[SCM] Samba Shared Repository - branch v4-15-test updated
The branch, v4-15-test has been updated via 9a23ff2ca2b s3: smbd: For FSCTL calls that go async, add the outstanding tevent_reqs to the aio list on the file handle. via 654430f6f6f s4: torture: Add test for smb2.ioctl.bug14769. via 24b661c01ef s3: smbd: Call smbd_fsctl_torture_async_sleep() when we get FSCTL_SMBTORTURE_FSP_ASYNC_SLEEP. via 68ceb6c8f05 s3: smbd: Add smbd_fsctl_torture_async_sleep() server-side code. via 69c5ab71106 s3: libcli: Add FSCTL_SMBTORTURE_FSP_ASYNC_SLEEP. via 04af36c4916 s3: smbd: Split out smb2_ioctl_smbtorture() into a separate file. from 7c8ba49b2e9 libreplace: remove now unused USE_COPY_FILE_RANGE define https://git.samba.org/?p=samba.git;a=shortlog;h=v4-15-test - Log - commit 9a23ff2ca2b101cba5614b238afca0c58658fc77 Author: Jeremy Allison Date: Fri Aug 6 23:33:06 2021 -0700 s3: smbd: For FSCTL calls that go async, add the outstanding tevent_reqs to the aio list on the file handle. Remove knownfails. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14769 RN: smbd panic on force-close share during offload write Signed-off-by: Jeremy Allison Reviewed-by: Ralph Boehme Autobuild-User(master): Ralph Böhme Autobuild-Date(master): Wed Aug 11 20:02:57 UTC 2021 on sn-devel-184 (cherry picked from commit c013509680742ff45b2f5965a5564015da7d466b) Autobuild-User(v4-15-test): Jule Anger Autobuild-Date(v4-15-test): Tue Aug 17 08:49:48 UTC 2021 on sn-devel-184 commit 654430f6f6f1a0c300be77e215fdb95fb808bf4e Author: Jeremy Allison Date: Fri Aug 6 10:54:31 2021 -0700 s4: torture: Add test for smb2.ioctl.bug14769. Add knownfails. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14769 Signed-off-by: Jeremy Allison Reviewed-by: Ralph Boehme (cherry picked from commit 7e7ea761a37f46f758582981bc40404ffd815513) commit 24b661c01ef54a01c1e73abfd7628781693a3224 Author: Jeremy Allison Date: Thu Aug 5 16:07:09 2021 -0700 s3: smbd: Call smbd_fsctl_torture_async_sleep() when we get FSCTL_SMBTORTURE_FSP_ASYNC_SLEEP. Now all we need is the client-side test. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14769 Signed-off-by: Jeremy Allison Reviewed-by: Ralph Boehme (cherry picked from commit c551d33c6bd2e74ea3a36bec5575a70d6833b98a) commit 68ceb6c8f05d6c12aa2e1618ac205a9740126458 Author: Jeremy Allison Date: Thu Aug 5 16:04:38 2021 -0700 s3: smbd: Add smbd_fsctl_torture_async_sleep() server-side code. Commented out as not yet called. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14769 Signed-off-by: Jeremy Allison Reviewed-by: Ralph Boehme (cherry picked from commit 0f4a8d26888ec156979a00480ed9886dcac7d426) commit 69c5ab711066871b82bbb6db67642d808d104775 Author: Jeremy Allison Date: Thu Aug 5 11:01:44 2021 -0700 s3: libcli: Add FSCTL_SMBTORTURE_FSP_ASYNC_SLEEP. Prepare for async FSCTL tests on an fsp. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14769 Signed-off-by: Jeremy Allison Reviewed-by: Ralph Boehme (cherry picked from commit 62cd95096a76d5064b105c1b4971fa3eabd5f85d) commit 04af36c4916713001a3a8b72b81946eb7a084cd1 Author: Jeremy Allison Date: Thu Aug 5 13:14:16 2021 -0700 s3: smbd: Split out smb2_ioctl_smbtorture() into a separate file. We will be adding async supporting code to this, and we don't want to clutter up smb2_ioctl.c. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14769 Signed-off-by: Jeremy Allison Reviewed-by: Ralph Boehme (cherry picked from commit 6b6770c2ba83bf25da31623443c19a8de34e5ba4) --- Summary of changes: libcli/smb/smb_constants.h | 2 + selftest/knownfail | 1 + source3/smbd/smb2_ioctl.c| 83 +++-- source3/smbd/smb2_ioctl_private.h| 5 + source3/smbd/smb2_ioctl_smbtorture.c | 230 +++ source3/wscript_build| 1 + source4/torture/smb2/ioctl.c | 80 7 files changed, 334 insertions(+), 68 deletions(-) create mode 100644 source3/smbd/smb2_ioctl_smbtorture.c Changeset truncated at 500 lines: diff --git a/libcli/smb/smb_constants.h b/libcli/smb/smb_constants.h index a12086e602b..a043cbc883e 100644 --- a/libcli/smb/smb_constants.h +++ b/libcli/smb/smb_constants.h @@ -599,6 +599,8 @@ enum csc_policy { (FSCTL_SMBTORTURE | FSCTL_ACCESS_WRITE | 0x0010 | FSCTL_METHOD_NEITHER) #define FSCTL_SMBTORTURE_GLOBAL_READ_RESPONSE_BODY_PADDING8 \ (FSCTL_SMBTORTURE | FSCTL_ACCESS_WRITE | 0x0020 | FSCTL_METHOD_NEITHER) +#define FSCTL_SMBTORTURE_FSP_ASYNC_SLEEP \ + (FSCTL_SMBTORTURE | FSCTL_ACCESS_WRITE | 0x0040 | FSCTL_METHOD_NEITHER
[SCM] Samba Shared Repository - branch v4-14-test updated
The branch, v4-14-test has been updated via 618fd6c2594 s3: smbd: For FSCTL calls that go async, add the outstanding tevent_reqs to the aio list on the file handle. from 3d912fe86cf s3:libsmb: close the temporary IPC$ connection in cli_full_connection() https://git.samba.org/?p=samba.git;a=shortlog;h=v4-14-test - Log - commit 618fd6c259458f97530fcde0fb6600e70e6f2478 Author: Jeremy Allison Date: Wed Aug 11 13:58:13 2021 -0700 s3: smbd: For FSCTL calls that go async, add the outstanding tevent_reqs to the aio list on the file handle. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14769 RN: smbd panic on force-close share during offload write Back-ported from c013509680742ff45b2f5965a5564015da7d466b. Signed-off-by: Jeremy Allison Reviewed-by: Ralph Boehme Autobuild-User(v4-14-test): Jule Anger Autobuild-Date(v4-14-test): Tue Aug 17 09:07:18 UTC 2021 on sn-devel-184 --- Summary of changes: source3/smbd/smb2_ioctl.c | 15 +++ 1 file changed, 15 insertions(+) Changeset truncated at 500 lines: diff --git a/source3/smbd/smb2_ioctl.c b/source3/smbd/smb2_ioctl.c index d29ff5d0303..3d65a96368c 100644 --- a/source3/smbd/smb2_ioctl.c +++ b/source3/smbd/smb2_ioctl.c @@ -230,6 +230,21 @@ NTSTATUS smbd_smb2_request_process_ioctl(struct smbd_smb2_request *req) if (subreq == NULL) { return smbd_smb2_request_error(req, NT_STATUS_NO_MEMORY); } + + /* +* If the FSCTL has gone async on a file handle, remember +* to add it to the list of async requests we need to wait +* for on file handle close. +*/ + if (in_fsp != NULL && tevent_req_is_in_progress(subreq)) { + bool ok; + + ok = aio_add_req_to_fsp(in_fsp, subreq); + if (!ok) { + return smbd_smb2_request_error(req, NT_STATUS_NO_MEMORY); + } + } + tevent_req_set_callback(subreq, smbd_smb2_request_ioctl_done, req); return smbd_smb2_request_pending_queue(req, subreq, 1000); -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-13-test updated
The branch, v4-13-test has been updated via 7c9aabe2dd0 s3: smbd: For FSCTL calls that go async, add the outstanding tevent_reqs to the aio list on the file handle. from aa64f02ca94 configure: Do not put arguments into double quotes https://git.samba.org/?p=samba.git;a=shortlog;h=v4-13-test - Log - commit 7c9aabe2dd01e77442d95582f17037b006bac9dd Author: Jeremy Allison Date: Wed Aug 11 13:58:13 2021 -0700 s3: smbd: For FSCTL calls that go async, add the outstanding tevent_reqs to the aio list on the file handle. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14769 RN: smbd panic on force-close share during offload write Back-ported from c013509680742ff45b2f5965a5564015da7d466b. Signed-off-by: Jeremy Allison Reviewed-by: Ralph Boehme Autobuild-User(v4-13-test): Jule Anger Autobuild-Date(v4-13-test): Tue Aug 17 10:30:21 UTC 2021 on sn-devel-184 --- Summary of changes: source3/smbd/smb2_ioctl.c | 15 +++ 1 file changed, 15 insertions(+) Changeset truncated at 500 lines: diff --git a/source3/smbd/smb2_ioctl.c b/source3/smbd/smb2_ioctl.c index d29ff5d0303..3d65a96368c 100644 --- a/source3/smbd/smb2_ioctl.c +++ b/source3/smbd/smb2_ioctl.c @@ -230,6 +230,21 @@ NTSTATUS smbd_smb2_request_process_ioctl(struct smbd_smb2_request *req) if (subreq == NULL) { return smbd_smb2_request_error(req, NT_STATUS_NO_MEMORY); } + + /* +* If the FSCTL has gone async on a file handle, remember +* to add it to the list of async requests we need to wait +* for on file handle close. +*/ + if (in_fsp != NULL && tevent_req_is_in_progress(subreq)) { + bool ok; + + ok = aio_add_req_to_fsp(in_fsp, subreq); + if (!ok) { + return smbd_smb2_request_error(req, NT_STATUS_NO_MEMORY); + } + } + tevent_req_set_callback(subreq, smbd_smb2_request_ioctl_done, req); return smbd_smb2_request_pending_queue(req, subreq, 1000); -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-14-test updated
The branch, v4-14-test has been updated via 3d912fe86cf s3:libsmb: close the temporary IPC$ connection in cli_full_connection() via f25d1315686 s3:libsmb: start encryption as soon as possible after the session setup from a8b40f15f90 wscript: fix installing pre-commit with 'git worktree' https://git.samba.org/?p=samba.git;a=shortlog;h=v4-14-test - Log - commit 3d912fe86cfdb9f6d45645bf0122a814f79cb3a7 Author: Stefan Metzmacher Date: Wed Aug 11 15:30:12 2021 +0200 s3:libsmb: close the temporary IPC$ connection in cli_full_connection() We don't need the temporary IPC$ connection used for the SMB1 UNIX CIFS extensions encryption setup anymore, so we can also let the server close it. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14793 Signed-off-by: Stefan Metzmacher Reviewed-by: Jeremy Allison Autobuild-User(master): Jeremy Allison Autobuild-Date(master): Wed Aug 11 23:03:11 UTC 2021 on sn-devel-184 (cherry picked from commit 289b7a1595ab13a200cfb327604e4b9296fa81e0) Autobuild-User(v4-14-test): Jule Anger Autobuild-Date(v4-14-test): Fri Aug 13 07:52:10 UTC 2021 on sn-devel-184 commit f25d13156869133da6ead8b4f507ce129833f711 Author: Stefan Metzmacher Date: Wed Aug 11 14:33:24 2021 +0200 s3:libsmb: start encryption as soon as possible after the session setup For the SMB1 UNIX CIFS extensions we create a temporary IPC$ tcon, if there's no tcon yet. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14793 Signed-off-by: Stefan Metzmacher Reviewed-by: Jeremy Allison (cherry picked from commit 21302649c46441ea325c66457294225ddb1d6235) --- Summary of changes: source3/libsmb/cliconnect.c | 39 +-- source3/libsmb/clidfs.c | 56 - 2 files changed, 77 insertions(+), 18 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/libsmb/cliconnect.c b/source3/libsmb/cliconnect.c index b95b14b018c..853fb344bcd 100644 --- a/source3/libsmb/cliconnect.c +++ b/source3/libsmb/cliconnect.c @@ -3361,6 +3361,8 @@ static void cli_full_connection_creds_enc_start(struct tevent_req *req); static void cli_full_connection_creds_enc_tcon(struct tevent_req *subreq); static void cli_full_connection_creds_enc_ver(struct tevent_req *subreq); static void cli_full_connection_creds_enc_done(struct tevent_req *subreq); +static void cli_full_connection_creds_enc_tdis(struct tevent_req *req); +static void cli_full_connection_creds_enc_finished(struct tevent_req *subreq); static void cli_full_connection_creds_tcon_start(struct tevent_req *req); static void cli_full_connection_creds_tcon_done(struct tevent_req *subreq); @@ -3588,7 +3590,8 @@ static void cli_full_connection_creds_enc_ver(struct tevent_req *subreq) TALLOC_FREE(subreq); if (!NT_STATUS_IS_OK(status)) { if (encryption_state < SMB_ENCRYPTION_REQUIRED) { - cli_full_connection_creds_tcon_start(req); + /* disconnect ipc$ followed by the real tree connect */ + cli_full_connection_creds_enc_tdis(req); return; } DEBUG(10, ("%s: cli_unix_extensions_version " @@ -3599,7 +3602,8 @@ static void cli_full_connection_creds_enc_ver(struct tevent_req *subreq) if (!(caplow & CIFS_UNIX_TRANSPORT_ENCRYPTION_CAP)) { if (encryption_state < SMB_ENCRYPTION_REQUIRED) { - cli_full_connection_creds_tcon_start(req); + /* disconnect ipc$ followed by the real tree connect */ + cli_full_connection_creds_enc_tdis(req); return; } DEBUG(10, ("%s: CIFS_UNIX_TRANSPORT_ENCRYPTION_CAP " @@ -3631,6 +3635,37 @@ static void cli_full_connection_creds_enc_done(struct tevent_req *subreq) return; } + /* disconnect ipc$ followed by the real tree connect */ + cli_full_connection_creds_enc_tdis(req); +} + +static void cli_full_connection_creds_enc_tdis(struct tevent_req *req) +{ + struct cli_full_connection_creds_state *state = tevent_req_data( + req, struct cli_full_connection_creds_state); + struct tevent_req *subreq = NULL; + + subreq = cli_tdis_send(state, state->ev, state->cli); + if (tevent_req_nomem(subreq, req)) { + return; + } + tevent_req_set_callback(subreq, + cli_full_connection_creds_enc_finished, + req); +} + +static void cli_full_connection_creds_enc_finished(struct tevent_req *subreq) +{ + struct tevent_req *req = tevent_req_callback_
[SCM] Samba Shared Repository - branch v4-15-test updated
