The branch, v4-17-stable has been updated via abc2296a670 VERSION: Disable GIT_SNAPSHOT for the Samba 4.17.0rc1 release. via 459107e6efa WHATSNEW: Up to Samba 4.17.0rc1. via 80d069a72c4 s3:tests: Add a test to check json output of smbstatus profile via 803899fdc3c smbstatus: add JSON support for smbstatus --profile via 0ed54cc6078 smbstatus: fix indentation in profile_separator() via 03ed8d3a07c smbstatus: add a method to add profile items to json via 74028253e1c s3:tests: Add a test to check json output of smbstatus via 5d6ed73b38e smbstatus: add JSON support for smbstatus via 78c6740299f smbstatus: add machine readable creation_time to notify via ed1c94be4f6 smbstatus: add server_id to notifies via 8154df9d1f3 smbstatus: add a notifies dictionary via fed1569f03c smbstatus: add file_id information to byte-range locks in json output via c47d9d28f12 smbstatus: add locks to byte-range locked files in json output via eca61089cda smbstatus: add server_id to byte-range locks via dc3b10cda68 smbstatus: add a basic byte-range locks dictionary via 6b6b586b8d5 smbstatus: add service path to byte-range locks via fb809a11712 smbstatus: add machine readable time info to locked files via 43d811adf6c smbstatus: add general caching information about open files to json output via c0620250cf3 smbstatus: add sharemode information about open files to json output via 003684dc678 smbstatus: add server_id to open files dictionary via 1973c3a9ac9 smbstatus: add lease information about open files to json output via 595b0198ec3 smbstatus: add oplock information about open files to json output via dd9dd5bff02 smbstatus: add access mode information about open files to json output via 8d26456742a smbstatus: add opens to files in json output via 27d026aca69 smbstatus: add file_id information about open files to json output via 95712e61b87 smbstatus: add a basic dictionary with open files via 3ec6e7e31d5 smbstatus: add encryption and signing to sessions via fd1bfb79bdb smbstatus: add server_id to sessions via 836fd468c0d smbstatus: add a sessions dictionary via 1abae1c255c smbstatus: add encryption and signing to connections via 143d9392d66 smbstatus: add machine readable time to connections via 7585f8d201f conn_tdb: change type of connections_data.start to NTTIME via 963e1588681 smbstatus: add session_id to connections dictionary via 696975554a9 conn_tdb: add sess_id to struct connections_data via 7d76fe5f443 smbstatus: add server_id to connections via 138befe4391 smbstatus: add a connections dictionary via 05362a27995 smbstatus: add general information to the json output via a64c9078746 smbstatus: add method add_section_to_json via 15fed37afb6 smbstatus: add json items to traverse_struct via f604e4d4cd9 smbstatus: add frame files for json specific methods via b35f13a3d0d smbstatus: use new enum crypto_degree via 92be53754bf smbstatus: add enum to handle partial encryption and signing via cb8a0d9aecd smbstatus: move the output of the content to their own methods via e514bdbc1c7 smbstatus: move the output of the title lines to their own methods via d9c1ff4c2f1 smbstatus: pass the traverse_state to the traverse methods via caae58fad82 smbstatus: add struct traverse_state via 04f1d339c62 smbstatus: use variables in print_share_mode instead of printing directly via 4f21c6fdf90 smbstatus: print errors to stderr instead of stdout via 4ef2d36615e audit_logging: add method to replace the object for a given key with a new object via 6412c39bbfa smbstatus: delete wrong EXCLUSIVE+BATCH oplock via 82d931d23d1 s3: smbd: Oops. DBG_ERR messages I used to debug parse_dfs_path(), should have been DBG_DEBUG. via fb937ddc838 lib/util/access: source3/auth/user_util: Check for INNETGR via e13875601ff nsswitch/wins: Define NETDB_* for other libc's via 7cd87156761 vfs: Add struct vfs_open_how.resolve via 8693a0416b9 smbd: Hand vfs_open_how to openat_pathref_fullname via c3c5e6c3dd2 smbd: Pass vfs_open_how through fd_openat via ccc26364a9e smbd: Pass vfs_open_how through non_widelink_open via 5fc016f2685 vfs: change openat propotype to match linux openat2 via 5aaf38949ab vfs_glusterfs: add missing END_PROFILE(syscall_openat) to vfs_gluster_openat() via 0fdd7e16a1d samba-tool gpo: clean up tmpdir after create via 5750d7a1d05 samba-tool: allow testparm to dump global section only via 1c6e59a7dfc pyparam: expose lpcfg_dump_globals() via e0d96197fdd pytest/netcmd: test samba-tool testparm global section via 5075df4575d s3: smbd: Remove ugly SMB1-specific hack to filename_convert_dirfsp() via 5c9404f7531 s3: smbd: Remove the ucf_flags parameter from extract_snapshot_token(). via d21cf6bbb18 s3: smbd: Cleanup - integer align. consumedcnt should be a size_t. via 7ef1412f852 s3: smbd: Minor cleanup in parse_dfs_path(). via e5a49c310da s3: smbd: Remove 'bool posix_path' from struct dfs_path. via f24ef117cfa s3: smbd: Change srvstr_get_path_internal() to always call check_path_syntaxXXX(), even on DFS pathnames. via 