The branch, v4-2-stable has been updated via 1d4445a VERSION: Disable git snapshot for the 4.2.0 release. via b32bc91 WHATSNEW: Add release notes for Samba 4.2.0. via 1309af4 tevent: version 0.9.24 via 5db8d19 tevent: Ignore unexpected signal events in the same way the epoll backend does. via 7ad61f9 backupkey: Explain more why we use GnuTLS here via 19796dc torture-backupkey: Check the dcerpc call return code before calling ndr pull via defd635 backupkey: replace heimdal rsa key generation with GnuTLS via b39c155 build: Require GnuTLS if building with Active Directory via 3e03d5f torture-backupkey: Add tests that read the secret from the server, and validate via c39dccc backupkey: Better handling for different wrap version headers via a29cf10 backupkey: Add tests for ServerWrap protocol via 3b27850 backupkey: Change expected error codes to match Windows 2008R2 and Windows 2012R2 via ff5494a backupkey: Implement ServerWrap Decrypt via 2533cef backupkey: Handle more clearly the case where we find the secret, but it has no value via b66edeb backupkey: Improve variable names to make clear this is client-provided data via b3dd7ae backupkey: Use the name lsa_secret rather than just secret via 9408f0c backupkey: Implement ServerWrap Encrypt protocol via a0bf67d backupkey: Improve function names and comments for clarity via 8d45cf5 backupkey: Move SID comparison to inside get_and_verify_access_check() via 9372640 backupkey: Improve IDL via c6b61e1 backupkey: begin by factoring out the server wrap functions via 9ddd067 torture-backupkey: Assert dcerpc_bkrp_BackupKey_r call was successful via bad22e6 torture-backupkey: Add consistent assertions that createRestoreGUIDStruct() suceeds via 3d44076 s4:torture/rpc/backupkey: Require 2048 bit RSA key via 2ff5c42 s4-backupkey: consistent naming of werr variable via 0168673 s4-backupkey: improve variable name via 48a659d s4-backupkey: typo fix via a701eeb s4-backupkey: IDL for ServerWrap subprotocol via 87c525d s4-backupkey: fix ndr_pull error on empty input via 2ee3031 s4-backupkey: Initialize ndr->switchlist for print via a03df47 s4-backupkey: Comply with [MS-BKRP] 2.2.1 via 0d6e32f s4-backupkey: Set defined cert serialnumber via 0dd6cfa s4-backupkey: de-duplicate error handling via c998e9d s4-backupkey: check for talloc failure via 0b75a0c s4-backupkey: Cert lifetime of 365 days, not secs via 899f4db s4-backupkey: Ensure RSA modulus is 2048 bits via 93fe498 Add link to the Samba User Survey 2015 to WHATSNEW.txt via f158785 doc-xml: Add 'sharesec' reference to 'access based share enum' via f645571 snprintf: Try to support %j via d0a5a6f tevent: version 0.9.23 via bc8585b Add Solaris ports as a tevent backend. via 2f50cd2 Update the tevent_data.dox tutrial stuff to fix some errors, including white space problems. via 3c4e071 ctdb-io: Do not use sys_write to write to client sockets via 811fad3 smbd: Stop using vfs_Chdir after SMB_VFS_DISCONNECT. via a8d285f vfs: Add a brief vfs_ceph manpage. via aadfc40 doc:man:vfs_glusterfs: improve the configuration section. via 081a730 doc:man:vfs_glusterfs: improve and update description. via 9c5e310 doc:man:vfs_glusterfs: remove extra % signs. via 38d6d20 debug: Set close-on-exec for the main log file FD via 3a1f881 VERSION: Bump version up to 4.2.0... from 6c9d254 VERSION: Disable git snapshots for the 4.2.0rc5 release.