The branch, v4-15-test has been updated via c5fbec5db03 s3:libsmb: close the temporary IPC$ connection in cli_full_connection() via 9d152be356d s3:libsmb: start encryption as soon as possible after the session setup from eb8518e4fb8 wscript: fix installing pre-commit with 'git worktree' https://git.samba.org/?p=samba.git;a=shortlog;h=v4-15-test - Log - commit c5fbec5db03ecce53f4f15434de0b246cafffeff Author: Stefan Metzmacher Date: Wed Aug 11 15:30:12 2021 +0200 s3:libsmb: close the temporary IPC$ connection in cli_full_connection() We don't need the temporary IPC$ connection used for the SMB1 UNIX CIFS extensions encryption setup anymore, so we can also let the server close it. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14793 Signed-off-by: Stefan Metzmacher Reviewed-by: Jeremy Allison Autobuild-User(master): Jeremy Allison Autobuild-Date(master): Wed Aug 11 23:03:11 UTC 2021 on sn-devel-184 (cherry picked from commit 289b7a1595ab13a200cfb327604e4b9296fa81e0) Autobuild-User(v4-15-test): Jule Anger Autobuild-Date(v4-15-test): Fri Aug 13 08:16:45 UTC 2021 on sn-devel-184 commit 9d152be356dc4bf48943a45f22591ab017f0ca1b Author: Stefan Metzmacher Date: Wed Aug 11 14:33:24 2021 +0200 s3:libsmb: start encryption as soon as possible after the session setup For the SMB1 UNIX CIFS extensions we create a temporary IPC$ tcon, if there's no tcon yet. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14793 Signed-off-by: Stefan Metzmacher Reviewed-by: Jeremy Allison (cherry picked from commit 21302649c46441ea325c66457294225ddb1d6235) --- Summary of changes: source3/libsmb/cliconnect.c | 39 +-- source3/libsmb/clidfs.c | 56 - 2 files changed, 77 insertions(+), 18 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/libsmb/cliconnect.c b/source3/libsmb/cliconnect.c index e5274e05c40..63c505f8ed5 100644 --- a/source3/libsmb/cliconnect.c +++ b/source3/libsmb/cliconnect.c @@ -3369,6 +3369,8 @@ static void cli_full_connection_creds_enc_start(struct tevent_req *req); static void cli_full_connection_creds_enc_tcon(struct tevent_req *subreq); static void cli_full_connection_creds_enc_ver(struct tevent_req *subreq); static void cli_full_connection_creds_enc_done(struct tevent_req *subreq); +static void cli_full_connection_creds_enc_tdis(struct tevent_req *req); +static void cli_full_connection_creds_enc_finished(struct tevent_req *subreq); static void cli_full_connection_creds_tcon_start(struct tevent_req *req); static void cli_full_connection_creds_tcon_done(struct tevent_req *subreq); @@ -3596,7 +3598,8 @@ static void cli_full_connection_creds_enc_ver(struct tevent_req *subreq) TALLOC_FREE(subreq); if (!NT_STATUS_IS_OK(status)) { if (encryption_state < SMB_ENCRYPTION_REQUIRED) { - cli_full_connection_creds_tcon_start(req); + /* disconnect ipc$ followed by the real tree connect */ + cli_full_connection_creds_enc_tdis(req); return; } DEBUG(10, ("%s: cli_unix_extensions_version " @@ -3607,7 +3610,8 @@ static void cli_full_connection_creds_enc_ver(struct tevent_req *subreq) if (!(caplow & CIFS_UNIX_TRANSPORT_ENCRYPTION_CAP)) { if (encryption_state < SMB_ENCRYPTION_REQUIRED) { - cli_full_connection_creds_tcon_start(req); + /* disconnect ipc$ followed by the real tree connect */ + cli_full_connection_creds_enc_tdis(req); return; } DEBUG(10, ("%s: CIFS_UNIX_TRANSPORT_ENCRYPTION_CAP " @@ -3639,6 +3643,37 @@ static void cli_full_connection_creds_enc_done(struct tevent_req *subreq) return; } + /* disconnect ipc$ followed by the real tree connect */ + cli_full_connection_creds_enc_tdis(req); +} + +static void cli_full_connection_creds_enc_tdis(struct tevent_req *req) +{ + struct cli_full_connection_creds_state *state = tevent_req_data( + req, struct cli_full_connection_creds_state); + struct tevent_req *subreq = NULL; + + subreq = cli_tdis_send(state, state->ev, state->cli); + if (tevent_req_nomem(subreq, req)) { + return; + } + tevent_req_set_callback(subreq, + cli_full_connection_creds_enc_finished, + req); +} + +static void cli_full_connection_creds_enc_finished(struct tevent_req *subreq) +{ + struct tevent_req *req = tevent_req_callback_
[SCM] Samba Shared Repository - branch v4-14-test updated
The branch, v4-14-test has been updated via e8807cc57e7 VERSION: Bump version up to 4.14.8... via 625e30ad0b9 VERSION: Disable GIT_SNAPSHOT for the 4.14.7 release. via e91ef286644 WHATSNEW: Add release notes for samba 4.14.7 from 3228383d8ae vfs_shadow_copy2: ensure we call convert_sbuf() in shadow_copy2_*stat() on already converted paths with absolute path https://git.samba.org/?p=samba.git;a=shortlog;h=v4-14-test - Log - commit e8807cc57e7ac320cd42c4f8821d7f2d157367e1 Author: Jule Anger Date: Tue Aug 24 08:27:54 2021 +0200 VERSION: Bump version up to 4.14.8... and re-enable GIT_SNAPSHOT. Signed-off-by: Jule Anger commit 625e30ad0b97da842854a8ae90185901f5df8f2b Author: Jule Anger Date: Tue Aug 24 08:26:37 2021 +0200 VERSION: Disable GIT_SNAPSHOT for the 4.14.7 release. Signed-off-by: Jule Anger commit e91ef28664439b177497ecf0ff6d2ca80fdf03c2 Author: Jule Anger Date: Tue Aug 24 08:25:16 2021 +0200 WHATSNEW: Add release notes for samba 4.14.7 Signed-off-by: Jule Anger --- Summary of changes: VERSION | 2 +- WHATSNEW.txt | 63 2 files changed, 60 insertions(+), 5 deletions(-) Changeset truncated at 500 lines: diff --git a/VERSION b/VERSION index 3a5ec52ebd0..56179892aa8 100644 --- a/VERSION +++ b/VERSION @@ -25,7 +25,7 @@ SAMBA_VERSION_MAJOR=4 SAMBA_VERSION_MINOR=14 -SAMBA_VERSION_RELEASE=7 +SAMBA_VERSION_RELEASE=8 # If a official release has a serious bug # diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 452eee13b54..ed154ee97c6 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,3 +1,61 @@ + == + Release Notes for Samba 4.14.7 + August 24, 2021 + == + + +This is the latest stable release of the Samba 4.14 release series. + + +Changes since 4.14.6 + + +o Jeremy Allison + * BUG 14769: smbd panic on force-close share during offload write. + +o Ralph Boehme + * BUG 12033: smbd should support copy_file_range() for FSCTL_SRV_COPYCHUNK. + * BUG 14731: Fix returned attributes on fake quota file handle and avoid + hitting the VFS. + * BUG 14756: vfs_shadow_copy2 fix inodes not correctly updating inode + numbers. + +o David Gajewski + * BUG 14774: Fix build on Solaris. + +o Björn Jacke + * BUG 14654: Make dos attributes available for unreadable files. + +o Stefan Metzmacher + * BUG 14607: Work around special SMB2 READ response behavior of NetApp Ontap + 7.3.7. + * BUG 14793: Start the SMB encryption as soon as possible. + + +### +Reporting bugs & Development Discussion +### + +Please discuss this release on the samba-technical mailing list or by +joining the #samba-technical IRC channel on irc.freenode.net. + +If you do report problems then please try to send high quality +feedback. If you don't provide vital information to help us track down +the problem then you will probably be ignored. All bug reports should +be filed under the Samba 4.1 and newer product in the project's Bugzilla +database (https://bugzilla.samba.org/). + + +== +== Our Code, Our Bugs, Our Responsibility. +== The Samba Team +== + + +Release notes for older releases follow: + + + == Release Notes for Samba 4.14.6 July 13, 2021 @@ -55,10 +113,7 @@ database (https://bugzilla.samba.org/). == -Release notes for older releases follow: - - - +-- == Release Notes for Samba 4.14.5 June 01, 2021 -- Samba Shared Repository
[SCM] Samba Shared Repository - annotated tag samba-4.14.7 created
The annotated tag, samba-4.14.7 has been created at 6ad228779448f583163c54dbf6841b8d99a520e1 (tag) tagging 625e30ad0b97da842854a8ae90185901f5df8f2b (commit) replaces samba-4.14.6 tagged by Jule Anger on Tue Aug 24 08:57:52 2021 +0200 - Log - samba: tag release samba-4.14.7 -BEGIN PGP SIGNATURE- iQIzBAABCgAdFiEEgfXigyvSVFoYl7cTqplEL7aAtiAFAmEkmHAACgkQqplEL7aA tiD0Mg//RJF42hDn9qoQfJ2X61/Z8ZQmmWGowsTD/yNzGBDL/roJWdDb9Ka1lgFP MAeUZf9UiYxsKaKa3/IJaozu2xvj6o+HsFEy+5njKglxFYAhvDd9gtJKFbD+u+dx QRLvYY/ghJuG5PGLab65OO/IOLh+yB4ZC2vw1OO6mP5AvueSUhPricfA0qGuABJf SN2lar3TxJAy89TBpRQnTBnQQLoWPnip60AX0fIrzOQl1tc93fo5GadXkdp5iHzS iGgTYen5mynx0b2lgq/TY7MMpUKFy8tzr7tWBguxChxtrZnjcSPIg2NXCF2CsBT3 /eanUyeofaccoQkT+cmzp/mEuCISJ/w1aY2xWRXUzUfTl0x4aY7Gp6DFr1PnXNUK ldOq5qCMI0Dld3YgjilIQ0jWerlogsTb878G8kHDdTcGTLQZwu1REB6kx6UtV1MX G6G0vIXbnhxhMz3f9pMy2WK+eF5H97vbVZFhC0cqFh6K8vec5I7z9KcEONbTt8o1 t9Ae0A5HmhuUvqvLXP+P8ujWN6tKYJ5OSb9ek6XhyiUleMALszZZTOv7yLLsbXaE lyffs8XKMg7ZYChPuw07xzPOYdXbC7r2jKuIbSuKLTp7fPCYqLaDCuAwFiMb4pMV 7F7aUYtXfVTPjEbPa9qROqm4kOWTKH6V37S7bh1Xs2Od1eht1uA= =g5S5 -END PGP SIGNATURE- Andreas Schneider (1): configure: Do not put arguments into double quotes Björn Jacke (1): dosmode: retry reading dos attributes as root for unreadable files David Gajewski (1): s3: lib: sysacls: Fix argument numbers for sys_acl_set_fd() for untested OS builds. Jeremy Allison (1): s3: smbd: For FSCTL calls that go async, add the outstanding tevent_reqs to the aio list on the file handle. Jule Anger (2): WHATSNEW: Add release notes for samba 4.14.7 VERSION: Disable GIT_SNAPSHOT for the 4.14.7 release. Karolin Seeger (1): VERSION: Bump version up to 4.14.7... Ralph Boehme (18): replace: copy_file_range() vfs_default: properly track written bytes for copy-chunk lib: add sys_io_ranges_overlap() smbd: use sys_io_ranges_overlap() in fsctl_dup_extents_check_overlap() vfs_default: use copy_file_range() vfs_default: use fsp_get_io_fd() for copy_file_range() smbtorture: verify attributes on fake quota file handle smbd: add dosmode_from_fake_filehandle() smbd: handle fake file handles in fdos_mode() smbd: return correct timestamps for quota fake file smbd: canonicalize SMB_VFS_FSTAT() stat buffer smbd: update smb_fname statinfo from fsp selftest: pass smbclient arg to samba3.blackbox.shadow_copy_torture test selftest: enable "shadow:fixinodes" in "shadow_write" share selftest: simplify snapshot directory creation in test_shadow_copy_torture.sh selftest: add a test for shadow:fixinodes vfs_streams_xattr: ensure fstat calls NEXT fstat vfs_shadow_copy2: ensure we call convert_sbuf() in shadow_copy2_*stat() on already converted paths with absolute path Stefan Metzmacher (10): s4:torture/smb2: add smb2.read.bug14607 test s3:smbd: introduce a body_size variable in smbd_smb2_request_read_done s3:smbd: implement FSCTL_SMBTORTURE_GLOBAL_READ_RESPONSE_BODY_PADDING8 libcli/smb: make smb2cli_ioctl_parse_buffer() available as smb2cli_parse_dyn_buffer() libcli/smb: allow unexpected padding in SMB2 READ responses wafsamba: add support git worktree to vcs_dir_contents() script/bisect-test.py: add support git worktree wscript: fix installing pre-commit with 'git worktree' s3:libsmb: start encryption as soon as possible after the session setup s3:libsmb: close the temporary IPC$ connection in cli_full_connection() Volker Lendecke (1): vfs: Fix the FreeBSD build --- -- Samba Shared Repository
[SCM] Samba Website Repository - branch master updated
The branch, master has been updated via 55b546a Add Samba 4.14.7 via 3d879a6 NEWS[4.14.7]: Samba 4.14.7 Available for Download from bdf1c5a NEWS[4.15.0rc2]: Samba 4.15.0rc2 Available for Download https://git.samba.org/?p=samba-web.git;a=shortlog;h=master - Log - commit 55b546a92812b8f83fb7d22093c55f16acbe880e Author: Jule Anger Date: Tue Aug 24 11:42:44 2021 +0200 Add Samba 4.14.7 Signed-off-by: Jule Anger commit 3d879a682838ed903131d265d0c0a9136d794533 Author: Jule Anger Date: Tue Aug 24 08:58:35 2021 +0200 NEWS[4.14.7]: Samba 4.14.7 Available for Download Signed-off-by: Jule Anger --- Summary of changes: history/header_history.html | 1 + history/samba-4.14.7.html| 56 posted_news/20210824-094145.4.14.7.body.html | 13 ++ posted_news/20210824-094145.4.14.7.headline.html | 3 ++ 4 files changed, 73 insertions(+) create mode 100644 history/samba-4.14.7.html create mode 100644 posted_news/20210824-094145.4.14.7.body.html create mode 100644 posted_news/20210824-094145.4.14.7.headline.html Changeset truncated at 500 lines: diff --git a/history/header_history.html b/history/header_history.html index 25a507f..7ec6a93 100755 --- a/history/header_history.html +++ b/history/header_history.html @@ -9,6 +9,7 @@ Release Notes + samba-4.14.7 samba-4.14.6 samba-4.14.5 samba-4.14.4 diff --git a/history/samba-4.14.7.html b/history/samba-4.14.7.html new file mode 100644 index 000..ba9a284 --- /dev/null +++ b/history/samba-4.14.7.html @@ -0,0 +1,56 @@ +http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd;> +http://www.w3.org/1999/xhtml;> + +Samba 4.14.7 - Release Notes + + +Samba 4.14.7 Available for Download + +https://download.samba.org/pub/samba/stable/samba-4.14.7.tar.gz;>Samba 4.14.7 (gzipped) +https://download.samba.org/pub/samba/stable/samba-4.14.7.tar.asc;>Signature + + +https://download.samba.org/pub/samba/patches/samba-4.14.6-4.14.7.diffs.gz;>Patch (gzipped) against Samba 4.14.6 +https://download.samba.org/pub/samba/patches/samba-4.14.6-4.14.7.diffs.asc;>Signature + + + + == + Release Notes for Samba 4.14.7 + August 24, 2021 + == + + +This is the latest stable release of the Samba 4.14 release series. + + +Changes since 4.14.6 + + +o Jeremy Allison j...@samba.org + * BUG 14769: smbd panic on force-close share during offload write. + +o Ralph Boehme s...@samba.org + * BUG 12033: smbd should support copy_file_range() for FSCTL_SRV_COPYCHUNK. + * BUG 14731: Fix returned attributes on fake quota file handle and avoid + hitting the VFS. + * BUG 14756: vfs_shadow_copy2 fix inodes not correctly updating inode + numbers. + +o David Gajewski dgaj...@math.utoledo.edu + * BUG 14774: Fix build on Solaris. + +o Bjrn Jacke b...@sernet.de + * BUG 14654: Make dos attributes available for unreadable files. + +o Stefan Metzmacher me...@samba.org + * BUG 14607: Work around special SMB2 READ response behavior of NetApp Ontap + 7.3.7. + * BUG 14793: Start the SMB encryption as soon as possible. + + + + + + diff --git a/posted_news/20210824-094145.4.14.7.body.html b/posted_news/20210824-094145.4.14.7.body.html new file mode 100644 index 000..816eab8 --- /dev/null +++ b/posted_news/20210824-094145.4.14.7.body.html @@ -0,0 +1,13 @@ + +24 August 2021 +Samba 4.14.7 Available for Download + +This is the latest stable release of the Samba 4.14 release series. + + +The uncompressed tarball has been signed using GnuPG (ID AA99442FB680B620). +The source code can be https://download.samba.org/pub/samba/stable/samba-4.14.7.tar.gz;>downloaded now. +A https://download.samba.org/pub/samba/patches/samba-4.14.6-4.14.7.diffs.gz;>patch against Samba 4.14.6 is also available. +See https://www.samba.org/samba/history/samba-4.14.7.html;>the release notes for more info. + + diff --git a/posted_news/20210824-094145.4.14.7.headline.html b/posted_news/20210824-094145.4.14.7.headline.html new file mode 100644 index 000..19a7b14 --- /dev/null +++ b/posted_news/20210824-094145.4.14.7.headline.html @@ -0,0 +1,3 @@ + + 24 August 2021 Samba 4.14.7 Available for Download + -- Samba Website Repository
