The branch, v4-15-stable has been updated via 0c85a0adaa5 VERSION: Disable GIT_SNAPSHOT for the 4.15.3 release. via ccddc464bd0 WHATSNEW: Add release notes for Samba 4.15.3. via 5e846fcf74e smbd: s3-dsgetdcname: handle num_ips == 0 via 18c76813587 libcli:auth: Allow to connect to netlogon server offering only AES via b1f0aa5c22f s3:rpc_client: Pass remote name and socket to cli_rpc_pipe_open_schannel_with_creds() via aca47d48f51 s3:rpc_client: Add remote name and socket to cli_rpc_pipe_open_bind_schannel() via 16d886511f1 s3:rpc_client: Pass remote name and socket to cli_rpc_pipe_open_with_creds() via 2b9882a4c2f s3:libsmb: Remove trailing white spaces from passchange.c via 460cf672e65 s3:rpc_client: Pass remote name and socket to cli_rpc_pipe_open_noauth_transport() via 1b5b96d5a24 s3:libnet: Remove tailing whitespaces in libnet_join.c via 0801cae3df8 s3:rpcclient: Remove trailing white spaces in rpcclient.c via ea845570516 s3:rpc_client: Pass remote name and socket to cli_rpc_pipe_open() via e72d611c78d s3:rpc_client: Remove trailing white spaces from cli_pipe.c via fea324d9cc4 testprogs: Add rpcclient schannel tests via cd9783148b8 dsdb: Use DSDB_SEARCH_SHOW_EXTENDED_DN when searching for the local replicated object via 5db0cb09e94 CVE-2020-25717: s3-auth: fix MIT Realm regression via 6f7e39b0611 smb2_server: skip tcon check and chdir_current_service() for FSCTL_QUERY_NETWORK_INTERFACE_INFO via c22480e2640 s4:torture/smb2: FSCTL_QUERY_NETWORK_INTERFACE_INFO should work on noperm share via f57b3ecccc1 smb2_server: don't let SMB2_OP_IOCTL force FILE_CLOSED for invalid file ids via 2306c9e7d18 s4:torture/smb2: FSCTL_QUERY_NETWORK_INTERFACE_INFO gives INVALID_PARAMETER with invalid file ids via a68e2904eae smb2_ioctl: return BUFFER_TOO_SMALL in smbd_smb2_request_ioctl_done() via 2c4c3867933 s4:torture/smb2: test FSCTL_QUERY_NETWORK_INTERFACE_INFO with BUFFER_TOO_SMALL via 9e182796362 smb2_server: skip tcon check and chdir_current_service() for FSCTL_VALIDATE_NEGOTIATE_INFO via 2209a095dda smb2_server: decouple IOCTL check from signing/encryption states via 4c8c39a7b55 smb2_server: make sure in_ctl_code = IVAL(body, 0x04); reads valid bytes via 685250e6298 s4:torture/smb2: add smb2.ioctl.bug14788.VALIDATE_NEGOTIATE via eba52e21acb libcli/smb: split out smb2cli_raw_tcon* from smb2cli_tcon* via dc59b392111 s3:winbind: Fix possible NULL pointer dereference via 9aa03f402b7 CVE-2021-3670 ldap_server: Clearly log LDAP queries and timeouts via 9f4c89d0d3f CVE-2021-3670 dsdb/anr: Do a copy of the potentially anr query before starting to modify it via 1142f18ff1d CVE-2021-3670 ldap_server: Remove duplicate print of LDAP search details via 4f1dbaf60b8 CVE-2021-3670 ldb: Confirm the request has not yet timed out in ldb filter processing via 6b5cb85c2cc CVE-2021-3670 ldap_server: Ensure value of MaxQueryDuration is greater than zero via 12702424935 CVE-2021-3670 ldap_server: Set timeout on requests based on MaxQueryDuration via 5d39c5b54b9 CVE-2021-3670 tests/krb5/test_ldap.py: Add test for LDAP timeouts via bf9fdf5b455 cmdline: Make -P work in clustered mode via f1c064e792a cmdline: Add a callback to set the machine account details via 575e620ad6c lib: Add required includes to source3/include/secrets.h via 3309ab5fa02 selftest: Add reproducer for bug 14908 via 4d68d797f18 s3:modules:recycle - fix crash in recycle_unlink_internal via 9bcba58e4d4 CVE-2020-25717: s3:auth: Fallback to a SID/UID based mapping if the named based lookup fails via 5d5e5a1f355 CVE-2020-25717: tests/krb5: Add a test for idmap_nss mapping users to SIDs via ae21fe9c01b CVE-2020-25717: selftest: turn ad_member_no_nss_wb into ad_member_idmap_nss via 3f009a620a3 CVE-2020-25717: