The branch, v4-5-stable has been updated
via 4a7d548 VERSION: Disable GIT_SNAPSHOTS for the 4.5.6 release.
via 4f40c35 WHATSNEW: Add release notes for Samba 4.5.6.
via 61ecd4e WHATSNEW: Clarify entry.
via 89f2fd3 s4:ldap_server: match windows in the error messages of
failing LDAP Bind requests
via 4f1ad9a ldb-samba: remember the error string of a failing bind in
ildb_connect()
via f599b6f s3: smbd: Restart reading the incoming SMB2 fd when the
send queue is drained.
via fb15055 s3:winbindd: fix endless forest trust scan
via 72da210 vfs_fruit: enabling AAPL extensions must be a global switch
via 9a6a9d1 vfs_fruit: only veto AppleDouble files with
fruit:resource=file
via 8d04b53 s4/torture: vfs_fruit: add stream with illegal ntfs
characters to copyile test
via 161974b vfs_fruit: use stat info from base_fsp
via 49e8aa8 s4/torture: vfs_fruit: test invalid AFPINFO_STREAM_NAME
via 39c71b8 vfs_fruit: ignore or delete invalid AFP_AfpInfo streams
via a01b976 selftest: add shares without vfs_fruit for the vfs_fruit
tests
via af6a0f8 s4/torture: change shares in used
torture_suite_add_2ns_smb2_test()
via 5b18aea docs/vfs_fruit: document known limitations with
fruit:encoding=native
via 9b7b2c2 s4/torture: add test for AAPL find with name with illegal
NTFS characters
via 22e8146 lib/torture: add torture_assert_mem_equal_goto
via 66ff93b s4/torture: add a vfs_fruit renaming test with open rsrc
fork
via f5d8f58 s4/torture: vfs_fruit: test deleting a file with resource
fork
via 8795723 s4/torture: vfs_fruit: add test_null_afpinfo test
via 44cf7cc selftest: add description to vfs_fruit testsuites
via 9fec738 selftest: also run vfs_fruit tests with streams_depot
via 47c0e32 selftest: run vfs_fruit tests against share with
fruit:metadata=stream
via ef95fde selftest: move vfs_fruit tests that require
"fruit:metadata=netatalk" to vfs.fruit_netatalk
via 17c7872 selftest: reenable vfs_fruit tests
via abfcab1 vfs_fruit: refactor fruit_ftruncate and use new adouble API
via 61147af vfs_fruit: use fio in fruit_fallocate
via 1bfb932 vfs_fruit: refactor fruit_fstat and use new adouble API
via 93815fe vfs_fruit: refactor fruit_pread and fruit_pwrite and use
new adouble API
via e7701ed vfs_fruit: refactor fruit_open and use new adouble API
via 6254902 vfs_fruit: rework struct adouble API
via f087204 selftest: disable vfs_fruit tests
via bc54aa8 vfs_fruit: fix fruit_check_access()
via 5452d23 vfs_fruit: remove base_fsp name translation
via ad0ff00 vfs_fruit: use SMB_VFS_NEXT_OPEN in two places
via eb2ee5b vfs_fruit: refactor readdir_attr_macmeta() resource fork
size
via c8fdd5f vfs_fruit: refactor fruit_ftruncate() and fix stream case
via 296cb1e vfs_fruit: fix fruit_ntimes() for the
fruit:metadata!=netatalk case
via a964f03 vfs_fruit: refactor fruit_streaminfo()
via 949b8cb vfs_fruit: add fruit_stat_rsrc_xattr() implementation
via e1fb128 vfs_fruit: add fruit_stat_rsrc_stream() implementation
via b68ee54 vfs_fruit: refactor fruit_stat_rsrc()
via 3142a7c vfs_fruit: refactor fruit_open_rsrc()
via e19b247 vfs_fruit: in fruit_rmdir() check ._ files before deleting
them
via c7fdc90 vfs_fruit: fix fruit_rmdir() for the fruit:resource!=file
case
via a79800d vfs_fruit: fix fruit_chown() for the fruit:resource!=file
case
via 6f92b8d vfs_fruit: fix fruit_chmod() for the fruit:resource!=file
case
via 62ce4a1 vfs_fruit: refactor fruit_unlink()
via e271fd9 vfs_fruit: fix fruit_rename() for the fruit:resource!=file
case
via edb25c5 vfs_fruit: correct readdir_attr_meta_finderi_stream()
implementation
via 2b0d683 vfs_fruit: refactor readdir_attr_meta()
via f9cffd2 vfs_fruit: update_btime() is only needed for
metadata=netatalk
via 36f814b vfs_fruit: correct fruit_stat_meta_stream() implementation
via eee258a vfs_fruit: refactor fruit_stat_meta()
via 5ec96fb vfs_fruit: correct fruit_open_meta_stream() implementation
via 20acbbf vfs_fruit: refactor fruit_open_meta()
via 1e26b65 vfs_fruit: replace unsafe ad_entry macro with a function
via 55897bb vfs_fruit: fix fruit_pwrite() with metadata=stream
