The branch, v4-9-stable has been updated
via 1acf30ac5c1 VERSION: Disable GIT_SNAPSHOT for the 4.9.13 release.
via 514743b29cd WHATSNEW: Add release notes for Samba 4.9.13.
via 8e2c37bdde1 CVE-2019-10197: smbd: split
change_to_user_impersonate() out of change_to_user_internal()
via c98528753fc CVE-2019-10197: test_smbclient_s3.sh: add regression
test for the no permission on share root problem
via 1305693dba3 CVE-2019-10197: selftest: make fsrvp_share its own
independent subdirectory
via 104557f2ad5 CVE-2019-10197: smbd: make sure we reset
current_user.{need,done}_chdir in become_root()
via 5604883d06d CVE-2019-10197: smbd: make sure that
change_to_user_internal() always resets current_user.done_chdir
via 4772adbe1ce CVE-2019-10197: smbd: separate out impersonation debug
info into a new function.
via 674ef36921f VERSION: Bump version up to 4.9.13...
via 53d19bf5359 VERSION: Diable GIT_SNAPSHOT for the 4.9.12 release.
via 1205c5cb588 WHATSNEW: Add release notes for Samba 4.9.12.
via dcff563d0ff vfs_glusterfs: Enable profiling for file system
operations
via 0cb08a2309c vfs_gpfs: Implement special case for denying owner
access to ACL
via fe990205ac8 vfs_gpfs: Move mapping from generic NFSv ACL to GPFS
ACL to separate function
via bba26e385b3 docs: Remove gpfs:merge_writeappend from vfs_gpfs
manpage
via b3560baaf99 vfs_gpfs: Remove merge_writeappend parameter
via 548cc5183e4 nfs4_acls: Use correct owner information for ACL after
owner change
via c5d4691183f nfs4_acls: Add test for merging duplicates when mapping
from NFS4 ACL to DACL
via 1f10af9fb98 nfs4_acls: Remove duplicate entries when mapping from
NFS4 ACL to DACL
via b4b61724550 nfs4_acls: Rename smbacl4_fill_ace4 function
via 657f79f8594 nfs4_acls: Add additional owner entry when mapping to
NFS4 ACL with IDMAP_TYPE_BOTH
via d297f347dd1 nfs4_acls: Remove redundant pointer variable
via 596a4e4d0a1 nfs4_acls: Remove redundant logging from
smbacl4_fill_ace4
via 7555f121757 nfs4_acls: Move adding of NFS4 ACE to ACL to
smbacl4_fill_ace4
via 02a5fbd007a nfs4_acls: Move smbacl4_MergeIgnoreReject function
via 8c8f09c32f8 nfs4_acls: Remove i argument from
smbacl4_MergeIgnoreReject
via 966916dafec nfs4_acls: Add missing braces in smbacl4_win2nfs4
via ff1cee15494 nfs4_acls: Add helper function for checking INHERIT
flags.
via 1026680518d nfs4_acls: Use correct type when checking ownerGID
via 2493a9f81b9 nfs4_acls: Use switch/case for checking idmap type
via d50b5fc5fc5 nfs4_acls: Use sids_to_unixids to lookup uid or gid
via 9ba27632b29 test_nfs4_acls: Add test for mapping from DACL to NFS4
ACL with IDMAP_TYPE_BOTH
via 8ad87b9ab42 test_nfs4_acls: Add test for mapping from NFS4 ACL to
DACL with IDMAP_TYPE_BOTH
via c5da1d665a9 test_nfs4_acls: Add test for mapping from NFS4 to DACL
in config mode special
via f64276397e2 test_nfs4_acls: Add test for mapping from DACL to NFS4
ACL with config special
via 92d2e243c30 test_nfs4_acls: Add test for matching DACL entries for
acedup
via 5b130cc4d10 test_nfs4_acls: Add test for acedup settings
via b21c3f38871 test_nfs4_acls: Add test for 'map full control' option
via 79f9a5013a6 test_nfs4_acls: Add test for mapping from NFS4 to DACL
CREATOR entries
via e8f8c4c8257 test_nfs4_acls: Add test for mapping CREATOR entries to
NFS4 ACL entries
via f0581b94b24 test_nfs4_acls: Add test for mapping from DACL to
special NFS4 ACL entries
via f900a6e1252 test_nfs4_acls: Add test for mapping of special NFS4
ACL entries to DACL entries
via c9650274538 test_nfs4_acls: Add test for mapping permissions from