nsswitch/nsstest.c: Lower 'non existent uid' to make room for new accounts via ebe18e23ba6 CVE-2020-25717: tests/krb5: Add method to automatically obtain server credentials via 38ddd41e9c6 CVE-2020-25727: idmap_nss: verify that the name of the sid belongs to the configured domain via ad6af1bb831 s3: smbd: Ensure in the directory scanning loops inside rmdir_internals() we don't overwrite the 'ret' variable. via 728c9b83564 s3: smbtorture3: Add test for setting delete on close on a directory, then creating a file within to see if delete succeeds. via 89903ed1e32 s3: smbd: dirfsp is being used uninitialized inside rmdir_internals(). via 6aae2575b38 smbd: get rid of get_file_handle_for_metadata() via c357c1b2024 lib/cmdline: setup default file logging for servers via 47c00820819 lib/cmdline: remember config_type in samba_cmdline_init() via 38736e88728 lib/cmdline: fix indentation via 371c723e4d8 lib/debug: in debug_set_logfile() call reopen_logs_internal() via cda7fb2a057 lib/debug: fix fd check before dup'ing to stderr via 9462c39eab8 winbindd: remove is_default_dyn_LOGFILEBASE() logic via 006aa720c54 samba-bgqd: fix startup and logging via c9b5ca53eba source3: move lib/substitute.c functions out of proto.h via 0d3842697b4 IPA DC: add missing checks via f15232d28ec auth:creds: Guess the username first via getpwuid(my_id) via db4e342291f s3:winbindd: fix "allow trusted domains = no" regression via 962b7b0f92d s3-winexe: Fix winexe core dump (use-after-free) via f926586544e vfs_fruit: remove a fsp check from ad_fset() via 3a34628266f lib/dbwrap: reset deleted record to tdb_null via 8bb5f0911a8 CI: add a test for bug 14882 via a16283466ba s3/libsmb: check for global parametric option "libsmb:client_guid" via a549dc219cb s3: docs-xml: Clarify the "delete veto files" paramter. via 5023dbc04bf s3: smbd: Fix logic in can_delete_directory_fsp() to cope with dangling symlinks. via 4793c4d5307 s3: smbd: Fix logic in rmdir_internals() to cope with dangling symlinks. via e00fe095e8c s3: smbd: Fix rmdir_internals() to do an early return if lp_delete_veto_files() is not set. via 0dba0917fd9 s3: VFS: xattr_tdb. Allow unlinkat to cope with dangling symlinks. via 7a4173809a8 s3: VFS: streams_depot. Allow unlinkat to cope with dangling symlinks. via 359517877d6 s3: smbd: Add two tests showing the ability to delete a directory containing a dangling symlink over SMB2 depends on "delete veto files" setting. via 9f76641627f s3: smbd: Fix recursive directory delete of a directory containing veto file and msdfs links. via dab3fa1d8c2 s3: smbd: Add two tests showing recursive directory delete of a directory containing veto file and msdfs links over SMB2. via 71792ae9886 bootstrap: Debian 11 has liburing-dev via 6ea70022f20 bootstrap: Add Debian 11 via 651d79f109b lib:cmdline: Fix -k option which doesn't expect anything via d700a676cad testprogs: Use new cmdline option for kerberos via c99eecaf2fb lib: handle NTTIME_THAW in nt_time_to_full_timespec() via 204f1488e2c torture: add a test for NTTIME_FREEZE and NTTIME_THAW via 6e42b2a1670 lib: add a test for null_nttime(NTTIME_THAW) via bfb893f5efc lib: update null_nttime() of -1: -1 is NTTIME_FREEZE via 0b7c1089d12 lib: use NTTIME_FREEZE in a null_nttime() test via 60adfb19d9d lib: fix null_nttime() tests via 0acbd644fcd lib: add NTTIME_THAW via bdc33fa61f8 VERSION: Bump version up to Samba 4.15.3... from 7d0c030d423 VERSION: Disable GIT_SNAPSHOT for the 4.15.2 release.