via 8ac4a90 vfs_fruit: rename empty_finderinfo() and make it more robust
via 74c6b42 vfs_fruit: fix fruit_ftruncate with metadata=stream
via dd990c3 vfs_fruit: fix fruit_pread with metadata=stream
via 8385932 vfs_catia: add catia_(g|s)et_dos_attributes
via 8374fde vfs_catia: add catia_readdir_attr
via 142b11f vfs_catia: run translation on all handle based VFS functions
via 3ad2b22 vfs_streams_xattr: use SMB_VFS_NEXT_OPEN and CLOSE
via 5c1d645 vfs_streams_xattr: call SMB_VFS_OPEN with smb_fname_base
via 6e77927 s3/includes: add FinderInfo offset define to MacExtensions.h
via 6f742ed selftest: don't run vfs_fruit tests against ad_dc env
via c479054 dbchecker: Stop ignoring linked cases where both objects
are alive
via 9f5b85e tests/dbcheck: Add a test for two live objects, with a
dangling forward link
via b13e9a9 tests/dbcheck: Add a test for two live objects, with a
dangling backlink
via 4f3f492 s3:idmap_ad: make use of pdb_get_trust_credentials() to get
the machine account creds
via de16359 s3:winbindd: allow a fallback to NTLMSSP for LDAP
connections
via 3c1073e s3:libads: add more debugging to ads_sasl_spnego_bind()
via f6eb2a7 s3:winbindd: rely on the kerberos_state from
pdb_get_trust_credentials()
via 2b55ed3 s3:winbindd: add more debugging to cm_prepare_connection()
via 3b423b0 s3:passdb: use cli_credentials_set_kerberos_state() for
trusts in pdb_get_trust_credentials()
via 18c1e21 s3:winbindd: fix the valid usage anonymous smb
authentication
via b241315 auth/credentials: try to use kerberos with the machine
account unless we're in an AD domain
via 41a4da3 s3:winbindd: try a NETLOGON connection with noauth over
NCACN_NP against trusted domains.
via abb51ac Revert "s3-winbind: Fix schannel connections against
trusted domain DCs"
via 2158bad s3:winbindd: make sure cm_prepare_connection() only returns
OK with a valid tree connect
via 81613c1 vfs_streams_xattr: use fsp, not base_fsp
via cf37b8a libcli/auth: use the correct creds value against servers
without LogonSamLogonEx
via d64d185 librpc/rpc: fix regression in
NT_STATUS_RPC_ENUM_VALUE_OUT_OF_RANGE error mapping
via 7ad4e82 krb5_wrap: use our own code to calculate the
ENCTYPE_ARCFOUR_HMAC key
via d394bf0 s4:scripting: use generate_random_machine_password() for
machine passwords
via 5934cda samba-tool:provision: use
generate_random_machine_password() for machine passwords
via f5e4a09 samba-tool:domain: use generate_random_machine_password()
for machine passwords
via 7d35bd7 samba-tool:domain: use generate_random_machine_password()
for trusted domains
via 2599936 pyglue: add generate_random_machine_password() wrapper
via f9effa5 python/samba: use an explicit .encode('utf-8') where we
expect utf8 passwords
via 8f437c6 python/samba: provision_dns_add_samba.ldif expects
utf-16-le passwords
via bdcda22 s4:dsdb: autogenerate a random utf16 buffer for krbtgt
password resets.
via df8d03f s4:libnet: make use of generate_random_machine_password()
via f3f6dd6 s4:libcli/raw: remove unused
DEFAULT_TRUST_ACCOUNT_PASSWORD_LENGTH
via e12b368 s3:include: remove unused
DEFAULT_TRUST_ACCOUNT_PASSWORD_LENGTH
via 57c8e45 s3:net_rpc_trust: make use of trust_pw_new_value()
via 7d8f679 s3:libnet_join: make use of trust_pw_new_value()
via c1f53ad s3:libads: use trust_pw_new_value() for krb5 machine
passwords
via a9c7e6b s3:libsmb: use trust_pw_new_value() in trust_pw_change()
via 0a76aed s3:libsmb: add trust_pw_new_value() helper function
via d17a9eb s3:libsmb: let trust_pw_change() verify the new password at
the end.
via 70b7aca s3:libsmb: let trust_pw_change() debug more verbose
information
via b329412 lib/util: add generate_random_machine_password() function
via aa4de8a libcli/auth: add netlogon_creds_cli_debug_string()
via ce18ad3 libcli/auth: check E_md4hash() result in
netlogon_creds_cli_ServerPasswordSet_send()
via 4b3bda7 ctdb-scripts: Initialise CTDB_NFS_CALLOUT in statd-callout
via e7856f0 ctdb-tests: Add more comm tests
via 90a1908 ctdb-common: Fix use-after-free error in comm_fd_handler()
via 23d35b6 s3: torture: Regression test for smbd trying to open an
invalid symlink.