972dd999b8d smbd: Fix a "set but not used" warning via 99020ffef2f smbd: Security fix for systems without O_PATH via c89ae5f0f65 lib: Align an integer type via 0b58dc38bb8 smbd: Fix the build on FreeBSD via 46418dddda9 s3: smbd: Convert driver_unix_convert() to use filename_convert_dirfsp(). via f42b5be4127 s3: smbd: Add dirfsp return parameter to driver_unix_convert(). via 87835c69ccf s3: smbd: In filename_convert_dirfsp_nosymlink() only use synthetic_smb_fname_split() for fake_files, not printer shares too. via ffc19ac9859 s3: smbd: Remove filename_convert(). via 68483583630 s3: smbd: Convert filename_convert_smb1_search_path() to use filename_convert_dirfsp(). via 7bd5c05fbd9 s3: smbd: Add returned dirfsp pointer to filename_convert_smb1_search_path(). via 5a923ae36ab s3: smbd: We now know get_original_lcomp() never has to deal with an MSDFS pathname. via 4112bab9aeb s3: smbd: In filename_convert_smb1_search_path(), after we have called dfs_redirect(), the path separator is always '/'. via 2d9938dac32 s3: smbd: Remove TWRP handing inside get_original_lcomp(). via acff075a725 s3: smbd: In reply_ntrename(), move the call to get_original_lcomp(..newname..) after the call to extract_snapshot_token(..newname..). via 5eed3f48b6e s3: smbd: Remove code for unused strip_gmt_from_raw_dfs(). via df5455c438d s3: smbd: Change filename_convert_smb1_search_path() to use extract_snapshot_token(). via 2ad3e63fe02 s3: smbd: Remove const from name_in parameter to filename_convert_smb1_search_path(). via 74715a75053 s3: smbd: Remove separate talloc_stackframe() from filename_convert_smb1_search_path(). via 7a823d44d23 s3: smbd: Allow extract_snapshot_token() to cope with MSDFS paths. via 8b9fdc8ab1b s3: smbd: Add ucf_flags parameter to extract_snapshot_token(). via 2120b215872 testprogs: Reformat test_ktpass.sh via faf8c190b4a testprogs: Reformat test_kpasswd_mit.sh via 9d1cf12da19 testprogs: Reformat test_kpasswd_heimdal.sh via a68d75f9c19 testprogs: Reformat test_kinit_trusts_mit.sh via ce97396ecb2 testprogs: Reformat test_kinit_trusts_heimdal.sh via 8c19e475aac testprogs: Reformat test_kinit_mit.sh via da0049b01d9 testprogs: Reformat test_kinit_heimdal.sh via 848bf1bf592 testprogs: Reformat test_export_keytab_mit.sh via 708582deefa testprogs: Reformat test_export_keytab_heimdal.sh via fcdcad87816 testprogs: Reformat test_client_kerberos.sh via 2c8681cca73 testprogs: Reformat test_client_etypes.sh via f222b2a2296 testprogs: Reformat test_chgdcpass.sh via 561e9256551 testprogs: Reformat subunit.sh via de6335d47ab testprogs: Reformat schemaupgrade.sh via a59460d2794 testprogs: Reformat runtime-links.sh via 7b4e06d2255 testprogs: Reformat renamedc.sh via d0f27918308 testprogs: Reformat nsstest.sh via 084bddcf101 testprogs: Reformat ldapcmp_restoredc.sh via 65b3797352c testprogs: Reformat join_ldapcmp.sh via f2591ff727e testprogs: Reformat functionalprep.sh via 91035d48f26 testprogs: Reformat dom_parse.sh via eab5cdb66f4 testprogs: Reformat dfree.sh via 9bc3ba8f379 testprogs: Reformat demote-saveddb.sh via 0cdd204693b testprogs: Reformat dbcheck.sh via ae3452244de testprogs: Reformat dbcheck-oldrelease.sh via 9757229b2b0 testprogs: Reformat dbcheck-links.sh via 61c6a00f550 mdssvc: check if the user closed the query before trying to read the HTTP response from Elasticsearch via c9ecd33ad7d mdssvc: fold two if blocks into one via ac13935a585 mdssvc: don't trigger http reconnect if a search was cancelled via 1150d121b7f mdssvc: fix check if search connection state is gone via 9b0e61ff75d mdssvc: reapply default search destructor when marking a search non-pending via 9b56c7030f8 mdssvc: prevent a crash when pending search finishes after the client closed the search connection via 2fc2c7d4b0b mdssvc: move calling mds_es_search_set_pending() to mds_es_next_search_trigger() via 5b750d6b330 mdssvc: consolidate calls of mds_es_search_unset_pending() via c0d46796d43 mdssvc: update a comment via 3254622a307 mdssvc: fix a comment via 93b6db3328c s3: smbd: Convert smb_file_rename_information() to use filename_convert_dirfsp(). via 0e7a151c2f7 s3: smbd: Convert smb_file_link_information() to use filename_convert_dirfsp(). via e960f4b30bf s3: smbd: Convert smb2_file_rename_information() to use filename_convert_dirfsp(). via 3b3cab81884 s3: smbd: Convert smb_set_file_unix_hlink() to use filename_convert_dirfsp(). via 22403ec72ef s3: smbd: Convert reply_ntrename() to use filename_convert_dirfsp(). via 8b667db0f7d s3: smbd: Convert reply_mv() to use filename_convert_dirfsp(). via b14e4f59255 s3: smbd: Convert reply_mkdir() to use filename_convert_dirfsp(). via 79257334c22 s3: smbd: Convert reply_unlink() to use filename_convert_dirfsp(). via dc309e60623 s3: smbd: Convert cmd_utime() to use filename_convert_dirfsp(). via ab9397726ef s3: smbd: Convert smbd_smb2_create_durable_lease_check() to use filename_convert_dirfsp(). via c3737300ed9 s3: smbd: Convert _srvsvc_NetSetFileSecurity() to use