3.8/site-packages/samba/tests/auth_log_netlogon_bad_creds.py
+#usr/lib/python3.8/site-packages/samba/tests/auth_log_pass_change.py
+#usr/lib/python3.8/site-packages/samba/tests/auth_log_samlogon.py
+#usr/lib/python3.8/site-packages/samba/tests/auth_log_winbind.py
+#usr/lib/python3.8/site-packages/samba/tests/blackbox
+#usr/lib/python3.8/site-packages/samba/tests/blackbox/__init__.py
+#usr/lib/python3.8/site-packages/samba/tests/blackbox/bug13653.py
+#usr/lib/python3.8/site-packages/samba/tests/blackbox/check_output.py
+#usr/lib/python3.8/site-packages/samba/tests/blackbox/downgradedatabase.py
+#usr/lib/python3.8/site-packages/samba/tests/blackbox/mdfind.py
+#usr/lib/python3.8/site-packages/samba/tests/blackbox/ndrdump.py
+#usr/lib/python3.8/site-packages/samba/tests/blackbox/netads_json.py
+#usr/lib/python3.8/site-packages/samba/tests/blackbox/samba_dnsupdate.py
+#usr/lib/python3.8/site-packages/samba/tests/blackbox/smbcacls.py
+#usr/lib/python3.8/site-packages/samba/tests/blackbox/smbcacls_basic.py
+#usr/lib/python3.8/site-packages/samba/tests/blackbox/smbcontrol.py
+#usr/lib/python3.8/site-packages/samba/tests/blackbox/smbcontrol_process.py
+#usr/lib/python3.8/site-packages/samba/tests/blackbox/traffic_learner.py
+#usr/lib/python3.8/site-packages/samba/tests/blackbox/traffic_replay.py
+#usr/lib/python3.8/site-packages/samba/tests/blackbox/traffic_summary.py
+#usr/lib/python3.8/site-packages/samba/tests/common.py
+#usr/lib/python3.8/site-packages/samba/tests/complex_expressions.py
+#usr/lib/python3.8/site-packages/samba/tests/core.py
+#usr/lib/python3.8/site-packages/samba/tests/credentials.py
+#usr/lib/python3.8/site-packages/samba/tests/dcerpc
+#usr/lib/python3.8/site-packages/samba/tests/dcerpc/__init__.py
+#usr/lib/python3.8/site-packages/samba/tests/dcerpc/array.py
+#usr/lib/python3.8/site-packages/samba/tests/dcerpc/bare.py
+#usr/lib/python3.8/site-packages/samba/tests/dcerpc/dnsserver.py
+#usr/lib/python3.8/site-packages/samba/tests/dcerpc/integer.py
+#usr/lib/python3.8/site-packages/samba/tests/dcerpc/mdssvc.py
+#usr/lib/python3.8/site-packages/samba/tests/dcerpc/misc.py
+#usr/lib/python3.8/site-packages/samba/tests/dcerpc/raw_protocol.py
+#usr/lib/python3.8/site-packages/samba/tests/dcerpc/raw_testcase.py
+#usr/lib/python3.8/site-packages/samba/tests/dcerpc/registry.py
+#usr/lib/python3.8/site-packages/samba/tests/dcerpc/rpc_talloc.py
+#usr/lib/python3.8/site-packages/samba/tests/dcerpc/rpcecho.py
+#usr/lib/python3.8/site-packages/samba/tests/dcerpc/sam.py
+#usr/lib/python3.8/site-packages/samba/tests/dcerpc/srvsvc.py
+#usr/lib/python3.8/site-packages/samba/tests/dcerpc/string_tests.py
+#usr/lib/python3.8/site-packages/samba/tests/dcerpc/testrpc.py
+#usr/lib/python3.8/site-packages/samba/tests/dcerpc/unix.py
+#usr/lib/python3.8/site-packages/samba/tests/dckeytab.py
+#usr/lib/python3.8/site-packages/samba/tests/dns.py
+#usr/lib/python3.8/site-packages/samba/tests/dns_base.py
+#usr/lib/python3.8/site-packages/samba/tests/dns_forwarder.py
+#usr/lib/python3.8/site-packages/samba/tests/dns_forwarder_helpers
+#usr/lib/python3.8/site-packages/samba/tests/dns_forwarder_helpers/server.py
+#usr/lib/python3.8/site-packages/samba/tests/dns_invalid.py
+#usr/lib/python3.8/site-packages/samba/tests/dns_packet.py
+#usr/lib/python3.8/site-packages/samba/tests/dns_tkey.py
+#usr/lib/python3.8/site-packages/samba/tests/dns_wildcard.py
+#usr/lib/python3.8/site-packages/samba/tests/docs.py
+#usr/lib/python3.8/site-packages/samba/tests/domain_backup.py
+#usr/lib/python3.8/site-packages/samba/tests/domain_backup_offline.py
+#usr/lib/python3.8/site-packages/samba/tests/dsdb.py
+#usr/lib/python3.8/site-packages/samba/tests/dsdb_lock.py
+#usr/lib/python3.8/site-packages/samba/tests/dsdb_schema_attributes.py
+#usr/lib/python3.8/site-packages/samba/tests/emulate
+#usr/lib/python3.8/site-packages/samba/tests/emulate/__init__.py
+#usr/lib/python3.8/site-packages/samba/tests/emulate/traffic.py
+#usr/lib/python3.8/site-packages/samba/tests/emulate/traffic_packet.py
+#usr/lib/python3.8/site-packages/samba/tests/encrypted_secrets.py
+#usr/lib/python3.8/site-packages/samba/tests/gensec.py
+#usr/lib/python3.8/site-packages/samba/tests/get_opt.py
+#usr/lib/python3.8/site-packages/samba/tests/getdcname.py
+#usr/lib/python3.8/site-packages/samba/tests/glue.py
+#usr/lib/python3.8/site-packages/samba/tests/gpo.py
+#usr/lib/python3.8/site-packages/samba/tests/graph.py
+#usr/lib/python3.8/site-packages/samba/tests/group_audit.py
+#usr/lib/python3.8/site-packages/samba/tests/hostconfig.py
+#usr/lib/python3.8/site-packages/samba/tests/join.py
+#usr/lib/python3.8/site-packages/samba/tests/kcc
+#usr/lib/python3.8/site-packages/samba/tests/kcc/__init__.py
+#usr/lib/python3.8/site-packages/samba/tests/kcc/graph.py
+#usr/lib/python3.8/site-packages/samba/tests/kcc/graph_utils.py
+#usr/lib/python3.8/site-packages/samba/tests/kcc/kcc_utils.py
+#usr/lib/python3.8/site-packages/samba/tests/kcc/ldif_import_export.py
+#usr/lib/python3.8/site-packages/samba/tests/krb5
+#usr/lib/python3.8/site-packages/samba/tests/krb5/kcrypto.py
+#usr/lib/python3.8/site-packages/samba/tests/krb5/raw_testcase.py
+#usr/lib/python3.8/site-packages/samba/tests/krb5/rfc4120_pyasn1.py
+#usr/lib/python3.8/site-packages/samba/tests/krb5/s4u_tests.py
+#usr/lib/python3.8/site-packages/samba/tests/krb5/simple_tests.py
+#usr/lib/python3.8/site-packages/samba/tests/krb5/xrealm_tests.py
+#usr/lib/python3.8/site-packages/samba/tests/krb5_credentials.py
+#usr/lib/python3.8/site-packages/samba/tests/ldap_raw.py
+#usr/lib/python3.8/site-packages/samba/tests/ldap_referrals.py
+#usr/lib/python3.8/site-packages/samba/tests/libsmb.py
+#usr/lib/python3.8/site-packages/samba/tests/loadparm.py
+#usr/lib/python3.8/site-packages/samba/tests/lsa_string.py
+#usr/lib/python3.8/site-packages/samba/tests/messaging.py
+#usr/lib/python3.8/site-packages/samba/tests/net_join.py
+#usr/lib/python3.8/site-packages/samba/tests/net_join_no_spnego.py
+#usr/lib/python3.8/site-packages/samba/tests/netbios.py
+#usr/lib/python3.8/site-packages/samba/tests/netcmd.py
+#usr/lib/python3.8/site-packages/samba/tests/netlogonsvc.py
+#usr/lib/python3.8/site-packages/samba/tests/ntacls.py
+#usr/lib/python3.8/site-packages/samba/tests/ntacls_backup.py
+#usr/lib/python3.8/site-packages/samba/tests/ntlm_auth.py
+#usr/lib/python3.8/site-packages/samba/tests/ntlm_auth_base.py
+#usr/lib/python3.8/site-packages/samba/tests/ntlm_auth_krb5.py
+#usr/lib/python3.8/site-packages/samba/tests/ntlmdisabled.py
+#usr/lib/python3.8/site-packages/samba/tests/pam_winbind.py
+#usr/lib/python3.8/site-packages/samba/tests/pam_winbind_chauthtok.py
+#usr/lib/python3.8/site-packages/samba/tests/pam_winbind_warn_pwd_expire.py
+#usr/lib/python3.8/site-packages/samba/tests/param.py
+#usr/lib/python3.8/site-packages/samba/tests/password_hash.py
+#usr/lib/python3.8/site-packages/samba/tests/password_hash_fl2003.py
+#usr/lib/python3.8/site-packages/samba/tests/password_hash_fl2008.py
+#usr/lib/python3.8/site-packages/samba/tests/password_hash_gpgme.py
+#usr/lib/python3.8/site-packages/samba/tests/password_hash_ldap.py
+#usr/lib/python3.8/site-packages/samba/tests/password_quality.py
+#usr/lib/python3.8/site-packages/samba/tests/password_test.py
+#usr/lib/python3.8/site-packages/samba/tests/policy.py
+#usr/lib/python3.8/site-packages/samba/tests/posixacl.py
+#usr/lib/python3.8/site-packages/samba/tests/prefork_restart.py
+#usr/lib/python3.8/site-packages/samba/tests/process_limits.py
+#usr/lib/python3.8/site-packages/samba/tests/provision.py
+#usr/lib/python3.8/site-packages/samba/tests/pso.py
+#usr/lib/python3.8/site-packages/samba/tests/py_credentials.py
+#usr/lib/python3.8/site-packages/samba/tests/registry.py
+#usr/lib/python3.8/site-packages/samba/tests/s3idmapdb.py
+#usr/lib/python3.8/site-packages/samba/tests/s3param.py
+#usr/lib/python3.8/site-packages/samba/tests/s3passdb.py
+#usr/lib/python3.8/site-packages/samba/tests/s3registry.py
+#usr/lib/python3.8/site-packages/samba/tests/s3windb.py
+#usr/lib/python3.8/site-packages/samba/tests/samba3sam.py
+#usr/lib/python3.8/site-packages/samba/tests/samba_tool
+#usr/lib/python3.8/site-packages/samba/tests/samba_tool/__init__.py
+#usr/lib/python3.8/site-packages/samba/tests/samba_tool/base.py
+#usr/lib/python3.8/site-packages/samba/tests/samba_tool/computer.py
+#usr/lib/python3.8/site-packages/samba/tests/samba_tool/contact.py
+#usr/lib/python3.8/site-packages/samba/tests/samba_tool/demote.py
+#usr/lib/python3.8/site-packages/samba/tests/samba_tool/dnscmd.py
+#usr/lib/python3.8/site-packages/samba/tests/samba_tool/drs_clone_dc_data_lmdb_size.py
+#usr/lib/python3.8/site-packages/samba/tests/samba_tool/dsacl.py
+#usr/lib/python3.8/site-packages/samba/tests/samba_tool/forest.py
+#usr/lib/python3.8/site-packages/samba/tests/samba_tool/fsmo.py
+#usr/lib/python3.8/site-packages/samba/tests/samba_tool/gpo.py
+#usr/lib/python3.8/site-packages/samba/tests/samba_tool/group.py
+#usr/lib/python3.8/site-packages/samba/tests/samba_tool/help.py
+#usr/lib/python3.8/site-packages/samba/tests/samba_tool/join.py
+#usr/lib/python3.8/site-packages/samba/tests/samba_tool/join_lmdb_size.py
+#usr/lib/python3.8/site-packages/samba/tests/samba_tool/ntacl.py
+#usr/lib/python3.8/site-packages/samba/tests/samba_tool/ou.py
+#usr/lib/python3.8/site-packages/samba/tests/samba_tool/passwordsettings.py
+#usr/lib/python3.8/site-packages/samba/tests/samba_tool/processes.py
+#usr/lib/python3.8/site-packages/samba/tests/samba_tool/promote_dc_lmdb_size.py
+#usr/lib/python3.8/site-packages/samba/tests/samba_tool/provision_lmdb_size.py
+#usr/lib/python3.8/site-packages/samba/tests/samba_tool/provision_password_check.py
+#usr/lib/python3.8/site-packages/samba/tests/samba_tool/rodc.py
+#usr/lib/python3.8/site-packages/samba/tests/samba_tool/schema.py
+#usr/lib/python3.8/site-packages/samba/tests/samba_tool/sites.py
+#usr/lib/python3.8/site-packages/samba/tests/samba_tool/timecmd.py
+#usr/lib/python3.8/site-packages/samba/tests/samba_tool/user.py
+#usr/lib/python3.8/site-packages/samba/tests/samba_tool/user_check_password_script.py
+#usr/lib/python3.8/site-packages/samba/tests/samba_tool/user_virtualCryptSHA.py
+#usr/lib/python3.8/site-packages/samba/tests/samba_tool/user_virtualCryptSHA_base.py
+#usr/lib/python3.8/site-packages/samba/tests/samba_tool/user_virtualCryptSHA_gpg.py
+#usr/lib/python3.8/site-packages/samba/tests/samba_tool/user_virtualCryptSHA_userPassword.py
+#usr/lib/python3.8/site-packages/samba/tests/samba_tool/user_wdigest.py
+#usr/lib/python3.8/site-packages/samba/tests/samba_tool/visualize.py
+#usr/lib/python3.8/site-packages/samba/tests/samba_tool/visualize_drs.py
+#usr/lib/python3.8/site-packages/samba/tests/samba_upgradedns_lmdb.py
+#usr/lib/python3.8/site-packages/samba/tests/samdb.py
+#usr/lib/python3.8/site-packages/samba/tests/samdb_api.py
+#usr/lib/python3.8/site-packages/samba/tests/security.py
+#usr/lib/python3.8/site-packages/samba/tests/segfault.py
+#usr/lib/python3.8/site-packages/samba/tests/smb.py
+#usr/lib/python3.8/site-packages/samba/tests/smbd_base.py
+#usr/lib/python3.8/site-packages/samba/tests/smbd_fuzztest.py
+#usr/lib/python3.8/site-packages/samba/tests/source.py
+#usr/lib/python3.8/site-packages/samba/tests/strings.py
+#usr/lib/python3.8/site-packages/samba/tests/subunitrun.py
+#usr/lib/python3.8/site-packages/samba/tests/tdb_util.py
+#usr/lib/python3.8/site-packages/samba/tests/upgrade.py
+#usr/lib/python3.8/site-packages/samba/tests/upgradeprovision.py
+#usr/lib/python3.8/site-packages/samba/tests/upgradeprovisionneeddc.py
+#usr/lib/python3.8/site-packages/samba/tests/usage.py
+#usr/lib/python3.8/site-packages/samba/tests/xattr.py
+#usr/lib/python3.8/site-packages/samba/third_party
+usr/lib/python3.8/site-packages/samba/third_party/__init__.py
+usr/lib/python3.8/site-packages/samba/third_party/iso8601
+usr/lib/python3.8/site-packages/samba/third_party/iso8601/__init__.py
+usr/lib/python3.8/site-packages/samba/third_party/iso8601/iso8601.py
+usr/lib/python3.8/site-packages/samba/third_party/iso8601/test_iso8601.py
+usr/lib/python3.8/site-packages/samba/upgrade.py
+usr/lib/python3.8/site-packages/samba/upgradehelpers.py
+usr/lib/python3.8/site-packages/samba/uptodateness.py
+usr/lib/python3.8/site-packages/samba/werror.cpython-38-x86_64-linux-gnu.so
+usr/lib/python3.8/site-packages/samba/xattr.py
+usr/lib/python3.8/site-packages/samba/xattr_native.cpython-38-x86_64-linux-gnu.so
+usr/lib/python3.8/site-packages/samba/xattr_tdb.cpython-38-x86_64-linux-gnu.so
+usr/lib/python3.8/site-packages/talloc.cpython-38-x86_64-linux-gnu.so
+usr/lib/python3.8/site-packages/tdb.cpython-38-x86_64-linux-gnu.so
+usr/lib/python3.8/site-packages/tevent.py
+#usr/lib/samba
+usr/lib/samba/idmap
+usr/lib/samba/idmap/ad.so
+usr/lib/samba/idmap/autorid.so
+usr/lib/samba/idmap/hash.so
+usr/lib/samba/idmap/rfc2307.so
+usr/lib/samba/idmap/rid.so
+usr/lib/samba/idmap/script.so
+usr/lib/samba/idmap/tdb2.so
+#usr/lib/samba/krb5
+usr/lib/samba/krb5/winbind_krb5_locator.so
+#usr/lib/samba/ldb
+usr/lib/samba/ldb/asq.so
+usr/lib/samba/ldb/ildap.so
+usr/lib/samba/ldb/ldb.so
+usr/lib/samba/ldb/ldbsamba_extensions.so
+usr/lib/samba/ldb/paged_searches.so
+usr/lib/samba/ldb/rdn_name.so
+usr/lib/samba/ldb/sample.so
+usr/lib/samba/ldb/server_sort.so
+usr/lib/samba/ldb/skel.so
+usr/lib/samba/ldb/tdb.so
+usr/lib/samba/libCHARSET3-samba4.so
+usr/lib/samba/libLIBWBCLIENT-OLD-samba4.so
+usr/lib/samba/libMESSAGING-SEND-samba4.so
+usr/lib/samba/libMESSAGING-samba4.so
+usr/lib/samba/libaddns-samba4.so
+usr/lib/samba/libads-samba4.so
+usr/lib/samba/libasn1-samba4.so.8
+usr/lib/samba/libasn1-samba4.so.8.0.0
+usr/lib/samba/libasn1util-samba4.so
+usr/lib/samba/libauth-samba4.so
+usr/lib/samba/libauth-unix-token-samba4.so
+usr/lib/samba/libauth4-samba4.so
+usr/lib/samba/libauthkrb5-samba4.so
+usr/lib/samba/libcli-cldap-samba4.so
+usr/lib/samba/libcli-ldap-common-samba4.so
+usr/lib/samba/libcli-ldap-samba4.so
+usr/lib/samba/libcli-nbt-samba4.so
+usr/lib/samba/libcli-smb-common-samba4.so
+usr/lib/samba/libcli-spoolss-samba4.so
+usr/lib/samba/libcliauth-samba4.so
+usr/lib/samba/libclidns-samba4.so
+usr/lib/samba/libcluster-samba4.so
+usr/lib/samba/libcmdline-contexts-samba4.so
+usr/lib/samba/libcmdline-credentials-samba4.so
+usr/lib/samba/libcmocka-samba4.so
+usr/lib/samba/libcom_err-samba4.so.0
+usr/lib/samba/libcom_err-samba4.so.0.25
+usr/lib/samba/libcommon-auth-samba4.so
+usr/lib/samba/libdbwrap-samba4.so
+usr/lib/samba/libdcerpc-samba-samba4.so
+usr/lib/samba/libdcerpc-samba4.so
+usr/lib/samba/libdsdb-module-samba4.so
+usr/lib/samba/libevents-samba4.so
+usr/lib/samba/libflag-mapping-samba4.so
+usr/lib/samba/libgenrand-samba4.so
+usr/lib/samba/libgensec-samba4.so
+usr/lib/samba/libgpext-samba4.so
+usr/lib/samba/libgpo-samba4.so
+usr/lib/samba/libgse-samba4.so
+usr/lib/samba/libgssapi-samba4.so.2
+usr/lib/samba/libgssapi-samba4.so.2.0.0
+usr/lib/samba/libhcrypto-samba4.so.5
+usr/lib/samba/libhcrypto-samba4.so.5.0.1
+usr/lib/samba/libhdb-samba4.so.11
+usr/lib/samba/libhdb-samba4.so.11.0.2
+usr/lib/samba/libheimbase-samba4.so.1
+usr/lib/samba/libheimbase-samba4.so.1.0.0
+usr/lib/samba/libheimntlm-samba4.so.1
+usr/lib/samba/libheimntlm-samba4.so.1.0.1
+usr/lib/samba/libhttp-samba4.so
+usr/lib/samba/libhx509-samba4.so.5
+usr/lib/samba/libhx509-samba4.so.5.0.0
+usr/lib/samba/libidmap-samba4.so
+usr/lib/samba/libinterfaces-samba4.so
+usr/lib/samba/libiov-buf-samba4.so
+usr/lib/samba/libkdc-samba4.so.2
+usr/lib/samba/libkdc-samba4.so.2.0.0
+usr/lib/samba/libkrb5-samba4.so.26
+usr/lib/samba/libkrb5-samba4.so.26.0.0
+usr/lib/samba/libkrb5samba-samba4.so
+usr/lib/samba/libldb-cmdline-samba4.so
+usr/lib/samba/libldb-key-value-samba4.so
+usr/lib/samba/libldb-tdb-err-map-samba4.so
+usr/lib/samba/libldb-tdb-int-samba4.so
+usr/lib/samba/libldb.so.2
+usr/lib/samba/libldb.so.2.2.0
+usr/lib/samba/libldbsamba-samba4.so
+usr/lib/samba/liblibcli-lsa3-samba4.so
+usr/lib/samba/liblibcli-netlogon3-samba4.so
+usr/lib/samba/liblibsmb-samba4.so
+usr/lib/samba/libmessages-dgm-samba4.so
+usr/lib/samba/libmessages-util-samba4.so
+usr/lib/samba/libmsghdr-samba4.so
+usr/lib/samba/libmsrpc3-samba4.so
+usr/lib/samba/libndr-samba-samba4.so
+usr/lib/samba/libndr-samba4.so
+usr/lib/samba/libnet-keytab-samba4.so
+usr/lib/samba/libnetif-samba4.so
+usr/lib/samba/libnpa-tstream-samba4.so
+usr/lib/samba/libnss-info-samba4.so
+usr/lib/samba/libpopt-samba3-cmdline-samba4.so
+usr/lib/samba/libpopt-samba3-samba4.so
+usr/lib/samba/libposix-eadb-samba4.so
+usr/lib/samba/libprinter-driver-samba4.so
+usr/lib/samba/libprinting-migrate-samba4.so
+usr/lib/samba/libpyldb-util.cpython-38-x86-64-linux-gnu.so.2
+usr/lib/samba/libpyldb-util.cpython-38-x86-64-linux-gnu.so.2.2.0
+usr/lib/samba/libpytalloc-util.cpython-38-x86-64-linux-gnu.so.2
+usr/lib/samba/libpytalloc-util.cpython-38-x86-64-linux-gnu.so.2.3.1
+usr/lib/samba/libregistry-samba4.so
+usr/lib/samba/libreplace-samba4.so
+usr/lib/samba/libroken-samba4.so.19
+usr/lib/samba/libroken-samba4.so.19.0.1
+usr/lib/samba/libsamba-cluster-support-samba4.so
+usr/lib/samba/libsamba-debug-samba4.so
+usr/lib/samba/libsamba-modules-samba4.so
+usr/lib/samba/libsamba-net.cpython-38-x86-64-linux-gnu-samba4.so
+usr/lib/samba/libsamba-python.cpython-38-x86-64-linux-gnu-samba4.so
+usr/lib/samba/libsamba-security-samba4.so
+usr/lib/samba/libsamba-sockets-samba4.so
+usr/lib/samba/libsamba3-util-samba4.so
+usr/lib/samba/libsamdb-common-samba4.so
+usr/lib/samba/libsecrets3-samba4.so
+usr/lib/samba/libserver-id-db-samba4.so
+usr/lib/samba/libserver-role-samba4.so
+usr/lib/samba/libshares-samba4.so
+usr/lib/samba/libsmb-transport-samba4.so
+usr/lib/samba/libsmbclient-raw-samba4.so
+usr/lib/samba/libsmbd-base-samba4.so
+usr/lib/samba/libsmbd-conn-samba4.so
+usr/lib/samba/libsmbd-shim-samba4.so
+usr/lib/samba/libsmbldaphelper-samba4.so
+usr/lib/samba/libsmbpasswdparser-samba4.so
+usr/lib/samba/libsocket-blocking-samba4.so
+usr/lib/samba/libsys-rw-samba4.so
+usr/lib/samba/libtalloc-report-printf-samba4.so
+usr/lib/samba/libtalloc-report-samba4.so
+usr/lib/samba/libtalloc.so.2
+usr/lib/samba/libtalloc.so.2.3.1
+usr/lib/samba/libtdb-wrap-samba4.so
+usr/lib/samba/libtdb.so.1
+usr/lib/samba/libtdb.so.1.4.3
+usr/lib/samba/libtevent.so.0
+usr/lib/samba/libtevent.so.0.10.2
+usr/lib/samba/libtime-basic-samba4.so
+usr/lib/samba/libtorture-samba4.so
+usr/lib/samba/libtrusts-util-samba4.so
+usr/lib/samba/libutil-cmdline-samba4.so
+usr/lib/samba/libutil-reg-samba4.so
+usr/lib/samba/libutil-setid-samba4.so
+usr/lib/samba/libutil-tdb-samba4.so
+usr/lib/samba/libwinbind-client-samba4.so
+usr/lib/samba/libwind-samba4.so.0
+usr/lib/samba/libwind-samba4.so.0.0.0
+usr/lib/samba/libxattr-tdb-samba4.so
+usr/lib/samba/nss_info
+usr/lib/samba/nss_info/hash.so
+usr/lib/samba/nss_info/rfc2307.so
+usr/lib/samba/nss_info/sfu.so
+usr/lib/samba/nss_info/sfu20.so
+#usr/lib/samba/vfs
+usr/lib/samba/vfs/acl_tdb.so
+usr/lib/samba/vfs/acl_xattr.so
+usr/lib/samba/vfs/aio_fork.so
+usr/lib/samba/vfs/aio_pthread.so
+usr/lib/samba/vfs/audit.so
+usr/lib/samba/vfs/btrfs.so
+usr/lib/samba/vfs/cap.so
+usr/lib/samba/vfs/catia.so
+usr/lib/samba/vfs/commit.so
+usr/lib/samba/vfs/crossrename.so
+usr/lib/samba/vfs/default_quota.so
+usr/lib/samba/vfs/dirsort.so
+usr/lib/samba/vfs/expand_msdfs.so
+usr/lib/samba/vfs/extd_audit.so
+usr/lib/samba/vfs/fake_perms.so
+usr/lib/samba/vfs/fileid.so
+usr/lib/samba/vfs/fruit.so
+usr/lib/samba/vfs/full_audit.so
+usr/lib/samba/vfs/glusterfs_fuse.so
+usr/lib/samba/vfs/gpfs.so
+usr/lib/samba/vfs/linux_xfs_sgid.so
+usr/lib/samba/vfs/media_harmony.so
+usr/lib/samba/vfs/offline.so
+usr/lib/samba/vfs/preopen.so
+usr/lib/samba/vfs/readahead.so
+usr/lib/samba/vfs/readonly.so
+usr/lib/samba/vfs/recycle.so
+usr/lib/samba/vfs/shadow_copy.so
+usr/lib/samba/vfs/shadow_copy2.so
+usr/lib/samba/vfs/shell_snap.so
+usr/lib/samba/vfs/snapper.so
+usr/lib/samba/vfs/streams_depot.so
+usr/lib/samba/vfs/streams_xattr.so
+usr/lib/samba/vfs/syncops.so
+usr/lib/samba/vfs/time_audit.so
+usr/lib/samba/vfs/unityed_media.so
+usr/lib/samba/vfs/virusfilter.so
+usr/lib/samba/vfs/widelinks.so
+usr/lib/samba/vfs/worm.so
+usr/lib/samba/vfs/xattr_tdb.so
+usr/lib/security
+usr/lib/security/pam_winbind.so
+#usr/libexec/samba
+usr/libexec/samba/smbspool_krb5_wrapper
+usr/sbin/eventlogadm
+usr/sbin/nmbd
+usr/sbin/samba-gpupdate
+usr/sbin/smbd
+usr/sbin/winbindd
+var/ipfire/backup/addons/includes/samba
+#var/ipfire/samba
+var/ipfire/samba/default.global
+var/ipfire/samba/default.pdc
+var/ipfire/samba/default.printer
+var/ipfire/samba/default.settings
+var/ipfire/samba/default.shares
+var/ipfire/samba/global
+var/ipfire/samba/pdc
+var/ipfire/samba/printer
+#var/ipfire/samba/private
+var/ipfire/samba/private/secrets.tdb
+var/ipfire/samba/private/smbpasswd
+var/ipfire/samba/settings
+var/ipfire/samba/shares
+var/ipfire/samba/smb.conf
+var/ipfire/samba/smb.conf.default
+var/lib/samba
+var/lib/samba/bind-dns
+var/lib/samba/private
+var/lib/samba/winbindd_privileged
+var/log/samba
+var/nmbd
+srv/web/ipfire/cgi-bin/samba.cgi
+srv/web/ipfire/cgi-bin/sambahlp.cgi
+var/ipfire/menu.d/EX-samba.menu
+usr/local/bin/sambactrl

lfs/samba

@@ -1,7 +1,7 @@
 ###############################################################################
 #                                                                             #
 # IPFire.org - A linux based firewall                                         #
-# Copyright (C) 2007-2018  IPFire Team  <info@ipfire.org>                     #
+# Copyright (C) 2007-2020  IPFire Team  <info@ipfire.org>                     #
 #                                                                             #
 # This program is free software: you can redistribute it and/or modify        #
 # it under the terms of the GNU General Public License as published by        #
@@ -24,7 +24,7 @@
 
 include Config
 
-VER        = 3.6.25
+VER        = 4.13.0
 
 THISAPP    = samba-$(VER)
 DL_FILE    = $(THISAPP).tar.gz
@@ -32,9 +32,9 @@ DL_FROM    = $(URL_IPFIRE)
 DIR_APP    = $(DIR_SRC)/$(THISAPP)
 TARGET     = $(DIR_INFO)/$(THISAPP)
 PROG       = samba
-PAK_VER    = 68
+PAK_VER    = 69
 
-DEPS       = cups krb5
+DEPS       = cups libtirpc krb5 perl-Parse-Yapp
 
 ###############################################################################
 # Top-level Rules
@@ -44,7 +44,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_MD5 = 76da2fa64edd94a0188531e7ecb27c4e
+$(DL_FILE)_MD5 = a7f5cccac09d638b3bd11204003b7e7b
 
 install : $(TARGET)
 
@@ -77,117 +77,26 @@ $(subst %,%_MD5,$(objects)) :
 $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
 	@$(PREBUILD)
 	@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
-	$(UPDATE_AUTOMAKE)
-
-	# Apply patches from RHEL6
-	# Upstream patches
-	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/samba-3.6.99-fix_nbt_query_with_many_components.patch
-	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/samba-3.6.99-fix_group_expansion_with_nss_templates.patch
-	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/samba-3.6.99-fix_group_expansion_in_service_path.patch
-	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/samba-3.6.99-fix_memleak_in_printer_list.patch
-	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/samba-3.6.99-fix_lookups_with_one_way_trusts.patch
-	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/samba-3.6.99-fix_setup_domain_child_logic.patch
-	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/samba-3.6.99-fix_force_user_with_security_ads.patch
-	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/samba-3.6.99-add_timeout_option_to_smbclient.patch
-	# Additional Red Hat patches
-	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/samba-3.2.0pre1-pipedir.patch
-	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/samba-3.2.0pre1-grouppwd.patch
-	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/samba-3.2.5-inotify.patch
-	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/samba-3.5.11-idmapdebug.patch
-	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/samba-3.5.11-docs.patch
-	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/samba-3.5.11-nss_info_doc.patch
-	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/samba-3.5.11-wbinfo_manpage.patch
-	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/samba-3.5.12-dns.patch
-	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/samba-3.5.12-pam_radio_type.patch
-	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/samba-3.6.18-fix_net_ads_join_segfault.patch
-	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/samba-3.6.19-valid_users_doc.patch
-	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/samba-3.6.23-gecos.patch
-	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/samba-3.6.23-glusterfs.patch
-	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/samba-3.6.23-libsmbclient.patch
-	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/samba-3.6.23-fix_libads_krb5_ipv6.patch
-	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/samba-3.6.26-smb2_case_sensitive.patch
-	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/samba-3.6.99-fix_gecos_interactive.patch
-	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/samba-3.6.99-fix_dropbox_share.patch
-	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/samba-3.6.99-add_spoolss_os_version.patch
-	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/samba-3.6.99-nt_printer_publish_guid.patch
-	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/samba-3.6.99-fix_keytab_null_termination.patch
-	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/samba-3.6.99-fix_printcap_cpu_utilization.patch
-	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/samba-3.6.99-fix_smbclient_ntlmv2_auth.patch
-	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/samba-3.6.99-fix_smb_conf_doc.patch
-	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/samba-3.6.99-bug-1117059.patch
-	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/samba-3.6.99-bug-1192211.patch
-	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/samba-3.6.99-fix_usergroup_cache_lookup.patch
-	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/samba-3.6.99-fix_force_user_winbind_default_domain.patch
-	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/samba-3.6.99-fix_rpcclient_timeout_command.patch
-	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/samba-3.6.99-fix_force_group.patch
-	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/samba-3.6.99-fix_pam_winbind_parsing_segfault.patch
-	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/samba-3.6.99-fix_mangling_hash_segfault.patch
-	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/samba-3.6.99-doc_netbios_name_length_limit.patch
-	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/samba-3.6.99-fix_map_to_guest_bad_uid.patch
-	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/samba-3.6.99-fix_security_server_share_access.patch
-	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/samba-3.6.99-fix_stale_printer_entries_on_rename.patch
-	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/CVE-2015-5299-v3-6-bso11529.patch
-	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/CVE-2015-5296-v3-6-bso11536.patch
-	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/CVE-2015-5252-v3-6-bso11395.patch
-	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/CVE-2015-5330-v3-6-bso11599.patch
-	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/samba-3.6.99-net_ads_join_no_dns_updates.patch
-	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/samba-3.6.99-asserted_identity_sid-S-1-18-1.patch
-	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/CVE-2015-7560-v3-6.patch
-	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/samba-3.6.99-fix_symlink_verification.patch
-	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/CVE-preparation-v3-6.patch
-	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/CVE-2016-2110-v3-6.patch
-	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/CVE-2016-2111-v3-6.patch
-	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/CVE-2016-2112-v3-6.patch
-	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/CVE-2016-2115-v3-6.patch
-	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/CVE-2016-2118-v3-6.patch
-	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/CVE-2015-5370-v3-6.patch
-	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/samba-3.6.99-fix_winbind_cache_memory_leak.patch
-	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/samba-3.6.99-fix_memleak_winbind_cached_creds.patch
-	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/samba-3.6.99-idmap_ad_memleak.patch
-	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/samba-3.6.99-libsmb_fix_dfs_connections.patch
-	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/samba-3.6.99-2110-ntlmssp-session-setup-nas.patch
-	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/samba-3.6.99-fix_rpc_query_user_list.patch
-	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/samba-3.6.99-nt_printer_unpublish_fix.patch
-	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/CVE-2016-2126-v3.6.patch
-	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/CVE-2016-2125-v3.6.patch
-	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/samba-3.6.99-fix_member_auth_after_changed_secret.patch
-	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/samba-3.6.99-fix_dirsort_ea-support.patch
-	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/CVE-2017-7494-v3-6.patch
-	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/samba-3.6.99-winbind_fix_trusted_domain_handling.patch
-	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/CVE-2017-2619.patch
-	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/CVE-2017-12150-v3-6.patch
-	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/CVE-2017-12163.patch
-	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/CVE-2017-15275.patch
-	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/doc-update.patch
-
-	cd $(DIR_APP)/source3 && ./autogen.sh
-	cd $(DIR_APP)/source3 && ./configure \
+	cd $(DIR_APP) && ./configure \
 		--prefix=/usr \
 		--libdir=/usr/lib/ \
 		--sysconfdir=/var/ipfire \
 		--localstatedir=/var \
+		--without-ad-dc \
 		--with-cachedir=/var/lib/samba \
 		--with-lockdir=/var/lib/samba \
 		--with-piddir=/var/run \
 		--with-ads \
 		--with-acl-support \
-		--with-libsmbclient \
-		--with-libsmbsharemodes \
 		--with-sendfile-support \
-		--with-fhs \
 		--with-winbind \
-		--disable-swat \
+		--enable-fhs \
 		--enable-cups \
 		--disable-avahi \
 		--with-syslog
-	cd $(DIR_APP)/source3 && make $(MAKETUNING) idl_full
-	cd $(DIR_APP)/source3 && make $(MAKETUNING) proto && make all $(MAKETUNING) $(EXTRA_MAKE)
-	cd $(DIR_APP)/source3 && make install
-	cd $(DIR_APP)/source3 && chmod -v 644 /usr/include/libsmbclient.h
-	#cd $(DIR_APP)/source3 && install -v -m755 nsswitch/libnss_wins.so /lib
-	#cd $(DIR_APP)/source3 && install -v -m755 nsswitch/libnss_winbind.so /lib
-	#cd $(DIR_APP)/source3 && ln -v -sf libnss_winbind.so /lib/libnss_winbind.so.2
-	#cd $(DIR_APP)/source3 && ln -v -sf libnss_wins.so /lib/libnss_wins.so.2
+	cd $(DIR_APP) && make $(MAKETUNING) $(EXTRA_MAKE)
+	cd $(DIR_APP) && make install
+
 	-mkdir -p /var/ipfire/samba
 	cd $(DIR_APP)/source3 && install -v -m644 ../examples/smb.conf.default /var/ipfire/samba
 	cp -vrf $(DIR_SRC)/config/samba/* /var/ipfire/samba/
@@ -198,6 +107,8 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
 	cp -vfp /var/ipfire/samba/default.shares /var/ipfire/samba/shares
 	cp -vfp /var/ipfire/samba/default.printer /var/ipfire/samba/printer
 	cat /var/ipfire/samba/global /var/ipfire/samba/shares > /var/ipfire/samba/smb.conf
+	rm -rf /var/lib/samba/private
+	ln -s /var/ipfire/samba/private /var/lib/samba/private
 	-mkdir -p /var/log/samba
 	install -v -m 644 $(DIR_SRC)/config/backup/includes/samba /var/ipfire/backup/addons/includes/samba
 

src/patches/samba/CVE-2015-5252-v3-6-bso11395.patch

@@ -1,44 +0,0 @@
-From 2e94b6ec10f1d15e24867bab3063bb85f173406a Mon Sep 17 00:00:00 2001
-From: Jeremy Allison <jra@samba.org>
-Date: Thu, 9 Jul 2015 10:58:11 -0700
-Subject: [PATCH] CVE-2015-5252: s3: smbd: Fix symlink verification (file
- access outside the share).
-
-Ensure matching component ends in '/' or '\0'.
-
-BUG: https://bugzilla.samba.org/show_bug.cgi?id=11395
-
-Signed-off-by: Jeremy Allison <jra@samba.org>
-Reviewed-by: Volker Lendecke <vl@samba.org>
----
- source3/smbd/vfs.c | 7 +++++--
- 1 file changed, 5 insertions(+), 2 deletions(-)
-
-diff --git a/source3/smbd/vfs.c b/source3/smbd/vfs.c
-index 6c56964..bd93b7f 100644
---- a/source3/smbd/vfs.c
-+++ b/source3/smbd/vfs.c
-@@ -982,6 +982,7 @@ NTSTATUS check_reduced_name(connection_struct *conn, const char *fname)
- 	if (!allow_widelinks || !allow_symlinks) {
- 		const char *conn_rootdir;
- 		size_t rootdir_len;
-+		bool matched;
- 
- 		conn_rootdir = SMB_VFS_CONNECTPATH(conn, fname);
- 		if (conn_rootdir == NULL) {
-@@ -992,8 +993,10 @@ NTSTATUS check_reduced_name(connection_struct *conn, const char *fname)
- 		}
- 
- 		rootdir_len = strlen(conn_rootdir);
--		if (strncmp(conn_rootdir, resolved_name,
--				rootdir_len) != 0) {
-+		matched = (strncmp(conn_rootdir, resolved_name,
-+				rootdir_len) == 0);
-+		if (!matched || (resolved_name[rootdir_len] != '/' &&
-+				 resolved_name[rootdir_len] != '\0')) {
- 			DEBUG(2, ("check_reduced_name: Bad access "
- 				"attempt: %s is a symlink outside the "
- 				"share path\n", fname));
--- 
-2.5.0
-

src/patches/samba/CVE-2015-5296-v3-6-bso11536.patch

@@ -1,113 +0,0 @@
-From 25139116756cc285a3a5534834cc276ef1b7baaa Mon Sep 17 00:00:00 2001
-From: Stefan Metzmacher <metze@samba.org>
-Date: Wed, 30 Sep 2015 21:17:02 +0200
-Subject: [PATCH 1/2] CVE-2015-5296: s3:libsmb: force signing when requiring
- encryption in do_connect()
-
-BUG: https://bugzilla.samba.org/show_bug.cgi?id=11536
-
-Signed-off-by: Stefan Metzmacher <metze@samba.org>
-Reviewed-by: Jeremy Allison <jra@samba.org>
----
- source3/libsmb/clidfs.c | 7 ++++++-
- 1 file changed, 6 insertions(+), 1 deletion(-)
-
-diff --git a/source3/libsmb/clidfs.c b/source3/libsmb/clidfs.c
-index 23e1471..f153b6b 100644
---- a/source3/libsmb/clidfs.c
-+++ b/source3/libsmb/clidfs.c
-@@ -98,6 +98,11 @@ static struct cli_state *do_connect(TALLOC_CTX *ctx,
- 	const char *username;
- 	const char *password;
- 	NTSTATUS status;
-+	int signing_state = get_cmdline_auth_info_signing_state(auth_info);
-+
-+	if (force_encrypt) {
-+		signing_state = Required;
-+	}
- 
- 	/* make a copy so we don't modify the global string 'service' */
- 	servicename = talloc_strdup(ctx,share);
-@@ -132,7 +137,7 @@ static struct cli_state *do_connect(TALLOC_CTX *ctx,
- 	zero_sockaddr(&ss);
- 
- 	/* have to open a new connection */
--	c = cli_initialise_ex(get_cmdline_auth_info_signing_state(auth_info));
-+	c = cli_initialise_ex(signing_state);
- 	if (c == NULL) {
- 		d_printf("Connection to %s failed\n", server_n);
- 		return NULL;
--- 
-2.5.0
-
-
-From 060adb0abdeda51b8b622c6020b5dea0c8dde1cf Mon Sep 17 00:00:00 2001
-From: Stefan Metzmacher <metze@samba.org>
-Date: Wed, 30 Sep 2015 21:17:02 +0200
-Subject: [PATCH 2/2] CVE-2015-5296: s3:libsmb: force signing when requiring
- encryption in SMBC_server_internal()
-
-BUG: https://bugzilla.samba.org/show_bug.cgi?id=11536
-
-Signed-off-by: Stefan Metzmacher <metze@samba.org>
-Reviewed-by: Jeremy Allison <jra@samba.org>
----
- source3/libsmb/libsmb_server.c | 13 +++++++++++--
- 1 file changed, 11 insertions(+), 2 deletions(-)
-
-diff --git a/source3/libsmb/libsmb_server.c b/source3/libsmb/libsmb_server.c
-index 45be660..167f2c9 100644
---- a/source3/libsmb/libsmb_server.c
-+++ b/source3/libsmb/libsmb_server.c
-@@ -258,6 +258,7 @@ SMBC_server_internal(TALLOC_CTX *ctx,
-         const char *username_used;
-  	NTSTATUS status;
- 	char *newserver, *newshare;
-+	int signing_state = Undefined;
- 
- 	zero_sockaddr(&ss);
- 	ZERO_STRUCT(c);
-@@ -404,8 +405,12 @@ again:
- 
- 	zero_sockaddr(&ss);
- 
-+	if (context->internal->smb_encryption_level != SMBC_ENCRYPTLEVEL_NONE) {
-+		signing_state = Required;
-+	}
-+
- 	/* have to open a new connection */
--	if ((c = cli_initialise()) == NULL) {
-+	if ((c = cli_initialise_ex(signing_state)) == NULL) {
- 		errno = ENOMEM;
- 		return NULL;
- 	}
-@@ -750,6 +755,7 @@ SMBC_attr_server(TALLOC_CTX *ctx,
-         ipc_srv = SMBC_find_server(ctx, context, server, "*IPC$",
-                                    pp_workgroup, pp_username, pp_password);
-         if (!ipc_srv) {
-+		int signing_state = Undefined;
- 
-                 /* We didn't find a cached connection.  Get the password */
- 		if (!*pp_password || (*pp_password)[0] == '\0') {
-@@ -771,6 +777,9 @@ SMBC_attr_server(TALLOC_CTX *ctx,
-                 if (smbc_getOptionUseCCache(context)) {
-                         flags |= CLI_FULL_CONNECTION_USE_CCACHE;
-                 }
-+		if (context->internal->smb_encryption_level != SMBC_ENCRYPTLEVEL_NONE) {
-+			signing_state = Required;
-+		}
- 
-                 zero_sockaddr(&ss);
-                 nt_status = cli_full_connection(&ipc_cli,
-@@ -780,7 +789,7 @@ SMBC_attr_server(TALLOC_CTX *ctx,
- 						*pp_workgroup,
- 						*pp_password,
- 						flags,
--						Undefined);
-+						signing_state);
-                 if (! NT_STATUS_IS_OK(nt_status)) {
-                         DEBUG(1,("cli_full_connection failed! (%s)\n",
-                                  nt_errstr(nt_status)));
--- 
-2.5.0
-

src/patches/samba/CVE-2015-5299-v3-6-bso11529.patch

@@ -1,98 +0,0 @@
-From 8e49de7754f7171a58a1f94dee0f1138dbee3c60 Mon Sep 17 00:00:00 2001
-From: Jeremy Allison <jra@samba.org>
-Date: Fri, 23 Oct 2015 14:54:31 -0700
-Subject: [PATCH] CVE-2015-5299: s3-shadow-copy2: fix missing access check on
- snapdir
-
-Fix originally from <partha@exablox.com>
-
-https://bugzilla.samba.org/show_bug.cgi?id=11529
-
-Signed-off-by: Jeremy Allison <jra@samba.org>
-Reviewed-by: David Disseldorp <ddiss@samba.org>
----
- source3/modules/vfs_shadow_copy2.c | 47 ++++++++++++++++++++++++++++++++++++++
- 1 file changed, 47 insertions(+)
-
-diff --git a/source3/modules/vfs_shadow_copy2.c b/source3/modules/vfs_shadow_copy2.c
-index fedfb53..16c1ed7 100644
---- a/source3/modules/vfs_shadow_copy2.c
-+++ b/source3/modules/vfs_shadow_copy2.c
-@@ -21,6 +21,8 @@
- 
- #include "includes.h"
- #include "smbd/smbd.h"
-+#include "smbd/globals.h"
-+#include "../libcli/security/security.h"
- #include "system/filesys.h"
- #include "ntioctl.h"
- 
-@@ -764,6 +766,43 @@ static int shadow_copy2_mkdir(vfs_handle_struct *handle,  const char *fname, mod
-         SHADOW2_NEXT(MKDIR, (handle, name, mode), int, -1);
- }
- 
-+static bool check_access_snapdir(struct vfs_handle_struct *handle,
-+				const char *path)
-+{
-+	struct smb_filename smb_fname;
-+	int ret;
-+	NTSTATUS status;
-+	uint32_t access_granted = 0;
-+
-+	ZERO_STRUCT(smb_fname);
-+	smb_fname.base_name = talloc_asprintf(talloc_tos(),
-+						"%s",
-+						path);
-+	if (smb_fname.base_name == NULL) {
-+		return false;
-+	}
-+
-+	ret = SMB_VFS_NEXT_STAT(handle, &smb_fname);
-+	if (ret != 0 || !S_ISDIR(smb_fname.st.st_ex_mode)) {
-+		TALLOC_FREE(smb_fname.base_name);
-+		return false;
-+	}
-+
-+	status = smbd_check_open_rights(handle->conn,
-+					&smb_fname,
-+					SEC_DIR_LIST,
-+					&access_granted);
-+	if (!NT_STATUS_IS_OK(status)) {
-+		DEBUG(0,("user does not have list permission "
-+			"on snapdir %s\n",
-+			smb_fname.base_name));
-+		TALLOC_FREE(smb_fname.base_name);
-+		return false;
-+	}
-+	TALLOC_FREE(smb_fname.base_name);
-+	return true;
-+}
-+
- static int shadow_copy2_rmdir(vfs_handle_struct *handle,  const char *fname)
- {
-         SHADOW2_NEXT(RMDIR, (handle, name), int, -1);
-@@ -877,6 +916,7 @@ static int shadow_copy2_get_shadow_copy2_data(vfs_handle_struct *handle,
- 	SMB_STRUCT_DIRENT *d;
- 	TALLOC_CTX *tmp_ctx = talloc_new(handle->data);
- 	char *snapshot;
-+	bool ret;
- 
- 	snapdir = shadow_copy2_find_snapdir(tmp_ctx, handle);
- 	if (snapdir == NULL) {
-@@ -886,6 +926,13 @@ static int shadow_copy2_get_shadow_copy2_data(vfs_handle_struct *handle,
- 		talloc_free(tmp_ctx);
- 		return -1;
- 	}
-+	ret = check_access_snapdir(handle, snapdir);
-+	if (!ret) {
-+		DEBUG(0,("access denied on listing snapdir %s\n", snapdir));
-+		errno = EACCES;
-+		talloc_free(tmp_ctx);
-+		return -1;
-+	}
- 
- 	p = SMB_VFS_NEXT_OPENDIR(handle, snapdir, NULL, 0);
- 
--- 
-2.5.0
-

src/patches/samba/CVE-2015-5330-v3-6-bso11599.patch

@@ -1,214 +0,0 @@
-From a96c0528c68093d155b674269a9c8bf48315fc01 Mon Sep 17 00:00:00 2001
-From: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
-Date: Tue, 24 Nov 2015 13:47:16 +1300
-Subject: [PATCH 1/3] CVE-2015-5330: Fix handling of unicode near string
- endings
-
-Until now next_codepoint_ext() and next_codepoint_handle_ext() were
-using strnlen(str, 5) to determine how much string they should try to
-decode. This ended up looking past the end of the string when it was not
-null terminated and the final character looked like a multi-byte encoding.
-The fix is to let the caller say how long the string can be.
-
-Bug: https://bugzilla.samba.org/show_bug.cgi?id=11599
-
-Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
-Pair-programmed-with: Andrew Bartlett <abartlet@samba.org>
-Reviewed-by: Ralph Boehme <slow@samba.org>
----
- lib/util/charset/charset.h     |  9 +++++----
- lib/util/charset/codepoints.c  | 19 +++++++++++++------
- lib/util/charset/util_unistr.c |  5 ++++-
- source3/lib/util_str.c         |  2 +-
- 4 files changed, 23 insertions(+), 12 deletions(-)
-
-diff --git a/lib/util/charset/charset.h b/lib/util/charset/charset.h
-index 474d77e..b70aa61 100644
---- a/lib/util/charset/charset.h
-+++ b/lib/util/charset/charset.h
-@@ -175,15 +175,16 @@ smb_iconv_t get_conv_handle(struct smb_iconv_convenience *ic,
- 			    charset_t from, charset_t to);
- const char *charset_name(struct smb_iconv_convenience *ic, charset_t ch);
- 
--codepoint_t next_codepoint_ext(const char *str, charset_t src_charset,
--			       size_t *size);
-+codepoint_t next_codepoint_ext(const char *str, size_t len,
-+			       charset_t src_charset, size_t *size);
- codepoint_t next_codepoint(const char *str, size_t *size);
- ssize_t push_codepoint(char *str, codepoint_t c);
- 
- /* codepoints */
- codepoint_t next_codepoint_convenience_ext(struct smb_iconv_convenience *ic,
--			    const char *str, charset_t src_charset,
--			    size_t *size);
-+					   const char *str, size_t len,
-+					   charset_t src_charset,
-+					   size_t *size);
- codepoint_t next_codepoint_convenience(struct smb_iconv_convenience *ic, 
- 			    const char *str, size_t *size);
- ssize_t push_codepoint_convenience(struct smb_iconv_convenience *ic, 
-diff --git a/lib/util/charset/codepoints.c b/lib/util/charset/codepoints.c
-index 5ee95a8..8dd647e 100644
---- a/lib/util/charset/codepoints.c
-+++ b/lib/util/charset/codepoints.c
-@@ -346,7 +346,8 @@ smb_iconv_t get_conv_handle(struct smb_iconv_convenience *ic,
-  */
- _PUBLIC_ codepoint_t next_codepoint_convenience_ext(
- 			struct smb_iconv_convenience *ic,
--			const char *str, charset_t src_charset,
-+			const char *str, size_t len,
-+			charset_t src_charset,
- 			size_t *bytes_consumed)
- {
- 	/* it cannot occupy more than 4 bytes in UTF16 format */
-@@ -366,7 +367,7 @@ _PUBLIC_ codepoint_t next_codepoint_convenience_ext(
- 	 * we assume that no multi-byte character can take more than 5 bytes.
- 	 * This is OK as we only support codepoints up to 1M (U+100000)
- 	 */
--	ilen_orig = strnlen(str, 5);
-+	ilen_orig = MIN(len, 5);
- 	ilen = ilen_orig;
- 
- 	descriptor = get_conv_handle(ic, src_charset, CH_UTF16);
-@@ -424,7 +425,13 @@ _PUBLIC_ codepoint_t next_codepoint_convenience_ext(
- _PUBLIC_ codepoint_t next_codepoint_convenience(struct smb_iconv_convenience *ic,
- 				    const char *str, size_t *size)
- {
--	return next_codepoint_convenience_ext(ic, str, CH_UNIX, size);
-+	/*
-+	 * We assume that no multi-byte character can take more than 5 bytes
-+	 * thus avoiding walking all the way down a long string. This is OK as
-+	 * Unicode codepoints only go up to (U+10ffff), which can always be
-+	 * encoded in 4 bytes or less.
-+	 */
-+	return next_codepoint_convenience_ext(ic, str, strnlen(str, 5), CH_UNIX, size);
- }
- 
- /*
-@@ -486,10 +493,10 @@ _PUBLIC_ ssize_t push_codepoint_convenience(struct smb_iconv_convenience *ic,
- 	return 5 - olen;
- }
- 
--_PUBLIC_ codepoint_t next_codepoint_ext(const char *str, charset_t src_charset,
--					size_t *size)
-+_PUBLIC_ codepoint_t next_codepoint_ext(const char *str, size_t len,
-+					charset_t src_charset, size_t *size)
- {
--	return next_codepoint_convenience_ext(get_iconv_convenience(), str,
-+	return next_codepoint_convenience_ext(get_iconv_convenience(), str, len,
- 					      src_charset, size);
- }
- 
-diff --git a/lib/util/charset/util_unistr.c b/lib/util/charset/util_unistr.c
-index 760be77..d9e9b34 100644
---- a/lib/util/charset/util_unistr.c
-+++ b/lib/util/charset/util_unistr.c
-@@ -485,7 +485,10 @@ _PUBLIC_ char *strupper_talloc_n(TALLOC_CTX *ctx, const char *src, size_t n)
- 
- 	while (n-- && *src) {
- 		size_t c_size;
--		codepoint_t c = next_codepoint_convenience(iconv_convenience, src, &c_size);
-+		codepoint_t c = next_codepoint_convenience_ext(iconv_convenience,
-+							       src,
-+							       n,
-+							       &c_size);
- 		src += c_size;
- 
- 		c = toupper_m(c);
-diff --git a/source3/lib/util_str.c b/source3/lib/util_str.c
-index 4701528..f8a5160 100644
---- a/source3/lib/util_str.c
-+++ b/source3/lib/util_str.c
-@@ -1486,7 +1486,7 @@ size_t strlen_m_ext(const char *s, const charset_t src_charset,
- 
- 	while (*s) {
- 		size_t c_size;
--		codepoint_t c = next_codepoint_ext(s, src_charset, &c_size);
-+		codepoint_t c = next_codepoint_ext(s, strnlen(s, 5), src_charset, &c_size);
- 		s += c_size;
- 
- 		switch (dst_charset) {
--- 
-2.5.0
-
-
-From 8298252a1ba9c014f7ceb76736abb38132181f79 Mon Sep 17 00:00:00 2001
-From: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
-Date: Tue, 24 Nov 2015 13:54:09 +1300
-Subject: [PATCH 2/3] CVE-2015-5330: next_codepoint_handle_ext: don't
- short-circuit UTF16 low bytes
-
-UTF16 contains zero bytes when it is encoding ASCII (for example), so we
-can't assume the absense of the 0x80 bit means a one byte encoding. No
-current callers use UTF16.
-
-Bug: https://bugzilla.samba.org/show_bug.cgi?id=11599
-
-Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
-Pair-programmed-with: Andrew Bartlett <abartlet@samba.org>
-Reviewed-by: Ralph Boehme <slow@samba.org>
----
- lib/util/charset/codepoints.c | 5 ++++-
- 1 file changed, 4 insertions(+), 1 deletion(-)
-
-diff --git a/lib/util/charset/codepoints.c b/lib/util/charset/codepoints.c
-index 8dd647e..cf5f3e6 100644
---- a/lib/util/charset/codepoints.c
-+++ b/lib/util/charset/codepoints.c
-@@ -358,7 +358,10 @@ _PUBLIC_ codepoint_t next_codepoint_convenience_ext(
- 	size_t olen;
- 	char *outbuf;
- 
--	if ((str[0] & 0x80) == 0) {
-+
-+	if (((str[0] & 0x80) == 0) && (src_charset == CH_DOS ||
-+				       src_charset == CH_UNIX ||
-+				       src_charset == CH_UTF8)) {
- 		*bytes_consumed = 1;
- 		return (codepoint_t)str[0];
- 	}
--- 
-2.5.0
-
-
-From 0988b7cb606a7e4cd73fd8db02806abbc9d8f2e0 Mon Sep 17 00:00:00 2001
-From: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
-Date: Tue, 24 Nov 2015 13:49:09 +1300
-Subject: [PATCH 3/3] CVE-2015-5330: strupper_talloc_n_handle(): properly count
- characters
-
-When a codepoint eats more than one byte we really want to know,
-especially if the string is not NUL terminated.
-
-Bug: https://bugzilla.samba.org/show_bug.cgi?id=11599
-
-Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
-Pair-programmed-with: Andrew Bartlett <abartlet@samba.org>
-Reviewed-by: Ralph Boehme <slow@samba.org>
----
- lib/util/charset/util_unistr.c | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/lib/util/charset/util_unistr.c b/lib/util/charset/util_unistr.c
-index d9e9b34..6dad43f 100644
---- a/lib/util/charset/util_unistr.c
-+++ b/lib/util/charset/util_unistr.c
-@@ -483,13 +483,14 @@ _PUBLIC_ char *strupper_talloc_n(TALLOC_CTX *ctx, const char *src, size_t n)
- 		return NULL;
- 	}
- 
--	while (n-- && *src) {
-+	while (n && *src) {
- 		size_t c_size;
- 		codepoint_t c = next_codepoint_convenience_ext(iconv_convenience,
- 							       src,
- 							       n,
- 							       &c_size);
- 		src += c_size;
-+		n -= c_size;
- 
- 		c = toupper_m(c);
- 
--- 
-2.5.0
-

src/patches/samba/CVE-2015-7560-v3-6.patch

@@ -1,341 +0,0 @@
-From eb27f9b7bf9c1dc902d9545eecf805831bd4e46c Mon Sep 17 00:00:00 2001
-From: Jeremy Allison <jra@samba.org>
-Date: Tue, 5 Jan 2016 11:18:12 -0800
-Subject: [PATCH 1/8] CVE-2015-7560: s3: smbd: Add refuse_symlink() function
- that can be used to prevent operations on a symlink.
-
-BUG: https://bugzilla.samba.org/show_bug.cgi?id=11648
-
-Signed-off-by: Jeremy Allison <jra@samba.org>
-Reviewed-by: Michael Adam <obnox@samba.org>
----
- source3/smbd/trans2.c | 28 ++++++++++++++++++++++++++++
- 1 file changed, 28 insertions(+)
-
-diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c
-index 26b6523..7f47579 100644
---- a/source3/smbd/trans2.c
-+++ b/source3/smbd/trans2.c
-@@ -51,6 +51,34 @@ static char *store_file_unix_basic_info2(connection_struct *conn,
- 				files_struct *fsp,
- 				const SMB_STRUCT_STAT *psbuf);
- 
-+/****************************************************************************
-+ Check if an open file handle or pathname is a symlink.
-+****************************************************************************/
-+
-+static NTSTATUS refuse_symlink(connection_struct *conn,
-+			const files_struct *fsp,
-+			const char *name)
-+{
-+	SMB_STRUCT_STAT sbuf;
-+	const SMB_STRUCT_STAT *pst = NULL;
-+
-+	if (fsp) {
-+		pst = &fsp->fsp_name->st;
-+	} else {
-+		int ret = vfs_stat_smb_fname(conn,
-+				name,
-+				&sbuf);
-+		if (ret == -1) {
-+			return map_nt_error_from_unix(errno);
-+		}
-+		pst = &sbuf;
-+	}
-+	if (S_ISLNK(pst->st_ex_mode)) {
-+		return NT_STATUS_ACCESS_DENIED;
-+	}
-+	return NT_STATUS_OK;
-+}
-+
- /********************************************************************
-  Roundup a value to the nearest allocation roundup size boundary.
-  Only do this for Windows clients.
--- 
-2.5.0
-
-
-From f5b1bcc51e18bc85f376701bb4ae6894d97addfd Mon Sep 17 00:00:00 2001
-From: Jeremy Allison <jra@samba.org>
-Date: Tue, 5 Jan 2016 10:38:28 -0800
-Subject: [PATCH 2/8] CVE-2015-7560: s3: smbd: Refuse to get an ACL from a
- POSIX file handle on a symlink.
-
-BUG: https://bugzilla.samba.org/show_bug.cgi?id=11648
-
-Signed-off-by: Jeremy Allison <jra@samba.org>
-Reviewed-by: Michael Adam <obnox@samba.org>
----
- source3/smbd/nttrans.c | 6 ++++++
- 1 file changed, 6 insertions(+)
-
-diff --git a/source3/smbd/nttrans.c b/source3/smbd/nttrans.c
-index 4c145e0..7255600 100644
---- a/source3/smbd/nttrans.c
-+++ b/source3/smbd/nttrans.c
-@@ -1925,6 +1925,12 @@ NTSTATUS smbd_do_query_security_desc(connection_struct *conn,
- 		return NT_STATUS_ACCESS_DENIED;
- 	}
- 
-+	if (S_ISLNK(fsp->fsp_name->st.st_ex_mode)) {
-+		DEBUG(10, ("ACL get on symlink %s denied.\n",
-+			fsp_str_dbg(fsp)));
-+		return NT_STATUS_ACCESS_DENIED;
-+	}
-+
- 	if (security_info_wanted & (SECINFO_DACL|SECINFO_OWNER|
- 			SECINFO_GROUP|SECINFO_SACL)) {
- 		/* Don't return SECINFO_LABEL if anything else was
--- 
-2.5.0
-
-
-From 8bdbe1c90c98efbd08fc70d773d236c4ba00b1ae Mon Sep 17 00:00:00 2001
-From: Jeremy Allison <jra@samba.org>
-Date: Tue, 5 Jan 2016 10:52:50 -0800
-Subject: [PATCH 3/8] CVE-2015-7560: s3: smbd: Refuse to set an ACL from a
- POSIX file handle on a symlink.
-
-BUG: https://bugzilla.samba.org/show_bug.cgi?id=11648
-
-Signed-off-by: Jeremy Allison <jra@samba.org>
-Reviewed-by: Michael Adam <obnox@samba.org>
----
- source3/smbd/nttrans.c | 6 ++++++
- 1 file changed, 6 insertions(+)
-
-diff --git a/source3/smbd/nttrans.c b/source3/smbd/nttrans.c
-index 7255600..d2102ca 100644
---- a/source3/smbd/nttrans.c
-+++ b/source3/smbd/nttrans.c
-@@ -877,6 +877,12 @@ NTSTATUS set_sd(files_struct *fsp, struct security_descriptor *psd,
- 		return NT_STATUS_OK;
- 	}
- 
-+	if (S_ISLNK(fsp->fsp_name->st.st_ex_mode)) {
-+		DEBUG(10, ("ACL set on symlink %s denied.\n",
-+			fsp_str_dbg(fsp)));
-+		return NT_STATUS_ACCESS_DENIED;
-+	}
-+
- 	if (psd->owner_sid == NULL) {
- 		security_info_sent &= ~SECINFO_OWNER;
- 	}
--- 
-2.5.0
-
-
-From 612b032e2dedd3e07bbe79718ecbb3b68ffbb7a5 Mon Sep 17 00:00:00 2001
-From: Jeremy Allison <jra@samba.org>
-Date: Tue, 5 Jan 2016 11:22:12 -0800
-Subject: [PATCH 4/8] CVE-2015-7560: s3: smbd: Refuse to set a POSIX ACL on a
- symlink.
-
-BUG: https://bugzilla.samba.org/show_bug.cgi?id=11648
-
-Signed-off-by: Jeremy Allison <jra@samba.org>
-Reviewed-by: Michael Adam <obnox@samba.org>
----
- source3/smbd/trans2.c | 6 ++++++
- 1 file changed, 6 insertions(+)
-
-diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c
-index 7f47579..2f01e87 100644
---- a/source3/smbd/trans2.c
-+++ b/source3/smbd/trans2.c
-@@ -6480,6 +6480,7 @@ static NTSTATUS smb_set_posix_acl(connection_struct *conn,
- 	uint16 num_def_acls;
- 	bool valid_file_acls = True;
- 	bool valid_def_acls = True;
-+	NTSTATUS status;
- 
- 	if (total_data < SMB_POSIX_ACL_HEADER_SIZE) {
- 		return NT_STATUS_INVALID_PARAMETER;
-@@ -6507,6 +6508,11 @@ static NTSTATUS smb_set_posix_acl(connection_struct *conn,
- 		return NT_STATUS_INVALID_PARAMETER;
- 	}
- 
-+	status = refuse_symlink(conn, fsp, smb_fname->base_name);
-+	if (!NT_STATUS_IS_OK(status)) {
-+		return status;
-+	}
-+
- 	DEBUG(10,("smb_set_posix_acl: file %s num_file_acls = %u, num_def_acls = %u\n",
- 		smb_fname ? smb_fname_str_dbg(smb_fname) : fsp_str_dbg(fsp),
- 		(unsigned int)num_file_acls,
--- 
-2.5.0
-
-
-From 28e6120d14e5a942df386db0444abaa93a764207 Mon Sep 17 00:00:00 2001
-From: Jeremy Allison <jra@samba.org>
-Date: Tue, 5 Jan 2016 11:24:36 -0800
-Subject: [PATCH 5/8] CVE-2015-7560: s3: smbd: Refuse to get a POSIX ACL on a
- symlink.
-
-BUG: https://bugzilla.samba.org/show_bug.cgi?id=11648
-
-Signed-off-by: Jeremy Allison <jra@samba.org>
-Reviewed-by: Michael Adam <obnox@samba.org>
----
- source3/smbd/trans2.c | 7 +++++++
- 1 file changed, 7 insertions(+)
-
-diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c
-index 2f01e87..3a098d1 100644
---- a/source3/smbd/trans2.c
-+++ b/source3/smbd/trans2.c
-@@ -4959,6 +4959,13 @@ NTSTATUS smbd_do_qfilepathinfo(connection_struct *conn,
- 				uint16 num_file_acls = 0;
- 				uint16 num_def_acls = 0;
- 
-+				status = refuse_symlink(conn,
-+						fsp,
-+						smb_fname->base_name);
-+				if (!NT_STATUS_IS_OK(status)) {
-+					return status;
-+				}
-+
- 				if (fsp && fsp->fh->fd != -1) {
- 					file_acl = SMB_VFS_SYS_ACL_GET_FD(fsp);
- 				} else {
--- 
-2.5.0
-
-
-From 659bdb80aa65c02cf4f44377cc3bcffb2a817ee0 Mon Sep 17 00:00:00 2001
-From: Jeremy Allison <jra@samba.org>
-Date: Tue, 5 Jan 2016 11:05:48 -0800
-Subject: [PATCH 6/8] CVE-2015-7560: s3: smbd: Set return values early, allows
- removal of code duplication.
-
-BUG: https://bugzilla.samba.org/show_bug.cgi?id=11648
-
-Signed-off-by: Jeremy Allison <jra@samba.org>
-Reviewed-by: Michael Adam <obnox@samba.org>
----
- source3/smbd/trans2.c | 13 +++++--------
- 1 file changed, 5 insertions(+), 8 deletions(-)
-
-diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c
-index 3a098d1..6fdd1da 100644
---- a/source3/smbd/trans2.c
-+++ b/source3/smbd/trans2.c
-@@ -210,11 +210,12 @@ NTSTATUS get_ea_names_from_file(TALLOC_CTX *mem_ctx, connection_struct *conn,
- 	size_t num_names;
- 	ssize_t sizeret = -1;
- 
-+	if (pnames) {
-+		*pnames = NULL;
-+	}
-+	*pnum_names = 0;
-+
- 	if (!lp_ea_support(SNUM(conn))) {
--		if (pnames) {
--			*pnames = NULL;
--		}
--		*pnum_names = 0;
- 		return NT_STATUS_OK;
- 	}
- 
-@@ -264,10 +265,6 @@ NTSTATUS get_ea_names_from_file(TALLOC_CTX *mem_ctx, connection_struct *conn,
- 
- 	if (sizeret == 0) {
- 		TALLOC_FREE(names);
--		if (pnames) {
--			*pnames = NULL;
--		}
--		*pnum_names = 0;
- 		return NT_STATUS_OK;
- 	}
- 
--- 
-2.5.0
-
-
-From 4ba5e7cf01b8074b0313ecb7e218355d771df1cc Mon Sep 17 00:00:00 2001
-From: Jeremy Allison <jra@samba.org>
-Date: Tue, 5 Jan 2016 11:29:38 -0800
-Subject: [PATCH 7/8] CVE-2015-7560: s3: smbd: Silently return no EA's
- available on a symlink.
-
-BUG: https://bugzilla.samba.org/show_bug.cgi?id=11648
-
-Signed-off-by: Jeremy Allison <jra@samba.org>
-Reviewed-by: Michael Adam <obnox@samba.org>
----
- source3/smbd/trans2.c | 9 +++++++++
- 1 file changed, 9 insertions(+)
-
-diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c
-index 6fdd1da..8b6e4b2 100644
---- a/source3/smbd/trans2.c
-+++ b/source3/smbd/trans2.c
-@@ -209,6 +209,7 @@ NTSTATUS get_ea_names_from_file(TALLOC_CTX *mem_ctx, connection_struct *conn,
- 	char **names, **tmp;
- 	size_t num_names;
- 	ssize_t sizeret = -1;
-+	NTSTATUS status;
- 
- 	if (pnames) {
- 		*pnames = NULL;
-@@ -219,6 +220,14 @@ NTSTATUS get_ea_names_from_file(TALLOC_CTX *mem_ctx, connection_struct *conn,
- 		return NT_STATUS_OK;
- 	}
- 
-+	status = refuse_symlink(conn, fsp, fname);
-+	if (!NT_STATUS_IS_OK(status)) {
-+		/*
-+		 * Just return no EA's on a symlink.
-+		 */
-+		return NT_STATUS_OK;
-+	}
-+
- 	/*
- 	 * TALLOC the result early to get the talloc hierarchy right.
- 	 */
--- 
-2.5.0
-
-
-From 9d8c7274ab87a0c07367e872ca1db7fd72886fde Mon Sep 17 00:00:00 2001
-From: Jeremy Allison <jra@samba.org>
-Date: Tue, 5 Jan 2016 11:33:48 -0800
-Subject: [PATCH 8/8] CVE-2015-7560: s3: smbd: Refuse to set EA's on a symlink.
-
-BUG: https://bugzilla.samba.org/show_bug.cgi?id=11648
-
-Signed-off-by: Jeremy Allison <jra@samba.org>
-Reviewed-by: Michael Adam <obnox@samba.org>
----
- source3/smbd/trans2.c | 7 +++++++
- 1 file changed, 7 insertions(+)
-
-diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c
-index 8b6e4b2..98fd2af 100644
---- a/source3/smbd/trans2.c
-+++ b/source3/smbd/trans2.c
-@@ -584,6 +584,7 @@ NTSTATUS set_ea(connection_struct *conn, files_struct *fsp,
- 		const struct smb_filename *smb_fname, struct ea_list *ea_list)
- {
- 	char *fname = NULL;
-+	NTSTATUS status;
- 
- 	if (!lp_ea_support(SNUM(conn))) {
- 		return NT_STATUS_EAS_NOT_SUPPORTED;
-@@ -593,6 +594,12 @@ NTSTATUS set_ea(connection_struct *conn, files_struct *fsp,
- 		return NT_STATUS_ACCESS_DENIED;
- 	}
- 
-+	status = refuse_symlink(conn, fsp, smb_fname->base_name);
-+	if (!NT_STATUS_IS_OK(status)) {
-+		return status;
-+	}
-+
-+
- 	/* For now setting EAs on streams isn't supported. */
- 	fname = smb_fname->base_name;
- 
--- 
-2.5.0
-