[SCM] Samba Shared Repository - branch v4-13-test updated
The branch, v4-13-test has been updated via 6be92d44bb7 s3/rpc_server: track the number of policy handles with a talloc destructor via f25f3118593 selftest: add a test for the "deadtime" parameter from 23ce76e94e8 s3:libsmb: start encryption as soon as possible after the session setup https://git.samba.org/?p=samba.git;a=shortlog;h=v4-13-test - Log - commit 6be92d44bb7a7fbfb524b75102e562a5dccff6ae Author: Ralph Boehme Date: Mon Aug 9 15:12:31 2021 +0200 s3/rpc_server: track the number of policy handles with a talloc destructor BUG: https://bugzilla.samba.org/show_bug.cgi?id=14783 RN: smbd "deadtime" parameter doesn't work anymore Signed-off-by: Ralph Boehme Reviewed-by: Samuel Cabrero Reviewed-by: Jeremy Allison Autobuild-User(master): Jeremy Allison Autobuild-Date(master): Tue Aug 10 18:41:43 UTC 2021 on sn-devel-184 (cherry picked from commit 45a33b25c4e6b1db5d2dfa6297ccb390220a7c80) Autobuild-User(v4-13-test): Jule Anger Autobuild-Date(v4-13-test): Fri Aug 27 08:41:19 UTC 2021 on sn-devel-184 commit f25f3118593dbf35553c3e9b7ae15483b8155d22 Author: Ralph Boehme Date: Mon Aug 9 12:31:07 2021 +0200 selftest: add a test for the "deadtime" parameter BUG: https://bugzilla.samba.org/show_bug.cgi?id=14783 Signed-off-by: Ralph Boehme Reviewed-by: Samuel Cabrero Reviewed-by: Jeremy Allison (cherry picked from commit 39db53a1391769fc6476fa55b02add08f1b8cd75) --- Summary of changes: source3/rpc_server/rpc_handles.c | 20 +-- source3/script/tests/test_deadtime.sh | 67 +++ source3/selftest/tests.py | 4 +++ 3 files changed, 89 insertions(+), 2 deletions(-) create mode 100755 source3/script/tests/test_deadtime.sh Changeset truncated at 500 lines: diff --git a/source3/rpc_server/rpc_handles.c b/source3/rpc_server/rpc_handles.c index bcf8f240f63..7e7a40079cc 100644 --- a/source3/rpc_server/rpc_handles.c +++ b/source3/rpc_server/rpc_handles.c @@ -103,18 +103,36 @@ size_t num_pipe_handles(void) data_ptr is TALLOC_FREE()'ed / +struct hnd_cnt { + bool _dummy; +}; + +static int hnd_cnt_destructor(struct hnd_cnt *cnt) +{ + num_handles--; + return 0; +} + bool create_policy_hnd(struct pipes_struct *p, struct policy_handle *hnd, uint8_t handle_type, void *data_ptr) { struct dcesrv_handle *rpc_hnd = NULL; + struct hnd_cnt *cnt = NULL; rpc_hnd = dcesrv_handle_create(p->dce_call, handle_type); if (rpc_hnd == NULL) { return false; } + cnt = talloc_zero(rpc_hnd, struct hnd_cnt); + if (cnt == NULL) { + TALLOC_FREE(rpc_hnd); + return false; + } + talloc_set_destructor(cnt, hnd_cnt_destructor); + if (data_ptr != NULL) { rpc_hnd->data = talloc_move(rpc_hnd, _ptr); } @@ -204,8 +222,6 @@ bool close_policy_hnd(struct pipes_struct *p, TALLOC_FREE(rpc_hnd); - num_handles--; - return true; } diff --git a/source3/script/tests/test_deadtime.sh b/source3/script/tests/test_deadtime.sh new file mode 100755 index 000..68703008f02 --- /dev/null +++ b/source3/script/tests/test_deadtime.sh @@ -0,0 +1,67 @@ +#!/usr/bin/env bash +# +# Test deadtime parameter +# + +if [ $# -lt 1 ]; then +echo Usage: test_deadtime.sh IP +exit 1 +fi + +server=$1 + +incdir=`dirname $0`/../../../testprogs/blackbox +. $incdir/subunit.sh +. $incdir/common_test_fns.inc + +failed=0 + +smbclient="$BINDIR/smbclient" +smbcontrol="$BINDIR/smbcontrol" + +global_inject_conf=$(dirname $SMB_CONF_PATH)/global_inject.conf + +echo "deadtime = 1" > $global_inject_conf +$smbcontrol smbd reload-config + +cd $SELFTEST_TMPDIR || exit 1 + +# Create the smbclient communication pipes. +rm -f smbclient-stdin smbclient-stdout smbclient-stderr +mkfifo smbclient-stdin smbclient-stdout smbclient-stderr + +export CLI_FORCE_INTERACTIVE=1 +export SAMBA_DEPRECATED_SUPPRESS=1 + +# This gets inherited by smbclient and is required to smbclient doesn't get +# killed by an unhandled SIGPIPE when writing an SMB2 KEEPALIVE packet to the +# connection fd that was already closed by the server. +trap "" SIGPIPE + +$smbclient //$server/tmp -U${USER}%${PASSWORD} \ +< smbclient-stdin > smbclient-stdout 2>smbclient-stderr & +client_pid=$! + +sleep 1 + +exec 100>smbclient-stdin 101 $global_inject_conf +$smbcontrol smbd reload-config + +rm -f smbclient-stdin smbclient-stdout smbclient-stderr + +testok $0 $failed diff --gi
[SCM] Samba Shared Repository - branch v4-14-stable updated
The branch, v4-14-stable has been updated via 625e30ad0b9 VERSION: Disable GIT_SNAPSHOT for the 4.14.7 release. via e91ef286644 WHATSNEW: Add release notes for samba 4.14.7 via 3228383d8ae vfs_shadow_copy2: ensure we call convert_sbuf() in shadow_copy2_*stat() on already converted paths with absolute path via 8222ff1110c vfs_streams_xattr: ensure fstat calls NEXT fstat via 262d09c511a selftest: add a test for shadow:fixinodes via 9d6d585ca00 selftest: simplify snapshot directory creation in test_shadow_copy_torture.sh via 5ae4300a36b selftest: enable "shadow:fixinodes" in "shadow_write" share via a2ac4ee3d71 selftest: pass smbclient arg to samba3.blackbox.shadow_copy_torture test via 93383852f0d smbd: update smb_fname statinfo from fsp via e12c92d0175 smbd: canonicalize SMB_VFS_FSTAT() stat buffer via 46995a8b146 smbd: return correct timestamps for quota fake file via b53968656ee smbd: handle fake file handles in fdos_mode() via 7e1d4a4b138 smbd: add dosmode_from_fake_filehandle() via 8abd1abca64 smbtorture: verify attributes on fake quota file handle via 618fd6c2594 s3: smbd: For FSCTL calls that go async, add the outstanding tevent_reqs to the aio list on the file handle. via 3d912fe86cf s3:libsmb: close the temporary IPC$ connection in cli_full_connection() via f25d1315686 s3:libsmb: start encryption as soon as possible after the session setup via a8b40f15f90 wscript: fix installing pre-commit with 'git worktree' via e393635ab82 script/bisect-test.py: add support git worktree via 87b8e7f39be wafsamba: add support git worktree to vcs_dir_contents() via 25f3cb8c973 libcli/smb: allow unexpected padding in SMB2 READ responses via a095a2d960a libcli/smb: make smb2cli_ioctl_parse_buffer() available as smb2cli_parse_dyn_buffer() via cee1b839a1f s3:smbd: implement FSCTL_SMBTORTURE_GLOBAL_READ_RESPONSE_BODY_PADDING8 via 0d89ce25acd s3:smbd: introduce a body_size variable in smbd_smb2_request_read_done via d84d0c1095c s4:torture/smb2: add smb2.read.bug14607 test via 9c470eb6cd7 dosmode: retry reading dos attributes as root for unreadable files via 99bca25289e vfs: Fix the FreeBSD build via 0fca66858de vfs_default: use fsp_get_io_fd() for copy_file_range() via f9bcec6298d vfs_default: use copy_file_range() via c44d2e8dbdc smbd: use sys_io_ranges_overlap() in fsctl_dup_extents_check_overlap() via a25b75b2ca2 lib: add sys_io_ranges_overlap() via 0772ff448fc vfs_default: properly track written bytes for copy-chunk via d5d6bbaa939 replace: copy_file_range() via 340aff1c8f4 s3: lib: sysacls: Fix argument numbers for sys_acl_set_fd() for untested OS builds. via de50dc5c3db configure: Do not put arguments into double quotes via 4801b6c298b VERSION: Bump version up to 4.14.7... from 507cdfb744e VERSION: Disable GIT_SNAPSHOT for the 4.14.6 release. https://git.samba.org/?p=samba.git;a=shortlog;h=v4-14-stable - Log - --- Summary of changes: VERSION | 2 +- WHATSNEW.txt | 63 +++- buildtools/wafsamba/samba_dist.py| 2 +- configure| 2 +- lib/replace/replace.c| 25 lib/replace/replace.h| 10 ++ lib/replace/wscript | 12 +- lib/util/sys_rw.c| 25 lib/util/sys_rw.h| 2 + lib/util/tests/test_sys_rw.c | 110 ++ lib/util/wscript_build | 6 + libcli/smb/smb2cli_ioctl.c | 123 ++-- libcli/smb/smb2cli_read.c| 22 ++- libcli/smb/smbXcli_base.c| 91 libcli/smb/smbXcli_base.h| 9 ++ libcli/smb/smb_constants.h | 2 + script/bisect-test.py| 2 +- selftest/knownfail | 1 + selftest/target/Samba3.pm| 1 + selftest/tests.py| 2 + source3/include/fake_file.h | 1 + source3/lib/sysacls.c| 6 +- source3/libsmb/cliconnect.c | 39 - source3/libsmb/clidfs.c | 56 +-- source3/modules/vfs_default.c| 138 - source3/modules/vfs_shadow_copy2.c | 180 +-- source3/modules/vfs_solarisacl.h | 1 +
[SCM] Samba Shared Repository - annotated tag samba-4.15.0rc3 created
The annotated tag, samba-4.15.0rc3 has been created at 6967d4ee0e199ae22c6b3b996cd0774b965eb4fa (tag) tagging 16a2811617921f372a48842f85ed0f79dae35265 (commit) replaces samba-4.15.0rc2 tagged by Jule Anger on Thu Aug 26 11:04:18 2021 +0200 - Log - samba: tag release samba-4.15.0rc3 -BEGIN PGP SIGNATURE- iQIzBAABCgAdFiEEgfXigyvSVFoYl7cTqplEL7aAtiAFAmEnWRIACgkQqplEL7aA tiBYCw//aP7jv5tp/D/MUv01WyqTRhNXl3elMwAXrKnuCPqAgKeiQyw0uVQGvecn 45yBxydrFNWSYSVtK3wUAvosLk1ZUzFe+2XNO1XfTyZaLikT3T+U8Kd3ejXisk47 sDcrMzOxBqL49HUA+1FNiK5KYInrjpf/lsccboYEfdgBx1fakki/J5fxogRVkyyf VOwnazbD08PgmNxZoS4ie5kMQUQ9IpqiIkFx82dADcgO0jDrMDj4qMYOBoh6xEqr WR9BCnlHweciceudNIgdc4AOIZkavSYIfrIh7rQbKCudV9yWukPe33Eyt+DP4X/P 5SJ17z7lOxDtIWHpBLjguPdVRX0WX81M8Ox+Y8hneCfi4+wKcTHX7pmjU231P82q Vy+v9hy5qffhlHTxaaO0iBcSa7Ro50ew6NZHeMN4HTOu71l3U21ODXlgdPi9YVr9 QiardxZUzbV5TqMZmvrSmOyxyBn9NTP+BcDIv+Rz4cq0quAaMrWd1M3ity4CP6ty K7qF4kZd4w3DH9JftBjCBToPizDFMY9/dQ+SVL5znpMbUq82UWG6TG3hB5GO2Tcj MGoaIqQe7j5ZOooRl9pIdwaO4NRmbfB3KfWdahzinAYJAV24iyHcp6xoh+z6Z7Gh uxoEYw9TbBGgVRcCM4JXBluiWrWwNQPFI/NSrXiFsn5nWQjIaPg= =uRfD -END PGP SIGNATURE- Andreas Schneider (1): s3:winbindd: Pass the right variable to the debug message Douglas Bagnall (3): WHATSNEW: reformat for style (mostly Bind9 DLZ allow/deny) WHATSNEW: Add various DNS changes WHATSNEW: add matrix.org and libera Jeremy Allison (11): s3: smbd: Split out smb2_ioctl_smbtorture() into a separate file. s3: libcli: Add FSCTL_SMBTORTURE_FSP_ASYNC_SLEEP. s3: smbd: Add smbd_fsctl_torture_async_sleep() server-side code. s3: smbd: Call smbd_fsctl_torture_async_sleep() when we get FSCTL_SMBTORTURE_FSP_ASYNC_SLEEP. s4: torture: Add test for smb2.ioctl.bug14769. s3: smbd: For FSCTL calls that go async, add the outstanding tevent_reqs to the aio list on the file handle. s3: VFS: ceph. Fix enumerating directories. dirfsp->fh->fd != AT_FDCWD in this case. s3: smbd: Ensure all returns from OpenDir() correctly set errno. s3: selftest: Add a test for vfs_streams_depot with the target path outside of the share. s3: VFS: vfs_streams_depot: Factor out the code that gets the absolute stream rootdir into a function. s3: VFS: streams_depot: Allow "streams directory" outside of share path to work again. Jule Anger (3): VERSION: Bump version up to Samba 4.15.0rc3... WHATSNEW: Add release notes for Samba 4.15.0rc3. VERSION: Disable GIT_SNAPSHOT for the 4.15.0rc3 release. Noel Power (1): s4: torture: CHECK ret value and fail if false Ralph Boehme (2): vfs_default: detect EOPNOTSUPP and ENOSYS errors from copy_file_range() libreplace: remove now unused USE_COPY_FILE_RANGE define Stefan Metzmacher (5): wafsamba: add support git worktree to vcs_dir_contents() script/bisect-test.py: add support git worktree wscript: fix installing pre-commit with 'git worktree' s3:libsmb: start encryption as soon as possible after the session setup s3:libsmb: close the temporary IPC$ connection in cli_full_connection() --- -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-15-test updated
