The branch, v4-22-stable has been updated
via ff3dd691f38 VERSION: Disable GIT_SNAPSHOT for the 4.22.10 release.
via ef25c3fcb9f WHATSNEW: Add release notes for Samba 4.22.9
via 27dad685330 rpc: Don't offer spoolss RPC with "disable spoolss =
yes"
via 3d467f5b859 s3/libsmb: block anon authentication fallback is
use-kerberos = desired
via 2358c39db5b s3/libsmb: cli_session_creds_init fails when kerberos
is desired
via b6d084e8e1e auth/credentials: Fix regression with
--use-kerberos=desired for smbclient
via c7adc83306a selftest: Update tests to use
--use-kereros=desired|required no creds
via 84cb6eb6ff3 ctdb-failover: Add sm-notify to statd_callout
via 8603eb0b7bd ctdb-scripts: Only send notifies for newly taken IPs
via 6a1ff6298fd ctdb-tests: Update statd-callout unit test
infrastructure
via 178c2130675 s3/librpc/crypto: Don't keep growing in memory keytab
via 4146d3a90aa selftest: mark "smb2.lease.rename_dir_openfile" as
flapping
via b4912756d28 VERSION: Bump version up to Samba 4.22.9...
from d0a814e3c26 VERSION: Disable GIT_SNAPSHOT for the upcoming release.
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-22-stable
- Log -----------------------------------------------------------------
-----------------------------------------------------------------------
Summary of changes:
VERSION | 2 +-
WHATSNEW.txt | 58 ++++++++++++++-
auth/gensec/gensec_util.c | 5 --
ctdb/config/events/legacy/60.nfs.script | 3 +
ctdb/failover/statd_callout.c | 21 +++++-
.../UNIT/eventscripts/scripts/statd-callout.sh | 84 +++++++++++++++-------
ctdb/tests/UNIT/eventscripts/statd-callout.001.sh | 2 +-
ctdb/tests/UNIT/eventscripts/statd-callout.002.sh | 2 +-
ctdb/tests/UNIT/eventscripts/statd-callout.004.sh | 8 ++-
ctdb/tests/UNIT/eventscripts/statd-callout.005.sh | 12 +++-
ctdb/tests/UNIT/eventscripts/statd-callout.006.sh | 12 +++-
.../{statd-callout.006.sh => statd-callout.008.sh} | 14 +++-
ctdb/tests/UNIT/eventscripts/statd-callout.050.sh | 11 +++
.../{statd-callout.101.sh => statd-callout.108.sh} | 2 +-
.../{statd-callout.101.sh => statd-callout.150.sh} | 2 +-
.../{statd-callout.201.sh => statd-callout.208.sh} | 2 +-
.../{statd-callout.101.sh => statd-callout.250.sh} | 2 +-
ctdb/tools/statd_callout_helper | 44 ++++++++++--
selftest/flapping.d/smb2.lease | 1 +
source3/librpc/crypto/gse_krb5.c | 18 ++++-
source3/libsmb/cliconnect.c | 2 +-
source3/libsmb/libsmb_server.c | 2 +
source3/rpc_server/rpcd_spoolss.c | 5 ++
source3/script/tests/test_smbclient_kerberos.sh | 12 ++++
24 files changed, 270 insertions(+), 56 deletions(-)
copy ctdb/tests/UNIT/eventscripts/{statd-callout.006.sh =>
statd-callout.008.sh} (60%)
create mode 100755 ctdb/tests/UNIT/eventscripts/statd-callout.050.sh
copy ctdb/tests/UNIT/eventscripts/{statd-callout.101.sh =>
statd-callout.108.sh} (70%)
copy ctdb/tests/UNIT/eventscripts/{statd-callout.101.sh =>
statd-callout.150.sh} (70%)
copy ctdb/tests/UNIT/eventscripts/{statd-callout.201.sh =>
statd-callout.208.sh} (69%)
copy ctdb/tests/UNIT/eventscripts/{statd-callout.101.sh =>
statd-callout.250.sh} (70%)
create mode 100644 selftest/flapping.d/smb2.lease
Changeset truncated at 500 lines:
diff --git a/VERSION b/VERSION
index c7a2fbc96f8..908c490ec5f 100644
--- a/VERSION
+++ b/VERSION
@@ -27,7 +27,7 @@ SAMBA_COPYRIGHT_STRING="Copyright Andrew Tridgell and the
Samba Team 1992-2025"
########################################################
SAMBA_VERSION_MAJOR=4
SAMBA_VERSION_MINOR=22
-SAMBA_VERSION_RELEASE=8
+SAMBA_VERSION_RELEASE=9
########################################################
# If a official release has a serious bug #
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index 008ca6b38e0..eebf43a9362 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,3 +1,58 @@
+ ==============================
+ Release Notes for Samba 4.22.9
+ April 09, 2026
+ ==============================
+
+
+This is the latest stable release of the Samba 4.22 release series.