src/patches/samba/CVE-2016-2110-v3-6.patch

@@ -1,670 +0,0 @@
-From 202d69267c8550b850438877fb51c3d2c992949d Mon Sep 17 00:00:00 2001
-From: Stefan Metzmacher <metze@samba.org>
-Date: Tue, 1 Dec 2015 08:46:45 +0100
-Subject: [PATCH 01/10] CVE-2016-2110: s3:ntlmssp: set and use
- ntlmssp_state->allow_lm_key
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-BUG: https://bugzilla.samba.org/show_bug.cgi?id=11644
-
-Signed-off-by: Stefan Metzmacher <metze@samba.org>
-Reviewed-by: Günther Deschner <gd@samba.org>
----
- source3/libsmb/ntlmssp.c | 4 +++-
- 1 file changed, 3 insertions(+), 1 deletion(-)
-
-diff --git a/source3/libsmb/ntlmssp.c b/source3/libsmb/ntlmssp.c
-index 1de6189..20a5987 100644
---- a/source3/libsmb/ntlmssp.c
-+++ b/source3/libsmb/ntlmssp.c
-@@ -530,7 +530,8 @@ noccache:
- 	DEBUG(3, ("Got challenge flags:\n"));
- 	debug_ntlmssp_flags(chal_flags);
- 
--	ntlmssp_handle_neg_flags(ntlmssp_state, chal_flags, lp_client_lanman_auth());
-+	ntlmssp_handle_neg_flags(ntlmssp_state, chal_flags,
-+				 ntlmssp_state->allow_lm_key);
- 
- 	if (ntlmssp_state->unicode) {
- 		if (chal_flags & NTLMSSP_NEGOTIATE_TARGET_INFO) {
-@@ -769,6 +770,7 @@ NTSTATUS ntlmssp_client_start(TALLOC_CTX *mem_ctx,
- 	ntlmssp_state->unicode = True;
- 
- 	ntlmssp_state->use_ntlmv2 = use_ntlmv2;
-+	ntlmssp_state->allow_lm_key = lp_client_lanman_auth();
- 
- 	ntlmssp_state->expected_state = NTLMSSP_INITIAL;
- 
--- 
-2.8.1
-
-
-From a701bc5f8a76584a2e0680b2c3dd9afb77f12430 Mon Sep 17 00:00:00 2001
-From: Stefan Metzmacher <metze@samba.org>
-Date: Fri, 11 Dec 2015 14:50:23 +0100
-Subject: [PATCH 02/10] CVE-2016-2110: s3:ntlmssp: add
- ntlmssp3_handle_neg_flags()
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-This is a copy of ntlmssp_handle_neg_flags(), which will be changed
-in an incompatible way in the following commits.
-
-BUG: https://bugzilla.samba.org/show_bug.cgi?id=11644
-
-Signed-off-by: Stefan Metzmacher <metze@samba.org>
-Reviewed-by: Günther Deschner <gd@samba.org>
----
- source3/libsmb/ntlmssp.c | 58 ++++++++++++++++++++++++++++++++++++++++++++++--
- 1 file changed, 56 insertions(+), 2 deletions(-)
-
-diff --git a/source3/libsmb/ntlmssp.c b/source3/libsmb/ntlmssp.c
-index 20a5987..ad09f9f 100644
---- a/source3/libsmb/ntlmssp.c
-+++ b/source3/libsmb/ntlmssp.c
-@@ -422,6 +422,60 @@ static NTSTATUS ntlmssp_client_initial(struct ntlmssp_state *ntlmssp_state,
- 	return NT_STATUS_MORE_PROCESSING_REQUIRED;
- }
- 
-+static void ntlmssp3_handle_neg_flags(struct ntlmssp_state *ntlmssp_state,
-+				      uint32_t neg_flags, bool allow_lm)
-+{
-+	if (neg_flags & NTLMSSP_NEGOTIATE_UNICODE) {
-+		ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_UNICODE;
-+		ntlmssp_state->neg_flags &= ~NTLMSSP_NEGOTIATE_OEM;
-+		ntlmssp_state->unicode = true;
-+	} else {
-+		ntlmssp_state->neg_flags &= ~NTLMSSP_NEGOTIATE_UNICODE;
-+		ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_OEM;
-+		ntlmssp_state->unicode = false;
-+	}
-+
-+	if ((neg_flags & NTLMSSP_NEGOTIATE_LM_KEY) && allow_lm) {
-+		/* other end forcing us to use LM */
-+		ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_LM_KEY;
-+		ntlmssp_state->use_ntlmv2 = false;
-+	} else {
-+		ntlmssp_state->neg_flags &= ~NTLMSSP_NEGOTIATE_LM_KEY;
-+	}
-+
-+	if (!(neg_flags & NTLMSSP_NEGOTIATE_ALWAYS_SIGN)) {
-+		ntlmssp_state->neg_flags &= ~NTLMSSP_NEGOTIATE_ALWAYS_SIGN;
-+	}
-+
-+	if (!(neg_flags & NTLMSSP_NEGOTIATE_NTLM2)) {
-+		ntlmssp_state->neg_flags &= ~NTLMSSP_NEGOTIATE_NTLM2;
-+	}
-+
-+	if (!(neg_flags & NTLMSSP_NEGOTIATE_128)) {
-+		ntlmssp_state->neg_flags &= ~NTLMSSP_NEGOTIATE_128;
-+	}
-+
-+	if (!(neg_flags & NTLMSSP_NEGOTIATE_56)) {
-+		ntlmssp_state->neg_flags &= ~NTLMSSP_NEGOTIATE_56;
-+	}
-+
-+	if (!(neg_flags & NTLMSSP_NEGOTIATE_KEY_EXCH)) {
-+		ntlmssp_state->neg_flags &= ~NTLMSSP_NEGOTIATE_KEY_EXCH;
-+	}
-+
-+	if (!(neg_flags & NTLMSSP_NEGOTIATE_SIGN)) {
-+		ntlmssp_state->neg_flags &= ~NTLMSSP_NEGOTIATE_SIGN;
-+	}
-+
-+	if (!(neg_flags & NTLMSSP_NEGOTIATE_SEAL)) {
-+		ntlmssp_state->neg_flags &= ~NTLMSSP_NEGOTIATE_SEAL;
-+	}
-+
-+	if ((neg_flags & NTLMSSP_REQUEST_TARGET)) {
-+		ntlmssp_state->neg_flags |= NTLMSSP_REQUEST_TARGET;
-+	}
-+}
-+
- /**
-  * Next state function for the Challenge Packet.  Generate an auth packet.
-  *
-@@ -530,8 +584,8 @@ noccache:
- 	DEBUG(3, ("Got challenge flags:\n"));
- 	debug_ntlmssp_flags(chal_flags);
- 
--	ntlmssp_handle_neg_flags(ntlmssp_state, chal_flags,
--				 ntlmssp_state->allow_lm_key);
-+	ntlmssp3_handle_neg_flags(ntlmssp_state, chal_flags,
-+				  ntlmssp_state->allow_lm_key);
- 
- 	if (ntlmssp_state->unicode) {
- 		if (chal_flags & NTLMSSP_NEGOTIATE_TARGET_INFO) {
--- 
-2.8.1
-
-
-From 92b2f5315d135b7b83a3ae106b43d18181be2f02 Mon Sep 17 00:00:00 2001
-From: Andreas Schneider <asn@cryptomilk.org>
-Date: Thu, 31 Mar 2016 12:39:50 +0200
-Subject: [PATCH 03/10] CVE-2016-2110: s3:ntlmssp: let
- ntlmssp3_handle_neg_flags() return NTSTATUS
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-In future we can do a more fine granted negotiation
-and assert specific security features.
-
-BUG: https://bugzilla.samba.org/show_bug.cgi?id=11644
-
-Signed-off-by: Stefan Metzmacher <metze@samba.org>
-Reviewed-by: Günther Deschner <gd@samba.org>
----
- source3/libsmb/ntlmssp.c | 33 +++++++++++++++++++--------------
- 1 file changed, 19 insertions(+), 14 deletions(-)
-
-diff --git a/source3/libsmb/ntlmssp.c b/source3/libsmb/ntlmssp.c
-index ad09f9f..81a85ce 100644
---- a/source3/libsmb/ntlmssp.c
-+++ b/source3/libsmb/ntlmssp.c
-@@ -422,10 +422,10 @@ static NTSTATUS ntlmssp_client_initial(struct ntlmssp_state *ntlmssp_state,
- 	return NT_STATUS_MORE_PROCESSING_REQUIRED;
- }
- 
--static void ntlmssp3_handle_neg_flags(struct ntlmssp_state *ntlmssp_state,
--				      uint32_t neg_flags, bool allow_lm)
-+static NTSTATUS ntlmssp3_handle_neg_flags(struct ntlmssp_state *ntlmssp_state,
-+					  uint32_t flags)
- {
--	if (neg_flags & NTLMSSP_NEGOTIATE_UNICODE) {
-+	if (flags & NTLMSSP_NEGOTIATE_UNICODE) {
- 		ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_UNICODE;
- 		ntlmssp_state->neg_flags &= ~NTLMSSP_NEGOTIATE_OEM;
- 		ntlmssp_state->unicode = true;
-@@ -435,7 +435,7 @@ static void ntlmssp3_handle_neg_flags(struct ntlmssp_state *ntlmssp_state,
- 		ntlmssp_state->unicode = false;
- 	}
- 
--	if ((neg_flags & NTLMSSP_NEGOTIATE_LM_KEY) && allow_lm) {
-+	if ((flags & NTLMSSP_NEGOTIATE_LM_KEY) && ntlmssp_state->allow_lm_key) {
- 		/* other end forcing us to use LM */
- 		ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_LM_KEY;
- 		ntlmssp_state->use_ntlmv2 = false;
-@@ -443,37 +443,39 @@ static void ntlmssp3_handle_neg_flags(struct ntlmssp_state *ntlmssp_state,
- 		ntlmssp_state->neg_flags &= ~NTLMSSP_NEGOTIATE_LM_KEY;
- 	}
- 
--	if (!(neg_flags & NTLMSSP_NEGOTIATE_ALWAYS_SIGN)) {
-+	if (!(flags & NTLMSSP_NEGOTIATE_ALWAYS_SIGN)) {
- 		ntlmssp_state->neg_flags &= ~NTLMSSP_NEGOTIATE_ALWAYS_SIGN;
- 	}
- 
--	if (!(neg_flags & NTLMSSP_NEGOTIATE_NTLM2)) {
-+	if (!(flags & NTLMSSP_NEGOTIATE_NTLM2)) {
- 		ntlmssp_state->neg_flags &= ~NTLMSSP_NEGOTIATE_NTLM2;
- 	}
- 
--	if (!(neg_flags & NTLMSSP_NEGOTIATE_128)) {
-+	if (!(flags & NTLMSSP_NEGOTIATE_128)) {
- 		ntlmssp_state->neg_flags &= ~NTLMSSP_NEGOTIATE_128;
- 	}
- 
--	if (!(neg_flags & NTLMSSP_NEGOTIATE_56)) {
-+	if (!(flags & NTLMSSP_NEGOTIATE_56)) {
- 		ntlmssp_state->neg_flags &= ~NTLMSSP_NEGOTIATE_56;
- 	}
- 
--	if (!(neg_flags & NTLMSSP_NEGOTIATE_KEY_EXCH)) {
-+	if (!(flags & NTLMSSP_NEGOTIATE_KEY_EXCH)) {
- 		ntlmssp_state->neg_flags &= ~NTLMSSP_NEGOTIATE_KEY_EXCH;
- 	}
- 
--	if (!(neg_flags & NTLMSSP_NEGOTIATE_SIGN)) {
-+	if (!(flags & NTLMSSP_NEGOTIATE_SIGN)) {
- 		ntlmssp_state->neg_flags &= ~NTLMSSP_NEGOTIATE_SIGN;
- 	}
- 
--	if (!(neg_flags & NTLMSSP_NEGOTIATE_SEAL)) {
-+	if (!(flags & NTLMSSP_NEGOTIATE_SEAL)) {
- 		ntlmssp_state->neg_flags &= ~NTLMSSP_NEGOTIATE_SEAL;
- 	}
- 
--	if ((neg_flags & NTLMSSP_REQUEST_TARGET)) {
-+	if ((flags & NTLMSSP_REQUEST_TARGET)) {
- 		ntlmssp_state->neg_flags |= NTLMSSP_REQUEST_TARGET;
- 	}
-+
-+	return NT_STATUS_OK;
- }
- 
- /**
-@@ -584,8 +586,11 @@ noccache:
- 	DEBUG(3, ("Got challenge flags:\n"));
- 	debug_ntlmssp_flags(chal_flags);
- 
--	ntlmssp3_handle_neg_flags(ntlmssp_state, chal_flags,
--				  ntlmssp_state->allow_lm_key);
-+	nt_status = ntlmssp3_handle_neg_flags(ntlmssp_state, chal_flags);
-+	if (!NT_STATUS_IS_OK(nt_status)) {
-+		return nt_status;
-+	}
-+
- 
- 	if (ntlmssp_state->unicode) {
- 		if (chal_flags & NTLMSSP_NEGOTIATE_TARGET_INFO) {
--- 
-2.8.1
-
-
-From a239a337e3c0081af1a41aaac8957bb1aa0771f8 Mon Sep 17 00:00:00 2001
-From: Stefan Metzmacher <metze@samba.org>
-Date: Tue, 1 Dec 2015 15:01:09 +0100
-Subject: [PATCH 04/10] CVE-2016-2110: s3:ntlmssp: don't allow a downgrade from
- NTLMv2 to LM_AUTH
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-man smb.conf says "client ntlmv2 auth = yes" the default disables,
-"client lanman auth = yes":
-
-  ...
-  Likewise, if the client ntlmv2 auth parameter is enabled, then only NTLMv2
-  logins will be attempted.
-  ...
-
-BUG: https://bugzilla.samba.org/show_bug.cgi?id=11644
-
-Signed-off-by: Stefan Metzmacher <metze@samba.org>
-Reviewed-by: Günther Deschner <gd@samba.org>
----
- source3/libsmb/ntlmssp.c | 4 ++++
- 1 file changed, 4 insertions(+)
-
-diff --git a/source3/libsmb/ntlmssp.c b/source3/libsmb/ntlmssp.c
-index 81a85ce..23a5e5d 100644
---- a/source3/libsmb/ntlmssp.c
-+++ b/source3/libsmb/ntlmssp.c
-@@ -841,6 +841,10 @@ NTSTATUS ntlmssp_client_start(TALLOC_CTX *mem_ctx,
- 		NTLMSSP_NEGOTIATE_KEY_EXCH |
- 		NTLMSSP_REQUEST_TARGET;
- 
-+	if (ntlmssp_state->use_ntlmv2) {
-+		ntlmssp_state->allow_lm_key = false;
-+	}
-+
- 	ntlmssp_state->client.netbios_name = talloc_strdup(ntlmssp_state, netbios_name);
- 	if (!ntlmssp_state->client.netbios_name) {
- 		talloc_free(ntlmssp_state);
--- 
-2.8.1
-
-
-From e11dc9aa90420947f9fc82365b55ecb08353451c Mon Sep 17 00:00:00 2001
-From: Stefan Metzmacher <metze@samba.org>
-Date: Thu, 31 Mar 2016 12:59:05 +0200
-Subject: [PATCH 05/10] CVE-2016-2110: s3:ntlmssp: maintain a required_flags
- variable
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-We now give an error when required flags are missing.
-
-BUG: https://bugzilla.samba.org/show_bug.cgi?id=11644
-
-Signed-off-by: Stefan Metzmacher <metze@samba.org>
-Reviewed-by: Günther Deschner <gd@samba.org>
----
- libcli/auth/ntlmssp.h    |  1 +
- source3/libsmb/ntlmssp.c | 20 ++++++++++++++++++++
- 2 files changed, 21 insertions(+)
-
-diff --git a/libcli/auth/ntlmssp.h b/libcli/auth/ntlmssp.h
-index 495d94f..88a049b 100644
---- a/libcli/auth/ntlmssp.h
-+++ b/libcli/auth/ntlmssp.h
-@@ -83,6 +83,7 @@ struct ntlmssp_state
- 	DATA_BLOB nt_resp;
- 	DATA_BLOB session_key;
- 
-+	uint32_t required_flags;
- 	uint32_t neg_flags; /* the current state of negotiation with the NTLMSSP partner */
- 
- 	/**
-diff --git a/source3/libsmb/ntlmssp.c b/source3/libsmb/ntlmssp.c
-index 23a5e5d..48d7d45 100644
---- a/source3/libsmb/ntlmssp.c
-+++ b/source3/libsmb/ntlmssp.c
-@@ -425,6 +425,8 @@ static NTSTATUS ntlmssp_client_initial(struct ntlmssp_state *ntlmssp_state,
- static NTSTATUS ntlmssp3_handle_neg_flags(struct ntlmssp_state *ntlmssp_state,
- 					  uint32_t flags)
- {
-+	uint32_t missing_flags = ntlmssp_state->required_flags;
-+
- 	if (flags & NTLMSSP_NEGOTIATE_UNICODE) {
- 		ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_UNICODE;
- 		ntlmssp_state->neg_flags &= ~NTLMSSP_NEGOTIATE_OEM;
-@@ -475,6 +477,24 @@ static NTSTATUS ntlmssp3_handle_neg_flags(struct ntlmssp_state *ntlmssp_state,
- 		ntlmssp_state->neg_flags |= NTLMSSP_REQUEST_TARGET;
- 	}
- 
-+	missing_flags &= ~ntlmssp_state->neg_flags;
-+	if (missing_flags != 0) {
-+		NTSTATUS status = NT_STATUS_RPC_SEC_PKG_ERROR;
-+		DEBUG(1, ("%s: Got challenge flags[0x%08x] "
-+			  "- possible downgrade detected! "
-+			  "missing_flags[0x%08x] - %s\n",
-+			  __func__,
-+			  (unsigned)flags,
-+			  (unsigned)missing_flags,
-+			  nt_errstr(status)));
-+		debug_ntlmssp_flags(missing_flags);
-+		DEBUGADD(4, ("neg_flags[0x%08x]\n",
-+			     (unsigned)ntlmssp_state->neg_flags));
-+		debug_ntlmssp_flags(ntlmssp_state->neg_flags);
-+
-+		return status;
-+	}
-+
- 	return NT_STATUS_OK;
- }
- 
--- 
-2.8.1
-
-
-From 06ca5b7655e577ff6e2d5817cf221c05f9bb5c86 Mon Sep 17 00:00:00 2001
-From: Stefan Metzmacher <metze@samba.org>
-Date: Thu, 31 Mar 2016 13:03:24 +0200
-Subject: [PATCH 06/10] CVE-2016-2110: s3:ntlmssp: don't allow a downgrade from
- NTLMv2 to LM_AUTH
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-man smb.conf says "client ntlmv2 auth = yes" the default disables,
-"client lanman auth = yes":
-
-  ...
-  Likewise, if the client ntlmv2 auth parameter is enabled, then only
-  NTLMv2 logins will be attempted.
-  ...
-
-BUG: https://bugzilla.samba.org/show_bug.cgi?id=11644
-
-Signed-off-by: Stefan Metzmacher <metze@samba.org>
-Reviewed-by: Günther Deschner <gd@samba.org>
----
- source3/libsmb/ntlmssp.c | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/source3/libsmb/ntlmssp.c b/source3/libsmb/ntlmssp.c
-index 48d7d45..bf40404 100644
---- a/source3/libsmb/ntlmssp.c
-+++ b/source3/libsmb/ntlmssp.c
-@@ -388,6 +388,7 @@ static NTSTATUS ntlmssp_client_initial(struct ntlmssp_state *ntlmssp_state,
- 
- 	if (ntlmssp_state->use_ntlmv2) {
- 		ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_NTLM2;
-+		ntlmssp_state->allow_lm_key = false;
- 	}
- 
- 	/* generate the ntlmssp negotiate packet */
--- 
-2.8.1
-
-
-From f99d4469a8b09dd93eb7124f2814e15869915671 Mon Sep 17 00:00:00 2001
-From: Andreas Schneider <asn@samba.org>
-Date: Mon, 11 Apr 2016 16:18:44 +0200
-Subject: [PATCH 07/10] CVE-2016-2110: auth/ntlmssp: don't let
- ntlmssp3_handle_neg_flags() change ntlmssp_state->use_ntlmv2
-
-ntlmssp_handle_neg_flags() can only disable flags, but not
-set them. All supported flags are set at start time.
-
-BUG: https://bugzilla.samba.org/show_bug.cgi?id=11644
-
-Signed-off-by: Andreas Schneider <asn@samba.org>
-Reviewed-by: Guenther Deschner <gd@samba.org>
----
- source3/libsmb/ntlmssp.c | 26 +++++++++++++++++---------
- 1 file changed, 17 insertions(+), 9 deletions(-)
-
-diff --git a/source3/libsmb/ntlmssp.c b/source3/libsmb/ntlmssp.c
-index bf40404..7b17a43 100644
---- a/source3/libsmb/ntlmssp.c
-+++ b/source3/libsmb/ntlmssp.c
-@@ -391,6 +391,10 @@ static NTSTATUS ntlmssp_client_initial(struct ntlmssp_state *ntlmssp_state,
- 		ntlmssp_state->allow_lm_key = false;
- 	}
- 
-+	if (ntlmssp_state->allow_lm_key) {
-+		ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_LM_KEY;
-+	}
-+
- 	/* generate the ntlmssp negotiate packet */
- 	status = msrpc_gen(ntlmssp_state, next_request, "CddAA",
- 		  "NTLMSSP",
-@@ -438,20 +442,24 @@ static NTSTATUS ntlmssp3_handle_neg_flags(struct ntlmssp_state *ntlmssp_state,
- 		ntlmssp_state->unicode = false;
- 	}
- 
--	if ((flags & NTLMSSP_NEGOTIATE_LM_KEY) && ntlmssp_state->allow_lm_key) {
--		/* other end forcing us to use LM */
--		ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_LM_KEY;
--		ntlmssp_state->use_ntlmv2 = false;
--	} else {
-+	/*
-+	 * NTLMSSP_NEGOTIATE_NTLM2 (NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY)
-+	 * has priority over NTLMSSP_NEGOTIATE_LM_KEY
-+	 */
-+	if (!(flags & NTLMSSP_NEGOTIATE_NTLM2)) {
-+		ntlmssp_state->neg_flags &= ~NTLMSSP_NEGOTIATE_NTLM2;
-+	}
-+
-+	if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_NTLM2) {
- 		ntlmssp_state->neg_flags &= ~NTLMSSP_NEGOTIATE_LM_KEY;
- 	}
- 
--	if (!(flags & NTLMSSP_NEGOTIATE_ALWAYS_SIGN)) {
--		ntlmssp_state->neg_flags &= ~NTLMSSP_NEGOTIATE_ALWAYS_SIGN;
-+	if (!(flags & NTLMSSP_NEGOTIATE_LM_KEY)) {
-+		ntlmssp_state->neg_flags &= ~NTLMSSP_NEGOTIATE_LM_KEY;
- 	}
- 
--	if (!(flags & NTLMSSP_NEGOTIATE_NTLM2)) {
--		ntlmssp_state->neg_flags &= ~NTLMSSP_NEGOTIATE_NTLM2;
-+	if (!(flags & NTLMSSP_NEGOTIATE_ALWAYS_SIGN)) {
-+		ntlmssp_state->neg_flags &= ~NTLMSSP_NEGOTIATE_ALWAYS_SIGN;
- 	}
- 
- 	if (!(flags & NTLMSSP_NEGOTIATE_128)) {
--- 
-2.8.1
-
-
-From 71dda1c57c36a9816af7873f169306a766e0284a Mon Sep 17 00:00:00 2001
-From: Stefan Metzmacher <metze@samba.org>
-Date: Thu, 31 Mar 2016 14:21:12 +0200
-Subject: [PATCH 08/10] CVE-2016-2110: s3:ntlmssp: let ntlmssp3_client_initial
- require NTLM2 (EXTENDED_SESSIONSECURITY) when using ntlmv2
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-BUG: https://bugzilla.samba.org/show_bug.cgi?id=11644
-
-Signed-off-by: Stefan Metzmacher <metze@samba.org>
-Reviewed-by: Günther Deschner <gd@samba.org>
----
- source3/libsmb/ntlmssp.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/source3/libsmb/ntlmssp.c b/source3/libsmb/ntlmssp.c
-index 7b17a43..d5c83fd 100644
---- a/source3/libsmb/ntlmssp.c
-+++ b/source3/libsmb/ntlmssp.c
-@@ -387,7 +387,7 @@ static NTSTATUS ntlmssp_client_initial(struct ntlmssp_state *ntlmssp_state,
- 	}
- 
- 	if (ntlmssp_state->use_ntlmv2) {
--		ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_NTLM2;
-+		ntlmssp_state->required_flags |= NTLMSSP_NEGOTIATE_NTLM2;
- 		ntlmssp_state->allow_lm_key = false;
- 	}
- 
--- 
-2.8.1
-
-
-From 911e171bd6fc66e2960cbcdf8c48f2f97d19313b Mon Sep 17 00:00:00 2001
-From: Andreas Schneider <asn@cryptomilk.org>
-Date: Thu, 31 Mar 2016 14:30:05 +0200
-Subject: [PATCH 09/10] CVE-2016-2110: s3:ntlmssp: Change want_fetures to
- require flags
-
-Pair-Programmed-With: Ralph Boehme <slow@samba.org>
-Signed-off-by: Andreas Schneider <asn@samba.org>
-Signed-off-by: Ralph Boehme <slow@samba.org>
----
- source3/libsmb/ntlmssp.c | 17 +++++++++++------
- 1 file changed, 11 insertions(+), 6 deletions(-)
-
-diff --git a/source3/libsmb/ntlmssp.c b/source3/libsmb/ntlmssp.c
-index d5c83fd..309175b 100644
---- a/source3/libsmb/ntlmssp.c
-+++ b/source3/libsmb/ntlmssp.c
-@@ -176,17 +176,19 @@ void ntlmssp_want_feature_list(struct ntlmssp_state *ntlmssp_state, char *featur
- 	 * also add  NTLMSSP_NEGOTIATE_SEAL here. JRA.
- 	 */
- 	if (in_list("NTLMSSP_FEATURE_SESSION_KEY", feature_list, True)) {
--		ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SIGN;
-+		ntlmssp_state->required_flags |= NTLMSSP_NEGOTIATE_SIGN;
- 	}
- 	if (in_list("NTLMSSP_FEATURE_SIGN", feature_list, True)) {
--		ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SIGN;
-+		ntlmssp_state->required_flags |= NTLMSSP_NEGOTIATE_SIGN;
- 	}
- 	if(in_list("NTLMSSP_FEATURE_SEAL", feature_list, True)) {
--		ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SEAL;
-+		ntlmssp_state->required_flags |= NTLMSSP_NEGOTIATE_SEAL;
- 	}
- 	if (in_list("NTLMSSP_FEATURE_CCACHE", feature_list, true)) {
- 		ntlmssp_state->use_ccache = true;
- 	}
-+
-+	ntlmssp_state->neg_flags |= ntlmssp_state->required_flags;
- }
- 
- /**
-@@ -199,17 +201,20 @@ void ntlmssp_want_feature(struct ntlmssp_state *ntlmssp_state, uint32_t feature)
- {
- 	/* As per JRA's comment above */
- 	if (feature & NTLMSSP_FEATURE_SESSION_KEY) {
--		ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SIGN;
-+		ntlmssp_state->required_flags |= NTLMSSP_NEGOTIATE_SIGN;
- 	}
- 	if (feature & NTLMSSP_FEATURE_SIGN) {
--		ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SIGN;
-+		ntlmssp_state->required_flags |= NTLMSSP_NEGOTIATE_SIGN;
- 	}
- 	if (feature & NTLMSSP_FEATURE_SEAL) {
--		ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SEAL;
-+		ntlmssp_state->required_flags |= NTLMSSP_NEGOTIATE_SIGN;
-+		ntlmssp_state->required_flags |= NTLMSSP_NEGOTIATE_SEAL;
- 	}
- 	if (feature & NTLMSSP_FEATURE_CCACHE) {
- 		ntlmssp_state->use_ccache = true;
- 	}
-+
-+	ntlmssp_state->neg_flags |= ntlmssp_state->required_flags;
- }
- 
- /**
--- 
-2.8.1
-
-
-From a95a44eff90cdbd42d683567e0d511e9d52026ad Mon Sep 17 00:00:00 2001
-From: Andreas Schneider <asn@samba.org>
-Date: Thu, 31 Mar 2016 15:02:11 +0200
-Subject: [PATCH 10/10] CVE-2016-2110: s3:ntlmssp: Fix downgrade also for the
- ntlmssp creds cache case
-
-Pair-Programmed-With: Ralph Boehme <slow@samba.org>
-Signed-off-by: Andreas Schneider <asn@samba.org>
-Signed-off-by: Ralph Boehme <slow@samba.org>
----
- source3/libsmb/ntlmssp.c | 42 ++++++++++++++++++++----------------------
- 1 file changed, 20 insertions(+), 22 deletions(-)
-
-diff --git a/source3/libsmb/ntlmssp.c b/source3/libsmb/ntlmssp.c
-index 309175b..045dc87 100644
---- a/source3/libsmb/ntlmssp.c
-+++ b/source3/libsmb/ntlmssp.c
-@@ -538,6 +538,26 @@ static NTSTATUS ntlmssp_client_challenge(struct ntlmssp_state *ntlmssp_state,
- 	DATA_BLOB encrypted_session_key = data_blob_null;
- 	NTSTATUS nt_status = NT_STATUS_OK;
- 
-+	if (!msrpc_parse(ntlmssp_state, &reply, "CdBd",
-+			 "NTLMSSP",
-+			 &ntlmssp_command,
-+			 &server_domain_blob,
-+			 &chal_flags)) {
-+		DEBUG(1, ("Failed to parse the NTLMSSP Challenge: (#1)\n"));
-+		dump_data(2, reply.data, reply.length);
-+
-+		return NT_STATUS_INVALID_PARAMETER;
-+	}
-+	data_blob_free(&server_domain_blob);
-+
-+	DEBUG(3, ("Got challenge flags:\n"));
-+	debug_ntlmssp_flags(chal_flags);
-+
-+	nt_status = ntlmssp3_handle_neg_flags(ntlmssp_state, chal_flags);
-+	if (!NT_STATUS_IS_OK(nt_status)) {
-+		return nt_status;
-+	}
-+
- 	if (ntlmssp_state->use_ccache) {
- 		struct wbcCredentialCacheParams params;
- 		struct wbcCredentialCacheInfo *info = NULL;
-@@ -588,17 +608,6 @@ static NTSTATUS ntlmssp_client_challenge(struct ntlmssp_state *ntlmssp_state,
- 
- noccache:
- 
--	if (!msrpc_parse(ntlmssp_state, &reply, "CdBd",
--			 "NTLMSSP",
--			 &ntlmssp_command,
--			 &server_domain_blob,
--			 &chal_flags)) {
--		DEBUG(1, ("Failed to parse the NTLMSSP Challenge: (#1)\n"));
--		dump_data(2, reply.data, reply.length);
--
--		return NT_STATUS_INVALID_PARAMETER;
--	}
--
- 	if (DEBUGLEVEL >= 10) {
- 		struct CHALLENGE_MESSAGE *challenge = talloc(
- 			talloc_tos(), struct CHALLENGE_MESSAGE);
-@@ -615,17 +624,6 @@ noccache:
- 		}
- 	}
- 
--	data_blob_free(&server_domain_blob);
--
--	DEBUG(3, ("Got challenge flags:\n"));
--	debug_ntlmssp_flags(chal_flags);
--
--	nt_status = ntlmssp3_handle_neg_flags(ntlmssp_state, chal_flags);
--	if (!NT_STATUS_IS_OK(nt_status)) {
--		return nt_status;
--	}
--
--
- 	if (ntlmssp_state->unicode) {
- 		if (chal_flags & NTLMSSP_NEGOTIATE_TARGET_INFO) {
- 			chal_parse_string = "CdUdbddB";
--- 
-2.8.1
-

src/patches/samba/CVE-2016-2112-v3-6.patch

@@ -1,184 +0,0 @@
-From 126e3e992bed7174d60ee19212db9b717647ab2e Mon Sep 17 00:00:00 2001
-From: Andreas Schneider <asn@cryptomilk.org>
-Date: Wed, 30 Mar 2016 16:55:44 +0200
-Subject: [PATCH 1/3] CVE-2016-2112: s3:ntlmssp: Implement missing
- ntlmssp_have_feature()
-
-Signed-off-by: Andreas Schneider <asn@samba.org>
----
- source3/include/proto.h  |  1 +
- source3/libsmb/ntlmssp.c | 30 ++++++++++++++++++++++++++++++
- 2 files changed, 31 insertions(+)
-
-diff --git a/source3/include/proto.h b/source3/include/proto.h
-index 32b4e3d..43008ea 100644
---- a/source3/include/proto.h
-+++ b/source3/include/proto.h
-@@ -1260,6 +1260,7 @@ NTSTATUS ntlmssp_set_password(struct ntlmssp_state *ntlmssp_state, const char *p
- NTSTATUS ntlmssp_set_domain(struct ntlmssp_state *ntlmssp_state, const char *domain) ;
- void ntlmssp_want_feature_list(struct ntlmssp_state *ntlmssp_state, char *feature_list);
- void ntlmssp_want_feature(struct ntlmssp_state *ntlmssp_state, uint32_t feature);
-+bool ntlmssp_have_feature(struct ntlmssp_state *ntlmssp_state, uint32_t feature);
- NTSTATUS ntlmssp_update(struct ntlmssp_state *ntlmssp_state,
- 			const DATA_BLOB in, DATA_BLOB *out) ;
- NTSTATUS ntlmssp_server_start(TALLOC_CTX *mem_ctx,
-diff --git a/source3/libsmb/ntlmssp.c b/source3/libsmb/ntlmssp.c
-index 045dc87..7e58990 100644
---- a/source3/libsmb/ntlmssp.c
-+++ b/source3/libsmb/ntlmssp.c
-@@ -162,6 +162,36 @@ NTSTATUS ntlmssp_set_domain(struct ntlmssp_state *ntlmssp_state, const char *dom
- 	return NT_STATUS_OK;
- }
- 
-+bool ntlmssp_have_feature(struct ntlmssp_state *ntlmssp_state,
-+			  uint32_t feature)
-+{
-+	if (feature & NTLMSSP_FEATURE_SIGN) {
-+		if (ntlmssp_state->session_key.length == 0) {
-+			return false;
-+		}
-+		if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_SIGN) {
-+			return true;
-+		}
-+	}
-+
-+	if (feature & NTLMSSP_FEATURE_SEAL) {
-+		if (ntlmssp_state->session_key.length == 0) {
-+			return false;
-+		}
-+		if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_SEAL) {
-+			return true;
-+		}
-+	}
-+
-+	if (feature & NTLMSSP_FEATURE_SESSION_KEY) {
-+		if (ntlmssp_state->session_key.length > 0) {
-+			return true;
-+		}
-+	}
-+
-+	return false;
-+}
-+
- /**
-  * Request features for the NTLMSSP negotiation
-  *
--- 
-2.8.1
-
-
-From 15338742e0c7304aeecce0e8368f0dad85e8075b Mon Sep 17 00:00:00 2001
-From: Ralph Boehme <slow@samba.org>
-Date: Thu, 24 Mar 2016 16:22:36 +0100
-Subject: [PATCH 2/3] CVE-2016-2112: s3:libads: make sure we detect downgrade
-
-BUG: https://bugzilla.samba.org/show_bug.cgi?id=11644
-
-Pair-programmed-with: Ralph Boehme <slow@samba.org>
-
-Signed-off-by: Stefan Metzmacher <metze@samba.org>
-Signed-off-by: Ralph Boehme <slow@samba.org>
----
- source3/libads/sasl.c | 31 +++++++++++++++++++++++++++++++
- 1 file changed, 31 insertions(+)
-
-diff --git a/source3/libads/sasl.c b/source3/libads/sasl.c
-index e7daa8a..6690f83 100644
---- a/source3/libads/sasl.c
-+++ b/source3/libads/sasl.c
-@@ -261,6 +261,37 @@ static ADS_STATUS ads_sasl_spnego_ntlmssp_bind(ADS_STRUCT *ads)
- 	/* we have a reference conter on ntlmssp_state, if we are signing
- 	   then the state will be kept by the signing engine */
- 
-+	if (ads->ldap.wrap_type >= ADS_SASLWRAP_TYPE_SEAL) {
-+		bool ok;
-+
-+		ok = ntlmssp_have_feature(ntlmssp_state,
-+					  NTLMSSP_FEATURE_SEAL);
-+		if (!ok) {
-+			DEBUG(0,("The ntlmssp feature sealing request, but unavailable\n"));
-+			TALLOC_FREE(ntlmssp_state);
-+			return ADS_ERROR_NT(NT_STATUS_INVALID_NETWORK_RESPONSE);
-+		}
-+
-+		ok = ntlmssp_have_feature(ntlmssp_state,
-+					  NTLMSSP_FEATURE_SIGN);
-+		if (!ok) {
-+			DEBUG(0,("The ntlmssp feature signing request, but unavailable\n"));
-+			TALLOC_FREE(ntlmssp_state);
-+			return ADS_ERROR_NT(NT_STATUS_INVALID_NETWORK_RESPONSE);
-+		}
-+
-+	} else if (ads->ldap.wrap_type >= ADS_SASLWRAP_TYPE_SIGN) {
-+		bool ok;
-+
-+		ok = ntlmssp_have_feature(ntlmssp_state,
-+					  NTLMSSP_FEATURE_SIGN);
-+		if (!ok) {
-+			DEBUG(0,("The gensec feature signing request, but unavailable\n"));
-+			TALLOC_FREE(ntlmssp_state);
-+			return ADS_ERROR_NT(NT_STATUS_INVALID_NETWORK_RESPONSE);
-+		}
-+	}
-+
- 	if (ads->ldap.wrap_type > ADS_SASLWRAP_TYPE_PLAIN) {
- 		ads->ldap.out.max_unwrapped = ADS_SASL_WRAPPING_OUT_MAX_WRAPPED - NTLMSSP_SIG_SIZE;
- 		ads->ldap.out.sig_size = NTLMSSP_SIG_SIZE;
--- 
-2.8.1
-
-
-From b020ae88f9024bcc868ed2d85879d14901db32e5 Mon Sep 17 00:00:00 2001
-From: Andrew Bartlett <abartlet@samba.org>
-Date: Fri, 5 Sep 2014 17:38:38 +1200
-Subject: [PATCH 3/3] CVE-2016-2112: winbindd: Change value of "ldap sasl
- wrapping" to sign
-
-This is to disrupt MITM attacks between us and our DC
-
-BUG: https://bugzilla.samba.org/show_bug.cgi?id=11644
-
-Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
-Signed-off-by: Garming Sam <garming@catalyst.net.nz>
-Signed-off-by: Andrew Bartlett <abartlet@samba.org>
-(backported from commit afe02d12f444ad9a6abf31a61f578320520263a9)
----
- docs-xml/smbdotconf/ldap/clientldapsaslwrapping.xml | 8 +++-----
- source3/param/loadparm.c                            | 2 ++
- 2 files changed, 5 insertions(+), 5 deletions(-)
-
-diff --git a/docs-xml/smbdotconf/ldap/clientldapsaslwrapping.xml b/docs-xml/smbdotconf/ldap/clientldapsaslwrapping.xml
-index a926cec..a7c4395 100644
---- a/docs-xml/smbdotconf/ldap/clientldapsaslwrapping.xml
-+++ b/docs-xml/smbdotconf/ldap/clientldapsaslwrapping.xml
-@@ -34,11 +34,9 @@
- 	</para>
- 
- 	<para>
--	The default value is <emphasis>plain</emphasis> which is not irritable 
--	to KRB5 clock skew errors. That implies synchronizing the time
--	with the KDC in the case of using <emphasis>sign</emphasis> or 
--	<emphasis>seal</emphasis>.
-+	The default value is <emphasis>sign</emphasis>. That implies synchronizing the time
-+	with the KDC in the case of using <emphasis>Kerberos</emphasis>.
- 	</para>
- </description>
--<value type="default">plain</value>
-+<value type="default">sign</value>
- </samba:parameter>
-diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c
-index 7065cf6..c5249b7 100644
---- a/source3/param/loadparm.c
-+++ b/source3/param/loadparm.c
-@@ -5392,6 +5392,8 @@ static void init_globals(bool reinit_globals)
- 	Globals.ldap_debug_level = 0;
- 	Globals.ldap_debug_threshold = 10;
- 
-+	Globals.client_ldap_sasl_wrapping = ADS_AUTH_SASL_SIGN;
-+
- 	/* This is what we tell the afs client. in reality we set the token 
- 	 * to never expire, though, when this runs out the afs client will 
- 	 * forget the token. Set to 0 to get NEVERDATE.*/
--- 
-2.8.1
-

src/patches/samba/CVE-2016-2115-v3-6.patch

@@ -1,359 +0,0 @@
-From 513bd34e4523e49e742487be32a7239111486a12 Mon Sep 17 00:00:00 2001
-From: Stefan Metzmacher <metze@samba.org>
-Date: Sat, 27 Feb 2016 03:43:58 +0100
-Subject: [PATCH 1/4] CVE-2016-2115: docs-xml: add "client ipc signing" option
-
-BUG: https://bugzilla.samba.org/show_bug.cgi?id=11756
-
-Signed-off-by: Stefan Metzmacher <metze@samba.org>
-Reviewed-by: Ralph Boehme <slow@samba.org>
----
- docs-xml/smbdotconf/security/clientipcsigning.xml | 23 +++++++++++++++++++++++
- docs-xml/smbdotconf/security/clientsigning.xml    |  3 +++
- source3/include/proto.h                           |  1 +
- source3/param/loadparm.c                          | 12 ++++++++++++
- 4 files changed, 39 insertions(+)
- create mode 100644 docs-xml/smbdotconf/security/clientipcsigning.xml
-
-diff --git a/docs-xml/smbdotconf/security/clientipcsigning.xml b/docs-xml/smbdotconf/security/clientipcsigning.xml
-new file mode 100644
-index 0000000..1897fc6
---- /dev/null
-+++ b/docs-xml/smbdotconf/security/clientipcsigning.xml
-@@ -0,0 +1,23 @@
-+<samba:parameter name="client ipc signing"
-+                 context="G"
-+                 type="enum"
-+                 enumlist="enum_smb_signing_vals"
-+                 xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
-+<description>
-+    <para>This controls whether the client is allowed or required to use SMB signing for IPC$
-+    connections as DCERPC transport inside of winbind. Possible values
-+    are <emphasis>auto</emphasis>, <emphasis>mandatory</emphasis>
-+    and <emphasis>disabled</emphasis>.
-+    </para>
-+
-+    <para>When set to auto, SMB signing is offered, but not enforced and if set
-+    to disabled, SMB signing is not offered either.</para>
-+
-+    <para>Connections from winbindd to Active Directory Domain Controllers
-+    always enforce signing.</para>
-+</description>
-+
-+<related>client signing</related>
-+
-+<value type="default">mandatory</value>
-+</samba:parameter>
-diff --git a/docs-xml/smbdotconf/security/clientsigning.xml b/docs-xml/smbdotconf/security/clientsigning.xml
-index c657e05..189a7ae 100644
---- a/docs-xml/smbdotconf/security/clientsigning.xml
-+++ b/docs-xml/smbdotconf/security/clientsigning.xml
-@@ -12,6 +12,9 @@
-     <para>When set to auto, SMB signing is offered, but not enforced. 
-     When set to mandatory, SMB signing is required and if set 
- 	to disabled, SMB signing is not offered either.
-+
-+    <para>IPC$ connections for DCERPC e.g. in winbindd, are handled by the
-+    <smbconfoption name="client ipc signing"/> option.</para>
- </para>
- </description>
- 
-diff --git a/source3/include/proto.h b/source3/include/proto.h
-index 43008ea..af950aa 100644
---- a/source3/include/proto.h
-+++ b/source3/include/proto.h
-@@ -1693,6 +1693,7 @@ const char **lp_winbind_nss_info(void);
- int lp_algorithmic_rid_base(void);
- int lp_name_cache_timeout(void);
- int lp_client_signing(void);
-+int lp_client_ipc_signing(void);
- int lp_server_signing(void);
- int lp_client_ldap_sasl_wrapping(void);
- char *lp_parm_talloc_string(int snum, const char *type, const char *option, const char *def);
-diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c
-index c5249b7..a612e5a3 100644
---- a/source3/param/loadparm.c
-+++ b/source3/param/loadparm.c
-@@ -366,6 +366,7 @@ struct global {
- 	int restrict_anonymous;
- 	int name_cache_timeout;
- 	int client_signing;
-+	int client_ipc_signing;
- 	int server_signing;
- 	int client_ldap_sasl_wrapping;
- 	int iUsershareMaxShares;
-@@ -2319,6 +2320,15 @@ static struct parm_struct parm_table[] = {
- 		.flags		= FLAG_ADVANCED,
- 	},
- 	{
-+		.label		= "client ipc signing",
-+		.type		= P_ENUM,
-+		.p_class	= P_GLOBAL,
-+		.ptr		= &Globals.client_ipc_signing,
-+		.special	= NULL,
-+		.enum_list	= enum_smb_signing_vals,
-+		.flags		= FLAG_ADVANCED,
-+	},
-+	{
- 		.label		= "server signing",
- 		.type		= P_ENUM,
- 		.p_class	= P_GLOBAL,
-@@ -5470,6 +5480,7 @@ static void init_globals(bool reinit_globals)
- 	Globals.bClientUseSpnego = True;
- 
- 	Globals.client_signing = Auto;
-+	Globals.client_ipc_signing = Required;
- 	Globals.server_signing = False;
- 
- 	Globals.bDeferSharingViolations = True;
-@@ -6071,6 +6082,7 @@ FN_GLOBAL_LIST(lp_winbind_nss_info, &Globals.szWinbindNssInfo)
- FN_GLOBAL_INTEGER(lp_algorithmic_rid_base, &Globals.AlgorithmicRidBase)
- FN_GLOBAL_INTEGER(lp_name_cache_timeout, &Globals.name_cache_timeout)
- FN_GLOBAL_INTEGER(lp_client_signing, &Globals.client_signing)
-+FN_GLOBAL_INTEGER(lp_client_ipc_signing, &Globals.client_ipc_signing)
- FN_GLOBAL_INTEGER(lp_server_signing, &Globals.server_signing)
- FN_GLOBAL_INTEGER(lp_client_ldap_sasl_wrapping, &Globals.client_ldap_sasl_wrapping)
- 
--- 
-2.8.1
-
-
-From 633fcce5f7f488738ef8f45393aa8990e01118f4 Mon Sep 17 00:00:00 2001
-From: Andreas Schneider <asn@samba.org>
-Date: Tue, 5 Apr 2016 10:46:53 +0200
-Subject: [PATCH 2/4] CVE-2016-2115: s3: Use lp_client_ipc_signing() if we are
- not an smb client
-
-BUG: https://bugzilla.samba.org/show_bug.cgi?id=11756
-
-Pair-Programmed-With: Ralph Boehme <slow@samba.org>
-Signed-off-by: Andreas Schneider <asn@samba.org>
-Signed-off-by: Ralph Boehme <slow@samba.org>
----
- source3/param/loadparm.c                    | 14 ++++++++++++++
- source3/rpc_server/spoolss/srv_spoolss_nt.c |  2 +-
- 2 files changed, 15 insertions(+), 1 deletion(-)
-
-diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c
-index a612e5a3..c58f860 100644
---- a/source3/param/loadparm.c
-+++ b/source3/param/loadparm.c
-@@ -9712,6 +9712,20 @@ static bool lp_load_ex(const char *pszFname,
- 		lp_do_parameter(GLOBAL_SECTION_SNUM, "wins server", "127.0.0.1");
- 	}
- 
-+	if (!lp_is_in_client()) {
-+		switch (lp_client_ipc_signing()) {
-+		case Required:
-+			lp_set_cmdline("client signing", "mandatory");
-+			break;
-+		case Auto:
-+			lp_set_cmdline("client signing", "auto");
-+			break;
-+		case False:
-+			lp_set_cmdline("client signing", "disabled");
-+			break;
-+		}
-+	}
-+
- 	init_iconv();
- 
- 	bAllowIncludeRegistry = true;
-diff --git a/source3/rpc_server/spoolss/srv_spoolss_nt.c b/source3/rpc_server/spoolss/srv_spoolss_nt.c
-index 181a7b5..a0fcf27 100644
---- a/source3/rpc_server/spoolss/srv_spoolss_nt.c
-+++ b/source3/rpc_server/spoolss/srv_spoolss_nt.c
-@@ -2480,7 +2480,7 @@ static bool spoolss_connect_to_client(struct rpc_pipe_client **pp_pipe,
- 		"", /* username */
- 		"", /* domain */
- 		"", /* password */
--		0, lp_client_signing());
-+		0, False);
- 
- 	if ( !NT_STATUS_IS_OK( ret ) ) {
- 		DEBUG(2,("spoolss_connect_to_client: connection to [%s] failed!\n",
--- 
-2.8.1
-
-
-From e319838866bdd3f5f1602b441516d07a1171ab24 Mon Sep 17 00:00:00 2001
-From: Ralph Boehme <slow@samba.org>
-Date: Thu, 31 Mar 2016 11:30:03 +0200
-Subject: [PATCH 3/4] CVE-2016-2115: s3/param: pick up s4 option "winbind
- sealed pipes"
-
-This will be used in the next commit to prevent mitm attacks on on lsa,
-samr and netlogon in winbindd.
-
-BUG: https://bugzilla.samba.org/show_bug.cgi?id=11756
-
-Signed-off-by: Ralph Boehme <slow@samba.org>
-Reviewed-by: Stefan Metzmacher <metze@samba.org>
-Reviewed-by: Andreas Schneider <asn@samba.org>
----
- docs-xml/smbdotconf/winbind/winbindsealedpipes.xml | 15 +++++++++++++++
- source3/include/proto.h                            |  1 +
- source3/param/loadparm.c                           | 12 ++++++++++++
- 3 files changed, 28 insertions(+)
- create mode 100644 docs-xml/smbdotconf/winbind/winbindsealedpipes.xml
-
-diff --git a/docs-xml/smbdotconf/winbind/winbindsealedpipes.xml b/docs-xml/smbdotconf/winbind/winbindsealedpipes.xml
-new file mode 100644
-index 0000000..016ac9b
---- /dev/null
-+++ b/docs-xml/smbdotconf/winbind/winbindsealedpipes.xml
-@@ -0,0 +1,15 @@
-+<samba:parameter name="winbind sealed pipes"
-+                 context="G"
-+                 type="boolean"
-+                 xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
-+<description>
-+	<para>This option controls whether any requests from winbindd to domain controllers
-+		pipe will be sealed. Disabling sealing can be useful for debugging
-+		purposes.</para>
-+
-+	<para>The behavior can be controlled per netbios domain
-+	by using 'winbind sealed pipes:NETBIOSDOMAIN = no' as option.</para>
-+</description>
-+
-+<value type="default">yes</value>
-+</samba:parameter>
-diff --git a/source3/include/proto.h b/source3/include/proto.h
-index af950aa..ac1540f 100644
---- a/source3/include/proto.h
-+++ b/source3/include/proto.h
-@@ -1690,6 +1690,7 @@ int lp_winbind_cache_time(void);
- int lp_winbind_reconnect_delay(void);
- int lp_winbind_max_clients(void);
- const char **lp_winbind_nss_info(void);
-+bool lp_winbind_sealed_pipes(void);
- int lp_algorithmic_rid_base(void);
- int lp_name_cache_timeout(void);
- int lp_client_signing(void);
-diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c
-index c58f860..fdc9407 100644
---- a/source3/param/loadparm.c
-+++ b/source3/param/loadparm.c
-@@ -215,6 +215,7 @@ struct global {
- 	int  winbind_expand_groups;
- 	bool bWinbindRefreshTickets;
- 	bool bWinbindOfflineLogon;
-+	bool bWinbindSealedPipes;
- 	bool bWinbindNormalizeNames;
- 	bool bWinbindRpcOnly;
- 	bool bCreateKrb5Conf;
-@@ -4775,6 +4776,15 @@ static struct parm_struct parm_table[] = {
- 		.flags		= FLAG_ADVANCED,
- 	},
- 	{
-+		.label		= "winbind sealed pipes",
-+		.type		= P_BOOL,
-+		.p_class	= P_GLOBAL,
-+		.ptr		= &Globals.bWinbindSealedPipes,
-+		.special	= NULL,
-+		.enum_list	= NULL,
-+		.flags		= FLAG_ADVANCED,
-+	},
-+	{
- 		.label		= "winbind normalize names",
- 		.type		= P_BOOL,
- 		.p_class	= P_GLOBAL,
-@@ -5468,6 +5478,7 @@ static void init_globals(bool reinit_globals)
- 	Globals.szWinbindNssInfo = str_list_make_v3(NULL, "template", NULL);
- 	Globals.bWinbindRefreshTickets = False;
- 	Globals.bWinbindOfflineLogon = False;
-+	Globals.bWinbindSealedPipes = True;
- 
- 	Globals.iIdmapCacheTime = 86400 * 7; /* a week by default */
- 	Globals.iIdmapNegativeCacheTime = 120; /* 2 minutes by default */
-@@ -5747,6 +5758,7 @@ FN_GLOBAL_BOOL(lp_winbind_nested_groups, &Globals.bWinbindNestedGroups)
- FN_GLOBAL_INTEGER(lp_winbind_expand_groups, &Globals.winbind_expand_groups)
- FN_GLOBAL_BOOL(lp_winbind_refresh_tickets, &Globals.bWinbindRefreshTickets)
- FN_GLOBAL_BOOL(lp_winbind_offline_logon, &Globals.bWinbindOfflineLogon)
-+FN_GLOBAL_BOOL(lp_winbind_sealed_pipes, &Globals.bWinbindSealedPipes)
- FN_GLOBAL_BOOL(lp_winbind_normalize_names, &Globals.bWinbindNormalizeNames)
- FN_GLOBAL_BOOL(lp_winbind_rpc_only, &Globals.bWinbindRpcOnly)
- FN_GLOBAL_BOOL(lp_create_krb5_conf, &Globals.bCreateKrb5Conf)
--- 
-2.8.1
-
-
-From b47d8644e6a826f01dae3911fc510a7b2ff60273 Mon Sep 17 00:00:00 2001
-From: Andrew Bartlett <abartlet@samba.org>
-Date: Fri, 5 Sep 2014 17:00:31 +1200
-Subject: [PATCH 4/4] CVE-2016-2115: winbindd: Do not make anonymous
- connections by default
-
-The requirement is that we have "winbind sealed pipes = false" and
-"require strong key = false" before we make anonymous connections.
-These are a security risk as we cannot prevent MITM attacks.
-
-BUG: https://bugzilla.samba.org/show_bug.cgi?id=11796
-
-Signed-off-by: Andrew Bartlett <abartlet@samba.org>
-Reviewed-by: Stefan Metzmacher <metze@samba.org>
-(backported from commit e2cd3257141bd4a88cda1fff5bde9df60b253a97)
----
- source3/winbindd/winbindd_cm.c | 32 +++++++++++++++++++++++++++++++-
- 1 file changed, 31 insertions(+), 1 deletion(-)
-
-diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbindd_cm.c
-index 8271279..50a341e 100644
---- a/source3/winbindd/winbindd_cm.c
-+++ b/source3/winbindd/winbindd_cm.c
-@@ -2384,6 +2384,15 @@ NTSTATUS cm_connect_sam(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx,
- 	TALLOC_FREE(conn->samr_pipe);
- 
-  anonymous:
-+	if (lp_winbind_sealed_pipes() && (IS_DC || domain->primary)) {
-+		status = NT_STATUS_DOWNGRADE_DETECTED;
-+		DEBUG(1, ("Unwilling to make SAMR connection to domain %s "
-+			  "without connection level security, "
-+			  "must set 'winbind sealed pipes = false' "
-+			  "to proceed: %s\n",
-+			  domain->name, nt_errstr(status)));
-+		goto done;
-+	}
- 
- 	/* Finally fall back to anonymous. */
- 	status = cli_rpc_pipe_open_noauth(conn->cli, &ndr_table_samr.syntax_id,
-@@ -2610,6 +2619,16 @@ NTSTATUS cm_connect_lsa(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx,
- 
-  anonymous:
- 
-+	if (lp_winbind_sealed_pipes() && (IS_DC || domain->primary)) {
-+		result = NT_STATUS_DOWNGRADE_DETECTED;
-+		DEBUG(1, ("Unwilling to make LSA connection to domain %s "
-+			  "without connection level security, "
-+			  "must set 'winbind sealed pipes = false' "
-+			  "to proceed: %s\n",
-+			  domain->name, nt_errstr(result)));
-+		goto done;
-+	}
-+
- 	result = cli_rpc_pipe_open_noauth(conn->cli,
- 					  &ndr_table_lsarpc.syntax_id,
- 					  &conn->lsa_pipe);
-@@ -2749,7 +2768,18 @@ NTSTATUS cm_connect_netlogon(struct winbindd_domain *domain,
- 
-  no_schannel:
- 	if ((lp_client_schannel() == False) ||
--			((neg_flags & NETLOGON_NEG_SCHANNEL) == 0)) {
-+		((neg_flags & NETLOGON_NEG_SCHANNEL) == 0)) {
-+		if (lp_winbind_sealed_pipes() && (IS_DC || domain->primary)) {
-+			result = NT_STATUS_DOWNGRADE_DETECTED;
-+			DEBUG(1, ("Unwilling to make connection to domain %s "
-+				  "without connection level security, "
-+				  "must set 'winbind sealed pipes = false' "
-+				  "to proceed: %s\n",
-+				  domain->name, nt_errstr(result)));
-+			TALLOC_FREE(netlogon_pipe);
-+			invalidate_cm_connection(conn);
-+			return result;
-+		}
- 		/*
- 		 * NetSamLogonEx only works for schannel
- 		 */
--- 
-2.8.1
-