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-15-stable - Log ----------------------------------------------------------------- ----------------------------------------------------------------------- Summary of changes: .gitlab-ci-main.yml | 8 +- VERSION | 2 +- WHATSNEW.txt | 122 ++++++- auth/credentials/credentials.c | 13 + auth/gensec/schannel.c | 1 + bootstrap/.gitlab-ci.yml | 3 + bootstrap/config.py | 7 + bootstrap/generated-dists/Vagrantfile | 7 + .../{centos7 => debian11}/Dockerfile | 2 +- .../{debian10 => debian11}/bootstrap.sh | 1 + .../{centos7 => debian11}/locale.sh | 0 .../{debian10 => debian11}/packages.yml | 1 + bootstrap/sha1sum.txt | 2 +- docs-xml/smbdotconf/filename/deletevetofiles.xml | 9 +- examples/winexe/winexe.c | 30 +- lib/cmdline/cmdline.c | 18 +- lib/cmdline/cmdline.h | 4 + lib/cmdline/cmdline_s3.c | 30 +- lib/cmdline/cmdline_s4.c | 16 + lib/cmdline/wscript | 2 +- lib/dbwrap/dbwrap.c | 9 +- lib/ldb/ldb_key_value/ldb_kv.c | 2 + lib/ldb/ldb_key_value/ldb_kv.h | 10 + lib/ldb/ldb_key_value/ldb_kv_index.c | 41 +++ lib/ldb/ldb_key_value/ldb_kv_search.c | 33 +- lib/util/debug.c | 5 +- lib/util/tests/time.c | 5 +- lib/util/time.c | 8 +- lib/util/time.h | 1 + libcli/auth/netlogon_creds_cli.c | 48 ++- libcli/smb/smb2cli_tcon.c | 183 ++++++++-- libcli/smb/smbXcli_base.h | 20 ++ nsswitch/nsstest.c | 2 +- python/samba/tests/krb5/kdc_base_test.py | 42 +++ python/samba/tests/krb5/test_idmap_nss.py | 232 ++++++++++++ python/samba/tests/usage.py | 1 + selftest/target/Samba.pm | 2 +- selftest/target/Samba3.pm | 44 ++- source3/auth/auth_generic.c | 1 + source3/auth/auth_ntlmssp.c | 1 + source3/auth/auth_util.c | 35 +- source3/auth/user_krb5.c | 9 + source3/include/proto.h | 33 -- source3/include/secrets.h | 3 + source3/lib/adouble.c | 7 - source3/lib/substitute.c | 1 + source3/lib/substitute.h | 63 ++++ source3/libnet/libnet_join.c | 43 ++- source3/libsmb/clientgen.c | 9 +- source3/libsmb/dsgetdcname.c | 4 + source3/libsmb/passchange.c | 16 +- source3/modules/vfs_expand_msdfs.c | 1 + source3/modules/vfs_full_audit.c | 1 + source3/modules/vfs_recycle.c | 18 +- source3/modules/vfs_streams_depot.c | 10 + source3/modules/vfs_unityed_media.c | 1 + source3/modules/vfs_virusfilter_utils.c | 1 + source3/modules/vfs_xattr_tdb.c | 10 + source3/nmbd/nmbd.c | 1 + source3/nmbd/nmbd_synclists.c | 1 + source3/param/loadparm.c | 1 + source3/passdb/passdb.c | 1 + source3/passdb/pdb_ldap.c | 1 + source3/printing/print_generic.c | 1 + source3/printing/printing.c | 1 + source3/printing/samba-bgqd.c | 35 +- source3/rpc_client/cli_netlogon.c | 51 ++- source3/rpc_client/cli_pipe.c | 54 ++- source3/rpc_client/cli_pipe.h | 9 + source3/rpc_client/cli_pipe_schannel.c | 7 +- source3/rpc_server/lsa/srv_lsa_nt.c | 2 + source3/rpc_server/netlogon/srv_netlog_nt.c | 1 + source3/rpc_server/srvsvc/srv_srvsvc_nt.c | 1 + source3/rpcclient/rpcclient.c | 53 ++- .../tests/test_delete_veto_files_only_rmdir.sh | 183 ++++++++++ source3/script/tests/test_net_machine_account.sh | 22 ++ .../script/tests/test_smbXsrv_client_dead_rec.sh | 76 ++++ source3/script/tests/test_veto_rmdir.sh | 217 +++++++++++ source3/selftest/tests.py | 37 ++ source3/smbd/close.c | 106 ++++-- source3/smbd/dir.c | 55 ++- source3/smbd/dosmode.c | 119 +------ source3/smbd/ipc.c | 1 + source3/smbd/lanman.c | 1 + source3/smbd/message.c | 1 + source3/smbd/msdfs.c | 1 + source3/smbd/process.c | 1 + source3/smbd/reply.c | 1 + source3/smbd/server.c | 1 + source3/smbd/service.c | 1 + source3/smbd/sesssetup.c | 1 + source3/smbd/share_access.c | 1 + source3/smbd/smb2_ioctl.c | 19 + source3/smbd/smb2_server.c | 31 +- source3/smbd/smb2_sesssetup.c | 1 + source3/smbd/trans2.c | 1 + source3/smbd/uid.c | 1 + source3/torture/proto.h | 1 + source3/torture/test_smb2.c | 136 +++++++ source3/torture/torture.c | 5 + source3/utils/net_rpc.c | 8 + source3/utils/net_sam.c | 1 + source3/winbindd/idmap_nss.c | 26 +- source3/winbindd/wb_getpwsid.c | 1 + source3/winbindd/winbindd.c | 10 +- source3/winbindd/winbindd_cm.c | 45 ++- source3/winbindd/winbindd_util.c | 5 +- source4/dsdb/samdb/ldb_modules/anr.c | 73 +++- source4/dsdb/samdb/ldb_modules/operational.c | 2 +- source4/dsdb/samdb/ldb_modules/repl_meta_data.c | 13 +- source4/dsdb/tests/python/large_ldap.py | 63 ++++ source4/ldap_server/ldap_backend.c | 136 +++++-- source4/ldap_server/ldap_server.c | 4 +- source4/selftest/tests.py | 45 ++- source4/torture/smb2/ioctl.c | 396 +++++++++++++++++++++ source4/torture/smb2/timestamps.c | 208 +++++++++++ testprogs/blackbox/test_kpasswd_heimdal.sh | 6 +- testprogs/blackbox/test_kpasswd_mit.sh | 2 +- testprogs/blackbox/test_rpcclient_schannel.sh | 94 +++++ 119 files changed, 3173 insertions(+), 438 deletions(-) copy bootstrap/generated-dists/{centos7 => debian11}/Dockerfile (92%) copy bootstrap/generated-dists/{debian10 => debian11}/bootstrap.sh (98%) copy bootstrap/generated-dists/{centos7 => debian11}/locale.sh (100%) copy bootstrap/generated-dists/{debian10 => debian11}/packages.yml (97%) create mode 100755 python/samba/tests/krb5/test_idmap_nss.py create mode 100644 source3/lib/substitute.h create mode 100755 source3/script/tests/test_delete_veto_files_only_rmdir.sh create mode 100755 source3/script/tests/test_net_machine_account.sh create mode 100755 source3/script/tests/test_smbXsrv_client_dead_rec.sh create mode 100755 source3/script/tests/test_veto_rmdir.sh create mode 100755 testprogs/blackbox/test_rpcclient_schannel.sh Changeset truncated at 500 lines: diff --git a/.gitlab-ci-main.yml b/.gitlab-ci-main.yml index 0cbcc17c94c..125b3901832 100644 --- a/.gitlab-ci-main.yml +++ b/.gitlab-ci-main.yml @@ -42,7 +42,7 @@ variables: # Set this to the contents of bootstrap/sha1sum.txt # which is generated by bootstrap/template.py --render # - SAMBA_CI_CONTAINER_TAG: 733f8fa83c921e5a7ec8f5470b2ca7d52548f4b0 + SAMBA_CI_CONTAINER_TAG: dd2b9a1848eed2d200e1a525695e40f06c23d888 # # We use the ubuntu1804 image as default as # it matches what we have on sn-devel-184. @@ -58,6 +58,7 @@ variables: SAMBA_CI_CONTAINER_IMAGE_ubuntu2004: ubuntu2004 SAMBA_CI_CONTAINER_IMAGE_debian9: debian9 SAMBA_CI_CONTAINER_IMAGE_debian10: debian10 + SAMBA_CI_CONTAINER_IMAGE_debian11: debian11 SAMBA_CI_CONTAINER_IMAGE_opensuse151: opensuse151 SAMBA_CI_CONTAINER_IMAGE_opensuse152: opensuse152 SAMBA_CI_CONTAINER_IMAGE_fedora33: fedora33 @@ -569,6 +570,11 @@ debian10-samba-o3: variables: SAMBA_CI_JOB_IMAGE: ${SAMBA_CI_CONTAINER_IMAGE_debian10} +debian11-samba-o3: + extends: .samba-o3-template + variables: + SAMBA_CI_JOB_IMAGE: ${SAMBA_CI_CONTAINER_IMAGE_debian11} + opensuse151-samba-o3: extends: .samba-o3-template variables: diff --git a/VERSION b/VERSION index 06669ad9d90..a1b01a89332 100644 --- a/VERSION +++ b/VERSION @@ -25,7 +25,7 @@ ######################################################## SAMBA_VERSION_MAJOR=4 SAMBA_VERSION_MINOR=15 -SAMBA_VERSION_RELEASE=2 +SAMBA_VERSION_RELEASE=3 ######################################################## # If a official release has a serious bug # diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 6632cf1c294..05eb72be9e0 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,3 +1,122 @@ + ============================== + Release Notes for Samba 4.15.3 + December 08, 2021 + ============================== + + +This is the latest stable release of the Samba 4.15 release series. + +Important Notes +=============== + +There have been a few regressions in the security release 4.15.2: + +o CVE-2020-25717: A user on the domain can become root on domain members. + https://www.samba.org/samba/security/CVE-2020-25717.html + PLEASE [RE-]READ! + The instructions have been updated and some workarounds + initially adviced for 4.15.2 are no longer required and + should be reverted in most cases. + +o BUG-14902: User with multiple spaces (eg Fred<space><space>Nurk) become + un-deletable. While this release should fix this bug, it is + adviced to have a look at the bug report for more detailed + information, see https://bugzilla.samba.org/show_bug.cgi?id=14902. + +Changes since 4.15.2 +-------------------- + +o Jeremy Allison <j...