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-2-stable - Log ----------------------------------------------------------------- ----------------------------------------------------------------------- Summary of changes: VERSION | 2 +- WHATSNEW.txt | 72 +- ctdb/common/ctdb_io.c | 6 +- .../manpages/{vfs_snapper.8.xml => vfs_ceph.8.xml} | 65 +- docs-xml/manpages/vfs_glusterfs.8.xml | 61 +- .../smbdotconf/security/accessbasedshareenum.xml | 5 +- docs-xml/wscript_build | 1 + lib/replace/snprintf.c | 4 + lib/replace/system/select.h | 4 + lib/replace/wscript | 5 + .../ABI/{tevent-0.9.21.sigs => tevent-0.9.23.sigs} | 0 .../ABI/{tevent-0.9.21.sigs => tevent-0.9.24.sigs} | 0 lib/tevent/doc/tevent_data.dox | 30 +- lib/tevent/tevent.c | 5 +- lib/tevent/tevent_internal.h | 3 + lib/tevent/tevent_port.c | 785 ++++++++++++++ lib/tevent/wscript | 5 +- lib/util/debug.c | 3 + lib/util/wscript_build | 2 +- librpc/idl/backupkey.idl | 37 +- librpc/ndr/ndr_backupkey.c | 5 + source3/smbd/service.c | 6 +- source4/lib/tls/wscript | 3 + source4/rpc_server/backupkey/dcesrv_backupkey.c | 984 +++++++++++++----- source4/torture/rpc/backupkey.c | 1073 +++++++++++++++++++- 25 files changed, 2848 insertions(+), 318 deletions(-) copy docs-xml/manpages/{vfs_snapper.8.xml => vfs_ceph.8.xml} (52%) copy lib/tevent/ABI/{tevent-0.9.21.sigs => tevent-0.9.23.sigs} (100%) copy lib/tevent/ABI/{tevent-0.9.21.sigs => tevent-0.9.24.sigs} (100%) create mode 100644 lib/tevent/tevent_port.c Changeset truncated at 500 lines: diff --git a/VERSION b/VERSION index 6a16ad00..b9bd34a 100644 --- a/VERSION +++ b/VERSION @@ -87,7 +87,7 @@ SAMBA_VERSION_PRE_RELEASE= # e.g. SAMBA_VERSION_RC_RELEASE=1 # # -> "3.0.0rc1" # ######################################################## -SAMBA_VERSION_RC_RELEASE=5 +SAMBA_VERSION_RC_RELEASE= ######################################################## # To mark SVN snapshots this should be set to 'yes' # diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 49c1cb7..0996044 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,14 +1,26 @@ -Release Announcements -===================== + ============================= + Release Notes for Samba 4.2.0 + March 04, 2015 + ============================= + -This is the fifth release candidate of Samba 4.2. This is *not* -intended for production environments and is designed for testing -purposes only. Please report any defects via the Samba bug reporting -system at https://bugzilla.samba.org/. +This is is the first stable release of Samba 4.2. Samba 4.2 will be the next version of the Samba suite. +Samba User Survey 2015 +====================== + +https://www.surveygizmo.com/s3/2020369/Samba-User-Survey-2015 + +Please take our survey. It will help us improve Samba by understanding +your knowledge and needs. The survey runs until end of March 2015 and +won't ask for any personal info. The full results will be shared with +the Samba Team, and statistical summaries will be shared with the +Samba community after the SambaXP conference (http://sambaxp.org). + + IMPORTANT NOTE ABOUT THE SUPPORT END OF SAMBA 3 ================================================= @@ -338,6 +350,54 @@ smb.conf changes winbind expand groups Changed default 0 +CHANGES SINCE 4.2.0rc5 +====================== + +o Michael Adam <ob...@samba.org> + * BUG 11117: doc:man:vfs_glusterfs: improve the configuration section. + + +o Jeremy Allison <j...@samba.org> + * BUG 11118: tevent: Ignore unexpected signal events in the same way the + epoll backend does. + + +o Andrew Bartlett <abart...@samba.org> + * BUG 11100: debug: Set close-on-exec for the main log file FD. + * BUG 11097: Fix Win8.1 Credentials Manager issue after KB2992611 on Samba + domain. + + +o Ira Cooper <i...@samba.org> + * BUG 1115: smbd: Stop using vfs_Chdir after SMB_VFS_DISCONNECT. + + +o Günther Deschner <g...