src/patches/samba/CVE-2016-2118-v3-6.patch

@@ -1,629 +0,0 @@
-From 9519f8f5123be055a4e845f87badef8b80ab2ee4 Mon Sep 17 00:00:00 2001
-From: Stefan Metzmacher <metze@samba.org>
-Date: Tue, 15 Dec 2015 14:49:36 +0100
-Subject: [PATCH 01/10] CVE-2016-2118: s3: rpcclient: change the default auth
- level from DCERPC_AUTH_LEVEL_CONNECT to DCERPC_AUTH_LEVEL_INTEGRITY
-
-ncacn_ip_tcp:server should get the same protection as ncacn_np:server
-if authentication and smb signing is used.
-
-BUG: https://bugzilla.samba.org/show_bug.cgi?id=11616
-
-Signed-off-by: Stefan Metzmacher <metze@samba.org>
-
-(cherry picked from commit dab41dee8a4fb27dbf3913b0e44a4cc726e3ac98)
----
- source3/rpcclient/rpcclient.c | 5 ++---
- 1 file changed, 2 insertions(+), 3 deletions(-)
-
-diff --git a/source3/rpcclient/rpcclient.c b/source3/rpcclient/rpcclient.c
-index 949e14c..81c5f42 100644
---- a/source3/rpcclient/rpcclient.c
-+++ b/source3/rpcclient/rpcclient.c
-@@ -1062,10 +1062,9 @@ out_free:
- 		}
- 	}
- 	if (pipe_default_auth_type != DCERPC_AUTH_TYPE_NONE) {
--		/* If neither Integrity or Privacy are requested then
--		 * Use just Connect level */
-+		/* If nothing is requested then default to integrity */
- 		if (pipe_default_auth_level == DCERPC_AUTH_LEVEL_NONE) {
--			pipe_default_auth_level = DCERPC_AUTH_LEVEL_CONNECT;
-+			pipe_default_auth_level = DCERPC_AUTH_LEVEL_INTEGRITY;
- 		}
- 	}
- 
--- 
-2.8.1
-
-
-From 0e00f6da40e6f76d9bd56187e74841c85ea86c55 Mon Sep 17 00:00:00 2001
-From: Stefan Metzmacher <metze@samba.org>
-Date: Fri, 11 Mar 2016 16:02:25 +0100
-Subject: [PATCH 02/10] CVE-2016-2118: s4:librpc: use integrity by default for
- authenticated binds
-
-ncacn_ip_tcp:server should get the same protection as ncacn_np:server
-if authentication and smb signing is used.
-
-BUG: https://bugzilla.samba.org/show_bug.cgi?id=11616
-
-Signed-off-by: Stefan Metzmacher <metze@samba.org>
-(cherry picked from commit 7847ee85d278adb9ce4fc7da7cf171917227c93f)
----
- source4/librpc/rpc/dcerpc_util.c | 12 ++++++------
- 1 file changed, 6 insertions(+), 6 deletions(-)
-
-diff --git a/source4/librpc/rpc/dcerpc_util.c b/source4/librpc/rpc/dcerpc_util.c
-index 2cd9499..a6d0df5 100644
---- a/source4/librpc/rpc/dcerpc_util.c
-+++ b/source4/librpc/rpc/dcerpc_util.c
-@@ -593,15 +593,15 @@ struct composite_context *dcerpc_pipe_auth_send(struct dcerpc_pipe *p,
- 
- 	/* Perform an authenticated DCE-RPC bind
- 	 */
--	if (!(conn->flags & (DCERPC_SIGN|DCERPC_SEAL))) {
-+	if (!(conn->flags & (DCERPC_CONNECT|DCERPC_SEAL))) {
- 		/*
- 		  we are doing an authenticated connection,
--		  but not using sign or seal. We must force
--		  the CONNECT dcerpc auth type as a NONE auth
--		  type doesn't allow authentication
--		  information to be passed.
-+		  which needs to use [connect], [sign] or [seal].
-+		  If nothing is specified, we default to [sign] now.
-+		  This give roughly the same protection as
-+		  ncacn_np with smb signing.
- 		*/
--		conn->flags |= DCERPC_CONNECT;
-+		conn->flags |= DCERPC_SIGN;
- 	}
- 
- 	if (s->binding->flags & DCERPC_AUTH_SPNEGO) {
--- 
-2.8.1
-
-
-From 8d53761dbcbea6439f4bfaef86ff79f42b682b22 Mon Sep 17 00:00:00 2001
-From: Stefan Metzmacher <metze@samba.org>
-Date: Thu, 10 Mar 2016 17:03:59 +0100
-Subject: [PATCH 03/10] CVE-2016-2118: docs-xml: add "allow dcerpc auth level
- connect" defaulting to "yes"
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-We sadly need to allow this for now by default.
-
-BUG: https://bugzilla.samba.org/show_bug.cgi?id=11616
-
-Signed-off-by: Stefan Metzmacher <metze@samba.org>
-Reviewed-by: Günther Deschner <gd@samba.org>
-(backported from commit 56baca8619ba9ae1734c3d77524fc705ebcbd8d2)
----
- .../security/allowdcerpcauthlevelconnect.xml       | 24 ++++++++++++++++++++++
- 1 file changed, 24 insertions(+)
- create mode 100644 docs-xml/smbdotconf/security/allowdcerpcauthlevelconnect.xml
-
-diff --git a/docs-xml/smbdotconf/security/allowdcerpcauthlevelconnect.xml b/docs-xml/smbdotconf/security/allowdcerpcauthlevelconnect.xml
-new file mode 100644
-index 0000000..5552112
---- /dev/null
-+++ b/docs-xml/smbdotconf/security/allowdcerpcauthlevelconnect.xml
-@@ -0,0 +1,24 @@
-+<samba:parameter name="allow dcerpc auth level connect"
-+                 context="G"
-+                 type="boolean"
-+                 xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
-+<description>
-+	<para>This option controls whether DCERPC services are allowed to
-+	be used with DCERPC_AUTH_LEVEL_CONNECT, which provides authentication,
-+	but no per message integrity nor privacy protection.</para>
-+
-+	<para>The behavior can be controlled per interface name (e.g. lsarpc, netlogon, samr, srvsvc,
-+	winreg, wkssvc ...) by using 'allow dcerpc auth level connect:interface = no' as option.</para>
-+
-+	<para>This option yields precedence to the implentation specific restrictions.
-+	E.g. the drsuapi and backupkey protocols require DCERPC_AUTH_LEVEL_PRIVACY.
-+	While others like samr and lsarpc have a hardcoded default of <constant>no</constant>.
-+	</para>
-+
-+	<para>Note the default will very likely change to <constant>no</constant> for Samba 4.5.</para>
-+</description>
-+
-+<value type="default">yes</value>
-+<value type="example">no</value>
-+
-+</samba:parameter>
--- 
-2.8.1
-
-
-From 9a0e8182314c631681f2dd47da5d790168066279 Mon Sep 17 00:00:00 2001
-From: Ralph Boehme <slow@samba.org>
-Date: Fri, 18 Mar 2016 08:45:11 +0100
-Subject: [PATCH 04/10] CVE-2016-2118: param: add "allow dcerpc auth level
- connect" defaulting to "yes"
-
-BUG: https://bugzilla.samba.org/show_bug.cgi?id=11616
-
-Signed-off-by: Ralph Boehme <slow@samba.org>
-Reviewed-by: Stefan Metzmacher <metze@samba.org>
-(backported from commit 6e3ada2c36f527077d77a8278bd41bbc030f48cd)
-
-(cherry picked from commit 74172d061597c96f0e733c11daee6cb15f3277dc)
-Signed-off-by: Aurelien Aptel <aaptel@suse.com>
----
- source3/include/proto.h  |  1 +
- source3/param/loadparm.c | 13 +++++++++++++
- 2 files changed, 14 insertions(+)
-
-diff --git a/source3/include/proto.h b/source3/include/proto.h
-index ac1540f..2ed6547 100644
---- a/source3/include/proto.h
-+++ b/source3/include/proto.h
-@@ -1821,6 +1821,7 @@ char* lp_perfcount_module(void);
- void lp_set_passdb_backend(const char *backend);
- void widelinks_warning(int snum);
- char *lp_ncalrpc_dir(void);
-+bool lp_allow_dcerpc_auth_level_connect(void);
- 
- /* The following definitions come from param/loadparm_server_role.c  */
- 
-diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c
-index fdc9407..87d33c5 100644
---- a/source3/param/loadparm.c
-+++ b/source3/param/loadparm.c
-@@ -355,6 +355,7 @@ struct global {
- 	bool bUseMmap;
- 	bool bHostnameLookups;
- 	bool bUnixExtensions;
-+	bool bAllowDcerpcAuthLevelConnect;
- 	bool bDisableNetbios;
- 	char * szDedicatedKeytabFile;
- 	int  iKerberosMethod;
-@@ -2303,6 +2304,15 @@ static struct parm_struct parm_table[] = {
- 		.flags		= FLAG_ADVANCED,
- 	},
- 	{
-+		.label		= "allow dcerpc auth level connect",
-+		.type		= P_BOOL,
-+		.p_class	= P_GLOBAL,
-+		.ptr		= &Globals.bAllowDcerpcAuthLevelConnect,
-+		.special	= NULL,
-+		.enum_list	= NULL,
-+		.flags		= FLAG_ADVANCED,
-+	},
-+	{
- 		.label		= "use spnego",
- 		.type		= P_BOOL,
- 		.p_class	= P_GLOBAL,
-@@ -5371,6 +5381,8 @@ static void init_globals(bool reinit_globals)
- 	Globals.bClientNTLMv2Auth = True; /* Client should always use use NTLMv2, as we can't tell that the server supports it, but most modern servers do */
- 	/* Note, that we will also use NTLM2 session security (which is different), if it is available */
- 
-+	Globals.bAllowDcerpcAuthLevelConnect = true; /* we need to allow this for now by default */
-+
- 	Globals.map_to_guest = 0;	/* By Default, "Never" */
- 	Globals.oplock_break_wait_time = 0;	/* By Default, 0 msecs. */
- 	Globals.enhanced_browsing = true;
-@@ -5745,6 +5757,7 @@ FN_GLOBAL_INTEGER(lp_username_map_cache_time, &Globals.iUsernameMapCacheTime)
- 
- FN_GLOBAL_STRING(lp_check_password_script, &Globals.szCheckPasswordScript)
- 
-+FN_GLOBAL_BOOL(lp_allow_dcerpc_auth_level_connect, &Globals.bAllowDcerpcAuthLevelConnect)
- FN_GLOBAL_STRING(lp_wins_hook, &Globals.szWINSHook)
- FN_GLOBAL_CONST_STRING(lp_template_homedir, &Globals.szTemplateHomedir)
- FN_GLOBAL_CONST_STRING(lp_template_shell, &Globals.szTemplateShell)
--- 
-2.8.1
-
-
-From 82a245ff842ea33c050a8fbe415a531497232d3d Mon Sep 17 00:00:00 2001
-From: Stefan Metzmacher <metze@samba.org>
-Date: Fri, 18 Mar 2016 04:40:30 +0100
-Subject: [PATCH 05/10] CVE-2016-2118: s3:rpc_server: make use of "allow dcerpc
- auth level connect"
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-With this option turned off we only allow DCERPC_AUTH_LEVEL_{NONE,INTEGRITY,PRIVACY},
-this means the reject any request with AUTH_LEVEL_CONNECT with ACCESS_DENIED.
-
-We sadly need to keep this enabled by default for now.
-
-BUG: https://bugzilla.samba.org/show_bug.cgi?id=11616
-
-Pair-Programmed-With: Günther Deschner <gd@samba.org>
-
-Signed-off-by: Stefan Metzmacher <metze@samba.org>
-Signed-off-by: Günther Deschner <gd@samba.org>
-(cherry picked from commit 1fa0bad3da921fca1d34971062522b4cc3e6db2c)
-(cherry picked from commit 46744bbe5e3616613b2dbee7cf6fdf0d8d5caab3)
-Signed-off-by: Aurelien Aptel <aaptel@suse.com>
----
- source3/include/ntdomain.h    |  4 ++++
- source3/rpc_server/srv_pipe.c | 49 ++++++++++++++++++++++++++++++++++++++++++-
- 2 files changed, 52 insertions(+), 1 deletion(-)
-
-diff --git a/source3/include/ntdomain.h b/source3/include/ntdomain.h
-index 2fbeabc..650f1d0 100644
---- a/source3/include/ntdomain.h
-+++ b/source3/include/ntdomain.h
-@@ -89,6 +89,10 @@ typedef struct pipe_rpc_fns {
- 	uint32 context_id;
- 	struct ndr_syntax_id syntax;
- 
-+	/*
-+	 * shall we allow "connect" auth level for this interface ?
-+	 */
-+	bool allow_connect;
- } PIPE_RPC_FNS;
- 
- /*
-diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c
-index d659705..c462dcf 100644
---- a/source3/rpc_server/srv_pipe.c
-+++ b/source3/rpc_server/srv_pipe.c
-@@ -335,6 +335,7 @@ static bool check_bind_req(struct pipes_struct *p,
- 			   uint32 context_id)
- {
- 	struct pipe_rpc_fns *context_fns;
-+	const char *interface_name = NULL;
- 
- 	DEBUG(3,("check_bind_req for %s\n",
- 		 get_pipe_name_from_syntax(talloc_tos(), abstract)));
-@@ -355,12 +356,29 @@ static bool check_bind_req(struct pipes_struct *p,
- 		return False;
- 	}
- 
-+	interface_name = get_pipe_name_from_syntax(talloc_tos(),
-+						   abstract);
-+
-+	SMB_ASSERT(interface_name != NULL);
-+
- 	context_fns->next = context_fns->prev = NULL;
- 	context_fns->n_cmds = rpc_srv_get_pipe_num_cmds(abstract);
- 	context_fns->cmds = rpc_srv_get_pipe_cmds(abstract);
- 	context_fns->context_id = context_id;
- 	context_fns->syntax = *abstract;
- 
-+	context_fns->allow_connect = lp_allow_dcerpc_auth_level_connect();
-+	/*
-+	 * every interface can be modified to allow "connect" auth_level by
-+	 * using a parametric option like:
-+	 * allow dcerpc auth level connect:<interface>
-+	 * e.g.
-+	 * allow dcerpc auth level connect:samr = yes
-+	 */
-+	context_fns->allow_connect = lp_parm_bool(-1,
-+		"allow dcerpc auth level connect",
-+		interface_name, context_fns->allow_connect);
-+
- 	/* add to the list of open contexts */
- 
- 	DLIST_ADD( p->contexts, context_fns );
-@@ -1592,6 +1610,7 @@ static bool api_pipe_request(struct pipes_struct *p,
- 	TALLOC_CTX *frame = talloc_stackframe();
- 	bool ret = False;
- 	PIPE_RPC_FNS *pipe_fns;
-+	const char *interface_name = NULL;
- 
- 	if (!p->pipe_bound) {
- 		DEBUG(1, ("Pipe not bound!\n"));
-@@ -1613,8 +1632,36 @@ static bool api_pipe_request(struct pipes_struct *p,
- 		return false;
- 	}
- 
-+	interface_name = get_pipe_name_from_syntax(talloc_tos(),
-+						   &pipe_fns->syntax);
-+
-+	SMB_ASSERT(interface_name != NULL);
-+
- 	DEBUG(5, ("Requested \\PIPE\\%s\n",
--		  get_pipe_name_from_syntax(talloc_tos(), &pipe_fns->syntax)));
-+		  interface_name));
-+
-+	switch (p->auth.auth_level) {
-+	case DCERPC_AUTH_LEVEL_NONE:
-+	case DCERPC_AUTH_LEVEL_INTEGRITY:
-+	case DCERPC_AUTH_LEVEL_PRIVACY:
-+		break;
-+	default:
-+		if (!pipe_fns->allow_connect) {
-+			DEBUG(1, ("%s: restrict auth_level_connect access "
-+				  "to [%s] with auth[type=0x%x,level=0x%x] "
-+				  "on [%s] from [%s]\n",
-+				  __func__, interface_name,
-+				  p->auth.auth_type,
-+				  p->auth.auth_level,
-+				  derpc_transport_string_by_transport(p->transport),
-+				  p->client_id->name));
-+
-+			setup_fault_pdu(p, NT_STATUS(DCERPC_FAULT_ACCESS_DENIED));
-+			TALLOC_FREE(frame);
-+			return true;
-+		}
-+		break;
-+	}
- 
- 	if (!srv_pipe_check_verification_trailer(p, pkt, pipe_fns)) {
- 		DEBUG(1, ("srv_pipe_check_verification_trailer: failed\n"));
--- 
-2.8.1
-
-
-From b68b204307e0b24bc2879ea667a706e11925166d Mon Sep 17 00:00:00 2001
-From: Stefan Metzmacher <metze@samba.org>
-Date: Fri, 7 Aug 2015 09:50:30 +0200
-Subject: [PATCH 06/10] CVE-2016-2118: s3:rpc_server/{samr,lsa,netlogon}:
- reject DCERPC_AUTH_LEVEL_CONNECT by default
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-This prevents man in the middle downgrade attacks.
-
-BUG: https://bugzilla.samba.org/show_bug.cgi?id=11616
-
-Pair-Programmed-With: Günther Deschner <gd@samba.org>
-
-Signed-off-by: Stefan Metzmacher <metze@samba.org>
-Signed-off-by: Günther Deschner <gd@samba.org>
-(cherry picked from commit 51dd08951eb4ab9d297678f96cde61f508937721)
-Signed-off-by: Aurelien Aptel <aaptel@suse.com>
-
-Conflicts:
-	selftest/knownfail
-	source3/rpc_server/srv_pipe.c
-
-selftest/knownfail is ignored in 3.6
----
- source3/rpc_server/srv_pipe.c | 20 ++++++++++++++++++++
- source3/selftest/knownfail    |  1 +
- source3/selftest/tests.py     |  2 ++
- 3 files changed, 23 insertions(+)
-
-diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c
-index c462dcf..3086b9e 100644
---- a/source3/rpc_server/srv_pipe.c
-+++ b/source3/rpc_server/srv_pipe.c
-@@ -43,6 +43,9 @@
- #include "ntdomain.h"
- #include "rpc_server/srv_pipe.h"
- #include "../librpc/ndr/ndr_dcerpc.h"
-+#include "../librpc/gen_ndr/ndr_samr.h"
-+#include "../librpc/gen_ndr/ndr_lsa.h"
-+#include "../librpc/gen_ndr/ndr_netlogon.h"
- 
- #undef DBGC_CLASS
- #define DBGC_CLASS DBGC_RPC_SRV
-@@ -336,6 +339,7 @@ static bool check_bind_req(struct pipes_struct *p,
- {
- 	struct pipe_rpc_fns *context_fns;
- 	const char *interface_name = NULL;
-+	bool ok;
- 
- 	DEBUG(3,("check_bind_req for %s\n",
- 		 get_pipe_name_from_syntax(talloc_tos(), abstract)));
-@@ -369,6 +373,22 @@ static bool check_bind_req(struct pipes_struct *p,
- 
- 	context_fns->allow_connect = lp_allow_dcerpc_auth_level_connect();
- 	/*
-+	 * for the samr and the lsarpc interfaces we don't allow "connect"
-+	 * auth_level by default.
-+	 */
-+	ok = ndr_syntax_id_equal(abstract, &ndr_table_samr.syntax_id);
-+	if (ok) {
-+		context_fns->allow_connect = false;
-+	}
-+	ok = ndr_syntax_id_equal(abstract, &ndr_table_lsarpc.syntax_id);
-+	if (ok) {
-+		context_fns->allow_connect = false;
-+	}
-+	ok = ndr_syntax_id_equal(abstract, &ndr_table_netlogon.syntax_id);
-+	if (ok) {
-+		context_fns->allow_connect = false;
-+	}
-+	/*
- 	 * every interface can be modified to allow "connect" auth_level by
- 	 * using a parametric option like:
- 	 * allow dcerpc auth level connect:<interface>
-diff --git a/source3/selftest/knownfail b/source3/selftest/knownfail
-index bda1fe0..8717a4d 100644
---- a/source3/selftest/knownfail
-+++ b/source3/selftest/knownfail
-@@ -18,3 +18,4 @@ samba3.posix_s3.nbt.dgram.*netlogon2
- samba3.*rap.sam.*.useradd # Not provided by Samba 3
- samba3.*rap.sam.*.userdelete # Not provided by Samba 3
- samba3.*rap.basic.*.netsessiongetinfo # Not provided by Samba 3
-+samba3.blackbox.rpcclient.over.ncacn_np.with.*connect.* # we don't allow auth_level_connect anymore
-diff --git a/source3/selftest/tests.py b/source3/selftest/tests.py
-index a733f14..8dfbf1e 100755
---- a/source3/selftest/tests.py
-+++ b/source3/selftest/tests.py
-@@ -201,6 +201,8 @@ if sub.returncode == 0:
-             plansmbtorturetestsuite(t, "s3dc", '//$SERVER_IP/tmpguest -U$USERNAME%$PASSWORD')
-         elif t == "raw.samba3posixtimedlock":
-             plansmbtorturetestsuite(t, "s3dc", '//$SERVER_IP/tmpguest -U$USERNAME%$PASSWORD --option=torture:localdir=$SELFTEST_PREFIX/dc/share')
-+        elif t == "rpc.samr.passwords.validate":
-+            plansmbtorturetestsuite(t, "s3dc", 'ncacn_np:$SERVER_IP[seal] -U$USERNAME%$PASSWORD', 'over ncacn_np ')
-         else:
-             plansmbtorturetestsuite(t, "s3dc", '//$SERVER_IP/tmp -U$USERNAME%$PASSWORD')
- 
--- 
-2.8.1
-
-
-From 720b9f861322c5fe804c53eb74e7d2d6a4d8b876 Mon Sep 17 00:00:00 2001
-From: Andreas Schneider <asn@samba.org>
-Date: Tue, 5 Apr 2016 09:54:38 +0200
-Subject: [PATCH 07/10] CVE-2016-2118: s3:selftest: The lsa tests which use
- connect need to fail
-
-BUG: https://bugzilla.samba.org/show_bug.cgi?id=11616
-
-Signed-off-by: Andreas Schneider <asn@samba.org>
----
- source3/selftest/knownfail | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/source3/selftest/knownfail b/source3/selftest/knownfail
-index 8717a4d..7d9275e 100644
---- a/source3/selftest/knownfail
-+++ b/source3/selftest/knownfail
-@@ -19,3 +19,4 @@ samba3.*rap.sam.*.useradd # Not provided by Samba 3
- samba3.*rap.sam.*.userdelete # Not provided by Samba 3
- samba3.*rap.basic.*.netsessiongetinfo # Not provided by Samba 3
- samba3.blackbox.rpcclient.over.ncacn_np.with.*connect.* # we don't allow auth_level_connect anymore
-+samba3.posix_s3.rpc.lsa.lookupsids.*ncacn_ip_tcp.*connect.* # we don't allow auth_level_connect anymore
--- 
-2.8.1
-
-
-From 9b2b563a1f8247f5ec7efde52d70efc666e30f56 Mon Sep 17 00:00:00 2001
-From: Stefan Metzmacher <metze@samba.org>
-Date: Sat, 26 Mar 2016 08:47:42 +0100
-Subject: [PATCH 08/10] CVE-2016-2118: s3:rpc_server/{epmapper,echo}: allow
- DCERPC_AUTH_LEVEL_CONNECT by default
-
-BUG: https://bugzilla.samba.org/show_bug.cgi?id=11616
-
-Signed-off-by: Stefan Metzmacher <metze@samba.org>
-Reviewed-by: Alexander Bokovoy <ab@samba.org>
-(cherry picked from commit 98f1a85f23d3d2a4f1c665746588688574261d90)
----
- source3/rpc_server/srv_pipe.c | 14 ++++++++++++++
- 1 file changed, 14 insertions(+)
-
-diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c
-index 3086b9e..964b843 100644
---- a/source3/rpc_server/srv_pipe.c
-+++ b/source3/rpc_server/srv_pipe.c
-@@ -46,6 +46,8 @@
- #include "../librpc/gen_ndr/ndr_samr.h"
- #include "../librpc/gen_ndr/ndr_lsa.h"
- #include "../librpc/gen_ndr/ndr_netlogon.h"
-+#include "../librpc/gen_ndr/ndr_epmapper.h"
-+#include "../librpc/gen_ndr/ndr_echo.h"
- 
- #undef DBGC_CLASS
- #define DBGC_CLASS DBGC_RPC_SRV
-@@ -389,6 +391,18 @@ static bool check_bind_req(struct pipes_struct *p,
- 		context_fns->allow_connect = false;
- 	}
- 	/*
-+	 * for the epmapper and echo interfaces we allow "connect"
-+	 * auth_level by default.
-+	 */
-+	ok = ndr_syntax_id_equal(abstract, &ndr_table_epmapper.syntax_id);
-+	if (ok) {
-+		context_fns->allow_connect = true;
-+	}
-+	ok = ndr_syntax_id_equal(abstract, &ndr_table_rpcecho.syntax_id);
-+	if (ok) {
-+		context_fns->allow_connect = true;
-+	}
-+	/*
- 	 * every interface can be modified to allow "connect" auth_level by
- 	 * using a parametric option like:
- 	 * allow dcerpc auth level connect:<interface>
--- 
-2.8.1
-
-
-From 21453f6887569b162be44faaf43e1b9a81423210 Mon Sep 17 00:00:00 2001
-From: Stefan Metzmacher <metze@samba.org>
-Date: Thu, 10 Mar 2016 17:03:59 +0100
-Subject: [PATCH 09/10] CVE-2016-2118: docs-xml/param: default "allow dcerpc
- auth level connect" to "no"
-
-BUG: https://bugzilla.samba.org/show_bug.cgi?id=11616
-
-Signed-off-by: Stefan Metzmacher <metze@samba.org>
-Reviewed-by: Alexander Bokovoy <ab@samba.org>
-(backported from commit 6469e21af32a2a405dd4f43e7d96a2f87c4a9902)
-
-Conflicts:
-	lib/param/loadparm.c
-	source3/param/loadparm.c
----
- docs-xml/smbdotconf/security/allowdcerpcauthlevelconnect.xml | 6 ++----
- source3/param/loadparm.c                                     | 2 +-
- 2 files changed, 3 insertions(+), 5 deletions(-)
-
-diff --git a/docs-xml/smbdotconf/security/allowdcerpcauthlevelconnect.xml b/docs-xml/smbdotconf/security/allowdcerpcauthlevelconnect.xml
-index 5552112..c8e9d18 100644
---- a/docs-xml/smbdotconf/security/allowdcerpcauthlevelconnect.xml
-+++ b/docs-xml/smbdotconf/security/allowdcerpcauthlevelconnect.xml
-@@ -14,11 +14,9 @@
- 	E.g. the drsuapi and backupkey protocols require DCERPC_AUTH_LEVEL_PRIVACY.
- 	While others like samr and lsarpc have a hardcoded default of <constant>no</constant>.
- 	</para>
--
--	<para>Note the default will very likely change to <constant>no</constant> for Samba 4.5.</para>
- </description>
- 
--<value type="default">yes</value>
--<value type="example">no</value>
-+<value type="default">no</value>
-+<value type="example">yes</value>
- 
- </samba:parameter>
-diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c
-index 87d33c5..a514727 100644
---- a/source3/param/loadparm.c
-+++ b/source3/param/loadparm.c
-@@ -5381,7 +5381,7 @@ static void init_globals(bool reinit_globals)
- 	Globals.bClientNTLMv2Auth = True; /* Client should always use use NTLMv2, as we can't tell that the server supports it, but most modern servers do */
- 	/* Note, that we will also use NTLM2 session security (which is different), if it is available */
- 
--	Globals.bAllowDcerpcAuthLevelConnect = true; /* we need to allow this for now by default */
-+	Globals.bAllowDcerpcAuthLevelConnect = false; /* we don't allow this by default */
- 
- 	Globals.map_to_guest = 0;	/* By Default, "Never" */
- 	Globals.oplock_break_wait_time = 0;	/* By Default, 0 msecs. */
--- 
-2.8.1
-
-
-From a5aebec4ff2f1d3b824dfcc05091da712639220d Mon Sep 17 00:00:00 2001
-From: Stefan Metzmacher <metze@samba.org>
-Date: Sun, 28 Feb 2016 22:48:11 +0100
-Subject: [PATCH 10/10] CVE-2016-2118: s3:rpc_server/samr: allow
- _samr_ValidatePassword only with PRIVACY...
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-This requires transport encryption.
-
-BUG: https://bugzilla.samba.org/show_bug.cgi?id=11616
-
-Signed-off-by: Stefan Metzmacher <metze@samba.org>
-Reviewed-by: Günther Deschner <gd@samba.org>
-(cherry picked from commit d7c2f1e12544ee0f80438dcc1586e2d30c23b54a)
----
- source3/rpc_server/samr/srv_samr_nt.c | 5 +++++
- 1 file changed, 5 insertions(+)
-
-diff --git a/source3/rpc_server/samr/srv_samr_nt.c b/source3/rpc_server/samr/srv_samr_nt.c
-index 0984984..37e2e4f 100644
---- a/source3/rpc_server/samr/srv_samr_nt.c
-+++ b/source3/rpc_server/samr/srv_samr_nt.c
-@@ -6628,6 +6628,11 @@ NTSTATUS _samr_ValidatePassword(struct pipes_struct *p,
- 	struct samr_GetDomPwInfo pw;
- 	struct samr_PwInfo dom_pw_info;
- 
-+	if (p->auth.auth_level != DCERPC_AUTH_LEVEL_PRIVACY) {
-+		p->fault_state = DCERPC_FAULT_ACCESS_DENIED;
-+		return NT_STATUS_ACCESS_DENIED;
-+	}
-+
- 	if (r->in.level < 1 || r->in.level > 3) {
- 		return NT_STATUS_INVALID_INFO_CLASS;
- 	}
--- 
-2.8.1
-

src/patches/samba/CVE-2016-2125-v3.6.patch

@@ -1,46 +0,0 @@
-From 7cc3b25f4bf9e89e326d04b83bc7365f3cc29265 Mon Sep 17 00:00:00 2001
-From: Stefan Metzmacher <metze@samba.org>
-Date: Wed, 7 Dec 2016 10:58:35 +0100
-Subject: [PATCH] CVE-2016-2125: s3:gse: avoid using GSS_C_DELEG_FLAG
-
-We should only use GSS_C_DELEG_POLICY_FLAG in order to let
-the KDC decide if we should send delegated credentials to
-a remote server.
-
-BUG: https://bugzilla.samba.org/show_bug.cgi?id=12445
-
-Signed-off-by: Stefan Metzmacher <metze@samba.org>
-Backported-by: Andreas Schneider <asn@samba.org>
----
- source3/librpc/crypto/gse.c | 1 -
- source3/libsmb/clifsinfo.c  | 2 +-
- 2 files changed, 1 insertion(+), 2 deletions(-)
-
-diff --git a/source3/librpc/crypto/gse.c b/source3/librpc/crypto/gse.c
-index 02fb0f6141d..211ca7774be 100644
---- a/source3/librpc/crypto/gse.c
-+++ b/source3/librpc/crypto/gse.c
-@@ -162,7 +162,6 @@ static NTSTATUS gse_context_init(TALLOC_CTX *mem_ctx,
- 	memcpy(&gse_ctx->gss_mech, gss_mech_krb5, sizeof(gss_OID_desc));
- 
- 	gse_ctx->gss_c_flags = GSS_C_MUTUAL_FLAG |
--				GSS_C_DELEG_FLAG |
- 				GSS_C_DELEG_POLICY_FLAG |
- 				GSS_C_REPLAY_FLAG |
- 				GSS_C_SEQUENCE_FLAG;
-diff --git a/source3/libsmb/clifsinfo.c b/source3/libsmb/clifsinfo.c
-index 1d66eb4c6b8..34ebc208db0 100644
---- a/source3/libsmb/clifsinfo.c
-+++ b/source3/libsmb/clifsinfo.c
-@@ -726,7 +726,7 @@ static NTSTATUS make_cli_gss_blob(TALLOC_CTX *ctx,
- 				&es->s.gss_state->gss_ctx,
- 				srv_name,
- 				GSS_C_NO_OID, /* default OID. */
--				GSS_C_MUTUAL_FLAG | GSS_C_REPLAY_FLAG | GSS_C_SEQUENCE_FLAG | GSS_C_DELEG_FLAG,
-+				GSS_C_MUTUAL_FLAG | GSS_C_REPLAY_FLAG | GSS_C_SEQUENCE_FLAG | GSS_C_DELEG_POLICY_FLAG,
- 				GSS_C_INDEFINITE,	/* requested ticket lifetime. */
- 				NULL,   /* no channel bindings */
- 				p_tok_in,
--- 
-2.11.0
-

src/patches/samba/CVE-2016-2126-v3.6.patch

@@ -1,80 +0,0 @@
-From 4e47b5d703c54215804d595980be028f47a87cbf Mon Sep 17 00:00:00 2001
-From: Stefan Metzmacher <metze@samba.org>
-Date: Wed, 7 Dec 2016 11:18:59 +0100
-Subject: [PATCH] CVE-2016-2126: auth/kerberos: only allow known checksum types
- in check_pac_checksum()
-
-AES based checksums can only be checked with the corresponding AES based
-keytype.
-
-Otherwise we may trigger an undefined code path deep in the kerberos
-libraries, which can leed to segmentation faults.
-
-BUG: https://bugzilla.samba.org/show_bug.cgi?id=12446
-
-Signed-off-by: Stefan Metzmacher <metze@samba.org>
-Backported-by: Andreas Schneider <asn@samba.org>
----
- source3/include/smb_krb5.h | 12 ++++++++++++
- source3/libads/authdata.c  | 22 ++++++++++++++++++++++
- 2 files changed, 34 insertions(+)
-
-diff --git a/source3/include/smb_krb5.h b/source3/include/smb_krb5.h
-index 5a55d3040d5..2780622f512 100644
---- a/source3/include/smb_krb5.h
-+++ b/source3/include/smb_krb5.h
-@@ -61,6 +61,18 @@
- #define ENCTYPE_ARCFOUR_HMAC ENCTYPE_ARCFOUR_HMAC_MD5
- #endif
- 
-+#if !defined(CKSUMTYPE_HMAC_MD5_ARCFOUR) && defined(CKSUMTYPE_HMAC_MD5)
-+#define CKSUMTYPE_HMAC_MD5_ARCFOUR CKSUMTYPE_HMAC_MD5
-+#endif
-+
-+#if !defined(CKSUMTYPE_HMAC_SHA1_96_AES256) && defined(CKSUMTYPE_HMAC_SHA1_96_AES_256)
-+#define CKSUMTYPE_HMAC_SHA1_96_AES256 CKSUMTYPE_HMAC_SHA1_96_AES_256
-+#endif
-+
-+#if !defined(CKSUMTYPE_HMAC_SHA1_96_AES128) && defined(CKSUMTYPE_HMAC_SHA1_96_AES_128)
-+#define CKSUMTYPE_HMAC_SHA1_96_AES128 CKSUMTYPE_HMAC_SHA1_96_AES_128
-+#endif
-+
- /* The older versions of heimdal that don't have this
-    define don't seem to use it anyway.  I'm told they
-    always use a subkey */
-diff --git a/source3/libads/authdata.c b/source3/libads/authdata.c
-index 0d877ddef89..30622843f1d 100644
---- a/source3/libads/authdata.c
-+++ b/source3/libads/authdata.c
-@@ -42,6 +42,28 @@ static krb5_error_code check_pac_checksum(TALLOC_CTX *mem_ctx,
- 	krb5_checksum cksum;
- 	krb5_keyusage usage = 0;
- 
-+	switch (sig->type) {
-+	case CKSUMTYPE_HMAC_MD5_ARCFOUR:
-+		/* ignores the key type */
-+		break;
-+	case CKSUMTYPE_HMAC_SHA1_96_AES256:
-+		if (KRB5_KEY_TYPE(keyblock) != ENCTYPE_AES256_CTS_HMAC_SHA1_96) {
-+			return EINVAL;
-+		}
-+		/* ok */
-+		break;
-+	case CKSUMTYPE_HMAC_SHA1_96_AES128:
-+		if (KRB5_KEY_TYPE(keyblock) != ENCTYPE_AES128_CTS_HMAC_SHA1_96) {
-+			return EINVAL;
-+		}
-+		/* ok */
-+		break;
-+	default:
-+		DEBUG(2,("check_pac_checksum: Checksum Type %d is not supported\n",
-+			(int)sig->type));
-+		return EINVAL;
-+	}
-+
- 	smb_krb5_checksum_from_pac_sig(&cksum, sig);
- 
- #ifdef HAVE_KRB5_KU_OTHER_CKSUM /* Heimdal */
--- 
-2.11.0
-

src/patches/samba/CVE-2017-12150-v3-6.patch

@@ -1,102 +0,0 @@
-From d3198caa7a8910a9ce1eb4104d5b410ef29ac2bb Mon Sep 17 00:00:00 2001
-From: Stefan Metzmacher <metze@samba.org>
-Date: Thu, 3 Nov 2016 17:16:43 +0100
-Subject: [PATCH 1/3] CVE-2017-12150: s3:lib:
- get_cmdline_auth_info_signing_state use Required for smb_encrypt
-
-This is an addition to the fixes for CVE-2015-5296.
-
-It applies to smb2mount -e, smbcacls -e and smbcquotas -e.
-
-BUG: https://bugzilla.samba.org/show_bug.cgi?id=12997
-
-Signed-off-by: Stefan Metzmacher <metze@samba.org>
-Backported-by: Andreas Schneider <asn@samba.org>
----
- source3/lib/util_cmdline.c | 3 +++
- 1 file changed, 3 insertions(+)
-
-diff --git a/source3/lib/util_cmdline.c b/source3/lib/util_cmdline.c
-index cb0b79a5d30..3178c848b63 100644
---- a/source3/lib/util_cmdline.c
-+++ b/source3/lib/util_cmdline.c
-@@ -122,6 +122,9 @@ bool set_cmdline_auth_info_signing_state(struct user_auth_info *auth_info,
- 
- int get_cmdline_auth_info_signing_state(const struct user_auth_info *auth_info)
- {
-+	if (auth_info->smb_encrypt) {
-+		return Required;
-+	}
- 	return auth_info->signing_state;
- }
- 
--- 
-2.14.1
-
-
-From bb762a74c81159633f904f8fb67b49bab74a0b9c Mon Sep 17 00:00:00 2001
-From: Stefan Metzmacher <metze@samba.org>
-Date: Mon, 12 Dec 2016 05:49:46 +0100
-Subject: [PATCH 2/3] CVE-2017-12150: libgpo: make use of Required for SMB
- signing in gpo_connect_server()
-
-It's important that we use a signed connection to get the GPOs!
-
-BUG: https://bugzilla.samba.org/show_bug.cgi?id=12997
-
-Signed-off-by: Stefan Metzmacher <metze@samba.org>
-Backported-by: Andreas Schneider <asn@samba.org>
----
- libgpo/gpo_fetch.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/libgpo/gpo_fetch.c b/libgpo/gpo_fetch.c
-index 3cfe1d5b942..af012e01336 100644
---- a/libgpo/gpo_fetch.c
-+++ b/libgpo/gpo_fetch.c
-@@ -151,7 +151,7 @@ static NTSTATUS gpo_connect_server(ADS_STRUCT *ads, struct loadparm_context *lp_
- 			ads->auth.password,
- 			CLI_FULL_CONNECTION_USE_KERBEROS |
- 			CLI_FULL_CONNECTION_FALLBACK_AFTER_KERBEROS,
--			Undefined);
-+			Required);
- 	if (!NT_STATUS_IS_OK(result)) {
- 		DEBUG(10,("check_refresh_gpo: "
- 				"failed to connect: %s\n",
--- 
-2.14.1
-
-
-From 070b0fb9ebb57cdbc2b82e335de021fb46bc543c Mon Sep 17 00:00:00 2001
-From: Stefan Metzmacher <metze@samba.org>
-Date: Mon, 12 Dec 2016 06:07:56 +0100
-Subject: [PATCH 3/3] CVE-2017-12150: s3:libsmb: only fallback to anonymous if
- authentication was not requested
-
-With forced encryption or required signing we should also don't fallback.
-
-BUG: https://bugzilla.samba.org/show_bug.cgi?id=12997
-
-Signed-off-by: Stefan Metzmacher <metze@samba.org>
-Backported-by: Andreas Schneider <asn@samba.org>
----
- source3/libsmb/clidfs.c | 2 ++
- 1 file changed, 2 insertions(+)
-
-diff --git a/source3/libsmb/clidfs.c b/source3/libsmb/clidfs.c
-index 23e147120f1..120a2c999ce 100644
---- a/source3/libsmb/clidfs.c
-+++ b/source3/libsmb/clidfs.c
-@@ -197,7 +197,9 @@ static struct cli_state *do_connect(TALLOC_CTX *ctx,
- 		/* If a password was not supplied then
- 		 * try again with a null username. */
- 		if (password[0] || !username[0] ||
-+			force_encrypt || client_is_signing_mandatory(c) ||
- 			get_cmdline_auth_info_use_kerberos(auth_info) ||
-+			get_cmdline_auth_info_use_ccache(auth_info) ||
- 			!NT_STATUS_IS_OK(cli_session_setup(c, "",
- 				    		"", 0,
- 						"", 0,
--- 
-2.14.1
-

src/patches/samba/CVE-2017-12163.patch

@@ -1,141 +0,0 @@
-From 9f1a51917649795123bedbefdea678317d392b48 Mon Sep 17 00:00:00 2001
-From: Jeremy Allison <jra@samba.org>
-Date: Fri, 8 Sep 2017 10:13:14 -0700
-Subject: [PATCH] CVE-2017-12163: s3:smbd: Prevent client short SMB1 write from
- writing server memory to file.
-
-BUG: https://bugzilla.samba.org/show_bug.cgi?id=13020
-
-Signed-off-by: Jeremy Allison <jra@samba.org>
-Signed-off-by: Stefan Metzmacher <metze@samba.org>
----
- source3/smbd/reply.c | 50 ++++++++++++++++++++++++++++++++++++++++++++++++++
- 1 file changed, 50 insertions(+)
-
-diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c
-index 1583c2358bb..9625670d653 100644
---- a/source3/smbd/reply.c
-+++ b/source3/smbd/reply.c
-@@ -3977,6 +3977,9 @@ void reply_writebraw(struct smb_request *req)
- 	}
- 
- 	/* Ensure we don't write bytes past the end of this packet. */
-+	/*
-+	 * This already protects us against CVE-2017-12163.
-+	 */
- 	if (data + numtowrite > smb_base(req->inbuf) + smb_len(req->inbuf)) {
- 		reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
- 		error_to_writebrawerr(req);
-@@ -4078,6 +4081,11 @@ void reply_writebraw(struct smb_request *req)
- 			exit_server_cleanly("secondary writebraw failed");
- 		}
- 
-+		/*
-+		 * We are not vulnerable to CVE-2017-12163
-+		 * here as we are guarenteed to have numtowrite
-+		 * bytes available - we just read from the client.
-+		 */
- 		nwritten = write_file(req,fsp,buf+4,startpos+nwritten,numtowrite);
- 		if (nwritten == -1) {
- 			TALLOC_FREE(buf);
-@@ -4159,6 +4167,7 @@ void reply_writeunlock(struct smb_request *req)
- 	connection_struct *conn = req->conn;
- 	ssize_t nwritten = -1;
- 	size_t numtowrite;
-+	size_t remaining;
- 	SMB_OFF_T startpos;
- 	const char *data;
- 	NTSTATUS status = NT_STATUS_OK;
-@@ -4191,6 +4200,17 @@ void reply_writeunlock(struct smb_request *req)
- 	startpos = IVAL_TO_SMB_OFF_T(req->vwv+2, 0);
- 	data = (const char *)req->buf + 3;
- 
-+	/*
-+	 * Ensure client isn't asking us to write more than
-+	 * they sent. CVE-2017-12163.
-+	 */
-+	remaining = smbreq_bufrem(req, data);
-+	if (numtowrite > remaining) {
-+		reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
-+		END_PROFILE(SMBwriteunlock);
-+		return;
-+	}
-+
- 	if (!fsp->print_file && numtowrite > 0) {
- 		init_strict_lock_struct(fsp, (uint64_t)req->smbpid,
- 		    (uint64_t)startpos, (uint64_t)numtowrite, WRITE_LOCK,
-@@ -4272,6 +4292,7 @@ void reply_write(struct smb_request *req)
- {
- 	connection_struct *conn = req->conn;
- 	size_t numtowrite;
-+	size_t remaining;
- 	ssize_t nwritten = -1;
- 	SMB_OFF_T startpos;
- 	const char *data;
-@@ -4312,6 +4333,17 @@ void reply_write(struct smb_request *req)
- 	startpos = IVAL_TO_SMB_OFF_T(req->vwv+2, 0);
- 	data = (const char *)req->buf + 3;
- 
-+	/*
-+	 * Ensure client isn't asking us to write more than
-+	 * they sent. CVE-2017-12163.
-+	 */
-+	remaining = smbreq_bufrem(req, data);
-+	if (numtowrite > remaining) {
-+		reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
-+		END_PROFILE(SMBwrite);
-+		return;
-+	}
-+
- 	if (!fsp->print_file) {
- 		init_strict_lock_struct(fsp, (uint64_t)req->smbpid,
- 			(uint64_t)startpos, (uint64_t)numtowrite, WRITE_LOCK,
-@@ -4523,6 +4555,9 @@ void reply_write_and_X(struct smb_request *req)
- 			return;
- 		}
- 	} else {
-+		/*
-+		 * This already protects us against CVE-2017-12163.
-+		 */
- 		if (smb_doff > smblen || smb_doff + numtowrite < numtowrite ||
- 				smb_doff + numtowrite > smblen) {
- 			reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
-@@ -4892,6 +4927,7 @@ void reply_writeclose(struct smb_request *req)
- {
- 	connection_struct *conn = req->conn;
- 	size_t numtowrite;
-+	size_t remaining;
- 	ssize_t nwritten = -1;
- 	NTSTATUS close_status = NT_STATUS_OK;
- 	SMB_OFF_T startpos;
-@@ -4925,6 +4961,17 @@ void reply_writeclose(struct smb_request *req)
- 	mtime = convert_time_t_to_timespec(srv_make_unix_date3(req->vwv+4));
- 	data = (const char *)req->buf + 1;
- 
-+	/*
-+	 * Ensure client isn't asking us to write more than
-+	 * they sent. CVE-2017-12163.
-+	 */
-+	remaining = smbreq_bufrem(req, data);
-+	if (numtowrite > remaining) {
-+		reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
-+		END_PROFILE(SMBwriteclose);
-+		return;
-+	}
-+
- 	if (!fsp->print_file) {
- 		init_strict_lock_struct(fsp, (uint64_t)req->smbpid,
- 		    (uint64_t)startpos, (uint64_t)numtowrite, WRITE_LOCK,
-@@ -5495,6 +5542,9 @@ void reply_printwrite(struct smb_request *req)
- 
- 	numtowrite = SVAL(req->buf, 1);
- 
-+	/*
-+	 * This already protects us against CVE-2017-12163.
-+	 */
- 	if (req->buflen < numtowrite + 3) {
- 		reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
- 		END_PROFILE(SMBsplwr);
--- 
-2.13.5
-

src/patches/samba/CVE-2017-15275.patch

@@ -1,45 +0,0 @@
-From c1a22e59f87783d88dfbaeeb132b89be166b2754 Mon Sep 17 00:00:00 2001
-From: Jeremy Allison <jra@samba.org>
-Date: Wed, 20 Sep 2017 11:04:50 -0700
-Subject: [PATCH 2/2] s3: smbd: Chain code can return uninitialized memory when
- talloc buffer is grown.
-
-Ensure we zero out unused grown area.
-
-CVE-2017-15275
-
-BUG: https://bugzilla.samba.org/show_bug.cgi?id=13077
-
-Signed-off-by: Jeremy Allison <jra@samba.org>
----
- source3/smbd/srvstr.c | 14 ++++++++++++++
- 1 file changed, 14 insertions(+)
-
-diff --git a/source3/smbd/srvstr.c b/source3/smbd/srvstr.c
-index 56dceba8c6c..c2d70b32c32 100644
---- a/source3/smbd/srvstr.c
-+++ b/source3/smbd/srvstr.c
-@@ -110,6 +110,20 @@ ssize_t message_push_string(uint8_t **outbuf, const char *str, int flags)
- 		DEBUG(0, ("srvstr_push failed\n"));
- 		return -1;
- 	}
-+
-+	/*
-+	 * Ensure we clear out the extra data we have
-+	 * grown the buffer by, but not written to.
-+	 */
-+	if (buf_size + result < buf_size) {
-+		return -1;
-+	}
-+	if (grow_size < result) {
-+		return -1;
-+	}
-+
-+	memset(tmp + buf_size + result, '\0', grow_size - result);
-+
- 	set_message_bcc((char *)tmp, smb_buflen(tmp) + result);
- 
- 	*outbuf = tmp;
--- 
-2.11.0
-

src/patches/samba/CVE-2017-7494-v3-6.patch

@@ -1,32 +0,0 @@
-From b719a4d53fc6d590f4fac340d956344a5246de4e Mon Sep 17 00:00:00 2001
-From: Volker Lendecke <vl@samba.org>
-Date: Mon, 8 May 2017 21:40:40 +0200
-Subject: [PATCH] CVE-2017-7494: Refuse to open pipe names with / inside
-
-BUG: https://bugzilla.samba.org/show_bug.cgi?id=12780
-
-Signed-off-by: Volker Lendecke <vl@samba.org>
-Reviewed-by: Andreas Schneider <asn@samba.org>
----
- source3/rpc_server/srv_pipe.c | 5 +++++
- 1 file changed, 5 insertions(+)
-
-diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c
-index ec24fe7..b80e3f5 100644
---- a/source3/rpc_server/srv_pipe.c
-+++ b/source3/rpc_server/srv_pipe.c
-@@ -473,6 +473,11 @@ bool is_known_pipename(const char *cli_filename, struct ndr_syntax_id *syntax)
- 		pipename += 1;
- 	}
- 
-+	if (strchr(pipename, '/')) {
-+		DEBUG(1,("Refusing open on pipe %s\n", pipename));
-+		return false;
-+	}
-+
- 	if (lp_disable_spoolss() && strequal(pipename, "spoolss")) {
- 		DEBUG(10, ("refusing spoolss access\n"));
- 		return false;
--- 
-2.9.4
-

src/patches/samba/samba-3.2.0pre1-grouppwd.patch

@@ -1,13 +0,0 @@
-Index: samba-3.6.22/source3/winbindd/winbindd_group.c
-===================================================================
---- samba-3.6.22.orig/source3/winbindd/winbindd_group.c
-+++ samba-3.6.22/source3/winbindd/winbindd_group.c
-@@ -69,7 +69,7 @@ bool fill_grent(TALLOC_CTX *mem_ctx, str
- 	/* Group name and password */
- 
- 	safe_strcpy(gr->gr_name, full_group_name, sizeof(gr->gr_name) - 1);
--	safe_strcpy(gr->gr_passwd, "x", sizeof(gr->gr_passwd) - 1);
-+	safe_strcpy(gr->gr_passwd, "*", sizeof(gr->gr_passwd) - 1);
- 
- 	return True;
- }

src/patches/samba/samba-3.2.0pre1-pipedir.patch

@@ -1,13 +0,0 @@
-Index: samba-3.6.6/nsswitch/winbind_struct_protocol.h
-===================================================================
---- samba-3.6.6.orig/nsswitch/winbind_struct_protocol.h
-+++ samba-3.6.6/nsswitch/winbind_struct_protocol.h
-@@ -29,7 +29,7 @@ typedef char fstring[FSTRING_LEN];
-  * is needed for launchd support -- jpeach.
-  */
- #ifndef WINBINDD_SOCKET_DIR
--#define WINBINDD_SOCKET_DIR  "/tmp/.winbindd"  /* Name of PF_UNIX dir */
-+#define WINBINDD_SOCKET_DIR  "/var/run/winbindd"  /* Name of PF_UNIX dir */
- #endif
- 
- /*

src/patches/samba/samba-3.2.5-inotify.patch

@@ -1,49 +0,0 @@
-Index: samba-3.6.6/source3/smbd/notify_inotify.c
-===================================================================
---- samba-3.6.6.orig/source3/smbd/notify_inotify.c
-+++ samba-3.6.6/source3/smbd/notify_inotify.c
-@@ -77,6 +77,7 @@ struct inotify_private {
- 	struct sys_notify_context *ctx;
- 	int fd;
- 	struct inotify_watch_context *watches;
-+	bool broken_inotify;	/* Late stop for broken system */
- };
- 
- struct inotify_watch_context {
-@@ -241,8 +242,15 @@ static void inotify_handler(struct event
- 	  filenames, and thus can't know how much to allocate
- 	  otherwise
- 	*/
--	if (ioctl(in->fd, FIONREAD, &bufsize) != 0 || 
--	    bufsize == 0) {
-+	if ((ioctl(in->fd, FIONREAD, &bufsize) != 0) && (errno == EACCES)) {
-+		/*
-+		 * Workaround for broken system (SELinux policy bug fixed since long but it is always better not to loop on EACCES)
-+		 */
-+		TALLOC_FREE(fde);
-+		in->broken_inotify = True;
-+		return;
-+	}
-+	if (bufsize == 0) {
- 		DEBUG(0,("No data on inotify fd?!\n"));
- 		TALLOC_FREE(fde);
- 		return;
-@@ -300,6 +308,7 @@ static NTSTATUS inotify_setup(struct sys
- 	}
- 	in->ctx = ctx;
- 	in->watches = NULL;
-+	in->broken_inotify = False;
- 
- 	ctx->private_data = in;
- 	talloc_set_destructor(in, inotify_destructor);
-@@ -394,6 +403,10 @@ NTSTATUS inotify_watch(struct sys_notify
- 
- 	in = talloc_get_type(ctx->private_data, struct inotify_private);
- 
-+	if (in->broken_inotify) {
-+		return NT_STATUS_OK;
-+	}
-+
- 	mask = inotify_map(e);
- 	if (mask == 0) {
- 		/* this filter can't be handled by inotify */

src/patches/samba/samba-3.5.11-docs.patch

@@ -1,70 +0,0 @@
-From 337e286f110f594f02ea6780900e0a95ec6794c2 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
-Date: Fri, 5 Aug 2011 12:25:52 +0200
-Subject: [PATCH] s3-docs: document --user-sidinfo wbinfo option.
-
-Guenther
----
- docs-xml/manpages-3/wbinfo.1.xml |    8 ++++++++
- 1 files changed, 8 insertions(+), 0 deletions(-)
-
-Index: samba-3.6.22/docs-xml/manpages-3/wbinfo.1.xml
-===================================================================
---- samba-3.6.22.orig/docs-xml/manpages-3/wbinfo.1.xml
-+++ samba-3.6.22/docs-xml/manpages-3/wbinfo.1.xml
-@@ -47,7 +47,7 @@
- 		<arg choide="opt">--online-status</arg>
- 		<arg choice="opt">--own-domain</arg>
- 		<arg choice="opt">-p</arg>
--		<arg choice="opt">-P|--ping-dc</arg>
-+		<arg choice="opt">--ping-dc</arg>
- 		<arg choice="opt">-r user</arg>
- 		<arg choide="opt">-R|--lookup-rids</arg>
- 		<arg choice="opt">-s sid</arg>
-@@ -61,6 +61,7 @@
- 		<arg choice="opt">--uid-info uid</arg>
- 		<arg choide="opt">--usage</arg>
- 		<arg choice="opt">--user-domgroups sid</arg>
-+		<arg choice="opt">--user-sidinfo sid</arg>
- 		<arg choice="opt">--user-sids sid</arg>
- 		<arg choice="opt">-U uid</arg>
- 		<arg choice="opt">-V</arg>
-@@ -414,6 +415,13 @@
- 		</varlistentry>
- 
- 		<varlistentry>
-+		<term>--user-sidinfo <replaceable>sid</replaceable></term>
-+		<listitem><para>Get user info by sid.
-+		</para></listitem>
-+		</varlistentry>
-+
-+
-+		<varlistentry>
- 		<term>--user-sids <replaceable>sid</replaceable></term>
- 		<listitem><para>Get user group SIDs for user.
- 		</para></listitem>
-Index: samba-3.6.22/docs/manpages/wbinfo.1
-===================================================================
---- samba-3.6.22.orig/docs/manpages/wbinfo.1
-+++ samba-3.6.22/docs/manpages/wbinfo.1
-@@ -31,7 +31,7 @@
- wbinfo \- Query information from winbind daemon
- .SH "SYNOPSIS"
- .HP \w'\ 'u
--wbinfo [\-a\ user%password] [\-\-all\-domains] [\-\-allocate\-gid] [\-\-allocate\-uid] [\-c] [\-\-ccache\-save] [\-\-change\-user\-password] [\-D\ domain] [\-\-domain\ domain] [\-\-dsgetdcname\ domain] [\-g] [\-\-getdcname\ domain] [\-\-get\-auth\-user] [\-G\ gid] [\-\-gid\-info] [\-\-group\-info] [\-\-help|\-?] [\-i\ user] [\-I\ ip] [\-K\ user%password] [\-\-lanman] [\-m] [\-n\ name] [\-N\ netbios\-name] [\-\-ntlmv2] [\-\-online\-status] [\-\-own\-domain] [\-p] [\-P|\-\-ping\-dc] [\-r\ user] [\-R|\-\-lookup\-rids] [\-s\ sid] [\-\-separator] [\-\-set\-auth\-user\ user%password] [\-S\ sid] [\-\-sid\-aliases] [\-\-sid\-to\-fullname] [\-t] [\-u] [\-\-uid\-info\ uid] [\-\-usage] [\-\-user\-domgroups\ sid] [\-\-user\-sids\ sid] [\-U\ uid] [\-V] [\-\-verbose] [\-Y\ sid]
-+wbinfo [\-a\ user%password] [\-\-all\-domains] [\-\-allocate\-gid] [\-\-allocate\-uid] [\-c] [\-\-ccache\-save] [\-\-change\-user\-password] [\-D\ domain] [\-\-domain\ domain] [\-\-dsgetdcname\ domain] [\-g] [\-\-getdcname\ domain] [\-\-get\-auth\-user] [\-G\ gid] [\-\-gid\-info] [\-\-group\-info] [\-\-help|\-?] [\-i\ user] [\-I\ ip] [\-K\ user%password] [\-\-lanman] [\-m] [\-n\ name] [\-N\ netbios\-name] [\-\-ntlmv2] [\-\-online\-status] [\-\-own\-domain] [\-p] [\-\-ping\-dc] [\-r\ user] [\-R|\-\-lookup\-rids] [\-s\ sid] [\-\-separator] [\-\-set\-auth\-user\ user%password] [\-S\ sid] [\-\-sid\-aliases] [\-\-sid\-to\-fullname] [\-t] [\-u] [\-\-uid\-info\ uid] [\-\-usage] [\-\-user\-domgroups\ sid] [\-\-user\-sidinfo\ sid] [\-\-user\-sids\ sid] [\-U\ uid] [\-V] [\-\-verbose] [\-Y\ sid]
- .SH "DESCRIPTION"
- .PP
- This tool is part of the
-@@ -328,6 +328,11 @@ Print brief help overview\&.
- Get user domain groups\&.
- .RE
- .PP
-+\-\-user\-sidinfo \fIsid\fR
-+.RS 4
-+Get user info by sid\&.
-+.RE
-+.PP
- \-\-user\-sids \fIsid\fR
- .RS 4
- Get user group SIDs for user\&.

src/patches/samba/samba-3.5.11-idmapdebug.patch

@@ -1,26 +0,0 @@
-Index: samba-3.6.6/source3/winbindd/idmap.c
-===================================================================
---- samba-3.6.6.orig/source3/winbindd/idmap.c
-+++ samba-3.6.6/source3/winbindd/idmap.c
-@@ -129,7 +129,7 @@ NTSTATUS smb_register_idmap(int version,
- 
- 	for (entry = backends; entry != NULL; entry = entry->next) {
- 		if (strequal(entry->name, name)) {
--			DEBUG(0,("Idmap module %s already registered!\n",
-+			DEBUG(5,("Idmap module %s already registered!\n",
- 				 name));
- 			return NT_STATUS_OBJECT_NAME_COLLISION;
- 		}
-Index: samba-3.6.6/source3/winbindd/nss_info.c
-===================================================================
---- samba-3.6.6.orig/source3/winbindd/nss_info.c
-+++ samba-3.6.6/source3/winbindd/nss_info.c
-@@ -66,7 +66,7 @@ static struct nss_function_entry *nss_ge
- 	}
- 
- 	if ( nss_get_backend(name) ) {
--		DEBUG(0,("smb_register_idmap_nss: idmap module %s "
-+		DEBUG(5,("smb_register_idmap_nss: idmap module %s "
- 			 "already registered!\n", name));
- 		return NT_STATUS_OBJECT_NAME_COLLISION;
- 	}

src/patches/samba/samba-3.5.11-nss_info_doc.patch

@@ -1,75 +0,0 @@
-From 47871b11df083ec6936599e1196a553379c044b3 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
-Date: Wed, 19 Oct 2011 00:19:58 +0200
-Subject: [PATCH 1/2] s3-docs: Document Services for Unix 2.0 (sfu20) nss_info
- ldap schema support.
-
-Guenther
----
- docs-xml/manpages-3/idmap_ad.8.xml             |    4 +++-
- docs-xml/smbdotconf/winbind/winbindnssinfo.xml |    5 +++--
- 2 files changed, 6 insertions(+), 3 deletions(-)
-
-Index: samba-3.6.22/docs-xml/manpages-3/idmap_ad.8.xml
-===================================================================
---- samba-3.6.22.orig/docs-xml/manpages-3/idmap_ad.8.xml
-+++ samba-3.6.22/docs-xml/manpages-3/idmap_ad.8.xml
-@@ -63,12 +63,17 @@
- 		</para></listitem>
- 		</varlistentry>
- 		<varlistentry>
--		<term>schema_mode = &lt;rfc2307 | sfu &gt;</term>
-+		<term>schema_mode = &lt;rfc2307 | sfu | sfu20&gt;</term>
- 		<listitem><para>
- 			Defines the schema that idmap_ad should use when querying
- 			Active Directory regarding user and group information.
- 			This can be either the RFC2307 schema support included
- 			in Windows 2003 R2 or the Service for Unix (SFU) schema.
-+			For SFU 3.0 or 3.5 please choose "sfu", for SFU 2.0
-+			please choose "sfu20".
-+
-+			Please note that primary group membership is currently always calculated
-+			via the "primaryGroupID" LDAP attribute.
- 		</para></listitem>
- 		</varlistentry>
- 	</variablelist>
-Index: samba-3.6.22/docs-xml/smbdotconf/winbind/winbindnssinfo.xml
-===================================================================
---- samba-3.6.22.orig/docs-xml/smbdotconf/winbind/winbindnssinfo.xml
-+++ samba-3.6.22/docs-xml/smbdotconf/winbind/winbindnssinfo.xml
-@@ -18,14 +18,16 @@
- 		</listitem>
- 
- 		<listitem>
--			<para><parameter moreinfo="none">&lt;sfu | rfc2307 &gt;</parameter>
-+			<para><parameter moreinfo="none">&lt;sfu | sfu20 | rfc2307 &gt;</parameter>
- 			- When Samba is running in security = ads and your Active Directory
- 			Domain Controller does support the Microsoft "Services for Unix" (SFU)
- 			LDAP schema, winbind can retrieve the login shell and the home
--			directory attributes directly from your Directory Server. Note that
-+			directory attributes directly from your Directory Server. For SFU 3.0 or 3.5 simply choose
-+			"sfu", if you use SFU 2.0 please choose "sfu20". Note that
- 			retrieving UID and GID from your ADS-Server requires to
- 			use <parameter moreinfo="none">idmap config DOMAIN:backend</parameter> = ad
--			as well.
-+			as well. The primary group membership is currently
-+			always calculated via the "primaryGroupID" LDAP attribute.
- 			</para>
- 		</listitem>
- 	</itemizedlist>
-Index: samba-3.6.22/docs/manpages/idmap_ad.8
-===================================================================
---- samba-3.6.22.orig/docs/manpages/idmap_ad.8
-+++ samba-3.6.22/docs/manpages/idmap_ad.8
-@@ -48,9 +48,9 @@ range = low \- high
- Defines the available matching UID and GID range for which the backend is authoritative\&. Note that the range acts as a filter\&. If specified any UID or GID stored in AD that fall outside the range is ignored and the corresponding map is discarded\&. It is intended as a way to avoid accidental UID/GID overlaps between local and remotely defined IDs\&.
- .RE
- .PP
--schema_mode = <rfc2307 | sfu >
-+schema_mode = <rfc2307 | sfu | sfu20>
- .RS 4
--Defines the schema that idmap_ad should use when querying Active Directory regarding user and group information\&. This can be either the RFC2307 schema support included in Windows 2003 R2 or the Service for Unix (SFU) schema\&.
-+Defines the schema that idmap_ad should use when querying Active Directory regarding user and group information\&. This can be either the RFC2307 schema support included in Windows 2003 R2 or the Service for Unix (SFU) schema\&. For SFU 3\&.0 or 3\&.5 please choose "sfu", for SFU 2\&.0 please choose "sfu20"\&. Please note that primary group membership is currently always calculated via the "primaryGroupID" LDAP attribute\&.
- .RE
- .SH "EXAMPLES"
- .PP

src/patches/samba/samba-3.5.11-wbinfo_manpage.patch

@@ -1,65 +0,0 @@
-From 21027216d43c33fac220746c32acff6b355c4e7d Mon Sep 17 00:00:00 2001
-From: Christian Ambach <ambi@samba.org>
-Date: Fri, 30 Sep 2011 17:07:05 +0200
-Subject: [PATCH] s3-docs: some corrections for wbinfo
-
-Parameters for --group-info and --gid-info were not listed
-properly in the SYNOPSIS and the OPTIONS section
-
-Autobuild-User: Christian Ambach <ambi@samba.org>
-Autobuild-Date: Fri Sep 30 18:44:34 CEST 2011 on sn-devel-104
----
- docs-xml/manpages-3/wbinfo.1.xml |    8 ++++----
- 1 files changed, 4 insertions(+), 4 deletions(-)
-
-Index: samba-3.6.6/docs-xml/manpages-3/wbinfo.1.xml
-===================================================================
---- samba-3.6.6.orig/docs-xml/manpages-3/wbinfo.1.xml
-+++ samba-3.6.6/docs-xml/manpages-3/wbinfo.1.xml
-@@ -33,8 +33,8 @@
- 		<arg choice="opt">--getdcname domain</arg>
- 		<arg choice="opt">--get-auth-user</arg>
- 		<arg choice="opt">-G gid</arg>
--		<arg choide="opt">--gid-info</arg>
--		<arg choide="opt">--group-info</arg>
-+		<arg choide="opt">--gid-info gid</arg>
-+		<arg choide="opt">--group-info group</arg>
- 		<arg choice="opt">--help|-?</arg>
- 		<arg choice="opt">-i user</arg>
- 		<arg choice="opt">-I ip</arg>
-@@ -171,8 +171,8 @@
- 		</varlistentry>
- 
- 		<varlistentry>
--		<term>--group-info <replaceable>user</replaceable></term>
--		<listitem><para>Get group info for user.
-+		<term>--group-info <replaceable>group</replaceable></term>
-+		<listitem><para>Get group info from group name.
- 		</para></listitem>
- 		</varlistentry>
- 
-Index: samba-3.6.6/docs/manpages/wbinfo.1
-===================================================================
---- samba-3.6.6.orig/docs/manpages/wbinfo.1
-+++ samba-3.6.6/docs/manpages/wbinfo.1
-@@ -31,7 +31,7 @@
- wbinfo \- Query information from winbind daemon
- .SH "SYNOPSIS"
- .HP \w'\ 'u
--wbinfo [\-a\ user%password] [\-\-all\-domains] [\-\-allocate\-gid] [\-\-allocate\-uid] [\-c] [\-\-ccache\-save] [\-\-change\-user\-password] [\-D\ domain] [\-\-domain\ domain] [\-\-dsgetdcname\ domain] [\-g] [\-\-getdcname\ domain] [\-\-get\-auth\-user] [\-G\ gid] [\-\-gid\-info] [\-\-group\-info] [\-\-help|\-?] [\-i\ user] [\-I\ ip] [\-K\ user%password] [\-\-lanman] [\-m] [\-n\ name] [\-N\ netbios\-name] [\-\-ntlmv2] [\-\-online\-status] [\-\-own\-domain] [\-p] [\-\-ping\-dc] [\-r\ user] [\-R|\-\-lookup\-rids] [\-s\ sid] [\-\-separator] [\-\-set\-auth\-user\ user%password] [\-S\ sid] [\-\-sid\-aliases] [\-\-sid\-to\-fullname] [\-t] [\-u] [\-\-uid\-info\ uid] [\-\-usage] [\-\-user\-domgroups\ sid] [\-\-user\-sidinfo\ sid] [\-\-user\-sids\ sid] [\-U\ uid] [\-V] [\-\-verbose] [\-Y\ sid]
-+wbinfo [\-a\ user%password] [\-\-all\-domains] [\-\-allocate\-gid] [\-\-allocate\-uid] [\-c] [\-\-ccache\-save] [\-\-change\-user\-password] [\-D\ domain] [\-\-domain\ domain] [\-\-dsgetdcname\ domain] [\-g] [\-\-getdcname\ domain] [\-\-get\-auth\-user] [\-G\ gid] [\-\-gid\-info\ gid] [\-\-group\-info\ group] [\-\-help|\-?] [\-i\ user] [\-I\ ip] [\-K\ user%password] [\-\-lanman] [\-m] [\-n\ name] [\-N\ netbios\-name] [\-\-ntlmv2] [\-\-online\-status] [\-\-own\-domain] [\-p] [\-\-ping\-dc] [\-r\ user] [\-R|\-\-lookup\-rids] [\-s\ sid] [\-\-separator] [\-\-set\-auth\-user\ user%password] [\-S\ sid] [\-\-sid\-aliases] [\-\-sid\-to\-fullname] [\-t] [\-u] [\-\-uid\-info\ uid] [\-\-usage] [\-\-user\-domgroups\ sid] [\-\-user\-sidinfo\ sid] [\-\-user\-sids\ sid] [\-U\ uid] [\-V] [\-\-verbose] [\-Y\ sid]
- .SH "DESCRIPTION"
- .PP
- This tool is part of the
-@@ -130,9 +130,9 @@ Find a DC for a domain\&.
- Get group info from gid\&.
- .RE
- .PP
--\-\-group\-info \fIuser\fR
-+\-\-group\-info \fIgroup\fR
- .RS 4
--Get group info for user\&.
-+Get group info from group name\&.
- .RE
- .PP
- \-g|\-\-domain\-groups

src/patches/samba/samba-3.5.12-dns.patch

@@ -1,27 +0,0 @@
-From 1b0421a1a3d2b2e0168c0957864c16adf93e326d Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
-Date: Wed, 21 Dec 2011 15:47:35 +0100
-Subject: [PATCH] s3-dns: prevent from potentially doing wrong SRV DNS
- lookups.
-
-With an empty sitename we asked for e.g.
-_ldap._tcp.._sites.dc._msdcs.AD.EXAMPLE.COM
-
-Guenther
----
- source3/libads/dns.c |    2 +-
- 1 files changed, 1 insertions(+), 1 deletions(-)
-
-Index: samba-3.6.6/source3/libads/dns.c
-===================================================================
---- samba-3.6.6.orig/source3/libads/dns.c
-+++ samba-3.6.6/source3/libads/dns.c
-@@ -741,7 +741,7 @@ static NTSTATUS ads_dns_query_internal(T
- 				       int *numdcs )
- {
- 	char *name;
--	if (sitename) {
-+	if (sitename && strlen(sitename)) {
- 		name = talloc_asprintf(ctx, "%s._tcp.%s._sites.%s._msdcs.%s",
- 				       servicename, sitename,
- 				       dc_pdc_gc_domains, realm);

src/patches/samba/samba-3.5.12-pam_radio_type.patch

@@ -1,31 +0,0 @@
-From 516ba47988f00f83dd4ee53556e0be6463de88ec Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
-Date: Thu, 5 Apr 2012 14:05:00 +0200
-Subject: [PATCH] nsswitch: disable HAVE_PAM_RADIO_TYPE handling until proper
- PAM_RADIO_TYPE handling is available.
-
- This is needed that gdm doesn't crash.
-
-Guenther
----
- nsswitch/pam_winbind.c |    4 +++-
- 1 files changed, 3 insertions(+), 1 deletions(-)
-
-diff --git a/nsswitch/pam_winbind.c b/nsswitch/pam_winbind.c
-index b802036..0ed91d8 100644
---- a/nsswitch/pam_winbind.c
-+++ b/nsswitch/pam_winbind.c
-@@ -807,7 +807,9 @@ static int wbc_auth_error_to_pam_error(struct pwb_context *ctx,
- 	return pam_winbind_request_log(ctx, ret, username, fn);
- }
- 
--#if defined(HAVE_PAM_RADIO_TYPE)
-+#if 0
-+/* #if defined(HAVE_PAM_RADIO_TYPE) currently disabled until proper
-+ * PAM_RADIO_TYPE is implemented - gd */
- static bool _pam_winbind_change_pwd(struct pwb_context *ctx)
- {
- 	struct pam_message msg, *pmsg;
--- 
-1.7.7.6
-

src/patches/samba/samba-3.6.18-fix_net_ads_join_segfault.patch

@@ -1,40 +0,0 @@
-From 814b2c730b2f38767712a005bf328a4a04478f63 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
-Date: Fri, 17 May 2013 15:14:35 +0200
-Subject: [PATCH 1/2] s3-libads: Fail
- create_local_private_krb5_conf_for_domain() if parameters missing.
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Guenther
-
-Signed-off-by: Günther Deschner <gd@samba.org>
-Reviewed-by: Stefan Metzmacher <metze@samba.org>
-Reviewed-by: Andreas Schneider <asn@samba.org>
-(cherry picked from commit 6dc7c63efa95d0c04b542667d9b6a6621c8139bf)
----
- source3/libads/kerberos.c | 4 ++++
- 1 file changed, 4 insertions(+)
-
-Index: samba-3.6.22/source3/libads/kerberos.c
-===================================================================
---- samba-3.6.22.orig/source3/libads/kerberos.c
-+++ samba-3.6.22/source3/libads/kerberos.c
-@@ -866,6 +866,16 @@ bool create_local_private_krb5_conf_for_
- 		return false;
- 	}
- 
-+	if (realm == NULL) {
-+		DEBUG(0, ("No realm has been specified! Do you really want to "
-+			  "join an Active Directory server?\n"));
-+		return false;
-+	}
-+
-+	if (domain == NULL || pss == NULL || kdc_name == NULL) {
-+		return false;
-+	}
-+
- 	dname = lock_path("smb_krb5");
- 	if (!dname) {
- 		return false;

src/patches/samba/samba-3.6.19-valid_users_doc.patch

@@ -1,53 +0,0 @@
-From 3c7822bac97ce4646f1b2c8419d1dae773c02c1d Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
-Date: Tue, 17 Sep 2013 12:47:58 +0200
-Subject: [PATCH] docs: point out side-effects of global "valid users" setting.
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Guenther
-
-Signed-off-by: Günther Deschner <gd@samba.org>
----
- docs-xml/smbdotconf/security/validusers.xml | 10 ++++++++++
- 1 file changed, 10 insertions(+)
-
-Index: samba-3.6.22/docs-xml/smbdotconf/security/validusers.xml
-===================================================================
---- samba-3.6.22.orig/docs-xml/smbdotconf/security/validusers.xml
-+++ samba-3.6.22/docs-xml/smbdotconf/security/validusers.xml
-@@ -19,6 +19,16 @@
-     The current servicename is substituted for <parameter moreinfo="none">%S</parameter>. 
-     This is useful in the [homes] section.
-     </para>
-+
-+    <para><emphasis>Note: </emphasis>When used in the [global] section this
-+    parameter may have unwanted side effects. For example: If samba is configured as a MASTER BROWSER (see
-+    <parameter moreinfo="none">local master</parameter>,
-+    <parameter moreinfo="none">os level</parameter>,
-+    <parameter moreinfo="none">domain master</parameter>,
-+    <parameter moreinfo="none">preferred master</parameter>) this option
-+    will prevent workstations from being able to browse the network.
-+    </para>
-+
- </description>
- 
- <related>invalid users</related>
-Index: samba-3.6.22/docs/manpages/smb.conf.5
-===================================================================
---- samba-3.6.22.orig/docs/manpages/smb.conf.5
-+++ samba-3.6.22/docs/manpages/smb.conf.5
-@@ -10311,6 +10311,12 @@ list then access is denied for that user
- The current servicename is substituted for
- \fI%S\fR\&. This is useful in the [homes] section\&.
- .sp
-+\fINote: \fRWhen used in the [global] section this parameter may have unwanted side effects\&. For example: If samba is configured as a MASTER BROWSER (see
-+\fIlocal master\fR,
-+\fIos level\fR,
-+\fIdomain master\fR,
-+\fIpreferred master\fR) this option will prevent workstations from being able to browse the network\&.
-+.sp
- Default:
- \fI\fIvalid users\fR\fR\fI = \fR\fI # No valid users list (anyone can login) \fR\fI \fR
- .sp