DACL to NFS4 ACL
via f431a1b7de7 test_nfs4_acls: Add test for mapping permissions from
NFS4 ACL to DACL
via 0aadba938c9 test_nfs4_acls: Add test for flags mapping from DACL to
NFS4 ACL
via d142e46acdf test_nfs4_acls: Add test for flags mapping from NFS4
ACL to DACL
via 7f1c567af71 test_nfs4_acls: Add tests for mapping of ACL types
via ee47f743a9b test_nfs4_acls: Add tests for mapping of empty ACLs
via c84bdb31826 selftest: Start implementing unit test for nfs4_acls
via 1db5a29088b nfs4_acls: Remove fsp from smbacl4_win2nfs4
via 0af50d85f6d Revert "nfs4acl: Fix owner mapping with ID_TYPE_BOTH"
via d2b711ae9bf vfs: Use dom_sid_str_buf
via 1784a664892 Add PrimaryGroupId to group array in DC response
via c20f77fe0fb selftest: check for PrimaryGroupId in DC returned group
array
via 1c43f6b1afb selftest: remote_pac: s/s2u4self/s4u2self/g
via 3aa131b5558 vfs:glusterfs_fuse: build only if we have setmntent()
via c7e98332192 vfs:glusterfs_fuse: ensure fileids are constant across
nodes
via bf5ac945151 smbtorture: extend rpc.lsa to lookup machine over
forest-wide LookupNames
via d89fc30dab1 lookup_name: allow own domain lookup when flags == 0
via 4fd7914eed9 torture/rpc/lsa: allow testing different lookup levels
via 2627724e1b2 Revert "s3:messages: protect against usage of wrapper
tevent_context objects for messaging"
via 5a3fa18389b Revert "s3:messages: allow
messaging_{dgm,ctdb}_register_tevent_context() to use wrapper tevent_context"
via a4ad9d6e7cf Revert "s3:messages: allow messaging_dgm_ref() to use
wrapper tevent_context"
via 116c4a79456 Revert "s3:messages: allow
messaging_filtered_read_send() to use wrapper tevent_context"
via 9daacf18383 Revert "s4:messaging: make sure only
imessaging_client_init() can be used with a wrapper tevent_context wrapper"
via de909ff8860 ctdb-config: depend on /etc/ctdb/nodes file
via 97727eefe49 vfs_catia: pass stat info to synthetic_smb_fname()
via db44860c93d samba-tool: add 'import samba.drs_utils' to fsmo.py
via f1eeb8e63af samba-tool: use only one LDAP modify for dns partition
fsmo role transfer
via 8fb77c2d1c8 s4:torture:fsmo.py: remove unused 'net_cmd' variable
via 6b9d7481fe8 samba-tool: fix replication after dns partition fsmo
role transfer
via cf5002e0345 s4:torture:fsmo.py: test role transfers of dns
partitions
via 043675f3a0c dnsp.idl: fix payload for
DSPROPERTY_ZONE_DELETED_FROM_HOSTNAME
via 8ce25bdb054 dnsp.idl: fix the dnsp_dns_addr_array definition
via b59569126d9 dnsp.idl: fix dnsp_ip4_array definition
via d9b747c0ca0 s4:torture: add local.ndr.dnsp tests
via 4fd604b1657 dbcheck: fallback to the default tombstoneLifetime of
180 days
via 9af7a1ccb33 lib/util: remove unused prototypes in debug.h
via bdc11a6b825 lib/util: fix call to dbghdrclass() for DEBUGC()
via f7a5adf0256 s4/libnet: Fix joining a Windows pre-2008R2 DC
via ea481544d2f vfs:glusterfs_fuse: treat ENOATTR as ENOENT
via e126fdaa0c4 vfs:glusterfs: treat ENOATTR as ENOENT
via 00dbe9ff5a5 dsdb: Handle DB corner-case where PSO container doesn't
exist
via 948b60d21ef s3:rpc_server:netlogon: simplify AUTH_TYPE_SCHANNEL
check in netr_creds_server_step_check()
via a47fd552e12 s3:rpc_server:netlogon: don't require
NEG_AUTHENTICATED_RPC in netr_ServerAuthenticate*()
via 3bcaef67d29 s4:rpc_server:netlogon: don't require
NEG_AUTHENTICATED_RPC in netr_ServerAuthenticate*()
via 88a60f59c13 WHATSNEW: Fix typo.
via 63547807f51 VERSION: Bump version up to 4.9.12...
from f9055cbf92c VERSION: Disable GIT_SNAPSHOT for the 4.9.11 release.
