The branch, v4-3-test has been updated via 8e669b5 VERSION: Bump version up to 4.3.0rc2... via 8c8cbd9 VERSION: Release Samba 4.3.0rc1 via 4d5914b WHATSNEW: Start release notes for Samba 4.3.0rc1. via b2a5949 ldb: version 1.1.21 via c7207e7 tdb: version 1.3.7 via e05cb33 talloc: version 2.1.3 via 54ea6ff testsuite/headers: remove unused checks for ntdb.h via b86df6e tdb python binding: raise KeyError(key) when the key doesn't exist via 075799a pytdb: Add tests for text interface via d8c1343 pyldb: Add a text-based interface for Python 3 via 1853a74 pytdb: Use new dict API on Python 3 via 13c24b3 pytdb: Build for two versions of Python at once via 11eb2e4 pytdb: Port to Python 3 via d255231 pytdb: Allow nextkey() to be called via 5090d49 buildtools: Fix crash on invalid --extra-python option via 5a4e5d7 buildtools: Don't configure Python more than once via 584adc4 s4-auth: Make sure error_string is correctly initialized via ae607c0 s4-kdc_kpasswd: split out some code to a KPASSWD_GLUE subsystem. via a7705ad s4-kdc: move kdc_check_pac() to a new subsystem KDC-GLUE. via 1e64e72 s4-kdc: only use a void* in samba_kdc_entry instead of hdb_entry_ex. via 38e5d8d s4-kdc/pac_glue: remove old samba_kdc_build_edata_reply(). via 893963c s4-kdc/mit_samba: add a copy of samba_kdc_build_edata_reply for MIT. via 402b0da s4-kdc/wdc-samba4: add a copy of samba_kdc_build_edata_reply for Heimdal. via 52e6d91 waf: Make mit_samba a subsystem and do not build with Heimdal via 8147156 s4-kdc: Fix a casting warning via 17c8b1a s4-kdc: Fix a typo via da3df2e pdb_tdb: Use fstr_sprintf from 6551591 ctdb-daemon: Ignore SIGUSR1
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-3-test - Log ----------------------------------------------------------------- commit 8e669b5383cc79ea2d0df3d946394c2909ba81e5 Author: Stefan Metzmacher <me...@samba.org> Date: Tue Jul 21 13:56:42 2015 +0200 VERSION: Bump version up to 4.3.0rc2... ...and re-enable git snapshots. Signed-off-by: Stefan Metzmacher <me...@samba.org> ----------------------------------------------------------------------- Summary of changes: VERSION | 4 +- WHATSNEW.txt | 148 ++++++++++++- buildtools/wafsamba/samba_python.py | 6 +- lib/ldb/ABI/{ldb-1.1.19.sigs => ldb-1.1.21.sigs} | 0 ...ldb-util-1.1.10.sigs => pyldb-util-1.1.21.sigs} | 0 lib/ldb/wscript | 2 +- ...oc-util-2.0.6.sigs => pytalloc-util-2.1.3.sigs} | 0 .../ABI/{talloc-2.1.0.sigs => talloc-2.1.3.sigs} | 0 lib/talloc/wscript | 2 +- lib/tdb/ABI/{tdb-1.3.5.sigs => tdb-1.3.7.sigs} | 0 lib/tdb/_tdb_text.py | 138 ++++++++++++ lib/tdb/pytdb.c | 234 ++++++++++++++------ lib/tdb/python/tests/simple.py | 240 ++++++++++++++++----- lib/tdb/wscript | 30 ++- source3/passdb/pdb_tdb.c | 17 +- source4/auth/kerberos/srv_keytab.c | 50 +++-- source4/kdc/db-glue.c | 4 +- source4/kdc/kdc-glue.c | 69 ++++++ source4/kdc/kdc-glue.h | 5 + source4/kdc/kpasswd_glue.c | 112 ++++++++++ .../cldap_server.h => kdc/kpasswd_glue.h} | 35 ++- source4/kdc/kpasswdd.c | 81 ++----- source4/kdc/mit_samba.c | 47 ++++ source4/kdc/pac-glue.c | 73 ------- source4/kdc/pac-glue.h | 6 - source4/kdc/samba_kdc.h | 2 +- source4/kdc/wdc-samba4.c | 41 ++++ source4/kdc/wscript_build | 63 ++++-- testsuite/headers/wscript_build | 4 - 29 files changed, 1052 insertions(+), 361 deletions(-) copy lib/ldb/ABI/{ldb-1.1.19.sigs => ldb-1.1.21.sigs} (100%) copy lib/ldb/ABI/{pyldb-util-1.1.10.sigs => pyldb-util-1.1.21.sigs} (100%) copy lib/talloc/ABI/{pytalloc-util-2.0.6.sigs => pytalloc-util-2.1.3.sigs} (100%) copy lib/talloc/ABI/{talloc-2.1.0.sigs => talloc-2.1.3.sigs} (100%) copy lib/tdb/ABI/{tdb-1.3.5.sigs => tdb-1.3.7.sigs} (100%) create mode 100644 