+
+
+Changes since 4.22.8
+--------------------
+
+o Ralph Boehme <[email protected]>
+ * BUG 15978: leases torture test flappy
+
+o Volker Lendecke <[email protected]>
+ * BUG 16019: incorrect behavior on rpcclient enumport with rpcd_spoolss
+
+o Noel Power <[email protected]>
+ * BUG 15789: "use-kerberos=desired" broken
+ * BUG 16042: rpc workers with long living clients grow server memory keytab
+
+o Peter Schwenke <[email protected]>
+ * BUG 15938: CTDB's statd_callout fails on sm-notify
+ * BUG 15939: CTDB statd_callout_notify notifies unnecessary clients and
loses
+ their state
+
+o Martin Schwenke <[email protected]>
+ * BUG 15939: CTDB statd_callout_notify notifies unnecessary clients and
loses
+ their state
+
+
+#######################################
+Reporting bugs & Development Discussion
+#######################################
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical:matrix.org matrix room, or
+#samba-technical IRC channel on irc.libera.chat.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored. All bug reports should
+be filed under the Samba 4.1 and newer product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+======================================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+======================================================================
+
+
+Release notes for older releases follow:
+----------------------------------------
==============================
Release Notes for Samba 4.22.8
February 19, 2026
@@ -56,8 +111,7 @@ database (https://bugzilla.samba.org/).
======================================================================
-Release notes for older releases follow:
-----------------------------------------
+----------------------------------------------------------------------
==============================
Release Notes for Samba 4.22.7
December 18, 2025
diff --git a/auth/gensec/gensec_util.c b/auth/gensec/gensec_util.c
index 0c7688d33d2..af6d198d48f 100644
--- a/auth/gensec/gensec_util.c
+++ b/auth/gensec/gensec_util.c
@@ -362,7 +362,6 @@ char *gensec_get_unparsed_target_principal(struct
gensec_security *gensec_securi
NTSTATUS gensec_kerberos_possible(struct gensec_security *gensec_security)
{
struct cli_credentials *creds = gensec_get_credentials(gensec_security);
- bool auth_requested = cli_credentials_authentication_requested(creds);
enum credentials_use_kerberos krb5_state =
cli_credentials_get_kerberos_state(creds);
char *user_principal = NULL;
@@ -370,10 +369,6 @@ NTSTATUS gensec_kerberos_possible(struct gensec_security
*gensec_security)
const char *target_principal =
gensec_get_target_principal(gensec_security);
const char *hostname = gensec_get_target_hostname(gensec_security);
- if (!auth_requested) {
- return NT_STATUS_INVALID_PARAMETER;
- }
-
if (krb5_state == CRED_USE_KERBEROS_DISABLED) {
return NT_STATUS_INVALID_PARAMETER;
}
diff --git a/ctdb/config/events/legacy/60.nfs.script
b/ctdb/config/events/legacy/60.nfs.script
index b797ada9370..fa0d672aa8f 100755
--- a/ctdb/config/events/legacy/60.nfs.script
+++ b/ctdb/config/events/legacy/60.nfs.script
@@ -325,6 +325,9 @@ shutdown)
takeip)
nfs_callout "$@" || exit $?
