The branch, v4-24-stable has been updated
via 56028c75b2e VERSION: Disable GIT_SNAPSHOT for the upcoming release.
via 057af8b98b1 WHATSNEW: Add release notes for Samba 4.24.0rc2.
via 241748870f7 s3/printing: Fix leaking parsed options
via ef9bde01a05 s3/printing: Fix leaked mem ctx returned from talloc_new
via 03fe9902cea s3:rpc_client: Fix memory leak opening local named pipe
via df0fd8da0a4 docs-xml:smb.conf: Fix "ctdbd socket" documentation
via 9de3dbfe0dc s3:libads: Separate use of ads->config.flags for NBT_*
and DS_* values
via 425504a00f5 s3:libads: Reset ads->config.flags in ads_disconnect()
via 20980f69c3d printing: Fix compilation error for native 32-bit time_t
via 66924b3ba7f WHATSNEW: add ceph_new fscrypt note
via ab68cd21873 VERSION: Bump version up to Samba 4.24.0rc2...
from d753ebb10ff VERSION: Disable GIT_SNAPSHOT for the Samba 4.24.0rc1
release.
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-24-stable
- Log -----------------------------------------------------------------
-----------------------------------------------------------------------
Summary of changes:
VERSION | 2 +-
WHATSNEW.txt | 37 +++++++++++++++++++++++++-
docs-xml/smbdotconf/misc/ctdbdsocket.xml | 16 +++++++-----
source3/libads/ldap.c | 45 +++++++++++++++++---------------
source3/librpc/idl/ads.idl | 4 ++-
source3/libsmb/namequery_dc.c | 4 ++-
source3/printing/print_cups.c | 3 +++
source3/printing/printing.c | 12 ++++++---
source3/rpc_client/cli_pipe.c | 2 +-
source3/winbindd/winbindd_cm.c | 6 ++---
10 files changed, 92 insertions(+), 39 deletions(-)
Changeset truncated at 500 lines:
diff --git a/VERSION b/VERSION
index 54d4d37ad6f..4a73f0ab857 100644
--- a/VERSION
+++ b/VERSION
@@ -89,7 +89,7 @@ SAMBA_VERSION_PRE_RELEASE=
# e.g. SAMBA_VERSION_RC_RELEASE=1 #
# -> "3.0.0rc1" #
########################################################
-SAMBA_VERSION_RC_RELEASE=1
+SAMBA_VERSION_RC_RELEASE=2
########################################################
# To mark SVN snapshots this should be set to 'yes' #
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index 345dc417e9c..48ecbb9b4b9 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,7 +1,7 @@
Release Announcements
=====================
-This is the first release candidate release of Samba 4.24. This is *not*
+This is the second release candidate release of Samba 4.24. This is *not*
intended for production environments and is designed for testing
purposes only. Please report any defects via the Samba bug reporting
system at https://bugzilla.samba.org/.
@@ -218,6 +218,21 @@ limits are exceeded, it dynamically injects millisecond
delays into async
operations to maintain the defined threshold.
+CephFS FSCrypt support for the VFS ceph_new module
+--------------------------------------------------
+The ceph_new VFS module can now make use of the FSCrypt feature recently added
+to CephFS. This enhancement enables data and file name encryption on a per
+share basis. A single CephFS file system may host a mix of encrypted and
+unencrypted directories.
+
+To obtain the encryption keys needed for FSCrypt the ceph_new module includes
+support for the Keybridge protocol. Keybridge is an RPC protocol based on
+Varlink that can retrieve keys from a local service via a UNIX socket. Users
+can choose to develop a custom Keybridge implementation or use the existing
+KMIP-compatible Keybridge server available as part of the sambacc project
+(https://github.com/samba-in-kubernetes/sambacc).