src/patches/samba/samba-3.6.23-fix_libads_krb5_ipv6.patch

@@ -1,788 +0,0 @@
-From 918ac8f0ed19aeaa4718fa94fcabe87d0419d768 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
-Date: Mon, 13 Jan 2014 15:59:26 +0100
-Subject: [PATCH 1/5] PATCHSET11: s3-kerberos: remove print_kdc_line()
- completely.
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Just calling print_canonical_sockaddr() is sufficient, as it already deals with
-ipv6 as well. The port handling, which was only done for IPv6 (not IPv4), is
-removed as well. It was pointless because it always derived the port number from
-the provided address which was either a SMB (usually port 445) or LDAP
-connection. No KDC will ever run on port 389 or 445 on a Windows/Samba DC.
-Finally, the kerberos libraries that we support and build with, can deal with
-ipv6 addresses in krb5.conf, so we no longer put the (unnecessary) burden of
-resolving the DC name on the kerberos library anymore.
-
-Guenther
-
-Signed-off-by: Günther Deschner <gd@samba.org>
-Reviewed-by: Andreas Schneider <asn@samba.org>
-
-Conflicts:
-	source3/libads/kerberos.c
----
- source3/libads/kerberos.c | 86 +++++------------------------------------------
- 1 file changed, 9 insertions(+), 77 deletions(-)
-
-diff --git a/source3/libads/kerberos.c b/source3/libads/kerberos.c
-index 1153ccb..064e5f7 100644
---- a/source3/libads/kerberos.c
-+++ b/source3/libads/kerberos.c
-@@ -661,73 +661,6 @@ int kerberos_kinit_password(const char *principal,
- }
- 
- /************************************************************************
--************************************************************************/
--
--static char *print_kdc_line(char *mem_ctx,
--			const char *prev_line,
--			const struct sockaddr_storage *pss,
--			const char *kdc_name)
--{
--	char *kdc_str = NULL;
--
--	if (pss->ss_family == AF_INET) {
--		kdc_str = talloc_asprintf(mem_ctx, "%s\tkdc = %s\n",
--					prev_line,
--                                        print_canonical_sockaddr(mem_ctx, pss));
--	} else {
--		char addr[INET6_ADDRSTRLEN];
--		uint16_t port = get_sockaddr_port(pss);
--
--		DEBUG(10,("print_kdc_line: IPv6 case for kdc_name: %s, port: %d\n",
--			kdc_name, port));
--
--		if (port != 0 && port != DEFAULT_KRB5_PORT) {
--			/* Currently for IPv6 we can't specify a non-default
--			   krb5 port with an address, as this requires a ':'.
--			   Resolve to a name. */
--			char hostname[MAX_DNS_NAME_LENGTH];
--			int ret = sys_getnameinfo((const struct sockaddr *)pss,
--					sizeof(*pss),
--					hostname, sizeof(hostname),
--					NULL, 0,
--					NI_NAMEREQD);
--			if (ret) {
--				DEBUG(0,("print_kdc_line: can't resolve name "
--					"for kdc with non-default port %s. "
--					"Error %s\n.",
--					print_canonical_sockaddr(mem_ctx, pss),
--					gai_strerror(ret)));
--				return NULL;
--			}
--			/* Success, use host:port */
--			kdc_str = talloc_asprintf(mem_ctx,
--					"%s\tkdc = %s:%u\n",
--					prev_line,
--					hostname,
--					(unsigned int)port);
--		} else {
--
--			/* no krb5 lib currently supports "kdc = ipv6 address"
--			 * at all, so just fill in just the kdc_name if we have
--			 * it and let the krb5 lib figure out the appropriate
--			 * ipv6 address - gd */
--
--			if (kdc_name) {
--				kdc_str = talloc_asprintf(mem_ctx, "%s\tkdc = %s\n",
--						prev_line, kdc_name);
--			} else {
--				kdc_str = talloc_asprintf(mem_ctx, "%s\tkdc = %s\n",
--						prev_line,
--						print_sockaddr(addr,
--							sizeof(addr),
--							pss));
--			}
--		}
--	}
--	return kdc_str;
--}
--
--/************************************************************************
-  Create a string list of available kdc's, possibly searching by sitename.
-  Does DNS queries.
- 
-@@ -746,7 +679,8 @@ static char *get_kdc_ip_string(char *mem_ctx,
- 	struct ip_service *ip_srv_nonsite = NULL;
- 	int count_site = 0;
- 	int count_nonsite;
--	char *kdc_str = print_kdc_line(mem_ctx, "", pss, kdc_name);
-+	char *kdc_str = talloc_asprintf(mem_ctx, "%s\tkdc = %s\n", "",
-+					print_canonical_sockaddr(mem_ctx, pss));
- 
- 	if (kdc_str == NULL) {
- 		return NULL;
-@@ -768,10 +702,9 @@ static char *get_kdc_ip_string(char *mem_ctx,
- 			}
- 			/* Append to the string - inefficient
- 			 * but not done often. */
--			kdc_str = print_kdc_line(mem_ctx,
--						kdc_str,
--						&ip_srv_site[i].ss,
--						NULL);
-+			kdc_str = talloc_asprintf(mem_ctx, "%s\tkdc = %s\n",
-+						  kdc_str,
-+						  print_canonical_sockaddr(mem_ctx, &ip_srv_site[i].ss));
- 			if (!kdc_str) {
- 				SAFE_FREE(ip_srv_site);
- 				return NULL;
-@@ -806,11 +739,10 @@ static char *get_kdc_ip_string(char *mem_ctx,
- 		}
- 
- 		/* Append to the string - inefficient but not done often. */
--		kdc_str = print_kdc_line(mem_ctx,
--				kdc_str,
--				&ip_srv_nonsite[i].ss,
--				NULL);
--		if (!kdc_str) {
-+		kdc_str = talloc_asprintf(mem_ctx, "%s\tkdc = %s\n",
-+					  kdc_str,
-+					  print_canonical_sockaddr(mem_ctx, &ip_srv_nonsite[i].ss));
-+		if (kdc_str == NULL) {
- 			SAFE_FREE(ip_srv_site);
- 			SAFE_FREE(ip_srv_nonsite);
- 			return NULL;
--- 
-1.9.0
-
-
-From b4eba7d838b60230b9f6c9a08ef0ddc00e3e47f0 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
-Date: Fri, 7 Mar 2014 14:47:31 +0100
-Subject: [PATCH 2/5] PATCHSET11: s3-kerberos: remove unused kdc_name from
- create_local_private_krb5_conf_for_domain().
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Guenther
-
-Signed-off-by: Günther Deschner <gd@samba.org>
-Reviewed-by: Andreas Schneider <asn@samba.org>
-
-Autobuild-User(master): Günther Deschner <gd@samba.org>
-Autobuild-Date(master): Fri Mar  7 18:43:57 CET 2014 on sn-devel-104
-
-Conflicts:
-	source3/libads/kerberos.c
-	source3/libads/kerberos_proto.h
-	source3/libnet/libnet_join.c
-	source3/winbindd/winbindd_cm.c
----
- source3/libads/kerberos.c       | 10 ++++------
- source3/libads/kerberos_proto.h |  3 +--
- source3/libnet/libnet_join.c    |  2 +-
- source3/libsmb/namequery_dc.c   |  6 ++----
- source3/winbindd/winbindd_cm.c  |  6 ++----
- 5 files changed, 10 insertions(+), 17 deletions(-)
-
-diff --git a/source3/libads/kerberos.c b/source3/libads/kerberos.c
-index 064e5f7..b826cb3 100644
---- a/source3/libads/kerberos.c
-+++ b/source3/libads/kerberos.c
-@@ -671,8 +671,7 @@ int kerberos_kinit_password(const char *principal,
- static char *get_kdc_ip_string(char *mem_ctx,
- 		const char *realm,
- 		const char *sitename,
--		struct sockaddr_storage *pss,
--		const char *kdc_name)
-+		struct sockaddr_storage *pss)
- {
- 	int i;
- 	struct ip_service *ip_srv_site = NULL;
-@@ -769,8 +768,7 @@ static char *get_kdc_ip_string(char *mem_ctx,
- bool create_local_private_krb5_conf_for_domain(const char *realm,
- 						const char *domain,
- 						const char *sitename,
--						struct sockaddr_storage *pss,
--						const char *kdc_name)
-+						struct sockaddr_storage *pss)
- {
- 	char *dname;
- 	char *tmpname = NULL;
-@@ -794,7 +792,7 @@ bool create_local_private_krb5_conf_for_domain(const char *realm,
- 		return false;
- 	}
- 
--	if (domain == NULL || pss == NULL || kdc_name == NULL) {
-+	if (domain == NULL || pss == NULL) {
- 		return false;
- 	}
- 
-@@ -825,7 +823,7 @@ bool create_local_private_krb5_conf_for_domain(const char *realm,
- 	realm_upper = talloc_strdup(fname, realm);
- 	strupper_m(realm_upper);
- 
--	kdc_ip_string = get_kdc_ip_string(dname, realm, sitename, pss, kdc_name);
-+	kdc_ip_string = get_kdc_ip_string(dname, realm, sitename, pss);
- 	if (!kdc_ip_string) {
- 		goto done;
- 	}
-diff --git a/source3/libads/kerberos_proto.h b/source3/libads/kerberos_proto.h
-index 406669cc..90d7cd9 100644
---- a/source3/libads/kerberos_proto.h
-+++ b/source3/libads/kerberos_proto.h
-@@ -75,8 +75,7 @@ int kerberos_kinit_password(const char *principal,
- bool create_local_private_krb5_conf_for_domain(const char *realm,
- 						const char *domain,
- 						const char *sitename,
--						struct sockaddr_storage *pss,
--						const char *kdc_name);
-+						struct sockaddr_storage *pss);
- 
- /* The following definitions come from libads/authdata.c  */
- 
-diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c
-index e84682d..f1736ec 100644
---- a/source3/libnet/libnet_join.c
-+++ b/source3/libnet/libnet_join.c
-@@ -1985,7 +1985,7 @@ static WERROR libnet_DomainJoin(TALLOC_CTX *mem_ctx,
- 
- 	create_local_private_krb5_conf_for_domain(
- 		r->out.dns_domain_name, r->out.netbios_domain_name,
--		NULL, &cli->dest_ss, cli->desthost);
-+		NULL, &cli->dest_ss);
- 
- 	if (r->out.domain_is_ad && r->in.account_ou &&
- 	    !(r->in.join_flags & WKSSVC_JOIN_FLAGS_JOIN_UNSECURE)) {
-diff --git a/source3/libsmb/namequery_dc.c b/source3/libsmb/namequery_dc.c
-index 39b780c..149121a 100644
---- a/source3/libsmb/namequery_dc.c
-+++ b/source3/libsmb/namequery_dc.c
-@@ -111,14 +111,12 @@ static bool ads_dc_name(const char *domain,
- 				create_local_private_krb5_conf_for_domain(realm,
- 									domain,
- 									sitename,
--									&ads->ldap.ss,
--									ads->config.ldap_server_name);
-+									&ads->ldap.ss);
- 			} else {
- 				create_local_private_krb5_conf_for_domain(realm,
- 									domain,
- 									NULL,
--									&ads->ldap.ss,
--									ads->config.ldap_server_name);
-+									&ads->ldap.ss);
- 			}
- 		}
- #endif
-diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbindd_cm.c
-index 8271279..59f30a5 100644
---- a/source3/winbindd/winbindd_cm.c
-+++ b/source3/winbindd/winbindd_cm.c
-@@ -1226,8 +1226,7 @@ static bool dcip_to_name(TALLOC_CTX *mem_ctx,
- 					create_local_private_krb5_conf_for_domain(domain->alt_name,
- 									domain->name,
- 									sitename,
--									pss,
--									name);
-+									pss);
- 
- 					SAFE_FREE(sitename);
- 				} else {
-@@ -1235,8 +1234,7 @@ static bool dcip_to_name(TALLOC_CTX *mem_ctx,
- 					create_local_private_krb5_conf_for_domain(domain->alt_name,
- 									domain->name,
- 									NULL,
--									pss,
--									name);
-+									pss);
- 				}
- 				winbindd_set_locator_kdc_envs(domain);
- 
--- 
-1.9.0
-
-
-From db840b57e81922cea984530e2dc1b42cc99e75de Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
-Date: Wed, 2 Apr 2014 19:37:34 +0200
-Subject: [PATCH 3/5] PATCHSET11: s3-kerberos: make ipv6 support for generated
- krb5 config files more robust.
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Older MIT Kerberos libraries will add any secondary ipv6 address as
-ipv4 address, defining the (default) krb5 port 88 circumvents that.
-
-Guenther
-
-Signed-off-by: Günther Deschner <gd@samba.org>
-Reviewed-by: Andreas Schneider <asn@samba.org>
-
-Autobuild-User(master): Günther Deschner <gd@samba.org>
-Autobuild-Date(master): Fri Apr  4 16:33:12 CEST 2014 on sn-devel-104
-
-Conflicts:
-	source3/libads/kerberos.c
----
- source3/libads/kerberos.c | 29 +++++++++++++++++++++++++++--
- 1 file changed, 27 insertions(+), 2 deletions(-)
-
-diff --git a/source3/libads/kerberos.c b/source3/libads/kerberos.c
-index b826cb3..5e34aa3 100644
---- a/source3/libads/kerberos.c
-+++ b/source3/libads/kerberos.c
-@@ -668,6 +668,31 @@ int kerberos_kinit_password(const char *principal,
- 
- ************************************************************************/
- 
-+/* print_canonical_sockaddr prints an ipv6 addr in the form of
-+* [ipv6.addr]. This string, when put in a generated krb5.conf file is not
-+* always properly dealt with by some older krb5 libraries. Adding the hard-coded
-+* portnumber workarounds the issue. - gd */
-+
-+static char *print_canonical_sockaddr_with_port(TALLOC_CTX *mem_ctx,
-+						const struct sockaddr_storage *pss)
-+{
-+	char *str = NULL;
-+
-+	str = print_canonical_sockaddr(mem_ctx, pss);
-+	if (str == NULL) {
-+		return NULL;
-+	}
-+
-+	if (pss->ss_family != AF_INET6) {
-+		return str;
-+	}
-+
-+#if defined(HAVE_IPV6)
-+	str = talloc_asprintf_append(str, ":88");
-+#endif
-+	return str;
-+}
-+
- static char *get_kdc_ip_string(char *mem_ctx,
- 		const char *realm,
- 		const char *sitename,
-@@ -679,7 +704,7 @@ static char *get_kdc_ip_string(char *mem_ctx,
- 	int count_site = 0;
- 	int count_nonsite;
- 	char *kdc_str = talloc_asprintf(mem_ctx, "%s\tkdc = %s\n", "",
--					print_canonical_sockaddr(mem_ctx, pss));
-+					print_canonical_sockaddr_with_port(mem_ctx, pss));
- 
- 	if (kdc_str == NULL) {
- 		return NULL;
-@@ -740,7 +765,7 @@ static char *get_kdc_ip_string(char *mem_ctx,
- 		/* Append to the string - inefficient but not done often. */
- 		kdc_str = talloc_asprintf(mem_ctx, "%s\tkdc = %s\n",
- 					  kdc_str,
--					  print_canonical_sockaddr(mem_ctx, &ip_srv_nonsite[i].ss));
-+					  print_canonical_sockaddr_with_port(mem_ctx, &ip_srv_nonsite[i].ss));
- 		if (kdc_str == NULL) {
- 			SAFE_FREE(ip_srv_site);
- 			SAFE_FREE(ip_srv_nonsite);
--- 
-1.9.0
-
-
-From 208f1d7b5ae557bf34a39c847aeb1925ce4cb171 Mon Sep 17 00:00:00 2001
-From: Andrew Bartlett <abartlet@samba.org>
-Date: Tue, 26 Apr 2011 17:03:32 +1000
-Subject: [PATCH 4/5] PATCHSET11: s3-libads Pass a struct sockaddr_storage to
- cldap routines
-
-This avoids these routines doing a DNS lookup that has already been
-done, and ensures that the emulated DNS lookup isn't thrown away.
-
-Andrew Bartlett
----
- source3/libads/cldap.c                | 14 ++++--------
- source3/libads/cldap.h                |  4 ++--
- source3/libads/ldap.c                 | 41 ++++++++++-------------------------
- source3/libsmb/dsgetdcname.c          |  3 ++-
- source3/utils/net_ads.c               |  7 +++---
- source3/winbindd/idmap_adex/gc_util.c | 12 +++++++++-
- 6 files changed, 33 insertions(+), 48 deletions(-)
-
-diff --git a/source3/libads/cldap.c b/source3/libads/cldap.c
-index 5d2e900..03fa17c 100644
---- a/source3/libads/cldap.c
-+++ b/source3/libads/cldap.c
-@@ -30,7 +30,7 @@
- *******************************************************************/
- 
- bool ads_cldap_netlogon(TALLOC_CTX *mem_ctx,
--			const char *server,
-+			struct sockaddr_storage *ss,
- 			const char *realm,
- 			uint32_t nt_version,
- 			struct netlogon_samlogon_response **_reply)
-@@ -39,18 +39,12 @@ bool ads_cldap_netlogon(TALLOC_CTX *mem_ctx,
- 	struct cldap_netlogon io;
- 	struct netlogon_samlogon_response *reply;
- 	NTSTATUS status;
--	struct sockaddr_storage ss;
- 	char addrstr[INET6_ADDRSTRLEN];
- 	const char *dest_str;
- 	int ret;
- 	struct tsocket_address *dest_addr;
- 
--	if (!interpret_string_addr_prefer_ipv4(&ss, server, 0)) {
--		DEBUG(2,("Failed to resolve[%s] into an address for cldap\n",
--			server));
--		return false;
--	}
--	dest_str = print_sockaddr(addrstr, sizeof(addrstr), &ss);
-+	dest_str = print_sockaddr(addrstr, sizeof(addrstr), ss);
- 
- 	ret = tsocket_address_inet_from_strings(mem_ctx, "ip",
- 						dest_str, LDAP_PORT,
-@@ -113,7 +107,7 @@ failed:
- *******************************************************************/
- 
- bool ads_cldap_netlogon_5(TALLOC_CTX *mem_ctx,
--			  const char *server,
-+			  struct sockaddr_storage *ss,
- 			  const char *realm,
- 			  struct NETLOGON_SAM_LOGON_RESPONSE_EX *reply5)
- {
-@@ -121,7 +115,7 @@ bool ads_cldap_netlogon_5(TALLOC_CTX *mem_ctx,
- 	struct netlogon_samlogon_response *reply = NULL;
- 	bool ret;
- 
--	ret = ads_cldap_netlogon(mem_ctx, server, realm, nt_version, &reply);
-+	ret = ads_cldap_netlogon(mem_ctx, ss, realm, nt_version, &reply);
- 	if (!ret) {
- 		return false;
- 	}
-diff --git a/source3/libads/cldap.h b/source3/libads/cldap.h
-index d2ad4b0..60e1c56 100644
---- a/source3/libads/cldap.h
-+++ b/source3/libads/cldap.h
-@@ -27,12 +27,12 @@
- 
- /* The following definitions come from libads/cldap.c  */
- bool ads_cldap_netlogon(TALLOC_CTX *mem_ctx,
--			const char *server,
-+			struct sockaddr_storage *ss,
- 			const char *realm,
- 			uint32_t nt_version,
- 			struct netlogon_samlogon_response **reply);
- bool ads_cldap_netlogon_5(TALLOC_CTX *mem_ctx,
--			  const char *server,
-+			  struct sockaddr_storage *ss,
- 			  const char *realm,
- 			  struct NETLOGON_SAM_LOGON_RESPONSE_EX *reply5);
- 
-diff --git a/source3/libads/ldap.c b/source3/libads/ldap.c
-index b841c84..0db0bcd 100644
---- a/source3/libads/ldap.c
-+++ b/source3/libads/ldap.c
-@@ -196,45 +196,32 @@ bool ads_closest_dc(ADS_STRUCT *ads)
-  */
- static bool ads_try_connect(ADS_STRUCT *ads, const char *server, bool gc)
- {
--	char *srv;
- 	struct NETLOGON_SAM_LOGON_RESPONSE_EX cldap_reply;
- 	TALLOC_CTX *frame = talloc_stackframe();
- 	bool ret = false;
-+	struct sockaddr_storage ss;
-+	char addr[INET6_ADDRSTRLEN];
- 
- 	if (!server || !*server) {
- 		TALLOC_FREE(frame);
- 		return False;
- 	}
- 
--	if (!is_ipaddress(server)) {
--		struct sockaddr_storage ss;
--		char addr[INET6_ADDRSTRLEN];
--
--		if (!resolve_name(server, &ss, 0x20, true)) {
--			DEBUG(5,("ads_try_connect: unable to resolve name %s\n",
--				server ));
--			TALLOC_FREE(frame);
--			return false;
--		}
--		print_sockaddr(addr, sizeof(addr), &ss);
--		srv = talloc_strdup(frame, addr);
--	} else {
--		/* this copes with inet_ntoa brokenness */
--		srv = talloc_strdup(frame, server);
--	}
--
--	if (!srv) {
-+	if (!resolve_name(server, &ss, 0x20, true)) {
-+		DEBUG(5,("ads_try_connect: unable to resolve name %s\n",
-+			 server ));
- 		TALLOC_FREE(frame);
- 		return false;
- 	}
-+	print_sockaddr(addr, sizeof(addr), &ss);
- 
- 	DEBUG(5,("ads_try_connect: sending CLDAP request to %s (realm: %s)\n", 
--		srv, ads->server.realm));
-+		addr, ads->server.realm));
- 
- 	ZERO_STRUCT( cldap_reply );
- 
--	if ( !ads_cldap_netlogon_5(frame, srv, ads->server.realm, &cldap_reply ) ) {
--		DEBUG(3,("ads_try_connect: CLDAP request %s failed.\n", srv));
-+	if ( !ads_cldap_netlogon_5(frame, &ss, ads->server.realm, &cldap_reply ) ) {
-+		DEBUG(3,("ads_try_connect: CLDAP request %s failed.\n", addr));
- 		ret = false;
- 		goto out;
- 	}
-@@ -243,7 +230,7 @@ static bool ads_try_connect(ADS_STRUCT *ads, const char *server, bool gc)
- 
- 	if ( !(cldap_reply.server_type & NBT_SERVER_LDAP) ) {
- 		DEBUG(1,("ads_try_connect: %s's CLDAP reply says it is not an LDAP server!\n",
--			srv));
-+			addr));
- 		ret = false;
- 		goto out;
- 	}
-@@ -273,13 +260,7 @@ static bool ads_try_connect(ADS_STRUCT *ads, const char *server, bool gc)
- 	ads->server.workgroup          = SMB_STRDUP(cldap_reply.domain_name);
- 
- 	ads->ldap.port = gc ? LDAP_GC_PORT : LDAP_PORT;
--	if (!interpret_string_addr(&ads->ldap.ss, srv, 0)) {
--		DEBUG(1,("ads_try_connect: unable to convert %s "
--			"to an address\n",
--			srv));
--		ret = false;
--		goto out;
--	}
-+	ads->ldap.ss = ss;
- 
- 	/* Store our site name. */
- 	sitename_store( cldap_reply.domain_name, cldap_reply.client_site);
-diff --git a/source3/libsmb/dsgetdcname.c b/source3/libsmb/dsgetdcname.c
-index 841a179..2f8b8dc 100644
---- a/source3/libsmb/dsgetdcname.c
-+++ b/source3/libsmb/dsgetdcname.c
-@@ -863,9 +863,10 @@ static NTSTATUS process_dc_dns(TALLOC_CTX *mem_ctx,
- 
- 	for (i=0; i<num_dcs; i++) {
- 
-+
- 		DEBUG(10,("LDAP ping to %s\n", dclist[i].hostname));
- 
--		if (ads_cldap_netlogon(mem_ctx, dclist[i].hostname,
-+		if (ads_cldap_netlogon(mem_ctx, &dclist[i].ss,
- 					domain_name,
- 					nt_version,
- 					&r))
-diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c
-index 8f8b7b4..816349d 100644
---- a/source3/utils/net_ads.c
-+++ b/source3/utils/net_ads.c
-@@ -62,7 +62,8 @@ static int net_ads_cldap_netlogon(struct net_context *c, ADS_STRUCT *ads)
- 	struct NETLOGON_SAM_LOGON_RESPONSE_EX reply;
- 
- 	print_sockaddr(addr, sizeof(addr), &ads->ldap.ss);
--	if ( !ads_cldap_netlogon_5(talloc_tos(), addr, ads->server.realm, &reply ) ) {
-+
-+	if ( !ads_cldap_netlogon_5(talloc_tos(), &ads->ldap.ss, ads->server.realm, &reply ) ) {
- 		d_fprintf(stderr, _("CLDAP query failed!\n"));
- 		return -1;
- 	}
-@@ -385,7 +386,6 @@ int net_ads_check(struct net_context *c)
- static int net_ads_workgroup(struct net_context *c, int argc, const char **argv)
- {
- 	ADS_STRUCT *ads;
--	char addr[INET6_ADDRSTRLEN];
- 	struct NETLOGON_SAM_LOGON_RESPONSE_EX reply;
- 
- 	if (c->display_usage) {
-@@ -407,8 +407,7 @@ static int net_ads_workgroup(struct net_context *c, int argc, const char **argv)
- 		ads->ldap.port = 389;
- 	}
- 
--	print_sockaddr(addr, sizeof(addr), &ads->ldap.ss);
--	if ( !ads_cldap_netlogon_5(talloc_tos(), addr, ads->server.realm, &reply ) ) {
-+	if ( !ads_cldap_netlogon_5(talloc_tos(), &ads->ldap.ss, ads->server.realm, &reply ) ) {
- 		d_fprintf(stderr, _("CLDAP query failed!\n"));
- 		ads_destroy(&ads);
- 		return -1;
-diff --git a/source3/winbindd/idmap_adex/gc_util.c b/source3/winbindd/idmap_adex/gc_util.c
-index 77b318c..e625265 100644
---- a/source3/winbindd/idmap_adex/gc_util.c
-+++ b/source3/winbindd/idmap_adex/gc_util.c
-@@ -107,6 +107,7 @@ done:
- 	NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL;
- 	struct NETLOGON_SAM_LOGON_RESPONSE_EX cldap_reply;
- 	TALLOC_CTX *frame = talloc_stackframe();
-+	struct sockaddr_storage ss;
- 
- 	if (!gc || !domain) {
- 		return NT_STATUS_INVALID_PARAMETER;
-@@ -126,8 +127,17 @@ done:
- 	nt_status = ads_ntstatus(ads_status);
- 	BAIL_ON_NTSTATUS_ERROR(nt_status);
- 
-+	if (!resolve_name(ads->config.ldap_server_name, &ss, 0x20, true)) {
-+		DEBUG(5,("gc_find_forest_root: unable to resolve name %s\n",
-+			 ads->config.ldap_server_name));
-+		nt_status = NT_STATUS_IO_TIMEOUT;
-+		/* This matches the old code which did the resolve in
-+		 * ads_cldap_netlogon_5 */
-+		BAIL_ON_NTSTATUS_ERROR(nt_status);
-+	}
-+
- 	if (!ads_cldap_netlogon_5(frame,
--				  ads->config.ldap_server_name,
-+				  &ss,
- 				  ads->config.realm,
- 				  &cldap_reply))
- 	{
--- 
-1.9.0
-
-
-From 4eb02e7caa83b725988dd9f659b3568873522a30 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
-Date: Wed, 16 Apr 2014 16:07:14 +0200
-Subject: [PATCH 5/5] PATCHSET11: s3-libads: allow ads_try_connect() to re-use
- a resolved ip address.
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Pass down a struct sockaddr_storage to ads_try_connect.
-
-Guenther
-
-Signed-off-by: Günther Deschner <gd@samba.org>
-Reviewed-by: Andreas Schneider <asn@samba.org>
-
-Autobuild-User(master): Günther Deschner <gd@samba.org>
-Autobuild-Date(master): Thu Apr 17 19:56:16 CEST 2014 on sn-devel-104
----
- source3/libads/ldap.c | 44 ++++++++++++++++++++++++++------------------
- 1 file changed, 26 insertions(+), 18 deletions(-)
-
-diff --git a/source3/libads/ldap.c b/source3/libads/ldap.c
-index 0db0bcd..f8349cf 100644
---- a/source3/libads/ldap.c
-+++ b/source3/libads/ldap.c
-@@ -194,33 +194,27 @@ bool ads_closest_dc(ADS_STRUCT *ads)
-   try a connection to a given ldap server, returning True and setting the servers IP
-   in the ads struct if successful
-  */
--static bool ads_try_connect(ADS_STRUCT *ads, const char *server, bool gc)
-+static bool ads_try_connect(ADS_STRUCT *ads, bool gc,
-+			    struct sockaddr_storage *ss)
- {
- 	struct NETLOGON_SAM_LOGON_RESPONSE_EX cldap_reply;
- 	TALLOC_CTX *frame = talloc_stackframe();
- 	bool ret = false;
--	struct sockaddr_storage ss;
- 	char addr[INET6_ADDRSTRLEN];
- 
--	if (!server || !*server) {
-+	if (ss == NULL) {
- 		TALLOC_FREE(frame);
- 		return False;
- 	}
- 
--	if (!resolve_name(server, &ss, 0x20, true)) {
--		DEBUG(5,("ads_try_connect: unable to resolve name %s\n",
--			 server ));
--		TALLOC_FREE(frame);
--		return false;
--	}
--	print_sockaddr(addr, sizeof(addr), &ss);
-+	print_sockaddr(addr, sizeof(addr), ss);
- 
- 	DEBUG(5,("ads_try_connect: sending CLDAP request to %s (realm: %s)\n", 
- 		addr, ads->server.realm));
- 
- 	ZERO_STRUCT( cldap_reply );
- 
--	if ( !ads_cldap_netlogon_5(frame, &ss, ads->server.realm, &cldap_reply ) ) {
-+	if ( !ads_cldap_netlogon_5(frame, ss, ads->server.realm, &cldap_reply ) ) {
- 		DEBUG(3,("ads_try_connect: CLDAP request %s failed.\n", addr));
- 		ret = false;
- 		goto out;
-@@ -260,7 +254,7 @@ static bool ads_try_connect(ADS_STRUCT *ads, const char *server, bool gc)
- 	ads->server.workgroup          = SMB_STRDUP(cldap_reply.domain_name);
- 
- 	ads->ldap.port = gc ? LDAP_GC_PORT : LDAP_PORT;
--	ads->ldap.ss = ss;
-+	ads->ldap.ss = *ss;
- 
- 	/* Store our site name. */
- 	sitename_store( cldap_reply.domain_name, cldap_reply.client_site);
-@@ -292,6 +286,7 @@ static NTSTATUS ads_find_dc(ADS_STRUCT *ads)
- 	bool use_own_domain = False;
- 	char *sitename;
- 	NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
-+	bool ok = false;
- 
- 	/* if the realm and workgroup are both empty, assume they are ours */
- 
-@@ -345,12 +340,14 @@ static NTSTATUS ads_find_dc(ADS_STRUCT *ads)
- 		DEBUG(6,("ads_find_dc: (ldap) looking for %s '%s'\n",
- 			(got_realm ? "realm" : "domain"), realm));
- 
--		if (get_dc_name(domain, realm, srv_name, &ip_out)) {
-+		ok = get_dc_name(domain, realm, srv_name, &ip_out);
-+		if (ok) {
- 			/*
- 			 * we call ads_try_connect() to fill in the
- 			 * ads->config details
- 			 */
--			if (ads_try_connect(ads, srv_name, false)) {
-+			ok = ads_try_connect(ads, false, &ip_out);
-+			if (ok) {
- 				return NT_STATUS_OK;
- 			}
- 		}
-@@ -406,7 +403,8 @@ static NTSTATUS ads_find_dc(ADS_STRUCT *ads)
- 			}
- 		}
- 
--		if ( ads_try_connect(ads, server, false) ) {
-+		ok = ads_try_connect(ads, false, &ip_list[i].ss);
-+		if (ok) {
- 			SAFE_FREE(ip_list);
- 			SAFE_FREE(sitename);
- 			return NT_STATUS_OK;
-@@ -591,9 +589,19 @@ ADS_STATUS ads_connect(ADS_STRUCT *ads)
- 		TALLOC_FREE(s);
- 	}
- 
--	if (ads->server.ldap_server)
--	{
--		if (ads_try_connect(ads, ads->server.ldap_server, ads->server.gc)) {
-+	if (ads->server.ldap_server) {
-+		bool ok = false;
-+		struct sockaddr_storage ss;
-+
-+		ok = resolve_name(ads->server.ldap_server, &ss, 0x20, true);
-+		if (!ok) {
-+			DEBUG(5,("ads_connect: unable to resolve name %s\n",
-+				 ads->server.ldap_server));
-+			status = ADS_ERROR_NT(NT_STATUS_NOT_FOUND);
-+			goto out;
-+		}
-+		ok = ads_try_connect(ads, ads->server.gc, &ss);
-+		if (ok) {
- 			goto got_connection;
- 		}
- 
--- 
-1.9.0
-
-diff --git a/source3/libads/kerberos.c b/source3/libads/kerberos.c
-index b826cb3..5e34aa3 100644
---- a/source3/libads/kerberos.c
-+++ b/source3/libads/kerberos.c
-@@ -827,10 +827,6 @@
- 		return false;
- 	}
- 
--	if (domain == NULL || pss == NULL || kdc_name == NULL) {
--		return false;
--	}
--
- 	dname = lock_path("smb_krb5");
- 	if (!dname) {
- 		return false;

src/patches/samba/samba-3.6.23-gecos.patch

@@ -1,42 +0,0 @@
-From 02da0b0ae947f30480b1246de22e865491e479f0 Mon Sep 17 00:00:00 2001
-From: Andreas Schneider <asn@samba.org>
-Date: Wed, 12 Feb 2014 13:26:02 +0100
-Subject: [PATCH] PATCHSET12: s3-winbind: Use strlcpy to avoid log entry.
-
-The full_name from Windows can be longer than 255 chars which results in
-a warning on log level 0 that we have a string overflow. This will avoid
-the warning. However we should fix this sooner or later on the protocol
-level to have no limit.
-
-Signed-off-by: Andreas Schneider <asn@samba.org>
-Reviewed-by: Volker Lendecke <vl@samba.org>
-
-Conflicts:
-	source3/winbindd/wb_fill_pwent.c
----
- source3/winbindd/wb_fill_pwent.c | 9 +++++++--
- 1 file changed, 7 insertions(+), 2 deletions(-)
-
-diff --git a/source3/winbindd/wb_fill_pwent.c b/source3/winbindd/wb_fill_pwent.c
-index 9634317..9d42b31 100644
---- a/source3/winbindd/wb_fill_pwent.c
-+++ b/source3/winbindd/wb_fill_pwent.c
-@@ -141,8 +141,13 @@ static void wb_fill_pwent_getgrsid_done(struct tevent_req *subreq)
- 				     true);
- 	}
- 
--	fstrcpy(state->pw->pw_name, output_username);
--	fstrcpy(state->pw->pw_gecos, state->info->full_name);
-+	strlcpy(state->pw->pw_name,
-+		output_username,
-+		sizeof(state->pw->pw_name));
-+	/* FIXME The full_name can be longer than 255 chars */
-+	strlcpy(state->pw->pw_gecos,
-+		state->info->full_name ? state->info->full_name : "",
-+		sizeof(state->pw->pw_gecos));
- 
- 	/* Home directory and shell */
- 	ok = fillup_pw_field(lp_template_homedir(),
--- 
-1.9.3
-

src/patches/samba/samba-3.6.23-libsmbclient.patch

@@ -1,36 +0,0 @@
-From b2b00b1d7871f7557fe7e8f616fa46a8e5ebd298 Mon Sep 17 00:00:00 2001
-From: Andreas Schneider <asn@samba.org>
-Date: Wed, 28 May 2014 16:02:15 +0200
-Subject: [PATCH] PATCHSET10: s3-libsmbclient: Always initialize globals.
-
-This fixes cases where we dereference NULL pointers of globals which
-were not initialized.
----
- source3/libsmb/libsmb_context.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/source3/libsmb/libsmb_context.c b/source3/libsmb/libsmb_context.c
-index 6c20d65..888c2ef 100644
---- a/source3/libsmb/libsmb_context.c
-+++ b/source3/libsmb/libsmb_context.c
-@@ -76,7 +76,7 @@ SMBC_module_init(void * punused)
-          * defaults ...
-          */
- 
--        if (!lp_load(get_dyn_CONFIGFILE(), True, False, False, False)) {
-+        if (!lp_load(get_dyn_CONFIGFILE(), True, False, False, True)) {
-             DEBUG(5, ("Could not load config file: %s\n",
-                       get_dyn_CONFIGFILE()));
-         } else if (home) {
-@@ -89,7 +89,7 @@ SMBC_module_init(void * punused)
-             if (asprintf(&conf,
-                          "%s/.smb/smb.conf.append",
-                          home) > 0) {
--                if (!lp_load(conf, True, False, False, False)) {
-+                if (!lp_load(conf, True, False, False, True)) {
-                     DEBUG(10,
-                           ("Could not append config file: "
-                            "%s\n",
--- 
-1.9.3
-

src/patches/samba/samba-3.6.26-smb2_case_sensitive.patch

@@ -1,118 +0,0 @@
-From 3432aafbf86b4d3a559838d81b3ebc039e72a412 Mon Sep 17 00:00:00 2001
-From: Jeremy Allison <jra@samba.org>
-Date: Tue, 10 Jun 2014 14:41:45 -0700
-Subject: [PATCH 1/2] s3: smbd - SMB[2|3]. Ensure a \ or / can't be found
- anywhere in a search path, not just at the start.
-
-Signed-off-by: Jeremy Allison <jra@samba.org>
----
- source3/smbd/smb2_find.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/source3/smbd/smb2_find.c b/source3/smbd/smb2_find.c
-index 59e5b66..b0ab7a8 100644
---- a/source3/smbd/smb2_find.c
-+++ b/source3/smbd/smb2_find.c
-@@ -255,11 +255,11 @@ static struct tevent_req *smbd_smb2_find_send(TALLOC_CTX *mem_ctx,
- 		tevent_req_nterror(req, NT_STATUS_OBJECT_NAME_INVALID);
- 		return tevent_req_post(req, ev);
- 	}
--	if (strcmp(in_file_name, "\\") == 0) {
-+	if (strchr_m(in_file_name, '\\') != NULL) {
- 		tevent_req_nterror(req, NT_STATUS_OBJECT_NAME_INVALID);
- 		return tevent_req_post(req, ev);
- 	}
--	if (strcmp(in_file_name, "/") == 0) {
-+	if (strchr_m(in_file_name, '/') != NULL) {
- 		tevent_req_nterror(req, NT_STATUS_OBJECT_NAME_INVALID);
- 		return tevent_req_post(req, ev);
- 	}
--- 
-1.9.3
-
-
-From 190d0f39bb400a373c8f4d6847e2980c0df8da2b Mon Sep 17 00:00:00 2001
-From: Jeremy Allison <jra@samba.org>
-Date: Tue, 10 Jun 2014 15:58:15 -0700
-Subject: [PATCH 2/2] s3: smbd : SMB2 - fix SMB2_SEARCH when searching non
- wildcard string with a case-canonicalized share.
-
-We need to go through filename_convert() in order for the filename
-canonicalization to be done on a non-wildcard search string (as is
-done in the SMB1 findfirst code path).
-
-Fixes Bug #10650 - "case sensitive = True" option doesn't work with "max protocol = SMB2" or higher in large directories.
-
-https://bugzilla.samba.org/show_bug.cgi?id=10650
-
-Signed-off-by: Jeremy Allison <jra@samba.org>
----
- source3/smbd/smb2_find.c | 38 +++++++++++++++++++++++++++++++++++---
- 1 file changed, 35 insertions(+), 3 deletions(-)
-
-diff --git a/source3/smbd/smb2_find.c b/source3/smbd/smb2_find.c
-index b0ab7a8..6fe6545 100644
---- a/source3/smbd/smb2_find.c
-+++ b/source3/smbd/smb2_find.c
-@@ -229,6 +229,7 @@ static struct tevent_req *smbd_smb2_find_send(TALLOC_CTX *mem_ctx,
- 	uint32_t dirtype = FILE_ATTRIBUTE_HIDDEN | FILE_ATTRIBUTE_SYSTEM | FILE_ATTRIBUTE_DIRECTORY;
- 	bool dont_descend = false;
- 	bool ask_sharemode = true;
-+	bool wcard_has_wild;
- 
- 	req = tevent_req_create(mem_ctx, &state,
- 				struct smbd_smb2_find_state);
-@@ -303,16 +304,47 @@ static struct tevent_req *smbd_smb2_find_send(TALLOC_CTX *mem_ctx,
- 		dptr_CloseDir(fsp);
- 	}
- 
-+	wcard_has_wild = ms_has_wild(in_file_name);
-+
-+	/* Ensure we've canonicalized any search path if not a wildcard. */
-+	if (!wcard_has_wild) {
-+		struct smb_filename *smb_fname = NULL;
-+		const char *fullpath;
-+
-+		if (ISDOT(fsp->fsp_name->base_name)) {
-+			fullpath = in_file_name;
-+		} else {
-+			fullpath = talloc_asprintf(state,
-+					"%s/%s",
-+					fsp->fsp_name->base_name,
-+					in_file_name);
-+		}
-+		if (tevent_req_nomem(fullpath, req)) {
-+			return tevent_req_post(req, ev);
-+		}
-+		status = filename_convert(state,
-+				conn,
-+				false, /* Not a DFS path. */
-+				fullpath,
-+				UCF_SAVE_LCOMP | UCF_ALWAYS_ALLOW_WCARD_LCOMP,
-+				&wcard_has_wild,
-+				&smb_fname);
-+
-+		if (!NT_STATUS_IS_OK(status)) {
-+			tevent_req_nterror(req, status);
-+			return tevent_req_post(req, ev);
-+		}
-+
-+		in_file_name = smb_fname->original_lcomp;
-+	}
-+
- 	if (fsp->dptr == NULL) {
--		bool wcard_has_wild;
- 
- 		if (!(fsp->access_mask & SEC_DIR_LIST)) {
- 			tevent_req_nterror(req, NT_STATUS_ACCESS_DENIED);
- 			return tevent_req_post(req, ev);
- 		}
- 
--		wcard_has_wild = ms_has_wild(in_file_name);
--
- 		status = dptr_create(conn,
- 				     fsp,
- 				     fsp->fsp_name->base_name,
--- 
-1.9.3
-

src/patches/samba/samba-3.6.99-2110-ntlmssp-session-setup-nas.patch

@@ -1,39 +0,0 @@
-From ce2b7dad823e3af00884bc0c75851eec7445ec88 Mon Sep 17 00:00:00 2001
-From: Andreas Schneider <asn@samba.org>
-Date: Mon, 31 Oct 2016 12:25:35 +0100
-Subject: [PATCH] s3-libsmb Allow SESSION KEY setup without signing
-
-This is not supported by NetApp or EMC NAS systems. They do not
-implement the protocol correctly. So work around their broken
-implementations.
-
-Signed-off-by: Andreas Schneider <asn@samba.org>
----
- source3/libsmb/ntlmssp.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/source3/libsmb/ntlmssp.c b/source3/libsmb/ntlmssp.c
-index 7e58990..446d02d 100644
---- a/source3/libsmb/ntlmssp.c
-+++ b/source3/libsmb/ntlmssp.c
-@@ -206,7 +206,7 @@ void ntlmssp_want_feature_list(struct ntlmssp_state *ntlmssp_state, char *featur
- 	 * also add  NTLMSSP_NEGOTIATE_SEAL here. JRA.
- 	 */
- 	if (in_list("NTLMSSP_FEATURE_SESSION_KEY", feature_list, True)) {
--		ntlmssp_state->required_flags |= NTLMSSP_NEGOTIATE_SIGN;
-+		ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SIGN;
- 	}
- 	if (in_list("NTLMSSP_FEATURE_SIGN", feature_list, True)) {
- 		ntlmssp_state->required_flags |= NTLMSSP_NEGOTIATE_SIGN;
-@@ -231,7 +231,7 @@ void ntlmssp_want_feature(struct ntlmssp_state *ntlmssp_state, uint32_t feature)
- {
- 	/* As per JRA's comment above */
- 	if (feature & NTLMSSP_FEATURE_SESSION_KEY) {
--		ntlmssp_state->required_flags |= NTLMSSP_NEGOTIATE_SIGN;
-+		ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SIGN;
- 	}
- 	if (feature & NTLMSSP_FEATURE_SIGN) {
- 		ntlmssp_state->required_flags |= NTLMSSP_NEGOTIATE_SIGN;
--- 
-2.10.1
-

src/patches/samba/samba-3.6.99-add_spoolss_os_version.patch

@@ -1,53 +0,0 @@
-From e5d6a3914151217e1487d9a444c2ced4cfd89491 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
-Date: Sat, 19 Jan 2013 01:37:29 +0100
-Subject: [PATCH 19/20] PATCHSET9: s3-spoolss: Make it easier to manipulate the
- returned OSVersion at runtime.
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Guenther
-
-Signed-off-by: Günther Deschner <gd@samba.org>
-Reviewed-by: Andreas Schneider <asn@samba.org>
-Signed-off-by: Andreas Schneider <asn@samba.org>
----
- source3/rpc_server/spoolss/srv_spoolss_nt.c | 14 +++++++++++---
- 1 file changed, 11 insertions(+), 3 deletions(-)
-
-diff --git a/source3/rpc_server/spoolss/srv_spoolss_nt.c b/source3/rpc_server/spoolss/srv_spoolss_nt.c
-index 8372c43..0c4b582 100644
---- a/source3/rpc_server/spoolss/srv_spoolss_nt.c
-+++ b/source3/rpc_server/spoolss/srv_spoolss_nt.c
-@@ -2352,9 +2352,13 @@ static WERROR getprinterdata_printer_server(TALLOC_CTX *mem_ctx,
- 		enum ndr_err_code ndr_err;
- 		struct spoolss_OSVersion os;
- 
--		os.major		= 5;	/* Windows 2000 == 5.0 */
--		os.minor		= 0;
--		os.build		= 2195;	/* build */
-+		os.major		= lp_parm_int(GLOBAL_SECTION_SNUM,
-+						      "spoolss", "os_major", 5);
-+						      /* Windows 2000 == 5.0 */
-+		os.minor		= lp_parm_int(GLOBAL_SECTION_SNUM,
-+						      "spoolss", "os_minor", 0);
-+		os.build		= lp_parm_int(GLOBAL_SECTION_SNUM,
-+						      "spoolss", "os_build", 2195);
- 		os.extra_string		= "";	/* leave extra string empty */
- 
- 		ndr_err = ndr_push_struct_blob(&blob, mem_ctx, &os,
-@@ -2363,6 +2367,10 @@ static WERROR getprinterdata_printer_server(TALLOC_CTX *mem_ctx,
- 			return WERR_GENERAL_FAILURE;
- 		}
- 
-+		if (DEBUGLEVEL >= 10) {
-+			NDR_PRINT_DEBUG(spoolss_OSVersion, &os);
-+		}
-+
- 		*type = REG_BINARY;
- 		data->binary = blob;
- 
--- 
-1.9.0
-

src/patches/samba/samba-3.6.99-add_timeout_option_to_smbclient.patch

@@ -1,147 +0,0 @@
-commit e8f6a7df1b5ae7f7275ac59b8c21b82de1922c3b
-Author:     Jeremy Allison <jra@samba.org>
-AuthorDate: Fri Aug 16 13:49:39 2013 -0700
-Commit:     Andreas Schneider <asn@samba.org>
-CommitDate: Wed Feb 5 11:50:28 2014 +0100
-
-    Add new "timeout" command and -t option to smbclient to set the per-operation timeout.
-    
-    This is needed as once SMB3 encryption is selected the server
-    response time can be very slow when requesting large numbers
-    (256) of large encrypted packets (1MB) from a Windows 2012
-    virtual machine. This allows clients to tune their allowable
-    wait time.
-    
-    Signed-off-by: Jeremy Allison <jra@samba.org>
-    Reviewed-by: Michael Adam <obnox@samba.org>
-    (cherry picked from commit d9c88a56dc451be09e8c9fc9aa8857e312fcb444)
----
- source3/client/client.c | 44 ++++++++++++++++++++++++++++++++++++++++----
- 1 file changed, 40 insertions(+), 4 deletions(-)
-
-diff --git a/source3/client/client.c b/source3/client/client.c
-index f6e42f6..aa16b14 100644
---- a/source3/client/client.c
-+++ b/source3/client/client.c
-@@ -54,7 +54,12 @@ static bool grepable = false;
- static char *cmdstr = NULL;
- const char *cmd_ptr = NULL;
- 
-+/* 30 second timeout on most commands */
-+#define CLIENT_TIMEOUT (30*1000)
-+#define SHORT_TIMEOUT (5*1000)
-+
- static int io_bufsize = 524288;
-+static int io_timeout = (CLIENT_TIMEOUT/1000); /* Per operation timeout (in seconds). */
- 
- static int name_type = 0x20;
- static int max_protocol = PROTOCOL_NT1;
-@@ -64,10 +69,6 @@ static int cmd_help(void);
- 
- #define CREATE_ACCESS_READ READ_CONTROL_ACCESS
- 
--/* 30 second timeout on most commands */
--#define CLIENT_TIMEOUT (30*1000)
--#define SHORT_TIMEOUT (5*1000)
--
- /* value for unused fid field in trans2 secondary request */
- #define FID_UNUSED (0xFFFF)
- 
-@@ -4264,6 +4265,31 @@ int cmd_iosize(void)
- }
- 
- /****************************************************************************
-+ timeout command
-+***************************************************************************/
-+
-+static int cmd_timeout(void)
-+{
-+	TALLOC_CTX *ctx = talloc_tos();
-+	char *buf;
-+
-+	if (!next_token_talloc(ctx, &cmd_ptr,&buf,NULL)) {
-+		unsigned int old_timeout = cli_set_timeout(cli, 0);
-+		cli_set_timeout(cli, old_timeout);
-+		d_printf("timeout <n> (per-operation timeout "
-+			"in seconds - currently %u).\n",
-+			old_timeout/1000);
-+		return 1;
-+	}
-+
-+	io_timeout = strtol(buf,NULL,0);
-+	cli_set_timeout(cli, io_timeout*1000);
-+	d_printf("io_timeout per operation is now %d\n", io_timeout);
-+	return 0;
-+}
-+
-+
-+/****************************************************************************
- history
- ****************************************************************************/
- static int cmd_history(void)
-@@ -4369,6 +4395,7 @@ static struct {
-   {"symlink",cmd_symlink,"<oldname> <newname> create a UNIX symlink",{COMPL_REMOTE,COMPL_REMOTE}},
-   {"tar",cmd_tar,"tar <c|x>[IXFqbgNan] current directory to/from <file name>",{COMPL_NONE,COMPL_NONE}},
-   {"tarmode",cmd_tarmode,"<full|inc|reset|noreset> tar's behaviour towards archive bits",{COMPL_NONE,COMPL_NONE}},
-+  {"timeout",cmd_timeout,"timeout <number> - set the per-operation timeout in seconds (default 20)",{COMPL_NONE,COMPL_NONE}},
-   {"translate",cmd_translate,"toggle text translation for printing",{COMPL_NONE,COMPL_NONE}},
-   {"unlock",cmd_unlock,"unlock <fnum> <hex-start> <hex-len> : remove a POSIX lock",{COMPL_REMOTE,COMPL_REMOTE}},
-   {"volume",cmd_volume,"print the volume name",{COMPL_NONE,COMPL_NONE}},
-@@ -4465,6 +4492,7 @@ static int process_command_string(const char *cmd_in)
- 		if (!cli) {
- 			return 1;
- 		}
-+		cli_set_timeout(cli, io_timeout*1000);
- 	}
- 
- 	while (cmd[0] != '\0')    {
-@@ -4942,6 +4970,8 @@ static int process(const char *base_directory)
- 		return 1;
- 	}
- 
-+	cli_set_timeout(cli, io_timeout*1000);
-+
- 	if (base_directory && *base_directory) {
- 		rc = do_cd(base_directory);
- 		if (rc) {
-@@ -4972,6 +5002,7 @@ static int do_host_query(const char *query_host)
- 	if (!cli)
- 		return 1;
- 
-+	cli_set_timeout(cli, io_timeout*1000);
- 	browse_host(true);
- 
- 	/* Ensure that the host can do IPv4 */
-@@ -5003,6 +5034,7 @@ static int do_host_query(const char *query_host)
- 		return 1;
- 	}
- 
-+	cli_set_timeout(cli, io_timeout*1000);
- 	list_servers(lp_workgroup());
- 
- 	cli_shutdown(cli);
-@@ -5026,6 +5058,7 @@ static int do_tar_op(const char *base_directory)
- 			max_protocol, port, name_type);
- 		if (!cli)
- 			return 1;
-+		cli_set_timeout(cli, io_timeout*1000);
- 	}
- 
- 	recurse=true;
-@@ -5091,6 +5124,8 @@ static int do_message_op(struct user_auth_info *a_info)
- 		return 1;
- 	}
- 
-+	cli_set_timeout(cli, io_timeout*1000);
-+
- 	send_message(get_cmdline_auth_info_username(a_info));
- 	cli_shutdown(cli);
- 
-@@ -5127,6 +5162,7 @@ static int do_message_op(struct user_auth_info *a_info)
- 		{ "directory", 'D', POPT_ARG_STRING, NULL, 'D', "Start from directory", "DIR" },
- 		{ "command", 'c', POPT_ARG_STRING, &cmdstr, 'c', "Execute semicolon separated commands" }, 
- 		{ "send-buffer", 'b', POPT_ARG_INT, &io_bufsize, 'b', "Changes the transmit/send buffer", "BYTES" },
-+		{ "timeout", 't', POPT_ARG_INT, &io_timeout, 'b', "Changes the per-operation timeout", "SECONDS" },
- 		{ "port", 'p', POPT_ARG_INT, &port, 'p', "Port to connect to", "PORT" },
- 		{ "grepable", 'g', POPT_ARG_NONE, NULL, 'g', "Produce grepable output" },
-                 { "browse", 'B', POPT_ARG_NONE, NULL, 'B', "Browse SMB servers using DNS" },

src/patches/samba/samba-3.6.99-asserted_identity_sid-S-1-18-1.patch

@@ -1,223 +0,0 @@
-From ed26d110b814e2cf0413bd9665bd08bda271ba01 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
-Date: Fri, 15 Jan 2016 14:46:07 +0100
-Subject: [PATCH 1/3] security: Add Asserted Identity sids (S-1-18)
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Bug: https://bugzilla.samba.org/show_bug.cgi?id=11677
-
-definitions taken from [MS-DTYP]: Windows Data Types,
-2.4.2.4 Well-Known SID Structures.
-
-Guenther
-
-Signed-off-by: Günther Deschner <gd@samba.org>
----
- libcli/security/dom_sid.h  | 3 +++
- libcli/security/util_sid.c | 8 ++++++++
- librpc/idl/security.idl    | 3 +++
- 3 files changed, 14 insertions(+)
-
-diff --git a/libcli/security/dom_sid.h b/libcli/security/dom_sid.h
-index 04571c2..503b621 100644
---- a/libcli/security/dom_sid.h
-+++ b/libcli/security/dom_sid.h
-@@ -35,6 +35,9 @@ extern const struct dom_sid global_sid_System;
- extern const struct dom_sid global_sid_NULL;
- extern const struct dom_sid global_sid_Authenticated_Users;
- extern const struct dom_sid global_sid_Network;
-+extern const struct dom_sid global_sid_Asserted_Identity;
-+extern const struct dom_sid global_sid_Asserted_Identity_Service;
-+extern const struct dom_sid global_sid_Asserted_Identity_Authentication_Authority;
- extern const struct dom_sid global_sid_Creator_Owner;
- extern const struct dom_sid global_sid_Creator_Group;
- extern const struct dom_sid global_sid_Anonymous;
-diff --git a/libcli/security/util_sid.c b/libcli/security/util_sid.c
-index cf1f7f3..5a41ef7 100644
---- a/libcli/security/util_sid.c
-+++ b/libcli/security/util_sid.c
-@@ -53,6 +53,14 @@ const struct dom_sid global_sid_Authenticated_Users =	/* All authenticated rids
- const struct dom_sid global_sid_Restriced =			/* Restriced Code */
- { 1, 1, {0,0,0,0,0,5}, {12,0,0,0,0,0,0,0,0,0,0,0,0,0,0}};
- #endif
-+
-+const struct dom_sid global_sid_Asserted_Identity =       /* Asserted Identity */
-+{ 1, 0, {0,0,0,0,0,18}, {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0}};
-+const struct dom_sid global_sid_Asserted_Identity_Service =	/* Asserted Identity Service */
-+{ 1, 1, {0,0,0,0,0,18}, {1,0,0,0,0,0,0,0,0,0,0,0,0,0,0}};
-+const struct dom_sid global_sid_Asserted_Identity_Authentication_Authority =	/* Asserted Identity Authentication Authority */
-+{ 1, 1, {0,0,0,0,0,18}, {2,0,0,0,0,0,0,0,0,0,0,0,0,0,0}};
-+
- const struct dom_sid global_sid_Network =			/* Network rids */
- { 1, 1, {0,0,0,0,0,5}, {2,0,0,0,0,0,0,0,0,0,0,0,0,0,0}};
- 
-diff --git a/librpc/idl/security.idl b/librpc/idl/security.idl
-index 0ea79a3..7df773e 100644
---- a/librpc/idl/security.idl
-+++ b/librpc/idl/security.idl
-@@ -277,6 +277,9 @@ interface security
- 	const string SID_NT_TRUSTED_INSTALLER =
- 		"S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464";
- 
-+	const string SID_AUTHENTICATION_AUTHORITY_ASSERTED_IDENTITY = "S-1-18-1";
-+	const string SID_SERVICE_ASSERTED_IDENTITY = "S-1-18-2";
-+
- 	/* well-known domain RIDs */
- 	const int DOMAIN_RID_LOGON                   = 9;
- 	const int DOMAIN_RID_ENTERPRISE_READONLY_DCS = 498;
--- 
-2.5.0
-
-
-From be247c05146c45bcea5c06a38ff07e8f0c934ab6 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
-Date: Fri, 15 Jan 2016 14:43:12 +0100
-Subject: [PATCH 2/3] s3-util: add helper functions to deal with the S-1-18
- domain.
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Bug: https://bugzilla.samba.org/show_bug.cgi?id=11677
-
-Guenther
-
-Signed-off-by: Günther Deschner <gd@samba.org>
----
- source3/Makefile.in            |  2 +-
- source3/include/proto.h        |  5 +++++
- source3/lib/util_specialsids.c | 40 ++++++++++++++++++++++++++++++++++++++++
- source3/wscript_build          |  1 +
- 4 files changed, 47 insertions(+), 1 deletion(-)
- create mode 100644 source3/lib/util_specialsids.c
-
-diff --git a/source3/Makefile.in b/source3/Makefile.in
-index 9e8e03d..8df2bff 100644
---- a/source3/Makefile.in
-+++ b/source3/Makefile.in
-@@ -456,7 +456,7 @@ LIB_OBJ = $(LIBSAMBAUTIL_OBJ) $(UTIL_OBJ) $(CRYPTO_OBJ) \
- 	  lib/access.o lib/smbrun.o \
- 	  lib/bitmap.o lib/dprintf.o $(UTIL_REG_OBJ) \
- 	  lib/wins_srv.o \
--	  lib/util_str.o lib/clobber.o lib/util_sid.o \
-+	  lib/util_str.o lib/clobber.o lib/util_sid.o lib/util_specialsids.o \
- 	  lib/util_unistr.o ../lib/util/charset/codepoints.o lib/util_file.o \
- 	  lib/util.o lib/util_cmdline.o lib/util_names.o \
- 	  lib/util_sock.o lib/sock_exec.o lib/util_sec.o \
-diff --git a/source3/include/proto.h b/source3/include/proto.h
-index 7303e76..8cd162b 100644
---- a/source3/include/proto.h
-+++ b/source3/include/proto.h
-@@ -1937,6 +1937,11 @@ bool sid_check_is_in_unix_groups(const struct dom_sid *sid);
- const char *unix_groups_domain_name(void);
- bool lookup_unix_group_name(const char *name, struct dom_sid *sid);
- 
-+/* The following definitions come from lib/util_specialsids.c  */
-+bool sid_check_is_asserted_identity(const struct dom_sid *sid);
-+bool sid_check_is_in_asserted_identity(const struct dom_sid *sid);
-+const char *asserted_identity_domain_name(void);
-+
- /* The following definitions come from lib/filename_util.c */
- 
- NTSTATUS get_full_smb_filename(TALLOC_CTX *ctx, const struct smb_filename *smb_fname,
-diff --git a/source3/lib/util_specialsids.c b/source3/lib/util_specialsids.c
-new file mode 100644
-index 0000000..4c402d6
---- /dev/null
-+++ b/source3/lib/util_specialsids.c
-@@ -0,0 +1,40 @@
-+/*
-+   Unix SMB/CIFS implementation.
-+   Copyright (C) Guenther Deschner 2016
-+
-+   This program is free software; you can redistribute it and/or modify
-+   it under the terms of the GNU General Public License as published by
-+   the Free Software Foundation; either version 3 of the License, or
-+   (at your option) any later version.
-+
-+   This program is distributed in the hope that it will be useful,
-+   but WITHOUT ANY WARRANTY; without even the implied warranty of
-+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-+   GNU General Public License for more details.
-+
-+   You should have received a copy of the GNU General Public License
-+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
-+*/
-+
-+#include "includes.h"
-+#include "../libcli/security/security.h"
-+
-+bool sid_check_is_asserted_identity(const struct dom_sid *sid)
-+{
-+	return dom_sid_equal(sid, &global_sid_Asserted_Identity);
-+}
-+
-+bool sid_check_is_in_asserted_identity(const struct dom_sid *sid)
-+{
-+	struct dom_sid dom_sid;
-+
-+	sid_copy(&dom_sid, sid);
-+	sid_split_rid(&dom_sid, NULL);
-+
-+	return sid_check_is_asserted_identity(&dom_sid);
-+}
-+
-+const char *asserted_identity_domain_name(void)
-+{
-+	return "Asserted Identity";
-+}
-diff --git a/source3/wscript_build b/source3/wscript_build
-index 40935d1..ceccbb5 100755
---- a/source3/wscript_build
-+++ b/source3/wscript_build
-@@ -74,6 +74,7 @@ LIB_SRC = '''
-           lib/bitmap.c lib/dprintf.c
-           lib/wins_srv.c
-           lib/clobber.c lib/util_sid.c
-+          lib/util_specialsids.c
-           lib/util_file.c
-           lib/util.c lib/util_cmdline.c lib/util_names.c
-           lib/util_sock.c lib/sock_exec.c lib/util_sec.c
--- 
-2.5.0
-
-
-From bb5c28c8d45be8e26abe37e4873c4b1c59fff782 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
-Date: Fri, 15 Jan 2016 14:43:48 +0100
-Subject: [PATCH 3/3] s3-util: skip S-1-18 sids in token generaion in
- sid_array_from_info3().
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Bug: https://bugzilla.samba.org/show_bug.cgi?id=11677
-
-Guenther
-
-Signed-off-by: Günther Deschner <gd@samba.org>
----
- source3/lib/util_sid.c | 5 +++++
- 1 file changed, 5 insertions(+)
-
-diff --git a/source3/lib/util_sid.c b/source3/lib/util_sid.c
-index f051b7a..92fbc76 100644
---- a/source3/lib/util_sid.c
-+++ b/source3/lib/util_sid.c
-@@ -190,6 +190,11 @@ NTSTATUS sid_array_from_info3(TALLOC_CTX *mem_ctx,
-          */
- 
- 	for (i = 0; i < info3->sidcount; i++) {
-+
-+		if (sid_check_is_in_asserted_identity(info3->sids[i].sid)) {
-+			continue;
-+		}
-+
- 		status = add_sid_to_array(mem_ctx, info3->sids[i].sid,
- 				      &sid_array, &num_sids);
- 		if (!NT_STATUS_IS_OK(status)) {
--- 
-2.5.0
-

src/patches/samba/samba-3.6.99-bug-1117059.patch

@@ -1,86 +0,0 @@
-From 7f0edd8c68cd20a136a33d692f32ee2ffc30db76 Mon Sep 17 00:00:00 2001
-From: Michael Adam <obnox@samba.org>
-Date: Mon, 19 Jan 2015 13:51:55 +0100
-Subject: [PATCH] s3:winbind:grent: don't stop group enumeration when a group
- has no gid
-
-simply continue with the next group
-
-Note: this patch introduces some code duplication to make it
-easier to create minimal backport patch. Subsequent patches
-will provide some refactoring to reduce the duplication.
-
-BUG: https://bugzilla.samba.org/show_bug.cgi?id=8905
-
-Signed-off-by: Michael Adam <obnox@samba.org>
----
- source3/winbindd/wb_next_grent.c | 51 +++++++++++++++++++++++++++++++++++++++-
- 1 file changed, 50 insertions(+), 1 deletion(-)
-
-diff --git a/source3/winbindd/wb_next_grent.c b/source3/winbindd/wb_next_grent.c
-index 2b3799a..f52d2d1 100644
---- a/source3/winbindd/wb_next_grent.c
-+++ b/source3/winbindd/wb_next_grent.c
-@@ -168,9 +168,58 @@ static void wb_next_grent_getgrsid_done(struct tevent_req *subreq)
- 	status = wb_getgrsid_recv(subreq, talloc_tos(), &domname, &name,
- 				  &state->gr->gr_gid, &state->members);
- 	TALLOC_FREE(subreq);
--	if (tevent_req_nterror(req, status)) {
-+
-+	if (NT_STATUS_EQUAL(status, NT_STATUS_NONE_MAPPED)) {
-+		state->gstate->next_group += 1;
-+
-+		if (state->gstate->next_group >= state->gstate->num_groups) {
-+			TALLOC_FREE(state->gstate->groups);
-+
-+			if (state->gstate->domain == NULL) {
-+				state->gstate->domain = domain_list();
-+			} else {
-+				state->gstate->domain = state->gstate->domain->next;
-+			}
-+
-+			if ((state->gstate->domain != NULL) &&
-+			    sid_check_is_domain(&state->gstate->domain->sid))
-+			{
-+				state->gstate->domain = state->gstate->domain->next;
-+			}
-+
-+			if (state->gstate->domain == NULL) {
-+				tevent_req_nterror(req,
-+						   NT_STATUS_NO_MORE_ENTRIES);
-+				return;
-+			}
-+
-+			subreq = dcerpc_wbint_QueryGroupList_send(
-+				state, state->ev,
-+				dom_child_handle(state->gstate->domain),
-+				&state->next_groups);
-+			if (tevent_req_nomem(subreq, req)) {
-+				return;
-+			}
-+
-+			tevent_req_set_callback(subreq,
-+						wb_next_grent_fetch_done, req);
-+			return;
-+		}
-+
-+		subreq = wb_getgrsid_send(
-+			state, state->ev,
-+			&state->gstate->groups[state->gstate->next_group].sid,
-+			state->max_nesting);
-+		if (tevent_req_nomem(subreq, req)) {
-+			return;
-+		}
-+		tevent_req_set_callback(subreq, wb_next_grent_getgrsid_done,
-+					req);
-+		return;
-+	} else if (tevent_req_nterror(req, status)) {
- 		return;
- 	}
-+
- 	if (!fill_grent(talloc_tos(), state->gr, domname, name,
- 			state->gr->gr_gid)) {
- 		DEBUG(5, ("fill_grent failed\n"));
--- 
-2.1.0
-

src/patches/samba/samba-3.6.99-bug-1192211.patch

@@ -1,42 +0,0 @@
-From a5b116fe3107a56e1d881906e77d9731b0c6b2c2 Mon Sep 17 00:00:00 2001
-From: Michael Adam <obnox@samba.org>
-Date: Sat, 1 Jun 2013 02:14:41 +0200
-Subject: [PATCH] shadow_copy2: implement disk_free
-
-Signed-off-by: Michael Adam <obnox@samba.org>
----
- source3/modules/vfs_shadow_copy2.c | 11 +++++++++++
- 1 file changed, 11 insertions(+)
-
-diff --git a/source3/modules/vfs_shadow_copy2.c b/source3/modules/vfs_shadow_copy2.c
-index fedfb53..7fd4dd5 100644
---- a/source3/modules/vfs_shadow_copy2.c
-+++ b/source3/modules/vfs_shadow_copy2.c
-@@ -944,6 +944,16 @@ static int shadow_copy2_get_shadow_copy2_data(vfs_handle_struct *handle,
- 	return 0;
- }
- 
-+static uint64_t shadow_copy2_disk_free(vfs_handle_struct *handle,
-+				       const char *fname, bool small_query,
-+				       uint64_t *bsize, uint64_t *dfree,
-+				       uint64_t *dsize)
-+{
-+	SHADOW2_NEXT(DISK_FREE,
-+		     (handle, name, small_query, bsize, dfree, dsize),
-+		     uint64_t, 0);
-+}
-+
- static struct vfs_fn_pointers vfs_shadow_copy2_fns = {
-         .opendir = shadow_copy2_opendir,
-         .mkdir = shadow_copy2_mkdir,
-@@ -975,6 +985,7 @@ static struct vfs_fn_pointers vfs_shadow_copy2_fns = {
-         .get_nt_acl = shadow_copy2_get_nt_acl,
-         .chmod_acl = shadow_copy2_chmod_acl,
- 	.get_shadow_copy_data = shadow_copy2_get_shadow_copy2_data,
-+	.disk_free = shadow_copy2_disk_free,
- };
- 
- NTSTATUS vfs_shadow_copy2_init(void);
--- 
-2.1.0
-