+ if [ -x "${CTDB_HELPER_BINDIR}/statd_callout_helper" ] ; then
+ "${CTDB_HELPER_BINDIR}/statd_callout_helper" takeip "$3"
+ fi
ctdb_service_set_reconfigure
;;
diff --git a/ctdb/failover/statd_callout.c b/ctdb/failover/statd_callout.c
index 8064432b21f..4111d675100 100644
--- a/ctdb/failover/statd_callout.c
+++ b/ctdb/failover/statd_callout.c
@@ -353,10 +353,27 @@ static void del_client_shared_dir(const char *cip)
static void usage(void)
{
- printf("usage: %s: { add-client | del-client } <client-ip>\n",
progname);
+ printf("usage: %s { add-client | del-client } <client-ip>\n", progname);
+ printf(" %s sm-notify mon_name ip_addr state\n", progname);
exit(1);
}
+/**
+ * @brief To be used as the statd ha-callout program
+ *
+ * Examples
+ * progname add-client 192.168.10.94 nsds2
+ * progname del-client 192.168.10.94 nsds2
+ * progname sm-notify sitar1 192.168.10.94 127
+ *
+ * @param[in] event One of add-client, del-client, sm-notify
+ * @param[in] mon_name The client being monitored. For add-client, del-client
+ * this will be the IP address. For sm-notify it will
+ * be the hostname
+ * @param[in] other We don't actually use this. For add-client and
+ * del-client it will be NFS server hostname.
+ * For sm-notify, it will be the client's state number.
+ */
int main(int argc, const char *argv[])
{
const char *event = NULL;
@@ -394,6 +411,8 @@ int main(int argc, const char *argv[])
case CTDB_SC_MODE_NONE:
break;
}
+ } else if (strcmp(event, "sm-notify") == 0) {
+ exit(0);
} else {
usage();
}
diff --git a/ctdb/tests/UNIT/eventscripts/scripts/statd-callout.sh
b/ctdb/tests/UNIT/eventscripts/scripts/statd-callout.sh
index 10912c5d3e5..f34248b2f6c 100644
--- a/ctdb/tests/UNIT/eventscripts/scripts/statd-callout.sh
+++ b/ctdb/tests/UNIT/eventscripts/scripts/statd-callout.sh
@@ -23,13 +23,18 @@ setup()
if [ "$statd_callout_location" = "$CTDB_STATD_CALLOUT_SHARED_STORAGE"
]; then
statd_callout_location=""
fi
+
+ state_dir="${CTDB_TEST_TMP_DIR}/statd-callout-state"
+ mkdir -p "$state_dir"
}
-ctdb_catdb_format_pairs()
+ctdb_catdb_format()
{
_count=0
- while read -r _k _v; do
+ while read -r _sip_cip; do
+ _k="statd-state@${_sip_cip}"
+ _v="DATETIME"
_kn=$(printf '%s' "$_k" | wc -c)
_vn=$(printf '%s' "$_v" | wc -c)
cat <<EOF
@@ -50,17 +55,19 @@ result_filter()
sed -e 's|^\(data(10) = \)".........."$|data(8) = "DATETIME"|'
}
-check_ctdb_tdb_statd_state()
+ctdb_shared_state_list()
{
- ctdb_get_my_public_addresses |
- while read -r _ _sip _; do
- for _cip; do
- cat <<EOF
-statd-state@${_sip}@${_cip} DATETIME
-EOF
- done
+ find "$state_dir" -name "mon@*" |
+ while read -r _f; do
+ echo "${_f#*/mon@}"
done |
- ctdb_catdb_format_pairs | {
+ sort
+}
+
+check_ctdb_tdb_statd_state()
+{
+ ctdb_shared_state_list |
+ ctdb_catdb_format | {
ok
simple_test_command ctdb catdb "$statd_callout_location"
} || exit $?