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-9-stable
- Log -----------------------------------------------------------------
commit 1acf30ac5c1c1ffc6f92ff9786b1be897c3b5092
Author: Karolin Seeger <[email protected]>
Date: Wed Aug 28 09:45:38 2019 +0200
VERSION: Disable GIT_SNAPSHOT for the 4.9.13 release.
Signed-off-by: Karolin Seeger <[email protected]>
commit 514743b29cd107fb26dfbe69d0ad520b42fce21f
Author: Karolin Seeger <[email protected]>
Date: Wed Aug 28 09:44:22 2019 +0200
WHATSNEW: Add release notes for Samba 4.9.13.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14035
CVE-2019-10197 [SECURITY][EMBARGOED] permissions check deny can allow user
to
escape from the share.
Signed-off-by: Karolin Seeger <[email protected]>
commit 8e2c37bdde18440299f7e5d4a0393e0cc465ac31
Author: Stefan Metzmacher <[email protected]>
Date: Thu Jul 11 17:02:15 2019 +0200
CVE-2019-10197: smbd: split change_to_user_impersonate() out of
change_to_user_internal()
This makes sure we always call chdir_current_service() even
when we still impersonated the user. Which is important
in order to run the SMB* request within the correct working directory
and only if the user has permissions to enter that directory.
It makes sure we always update conn->lastused_count
in chdir_current_service() for each request.
Note that vfs_ChDir() (called from chdir_current_service())
maintains its own cache and avoids calling SMB_VFS_CHDIR()
if possible.
It means we still avoid syscalls if we get a multiple requests
for the same session/tcon tuple.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14035
Signed-off-by: Stefan Metzmacher <[email protected]>
Reviewed-by: Ralph Boehme <[email protected]>
commit c98528753fc4754c0a34a449f9cc682c8c83e318
Author: Stefan Metzmacher <[email protected]>
Date: Tue Jul 16 15:40:38 2019 +0200
CVE-2019-10197: test_smbclient_s3.sh: add regression test for the no
permission on share root problem
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14035
Signed-off-by: Stefan Metzmacher <[email protected]>
commit 1305693dba384c328651af569d46b535bb26ee0f
Author: Stefan Metzmacher <[email protected]>
Date: Tue Jul 30 17:16:59 2019 +0200
CVE-2019-10197: selftest: make fsrvp_share its own independent subdirectory
The next patch will otherwise break the fsrvp related tests.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14035
Signed-off-by: Stefan Metzmacher <[email protected]>
commit 104557f2ad5c67fab257927d9aa0931a74113ce2
Author: Stefan Metzmacher <[email protected]>
Date: Tue Jun 18 14:04:08 2019 +0200
CVE-2019-10197: smbd: make sure we reset current_user.{need,done}_chdir in
become_root()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14035
Signed-off-by: Stefan Metzmacher <[email protected]>
commit 5604883d06d99a2ed3c1122408e266793de40942
Author: Stefan Metzmacher <[email protected]>
Date: Thu Jul 11 17:01:29 2019 +0200
CVE-2019-10197: smbd: make sure that change_to_user_internal() always
resets current_user.done_chdir
We should not leave current_user.done_chdir as true if we didn't call
chdir_current_service() with success.
This caused problems in when calling vfs_ChDir() in pop_conn_ctx() when
chdir_current_service() worked once on one share but later failed on another
share.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14035
Signed-off-by: Stefan Metzmacher <[email protected]>
Reviewed-by: Ralph Boehme <[email protected]>
commit 4772adbe1ce1693c64e9b3673c8d9359bfa910b4
Author: Jeremy Allison <[email protected]>
Date: Fri Jul 12 12:10:35 2019 -0700
CVE-2019-10197: smbd: separate out impersonation debug info into a new
function.
Will be called on elsewhere on successful impersonation.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14035
Signed-off-by: Jeremy Allison <[email protected]>
Reviewed-by: Ralph Boehme <[email protected]>
Reviewed-by: Stefan Metzmacher <[email protected]>
commit 674ef36921fe8355854593b4b7cded78a6b76d2c
Author: Karolin Seeger <[email protected]>
Date: Tue Aug 27 10:13:25 2019 +0200
VERSION: Bump version up to 4.9.13...
and re-enable GIT_SNAPSHOT.