src/patches/samba/samba-3.6.99-doc_netbios_name_length_limit.patch

@@ -1,257 +0,0 @@
-From caea507e6b57a82e059803e307f87fd39affde9c Mon Sep 17 00:00:00 2001
-From: Andreas Schneider <asn@samba.org>
-Date: Wed, 15 Jul 2015 13:22:40 +0200
-Subject: [PATCH] PATCHSET31: docs: Documents length limitations for NetBIOS
- name
-
-BUG: https://bugzilla.samba.org/show_bug.cgi?id=11401
-
-Signed-off-by: Andreas Schneider <asn@samba.org>
-Reviewed-by: Michael Adam <obnox@samba.org>
-
-Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
-Autobuild-Date(master): Wed Jul 15 19:35:48 CEST 2015 on sn-devel-104
----
- docs-xml/smbdotconf/base/netbiosname.xml | 2 ++
- 1 file changed, 2 insertions(+)
-
-Index: samba-3.6.23/docs-xml/smbdotconf/base/netbiosname.xml
-===================================================================
---- samba-3.6.23.orig/docs-xml/smbdotconf/base/netbiosname.xml
-+++ samba-3.6.23/docs-xml/smbdotconf/base/netbiosname.xml
-@@ -9,6 +9,8 @@
- 		the hosts DNS name) will be the name that these services are advertised under.
- 		</para>
- 
-+		<para>Note that the maximum length for a NetBIOS name is 15 charactars.</para>
-+
- 		<para>
- 		There is a bug in Samba-3 that breaks operation of browsing and access to shares if the netbios name
- 		is set to the literal name <literal>PIPE</literal>. To avoid this problem, do not name your Samba-3
-Index: samba-3.6.23/docs/manpages/smb.conf.5
-===================================================================
---- samba-3.6.23.orig/docs/manpages/smb.conf.5
-+++ samba-3.6.23/docs/manpages/smb.conf.5
-@@ -1,13 +1,13 @@
- '\" t
- .\"     Title: smb.conf
- .\"    Author: [see the "AUTHOR" section]
--.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
--.\"      Date: 09/18/2013
-+.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-+.\"      Date: 10/15/2015
- .\"    Manual: File Formats and Conventions
- .\"    Source: Samba 3.6
- .\"  Language: English
- .\"
--.TH "SMB\&.CONF" "5" "09/18/2013" "Samba 3\&.6" "File Formats and Conventions"
-+.TH "SMB\&.CONF" "5" "10/15/2015" "Samba 3\&.6" "File Formats and Conventions"
- .\" -----------------------------------------------------------------
- .\" * Define some portability stuff
- .\" -----------------------------------------------------------------
-@@ -1201,8 +1201,7 @@ add user to group script (G)
- .PP
- .RS 4
- Full path to the script that will be called when a user is added to a group using the Windows NT domain administration tools\&. It will be run by
--\fBsmbd\fR(8)
--\fIAS ROOT\fR\&. Any
-+\fBsmbd\fR(8)\fIAS ROOT\fR\&. Any
- \fI%g\fR
- will be replaced with the group name and any
- \fI%u\fR
-@@ -1563,8 +1562,7 @@ smbpasswd
- will fail to connect in it\*(Aqs default mode\&.
- smbpasswd
- can be forced to use the primary IP interface of the local host by using its
--\fBsmbpasswd\fR(8)
--\fI\-r \fR\fI\fIremote machine\fR\fR
-+\fBsmbpasswd\fR(8)\fI\-r \fR\fI\fIremote machine\fR\fR
- parameter, with
- \fIremote machine\fR
- set to the IP name of the primary interface of the local host\&.
-@@ -1868,8 +1866,7 @@ and
- \fIseal\fR
- are only available if Samba has been compiled against a modern OpenLDAP version (2\&.3\&.x or higher)\&.
- .sp
--This option is needed in the case of Domain Controllers enforcing the usage of signed LDAP connections (e\&.g\&. Windows 2000 SP3 or higher)\&. LDAP sign and seal can be controlled with the registry key "HKLM\eSystem\eCurrentControlSet\eServices\e
--NTDS\eParameters\eLDAPServerIntegrity" on the Windows server side\&.
-+This option is needed in the case of Domain Controllers enforcing the usage of signed LDAP connections (e\&.g\&. Windows 2000 SP3 or higher)\&. LDAP sign and seal can be controlled with the registry key "HKLM\eSystem\eCurrentControlSet\eServices\eNTDS\eParameters\eLDAPServerIntegrity" on the Windows server side\&.
- .sp
- Depending on the used KRB5 library (MIT and older Heimdal versions) it is possible that the message "integrity only" is not supported\&. In this case,
- \fIsign\fR
-@@ -2513,8 +2510,7 @@ delete group script (G)
- .PP
- .RS 4
- This is the full pathname to a script that will be run
--\fIAS ROOT\fR
--\fBsmbd\fR(8)
-+\fIAS ROOT\fR\fBsmbd\fR(8)
- when a group is requested to be deleted\&. It will expand any
- \fI%g\fR
- to the group name passed\&. This script is only useful for installations using the Windows NT domain administration tools\&.
-@@ -2633,8 +2629,7 @@ delete user from group script (G)
- .PP
- .RS 4
- Full path to the script that will be called when a user is removed from a group using the Windows NT domain administration tools\&. It will be run by
--\fBsmbd\fR(8)
--\fIAS ROOT\fR\&. Any
-+\fBsmbd\fR(8)\fIAS ROOT\fR\&. Any
- \fI%g\fR
- will be replaced with the group name and any
- \fI%u\fR
-@@ -4895,8 +4890,7 @@ script\&.
- LDAP connections should be secured where possible\&. This may be done setting
- \fIeither\fR
- this parameter to
--\fIStart_tls\fR
--\fIor\fR
-+\fIStart_tls\fR\fIor\fR
- by specifying
- \fIldaps://\fR
- in the URL argument of
-@@ -4935,9 +4929,7 @@ Please note that this parameter does onl
- \fIrpc\fR
- methods\&. To enable the LDAPv3 StartTLS extended operation (RFC2830) for
- \fIads\fR, set
--\m[blue]\fBldap ssl = yes\fR\m[]
--\fIand\fR
--\m[blue]\fBldap ssl ads = yes\fR\m[]\&. See
-+\m[blue]\fBldap ssl = yes\fR\m[]\fIand\fR\m[blue]\fBldap ssl ads = yes\fR\m[]\&. See
- smb\&.conf(5)
- for more information on
- \m[blue]\fBldap ssl ads\fR\m[]\&.
-@@ -5100,8 +5092,7 @@ in elections for local master browser\&.
- Setting this value to
- \fBno\fR
- will cause
--nmbd
--\fInever\fR
-+nmbd\fInever\fR
- to become a local master browser\&.
- .sp
- Default:
-@@ -5463,7 +5454,6 @@ logon home (G)
- .RS 4
- This parameter specifies the home directory location when a Win95/98 or NT Workstation logs into a Samba PDC\&. It allows you to do
- .sp
--
- C:\e>\fBNET USE H: /HOME\fR
- .sp
- from a command prompt, for example\&.
-@@ -5472,7 +5462,6 @@ This option takes the standard substitut
- .sp
- This parameter can be used with Win9X workstations to ensure that roaming profiles are stored in a subdirectory of the user\*(Aqs home directory\&. This is done in the following way:
- .sp
--
- logon home = \e\e%N\e%U\eprofile
- .sp
- This tells Samba to return the above string, with substitutions made when a client requests the info, generally in a NetUserGetInfo request\&. Win9X clients truncate the info to \e\eserver\eshare when a user does
-@@ -6050,7 +6039,6 @@ The three settings are :
- .sp -1
- .IP \(bu 2.3
- .\}
--
- \fBYes\fR
- \- The read only DOS attribute is mapped to the inverse of the user or owner write bit in the unix permission mode set\&. If the owner write bit is not set, the read only attribute is reported as being set on the file\&. If the read only DOS attribute is set, Samba sets the owner, group and others write bits to zero\&. Write bits set in an ACL are ignored by Samba\&. If the read only DOS attribute is unset, Samba simply sets the write bit of the owner to one\&.
- .RE
-@@ -6063,7 +6051,6 @@ The three settings are :
- .sp -1
- .IP \(bu 2.3
- .\}
--
- \fBPermissions\fR
- \- The read only DOS attribute is mapped to the effective permissions of the connecting user, as evaluated by
- \fBsmbd\fR(8)
-@@ -6078,7 +6065,6 @@ by reading the unix permissions and POSI
- .sp -1
- .IP \(bu 2.3
- .\}
--
- \fBNo\fR
- \- The read only DOS attribute is unaffected by permissions, and can only be set by the
- \m[blue]\fBstore dos attributes\fR\m[]
-@@ -6732,7 +6718,6 @@ The options are: "lmhosts", "host", "win
- .sp -1
- .IP \(bu 2.3
- .\}
--
- \fBlmhosts\fR
- : Lookup an IP address in the Samba lmhosts file\&. If the line in lmhosts has no name type attached to the NetBIOS name (see the manpage for lmhosts for details) then any name type matches for lookup\&.
- .RE
-@@ -6745,7 +6730,6 @@ The options are: "lmhosts", "host", "win
- .sp -1
- .IP \(bu 2.3
- .\}
--
- \fBhost\fR
- : Do a standard host name to IP address resolution, using the system
- /etc/hosts, NIS, or DNS lookups\&. This method of name resolution is operating system depended for instance on IRIX or Solaris this may be controlled by the
-@@ -6833,6 +6817,8 @@ netbios name (G)
- .RS 4
- This sets the NetBIOS name by which a Samba server is known\&. By default it is the same as the first component of the host\*(Aqs DNS name\&. If a machine is a browse server or logon server this name (or the first component of the hosts DNS name) will be the name that these services are advertised under\&.
- .sp
-+Note that the maximum length for a NetBIOS name is 15 charactars\&.
-+.sp
- There is a bug in Samba\-3 that breaks operation of browsing and access to shares if the netbios name is set to the literal name
- PIPE\&. To avoid this problem, do not name your Samba\-3 server
- PIPE\&.
-@@ -7639,7 +7625,6 @@ This option specifies a command to be ru
- .sp
- An interesting example is to send the users a welcome message every time they log in\&. Maybe a message of the day? Here is an example:
- .sp
--
- preexec = csh \-c \*(Aqecho \e"Welcome to %S!\e" | /usr/local/samba/bin/smbclient \-M %m \-I %I\*(Aq &
- .sp
- Of course, this could get annoying after a while :\-)
-@@ -8452,9 +8437,7 @@ rpc_server (G)
- Defines what kind of rpc server to use for a named pipe\&. The rpc_server prefix must be followed by the pipe name, and a value\&.
- .sp
- Three possible values are currently supported:
--embedded
--daemon
--external
-+embeddeddaemonexternal
- .sp
- The classic method is to run every pipe as an internal function
- \fIembedded\fR
-@@ -8632,8 +8615,7 @@ security = share
- server)\&. Instead, the clients send authentication information (passwords) on a per\-share basis, at the time they attempt to connect to that share\&.
- .sp
- Note that
--smbd
--\fIALWAYS\fR
-+smbd\fIALWAYS\fR
- uses a valid UNIX user to act on behalf of the client, even in
- security = share
- level security\&.
-@@ -10177,8 +10159,6 @@ This parameter specifies the absolute pa
- .sp
- For example, a valid usershare directory might be /usr/local/samba/lib/usershares, set up as follows\&.
- .sp
--
--.sp
- .if n \{\
- .RS 4
- .\}
-@@ -10650,10 +10630,10 @@ and
- .sp -1
- .IP \(bu 2.3
- .\}
--\fI<sfu | rfc2307 >\fR
--\- When Samba is running in security = ads and your Active Directory Domain Controller does support the Microsoft "Services for Unix" (SFU) LDAP schema, winbind can retrieve the login shell and the home directory attributes directly from your Directory Server\&. Note that retrieving UID and GID from your ADS\-Server requires to use
-+\fI<sfu | sfu20 | rfc2307 >\fR
-+\- When Samba is running in security = ads and your Active Directory Domain Controller does support the Microsoft "Services for Unix" (SFU) LDAP schema, winbind can retrieve the login shell and the home directory attributes directly from your Directory Server\&. For SFU 3\&.0 or 3\&.5 simply choose "sfu", if you use SFU 2\&.0 please choose "sfu20"\&. Note that retrieving UID and GID from your ADS\-Server requires to use
- \fIidmap config DOMAIN:backend\fR
--= ad as well\&.
-+= ad as well\&. The primary group membership is currently always calculated via the "primaryGroupID" LDAP attribute\&.
- .RE
- .sp
- .RE
-@@ -11036,7 +11016,6 @@ special sections make life for an admini
- This man page is correct for version 3 of the Samba suite\&.
- .SH "SEE ALSO"
- .PP
--
- \fBsamba\fR(7),
- \fBsmbpasswd\fR(8),
- \fBswat\fR(8),

src/patches/samba/samba-3.6.99-fix_dirsort_ea-support.patch

@@ -1,314 +0,0 @@
-From 252499c1513c45764d039af8732cd97b37c8c494 Mon Sep 17 00:00:00 2001
-From: Volker Lendecke <vl@samba.org>
-Date: Thu, 9 Feb 2017 15:40:39 +0100
-Subject: [PATCH 1/3] smbd: Streamline get_ea_names_from_file
-
-Signed-off-by: Volker Lendecke <vl@samba.org>
-Reviewed-by: Ralph Boehme <slow@samba.org>
-Backported-by: Andreas Schneider <asn@samba.org>
-Backported-from: 27daed8fcf95eed2df112dc1c30c3a40b5c9565b
----
- source3/smbd/trans2.c | 89 +++++++++++++++++++++++++++++----------------------
- 1 file changed, 51 insertions(+), 38 deletions(-)
-
-diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c
-index 98fd2af..49cfe9f 100644
---- a/source3/smbd/trans2.c
-+++ b/source3/smbd/trans2.c
-@@ -201,12 +201,14 @@ NTSTATUS get_ea_names_from_file(TALLOC_CTX *mem_ctx, connection_struct *conn,
- 				files_struct *fsp, const char *fname,
- 				char ***pnames, size_t *pnum_names)
- {
-+	char smallbuf[1024];
- 	/* Get a list of all xattrs. Max namesize is 64k. */
- 	size_t ea_namelist_size = 1024;
--	char *ea_namelist = NULL;
-+	char *ea_namelist = smallbuf;
-+	char *to_free = NULL;
- 
- 	char *p;
--	char **names, **tmp;
-+	char **names;
- 	size_t num_names;
- 	ssize_t sizeret = -1;
- 	NTSTATUS status;
-@@ -228,25 +230,24 @@ NTSTATUS get_ea_names_from_file(TALLOC_CTX *mem_ctx, connection_struct *conn,
- 		return NT_STATUS_OK;
- 	}
- 
--	/*
--	 * TALLOC the result early to get the talloc hierarchy right.
--	 */
--
--	names = TALLOC_ARRAY(mem_ctx, char *, 1);
--	if (names == NULL) {
--		DEBUG(0, ("talloc failed\n"));
--		return NT_STATUS_NO_MEMORY;
-+	if (fsp && fsp->fh->fd != -1) {
-+		sizeret = SMB_VFS_FLISTXATTR(fsp, ea_namelist,
-+					     ea_namelist_size);
-+	} else {
-+		sizeret = SMB_VFS_LISTXATTR(conn,
-+					    fname,
-+					    ea_namelist,
-+					    ea_namelist_size);
- 	}
- 
--	while (ea_namelist_size <= 65536) {
--
--		ea_namelist = TALLOC_REALLOC_ARRAY(
--			names, ea_namelist, char, ea_namelist_size);
-+	if ((sizeret == -1) && (errno == ERANGE)) {
-+		ea_namelist_size = 65536;
-+		ea_namelist = TALLOC_ARRAY(mem_ctx, char, ea_namelist_size);
- 		if (ea_namelist == NULL) {
- 			DEBUG(0, ("talloc failed\n"));
--			TALLOC_FREE(names);
- 			return NT_STATUS_NO_MEMORY;
- 		}
-+		to_free = ea_namelist;
- 
- 		if (fsp && fsp->fh->fd != -1) {
- 			sizeret = SMB_VFS_FLISTXATTR(fsp, ea_namelist,
-@@ -255,25 +256,18 @@ NTSTATUS get_ea_names_from_file(TALLOC_CTX *mem_ctx, connection_struct *conn,
- 			sizeret = SMB_VFS_LISTXATTR(conn, fname, ea_namelist,
- 						    ea_namelist_size);
- 		}
--
--		if ((sizeret == -1) && (errno == ERANGE)) {
--			ea_namelist_size *= 2;
--		}
--		else {
--			break;
--		}
- 	}
- 
- 	if (sizeret == -1) {
--		TALLOC_FREE(names);
--		return map_nt_error_from_unix(errno);
-+		status = map_nt_error_from_unix(errno);
-+		TALLOC_FREE(to_free);
-+		return status;
- 	}
- 
--	DEBUG(10, ("get_ea_list_from_file: ea_namelist size = %u\n",
--		   (unsigned int)sizeret));
-+	DEBUG(10, ("ea_namelist size = %zd\n", sizeret));
- 
- 	if (sizeret == 0) {
--		TALLOC_FREE(names);
-+		TALLOC_FREE(to_free);
- 		return NT_STATUS_OK;
- 	}
- 
-@@ -282,7 +276,7 @@ NTSTATUS get_ea_names_from_file(TALLOC_CTX *mem_ctx, connection_struct *conn,
- 	 */
- 
- 	if (ea_namelist[sizeret-1] != '\0') {
--		TALLOC_FREE(names);
-+		TALLOC_FREE(to_free);
- 		return NT_STATUS_INTERNAL_ERROR;
- 	}
- 
-@@ -295,26 +289,45 @@ NTSTATUS get_ea_names_from_file(TALLOC_CTX *mem_ctx, connection_struct *conn,
- 		num_names += 1;
- 	}
- 
--	tmp = TALLOC_REALLOC_ARRAY(mem_ctx, names, char *, num_names);
--	if (tmp == NULL) {
-+	*pnum_names = num_names;
-+
-+	if (pnames == NULL) {
-+		TALLOC_FREE(to_free);
-+		return NT_STATUS_OK;
-+	}
-+
-+	names = TALLOC_ARRAY(mem_ctx, char *, num_names);
-+	if (names == NULL) {
- 		DEBUG(0, ("talloc failed\n"));
--		TALLOC_FREE(names);
-+		TALLOC_FREE(to_free);
- 		return NT_STATUS_NO_MEMORY;
- 	}
- 
--	names = tmp;
-+	if (ea_namelist == smallbuf) {
-+		ea_namelist = talloc_memdup(names, smallbuf, sizeret);
-+		if (ea_namelist == NULL) {
-+			TALLOC_FREE(names);
-+			return NT_STATUS_NO_MEMORY;
-+		}
-+	} else {
-+		talloc_steal(names, ea_namelist);
-+
-+		ea_namelist = talloc_realloc(names, ea_namelist, char,
-+					     sizeret);
-+		if (ea_namelist == NULL) {
-+			TALLOC_FREE(names);
-+			return NT_STATUS_NO_MEMORY;
-+		}
-+	}
-+
- 	num_names = 0;
- 
- 	for (p = ea_namelist; p - ea_namelist < sizeret; p += strlen(p)+1) {
- 		names[num_names++] = p;
- 	}
- 
--	if (pnames) {
--		*pnames = names;
--	} else {
--		TALLOC_FREE(names);
--	}
--	*pnum_names = num_names;
-+	*pnames = names;
-+
- 	return NT_STATUS_OK;
- }
- 
--- 
-2.9.3
-
-
-From 17563ab22ad19b34e1d9a1d12b2594c4186718b6 Mon Sep 17 00:00:00 2001
-From: Volker Lendecke <vl@samba.org>
-Date: Tue, 25 Oct 2016 12:28:12 +0200
-Subject: [PATCH 2/3] lib/util/charset: Optimize next_codepoint for the ascii
- case
-
-Signed-off-by: Volker Lendecke <vl@samba.org>
-Reviewed-by: Ralph Boehme <slow@samba.org>
-
-(cherry picked from commit 07d9a909ba6853fb0b96f6d86e4cf0d5d1b35b28)
----
- lib/util/charset/codepoints.c | 4 ++++
- 1 file changed, 4 insertions(+)
-
-diff --git a/lib/util/charset/codepoints.c b/lib/util/charset/codepoints.c
-index 5ee95a8..7d157a3 100644
---- a/lib/util/charset/codepoints.c
-+++ b/lib/util/charset/codepoints.c
-@@ -495,6 +495,10 @@ _PUBLIC_ codepoint_t next_codepoint_ext(const char *str, charset_t src_charset,
- 
- _PUBLIC_ codepoint_t next_codepoint(const char *str, size_t *size)
- {
-+	if ((str[0] & 0x80) == 0) {
-+		*size = 1;
-+		return str[0];
-+	}
- 	return next_codepoint_convenience(get_iconv_convenience(), str, size);
- }
- 
--- 
-2.9.3
-
-
-From ac8f6faa891fd282fb39ccb8e75a364bf97a5f2b Mon Sep 17 00:00:00 2001
-From: Andreas Schneider <asn@samba.org>
-Date: Thu, 9 Feb 2017 15:05:01 +0100
-Subject: [PATCH 3/3] s3-vfs: Only walk the directory once in
- open_and_sort_dir()
-
-On a slow filesystem or network filesystem this can make a huge
-difference.
-
-BUG: https://bugzilla.samba.org/show_bug.cgi?id=12571
-
-Signed-off-by: Andreas Schneider <asn@samba.org>
----
- source3/modules/vfs_dirsort.c | 61 +++++++++++++++++++++++++++----------------
- 1 file changed, 38 insertions(+), 23 deletions(-)
-
-diff --git a/source3/modules/vfs_dirsort.c b/source3/modules/vfs_dirsort.c
-index 698e96b..66582e6 100644
---- a/source3/modules/vfs_dirsort.c
-+++ b/source3/modules/vfs_dirsort.c
-@@ -68,8 +68,10 @@ static bool get_sorted_dir_mtime(vfs_handle_struct *handle,
- static bool open_and_sort_dir(vfs_handle_struct *handle,
- 				struct dirsort_privates *data)
- {
--	unsigned int i = 0;
--	unsigned int total_count = 0;
-+	uint32_t total_count = 0;
-+	/* This should be enough for most use cases */
-+	uint32_t dirent_allocated = 64;
-+	SMB_STRUCT_DIRENT *dp;
- 
- 	data->number_of_entries = 0;
- 
-@@ -77,38 +79,51 @@ static bool open_and_sort_dir(vfs_handle_struct *handle,
- 		return false;
- 	}
- 
--	while (SMB_VFS_NEXT_READDIR(handle, data->source_directory, NULL)
--	       != NULL) {
--		total_count++;
--	}
--
--	if (total_count == 0) {
-+	dp = SMB_VFS_NEXT_READDIR(handle, data->source_directory, NULL);
-+	if (dp == NULL) {
- 		return false;
- 	}
- 
--	/* Open the underlying directory and count the number of entries
--	   Skip back to the beginning as we'll read it again */
--	SMB_VFS_NEXT_REWINDDIR(handle, data->source_directory);
--
- 	/* Set up an array and read the directory entries into it */
- 	TALLOC_FREE(data->directory_list); /* destroy previous cache if needed */
- 	data->directory_list = talloc_zero_array(data,
- 						 SMB_STRUCT_DIRENT,
--						 total_count);
--	if (!data->directory_list) {
-+						 dirent_allocated);
-+	if (data->directory_list == NULL) {
- 		return false;
- 	}
--	for (i = 0; i < total_count; i++) {
--		SMB_STRUCT_DIRENT *dp = SMB_VFS_NEXT_READDIR(handle,
--						data->source_directory,
--						NULL);
--		if (dp == NULL) {
--			break;
-+
-+	do {
-+		if (total_count >= dirent_allocated) {
-+			struct dirent *dlist;
-+
-+			/*
-+			 * Be memory friendly.
-+			 *
-+			 * We should not double the amount of memory. With a lot
-+			 * of files we reach easily 50MB, and doubling will
-+			 * get much bigger just for a few files more.
-+			 *
-+			 * For 200k files this means 50 memory reallocations.
-+			 */
-+			dirent_allocated += 4096;
-+
-+			dlist = talloc_realloc(data,
-+					       data->directory_list,
-+					       SMB_STRUCT_DIRENT,
-+					       dirent_allocated);
-+			if (dlist == NULL) {
-+				break;
-+			}
-+			data->directory_list = dlist;
- 		}
--		data->directory_list[i] = *dp;
--	}
-+		data->directory_list[total_count] = *dp;
-+
-+		total_count++;
-+		dp = SMB_VFS_NEXT_READDIR(handle, data->source_directory, NULL);
-+	} while (dp != NULL);
- 
--	data->number_of_entries = i;
-+	data->number_of_entries = total_count;
- 
- 	/* Sort the directory entries by name */
- 	TYPESAFE_QSORT(data->directory_list, data->number_of_entries, compare_dirent);
--- 
-2.9.3
-

src/patches/samba/samba-3.6.99-fix_dropbox_share.patch

@@ -1,271 +0,0 @@
-From 8f286450a223d002358f6dfe81b770fee86c3c85 Mon Sep 17 00:00:00 2001
-From: Volker Lendecke <vl@samba.org>
-Date: Tue, 3 Dec 2013 13:20:17 +0100
-Subject: [PATCH 1/3] PATCHSET15: smbd: Fix regression for the dropbox case.
-
-We need to allow to save a file to a directory with perm -wx.
-
-BUG: https://bugzilla.samba.org/show_bug.cgi?id=10297
-
-Signed-off-by: Volker Lendecke <vl@samba.org>
-Reviewed-by: Jeremy Allison <jra@samba.org>
-Reviewed-by: Andreas Schneider <asn@samba.org>
-(cherry picked from commit 5b49fe24c906cbae12beff7a1b45de6809258cab)
----
- source3/smbd/filename.c | 10 +++++-----
- 1 file changed, 5 insertions(+), 5 deletions(-)
-
-diff --git a/source3/smbd/filename.c b/source3/smbd/filename.c
-index 8ef0c0a..ca19369 100644
---- a/source3/smbd/filename.c
-+++ b/source3/smbd/filename.c
-@@ -716,7 +716,10 @@ NTSTATUS unix_convert(TALLOC_CTX *ctx,
- 				 * here.
- 				 */
- 				if (errno == EACCES) {
--					if (ucf_flags & UCF_CREATING_FILE) {
-+					if ((ucf_flags & UCF_CREATING_FILE) == 0) {
-+						status = NT_STATUS_ACCESS_DENIED;
-+						goto fail;
-+					} else {
- 						/*
- 						 * This is the dropbox
- 						 * behaviour. A dropbox is a
-@@ -728,11 +731,8 @@ NTSTATUS unix_convert(TALLOC_CTX *ctx,
- 						 * nevertheless want to allow
- 						 * users creating a file.
- 						 */
--						status = NT_STATUS_OBJECT_PATH_NOT_FOUND;
--					} else {
--						status = NT_STATUS_ACCESS_DENIED;
-+						errno = 0;
- 					}
--					goto fail;
- 				}
- 
- 				if ((errno != 0) && (errno != ENOENT)) {
--- 
-1.9.3
-
-
-From 38674e8f208a7e8f2ead72266292f30b7ea33c87 Mon Sep 17 00:00:00 2001
-From: Jeremy Allison <jra@samba.org>
-Date: Tue, 3 Dec 2013 10:19:09 -0800
-Subject: [PATCH 2/3] PATCHSET15: smbd: change flag name from UCF_CREATING_FILE
- to UCF_PREP_CREATEFILE
-
-In preparation to using it for all open calls.
-
-BUG: https://bugzilla.samba.org/show_bug.cgi?id=10297
-
-Signed-off-by: Jeremy Allison <jra@samba.org>
-Reviewed-by: Volker Lendecke <vl@samba.org>
-(cherry picked from commit 874318a97868e08837a1febb1be8e8a167b5ae0f)
----
- source3/include/smb.h      |  2 +-
- source3/smbd/filename.c    |  2 +-
- source3/smbd/nttrans.c     |  4 ++--
- source3/smbd/reply.c       | 10 +++++-----
- source3/smbd/smb2_create.c |  2 +-
- 5 files changed, 10 insertions(+), 10 deletions(-)
-
-diff --git a/source3/include/smb.h b/source3/include/smb.h
-index 2d04373..559e061 100644
---- a/source3/include/smb.h
-+++ b/source3/include/smb.h
-@@ -1716,7 +1716,7 @@ struct smb_file_time {
- #define UCF_COND_ALLOW_WCARD_LCOMP	0x00000004
- #define UCF_POSIX_PATHNAMES		0x00000008
- #define UCF_UNIX_NAME_LOOKUP		0x00000010
--#define UCF_CREATING_FILE		0x00000020
-+#define UCF_PREP_CREATEFILE		0x00000020
- 
- /*
-  * smb_filename
-diff --git a/source3/smbd/filename.c b/source3/smbd/filename.c
-index ca19369..2e68e52 100644
---- a/source3/smbd/filename.c
-+++ b/source3/smbd/filename.c
-@@ -716,7 +716,7 @@ NTSTATUS unix_convert(TALLOC_CTX *ctx,
- 				 * here.
- 				 */
- 				if (errno == EACCES) {
--					if ((ucf_flags & UCF_CREATING_FILE) == 0) {
-+					if ((ucf_flags & UCF_PREP_CREATEFILE) == 0) {
- 						status = NT_STATUS_ACCESS_DENIED;
- 						goto fail;
- 					} else {
-diff --git a/source3/smbd/nttrans.c b/source3/smbd/nttrans.c
-index 4c145e0..f5da720 100644
---- a/source3/smbd/nttrans.c
-+++ b/source3/smbd/nttrans.c
-@@ -537,7 +537,7 @@ void reply_ntcreate_and_X(struct smb_request *req)
- 				req->flags2 & FLAGS2_DFS_PATHNAMES,
- 				fname,
- 				(create_disposition == FILE_CREATE)
--					? UCF_CREATING_FILE : 0,
-+				  ? UCF_PREP_CREATEFILE : 0,
- 				NULL,
- 				&smb_fname);
- 
-@@ -1167,7 +1167,7 @@ static void call_nt_transact_create(connection_struct *conn,
- 				req->flags2 & FLAGS2_DFS_PATHNAMES,
- 				fname,
- 				(create_disposition == FILE_CREATE)
--					? UCF_CREATING_FILE : 0,
-+				  ? UCF_PREP_CREATEFILE : 0,
- 				NULL,
- 				&smb_fname);
- 
-diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c
-index 0585a6e..8478031 100644
---- a/source3/smbd/reply.c
-+++ b/source3/smbd/reply.c
-@@ -1761,7 +1761,7 @@ void reply_open(struct smb_request *req)
- 				req->flags2 & FLAGS2_DFS_PATHNAMES,
- 				fname,
- 				(create_disposition == FILE_CREATE)
--					? UCF_CREATING_FILE : 0,
-+				  ? UCF_PREP_CREATEFILE : 0,
- 				NULL,
- 				&smb_fname);
- 	if (!NT_STATUS_IS_OK(status)) {
-@@ -1939,7 +1939,7 @@ void reply_open_and_X(struct smb_request *req)
- 				req->flags2 & FLAGS2_DFS_PATHNAMES,
- 				fname,
- 				(create_disposition == FILE_CREATE)
--					? UCF_CREATING_FILE : 0,
-+				  ? UCF_PREP_CREATEFILE : 0,
- 				NULL,
- 				&smb_fname);
- 	if (!NT_STATUS_IS_OK(status)) {
-@@ -2147,7 +2147,7 @@ void reply_mknew(struct smb_request *req)
- 				conn,
- 				req->flags2 & FLAGS2_DFS_PATHNAMES,
- 				fname,
--				UCF_CREATING_FILE,
-+				UCF_PREP_CREATEFILE,
- 				NULL,
- 				&smb_fname);
- 	if (!NT_STATUS_IS_OK(status)) {
-@@ -2288,7 +2288,7 @@ void reply_ctemp(struct smb_request *req)
- 		status = filename_convert(ctx, conn,
- 				req->flags2 & FLAGS2_DFS_PATHNAMES,
- 				fname,
--				UCF_CREATING_FILE,
-+				UCF_PREP_CREATEFILE,
- 				NULL,
- 				&smb_fname);
- 		if (!NT_STATUS_IS_OK(status)) {
-@@ -5541,7 +5541,7 @@ void reply_mkdir(struct smb_request *req)
- 	status = filename_convert(ctx, conn,
- 				 req->flags2 & FLAGS2_DFS_PATHNAMES,
- 				 directory,
--				 UCF_CREATING_FILE,
-+				 UCF_PREP_CREATEFILE,
- 				 NULL,
- 				 &smb_dname);
- 	if (!NT_STATUS_IS_OK(status)) {
-diff --git a/source3/smbd/smb2_create.c b/source3/smbd/smb2_create.c
-index 0862990..cd15852 100644
---- a/source3/smbd/smb2_create.c
-+++ b/source3/smbd/smb2_create.c
-@@ -695,7 +695,7 @@ static struct tevent_req *smbd_smb2_create_send(TALLOC_CTX *mem_ctx,
- 					  smb1req->flags2 & FLAGS2_DFS_PATHNAMES,
- 					  fname,
- 					  (in_create_disposition == FILE_CREATE) ?
--						UCF_CREATING_FILE : 0,
-+						  UCF_PREP_CREATEFILE : 0,
- 					  NULL,
- 					  &smb_fname);
- 		if (!NT_STATUS_IS_OK(status)) {
--- 
-1.9.3
-
-
-From d3fb56a7239ef4173ff13f2fec2beb44402dee6b Mon Sep 17 00:00:00 2001
-From: Jeremy Allison <jra@samba.org>
-Date: Tue, 3 Dec 2013 10:21:16 -0800
-Subject: [PATCH 3/3] PATCHSET15: smbd: Always use UCF_PREP_CREATEFILE for
- filename_convert calls to resolve a path for open.
-
-BUG: https://bugzilla.samba.org/show_bug.cgi?id=10297
-
-Signed-off-by: Jeremy Allison <jra@samba.org>
-Reviewed-by: Volker Lendecke <vl@samba.org>
-
-Autobuild-User(master): Jeremy Allison <jra@samba.org>
-Autobuild-Date(master): Mon Dec  9 21:02:21 CET 2013 on sn-devel-104
-
-(cherry picked from commit f98d10af2a05f0261611f4cabdfe274cd9fe91c0)
----
- source3/smbd/nttrans.c     | 6 ++----
- source3/smbd/reply.c       | 6 ++----
- source3/smbd/smb2_create.c | 3 +--
- 3 files changed, 5 insertions(+), 10 deletions(-)
-
-diff --git a/source3/smbd/nttrans.c b/source3/smbd/nttrans.c
-index f5da720..f7d9b9d 100644
---- a/source3/smbd/nttrans.c
-+++ b/source3/smbd/nttrans.c
-@@ -536,8 +536,7 @@ void reply_ntcreate_and_X(struct smb_request *req)
- 				conn,
- 				req->flags2 & FLAGS2_DFS_PATHNAMES,
- 				fname,
--				(create_disposition == FILE_CREATE)
--				  ? UCF_PREP_CREATEFILE : 0,
-+				UCF_PREP_CREATEFILE,
- 				NULL,
- 				&smb_fname);
- 
-@@ -1166,8 +1165,7 @@ static void call_nt_transact_create(connection_struct *conn,
- 				conn,
- 				req->flags2 & FLAGS2_DFS_PATHNAMES,
- 				fname,
--				(create_disposition == FILE_CREATE)
--				  ? UCF_PREP_CREATEFILE : 0,
-+				UCF_PREP_CREATEFILE,
- 				NULL,
- 				&smb_fname);
- 
-diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c
-index 8478031..1583c23 100644
---- a/source3/smbd/reply.c
-+++ b/source3/smbd/reply.c
-@@ -1760,8 +1760,7 @@ void reply_open(struct smb_request *req)
- 				conn,
- 				req->flags2 & FLAGS2_DFS_PATHNAMES,
- 				fname,
--				(create_disposition == FILE_CREATE)
--				  ? UCF_PREP_CREATEFILE : 0,
-+				UCF_PREP_CREATEFILE,
- 				NULL,
- 				&smb_fname);
- 	if (!NT_STATUS_IS_OK(status)) {
-@@ -1938,8 +1937,7 @@ void reply_open_and_X(struct smb_request *req)
- 				conn,
- 				req->flags2 & FLAGS2_DFS_PATHNAMES,
- 				fname,
--				(create_disposition == FILE_CREATE)
--				  ? UCF_PREP_CREATEFILE : 0,
-+				UCF_PREP_CREATEFILE,
- 				NULL,
- 				&smb_fname);
- 	if (!NT_STATUS_IS_OK(status)) {
-diff --git a/source3/smbd/smb2_create.c b/source3/smbd/smb2_create.c
-index cd15852..d0cda33 100644
---- a/source3/smbd/smb2_create.c
-+++ b/source3/smbd/smb2_create.c
-@@ -694,8 +694,7 @@ static struct tevent_req *smbd_smb2_create_send(TALLOC_CTX *mem_ctx,
- 					  smb1req->conn,
- 					  smb1req->flags2 & FLAGS2_DFS_PATHNAMES,
- 					  fname,
--					  (in_create_disposition == FILE_CREATE) ?
--						  UCF_PREP_CREATEFILE : 0,
-+					  UCF_PREP_CREATEFILE,
- 					  NULL,
- 					  &smb_fname);
- 		if (!NT_STATUS_IS_OK(status)) {
--- 
-1.9.3
-

src/patches/samba/samba-3.6.99-fix_force_group.patch

@@ -1,68 +0,0 @@
-From a502759e2e20e8001355b26d1e974a7116d78b92 Mon Sep 17 00:00:00 2001
-From: Justin Maggard <jmaggard@netgear.com>
-Date: Tue, 21 Jul 2015 15:17:30 -0700
-Subject: [PATCH] PATCHSET27: s3-passdb: Respect LOOKUP_NAME_GROUP flag in sid
- lookup.
-
-Somewhere along the line, a config line like "valid users = @foo"
-broke when "foo" also exists as a user.
-
-user_ok_token() already does the right thing by adding the LOOKUP_NAME_GROUP
-flag; but lookup_name() was not respecting that flag, and went ahead and looked
-for users anyway.
-
-Regression test to follow.
-
-BUG: https://bugzilla.samba.org/show_bug.cgi?id=11320
-
-Signed-off-by: Justin Maggard <jmaggard@netgear.com>
-Reviewed-by: Jeremy Allison <jra@samba.org>
-Reviewed-by: Marc Muehlfeld <mmuehlfeld@samba.org>
-
-Autobuild-User(master): Jeremy Allison <jra@samba.org>
-Autobuild-Date(master): Tue Jul 28 21:35:58 CEST 2015 on sn-devel-104
-
-(cherry picked from commit dc99d451bf23668d73878847219682fced547622)
----
- source3/passdb/lookup_sid.c | 4 ++--
- source3/passdb/lookup_sid.h | 2 +-
- 2 files changed, 3 insertions(+), 3 deletions(-)
-
-diff --git a/source3/passdb/lookup_sid.c b/source3/passdb/lookup_sid.c
-index dcc2911..18d0e37 100644
---- a/source3/passdb/lookup_sid.c
-+++ b/source3/passdb/lookup_sid.c
-@@ -119,7 +119,7 @@ bool lookup_name(TALLOC_CTX *mem_ctx,
- 			goto ok;
- 	}
- 
--	if (((flags & LOOKUP_NAME_NO_NSS) == 0)
-+	if (((flags & (LOOKUP_NAME_NO_NSS|LOOKUP_NAME_GROUP)) == 0)
- 	    && strequal(domain, unix_users_domain_name())) {
- 		if (lookup_unix_user_name(name, &sid)) {
- 			type = SID_NAME_USER;
-@@ -292,7 +292,7 @@ bool lookup_name(TALLOC_CTX *mem_ctx,
- 	/* 11. Ok, windows would end here. Samba has two more options:
-                Unmapped users and unmapped groups */
- 
--	if (((flags & LOOKUP_NAME_NO_NSS) == 0)
-+	if (((flags & (LOOKUP_NAME_NO_NSS|LOOKUP_NAME_GROUP)) == 0)
- 	    && lookup_unix_user_name(name, &sid)) {
- 		domain = talloc_strdup(tmp_ctx, unix_users_domain_name());
- 		type = SID_NAME_USER;
-diff --git a/source3/passdb/lookup_sid.h b/source3/passdb/lookup_sid.h
-index b2f5cf5..4b26e0a 100644
---- a/source3/passdb/lookup_sid.h
-+++ b/source3/passdb/lookup_sid.h
-@@ -29,7 +29,7 @@
- #define LOOKUP_NAME_NONE		0x00000000
- #define LOOKUP_NAME_ISOLATED             0x00000001  /* Look up unqualified names */
- #define LOOKUP_NAME_REMOTE               0x00000002  /* Ask others */
--#define LOOKUP_NAME_GROUP                0x00000004  /* (unused) This is a NASTY hack for
-+#define LOOKUP_NAME_GROUP                0x00000004  /* This is a NASTY hack for
- 							valid users = @foo where foo also
- 							exists in as user. */
- #define LOOKUP_NAME_NO_NSS		 0x00000008  /* no NSS calls to avoid
--- 
-2.5.0
-

src/patches/samba/samba-3.6.99-fix_force_user_winbind_default_domain.patch

@@ -1,58 +0,0 @@
-From 4d187b353d77761d40b04b8451f7ebe11fc8fab8 Mon Sep 17 00:00:00 2001
-From: Andreas Schneider <asn@samba.org>
-Date: Tue, 31 Mar 2015 18:15:51 +0200
-Subject: [PATCH] PATCHSET24: s3-passdb: Fix 'force user' with winbind default
- domain
-
-If we set 'winbind use default domain' and specify 'force user = user'
-without a domain name we fail to log in. In this case we need to try a
-lookup with the domain name.
-
-BUG: https://bugzilla.samba.org/show_bug.cgi?id=11185
-
-Signed-off-by: Andreas Schneider <asn@samba.org>
-Reviewed-by: Jeremy Allison <jra@samba.org>
-
-(cherry picked from commit cd4442c7ac93e165862c9195a7c345472646aa59)
----
- source3/passdb/lookup_sid.c | 24 ++++++++++++++++++++++++
- 1 file changed, 24 insertions(+)
-
-diff --git a/source3/passdb/lookup_sid.c b/source3/passdb/lookup_sid.c
-index 64a181e..dcc2911 100644
---- a/source3/passdb/lookup_sid.c
-+++ b/source3/passdb/lookup_sid.c
-@@ -391,6 +391,30 @@ bool lookup_name_smbconf(TALLOC_CTX *mem_ctx,
- 				ret_sid, ret_type);
- 	}
- 
-+	/* Try with winbind default domain name. */
-+	if (lp_winbind_use_default_domain()) {
-+		bool ok;
-+
-+		qualified_name = talloc_asprintf(mem_ctx,
-+						 "%s\\%s",
-+						 lp_workgroup(),
-+						 full_name);
-+		if (qualified_name == NULL) {
-+			return false;
-+		}
-+
-+		ok = lookup_name(mem_ctx,
-+				 qualified_name,
-+				 flags,
-+				 ret_domain,
-+				 ret_name,
-+				 ret_sid,
-+				 ret_type);
-+		if (ok) {
-+			return true;
-+		}
-+	}
-+
- 	/* Try with our own SAM name. */
- 	qualified_name = talloc_asprintf(mem_ctx, "%s\\%s",
- 				get_global_sam_name(),
--- 
-2.1.0
-

src/patches/samba/samba-3.6.99-fix_gecos_interactive.patch

@@ -1,922 +0,0 @@
-commit 8a7159aa1b000593ffe89ca8d7477e6373764aaf
-Author:     Günther Deschner <gd@samba.org>
-AuthorDate: Tue Jul 15 14:16:56 2014 +0200
-Commit:     Andreas Schneider <asn@samba.org>
-CommitDate: Tue Jul 15 15:25:27 2014 +0200
-
-    PATCHSET14 s3-rpc_client: return info3 in rpccli_netlogon_password_logon().
-    
-    Guenther
-    
-    Signed-off-by: Günther Deschner <gd@samba.org>
-    Pair-Programmed-With: Andreas Schneider <asn@samba.org>
-    Reviewed-by: Andreas Schneider <asn@samba.org>
----
- source3/rpc_client/cli_netlogon.c | 100 +++++++++++++++++++++-----------------
- source3/rpc_client/cli_netlogon.h |   3 +-
- source3/rpcclient/cmd_netlogon.c  |   3 +-
- 3 files changed, 60 insertions(+), 46 deletions(-)
-
-diff --git a/source3/rpc_client/cli_netlogon.c b/source3/rpc_client/cli_netlogon.c
-index c69a933..9454226 100644
---- a/source3/rpc_client/cli_netlogon.c
-+++ b/source3/rpc_client/cli_netlogon.c
-@@ -153,6 +153,53 @@ NTSTATUS rpccli_netlogon_setup_creds(struct rpc_pipe_client *cli,
- 	return NT_STATUS_OK;
- }
- 
-+static NTSTATUS map_validation_to_info3(TALLOC_CTX *mem_ctx,
-+					uint16_t validation_level,
-+					union netr_Validation *validation,
-+					struct netr_SamInfo3 **info3_p)
-+{
-+	struct netr_SamInfo3 *info3;
-+	NTSTATUS status;
-+
-+	if (validation == NULL) {
-+		return NT_STATUS_INVALID_PARAMETER;
-+	}
-+
-+	switch (validation_level) {
-+	case 3:
-+		if (validation->sam3 == NULL) {
-+			return NT_STATUS_INVALID_PARAMETER;
-+		}
-+
-+		info3 = talloc_move(mem_ctx, &validation->sam3);
-+		break;
-+	case 6:
-+		if (validation->sam6 == NULL) {
-+			return NT_STATUS_INVALID_PARAMETER;
-+		}
-+
-+		info3 = talloc_zero(mem_ctx, struct netr_SamInfo3);
-+		if (info3 == NULL) {
-+			return NT_STATUS_NO_MEMORY;
-+		}
-+		status = copy_netr_SamBaseInfo(info3, &validation->sam6->base, &info3->base);
-+		if (!NT_STATUS_IS_OK(status)) {
-+			TALLOC_FREE(info3);
-+			return status;
-+		}
-+
-+		info3->sidcount = validation->sam6->sidcount;
-+		info3->sids = talloc_move(info3, &validation->sam6->sids);
-+		break;
-+	default:
-+		return NT_STATUS_BAD_VALIDATION_CLASS;
-+	}
-+
-+	*info3_p = info3;
-+
-+	return NT_STATUS_OK;
-+}
-+
- /* Logon domain user */
- 
- NTSTATUS rpccli_netlogon_sam_logon(struct rpc_pipe_client *cli,
-@@ -163,7 +210,8 @@ NTSTATUS rpccli_netlogon_sam_logon(struct rpc_pipe_client *cli,
- 				   const char *password,
- 				   const char *workstation,
- 				   uint16_t validation_level,
--				   int logon_type)
-+				   int logon_type,
-+				   struct netr_SamInfo3 **info3)
- {
- 	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
- 	NTSTATUS status;
-@@ -298,54 +346,18 @@ NTSTATUS rpccli_netlogon_sam_logon(struct rpc_pipe_client *cli,
- 		return NT_STATUS_ACCESS_DENIED;
- 	}
- 
--	return result;
--}
--
--static NTSTATUS map_validation_to_info3(TALLOC_CTX *mem_ctx,
--					uint16_t validation_level,
--					union netr_Validation *validation,
--					struct netr_SamInfo3 **info3_p)
--{
--	struct netr_SamInfo3 *info3;
--	NTSTATUS status;
--
--	if (validation == NULL) {
--		return NT_STATUS_INVALID_PARAMETER;
-+	if (!NT_STATUS_IS_OK(result)) {
-+		return result;
- 	}
- 
--	switch (validation_level) {
--	case 3:
--		if (validation->sam3 == NULL) {
--			return NT_STATUS_INVALID_PARAMETER;
--		}
--
--		info3 = talloc_move(mem_ctx, &validation->sam3);
--		break;
--	case 6:
--		if (validation->sam6 == NULL) {
--			return NT_STATUS_INVALID_PARAMETER;
--		}
--
--		info3 = talloc_zero(mem_ctx, struct netr_SamInfo3);
--		if (info3 == NULL) {
--			return NT_STATUS_NO_MEMORY;
--		}
--		status = copy_netr_SamBaseInfo(info3, &validation->sam6->base, &info3->base);
--		if (!NT_STATUS_IS_OK(status)) {
--			TALLOC_FREE(info3);
--			return status;
--		}
-+	netlogon_creds_decrypt_samlogon(cli->dc, validation_level, &validation);
- 
--		info3->sidcount = validation->sam6->sidcount;
--		info3->sids = talloc_move(info3, &validation->sam6->sids);
--		break;
--	default:
--		return NT_STATUS_BAD_VALIDATION_CLASS;
-+	result = map_validation_to_info3(mem_ctx, validation_level, &validation, info3);
-+	if (!NT_STATUS_IS_OK(result)) {
-+		return result;
- 	}
- 
--	*info3_p = info3;
--
--	return NT_STATUS_OK;
-+	return result;
- }
- 
- /**
-diff --git a/source3/rpc_client/cli_netlogon.h b/source3/rpc_client/cli_netlogon.h
-index ad59d5b..9c6cbc8 100644
---- a/source3/rpc_client/cli_netlogon.h
-+++ b/source3/rpc_client/cli_netlogon.h
-@@ -41,7 +41,8 @@ NTSTATUS rpccli_netlogon_sam_logon(struct rpc_pipe_client *cli,
- 				   const char *password,
- 				   const char *workstation,
- 				   uint16_t validation_level,
--				   int logon_type);
-+				   int logon_type,
-+				   struct netr_SamInfo3 **info3);
- NTSTATUS rpccli_netlogon_sam_network_logon(struct rpc_pipe_client *cli,
- 					   TALLOC_CTX *mem_ctx,
- 					   uint32 logon_parameters,
-diff --git a/source3/rpcclient/cmd_netlogon.c b/source3/rpcclient/cmd_netlogon.c
-index 63057ac..e285145 100644
---- a/source3/rpcclient/cmd_netlogon.c
-+++ b/source3/rpcclient/cmd_netlogon.c
-@@ -724,6 +724,7 @@ static NTSTATUS cmd_netlogon_sam_logon(struct rpc_pipe_client *cli,
- 	uint16_t validation_level = 3;
- 	uint32 logon_param = 0;
- 	const char *workstation = NULL;
-+	struct netr_SamInfo3 *info3 = NULL;
- 
- 	/* Check arguments */
- 
-@@ -750,7 +751,7 @@ static NTSTATUS cmd_netlogon_sam_logon(struct rpc_pipe_client *cli,
- 
- 	/* Perform the sam logon */
- 
--	result = rpccli_netlogon_sam_logon(cli, mem_ctx, logon_param, lp_workgroup(), username, password, workstation, validation_level, logon_type);
-+	result = rpccli_netlogon_sam_logon(cli, mem_ctx, logon_param, lp_workgroup(), username, password, workstation, validation_level, logon_type, &info3);
- 
- 	if (!NT_STATUS_IS_OK(result))
- 		goto done;
-commit 53c404ade6d660c449a9dddb56aa80dc6d5ea920
-Author:     Günther Deschner <gd@samba.org>
-AuthorDate: Tue Jul 15 14:25:19 2014 +0200
-Commit:     Andreas Schneider <asn@samba.org>
-CommitDate: Tue Jul 15 15:25:29 2014 +0200
-
-    PATCHSET14 s3-winbindd: call interactive samlogon via rpccli_netlogon_password_logon.
-    
-    Guenther
-    
-    Signed-off-by: Guenther Deschner <gd@samba.org>
-    Pair-Programmed-With: Andreas Schneider <asn@samba.org>
-    Reviewed-by: Andreas Schneider <asn@samba.org>
----
- source3/winbindd/winbindd_pam.c | 20 +++++++++++++++++++-
- 1 file changed, 19 insertions(+), 1 deletion(-)
-
-diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winbindd_pam.c
-index 125e393..2b31d54 100644
---- a/source3/winbindd/winbindd_pam.c
-+++ b/source3/winbindd/winbindd_pam.c
-@@ -1152,11 +1152,13 @@ static NTSTATUS winbind_samlogon_retry_loop(struct winbindd_domain *domain,
- 					    uint32_t logon_parameters,
- 					    const char *server,
- 					    const char *username,
-+					    const char *password,
- 					    const char *domainname,
- 					    const char *workstation,
- 					    const uint8_t chal[8],
- 					    DATA_BLOB lm_response,
- 					    DATA_BLOB nt_response,
-+					    bool interactive,
- 					    struct netr_SamInfo3 **info3)
- {
- 	int attempts = 0;
-@@ -1269,7 +1271,19 @@ static NTSTATUS winbind_samlogon_retry_loop(struct winbindd_domain *domain,
- 			domain->can_do_validation6 = false;
- 		}
- 
--		if (domain->can_do_samlogon_ex && domain->can_do_validation6) {
-+		if (interactive && username != NULL && password != NULL) {
-+			result = rpccli_netlogon_sam_logon(
-+					netlogon_pipe,
-+					mem_ctx,
-+					logon_parameters,
-+					domainname,
-+					username,
-+					password,
-+					workstation,
-+					3, /* FIXME */
-+					NetlogonInteractiveInformation,
-+					info3);
-+		} else if (domain->can_do_samlogon_ex && domain->can_do_validation6) {
- 			result = rpccli_netlogon_sam_network_logon_ex(
- 					netlogon_pipe,
- 					mem_ctx,
-@@ -1453,11 +1467,13 @@ static NTSTATUS winbindd_dual_pam_auth_samlogon(TALLOC_CTX *mem_ctx,
- 					     0,
- 					     domain->dcname,
- 					     name_user,
-+					     pass,
- 					     name_domain,
- 					     global_myname(),
- 					     chal,
- 					     lm_resp,
- 					     nt_resp,
-+					     true,
- 					     &my_info3);
- 	if (!NT_STATUS_IS_OK(result)) {
- 		goto done;
-@@ -1874,12 +1890,14 @@ enum winbindd_result winbindd_dual_pam_auth_crap(struct winbindd_domain *domain,
- 					     state->request->data.auth_crap.logon_parameters,
- 					     domain->dcname,
- 					     name_user,
-+					     NULL, /* password */
- 					     name_domain,
- 					     /* Bug #3248 - found by Stefan Burkei. */
- 					     workstation, /* We carefully set this above so use it... */
- 					     state->request->data.auth_crap.chal,
- 					     lm_resp,
- 					     nt_resp,
-+					     false, /* interactive */
- 					     &info3);
- 	if (!NT_STATUS_IS_OK(result)) {
- 		goto done;
-commit f73d1b92b78c4c3f23f411807273e3d09d39c10a
-Author:     Günther Deschner <gd@samba.org>
-AuthorDate: Mon Jul 7 17:14:37 2014 +0200
-Commit:     Andreas Schneider <asn@samba.org>
-CommitDate: Tue Jul 15 15:25:30 2014 +0200
-
-    PATCHSET14 s3-winbindd: add wcache_query_user_fullname().
-    
-    This helper function is used to query the full name of a cached user object (for
-    further gecos processing).
-    
-    Thanks to Matt Rogers <mrogers@redhat.com>.
-    
-    BUG: https://bugzilla.samba.org/show_bug.cgi?id=10440
-    
-    Guenther
-    
-    Pair-Programmed-With: Andreas Schneider <asn@samba.org>
-    Signed-off-by: Günther Deschner <gd@samba.org>
-    Reviewed-by: Andreas Schneider <asn@samba.org>
----
- source3/winbindd/winbindd_cache.c | 34 ++++++++++++++++++++++++++++++++++
- source3/winbindd/winbindd_proto.h |  4 ++++
- 2 files changed, 38 insertions(+)
-
-diff --git a/source3/winbindd/winbindd_cache.c b/source3/winbindd/winbindd_cache.c
-index 0a65953..82c8087 100644
---- a/source3/winbindd/winbindd_cache.c
-+++ b/source3/winbindd/winbindd_cache.c
-@@ -2282,6 +2282,40 @@ NTSTATUS wcache_query_user(struct winbindd_domain *domain,
- 	return status;
- }
- 
-+
-+/**
-+* @brief Query a fullname from the username cache (for further gecos processing)
-+*
-+* @param domain		A pointer to the winbindd_domain struct.
-+* @param mem_ctx	The talloc context.
-+* @param user_sid	The user sid.
-+* @param full_name	A pointer to the full_name string.
-+*
-+* @return NTSTATUS code
-+*/
-+NTSTATUS wcache_query_user_fullname(struct winbindd_domain *domain,
-+				    TALLOC_CTX *mem_ctx,
-+				    const struct dom_sid *user_sid,
-+				    const char **full_name)
-+{
-+	NTSTATUS status;
-+	struct wbint_userinfo info;
-+
-+	status = wcache_query_user(domain, mem_ctx, user_sid, &info);
-+	if (!NT_STATUS_IS_OK(status)) {
-+		return status;
-+	}
-+
-+	if (info.full_name != NULL) {
-+		*full_name = talloc_strdup(mem_ctx, info.full_name);
-+		if (*full_name == NULL) {
-+			return NT_STATUS_NO_MEMORY;
-+		}
-+	}
-+
-+	return NT_STATUS_OK;
-+}
-+
- /* Lookup user information from a rid */
- static NTSTATUS query_user(struct winbindd_domain *domain,
- 			   TALLOC_CTX *mem_ctx,
-diff --git a/source3/winbindd/winbindd_proto.h b/source3/winbindd/winbindd_proto.h
-index 82176b2..585853e 100644
---- a/source3/winbindd/winbindd_proto.h
-+++ b/source3/winbindd/winbindd_proto.h
-@@ -103,6 +103,10 @@ NTSTATUS wcache_query_user(struct winbindd_domain *domain,
- 			   TALLOC_CTX *mem_ctx,
- 			   const struct dom_sid *user_sid,
- 			   struct wbint_userinfo *info);
-+NTSTATUS wcache_query_user_fullname(struct winbindd_domain *domain,
-+				    TALLOC_CTX *mem_ctx,
-+				    const struct dom_sid *user_sid,
-+				    const char **full_name);
- NTSTATUS wcache_lookup_useraliases(struct winbindd_domain *domain,
- 				   TALLOC_CTX *mem_ctx,
- 				   uint32 num_sids, const struct dom_sid *sids,
-commit d4d04c269ade1e96f84b71e60a1c6c322eec5514
-Author:     Günther Deschner <gd@samba.org>
-AuthorDate: Mon Jul 7 17:16:32 2014 +0200
-Commit:     Andreas Schneider <asn@samba.org>
-CommitDate: Tue Jul 15 15:25:31 2014 +0200
-
-    PATCHSET14 s3-winbindd: use wcache_query_user_fullname after inspecting samlogon cache.
-    
-    The reason for this followup query is that very often the samlogon cache only
-    contains a info3 netlogon user structure that has been retrieved during a
-    netlogon samlogon authentication using "network" logon level. With that logon
-    level only a few info3 fields are filled in; the user's fullname is never filled
-    in that case. This is problematic when the cache is used to fill in the user's
-    gecos field (for NSS queries). When we have retrieved the user's fullname during
-    other queries, reuse it from the other caches.
-    
-    Thanks to Matt Rogers <mrogers@redhat.com>.
-    
-    BUG: https://bugzilla.samba.org/show_bug.cgi?id=10440
-    
-    Guenther
-    
-    Pair-Programmed-With: Andreas Schneider <asn@samba.org>
-    Signed-off-by: Guenther Deschner <gd@samba.org>
-    Reviewed-by: Andreas Schneider <asn@samba.org>
----
- source3/winbindd/winbindd_ads.c   |  8 ++++++++
- source3/winbindd/winbindd_msrpc.c |  8 ++++++++
- source3/winbindd/winbindd_pam.c   | 41 +++++++++++++++++++++++++++++++++++++++
- 3 files changed, 57 insertions(+)
-
-diff --git a/source3/winbindd/winbindd_ads.c b/source3/winbindd/winbindd_ads.c
-index 3099ff0..7d960fc 100644
---- a/source3/winbindd/winbindd_ads.c
-+++ b/source3/winbindd/winbindd_ads.c
-@@ -515,6 +515,14 @@ static NTSTATUS query_user(struct winbindd_domain *domain,
- 
- 		TALLOC_FREE(user);
- 
-+		if (info->full_name == NULL) {
-+			/* this might fail so we dont check the return code */
-+			wcache_query_user_fullname(domain,
-+						   mem_ctx,
-+						   sid,
-+						   &info->full_name);
-+		}
-+
- 		return NT_STATUS_OK;
- 	}
- 
-diff --git a/source3/winbindd/winbindd_msrpc.c b/source3/winbindd/winbindd_msrpc.c
-index b426884..eae822c 100644
---- a/source3/winbindd/winbindd_msrpc.c
-+++ b/source3/winbindd/winbindd_msrpc.c
-@@ -439,6 +439,14 @@ static NTSTATUS msrpc_query_user(struct winbindd_domain *domain,
- 		user_info->full_name = talloc_strdup(user_info,
- 						     user->base.full_name.string);
- 
-+		if (user_info->full_name == NULL) {
-+			/* this might fail so we dont check the return code */
-+			wcache_query_user_fullname(domain,
-+						   mem_ctx,
-+						   user_sid,
-+						   &user_info->full_name);
-+		}
-+
- 		status = NT_STATUS_OK;
- 		goto done;
- 	}
-diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winbindd_pam.c
-index 2b31d54..86b352e 100644
---- a/source3/winbindd/winbindd_pam.c
-+++ b/source3/winbindd/winbindd_pam.c
-@@ -1739,6 +1739,26 @@ process_result:
- 		sid_compose(&user_sid, info3->base.domain_sid,
- 			    info3->base.rid);
- 
-+		if (info3->base.full_name.string == NULL) {
-+			struct netr_SamInfo3 *cached_info3;
-+
-+			cached_info3 = netsamlogon_cache_get(state->mem_ctx,
-+							     &user_sid);
-+			if (cached_info3 != NULL &&
-+			    cached_info3->base.full_name.string != NULL) {
-+				info3->base.full_name.string =
-+					talloc_strdup(info3,
-+						      cached_info3->base.full_name.string);
-+			} else {
-+
-+				/* this might fail so we dont check the return code */
-+				wcache_query_user_fullname(domain,
-+						info3,
-+						&user_sid,
-+						&info3->base.full_name.string);
-+			}
-+		}
-+
- 		wcache_invalidate_samlogon(find_domain_from_name(name_domain),
- 					   &user_sid);
- 		netsamlogon_cache_store(name_user, info3);
-@@ -1910,6 +1930,27 @@ process_result:
- 
- 		sid_compose(&user_sid, info3->base.domain_sid,
- 			    info3->base.rid);
-+
-+		if (info3->base.full_name.string == NULL) {
-+			struct netr_SamInfo3 *cached_info3;
-+
-+			cached_info3 = netsamlogon_cache_get(state->mem_ctx,
-+							     &user_sid);
-+			if (cached_info3 != NULL &&
-+			    cached_info3->base.full_name.string != NULL) {
-+				info3->base.full_name.string =
-+					talloc_strdup(info3,
-+						      cached_info3->base.full_name.string);
-+			} else {
-+
-+				/* this might fail so we dont check the return code */
-+				wcache_query_user_fullname(domain,
-+						info3,
-+						&user_sid,
-+						&info3->base.full_name.string);
-+			}
-+		}
-+
- 		wcache_invalidate_samlogon(find_domain_from_name(name_domain),
- 					   &user_sid);
- 		netsamlogon_cache_store(name_user, info3);
-commit 7a38729ac2b93d0bd8c2450821cfcedff6fa3f53
-Author:     Günther Deschner <gd@samba.org>
-AuthorDate: Wed Jul 9 13:36:06 2014 +0200
-Commit:     Andreas Schneider <asn@samba.org>
-CommitDate: Tue Jul 15 15:25:32 2014 +0200
-
-    PATCHSET14 samlogon_cache: use a talloc_stackframe inside netsamlogon_cache_store.
-    
-    Guenther
-    
-    Signed-off-by: Günther Deschner <gd@samba.org>
-    Reviewed-by: Andreas Schneider <asn@samba.org>
----
- source3/libsmb/samlogon_cache.c | 13 ++++---------
- 1 file changed, 4 insertions(+), 9 deletions(-)
-
-diff --git a/source3/libsmb/samlogon_cache.c b/source3/libsmb/samlogon_cache.c
-index 590c950..4281965 100644
---- a/source3/libsmb/samlogon_cache.c
-+++ b/source3/libsmb/samlogon_cache.c
-@@ -132,7 +132,7 @@ bool netsamlogon_cache_store(const char *username, struct netr_SamInfo3 *info3)
- 	bool result = false;
- 	struct dom_sid	user_sid;
- 	time_t t = time(NULL);
--	TALLOC_CTX *mem_ctx;
-+	TALLOC_CTX *tmp_ctx = talloc_stackframe();
- 	DATA_BLOB blob;
- 	enum ndr_err_code ndr_err;
- 	struct netsamlogoncache_entry r;
-@@ -156,11 +156,6 @@ bool netsamlogon_cache_store(const char *username, struct netr_SamInfo3 *info3)
- 
- 	/* Prepare data */
- 
--	if (!(mem_ctx = TALLOC_P( NULL, int))) {
--		DEBUG(0,("netsamlogon_cache_store: talloc() failed!\n"));
--		return false;
--	}
--
- 	/* only Samba fills in the username, not sure why NT doesn't */
- 	/* so we fill it in since winbindd_getpwnam() makes use of it */
- 
-@@ -175,11 +170,11 @@ bool netsamlogon_cache_store(const char *username, struct netr_SamInfo3 *info3)
- 		NDR_PRINT_DEBUG(netsamlogoncache_entry, &r);
- 	}
- 
--	ndr_err = ndr_push_struct_blob(&blob, mem_ctx, &r,
-+	ndr_err = ndr_push_struct_blob(&blob, tmp_ctx, &r,
- 				       (ndr_push_flags_fn_t)ndr_push_netsamlogoncache_entry);
- 	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
- 		DEBUG(0,("netsamlogon_cache_store: failed to push entry to cache\n"));
--		TALLOC_FREE(mem_ctx);
-+		TALLOC_FREE(tmp_ctx);
- 		return false;
- 	}
- 
-@@ -190,7 +185,7 @@ bool netsamlogon_cache_store(const char *username, struct netr_SamInfo3 *info3)
- 		result = true;
- 	}
- 
--	TALLOC_FREE(mem_ctx);
-+	TALLOC_FREE(tmp_ctx);
- 
- 	return result;
- }
-commit f89b793bd672a66f5e75ade33467f6621545f0d4
-Author:     Andreas Schneider <asn@samba.org>
-AuthorDate: Thu Jul 3 16:17:46 2014 +0200
-Commit:     Andreas Schneider <asn@samba.org>
-CommitDate: Tue Jul 15 15:25:32 2014 +0200
-
-    PATCHSET14 samlogon_cache: avoid overwriting info3->base.full_name.string.
-    
-    This field servers as a source for the gecos field. We should not overwrite it
-    when a info3 struct from a samlogon network level gets saved in which case this
-    field is always NULL.
-    
-    BUG: https://bugzilla.samba.org/show_bug.cgi?id=10440
-    
-    Signed-off-by: Andreas Schneider <asn@samba.org>
-    Reviewed-by: Guenther Deschner <gd@samba.org>
----
- source3/libsmb/samlogon_cache.c | 14 ++++++++++++++
- 1 file changed, 14 insertions(+)
-
-diff --git a/source3/libsmb/samlogon_cache.c b/source3/libsmb/samlogon_cache.c
-index 4281965..8a3dbd2 100644
---- a/source3/libsmb/samlogon_cache.c
-+++ b/source3/libsmb/samlogon_cache.c
-@@ -156,6 +156,20 @@ bool netsamlogon_cache_store(const char *username, struct netr_SamInfo3 *info3)
- 
- 	/* Prepare data */
- 
-+	if (info3->base.full_name.string == NULL) {
-+		struct netr_SamInfo3 *cached_info3;
-+		const char *full_name = NULL;
-+
-+		cached_info3 = netsamlogon_cache_get(tmp_ctx, &user_sid);
-+		if (cached_info3 != NULL) {
-+			full_name = cached_info3->base.full_name.string;
-+		}
-+
-+		if (full_name != NULL) {
-+			info3->base.full_name.string = talloc_strdup(info3, full_name);
-+		}
-+	}
-+
- 	/* only Samba fills in the username, not sure why NT doesn't */
- 	/* so we fill it in since winbindd_getpwnam() makes use of it */
- 
-commit 8fcaeecf174a1c9088c84f271e2859f75e9a5101
-Author:     Andreas Schneider <asn@samba.org>
-AuthorDate: Thu Jul 3 16:19:42 2014 +0200
-Commit:     Andreas Schneider <asn@samba.org>
-CommitDate: Tue Jul 15 15:25:33 2014 +0200
-
-    PATCHSET14 s3-winbind: Don't set the gecos field to NULL.
-    
-    The value is loaded from the cache anyway. So it will be set to NULL if
-    it is not available.
-    
-    BUG: https://bugzilla.samba.org/show_bug.cgi?id=10440
-    
-    Signed-off-by: Andreas Schneider <asn@samba.org>
-    Reviewed-by: Guenther Deschner <gd@samba.org>
----
- source3/winbindd/nss_info_template.c | 1 -
- 1 file changed, 1 deletion(-)
-
-diff --git a/source3/winbindd/nss_info_template.c b/source3/winbindd/nss_info_template.c
-index 5fdfd9b..de93803 100644
---- a/source3/winbindd/nss_info_template.c
-+++ b/source3/winbindd/nss_info_template.c
-@@ -48,7 +48,6 @@ static NTSTATUS nss_template_get_info( struct nss_domain_entry *e,
- 	  username */
- 	*homedir = talloc_strdup( ctx, lp_template_homedir() );
- 	*shell   = talloc_strdup( ctx, lp_template_shell() );
--	*gecos   = NULL;
- 
- 	if ( !*homedir || !*shell ) {
- 		return NT_STATUS_NO_MEMORY;
-commit d32503872aec4fca41056b2d9d9bbb6b15ce9701
-Author:     Günther Deschner <gd@samba.org>
-AuthorDate: Tue Jul 15 16:21:08 2014 +0200
-Commit:     Andreas Schneider <asn@samba.org>
-CommitDate: Tue Jul 15 16:24:59 2014 +0200
-
-    PATCHSET14 s3-rpc_client: add rpccli_netlogon_sam_logon_ex().
-    
-    This function deals with interactive samlogon and does a dcerpc_netr_SamLogonEx
-    call (w/o credential chaining).
-    
-    Guenther
-    
-    Signed-off-by: Günther Deschner <gd@samba.org>
----
- source3/rpc_client/cli_netlogon.c | 152 ++++++++++++++++++++++++++++++++++++++
- source3/rpc_client/cli_netlogon.h |  10 +++
- 2 files changed, 162 insertions(+)
-
-diff --git a/source3/rpc_client/cli_netlogon.c b/source3/rpc_client/cli_netlogon.c
-index 9454226..0290944 100644
---- a/source3/rpc_client/cli_netlogon.c
-+++ b/source3/rpc_client/cli_netlogon.c
-@@ -360,6 +360,158 @@ NTSTATUS rpccli_netlogon_sam_logon(struct rpc_pipe_client *cli,
- 	return result;
- }
- 
-+/* Logon domain user */
-+
-+NTSTATUS rpccli_netlogon_sam_logon_ex(struct rpc_pipe_client *cli,
-+				      TALLOC_CTX *mem_ctx,
-+				      uint32 logon_parameters,
-+				      const char *domain,
-+				      const char *username,
-+				      const char *password,
-+				      const char *workstation,
-+				      uint16_t validation_level,
-+				      int logon_type,
-+				      struct netr_SamInfo3 **info3)
-+{
-+	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
-+	NTSTATUS status;
-+	struct netr_Authenticator ret_creds;
-+	union netr_LogonLevel *logon;
-+	union netr_Validation validation;
-+	uint8_t authoritative;
-+	fstring clnt_name_slash;
-+	struct dcerpc_binding_handle *b = cli->binding_handle;
-+	uint32_t flags = 0;
-+
-+	ZERO_STRUCT(ret_creds);
-+
-+	logon = TALLOC_ZERO_P(mem_ctx, union netr_LogonLevel);
-+	if (!logon) {
-+		return NT_STATUS_NO_MEMORY;
-+	}
-+
-+	if (workstation) {
-+		fstr_sprintf( clnt_name_slash, "\\\\%s", workstation );
-+	} else {
-+		fstr_sprintf( clnt_name_slash, "\\\\%s", global_myname() );
-+	}
-+
-+	/* Initialise input parameters */
-+
-+	switch (logon_type) {
-+	case NetlogonInteractiveInformation: {
-+
-+		struct netr_PasswordInfo *password_info;
-+
-+		struct samr_Password lmpassword;
-+		struct samr_Password ntpassword;
-+
-+		password_info = TALLOC_ZERO_P(mem_ctx, struct netr_PasswordInfo);
-+		if (!password_info) {
-+			return NT_STATUS_NO_MEMORY;
-+		}
-+
-+		nt_lm_owf_gen(password, ntpassword.hash, lmpassword.hash);
-+
-+		if (cli->dc->negotiate_flags & NETLOGON_NEG_ARCFOUR) {
-+			netlogon_creds_arcfour_crypt(cli->dc, lmpassword.hash, 16);
-+			netlogon_creds_arcfour_crypt(cli->dc, ntpassword.hash, 16);
-+		} else {
-+			netlogon_creds_des_encrypt(cli->dc, &lmpassword);
-+			netlogon_creds_des_encrypt(cli->dc, &ntpassword);
-+		}
-+
-+		password_info->identity_info.domain_name.string		= domain;
-+		password_info->identity_info.parameter_control		= logon_parameters;
-+		password_info->identity_info.logon_id_low		= 0xdead;
-+		password_info->identity_info.logon_id_high		= 0xbeef;
-+		password_info->identity_info.account_name.string	= username;
-+		password_info->identity_info.workstation.string		= clnt_name_slash;
-+
-+		password_info->lmpassword = lmpassword;
-+		password_info->ntpassword = ntpassword;
-+
-+		logon->password = password_info;
-+
-+		break;
-+	}
-+	case NetlogonNetworkInformation: {
-+		struct netr_NetworkInfo *network_info;
-+		uint8 chal[8];
-+		unsigned char local_lm_response[24];
-+		unsigned char local_nt_response[24];
-+		struct netr_ChallengeResponse lm;
-+		struct netr_ChallengeResponse nt;
-+
-+		ZERO_STRUCT(lm);
-+		ZERO_STRUCT(nt);
-+
-+		network_info = TALLOC_ZERO_P(mem_ctx, struct netr_NetworkInfo);
-+		if (!network_info) {
-+			return NT_STATUS_NO_MEMORY;
-+		}
-+
-+		generate_random_buffer(chal, 8);
-+
-+		SMBencrypt(password, chal, local_lm_response);
-+		SMBNTencrypt(password, chal, local_nt_response);
-+
-+		lm.length = 24;
-+		lm.data = local_lm_response;
-+
-+		nt.length = 24;
-+		nt.data = local_nt_response;
-+
-+		network_info->identity_info.domain_name.string		= domain;
-+		network_info->identity_info.parameter_control		= logon_parameters;
-+		network_info->identity_info.logon_id_low		= 0xdead;
-+		network_info->identity_info.logon_id_high		= 0xbeef;
-+		network_info->identity_info.account_name.string		= username;
-+		network_info->identity_info.workstation.string		= clnt_name_slash;
-+
-+		memcpy(network_info->challenge, chal, 8);
-+		network_info->nt = nt;
-+		network_info->lm = lm;
-+
-+		logon->network = network_info;
-+
-+		break;
-+	}
-+	default:
-+		DEBUG(0, ("switch value %d not supported\n",
-+			logon_type));
-+		return NT_STATUS_INVALID_INFO_CLASS;
-+	}
-+
-+	status = dcerpc_netr_LogonSamLogonEx(b, mem_ctx,
-+					     cli->srv_name_slash,
-+					     global_myname(),
-+					     logon_type,
-+					     logon,
-+					     validation_level,
-+					     &validation,
-+					     &authoritative,
-+					     &flags,
-+					     &result);
-+	if (!NT_STATUS_IS_OK(status)) {
-+		return status;
-+	}
-+
-+	if (!NT_STATUS_IS_OK(result)) {
-+		return result;
-+	}
-+
-+	netlogon_creds_decrypt_samlogon(cli->dc, validation_level, &validation);
-+
-+	result = map_validation_to_info3(mem_ctx, validation_level, &validation, info3);
-+	if (!NT_STATUS_IS_OK(result)) {
-+		return result;
-+	}
-+
-+	return result;
-+}
-+
-+
- /**
-  * Logon domain user with an 'network' SAM logon
-  *
-diff --git a/source3/rpc_client/cli_netlogon.h b/source3/rpc_client/cli_netlogon.h
-index 9c6cbc8..3763843 100644
---- a/source3/rpc_client/cli_netlogon.h
-+++ b/source3/rpc_client/cli_netlogon.h
-@@ -43,6 +43,16 @@ NTSTATUS rpccli_netlogon_sam_logon(struct rpc_pipe_client *cli,
- 				   uint16_t validation_level,
- 				   int logon_type,
- 				   struct netr_SamInfo3 **info3);
-+NTSTATUS rpccli_netlogon_sam_logon_ex(struct rpc_pipe_client *cli,
-+				      TALLOC_CTX *mem_ctx,
-+				      uint32 logon_parameters,
-+				      const char *domain,
-+				      const char *username,
-+				      const char *password,
-+				      const char *workstation,
-+				      uint16_t validation_level,
-+				      int logon_type,
-+				      struct netr_SamInfo3 **info3);
- NTSTATUS rpccli_netlogon_sam_network_logon(struct rpc_pipe_client *cli,
- 					   TALLOC_CTX *mem_ctx,
- 					   uint32 logon_parameters,
-commit f39f18e062207427ea436c85a7c721629a38bc0d
-Author:     Günther Deschner <gd@samba.org>
-AuthorDate: Tue Jul 15 16:22:15 2014 +0200
-Commit:     Andreas Schneider <asn@samba.org>
-CommitDate: Tue Jul 15 16:25:04 2014 +0200
-
-    PATCHSET14 s3-winbindd: prefer to do a rpccli_netlogon_sam_logon_ex if we can.
-    
-    Guenther
-    
-    Signed-off-by: Günther Deschner <gd@samba.org>
----
- source3/winbindd/winbindd_pam.c | 36 +++++++++++++++++++++++++-----------
- 1 file changed, 25 insertions(+), 11 deletions(-)
-
-diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winbindd_pam.c
-index 86b352e..e838ac6 100644
---- a/source3/winbindd/winbindd_pam.c
-+++ b/source3/winbindd/winbindd_pam.c
-@@ -1272,17 +1272,31 @@ static NTSTATUS winbind_samlogon_retry_loop(struct winbindd_domain *domain,
- 		}
- 
- 		if (interactive && username != NULL && password != NULL) {
--			result = rpccli_netlogon_sam_logon(
--					netlogon_pipe,
--					mem_ctx,
--					logon_parameters,
--					domainname,
--					username,
--					password,
--					workstation,
--					3, /* FIXME */
--					NetlogonInteractiveInformation,
--					info3);
-+			if (domain->can_do_samlogon_ex && domain->can_do_validation6) {
-+				result = rpccli_netlogon_sam_logon_ex(
-+						netlogon_pipe,
-+						mem_ctx,
-+						logon_parameters,
-+						domainname,
-+						username,
-+						password,
-+						workstation,
-+						6,
-+						NetlogonInteractiveInformation,
-+						info3);
-+			} else {
-+				result = rpccli_netlogon_sam_logon(
-+						netlogon_pipe,
-+						mem_ctx,
-+						logon_parameters,
-+						domainname,
-+						username,
-+						password,
-+						workstation,
-+						domain->can_do_validation6 ? 6 : 3,
-+						NetlogonInteractiveInformation,
-+						info3);
-+			}
- 		} else if (domain->can_do_samlogon_ex && domain->can_do_validation6) {
- 			result = rpccli_netlogon_sam_network_logon_ex(
- 					netlogon_pipe,
-From fa58aff691268b021ba4dde1eb580d0387b917e1 Mon Sep 17 00:00:00 2001
-From: Andreas Schneider <asn@samba.org>
-Date: Wed, 20 Aug 2014 15:51:21 +0200
-Subject: [PATCH] PATCHSET14: Reset netlogon pipe for interactive samlogon_ex.
-
----
- source3/winbindd/winbindd_pam.c | 12 ++++++++++++
- 1 file changed, 12 insertions(+)
-
-diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winbindd_pam.c
-index e838ac6..5316232 100644
---- a/source3/winbindd/winbindd_pam.c
-+++ b/source3/winbindd/winbindd_pam.c
-@@ -1297,6 +1297,18 @@ static NTSTATUS winbind_samlogon_retry_loop(struct winbindd_domain *domain,
- 						NetlogonInteractiveInformation,
- 						info3);
- 			}
-+
-+			if (NT_STATUS_EQUAL(result, NT_STATUS_WRONG_PASSWORD)) {
-+				/*
-+				 * HACK: This is a 3.6 hack that we get a new
-+				 * session_key to do a successfuly interactive
-+				 * logon
-+				 */
-+				TALLOC_FREE(domain->conn.netlogon_pipe);
-+				attempts += 1;
-+				retry = true;
-+				continue;
-+			}
- 		} else if (domain->can_do_samlogon_ex && domain->can_do_validation6) {
- 			result = rpccli_netlogon_sam_network_logon_ex(
- 					netlogon_pipe,
--- 
-1.9.3
-