@@ -68,13 +75,8 @@ EOF
check_shared_dir_statd_state()
{
- ctdb_get_my_public_addresses |
- while read -r _ _sip _; do
- for _cip; do
- echo "statd-state@${_sip}@${_cip}"
- done
- done |
- sort | {
+ ctdb_shared_state_list |
+ sed -e 's|^|statd-state@|' | {
ok
_dir="${CTDB_TEST_TMP_DIR}${statd_callout_location}"
mkdir -p "$_dir"
@@ -130,14 +132,20 @@ check_statd_callout_smnotify()
nfs_load_config
- ctdb_get_my_public_addresses |
- while read -r _ _sip _; do
- for _cip; do
- cat <<EOF
+ find "$state_dir" -name "takeip@${FAKE_CTDB_PNN}@*" |
+ while read -r _f; do
+ _sip="${_f##*@}"
+ _prefix="mon@${_sip}@"
+ find "$state_dir" -name "${_prefix}*" |
+ while read -r _f; do
+ _cip="${_f##*@}"
+ cat <<EOF
SM_NOTIFY: ${_sip} -> ${_cip}, MON_NAME=${FAKE_NFS_HOSTNAME}, STATE=${_state}
EOF
- done
- done | {
+ rm -f "$_f"
+ done
+ done |
+ sort | {
ok
simple_test_event "notify"
} || exit $?
@@ -180,9 +188,35 @@ EOF
export CTDB_STATD_CALLOUT_CONFIG_FILE
case "$event" in
- add-client | del-client)
+ add-client)
cmd="${CTDB_SCRIPTS_HELPER_BINDIR}/statd_callout"
unit_test "$cmd" "$event" "$@"
+ ctdb_get_my_public_addresses |
+ while read -r _ _sip _; do
+ touch "${state_dir}/mon@${_sip}@${1}"
+ done
+ ;;
+ del-client)
+ cmd="${CTDB_SCRIPTS_HELPER_BINDIR}/statd_callout"
+ unit_test "$cmd" "$event" "$@"
+ ctdb_get_my_public_addresses |
+ while read -r _ _sip _; do
+ rm -f "${state_dir}/mon@${_sip}@${1}"
+ done
+ ;;
+ sm-notify)
+ cmd="${CTDB_SCRIPTS_HELPER_BINDIR}/statd_callout"
+ unit_test "$cmd" "$event" "$@"
+ ;;
+ takeip)
+ cmd="${CTDB_SCRIPTS_TOOLS_HELPER_DIR}/statd_callout_helper"
+ script_test "$cmd" "$event" "$@"
+ touch "${state_dir}/takeip@${FAKE_CTDB_PNN}@${1}"
+ ;;
+ notify)
+ cmd="${CTDB_SCRIPTS_TOOLS_HELPER_DIR}/statd_callout_helper"
+ script_test "$cmd" "$event" "$@"
+ rm -f "${state_dir}/takeip@${FAKE_CTDB_PNN}@"*
;;
*)
cmd="${CTDB_SCRIPTS_TOOLS_HELPER_DIR}/statd_callout_helper"
diff --git a/ctdb/tests/UNIT/eventscripts/statd-callout.001.sh
b/ctdb/tests/UNIT/eventscripts/statd-callout.001.sh
index 475750041c5..69de3c93b85 100755
--- a/ctdb/tests/UNIT/eventscripts/statd-callout.001.sh
+++ b/ctdb/tests/UNIT/eventscripts/statd-callout.001.sh
@@ -16,4 +16,4 @@ simple_test_event "startup"
simple_test_event "add-client" "192.168.123.45"
simple_test_event "update"
-check_shared_storage_statd_state "192.168.123.45"
+check_shared_storage_statd_state
diff --git a/ctdb/tests/UNIT/eventscripts/statd-callout.002.sh
b/ctdb/tests/UNIT/eventscripts/statd-callout.002.sh
index 7e5d7b23621..7d94d9ca881 100755
--- a/ctdb/tests/UNIT/eventscripts/statd-callout.002.sh
+++ b/ctdb/tests/UNIT/eventscripts/statd-callout.002.sh
@@ -17,4 +17,4 @@ simple_test_event "add-client" "192.168.123.45"
simple_test_event "add-client" "192.168.123.46"
simple_test_event "update"