@samba.org> + * BUG 14878: Recursive directory delete with veto files is broken in 4.15.0. + * BUG 14879: A directory containing dangling symlinks cannot be deleted by + SMB2 alone when they are the only entry in the directory. + * BUG 14892: SIGSEGV in rmdir_internals/synthetic_pathref - dirfsp is used + uninitialized in rmdir_internals(). + +o Andrew Bartlett <abart...@samba.org> + * BUG 14694: MaxQueryDuration not honoured in Samba AD DC LDAP. + * BUG 14901: The CVE-2020-25717 username map [script] advice has undesired + side effects for the local nt token. + * BUG 14902: User with multiple spaces (eg Fred<space><space>Nurk) become + un-deletable. + +o Ralph Boehme <s...@samba.org> + * BUG 14127: Avoid storing NTTIME_THAW (-2) as value on disk. + * BUG 14882: smbXsrv_client_global record validation leads to crash if + existing record points at non-existing process. + * BUG 14890: Crash in vfs_fruit asking for fsp_get_io_fd() for an XATTR call. + * BUG 14897: Samba process doesn't log to logfile. + * BUG 14907: set_ea_dos_attribute() fallback calling + get_file_handle_for_metadata() triggers locking.tdb assert. + * BUG 14922: Kerberos authentication on standalone server in MIT realm + broken. + * BUG 14923: Segmentation fault when joining the domain. + +o Alexander Bokovoy <a...@samba.org> + * BUG 14903: Support for ROLE_IPA_DC is incomplete. + +o Günther Deschner <g...@samba.org> + * BUG 14767: rpcclient cannot connect to ncacn_ip_tcp services anymore + * BUG 14893: winexe crashes since 4.15.0 after popt parsing. + +o Volker Lendecke <v...@samba.org> + * BUG 14908: net ads status -P broken in a clustered environment. + +o Stefan Metzmacher <me...@samba.org> + * BUG 14788: Memory leak if ioctl(FSCTL_VALIDATE_NEGOTIATE_INFO) fails before + smbd_smb2_ioctl_send. + * BUG 14882: smbXsrv_client_global record validation leads to crash if + existing record points at non-existing process. + * BUG 14899: winbindd doesn't start when "allow trusted domains" is off. + * BUG 14901: The CVE-2020-25717 username map [script] advice has undesired + side effects for the local nt token. + +o Andreas Schneider <a...@samba.org> + * BUG 14767: rpcclient cannot connect to ncacn_ip_tcp services anymore. + * BUG 14883: smbclient login without password using '-N' fails with + NT_STATUS_INVALID_PARAMETER on Samba AD DC. + * BUG 14912: A schannel client incorrectly detects a downgrade connecting to + an AES only server. + * BUG 14921: Possible null pointer dereference in winbind. + +o Andreas Schneider <a...@cryptomilk.org> + * BUG 14846: Fix -k legacy option for client tools like smbclient, rpcclient, + net, etc. + +o Martin Schwenke <mar...@meltin.net> + * BUG 14872: Add Debian 11 CI bootstrap support. + +o Joseph Sutton <josephsut...@catalyst.net.nz> + * BUG 14694: MaxQueryDuration not honoured in Samba AD DC LDAP. + * BUG 14901: The CVE-2020-25717 username map [script] advice has undesired + side effects for the local nt token. + +o Andrew Walker <awal...