The branch, v4-15-test has been updated via 545c0fc8e80 WHATSNEW: add matrix.org and libera via 0524e0c6548 WHATSNEW: Add various DNS changes via f8c7428abcf WHATSNEW: reformat for style (mostly Bind9 DLZ allow/deny) from 4745b8e8a1b s3:winbindd: Pass the right variable to the debug message https://git.samba.org/?p=samba.git;a=shortlog;h=v4-15-test - Log - commit 545c0fc8e800c853d278773e3b302e9f7e1670c0 Author: Douglas Bagnall Date: Fri Jul 9 15:55:58 2021 +1200 WHATSNEW: add matrix.org and libera Signed-off-by: Douglas Bagnall Autobuild-User(v4-15-test): Jule Anger Autobuild-Date(v4-15-test): Thu Aug 26 08:30:58 UTC 2021 on sn-devel-184 commit 0524e0c65484f3cc4da2771beb8df95edad5739e Author: Douglas Bagnall Date: Fri Jul 9 15:55:19 2021 +1200 WHATSNEW: Add various DNS changes Signed-off-by: Douglas Bagnall commit f8c7428abcfa08a2a245d9d390d91b50c9908577 Author: Douglas Bagnall Date: Fri Jul 9 15:53:40 2021 +1200 WHATSNEW: reformat for style (mostly Bind9 DLZ allow/deny) Signed-off-by: Douglas Bagnall --- Summary of changes: WHATSNEW.txt | 126 ++- 1 file changed, 116 insertions(+), 10 deletions(-) Changeset truncated at 500 lines: diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 074767e3251..ec9125ebf1e 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -55,15 +55,17 @@ See also GPG_AA99442FB680B620_replaces_6F33915B6568B7EA.txt NEW FEATURES/CHANGES -- bind DLZ: Added the ability to set allow/deny lists for zone - transfer clients. - Up to now, any client could use a DNS zone transfer request - to the bind server, and get an answer from Samba. - Now the default behaviour will be to deny those request. - Two new options have been added to manage the list of - authorized/denied clients for zone transfer requests. - In order to be accepted, the request must be issued by a client - that is in the allow list and NOT in the deny list. + +Bind DLZ: add the ability to set allow/deny lists for zone transfer clients +--- + +Up to now, any client could use a DNS zone transfer request to the +bind server, and get an answer from Samba. Now the default behaviour +will be to deny those request. Two new options have been added to +manage the list of authorized/denied clients for zone transfer +requests. In order to be accepted, the request must be issued by a +client that is in the allow list and NOT in the deny list. + "server multi channel support" no longer experimental - @@ -81,6 +83,7 @@ have been disabled. The samba-tool domain options, for example, are limited when no ad-dc is present. Samba must still be built with ads in order to enable samba-tool. + Improved command line user experience - @@ -143,6 +146,7 @@ smbd: winbindd: --log-stdout ->--debug-stdout + Scanning of trusted domains and enterprise principals - @@ -167,6 +171,107 @@ utility. The existing options for the provisioning and joining steps are documented in the net(8) manpage. +samba-tool dns zoneoptions for aging control + + +The samba-tool dns zoneoptions command can be used to turn aging on +and off, alter the refresh and no-refresh periods, and manipulate the +timestamps of existing records. + +To turn aging on for a zone, you can use something like this: + + samba-tool dns zoneoptions --aging=1 --refreshinterval=306600 + +which turns on aging and ensures no records less than five years old +are aged out and scavenged. After aging has been on for sufficient +time for records to be renewed, the command + + samba-tool dns zoneoptions --refreshinterval=168 + +will set the refresh period to the standard seven days. Using this two +step process will help prevent the temporary loss of dynamic records +if scavenging happens before their first renewal. + + +Marking old records as static or dynamic with samba-tool + + +A bug in Samba versions prior to 4.9 meant records that were meant to +be static were marked as dynamic and vice versa. To fix the timestamps +in these domains, it is possible to use the following options, +preferably before turning aging on. + + --mark-old-records-static + --mark-records-dynamic-regex + --mark-records-static-regex + +The --mark-old-records-static option will make records older than the +specified date static (that is, with a zero timestamp). For example, +if you upgraded to Samba 4.9 in November 2018, you could use ensure no +old records will
[SCM] Samba Website Repository - branch master updated
The branch, master has been updated via 875b4c5 NEWS[4.15.0rc3]: Samba 4.15.0rc3 Available for Download from 55b546a Add Samba 4.14.7 https://git.samba.org/?p=samba-web.git;a=shortlog;h=master - Log - commit 875b4c5c6d3a38bca50edb490d50bce364a5b243 Author: Jule Anger Date: Thu Aug 26 11:05:04 2021 +0200 NEWS[4.15.0rc3]: Samba 4.15.0rc3 Available for Download Signed-off-by: Jule Anger --- Summary of changes: posted_news/20210826-090734.4.15.0rc3.body.html | 12 posted_news/20210826-090734.4.15.0rc3.headline.html | 3 +++ 2 files changed, 15 insertions(+) create mode 100644 posted_news/20210826-090734.4.15.0rc3.body.html create mode 100644 posted_news/20210826-090734.4.15.0rc3.headline.html Changeset truncated at 500 lines: diff --git a/posted_news/20210826-090734.4.15.0rc3.body.html b/posted_news/20210826-090734.4.15.0rc3.body.html new file mode 100644 index 000..f02376e --- /dev/null +++ b/posted_news/20210826-090734.4.15.0rc3.body.html @@ -0,0 +1,12 @@ + +26 August 2021 +Samba 4.15.0rc3 Available for Download + +This is the third release candidate of the upcoming Samba 4.15 release series. + + +The uncompressed tarball has been signed using GnuPG (ID AA99442FB680B620). +The source code can be https://download.samba.org/pub/samba/rc/samba-4.15.0rc3.tar.gz;>downloaded now. +See https://download.samba.org/pub/samba/rc/samba-4.15.0rc3.WHATSNEW.txt;>the release notes for more info. + + diff --git a/posted_news/20210826-090734.4.15.0rc3.headline.html b/posted_news/20210826-090734.4.15.0rc3.headline.html new file mode 100644 index 000..5547870 --- /dev/null +++ b/posted_news/20210826-090734.4.15.0rc3.headline.html @@ -0,0 +1,3 @@ + + 26 August 2021 Samba 4.15.0rc3 Available for Download + -- Samba Website Repository
[SCM] Samba Shared Repository - branch v4-15-test updated
The branch, v4-15-test has been updated via 068bdf8fbfb VERSION: Bump version up to Samba 4.15.0rc4... via 16a28116179 VERSION: Disable GIT_SNAPSHOT for the 4.15.0rc3 release. via c8627e00de3 WHATSNEW: Add release notes for Samba 4.15.0rc3. from 545c0fc8e80 WHATSNEW: add matrix.org and libera https://git.samba.org/?p=samba.git;a=shortlog;h=v4-15-test - Log - commit 068bdf8fbfb08eca479904f3983c7757f017c2b5 Author: Jule Anger Date: Thu Aug 26 10:50:00 2021 +0200 VERSION: Bump version up to Samba 4.15.0rc4... and re-enable GIT_SNAPSHOT. Signed-off-by: Jule Anger Reviewed-by: Stefan Metzmacher commit 16a2811617921f372a48842f85ed0f79dae35265 Author: Jule Anger Date: Thu Aug 26 10:47:44 2021 +0200 VERSION: Disable GIT_SNAPSHOT for the 4.15.0rc3 release. Signed-off-by: Jule Anger Reviewed-by: Stefan Metzmacher commit c8627e00de3f22532151b40db8e10ad89e9b92aa Author: Jule Anger Date: Thu Aug 26 10:45:53 2021 +0200 WHATSNEW: Add release notes for Samba 4.15.0rc3. Signed-off-by: Jule Anger Reviewed-by: Stefan Metzmacher --- Summary of changes: VERSION | 2 +- WHATSNEW.txt | 26 +- 2 files changed, 26 insertions(+), 2 deletions(-) Changeset truncated at 500 lines: diff --git a/VERSION b/VERSION index 0487096ed57..c95cc28532b 100644 --- a/VERSION +++ b/VERSION @@ -87,7 +87,7 @@ SAMBA_VERSION_PRE_RELEASE= # e.g. SAMBA_VERSION_RC_RELEASE=1 # # -> "3.0.0rc1" # -SAMBA_VERSION_RC_RELEASE=3 +SAMBA_VERSION_RC_RELEASE=4 # To mark SVN snapshots this should be set to 'yes'# diff --git a/WHATSNEW.txt b/WHATSNEW.txt index ec9125ebf1e..0e6aeea6530 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,7 +1,7 @@ Release Announcements = -This is the second release candidate of Samba 4.15. This is *not* +This is the third release candidate of Samba 4.15. This is *not* intended for production environments and is designed for testing purposes only. Please report any defects via the Samba bug reporting system at https://bugzilla.samba.org/. @@ -313,6 +313,30 @@ smb.conf changes winbind scan trusted domainsChanged No +CHANGES SINCE 4.15.0rc2 +=== + +o Jeremy Allison + * BUG 14760: vfs_streams_depot directory creation permissions and store + location problems. + * BUG 14766: vfs_ceph openat() doesn't cope with dirfsp != AT_FDCW. + * BUG 14769: smbd panic on force-close share during offload write. + * BUG 14805: OpenDir() loses the correct errno return. + +o Ralph Boehme + * BUG 14795: copy_file_range() may fail with EOPNOTSUPP. + +o Stefan Metzmacher + * BUG 14793: Start the SMB encryption as soon as possible. + +o Andreas Schneider + * BUG 14779: Winbind should not start if the socket path is too long. + +o Noel Power + * BUG 14760: vfs_streams_depot directory creation permissions and store + location problems. + + CHANGES SINCE 4.15.0rc1 === -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-13-test updated
The branch, v4-13-test has been updated via 23ce76e94e8 s3:libsmb: start encryption as soon as possible after the session setup from 7c9aabe2dd0 s3: smbd: For FSCTL calls that go async, add the outstanding tevent_reqs to the aio list on the file handle. https://git.samba.org/?p=samba.git;a=shortlog;h=v4-13-test - Log - commit 23ce76e94e80954cc6d6c6395ceefb65cf926b92 Author: Stefan Metzmacher Date: Wed Aug 11 14:33:24 2021 +0200 s3:libsmb: start encryption as soon as possible after the session setup For the SMB1 UNIX CIFS extensions we create a temporary IPC$ tcon, if there's no tcon yet. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14793 Signed-off-by: Stefan Metzmacher Reviewed-by: Jeremy Allison (similar to commit 21302649c46441ea325c66457294225ddb1d6235) Autobuild-User(v4-13-test): Jule Anger Autobuild-Date(v4-13-test): Thu Aug 26 10:48:45 UTC 2021 on sn-devel-184 --- Summary of changes: source3/libsmb/clidfs.c | 44 ++-- 1 file changed, 34 insertions(+), 10 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/libsmb/clidfs.c b/source3/libsmb/clidfs.c index 3cc52cc5ac9..2a2509870e3 100644 --- a/source3/libsmb/clidfs.c +++ b/source3/libsmb/clidfs.c @@ -50,6 +50,7 @@ NTSTATUS cli_cm_force_encryption_creds(struct cli_state *c, uint16_t major, minor; uint32_t caplow, caphigh; NTSTATUS status; + bool temp_ipc = false; if (smbXcli_conn_protocol(c->conn) >= PROTOCOL_SMB2_02) { status = smb2cli_session_encryption_on(c->smb2.session); @@ -72,12 +73,26 @@ NTSTATUS cli_cm_force_encryption_creds(struct cli_state *c, return NT_STATUS_NOT_SUPPORTED; } + if (c->smb1.tcon == NULL) { + status = cli_tree_connect_creds(c, "IPC$", "IPC", creds); + if (!NT_STATUS_IS_OK(status)) { + d_printf("Encryption required and " + "can't connect to IPC$ to check " + "UNIX CIFS extensions.\n"); + return NT_STATUS_UNKNOWN_REVISION; + } + temp_ipc = true; + } + status = cli_unix_extensions_version(c, , , , ); if (!NT_STATUS_IS_OK(status)) { d_printf("Encryption required and " "can't get UNIX CIFS extensions " "version from server.\n"); + if (temp_ipc) { + cli_tdis(c); + } return NT_STATUS_UNKNOWN_REVISION; } @@ -85,6 +100,9 @@ NTSTATUS cli_cm_force_encryption_creds(struct cli_state *c, d_printf("Encryption required and " "share %s doesn't support " "encryption.\n", sharename); + if (temp_ipc) { + cli_tdis(c); + } return NT_STATUS_UNSUPPORTED_COMPRESSION; } @@ -93,9 +111,15 @@ NTSTATUS cli_cm_force_encryption_creds(struct cli_state *c, d_printf("Encryption required and " "setup failed with error %s.\n", nt_errstr(status)); + if (temp_ipc) { + cli_tdis(c); + } return status; } + if (temp_ipc) { + cli_tdis(c); + } return NT_STATUS_OK; } @@ -221,6 +245,16 @@ static NTSTATUS do_connect(TALLOC_CTX *ctx, DEBUG(4,(" session setup ok\n")); + if (force_encrypt) { + status = cli_cm_force_encryption_creds(c, + creds, + sharename); + if (!NT_STATUS_IS_OK(status)) { + cli_shutdown(c); + return status; + } + } + /* here's the fun partto support 'msdfs proxy' shares (on Samba or windows) we have to issues a TRANS_GET_DFS_REFERRAL here before trying to connect to the original share. @@ -246,16 +280,6 @@ static NTSTATUS do_connect(TALLOC_CTX *ctx, return status; } - if (force_encrypt) { - status = cli_cm_force_encryption_creds(c, - creds, - sharename); - if (!NT_STATUS_IS_OK(status)) { - cli_shutdown(c); - return status; - } - } - DEBUG(4,(" tconx ok\n")); *pcli = c; return NT_STATUS_OK; -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-15-stable updated