Signed-off-by: Karolin Seeger <[email protected]>
-----------------------------------------------------------------------
Summary of changes:
VERSION | 2 +-
WHATSNEW.txt | 142 +-
auth/auth_sam_reply.c | 8 +-
ctdb/config/ctdb.service | 1 +
docs-xml/manpages/vfs_glusterfs_fuse.8.xml | 8 +
docs-xml/manpages/vfs_gpfs.8.xml | 20 -
lib/util/debug.h | 4 +-
librpc/idl/dnsp.idl | 9 +-
python/samba/dbchecker.py | 5 +-
python/samba/netcmd/fsmo.py | 27 +-
selftest/target/Samba3.pm | 19 +-
source3/lib/messages.c | 37 +-
source3/lib/messages_ctdb.c | 30 +-
source3/lib/messages_ctdb_ref.c | 12 -
source3/lib/messages_dgm.c | 36 +-
source3/lib/messages_dgm_ref.c | 12 -
source3/modules/nfs4_acls.c | 365 ++--
source3/modules/nfs4_acls.h | 2 +
source3/modules/test_nfs4_acls.c | 1898 ++++++++++++++++++++
source3/modules/vfs_afsacl.c | 6 +-
source3/modules/vfs_catia.c | 42 +-
source3/modules/vfs_default.c | 6 +-
source3/modules/vfs_glusterfs.c | 346 +++-
source3/modules/vfs_glusterfs_fuse.c | 195 +-
source3/modules/vfs_gpfs.c | 121 +-
source3/modules/wscript_build | 5 +
source3/passdb/lookup_sid.c | 2 +-
source3/rpc_server/netlogon/srv_netlog_nt.c | 52 +-
source3/script/tests/test_smbclient_s3.sh | 30 +
source3/selftest/tests.py | 4 +
source3/smbd/uid.c | 62 +-
source3/wscript | 4 +-
source4/dns_server/dnsserver_common.c | 2 +-
source4/dsdb/samdb/ldb_modules/operational.c | 12 +
source4/lib/messaging/messaging.c | 28 +-
source4/libnet/libnet_vampire.c | 9 +
source4/rpc_server/netlogon/dcerpc_netlogon.c | 15 -
.../tests/rpc_dns_server_dnsutils_test.c | 44 +-
source4/torture/drs/python/fsmo.py | 12 +-
source4/torture/ndr/dnsp.c | 367 ++++
source4/torture/ndr/ndr.c | 1 +
source4/torture/ndr/ndr.h | 9 +
source4/torture/rpc/lsa.c | 128 +-
source4/torture/rpc/remote_pac.c | 114 +-
source4/torture/rpc/schannel.c | 2 +-
source4/torture/wscript_build | 1 +
46 files changed, 3593 insertions(+), 663 deletions(-)
create mode 100644 source3/modules/test_nfs4_acls.c
create mode 100644 source4/torture/ndr/dnsp.c
Changeset truncated at 500 lines:
diff --git a/VERSION b/VERSION
index 75b6a9a9768..d2721c27c8e 100644
--- a/VERSION
+++ b/VERSION
@@ -25,7 +25,7 @@
########################################################
SAMBA_VERSION_MAJOR=4
SAMBA_VERSION_MINOR=9
-SAMBA_VERSION_RELEASE=11
+SAMBA_VERSION_RELEASE=13
########################################################
# If a official release has a serious bug #
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index 4c28ae2b424..fe8086b436a 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,3 +1,139 @@
+ ==============================
+ Release Notes for Samba 4.9.13
+ September 03, 2019
+ ==============================
+
+
+This is a security release in order to address the following defect:
+
+o CVE-2019-10197: Combination of parameters and permissions can allow user
+ to escape from the share path definition.
+
+=======
+Details
+=======
+
+o CVE-2019-10197:
+ Under certain parameter configurations, when an SMB client accesses a
network
+ share and the user does not have permission to access the share root
+ directory, it is possible for the user to escape from the share to see the
+ complete '/' filesystem. Unix permission checks in the kernel are still
+ enforced.
+
+
+Changes since 4.9.12:
+---------------------
+
+o Jeremy Allison <[email protected]>
+ * BUG 14035: CVE-2019-10197: Permissions check deny can allow user to escape
+ from the share.
+
+o Stefan Metzmacher <[email protected]>
+ * BUG 14035: CVE-2019-10197: Permissions check deny can allow user to escape
+ from the share.
+
+
+#######################################
+Reporting bugs & Development Discussion
+#######################################
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical IRC channel on irc.freenode.net.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored. All bug reports should
+be filed under the "Samba 4.1 and newer" product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+======================================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+======================================================================
+
+
+Release notes for older releases follow:
+----------------------------------------
+
+ ==============================
+ Release Notes for Samba 4.9.12
+ August 27, 2019
+ ==============================
+
+
+This is the latest stable release of the Samba 4.9 release series.