@ixsystems.com> + * BUG 14888: Crash in recycle_unlink_internal(). + + +####################################### +Reporting bugs & Development Discussion +####################################### + +Please discuss this release on the samba-technical mailing list or by +joining the #samba-technical IRC channel on irc.freenode.net. + +If you do report problems then please try to send high quality +feedback. If you don't provide vital information to help us track down +the problem then you will probably be ignored. All bug reports should +be filed under the Samba 4.1 and newer product in the project's Bugzilla +database (https://bugzilla.samba.org/). + + +====================================================================== +== Our Code, Our Bugs, Our Responsibility. +== The Samba Team +====================================================================== + + +Release notes for older releases follow: +---------------------------------------- ============================== Release Notes for Samba 4.15.2 November 9, 2021 @@ -102,8 +221,7 @@ database (https://bugzilla.samba.org/). ====================================================================== -Release notes for older releases follow: ----------------------------------------- +---------------------------------------------------------------------- ============================== diff --git a/auth/credentials/credentials.c b/auth/credentials/credentials.c index 02a3cf3b354..c5a6ba6940c 100644 --- a/auth/credentials/credentials.c +++ b/auth/credentials/credentials.c @@ -30,6 +30,7 @@ #include "tevent.h" #include "param/param.h" #include "system/filesys.h" +#include "system/passwd.h" /** * Create a new credentials structure @@ -1159,6 +1160,7 @@ _PUBLIC_ bool cli_credentials_guess(struct cli_credentials *cred, { const char *error_string; const char *env = NULL; + struct passwd *pwd = NULL; bool ok; if (lp_ctx != NULL) { @@ -1168,6 +1170,17 @@ _PUBLIC_ bool cli_credentials_guess(struct cli_credentials *cred, } } + pwd = getpwuid(getuid()); + if (pwd != NULL) { + size_t len = strlen(pwd->pw_name); + + if (len > 0 && len <= 1024) { + (void)cli_credentials_parse_string(cred, + pwd->pw_name, + CRED_GUESS_ENV); + } + } + env = getenv("LOGNAME"); if (env != NULL) { size_t len = strlen(env); diff --git a/auth/gensec/schannel.c b/auth/gensec/schannel.c index 0cdae141ead..6ebbe8f3179 100644 --- a/auth/gensec/schannel.c +++ b/auth/gensec/schannel.c @@ -1080,6 +1080,7 @@ static NTSTATUS schannel_server_start(struct gensec_security *gensec_security) case ROLE_DOMAIN_BDC: case ROLE_DOMAIN_PDC: case ROLE_ACTIVE_DIRECTORY_DC: + case ROLE_IPA_DC: return NT_STATUS_OK; default: return NT_STATUS_NOT_IMPLEMENTED; diff --git a/bootstrap/.gitlab-ci.yml b/bootstrap/.gitlab-ci.yml index 5e5856b1e90..33534f5f1dd 100644 --- a/bootstrap/.gitlab-ci.yml +++ b/bootstrap/.gitlab-ci.yml @@ -103,6 +103,9 @@ ubuntu2004: debian10: extends: .build_image_template +debian11: + extends: .build_image_template + fedora33: extends: .build_image_template diff --git a/bootstrap/config.py b/bootstrap/config.py index ba4304bb9f8..fd75a771252 100644 --- a/bootstrap/config.py +++ b/bootstrap/config.py @@ -399,6 +399,13 @@ DEB_DISTS = { 'liburing-dev': '', # not available } }, + 'debian11': { + 'docker_image': 'debian:11', + 'vagrant_box': 'debian/bullseye64', + 'replace': { + 'language-pack-en': '', # included in locales + } + }, 'ubuntu1604': { 'docker_image': 'ubuntu:16.04', 'vagrant_box': 'ubuntu/xenial64', diff --git a/bootstrap/generated-dists/Vagrantfile b/bootstrap/generated-dists/Vagrantfile index 42da0161e40..780320ec7c8 100644 --- a/bootstrap/generated-dists/Vagrantfile +++ b/bootstrap/generated-dists/Vagrantfile @@ -31,6 +31,13 @@ Vagrant.configure("2") do |config| v.vm.provision :shell, path: "debian10/locale.sh" end + config.vm.define "debian11" do |v| + v.vm.box = "debian/bullseye64" + v.vm.hostname = "debian11" + v.vm.provision :shell, path: "debian11/bootstrap.sh" + v.vm.provision :shell, path: "debian11/locale.sh" + end + config.vm.define "fedora33" do |v| v.vm.box = "fedora/33-cloud-base" v.vm.hostname = "fedora33" diff --git a/bootstrap/generated-dists/centos7/Dockerfile b/bootstrap/generated-dists/debian11/Dockerfile similarity index 92% copy from bootstrap/generated-dists/centos7/Dockerfile copy to bootstrap/generated-dists/debian11/Dockerfile index 2f171ad1c62..6a16324f201 100644 --- a/bootstrap/generated-dists/centos7/Dockerfile +++ b/bootstrap/generated-dists/debian11/Dockerfile @@ -3,7 +3,7 @@ # See also bootstrap/config.py # -FROM centos:7 +FROM debian:11 # pass in with --build-arg while build ARG SHA1SUM diff --git a/bootstrap/generated-dists/debian10/bootstrap.sh b/bootstrap/generated-dists/debian11/bootstrap.sh similarity index 98% copy from bootstrap/generated-dists/debian10/bootstrap.sh copy to bootstrap/generated-dists/debian11/bootstrap.sh index 84f5f6855b7..07d6209c072 100755 --- a/bootstrap/generated-dists/debian10/bootstrap.sh +++ b/bootstrap/generated-dists/debian11/bootstrap.sh @@ -70,6 +70,7 @@ apt-get -y install \ libtasn1-dev \ libtracker-sparql-2.0-dev \ libunwind-dev \ + liburing-dev \ lmdb-utils \ locales \ lsb-release \ diff --git a/bootstrap/generated-dists/centos7/locale.sh b/bootstrap/generated-dists/debian11/locale.sh similarity index 100% copy from bootstrap/generated-dists/centos7/locale.sh copy to bootstrap/generated-dists/debian11/locale.sh diff --git a/bootstrap/generated-dists/debian10/packages.yml b/bootstrap/generated-dists/debian11/packages.yml similarity index 97% copy from bootstrap/generated-dists/debian10/packages.yml copy to bootstrap/generated-dists/debian11/packages.yml index 32f37eeb013..6d3c2385339 100644 --- a/bootstrap/generated-dists/debian10/packages.yml +++ b/bootstrap/generated-dists/debian11/packages.yml @@ -59,6 +59,7 @@ packages: - libtasn1-dev - libtracker-sparql-2.0-dev - libunwind-dev + - liburing-dev - lmdb-utils - locales - lsb-release diff --git a/bootstrap/sha1sum.txt b/bootstrap/sha1sum.txt index e433f698b68..11369ced5f7 100644 --- a/bootstrap/sha1sum.txt +++ b/bootstrap/sha1sum.txt @@ -1 +1 @@ -733f8fa83c921e5a7ec8f5470b2ca7d52548f4b0 +dd2b9a1848eed2d200e1a525695e40f06c23d888 diff --git a/docs-xml/smbdotconf/filename/deletevetofiles.xml b/docs-xml/smbdotconf/filename/deletevetofiles.xml index 581dc05396d..570d4ac60a0 100644 --- a/docs-xml/smbdotconf/filename/deletevetofiles.xml +++ b/docs-xml/smbdotconf/filename/deletevetofiles.xml @@ -4,9 +4,12 @@ xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> <description> <para>This option is used when Samba is attempting to - delete a directory that contains one or more vetoed directories - (see the <smbconfoption name="veto files"/> - option). If this option is set to <constant>no</constant> (the default) then if a vetoed + delete a directory that contains one or more vetoed files + or directories or non-visible files or directories (such + as dangling symlinks that point nowhere). + (see the <smbconfoption name="veto files"/>, <smbconfoption name="hide special files"/>, + <smbconfoption name="hide unreadable"/>, <smbconfoption name="hide unwriteable files"/> + options). If this option is set to <constant>no</constant> (the default) then if a vetoed directory contains any non-vetoed files or directories then the directory delete will fail. This is usually what you want.