via e6eb880 s3: smbd: Don't loop infinitely on bad-symlink resolution.
via fe31f48 s3-vfs: Only walk the directory once in open_and_sort_dir()
via 8f60339 s3/rpc_server/mdssvc: add attribute "kMDItemContentType"
via 12dc552 s3/smbd: check for invalid access_mask
smbd_calculate_access_mask()
via 7da2473 selftest: also run test base.createx_access against ad_dc
via 1a73c19 s3:librpc: remove bigendian argument from
dcerpc_pull_ncacn_packet()
via ed83c31 ctdb-build: Install CTDB tests correctly from toplevel
via cef9a9b s3: VFS: Don't allow symlink, link or rename on already
converted paths.
via f7c5f02 s3: VFS: shadow_copy2: Fix usage of saved_errno to only set
errno on error.
via 5c21667 s3: VFS: shadow_copy2: Fix a memory leak in the connectpath
function.
via d417f2a s3: VFS: shadow_copy2: Fix module to work with variable
current working directory.
via debe3a3 s3: VFS: Add utility function check_for_converted_path().
via 4bf9875 s3: VFS: Ensure shadow:format cannot contain a / path
separator.
via f3b5b4c s3: VFS: Allow shadow_copy2_connectpath() to return the
cached path derived from $cwd.
via 28a4f56 s3: VFS: shadow_copy2: Fix chdir to store off the needed
private variables.
via 21e16d7 s3: VFS: shadow_copy2: Add two currently unused functions
to make pathnames absolute or relative to $cwd.
via f87a8a8 s3: VFS: shadow_copy2: Change a parameter name.
via 501ff03 s3: VFS: shadow_copy2: Add a wrapper function to call the
original shadow_copy2_strip_snapshot().
via 08ae59c s3: VFS: shadow_copy2: Add two new variables to the private
data. Not yet used.
via 254eb16 s3: VFS: shadow_copy2: Fix length comparison to ensure we
don't overstep a length.
via aa3365b s3: VFS: shadow_copy2: Ensure pathnames for parameters are
correctly relative and terminated.
via 9067d6b s3: VFS: shadow_copy2: Correctly initialize timestamp and
stripped variables.
via 4c81c9b s3: smbd: Make set_conn_connectpath() call
canonicalize_absolute_path().
via 7128ea6 s3: smbtorture: Add new local test LOCAL-CANONICALIZE-PATH
via ed1d7cb s3: lib: Fix two old, old bugs in set_conn_connectpath(),
now in canonicalize_absolute_path().
via 74af6ae s3: lib: Add canonicalize_absolute_path().
via 179e537 s3: smbd: Correctly canonicalize any incoming shadow copy
path.
via 7b190e1 waf: backport finding of pkg-config
via 93c86be dbcheck-links: Test that dbcheck against one-way links does
not error
via e91260c dbcheck: Do not regard old one-way-links as errors
via 1f29fb6 samba_dsdb: Use and maintain compatibleFeatures and
requiredFeatures in @SAMBA_DSDB
via f4219b7 ctdb-tests: Use replace headers instead of system headers
via 78e4f07 ctdb-tests: Do not build mutex test if robust mutexes are
not supported
via 5f84242 s3: VFS: vfs_streams_xattr.c: Make streams_xattr_open()
store the same path as streams_xattr_recheck().
via 5410367 smbd: Fix "map acl inherit" = yes
via 44244bf s3: vfs: dirsort doesn't handle opendir of "." correctly.
via d5f233e vfs_fruit: checks wrong AAPL config state and so always
uses readdirattr
via 778d14c selftest/Samba3: use "server min protocol = SMB3_00" for
"ktest"
via 2e7c776 s3:smbd: allow "server min protocol = SMB3_00" to go via
"SMB 2.???" negprot
via 1eb3f3d s3/rpc_server: move rpc_modules.c to its own subsystem
via ab6d010 selftest: add test for global "smb encrypt=off"
via 26ff06c selftest: disable SMB encryption in simpleserver environment
via 170cc06 docs: impact of a global "smb encrypt=off" on a share with
"smb encrypt=required"
via ef266af s3/smbd: ensure global "smb encrypt = off" is effective for
share with "smb encrypt = desired"
via c2abca6 s3/smbd: ensure global "smb encrypt = off" is effective for
SMB 3.1.1 clients
via 98060ed s3/smbd: ensure global "smb encrypt = off" is effective for
SMB 1 clients
via d9bad78 s3/rpc_server: shared rpc modules loading
via d760f75 s4:repl_meta_data: normalize rdn attribute name via the
schema
via e8c06cb VERSION: Bump version up to 4.5.6...
from 49c473f VERSION: Disable git snapshots for the 4.5.5 release.