+
+
+Changes since 4.9.11:
+---------------------
+
+o Michael Adam <[email protected]>
+ * BUG 13972: vfs:glusterfs_fuse: Different Device Id for GlusterFS FUSE
mount
+ is causing data loss in CTDB cluster.
+ * BUG 14010: vfs:glusterfs_fuse: Unable to create or rename file/directory
+ inside shares configured with vfs_glusterfs_fuse module.
+
+o Björn Baumbach <[email protected]>
+ * BUG 13973: samba-tool: Add 'import samba.drs_utils' to fsmo.py.
+
+o Tim Beale <[email protected]>
+ * BUG 14008: dsdb: Handle DB corner-case where PSO container doesn't exist.
+ * BUG 14021: s4/libnet: Fix joining a Windows pre-2008R2 DC.
+
+o Ralph Boehme <[email protected]>
+ * BUG 14015: vfs_catia: Pass stat info to synthetic_smb_fname().
+ * BUG 14033: Samba 4.9 doesn't build with libtevent 0.9.39.
+
+o Alexander Bokovoy <[email protected]>
+ * BUG 14091: lookup_name: Allow own domain lookup when flags == 0.
+
+o Isaac Boukris <[email protected]>
+ * BUG 11362: Add PrimaryGroupId to group array in DC response.
+
+o Anoop C S <[email protected]>
+ * BUG 14035: vfs_glusterfs: Enable profiling for file system operations.
+
+o Stefan Metzmacher <[email protected]>
+ * BUG 13915: DEBUGC and DEBUGADDC doesn't print into a class specific log
+ file.
+ * BUG 13949: Request to keep deprecated option "server schannel", VMWare
+ Quickprep requires "auto".
+ * BUG 13967: dbcheck: Fallback to the default tombstoneLifetime of 180 days.
+ * BUG 13969: dnsProperty fails to decode values from older Windows versions.
+ * BUG 13973: samba-tool: fsmo transfer is not reliable for the dns related
+ partitions role transfer.
+
+o Christof Schmitt <[email protected]>
+ * BUG 14032: vfs_gpfs: Fix NFSv4 ACL for owner with IDMAP_TYPE_BOTH.
+
+o Rafael David Tinoco <[email protected]>
+ * BUG 14017: ctdb-config: Depend on /etc/ctdb/nodes file.
+
+
+#######################################
+Reporting bugs & Development Discussion
+#######################################
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical IRC channel on irc.freenode.net.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored. All bug reports should
+be filed under the "Samba 4.1 and newer" product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+======================================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+======================================================================
+
+
+----------------------------------------------------------------------
+
+
==============================
Release Notes for Samba 4.9.11
July 03, 2019
@@ -11,7 +147,7 @@ db_module.h in order to fix bug #12478. Unfortunately, the
ldb version was not
raised. Samba >= 4.9.10 is no longer able to build with ldb 1.4.6. This version
includes the new ldb version. Please note that there are just the version bumps
in ldb and Samba, no code change. If you don't build Samba with an external ldb
-library, you can ignore this release and keep using 4.9.11.
+library, you can ignore this release and keep using 4.9.10.
Changes since 4.9.10:
@@ -41,8 +177,8 @@ database (https://bugzilla.samba.org/).