The branch, v4-15-stable has been updated via 16a28116179 VERSION: Disable GIT_SNAPSHOT for the 4.15.0rc3 release. via c8627e00de3 WHATSNEW: Add release notes for Samba 4.15.0rc3. via 545c0fc8e80 WHATSNEW: add matrix.org and libera via 0524e0c6548 WHATSNEW: Add various DNS changes via f8c7428abcf WHATSNEW: reformat for style (mostly Bind9 DLZ allow/deny) via 4745b8e8a1b s3:winbindd: Pass the right variable to the debug message via 12f76f4292a s3: VFS: streams_depot: Allow "streams directory" outside of share path to work again. via 185f191bd43 s3: VFS: vfs_streams_depot: Factor out the code that gets the absolute stream rootdir into a function. via 6b5f770790c s3: selftest: Add a test for vfs_streams_depot with the target path outside of the share. via 20ec0ea95e9 s4: torture: CHECK ret value and fail if false via 34d2bc28460 s3: smbd: Ensure all returns from OpenDir() correctly set errno. via ccd0b865574 s3: VFS: ceph. Fix enumerating directories. dirfsp->fh->fd != AT_FDCWD in this case. via 9a23ff2ca2b s3: smbd: For FSCTL calls that go async, add the outstanding tevent_reqs to the aio list on the file handle. via 654430f6f6f s4: torture: Add test for smb2.ioctl.bug14769. via 24b661c01ef s3: smbd: Call smbd_fsctl_torture_async_sleep() when we get FSCTL_SMBTORTURE_FSP_ASYNC_SLEEP. via 68ceb6c8f05 s3: smbd: Add smbd_fsctl_torture_async_sleep() server-side code. via 69c5ab71106 s3: libcli: Add FSCTL_SMBTORTURE_FSP_ASYNC_SLEEP. via 04af36c4916 s3: smbd: Split out smb2_ioctl_smbtorture() into a separate file. via 7c8ba49b2e9 libreplace: remove now unused USE_COPY_FILE_RANGE define via 681675b68c5 vfs_default: detect EOPNOTSUPP and ENOSYS errors from copy_file_range() via c5fbec5db03 s3:libsmb: close the temporary IPC$ connection in cli_full_connection() via 9d152be356d s3:libsmb: start encryption as soon as possible after the session setup via eb8518e4fb8 wscript: fix installing pre-commit with 'git worktree' via f9ed3a8cb95 script/bisect-test.py: add support git worktree via 24c95d2523f wafsamba: add support git worktree to vcs_dir_contents() via f834da87269 VERSION: Bump version up to Samba 4.15.0rc3... from 16fb5c685a5 VERSION: Disable GIT_SNAPSHOT for the 4.15.0rc2 release. https://git.samba.org/?p=samba.git;a=shortlog;h=v4-15-stable - Log - --- Summary of changes: VERSION | 2 +- WHATSNEW.txt | 152 +-- buildtools/wafsamba/samba_dist.py| 2 +- lib/replace/wscript | 2 - libcli/smb/smb_constants.h | 2 + script/bisect-test.py| 2 +- selftest/knownfail | 1 + selftest/target/Samba3.pm| 10 ++ source3/libsmb/cliconnect.c | 39 +- source3/libsmb/clidfs.c | 56 ++--- source3/modules/vfs_ceph.c | 14 ++- source3/modules/vfs_default.c| 12 +- source3/modules/vfs_streams_depot.c | 73 --- source3/selftest/tests.py| 5 + source3/smbd/dir.c | 2 + source3/smbd/smb2_ioctl.c| 83 +++-- source3/smbd/smb2_ioctl_private.h| 5 + source3/smbd/smb2_ioctl_smbtorture.c | 230 +++ source3/winbindd/winbindd.c | 2 +- source3/wscript_build| 1 + source4/torture/smb2/ioctl.c | 80 source4/torture/smb2/streams.c | 6 +- wscript | 20 ++- 23 files changed, 672 insertions(+), 129 deletions(-) create mode 100644 source3/smbd/smb2_ioctl_smbtorture.c Changeset truncated at 500 lines: diff --git a/VERSION b/VERSION index ba0f12ea840..c529cb04f23 100644 --- a/VERSION +++ b/VERSION @@ -87,7 +87,7 @@ SAMBA_VERSION_PRE_RELEASE= # e.g. SAMBA_VERSION_RC_RELEASE=1 # # -> "3.0.0rc1" # -SAMBA_VERSION_RC_RELEASE=2 +SAMBA_VERSION_RC_RELEASE=3 # To mark SVN snapshots this should be set to 'yes'# diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 074767e3251..0e6aeea6530 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,7 +1,7 @@ Release Announcements = -This is the second release candidate of Samba 4.15. This is *not* +This is the third release candidate of Samba 4.15. This is *not* intended for production environments and is designed for testing purposes only. Please report any defects via the Samba bug reporting system at https://bugzilla.samba.org/. @@ -55,15 +55,17 @@ See
[SCM] Samba Shared Repository - branch v4-15-test updated
The branch, v4-15-test has been updated via ccd0b865574 s3: VFS: ceph. Fix enumerating directories. dirfsp->fh->fd != AT_FDCWD in this case. from 9a23ff2ca2b s3: smbd: For FSCTL calls that go async, add the outstanding tevent_reqs to the aio list on the file handle. https://git.samba.org/?p=samba.git;a=shortlog;h=v4-15-test - Log - commit ccd0b8655741966930d3193900b4fa3e97cc8b1b Author: Jeremy Allison Date: Fri Jul 16 18:53:24 2021 -0700 s3: VFS: ceph. Fix enumerating directories. dirfsp->fh->fd != AT_FDCWD in this case. Same as the fix for glusterfs. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14766 Signed-off-by: Jeremy Allison Reviewed-by: Ralph Boehme Autobuild-User(master): Ralph Böhme Autobuild-Date(master): Thu Aug 5 06:15:14 UTC 2021 on sn-devel-184 (cherry picked from commit 4f093ae6c9ee5b3e0f98b47fbacb0e37fad62052) Autobuild-User(v4-15-test): Jule Anger Autobuild-Date(v4-15-test): Wed Aug 25 12:54:29 UTC 2021 on sn-devel-184 --- Summary of changes: source3/modules/vfs_ceph.c | 14 -- 1 file changed, 12 insertions(+), 2 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/modules/vfs_ceph.c b/source3/modules/vfs_ceph.c index 594ebce4b9a..3f55d724143 100644 --- a/source3/modules/vfs_ceph.c +++ b/source3/modules/vfs_ceph.c @@ -403,14 +403,23 @@ static int cephwrap_openat(struct vfs_handle_struct *handle, int flags, mode_t mode) { + struct smb_filename *name = NULL; bool have_opath = false; bool became_root = false; int result = -ENOENT; /* -* cephfs API doesn't have ceph_openat(), so for now assert this. +* ceph doesn't have openat(). */ - SMB_ASSERT(fsp_get_pathref_fd(dirfsp) == AT_FDCWD); + if (fsp_get_pathref_fd(dirfsp) != AT_FDCWD) { + name = full_path_from_dirfsp_atname(talloc_tos(), + dirfsp, + smb_fname); + if (name == NULL) { + return -1; + } + smb_fname = name; + } DBG_DEBUG("[CEPH] openat(%p, %s, %p, %d, %d)\n", handle, smb_fname_str_dbg(smb_fname), fsp, flags, mode); @@ -438,6 +447,7 @@ static int cephwrap_openat(struct vfs_handle_struct *handle, } out: + TALLOC_FREE(name); fsp->fsp_flags.have_proc_fds = false; DBG_DEBUG("[CEPH] open(...) = %d\n", result); WRAP_RETURN(result); -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-15-test updated
The branch, v4-15-test has been updated via 12f76f4292a s3: VFS: streams_depot: Allow "streams directory" outside of share path to work again. via 185f191bd43 s3: VFS: vfs_streams_depot: Factor out the code that gets the absolute stream rootdir into a function. via 6b5f770790c s3: selftest: Add a test for vfs_streams_depot with the target path outside of the share. via 20ec0ea95e9 s4: torture: CHECK ret value and fail if false via 34d2bc28460 s3: smbd: Ensure all returns from OpenDir() correctly set errno. from ccd0b865574 s3: VFS: ceph. Fix enumerating directories. dirfsp->fh->fd != AT_FDCWD in this case. https://git.samba.org/?p=samba.git;a=shortlog;h=v4-15-test - Log - commit 12f76f4292a9e56c3b6d8f549378292dc87b1ecb Author: Jeremy Allison Date: Mon Jul 19 15:10:41 2021 -0700 s3: VFS: streams_depot: Allow "streams directory" outside of share path to work again. As we're dealing with absolute paths here, we just need to temporarily replace the connectpath whilst enumerating streams. Remove knownfail file. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14760 Signed-off-by: Jeremy Allison Reviewed-by: Noel Power Autobuild-User(master): Jeremy Allison Autobuild-Date(master): Thu Aug 19 17:04:44 UTC 2021 on sn-devel-184 (cherry picked from commit 649f544ab2cf564cdecf545c549ca9703cb5cda4) Autobuild-User(v4-15-test): Jule Anger Autobuild-Date(v4-15-test): Wed Aug 25 13:49:32 UTC 2021 on sn-devel-184 commit 185f191bd43c9442e20b2e5f74171131f5e3fd57 Author: Jeremy Allison Date: Mon Jul 19 14:52:32 2021 -0700 s3: VFS: vfs_streams_depot: Factor out the code that gets the absolute stream rootdir into a function. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14760 Signed-off-by: Jeremy Allison Reviewed-by: Noel Power (cherry picked from commit 1e3232006d688fa999fb8314ce948ffb45a50e71) commit 6b5f770790ca8a1ef6ad89bc8db6e6f8a70fb58e Author: Jeremy Allison Date: Tue Jul 20 17:50:49 2021 -0700 s3: selftest: Add a test for vfs_streams_depot with the target path outside of the share. Mark as knownfail.d/simpleserver_streams BUG: https://bugzilla.samba.org/show_bug.cgi?id=14760 Signed-off-by: Jeremy Allison Reviewed-by: Noel Power (cherry picked from commit 5fdf4219c6db6d81ebe608c4313c9c9aea6dbc7c) commit 20ec0ea95e936ce4d1e9243cd377376fd5778575 Author: Noel Power Date: Thu Aug 19 12:13:27 2021 +0100 s4: torture: CHECK ret value and fail if false If we reach 'done' with ret == false without setting the torture result we get unexpected results e.g. Exception: Exception: Unknown error/failure. Missing torture_fail() or torture_assert_*() call? BUG: https://bugzilla.samba.org/show_bug.cgi?id=14760 Signed-off-by: Noel Power Reviewed-by: Jeremy Allison (cherry picked from commit 161cee6f36b1642e2096a64a4eec22a1ebf82aa2) commit 34d2bc284607ada608948bfccc7686fb14cb9c39 Author: Jeremy Allison Date: Thu Aug 19 15:43:52 2021 -0700 s3: smbd: Ensure all returns from OpenDir() correctly set errno. Complex code paths inside open_internal_dirfsp() can return an NTSTATUS, but trample on the matching errno. We need to make sure if open_internal_dirfsp() fails, errno matches the NTSTATUS return. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14805 Signed-off-by: Jeremy Allison Reviewed-by: Noel Power Autobuild-User(master): Noel Power Autobuild-Date(master): Fri Aug 20 09:56:49 UTC 2021 on sn-devel-184 (cherry picked from commit 72b4fe93f15e414ca3e7d7f0e77a5f0aae90556a) --- Summary of changes: selftest/target/Samba3.pm | 10 + source3/modules/vfs_streams_depot.c | 73 ++--- source3/selftest/tests.py | 5 +++ source3/smbd/dir.c | 2 + source4/torture/smb2/streams.c | 6 ++- 5 files changed, 80 insertions(+), 16 deletions(-) Changeset truncated at 500 lines: diff --git a/selftest/target/Samba3.pm b/selftest/target/Samba3.pm index d0ef659da99..3fe6c194ed8 100755 --- a/selftest/target/Samba3.pm +++ b/selftest/target/Samba3.pm @@ -1458,6 +1458,11 @@ sub setup_simpleserver print "PROVISIONING simple server..."; my $prefix_abs = abs_path($path); + mkdir($prefix_abs, 0777); + + my $external_streams_depot="$prefix_abs/external_streams_depot"; + remove_tree($external_streams_depot); + mkdir($external_streams_depot, 0777); my $simpleserver_options = " lanman auth = yes @@ -1531,6 +1536,11 @@ sub setup_simpleserver [hidenewfiles] path = $
[SCM] Samba Shared Repository - branch v4-15-test updated
The branch, v4-15-test has been updated via e0dc3168210 s3/rpc_server: track the number of policy handles with a talloc destructor via 1e56dc7dd19 selftest: add a test for the "deadtime" parameter from 068bdf8fbfb VERSION: Bump version up to Samba 4.15.0rc4... https://git.samba.org/?p=samba.git;a=shortlog;h=v4-15-test - Log - commit e0dc316821092b133e1c01759f4e759052fd1abc Author: Ralph Boehme Date: Mon Aug 9 15:12:31 2021 +0200 s3/rpc_server: track the number of policy handles with a talloc destructor BUG: https://bugzilla.samba.org/show_bug.cgi?id=14783 RN: smbd "deadtime" parameter doesn't work anymore Signed-off-by: Ralph Boehme Reviewed-by: Samuel Cabrero Reviewed-by: Jeremy Allison Autobuild-User(master): Jeremy Allison Autobuild-Date(master): Tue Aug 10 18:41:43 UTC 2021 on sn-devel-184 (cherry picked from commit 45a33b25c4e6b1db5d2dfa6297ccb390220a7c80) Autobuild-User(v4-15-test): Jule Anger Autobuild-Date(v4-15-test): Thu Aug 26 14:30:56 UTC 2021 on sn-devel-184 commit 1e56dc7dd19c84fe164cfbeb9c2c9aaa1beff004 Author: Ralph Boehme Date: Mon Aug 9 12:31:07 2021 +0200 selftest: add a test for the "deadtime" parameter BUG: https://bugzilla.samba.org/show_bug.cgi?id=14783 Signed-off-by: Ralph Boehme Reviewed-by: Samuel Cabrero Reviewed-by: Jeremy Allison (cherry picked from commit 39db53a1391769fc6476fa55b02add08f1b8cd75) --- Summary of changes: source3/rpc_server/rpc_handles.c | 20 +-- source3/script/tests/test_deadtime.sh | 67 +++ source3/selftest/tests.py | 4 +++ 3 files changed, 89 insertions(+), 2 deletions(-) create mode 100755 source3/script/tests/test_deadtime.sh Changeset truncated at 500 lines: diff --git a/source3/rpc_server/rpc_handles.c b/source3/rpc_server/rpc_handles.c index 9ef93231466..745ea4dd6ef 100644 --- a/source3/rpc_server/rpc_handles.c +++ b/source3/rpc_server/rpc_handles.c @@ -103,18 +103,36 @@ size_t num_pipe_handles(void) data_ptr is TALLOC_FREE()'ed / +struct hnd_cnt { + bool _dummy; +}; + +static int hnd_cnt_destructor(struct hnd_cnt *cnt) +{ + num_handles--; + return 0; +} + bool create_policy_hnd(struct pipes_struct *p, struct policy_handle *hnd, uint8_t handle_type, void *data_ptr) { struct dcesrv_handle *rpc_hnd = NULL; + struct hnd_cnt *cnt = NULL; rpc_hnd = dcesrv_handle_create(p->dce_call, handle_type); if (rpc_hnd == NULL) { return false; } + cnt = talloc_zero(rpc_hnd, struct hnd_cnt); + if (cnt == NULL) { + TALLOC_FREE(rpc_hnd); + return false; + } + talloc_set_destructor(cnt, hnd_cnt_destructor); + if (data_ptr != NULL) { rpc_hnd->data = talloc_move(rpc_hnd, _ptr); } @@ -205,8 +223,6 @@ bool close_policy_hnd(struct pipes_struct *p, TALLOC_FREE(rpc_hnd); - num_handles--; - return true; } diff --git a/source3/script/tests/test_deadtime.sh b/source3/script/tests/test_deadtime.sh new file mode 100755 index 000..68703008f02 --- /dev/null +++ b/source3/script/tests/test_deadtime.sh @@ -0,0 +1,67 @@ +#!/usr/bin/env bash +# +# Test deadtime parameter +# + +if [ $# -lt 1 ]; then +echo Usage: test_deadtime.sh IP +exit 1 +fi + +server=$1 + +incdir=`dirname $0`/../../../testprogs/blackbox +. $incdir/subunit.sh +. $incdir/common_test_fns.inc + +failed=0 + +smbclient="$BINDIR/smbclient" +smbcontrol="$BINDIR/smbcontrol" + +global_inject_conf=$(dirname $SMB_CONF_PATH)/global_inject.conf + +echo "deadtime = 1" > $global_inject_conf +$smbcontrol smbd reload-config + +cd $SELFTEST_TMPDIR || exit 1 + +# Create the smbclient communication pipes. +rm -f smbclient-stdin smbclient-stdout smbclient-stderr +mkfifo smbclient-stdin smbclient-stdout smbclient-stderr + +export CLI_FORCE_INTERACTIVE=1 +export SAMBA_DEPRECATED_SUPPRESS=1 + +# This gets inherited by smbclient and is required to smbclient doesn't get +# killed by an unhandled SIGPIPE when writing an SMB2 KEEPALIVE packet to the +# connection fd that was already closed by the server. +trap "" SIGPIPE + +$smbclient //$server/tmp -U${USER}%${PASSWORD} \ +< smbclient-stdin > smbclient-stdout 2>smbclient-stderr & +client_pid=$! + +sleep 1 + +exec 100>smbclient-stdin 101 $global_inject_conf +$smbcontrol smbd reload-config + +rm -f smbclient-stdin smbclient-stdout smbclient-stderr + +testok $0 $failed diff --git a/source3/selftest/te
