The branch, v4-21-stable has been updated
via bb4874ba201 VERSION: Disable GIT_SNAPSHOT for the 4.21.0rc3 release.
via 21a75c2bf0a WHATSNEW: Add release notes for Samba 4.20.0rc3.
via 38055454914 s3:smb2_server: return
NT_STATUS_NETWORK_SESSION_EXPIRED for compound requests
via 64416b69784 s4:torture/smb2: let smb2.session.expire2* also check
compound requests
via 294f9e47a3b s3:libads: Do not print error message for a default
configuration
via fcca9820023 docs-xml: Fix script location in
syncmachinepasswordscript.xml
via c7e6ec6bae8 source3/script: Fix installation of
winbind_ctdb_updatekeytab.sh
via 12084aa1bda WHATSNEW: update "New cephfs VFS module" section
via cf4feb17783 VERSION: Bump version up to Samba 4.21.0rc3...
from 8e440c0a96a VERSION: Disable GIT_SNAPSHOT for the 4.21.0rc2 release.
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-21-stable
- Log -----------------------------------------------------------------
-----------------------------------------------------------------------
Summary of changes:
VERSION | 2 +-
WHATSNEW.txt | 27 ++++++++++-
docs-xml/generate-pathconf-entities.sh | 1 +
.../security/syncmachinepasswordscript.xml | 4 +-
dynconfig/wscript | 5 ++
source3/libads/kerberos_keytab.c | 5 +-
source3/script/wscript_build | 4 +-
source3/smbd/smb2_server.c | 16 ++++++-
source4/torture/smb2/session.c | 56 ++++++++++++++++++++++
9 files changed, 112 insertions(+), 8 deletions(-)
Changeset truncated at 500 lines:
diff --git a/VERSION b/VERSION
index ba580667949..dd2eb2f8a9c 100644
--- a/VERSION
+++ b/VERSION
@@ -89,7 +89,7 @@ SAMBA_VERSION_PRE_RELEASE=
# e.g. SAMBA_VERSION_RC_RELEASE=1 #
# -> "3.0.0rc1" #
########################################################
-SAMBA_VERSION_RC_RELEASE=2
+SAMBA_VERSION_RC_RELEASE=3
########################################################
# To mark SVN snapshots this should be set to 'yes' #
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index c42c8cdb142..9eee53ae713 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,7 +1,7 @@
Release Announcements
=====================
-This is the second release candidate of Samba 4.21. This is *not*
+This is the third release candidate of Samba 4.21. This is *not*
intended for production environments and is designed for testing
purposes only. Please report any defects via the Samba bug reporting
system at https://bugzilla.samba.org/.
@@ -238,6 +238,16 @@ nodes. Check in smb.conf(5) the scripts
winbind_ctdb_updatekeytab.sh and
For detailed information check the smb.conf(5) and net(8) manpages.
+New cephfs VFS module
+---------------------
+Introduce new vfs-to-cephfs bridge which uses libcephfs low-level APIs (instead
+of path-based operations in the existing module). It allows users to pass
+explicit user-credentials per call (including supplementary groups), as well as
+faster operations using inode and file-handle caching on the Samba side.
+Configuration is identical to existing module, but using 'ceph_new' instead of
+'ceph' for the relevant smb.conf entries. This new module is expected to
+deprecate and replace the old one in next major release.
+
REMOVED FEATURES
================
@@ -270,6 +280,21 @@ smb.conf changes
sync machine password script script
+CHANGES SINCE 4.21.0rc2
+=======================
+
+o Pavel Filipenský <pfilipen...@samba.org>
+ * BUG 15689: Can't add/delete special keys to keytab for nfs, cifs, http
etc.
+
+o Stefan Metzmacher <me...@samba.org>
+ * BUG 15696: Compound SMB2 requests don't return
+ NT_STATUS_NETWORK_SESSION_EXPIRED for all requests, confuses
+ MacOSX clients.