@samba.org> + * BUG 11088: vfs: Add a brief vfs_ceph manpage. + + +o David Disseldorp <dd...@samba.org> + * BUG 11118: tevent: version 0.9.24. + + +o Amitay Isaacs <ami...@gmail.com> + * BUG 11124: ctdb-io: Do not use sys_write to write to client sockets. + + +o Volker Lendecke <v...@samba.org> + * BUG 11119: snprintf: Try to support %j. + + +o Garming Sam <garm...@catalyst.net.nz> + * BUG 11097: Fix Win8.1 Credentials Manager issue after KB2992611 on Samba + domain. + + +o Andreas Schneider <a...@samba.org> + * BUG 11127: doc-xml: Add 'sharesec' reference to 'access based share + enum'. + + CHANGES SINCE 4.2.0rc4 ====================== diff --git a/ctdb/common/ctdb_io.c b/ctdb/common/ctdb_io.c index 467ec9a..53486f4 100644 --- a/ctdb/common/ctdb_io.c +++ b/ctdb/common/ctdb_io.c @@ -232,9 +232,9 @@ static void queue_io_write(struct ctdb_queue *queue) struct ctdb_queue_pkt *pkt = queue->out_queue; ssize_t n; if (queue->ctdb->flags & CTDB_FLAG_TORTURE) { - n = sys_write(queue->fd, pkt->data, 1); + n = write(queue->fd, pkt->data, 1); } else { - n = sys_write(queue->fd, pkt->data, pkt->length); + n = write(queue->fd, pkt->data, pkt->length); } if (n == -1 && errno != EAGAIN && errno != EWOULDBLOCK) { @@ -310,7 +310,7 @@ int ctdb_queue_send(struct ctdb_queue *queue, uint8_t *data, uint32_t length) queue overhead. This relies on non-blocking sockets */ if (queue->out_queue == NULL && queue->fd != -1 && !(queue->ctdb->flags & CTDB_FLAG_TORTURE)) { - ssize_t n = sys_write(queue->fd, data, length2); + ssize_t n = write(queue->fd, data, length2); if (n == -1 && errno != EAGAIN && errno != EWOULDBLOCK) { talloc_free(queue->fde); queue->fde = NULL; diff --git a/docs-xml/manpages/vfs_snapper.8.xml b/docs-xml/manpages/vfs_ceph.8.xml similarity index 52% copy from docs-xml/manpages/vfs_snapper.8.xml copy to docs-xml/manpages/vfs_ceph.8.xml index 0e06ec5..978f6b3 100644 --- a/docs-xml/manpages/vfs_snapper.8.xml +++ b/docs-xml/manpages/vfs_ceph.8.xml @@ -1,9 +1,9 @@ <?xml version="1.0" encoding="iso-8859-1"?> <!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc"> -<refentry id="vfs_snapper.8"> +<refentry id="vfs_ceph.8"> <refmeta> - <refentrytitle>vfs_snapper</refentrytitle> + <refentrytitle>vfs_ceph</refentrytitle> <manvolnum>8</manvolnum> <refmiscinfo class="source">Samba</refmiscinfo> <refmiscinfo class="manual">System Administration tools</refmiscinfo> @@ -12,15 +12,15 @@ <refnamediv> - <refname>vfs_snapper</refname> + <refname>vfs_ceph</refname> <refpurpose> - Expose snapshots managed by snapper as shadow-copies + Utilize features provided by CephFS </refpurpose> </refnamediv> <refsynopsisdiv> <cmdsynopsis> - <command>vfs objects = snapper</command> + <command>vfs objects = ceph</command> </cmdsynopsis> </refsynopsisdiv> @@ -32,14 +32,22 @@ <manvolnum>8</manvolnum></citerefentry> suite.</para> <para> - The <command>vfs_snapper</command> VFS module exposes snapshots - managed by snapper for use by Samba. This provides the ability - for remote SMB clients to access shadow-copies via Windows - Explorer using the "previous versions" dialog. + The <command>vfs_ceph</command> VFS module exposes + CephFS specific features for use by Samba. </para> <para> - This module is stackable. + Ceph is a distributed network file system designed to provide + excellent performance, reliability, and scalability. This is a + shared library allowing applications to access a Ceph + distributed file system via a POSIX-like interface. + </para> + + <para> + This module can be combined with other modules, but it + should be the last module in the <command>vfs