[SCM] Samba Shared Repository - branch v4-15-test updated
The branch, v4-15-test has been updated via 7c8ba49b2e9 libreplace: remove now unused USE_COPY_FILE_RANGE define via 681675b68c5 vfs_default: detect EOPNOTSUPP and ENOSYS errors from copy_file_range() from c5fbec5db03 s3:libsmb: close the temporary IPC$ connection in cli_full_connection() https://git.samba.org/?p=samba.git;a=shortlog;h=v4-15-test - Log - commit 7c8ba49b2e9d963deccdea5bc16a8f43e1ce9fcf Author: Ralph Boehme Date: Thu Aug 12 18:31:40 2021 +0200 libreplace: remove now unused USE_COPY_FILE_RANGE define The only user was removed in the previous commit. We still need the preceeding checks however, based on that replace.c provides a copy_file_range() fallback. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14795 RN: copy_file_range() may fail with EOPNOTSUPP Signed-off-by: Ralph Boehme Reviewed-by: Stefan Metzmacher Autobuild-User(master): Ralph Böhme Autobuild-Date(master): Fri Aug 13 11:45:17 UTC 2021 on sn-devel-184 (cherry picked from commit 1641e6c528e027dbfff96a834b94a8654a03a168) Autobuild-User(v4-15-test): Jule Anger Autobuild-Date(v4-15-test): Mon Aug 16 07:39:08 UTC 2021 on sn-devel-184 commit 681675b68c5dbbb4089067b2db9f11d69b2d085c Author: Ralph Boehme Date: Thu Aug 12 18:23:21 2021 +0200 vfs_default: detect EOPNOTSUPP and ENOSYS errors from copy_file_range() When building in a RHEL 7 container on a RHEL 8 host, the current configure check will detect a working SYS_copy_file_range() syscall. Later when the resulting smbd binary is run in a RHEL 7 container on a RHEL 7 (vs 8 on the build host) host, SYS_copy_file_range() will fail with EOPNOTSUPP. Since the kernel support for copy_file_range() included a fallback in case filesystems didn't implement it, the caching of copy_file_range() support can be made a global via the static try_copy_file_range bool, there's no need to deal with per-fileystem behaviour differences. For the curious: SYS_copy_file_range() appeared in Linux 4.5, fallback code being vfs_copy_file_range() -> do_splice_direct(). On current kernels the fallback function is generic_copy_file_range() (which still calls do_splice_direct()) called from the filesystem backends directly or from vfs_copy_file_range() -> do_copy_file_range(). BUG: https://bugzilla.samba.org/show_bug.cgi?id=14795 Signed-off-by: Ralph Boehme Reviewed-by: Stefan Metzmacher (cherry picked from commit c25f72f401842a18cab1db2bab89deec78274d93) --- Summary of changes: lib/replace/wscript | 2 -- source3/modules/vfs_default.c | 12 +--- 2 files changed, 9 insertions(+), 5 deletions(-) Changeset truncated at 500 lines: diff --git a/lib/replace/wscript b/lib/replace/wscript index 12f995f3198..782ac5bd550 100644 --- a/lib/replace/wscript +++ b/lib/replace/wscript @@ -462,8 +462,6 @@ syscall(SYS_copy_file_range,0,NULL,0,NULL,0,0); ''', 'HAVE_SYSCALL_COPY_FILE_RANGE', msg='Checking whether we have copy_file_range system call') -if conf.CONFIG_SET('HAVE_COPY_FILE_RANGE') or conf.CONFIG_SET('HAVE_SYSCALL_COPY_FILE_RANGE'): -conf.DEFINE('USE_COPY_FILE_RANGE', 1) conf.SET_TARGET_TYPE('attr', 'EMPTY') diff --git a/source3/modules/vfs_default.c b/source3/modules/vfs_default.c index aa7dfe3192f..5701e37d5ec 100644 --- a/source3/modules/vfs_default.c +++ b/source3/modules/vfs_default.c @@ -2214,10 +2214,11 @@ static NTSTATUS vfswrap_offload_copy_file_range(struct tevent_req *req) NTSTATUS status; bool same_file; bool ok; + static bool try_copy_file_range = true; -#ifndef USE_COPY_FILE_RANGE - return NT_STATUS_MORE_PROCESSING_REQUIRED; -#endif + if (!try_copy_file_range) { + return NT_STATUS_MORE_PROCESSING_REQUIRED; + } same_file = file_id_equal(>src_fsp->file_id, >dst_fsp->file_id); @@ -2286,6 +2287,11 @@ static NTSTATUS vfswrap_offload_copy_file_range(struct tevent_req *req) (intmax_t)state->remaining, strerror(errno)); switch (errno) { + case EOPNOTSUPP: + case ENOSYS: + try_copy_file_range = false; + status = NT_STATUS_MORE_PROCESSING_REQUIRED; + break; case EXDEV: status = NT_STATUS_MORE_PROCESSING_REQUIRED; break; -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-15-test updated
The branch, v4-15-test has been updated via 4745b8e8a1b s3:winbindd: Pass the right variable to the debug message from 12f76f4292a s3: VFS: streams_depot: Allow "streams directory" outside of share path to work again. https://git.samba.org/?p=samba.git;a=shortlog;h=v4-15-test - Log - commit 4745b8e8a1bcbdfb485bfb91e39834cebfcb62bd Author: Andreas Schneider Date: Wed Aug 11 14:58:39 2021 +0200 s3:winbindd: Pass the right variable to the debug message BUG: https://bugzilla.samba.org/show_bug.cgi?id=14779 Signed-off-by: Andreas Schneider Reviewed-by: Jeremy Allison (cherry picked from commit 25941a1f97229ef27ee5ac7cc6bc9e7a300fcca0) Autobuild-User(v4-15-test): Jule Anger Autobuild-Date(v4-15-test): Wed Aug 25 14:57:17 UTC 2021 on sn-devel-184 --- Summary of changes: source3/winbindd/winbindd.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) Changeset truncated at 500 lines: diff --git a/source3/winbindd/winbindd.c b/source3/winbindd/winbindd.c index 89e62b43ca0..9b148b18a58 100644 --- a/source3/winbindd/winbindd.c +++ b/source3/winbindd/winbindd.c @@ -1826,7 +1826,7 @@ int main(int argc, const char **argv) "(%zu >= %zu)\n", lp_winbindd_socket_directory(), WINBINDD_SOCKET_NAME, - winbindd_socket_dir_len, + winbindd_socket_len, sun_path_len); exit(1); } -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-13-test updated
The branch, v4-13-test has been updated via 20ef0b16ed3 registry: check for running as root in clustering mode via 16fc7a12aca s3/lib/dbwrap: check if global_messaging_context() succeeded from 6be92d44bb7 s3/rpc_server: track the number of policy handles with a talloc destructor https://git.samba.org/?p=samba.git;a=shortlog;h=v4-13-test - Log - commit 20ef0b16ed365e0dc499bd11231a627af7a0f0e2 Author: Ralph Boehme Date: Sat Aug 7 10:52:28 2021 + registry: check for running as root in clustering mode BUG: https://bugzilla.samba.org/show_bug.cgi?id=14787 RN: net conf list crashes when run as normal user Signed-off-by: Ralph Boehme Reviewed-by: Andreas Schneider Autobuild-User(master): Ralph Böhme Autobuild-Date(master): Tue Aug 17 11:23:15 UTC 2021 on sn-devel-184 (cherry picked from commit 4809f4a6ee971bcd9767839c729b636b7582fc02) Autobuild-User(v4-13-test): Jule Anger Autobuild-Date(v4-13-test): Mon Sep 6 10:16:27 UTC 2021 on sn-devel-184 commit 16fc7a12aca6ecba72d42a86d07739a80cf7a16e Author: Ralph Boehme Date: Sat Aug 7 10:51:38 2021 + s3/lib/dbwrap: check if global_messaging_context() succeeded The subsequent messaging_ctdb_connection() will fail an assert if messaging is not up and running, maybe it's a bit better to add a check if global_messaging_context() actually succeeded. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14787 Signed-off-by: Ralph Boehme Reviewed-by: Andreas Schneider (cherry picked from commit fd19cae8d2f21977d8285efd3f29e2b480d241e9) --- Summary of changes: source3/lib/dbwrap/dbwrap_open.c | 4 source3/registry/reg_backend_db.c | 9 + 2 files changed, 13 insertions(+) Changeset truncated at 500 lines: diff --git a/source3/lib/dbwrap/dbwrap_open.c b/source3/lib/dbwrap/dbwrap_open.c index e67341607a4..2c6ce3b7104 100644 --- a/source3/lib/dbwrap/dbwrap_open.c +++ b/source3/lib/dbwrap/dbwrap_open.c @@ -149,6 +149,10 @@ struct db_context *db_open(TALLOC_CTX *mem_ctx, * to be initialized. */ msg_ctx = global_messaging_context(); + if (msg_ctx == NULL) { + DBG_ERR("Failed to initialize messaging\n"); + return NULL; + } conn = messaging_ctdb_connection(); if (conn == NULL) { diff --git a/source3/registry/reg_backend_db.c b/source3/registry/reg_backend_db.c index c870dc57ed6..423b310fe8a 100644 --- a/source3/registry/reg_backend_db.c +++ b/source3/registry/reg_backend_db.c @@ -733,6 +733,15 @@ WERROR regdb_init(void) return WERR_OK; } +/* + * Clustered Samba can only work as root because we need messaging to + * talk to ctdb which only works as root. + */ +if (lp_clustering() && geteuid() != 0) { +DBG_ERR("Cluster mode requires running as root.\n"); + return WERR_ACCESS_DENIED; +} + db_path = state_path(talloc_tos(), "registry.tdb"); if (db_path == NULL) { return WERR_NOT_ENOUGH_MEMORY; -- Samba Shared Repository
[SCM] Samba Shared Repository - annotated tag samba-4.15.0rc6 created
The annotated tag, samba-4.15.0rc6 has been created at 4630cc318db335984b96bc21fbf3fd2cd8810354 (tag) tagging 30c5a0e60e8b6c4df442ef1ecc872c4b6c599845 (commit) replaces samba-4.15.0rc5 tagged by Jule Anger on Thu Sep 9 08:32:11 2021 +0200 - Log - samba: tag release samba-4.15.0rc6 -BEGIN PGP SIGNATURE- iQIzBAABCgAdFiEEgfXigyvSVFoYl7cTqplEL7aAtiAFAmE5qmsACgkQqplEL7aA tiBUZRAAqOjZw0Nqx5wEQJhjYWcNzI323LVwIlGKbW+TfmC6nSjXrlvFfHKc2tKG 2KHKke9xU3owVMM8gAVjDik6OL8uaLTiBcTwBFF3CSOaXe98jX0MvuN1qkvTAki8 Wg7jvMTMT1ILgmZJ5m6t963bTaQ3dgkQEgN3RrCAHyponE1u+xTsfXX1baAYNgWU nGyyHbtCc6VK7tQC5wSt46wmUyvcYCn5TbxpOkjYt/jqc0yDZxxfgyzLGB7QmpId F3xqUhNj5FopmGblMUb4IzyH5L29+CxIW27UReQyiba5IiN+W8qsN1Dr7rTZTptV WT1u0k2r401vDQs/7YWhwTeNCb2E3zdg1AwV2JmBhh40NuPAg2PO9b8FXcAPVNZV szEYVteVRQM1b8gJJivpALv3BA6fSopQR27eybXSeCWF0/JeXMxmOVvUKWgwtvqy SvCeNMddAILthfIletxfVeoFNiUgIs0i4MqlfpoGBoK4bXWV+PWCHs2lEHBRmSoR 51jnB2oeJXiRZX0GRRnCVMKys/ccmEAYRkUUg+WUfyB5gGIvXZUsuXSSe3QSsCcA nEHXGlo2svLf+RNi/F4nKsUgUdU+muyWCBscrjAFZJqNsZaaAzs0PfpNEWQid44/ nuDUzKygwPdeAk5pFIFXSEs0l4p+wBnUteHVFMfjSlyY/2BWsZE= =mQYI -END PGP SIGNATURE- Andreas Schneider (10): bootstrap: Install krb5-workstation on Fedora based distros python:waf: Correctly check for python-dateutil bootstrap: Install python3-dateutil instead of python3-iso8601 on RPM distros selftest: Re-format long lines in selftesthelpers.py selftest: Add support for setting ENV variables in plansmbtorture4testsuite() selftest: Add support for setting ENV variables in plantestsuite() mit-samba: Define debug class for kdb module mit-samba: Send the logging to the kdc log facility mit-samba: Use talloc_get_type_abort() instead of casting mit-samba: Only set the function opening bracket once Andrew Bartlett (22): samba-tool domain backup offline: Use passed in samdb when backing up sam.ldb samba-tool: Rework transations/locks to hold a lock during mdb backup samba-tool domain backup: Use tdbbackup on metadata.tdb autobuild.py: Explain why each job is removed from the default set gitlab-ci/autobuild: Add new build confirming behaviour on older MIT Kerberos gitlab-ci: Move MIT builds to current Fedora so we can test against a current MIT KDC autobuild.py: Do not build MIT builds by default (eg sn-devel) build: Move minimum MIT krb5 version to 1.19 to align with what is tested mit-kdc: Remove build time support for KDB_API < 10 bootstrap: Update to get newer krb5 on Fedora 34 bootstrap: SAMBA_CI_CONTAINER_TAG is now in .gitlab-ci-main.yml Update common on currently supported Fedora versions tests/krb5: Remove harmful and a-typical return in as_req testcase tests/krb5: Allow KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN for a missing sname WHATSNEW: Update for KDC crash fixes WHATSNEW: Update with samba-tool domain backup offline fix selftest: Split up targets for samba_tool_drs from samba_tool_drs_showrepl selftest: Only run samba_tool_drs_showrepl test once dsdb: Be careful to avoid use of the expensive talloc_is_parent() selftest: Add a test for LookupSids3 and LookupNames4 in python s4-lsa: Cache sam.ldb handle in lsa_LookupSids3/LookupNames4 selftest: Add prefix to new schema attributes to avoid flapping dsdb_schema_attributes Gary Lockyer (1): initial FAST tests Joseph Sutton (81): pygensec: Fix memory leaks pygensec: Don't modify Python bytes objects tests/krb5: Fix ms_kile_client_principal_lookup_test errors tests/krb5: Fix comment typo tests/krb5: Fix method name typo tests/krb5: formatting tests/krb5: Remove unneeded statements tests/krb5: Use more compact dict lookup tests/krb5: Simplify Python syntax tests/krb5: Remove magic constants tests/krb5: Fix including enc-authorization-data tests/krb5: Fix callback_dict parameter tests/krb5: Fix encpart_decryption_key with MIT KDC tests/krb5: Expect e-data except when the error code is KDC_ERR_GENERIC tests/krb5: Check Kerberos protocol version number tests/krb5: Use credentials kvno when creating password key tests/krb5: Allow cf2 to automatically use the enctype of the first key tests/krb5: Refactor get_pa_data() tests/krb5: Add get_enc_timestamp_pa_data_from_key() tests/krb5: Add method to return dict containing padata elements tests/krb5: Make _test_as_exchange() return value more consistent tests/krb5: Add get_EpochFromKerberosTime() tests/krb5: Use encryption with admin credentials tests/krb5: Allow specifying additional details when creating an account tests/krb5: Add more methods for obtaining machine and service credentials tests/krb5: Add method to calculate account salt tests/krb5:
[SCM] Samba Shared Repository - branch v4-15-test updated
The branch, v4-15-test has been updated via 2baaa891bb3 VERSION: Bump version up to Samba 4.15.0rc7... via 30c5a0e60e8 VERSION: Disable GIT_SNAPSHOT for the 4.15.0rc6 release. via 718da33d4e6 WHATSNEW: Add release notes for Samba 4.15.0rc6. from 45b5c9074e7 selftest: Add prefix to new schema attributes to avoid flapping dsdb_schema_attributes https://git.samba.org/?p=samba.git;a=shortlog;h=v4-15-test - Log - commit 2baaa891bb3690a2783eb2c5e45368c320e27236 Author: Jule Anger Date: Thu Sep 9 08:27:18 2021 +0200 VERSION: Bump version up to Samba 4.15.0rc7... and re-enable GIT_SNAPSHOT. Signed-off-by: Jule Anger commit 30c5a0e60e8b6c4df442ef1ecc872c4b6c599845 Author: Jule Anger Date: Thu Sep 9 08:25:57 2021 +0200 VERSION: Disable GIT_SNAPSHOT for the 4.15.0rc6 release. Signed-off-by: Jule Anger commit 718da33d4e6d4c958f1e1c20761b496f447f40f5 Author: Jule Anger Date: Thu Sep 9 08:24:41 2021 +0200 WHATSNEW: Add release notes for Samba 4.15.0rc6. Signed-off-by: Jule Anger --- Summary of changes: VERSION | 2 +- WHATSNEW.txt | 32 +++- 2 files changed, 32 insertions(+), 2 deletions(-) Changeset truncated at 500 lines: diff --git a/VERSION b/VERSION index c47655ceb3c..efc0c7f02d6 100644 --- a/VERSION +++ b/VERSION @@ -87,7 +87,7 @@ SAMBA_VERSION_PRE_RELEASE= # e.g. SAMBA_VERSION_RC_RELEASE=1 # # -> "3.0.0rc1" # -SAMBA_VERSION_RC_RELEASE=6 +SAMBA_VERSION_RC_RELEASE=7 # To mark SVN snapshots this should be set to 'yes'# diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 2f3e1422485..739a0b319ca 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,7 +1,7 @@ Release Announcements = -This is the fifth release candidate of Samba 4.15. This is *not* +This is the sixth release candidate of Samba 4.15. This is *not* intended for production environments and is designed for testing purposes only. Please report any defects via the Samba bug reporting system at https://bugzilla.samba.org/. @@ -341,6 +341,36 @@ smb.conf changes winbind scan trusted domainsChanged No +CHANGES SINCE 4.15.0rc5 +=== + +o Andrew Bartlett + * BUG 14806: Address a signifcant performance regression in database access + in the AD DC since Samba 4.12. + * BUG 14807: Fix performance regression in lsa_LookupSids3/LookupNames4 since + Samba 4.9 by using an explicit database handle cache. + * BUG 14817: An unuthenticated user can crash the AD DC KDC by omitting the + server name in a TGS-REQ. + * BUG 14818: Address flapping samba_tool_drs_showrepl test. + * BUG 14819: Address flapping dsdb_schema_attributes test. + +o Luke Howard + * BUG 14817: An unuthenticated user can crash the AD DC KDC by omitting the + server name in a TGS-REQ. + +o Gary Lockyer + * BUG 14817: An unuthenticated user can crash the AD DC KDC by omitting the + server name in a TGS-REQ. + +o Andreas Schneider + * BUG 14817: An unuthenticated user can crash the AD DC KDC by omitting the + server name in a TGS-REQ. + +o Joseph Sutton + * BUG 14817: An unuthenticated user can crash the AD DC KDC by omitting the + server name in a TGS-REQ. + + CHANGES SINCE 4.15.0rc4 === -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-15-stable updated
The branch, v4-15-stable has been updated via 30c5a0e60e8 VERSION: Disable GIT_SNAPSHOT for the 4.15.0rc6 release. via 718da33d4e6 WHATSNEW: Add release notes for Samba 4.15.0rc6. via 45b5c9074e7 selftest: Add prefix to new schema attributes to avoid flapping dsdb_schema_attributes via 1252f2c170c s4-lsa: Cache sam.ldb handle in lsa_LookupSids3/LookupNames4 via bb825a909e9 selftest: Add a test for LookupSids3 and LookupNames4 in python via 86d3397f852 dsdb: Be careful to avoid use of the expensive talloc_is_parent() via d18232cdcfc selftest: Only run samba_tool_drs_showrepl test once via 8c246869e14 selftest: Split up targets for samba_tool_drs from samba_tool_drs_showrepl via 5cec6963b69 WHATSNEW: Update with samba-tool domain backup offline fix via 0cc8a4708f0 WHATSNEW: Update for KDC crash fixes via 7ca641892b3 tests/krb5: Allow KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN for a missing sname via 0fd150e4844 kdc: KRB5KDC_ERR_{C,S}_PRINCIPAL_UNKNOWN if missing field via dcbec3eab52 tests/krb5: Allow expected_error_mode to be a container type via 8d17a87523b tests/krb5: Add tests for omitting sname in inner request via c837f43a9cd tests/krb5: Allow specifying parameters specific to the inner FAST request body via b628cda6604 tests/krb5: Add tests for omitting sname in request via 83ba64c9106 tests/krb5: Check PADATA-PW-SALT element in e-data via 13cb2664266 tests/krb5: Check e-data element for TGS-REP errors without FAST via 2762a9dcee4 tests/krb5: Remove harmful and a-typical return in as_req testcase via f50f9618efa CVE-2021-3671 tests/krb5: Add tests for omitting sname in outer request via d9de103cc58 CVE-2021-3671 HEIMDAL kdc: validate sname in TGS-REQ via 1ae386bf725 tests/krb5: Add test for sending PA-ENCRYPTED-CHALLENGE without FAST via b6496bd5990 tests/krb5: Make cname checking less strict via c9b594a1a21 tests/krb5: Make e-data checking less strict via ef69ac460bc Update common on currently supported Fedora versions via d0f26d12a9b bootstrap: SAMBA_CI_CONTAINER_TAG is now in .gitlab-ci-main.yml via 04cbe284f4e bootstrap: Update to get newer krb5 on Fedora 34 via 2c7d7307ae3 mit-kdc: Remove build time support for KDB_API < 10 via 0cf8c13b940 build: Move minimum MIT krb5 version to 1.19 to align with what is tested via e30483eb251 autobuild.py: Do not build MIT builds by default (eg sn-devel) via 1dd8ded8c57 gitlab-ci: Move MIT builds to current Fedora so we can test against a current MIT KDC via 961bdab6647 gitlab-ci/autobuild: Add new build confirming behaviour on older MIT Kerberos via e850967129d autobuild.py: Explain why each job is removed from the default set via 521adb2fd3e samba-tool domain backup: Use tdbbackup on metadata.tdb via 2f8295604ce samba-tool: Rework transations/locks to hold a lock during mdb backup via 21e1a6b48d6 samba-tool domain backup offline: Use passed in samdb when backing up sam.ldb via 535bd82604e mit-samba: Only set the function opening bracket once via 13dff7227f4 mit-samba: Use talloc_get_type_abort() instead of casting via 9698e453ae9 mit-samba: Send the logging to the kdc log facility via 4bf41b6ccf5 mit-samba: Define debug class for kdb module via 07cfa4d6f95 tests/krb5: Add FAST tests via 003307b7d34 initial FAST tests via 18c2ff9a3c6 tests/krb5: Check PADATA-FX-ERROR in reply via 54f1f269f0a tests/krb5: Allow generic_check_kdc_error() to check inner FAST errors via d6acfe270d0 tests/krb5: Check PADATA-PAC-OPTIONS in reply via 1e9a7cd0a81 tests/krb5: Make generic_check_kdc_error() also work for checking TGS replies via 464a7efe1b2 tests/krb5: Make check_rep_padata() also work for checking TGS replies via 220f76a98eb tests/krb5: Check PADATA-FX-COOKIE in reply via 18b587ad53b tests/krb5: Check PADATA-ENCRYPTED-CHALLENGE in reply via 904df7418b8 tests/krb5: Adjust reply padata checking depending on whether FAST was sent via 19aaacb5b2b tests/krb5: Check reply FAST padata if request included FAST via 5fc7588d3cc tests/krb5: Check sname is krbtgt for FAST generic error via fc2ec4b9e01 tests/krb5: Add get_krbtgt_sname() method via 6ed03543ea0 tests/krb5: Remove unused variables via 2e9c0a7ff2f tests/krb5: Don't expect RC4 in ETYPE-INFO2 for a non-error reply via 4d8b3dcd2f7 tests/krb5: Add check_rep_padata() method to check padata in reply via 7628f04aa64 tests/krb5: Add generate_simple_fast() method to generate FX-FAST padata via 5893e9dc6d6 tests/krb5: Include authdata in kdc_exchange_dict via d544371bd15 tests/krb5: Add expected_cname_private parameter to kdc_exchange_dict
[SCM] Samba Website Repository - branch master updated
The branch, master has been updated via a0b4d29 NEWS[4.15.0rc6]: Samba 4.15.0rc6 Available for Download from 7289e15 support/globalsupport.html: update my description https://git.samba.org/?p=samba-web.git;a=shortlog;h=master - Log - commit a0b4d291df4f6d54cb7ce597c6121cbaffb3 Author: Jule Anger Date: Thu Sep 9 08:32:45 2021 +0200 NEWS[4.15.0rc6]: Samba 4.15.0rc6 Available for Download Signed-off-by: Jule Anger --- Summary of changes: posted_news/20210909-063410.4.15.0rc6.body.html | 12 posted_news/20210909-063410.4.15.0rc6.headline.html | 3 +++ 2 files changed, 15 insertions(+) create mode 100644 posted_news/20210909-063410.4.15.0rc6.body.html create mode 100644 posted_news/20210909-063410.4.15.0rc6.headline.html Changeset truncated at 500 lines: diff --git a/posted_news/20210909-063410.4.15.0rc6.body.html b/posted_news/20210909-063410.4.15.0rc6.body.html new file mode 100644 index 000..ca4a7dd --- /dev/null +++ b/posted_news/20210909-063410.4.15.0rc6.body.html @@ -0,0 +1,12 @@ + +09 September 2021 +Samba 4.15.0rc6 Available for Download + +This is the 6th release candidate of the upcoming Samba 4.15 release series. + + +The uncompressed tarball has been signed using GnuPG (ID AA99442FB680B620). +The source code can be https://download.samba.org/pub/samba/rc/samba-4.15.0rc6.tar.gz;>downloaded now. +See https://download.samba.org/pub/samba/rc/samba-4.15.0rc6.WHATSNEW.txt;>the release notes for more info. + + diff --git a/posted_news/20210909-063410.4.15.0rc6.headline.html b/posted_news/20210909-063410.4.15.0rc6.headline.html new file mode 100644 index 000..444d767 --- /dev/null +++ b/posted_news/20210909-063410.4.15.0rc6.headline.html @@ -0,0 +1,3 @@ + + 09 September 2021 Samba 4.15.0rc6 Available for Download + -- Samba Website Repository
[SCM] Samba Shared Repository - branch v4-13-test updated