+
+o Anoop C S <anoo...@samba.org>
+ * BUG 15689: Can't add/delete special keys to keytab for nfs, cifs, http
etc.
+
+
CHANGES SINCE 4.21.0rc1
=======================
diff --git a/docs-xml/generate-pathconf-entities.sh
b/docs-xml/generate-pathconf-entities.sh
index 6c0c31a3522..1b689a8a23f 100755
--- a/docs-xml/generate-pathconf-entities.sh
+++ b/docs-xml/generate-pathconf-entities.sh
@@ -17,5 +17,6 @@ echo "
<!ENTITY pathconfig.NTP_SIGND_SOCKET_DIR '\${prefix}/var/lib/ntp_signd'>
<!ENTITY pathconfig.MITKDCPATH '\${prefix}/sbin/krb5kdc'>
<!ENTITY pathconfig.SAMBA_DATADIR '\${prefix}/var/samba'>
+<!ENTITY pathconfig.CTDB_DATADIR '\${prefix}/share/ctdb'>
<!ENTITY pathconfig.CONFIGFILE '\${prefix}/etc/smb.conf'>
"
diff --git a/docs-xml/smbdotconf/security/syncmachinepasswordscript.xml
b/docs-xml/smbdotconf/security/syncmachinepasswordscript.xml
index 9a7731930d5..df98610cf36 100644
--- a/docs-xml/smbdotconf/security/syncmachinepasswordscript.xml
+++ b/docs-xml/smbdotconf/security/syncmachinepasswordscript.xml
@@ -11,7 +11,7 @@
<para>
If keytabs should be generated in clustered environments it is recommended
to update them on all nodes.
- You can set the config option to
&pathconfig.SAMBA_DATADIR;/scripts/winbind_ctdb_updatekeytab.sh in clustering
case.
+ You can set the config option to
&pathconfig.CTDB_DATADIR;/scripts/winbind_ctdb_updatekeytab.sh in clustering
case.
It is also needed to activate the
<constant>46.update-keytabs.script</constant> in ctdb,
it re-creates the keytab during the ctdb recovered event:
<programlisting>
@@ -22,5 +22,5 @@
</description>
<value type="default"/>
-<value
type="example">&pathconfig.SAMBA_DATADIR;/scripts/winbind_ctdb_updatekeytab.sh</value>
+<value
type="example">&pathconfig.CTDB_DATADIR;/scripts/winbind_ctdb_updatekeytab.sh</value>
</samba:parameter>
diff --git a/dynconfig/wscript b/dynconfig/wscript
index 2041d881546..a784dac4e6c 100644
--- a/dynconfig/wscript
+++ b/dynconfig/wscript
@@ -105,6 +105,11 @@ dynconfig = {
'FHS-PATH': '${DATADIR}',
'OVERWRITE': True,
},
+ 'CTDB_DATADIR' : {
+ 'STD-PATH': '${DATADIR}/ctdb',
+ 'FHS-PATH': '${DATADIR}/ctdb',
+ 'OVERWRITE': True,
+ },
'SAMBA_DATADIR' : {
'STD-PATH': '${DATADIR}/samba',
'FHS-PATH': '${DATADIR}/samba',
diff --git a/source3/libads/kerberos_keytab.c b/source3/libads/kerberos_keytab.c
index e2fcee634b4..6ede567b75f 100644
--- a/source3/libads/kerberos_keytab.c
+++ b/source3/libads/kerberos_keytab.c
@@ -838,8 +838,9 @@ static bool pw2kt_default_keytab_name(char *name_str,
size_t name_size)
break;
default:
- DBG_ERR("Invalid kerberos method set (%d)\n",
- lp_kerberos_method());
+ DBG_NOTICE("'kerberos method' is 'secrets only' but "
+ "'sync machine password to keytab' is not set "
+ "==> no keytab will be generated.\n");
return false;
}
diff --git a/source3/script/wscript_build b/source3/script/wscript_build
index 2b0643b0876..bc451497298 100644
--- a/source3/script/wscript_build
+++ b/source3/script/wscript_build
@@ -6,7 +6,9 @@ bld.INSTALL_FILES('${BINDIR}',
'smbtar',
chmod=MODE_755, flat=True)
bld.INSTALL_FILES('${BINDIR}', 'samba-log-parser', chmod=MODE_755, flat=True)
-bld.INSTALL_FILES('${DATADIR}', 'winbind_ctdb_updatekeytab.sh',
chmod=MODE_755, flat=True)
+if conf.env.with_ctdb:
+ bld.INSTALL_FILES(bld.env.CTDB_DATADIR+"/scripts",
+ 'winbind_ctdb_updatekeytab.sh', chmod=MODE_755,
flat=True)
# Callout scripts for use in selftest environment
bld.SAMBA_SCRIPT('smbaddshare', pattern='smbaddshare', installdir='.')