+
+
REMOVED FEATURES
================
@@ -234,6 +249,26 @@ smb.conf changes
kdc name match implicit dollar without canonicalization
New yes
+
+CHANGES SINCE 4.24.0rc1
+=======================
+
+o Samuel Cabrero <[email protected]>
+ * BUG 15979: possible memory leak on rpc_spoolss
+
+o Pavel Filipenský <[email protected]>
+ * BUG 15972: Winbind group resolution failure
+
+o Noel Power <[email protected]>
+ * BUG 15979: possible memory leak on rpc_spoolss
+
+o Martin Schwenke <[email protected]>
+ * BUG 15977: ctdbd socket documentation is wrong
+
+o Michael Tokarev <[email protected]>
+ * BUG 15976: time_t related build failure on 32bit arch in 4.24.0rc1
+
+
KNOWN ISSUES
============
diff --git a/docs-xml/smbdotconf/misc/ctdbdsocket.xml
b/docs-xml/smbdotconf/misc/ctdbdsocket.xml
index 2bc118bd7a7..40cd3fb4634 100644
--- a/docs-xml/smbdotconf/misc/ctdbdsocket.xml
+++ b/docs-xml/smbdotconf/misc/ctdbdsocket.xml
@@ -4,12 +4,16 @@
function="_ctdbd_socket"
xmlns:samba="http://www.samba.org/samba/DTD/samba-doc";>
<description>
- <para>If you set <value type="example">clustering=yes</value>,
- you need to tell Samba where ctdbd listens on its unix domain
- socket. The default path as of ctdb 1.0 is /tmp/ctdb.socket which
- you have to explicitly set for Samba in smb.conf.
- </para>
+ <para>
+ In a test environment, this parameter can be used when
+ <value type="example">clustering=yes</value> to specify an alternate
+ location for the CTDB Unix domain socket.
+ </para>
+ <para>
+ This parameter should not be set in production environments. If it
+ is not set then the (correct) build-time default is used.
+ </para>
</description>
<value type="default"></value>
-<value type="example">/tmp/ctdb.socket</value>
+<value type="example">/var/run/altctdb/ctdbd.socket</value>
</samba:parameter>
diff --git a/source3/libads/ldap.c b/source3/libads/ldap.c
index e3e4ff2b240..cc1715d151d 100644
--- a/source3/libads/ldap.c
+++ b/source3/libads/ldap.c
@@ -237,7 +237,7 @@ bool ads_sitename_match(ADS_STRUCT *ads)
bool ads_closest_dc(ADS_STRUCT *ads)
{
- if (ads->config.flags & NBT_SERVER_CLOSEST) {
+ if (ads->config.server_flags & NBT_SERVER_CLOSEST) {
DEBUG(10,("ads_closest_dc: NBT_SERVER_CLOSEST flag set\n"));
return True;
}
@@ -344,7 +344,7 @@ static bool ads_fill_cldap_reply(ADS_STRUCT *ads,
sitename_store(cldap_reply->dns_domain, cldap_reply->client_site);
/* Leave this until last so that the flags are not clobbered */
- ads->config.flags = cldap_reply->server_type;
+ ads->config.server_flags = cldap_reply->server_type;
ret = true;
@@ -379,7 +379,8 @@ static bool ads_try_connect(ADS_STRUCT *ads, bool gc,
ok = ads_cldap_netlogon_5(frame,
ss,
ads->server.realm,
- ads->config.flags | DS_ONLY_LDAP_NEEDED,
+ ads->config.required_flags |
+ DS_ONLY_LDAP_NEEDED,
&cldap_reply);
if (!ok) {
DBG_NOTICE("ads_cldap_netlogon_5(%s, %s) failed.\n",
@@ -491,20 +492,21 @@ again:
return status;
}
- status = netlogon_pings(frame, /* mem_ctx */
- lp_client_netlogon_ping_protocol(), /* proto */