</para> diff --git a/examples/winexe/winexe.c b/examples/winexe/winexe.c index 3e0813a4091..8a17107617c 100644 --- a/examples/winexe/winexe.c +++ b/examples/winexe/winexe.c @@ -220,8 +220,6 @@ static void parse_args(int argc, const char *argv[], *port_str = '\0'; } - poptFreeContext(pc); - if (options->runas == NULL && options->runas_file != NULL) { struct cli_credentials *runas_cred; const char *user; @@ -253,9 +251,19 @@ static void parse_args(int argc, const char *argv[], options->credentials = samba_cmdline_get_creds(); - options->hostname = argv_new[0] + 2; + options->hostname = talloc_strdup(mem_ctx, argv_new[0] + 2); + if (options->hostname == NULL) { + DBG_ERR("Out of memory\n"); + exit(1); + } options->port = port; - options->cmd = argv_new[1]; + options->cmd = talloc_strdup(mem_ctx, argv_new[1]); + if (options->cmd == NULL) { + DBG_ERR("Out of memory\n"); + exit(1); + } + + poptFreeContext(pc); options->flags = flag_interactive; if (flag_reinstall) { @@ -393,11 +401,16 @@ static NTSTATUS winexe_svc_install( bool need_conf = false; NTSTATUS status; WERROR werr; + const char *remote_name = smbXcli_conn_remote_name(cli->conn); + const struct sockaddr_storage *remote_sockaddr = + smbXcli_conn_remote_sockaddr(cli->conn); status = cli_rpc_pipe_open_noauth_transport( cli, NCACN_NP, &ndr_table_svcctl, + remote_name, + remote_sockaddr, &rpccli); if (!NT_STATUS_IS_OK(status)) { DBG_WARNING("cli_rpc_pipe_open_noauth_transport failed: %s\n", @@ -408,7 +421,7 @@ static NTSTATUS winexe_svc_install( status = dcerpc_svcctl_OpenSCManagerW( rpccli->binding_handle, frame, - smbXcli_conn_remote_name(cli->conn), + remote_name, NULL, SEC_FLAG_MAXIMUM_ALLOWED, &scmanager_handle, @@ -709,11 +722,16 @@ static NTSTATUS winexe_svc_uninstall( struct SERVICE_STATUS service_status; NTSTATUS status; WERROR werr; + const char *remote_name = smbXcli_conn_remote_name(cli->conn); + const struct sockaddr_storage *remote_sockaddr = + smbXcli_conn_remote_sockaddr(cli->conn); status = cli_rpc_pipe_open_noauth_transport( cli, NCACN_NP, &ndr_table_svcctl, + remote_name, + remote_sockaddr, &rpccli); if (!NT_STATUS_IS_OK(status)) { DBG_WARNING("cli_rpc_pipe_open_noauth_transport failed: %s\n", @@ -724,7 +742,7 @@ static NTSTATUS winexe_svc_uninstall( status = dcerpc_svcctl_OpenSCManagerW( rpccli->binding_handle, frame, - smbXcli_conn_remote_name(cli->conn), + remote_name, NULL, SEC_FLAG_MAXIMUM_ALLOWED, &scmanager_handle, diff --git a/lib/cmdline/cmdline.c b/lib/cmdline/cmdline.c index 40292a6a332..0c0b3ead7da 100644 --- a/lib/cmdline/cmdline.c +++ b/lib/cmdline/cmdline.c @@ -30,6 +30,11 @@ static struct cli_credentials *cmdline_creds; static samba_cmdline_load_config cmdline_load_config_fn; static struct samba_cmdline_daemon_cfg cmdline_daemon_cfg; +static NTSTATUS (*cli_credentials_set_machine_account_fn)( + struct cli_credentials *cred, + struct loadparm_context *lp_ctx) = + cli_credentials_set_machine_account; + /* PRIVATE */ bool samba_cmdline_set_talloc_ctx(TALLOC_CTX *mem_ctx) { @@ -122,6 +127,13 @@ struct samba_cmdline_daemon_cfg *samba_cmdline_get_daemon_cfg(void) return &cmdline_daemon_cfg; } +void samba_cmdline_set_machine_account_fn( + NTSTATUS (*fn) (struct cli_credentials *cred, + struct loadparm_context *lp_ctx)) +{ + cli_credentials_set_machine_account_fn = fn; +} + void samba_cmdline_burn(int argc, char *argv[]) { bool found = false; @@ -792,8 +804,8 @@ static void popt_common_credentials_callback(poptContext popt_ctx, if (machine_account_pending) { NTSTATUS status; - status = cli_credentials_set_machine_account(creds, - lp_ctx); + status = cli_credentials_set_machine_account_fn( + creds, lp_ctx); if (!NT_STATUS_IS_OK(status)) { fprintf(stderr, "Failed to set machine account: %s\n", @@ -1251,7 +1263,7 @@ static struct poptOption popt_legacy_s3[] = { { .longName = "kerberos", .shortName = 'k', - .argInfo = POPT_ARG_STRING, + .argInfo = POPT_ARG_NONE, .val = 'k', .descrip = "DEPRECATED: Migrate to --use-kerberos", }, diff --git a/lib/cmdline/cmdline.h b/lib/cmdline/cmdline.h index 1f85da0099e..5cd58c3ddbb 100644 --- a/lib/cmdline/cmdline.h -- Samba Shared Repository