objects</command> + list. Modules added to this list to the right of the ceph + entry may not have any effect at all. </para> </refsect1> @@ -47,29 +55,36 @@ <title>CONFIGURATION</title> <para> - The underlying share path must have a corresponding snapper - configuration file. The snapshot directory tree must allow - access for relavent users. + <command>vfs_ceph</command> requires that the underlying share + path is a Ceph filesystem. </para> <programlisting> <smbconfsection name="[share]"/> - <smbconfoption name="vfs objects">snapper</smbconfoption> + <smbconfoption name="vfs objects">ceph</smbconfoption> </programlisting> </refsect1> <refsect1> - <title>PERMISSIONS</title> - <para> - Snapper stores snapshots under a .snapshots subdirectory. This - directory must permit traversal for any users wishing to access - snapshots via the Windows Explorer previous versions dialog. - By default, traversal is forbidden for all non-root users. - Additionally, users must be granted permission to list snapshots - managed by snapper, via snapper's ALLOW_USERS or ALLOW_GROUPS - options. Snapper can grant these users and groups .snapshots - traversal access automatically via the SYNC_ACL option. - </para> + <title>OPTIONS</title> + + <variablelist> + + <varlistentry> + <term>ceph:config_file = path</term> + <listitem> + <para> + Allows to define a ceph configfile to use. Empty by default. + </para> + <para> + Example: ceph:config_file = + /etc/ceph/ceph.conf + </para> + </listitem> + </varlistentry> + + </variablelist> + </refsect1> <refsect1> diff --git a/docs-xml/manpages/vfs_glusterfs.8.xml b/docs-xml/manpages/vfs_glusterfs.8.xml index 83032cc..c0c320c 100644 --- a/docs-xml/manpages/vfs_glusterfs.8.xml +++ b/docs-xml/manpages/vfs_glusterfs.8.xml @@ -32,28 +32,29 @@ <manvolnum>8</manvolnum></citerefentry> suite.</para> <para> - The <command>vfs_glusterfs</command> VFS module exposes - GlusterFS specific features for use by Samba. + GlusterFS + (<ulink url="http://www.gluster.org/">http://www.gluster.org</ulink>) + is an Open Source clustered file system capable of scaling to + several peta-bytes. With its FUSE based native client, + GlusterFS is available as a POSIX compliant file system and can + hence be shared by Samba without additional steps. </para> <para> - GlusterFS is a clustered file system, capable of scaling - to several peta-bytes. It aggregates various storage bricks - over Infiniband RDMA or TCP/IP and interconnect into one large - parallel network file system. Storage bricks can be made of any - commodity hardware, such as x86-64 server with SATA-II RAID and - Infiniband HBA. - - GlusterFS is fully POSIX compliant file system. It supports - standard clients running standard applications over any standard - IP network and also FUSE. It works seemlessly on - different operating systems, currently supported on GNU/Linux - and Solaris. + The <command>vfs_glusterfs</command> VFS module provides an + alternative, and superior way to access a Gluster filesystem + from Samba for sharing. It does not require a Gluster FUSE mount + but directly accesses the GlusterFS daemon through its library + <command>libgfapi</command>, thereby omitting the expensive + kernel-userspace context switches and taking advantage of some + of the more advanced features of GlusterFS. </para> <para> - This module is stackable, provided glusterfs lies in the bottom - of the stack. + This module can be combined with other modules, but it + should be the last module in the <command>vfs objects</command> + list. Modules added to this list to the right of the glusterfs + entry