-check_shared_storage_statd_state "192.168.123.45" "192.168.123.46"
+check_shared_storage_statd_state
diff --git a/ctdb/tests/UNIT/eventscripts/statd-callout.004.sh
b/ctdb/tests/UNIT/eventscripts/statd-callout.004.sh
index 1b1bc05490a..2ea80129446 100755
--- a/ctdb/tests/UNIT/eventscripts/statd-callout.004.sh
+++ b/ctdb/tests/UNIT/eventscripts/statd-callout.004.sh
@@ -13,11 +13,15 @@ setup "$mode"
ok_null
simple_test_event "startup"
+ctdb_get_my_public_addresses |
+ while read -r _ sip _; do
+ simple_test_event "takeip" "$sip"
+ done
simple_test_event "add-client" "192.168.123.45"
simple_test_event "update"
-check_shared_storage_statd_state "192.168.123.45"
+check_shared_storage_statd_state
-check_statd_callout_smnotify "192.168.123.45"
+check_statd_callout_smnotify
check_shared_storage_statd_state
diff --git a/ctdb/tests/UNIT/eventscripts/statd-callout.005.sh
b/ctdb/tests/UNIT/eventscripts/statd-callout.005.sh
index 5a9274b1402..b3dcfcad360 100755
--- a/ctdb/tests/UNIT/eventscripts/statd-callout.005.sh
+++ b/ctdb/tests/UNIT/eventscripts/statd-callout.005.sh
@@ -13,6 +13,10 @@ setup "$mode"
ok_null
simple_test_event "startup"
+ctdb_get_my_public_addresses |
+ while read -r _ sip _; do
+ simple_test_event "takeip" "$sip"
+ done
simple_test_event "add-client" "192.168.123.45"
simple_test_event "update"
@@ -20,13 +24,17 @@ ctdb_set_pnn 1
ok_null
simple_test_event "startup"
+ctdb_get_my_public_addresses |
+ while read -r _ sip _; do
+ simple_test_event "takeip" "$sip"
+ done
simple_test_event "add-client" "192.168.123.46"
simple_test_event "update"
ctdb_set_pnn 0
-check_statd_callout_smnotify "192.168.123.45"
+check_statd_callout_smnotify
ctdb_set_pnn 1
-check_shared_storage_statd_state "192.168.123.46"
+check_shared_storage_statd_state
diff --git a/ctdb/tests/UNIT/eventscripts/statd-callout.006.sh
b/ctdb/tests/UNIT/eventscripts/statd-callout.006.sh
index 1721a5c50b3..35a7f6dcd81 100755
--- a/ctdb/tests/UNIT/eventscripts/statd-callout.006.sh
+++ b/ctdb/tests/UNIT/eventscripts/statd-callout.006.sh
@@ -13,6 +13,10 @@ setup "$mode"
ok_null
simple_test_event "startup"
+ctdb_get_my_public_addresses |
+ while read -r _ sip _; do
+ simple_test_event "takeip" "$sip"
+ done
simple_test_event "add-client" "192.168.123.45"
simple_test_event "update"
@@ -20,15 +24,19 @@ ctdb_set_pnn 1
ok_null
simple_test_event "startup"
+ctdb_get_my_public_addresses |
+ while read -r _ sip _; do
+ simple_test_event "takeip" "$sip"
+ done
simple_test_event "add-client" "192.168.123.46"
simple_test_event "update"
ctdb_set_pnn 0
-check_statd_callout_smnotify "192.168.123.45"
+check_statd_callout_smnotify
ctdb_set_pnn 1
-check_statd_callout_smnotify "192.168.123.46"
+check_statd_callout_smnotify
check_shared_storage_statd_state
diff --git a/ctdb/tests/UNIT/eventscripts/statd-callout.006.sh