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-5-stable
- Log -----------------------------------------------------------------
-----------------------------------------------------------------------
Summary of changes:
VERSION | 2 +-
WHATSNEW.txt | 113 +-
auth/credentials/credentials_secrets.c | 17 +-
ctdb/common/comm.c | 46 +-
ctdb/config/statd-callout | 1 +
ctdb/tests/cunit/comm_test_001.sh | 10 +-
ctdb/tests/src/comm_test.c | 309 +-
ctdb/tests/src/test_mutex_raw.c | 24 +-
ctdb/wscript | 16 +-
docs-xml/manpages/vfs_fruit.8.xml | 20 +-
docs-xml/smbdotconf/security/smbencrypt.xml | 6 +-
lib/krb5_wrap/krb5_samba.c | 37 +
lib/ldb-samba/ldb_ildap.c | 1 +
lib/torture/torture.h | 10 +
lib/util/genrand_util.c | 168 +-
lib/util/samba_util.h | 32 +-
libcli/auth/netlogon_creds_cli.c | 33 +-
libcli/auth/netlogon_creds_cli.h | 4 +
librpc/rpc/dcerpc_error.c | 8 +-
python/pyglue.c | 26 +-
python/samba/__init__.py | 1 +
python/samba/dbchecker.py | 70 +-
python/samba/join.py | 11 +-
python/samba/netcmd/domain.py | 29 +-
python/samba/netcmd/user.py | 2 +-
python/samba/provision/__init__.py | 6 +-
python/samba/provision/sambadns.py | 2 +-
python/samba/samdb.py | 2 +-
python/samba/upgradehelpers.py | 4 +-
selftest/skip | 1 +
selftest/target/Samba3.pm | 32 +
source3/include/MacExtensions.h | 3 +
source3/include/proto.h | 3 +
source3/include/smb.h | 6 -
source3/lib/util_path.c | 139 +
source3/lib/util_path.h | 1 +
source3/libads/sasl.c | 25 +-
source3/libads/util.c | 9 +-
source3/libnet/libnet_join.c | 16 +-
source3/librpc/rpc/dcerpc.h | 3 +-
source3/librpc/rpc/dcerpc_helpers.c | 9 +-
source3/libsmb/trusts_util.c | 143 +-
source3/modules/vfs_catia.c | 1355 +++++++-
source3/modules/vfs_dirsort.c | 67 +-
source3/modules/vfs_fruit.c | 3525 ++++++++++++++------
source3/modules/vfs_shadow_copy2.c | 909 +++--
source3/modules/vfs_streams_xattr.c | 64 +-
source3/passdb/passdb.c | 17 +
source3/rpc_client/cli_pipe.c | 3 +-
source3/rpc_server/mdssvc/sparql_mapping.c | 5 +
source3/rpc_server/rpc_service_setup.c | 21 +-
source3/rpc_server/wscript_build | 11 +-
.../script/tests/test_smbclient_encryption_off.sh | 65 +
source3/selftest/tests.py | 25 +-
source3/smbd/filename.c | 150 +
source3/smbd/negprot.c | 23 +-
source3/smbd/open.c | 110 +-
source3/smbd/posix_acls.c | 4 +-
source3/smbd/service.c | 115 +-
source3/smbd/smb2_negprot.c | 2 +-
source3/smbd/smb2_server.c | 14 +-
source3/smbd/smb2_tcon.c | 3 +-
source3/torture/torture.c | 145 +
source3/utils/net_rpc_trust.c | 6 +-
source3/winbindd/idmap_ad.c | 36 +-
source3/winbindd/winbindd_ads.c | 10 +
source3/winbindd/winbindd_cm.c | 115 +-
source3/winbindd/winbindd_util.c | 22 +
source3/wscript_build | 2 +-
source4/dsdb/samdb/ldb_modules/password_hash.c | 84 +
source4/dsdb/samdb/ldb_modules/repl_meta_data.c | 10 +-
source4/dsdb/samdb/ldb_modules/samba_dsdb.c | 78 +-
source4/dsdb/samdb/ldb_modules/samldb.c | 25 +-
source4/dsdb/samdb/samdb.h | 2 +
source4/ldap_server/ldap_bind.c | 37 +-
source4/libcli/raw/smb.h | 7 -
source4/libnet/libnet_vampire.c | 2 +-
source4/scripting/bin/renamedc | 2 +-
.../add-dangling-backlink-user.ldif | 3 +
.../release-4-5-0-pre1/add-dangling-backlink.ldif | 4 +
.../add-dangling-forwardlink-user.ldif | 3 +
.../add-initially-normal-link.ldif | 4 +
.../release-4-5-0-pre1/dangling-one-way-link.ldif | 15 +
.../release-4-5-0-pre1/delete-only-backlink.ldif | 4 +
.../expected-dbcheck-link-output.txt | 10 +-
source4/selftest/tests.py | 5 +
source4/setup/tests/blackbox_supported_features.sh | 86 +
source4/torture/vfs/fruit.c | 409 ++-
source4/torture/vfs/vfs.c | 37 +-
testprogs/blackbox/dbcheck-links.sh | 47 +