diff --git a/source3/smbd/smb2_server.c b/source3/smbd/smb2_server.c
index a32044d9357..b37829e8c4f 100644
--- a/source3/smbd/smb2_server.c
+++ b/source3/smbd/smb2_server.c
@@ -3050,6 +3050,7 @@ NTSTATUS smbd_smb2_request_dispatch(struct
smbd_smb2_request *req)
bool signing_required = false;
bool encryption_desired = false;
bool encryption_required = false;
+ bool session_expired = false;
inhdr = SMBD_SMB2_IN_HDR_PTR(req);
@@ -3098,6 +3099,9 @@ NTSTATUS smbd_smb2_request_dispatch(struct
smbd_smb2_request *req)
signing_required = x->global->signing_flags &
SMBXSRV_SIGNING_REQUIRED;
encryption_desired = x->global->encryption_flags &
SMBXSRV_ENCRYPTION_DESIRED;
encryption_required = x->global->encryption_flags &
SMBXSRV_ENCRYPTION_REQUIRED;
+ session_expired =
+ NT_STATUS_EQUAL(session_status,
+ NT_STATUS_NETWORK_SESSION_EXPIRED);
}
req->async_internal = false;
@@ -3171,7 +3175,7 @@ NTSTATUS smbd_smb2_request_dispatch(struct
smbd_smb2_request *req)
* This check is mostly for giving the correct error code
* for compounded requests.
*/
- if (!NT_STATUS_IS_OK(session_status)) {
+ if (!session_expired && !NT_STATUS_IS_OK(session_status)) {
return smbd_smb2_request_error(req,
NT_STATUS_INVALID_PARAMETER);
}
} else {
@@ -3257,6 +3261,9 @@ NTSTATUS smbd_smb2_request_dispatch(struct
smbd_smb2_request *req)
}
if (!NT_STATUS_IS_OK(session_status)) {
+ if (session_expired && opcode == SMB2_OP_CREATE) {
+ req->compound_create_err = session_status;
+ }
return smbd_smb2_request_error(req, session_status);
}
}
@@ -3308,11 +3315,18 @@ NTSTATUS smbd_smb2_request_dispatch(struct
smbd_smb2_request *req)
skipped_signing:
if (flags & SMB2_HDR_FLAG_CHAINED) {
+ if (!NT_STATUS_IS_OK(req->compound_create_err)) {
+ return smbd_smb2_request_error(req,
+ req->compound_create_err);
+ }
req->compound_related = true;
}
if (call->need_session) {
if (!NT_STATUS_IS_OK(session_status)) {
+ if (session_expired && opcode == SMB2_OP_CREATE) {
+ req->compound_create_err = session_status;
+ }
return smbd_smb2_request_error(req, session_status);
}
}
diff --git a/source4/torture/smb2/session.c b/source4/torture/smb2/session.c
index 2a3d0e6e853..ecaac76e6c3 100644
--- a/source4/torture/smb2/session.c
+++ b/source4/torture/smb2/session.c
@@ -1317,6 +1317,7 @@ static bool test_session_expire2i(struct torture_context
*tctx,
char fname[256];
struct smb2_handle dh;
struct smb2_handle dh2;
+ struct smb2_handle relhandle = { .data = { UINT64_MAX, UINT64_MAX } };
struct smb2_handle _h1;
struct smb2_handle *h1 = NULL;
struct smb2_create io1;