filename_convert_dirfsp(). via d89ec90c87b s3: smbd: Convert _srvsvc_NetGetFileSecurity() to use filename_convert_dirfsp(). via 1006b1af4b7 s3: smbd: Convert call_trans2setfilepathinfo() to use filename_convert_dirfsp(). via a9ed7f6064c s3: smbd: Convert call_trans2qfilepathinfo() to use filename_convert_dirfsp(). via c71368a080b s3: smbd: Convert reply_setatr() to use filename_convert_dirfsp(). via a457d59e985 s3: smbd: Convert reply_getatr() to use filename_convert_dirfsp(). via 2a9d7beb9e3 s3: smbd: Add dirfsp parameter to create_directory(). via a6c34ec3c25 s3: smbd: Add src_dirfsp and dst_dirfsp parameters to copy_internals(). via b80e51137c3 s3: smbd: Add old_dirfsp and new_dirfsp parameters to hardlink_internals(). via 1d658bbe65a s3: smbd: Add dst_dirfsp parameter to rename_internals_fsp(). via 0b33ec49e38 s3: smbd: Add dirfsp parameter to unlink_internals(). via d9f144acb64 s3: smbd: Add src_dirfsp and dst_dirfsp parameters to rename_internals(). via beb10e8bbe4 s3: smbd: In reply_ntrename(), don't call filename_convert() if we know it's a stream rename. via c673ca15c56 s3: smbd: Tweak the logic of smb2_file_rename_information(). via b9006f33b4f s3: smbd: Inside filename_convert_dirfsp_nosymlink(), don't require UCF_PREP_CREATEFILE when parsing a stream name that doesn't already exist. via 2c4719a0cda s3: smbd: In filename_convert_dirfsp(), don't let an SMB1+POSIX client see a symlink to a directory with no permissions. via 5249cb3d0fd s3: smbd: In filename_convert_dirfsp_nosymlink(), in SMB1-only POSIX mode, allow a pathname referencing a symlink to be returned. via 6fd8f7fd18f s3: smbd: In filename_convert_dirfsp(), allow SMB1+POSIX to traverse non-terminal symlinks. via 766151bf5b7 lib:replace: Only include <sys/mount.h> on non-Linux systems via 9459f85511a Revert "lib:replace: Remove <sys/mount.h> from filesys.h" via 3aecd6e7b50 ctdb-common: CID 1507498: Control flow issues (DEADCODE) via 7a6bd227989 lib:replace: Remove <sys/mount.h> from filesys.h via 15c86028a86 CVE-2022-32743 s4:rpc_server/netlogon: Reconnect to samdb as workstation account via 6b76bc7339a CVE-2022-32743 s4:rpc_server/common: Add dcesrv_samdb_connect_session_info() via e1c52ac05a9 CVE-2022-32743 dsdb/modules/acl: Allow simultaneous sAMAccountName, dNSHostName, and servicePrincipalName change via 7638abd38a1 CVE-2022-32743 dsdb/modules/acl: Account for sAMAccountName without $ via f5451423801 CVE-2022-32743 s4:rpc_server/netlogon: Connect to samdb as a user, rather than as system via 02c2a8c7b01 CVE-2022-32743 s4:rpc_server/netlogon: Always observe NETR_WS_FLAG_HANDLES_SPN_UPDATE flag via d07641fc5a7 CVE-2022-32743 s4:rpc_server/netlogon: Remove dNSHostName prefix check via f9831259b9f CVE-2022-32743 dsdb/modules/acl: Handle FORCE_ALLOW_VALIDATED_DNS_HOSTNAME_SPN_WRITE control via c2ab1f4696f CVE-2022-32743 dsdb/common: Add FORCE_ALLOW_VALIDATED_DNS_HOSTNAME_SPN_WRITE control via b95431ab230 CVE-2022-32743 dsdb: Implement validated dNSHostName write via 0d888f0c902 CVE-2022-32743 s4/dsdb/util: Add function to check for a subclass relationship via 49ac07e786d CVE-2022-32743 s4/dsdb/util: Add dsdb_msg_get_single_value() via e38b75a50f7 CVE-2022-32743 s4:torture/rpc: Fix tests to match Windows via b41691d0e54 CVE-2022-32743 tests/py_credentials: Add tests for setting dNSHostName with LogonGetDomainInfo() via d277700710d CVE-2022-32743 s4-acl: Add tests for validated dNSHostName write via ab3d2379415 examples/winexe: fix fetching return code of the remote command via 332338173ec s3: smbd: Convert reply_checkpath() to use filename_convert_dirfsp(). via a70a9c63df3 s3: smbd: Convert call_trans2mkdir() to use filename_convert_dirfsp(). via 12001941a4f s3: smbd: Convert call_trans2open() to use filename_convert_dirfsp(). via 34056ced099 s3: smbd: Convert reply_rmdir() to use filename_convert_dirfsp(). via f599e469066 s3: smbd: Convert reply_ctemp() to use filename_convert_dirfsp(). via 952f92ccb39 s3: smbd: Convert reply_mknew() to use filename_convert_dirfsp(). via 48be22d8cce s3: smbd: Convert reply_open_and_X() to use filename_convert_dirfsp(). via e82a37d42bb s3: smbd: Convert reply_open() to use filename_convert_dirfsp(). via 758ffebb8a8 s3: smbd: Fix the error processing in filename_convert_dirfsp_nosymlink() to match unix_convert() 100% via be8ac8df178 s3: smbd: In filename_split_lcomp() ensure we never return a streamname if posix is set. via 1a653fdc442 s3: smbd: Ensure we set fsp->file_id in openat_pathref_dirfsp_nosymlink(). via 3469895aca6 s3:winbind: Implement dcerpc_samr_chgpasswd_user4 for PamAuthChangePassword via 8b80b104064 s3:libsmb: Add dcerpc_samr_chgpasswd_user4 to remote_password_change() via f39cda78cb8 s3:test: Print the output to understand what was going wrong via 83dac5ce89f s4:libnet: Add support for samr_ChangePasswordUser4() via 0c961b16f19 s4:libnet: Move code using RC4 into its own function via da0e0c8aeb2 s4:libnet: Remove unused code in