- ts_list, /* servers */
- num_requests, /* num_servers */
- (struct netlogon_ping_filter){
- .ntversion = nt_version,
- .domain = ads->server.realm,
- .acct_ctrl = -1,
- .required_flags = ads->config.flags |
- DS_ONLY_LDAP_NEEDED,
- },
- 1, /* wanted_servers */
- endtime, /* timeout */
- &responses);
+ status = netlogon_pings(
+ frame, /* mem_ctx */
+ lp_client_netlogon_ping_protocol(), /* proto */
+ ts_list, /* servers */
+ num_requests, /* num_servers */
+ (struct netlogon_ping_filter){
+ .ntversion = nt_version,
+ .domain = ads->server.realm,
+ .acct_ctrl = -1,
+ .required_flags = ads->config.required_flags |
+ DS_ONLY_LDAP_NEEDED,
+ },
+ 1, /* wanted_servers */
+ endtime, /* timeout */
+ &responses);
if (!NT_STATUS_IS_OK(status)) {
DBG_WARNING("netlogon_pings(realm=%s, num_requests=%zu) "
"for count[%zu] - %s\n",
@@ -1265,6 +1267,7 @@ void ads_disconnect(ADS_STRUCT *ads)
if (ads->ldap_wrap_data.mem_ctx) {
talloc_free(ads->ldap_wrap_data.mem_ctx);
}
+ ads->config.server_flags = 0;
ads_zero_ldap(ads);
ZERO_STRUCT(ads->ldap_tls_data);
ZERO_STRUCT(ads->ldap_wrap_data);
@@ -3731,10 +3734,10 @@ ADS_STATUS ads_current_time(ADS_STRUCT *ads)
}
/*
- * Reset ads->config.flags as it can contain the flags
+ * Reset flags as it can contain the flags
* returned by the previous CLDAP ping when reusing the struct.
*/
- ads_s->config.flags = 0;
+ ads_s->config.server_flags = 0;
status = ads_connect_simple_anon(ads_s);
if ( !ADS_ERR_OK(status))
@@ -3820,10 +3823,10 @@ ADS_STATUS ads_domain_func_level(ADS_STRUCT *ads,
uint32_t *val)
}
/*
- * Reset ads->config.flags as it can contain the flags
+ * Reset flags as it can contain the flags
* returned by the previous CLDAP ping when reusing the struct.
*/
- ads_s->config.flags = 0;
+ ads_s->config.server_flags = 0;
status = ads_connect_simple_anon(ads_s);
if ( !ADS_ERR_OK(status))
diff --git a/source3/librpc/idl/ads.idl b/source3/librpc/idl/ads.idl
index 381447a1a29..20941e90346 100644
--- a/source3/librpc/idl/ads.idl
+++ b/source3/librpc/idl/ads.idl
@@ -6,6 +6,7 @@
*/
import "nbt.idl";
+import "netlogon.idl";
cpp_quote("#include <system/network.h>")
@@ -51,7 +52,8 @@ interface ads
} ads_auth;
typedef [nopull,nopush] struct {
- nbt_server_type flags; /* cldap flags identifying the services.
*/
+ nbt_server_type server_flags; /* NBT_* cldap flags identifying
the services. */
+ netr_DsRGetDCName_flags required_flags; /* DS_* - Netlogon
flags */
string workgroup;
string realm;
string bind_path;
diff --git a/source3/libsmb/namequery_dc.c b/source3/libsmb/namequery_dc.c
index 83236e3474c..b7b12ecb6f6 100644
--- a/source3/libsmb/namequery_dc.c
+++ b/source3/libsmb/namequery_dc.c
@@ -109,7 +109,9 @@ static bool ads_dc_name(const char *domain,
}
#ifdef HAVE_ADS
- if (is_our_primary_domain(domain) && (ads->config.flags &
NBT_SERVER_KDC)) {
+ if (is_our_primary_domain(domain) &&
+ (ads->config.server_flags & NBT_SERVER_KDC))
+ {
if (ads_closest_dc(ads)) {
/* We're going to use this KDC for this
realm/domain.