testprogs/blackbox/renamedc.sh | 6 +-
third_party/waf/wafadmin/Tools/config_c.py | 4 +-
92 files changed, 7242 insertions(+), 1866 deletions(-)
create mode 100755 source3/script/tests/test_smbclient_encryption_off.sh
create mode 100644
source4/selftest/provisions/release-4-5-0-pre1/add-dangling-backlink-user.ldif
create mode 100644
source4/selftest/provisions/release-4-5-0-pre1/add-dangling-backlink.ldif
create mode 100644
source4/selftest/provisions/release-4-5-0-pre1/add-dangling-forwardlink-user.ldif
create mode 100644
source4/selftest/provisions/release-4-5-0-pre1/add-initially-normal-link.ldif
create mode 100644
source4/selftest/provisions/release-4-5-0-pre1/dangling-one-way-link.ldif
create mode 100644
source4/selftest/provisions/release-4-5-0-pre1/delete-only-backlink.ldif
create mode 100755 source4/setup/tests/blackbox_supported_features.sh
Changeset truncated at 500 lines:
diff --git a/VERSION b/VERSION
index fd6a745..21b22e9 100644
--- a/VERSION
+++ b/VERSION
@@ -25,7 +25,7 @@
########################################################
SAMBA_VERSION_MAJOR=4
SAMBA_VERSION_MINOR=5
-SAMBA_VERSION_RELEASE=5
+SAMBA_VERSION_RELEASE=6
########################################################
# If a official release has a serious bug #
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index 4c96fef..cc26d56 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,4 +1,111 @@
=============================
+ Release Notes for Samba 4.5.6
+ March 9, 2017
+ =============================
+
+
+This is the latest stable release of the Samba 4.5 release series.
+
+
+Changes since 4.5.5:
+--------------------
+
+o Jeremy Allison <j...@samba.org>
+ * BUG 12499: s3: vfs: dirsort doesn't handle opendir of "." correctly.
+ * BUG 12531: vfs_shadow_copy2 doesn't cope with server changing directories.
+ * BUG 12546: vfs_streams_xattr doesn't cope with server changing
directories.
+ * BUG 12572: s3: smbd: Don't loop infinitely on bad-symlink resolution.
+ * BUG 12608: s3: smbd: Restart reading the incoming SMB2 fd when the send
+ queue is drained.
+
+o Andrew Bartlett <abart...@samba.org>
+ * BUG 12573: Samba < 4.7 does not know about compatibleFeatures and
+ requiredFeatures.
+
+o Ralph Boehme <s...@samba.org>
+ * BUG 12184: s3/rpc_server: Shared rpc modules loading.
+ * BUG 12427: vfs_fruit doesn't work with fruit:metadata=stream.
+ * BUG 12520: Ensure global "smb encrypt = off" is effective.
+ * BUG 12524: s3/rpc_server: move rpc_modules.c to its own subsystem.
+ * BUG 12536: s3/smbd: check for invalid access_mask
+ smbd_calculate_access_mask().
+ * BUG 12541: vfs_fruit: checks wrong AAPL config state and so always uses
+ readdirattr.
+ * BUG 12545: s3/rpc_server/mdssvc: add attribute "kMDItemContentType".
+ * BUG 12591: vfs_streams_xattr: use fsp, not base_fsp.
+ * BUG 12604: vfs_fruit: Enabling AAPL extensions must be a global switch.
+
+o Amitay Isaacs <ami...@gmail.com>
+ * BUG 12469: ctdb-tests: Use replace headers instead of system headers.
+ * BUG 12547: ctdb-build: Install CTDB tests correctly from toplevel.
+ * BUG 12580: ctdb-common: Fix use-after-free error in comm_fd_handler().
+
+o Volker Lendecke <v...@samba.org>
+ * BUG 12551: smbd: Fix "map acl inherit" = yes.
+
+o Stefan Metzmacher <me...@samba.org>
+ * BUG 9048: s4:ldap_server: Match Windows in the error messages of failing
+ LDAP Bind requests.
+ * BUG 11830: s3:winbindd: Try a NETLOGON connection with noauth over
NCACN_NP
+ against trusted domains.
+ * BUG 12262: 'net ads testjoin' and smb access fails after winbindd changed
the
+ trust password.
+ * BUG 12399: s4:repl_meta_data: Normalize rdn attribute name via the schema.