lib/tdb/_tdb_text.py create mode 100644 source4/kdc/kdc-glue.c create mode 100644 source4/kdc/kpasswd_glue.c copy source4/{cldap_server/cldap_server.h => kdc/kpasswd_glue.h} (57%) Changeset truncated at 500 lines: diff --git a/VERSION b/VERSION index df4a2f1..5fcf509 100644 --- a/VERSION +++ b/VERSION @@ -77,7 +77,7 @@ SAMBA_VERSION_BETA_RELEASE= # e.g. SAMBA_VERSION_PRE_RELEASE=1 # # -> "2.2.9pre1" # ######################################################## -SAMBA_VERSION_PRE_RELEASE=1 +SAMBA_VERSION_PRE_RELEASE= ######################################################## # For 'rc' releases the version will be # @@ -87,7 +87,7 @@ SAMBA_VERSION_PRE_RELEASE=1 # e.g. SAMBA_VERSION_RC_RELEASE=1 # # -> "3.0.0rc1" # ######################################################## -SAMBA_VERSION_RC_RELEASE= +SAMBA_VERSION_RC_RELEASE=2 ######################################################## # To mark SVN snapshots this should be set to 'yes' # diff --git a/WHATSNEW.txt b/WHATSNEW.txt index cbf73b9..89a03b5 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,7 +1,7 @@ Release Announcements ===================== -This is the first preview release of Samba 4.3. This is *not* +This is the first release candidate of Samba 4.3. This is *not* intended for production environments and is designed for testing purposes only. Please report any defects via the Samba bug reporting system at https://bugzilla.samba.org/. @@ -12,10 +12,14 @@ Samba 4.3 will be the next version of the Samba suite. UPGRADING ========= +Nothing special. NEW FEATURES ============ +Logging +------- + The logging code now supports logging to multiple backends. In addition to the previously available syslog and file backends, the backends for logging to the systemd-journal, lttng and gpfs have been @@ -23,7 +27,7 @@ added. Please consult the section for the 'logging' parameter in the smb.conf manpage for details. Spotlight -========= +--------- Support for Apple's Spotlight has been added by integrating with Gnome Tracker. @@ -31,6 +35,126 @@ Tracker. For detailed instructions how to build and setup Samba for Spotlight, please see the Samba wiki: <https://wiki.samba.org/index.php/Spotlight> +New FileChangeNotify subsystem +------------------------------ + +Samba now contains a new subsystem to do FileChangeNotify. The +previous system used a central database, notify_index.tdb, to store +all notification requests. In particular in a cluster this turned out +to be a major bottleneck, because some hot records need to be bounced +back and forth between nodes on every change event like a new created +file. + +The new FileChangeNotify subsystem works with a central daemon per +node. Every FileChangeNotify request and every event are handled by an +asynchronous message from smbd to the notify daemon. The notify daemon +maintains a database of all FileChangeNotify requests in memory and +will distribute the notify events accordingly. This database is +asynchronously distributed in the cluster by the notify daemons. + +The notify daemon is supposed to scale a lot better than the previous +implementation. The functional advantage is cross-node kernel change +notify: Files created via NFS will be seen by SMB clients on other +nodes per FileChangeNotify, despite the fact that popular cluster file +systems do not offer cross-node inotify. + +Two changes to the configuration were required for this new subsystem: +The parameters "change notify" and "kernel change notify" are not +per-share anymore but must be set globally. So it is no longer +possible to enable or disable notify per share, the notify daemon has +no notion of a share, it only works on absolute