======================================================================
-Release notes for older releases follow:
-----------------------------------------
+----------------------------------------------------------------------
+
==============================
Release Notes for Samba 4.9.10
diff --git a/auth/auth_sam_reply.c b/auth/auth_sam_reply.c
index bd695151dc0..b5b6362dc93 100644
--- a/auth/auth_sam_reply.c
+++ b/auth/auth_sam_reply.c
@@ -89,7 +89,7 @@ static NTSTATUS
auth_convert_user_info_dc_sambaseinfo(TALLOC_CTX *mem_ctx,
sam->groups.count = 0;
sam->groups.rids = NULL;
- if (user_info_dc->num_sids > 2) {
+ if (user_info_dc->num_sids > PRIMARY_GROUP_SID_INDEX) {
size_t i;
sam->groups.rids = talloc_array(mem_ctx, struct
samr_RidWithAttribute,
user_info_dc->num_sids);
@@ -97,7 +97,7 @@ static NTSTATUS
auth_convert_user_info_dc_sambaseinfo(TALLOC_CTX *mem_ctx,
if (sam->groups.rids == NULL)
return NT_STATUS_NO_MEMORY;
- for (i=2; i<user_info_dc->num_sids; i++) {
+ for (i=PRIMARY_GROUP_SID_INDEX; i<user_info_dc->num_sids; i++) {
struct dom_sid *group_sid = &user_info_dc->sids[i];
if (!dom_sid_in_domain(sam->domain_sid, group_sid)) {
/* We handle this elsewhere */
@@ -451,6 +451,10 @@ NTSTATUS make_user_info_dc_netlogon_validation(TALLOC_CTX
*mem_ctx,
}
for (i = 0; i < base->groups.count; i++) {
+ /* Skip primary group, already added above */
+ if (base->groups.rids[i].rid == base->primary_gid) {
+ continue;
+ }
user_info_dc->sids[user_info_dc->num_sids] = *base->domain_sid;
if
(!sid_append_rid(&user_info_dc->sids[user_info_dc->num_sids],
base->groups.rids[i].rid)) {
return NT_STATUS_INVALID_PARAMETER;
diff --git a/ctdb/config/ctdb.service b/ctdb/config/ctdb.service
index 675b3147417..fd81c38e26d 100644
--- a/ctdb/config/ctdb.service
+++ b/ctdb/config/ctdb.service
@@ -2,6 +2,7 @@
Description=CTDB
Documentation=man:ctdbd(1) man:ctdb(7)
After=network-online.target time-sync.target
+ConditionFileNotEmpty=/etc/ctdb/nodes
[Service]
Type=forking
diff --git a/docs-xml/manpages/vfs_glusterfs_fuse.8.xml
b/docs-xml/manpages/vfs_glusterfs_fuse.8.xml
index b9f7f42c6f2..f2aa624353e 100644
--- a/docs-xml/manpages/vfs_glusterfs_fuse.8.xml
+++ b/docs-xml/manpages/vfs_glusterfs_fuse.8.xml
@@ -48,6 +48,14 @@
case of an exisiting filename.
</para>
+ <para>
+ Furthermore, this module implements a substitute file-id
+ mechanism. The default file-id mechanism is not working
+ correctly for gluster fuse mount re-exports, so in order to
+ avoid data loss, users exporting gluster fuse mounts with
+ Samba should enable this module.
+ </para>
+
<para>
This module can be combined with other modules, but it
should be the last module in the <command>vfs objects</command>
diff --git a/docs-xml/manpages/vfs_gpfs.8.xml b/docs-xml/manpages/vfs_gpfs.8.xml
index 428f48a6bf0..f854d8900b2 100644
--- a/docs-xml/manpages/vfs_gpfs.8.xml
+++ b/docs-xml/manpages/vfs_gpfs.8.xml
@@ -204,26 +204,6 @@
</varlistentry>
<varlistentry>
- <term>gpfs:merge_writeappend = [ yes | no ]</term>
- <listitem>
- <para>
- GPFS ACLs doesn't know about the 'APPEND' right.
- This option lets Samba map the 'APPEND' right to 'WRITE'.
- </para>
-
- <itemizedlist>
- <listitem><para>
- <command>yes(default)</command> - map 'APPEND' to 'WRITE'.
- </para></listitem>
- <listitem><para>
- <command>no</command> - do not map 'APPEND' to 'WRITE'.
- </para></listitem>
- </itemizedlist>
- </listitem>
-
- </varlistentry>
- <varlistentry>
-
<term>gpfs:acl = [ yes | no ]</term>
<listitem>
<para>
diff --git a/lib/util/debug.h b/lib/util/debug.h
index 2895d157887..188e6b647d3 100644