@@ -1330,7 +1331,10 @@ static bool test_session_expire2i(struct torture_context
*tctx,
struct smb2_ioctl ctl;
struct smb2_break oack;
struct smb2_lease_break_ack lack;
+ struct smb2_create cio;
struct smb2_find fnd;
+ struct smb2_close cl;
+ struct smb2_request *reqs[3] = { NULL, };
union smb_search_data *d = NULL;
unsigned int count;
struct smb2_request *req = NULL;
@@ -1562,6 +1566,58 @@ static bool test_session_expire2i(struct torture_context
*tctx,
ret, done, "smb2_find_level "
"returned unexpected status");
+ /* Now do a compound open + query directory + close handle. */
+ smb2_transport_compound_start(tree->session->transport, 3);
+ torture_comment(tctx, "Compound: Open+QueryDirectory+Close =>
EXPIRED\n");
+
+ ZERO_STRUCT(cio);
+ cio.in.oplock_level = 0;
+ cio.in.desired_access = SEC_STD_SYNCHRONIZE | SEC_DIR_READ_ATTRIBUTE |
SEC_DIR_LIST;
+ cio.in.file_attributes = 0;
+ cio.in.create_disposition = NTCREATEX_DISP_OPEN;
+ cio.in.share_access =
NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_DELETE;
+ cio.in.create_options = NTCREATEX_OPTIONS_ASYNC_ALERT;
+ cio.in.fname = "";
+
+ reqs[0] = smb2_create_send(tree, &cio);
+ torture_assert_not_null_goto(tctx, reqs[0], ret, done,
+ "smb2_create_send failed\n");
+
+ smb2_transport_compound_set_related(tree->session->transport, true);
+
+ ZERO_STRUCT(fnd);
+ fnd.in.file.handle = relhandle;
+ fnd.in.pattern = "*";
+ fnd.in.continue_flags = SMB2_CONTINUE_FLAG_SINGLE;
+ fnd.in.max_response_size= 0x100;
+ fnd.in.level = SMB2_FIND_BOTH_DIRECTORY_INFO;
+
+ reqs[1] = smb2_find_send(tree, &fnd);
+ torture_assert_not_null_goto(tctx, reqs[1], ret, done,
+ "smb2_find_send failed\n");
+
+ ZERO_STRUCT(cl);
+ cl.in.file.handle = relhandle;
+ reqs[2] = smb2_close_send(tree, &cl);
+ torture_assert_not_null_goto(tctx, reqs[2], ret, done,
+ "smb2_close_send failed\n");
+
+ status = smb2_create_recv(reqs[0], tree, &cio);
+ torture_assert_ntstatus_equal_goto(tctx, status,
+ NT_STATUS_NETWORK_SESSION_EXPIRED,
+ ret, done, "smb2_create "
+ "returned unexpected status");
+ status = smb2_find_recv(reqs[1], tree, &fnd);
+ torture_assert_ntstatus_equal_goto(tctx, status,
+ NT_STATUS_NETWORK_SESSION_EXPIRED,
+ ret, done, "smb2_find "
+ "returned unexpected status");
+ status = smb2_close_recv(reqs[2], &cl);
+ torture_assert_ntstatus_equal_goto(tctx, status,
+ NT_STATUS_NETWORK_SESSION_EXPIRED,
+ ret, done, "smb2_close "
+ "returned unexpected status");
+
torture_comment(tctx, "1st notify => CANCEL\n");
smb2_cancel(req);
--
Samba Shared Repository