src/patches/samba/samba-3.6.99-fix_group_expansion_in_service_path.patch

@@ -1,46 +0,0 @@
-commit 1d5f14acc3bacb96f7b8b300b3aeccd793552122
-Author:     Andreas Schneider <asn@samba.org>
-AuthorDate: Wed Nov 27 17:21:01 2013 +0100
-Commit:     Andreas Schneider <asn@samba.org>
-CommitDate: Wed Feb 5 11:44:51 2014 +0100
-
-    s3-lib: Fix %G substitution for domain users in smbd
-    
-    BUG: https://bugzilla.samba.org/show_bug.cgi?id=10286
-    Signed-off-by: Andreas Schneider <asn@samba.org>
-    Reviewed-by: Christian Ambach <ambi@samba.org>
-    
-    Autobuild-User(master): Christian Ambach <ambi@samba.org>
-    Autobuild-Date(master): Tue Dec 10 16:39:43 CET 2013 on sn-devel-104
-    
-    (cherry picked from commit 8eef4ab79ec5fb7e96ad2f2ad6c9bf30db13a50d)
----
- source3/lib/substitute.c | 12 +++++++++++-
- 1 file changed, 11 insertions(+), 1 deletion(-)
-
-diff --git a/source3/lib/substitute.c b/source3/lib/substitute.c
-index 10beed7..5f72a5d 100644
---- a/source3/lib/substitute.c
-+++ b/source3/lib/substitute.c
-@@ -605,10 +605,20 @@ static char *alloc_sub_basic(const char *smb_name, const char *domain_name,
- 			break;
- 		case 'G' : {
- 			struct passwd *pass;
--			r = talloc_strdup(tmp_ctx, smb_name);
-+
-+			if (domain_name != NULL && domain_name[0] != '\0') {
-+				r = talloc_asprintf(tmp_ctx,
-+						    "%s%c%s",
-+						    domain_name,
-+						    *lp_winbind_separator(),
-+						    smb_name);
-+			} else {
-+				r = talloc_strdup(tmp_ctx, smb_name);
-+			}
- 			if (r == NULL) {
- 				goto error;
- 			}
-+
- 			pass = Get_Pwnam_alloc(tmp_ctx, r);
- 			if (pass != NULL) {
- 				a_string = realloc_string_sub(

src/patches/samba/samba-3.6.99-fix_group_expansion_with_nss_templates.patch

@@ -1,376 +0,0 @@
-commit 75989f1d0d3ec86bb2046511b962ad72119c750b
-Author:     Andreas Schneider <asn@samba.org>
-AuthorDate: Mon Nov 18 14:58:04 2013 +0100
-Commit:     Andreas Schneider <asn@samba.org>
-CommitDate: Wed Feb 5 11:38:44 2014 +0100
-
-    s3-lib: Add grpname to talloc_sub_specified().
-    
-    BUG: https://bugzilla.samba.org/show_bug.cgi?id=2191
----
- source3/include/proto.h          |  1 +
- source3/lib/substitute.c         | 31 +++++++++++++++++++++++++------
- source3/passdb/passdb.c          |  8 ++++----
- source3/passdb/pdb_ldap.c        | 24 +++++++++++++++++++++---
- source3/torture/torture.c        |  2 +-
- source3/utils/net_sam.c          |  2 ++
- source3/winbindd/wb_fill_pwent.c |  4 ++--
- 7 files changed, 56 insertions(+), 16 deletions(-)
-
-diff --git a/source3/include/proto.h b/source3/include/proto.h
-index 7303e76..db091ce 100644
---- a/source3/include/proto.h
-+++ b/source3/include/proto.h
-@@ -365,6 +365,7 @@ char *talloc_sub_basic(TALLOC_CTX *mem_ctx, const char *smb_name,
- char *talloc_sub_specified(TALLOC_CTX *mem_ctx,
- 			const char *input_string,
- 			const char *username,
-+			const char *grpname,
- 			const char *domain,
- 			uid_t uid,
- 			gid_t gid);
-diff --git a/source3/lib/substitute.c b/source3/lib/substitute.c
-index 68328e5..10beed7 100644
---- a/source3/lib/substitute.c
-+++ b/source3/lib/substitute.c
-@@ -722,6 +722,7 @@ done:
- char *talloc_sub_specified(TALLOC_CTX *mem_ctx,
- 			const char *input_string,
- 			const char *username,
-+			const char *grpname,
- 			const char *domain,
- 			uid_t uid,
- 			gid_t gid)
-@@ -757,9 +758,18 @@ char *talloc_sub_specified(TALLOC_CTX *mem_ctx,
- 			break;
- 		case 'G' :
- 			if (gid != -1) {
--				a_string = talloc_string_sub(
--					tmp_ctx, a_string, "%G",
--					gidtoname(gid));
-+				const char *name;
-+
-+				if (grpname != NULL) {
-+					name = grpname;
-+				} else {
-+					name = gidtoname(gid);
-+				}
-+
-+				a_string = talloc_string_sub(tmp_ctx,
-+							     a_string,
-+							     "%G",
-+							     name);
- 			} else {
- 				a_string = talloc_string_sub(
- 					tmp_ctx, a_string,
-@@ -768,9 +778,18 @@ char *talloc_sub_specified(TALLOC_CTX *mem_ctx,
- 			break;
- 		case 'g' :
- 			if (gid != -1) {
--				a_string = talloc_string_sub(
--					tmp_ctx, a_string, "%g",
--					gidtoname(gid));
-+				const char *name;
-+
-+				if (grpname != NULL) {
-+					name = grpname;
-+				} else {
-+					name = gidtoname(gid);
-+				}
-+
-+				a_string = talloc_string_sub(tmp_ctx,
-+							     a_string,
-+							     "%g",
-+							     name);
- 			} else {
- 				a_string = talloc_string_sub(
- 					tmp_ctx, a_string, "%g", "NO_GROUP");
-diff --git a/source3/passdb/passdb.c b/source3/passdb/passdb.c
-index 52c1129..493a694 100644
---- a/source3/passdb/passdb.c
-+++ b/source3/passdb/passdb.c
-@@ -228,16 +228,16 @@ static NTSTATUS samu_set_unix_internal(struct samu *user, const struct passwd *p
- 		/* set some basic attributes */
- 
- 		pdb_set_profile_path(user, talloc_sub_specified(user, 
--			lp_logon_path(), pwd->pw_name, domain, pwd->pw_uid, pwd->pw_gid), 
-+			lp_logon_path(), pwd->pw_name, NULL, domain, pwd->pw_uid, pwd->pw_gid),
- 			PDB_DEFAULT);		
- 		pdb_set_homedir(user, talloc_sub_specified(user, 
--			lp_logon_home(), pwd->pw_name, domain, pwd->pw_uid, pwd->pw_gid),
-+			lp_logon_home(), pwd->pw_name, NULL, domain, pwd->pw_uid, pwd->pw_gid),
- 			PDB_DEFAULT);
- 		pdb_set_dir_drive(user, talloc_sub_specified(user, 
--			lp_logon_drive(), pwd->pw_name, domain, pwd->pw_uid, pwd->pw_gid),
-+			lp_logon_drive(), pwd->pw_name, NULL, domain, pwd->pw_uid, pwd->pw_gid),
- 			PDB_DEFAULT);
- 		pdb_set_logon_script(user, talloc_sub_specified(user, 
--			lp_logon_script(), pwd->pw_name, domain, pwd->pw_uid, pwd->pw_gid), 
-+			lp_logon_script(), pwd->pw_name, NULL, domain, pwd->pw_uid, pwd->pw_gid),
- 			PDB_DEFAULT);
- 	}
- 
-diff --git a/source3/passdb/pdb_ldap.c b/source3/passdb/pdb_ldap.c
-index 9316f40..1665641 100644
---- a/source3/passdb/pdb_ldap.c
-+++ b/source3/passdb/pdb_ldap.c
-@@ -5399,11 +5399,29 @@ static NTSTATUS ldapsam_create_user(struct pdb_methods *my_methods,
- 
- 		if (is_machine) {
- 			/* TODO: choose a more appropriate default for machines */
--			homedir = talloc_sub_specified(tmp_ctx, lp_template_homedir(), "SMB_workstations_home", ldap_state->domain_name, uid, gid);
-+			homedir = talloc_sub_specified(tmp_ctx,
-+						       lp_template_homedir(),
-+						       "SMB_workstations_home",
-+						       NULL,
-+						       ldap_state->domain_name,
-+						       uid,
-+						       gid);
- 			shell = talloc_strdup(tmp_ctx, "/bin/false");
- 		} else {
--			homedir = talloc_sub_specified(tmp_ctx, lp_template_homedir(), name, ldap_state->domain_name, uid, gid);
--			shell = talloc_sub_specified(tmp_ctx, lp_template_shell(), name, ldap_state->domain_name, uid, gid);
-+			homedir = talloc_sub_specified(tmp_ctx,
-+						       lp_template_homedir(),
-+						       name,
-+						       NULL,
-+						       ldap_state->domain_name,
-+						       uid,
-+						       gid);
-+			shell = talloc_sub_specified(tmp_ctx,
-+						     lp_template_shell(),
-+						     name,
-+						     NULL,
-+						     ldap_state->domain_name,
-+						     uid,
-+						     gid);
- 		}
- 		uidstr = talloc_asprintf(tmp_ctx, "%u", (unsigned int)uid);
- 		gidstr = talloc_asprintf(tmp_ctx, "%u", (unsigned int)gid);
-diff --git a/source3/torture/torture.c b/source3/torture/torture.c
-index d37d83c..def177b 100644
---- a/source3/torture/torture.c
-+++ b/source3/torture/torture.c
-@@ -5976,7 +5976,7 @@ static bool subst_test(const char *str, const char *user, const char *domain,
- 	char *subst;
- 	bool result = true;
- 
--	subst = talloc_sub_specified(talloc_tos(), str, user, domain, uid, gid);
-+	subst = talloc_sub_specified(talloc_tos(), str, user, NULL, domain, uid, gid);
- 
- 	if (strcmp(subst, expected) != 0) {
- 		printf("sub_specified(%s, %s, %s, %d, %d) returned [%s], expected "
-diff --git a/source3/utils/net_sam.c b/source3/utils/net_sam.c
-index 0ff7c55..b49bb73 100644
---- a/source3/utils/net_sam.c
-+++ b/source3/utils/net_sam.c
-@@ -1847,10 +1847,12 @@ doma_done:
- 		gidstr = talloc_asprintf(tc, "%u", (unsigned int)domadmins_gid);
- 		dir = talloc_sub_specified(tc, lp_template_homedir(),
- 						"Administrator",
-+						NULL,
- 						get_global_sam_name(),
- 						uid, domadmins_gid);
- 		shell = talloc_sub_specified(tc, lp_template_shell(),
- 						"Administrator",
-+						NULL,
- 						get_global_sam_name(),
- 						uid, domadmins_gid);
- 
-diff --git a/source3/winbindd/wb_fill_pwent.c b/source3/winbindd/wb_fill_pwent.c
-index 8f09480..4d94a31 100644
---- a/source3/winbindd/wb_fill_pwent.c
-+++ b/source3/winbindd/wb_fill_pwent.c
-@@ -181,11 +181,11 @@ static bool fillup_pw_field(const char *lp_template,
- 
- 	if ((in != NULL) && (in[0] != '\0') && (lp_security() == SEC_ADS)) {
- 		templ = talloc_sub_specified(talloc_tos(), in,
--					     username, domname,
-+					     username, NULL, domname,
- 					     uid, gid);
- 	} else {
- 		templ = talloc_sub_specified(talloc_tos(), lp_template,
--					     username, domname,
-+					     username, NULL, domname,
- 					     uid, gid);
- 	}
- 
-commit 5faa0adf0a8c450897d7a61d348a600f889e5bef
-Author:     Andreas Schneider <asn@samba.org>
-AuthorDate: Mon Nov 18 14:58:14 2013 +0100
-Commit:     Andreas Schneider <asn@samba.org>
-CommitDate: Wed Feb 5 11:43:17 2014 +0100
-
-    s3-winbind: Pass the group name to fillup_pw_field().
-    
-    BUG: https://bugzilla.samba.org/show_bug.cgi?id=2191
----
- source3/winbindd/wb_fill_pwent.c | 58 +++++++++++++++++++++++++++++-----------
- 1 file changed, 42 insertions(+), 16 deletions(-)
-
-diff --git a/source3/winbindd/wb_fill_pwent.c b/source3/winbindd/wb_fill_pwent.c
-index 4d94a31..878c5ad 100644
---- a/source3/winbindd/wb_fill_pwent.c
-+++ b/source3/winbindd/wb_fill_pwent.c
-@@ -29,6 +29,7 @@ struct wb_fill_pwent_state {
- 
- static bool fillup_pw_field(const char *lp_template,
- 			    const char *username,
-+			    const char *grpname,
- 			    const char *domname,
- 			    uid_t uid,
- 			    gid_t gid,
-@@ -36,7 +37,7 @@ static bool fillup_pw_field(const char *lp_template,
- 			    fstring out);
- 
- static void wb_fill_pwent_sid2uid_done(struct tevent_req *subreq);
--static void wb_fill_pwent_sid2gid_done(struct tevent_req *subreq);
-+static void wb_fill_pwent_getgrsid_done(struct tevent_req *subreq);
- 
- struct tevent_req *wb_fill_pwent_send(TALLOC_CTX *mem_ctx,
- 				      struct tevent_context *ev,
-@@ -76,33 +77,44 @@ static void wb_fill_pwent_sid2uid_done(struct tevent_req *subreq)
- 		return;
- 	}
- 
--	subreq = wb_sid2gid_send(state, state->ev, &state->info->group_sid);
-+	subreq = wb_getgrsid_send(state, state->ev, &state->info->group_sid, 1);
- 	if (tevent_req_nomem(subreq, req)) {
- 		return;
- 	}
--	tevent_req_set_callback(subreq, wb_fill_pwent_sid2gid_done, req);
-+	tevent_req_set_callback(subreq, wb_fill_pwent_getgrsid_done, req);
- }
- 
--static void wb_fill_pwent_sid2gid_done(struct tevent_req *subreq)
-+static void wb_fill_pwent_getgrsid_done(struct tevent_req *subreq)
- {
- 	struct tevent_req *req = tevent_req_callback_data(
- 		subreq, struct tevent_req);
- 	struct wb_fill_pwent_state *state = tevent_req_data(
- 		req, struct wb_fill_pwent_state);
- 	struct winbindd_domain *domain;
--	char *dom_name;
-+	const char *dom_name;
-+	const char *grp_name;
- 	fstring user_name, output_username;
- 	char *mapped_name = NULL;
-+	struct talloc_dict *members;
-+	TALLOC_CTX *tmp_ctx = talloc_stackframe();
- 	NTSTATUS status;
--
--	status = wb_sid2gid_recv(subreq, &state->pw->pw_gid);
-+	bool ok;
-+
-+	status = wb_getgrsid_recv(subreq,
-+				  tmp_ctx,
-+				  &dom_name,
-+				  &grp_name,
-+				  &state->pw->pw_gid,
-+				  &members);
- 	TALLOC_FREE(subreq);
- 	if (tevent_req_nterror(req, status)) {
-+		talloc_free(tmp_ctx);
- 		return;
- 	}
- 
- 	domain = find_domain_from_sid_noinit(&state->info->user_sid);
- 	if (domain == NULL) {
-+		talloc_free(tmp_ctx);
- 		tevent_req_nterror(req, NT_STATUS_NO_SUCH_USER);
- 		return;
- 	}
-@@ -133,17 +145,30 @@ static void wb_fill_pwent_sid2gid_done(struct tevent_req *subreq)
- 	fstrcpy(state->pw->pw_gecos, state->info->full_name);
- 
- 	/* Home directory and shell */
--
--	if (!fillup_pw_field(lp_template_homedir(), user_name, dom_name,
--			     state->pw->pw_uid, state->pw->pw_gid,
--			     state->info->homedir, state->pw->pw_dir)) {
-+	ok = fillup_pw_field(lp_template_homedir(),
-+			     user_name,
-+			     grp_name,
-+			     dom_name,
-+			     state->pw->pw_uid,
-+			     state->pw->pw_gid,
-+			     state->info->homedir,
-+			     state->pw->pw_dir);
-+	if (!ok) {
-+		talloc_free(tmp_ctx);
- 		tevent_req_nterror(req, NT_STATUS_NO_SUCH_USER);
- 		return;
- 	}
- 
--	if (!fillup_pw_field(lp_template_shell(), user_name, dom_name,
--			     state->pw->pw_uid, state->pw->pw_gid,
--			     state->info->shell, state->pw->pw_shell)) {
-+	ok = fillup_pw_field(lp_template_shell(),
-+			     user_name,
-+			     grp_name,
-+			     dom_name,
-+			     state->pw->pw_uid,
-+			     state->pw->pw_gid,
-+			     state->info->shell,
-+			     state->pw->pw_shell);
-+	talloc_free(tmp_ctx);
-+	if (!ok) {
- 		tevent_req_nterror(req, NT_STATUS_NO_SUCH_USER);
- 		return;
- 	}
-@@ -162,6 +187,7 @@ NTSTATUS wb_fill_pwent_recv(struct tevent_req *req)
- 
- static bool fillup_pw_field(const char *lp_template,
- 			    const char *username,
-+			    const char *grpname,
- 			    const char *domname,
- 			    uid_t uid,
- 			    gid_t gid,
-@@ -181,11 +207,11 @@ static bool fillup_pw_field(const char *lp_template,
- 
- 	if ((in != NULL) && (in[0] != '\0') && (lp_security() == SEC_ADS)) {
- 		templ = talloc_sub_specified(talloc_tos(), in,
--					     username, NULL, domname,
-+					     username, grpname, domname,
- 					     uid, gid);
- 	} else {
- 		templ = talloc_sub_specified(talloc_tos(), lp_template,
--					     username, NULL, domname,
-+					     username, grpname, domname,
- 					     uid, gid);
- 	}
- 
-commit db176c22f4f3e4c4f38288144d63822c3c191419
-Author:     Volker Lendecke <vl@samba.org>
-AuthorDate: Thu Jan 16 16:10:25 2014 +0100
-Commit:     Andreas Schneider <asn@samba.org>
-CommitDate: Wed Feb 5 11:44:15 2014 +0100
-
-    s3-winbind: Improve performance of wb_fill_pwent_sid2uid_done().
-    
-    BUG: https://bugzilla.samba.org/show_bug.cgi?id=2191
-    
-    Signed-off-by: Volker Lendecke <vl@samba.org>
-    Reviewed-by: Andreas Schneider <asn@samba.org>
-    
-    Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
-    Autobuild-Date(master): Thu Jan 16 20:17:24 CET 2014 on sn-devel-104
-    
-    (cherry picked from commit 1a43778433934530d77791edd1af538de8b1d8a3)
----
- source3/winbindd/wb_fill_pwent.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/source3/winbindd/wb_fill_pwent.c b/source3/winbindd/wb_fill_pwent.c
-index 878c5ad..9634317 100644
---- a/source3/winbindd/wb_fill_pwent.c
-+++ b/source3/winbindd/wb_fill_pwent.c
-@@ -77,7 +77,7 @@ static void wb_fill_pwent_sid2uid_done(struct tevent_req *subreq)
- 		return;
- 	}
- 
--	subreq = wb_getgrsid_send(state, state->ev, &state->info->group_sid, 1);
-+	subreq = wb_getgrsid_send(state, state->ev, &state->info->group_sid, 0);
- 	if (tevent_req_nomem(subreq, req)) {
- 		return;
- 	}

src/patches/samba/samba-3.6.99-fix_keytab_null_termination.patch

@@ -1,37 +0,0 @@
-From e56b5bf5eddfa89ae948dc7bb154dfc6154199a6 Mon Sep 17 00:00:00 2001
-From: Matt Rogers <mrogers@redhat.com>
-Date: Wed, 12 Nov 2014 17:21:05 +0100
-Subject: [PATCH] PATCHSET17: s3-keytab: fix keytab array NULL termination.
-
-Signed-off-by: Matt Rogers <mrogers@redhat.com>
-Reviewed-by: Guenther Deschner <gd@samba.org>
-Reviewed-by: Jeremy Allison <jra@samba.org>
-(cherry picked from commit 0de6799996955fbf8e19ace8c4b7b61f5a262cb5)
-Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
----
- source3/libads/kerberos_keytab.c | 3 +--
- 1 file changed, 1 insertion(+), 2 deletions(-)
-
-diff --git a/source3/libads/kerberos_keytab.c b/source3/libads/kerberos_keytab.c
-index badce3e..1033842 100644
---- a/source3/libads/kerberos_keytab.c
-+++ b/source3/libads/kerberos_keytab.c
-@@ -629,14 +629,13 @@ int ads_keytab_create_default(ADS_STRUCT *ads)
- 		goto done;
- 	}
- 
--	oldEntries = talloc_array(tmpctx, char *, found);
-+	oldEntries = talloc_zero_array(tmpctx, char *, found + 1);
- 	if (!oldEntries) {
- 		DEBUG(1, (__location__ ": Failed to allocate space to store "
- 			  "the old keytab entries (talloc failed?).\n"));
- 		ret = -1;
- 		goto done;
- 	}
--	memset(oldEntries, '\0', found * sizeof(char *));
- 
- 	ret = krb5_kt_start_seq_get(context, keytab, &cursor);
- 	if (ret == KRB5_KT_END || ret == ENOENT) {
--- 
-2.1.0
-

src/patches/samba/samba-3.6.99-fix_lookups_with_one_way_trusts.patch

@@ -1,37 +0,0 @@
-commit afcc7e5ef289d25c19c7ac881ce505ec910fde7c
-Author:     Gregor Beck <gbeck@sernet.de>
-AuthorDate: Thu Feb 20 11:25:53 2014 +0100
-Commit:     Andreas Schneider <asn@samba.org>
-CommitDate: Mon Mar 3 16:49:42 2014 +0100
-
-    s3:winbindd: avoid directly asking a trusted domain in wb_lookupsids*()
-    
-    As a domain member we should always use a DC of our own domain.
-    
-    It would be possible to pass all sids in one single dcerpc_wbint_LookupSids()
-    call. For now we just fix bug.
-    
-    Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
-    
-    Bug: https://bugzilla.samba.org/show_bug.cgi?id=10458
-    Signed-off-by: Gregor Beck <gbeck@sernet.de>
-    Signed-off-by: Stefan Metzmacher <metze@samba.org>
-    Reviewed-by: Andreas Schneider <asn@samba.org>
-    (cherry picked from commit 66fb0ce9557553a4c01607b517e65ac4c93841d0)
----
- source3/winbindd/wb_lookupsids.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/source3/winbindd/wb_lookupsids.c b/source3/winbindd/wb_lookupsids.c
-index 2fd735d..1bfdba8 100644
---- a/source3/winbindd/wb_lookupsids.c
-+++ b/source3/winbindd/wb_lookupsids.c
-@@ -320,7 +320,7 @@ static struct wb_lookupsids_domain *wb_lookupsids_get_domain(
- 		}
- 	}
- 
--	wb_domain = find_domain_from_sid_noinit(sid);
-+	wb_domain = find_lookup_domain_from_sid(sid);
- 	if (wb_domain == NULL) {
- 		return NULL;
- 	}

src/patches/samba/samba-3.6.99-fix_mangling_hash_segfault.patch

@@ -1,38 +0,0 @@
-From 9f974a391260e95340f08091fdbc822845eae160 Mon Sep 17 00:00:00 2001
-From: Volker Lendecke <vl@samba.org>
-Date: Tue, 19 Aug 2014 14:32:15 +0000
-Subject: [PATCH] PATCHSET29: smbd: Properly initialize mangle_hash
-
-[Bug 10782] mangle_hash() can fail to initialize charset (smbd crash).
-
-https://bugzilla.samba.org/show_bug.cgi?id=10782
-
-Signed-off-by: Volker Lendecke <vl@samba.org>
-Reviewed-by: Jeremy Allison <jra@samba.org>
-
-Autobuild-User(master): Jeremy Allison <jra@samba.org>
-Autobuild-Date(master): Tue Aug 26 01:30:38 CEST 2014 on sn-devel-104
-
-(cherry picked from commit e914c2c52db7ecf3bb2a3860820c5cfe8812696e)
----
- source3/smbd/mangle_hash.c | 4 ++++
- 1 file changed, 4 insertions(+)
-
-diff --git a/source3/smbd/mangle_hash.c b/source3/smbd/mangle_hash.c
-index bafcd03..35a098f 100644
---- a/source3/smbd/mangle_hash.c
-+++ b/source3/smbd/mangle_hash.c
-@@ -706,6 +706,10 @@ const struct mangle_fns *mangle_hash_init(void)
- {
- 	mangle_reset();
- 
-+	if (chartest == NULL) {
-+		init_chartest();
-+	}
-+
- 	/* Create the in-memory tdb using our custom hash function. */
- 	tdb_mangled_cache = tdb_open_ex("mangled_cache", 1031, TDB_INTERNAL,
- 				(O_RDWR|O_CREAT), 0644, NULL, fast_string_hash);
--- 
-2.5.0
-

src/patches/samba/samba-3.6.99-fix_map_to_guest_bad_uid.patch

@@ -1,76 +0,0 @@
-From c370237f44f91f98e4e5cce81fafeea442573bad Mon Sep 17 00:00:00 2001
-From: Andreas Schneider <asn@samba.org>
-Date: Wed, 19 Aug 2015 16:24:08 +0200
-Subject: [PATCH 1/2] PATCHSET32: s3-auth: Pass nt_username to check_account()
-
-We set nt_username above but do not use it in this function.
-
-BUG: https://bugzilla.samba.org/show_bug.cgi?id=9862
-
-Signed-off-by: Andreas Schneider <asn@samba.org>
-Reviewed-by: Guenther Deschner <gd@samba.org>
-(cherry picked from commit e8c76932e4ac192a00afa3b9731f5921c4b37da6)
----
- source3/auth/auth_util.c | 9 ++++++---
- 1 file changed, 6 insertions(+), 3 deletions(-)
-
-diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c
-index a548b7b..aa269d6 100644
---- a/source3/auth/auth_util.c
-+++ b/source3/auth/auth_util.c
-@@ -1251,9 +1251,12 @@ NTSTATUS make_server_info_info3(TALLOC_CTX *mem_ctx,
- 
- 	/* this call will try to create the user if necessary */
- 
--	nt_status = check_account(mem_ctx, nt_domain, sent_nt_username,
--				     &found_username, &pwd,
--				     &username_was_mapped);
-+	nt_status = check_account(mem_ctx,
-+				  nt_domain,
-+				  nt_username,
-+				  &found_username,
-+				  &pwd,
-+				  &username_was_mapped);
- 
- 	if (!NT_STATUS_IS_OK(nt_status)) {
- 		return nt_status;
--- 
-2.5.0
-
-
-From 1ab3cd252942b4fa5637d3f98b48ac3ba098de30 Mon Sep 17 00:00:00 2001
-From: Andreas Schneider <asn@samba.org>
-Date: Wed, 19 Aug 2015 16:11:47 +0200
-Subject: [PATCH 2/2] PATCHSET32: s3-auth: Fix 'map to guest = Bad Uid' support
-
-BUG: https://bugzilla.samba.org/show_bug.cgi?id=9862
-
-Signed-off-by: Andreas Schneider <asn@samba.org>
-Reviewed-by: Guenther Deschner <gd@samba.org>
-(cherry picked from commit 34965d4d98d172e848e2b96fad8a9e0b99288ba7)
----
- source3/auth/auth_util.c | 8 ++++++++
- 1 file changed, 8 insertions(+)
-
-diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c
-index aa269d6..cfda8b7 100644
---- a/source3/auth/auth_util.c
-+++ b/source3/auth/auth_util.c
-@@ -1259,6 +1259,14 @@ NTSTATUS make_server_info_info3(TALLOC_CTX *mem_ctx,
- 				  &username_was_mapped);
- 
- 	if (!NT_STATUS_IS_OK(nt_status)) {
-+		/* Handle 'map to guest = Bad Uid */
-+		if (NT_STATUS_EQUAL(nt_status, NT_STATUS_NO_SUCH_USER) &&
-+		    (lp_security() == SEC_ADS || lp_security() == SEC_DOMAIN) &&
-+		    lp_map_to_guest() == MAP_TO_GUEST_ON_BAD_UID) {
-+			DEBUG(2, ("Try to map %s to guest account\n",
-+				   nt_username));
-+			return make_server_info_guest(mem_ctx, server_info);
-+		}
- 		return nt_status;
- 	}
- 
--- 
-2.5.0
-

src/patches/samba/samba-3.6.99-fix_member_auth_after_changed_secret.patch

@@ -1,89 +0,0 @@
-From 51fbcb75007faddfbea29ef78a3857ba878a2327 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
-Date: Thu, 6 Dec 2012 14:54:25 +0100
-Subject: [PATCH] s3-rpc_server: Remove obsolete process_creds boolean in
- samlogon server.
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Guenther
-
-Signed-off-by: Günther Deschner <gd@samba.org>
-Reviewed-by: Stefan Metzmacher <metze@samba.org>
-
-(cherry picked from commit c1fb595081c2b0bf66bce06c09750f53e8031311)
----
- source3/rpc_server/netlogon/srv_netlog_nt.c | 27 +++------------------------
- 1 file changed, 3 insertions(+), 24 deletions(-)
-
-diff --git a/source3/rpc_server/netlogon/srv_netlog_nt.c b/source3/rpc_server/netlogon/srv_netlog_nt.c
-index 8079b3a..d14d0ed 100644
---- a/source3/rpc_server/netlogon/srv_netlog_nt.c
-+++ b/source3/rpc_server/netlogon/srv_netlog_nt.c
-@@ -1416,21 +1416,16 @@ static NTSTATUS _netr_LogonSamLogon_base(struct pipes_struct *p,
- 	struct auth_usersupplied_info *user_info = NULL;
- 	struct auth_serversupplied_info *server_info = NULL;
- 	struct auth_context *auth_context = NULL;
--	uint8_t pipe_session_key[16];
--	bool process_creds = true;
- 	const char *fn;
- 
- 	switch (p->opnum) {
- 		case NDR_NETR_LOGONSAMLOGON:
--			process_creds = true;
- 			fn = "_netr_LogonSamLogon";
- 			break;
- 		case NDR_NETR_LOGONSAMLOGONWITHFLAGS:
--			process_creds = true;
- 			fn = "_netr_LogonSamLogonWithFlags";
- 			break;
- 		case NDR_NETR_LOGONSAMLOGONEX:
--			process_creds = false;
- 			fn = "_netr_LogonSamLogonEx";
- 			break;
- 		default:
-@@ -1621,29 +1616,13 @@ static NTSTATUS _netr_LogonSamLogon_base(struct pipes_struct *p,
-            the SAM Local Security Authority should record that the user is
-            logged in to the domain.  */
- 
--	if (process_creds) {
--		/* Get the pipe session key from the creds. */
--		memcpy(pipe_session_key, creds->session_key, 16);
--	} else {
--		struct schannel_state *schannel_auth;
--		/* Get the pipe session key from the schannel. */
--		if ((p->auth.auth_type != DCERPC_AUTH_TYPE_SCHANNEL)
--		    || (p->auth.auth_ctx == NULL)) {
--			return NT_STATUS_INVALID_HANDLE;
--		}
--
--		schannel_auth = talloc_get_type_abort(p->auth.auth_ctx,
--						      struct schannel_state);
--		memcpy(pipe_session_key, schannel_auth->creds->session_key, 16);
--	}
--
- 	switch (r->in.validation_level) {
- 	case 2:
--		status = serverinfo_to_SamInfo2(server_info, pipe_session_key, 16,
-+		status = serverinfo_to_SamInfo2(server_info, creds->session_key, 16,
- 						r->out.validation->sam2);
- 		break;
- 	case 3:
--		status = serverinfo_to_SamInfo3(server_info, pipe_session_key, 16,
-+		status = serverinfo_to_SamInfo3(server_info, creds->session_key, 16,
- 						r->out.validation->sam3);
- 		break;
- 	case 6:
-@@ -1655,7 +1634,7 @@ static NTSTATUS _netr_LogonSamLogon_base(struct pipes_struct *p,
- 			break;
- 		}
- 
--		status = serverinfo_to_SamInfo6(server_info, pipe_session_key, 16,
-+		status = serverinfo_to_SamInfo6(server_info, creds->session_key, 16,
- 						r->out.validation->sam6);
- 		break;
- 	}
--- 
-2.9.3
-

src/patches/samba/samba-3.6.99-fix_memleak_in_printer_list.patch

@@ -1,34 +0,0 @@
-commit 5c6cbc0becb78f57dea333185a56ea782716c334
-Author:     Jeremy Allison <jra@samba.org>
-AuthorDate: Mon Feb 24 16:18:31 2014 -0800
-Commit:     Andreas Schneider <asn@samba.org>
-CommitDate: Fri Feb 28 17:17:49 2014 +0100
-
-    s3-printing: Fix obvious memory leak in printer_list_get_printer().
-    
-    https://bugzilla.samba.org/show_bug.cgi?id=9993
-    
-    Signed-off-by: Jeremy Allison <jra@samba.org>
-    Reviewed-by: Ira Cooper <ira@samba.org>
-    Reviewed-by: Andreas Schneider <asn@samba.org>
-    
-    Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
-    Autobuild-Date(master): Tue Feb 25 13:19:37 CET 2014 on sn-devel-104
-    
-    (cherry picked from commit 148bbdd8d04400b5d873f636671dd443952ca04f)
----
- source3/printing/printer_list.c | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/source3/printing/printer_list.c b/source3/printing/printer_list.c
-index 8f196a5..603ce4b 100644
---- a/source3/printing/printer_list.c
-+++ b/source3/printing/printer_list.c
-@@ -133,6 +133,7 @@ NTSTATUS printer_list_get_printer(TALLOC_CTX *mem_ctx,
- done:
- 	SAFE_FREE(nstr);
- 	SAFE_FREE(cstr);
-+	SAFE_FREE(lstr);
- 	TALLOC_FREE(key);
- 	return status;
- }

src/patches/samba/samba-3.6.99-fix_memleak_winbind_cached_creds.patch

@@ -1,46 +0,0 @@
-From cf53bff0e8482e35068d8e894af5634a0a9b1399 Mon Sep 17 00:00:00 2001
-From: Andreas Schneider <asn@samba.org>
-Date: Wed, 29 Jun 2016 13:38:19 +0200
-Subject: [PATCH] s3-winbind: Fix memory leak with each cached credential login
-
-When we allow offline logon and have a lot of logins, windbind will leak
-4k of memory which each log in. On systems with heavy load this can grow
-quickly and the OOM killer will kill Winbind.
-
-BUG: https://bugzilla.samba.org/show_bug.cgi?id=11999
-
-Signed-off-by: Andreas Schneider <asn@samba.org>
-Reviewed-by: Guenther Deschner <gd@samba.org>
----
- source3/winbindd/winbindd_cache.c | 8 ++++++--
- 1 file changed, 6 insertions(+), 2 deletions(-)
-
-diff --git a/source3/winbindd/winbindd_cache.c b/source3/winbindd/winbindd_cache.c
-index 82c8087..2e983cd 100644
---- a/source3/winbindd/winbindd_cache.c
-+++ b/source3/winbindd/winbindd_cache.c
-@@ -3415,7 +3415,7 @@ NTSTATUS wcache_remove_oldest_cached_creds(struct winbindd_domain *domain, const
- 	struct winbind_cache *cache = get_cache(domain);
- 	NTSTATUS status;
- 	int ret;
--	struct cred_list *cred, *oldest = NULL;
-+	struct cred_list *cred, *next, *oldest = NULL;
- 
- 	if (!cache->tdb) {
- 		return NT_STATUS_INTERNAL_DB_ERROR;
-@@ -3484,7 +3484,11 @@ NTSTATUS wcache_remove_oldest_cached_creds(struct winbindd_domain *domain, const
- 		status = NT_STATUS_UNSUCCESSFUL;
- 	}
- done:
--	SAFE_FREE(wcache_cred_list);
-+	for (cred = wcache_cred_list; cred; cred = next) {
-+		next = cred->next;
-+		DLIST_REMOVE(wcache_cred_list, cred);
-+		SAFE_FREE(cred);
-+	}
- 	SAFE_FREE(oldest);
- 
- 	return status;
--- 
-2.9.0
-

src/patches/samba/samba-3.6.99-fix_nbt_query_with_many_components.patch

@@ -1,35 +0,0 @@
-commit 9c3a46e53ebfff376eefee88c2b8745e17bdc21b
-Author:     Günther Deschner <gd@samba.org>
-AuthorDate: Tue Feb 4 16:38:46 2014 +0100
-Commit:     Andreas Schneider <asn@samba.org>
-CommitDate: Mon Mar 10 17:18:14 2014 +0100
-
-    PATCHSET6 librpc/nbt: increase MAX_COMPONENTS limit for nbt_names.
-    
-    domains with more then 10 subdomains are not so uncommon.
-    
-    https://bugzilla.samba.org/show_bug.cgi?id=10439
-    
-    Guenther
-    
-    Signed-off-by: Günther Deschner <gd@samba.org>
-    Reviewed-by: Andreas Schneider <asn@samba.org>
-    
-    (cherry picked from commit 4e05bad0d18e351cb2a2db74860e77adea727c79)
----
- libcli/nbt/nbtname.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/libcli/nbt/nbtname.c b/libcli/nbt/nbtname.c
-index fec8e8e..3aa0000 100644
---- a/libcli/nbt/nbtname.c
-+++ b/libcli/nbt/nbtname.c
-@@ -30,7 +30,7 @@
- #include "lib/util/util_net.h"
- 
- /* don't allow an unlimited number of name components */
--#define MAX_COMPONENTS 10
-+#define MAX_COMPONENTS 128
- 
- /**
-   print a nbt string

src/patches/samba/samba-3.6.99-fix_pam_winbind_parsing_segfault.patch

@@ -1,112 +0,0 @@
-From 580eabc2c9dfe29d719a026ff8f6ac3d2ead1983 Mon Sep 17 00:00:00 2001
-From: Andreas Schneider <asn@samba.org>
-Date: Tue, 8 Sep 2015 16:48:08 +0200
-Subject: [PATCH] PATCHSET28: pam_winbind: Fix a segfault if initialization
- fails
-
-BUG: https://bugzilla.samba.org/show_bug.cgi?id=11502
-
-Signed-off-by: Andreas Schneider <asn@samba.org>
-Reviewed-by: Michael Adam <obnox@samba.org>
-
-Autobuild-User(master): Michael Adam <obnox@samba.org>
-Autobuild-Date(master): Tue Sep  8 21:39:21 CEST 2015 on sn-devel-104
-
-(cherry picked from commit 7d84cd6e40024fd361ea21635f7befed40f0e41f)
----
- nsswitch/pam_winbind.c | 19 ++++++++-----------
- 1 file changed, 8 insertions(+), 11 deletions(-)
-
-diff --git a/nsswitch/pam_winbind.c b/nsswitch/pam_winbind.c
-index d126494..cfaa5f1 100644
---- a/nsswitch/pam_winbind.c
-+++ b/nsswitch/pam_winbind.c
-@@ -2465,7 +2465,7 @@ static int _pam_delete_cred(pam_handle_t *pamh, int flags,
- 
- 	retval = _pam_winbind_init_context(pamh, flags, argc, argv, &ctx);
- 	if (retval) {
--		goto out;
-+		return retval;
- 	}
- 
- 	_PAM_LOG_FUNCTION_ENTER("_pam_delete_cred", ctx);
-@@ -2600,7 +2600,7 @@ int pam_sm_authenticate(pam_handle_t *pamh, int flags,
- 
- 	retval = _pam_winbind_init_context(pamh, flags, argc, argv, &ctx);
- 	if (retval) {
--		goto out;
-+		return retval;
- 	}
- 
- 	_PAM_LOG_FUNCTION_ENTER("pam_sm_authenticate", ctx);
-@@ -2752,7 +2752,7 @@ int pam_sm_setcred(pam_handle_t *pamh, int flags,
- 
- 	ret = _pam_winbind_init_context(pamh, flags, argc, argv, &ctx);
- 	if (ret) {
--		goto out;
-+		return ret;
- 	}
- 
- 	_PAM_LOG_FUNCTION_ENTER("pam_sm_setcred", ctx);
-@@ -2782,8 +2782,6 @@ int pam_sm_setcred(pam_handle_t *pamh, int flags,
- 			break;
- 	}
- 
-- out:
--
- 	_PAM_LOG_FUNCTION_LEAVE("pam_sm_setcred", ctx, ret);
- 
- 	TALLOC_FREE(ctx);
-@@ -2806,7 +2804,7 @@ int pam_sm_acct_mgmt(pam_handle_t *pamh, int flags,
- 
- 	ret = _pam_winbind_init_context(pamh, flags, argc, argv, &ctx);
- 	if (ret) {
--		goto out;
-+		return ret;
- 	}
- 
- 	_PAM_LOG_FUNCTION_ENTER("pam_sm_acct_mgmt", ctx);
-@@ -2901,7 +2899,7 @@ int pam_sm_open_session(pam_handle_t *pamh, int flags,
- 
- 	ret = _pam_winbind_init_context(pamh, flags, argc, argv, &ctx);
- 	if (ret) {
--		goto out;
-+		return ret;
- 	}
- 
- 	_PAM_LOG_FUNCTION_ENTER("pam_sm_open_session", ctx);
-@@ -2910,7 +2908,7 @@ int pam_sm_open_session(pam_handle_t *pamh, int flags,
- 		/* check and create homedir */
- 		ret = _pam_mkhomedir(ctx);
- 	}
-- out:
-+
- 	_PAM_LOG_FUNCTION_LEAVE("pam_sm_open_session", ctx, ret);
- 
- 	TALLOC_FREE(ctx);
-@@ -2927,12 +2925,11 @@ int pam_sm_close_session(pam_handle_t *pamh, int flags,
- 
- 	ret = _pam_winbind_init_context(pamh, flags, argc, argv, &ctx);
- 	if (ret) {
--		goto out;
-+		return ret;
- 	}
- 
- 	_PAM_LOG_FUNCTION_ENTER("pam_sm_close_session", ctx);
- 
--out:
- 	_PAM_LOG_FUNCTION_LEAVE("pam_sm_close_session", ctx, ret);
- 
- 	TALLOC_FREE(ctx);
-@@ -3012,7 +3009,7 @@ int pam_sm_chauthtok(pam_handle_t * pamh, int flags,
- 
- 	ret = _pam_winbind_init_context(pamh, flags, argc, argv, &ctx);
- 	if (ret) {
--		goto out;
-+		return ret;
- 	}
- 
- 	_PAM_LOG_FUNCTION_ENTER("pam_sm_chauthtok", ctx);
--- 
-2.5.0
-