+ * BUG 12540: s3:smbd: Allow "server min protocol = SMB3_00" to go via "SMB
+ 2.???" negprot.
+ * BUG 12581: smbclient fails on bad endianess when listing shares from
+ Solaris kernel SMB server on SPARC.
+ * BUG 12585: librpc/rpc: fix regression in
+ NT_STATUS_RPC_ENUM_VALUE_OUT_OF_RANGE error mapping.
+ * BUG 12586: libcli/auth: Use the correct creds value against servers
without
+ LogonSamLogonEx.
+ * BUG 12587: winbindd child segfaults on connect to an NT4 domain.
+ * BUG 12588: cm_prepare_connection may return NT_STATUS_OK without a valid
+ connection.
+ * BUG 12598: winbindd (as member) requires Kerberos against trusted ad
+ domain, while it shouldn't.
+ * BUG 12605: s3:winbindd: Fix endless forest trust scan.
+
+o Garming Sam <garm...@catalyst.net.nz>
+ * BUG 12577: dbcheck-links: Test that dbcheck against one-way links does not
+ error.
+ * BUG 12600: dbchecker: Stop ignoring linked cases where both objects are
+ alive.
+
+o Andreas Schneider <a...@samba.org>
+ * BUG 12571: s3-vfs: Only walk the directory once in open_and_sort_dir().
+
+o Martin Schwenke <mar...@meltin.net>
+ * BUG 12589: ctdb-scripts: Initialise CTDB_NFS_CALLOUT in statd-callout.
+
+o Uri Simchoni <u...@samba.org>
+ * BUG 12529: waf: backport finding of pkg-config.
+
+
+#######################################
+Reporting bugs & Development Discussion
+#######################################
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical IRC channel on irc.freenode.net.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored. All bug reports should
+be filed under the Samba 4.1 and newer product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+======================================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+======================================================================
+
+
+Release notes for older releases follow:
+----------------------------------------
+
+ =============================
Release Notes for Samba 4.5.5
January 30, 2017
=============================
@@ -22,7 +129,7 @@ o Björn Jacke <b...@sernet.de>
o Martin Schwenke <mar...@meltin.net>
* BUG 12512: ctdb-scripts: Fix remaining uses of "ctdb gratiousarp".
- * BUG 12516: /etc/iproute2/rt_tables gets populated with multiple
+ * BUG 12516: ctdb-scripts: /etc/iproute2/rt_tables gets populated with
multiple
'default' entries.
@@ -46,8 +153,8 @@ database (https://bugzilla.samba.org/).
======================================================================
-Release notes for older releases follow:
-----------------------------------------
+----------------------------------------------------------------------
+
=============================
Release Notes for Samba 4.5.4
diff --git a/auth/credentials/credentials_secrets.c
b/auth/credentials/credentials_secrets.c
index d5a37cf..ed148fd 100644
--- a/auth/credentials/credentials_secrets.c
+++ b/auth/credentials/credentials_secrets.c
@@ -39,7 +39,7 @@
#include "dbwrap/dbwrap.h"
#include "dbwrap/dbwrap_open.h"
#include "lib/util/util_tdb.h"
-
+#include "libds/common/roles.h"
/**
* Fill in credentials for the machine trust account, from the secrets
database.
@@ -276,6 +276,8 @@ _PUBLIC_ NTSTATUS
cli_credentials_set_machine_account_db_ctx(struct cli_credenti
char *secrets_tdb_password = NULL;
char *secrets_tdb_old_password = NULL;
uint32_t secrets_tdb_secure_channel_type = SEC_CHAN_NULL;
+ int server_role = lpcfg_server_role(lp_ctx);
+ int security = lpcfg_security(lp_ctx);
char *keystr;
char *keystr_upper = NULL;
TALLOC_CTX *tmp_ctx = talloc_named(cred, 0,
"cli_credentials_set_secrets from ldb");
@@ -354,13 +356,26 @@ _PUBLIC_ NTSTATUS