b/ctdb/tests/UNIT/eventscripts/statd-callout.008.sh
similarity index 60%
copy from ctdb/tests/UNIT/eventscripts/statd-callout.006.sh
copy to ctdb/tests/UNIT/eventscripts/statd-callout.008.sh
index 1721a5c50b3..73e4c5b35d1 100755
--- a/ctdb/tests/UNIT/eventscripts/statd-callout.006.sh
+++ b/ctdb/tests/UNIT/eventscripts/statd-callout.008.sh
@@ -7,12 +7,16 @@ if [ -z "$CTDB_STATD_CALLOUT_SHARED_STORAGE" ]; then
fi
mode="$CTDB_STATD_CALLOUT_SHARED_STORAGE"
-define_test "${mode} - 2 x add-client to different nodes, notify on both"
+define_test "${mode} - add-client on different nodes, take 1 IP, notify on
both"
setup "$mode"
ok_null
simple_test_event "startup"
+ctdb_get_1_public_address |
+ while read -r _ sip _; do
+ simple_test_event "takeip" "$sip"
+ done
simple_test_event "add-client" "192.168.123.45"
simple_test_event "update"
@@ -20,15 +24,19 @@ ctdb_set_pnn 1
ok_null
simple_test_event "startup"
+ctdb_get_1_public_address |
+ while read -r _ sip _; do
+ simple_test_event "takeip" "$sip"
+ done
simple_test_event "add-client" "192.168.123.46"
simple_test_event "update"
ctdb_set_pnn 0
-check_statd_callout_smnotify "192.168.123.45"
+check_statd_callout_smnotify
ctdb_set_pnn 1
-check_statd_callout_smnotify "192.168.123.46"
+check_statd_callout_smnotify
check_shared_storage_statd_state
diff --git a/ctdb/tests/UNIT/eventscripts/statd-callout.050.sh
b/ctdb/tests/UNIT/eventscripts/statd-callout.050.sh
new file mode 100755
index 00000000000..54232a491c3
--- /dev/null
+++ b/ctdb/tests/UNIT/eventscripts/statd-callout.050.sh
@@ -0,0 +1,11 @@
+#!/bin/sh
+
+. "${TEST_SCRIPTS_DIR}/unit.sh"
+
+define_test "confirm sm-notify is ignored"
+
+setup
+
+ok_null
+simple_test_event "startup"
+simple_test_event "sm-notify" "192.168.10.104" "client10" "9999"
diff --git a/ctdb/tests/UNIT/eventscripts/statd-callout.101.sh
b/ctdb/tests/UNIT/eventscripts/statd-callout.108.sh
similarity index 70%
copy from ctdb/tests/UNIT/eventscripts/statd-callout.101.sh
copy to ctdb/tests/UNIT/eventscripts/statd-callout.108.sh
index b57bd953f1b..224b58429d9 100755
--- a/ctdb/tests/UNIT/eventscripts/statd-callout.101.sh
+++ b/ctdb/tests/UNIT/eventscripts/statd-callout.108.sh
@@ -3,4 +3,4 @@
CTDB_STATD_CALLOUT_SHARED_STORAGE="shared_dir"
_dir=$(dirname "$0")
-. "${_dir}/statd-callout.001.sh"
+. "${_dir}/statd-callout.008.sh"
diff --git a/ctdb/tests/UNIT/eventscripts/statd-callout.101.sh
b/ctdb/tests/UNIT/eventscripts/statd-callout.150.sh
similarity index 70%
copy from ctdb/tests/UNIT/eventscripts/statd-callout.101.sh
copy to ctdb/tests/UNIT/eventscripts/statd-callout.150.sh
index b57bd953f1b..35c9a34ce44 100755
--- a/ctdb/tests/UNIT/eventscripts/statd-callout.101.sh
+++ b/ctdb/tests/UNIT/eventscripts/statd-callout.150.sh
@@ -3,4 +3,4 @@
CTDB_STATD_CALLOUT_SHARED_STORAGE="shared_dir"
--
Samba Shared Repository