--- a/lib/util/debug.h
+++ b/lib/util/debug.h
@@ -45,7 +45,6 @@
bool dbgtext_va(const char *, va_list ap) PRINTF_ATTRIBUTE(1,0);
bool dbgtext( const char *, ... ) PRINTF_ATTRIBUTE(1,2);
bool dbghdrclass( int level, int cls, const char *location, const char *func);
-bool dbghdr( int level, const char *location, const char *func);
/*
* Redefine DEBUGLEVEL because so we don't have to change every source file
@@ -201,7 +200,7 @@ extern int *DEBUGLEVEL_CLASS;
#define DEBUGC( dbgc_class, level, body ) \
(void)( ((level) <= MAX_DEBUG_LEVEL) && \
unlikely(DEBUGLEVEL_CLASS[ dbgc_class ] >= (level)) \
- && (dbghdrclass( level, DBGC_CLASS, __location__, __FUNCTION__ )) \
+ && (dbghdrclass( level, dbgc_class, __location__, __FUNCTION__ )) \
&& (dbgtext body) )
#define DEBUGADD( level, body ) \
@@ -318,7 +317,6 @@ void force_check_log_size( void );
bool need_to_check_log_size( void );
void check_log_size( void );
void dbgflush( void );
-bool dbghdrclass(int level, int cls, const char *location, const char *func);
bool debug_get_output_is_stderr(void);
bool debug_get_output_is_stdout(void);
void debug_schedule_reopen_logs(void);
diff --git a/librpc/idl/dnsp.idl b/librpc/idl/dnsp.idl
index d705cfcbfa3..e09a3dcf43d 100644
--- a/librpc/idl/dnsp.idl
+++ b/librpc/idl/dnsp.idl
@@ -169,13 +169,13 @@ interface dnsp
typedef struct {
uint32 addrCount;
- [size_is(addrCount)] uint32 *addr;
+ uint32 addrArray[addrCount];
} dnsp_ip4_array;
typedef struct {
uint16 family;
- uint16 port;
- ipv4address ipv4;
+ [flag(NDR_BIG_ENDIAN)] uint16 port;
+ [flag(NDR_BIG_ENDIAN)] ipv4address ipv4;
ipv6address ipv6;
uint8 pad[8];
uint32 unused[8];
@@ -187,6 +187,7 @@ interface dnsp
uint32 Tag;
uint16 Family;
uint16 Reserved0;
+ uint32 Flags;
uint32 MatchFlag;
uint32 Reserved1;
uint32 Reserved2;
@@ -238,7 +239,7 @@ interface dnsp
[case(DSPROPERTY_ZONE_AGING_STATE)] uint32
aging_enabled;
[case(DSPROPERTY_ZONE_SCAVENGING_SERVERS)] dnsp_ip4_array
servers;
[case(DSPROPERTY_ZONE_AGING_ENABLED_TIME)] uint32
next_scavenging_cycle_hours;
- [case(DSPROPERTY_ZONE_DELETED_FROM_HOSTNAME)] utf8string
deleted_by_hostname;
+ [case(DSPROPERTY_ZONE_DELETED_FROM_HOSTNAME)] nstring
deleted_by_hostname;
[case(DSPROPERTY_ZONE_MASTER_SERVERS)] dnsp_ip4_array
master_servers;
[case(DSPROPERTY_ZONE_AUTO_NS_SERVERS)] dnsp_ip4_array
ns_servers;
[case(DSPROPERTY_ZONE_DCPROMO_CONVERT)]
dns_dcpromo_flag dcpromo_flag;
diff --git a/python/samba/dbchecker.py b/python/samba/dbchecker.py
index bd43667b99f..d9939a92933 100644
--- a/python/samba/dbchecker.py
+++ b/python/samba/dbchecker.py
@@ -199,7 +199,10 @@ class dbcheck(object):
scope=ldb.SCOPE_BASE,
expression="(objectClass=nTDSService)",
attrs=["tombstoneLifetime"])
- self.tombstoneLifetime = int(res[0]["tombstoneLifetime"][0])
+ if "tombstoneLifetime" in res[0]:
+ self.tombstoneLifetime = int(res[0]["tombstoneLifetime"][0])
+ else:
+ self.tombstoneLifetime = 180
self.compatibleFeatures = []
self.requiredFeatures = []
diff --git a/python/samba/netcmd/fsmo.py b/python/samba/netcmd/fsmo.py
index 91de5dad563..c5ed04be1bb 100644
--- a/python/samba/netcmd/fsmo.py
+++ b/python/samba/netcmd/fsmo.py
@@ -23,6 +23,7 @@ import ldb
from ldb import LdbError
from samba.dcerpc import drsuapi, misc
from samba.auth import system_session
+import samba.drs_utils
from samba.netcmd import (
Command,
CommandError,
@@ -64,6 +65,8 @@ def transfer_dns_role(outf, sambaopts, credopts, role, samdb):
forest_dn = samba.dn_from_dns_name(samdb.forest_dns_name())
role_object = "CN=Infrastructure,DC=ForestDnsZones," + forest_dn