cli_credentials_set_machine_account_db_ctx(struct cli_credenti
}
if (secrets_tdb_password_more_recent) {
+ enum credentials_use_kerberos use_kerberos =
CRED_DONT_USE_KERBEROS;
char *machine_account = talloc_asprintf(tmp_ctx, "%s$",
lpcfg_netbios_name(lp_ctx));
cli_credentials_set_password(cred, secrets_tdb_password,
CRED_SPECIFIED);
cli_credentials_set_old_password(cred,
secrets_tdb_old_password, CRED_SPECIFIED);
cli_credentials_set_domain(cred, domain, CRED_SPECIFIED);
if (strequal(domain, lpcfg_workgroup(lp_ctx))) {
cli_credentials_set_realm(cred, lpcfg_realm(lp_ctx),
CRED_SPECIFIED);
+
+ switch (server_role) {
+ case ROLE_DOMAIN_MEMBER:
+ if (security != SEC_ADS) {
+ break;
+ }
+ /* fall through */
+ case ROLE_ACTIVE_DIRECTORY_DC:
+ use_kerberos = CRED_AUTO_USE_KERBEROS;
+ break;
+ }
}
+ cli_credentials_set_kerberos_state(cred, use_kerberos);
cli_credentials_set_username(cred, machine_account,
CRED_SPECIFIED);
cli_credentials_set_password_last_changed_time(cred,
secrets_tdb_lct);
cli_credentials_set_secure_channel_type(cred,
secrets_tdb_secure_channel_type);
diff --git a/ctdb/common/comm.c b/ctdb/common/comm.c
index 7f370da..12f4970 100644
--- a/ctdb/common/comm.c
+++ b/ctdb/common/comm.c
@@ -251,14 +251,22 @@ static void comm_read_failed(struct tevent_req *req)
* Write packets
*/
+struct comm_write_entry {
+ struct comm_context *comm;
+ struct tevent_queue_entry *qentry;
+ struct tevent_req *req;
+};
+
struct comm_write_state {
struct tevent_context *ev;
struct comm_context *comm;
+ struct comm_write_entry *entry;
struct tevent_req *subreq;
uint8_t *buf;
size_t buflen, nwritten;
};
+static int comm_write_entry_destructor(struct comm_write_entry *entry);
static void comm_write_trigger(struct tevent_req *req, void *private_data);
static void comm_write_done(struct tevent_req *subreq);
@@ -269,6 +277,7 @@ struct tevent_req *comm_write_send(TALLOC_CTX *mem_ctx,
{
struct tevent_req *req;
struct comm_write_state *state;
+ struct comm_write_entry *entry;
req = tevent_req_create(mem_ctx, &state, struct comm_write_state);
if (req == NULL) {
@@ -280,15 +289,38 @@ struct tevent_req *comm_write_send(TALLOC_CTX *mem_ctx,
state->buf = buf;
state->buflen = buflen;
- if (!tevent_queue_add_entry(comm->queue, ev, req,
- comm_write_trigger, NULL)) {
- talloc_free(req);
- return NULL;
+ entry = talloc_zero(state, struct comm_write_entry);
+ if (tevent_req_nomem(entry, req)) {
+ return tevent_req_post(req, ev);
}
+ entry->comm = comm;
+ entry->req = req;
+ entry->qentry = tevent_queue_add_entry(comm->queue, ev, req,
+ comm_write_trigger, NULL);
+ if (tevent_req_nomem(entry->qentry, req)) {
+ return tevent_req_post(req, ev);
+ }
+
+ state->entry = entry;
+ talloc_set_destructor(entry, comm_write_entry_destructor);
+
return req;
}
+static int comm_write_entry_destructor(struct comm_write_entry *entry)
+{
+ struct comm_context *comm = entry->comm;
+
+ if (comm->write_req == entry->req) {
+ comm->write_req = NULL;
+ TEVENT_FD_NOT_WRITEABLE(comm->fde);
+ }
+
+ TALLOC_FREE(entry->qentry);
+ return 0;
+}
+
static void comm_write_trigger(struct tevent_req *req, void *private_data)
{
struct comm_write_state *state = tevent_req_data(
@@ -333,6 +365,8 @@ static void comm_write_done(struct tevent_req *subreq)
}
state->nwritten = nwritten;
+ state->entry->qentry = NULL;
+ TALLOC_FREE(state->entry);
tevent_req_done(req);
}
@@ -382,8 +416,8 @@ static void comm_fd_handler(struct tevent_context *ev,
struct comm_write_state *write_state;
if (comm->write_req == NULL) {
- /* This should never happen */
- abort();
+ TEVENT_FD_NOT_WRITEABLE(comm->fde);
+ return;