src/patches/samba/samba-3.6.99-fix_printcap_cpu_utilization.patch

@@ -1,958 +0,0 @@
-From 61c58824cc9117ffe206ae7c126929bfa2384486 Mon Sep 17 00:00:00 2001
-From: David Disseldorp <ddiss@samba.org>
-Date: Thu, 10 Jul 2014 00:18:10 +0200
-Subject: [PATCH 1/7] PATCHSET18: printing: traverse_read the printer list for
- share updates
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-The printcap update procedure involves the background printer process
-obtaining the printcap information from the printing backend, writing
-this to printer_list.tdb, and then notifying all smbd processes of the
-new list. The processes then all attempt to simultaneously traverse
-printer_list.tdb, in order to update their local share lists.
-
-With a large number of printers, and a large number of per-client smbd
-processes, this traversal results in significant lock contention, mostly
-due to the fact that the traversal is unnecessarily done with an
-exclusive (write) lock on the printer_list.tdb database.
-
-This commit changes the share update code path to perform a read-only
-traversal.
-
-Bug: https://bugzilla.samba.org/show_bug.cgi?id=10652
-
-Reported-by: Alex K <korobkin+samba@gmail.com>
-Reported-by: Franz Pförtsch <franz.pfoertsch@brose.com>
-Signed-off-by: David Disseldorp <ddiss@samba.org>
----
- source3/printing/load.c         |  2 +-
- source3/printing/pcap.c         |  4 ++--
- source3/printing/pcap.h         |  2 +-
- source3/printing/printer_list.c | 17 +++++++++++------
- source3/printing/printer_list.h |  4 ++--
- 5 files changed, 17 insertions(+), 12 deletions(-)
-
-diff --git a/source3/printing/load.c b/source3/printing/load.c
-index 829c3e3..0a3de73 100644
---- a/source3/printing/load.c
-+++ b/source3/printing/load.c
-@@ -70,5 +70,5 @@ void load_printers(struct tevent_context *ev,
- 
- 	/* load all printcap printers */
- 	if (lp_load_printers() && lp_servicenumber(PRINTERS_NAME) >= 0)
--		pcap_printer_fn(lp_add_one_printer, NULL);
-+		pcap_printer_read_fn(lp_add_one_printer, NULL);
- }
-diff --git a/source3/printing/pcap.c b/source3/printing/pcap.c
-index 62db4f5..6ad8e33 100644
---- a/source3/printing/pcap.c
-+++ b/source3/printing/pcap.c
-@@ -229,11 +229,11 @@ void pcap_printer_fn_specific(const struct pcap_cache *pc,
- 	return;
- }
- 
--void pcap_printer_fn(void (*fn)(const char *, const char *, const char *, void *), void *pdata)
-+void pcap_printer_read_fn(void (*fn)(const char *, const char *, const char *, void *), void *pdata)
- {
- 	NTSTATUS status;
- 
--	status = printer_list_run_fn(fn, pdata);
-+	status = printer_list_read_run_fn(fn, pdata);
- 	if (!NT_STATUS_IS_OK(status)) {
- 		DEBUG(3, ("Failed to run fn for all printers!\n"));
- 	}
-diff --git a/source3/printing/pcap.h b/source3/printing/pcap.h
-index 7056213..6c062c3 100644
---- a/source3/printing/pcap.h
-+++ b/source3/printing/pcap.h
-@@ -39,7 +39,7 @@ bool pcap_cache_add(const char *name, const char *comment, const char *location)
- bool pcap_cache_loaded(void);
- bool pcap_cache_replace(const struct pcap_cache *cache);
- void pcap_printer_fn_specific(const struct pcap_cache *, void (*fn)(const char *, const char *, const char *, void *), void *);
--void pcap_printer_fn(void (*fn)(const char *, const char *, const char *, void *), void *);
-+void pcap_printer_read_fn(void (*fn)(const char *, const char *, const char *, void *), void *);
- 
- void pcap_cache_reload(struct tevent_context *ev,
- 		       struct messaging_context *msg_ctx,
-diff --git a/source3/printing/printer_list.c b/source3/printing/printer_list.c
-index 603ce4b..b24bf83 100644
---- a/source3/printing/printer_list.c
-+++ b/source3/printing/printer_list.c
-@@ -280,7 +280,8 @@ done:
- typedef int (printer_list_trv_fn_t)(struct db_record *, void *);
- 
- static NTSTATUS printer_list_traverse(printer_list_trv_fn_t *fn,
--						void *private_data)
-+				      void *private_data,
-+				      bool read_only)
- {
- 	struct db_context *db;
- 	int ret;
-@@ -290,7 +291,11 @@ static NTSTATUS printer_list_traverse(printer_list_trv_fn_t *fn,
- 		return NT_STATUS_INTERNAL_DB_CORRUPTION;
- 	}
- 
--	ret = db->traverse(db, fn, private_data);
-+	if (read_only) {
-+		ret = db->traverse_read(db, fn, private_data);
-+	} else {
-+		ret = db->traverse(db, fn, private_data);
-+	}
- 	if (ret < 0) {
- 		return NT_STATUS_UNSUCCESSFUL;
- 	}
-@@ -357,7 +362,7 @@ NTSTATUS printer_list_clean_old(void)
- 
- 	state.status = NT_STATUS_OK;
- 
--	status = printer_list_traverse(printer_list_clean_fn, &state);
-+	status = printer_list_traverse(printer_list_clean_fn, &state, false);
- 	if (NT_STATUS_EQUAL(status, NT_STATUS_UNSUCCESSFUL) &&
- 	    !NT_STATUS_IS_OK(state.status)) {
- 		status = state.status;
-@@ -404,8 +409,8 @@ static int printer_list_exec_fn(struct db_record *rec, void *private_data)
- 	return 0;
- }
- 
--NTSTATUS printer_list_run_fn(void (*fn)(const char *, const char *, const char *, void *),
--			     void *private_data)
-+NTSTATUS printer_list_read_run_fn(void (*fn)(const char *, const char *, const char *, void *),
-+				  void *private_data)
- {
- 	struct printer_list_exec_state state;
- 	NTSTATUS status;
-@@ -414,7 +419,7 @@ NTSTATUS printer_list_run_fn(void (*fn)(const char *, const char *, const char *
- 	state.private_data = private_data;
- 	state.status = NT_STATUS_OK;
- 
--	status = printer_list_traverse(printer_list_exec_fn, &state);
-+	status = printer_list_traverse(printer_list_exec_fn, &state, true);
- 	if (NT_STATUS_EQUAL(status, NT_STATUS_UNSUCCESSFUL) &&
- 	    !NT_STATUS_IS_OK(state.status)) {
- 		status = state.status;
-diff --git a/source3/printing/printer_list.h b/source3/printing/printer_list.h
-index fb2e007..b12c192 100644
---- a/source3/printing/printer_list.h
-+++ b/source3/printing/printer_list.h
-@@ -100,6 +100,6 @@ NTSTATUS printer_list_mark_reload(void);
-  */
- NTSTATUS printer_list_clean_old(void);
- 
--NTSTATUS printer_list_run_fn(void (*fn)(const char *, const char *, const char *, void *),
--			     void *private_data);
-+NTSTATUS printer_list_read_run_fn(void (*fn)(const char *, const char *, const char *, void *),
-+				  void *private_data);
- #endif /* _PRINTER_LIST_H_ */
--- 
-2.1.0
-
-
-From 18b15f127b656ad9232789b073460c95b1aaa835 Mon Sep 17 00:00:00 2001
-From: David Disseldorp <ddiss@samba.org>
-Date: Fri, 11 Jul 2014 17:00:05 +0200
-Subject: [PATCH 2/7] PATCHSET18: printing: only reload printer shares on
- client enum
-
-Currently, automatic printer share updates are handled in the following
-way:
-- Background printer process (BPP) forked on startup
-- Parent smbd and per-client children await MSG_PRINTER_PCAP messages
-- BPP periodically polls the printing backend for printcap data
-	- printcap data written to printer_list.tdb
-	- MSG_PRINTER_PCAP sent to all smbd processes following update
-- smbd processes all read the latest printer_list.tdb data, and update
-  their share listings
-
-This procedure is not scalable, as all smbd processes hit
-printer_list.tdb in parallel, resulting in a large spike in CPU usage.
-
-This change sees smbd processes only update their printer share lists
-only when a client asks for this information, e.g. via NetShareEnum or
-EnumPrinters.
-
-Bug: https://bugzilla.samba.org/show_bug.cgi?id=10652
-
-Suggested-by: Volker Lendecke <vl@samba.org>
-Signed-off-by: David Disseldorp <ddiss@samba.org>
----
- source3/printing/spoolssd.c                 | 17 +----------------
- source3/rpc_server/spoolss/srv_spoolss_nt.c | 11 ++++++++++-
- source3/rpc_server/srvsvc/srv_srvsvc_nt.c   |  1 +
- source3/smbd/lanman.c                       |  3 +++
- source3/smbd/server.c                       | 27 +++++----------------------
- 5 files changed, 20 insertions(+), 39 deletions(-)
-
-diff --git a/source3/printing/spoolssd.c b/source3/printing/spoolssd.c
-index 83727df..7953237 100644
---- a/source3/printing/spoolssd.c
-+++ b/source3/printing/spoolssd.c
-@@ -74,20 +74,6 @@ static void smb_conf_updated(struct messaging_context *msg,
- 	spoolss_reopen_logs();
- }
- 
--static void spoolss_pcap_updated(struct messaging_context *msg,
--				 void *private_data,
--				 uint32_t msg_type,
--				 struct server_id server_id,
--				 DATA_BLOB *data)
--{
--	struct tevent_context *ev_ctx = talloc_get_type_abort(private_data,
--							     struct tevent_context);
--
--	DEBUG(10, ("Got message saying pcap was updated. Reloading.\n"));
--	change_to_root_user();
--	reload_printers(ev_ctx, msg);
--}
--
- static void spoolss_sig_term_handler(struct tevent_context *ev,
- 				     struct tevent_signal *se,
- 				     int signum,
-@@ -206,12 +192,11 @@ void start_spoolssd(struct tevent_context *ev_ctx,
- 		exit(1);
- 	}
- 
-+	/* printer shares updated from printer_list.tdb on client enumeration */
- 	messaging_register(msg_ctx, NULL,
- 			   MSG_PRINTER_UPDATE, print_queue_receive);
- 	messaging_register(msg_ctx, ev_ctx,
- 			   MSG_SMB_CONF_UPDATED, smb_conf_updated);
--	messaging_register(msg_ctx, ev_ctx,
--			   MSG_PRINTER_PCAP, spoolss_pcap_updated);
- 
- 	/*
- 	 * Initialize spoolss with an init function to convert printers first.
-diff --git a/source3/rpc_server/spoolss/srv_spoolss_nt.c b/source3/rpc_server/spoolss/srv_spoolss_nt.c
-index 516b7dc..db48574 100644
---- a/source3/rpc_server/spoolss/srv_spoolss_nt.c
-+++ b/source3/rpc_server/spoolss/srv_spoolss_nt.c
-@@ -4316,12 +4316,21 @@ static WERROR enum_all_printers_info_level(TALLOC_CTX *mem_ctx,
- 					   uint32_t *count_p)
- {
- 	int snum;
--	int n_services = lp_numservices();
-+	int n_services;
- 	union spoolss_PrinterInfo *info = NULL;
- 	uint32_t count = 0;
- 	WERROR result = WERR_OK;
- 	struct dcerpc_binding_handle *b = NULL;
- 
-+	/*
-+	 * printer shares are only updated on client enumeration. The background
-+	 * printer process updates printer_list.tdb at regular intervals.
-+	 */
-+	become_root();
-+	reload_printers(messaging_event_context(msg_ctx), msg_ctx);
-+	unbecome_root();
-+
-+	n_services = lp_numservices();
- 	*count_p = 0;
- 	*info_p = NULL;
- 
-diff --git a/source3/rpc_server/srvsvc/srv_srvsvc_nt.c b/source3/rpc_server/srvsvc/srv_srvsvc_nt.c
-index b9345d6..4600da3 100644
---- a/source3/rpc_server/srvsvc/srv_srvsvc_nt.c
-+++ b/source3/rpc_server/srvsvc/srv_srvsvc_nt.c
-@@ -568,6 +568,7 @@ static WERROR init_srv_share_info_ctr(struct pipes_struct *p,
- 
- 	/* Ensure all the usershares are loaded. */
- 	become_root();
-+	reload_printers(messaging_event_context(p->msg_ctx), p->msg_ctx);
- 	load_usershare_shares();
- 	load_registry_shares();
- 	num_services = lp_numservices();
-diff --git a/source3/smbd/lanman.c b/source3/smbd/lanman.c
-index f56ea30..49f7583 100644
---- a/source3/smbd/lanman.c
-+++ b/source3/smbd/lanman.c
-@@ -43,6 +43,7 @@
- #include "passdb/machine_sid.h"
- #include "auth.h"
- #include "rpc_server/rpc_ncacn_np.h"
-+#include "messages.h"
- 
- #ifdef CHECK_TYPES
- #undef CHECK_TYPES
-@@ -2091,6 +2092,8 @@ static bool api_RNetShareEnum(struct smbd_server_connection *sconn,
- 
- 	/* Ensure all the usershares are loaded. */
- 	become_root();
-+	reload_printers(messaging_event_context(sconn->msg_ctx),
-+			sconn->msg_ctx);
- 	load_registry_shares();
- 	count = load_usershare_shares();
- 	unbecome_root();
-diff --git a/source3/smbd/server.c b/source3/smbd/server.c
-index a26dbc4..102e8dd 100644
---- a/source3/smbd/server.c
-+++ b/source3/smbd/server.c
-@@ -111,24 +111,6 @@ static void smb_conf_updated(struct messaging_context *msg,
- 	/* printer reload triggered by background printing process */
- }
- 
--/*******************************************************************
-- What to do when printcap is updated.
-- ********************************************************************/
--
--static void smb_pcap_updated(struct messaging_context *msg,
--			     void *private_data,
--			     uint32_t msg_type,
--			     struct server_id server_id,
--			     DATA_BLOB *data)
--{
--	struct tevent_context *ev_ctx =
--		talloc_get_type_abort(private_data, struct tevent_context);
--
--	DEBUG(10,("Got message saying pcap was updated. Reloading.\n"));
--	change_to_root_user();
--	reload_printers(ev_ctx, msg);
--}
--
- static void smbd_sig_term_handler(struct tevent_context *ev,
- 				  struct tevent_signal *se,
- 				  int signum,
-@@ -1287,10 +1269,11 @@ extern void build_options(bool screen);
- 
- 	if (is_daemon && !interactive
- 	    && lp_parm_bool(-1, "smbd", "backgroundqueue", true)) {
--		/* background queue is responsible for printcap cache updates */
--		messaging_register(smbd_server_conn->msg_ctx,
--				   smbd_event_context(),
--				   MSG_PRINTER_PCAP, smb_pcap_updated);
-+		/*
-+		 * background queue is responsible for printcap cache updates.
-+		 * Other smbd processes only reload printers when a client
-+		 * issues an enumeration request.
-+		 */
- 		start_background_queue(server_event_context(),
- 				       smbd_server_conn->msg_ctx);
- 	} else {
--- 
-2.1.0
-
-
-From 52196380547dde4784e42c35c46135bb5230a08d Mon Sep 17 00:00:00 2001
-From: David Disseldorp <ddiss@samba.org>
-Date: Tue, 22 Jul 2014 20:17:38 +0200
-Subject: [PATCH 3/7] PATCHSET18: printing: reload printer_list.tdb from in
- memory list
-
-This will allow in future for a single atomic printer_list.tdb update.
-
-Bug: https://bugzilla.samba.org/show_bug.cgi?id=10652
-
-Signed-off-by: David Disseldorp <ddiss@samba.org>
----
- source3/printing/pcap.c           | 26 +++++++++++---------------
- source3/printing/pcap.h           |  8 ++++----
- source3/printing/print_aix.c      | 17 ++++++++++++++---
- source3/printing/print_iprint.c   | 16 ++++++++++------
- source3/printing/print_standard.c |  8 ++++++--
- source3/printing/print_svid.c     | 11 +++++++----
- 6 files changed, 52 insertions(+), 34 deletions(-)
-
-diff --git a/source3/printing/pcap.c b/source3/printing/pcap.c
-index 6ad8e33..5173fc9 100644
---- a/source3/printing/pcap.c
-+++ b/source3/printing/pcap.c
-@@ -83,7 +83,7 @@ void pcap_cache_destroy_specific(struct pcap_cache **pp_cache)
- 	*pp_cache = NULL;
- }
- 
--bool pcap_cache_add(const char *name, const char *comment, const char *location)
-+static bool pcap_cache_add(const char *name, const char *comment, const char *location)
- {
- 	NTSTATUS status;
- 	time_t t = time_mono(NULL);
-@@ -132,8 +132,8 @@ void pcap_cache_reload(struct tevent_context *ev,
- {
- 	const char *pcap_name = lp_printcapname();
- 	bool pcap_reloaded = False;
--	NTSTATUS status;
- 	bool post_cache_fill_fn_handled = false;
-+	struct pcap_cache *pcache = NULL;
- 
- 	DEBUG(3, ("reloading printcap cache\n"));
- 
-@@ -143,12 +143,6 @@ void pcap_cache_reload(struct tevent_context *ev,
- 		return;
- 	}
- 
--	status = printer_list_mark_reload();
--	if (!NT_STATUS_IS_OK(status)) {
--		DEBUG(0, ("Failed to mark printer list for reload!\n"));
--		return;
--	}
--
- #ifdef HAVE_CUPS
- 	if (strequal(pcap_name, "cups")) {
- 		pcap_reloaded = cups_cache_reload(ev, msg_ctx,
-@@ -164,26 +158,26 @@ void pcap_cache_reload(struct tevent_context *ev,
- 
- #ifdef HAVE_IPRINT
- 	if (strequal(pcap_name, "iprint")) {
--		pcap_reloaded = iprint_cache_reload();
-+		pcap_reloaded = iprint_cache_reload(&pcache);
- 		goto done;
- 	}
- #endif
- 
- #if defined(SYSV) || defined(HPUX)
- 	if (strequal(pcap_name, "lpstat")) {
--		pcap_reloaded = sysv_cache_reload();
-+		pcap_reloaded = sysv_cache_reload(&pcache);
- 		goto done;
- 	}
- #endif
- 
- #ifdef AIX
- 	if (strstr_m(pcap_name, "/qconfig") != NULL) {
--		pcap_reloaded = aix_cache_reload();
-+		pcap_reloaded = aix_cache_reload(&pcache);
- 		goto done;
- 	}
- #endif
- 
--	pcap_reloaded = std_pcap_cache_reload(pcap_name);
-+	pcap_reloaded = std_pcap_cache_reload(pcap_name, &pcache);
- 
- done:
- 	DEBUG(3, ("reload status: %s\n", (pcap_reloaded) ? "ok" : "error"));
-@@ -192,14 +186,16 @@ done:
- 		/* cleanup old entries only if the operation was successful,
- 		 * otherwise keep around the old entries until we can
- 		 * successfuly reaload */
--		status = printer_list_clean_old();
--		if (!NT_STATUS_IS_OK(status)) {
--			DEBUG(0, ("Failed to cleanup printer list!\n"));
-+
-+		if (!pcap_cache_replace(pcache)) {
-+			DEBUG(0, ("Failed to replace printer list!\n"));
- 		}
-+
- 		if (post_cache_fill_fn != NULL) {
- 			post_cache_fill_fn(ev, msg_ctx);
- 		}
- 	}
-+	pcap_cache_destroy_specific(&pcache);
- 
- 	return;
- }
-diff --git a/source3/printing/pcap.h b/source3/printing/pcap.h
-index 6c062c3..d388d7d 100644
---- a/source3/printing/pcap.h
-+++ b/source3/printing/pcap.h
-@@ -49,7 +49,7 @@ bool pcap_printername_ok(const char *printername);
- 
- /* The following definitions come from printing/print_aix.c  */
- 
--bool aix_cache_reload(void);
-+bool aix_cache_reload(struct pcap_cache **_pcache);
- 
- /* The following definitions come from printing/print_cups.c  */
- 
-@@ -60,13 +60,13 @@ bool cups_cache_reload(struct tevent_context *ev,
- 
- /* The following definitions come from printing/print_iprint.c  */
- 
--bool iprint_cache_reload(void);
-+bool iprint_cache_reload(struct pcap_cache **_pcache);
- 
- /* The following definitions come from printing/print_svid.c  */
- 
--bool sysv_cache_reload(void);
-+bool sysv_cache_reload(struct pcap_cache **_pcache);
- 
- /* The following definitions come from printing/print_standard.c  */
--bool std_pcap_cache_reload(const char *pcap_name);
-+bool std_pcap_cache_reload(const char *pcap_name, struct pcap_cache **_pcache);
- 
- #endif /* _PRINTING_PCAP_H_ */
-diff --git a/source3/printing/print_aix.c b/source3/printing/print_aix.c
-index 23d9a86..927a71b 100644
---- a/source3/printing/print_aix.c
-+++ b/source3/printing/print_aix.c
-@@ -29,12 +29,13 @@
- #include "printing/pcap.h"
- 
- #ifdef AIX
--bool aix_cache_reload(void)
-+bool aix_cache_reload(struct pcap_cache **_pcache)
- {
- 	int iEtat;
- 	XFILE *pfile;
- 	char *line = NULL, *p;
- 	char *name = NULL;
-+	struct pcap_cache *pcache = NULL;
- 	TALLOC_CTX *ctx = talloc_init("aix_cache_reload");
- 
- 	if (!ctx) {
-@@ -52,6 +53,8 @@ bool aix_cache_reload(void)
- 	iEtat = 0;
- 	/* scan qconfig file for searching <printername>:	*/
- 	for (;(line = fgets_slash(NULL, 1024, pfile)); free(line)) {
-+		bool ok;
-+
- 		if (*line == '*' || *line == 0)
- 			continue;
- 
-@@ -67,6 +70,7 @@ bool aix_cache_reload(void)
- 				if (strcmp(p, "bsh") != 0) {
- 					name = talloc_strdup(ctx, p);
- 					if (!name) {
-+						pcap_cache_destroy_specific(&pcache);
- 						SAFE_FREE(line);
- 						x_fclose(pfile);
- 						TALLOC_FREE(ctx);
-@@ -86,7 +90,10 @@ bool aix_cache_reload(void)
- 				/* name is found without stanza device  */
- 				/* probably a good printer ???		*/
- 				iEtat = 0;
--				if (!pcap_cache_add(name, NULL, NULL)) {
-+				ok = pcap_cache_add_specific(&pcache,
-+							     name, NULL, NULL);
-+				if (!ok) {
-+					pcap_cache_destroy_specific(&pcache);
- 					SAFE_FREE(line);
- 					x_fclose(pfile);
- 					TALLOC_FREE(ctx);
-@@ -101,7 +108,10 @@ bool aix_cache_reload(void)
- 			} else if (strstr_m(line, "device")) {
- 				/* it's a good virtual printer */
- 				iEtat = 0;
--				if (!pcap_cache_add(name, NULL, NULL)) {
-+				ok = pcap_cache_add_specific(&pcache,
-+							     name, NULL, NULL);
-+				if (!ok) {
-+					pcap_cache_destroy_specific(&pcache);
- 					SAFE_FREE(line);
- 					x_fclose(pfile);
- 					TALLOC_FREE(ctx);
-@@ -113,6 +123,7 @@ bool aix_cache_reload(void)
- 		}
- 	}
- 
-+	*_pcache = pcache;
- 	x_fclose(pfile);
- 	TALLOC_FREE(ctx);
- 	return true;
-diff --git a/source3/printing/print_iprint.c b/source3/printing/print_iprint.c
-index 529f0dd..6e91747 100644
---- a/source3/printing/print_iprint.c
-+++ b/source3/printing/print_iprint.c
-@@ -204,7 +204,8 @@ static int iprint_get_server_version(http_t *http, char* serviceUri)
- 
- static int iprint_cache_add_printer(http_t *http,
- 				   int reqId,
--				   char* url)
-+				   char *url,
-+				   struct pcap_cache **pcache)
- {
- 	ipp_t		*request = NULL,	/* IPP Request */
- 			*response = NULL;	/* IPP Response */
-@@ -340,7 +341,7 @@ static int iprint_cache_add_printer(http_t *http,
- 		*/
- 
- 		if (name != NULL && !secure && smb_enabled) 
--			pcap_cache_add(name, info, NULL);
-+			pcap_cache_add_specific(pcache, name, info, NULL);
- 	}
- 
-  out:
-@@ -349,7 +350,7 @@ static int iprint_cache_add_printer(http_t *http,
- 	return(0);
- }
- 
--bool iprint_cache_reload(void)
-+bool iprint_cache_reload(struct pcap_cache **_pcache)
- {
- 	http_t		*http = NULL;		/* HTTP connection to server */
- 	ipp_t		*request = NULL,	/* IPP Request */
-@@ -357,7 +358,8 @@ bool iprint_cache_reload(void)
- 	ipp_attribute_t	*attr;			/* Current attribute */
- 	cups_lang_t	*language = NULL;	/* Default language */
- 	int		i;
--	bool ret = False;
-+	bool ret = false;
-+	struct pcap_cache *pcache = NULL;
- 
- 	DEBUG(5, ("reloading iprint printcap cache\n"));
- 
-@@ -439,14 +441,16 @@ bool iprint_cache_reload(void)
- 					char *url = ippGetString(attr, i, NULL);
- 					if (!url || !strlen(url))
- 						continue;
--					iprint_cache_add_printer(http, i+2, url);
-+					iprint_cache_add_printer(http, i+2, url,
-+								 &pcache);
- 				}
- 			}
- 			attr = ippNextAttribute(response);
- 		}
- 	}
- 
--	ret = True;
-+	ret = true;
-+	*_pcache = pcache;
- 
-  out:
- 	if (response)
-diff --git a/source3/printing/print_standard.c b/source3/printing/print_standard.c
-index c4f9c5b..b5f1056 100644
---- a/source3/printing/print_standard.c
-+++ b/source3/printing/print_standard.c
-@@ -59,10 +59,11 @@
- #include "printing/pcap.h"
- 
- /* handle standard printcap - moved from pcap_printer_fn() */
--bool std_pcap_cache_reload(const char *pcap_name)
-+bool std_pcap_cache_reload(const char *pcap_name, struct pcap_cache **_pcache)
- {
- 	XFILE *pcap_file;
- 	char *pcap_line;
-+	struct pcap_cache *pcache = NULL;
- 
- 	if ((pcap_file = x_fopen(pcap_name, O_RDONLY, 0)) == NULL) {
- 		DEBUG(0, ("Unable to open printcap file %s for read!\n", pcap_name));
-@@ -117,12 +118,15 @@ bool std_pcap_cache_reload(const char *pcap_name)
- 			}
- 		}
- 
--		if (*name && !pcap_cache_add(name, comment, NULL)) {
-+		if ((*name != '\0')
-+		 && !pcap_cache_add_specific(&pcache, name, comment, NULL)) {
- 			x_fclose(pcap_file);
-+			pcap_cache_destroy_specific(&pcache);
- 			return false;
- 		}
- 	}
- 
- 	x_fclose(pcap_file);
-+	*_pcache = pcache;
- 	return true;
- }
-diff --git a/source3/printing/print_svid.c b/source3/printing/print_svid.c
-index 2226493..879661b 100644
---- a/source3/printing/print_svid.c
-+++ b/source3/printing/print_svid.c
-@@ -35,10 +35,11 @@
- #include "printing/pcap.h"
- 
- #if defined(SYSV) || defined(HPUX)
--bool sysv_cache_reload(void)
-+bool sysv_cache_reload(struct pcap_cache **_pcache)
- {
- 	char **lines;
- 	int i;
-+	struct pcap_cache *pcache = NULL;
- 
- #if defined(HPUX)
- 	DEBUG(5, ("reloading hpux printcap cache\n"));
-@@ -111,14 +112,16 @@ bool sysv_cache_reload(void)
- 			*tmp = '\0';
- 		
- 		/* add it to the cache */
--		if (!pcap_cache_add(name, NULL, NULL)) {
-+		if (!pcap_cache_add_specific(&pcache, name, NULL, NULL)) {
- 			TALLOC_FREE(lines);
--			return False;
-+			pcap_cache_destroy_specific(&pcache);
-+			return false;
- 		}
- 	}
- 
- 	TALLOC_FREE(lines);
--	return True;
-+	*_pcache = pcache;
-+	return true;
- }
- 
- #else
--- 
-2.1.0
-
-
-From 91c0b6477fcd4ad20d1cda45f78f160cee8e58ff Mon Sep 17 00:00:00 2001
-From: David Disseldorp <ddiss@samba.org>
-Date: Fri, 25 Jul 2014 12:18:54 +0200
-Subject: [PATCH 4/7] PATCHSET18: printing: remove pcap_cache_add()
-
-All print list updates are now done via pcap_cache_replace(), which can
-call into the print_list code directly.
-
-Bug: https://bugzilla.samba.org/show_bug.cgi?id=10652
-
-Signed-off-by: David Disseldorp <ddiss@samba.org>
----
- source3/printing/pcap.c | 16 ++++++----------
- source3/printing/pcap.h |  1 -
- 2 files changed, 6 insertions(+), 11 deletions(-)
-
-diff --git a/source3/printing/pcap.c b/source3/printing/pcap.c
-index 5173fc9..5059f20 100644
---- a/source3/printing/pcap.c
-+++ b/source3/printing/pcap.c
-@@ -83,15 +83,6 @@ void pcap_cache_destroy_specific(struct pcap_cache **pp_cache)
- 	*pp_cache = NULL;
- }
- 
--static bool pcap_cache_add(const char *name, const char *comment, const char *location)
--{
--	NTSTATUS status;
--	time_t t = time_mono(NULL);
--
--	status = printer_list_set_printer(talloc_tos(), name, comment, location, t);
--	return NT_STATUS_IS_OK(status);
--}
--
- bool pcap_cache_loaded(void)
- {
- 	NTSTATUS status;
-@@ -105,6 +96,7 @@ bool pcap_cache_replace(const struct pcap_cache *pcache)
- {
- 	const struct pcap_cache *p;
- 	NTSTATUS status;
-+	time_t t = time_mono(NULL);
- 
- 	status = printer_list_mark_reload();
- 	if (!NT_STATUS_IS_OK(status)) {
-@@ -113,7 +105,11 @@ bool pcap_cache_replace(const struct pcap_cache *pcache)
- 	}
- 
- 	for (p = pcache; p; p = p->next) {
--		pcap_cache_add(p->name, p->comment, p->location);
-+		status = printer_list_set_printer(talloc_tos(), p->name,
-+						  p->comment, p->location, t);
-+		if (!NT_STATUS_IS_OK(status)) {
-+			return false;
-+		}
- 	}
- 
- 	status = printer_list_clean_old();
-diff --git a/source3/printing/pcap.h b/source3/printing/pcap.h
-index d388d7d..7dccf84 100644
---- a/source3/printing/pcap.h
-+++ b/source3/printing/pcap.h
-@@ -35,7 +35,6 @@ struct pcap_cache;
- 
- bool pcap_cache_add_specific(struct pcap_cache **ppcache, const char *name, const char *comment, const char *location);
- void pcap_cache_destroy_specific(struct pcap_cache **ppcache);
--bool pcap_cache_add(const char *name, const char *comment, const char *location);
- bool pcap_cache_loaded(void);
- bool pcap_cache_replace(const struct pcap_cache *cache);
- void pcap_printer_fn_specific(const struct pcap_cache *, void (*fn)(const char *, const char *, const char *, void *), void *);
--- 
-2.1.0
-
-
-From 10582491e417d5ab5c77afe2337793dbacd98fa8 Mon Sep 17 00:00:00 2001
-From: David Disseldorp <ddiss@samba.org>
-Date: Wed, 23 Jul 2014 12:12:34 +0200
-Subject: [PATCH 5/7] PATCHSET18: printing: return last change time with
- pcap_cache_loaded()
-
-Bug: https://bugzilla.samba.org/show_bug.cgi?id=10652
-
-Signed-off-by: David Disseldorp <ddiss@samba.org>
----
- source3/printing/load.c |  2 +-
- source3/printing/pcap.c | 10 ++++++++--
- source3/printing/pcap.h |  2 +-
- source3/web/swat.c      |  4 ++--
- 4 files changed, 12 insertions(+), 6 deletions(-)
-
-diff --git a/source3/printing/load.c b/source3/printing/load.c
-index 0a3de73..83f1095 100644
---- a/source3/printing/load.c
-+++ b/source3/printing/load.c
-@@ -64,7 +64,7 @@ load automatic printer services from pre-populated pcap cache
- void load_printers(struct tevent_context *ev,
- 		   struct messaging_context *msg_ctx)
- {
--	SMB_ASSERT(pcap_cache_loaded());
-+	SMB_ASSERT(pcap_cache_loaded(NULL));
- 
- 	add_auto_printers();
- 
-diff --git a/source3/printing/pcap.c b/source3/printing/pcap.c
-index 5059f20..027c1b2 100644
---- a/source3/printing/pcap.c
-+++ b/source3/printing/pcap.c
-@@ -83,13 +83,19 @@ void pcap_cache_destroy_specific(struct pcap_cache **pp_cache)
- 	*pp_cache = NULL;
- }
- 
--bool pcap_cache_loaded(void)
-+bool pcap_cache_loaded(time_t *_last_change)
- {
- 	NTSTATUS status;
- 	time_t last;
- 
- 	status = printer_list_get_last_refresh(&last);
--	return NT_STATUS_IS_OK(status);
-+	if (!NT_STATUS_IS_OK(status)) {
-+		return false;
-+	}
-+	if (_last_change != NULL) {
-+		*_last_change = last;
-+	}
-+	return true;
- }
- 
- bool pcap_cache_replace(const struct pcap_cache *pcache)
-diff --git a/source3/printing/pcap.h b/source3/printing/pcap.h
-index 7dccf84..8fc9e9d 100644
---- a/source3/printing/pcap.h
-+++ b/source3/printing/pcap.h
-@@ -35,7 +35,7 @@ struct pcap_cache;
- 
- bool pcap_cache_add_specific(struct pcap_cache **ppcache, const char *name, const char *comment, const char *location);
- void pcap_cache_destroy_specific(struct pcap_cache **ppcache);
--bool pcap_cache_loaded(void);
-+bool pcap_cache_loaded(time_t *_last_change);
- bool pcap_cache_replace(const struct pcap_cache *cache);
- void pcap_printer_fn_specific(const struct pcap_cache *, void (*fn)(const char *, const char *, const char *, void *), void *);
- void pcap_printer_read_fn(void (*fn)(const char *, const char *, const char *, void *), void *);
-diff --git a/source3/web/swat.c b/source3/web/swat.c
-index f8933d2..a1a035c 100644
---- a/source3/web/swat.c
-+++ b/source3/web/swat.c
-@@ -586,7 +586,7 @@ static int save_reload(int snum)
-                 return 0;
-         }
- 	iNumNonAutoPrintServices = lp_numservices();
--	if (pcap_cache_loaded()) {
-+	if (pcap_cache_loaded(NULL)) {
- 		load_printers(server_event_context(),
- 			      server_messaging_context());
- 	}
-@@ -1572,7 +1572,7 @@ const char *lang_msg_rotate(TALLOC_CTX *ctx, const char *msgid)
- 	reopen_logs();
- 	load_interfaces();
- 	iNumNonAutoPrintServices = lp_numservices();
--	if (pcap_cache_loaded()) {
-+	if (pcap_cache_loaded(NULL)) {
- 		load_printers(server_event_context(),
- 			      server_messaging_context());
- 	}
--- 
-2.1.0
-
-
-From 484667ff73b54b275f8629264aef27ec9628c7fd Mon Sep 17 00:00:00 2001
-From: David Disseldorp <ddiss@samba.org>
-Date: Wed, 23 Jul 2014 14:42:00 +0200
-Subject: [PATCH 6/7] PATCHSET18: smbd: only reprocess printer_list.tdb if it
- changed
-
-The per-client smbd printer share inventory is currently updated from
-printer_list.tdb when a client enumerates printers, via EnumPrinters or
-NetShareEnum.
-printer_list.tdb is populated by the background print process, based on
-the latest printcap values retrieved from the printing backend (e.g.
-CUPS) at regular intervals.
-This change ensures that per-client smbd processes don't reparse
-printer_list.tdb if it hasn't been updated since the last enumeration.
-
-Bug: https://bugzilla.samba.org/show_bug.cgi?id=10652
-
-Suggested-by: Volker Lendecke <vl@samba.org>
-Signed-off-by: David Disseldorp <ddiss@samba.org>
----
- source3/smbd/server_reload.c | 21 +++++++++++++++++++++
- 1 file changed, 21 insertions(+)
-
-diff --git a/source3/smbd/server_reload.c b/source3/smbd/server_reload.c
-index c4c5a8d..57f7972 100644
---- a/source3/smbd/server_reload.c
-+++ b/source3/smbd/server_reload.c
-@@ -30,6 +30,13 @@
- #include "auth.h"
- #include "messages.h"
- 
-+/*
-+ * The persistent pcap cache is populated by the background print process. Per
-+ * client smbds should only reload their printer share inventories if this
-+ * information has changed. Use last_reload_time to detect this.
-+ */
-+static time_t reload_last_pcap_time = 0;
-+
- /****************************************************************************
-  purge stale printers and reload from pre-populated pcap cache
- **************************************************************************/
-@@ -40,6 +47,20 @@ void reload_printers(struct tevent_context *ev,
- 	int pnum;
- 	int snum;
- 	const char *pname;
-+	bool ok;
-+	time_t pcap_last_update;
-+
-+	ok = pcap_cache_loaded(&pcap_last_update);
-+	if (!ok) {
-+		DEBUG(1, ("pcap cache not loaded\n"));
-+		return;
-+	}
-+
-+	if (reload_last_pcap_time == pcap_last_update) {
-+		DEBUG(5, ("skipping printer reload, already up to date.\n"));
-+		return;
-+	}
-+	reload_last_pcap_time = pcap_last_update;
- 
- 	n_services = lp_numservices();
- 	pnum = lp_servicenumber(PRINTERS_NAME);
--- 
-2.1.0
-
-
-From 08848f939b735b5a68066ebcc995247d77f5fa2d Mon Sep 17 00:00:00 2001
-From: David Disseldorp <ddiss@samba.org>
-Date: Wed, 6 Aug 2014 14:33:02 +0200
-Subject: [PATCH 7/7] PATCHSET18: printing: reload printer shares on
- OpenPrinter
-
-The printer share inventory should be reloaded on open _and_
-enumeration, as there are some clients, such as cupsaddsmb, that do not
-perform an enumeration prior to access.
-
-Bug: https://bugzilla.samba.org/show_bug.cgi?id=10652
-
-Signed-off-by: David Disseldorp <ddiss@samba.org>
----
- source3/rpc_server/spoolss/srv_spoolss_nt.c | 12 +++++++++++-
- 1 file changed, 11 insertions(+), 1 deletion(-)
-
-diff --git a/source3/rpc_server/spoolss/srv_spoolss_nt.c b/source3/rpc_server/spoolss/srv_spoolss_nt.c
-index db48574..fb8f61f 100644
---- a/source3/rpc_server/spoolss/srv_spoolss_nt.c
-+++ b/source3/rpc_server/spoolss/srv_spoolss_nt.c
-@@ -1737,6 +1737,16 @@ WERROR _spoolss_OpenPrinterEx(struct pipes_struct *p,
- 		return WERR_INVALID_PARAM;
- 	}
- 
-+	/*
-+	 * The printcap printer share inventory is updated on client
-+	 * enumeration. For clients that do not perform enumeration prior to
-+	 * access, such as cupssmbadd, we reinitialise the printer share
-+	 * inventory on open as well.
-+	 */
-+	become_root();
-+	reload_printers(messaging_event_context(p->msg_ctx), p->msg_ctx);
-+	unbecome_root();
-+
- 	/* some sanity check because you can open a printer or a print server */
- 	/* aka: \\server\printer or \\server */
- 
-@@ -4323,7 +4333,7 @@ static WERROR enum_all_printers_info_level(TALLOC_CTX *mem_ctx,
- 	struct dcerpc_binding_handle *b = NULL;
- 
- 	/*
--	 * printer shares are only updated on client enumeration. The background
-+	 * printer shares are updated on client enumeration. The background
- 	 * printer process updates printer_list.tdb at regular intervals.
- 	 */
- 	become_root();
--- 
-2.1.0
-

src/patches/samba/samba-3.6.99-fix_rpc_query_user_list.patch

@@ -1,37 +0,0 @@
-From 75497eb3bb57424cefbbbe0c61cd2b0adcad802b Mon Sep 17 00:00:00 2001
-From: Andreas Schneider <asn@samba.org>
-Date: Wed, 2 Nov 2016 17:19:09 +0100
-Subject: [PATCH] s3-winbind: Do not return NO_MEMORY if we have an empty user
- list
-
-The domain child for the MACHINE ACCOUNT might fail with
-NT_STATUS_NO_MEMORY because an emtpy user list is returned.
-
-*pnum_info is already set to 0 at the beginngin so we should just
-declare victory here!
-
-BUG: https://bugzilla.samba.org/show_bug.cgi?id=12405
-
-Signed-off-by: Andreas Schneider <asn@samba.org>
----
- source3/winbindd/winbindd_rpc.c | 4 ++++
- 1 file changed, 4 insertions(+)
-
-diff --git a/source3/winbindd/winbindd_rpc.c b/source3/winbindd/winbindd_rpc.c
-index c560a6b..59bd78a 100644
---- a/source3/winbindd/winbindd_rpc.c
-+++ b/source3/winbindd/winbindd_rpc.c
-@@ -88,6 +88,10 @@ NTSTATUS rpc_query_user_list(TALLOC_CTX *mem_ctx,
- 		num_dom_users = disp_info.info1.count;
- 
- 		num_info += num_dom_users;
-+		/* If there are no user to enumerate we're done */
-+		if (num_info == 0) {
-+			return NT_STATUS_OK;
-+		}
- 
- 		info = TALLOC_REALLOC_ARRAY(mem_ctx,
- 					    info,
--- 
-2.7.4
-

src/patches/samba/samba-3.6.99-fix_rpcclient_timeout_command.patch

@@ -1,73 +0,0 @@
-From fe30cb2d1932401b5507af9f12149506cf0ae749 Mon Sep 17 00:00:00 2001
-From: Andreas Schneider <asn@samba.org>
-Date: Tue, 7 Apr 2015 16:12:18 +0200
-Subject: [PATCH] PATCHSET25: rpcclient: Fix the timeout command
-
-https://bugzilla.samba.org/show_bug.cgi?id=11199
-
-Signed-off-by: Andreas Schneider <asn@samba.org>
-Reviewed-by: Stefan Metzmacher <metze@samba.org>
-
-(cherry picked from commit 2bca4cdc6f83dce48c73a33288c4fd3ae80f883b)
----
- source3/rpcclient/rpcclient.c | 23 +++++++----------------
- 1 file changed, 7 insertions(+), 16 deletions(-)
-
-diff --git a/source3/rpcclient/rpcclient.c b/source3/rpcclient/rpcclient.c
-index c2f3e4c..0dbcd01 100644
---- a/source3/rpcclient/rpcclient.c
-+++ b/source3/rpcclient/rpcclient.c
-@@ -481,8 +481,6 @@ static NTSTATUS cmd_seal(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
- static NTSTATUS cmd_timeout(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
- 			    int argc, const char **argv)
- {
--	struct cmd_list *tmp;
--
- 	if (argc > 2) {
- 		printf("Usage: %s timeout\n", argv[0]);
- 		return NT_STATUS_OK;
-@@ -490,19 +488,6 @@ static NTSTATUS cmd_timeout(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
- 
- 	if (argc == 2) {
- 		timeout = atoi(argv[1]);
--
--		for (tmp = cmd_list; tmp; tmp = tmp->next) {
--
--			struct cmd_set *tmp_set;
--
--			for (tmp_set = tmp->cmd_set; tmp_set->name; tmp_set++) {
--				if (tmp_set->rpc_pipe == NULL) {
--					continue;
--				}
--
--				rpccli_set_timeout(tmp_set->rpc_pipe, timeout);
--			}
--		}
- 	}
- 
- 	printf("timeout is %d\n", timeout);
-@@ -791,6 +776,11 @@ static NTSTATUS do_cmd(struct cli_state *cli,
- 		}
- 	}
- 
-+	/* Set timeout for new connections */
-+	if (cmd_entry->rpc_pipe) {
-+		rpccli_set_timeout(cmd_entry->rpc_pipe, timeout);
-+	}
-+
- 	/* Run command */
- 
- 	if ( cmd_entry->returntype == RPC_RTYPE_NTSTATUS ) {
-@@ -1124,7 +1114,8 @@ out_free:
- 
- 	/* Load command lists */
- 
--	timeout = cli_set_timeout(cli, 10000);
-+	timeout = 10000;
-+	cli_set_timeout(cli, timeout);
- 
- 	cmd_set = rpcclient_command_list;
- 
--- 
-2.1.0
-

src/patches/samba/samba-3.6.99-fix_security_server_share_access.patch

@@ -1,70 +0,0 @@
-From 56bfca66b8597afe731f4624bb9f862bb45f81ba Mon Sep 17 00:00:00 2001
-From: Matt Rogers <mrogers@redhat.com>
-Date: Mon, 12 Oct 2015 14:46:18 +0200
-Subject: [PATCH] PATCHSET33: s3-auch: Fix secuirty = server share access
-
-Resolve user groups in non-winbind path of passwd_to_SamInfo3(), fixing
-group memberships with server security.
-
-Signed-off-by: Matt Rogers <mrogers@redhat.com>
----
- source3/auth/server_info.c | 28 ++++++++++++++++++++++++++++
- 1 file changed, 28 insertions(+)
-
-diff --git a/source3/auth/server_info.c b/source3/auth/server_info.c
-index 1fd9317..91724cc 100644
---- a/source3/auth/server_info.c
-+++ b/source3/auth/server_info.c
-@@ -571,7 +571,9 @@ NTSTATUS passwd_to_SamInfo3(TALLOC_CTX *mem_ctx,
- 	enum lsa_SidType type;
- 	uint32_t num_sids = 0;
- 	struct dom_sid *user_sids = NULL;
-+	gid_t *gids = NULL;
- 	bool ok;
-+	int i;
- 
- 	tmp_ctx = talloc_stackframe();
- 
-@@ -629,6 +631,29 @@ NTSTATUS passwd_to_SamInfo3(TALLOC_CTX *mem_ctx,
- 				    get_global_sam_sid(),
- 				    DOMAIN_RID_USERS);
- 		}
-+
-+		if (!getgroups_unix_user(tmp_ctx,
-+					 unix_username,
-+					 pwd->pw_gid,
-+					 &gids,
-+					 &num_sids)) {
-+			DEBUG(1, ("Failed to get unix user groups.\n"));
-+			goto done;
-+		}
-+
-+		if (num_sids == 0) {
-+			smb_panic("primary group missing");
-+		}
-+
-+		user_sids = TALLOC_ARRAY(tmp_ctx, struct dom_sid, num_sids);
-+
-+		if (user_sids == NULL) {
-+			return NT_STATUS_NO_MEMORY;
-+		}
-+
-+		for (i = 0; i < num_sids; i++) {
-+			gid_to_sid(&user_sids[i], gids[i]);
-+		}
- 	}
- 
- 	/* Make sure we have a valid group sid */
-@@ -696,6 +721,9 @@ NTSTATUS passwd_to_SamInfo3(TALLOC_CTX *mem_ctx,
- 
- 	status = NT_STATUS_OK;
- done:
-+	if (gids != NULL) {
-+		talloc_free(gids);
-+	}
- 	talloc_free(tmp_ctx);
- 
- 	return status;
--- 
-2.5.0
-

src/patches/samba/samba-3.6.99-fix_setup_domain_child_logic.patch

@@ -1,186 +0,0 @@
-commit 9dd0bb462b613a5f6f41d4130bfd31c0a64debd7
-Author:     Jeremy Allison <jra@samba.org>
-AuthorDate: Mon Jan 13 15:23:00 2014 +0100
-Commit:     Andreas Schneider <asn@samba.org>
-CommitDate: Wed Feb 5 11:45:44 2014 +0100
-
-    s3-winbind: Move setup_domain_child() into add_trusted_domain().
-    
-    Ensure it only gets called when a new domain is allocated
-    and added to the list.
-    
-    This should fix problems with the previous logic where
-    setup_domain_child() was called in places where an existing
-    domain was returned.
-    
-    BUG: https://bugzilla.samba.org/show_bug.cgi?id=10358
----
- source3/winbindd/winbindd_util.c | 74 ++++++++++++++++++----------------------
- 1 file changed, 33 insertions(+), 41 deletions(-)
-
-diff --git a/source3/winbindd/winbindd_util.c b/source3/winbindd/winbindd_util.c
-index 37b6578..353722e 100644
---- a/source3/winbindd/winbindd_util.c
-+++ b/source3/winbindd/winbindd_util.c
-@@ -89,7 +89,10 @@ static bool is_in_internal_domain(const struct dom_sid *sid)
- }
- 
- 
--/* Add a trusted domain to our list of domains */
-+/* Add a trusted domain to our list of domains.
-+   If the domain already exists in the list,
-+   return it and don't re-initialize.
-+ */
- static struct winbindd_domain *add_trusted_domain(const char *domain_name, const char *alt_name,
- 						  struct winbindd_methods *methods,
- 						  const struct dom_sid *sid)
-@@ -99,6 +102,7 @@ static struct winbindd_domain *add_trusted_domain(const char *domain_name, const
- 	char *idmap_config_option;
- 	const char *param;
- 	const char **ignored_domains, **dom;
-+	int role = lp_server_role();
- 
- 	ignored_domains = lp_parm_string_list(-1, "winbind", "ignore domains", NULL);
- 	for (dom=ignored_domains; dom && *dom; dom++) {
-@@ -146,7 +150,10 @@ static struct winbindd_domain *add_trusted_domain(const char *domain_name, const
- 
- 	if (domain != NULL) {
- 		/*
--		 * We found a match. Possibly update the SID
-+		 * We found a match on domain->name or
-+		 * domain->alt_name. Possibly update the SID
-+		 * if the stored SID was the NULL SID
-+		 * and return the matching entry.
- 		 */
- 		if ((sid != NULL)
- 		    && dom_sid_equal(&domain->sid, &global_sid_NULL)) {
-@@ -192,6 +199,15 @@ static struct winbindd_domain *add_trusted_domain(const char *domain_name, const
- 		sid_copy(&domain->sid, sid);
- 	}
- 
-+	/* Is this our primary domain ? */
-+	if (strequal(domain_name, get_global_sam_name()) &&
-+	    (role != ROLE_DOMAIN_MEMBER)) {
-+		domain->primary = true;
-+	} else if (strequal(domain_name, lp_workgroup()) &&
-+		   (role == ROLE_DOMAIN_MEMBER)) {
-+		domain->primary = true;
-+	}
-+
- 	/* Link to domain list */
- 	DLIST_ADD_END(_domain_list, domain, struct winbindd_domain *);
- 
-@@ -228,6 +244,8 @@ static struct winbindd_domain *add_trusted_domain(const char *domain_name, const
- 
- done:
- 
-+	setup_domain_child(domain);
-+
- 	DEBUG(2,("Added domain %s %s %s\n",
- 		 domain->name, domain->alt_name,
- 		 &domain->sid?sid_string_dbg(&domain->sid):""));
-@@ -341,18 +359,10 @@ static void trustdom_list_done(struct tevent_req *req)
-  		   necessary.  This is important because we need the
-  		   SID for sibling domains */
- 
--		if ( find_domain_from_name_noinit(p) != NULL ) {
--			domain = add_trusted_domain(p, alternate_name,
--						    &cache_methods,
--						    &sid);
--		} else {
--			domain = add_trusted_domain(p, alternate_name,
--						    &cache_methods,
--						    &sid);
--			if (domain) {
--				setup_domain_child(domain);
--			}
--		}
-+		(void)add_trusted_domain(p, alternate_name,
-+					    &cache_methods,
-+					    &sid);
-+
- 		p=q;
- 		if (p != NULL)
- 			p += 1;
-@@ -422,13 +432,10 @@ static void rescan_forest_root_trusts( void )
- 		d = find_domain_from_name_noinit( dom_list[i].domain_name );
- 
- 		if ( !d ) {
--			d = add_trusted_domain( dom_list[i].domain_name,
-+			(void)add_trusted_domain( dom_list[i].domain_name,
- 						dom_list[i].dns_name,
- 						&cache_methods,
--						&dom_list[i].sid );
--			if (d != NULL) {
--				setup_domain_child(d);
--			}
-+						&dom_list[i].sid);
- 		}
- 
- 		if (d == NULL) {
-@@ -494,13 +501,10 @@ static void rescan_forest_trusts( void )
- 			   about it */
- 
- 			if ( !d ) {
--				d = add_trusted_domain( dom_list[i].domain_name,
-+				(void)add_trusted_domain( dom_list[i].domain_name,
- 							dom_list[i].dns_name,
- 							&cache_methods,
--							&dom_list[i].sid );
--				if (d != NULL) {
--					setup_domain_child(d);
--				}
-+							&dom_list[i].sid);
- 			}
- 
- 			if (d == NULL) {
-@@ -601,7 +605,6 @@ enum winbindd_result winbindd_dual_init_connection(struct winbindd_domain *domai
- /* Look up global info for the winbind daemon */
- bool init_domain_list(void)
- {
--	struct winbindd_domain *domain;
- 	int role = lp_server_role();
- 
- 	/* Free existing list */
-@@ -609,26 +612,18 @@ bool init_domain_list(void)
- 
- 	/* BUILTIN domain */
- 
--	domain = add_trusted_domain("BUILTIN", NULL, &cache_methods,
--				    &global_sid_Builtin);
--	if (domain) {
--		setup_domain_child(domain);
--	}
-+	(void)add_trusted_domain("BUILTIN", NULL, &cache_methods,
-+				 &global_sid_Builtin);
- 
- 	/* Local SAM */
- 
--	domain = add_trusted_domain(get_global_sam_name(), NULL,
--				    &cache_methods, get_global_sam_sid());
--	if (domain) {
--		if ( role != ROLE_DOMAIN_MEMBER ) {
--			domain->primary = True;
--		}
--		setup_domain_child(domain);
--	}
-+	(void)add_trusted_domain(get_global_sam_name(), NULL,
-+				 &cache_methods, get_global_sam_sid());
- 
- 	/* Add ourselves as the first entry. */
- 
- 	if ( role == ROLE_DOMAIN_MEMBER ) {
-+		struct winbindd_domain *domain;
- 		struct dom_sid our_sid;
- 
- 		if (!secrets_fetch_domain_sid(lp_workgroup(), &our_sid)) {
-@@ -639,9 +634,6 @@ bool init_domain_list(void)
- 		domain = add_trusted_domain( lp_workgroup(), lp_realm(),
- 					     &cache_methods, &our_sid);
- 		if (domain) {
--			domain->primary = True;
--			setup_domain_child(domain);
--
- 			/* Even in the parent winbindd we'll need to
- 			   talk to the DC, so try and see if we can
- 			   contact it. Theoretically this isn't neccessary

src/patches/samba/samba-3.6.99-fix_smb_conf_doc.patch

@@ -1,51 +0,0 @@
-From cea644fd24dbbf2e2359fd7b6d361a698660d5eb Mon Sep 17 00:00:00 2001
-From: Andreas Schneider <asn@samba.org>
-Date: Mon, 2 Mar 2015 11:55:01 +0100
-Subject: [PATCH] PATCHSET20: doc-xml: Add 'sharesec' reference to 'access
- based share enum'
-
-BUG: https://bugzilla.samba.org/show_bug.cgi?id=11127
-
-Signed-off-by: Andreas Schneider <asn@samba.org>
-Reviewed-by: Michael Adam <obnox@samba.org>
-
-Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
-Autobuild-Date(master): Mon Mar  2 14:33:33 CET 2015 on sn-devel-104
-
-(cherry picked from commit e2ed224653985afa13e906e2a5f3656a18d622c0)
-Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
----
- docs-xml/smbdotconf/security/accessbasedshareenum.xml | 5 ++++-
- 1 file changed, 4 insertions(+), 1 deletion(-)
-
-Index: samba-3.6.23/docs-xml/smbdotconf/security/accessbasedshareenum.xml
-===================================================================
---- samba-3.6.23.orig/docs-xml/smbdotconf/security/accessbasedshareenum.xml
-+++ samba-3.6.23/docs-xml/smbdotconf/security/accessbasedshareenum.xml
-@@ -7,7 +7,10 @@
-      <para>If this parameter is <constant>yes</constant> for a
-     service, then the share hosted by the service will only be visible
-     to users who have read or write access to the share during share
--    enumeration (for example net view \\sambaserver).  This has
-+    enumeration (for example net view \\sambaserver). The share ACLs
-+    which allow or deny the access to the share can be modified using
-+    for example the <command moreinfo="none">sharesec</command> command
-+    or using the appropriate Windows tools. This has
-     parallels to access based enumeration, the main difference being
-     that only share permissions are evaluated, and security
-     descriptors on files contained on the share are not used in
-Index: samba-3.6.23/docs/manpages/smb.conf.5
-===================================================================
---- samba-3.6.23.orig/docs/manpages/smb.conf.5
-+++ samba-3.6.23/docs/manpages/smb.conf.5
-@@ -784,7 +784,9 @@ access based share enum (S)
- .RS 4
- If this parameter is
- \fByes\fR
--for a service, then the share hosted by the service will only be visible to users who have read or write access to the share during share enumeration (for example net view \e\esambaserver)\&. This has parallels to access based enumeration, the main difference being that only share permissions are evaluated, and security descriptors on files contained on the share are not used in computing enumeration access rights\&.
-+for a service, then the share hosted by the service will only be visible to users who have read or write access to the share during share enumeration (for example net view \e\esambaserver)\&. The share ACLs which allow or deny the access to the share can be modified using for example the
-+sharesec
-+command or using the appropriate Windows tools\&. This has parallels to access based enumeration, the main difference being that only share permissions are evaluated, and security descriptors on files contained on the share are not used in computing enumeration access rights\&.
- .sp
- Default:
- \fI\fIaccess based share enum\fR\fR\fI = \fR\fIno\fR\fI \fR

src/patches/samba/samba-3.6.99-fix_smbclient_ntlmv2_auth.patch

@@ -1,116 +0,0 @@
-From b413a09fa5b927102655a8332e95a64a80e57825 Mon Sep 17 00:00:00 2001
-From: Stefan Metzmacher <metze@samba.org>
-Date: Thu, 21 Jul 2011 21:15:38 +0200
-Subject: [PATCH 1/2] PATCHSET19: s3:libsmb: don't pass cli->called.name to
- NTLMv2_generate_names_blob()
-
-cli->called.name is never initialized, so this change doesn't change
-the behavior. And this behavior seems to be correct, see
-commit 29c0c37691da10bf061ba90a5b31482bda2fa486
-s4/libcli: do not use netbios name in NTLMv2 blobs w/o spnego.
-
-metze
-
-(cherry picked from commit 392ddf970c8f8486e79eec5214ed49912e344e09)
----
- source3/libsmb/cliconnect.c | 6 +++---
- 1 file changed, 3 insertions(+), 3 deletions(-)
-
-diff --git a/source3/libsmb/cliconnect.c b/source3/libsmb/cliconnect.c
-index 8653ba7..38ae230 100644
---- a/source3/libsmb/cliconnect.c
-+++ b/source3/libsmb/cliconnect.c
-@@ -862,11 +862,11 @@ static struct tevent_req *cli_session_setup_nt1_send(
- 			/*
- 			 * note that the 'workgroup' here is a best
- 			 * guess - we don't know the server's domain
--			 * at this point.  The 'server name' is also
--			 * dodgy...
-+			 * at this point. Windows clients also don't
-+			 * use hostname...
- 			 */
- 			names_blob = NTLMv2_generate_names_blob(
--				NULL, cli->called.name, workgroup);
-+				NULL, NULL, workgroup);
- 
- 			if (tevent_req_nomem(names_blob.data, req)) {
- 				return tevent_req_post(req, ev);
--- 
-2.1.0
-
-
-From 1415733b6cfeba129e1459ef55a0a12a5dec0fa3 Mon Sep 17 00:00:00 2001
-From: Christian Ambach <christian.ambach@de.ibm.com>
-Date: Thu, 7 Apr 2011 14:05:04 +0200
-Subject: [PATCH 2/2] PATCHSET19: s4/libcli: do not use netbios name in NTLMv2
- blobs w/o spnego
-
-I have seen domain controllers rejecting NTLMv2 blobs presented to
-NetrLogonSamLogonEx with LOGON_FAILURE when the MsvAvNbComputerName
-was a FQDN or an IP address
-
-I have not seen this field in NTLMv2 blobs send by Windows clients
-when extended security was not available, so omitting the field
-makes Samba similar to Windows.
-
-This prevents errors with some smbtorture testcases that disable
-spnego and when a target name is specified that is not a valid
-netbios name.
-
-Signed-off-by: Andrew Bartlett <abartlet@samba.org>
-
-Autobuild-User: Andrew Bartlett <abartlet@samba.org>
-Autobuild-Date: Thu Apr 14 02:19:08 CEST 2011 on sn-devel-104
-(cherry picked from commit 29c0c37691da10bf061ba90a5b31482bda2fa486)
----
- source4/libcli/smb_composite/sesssetup.c | 26 ++++++++++++++++++++++----
- 1 file changed, 22 insertions(+), 4 deletions(-)
-
-diff --git a/source4/libcli/smb_composite/sesssetup.c b/source4/libcli/smb_composite/sesssetup.c
-index e1159a4..ebc3598 100644
---- a/source4/libcli/smb_composite/sesssetup.c
-+++ b/source4/libcli/smb_composite/sesssetup.c
-@@ -280,8 +280,17 @@ static NTSTATUS session_setup_nt1(struct composite_context *c,
- 				  struct smbcli_request **req) 
- {
- 	NTSTATUS nt_status = NT_STATUS_INTERNAL_ERROR;
--	struct sesssetup_state *state = talloc_get_type(c->private_data, struct sesssetup_state);
--	DATA_BLOB names_blob = NTLMv2_generate_names_blob(state, session->transport->socket->hostname, cli_credentials_get_domain(io->in.credentials));
-+	struct sesssetup_state *state = talloc_get_type(c->private_data,
-+							struct sesssetup_state);
-+	const char *domain = cli_credentials_get_domain(io->in.credentials);
-+
-+	/*
-+	 * domain controllers tend to reject the NTLM v2 blob
-+	 * if the netbiosname is not valid (e.g. IP address or FQDN)
-+	 * so just leave it away (as Windows client do)
-+	 */
-+	DATA_BLOB names_blob = NTLMv2_generate_names_blob(state, NULL, domain);
-+
- 	DATA_BLOB session_key = data_blob(NULL, 0);
- 	int flags = CLI_CRED_NTLM_AUTH;
- 
-@@ -353,9 +362,18 @@ static NTSTATUS session_setup_old(struct composite_context *c,
- 				  struct smbcli_request **req) 
- {
- 	NTSTATUS nt_status;
--	struct sesssetup_state *state = talloc_get_type(c->private_data, struct sesssetup_state);
-+	struct sesssetup_state *state = talloc_get_type(c->private_data,
-+							struct sesssetup_state);
- 	const char *password = cli_credentials_get_password(io->in.credentials);
--	DATA_BLOB names_blob = NTLMv2_generate_names_blob(state, session->transport->socket->hostname, cli_credentials_get_domain(io->in.credentials));
-+	const char *domain = cli_credentials_get_domain(io->in.credentials);
-+
-+	/*
-+	 * domain controllers tend to reject the NTLM v2 blob
-+	 * if the netbiosname is not valid (e.g. IP address or FQDN)
-+	 * so just leave it away (as Windows client do)
-+	 */
-+	DATA_BLOB names_blob = NTLMv2_generate_names_blob(state, NULL, domain);
-+
- 	DATA_BLOB session_key;
- 	int flags = 0;
- 	if (session->options.lanman_auth) {
--- 
-2.1.0
-

src/patches/samba/samba-3.6.99-fix_stale_printer_entries_on_rename.patch

@@ -1,55 +0,0 @@
-From 20d92c8a18beb4af2b9020efed15f5238d86d13c Mon Sep 17 00:00:00 2001
-From: David Disseldorp <ddiss@samba.org>
-Date: Wed, 1 Apr 2015 01:03:13 +0200
-Subject: [PATCH] PATCHSET30 spoolss: purge the printer name cache on name
- change
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Currently the name cache is only cleared on printer deletion. This means
-that if a printer undergoes a name change, the old name remains in the
-cache and can be subsequently used incorrecly if another printer takes
-the same name as the old.
-
-Bug: https://bugzilla.samba.org/show_bug.cgi?id=11210
-
-Reported-by: Franz Pförtsch <franz.pfoertsch@brose.com>
-Signed-off-by: David Disseldorp <ddiss@samba.org>
-Reviewed-by: Jeremy Allison <jra@samba.org>
-
-Autobuild-User(master): Jeremy Allison <jra@samba.org>
-Autobuild-Date(master): Tue Apr 14 05:37:50 CEST 2015 on sn-devel-104
-
-(cherry picked from commit a97507a9a7ba01beead6a621e1210618e93a9f9c)
----
- source3/rpc_server/spoolss/srv_spoolss_nt.c | 6 ++++++
- 1 file changed, 6 insertions(+)
-
-diff --git a/source3/rpc_server/spoolss/srv_spoolss_nt.c b/source3/rpc_server/spoolss/srv_spoolss_nt.c
-index fb8f61f..629bdc2 100644
---- a/source3/rpc_server/spoolss/srv_spoolss_nt.c
-+++ b/source3/rpc_server/spoolss/srv_spoolss_nt.c
-@@ -6373,6 +6373,9 @@ static WERROR update_dsspooler(TALLOC_CTX *mem_ctx,
- 						 snum, printer->sharename ?
- 						 printer->sharename : "");
- 		}
-+
-+		/* name change, purge any cache entries for the old */
-+		prune_printername_cache();
- 	}
- 
- 	if (force_update || !strequal(printer->printername, old_printer->printername)) {
-@@ -6398,6 +6401,9 @@ static WERROR update_dsspooler(TALLOC_CTX *mem_ctx,
- 			notify_printer_printername(server_event_context(),
- 						   msg_ctx, snum, p ? p : "");
- 		}
-+
-+		/* name change, purge any cache entries for the old */
-+		prune_printername_cache();
- 	}
- 
- 	if (force_update || !strequal(printer->portname, old_printer->portname)) {
--- 
-2.5.0
-

src/patches/samba/samba-3.6.99-fix_symlink_verification.patch

@@ -1,111 +0,0 @@
-From b6192b3cdeaa9eb719ec5da3977af9470504d294 Mon Sep 17 00:00:00 2001
-From: Michael Adam <obnox@samba.org>
-Date: Wed, 23 Dec 2015 18:01:23 +0100
-Subject: [PATCH] s3:smbd: fix a corner case of the symlink verification
-
-Commit 7606c0db257b3f9d84da5b2bf5fbb4034cc8d77d fixes the
-path checks in check_reduced_name[_with_privilege]() to
-prevent unintended access via wide links.
-
-The fix fails to correctly treat a corner case where the share
-path is "/". This case is important for some real world
-scenarios, notably the use of the glusterfs VFS module:
-
-For the share path "/", the newly introduced checks deny all
-operations in the share.
-
-This change fixes the checks for the corner case.
-The point is that the assumptions on which the original
-checks are based are not true for the rootdir "/" case.
-This is the case where the rootdir starts _and ends_ with
-a slash. Hence a subdirectory does not continue with a
-slash after the rootdir, since the candidate path has
-been normalized.
-
-This fix just omits the string comparison and the
-next character checks in the case of rootdir "/",
-which is correct because we know that the candidate
-path is normalized and hence starts with a '/'.
-
-The patch is fairly minimal, but changes indentation,
-hence best viewed with 'git show -w'.
-
-A side effect is that the rootdir="/" case needs
-one strncmp less.
-
-BUG: https://bugzilla.samba.org/show_bug.cgi?id=11647
-
-Pair-Programmed-With: Jose A. Rivera <jarrpa@samba.org>
-
-Signed-off-by: Michael Adam <obnox@samba.org>
-Signed-off-by: Jose A. Rivera <jarrpa@samba.org>
-Reviewed-by: Jeremy Allison <jra@samba.org>
-
-Autobuild-User(master): Michael Adam <obnox@samba.org>
-Autobuild-Date(master): Thu Dec 24 00:57:31 CET 2015 on sn-devel-144
-
-(cherry picked from commit ada59ec7b3a5ed0478d11da2fe0c90991d137288)
----
- source3/smbd/vfs.c | 39 +++++++++++++++++++++++++++------------
- 1 file changed, 27 insertions(+), 12 deletions(-)
-
-diff --git a/source3/smbd/vfs.c b/source3/smbd/vfs.c
-index bd93b7f..2b8000d 100644
---- a/source3/smbd/vfs.c
-+++ b/source3/smbd/vfs.c
-@@ -982,7 +982,6 @@ NTSTATUS check_reduced_name(connection_struct *conn, const char *fname)
- 	if (!allow_widelinks || !allow_symlinks) {
- 		const char *conn_rootdir;
- 		size_t rootdir_len;
--		bool matched;
- 
- 		conn_rootdir = SMB_VFS_CONNECTPATH(conn, fname);
- 		if (conn_rootdir == NULL) {
-@@ -993,17 +992,33 @@ NTSTATUS check_reduced_name(connection_struct *conn, const char *fname)
- 		}
- 
- 		rootdir_len = strlen(conn_rootdir);
--		matched = (strncmp(conn_rootdir, resolved_name,
--				rootdir_len) == 0);
--		if (!matched || (resolved_name[rootdir_len] != '/' &&
--				 resolved_name[rootdir_len] != '\0')) {
--			DEBUG(2, ("check_reduced_name: Bad access "
--				"attempt: %s is a symlink outside the "
--				"share path\n", fname));
--			DEBUGADD(2, ("conn_rootdir =%s\n", conn_rootdir));
--			DEBUGADD(2, ("resolved_name=%s\n", resolved_name));
--			SAFE_FREE(resolved_name);
--			return NT_STATUS_ACCESS_DENIED;
-+
-+		/*
-+		 * In the case of rootdir_len == 1, we know that
-+		 * conn_rootdir is "/", and we also know that
-+		 * resolved_name starts with a slash.  So, in this
-+		 * corner case, resolved_name is automatically a
-+		 * sub-directory of the conn_rootdir. Thus we can skip
-+		 * the string comparison and the next character checks
-+		 * (which are even wrong in this case).
-+		 */
-+		if (rootdir_len != 1) {
-+			bool matched;
-+
-+			matched = (strncmp(conn_rootdir, resolved_name,
-+					rootdir_len) == 0);
-+			if (!matched || (resolved_name[rootdir_len] != '/' &&
-+					 resolved_name[rootdir_len] != '\0')) {
-+				DEBUG(2, ("check_reduced_name: Bad access "
-+					"attempt: %s is a symlink outside the "
-+					"share path\n", fname));
-+				DEBUGADD(2, ("conn_rootdir =%s\n",
-+					     conn_rootdir));
-+				DEBUGADD(2, ("resolved_name=%s\n",
-+					     resolved_name));
-+				SAFE_FREE(resolved_name);
-+				return NT_STATUS_ACCESS_DENIED;
-+			}
- 		}
- 
- 		/* Extra checks if all symlinks are disallowed. */
--- 
-2.5.0
-

src/patches/samba/samba-3.6.99-fix_usergroup_cache_lookup.patch

@@ -1,397 +0,0 @@
-From 72494e601ee6027873494f7ee7aff03d9170e3eb Mon Sep 17 00:00:00 2001
-From: Jeremy Allison <jra@samba.org>
-Date: Mon, 16 Jun 2014 22:49:29 -0700
-Subject: [PATCH 1/5] PATCHSET21: s3: auth: Add some const to the struct
- netr_SamInfo3 * arguments of copy_netr_SamInfo3() and
- make_server_info_info3()
-
-Both functions only read from the struct netr_SamInfo3 * argument.
-
-Signed-off-by: Jeremy Allison <jra@samba.org>
-Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
-Reviewed-by: Simo Sorce <idra@samba.org>
-(cherry picked from commit c2411767adb5ce48a4619349075f6f8faae41aab)
-
-Conflicts:
-	source3/auth/proto.h
----
- source3/auth/auth_util.c   | 2 +-
- source3/auth/proto.h       | 4 ++--
- source3/auth/server_info.c | 2 +-
- 3 files changed, 4 insertions(+), 4 deletions(-)
-
-diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c
-index 1f1fed9..a548b7b 100644
---- a/source3/auth/auth_util.c
-+++ b/source3/auth/auth_util.c
-@@ -1195,7 +1195,7 @@ NTSTATUS make_server_info_info3(TALLOC_CTX *mem_ctx,
-				const char *sent_nt_username,
-				const char *domain,
-				struct auth_serversupplied_info **server_info,
--				struct netr_SamInfo3 *info3)
-+				const struct netr_SamInfo3 *info3)
- {
-	static const char zeros[16] = {0, };
-
-diff --git a/source3/auth/proto.h b/source3/auth/proto.h
-index fccabc4..c851722 100644
---- a/source3/auth/proto.h
-+++ b/source3/auth/proto.h
-@@ -173,7 +173,7 @@ NTSTATUS make_server_info_info3(TALLOC_CTX *mem_ctx,
-				const char *sent_nt_username,
-				const char *domain,
-				struct auth_serversupplied_info **server_info,
--				struct netr_SamInfo3 *info3);
-+				const struct netr_SamInfo3 *info3);
- struct wbcAuthUserInfo;
- NTSTATUS make_server_info_wbcAuthUserInfo(TALLOC_CTX *mem_ctx,
-					  const char *sent_nt_username,
-@@ -233,7 +233,7 @@ NTSTATUS passwd_to_SamInfo3(TALLOC_CTX *mem_ctx,
-			    const struct passwd *pwd,
-			    struct netr_SamInfo3 **pinfo3);
- struct netr_SamInfo3 *copy_netr_SamInfo3(TALLOC_CTX *mem_ctx,
--					 struct netr_SamInfo3 *orig);
-+					 const struct netr_SamInfo3 *orig);
- struct netr_SamInfo3 *wbcAuthUserInfo_to_netr_SamInfo3(TALLOC_CTX *mem_ctx,
-					const struct wbcAuthUserInfo *info);
-
-diff --git a/source3/auth/server_info.c b/source3/auth/server_info.c
-index e627892..63b4989 100644
---- a/source3/auth/server_info.c
-+++ b/source3/auth/server_info.c
-@@ -632,7 +632,7 @@ done:
-	} } while(0)
-
- struct netr_SamInfo3 *copy_netr_SamInfo3(TALLOC_CTX *mem_ctx,
--					 struct netr_SamInfo3 *orig)
-+					 const struct netr_SamInfo3 *orig)
- {
-	struct netr_SamInfo3 *info3;
-	unsigned int i;
---
-2.1.0
-
-
-From 1afd41a9cc31acdff66ab084ba89913c8a239a0f Mon Sep 17 00:00:00 2001
-From: Jeremy Allison <jra@samba.org>
-Date: Mon, 16 Jun 2014 22:54:45 -0700
-Subject: [PATCH 2/5] PATCHSET21: s3: auth: Change make_server_info_info3() to
- take a const struct netr_SamInfo3 pointer instead of a struct PAC_LOGON_INFO.
-
-make_server_info_info3() only reads from the info3 pointer.
-
-Signed-off-by: Jeremy Allison <jra@samba.org>
-Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
-Reviewed-by: Simo Sorce <idra@samba.org>
-(cherry picked from commit 527f7b54388713acaaf7b66c718cc0f7114fc368)
-
-Conflicts:
-	source3/auth/auth_generic.c
-	source3/auth/proto.h
-	source3/auth/user_krb5.c
----
- source3/auth/proto.h     | 2 +-
- source3/auth/user_krb5.c | 8 ++++----
- 2 files changed, 5 insertions(+), 5 deletions(-)
-
-diff --git a/source3/auth/proto.h b/source3/auth/proto.h
-index c851722..0ab32a7 100644
---- a/source3/auth/proto.h
-+++ b/source3/auth/proto.h
-@@ -305,7 +305,7 @@ NTSTATUS make_server_info_krb5(TALLOC_CTX *mem_ctx,
-				char *ntdomain,
-				char *username,
-				struct passwd *pw,
--				struct PAC_LOGON_INFO *logon_info,
-+				const struct netr_SamInfo3 *info3,
-				bool mapped_to_guest,
-				struct auth_serversupplied_info **server_info);
-
-diff --git a/source3/auth/user_krb5.c b/source3/auth/user_krb5.c
-index 1e5254e..fde2f48 100644
---- a/source3/auth/user_krb5.c
-+++ b/source3/auth/user_krb5.c
-@@ -184,7 +184,7 @@ NTSTATUS make_server_info_krb5(TALLOC_CTX *mem_ctx,
-				char *ntdomain,
-				char *username,
-				struct passwd *pw,
--				struct PAC_LOGON_INFO *logon_info,
-+				const struct netr_SamInfo3 *info3,
-				bool mapped_to_guest,
-				struct auth_serversupplied_info **server_info)
- {
-@@ -198,14 +198,14 @@ NTSTATUS make_server_info_krb5(TALLOC_CTX *mem_ctx,
-			return status;
-		}
-
--	} else if (logon_info) {
-+	} else if (info3) {
-		/* pass the unmapped username here since map_username()
-		   will be called again in make_server_info_info3() */
-
-		status = make_server_info_info3(mem_ctx,
-						ntuser, ntdomain,
-						server_info,
--						&logon_info->info3);
-+						info3);
-		if (!NT_STATUS_IS_OK(status)) {
-			DEBUG(1, ("make_server_info_info3 failed: %s!\n",
-				  nt_errstr(status)));
-@@ -284,7 +284,7 @@ NTSTATUS make_server_info_krb5(TALLOC_CTX *mem_ctx,
-				char *ntdomain,
-				char *username,
-				struct passwd *pw,
--				struct PAC_LOGON_INFO *logon_info,
-+				const struct netr_SamInfo3 *info3,
-				bool mapped_to_guest,
-				struct auth_serversupplied_info **server_info)
- {
---
-2.1.0
-
-
-From 08bf07ec03537aedbd7beb359cf9274be2882edf Mon Sep 17 00:00:00 2001
-From: Jeremy Allison <jra@samba.org>
-Date: Mon, 16 Jun 2014 23:11:58 -0700
-Subject: [PATCH 3/5] PATCHSET21: s3: auth: Add
- create_info3_from_pac_logon_info() to create a new info3 and merge resource
- group SIDs into it.
-
-Originally written by Richard Sharpe Richard Sharpe <realrichardsharpe@gmail.com>.
-
-Signed-off-by: Jeremy Allison <jra@samba.org>
-Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
-Reviewed-by: Simo Sorce <idra@samba.org>
-(cherry picked from commit db775c68ccbed0252abf092b5cb811e8f5fa9bb6)
----
- source3/auth/proto.h       |  5 ++-
- source3/auth/server_info.c | 78 ++++++++++++++++++++++++++++++++++++++++++++++
- 2 files changed, 82 insertions(+), 1 deletion(-)
-
-diff --git a/source3/auth/proto.h b/source3/auth/proto.h
-index 0ab32a7..4335cf8 100644
---- a/source3/auth/proto.h
-+++ b/source3/auth/proto.h
-@@ -209,6 +209,7 @@ NTSTATUS auth_winbind_init(void);
- struct netr_SamInfo2;
- struct netr_SamInfo3;
- struct netr_SamInfo6;
-+struct PAC_LOGON_INFO;
-
- struct auth_serversupplied_info *make_server_info(TALLOC_CTX *mem_ctx);
- NTSTATUS serverinfo_to_SamInfo2(struct auth_serversupplied_info *server_info,
-@@ -223,6 +224,9 @@ NTSTATUS serverinfo_to_SamInfo6(struct auth_serversupplied_info *server_info,
-				uint8_t *pipe_session_key,
-				size_t pipe_session_key_len,
-				struct netr_SamInfo6 *sam6);
-+NTSTATUS create_info3_from_pac_logon_info(TALLOC_CTX *mem_ctx,
-+                                        const struct PAC_LOGON_INFO *logon_info,
-+                                        struct netr_SamInfo3 **pp_info3);
- NTSTATUS samu_to_SamInfo3(TALLOC_CTX *mem_ctx,
-			  struct samu *samu,
-			  const char *login_server,
-@@ -289,7 +293,6 @@ bool user_in_netgroup(TALLOC_CTX *ctx, const char *user, const char *ngname);
- bool user_in_list(TALLOC_CTX *ctx, const char *user,const char **list);
-
- /* The following definitions come from auth/user_krb5.c  */
--struct PAC_LOGON_INFO;
- NTSTATUS get_user_from_kerberos_info(TALLOC_CTX *mem_ctx,
-				     const char *cli_name,
-				     const char *princ_name,
-diff --git a/source3/auth/server_info.c b/source3/auth/server_info.c
-index 63b4989..1fd9317 100644
---- a/source3/auth/server_info.c
-+++ b/source3/auth/server_info.c
-@@ -21,6 +21,7 @@
- #include "auth.h"
- #include "../lib/crypto/arcfour.h"
- #include "../librpc/gen_ndr/netlogon.h"
-+#include "../librpc/gen_ndr/krb5pac.h"
- #include "../libcli/security/security.h"
- #include "rpc_client/util_netlogon.h"
- #include "nsswitch/libwbclient/wbclient.h"
-@@ -293,6 +294,83 @@ static NTSTATUS group_sids_to_info3(struct netr_SamInfo3 *info3,
-	return NT_STATUS_OK;
- }
-
-+/*
-+ * Merge resource SIDs, if any, into the passed in info3 structure.
-+ */
-+
-+static NTSTATUS merge_resource_sids(const struct PAC_LOGON_INFO *logon_info,
-+				struct netr_SamInfo3 *info3)
-+{
-+	uint32_t i = 0;
-+
-+	if (!(logon_info->info3.base.user_flags & NETLOGON_RESOURCE_GROUPS)) {
-+		return NT_STATUS_OK;
-+	}
-+
-+	/*
-+	 * If there are any resource groups (SID Compression) add
-+	 * them to the extra sids portion of the info3 in the PAC.
-+	 *
-+	 * This makes the info3 look like it would if we got the info
-+	 * from the DC rather than the PAC.
-+	 */
-+
-+	/*
-+	 * Construct a SID for each RID in the list and then append it
-+	 * to the info3.
-+	 */
-+	for (i = 0; i < logon_info->res_groups.count; i++) {
-+		NTSTATUS status;
-+		struct dom_sid new_sid;
-+		uint32_t attributes = logon_info->res_groups.rids[i].attributes;
-+
-+		sid_compose(&new_sid,
-+			logon_info->res_group_dom_sid,
-+			logon_info->res_groups.rids[i].rid);
-+
-+		DEBUG(10, ("Adding SID %s to extra SIDS\n",
-+			sid_string_dbg(&new_sid)));
-+
-+		status = append_netr_SidAttr(info3, &info3->sids,
-+					&info3->sidcount,
-+					&new_sid,
-+					attributes);
-+		if (!NT_STATUS_IS_OK(status)) {
-+			DEBUG(1, ("failed to append SID %s to extra SIDS: %s\n",
-+				sid_string_dbg(&new_sid),
-+				nt_errstr(status)));
-+			return status;
-+		}
-+	}
-+
-+	return NT_STATUS_OK;
-+}
-+
-+/*
-+ * Create a copy of an info3 struct from the struct PAC_LOGON_INFO,
-+ * then merge resource SIDs, if any, into it. If successful return
-+ * the created info3 struct.
-+ */
-+
-+NTSTATUS create_info3_from_pac_logon_info(TALLOC_CTX *mem_ctx,
-+					const struct PAC_LOGON_INFO *logon_info,
-+					struct netr_SamInfo3 **pp_info3)
-+{
-+	NTSTATUS status;
-+	struct netr_SamInfo3 *info3 = copy_netr_SamInfo3(mem_ctx,
-+					&logon_info->info3);
-+	if (info3 == NULL) {
-+		return NT_STATUS_NO_MEMORY;
-+	}
-+	status = merge_resource_sids(logon_info, info3);
-+	if (!NT_STATUS_IS_OK(status)) {
-+		TALLOC_FREE(info3);
-+		return status;
-+	}
-+	*pp_info3 = info3;
-+	return NT_STATUS_OK;
-+}
-+
- #define RET_NOMEM(ptr) do { \
-	if (!ptr) { \
-		TALLOC_FREE(info3); \
---
-2.1.0
-
-
-From 86d58108db53958f05d559b2d2a20185ef2deb55 Mon Sep 17 00:00:00 2001
-From: Andreas Schneider <asn@cryptomilk.org>
-Date: Wed, 4 Mar 2015 17:45:39 +0100
-Subject: [PATCH 4/5] PATCHSET21: s3-winbind: Merge resource groups from a
- trusted PAC into the sid array.
-
-This is a backport of db775c68ccbed0252abf092b5cb811e8f5fa9bb6.
----
- source3/winbindd/winbindd_pam.c | 10 +++++++++-
- 1 file changed, 9 insertions(+), 1 deletion(-)
-
-diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winbindd_pam.c
-index 5316232..b1838a6 100644
---- a/source3/winbindd/winbindd_pam.c
-+++ b/source3/winbindd/winbindd_pam.c
-@@ -546,6 +546,7 @@ static NTSTATUS winbindd_raw_kerberos_login(TALLOC_CTX *mem_ctx,
-	time_t time_offset = 0;
-	const char *user_ccache_file;
-	struct PAC_LOGON_INFO *logon_info = NULL;
-+	struct netr_SamInfo3 *info3_copy = NULL;
-
-	*info3 = NULL;
-
-@@ -624,7 +625,14 @@ static NTSTATUS winbindd_raw_kerberos_login(TALLOC_CTX *mem_ctx,
-		goto failed;
-	}
-
--	*info3 = &logon_info->info3;
-+	result = create_info3_from_pac_logon_info(mem_ctx,
-+						  logon_info,
-+						  &info3_copy);
-+	if (!NT_STATUS_IS_OK(result)) {
-+		return result;
-+	}
-+
-+	*info3 = info3_copy;
-
-	DEBUG(10,("winbindd_raw_kerberos_login: winbindd validated ticket of %s\n",
-		principal_s));
---
-2.1.0
-
-
-From 40731d512ba1ee0502bdbdd831c4154f967d9f3e Mon Sep 17 00:00:00 2001
-From: Michael Adam <obnox@samba.org>
-Date: Mon, 9 Mar 2015 15:15:37 +0100
-Subject: [PATCH 5/5] PATCHSET21: s3-winbind: Fix chached user group lookup of
- trusted domains.
-
-If a user group lookup has aleady been done before with a machine
-account we did always return the incomplete information from the cache.
-This patch makes sure we return the correct group information from the
-netsamlogon cache.
-
-BUG: https://bugzilla.samba.org/show_bug.cgi?id=11143
-
-Pair-Programmed-With: Andreas Schneider <asn@samba.org>
-Signed-off-by: Michael Adam <obnox@samba.org>
-Signed-off-by: Andreas Schneider <asn@samba.org>
-Reviewed-by: Volker Lendecke <vl@samba.org>
-
-(cherry picked from commit f5d0204bfa1eb641fe7697613c1f773b6a7e65de)
----
- source3/winbindd/wb_lookupusergroups.c | 11 +++++++++++
- 1 file changed, 11 insertions(+)
-
-diff --git a/source3/winbindd/wb_lookupusergroups.c b/source3/winbindd/wb_lookupusergroups.c
-index aeffc17..1bb7081 100644
---- a/source3/winbindd/wb_lookupusergroups.c
-+++ b/source3/winbindd/wb_lookupusergroups.c
-@@ -37,6 +37,7 @@ struct tevent_req *wb_lookupusergroups_send(TALLOC_CTX *mem_ctx,
- {
-	struct tevent_req *req, *subreq;
-	struct wb_lookupusergroups_state *state;
-+	NTSTATUS status;
-
-	req = tevent_req_create(mem_ctx, &state,
-				struct wb_lookupusergroups_state);
-@@ -45,6 +46,16 @@ struct tevent_req *wb_lookupusergroups_send(TALLOC_CTX *mem_ctx,
-	}
-	sid_copy(&state->sid, sid);
-
-+	status = lookup_usergroups_cached(NULL,
-+					  state,
-+					  &state->sid,
-+					  &state->sids.num_sids,
-+					  &state->sids.sids);
-+	if (NT_STATUS_IS_OK(status)) {
-+		tevent_req_done(req);
-+		return tevent_req_post(req, ev);
-+	}
-+
-	subreq = dcerpc_wbint_LookupUserGroups_send(
-		state, ev, dom_child_handle(domain), &state->sid, &state->sids);
-	if (tevent_req_nomem(subreq, req)) {
---
-2.1.0