+ new_host_dns_name = samdb.host_dns_name()
+
res = samdb.search(role_object,
attrs=["fSMORoleOwner"],
scope=ldb.SCOPE_BASE,
@@ -105,22 +108,12 @@ def transfer_dns_role(outf, sambaopts, credopts, role,
samdb):
m = ldb.Message()
m.dn = ldb.Dn(samdb, role_object)
- m["fSMORoleOwner"] = ldb.MessageElement(master_owner,
- ldb.FLAG_MOD_DELETE,
- "fSMORoleOwner")
-
- try:
- samdb.modify(m)
- except LdbError as e4:
- (num, msg) = e4.args
- raise CommandError("Failed to delete role '%s': %s" %
- (role, msg))
-
- m = ldb.Message()
- m.dn = ldb.Dn(samdb, role_object)
- m["fSMORoleOwner"]= ldb.MessageElement(new_owner,
- ldb.FLAG_MOD_ADD,
- "fSMORoleOwner")
+ m["fSMORoleOwner_Del"] = ldb.MessageElement(master_owner,
+ ldb.FLAG_MOD_DELETE,
+ "fSMORoleOwner")
+ m["fSMORoleOwner_Add"] = ldb.MessageElement(new_owner,
+ ldb.FLAG_MOD_ADD,
+ "fSMORoleOwner")
try:
samdb.modify(m)
except LdbError as e5:
@@ -128,7 +121,7 @@ def transfer_dns_role(outf, sambaopts, credopts, role,
samdb):
raise CommandError("Failed to add role '%s': %s" % (role, msg))
try:
- connection = samba.drs_utils.drsuapi_connect(samdb.host_dns_name(),
+ connection = samba.drs_utils.drsuapi_connect(new_host_dns_name,
lp, creds)
except samba.drs_utils.drsException as e:
raise CommandError("Drsuapi Connect failed", e)
diff --git a/selftest/target/Samba3.pm b/selftest/target/Samba3.pm
index 14252344175..22e5035b079 100755
--- a/selftest/target/Samba3.pm
+++ b/selftest/target/Samba3.pm
@@ -1450,6 +1450,9 @@ sub provision($$$$$$$$$)
my $ro_shrdir="$shrdir/root-tmp";
push(@dirs,$ro_shrdir);
+ my $noperm_shrdir="$shrdir/noperm-tmp";
+ push(@dirs,$noperm_shrdir);
+
my $msdfs_shrdir="$shrdir/msdfsshare";
push(@dirs,$msdfs_shrdir);
@@ -1474,6 +1477,9 @@ sub provision($$$$$$$$$)
my $widelinks_linkdir="$shrdir/widelinks_foo";
push(@dirs,$widelinks_linkdir);
+ my $fsrvp_shrdir="$shrdir/fsrvp";
+ push(@dirs,$fsrvp_shrdir);
+
my $shadow_tstdir="$shrdir/shadow";
push(@dirs,$shadow_tstdir);
my $shadow_mntdir="$shadow_tstdir/mount";
@@ -1517,6 +1523,11 @@ sub provision($$$$$$$$$)
chmod 0755, $piddir;
+ ##
+ ## Create a directory without permissions to enter
+ ##
+ chmod 0000, $noperm_shrdir;
+
##
## create ro and msdfs share layout
##
@@ -1825,6 +1836,10 @@ sub provision($$$$$$$$$)
[ro-tmp]
path = $ro_shrdir
guest ok = yes
+[noperm]
+ path = $noperm_shrdir
+ wide links = yes
+ guest ok = yes
[write-list-tmp]
path = $shrdir
read only = yes
@@ -2009,14 +2024,14 @@ sub provision($$$$$$$$$)
guest ok = yes
[fsrvp_share]
- path = $shrdir
+ path = $fsrvp_shrdir
comment = fake shapshots using rsync
vfs objects = shell_snap shadow_copy2
shell_snap:check path command = $fake_snap_pl --check
shell_snap:create command = $fake_snap_pl --create
shell_snap:delete command = $fake_snap_pl --delete
# a relative path here fails, the snapshot dir is no longer found
- shadow:snapdir = $shrdir/.snapshots
+ shadow:snapdir = $fsrvp_shrdir/.snapshots
[shadow1]
path = $shadow_shrdir
diff --git a/source3/lib/messages.c b/source3/lib/messages.c
index 90fffa2c872..df7af2e50f1 100644
--- a/source3/lib/messages.c
+++ b/source3/lib/messages.c
@@ -206,7 +206,7 @@ static bool messaging_register_event_context(struct
messaging_context *ctx,
continue;
}
- if (tevent_context_same_loop(reg->ev, ev)) {
+ if (reg->ev == ev) {
reg->refcount += 1;
return true;
}
@@ -255,7 +255,7 @@ static bool messaging_deregister_event_context(struct
messaging_context *ctx,
continue;
}
- if (tevent_context_same_loop(reg->ev, ev)) {
+ if (reg->ev == ev) {
reg->refcount -= 1;
if (reg->refcount == 0) {
--
Samba Shared Repository