}
write_state = tevent_req_data(comm->write_req,
diff --git a/ctdb/config/statd-callout b/ctdb/config/statd-callout
index 3f2dd39..38f847b 100755
--- a/ctdb/config/statd-callout
+++ b/ctdb/config/statd-callout
@@ -128,6 +128,7 @@ case "$1" in
# where the lock manager will respond "strangely" immediately
# after restarting it, which causes clients to fail to reclaim
# their locks.
+ nfs_callout_init
"$CTDB_NFS_CALLOUT" "stop" "nlockmgr" >/dev/null 2>&1
sleep 2
"$CTDB_NFS_CALLOUT" "start" "nlockmgr" >/dev/null 2>&1
diff --git a/ctdb/tests/cunit/comm_test_001.sh
b/ctdb/tests/cunit/comm_test_001.sh
index 5d20db2..ac09f5c 100755
--- a/ctdb/tests/cunit/comm_test_001.sh
+++ b/ctdb/tests/cunit/comm_test_001.sh
@@ -2,6 +2,12 @@
. "${TEST_SCRIPTS_DIR}/unit.sh"
-ok "100 2048 500 4096 1024 8192 200 16384 300 32768 400 65536 1048576 "
-unit_test comm_test
+ok_null
+unit_test comm_test 1
+
+ok_null
+unit_test comm_test 2
+
+ok "100 2048 500 4096 1024 8192 200 16384 300 32768 400 65536 1048576 "
+unit_test comm_test 3
diff --git a/ctdb/tests/src/comm_test.c b/ctdb/tests/src/comm_test.c
index 2189435..5e1d694 100644
--- a/ctdb/tests/src/comm_test.c
+++ b/ctdb/tests/src/comm_test.c
@@ -26,7 +26,218 @@
#include "common/pkt_write.c"
#include "common/comm.c"
-static void dead_handler(void *private_data)
+/*
+ * Test read_handler and dead_handler
+ */
+
+static void test1_read_handler(uint8_t *buf, size_t buflen,
+ void *private_data)
+{
+ int *result = (int *)private_data;
+
+ *result = -1;
+}
+
+static void test1_dead_handler(void *private_data)
+{
+ int *result = (int *)private_data;
+
+ *result = 1;
+}
+
+static void test1(void)
+{
+ TALLOC_CTX *mem_ctx;
+ struct tevent_context *ev;
+ struct comm_context *comm;
+ int fd[2];
+ int result = 0;
+ uint32_t data[2];
+ int ret;
+ ssize_t n;
+
+ mem_ctx = talloc_new(NULL);
+ assert(mem_ctx != NULL);
+
+ ev = tevent_context_init(mem_ctx);
+ assert(ev != NULL);
+
+ ret = pipe(fd);
+ assert(ret == 0);
+
+ ret = comm_setup(ev, ev, fd[0], test1_read_handler, &result,
+ test1_dead_handler, &result, &comm);
+ assert(ret == 0);
+
+ data[0] = 2 * sizeof(uint32_t);
+ data[1] = 0;
+
+ n = write(fd[1], (void *)&data, data[0]);
+ assert(n == data[0]);
+
+ while (result == 0) {
+ tevent_loop_once(ev);
+ }
+
+ assert(result == -1);
+
+ result = 0;
+ close(fd[1]);
+
+ while (result == 0) {
+ tevent_loop_once(ev);
+ }
+
+ assert(result == 1);
+
+ talloc_free(mem_ctx);
+}
+
+/*
+ * Test that the tevent_req returned by comm_write_send() can be free'd.
+ */
+
+struct test2_state {
+ TALLOC_CTX *mem_ctx;
+ bool done;
+};
+
+static void test2_read_handler(uint8_t *buf, size_t buflen,
+ void *private_data)
+{
+ struct test2_state *state = (struct test2_state *)private_data;
+
+ TALLOC_FREE(state->mem_ctx);
+}
+
+static void test2_dead_handler(void *private_data)
+{
+ abort();
+}
+
+struct test2_write_state {
+ int count;
+};
+
+static void test2_write_done(struct tevent_req *subreq);
+
+static struct tevent_req *test2_write_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct comm_context *comm,
+ uint8_t *buf, size_t buflen)
+{
+ struct tevent_req *req, *subreq;
+ struct test2_write_state *state;
+ int i;
+
+ req = tevent_req_create(mem_ctx, &state, struct test2_write_state);
+ if (req == NULL) {
+ return NULL;
+ }
+
+ state->count = 0;
+
+ for (i=0; i<10; i++) {
+ subreq = comm_write_send(state, ev, comm, buf, buflen);
+ if (tevent_req_nomem(subreq, req)) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(subreq, test2_write_done, req);
+ }
+
+ return req;
+}
+
+static void test2_write_done(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ struct test2_write_state *state = tevent_req_data(
+ req, struct test2_write_state);
+ bool status;
+ int ret;
+
+ status = comm_write_recv(subreq, &ret);
+ TALLOC_FREE(subreq);
+ if (! status) {
+ tevent_req_error(req, ret);
+ return;
+ }
+
+ state->count += 1;
+
+ if (state->count == 10) {
+ tevent_req_done(req);
+ }
+}
+
+static void test2_timer_handler(struct tevent_context *ev,
+ struct tevent_timer *te,
+ struct timeval cur_time,
+ void *private_data)
+{
+ struct test2_state *state = (struct test2_state *)private_data;
+
+ state->done = true;
+}
+
+static void test2(void)
+{
+ TALLOC_CTX *mem_ctx;
+ struct tevent_context *ev;
+ struct comm_context *comm_reader, *comm_writer;
+ struct test2_state test2_state;
+ struct tevent_req *req;
+ struct tevent_timer *te;
+ int fd[2];
--
Samba Shared Repository