src/patches/samba/samba-3.6.99-fix_winbind_cache_memory_leak.patch

@@ -1,29 +0,0 @@
-From 7aa2d48a4952980316dc0418d79053cfc9fea2ed Mon Sep 17 00:00:00 2001
-From: Volker Lendecke <vl@samba.org>
-Date: Sun, 20 Oct 2013 17:25:27 +0200
-Subject: [PATCH] winbind3: Fix CID 241468 Resource leak
-
-We were leaking centry in this error case
-
-Signed-off-by: Volker Lendecke <vl@samba.org>
-Reviewed-by: Jeremy Allison <jra@samba.org>
-(cherry picked from commit 71c8cd19cf079c7e1462a9ca4432725e3623f7cd)
----
- source3/winbindd/winbindd_cache.c | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/source3/winbindd/winbindd_cache.c b/source3/winbindd/winbindd_cache.c
-index 82c8087..00bd034 100644
---- a/source3/winbindd/winbindd_cache.c
-+++ b/source3/winbindd/winbindd_cache.c
-@@ -2076,6 +2076,7 @@ static NTSTATUS rids_to_names(struct winbindd_domain *domain,
- 		} else {
- 			/* something's definitely wrong */
- 			result = centry->status;
-+			centry_free(centry);
- 			goto error;
- 		}
- 
--- 
-2.5.5
-

src/patches/samba/samba-3.6.99-idmap_ad_memleak.patch

@@ -1,28 +0,0 @@
-commit d88c59d3690e7c14edfc99411479c245de62e3aa
-Author:     Andreas Schneider <asn@samba.org>
-AuthorDate: Wed Oct 5 10:32:16 2016 +0200
-Commit:     Andreas Schneider <asn@samba.org>
-CommitDate: Wed Oct 5 10:32:16 2016 +0200
-
-    s3-winbind: Fix memory leak in ad_idmap_cached_connection_internal()
-    
-    Signed-off-by: Andreas Schneider <asn@samba.org>
----
- source3/winbindd/idmap_ad.c | 4 +++-
- 1 file changed, 3 insertions(+), 1 deletion(-)
-
-diff --git a/source3/winbindd/idmap_ad.c b/source3/winbindd/idmap_ad.c
-index 2b35a4f..2b21051 100644
---- a/source3/winbindd/idmap_ad.c
-+++ b/source3/winbindd/idmap_ad.c
-@@ -127,7 +127,9 @@ static ADS_STATUS ad_idmap_cached_connection_internal(struct idmap_domain *dom)
- 		realm = wb_dom->alt_name;
- 	}
- 
--	if ( (ads = ads_init(realm, dom->name, ldap_server)) == NULL ) {
-+	ads = ads_init(realm, dom->name, ldap_server);
-+	SAFE_FREE(ldap_server);
-+	if (ads == NULL) {
- 		DEBUG(1,("ads_init failed\n"));
- 		return ADS_ERROR_NT(NT_STATUS_NO_MEMORY);
- 	}

src/patches/samba/samba-3.6.99-libsmb_fix_dfs_connections.patch

@@ -1,47 +0,0 @@
-From 8368c6336f557220d6b2a088e291c5ce61f80f9e Mon Sep 17 00:00:00 2001
-From: Jeremy Allison <jra@samba.org>
-Date: Wed, 16 Dec 2015 11:04:20 -0800
-Subject: [PATCH] s3: libsmb: Correctly initialize the list head when keeping a
- list of primary followed by DFS connections.
-
-Greatly helped by <shargagan@novell.com> to
-track down this issue.
-
-BUG: https://bugzilla.samba.org/show_bug.cgi?id=11624
-
-Signed-off-by: Jeremy Allison <jra@samba.org>
-Reviewed-by: Volker Lendecke <vl@samba.org>
-
-Autobuild-User(master): Volker Lendecke <vl@samba.org>
-Autobuild-Date(master): Fri Dec 18 01:02:55 CET 2015 on sn-devel-144
-
-(cherry picked from commit d7feb1879ee711598540049c2c5eccc80fd6f1e5)
----
- source3/libsmb/libsmb_server.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/source3/libsmb/libsmb_server.c b/source3/libsmb/libsmb_server.c
-index 45be660..e7416e0 100644
---- a/source3/libsmb/libsmb_server.c
-+++ b/source3/libsmb/libsmb_server.c
-@@ -634,7 +634,7 @@ again:
- 	}
- 
- 	ZERO_STRUCTP(srv);
--	srv->cli = c;
-+	DLIST_ADD(srv->cli, c);
- 	srv->dev = (dev_t)(str_checksum(server) ^ str_checksum(share));
-         srv->no_pathinfo = False;
-         srv->no_pathinfo2 = False;
-@@ -821,7 +821,7 @@ SMBC_attr_server(TALLOC_CTX *ctx,
-                 }
- 
-                 ZERO_STRUCTP(ipc_srv);
--                ipc_srv->cli = ipc_cli;
-+                DLIST_ADD(ipc_srv->cli, ipc_cli);
- 
-                 nt_status = cli_rpc_pipe_open_noauth(
- 			ipc_srv->cli, &ndr_table_lsarpc.syntax_id, &pipe_hnd);
--- 
-2.7.4
-

src/patches/samba/samba-3.6.99-net_ads_join_no_dns_updates.patch

@@ -1,101 +0,0 @@
-From df1da96d7f9a11ee1029c1bb55a40255ea63267c Mon Sep 17 00:00:00 2001
-From: Michael Adam <obnox@samba.org>
-Date: Wed, 6 Jan 2016 11:04:16 +0100
-Subject: [PATCH] PATCHSET35 net: add option --no-dns-updates for net ads join
-
-If called with this option, 'net ads join' will not attempt
-to perform dns updates.
-
-Backported for Samba 3.6 from master patches:
-
- ae81a40b1193ef93add61666ace6fff1a1e0676a
- d7a617f2f00c4a2b5294523fa651915c85de0d8b
-
-Signed-off-by: Michael Adam <obnox@samba.org>
----
- docs-xml/manpages-3/net.8.xml | 9 ++++++++-
- source3/utils/net.c           | 2 ++
- source3/utils/net.h           | 2 ++
- source3/utils/net_ads.c       | 6 +++++-
- 4 files changed, 17 insertions(+), 2 deletions(-)
-
-diff --git a/docs-xml/manpages-3/net.8.xml b/docs-xml/manpages-3/net.8.xml
-index 65f1272..cff3594 100644
---- a/docs-xml/manpages-3/net.8.xml
-+++ b/docs-xml/manpages-3/net.8.xml
-@@ -135,6 +135,13 @@
- 		</para></listitem>
- 		</varlistentry>
- 
-+		<varlistentry>
-+		<term>--no-dns-updates</term>
-+		<listitem><para>Do not perform DNS updates as part of
-+		"net ads join".
-+		</para></listitem>
-+		</varlistentry>
-+
- 		&stdarg.server.debug;
- 	</variablelist>
- </refsect1>
-@@ -194,7 +201,7 @@ the remote server using <command>/bin/date</command>. </para>
- </refsect2>
- 
- <refsect2>
--<title>[RPC|ADS] JOIN [TYPE] [-U username[%password]] [createupn=UPN] [createcomputer=OU] [options]</title>
-+<title>[RPC|ADS] JOIN [TYPE] [--no-dns-updates] [-U username[%password]] [createupn=UPN] [createcomputer=OU] [options]</title>
- 
- <para>
- Join a domain.  If the account already exists on the server, and 
-diff --git a/source3/utils/net.c b/source3/utils/net.c
-index c53b285..3a95f7e 100644
---- a/source3/utils/net.c
-+++ b/source3/utils/net.c
-@@ -820,6 +820,8 @@ static struct functable net_func[] = {
- 		{"lock", 0, POPT_ARG_NONE,   &c->opt_lock},
- 		{"auto", 'a', POPT_ARG_NONE,   &c->opt_auto},
- 		{"repair", 0, POPT_ARG_NONE,   &c->opt_repair},
-+		/* Options for 'net ads join' */
-+		{"no-dns-updates", 0, POPT_ARG_NONE, &c->opt_no_dns_updates},
- 		POPT_COMMON_SAMBA
- 		{ 0, 0, 0, 0}
- 	};
-diff --git a/source3/utils/net.h b/source3/utils/net.h
-index 1d1559f..adddf34 100644
---- a/source3/utils/net.h
-+++ b/source3/utils/net.h
-@@ -81,6 +81,8 @@ struct net_context {
- 	int opt_auto;
- 	int opt_repair;
- 
-+	int opt_no_dns_updates;
-+
- 	int opt_have_ip;
- 	struct sockaddr_storage opt_dest_ip;
- 	bool smb_encrypt;
-diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c
-index 816349d..5c541f3 100644
---- a/source3/utils/net_ads.c
-+++ b/source3/utils/net_ads.c
-@@ -1296,7 +1296,7 @@ static NTSTATUS net_update_dns(struct net_context *c, TALLOC_CTX *mem_ctx, ADS_S
- 
- static int net_ads_join_usage(struct net_context *c, int argc, const char **argv)
- {
--	d_printf(_("net ads join [options]\n"
-+	d_printf(_("net ads join [--no-dns-updates] [options]\n"
- 	           "Valid options:\n"));
- 	d_printf(_("   createupn[=UPN]    Set the userPrincipalName attribute during the join.\n"
- 		   "                      The deault UPN is in the form host/netbiosname@REALM.\n"));
-@@ -1455,6 +1455,10 @@ int net_ads_join(struct net_context *c, int argc, const char **argv)
- 	}
- 
- #if defined(WITH_DNS_UPDATES)
-+	if (c->opt_no_dns_updates) {
-+		goto done;
-+	}
-+
- 	/*
- 	 * In a clustered environment, don't do dynamic dns updates:
- 	 * Registering the set of ip addresses that are assigned to
--- 
-2.5.0
-

src/patches/samba/samba-3.6.99-nt_printer_publish_guid.patch

@@ -1,620 +0,0 @@
-From 892d163635563a3505fcde2d3439a2f6b1af92a7 Mon Sep 17 00:00:00 2001
-From: David Disseldorp <ddiss@samba.org>
-Date: Thu, 18 Dec 2014 18:18:21 +0100
-Subject: [PATCH 1/4] PATCHSET16: printing: split out printer DN and GUID
- retrieval
-
-This functions are used for printer publishing.
-
-BUG: https://bugzilla.samba.org/show_bug.cgi?id=11018
-
-Pair-programmed-with: Andreas Schneider <asn@samba.org>
-Signed-off-by: David Disseldorp <ddiss@samba.org>
-Signed-off-by: Andreas Schneider <asn@samba.org>
-Reviewed-by: Guenther Deschner <gd@samba.org>
-(cherry picked from commit 7cabd89789a50d37fc32735968c493092a37e69f)
----
- source3/printing/nt_printing_ads.c | 209 ++++++++++++++++++++++++-------------
- 1 file changed, 137 insertions(+), 72 deletions(-)
-
-diff --git a/source3/printing/nt_printing_ads.c b/source3/printing/nt_printing_ads.c
-index bf309b0..25e1ab6 100644
---- a/source3/printing/nt_printing_ads.c
-+++ b/source3/printing/nt_printing_ads.c
-@@ -87,6 +87,128 @@ done:
- 	talloc_free(tmp_ctx);
- }
- 
-+static WERROR nt_printer_dn_lookup(TALLOC_CTX *mem_ctx,
-+				   ADS_STRUCT *ads,
-+				   const char *printer,
-+				   char **pprinter_dn)
-+{
-+	char *printer_dn = NULL;
-+	char *srv_dn = NULL;
-+	char *srv_cn_0 = NULL;
-+	char *srv_cn_escaped = NULL;
-+	char *sharename_escaped = NULL;
-+	char *srv_dn_utf8 = NULL;
-+	char **srv_cn_utf8 = NULL;
-+	size_t converted_size;
-+	ADS_STATUS ads_status;
-+	LDAPMessage *res;
-+	WERROR result;
-+	bool ok;
-+
-+	ads_status = ads_find_machine_acct(ads, &res, global_myname());
-+	if (!ADS_ERR_OK(ads_status)) {
-+		DEBUG(2, ("Failed to find machine account for %s\n",
-+			  global_myname()));
-+		result = WERR_NOT_FOUND;
-+		goto err_out;
-+	}
-+
-+	/*
-+	 * We use ldap_get_dn here as we need the answer in utf8 to call
-+	 * ldap_explode_dn(). JRA.
-+	 */
-+	srv_dn_utf8 = ldap_get_dn((LDAP *)ads->ldap.ld, (LDAPMessage *)res);
-+	ads_msgfree(ads, res);
-+	if (srv_dn_utf8 == NULL) {
-+		result = WERR_SERVER_UNAVAILABLE;
-+		goto err_out;
-+	}
-+
-+	srv_cn_utf8 = ldap_explode_dn(srv_dn_utf8, 1);
-+	if (srv_cn_utf8 == NULL) {
-+		ldap_memfree(srv_dn_utf8);
-+		result = WERR_SERVER_UNAVAILABLE;
-+		goto err_out;
-+	}
-+
-+	/* Now convert to CH_UNIX. */
-+	ok = pull_utf8_talloc(mem_ctx, &srv_dn, srv_dn_utf8, &converted_size);
-+	ldap_memfree(srv_dn_utf8);
-+	if (!ok) {
-+		ldap_memfree(srv_cn_utf8);
-+		result = WERR_SERVER_UNAVAILABLE;
-+		goto err_out;
-+	}
-+
-+	ok = pull_utf8_talloc(mem_ctx, &srv_cn_0, srv_cn_utf8[0], &converted_size);
-+	ldap_memfree(srv_cn_utf8);
-+	if (!ok) {
-+		result = WERR_SERVER_UNAVAILABLE;
-+		goto err_out;
-+	}
-+
-+	srv_cn_escaped = escape_rdn_val_string_alloc(srv_cn_0);
-+	if (srv_cn_escaped == NULL) {
-+		result = WERR_SERVER_UNAVAILABLE;
-+		goto err_out;
-+	}
-+
-+	sharename_escaped = escape_rdn_val_string_alloc(printer);
-+	if (sharename_escaped == NULL) {
-+		result = WERR_SERVER_UNAVAILABLE;
-+		goto err_out;
-+	}
-+
-+	printer_dn = talloc_asprintf(mem_ctx,
-+				     "cn=%s-%s,%s",
-+				     srv_cn_escaped,
-+				     sharename_escaped,
-+				     srv_dn);
-+	if (printer_dn == NULL) {
-+		result = WERR_NOMEM;
-+		goto err_out;
-+	}
-+
-+	*pprinter_dn = printer_dn;
-+
-+	result = WERR_OK;
-+err_out:
-+	SAFE_FREE(sharename_escaped);
-+	SAFE_FREE(srv_cn_escaped);
-+	TALLOC_FREE(srv_cn_0);
-+	TALLOC_FREE(srv_dn);
-+	return result;
-+}
-+
-+static WERROR nt_printer_guid_retrieve_internal(ADS_STRUCT *ads,
-+						const char *printer_dn,
-+						struct GUID *pguid)
-+{
-+	ADS_STATUS ads_status;
-+	LDAPMessage *res;
-+	const char *attrs[] = {"objectGUID", NULL};
-+	struct GUID guid;
-+	bool ok;
-+
-+	ads_status = ads_search_dn(ads, &res, printer_dn, attrs);
-+	if (!ADS_ERR_OK(ads_status)) {
-+		DEBUG(2, ("Failed to retrieve GUID from DC - %s\n",
-+			  ads_errstr(ads_status)));
-+		return WERR_BADFILE;
-+	}
-+
-+	ZERO_STRUCT(guid);
-+	ok = ads_pull_guid(ads, res, &guid);
-+	ads_msgfree(ads, res);
-+	if (!ok) {
-+		return WERR_NOMEM;
-+	}
-+
-+	*pguid = guid;
-+
-+	return WERR_OK;
-+}
-+
- WERROR nt_printer_guid_get(TALLOC_CTX *mem_ctx,
- 			   const struct auth_serversupplied_info *session_info,
- 			   struct messaging_context *msg_ctx,
-@@ -246,16 +368,12 @@ static WERROR nt_printer_publish_ads(struct messaging_context *msg_ctx,
- 				     struct spoolss_PrinterInfo2 *pinfo2)
- {
- 	ADS_STATUS ads_rc;
--	LDAPMessage *res;
--	char *prt_dn = NULL, *srv_dn, *srv_cn_0, *srv_cn_escaped, *sharename_escaped;
--	char *srv_dn_utf8, **srv_cn_utf8;
- 	TALLOC_CTX *ctx;
- 	ADS_MODLIST mods;
--	const char *attrs[] = {"objectGUID", NULL};
- 	struct GUID guid;
- 	WERROR win_rc = WERR_OK;
--	size_t converted_size;
- 	const char *printer = pinfo2->sharename;
-+	char *printer_dn = NULL;
- 
- 	/* build the ads mods */
- 	ctx = talloc_init("nt_printer_publish_ads");
-@@ -265,65 +383,13 @@ static WERROR nt_printer_publish_ads(struct messaging_context *msg_ctx,
- 
- 	DEBUG(5, ("publishing printer %s\n", printer));
- 
--	/* figure out where to publish */
--	ads_rc = ads_find_machine_acct(ads, &res, global_myname());
--	if (!ADS_ERR_OK(ads_rc)) {
--		DEBUG(0, ("failed to find machine account for %s\n",
--			  global_myname()));
--		TALLOC_FREE(ctx);
--		return WERR_NOT_FOUND;
--	}
--
--	/* We use ldap_get_dn here as we need the answer
--	 * in utf8 to call ldap_explode_dn(). JRA. */
--
--	srv_dn_utf8 = ldap_get_dn((LDAP *)ads->ldap.ld, (LDAPMessage *)res);
--	ads_msgfree(ads, res);
--	if (!srv_dn_utf8) {
--		TALLOC_FREE(ctx);
--		return WERR_SERVER_UNAVAILABLE;
--	}
--	srv_cn_utf8 = ldap_explode_dn(srv_dn_utf8, 1);
--	if (!srv_cn_utf8) {
--		TALLOC_FREE(ctx);
--		ldap_memfree(srv_dn_utf8);
--		return WERR_SERVER_UNAVAILABLE;
--	}
--	/* Now convert to CH_UNIX. */
--	if (!pull_utf8_talloc(ctx, &srv_dn, srv_dn_utf8, &converted_size)) {
--		TALLOC_FREE(ctx);
--		ldap_memfree(srv_dn_utf8);
--		ldap_memfree(srv_cn_utf8);
--		return WERR_SERVER_UNAVAILABLE;
--	}
--	if (!pull_utf8_talloc(ctx, &srv_cn_0, srv_cn_utf8[0], &converted_size)) {
--		TALLOC_FREE(ctx);
--		ldap_memfree(srv_dn_utf8);
--		ldap_memfree(srv_cn_utf8);
--		TALLOC_FREE(srv_dn);
--		return WERR_SERVER_UNAVAILABLE;
--	}
--
--	ldap_memfree(srv_dn_utf8);
--	ldap_memfree(srv_cn_utf8);
--
--	srv_cn_escaped = escape_rdn_val_string_alloc(srv_cn_0);
--	if (!srv_cn_escaped) {
--		TALLOC_FREE(ctx);
--		return WERR_SERVER_UNAVAILABLE;
--	}
--	sharename_escaped = escape_rdn_val_string_alloc(printer);
--	if (!sharename_escaped) {
--		SAFE_FREE(srv_cn_escaped);
-+	win_rc = nt_printer_dn_lookup(ctx, ads, printer, &printer_dn);
-+	if (!W_ERROR_IS_OK(win_rc)) {
-+		DEBUG(2, ("Failed to create printer dn\n"));
- 		TALLOC_FREE(ctx);
--		return WERR_SERVER_UNAVAILABLE;
-+		return win_rc;
- 	}
- 
--	prt_dn = talloc_asprintf(ctx, "cn=%s-%s,%s", srv_cn_escaped, sharename_escaped, srv_dn);
--
--	SAFE_FREE(srv_cn_escaped);
--	SAFE_FREE(sharename_escaped);
--
- 	mods = ads_init_mods(ctx);
- 
- 	if (mods == NULL) {
-@@ -338,13 +404,13 @@ static WERROR nt_printer_publish_ads(struct messaging_context *msg_ctx,
- 	}
- 
- 	/* publish it */
--	ads_rc = ads_mod_printer_entry(ads, prt_dn, ctx, &mods);
-+	ads_rc = ads_mod_printer_entry(ads, printer_dn, ctx, &mods);
- 	if (ads_rc.err.rc == LDAP_NO_SUCH_OBJECT) {
- 		int i;
- 		for (i=0; mods[i] != 0; i++)
- 			;
- 		mods[i] = (LDAPMod *)-1;
--		ads_rc = ads_add_printer_entry(ads, prt_dn, ctx, &mods);
-+		ads_rc = ads_add_printer_entry(ads, printer_dn, ctx, &mods);
- 	}
- 
- 	if (!ADS_ERR_OK(ads_rc)) {
-@@ -352,16 +418,15 @@ static WERROR nt_printer_publish_ads(struct messaging_context *msg_ctx,
- 			  printer, ads_errstr(ads_rc)));
- 	}
- 
--	/* retreive the guid and store it locally */
--	if (ADS_ERR_OK(ads_search_dn(ads, &res, prt_dn, attrs))) {
--		bool guid_ok;
--		ZERO_STRUCT(guid);
--		guid_ok = ads_pull_guid(ads, res, &guid);
--		ads_msgfree(ads, res);
--		if (guid_ok) {
--			store_printer_guid(msg_ctx, printer, guid);
--		}
-+	win_rc = nt_printer_guid_retrieve_internal(ads, printer_dn, &guid);
-+	if (!W_ERROR_IS_OK(win_rc)) {
-+		TALLOC_FREE(ctx);
-+		return win_rc;
- 	}
-+
-+	/* TODO add a return value */
-+	store_printer_guid(msg_ctx, printer, guid);
-+
- 	TALLOC_FREE(ctx);
- 
- 	return win_rc;
--- 
-2.3.0
-
-
-From 45bb946d93deaf4926754cf57454f79869e8bfaf Mon Sep 17 00:00:00 2001
-From: David Disseldorp <ddiss@samba.org>
-Date: Thu, 18 Dec 2014 18:23:11 +0100
-Subject: [PATCH 2/4] PATCHSET16: printing: add nt_printer_guid_retrieve()
- helper
-
-This function connects to the domain controller and retrieves the
-GUID for the corresponding printer DN.
-
-BUG: https://bugzilla.samba.org/show_bug.cgi?id=11018
-
-Pair-programmed-with: Andreas Schneider <asn@samba.org>
-Signed-off-by: David Disseldorp <ddiss@samba.org>
-Signed-off-by: Andreas Schneider <asn@samba.org>
-Reviewed-by: Guenther Deschner <gd@samba.org>
-(cherry picked from commit 38dbd054dc331a441b10fdebbdb4bd0fc51cfc0a)
----
- source3/include/nt_printing.h      |  3 ++
- source3/printing/nt_printing_ads.c | 58 ++++++++++++++++++++++++++++++++++++++
- 2 files changed, 61 insertions(+)
-
-diff --git a/source3/include/nt_printing.h b/source3/include/nt_printing.h
-index cdbad87..67a0522 100644
---- a/source3/include/nt_printing.h
-+++ b/source3/include/nt_printing.h
-@@ -132,6 +132,9 @@ bool print_access_check(const struct auth_serversupplied_info *server_info,
- 			struct messaging_context *msg_ctx, int snum,
- 			int access_type);
- 
-+WERROR nt_printer_guid_retrieve(TALLOC_CTX *mem_ctx, const char *printer,
-+				struct GUID *pguid);
-+
- WERROR nt_printer_guid_get(TALLOC_CTX *mem_ctx,
- 			   const struct auth_serversupplied_info *server_info,
- 			   struct messaging_context *msg_ctx,
-diff --git a/source3/printing/nt_printing_ads.c b/source3/printing/nt_printing_ads.c
-index 25e1ab6..6fa4bfc 100644
---- a/source3/printing/nt_printing_ads.c
-+++ b/source3/printing/nt_printing_ads.c
-@@ -209,6 +209,58 @@ static WERROR nt_printer_guid_retrieve_internal(ADS_STRUCT *ads,
- 	return WERR_OK;
- }
- 
-+WERROR nt_printer_guid_retrieve(TALLOC_CTX *mem_ctx, const char *printer,
-+				struct GUID *pguid)
-+{
-+	ADS_STRUCT *ads = NULL;
-+	char *old_krb5ccname = NULL;
-+	char *printer_dn;
-+	WERROR result;
-+	ADS_STATUS ads_status;
-+	TALLOC_CTX *tmp_ctx;
-+
-+	tmp_ctx = talloc_new(mem_ctx);
-+	if (tmp_ctx == NULL) {
-+		return WERR_NOMEM;
-+	}
-+
-+	ads = ads_init(lp_realm(), lp_workgroup(), NULL);
-+	if (ads == NULL) {
-+		result = WERR_SERVER_UNAVAILABLE;
-+		goto out;
-+	}
-+
-+	old_krb5ccname = getenv(KRB5_ENV_CCNAME);
-+	setenv(KRB5_ENV_CCNAME, "MEMORY:prtpub_cache", 1);
-+	SAFE_FREE(ads->auth.password);
-+	ads->auth.password = secrets_fetch_machine_password(lp_workgroup(),
-+							    NULL, NULL);
-+
-+	ads_status = ads_connect(ads);
-+	if (!ADS_ERR_OK(ads_status)) {
-+		DEBUG(3, ("ads_connect failed: %s\n", ads_errstr(ads_status)));
-+		result = WERR_ACCESS_DENIED;
-+		goto out;
-+	}
-+
-+	result = nt_printer_dn_lookup(tmp_ctx, ads, printer, &printer_dn);
-+	if (!W_ERROR_IS_OK(result)) {
-+		goto out;
-+	}
-+
-+	result = nt_printer_guid_retrieve_internal(ads, printer_dn, pguid);
-+out:
-+	TALLOC_FREE(tmp_ctx);
-+	ads_destroy(&ads);
-+	ads_kdestroy("MEMORY:prtpub_cache");
-+	unsetenv(KRB5_ENV_CCNAME);
-+	if (old_krb5ccname != NULL) {
-+		setenv(KRB5_ENV_CCNAME, old_krb5ccname, 0);
-+	}
-+
-+	return result;
-+}
-+
- WERROR nt_printer_guid_get(TALLOC_CTX *mem_ctx,
- 			   const struct auth_serversupplied_info *session_info,
- 			   struct messaging_context *msg_ctx,
-@@ -652,6 +704,12 @@ bool is_printer_published(TALLOC_CTX *mem_ctx,
- 	return true;
- }
- #else
-+WERROR nt_printer_guid_retrieve(TALLOC_CTX *mem_ctx, const char *printer,
-+				struct GUID *pguid)
-+{
-+	return WERR_NOT_SUPPORTED;
-+}
-+
- WERROR nt_printer_guid_get(TALLOC_CTX *mem_ctx,
- 			   const struct auth_serversupplied_info *session_info,
- 			   struct messaging_context *msg_ctx,
--- 
-2.3.0
-
-
-From 228323b1c846d6dfcd39e23c8ce850c79f339de9 Mon Sep 17 00:00:00 2001
-From: Andreas Schneider <asn@samba.org>
-Date: Thu, 18 Dec 2014 15:13:27 +0000
-Subject: [PATCH 3/4] PATCHSET16: printing: rework nt_printer_guid_store to
- return errors
-
-Callers can now choose whether or not to ignore errors.
-
-BUG: https://bugzilla.samba.org/show_bug.cgi?id=11018
-
-Pair-programmed-with: David Disseldorp <ddiss@samba.org>
-Signed-off-by: Andreas Schneider <asn@samba.org>
-Signed-off-by: David Disseldorp <ddiss@samba.org>
-Reviewed-by: Guenther Deschner <gd@samba.org>
-(cherry picked from commit 6595ced146a53dcef9bbd5d2deb82a44c8ce1a1a)
----
- source3/include/nt_printing.h      |  3 +++
- source3/printing/nt_printing_ads.c | 49 +++++++++++++++++++++++++-------------
- 2 files changed, 35 insertions(+), 17 deletions(-)
-
-diff --git a/source3/include/nt_printing.h b/source3/include/nt_printing.h
-index 67a0522..493f4ce 100644
---- a/source3/include/nt_printing.h
-+++ b/source3/include/nt_printing.h
-@@ -135,6 +135,9 @@ bool print_access_check(const struct auth_serversupplied_info *server_info,
- WERROR nt_printer_guid_retrieve(TALLOC_CTX *mem_ctx, const char *printer,
- 				struct GUID *pguid);
- 
-+WERROR nt_printer_guid_store(struct messaging_context *msg_ctx,
-+			     const char *printer, struct GUID guid);
-+
- WERROR nt_printer_guid_get(TALLOC_CTX *mem_ctx,
- 			   const struct auth_serversupplied_info *server_info,
- 			   struct messaging_context *msg_ctx,
-diff --git a/source3/printing/nt_printing_ads.c b/source3/printing/nt_printing_ads.c
-index 6fa4bfc..540a8a3 100644
---- a/source3/printing/nt_printing_ads.c
-+++ b/source3/printing/nt_printing_ads.c
-@@ -35,32 +35,32 @@
- /*****************************************************************
-  ****************************************************************/
- 
--static void store_printer_guid(struct messaging_context *msg_ctx,
--			       const char *printer, struct GUID guid)
-+WERROR nt_printer_guid_store(struct messaging_context *msg_ctx,
-+			     const char *printer, struct GUID guid)
- {
- 	TALLOC_CTX *tmp_ctx;
--	struct auth_serversupplied_info *session_info = NULL;
-+	const struct auth_serversupplied_info *session_info;
- 	const char *guid_str;
- 	DATA_BLOB blob;
--	NTSTATUS status;
- 	WERROR result;
- 
- 	tmp_ctx = talloc_new(NULL);
- 	if (!tmp_ctx) {
--		DEBUG(0, ("store_printer_guid: Out of memory?!\n"));
--		return;
-+		DEBUG(0, ("Out of memory?!\n"));
-+		return WERR_NOMEM;
- 	}
- 
--	status = make_session_info_system(tmp_ctx, &session_info);
--	if (!NT_STATUS_IS_OK(status)) {
--		DEBUG(0, ("store_printer_guid: "
--			  "Could not create system session_info\n"));
-+	session_info = get_session_info_system();
-+	if (session_info == NULL) {
-+		DEBUG(0, ("Could not get system session_info\n"));
-+		result = WERR_NOMEM;
- 		goto done;
- 	}
- 
- 	guid_str = GUID_string(tmp_ctx, &guid);
- 	if (!guid_str) {
--		DEBUG(0, ("store_printer_guid: Out of memory?!\n"));
-+		DEBUG(0, ("Out of memory?!\n"));
-+		result = WERR_NOMEM;
- 		goto done;
- 	}
- 
-@@ -68,9 +68,9 @@ static void store_printer_guid(struct messaging_context *msg_ctx,
- 	   Vista to whine */
- 
- 	if (!push_reg_sz(tmp_ctx, &blob, guid_str)) {
--		DEBUG(0, ("store_printer_guid: "
--			  "Could not marshall string %s for objectGUID\n",
-+		DEBUG(0, ("Could not marshall string %s for objectGUID\n",
- 			  guid_str));
-+		result = WERR_NOMEM;
- 		goto done;
- 	}
- 
-@@ -79,12 +79,15 @@ static void store_printer_guid(struct messaging_context *msg_ctx,
- 					   SPOOL_DSSPOOLER_KEY, "objectGUID",
- 					   REG_SZ, blob.data, blob.length);
- 	if (!W_ERROR_IS_OK(result)) {
--		DEBUG(0, ("store_printer_guid: "
--			  "Failed to store GUID for printer %s\n", printer));
-+		DEBUG(0, ("Failed to store GUID for printer %s\n", printer));
-+		goto done;
- 	}
- 
-+	result = WERR_OK;
- done:
- 	talloc_free(tmp_ctx);
-+
-+	return result;
- }
- 
- static WERROR nt_printer_dn_lookup(TALLOC_CTX *mem_ctx,
-@@ -468,6 +471,7 @@ static WERROR nt_printer_publish_ads(struct messaging_context *msg_ctx,
- 	if (!ADS_ERR_OK(ads_rc)) {
- 		DEBUG(3, ("error publishing %s: %s\n",
- 			  printer, ads_errstr(ads_rc)));
-+		/* XXX failed to publish, so no guid to retrieve */
- 	}
- 
- 	win_rc = nt_printer_guid_retrieve_internal(ads, printer_dn, &guid);
-@@ -476,8 +480,13 @@ static WERROR nt_printer_publish_ads(struct messaging_context *msg_ctx,
- 		return win_rc;
- 	}
- 
--	/* TODO add a return value */
--	store_printer_guid(msg_ctx, printer, guid);
-+	win_rc = nt_printer_guid_store(msg_ctx, printer, guid);
-+	if (!W_ERROR_IS_OK(win_rc)) {
-+		DEBUG(3, ("failed to store printer %s guid\n",
-+			  printer));
-+		/* not catastrophic, retrieve on next use */
-+		win_rc = WERR_OK;
-+	}
- 
- 	TALLOC_FREE(ctx);
- 
-@@ -704,6 +713,12 @@ bool is_printer_published(TALLOC_CTX *mem_ctx,
- 	return true;
- }
- #else
-+WERROR nt_printer_guid_store(struct messaging_context *msg_ctx,
-+			   const char *printer, struct GUID guid)
-+{
-+	return WERR_NOT_SUPPORTED;
-+}
-+
- WERROR nt_printer_guid_retrieve(TALLOC_CTX *mem_ctx, const char *printer,
- 				struct GUID *pguid)
- {
--- 
-2.3.0
-
-
-From d4847deadc4cd6f4f8071fae16d05bc8ec4ed566 Mon Sep 17 00:00:00 2001
-From: Andreas Schneider <asn@samba.org>
-Date: Thu, 18 Dec 2014 15:14:36 +0000
-Subject: [PATCH 4/4] PATCHSET16: spoolss: retrieve published printer GUID if
- not in registry
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-When a printer is published, the GUID for the published DN is retrieved
-from the domain controller and stored in the registry.
-When handling a spoolss GetPrinter(level=7) request, the same GUID is
-obtained from the registry and returned to the client.
-
-This change sees the spoolss server query the DC for the published
-printer GUID if it is not present in the registry when handling a
-spoolss GetPrinter(level=7) request.
-
-BUG: https://bugzilla.samba.org/show_bug.cgi?id=11018
-
-Pair-Programmed-With: David Disseldorp <ddiss@samba.org>
-Signed-off-by: Andreas Schneider <asn@samba.org>
-Signed-off-by: David Disseldorp <ddiss@samba.org>
-Reviewed-by: Guenther Deschner <gd@samba.org>
-
-Autobuild-User(master): Günther Deschner <gd@samba.org>
-Autobuild-Date(master): Wed Feb 18 12:43:44 CET 2015 on sn-devel-104
-
-(cherry picked from commit a4157e7c5d75be7003ad0b72fdfe9856a9e5ba8f)
----
- source3/rpc_server/spoolss/srv_spoolss_nt.c | 20 +++++++++++++++++++-
- 1 file changed, 19 insertions(+), 1 deletion(-)
-
-diff --git a/source3/rpc_server/spoolss/srv_spoolss_nt.c b/source3/rpc_server/spoolss/srv_spoolss_nt.c
-index 0c4b582..516b7dc 100644
---- a/source3/rpc_server/spoolss/srv_spoolss_nt.c
-+++ b/source3/rpc_server/spoolss/srv_spoolss_nt.c
-@@ -4213,7 +4213,25 @@ static WERROR construct_printer_info7(TALLOC_CTX *mem_ctx,
- 		werr = nt_printer_guid_get(tmp_ctx, session_info, msg_ctx,
- 					   printer, &guid);
- 		if (!W_ERROR_IS_OK(werr)) {
--			goto out_tmp_free;
-+			/*
-+			 * If we do not have a GUID entry in the registry, then
-+			 * try to retrieve it from AD and store it now.
-+			 */
-+			werr = nt_printer_guid_retrieve(tmp_ctx, printer,
-+							&guid);
-+			if (!W_ERROR_IS_OK(werr)) {
-+				DEBUG(1, ("Failed to retrieve GUID for "
-+					  "printer [%s] from AD - "
-+					  "Is the the printer still "
-+					  "published ?\n", printer));
-+				goto out_tmp_free;
-+			}
-+
-+			werr = nt_printer_guid_store(msg_ctx, printer, guid);
-+			if (!W_ERROR_IS_OK(werr)) {
-+				DEBUG(3, ("failed to store printer %s guid\n",
-+					  printer));
-+			}
- 		}
- 		r->guid = talloc_strdup_upper(mem_ctx, GUID_string2(mem_ctx, &guid));
- 		r->action = DSPRINT_PUBLISH;
--- 
-2.3.0
-

src/patches/samba/samba-3.6.99-nt_printer_unpublish_fix.patch

@@ -1,75 +0,0 @@
-From cd3082b03487eaeddb0105807b5ad39b47aa65f1 Mon Sep 17 00:00:00 2001
-From: Andreas Schneider <asn@samba.org>
-Date: Tue, 8 Nov 2016 12:20:41 +0100
-Subject: [PATCH] s3-spoolss: Remove printer from registry if it is unpublished
-
-BUG: https://bugzilla.samba.org/show_bug.cgi?id=11665
-
-Signed-off-by: Andreas Schneider <asn@samba.org>
-Reviewed-by: Guenther Deschner <gd@samba.org>
----
- source3/rpc_server/spoolss/srv_spoolss_nt.c | 34 ++++++++++++++++++++++++-----
- 1 file changed, 29 insertions(+), 5 deletions(-)
-
-diff --git a/source3/rpc_server/spoolss/srv_spoolss_nt.c b/source3/rpc_server/spoolss/srv_spoolss_nt.c
-index 556cd4f..f1ab3fb 100644
---- a/source3/rpc_server/spoolss/srv_spoolss_nt.c
-+++ b/source3/rpc_server/spoolss/srv_spoolss_nt.c
-@@ -4194,6 +4194,7 @@ static WERROR construct_printer_info7(TALLOC_CTX *mem_ctx,
- 				      int snum)
- {
- 	struct auth_serversupplied_info *session_info;
-+	struct spoolss_PrinterInfo2 *pinfo2 = NULL;
- 	char *printer;
- 	NTSTATUS status;
- 	WERROR werr;
-@@ -4218,7 +4219,7 @@ static WERROR construct_printer_info7(TALLOC_CTX *mem_ctx,
- 	}
- 
- 	if (is_printer_published(tmp_ctx, session_info, msg_ctx,
--				 servername, printer, NULL)) {
-+				 servername, printer, &pinfo2)) {
- 		struct GUID guid;
- 		werr = nt_printer_guid_get(tmp_ctx, session_info, msg_ctx,
- 					   printer, &guid);
-@@ -4230,10 +4231,33 @@ static WERROR construct_printer_info7(TALLOC_CTX *mem_ctx,
- 			werr = nt_printer_guid_retrieve(tmp_ctx, printer,
- 							&guid);
- 			if (!W_ERROR_IS_OK(werr)) {
--				DEBUG(1, ("Failed to retrieve GUID for "
--					  "printer [%s] from AD - "
--					  "Is the the printer still "
--					  "published ?\n", printer));
-+				DEBUG(3, ("Failed to retrieve GUID for "
-+					  "printer [%s] from AD - %s\n",
-+					  printer,
-+					  win_errstr(werr)));
-+				if (W_ERROR_EQUAL(werr, WERR_FILE_NOT_FOUND)) {
-+					/*
-+					 * If we did not find it in AD, then it
-+					 * is unpublished and we should reflect
-+					 * this in the registry and return
-+					 * success.
-+					 */
-+					DEBUG(1, ("Unpublish printer [%s]\n",
-+						  pinfo2->sharename));
-+					nt_printer_publish(tmp_ctx,
-+							   session_info,
-+							   msg_ctx,
-+							   pinfo2,
-+							   DSPRINT_UNPUBLISH);
-+					r->guid = talloc_strdup(mem_ctx, "");
-+					r->action = DSPRINT_UNPUBLISH;
-+
-+					if (r->guid == NULL) {
-+						werr = WERR_NOT_ENOUGH_MEMORY;
-+					} else {
-+						werr = WERR_OK;
-+					}
-+				}
- 				goto out_tmp_free;
- 			}
- 
--- 
-2.10.1
-

src/patches/samba/samba-3.6.99-winbind_fix_trusted_domain_handling.patch

@@ -1,432 +0,0 @@
-From a280f61d71d5ea7e2212d253b84ac5b25810b88e Mon Sep 17 00:00:00 2001
-From: Uri Simchoni <uri@samba.org>
-Date: Wed, 10 Feb 2016 00:26:45 +0200
-Subject: [PATCH 1/4] winbindd: introduce add_trusted_domain_from_tdc()
-
-This is purely a refactoring patch -
-Add a routine that adds a winbindd domain object based on
-domain trust cache entry. add_trusted_domain() becomes
-a wrapper for this new routine.
-
-BUG: https://bugzilla.samba.org/show_bug.cgi?id=11691
-
-Signed-off-by: Uri Simchoni <uri@samba.org>
-Reviewed-by: Ralph Boehme <slow@samba.org>
----
- source3/winbindd/winbindd_util.c | 76 +++++++++++++++++++++++++---------------
- 1 file changed, 48 insertions(+), 28 deletions(-)
-
-diff --git a/source3/winbindd/winbindd_util.c b/source3/winbindd/winbindd_util.c
-index 353722e..70a9041 100644
---- a/source3/winbindd/winbindd_util.c
-+++ b/source3/winbindd/winbindd_util.c
-@@ -30,6 +30,10 @@
- #undef DBGC_CLASS
- #define DBGC_CLASS DBGC_WINBIND
- 
-+static struct winbindd_domain *
-+add_trusted_domain_from_tdc(const struct winbindd_tdc_domain *tdc,
-+			    struct winbindd_methods *methods);
-+
- extern struct winbindd_methods cache_methods;
- 
- /**
-@@ -91,11 +95,31 @@ static bool is_in_internal_domain(const struct dom_sid *sid)
- 
- /* Add a trusted domain to our list of domains.
-    If the domain already exists in the list,
--   return it and don't re-initialize.
-- */
--static struct winbindd_domain *add_trusted_domain(const char *domain_name, const char *alt_name,
--						  struct winbindd_methods *methods,
--						  const struct dom_sid *sid)
-+   return it and don't re-initialize.  */
-+
-+static struct winbindd_domain *
-+add_trusted_domain(const char *domain_name, const char *alt_name,
-+		   struct winbindd_methods *methods, const struct dom_sid *sid)
-+{
-+	struct winbindd_tdc_domain tdc;
-+
-+	ZERO_STRUCT(tdc);
-+
-+	tdc.domain_name = domain_name;
-+	tdc.dns_name = alt_name;
-+	if (sid) {
-+		sid_copy(&tdc.sid, sid);
-+	}
-+
-+	return add_trusted_domain_from_tdc(&tdc, methods);
-+}
-+
-+/* Add a trusted domain out of a trusted domain cache
-+   entry
-+*/
-+static struct winbindd_domain *
-+add_trusted_domain_from_tdc(const struct winbindd_tdc_domain *tdc,
-+			    struct winbindd_methods *methods)
- {
- 	struct winbindd_domain *domain;
- 	const char *alternative_name = NULL;
-@@ -103,6 +127,12 @@ static struct winbindd_domain *add_trusted_domain(const char *domain_name, const
- 	const char *param;
- 	const char **ignored_domains, **dom;
- 	int role = lp_server_role();
-+	const char *domain_name = tdc->domain_name;
-+	const struct dom_sid *sid = &tdc->sid;
-+
-+	if (is_null_sid(sid)) {
-+		sid = NULL;
-+	}
- 
- 	ignored_domains = lp_parm_string_list(-1, "winbind", "ignore domains", NULL);
- 	for (dom=ignored_domains; dom && *dom; dom++) {
-@@ -114,8 +144,8 @@ static struct winbindd_domain *add_trusted_domain(const char *domain_name, const
- 
- 	/* ignore alt_name if we are not in an AD domain */
- 
--	if ( (lp_security() == SEC_ADS) && alt_name && *alt_name) {
--		alternative_name = alt_name;
-+	if (tdc->dns_name && *tdc->dns_name) {
-+		alternative_name = tdc->dns_name;
- 	}
- 
- 	/* We can't call domain_list() as this function is called from
-@@ -127,8 +157,7 @@ static struct winbindd_domain *add_trusted_domain(const char *domain_name, const
- 			break;
- 		}
- 
--		if (alternative_name && *alternative_name)
--		{
-+		if (alternative_name) {
- 			if (strequal(alternative_name, domain->name) ||
- 			    strequal(alternative_name, domain->alt_name))
- 			{
-@@ -136,12 +165,7 @@ static struct winbindd_domain *add_trusted_domain(const char *domain_name, const
- 			}
- 		}
- 
--		if (sid)
--		{
--			if (is_null_sid(sid)) {
--				continue;
--			}
--
-+		if (sid != NULL) {
- 			if (dom_sid_equal(sid, &domain->sid)) {
- 				break;
- 			}
-@@ -191,11 +215,11 @@ static struct winbindd_domain *add_trusted_domain(const char *domain_name, const
- 	domain->internal = is_internal_domain(sid);
- 	domain->sequence_number = DOM_SEQUENCE_NONE;
- 	domain->last_seq_check = 0;
--	domain->initialized = False;
-+	domain->initialized = false;
- 	domain->online = is_internal_domain(sid);
- 	domain->check_online_timeout = 0;
- 	domain->dc_probe_pid = (pid_t)-1;
--	if (sid) {
-+	if (sid != NULL) {
- 		sid_copy(&domain->sid, sid);
- 	}
- 
-@@ -246,9 +270,9 @@ done:
- 
- 	setup_domain_child(domain);
- 
--	DEBUG(2,("Added domain %s %s %s\n",
--		 domain->name, domain->alt_name,
--		 &domain->sid?sid_string_dbg(&domain->sid):""));
-+	DEBUG(2,
-+	      ("Added domain %s %s %s\n", domain->name, domain->alt_name,
-+	       !is_null_sid(&domain->sid) ? sid_string_dbg(&domain->sid) : ""));
- 
- 	return domain;
- }
-@@ -432,10 +456,8 @@ static void rescan_forest_root_trusts( void )
- 		d = find_domain_from_name_noinit( dom_list[i].domain_name );
- 
- 		if ( !d ) {
--			(void)add_trusted_domain( dom_list[i].domain_name,
--						dom_list[i].dns_name,
--						&cache_methods,
--						&dom_list[i].sid);
-+			d = add_trusted_domain_from_tdc(&dom_list[i],
-+							&cache_methods);
- 		}
- 
- 		if (d == NULL) {
-@@ -501,10 +523,8 @@ static void rescan_forest_trusts( void )
- 			   about it */
- 
- 			if ( !d ) {
--				(void)add_trusted_domain( dom_list[i].domain_name,
--							dom_list[i].dns_name,
--							&cache_methods,
--							&dom_list[i].sid);
-+				d = add_trusted_domain_from_tdc(&dom_list[i],
-+								&cache_methods);
- 			}
- 
- 			if (d == NULL) {
--- 
-2.9.4
-
-
-From 153f173eea81ffa1caa4768589a08bb20a6a1950 Mon Sep 17 00:00:00 2001
-From: Stefan Metzmacher <metze@samba.org>
-Date: Tue, 23 Dec 2014 09:43:03 +0000
-Subject: [PATCH 2/4] s3:winbindd: mark our primary as active_directory if
- possible
-
-Signed-off-by: Stefan Metzmacher <metze@samba.org>
-Reviewed-by: Guenther Deschner <gd@samba.org>
----
- source3/winbindd/winbindd_util.c | 6 ++++++
- 1 file changed, 6 insertions(+)
-
-diff --git a/source3/winbindd/winbindd_util.c b/source3/winbindd/winbindd_util.c
-index 70a9041..700076a 100644
---- a/source3/winbindd/winbindd_util.c
-+++ b/source3/winbindd/winbindd_util.c
-@@ -232,6 +232,12 @@ add_trusted_domain_from_tdc(const struct winbindd_tdc_domain *tdc,
- 		domain->primary = true;
- 	}
- 
-+	if (domain->primary) {
-+		if (lp_security() == SEC_ADS) {
-+			domain->active_directory = true;
-+		}
-+	}
-+
- 	/* Link to domain list */
- 	DLIST_ADD_END(_domain_list, domain, struct winbindd_domain *);
- 
--- 
-2.9.4
-
-
-From 5d741ee3d1dafbb32c106fed817840892b69598d Mon Sep 17 00:00:00 2001
-From: Uri Simchoni <uri@samba.org>
-Date: Wed, 10 Feb 2016 00:32:23 +0200
-Subject: [PATCH 3/4] winbindd: initialize foreign domain as AD based on trust
-
-Based on trust parameters, initialize the active_directory
-member of domain object to true.
-
-BUG: https://bugzilla.samba.org/show_bug.cgi?id=11691
-
-Signed-off-by: Uri Simchoni <uri@samba.org>
-Reviewed-by: Ralph Boehme <slow@samba.org>
----
- source3/winbindd/winbindd_util.c | 7 +++++++
- 1 file changed, 7 insertions(+)
-
-diff --git a/source3/winbindd/winbindd_util.c b/source3/winbindd/winbindd_util.c
-index 700076a..aaa9ee8 100644
---- a/source3/winbindd/winbindd_util.c
-+++ b/source3/winbindd/winbindd_util.c
-@@ -222,6 +222,9 @@ add_trusted_domain_from_tdc(const struct winbindd_tdc_domain *tdc,
- 	if (sid != NULL) {
- 		sid_copy(&domain->sid, sid);
- 	}
-+	domain->domain_flags = tdc->trust_flags;
-+	domain->domain_type = tdc->trust_type;
-+	domain->domain_trust_attribs = tdc->trust_attribs;
- 
- 	/* Is this our primary domain ? */
- 	if (strequal(domain_name, get_global_sam_name()) &&
-@@ -236,6 +239,10 @@ add_trusted_domain_from_tdc(const struct winbindd_tdc_domain *tdc,
- 		if (lp_security() == SEC_ADS) {
- 			domain->active_directory = true;
- 		}
-+	} else if (!domain->internal) {
-+		if (domain->domain_type == LSA_TRUST_TYPE_UPLEVEL) {
-+			domain->active_directory = true;
-+		}
- 	}
- 
- 	/* Link to domain list */
--- 
-2.9.4
-
-
-From a8ac7dcae2e3b00362ea9d91b5ef7f149bc734a0 Mon Sep 17 00:00:00 2001
-From: Uri Simchoni <uri@samba.org>
-Date: Wed, 10 Feb 2016 00:38:11 +0200
-Subject: [PATCH 4/4] winbindd: return trust parameters when listing trusts
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-When asking a child domain process to list trusts on that domain,
-return (along with trust domain names and SID) the trust properties -
-flags, type, and attributes.
-
-Use those attributes to initialize domain object.
-
-BUG: https://bugzilla.samba.org/show_bug.cgi?id=11691
-
-Signed-off-by: Uri Simchoni <uri@samba.org>
-Reviewed-by: Ralph Boehme <slow@samba.org>
-
-Autobuild-User(master): Ralph Böhme <slow@samba.org>
-Autobuild-Date(master): Tue Feb 23 22:02:16 CET 2016 on sn-devel-144
----
- source3/winbindd/winbindd_misc.c | 11 +++---
- source3/winbindd/winbindd_util.c | 82 +++++++++++++++++++++++++++++-----------
- 2 files changed, 65 insertions(+), 28 deletions(-)
-
-diff --git a/source3/winbindd/winbindd_misc.c b/source3/winbindd/winbindd_misc.c
-index 7d25167..5335ad9 100644
---- a/source3/winbindd/winbindd_misc.c
-+++ b/source3/winbindd/winbindd_misc.c
-@@ -172,11 +172,12 @@ enum winbindd_result winbindd_dual_list_trusted_domains(struct winbindd_domain *
- 
- 	for (i=0; i<trusts.count; i++) {
- 		extra_data = talloc_asprintf_append_buffer(
--			extra_data, "%s\\%s\\%s\n",
--			trusts.array[i].netbios_name,
--			trusts.array[i].dns_name,
--			sid_string_talloc(state->mem_ctx,
--					  trusts.array[i].sid));
-+		    extra_data, "%s\\%s\\%s\\%u\\%u\\%u\n",
-+		    trusts.array[i].netbios_name, trusts.array[i].dns_name,
-+		    sid_string_talloc(state->mem_ctx, trusts.array[i].sid),
-+		    trusts.array[i].trust_flags,
-+		    (uint32_t)trusts.array[i].trust_type,
-+		    trusts.array[i].trust_attributes);
- 	}
- 
- 	/* add our primary domain */
-diff --git a/source3/winbindd/winbindd_util.c b/source3/winbindd/winbindd_util.c
-index aaa9ee8..b99fac4 100644
---- a/source3/winbindd/winbindd_util.c
-+++ b/source3/winbindd/winbindd_util.c
-@@ -343,6 +343,8 @@ static void trustdom_list_done(struct tevent_req *req)
- 	struct winbindd_response *response;
- 	int res, err;
- 	char *p;
-+	struct winbindd_tdc_domain trust_params = {0};
-+	ptrdiff_t extra_len;
- 
- 	res = wb_domain_request_recv(req, state, &response, &err);
- 	if ((res == -1) || (response->result != WINBINDD_OK)) {
-@@ -351,17 +353,27 @@ static void trustdom_list_done(struct tevent_req *req)
- 		return;
- 	}
- 
-+	if (response->length < sizeof(struct winbindd_response)) {
-+		DEBUG(0, ("ill-formed trustdom response - short length\n"));
-+		TALLOC_FREE(state);
-+		return;
-+	}
-+
-+	extra_len = response->length - sizeof(struct winbindd_response);
-+
- 	p = (char *)response->extra_data.data;
- 
--	while ((p != NULL) && (*p != '\0')) {
-+	while ((p - (char *)response->extra_data.data) < extra_len) {
- 		char *q, *sidstr, *alt_name;
--		struct dom_sid sid;
--		struct winbindd_domain *domain;
--		char *alternate_name = NULL;
-+
-+		DEBUG(10, ("parsing response line '%s'\n", p));
-+
-+		ZERO_STRUCT(trust_params);
-+		trust_params.domain_name = p;
- 
- 		alt_name = strchr(p, '\\');
- 		if (alt_name == NULL) {
--			DEBUG(0, ("Got invalid trustdom response\n"));
-+			DEBUG(10, ("Got invalid trustdom response\n"));
- 			break;
- 		}
- 
-@@ -370,39 +382,63 @@ static void trustdom_list_done(struct tevent_req *req)
- 
- 		sidstr = strchr(alt_name, '\\');
- 		if (sidstr == NULL) {
--			DEBUG(0, ("Got invalid trustdom response\n"));
-+			DEBUG(10, ("Got invalid trustdom response\n"));
- 			break;
- 		}
- 
- 		*sidstr = '\0';
- 		sidstr += 1;
- 
--		q = strchr(sidstr, '\n');
--		if (q != NULL)
--			*q = '\0';
-+		/* use the real alt_name if we have one, else pass in NULL */
-+		if (!strequal(alt_name, "(null)")) {
-+			trust_params.dns_name = alt_name;
-+		}
-+
-+		q = strtok(sidstr, "\\");
-+		if (q == NULL) {
-+			DEBUG(10, ("Got invalid trustdom response\n"));
-+			break;
-+		}
-+
-+		if (!string_to_sid(&trust_params.sid, sidstr)) {
-+			DEBUG(0, ("Got invalid trustdom response\n"));
-+			break;
-+		}
- 
--		if (!string_to_sid(&sid, sidstr)) {
-+		q = strtok(NULL, "\\");
-+		if (q == NULL) {
- 			DEBUG(0, ("Got invalid trustdom response\n"));
- 			break;
- 		}
- 
--		/* use the real alt_name if we have one, else pass in NULL */
-+		trust_params.trust_flags = (uint32_t)strtoul(q, NULL, 10);
- 
--		if ( !strequal( alt_name, "(null)" ) )
--			alternate_name = alt_name;
-+		q = strtok(NULL, "\\");
-+		if (q == NULL) {
-+			DEBUG(0, ("Got invalid trustdom response\n"));
-+			break;
-+		}
-+
-+		trust_params.trust_type = (uint32_t)strtoul(q, NULL, 10);
- 
--		/* If we have an existing domain structure, calling
-- 		   add_trusted_domain() will update the SID if
-- 		   necessary.  This is important because we need the
-- 		   SID for sibling domains */
-+		q = strtok(NULL, "\n");
-+		if (q == NULL) {
-+			DEBUG(10, ("Got invalid trustdom response\n"));
-+			break;
-+		}
- 
--		(void)add_trusted_domain(p, alternate_name,
--					    &cache_methods,
--					    &sid);
-+		trust_params.trust_attribs = (uint32_t)strtoul(q, NULL, 10);
-+
-+		/*
-+		 * We always call add_trusted_domain() cause on an existing
-+		 * domain structure, it will update the SID if necessary.
-+		 * This is important because we need the SID for sibling
-+		 * domains.
-+		 */
-+		(void)add_trusted_domain_from_tdc(&trust_params,
-+						  &cache_methods);
- 
--		p=q;
--		if (p != NULL)
--			p += 1;
-+		p = q + strlen(q) + 1;
- 	}
- 
- 	/*
--- 
-2.9.4
-

src/patches/samba/samba-3.6.x-winbind_tevent_poll.patch

@@ -1,308 +0,0 @@
-From 1d94210adc6e0bb8a08fbfc1a516a0f958dbf744 Mon Sep 17 00:00:00 2001
-From: Volker Lendecke <vl@samba.org>
-Date: Wed, 16 Jan 2013 12:00:00 +0100
-Subject: [PATCH 1/2] winbind: Use standard tevent_context_init
-
-This makes winbind use epoll instead of poll
----
- source3/winbindd/winbindd.c       |   38 ++++++++++++++++++++++++++++++++-----
- source3/winbindd/winbindd.h       |    2 --
- source3/winbindd/winbindd_proto.h |    1 +
- 3 files changed, 34 insertions(+), 7 deletions(-)
-
-Index: samba-3.6.22/source3/winbindd/winbindd.c
-===================================================================
---- samba-3.6.22.orig/source3/winbindd/winbindd.c
-+++ samba-3.6.22/source3/winbindd/winbindd.c
-@@ -48,14 +48,42 @@ static bool interactive = False;
- 
- extern bool override_logfile;
- 
-+struct tevent_context *winbind_event_context(void)
-+{
-+	static struct tevent_context *ev = NULL;
-+
-+	if (ev != NULL) {
-+		return ev;
-+	}
-+
-+	/*
-+	 * Note we MUST use the NULL context here, not the autofree context,
-+	 * to avoid side effects in forked children exiting.
-+	 */
-+	ev = tevent_context_init(NULL);
-+	if (ev == NULL) {
-+		smb_panic("Could not init winbindd's messaging context.\n");
-+	}
-+	return ev;
-+}
-+
- struct messaging_context *winbind_messaging_context(void)
- {
--	struct messaging_context *msg_ctx = server_messaging_context();
--	if (likely(msg_ctx != NULL)) {
--		return msg_ctx;
-+	static struct messaging_context *msg = NULL;
-+
-+	if (msg != NULL) {
-+		return msg;
-+	}
-+
-+	/*
-+	 * Note we MUST use the NULL context here, not the autofree context,
-+	 * to avoid side effects in forked children exiting.
-+	 */
-+	msg = messaging_init(NULL, procid_self(), winbind_event_context());
-+	if (msg == NULL) {
-+		smb_panic("Could not init winbindd's messaging context.\n");
- 	}
--	smb_panic("Could not init winbindd's messaging context.\n");
--	return NULL;
-+	return msg;
- }
- 
- /* Reload configuration */
-Index: samba-3.6.22/source3/winbindd/winbindd.h
-===================================================================
---- samba-3.6.22.orig/source3/winbindd/winbindd.h
-+++ samba-3.6.22/source3/winbindd/winbindd.h
-@@ -397,6 +397,4 @@ struct WINBINDD_CCACHE_ENTRY {
- #define WINBINDD_PAM_AUTH_KRB5_RENEW_TIME 2592000 /* one month */
- #define DOM_SEQUENCE_NONE ((uint32)-1)
- 
--#define winbind_event_context server_event_context
--
- #endif /* _WINBINDD_H */
-Index: samba-3.6.22/source3/winbindd/winbindd_proto.h
-===================================================================
---- samba-3.6.22.orig/source3/winbindd/winbindd_proto.h
-+++ samba-3.6.22/source3/winbindd/winbindd_proto.h
-@@ -34,6 +34,7 @@ bool winbindd_use_cache(void);
- void winbindd_register_handlers(void);
- const char *get_winbind_pipe_dir(void);
- char *get_winbind_priv_pipe_dir(void);
-+struct tevent_context *winbind_event_context(void);
- int main(int argc, char **argv, char **envp);
- 
- /* The following definitions come from winbindd/winbindd_ads.c  */
-Index: samba-3.6.22/source3/winbindd/winbindd_dual.c
-===================================================================
---- samba-3.6.22.orig/source3/winbindd/winbindd_dual.c
-+++ samba-3.6.22/source3/winbindd/winbindd_dual.c
-@@ -1284,6 +1284,66 @@ NTSTATUS winbindd_reinit_after_fork(cons
- 	return NT_STATUS_OK;
- }
- 
-+struct child_handler_state {
-+	struct winbindd_child *child;
-+	struct winbindd_cli_state *cli_state;
-+};
-+
-+static void child_handler(struct tevent_context *ev, struct tevent_fd *fde,
-+			  uint16_t flags, void *private_data)
-+{
-+	struct child_handler_state *ch_state =
-+		(struct child_handler_state *)private_data;
-+	struct winbindd_cli_state *state = ch_state->cli_state;
-+	struct iovec iov[2];
-+	int iov_count;
-+	NTSTATUS status;
-+
-+	if ((flags & TEVENT_FD_READ) == 0) {
-+		return;
-+	}
-+
-+	/* fetch a request from the main daemon */
-+	status = child_read_request(state);
-+
-+	if (!NT_STATUS_IS_OK(status)) {
-+		/* we lost contact with our parent */
-+		_exit(0);
-+	}
-+
-+	DEBUG(4,("child daemon request %d\n", (int)state->request->cmd));
-+
-+	ZERO_STRUCTP(state->response);
-+	state->request->null_term = '\0';
-+	state->mem_ctx = talloc_tos();
-+	child_process_request(ch_state->child, state);
-+
-+	DEBUG(4, ("Finished processing child request %d\n",
-+		  (int)state->request->cmd));
-+
-+	SAFE_FREE(state->request->extra_data.data);
-+
-+	iov[0].iov_base = (void *)state->response;
-+	iov[0].iov_len = sizeof(struct winbindd_response);
-+	iov_count = 1;
-+
-+	if (state->response->length > sizeof(struct winbindd_response)) {
-+		iov[1].iov_base =
-+			(void *)state->response->extra_data.data;
-+		iov[1].iov_len = state->response->length-iov[0].iov_len;
-+		iov_count = 2;
-+	}
-+
-+	DEBUG(10, ("Writing %d bytes to parent\n",
-+		   (int)state->response->length));
-+
-+	if (write_data_iov(state->sock, iov, iov_count) !=
-+	    state->response->length) {
-+		DEBUG(0, ("Could not write result\n"));
-+		exit(1);
-+	}
-+}
-+
- /*
-  * In a child there will be only one domain, reference that here.
-  */
-@@ -1301,6 +1361,7 @@ static bool fork_domain_child(struct win
- 	struct winbindd_request request;
- 	struct winbindd_response response;
- 	struct winbindd_domain *primary_domain = NULL;
-+	struct child_handler_state ch_state;
- 	NTSTATUS status;
- 	ssize_t nwritten;
- 
-@@ -1322,6 +1383,9 @@ static bool fork_domain_child(struct win
- 	state.request = &request;
- 	state.response = &response;
- 
-+	ch_state.child = child;
-+	ch_state.cli_state = &state;
-+
- 	child->pid = sys_fork();
- 
- 	if (child->pid == -1) {
-@@ -1464,22 +1528,14 @@ static bool fork_domain_child(struct win
- 		}
- 	}
- 
--	while (1) {
-+	if (tevent_add_fd(winbind_event_context(), NULL, state.sock,
-+			  TEVENT_FD_READ, child_handler, &ch_state) == NULL) {
-+		DEBUG(1, ("tevent_add_fd failed\n"));
-+		exit(1);
-+	}
- 
--		int ret;
--		struct pollfd *pfds;
--		int num_pfds;
--		int timeout;
--		struct timeval t;
--		struct timeval *tp;
-+	while (1) {
- 		TALLOC_CTX *frame = talloc_stackframe();
--		struct iovec iov[2];
--		int iov_count;
--
--		if (run_events_poll(winbind_event_context(), 0, NULL, 0)) {
--			TALLOC_FREE(frame);
--			continue;
--		}
- 
- 		if (child->domain && child->domain->startup &&
- 				(time_mono(NULL) > child->domain->startup_time + 30)) {
-@@ -1489,99 +1545,12 @@ static bool fork_domain_child(struct win
- 			child->domain->startup = False;
- 		}
- 
--		pfds = TALLOC_ZERO_P(talloc_tos(), struct pollfd);
--		if (pfds == NULL) {
--			DEBUG(1, ("talloc failed\n"));
--			_exit(1);
--		}
--
--		pfds->fd = state.sock;
--		pfds->events = POLLIN|POLLHUP;
--		num_pfds = 1;
--
--		timeout = INT_MAX;
--
--		if (!event_add_to_poll_args(
--			    winbind_event_context(), talloc_tos(),
--			    &pfds, &num_pfds, &timeout)) {
--			DEBUG(1, ("event_add_to_poll_args failed\n"));
--			_exit(1);
--		}
--		tp = get_timed_events_timeout(winbind_event_context(), &t);
--		if (tp) {
--			DEBUG(11,("select will use timeout of %u.%u seconds\n",
--				(unsigned int)tp->tv_sec, (unsigned int)tp->tv_usec ));
--		}
--
--		ret = sys_poll(pfds, num_pfds, timeout);
--
--		if (run_events_poll(winbind_event_context(), ret,
--				    pfds, num_pfds)) {
--			/* We got a signal - continue. */
--			TALLOC_FREE(frame);
--			continue;
--		}
--
--		TALLOC_FREE(pfds);
--
--		if (ret == 0) {
--			DEBUG(11,("nothing is ready yet, continue\n"));
--			TALLOC_FREE(frame);
--			continue;
--		}
--
--		if (ret == -1 && errno == EINTR) {
--			/* We got a signal - continue. */
--			TALLOC_FREE(frame);
--			continue;
--		}
--
--		if (ret == -1 && errno != EINTR) {
--			DEBUG(0,("poll error occured\n"));
--			TALLOC_FREE(frame);
--			perror("poll");
-+		if (tevent_loop_once(winbind_event_context()) != 0) {
-+			DEBUG(1, ("tevent_loop_once failed: %s\n",
-+				  strerror(errno)));
- 			_exit(1);
- 		}
- 
--		/* fetch a request from the main daemon */
--		status = child_read_request(&state);
--
--		if (!NT_STATUS_IS_OK(status)) {
--			/* we lost contact with our parent */
--			_exit(0);
--		}
--
--		DEBUG(4,("child daemon request %d\n", (int)state.request->cmd));
--
--		ZERO_STRUCTP(state.response);
--		state.request->null_term = '\0';
--		state.mem_ctx = frame;
--		child_process_request(child, &state);
--
--		DEBUG(4, ("Finished processing child request %d\n",
--			  (int)state.request->cmd));
--
--		SAFE_FREE(state.request->extra_data.data);
--
--		iov[0].iov_base = (void *)state.response;
--		iov[0].iov_len = sizeof(struct winbindd_response);
--		iov_count = 1;
--
--		if (state.response->length > sizeof(struct winbindd_response)) {
--			iov[1].iov_base =
--				(void *)state.response->extra_data.data;
--			iov[1].iov_len = state.response->length-iov[0].iov_len;
--			iov_count = 2;
--		}
--
--		DEBUG(10, ("Writing %d bytes to parent\n",
--			   (int)state.response->length));
--
--		if (write_data_iov(state.sock, iov, iov_count) !=
--		    state.response->length) {
--			DEBUG(0, ("Could not write result\n"));
--			exit(1);
--		}
- 		TALLOC_FREE(frame);
- 	}
- }