libnet_ChangePassword_samr() via 8733fabd581 s4:torture: Add test for dcerpc_samr_ChangePasswordUser4 via 1ca42e12ef2 s3:rpc_server: Implement dcesrv_samr_ChangePasswordUser4() via 68b7863f19f s3:passdb: Correctly burn the plaintext_pw with samu_destroy() via 16e97c5e2d7 s3:passdb: Remove trailing whitespaces via 85b7179a582 s4:rpc_server: Implement dcesrv_samr_ChangePasswordUser4() via c4ef3dbf738 s4:dsdb: Burn the memory of hashes returned by samdb_result_hashes() via 56297449f9c s4:dsdb: Remove trailing whitespaces from util.c via fd4368797e4 s3:rpcclient: Implement cmd chpasswd4 via c557259dd95 docs-xml: Remove trailing whitespaces in rpcclient.1.xml via c8daa5fb007 s3:rpc_client: Implement dcerpc_samr_chgpasswd_user4() via b46064f8b5d s3:rpc_client: Fix trailing whitespaces in cli_samr.c via cc1cac94233 lib:util: Add generate_random_u64_range() via 9fcd1b7498e lib:util: Remove trailing whitespaces in samba_util.h via 3d6b9ca8520 lib:crypto: Add test for pbkdf2 via 36b6be3ce1a waf: Check for gnutls_pbkdf2() via d725e4ca9fe s4:torture: Implement test for SAMR SetUserInfo(2) level 32 via f904f41820a s3:rpc_server: Implement SAMR SetUserInfo(2) level 32 via 54766eed2e0 s4:rpc_server: Implement support for SetUserInfo(2) level 32 via 5797d59bfcb s4:torture: Implement test for SAMR SetUserInfo(2) level 31 via 3f72918a164 s3:rpc_server: Implement support for SAMR SetUserInfo level 31 via c26f6961693 s3:rpc_server: Remove obosolete copy_id26_to_sam_passwd() via c975394edf3 s3:rpc_server: Use copy_pwd_expired_to_sam_passwd() in set_user_info_26() via cb2d9429a85 s3:rpc_server: Add copy_pwd_expired_to_sam_passwd() for SAMR via b54188cbe39 s3:rpc_server: Set missing debug class for srv_samr_chgpasswd via 63c4b16d2fc libcli:auth: Add test for decode_pwd_string_from_buffer514() via 2f4a80322b9 libcli:auth: Add decode_pwd_string_from_buffer514() via cef5bb02239 s4:rpc_server: Implement support for SAMR SetUserInfo(2) level 31 via 835de358ec4 s4:rpc_server: Add samr_set_password_aes() via 1aa403517ff s4:rpc_server: Add transaction for dcesrv_samr_SetUserInfo() via 1b3d7f81168 s4:rpc_server: Use sam_ctx consistently in dcesrv_samr_SetUserInfo() via a246ae993fd s3:rpc_server: Use a done goto label for dcesrv_samr_SetUserInfo() via 2226806ce0d libcli:auth: Add test for extract_pwd_blob_from_buffer514() via 12f4bb9cc11 libcli:auth: Add extract_pwd_blob_from_buffer514() via b39abe916d7 libcli:auth: Implment a common create_pw_buffer_from_blob() via 626b0f4891b libcli:auth: Use extract_pw_from_buffer() in decode_pw_buffer() via e87facfd890 libcli:auth: Keep data of extract_pw_from_buffer() secret via 91121071670 s3:rpcclient: Implement setuserinfo2 level 31 via 6f60c98c087 s3:rpcclient: Encrypt the password buffers only if really needed via 2454b86c882 s3:rpc_client: Implement init_samr_CryptPasswordAES() via 2ecdbe17e86 samr.idl: Add samr_ChangePasswordUser4() via 308f89ce6a9 samr:idl: add samr_SupportedFeatures for samr_Connect5() via e845afe11aa samr.idl: Add support for new AES encrypted password buffer via e181dd7b763 libcli:auth: Add test for encode_pwd_buffer514_from_str() via 1b142b72bd2 libcli:auth: Add encode_pw_buffer_from_str() via 5da60573b5d libcli:auth: Implement a generic encode_pwd_buffer_from_str() via ed22f0c43c8 libcli:auth: Remove trailing spaces from proto.h via 0813ea5bf86 lib:crypto: Add test for samba_gnutls_aead_aes_256_cbc_hmac_sha512_decrypt() via 0d059e44255 lib:crypto: Add samba_gnutls_aead_aes_256_cbc_hmac_sha512_decrypt() via 10249fbb1c7 lib:crypto: Add test for samba_gnutls_aead_aes_256_cbc_hmac_sha512_encrypt() via e42ebd22e93 librpc:rpc: Add SAMR encryption and mac key salt definitions via dc7f0f15ce0 lib:crypto: Implement samba_gnutls_aead_aes_256_cbc_hmac_sha512_encrypt() via 8b22b448e84 lib:replace: Add macros to burn data from memory via 61aeb774076 lib:crypto: Merge wscript_build into wscript via a519d57cef8 lib:crypto: Merge wscript_configure into wscript via b24c8f540f1 lib:crypto: Reformat wscript via dde461868f7 ctdb-tests: Add tests for cluster mutex I/O timeout via 25d32ae97a6 ctdb-tests: Terminate event loop if lock is no longer held via 061315cc795 ctdb-mutex: Test the lock by locking a 2nd byte range via 97a1714ee94 ctdb-mutex: open() and fstat() when testing lock file via c07e81abf04 ctdb-mutex: Factor out function fcntl_lock_fd() via 9daf22a5c9d ctdb-mutex: Handle pings from lock checking child to parent via b5db2867913 ctdb-mutex: Do inode checks in a child process via 2ecdbcb22c6 ctdb-mutex: Rename wait_for_lost to lock_io_check via 7ab2e8f1278 ctdb-mutex: Rename recheck_time to recheck_interval via c396b615047 ctdb-mutex: Consistently use progname in error messages via a8da8810f14 ctdb-tests: Add tests for trivial FD monitoring via 8d04235f465 ctdb-common: Add trivial FD monitoring abstraction via f9467cdf3b5 ctdb-build: Link in backtrace support for ctdb_util_tests via 7a1c43fc745 ctdb-build: Separate test backtrace support into