If we are using sites, then force the krb5
libs
diff --git a/source3/printing/print_cups.c b/source3/printing/print_cups.c
index d8ba9ccd011..f1449e1d1ea 100644
--- a/source3/printing/print_cups.c
+++ b/source3/printing/print_cups.c
@@ -1130,6 +1130,9 @@ static int cups_job_submit(int snum, struct printjob
*pjob,
if (http)
httpClose(http);
+ if (num_options) {
+ cupsFreeOptions(num_options, options);
+ }
TALLOC_FREE(frame);
return ret;
diff --git a/source3/printing/printing.c b/source3/printing/printing.c
index a9e8422efab..3afc3733983 100644
--- a/source3/printing/printing.c
+++ b/source3/printing/printing.c
@@ -59,6 +59,7 @@ static int fetch_share_cache_time(const char *key_name,
time_t *curr_time)
{
char *key = NULL;
+ int64_t curr_time64 = -1;
key = talloc_asprintf(NULL, "%s/%s", key_name, sharename);
if (key == NULL) {
@@ -66,11 +67,12 @@ static int fetch_share_cache_time(const char *key_name,
return -1;
}
- if (tdb_fetch_int64(tdb, key, curr_time) != 0) {
+ if (tdb_fetch_int64(tdb, key, &curr_time64) != 0) {
DBG_ERR("No timing record found for[%s]!\n", sharename);
TALLOC_FREE(key);
return -1;
}
+ *curr_time = curr_time64;
TALLOC_FREE(key);
return 0;
@@ -82,6 +84,7 @@ static int update_share_cache_time(const char *key_name,
time_t curr_time)
{
char *key = NULL;
+ int64_t curr_time64 = curr_time;
key = talloc_asprintf(NULL, "%s/%s", key_name, sharename);
if (key == NULL) {
@@ -89,7 +92,7 @@ static int update_share_cache_time(const char *key_name,
return -1;
}
- if (tdb_store_int64(tdb, key, (int64_t)curr_time) != 0) {
+ if (tdb_store_int64(tdb, key, curr_time64) != 0) {
DBG_ERR("Unable to update print cache for %s\n", sharename);
TALLOC_FREE(key);
return -1;
@@ -2897,7 +2900,7 @@ NTSTATUS print_job_end(struct messaging_context *msg_ctx,
int snum,
pjob->filename, pjob->size ? "deleted" : "zero length"
));
unlink(pjob->filename);
pjob_delete(global_event_context(), msg_ctx, sharename, jobid);
- return NT_STATUS_OK;
+ goto out;
}
/* don't strip out characters like '$' from the printername */
@@ -2939,7 +2942,8 @@ NTSTATUS print_job_end(struct messaging_context *msg_ctx,
int snum,
/* make sure the database is up to date */
if (print_cache_expired(lp_const_servicename(snum), True))
print_queue_update(msg_ctx, snum, False);
-
+out:
+ talloc_free(tmp_ctx);
return NT_STATUS_OK;
fail:
diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c
index 660cda5ea91..002ead6d5f9 100644
--- a/source3/rpc_client/cli_pipe.c
+++ b/source3/rpc_client/cli_pipe.c
@@ -3624,7 +3624,7 @@ NTSTATUS rpc_pipe_open_local_np(
}
if (local_server_name == NULL) {
- local_server_name = get_myname(result);
+ local_server_name = get_myname(frame);
}
if (local_server_addr != NULL) {
diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbindd_cm.c
index d3b48a74131..e49c72dc332 100644
--- a/source3/winbindd/winbindd_cm.c
+++ b/source3/winbindd/winbindd_cm.c
@@ -1053,7 +1053,7 @@ static bool dcip_check_name_ads(const struct
winbindd_domain *domain,
ads_status = ADS_ERROR_NT(NT_STATUS_NO_MEMORY);
goto out;
}
- ads->config.flags |= request_flags;
+ ads->config.required_flags |= request_flags;
ads->server.no_fallback = true;
ads_status = ads_connect_cldap_only(ads);
@@ -1069,9 +1069,9 @@ static bool dcip_check_name_ads(const struct
winbindd_domain *domain,
}
namecache_store(name, 0x20, 1, sa);
- DBG_DEBUG("CLDAP flags = 0x%"PRIx32"\n", ads->config.flags);
+ DBG_DEBUG("CLDAP flags = 0x%" PRIx32 "\n", ads->config.server_flags);
- if (domain->primary && (ads->config.flags & NBT_SERVER_KDC)) {
+ if (domain->primary && (ads->config.server_flags & NBT_SERVER_KDC)) {
if (ads_closest_dc(ads)) {
char *sitename = sitename_fetch(tmp_ctx,
ads->config.realm);
--
Samba Shared Repository