paths. + +New SMB profiling code +---------------------- + +The code for SMB (SMB1, SMB2 and SMB3) profiling uses a tdb instead +of sysv IPC shared memory. This avoids performance problems and NUMA +effects. The profile stats are a bit more detailed than before. + +Improved DCERPC man in the middle detection for kerberos +-------------------------------------------------------- + +The gssapi based kerberos backends for gensec have support for +DCERPC header signing when using DCERPC_AUTH_LEVEL_PRIVACY. + +SMB signing required in winbindd by default +------------------------------------------- + +The effective value for "client signing" is required +by default for winbindd, if the primary domain uses active directory. + +Experimental NTDB was removed +----------------------------- + +The experimental NTDB library introduced in Samba 4.0 has been +removed again. + +Improved support for trusted domains (as AD DC) +----------------------------------------------- + +The support for trusted domains/forests has improved a lot. + +samba-tool got "domain trust" subcommands to manage trusts: + + create - Create a domain or forest trust. + delete - Delete a domain trust. + list - List domain trusts. + namespaces - Manage forest trust namespaces. + show - Show trusted domain details. + validate - Validate a domain trust. + +External trusts between individual domains work in both ways +(inbound and outbound). The same applies to root domains of +a forest trust. The transitive routing into the other forest +is fully functional for kerberos, but not yet supported for NTLMSSP. + +While a lot of things are working fine, there are currently a few limitations: + + - Both sides of the trust need to fully trust each other! + - No SID filtering rules are applied at all! + - This means DCs of domain A can grant domain admin rights + in domain B. + - It's not possible to add users/groups of a trusted domain + into domain groups. + +SMB 3.1.1 supported +------------------- + +Both client and server have support for SMB 3.1.1 now. + +This is the dialect introduced with Windows 10, it improves the secure +negotiation of SMB dialects and features. + +New smbclient subcommands +------------------------- + + - Query a directory for change notifications: notify <dir name> + - Server side copy: scopy <source filename> <destination filename> + +New rpcclient subcommands +------------------------- + + netshareenumall - Enumerate all shares + netsharegetinfo - Get Share Info + netsharesetinfo - Set Share Info + netsharesetdfsflags - Set DFS flags + netfileenum - Enumerate open files + netnamevalidate - Validate sharename + netfilegetsec - Get File security + netsessdel - Delete Session + netsessenum - Enumerate Sessions + netdiskenum - Enumerate Disks + netconnenum - Enumerate Connections + netshareadd - Add share + netsharedel - Delete share + +New modules +----------- + + idmap_script - see 'man 8 idmap_script' + vfs_unityed_media - see 'man 8 vfs_unityed_media' + vfs_shell_snap - see 'man 8 vfs_shell_snap' + ###################################################################### Changes ####### @@ -38,14 +162,28 @@ Changes smb.conf changes ---------------- - Parameter Name Description Default - -------------- ----------- ------- - logging New (empty) + Parameter Name Description Default + -------------- ----------- ------- + logging New (empty) + msdfs shuffle referrals New no + smbd profiling level New off + spotlight New no + tls priority New NORMAL:-VERS-SSL3.0 + use ntdb Removed + change notify Changed to [global] + kernel change notify Changed to [global] + client max protocol Changed default SMB3_11 + server max protocol Changed default SMB3_11 + +Removed modules +--------------- +vfs_notify_fam - see section 'New FileChangeNotify subsystem'. KNOWN ISSUES ============ +Currently none. ####################################### Reporting bugs & Development Discussion diff --git a/buildtools/wafsamba/samba_python.py b/buildtools/wafsamba/samba_python.py index 7546bbd..a8f780f 100644 --- a/buildtools/wafsamba/samba_python.py +++ b/buildtools/wafsamba/samba_python.py @@ -9,6 +9,10 @@ from Configure import conf @conf def SAMBA_CHECK_PYTHON(conf, mandatory=True, version=(2,4,2)): # enable tool to build python extensions + if conf.env.HAVE_PYTHON_H: + conf.check_python_version(version) + return + interpreters = [] if conf.env['EXTRA_PYTHON']: @@ -21,7 +25,7 @@ def SAMBA_CHECK_PYTHON(conf, mandatory=True, version=(2,4,2)): try: conf.check_python_version((3, 3, 0)) except Exception: - warn('extra-python needs to be Python 3.3 or later') + Logs.warn('extra-python needs to be Python 3.3 or later') raise interpreters.append(conf.env['PYTHON']) conf.setenv('default') diff --git a/lib/ldb/ABI/ldb-1.1.19.sigs b/lib/ldb/ABI/ldb-1.1.21.sigs similarity index 100% copy from lib/ldb/ABI/ldb-1.1.19.sigs copy to lib/ldb/ABI/ldb-1.1.21.sigs diff --git a/lib/ldb/ABI/pyldb-util-1.1.10.sigs b/lib/ldb/ABI/pyldb-util-1.1.21.sigs similarity index 100% copy from lib/ldb/ABI/pyldb-util-1.1.10.sigs copy to lib/ldb/ABI/pyldb-util-1.1.21.sigs diff --git a/lib/ldb/wscript b/lib/ldb/wscript index 65a6843..0e81932 100755 --- a/lib/ldb/wscript +++ b/lib/ldb/wscript @@ -1,7 +1,7 @@ #!/usr/bin/env python APPNAME = 'ldb' -VERSION = '1.1.20' +VERSION = '1.1.21' blddir = 'bin' diff --git a/lib/talloc/ABI/pytalloc-util-2.0.6.sigs b/lib/talloc/ABI/pytalloc-util-2.1.3.sigs similarity index 100% copy from lib/talloc/ABI/pytalloc-util-2.0.6.sigs copy to lib/talloc/ABI/pytalloc-util-2.1.3.sigs diff --git a/lib/talloc/ABI/talloc-2.1.0.sigs b/lib/talloc/ABI/talloc-2.1.3.sigs similarity index 100% copy from lib/talloc/ABI/talloc-2.1.0.sigs copy to lib/talloc/ABI/talloc-2.1.3.sigs diff --git a/lib/talloc/wscript b/lib/talloc/wscript index 8e61516..bbe0cb1 100644 --- a/lib/talloc/wscript +++ b/lib/talloc/wscript @@ -1,7 +1,7 @@ #!/usr/bin/env python APPNAME = 'talloc' -VERSION = '2.1.2' +VERSION = '2.1.3' blddir = 'bin' diff --git a/lib/tdb/ABI/tdb-1.3.5.sigs b/lib/tdb/ABI/tdb-1.3.7.sigs similarity index 100% copy from lib/tdb/ABI/tdb-1.3.5.sigs copy to lib/tdb/ABI/tdb-1.3.7.sigs diff --git a/lib/tdb/_tdb_text.py b/lib/tdb/_tdb_text.py new file mode 100644 index 0000000..c823bf8 --- /dev/null +++ b/lib/tdb/_tdb_text.py @@ -0,0 +1,138 @@ +# Text wrapper for tdb bindings +# +# Copyright (C) 2015 Petr Viktorin <pvikt...@redhat.com> +# Published under the GNU LGPLv3 or later + +import sys +import functools + +import tdb + + +class TdbTextWrapper(object): + """Text interface for a TDB file""" + + def __init__(self, tdb): + self._tdb = tdb + + @property + def raw(self): + return self._tdb + + def get(self, key): + key = key.encode('utf-8') + result = self._tdb.get(key) + if result is not None: + return result.decode('utf-8') + + def append(self, key, value): + key = key.encode('utf-8') + value = value.encode('utf-8') + self._tdb.append(key, value) + + def firstkey(self): + result = self._tdb.firstkey() + if result: + return result.decode('utf-8') + + def nextkey(self, key): + key = key.encode('utf-8') + result = self._tdb.nextkey(key) + if result is not None: + return result.decode('utf-8') + + def delete(self, key): + key = key.encode('utf-8') + self._tdb.delete(key) + + def store(self, key, value): + key = key.encode('utf-8') + value = value.encode('utf-8') + self._tdb.store(key, value) + + def __iter__(self): + for key in iter(self._tdb): + yield key.decode('utf-8') + + def __getitem__(self, key): + key = key.encode('utf-8') + result = self._tdb[key] + return result.decode('utf-8') + + def __contains__(self, key): + key = key.encode('utf-8') + return key in self._tdb + + def __repr__(self): + return '<TdbTextWrapper for %r>' % self._tdb + + def __setitem__(self, key, value): + key = key.encode('utf-8') + value = value.encode('utf-8') + self._tdb[key] = value + + def __delitem__(self, key): + key = key.encode('utf-8') + del self._tdb[key] + + if sys.version_info > (3, 0): + keys = __iter__ + else: + iterkeys = __iter__ + has_key = __contains__ + + +## Add wrappers for functions and getters that don't deal with text + +def _add_wrapper(name): + orig = getattr(tdb.Tdb, name) + + def wrapper(self, *args, **kwargs): + return orig(self._tdb, *args, **kwargs) + wrapper.__name__ = orig.__name__ + wrapper.__doc__ = orig.__doc__ + + setattr(TdbTextWrapper, name, wrapper) + +for name in ("transaction_cancel", + "transaction_commit", + "transaction_prepare_commit", + "transaction_start", + "reopen", + "lock_all", + "unlock_all", + "read_lock_all", + "read_unlock_all", + "close", + "add_flags", + "remove_flags", + "clear", + "repack", + "enable_seqnum", + "increment_seqnum_nonblock", + ): + _add_wrapper(name) + + +def _add_getter(name): + orig = getattr(tdb.Tdb, name) + doc = orig.__doc__ + + def getter(self): + return getattr(self._tdb, name) + + def setter(self, value): + return setattr(self._tdb, name, value) + + setattr(TdbTextWrapper, name, property(getter, setter, doc=doc)) + +for name in ("hash_size", + "map_size", + "freelist_size", + "flags", + "max_dead", + "filename", + "seqnum", + "text", + ): + _add_getter(name) diff --git a/lib/tdb/pytdb.c b/lib/tdb/pytdb.c index 9320799..c9d3a76 100644 --- a/lib/tdb/pytdb.c +++ b/lib/tdb/pytdb.c @@ -31,13 +31,25 @@ /* Include tdb headers */ #include <tdb.h> +#if PY_MAJOR_VERSION >= 3 +#define PyStr_FromString PyUnicode_FromString +#define PyStr_FromFormat PyUnicode_FromFormat +#define PyInt_FromLong PyLong_FromLong +#define PyInt_Check PyLong_Check +#define PyInt_AsLong PyLong_AsLong +#define Py_TPFLAGS_HAVE_ITER 0 +#else +#define PyStr_FromString PyString_FromString +#define PyStr_FromFormat PyString_FromFormat +#endif + typedef struct { PyObject_HEAD TDB_CONTEXT *ctx; bool closed; } PyTdbObject; -staticforward PyTypeObject PyTdb; +static PyTypeObject PyTdb; static void PyErr_SetTDBError(TDB_CONTEXT *tdb) { @@ -45,21 +57,21 @@ static void PyErr_SetTDBError(TDB_CONTEXT *tdb) Py_BuildValue("(i,s)", tdb_error(tdb), tdb_errorstr(tdb))); } -static TDB_DATA PyString_AsTDB_DATA(PyObject *data) +static TDB_DATA PyBytes_AsTDB_DATA(PyObject *data) { TDB_DATA ret; - ret.dptr = (unsigned char *)PyString_AsString(data); - ret.dsize = PyString_Size(data); + ret.dptr = (unsigned char *)PyBytes_AsString(data); + ret.dsize = PyBytes_Size(data); return ret; } -static PyObject *PyString_FromTDB_DATA(TDB_DATA data) +static PyObject *PyBytes_FromTDB_DATA(TDB_DATA data) { if (data.dptr == NULL && data.dsize == 0) { Py_RETURN_NONE; } else { - PyObject *ret = PyString_FromStringAndSize((const char *)data.dptr, - data.dsize); + PyObject *ret = PyBytes_FromStringAndSize((const char *)data.dptr, + data.dsize); free(data.dptr); return ret; } @@ -233,11 +245,11 @@ static PyObject *obj_get(PyTdbObject *self, PyObject *args) if (!PyArg_ParseTuple(args, "O", &py_key)) return NULL; - key = PyString_AsTDB_DATA(py_key); + key = PyBytes_AsTDB_DATA(py_key); if (!key.dptr) return NULL; -- Samba Shared Repository