may not have any effect at all. </para> </refsect1> @@ -61,14 +62,33 @@ <title>CONFIGURATION</title> <para> - <command>vfs_glusterfs</command> requires that the underlying share - path is a Gluster filesystem. + A basic configuration looks like this. </para> <programlisting> <smbconfsection name="[share]"/> <smbconfoption name="vfs objects">glusterfs</smbconfoption> + <smbconfoption name="path">/relative/base/path</smbconfoption> + <smbconfoption name="glusterfs:volume">gv0</smbconfoption> + <smbconfoption name="kernel share modes">no</smbconfoption> </programlisting> + + <para> + Note that since <command>vfs_glusterfs</command> does not + require a Gluster mount, the share <command>path</command> is + treated differently than for other shares: It is interpreted as + the base path of the share relative to the gluster volume used. + Because this is usually not at the same time a system path, in a + ctdb cluster setup where ctdb manages Samba, you need to set + <command>CTDB_SAMBA_SKIP_SHARE_CHECK=yes</command> in ctdb's + configuration file. Otherwise ctdb will not get healthy. + </para> + + <para> + Note that currently kernel share modes have to be disabled + in a share running with the glusterfs vfs module for file + serving to work properly. + </para> </refsect1> <refsect1> @@ -82,12 +102,11 @@ <para> Defines whether and where to store a vfs_glusterfs specific logfile. Client variable substitution is supported (i.e. - %M, %m, %I), hence per client log file can be - %specified. + %M, %m, %I), hence per client log file can be specified. </para> <para> Example: glusterfs:logfile = - %/var/log/samba/glusterfs-vol2.%M.log + /var/log/samba/glusterfs-vol2.%M.log </para> </listitem> </varlistentry> diff --git a/docs-xml/smbdotconf/security/accessbasedshareenum.xml b/docs-xml/smbdotconf/security/accessbasedshareenum.xml index 8b94648..66932d0 100644 --- a/docs-xml/smbdotconf/security/accessbasedshareenum.xml +++ b/docs-xml/smbdotconf/security/accessbasedshareenum.xml @@ -7,7 +7,10 @@ <para>If this parameter is <constant>yes</constant> for a service, then the share hosted by the service will only be visible to users who have read or write access to the share during share - enumeration (for example net view \\sambaserver). This has + enumeration (for example net view \\sambaserver). The share ACLs + which allow or deny the access to the share can be modified using + for example the <command moreinfo="none">sharesec</command> command + or using the appropriate Windows tools. This has parallels to access based enumeration, the main difference being that only share permissions are evaluated, and security descriptors on files contained on the share are not used in diff --git a/docs-xml/wscript_build b/docs-xml/wscript_build index 0bc3f54..e4a3f5f 100644 --- a/docs-xml/wscript_build +++ b/docs-xml/wscript_build @@ -53,6 +53,7 @@ manpages=''' manpages/vfs_cacheprime.8 manpages/vfs_cap.8 manpages/vfs_catia.8 + manpages/vfs_ceph.8 manpages/vfs_commit.8 manpages/vfs_crossrename.8 manpages/vfs_default_quota.8 diff --git a/lib/replace/snprintf.c b/lib/replace/snprintf.c index 6b4a711..86ba74c 100644 --- a/lib/replace/snprintf.c +++ b/lib/replace/snprintf.c @@ -445,6 +445,10 @@ static int dopr(char *buffer, size_t maxlen, const char *format, va_list args_in ch = *format++; } break; + case 'j': + cnk->cflags = DP_C_LLONG; + ch = *format++; + break; case 'L': cnk->cflags = DP_C_LDOUBLE; ch = *format++; diff --git a/lib/replace/system/select.h b/lib/replace/system/select.h index 11c5390..9e945c3 100644 --- a/lib/replace/system/select.h +++ b/lib/replace/system/select.h @@ -34,6 +34,10 @@ #include <sys/epoll.h> #endif +#ifdef HAVE_SOLARIS_PORTS +#include <port.h> +#endif + #ifndef SELECT_CAST #define SELECT_CAST #endif diff --git a/lib/replace/wscript b/lib/replace/wscript index 4d4d182..f8a0179 100644 --- a/lib/replace/wscript +++ b/lib/replace/wscript @@ -38,6 +38,7 @@ def configure(conf): conf.CHECK_HEADERS('libaio.h locale.h ndir.h pwd.h') conf.CHECK_HEADERS('shadow.h sys/acl.h') conf.CHECK_HEADERS('sys/attributes.h attr/attributes.h sys/capability.h sys/dir.h sys/epoll.h') + conf.CHECK_HEADERS('port.h') conf.CHECK_HEADERS('sys/fcntl.h sys/filio.h sys/filsys.h sys/fs/s5param.h sys/fs/vx/quota.h') conf.CHECK_HEADERS('sys/id.h sys/ioctl.h sys/ipc.h sys/mman.h sys/mode.h sys/ndir.h sys/priv.h') conf.CHECK_HEADERS('sys/resource.h sys/security.h sys/shm.h sys/statfs.h sys/statvfs.h sys/termio.h') @@ -283,6 +284,7 @@ def configure(conf): conf.CHECK_FUNCS('timegm getifaddrs freeifaddrs mmap setgroups syscall setsid') conf.CHECK_FUNCS('getgrent_r getgrgid_r getgrnam_r getgrouplist getpagesize') conf.CHECK_FUNCS('getpwent_r getpwnam_r getpwuid_r epoll_create') + conf.CHECK_FUNCS('port_create') conf.SET_TARGET_TYPE('attr', 'EMPTY') @@ -487,6 +489,9 @@ removeea setea if conf.CONFIG_SET('HAVE_EPOLL_CREATE') and conf.CONFIG_SET('HAVE_SYS_EPOLL_H'): conf.DEFINE('HAVE_EPOLL', 1) + if conf.CONFIG_SET('HAVE_PORT_CREATE') and conf.CONFIG_SET('HAVE_PORT_H'): + conf.DEFINE('HAVE_SOLARIS_PORTS', 1) + conf.CHECK_HEADERS('poll.h') conf.CHECK_FUNCS('poll') diff --git a/lib/tevent/ABI/tevent-0.9.21.sigs b/lib/tevent/ABI/tevent-0.9.23.sigs similarity index 100% copy from lib/tevent/ABI/tevent-0.9.21.sigs copy to lib/tevent/ABI/tevent-0.9.23.sigs diff --git a/lib/tevent/ABI/tevent-0.9.21.sigs b/lib/tevent/ABI/tevent-0.9.24.sigs similarity index 100% copy from lib/tevent/ABI/tevent-0.9.21.sigs copy to lib/tevent/ABI/tevent-0.9.24.sigs diff --git a/lib/tevent/doc/tevent_data.dox b/lib/tevent/doc/tevent_data.dox index 4ee4ac2..dbe7a04 100644 --- a/lib/tevent/doc/tevent_data.dox +++ b/lib/tevent/doc/tevent_data.dox @@ -46,18 +46,19 @@ struct testA { static void foo_done(struct tevent_req *req) { -// a->x contains 9 -struct foo_state *a = tevent_req_data(req, struct foo_state); + // a->x contains 10 since it came from foo_send + struct foo_state *a = tevent_req_data(req, struct foo_state); -// b->y contains 10 -struct testA *b = tevent_req_callback_data(req, struct testA); + // b->y contains 9 since it came from run + struct testA *b = tevent_req_callback_data(req, struct testA); -// c->y contains 10 -struct testA *c = (struct testA *)tevent_req_callback_data_void(req); + // c->y contains 9 since it came from run we just used a different way + // of getting it. + struct testA *c = (struct testA *)tevent_req_callback_data_void(req); -printf("a->x: %d\n", a->x); -printf("b->y: %d\n", b->y); -printf("c->y: %d\n", c->y); + printf("a->x: %d\n", a->x); + printf("b->y: %d\n", b->y); + printf("c->y: %d\n", c->y); } @@ -77,6 +78,9 @@ static void run(struct tevent_context *ev, struct tevent_timer *te, struct timeval current_time, void *private_data) { struct tevent_req *req; struct testA *tmp = talloc(ev, struct testA); + + // Note that we did not use the private data passed in + tmp->y = 9; req = foo_send(ev, ev); @@ -101,7 +105,7 @@ int main (int argc, char **argv) { return EXIT_FAILURE; data = talloc(mem_ctx, struct testA); - data->y = 10; + data->y = 11; time_event = tevent_add_timer(event_ctx, mem_ctx, @@ -125,9 +129,9 @@ int main (int argc, char **argv) { Output of this example is: -- Samba Shared Repository