separate subsystem via b195e8c0d0c ctdb-build: Sort sources in ctdb-util and ctdb_unit_tests via 3efa56aa61d ctdb-daemon: Fix printing of tickle ACKs via ffa84f2e5d3 py/uptodateness: more details in missing dn report via 9849e7440e3 util/genrand: don't ignore errors in random number generation via 4286e359b35 s3: smbd: Convert call_nt_transact_create() to use filename_convert_dirfsp(). via 22fae651656 s3: smbd: Inside filename_convert_dirfsp_nosymlink() ensure the returned smb_fname is always allocated off mem_ctx. via 31479d7781d s3: smbd: In openat_pathref_dirfsp_nosymlink() ensure we call fsp_smb_fname_link() to set smb_fname->fsp in the returned smb_fname. from 3ddc9344c2f CVE-2022-32742: s3: smbd: Harden the smbreq_bufrem() macro.
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-17-stable - Log ----------------------------------------------------------------- ----------------------------------------------------------------------- Summary of changes: VERSION | 6 +- WHATSNEW.txt | 2 +- ctdb/common/tmon.c | 602 ++++++++++ ctdb/common/tmon.h | 218 ++++ ctdb/server/ctdb_mutex_fcntl_helper.c | 509 ++++++-- ctdb/server/ctdb_takeover.c | 2 +- .../simple/cluster.015.reclock_remove_lock.sh | 2 +- .../simple/cluster.016.reclock_move_lock_dir.sh | 2 +- ctdb/tests/UNIT/cunit/cluster_mutex_002.sh | 32 +- ctdb/tests/UNIT/cunit/tmon_test_001.sh | 195 ++++ ctdb/tests/UNIT/cunit/tmon_test_002.sh | 142 +++ ctdb/tests/src/cluster_mutex_test.c | 100 +- ctdb/tests/src/tmon_ping_test.c | 381 ++++++ ctdb/tests/src/tmon_test.c | 406 +++++++ ctdb/wscript | 105 +- docs-xml/manpages/rpcclient.1.xml | 161 +-- examples/VFS/skel_opaque.c | 8 +- examples/VFS/skel_transparent.c | 5 +- examples/winexe/winexe.c | 2 +- lib/audit_logging/audit_logging.c | 46 + lib/audit_logging/audit_logging.h | 4 + lib/crypto/gnutls_aead_aes_256_cbc_hmac_sha512.c | 393 +++++++ lib/crypto/gnutls_helpers.h | 95 +- .../test_gnutls_aead_aes_256_cbc_hmac_sha512.c | 324 ++++++ lib/crypto/wscript | 92 +- lib/crypto/wscript_build | 54 - lib/crypto/wscript_configure | 15 - lib/replace/replace.h | 18 + lib/replace/system/filesys.h | 4 +- lib/replace/wscript | 3 + lib/replace/xattr.c | 3 +- lib/util/access.c | 2 +- lib/util/genrand.c | 29 +- lib/util/genrand_util.c | 14 + lib/util/samba_util.h | 36 +- lib/util/wscript_build | 2 +- libcli/auth/proto.h | 94 +- libcli/auth/smbencrypt.c | 239 +++- libcli/auth/tests/test_encode_decode.c | 162 +++ libcli/auth/wscript_build | 9 + librpc/idl/samr.idl | 67 +- librpc/rpc/dcerpc_samr.h | 42 + nsswitch/wins.c | 8 + python/samba/netcmd/gpo.py | 4 + python/samba/netcmd/testparm.py | 5 +- python/samba/tests/netcmd.py | 8 + python/samba/tests/py_credentials.py | 281 ++++- python/samba/uptodateness.py | 2 +- selftest/tests.py | 4 + source3/auth/user_util.c | 4 +- source3/include/msdfs.h | 1 - source3/include/vfs.h | 16 +- source3/include/vfs_macros.h | 10 +- source3/lib/adouble.c | 15 +- source3/libsmb/passchange.c | 40 + source3/modules/vfs_aio_pthread.c | 26 +- source3/modules/vfs_audit.c | 8 +- source3/modules/vfs_cap.c | 7 +- source3/modules/vfs_catia.c | 7 +- source3/modules/vfs_ceph.c | 10 +- source3/modules/vfs_ceph_snapshots.c | 9 +- source3/modules/vfs_commit.c | 10 +- source3/modules/vfs_crossrename.c | 2 + source3/modules/vfs_default.c | 13 +- source3/modules/vfs_error_inject.c | 7 +- source3/modules/vfs_extd_audit.c | 7 +- source3/modules/vfs_fruit.c | 45 +- source3/modules/vfs_full_audit.c | 7 +- source3/modules/vfs_glusterfs.c | 24 +- source3/modules/vfs_gpfs.c | 8 +- source3/modules/vfs_media_harmony.c | 8 +- source3/modules/vfs_not_implemented.c | 3 +- source3/modules/vfs_prealloc.c | 11 +- source3/modules/vfs_preopen.c | 10 +- source3/modules/vfs_shadow_copy2.c | 28 +- source3/modules/vfs_snapper.c | 8 +- source3/modules/vfs_streams_depot.c | 16 +- source3/modules/vfs_streams_xattr.c | 19 +- source3/modules/vfs_syncops.c | 7 +- source3/modules/vfs_time_audit.c | 6 +- source3/modules/vfs_unityed_media.c | 9 +- source3/modules/vfs_virusfilter.c | 7 +- source3/modules/vfs_widelinks.c | 9 +- source3/modules/vfs_xattr_tdb.c | 9 +- source3/passdb/passdb.c | 138 +-- source3/printing/nt_printing.c | 43 +- source3/rpc_client/cli_samr.c | 116 +- source3/rpc_client/cli_samr.h | 8 + source3/rpc_client/init_samr.c | 56 + source3/rpc_client/init_samr.h | 21 + source3/rpc_server/dfs/srv_dfs_nt.c | 6 +- source3/rpc_server/mdssvc/mdssvc_es.c | 58 +- source3/rpc_server/samr/srv_samr_chgpasswd.c | 64 + source3/rpc_server/samr/srv_samr_nt.c | 393 ++++++- source3/rpc_server/samr/srv_samr_util.c | 27 +- source3/rpc_server/samr/srv_samr_util.h | 11 +- source3/rpc_server/srvsvc/srv_srvsvc_nt.c | 34 +- source3/rpcclient/cmd_samr.c | 93 +- source3/script/tests/test_smbpasswd.sh | 1 + source3/script/tests/test_smbstatus.sh | 249 ++++ .../tests/test_symlink_traversal_smb1_posix.sh | 2 +- source3/smbd/durable.c | 10 +- source3/smbd/filename.c | 466 +++----- source3/smbd/files.c | 61 +- source3/smbd/msdfs.c | 130 +-- source3/smbd/open.c | 78 +- source3/smbd/proto.h | 25 +- source3/smbd/pysmbd.c | 4 +- source3/smbd/smb1_nttrans.c | 116 +- source3/smbd/smb1_reply.c | 236 ++-- source3/smbd/smb1_trans2.c | 84 +- source3/smbd/smb2_create.c | 12 +- source3/smbd/smb2_negprot.c | 9 - source3/smbd/smb2_nttrans.c | 6 +- source3/smbd/smb2_query_directory.c | 7 +- source3/smbd/smb2_reply.c | 87 +- source3/smbd/smb2_trans2.c | 106 +- source3/smbd/statvfs.c | 2 +- source3/smbd/vfs.c | 6 +- source3/torture/cmd_vfs.c | 71 +- source3/utils/conn_tdb.c | 3 +- source3/utils/conn_tdb.h | 3 +- source3/utils/net_status.c | 4 +- source3/utils/status.c | 635 +++++++--- source3/utils/{status_profile.h => status.h} | 30 +- source3/utils/status_json.c | 1230 ++++++++++++++++++++ source3/utils/status_json.h | 77 ++ source3/utils/status_json_dummy.c | 101 ++ source3/utils/status_profile.c | 46 +- source3/utils/status_profile.h | 4 +- source3/utils/status_profile_dummy.c | 3 +- source3/utils/wscript_build | 5 + source3/winbindd/winbindd_pam.c | 29 + source4/dsdb/common/util.c | 140 +-- source4/dsdb/samdb/ldb_modules/acl.c | 464 +++++++- source4/dsdb/samdb/ldb_modules/util.c | 145 +++ source4/dsdb/samdb/ldb_modules/util.h | 1 + source4/dsdb/samdb/samdb.h | 6 + source4/dsdb/tests/python/acl.py | 757 ++++++++++++ source4/libnet/libnet_passwd.c | 363 +++--- source4/libnet/wscript_build | 1 + source4/param/pyparam.c | 33 + source4/rpc_server/common/common.h | 1 + source4/rpc_server/common/server_info.c | 65 +- source4/rpc_server/netlogon/dcerpc_netlogon.c | 61 +- source4/rpc_server/samr/dcesrv_samr.c | 364 +++++- source4/rpc_server/samr/samr_password.c | 240 ++++ source4/torture/rpc/netlogon.c | 12 +- source4/torture/rpc/samr.c | 390 ++++++- source4/torture/rpc/samr_accessmask.c | 2 +- source4/torture/rpc/samr_handletype.c | 2 +- testprogs/blackbox/dbcheck-links.sh | 1224 +++++++++---------- testprogs/blackbox/dbcheck-oldrelease.sh | 624 +++++----- testprogs/blackbox/dbcheck.sh | 30 +- testprogs/blackbox/demote-saveddb.sh | 56 +- testprogs/blackbox/dfree.sh | 10 +- testprogs/blackbox/dom_parse.sh | 10 +- testprogs/blackbox/functionalprep.sh | 104 +- testprogs/blackbox/join_ldapcmp.sh | 35 +- testprogs/blackbox/ldapcmp_restoredc.sh | 72 +- testprogs/blackbox/nsstest.sh | 8 +- testprogs/blackbox/renamedc.sh | 80 +- testprogs/blackbox/runtime-links.sh | 83 +- testprogs/blackbox/schemaupgrade.sh | 103 +- testprogs/blackbox/subunit.sh | 115 +- testprogs/blackbox/test_chgdcpass.sh | 44 +- testprogs/blackbox/test_client_etypes.sh | 45 +- testprogs/blackbox/test_client_kerberos.sh | 239 ++-- testprogs/blackbox/test_export_keytab_heimdal.sh | 43 +- testprogs/blackbox/test_export_keytab_mit.sh | 44 +- testprogs/blackbox/test_kinit_heimdal.sh | 134 ++- testprogs/blackbox/test_kinit_mit.sh | 121 +- testprogs/blackbox/test_kinit_trusts_heimdal.sh | 52 +- testprogs/blackbox/test_kinit_trusts_mit.sh | 53 +- testprogs/blackbox/test_kpasswd_heimdal.sh | 57 +- testprogs/blackbox/test_kpasswd_mit.sh | 61 +- testprogs/blackbox/test_ktpass.sh | 15 +- wscript_configure_system_gnutls | 3 + 178 files changed, 13233 insertions(+), 3650 deletions(-) create mode 100644 ctdb/common/tmon.c create mode 100644 ctdb/common/tmon.h create mode 100755 ctdb/tests/UNIT/cunit/tmon_test_001.sh create mode 100755 ctdb/tests/UNIT/cunit/tmon_test_002.sh create mode 100644 ctdb/tests/src/tmon_ping_test.c create mode 100644 ctdb/tests/src/tmon_test.c create mode 100644 lib/crypto/gnutls_aead_aes_256_cbc_hmac_sha512.c create mode 100644 lib/crypto/tests/test_gnutls_aead_aes_256_cbc_hmac_sha512.c delete mode 100644 lib/crypto/wscript_build delete mode 100644 lib/crypto/wscript_configure create mode 100644 libcli/auth/tests/test_encode_decode.c create mode 100644 librpc/rpc/dcerpc_samr.h copy source3/utils/{status_profile.h => status.h} (58%) create mode 100644 source3/utils/status_json.c create mode 100644 source3/utils/status_json.h create mode 100644 source3/utils/status_json_dummy.c Changeset truncated at 500 lines: diff --git a/VERSION b/VERSION index a347d8b4486..5e355c77c6c 100644 --- a/VERSION +++ b/VERSION @@ -77,7 +77,7 @@ SAMBA_VERSION_BETA_RELEASE= # e.g. SAMBA_VERSION_PRE_RELEASE=1 # # -> "2.2.9pre1" # ######################################################## -SAMBA_VERSION_PRE_RELEASE=1 +SAMBA_VERSION_PRE_RELEASE= ######################################################## # For 'rc' releases the version will be # @@ -87,7 +87,7 @@ SAMBA_VERSION_PRE_RELEASE=1 # e.g. SAMBA_VERSION_RC_RELEASE=1 # # -> "3.0.0rc1" # ######################################################## -SAMBA_VERSION_RC_RELEASE= +SAMBA_VERSION_RC_RELEASE=1 ######################################################## # To mark SVN snapshots this should be set to 'yes' # @@ -99,7 +99,7 @@ SAMBA_VERSION_RC_RELEASE= # e.g. SAMBA_VERSION_IS_SVN_SNAPSHOT=yes # # -> "3.0.0-SVN-build-199" # ######################################################## -SAMBA_VERSION_IS_GIT_SNAPSHOT=yes +SAMBA_VERSION_IS_GIT_SNAPSHOT=no ######################################################## # This is for specifying a release nickname # diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 3b31211b2bb..d39748f0587 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,7 +1,7 @@ Release Announcements ===================== -This is the first pre release of Samba 4.17. This is *not* +This is the first release candidate of Samba 4.17. This is *not* intended for production environments and is designed for testing purposes only. Please report any defects via the Samba bug reporting system at https://bugzilla.samba.org/. diff --git a/ctdb/common/tmon.c b/ctdb/common/tmon.c new file mode 100644 index 00000000000..04bad1f3bf4 --- /dev/null +++ b/ctdb/common/tmon.c @@ -0,0 +1,602 @@ +/* + Trivial FD monitoring + + Copyright (C) Martin Schwenke & Amitay Isaacs, DataDirect Networks 2022 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, see <http://www.gnu.org/licenses/>. +*/ + +#include "replace.h" + +#include <ctype.h> + +#include "lib/util/blocking.h" +#include "lib/util/sys_rw.h" +#include "lib/util/tevent_unix.h" +#include "lib/util/util.h" +#include "lib/util/smb_strtox.h" + +#include "lib/async_req/async_sock.h" + +#include "common/tmon.h" + + +enum tmon_message_type { + TMON_MSG_EXIT = 1, + TMON_MSG_ERRNO, + TMON_MSG_PING, + TMON_MSG_ASCII, + TMON_MSG_CUSTOM, +}; + +struct tmon_pkt { + enum tmon_message_type type; + uint16_t val; +}; + +struct tmon_buf { + uint8_t data[4]; +}; + +static void tmon_packet_push(struct tmon_pkt *pkt, + struct tmon_buf *buf) +{ + uint16_t type_n, val_n; + + type_n = htons(pkt->type); + val_n = htons(pkt->val); + memcpy(&buf->data[0], &type_n, 2); + memcpy(&buf->data[2], &val_n, 2); +} + +static void tmon_packet_pull(struct tmon_buf *buf, + struct tmon_pkt *pkt) +{ + uint16_t type_n, val_n; + + memcpy(&type_n, &buf->data[0], 2); + memcpy(&val_n, &buf->data[2], 2); + + pkt->type = ntohs(type_n); + pkt->val = ntohs(val_n); +} + +static int tmon_packet_write(int fd, struct tmon_pkt *pkt) +{ + struct tmon_buf buf; + ssize_t n; + + tmon_packet_push(pkt, &buf); + + n = sys_write(fd, &buf.data[0], sizeof(buf.data)); + if (n == -1) { + return errno; + } + return 0; +} + +bool tmon_set_exit(struct tmon_pkt *pkt) +{ + *pkt = (struct tmon_pkt) { + .type = TMON_MSG_EXIT, + }; + + return true; +} + +bool tmon_set_errno(struct tmon_pkt *pkt, int err) +{ + if (err <= 0 || err > UINT16_MAX) { + return false; + } + + *pkt = (struct tmon_pkt) { + .type = TMON_MSG_ERRNO, + .val = (uint16_t)err, + }; + + return true; +} + +bool tmon_set_ping(struct tmon_pkt *pkt) +{ + *pkt = (struct tmon_pkt) { + .type = TMON_MSG_PING, + }; + + return true; +} + +bool tmon_set_ascii(struct tmon_pkt *pkt, char c) +{ + if (!isascii(c)) { + return false; + } + + *pkt = (struct tmon_pkt) { + .type = TMON_MSG_ASCII, + .val = (uint16_t)c, + }; + + return true; +} + +bool tmon_set_custom(struct tmon_pkt *pkt, uint16_t val) +{ + *pkt = (struct tmon_pkt) { + .type = TMON_MSG_CUSTOM, + .val = val, + }; + + return true; +} + +static bool tmon_parse_exit(struct tmon_pkt *pkt) +{ + if (pkt->type != TMON_MSG_EXIT) { + return false; + } + if (pkt->val != 0) { + return false; + } + + return true; +} + +static bool tmon_parse_errno(struct tmon_pkt *pkt, int *err) +{ + if (pkt->type != TMON_MSG_ERRNO) { + return false; + } + *err= (int)pkt->val; + + return true; +} + +bool tmon_parse_ping(struct tmon_pkt *pkt) +{ + if (pkt->type != TMON_MSG_PING) { + return false; + } + if (pkt->val != 0) { + return false; + } + + return true; +} + +bool tmon_parse_ascii(struct tmon_pkt *pkt, char *c) +{ + if (pkt->type != TMON_MSG_ASCII) { + return false; + } + if (!isascii((int)pkt->val)) { + return false; + } + *c = (char)pkt->val; + + return true; +} + +bool tmon_parse_custom(struct tmon_pkt *pkt, uint16_t *val) +{ + if (pkt->type != TMON_MSG_CUSTOM) { + return false; + } + *val = pkt->val; + + return true; +} + +struct tmon_state { + int fd; + int direction; + struct tevent_context *ev; + bool monitor_close; + unsigned long write_interval; + unsigned long read_timeout; + struct tmon_actions actions; + struct tevent_timer *timer; + void *private_data; +}; + +static void tmon_readable(struct tevent_req *subreq); +static bool tmon_set_timeout(struct tevent_req *req, + struct tevent_context *ev); +static void tmon_timedout(struct tevent_context *ev, + struct tevent_timer *te, + struct timeval now, + void *private_data); +static void tmon_write_loop(struct tevent_req *subreq); + +struct tevent_req *tmon_send(TALLOC_CTX *mem_ctx, + struct tevent_context *ev, + int fd, + int direction, + unsigned long read_timeout, + unsigned long write_interval, + struct tmon_actions *actions, + void *private_data) +{ + struct tevent_req *req, *subreq; + struct tmon_state *state; + bool status; + + req = tevent_req_create(mem_ctx, &state, struct tmon_state); + if (req == NULL) { + return NULL; + } + + if (actions != NULL) { + /* If FD isn't readable then read actions are invalid */ + if (!(direction & TMON_FD_READ) && + (actions->timeout_callback != NULL || + actions->read_callback != NULL || + read_timeout != 0)) { + tevent_req_error(req, EINVAL); + return tevent_req_post(req, ev); + } + /* If FD isn't writeable then write actions are invalid */ + if (!(direction & TMON_FD_WRITE) && + (actions->write_callback != NULL || + write_interval != 0)) { + tevent_req_error(req, EINVAL); + return tevent_req_post(req, ev); + } + /* Can't specify write interval without a callback */ + if (state->write_interval != 0 && + state->actions.write_callback == NULL) { + tevent_req_error(req, EINVAL); + return tevent_req_post(req, ev); + } + } + + state->fd = fd; + state->direction = direction; + state->ev = ev; + state->write_interval = write_interval; + state->read_timeout = read_timeout; + state->private_data = private_data; + + if (actions != NULL) { + state->actions = *actions; + } + + status = set_close_on_exec(fd); + if (!status) { + tevent_req_error(req, errno); + return tevent_req_post(req, ev); + } + + if (direction & TMON_FD_READ) { + subreq = wait_for_read_send(state, ev, fd, true); + if (tevent_req_nomem(subreq, req)) { + return tevent_req_post(req, ev); + } + tevent_req_set_callback(subreq, tmon_readable, req); + } + + if (state->read_timeout != 0) { + status = tmon_set_timeout(req, state->ev); + if (!status) { + tevent_req_error(req, ENOMEM); + return tevent_req_post(req, ev); + } + } + + if (state->write_interval != 0) { + subreq = tevent_wakeup_send( + state, + state->ev, + tevent_timeval_current_ofs(state->write_interval, 0)); + if (tevent_req_nomem(subreq, req)) { + return tevent_req_post(req, state->ev); + } + tevent_req_set_callback(subreq, tmon_write_loop, req); + } + + return req; +} + +static void tmon_readable(struct tevent_req *subreq) +{ + struct tevent_req *req = tevent_req_callback_data( + subreq, struct tevent_req); + struct tmon_state *state = tevent_req_data( req, struct tmon_state); + struct tmon_buf buf; + struct tmon_pkt pkt; + ssize_t nread; + bool status; + int err; + int ret; + + status = wait_for_read_recv(subreq, &ret); + TALLOC_FREE(subreq); + if (!status) { + if (ret == EPIPE && state->actions.close_callback != NULL) { + ret = state->actions.close_callback(state->private_data); + if (ret == TMON_STATUS_EXIT) { + ret = 0; + } + } + if (ret == 0) { + tevent_req_done(req); + } else { + tevent_req_error(req, ret); + } + return; + } + + nread = sys_read(state->fd, buf.data, sizeof(buf.data)); + if (nread == -1) { + tevent_req_error(req, errno); + return; + } + if (nread == 0) { + /* Can't happen, treat like EPIPE, above */ + tevent_req_error(req, EPIPE); + return; + } + if (nread != sizeof(buf.data)) { + tevent_req_error(req, EPROTO); + return; + } + + tmon_packet_pull(&buf, &pkt); + + switch (pkt.type) { + case TMON_MSG_EXIT: + status = tmon_parse_exit(&pkt); + if (!status) { + tevent_req_error(req, EPROTO); + return; + } + tevent_req_done(req); + return; + case TMON_MSG_ERRNO: + status = tmon_parse_errno(&pkt, &err); + if (!status) { + err = EPROTO; + } + tevent_req_error(req, err); + return; + default: + break; + } + + if (state->actions.read_callback == NULL) { + /* Shouldn't happen, other end should not write */ + tevent_req_error(req, EIO); + return; + } + ret = state->actions.read_callback(state->private_data, &pkt); + if (ret == TMON_STATUS_EXIT) { + tevent_req_done(req); + return; + } + if (ret != 0) { + tevent_req_error(req, ret); + return; + } + + subreq = wait_for_read_send(state, state->ev, state->fd, true); + if (tevent_req_nomem(subreq, req)) { + return; + } + tevent_req_set_callback(subreq, tmon_readable, req); + + /* Reset read timeout */ + if (state->read_timeout != 0) { + status = tmon_set_timeout(req, state->ev); + if (!status) { + tevent_req_error(req, ENOMEM); + return; + } + } +} + +static bool tmon_set_timeout(struct tevent_req *req, + struct tevent_context *ev) +{ + struct tmon_state *state = tevent_req_data( + req, struct tmon_state); + struct timeval endtime = + tevent_timeval_current_ofs(state->read_timeout, 0); + + TALLOC_FREE(state->timer); + + state->timer = tevent_add_timer(ev, req, endtime, tmon_timedout, req); + if (tevent_req_nomem(state->timer, req)) { + return false; + } + + return true; +} + +static void tmon_timedout(struct tevent_context *ev, + struct tevent_timer *te, + struct timeval now, + void *private_data) +{ + struct tevent_req *req = talloc_get_type_abort( + private_data, struct tevent_req); + struct tmon_state *state = tevent_req_data(req, struct tmon_state); + int ret; + + TALLOC_FREE(state->timer); + + if (state->actions.timeout_callback != NULL) { + ret = state->actions.timeout_callback(state->private_data); + if (ret == TMON_STATUS_EXIT) { + ret = 0; + } + } else { + ret = ETIMEDOUT; + } + + if (ret == 0) { + tevent_req_done(req); + } else { -- Samba Shared Repository