The branch, v4-13-test has been updated via 4ada6c24a5c selftest: Add prefix to new schema attributes to avoid flapping dsdb_schema_attributes via 33ef89475b0 s4-lsa: Cache sam.ldb handle in lsa_LookupSids3/LookupNames4 via be4f4f4f594 selftest: Add a test for LookupSids3 and LookupNames4 in python via 02c40fd92dc dsdb: Be careful to avoid use of the expensive talloc_is_parent() via 49a15402f4d selftest: Only run samba_tool_drs_showrepl test once via a69c7cb30fd selftest: Split up targets for samba_tool_drs from samba_tool_drs_showrepl from a7fe21a0d66 VERSION: Bump version up to Samba 4.13.12... https://git.samba.org/?p=samba.git;a=shortlog;h=v4-13-test - Log - commit 4ada6c24a5c3c9f0924f90fc11747cd0969f Author: Andrew Bartlett Date: Mon Sep 6 08:52:21 2021 +1200 selftest: Add prefix to new schema attributes to avoid flapping dsdb_schema_attributes If two of these unit tests run in the same second they could select the same name, as the name was only based on the time and a common prefix. As observed by Jeremy Allison. Thanks for the report! RN: Address flapping dsdb_schema_attributes test BUG: https://bugzilla.samba.org/show_bug.cgi?id=14819 Signed-off-by: Andrew Bartlett Reviewed-by: Jeremy Allison Autobuild-User(master): Jeremy Allison Autobuild-Date(master): Mon Sep 6 02:32:51 UTC 2021 on sn-devel-184 (cherry picked from commit 6590bb0b77c641f0d4686b39c713c1405ffb64f5) Autobuild-User(v4-13-test): Jule Anger Autobuild-Date(v4-13-test): Fri Sep 10 15:09:48 UTC 2021 on sn-devel-184 commit 33ef89475b09dcdbbad2048c47961a95eb2f1558 Author: Andrew Bartlett Date: Wed Aug 25 12:03:08 2021 +1200 s4-lsa: Cache sam.ldb handle in lsa_LookupSids3/LookupNames4 Since 5c0345ea9bb34695dcd7be6c913748323bebe937 this would not have been implicitly cached via the ldb_wrap cache, due to the recording of the remote IP address (which is a good thing). This creates a more explicit and direct correct cache on the connection. The common code, including the SCHANNEL check is placed into a helper function. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14807 RN: Fix performance regression in lsa_LookupSids3/LookupNames4 since Samba 4.9 by using an explicit database handle cache Signed-off-by: Andrew Bartlett Reviewed-by: Jeremy Allison Autobuild-User(master): Jeremy Allison Autobuild-Date(master): Sun Sep 5 03:19:26 UTC 2021 on sn-devel-184 (cherry picked from commit ae57d22e45b33537e9fca5969e9b68abd1ad633f) commit be4f4f4f5942ee1f762e6645e42916f3f6fc7ad6 Author: Andrew Bartlett Date: Wed Aug 25 09:54:04 2021 + selftest: Add a test for LookupSids3 and LookupNames4 in python BUG: https://bugzilla.samba.org/show_bug.cgi?id=14807 Signed-off-by: Andrew Bartlett Reviewed-by: Jeremy Allison (cherry picked from commit b40761b42e889369599c5eb355028ba377c43b49) commit 02c40fd92dcd7224228dc232d5fdf0738d313a36 Author: Andrew Bartlett Date: Wed Aug 25 09:41:11 2021 +1200 dsdb: Be careful to avoid use of the expensive talloc_is_parent() The wrong talloc API was selected while addressing a memory leak. commit ee2fe56ba0ef6626b634376e8dc2185aa89f8c99 Author: Aaron Haslett Date: Tue Nov 27 11:07:44 2018 +1300 drepl: memory leak fix Fixes a memory leak where schema reference attached to ldb instance is lost before it can be freed. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14042 Signed-off-by: Aaron Haslett Reviewed-by: Andrew Bartlett Reviewed-by: Garming Sam Autobuild-User(master): Garming Sam Autobuild-Date(master): Wed Jul 17 06:17:10 UTC 2019 on sn-devel-184 By using talloc_get_parent() walking the entire talloc tree is avoided. RN: Address a signifcant performance regression in database access in the AD DC since Samba 4.12 BUG: https://bugzilla.samba.org/show_bug.cgi?id=14806 Signed-off-by: Andrew Bartlett Reviewed-by: Jeremy Allison (cherry picked from commit 8affe4a1e625104de4ca024fdc3e9cd96498aff3) commit 49a15402f4d2fe36405ad9507d1d84757bb8a876 Author: Andrew Bartlett Date: Sat Sep 4 13:11:08 2021 +1200 selftest: Only run samba_tool_drs_showrepl test once This test is not slow, but there is no value running it twice. Running this test twice just increases the chances we might loose a race as it shows and validates live replication data. Signed-off-by: Andrew Bartlett Reviewed-by: Jeremy Allison (cherry picked from commit 75a5ed66731e947fa16af81aab7649d1fddec45f) commit
[SCM] Samba Shared Repository - branch v4-15-test updated
The branch, v4-15-test has been updated via a7b9904c90b docs: Avoid duplicate information on USER and PASSWD, reference the common section via 4ad10cf8e82 docs: Document all the other ways to send a password to smbclient et al via 8416bcce6a7 docs: Ensure to rebuild manpages if samba.entities or samba.version changes via 33f06d10a03 docs-xml: use upper case for "{client,server} smb3 {signing,encryption} algorithms" values from 2baaa891bb3 VERSION: Bump version up to Samba 4.15.0rc7... https://git.samba.org/?p=samba.git;a=shortlog;h=v4-15-test - Log - commit a7b9904c90bd82475ffa328f763e7df00446e9fb Author: Andrew Bartlett Date: Tue Aug 10 09:20:45 2021 +1200 docs: Avoid duplicate information on USER and PASSWD, reference the common section BUG: https://bugzilla.samba.org/show_bug.cgi?id=14791 Signed-off-by: Andrew Bartlett Reviewed-by: Jeremy Allison Autobuild-User(master): Jeremy Allison Autobuild-Date(master): Thu Sep 9 00:52:09 UTC 2021 on sn-devel-184 (cherry picked from commit 18e08c709002506fe217ca6a7a098fcdc00f8c29) Autobuild-User(v4-15-test): Jule Anger Autobuild-Date(v4-15-test): Fri Sep 10 14:54:25 UTC 2021 on sn-devel-184 commit 4ad10cf8e82d6c69f9918db154f588fc27c13842 Author: Andrew Bartlett Date: Tue Aug 10 09:14:08 2021 +1200 docs: Document all the other ways to send a password to smbclient et al This was previously hidden knowlege not easily available to administrators and end users. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14791 Signed-off-by: Andrew Bartlett Reviewed-by: Jeremy Allison (cherry picked from commit 9b50d2e52e6c85bc3ab991cd8a4b870aff397bda) commit 8416bcce6a7ba088a97e7883496c3dc51c149187 Author: Andrew Bartlett Date: Tue Aug 10 09:13:15 2021 +1200 docs: Ensure to rebuild manpages if samba.entities or samba.version changes BUG: https://bugzilla.samba.org/show_bug.cgi?id=14791 Signed-off-by: Andrew Bartlett Reviewed-by: Jeremy Allison (cherry picked from commit a363742635c54a6cb19363f4be9d2be2b731a5e6) commit 33f06d10a03a3e51fe0774491f73a392471f4f81 Author: Stefan Metzmacher Date: Wed Sep 8 15:10:14 2021 +0200 docs-xml: use upper case for "{client,server} smb3 {signing,encryption} algorithms" values This matches what smbstatus prints out. Note there's also the removal of an '-' in "hmac-sha-256" => HMAC-SHA256". BUG: https://bugzilla.samba.org/show_bug.cgi?id=14825 RN: "{client,server} smb3 {signing,encryption} algorithms" should use the same strings as smbstatus output Signed-off-by: Stefan Metzmacher Reviewed-by: Ralph Boehme Autobuild-User(master): Ralph Böhme Autobuild-Date(master): Wed Sep 8 16:37:07 UTC 2021 on sn-devel-184 (cherry picked from commit 867c6ff9f3f28ab4bfa0cb1660889f3f5be0d111) --- Summary of changes: buildtools/wafsamba/wafsamba.py| 6 ++- docs-xml/build/DTD/samba.entities | 52 +- docs-xml/manpages/smbclient.1.xml | 14 ++ .../security/clientsmbencryptionalgos.xml | 8 ++-- .../smbdotconf/security/clientsmbsigningalgos.xml | 10 ++--- .../security/serversmbencryptionalgos.xml | 8 ++-- .../smbdotconf/security/serversmbsigningalgos.xml | 10 ++--- lib/param/loadparm.h | 4 +- libcli/smb/util.c | 14 +++--- 9 files changed, 77 insertions(+), 49 deletions(-) Changeset truncated at 500 lines: diff --git a/buildtools/wafsamba/wafsamba.py b/buildtools/wafsamba/wafsamba.py index 4fe9daf160e..0427c90ca80 100644 --- a/buildtools/wafsamba/wafsamba.py +++ b/buildtools/wafsamba/wafsamba.py @@ -946,9 +946,13 @@ def SAMBAMANPAGES(bld, manpages, extra_source=None): bld.env.SAMBA_CATALOGS = 'file:///etc/xml/catalog file:///usr/local/share/xml/catalog file://' + bld.env.SAMBA_CATALOG for m in manpages.split(): -source = m + '.xml' +source = [m + '.xml'] if extra_source is not None: source = [source, extra_source] +# ${SRC[1]} and ${SRC[2]} are not referenced in the +# SAMBA_GENERATOR but trigger the dependency calculation so +# ensures that manpages are rebuilt when these change. +source += ['build/DTD/samba.entities', 'build/DTD/samba.build.version'] bld.SAMBA_GENERATOR(m, source=source, target=m, diff --git a/docs-xml/build/DTD/samba.entities b/docs-xml/build/DTD/samba.entities index 80e051e7684..beff3cb1f6e 100644 --- a/docs-xml/build/DTD/samba.entities +++ b/docs
[SCM] Samba Shared Repository - branch v4-15-test updated
The branch, v4-15-test has been updated via bddd7db7b2f WHATSNEW: The New VFS via bd730209109 Don't use sysconf(_SC_NGROUPS_MAX) on macOS for getgroups() via 92251109fa2 smbd: fix "ea support = no" via 13ba74a67a3 WHATSNEW: unknown options now trigger an error in all tools via cc39fca1f5a WHATSNEW: clarify the -e and -s handling for ldb tools via b52fdad21fb s4/torture/masktest: don't ignore unknown options via 1eaab01e178 s4/torture/locktest: don't ignore unknown options via 047274d1278 s4/torture/gentest: don't ignore unknown options via 79f231a5484 s4/regtree: don't ignore unknown options via b87f953efb9 s4/regshell: don't ignore unknown options via f377070e75b s4/regpatch: don't ignore unknown options via 9e0b596ab76 s4/regdiff: don't ignore unknown options via c4dc60a7992 s4/cifsdd: don't ignore unknown options via c94c2bb7503 testparm: don't ignore unknown options via 7c0725daaf3 split_tokens: don't ignore unknown options via ece1e503d84 smbtree: don't ignore unknown options via 3e5d5713a10 smbget: don't ignore unknown options via 647e2865eb3 smbcquotas: don't ignore unknown options via 2270e098c02 smbcacls: don't ignore unknown options via eeebabe4067 sharesec: don't ignore unknown options via 9af6e536edd regedit: don't ignore unknown options via 02144f364e6 profiles: don't ignore unknown options via 362c9f28a36 pdbedit: don't ignore unknown options via 609509f8ed1 ntlm_auth: don't ignore unknown options via 84579c965b1 nmblookup: don't ignore unknown options via 99eca1a3329 mvxattr: don't ignore unknown options via df0e4a6b67d log2pcaphex: don't ignore unknown options via 2f8aabd1761 s3/async-tracker: don't ignore unknown options via e5f6c2e25c5 vfstest: don't ignore unknown options via 7bee957378e pdbtest: don't ignore unknown options via 66dd6cc6286 rpcclient: don't ignore unknown options via 424135b1796 s3/param: don't ignore unknown options via 4af952f4ccd source3/lib/smbconf: don't ignore unknown options via a0e860c2360 nmblookup: don't ignore unknown options via 6e320e7f767 s4/smbclient: don't ignore unknown options via 43f57091f7f smbstatus: don't ignore unknown options via 26ccc96a41d texpect: don't ignore unknown options via be8c65fb748 smbclient: don't ignore unknown options via 223ac583cfa selftest: remove unsupported smbcacls option --get via 619baa2390f lib/cmdline: restore s3 option name --max-protocol for MAXPROTOCOL from 4.14 via ec937b7035d manpages: remove duplicate options from smbclient via 4ccc9a4c391 selftest: fix ---configfile option via b2934e2a726 lib/cmdline: fix --configfile handling of POPT_COMMON_CONFIG_ONLY used by ntlm_auth via 35d474c3030 vfs_btrfs: fix btrfs_fget_compression() from a7b9904c90b docs: Avoid duplicate information on USER and PASSWD, reference the common section https://git.samba.org/?p=samba.git;a=shortlog;h=v4-15-test - Log - commit bddd7db7b2f8f238ae2d7222cc5bbd63545f0eba Author: Ralph Boehme Date: Mon Sep 13 07:51:41 2021 +0200 WHATSNEW: The New VFS Signed-off-by: Ralph Boehme Reviewed-by: Jeremy Allison Autobuild-User(v4-15-test): Jule Anger Autobuild-Date(v4-15-test): Mon Sep 13 08:51:05 UTC 2021 on sn-devel-184 commit bd7302091099d6b5052f59ea0f5dca4539954327 Author: Alex Richardson Date: Fri Oct 5 09:35:40 2018 +0100 Don't use sysconf(_SC_NGROUPS_MAX) on macOS for getgroups() On MacOS sysconf(_SC_NGROUPS_MAX) always returns 16. However, this is not the value used by getgroups(2). MacOS uses nested groups but getgroups(2) will return the flattened list which can easily exceed 16 groups. In my testing getgroups() already returns 16 groups on a freshly installed system. And on a 10.14 system the root user is in more than 16 groups by default which makes it impossible to run smbd without this change. Setting _DARWIN_UNLIMITED_GETGROUPS allows getgroups() to return more than 16 groups. This also changes set_unix_security_ctx() to only set up to 16 groups since that is the limit for initgroups() according to the manpage. BUG: https://bugzilla.samba.org/show_bug.cgi?id=8773 Signed-off-by: Alex Richardson Reviewed-by: Andrew Bartlett Reviewed-by: Jeremy Allison Autobuild-User(master): Jeremy Allison Autobuild-Date(master): Thu Sep 9 17:43:19 UTC 2021 on sn-devel-184 (cherry picked from commit 2c18a982537ea1a62e4d802c9ae0ef06b36158dc) commit 92251109fa2211706380ba5729e6dbbcb94d1bd9 Author: Ralph Boehme Date: Sat Sep 11 12:33:37 2021 +0200 smbd: fix "ea support = no"
[SCM] Samba Shared Repository - branch v4-14-test updated
The branch, v4-14-test has been updated via e9cbf386be7 vfs_btrfs: fix btrfs_fget_compression() via 78f183faa6d selftest: Add prefix to new schema attributes to avoid flapping dsdb_schema_attributes via 207f232abac s4-lsa: Cache sam.ldb handle in lsa_LookupSids3/LookupNames4 via 105014ed48b selftest: Add a test for LookupSids3 and LookupNames4 in python via 59f6d56f4ef dsdb: Be careful to avoid use of the expensive talloc_is_parent() via 7b66c0cec9f selftest: Only run samba_tool_drs_showrepl test once via e6555e25414 selftest: Split up targets for samba_tool_drs from samba_tool_drs_showrepl from b5cbbf0542c s3: smbd: Fix openat_pathref_fsp() to cope with FIFO's in the filesystem. https://git.samba.org/?p=samba.git;a=shortlog;h=v4-14-test - Log - commit e9cbf386be77230e3c3d51b878953bf4afbf93ff Author: Ralph Boehme Date: Mon Aug 9 19:30:21 2021 +0200 vfs_btrfs: fix btrfs_fget_compression() BUG: https://bugzilla.samba.org/show_bug.cgi?id=14790 RB: vfs_btrfs compression support broken Reported-by: noel.kuntze@thermi.consulting Signed-off-by: Ralph Boehme Reviewed-by: Jeremy Allison (cherry picked from commit ed35fce4fe48b1fa26854a7b4bb151b5c5fb6fc6) Autobuild-User(v4-14-test): Jule Anger Autobuild-Date(v4-14-test): Mon Sep 13 08:59:52 UTC 2021 on sn-devel-184 commit 78f183faa6db04e485a217bfc59f7ef3458dda7e Author: Andrew Bartlett Date: Mon Sep 6 08:52:21 2021 +1200 selftest: Add prefix to new schema attributes to avoid flapping dsdb_schema_attributes If two of these unit tests run in the same second they could select the same name, as the name was only based on the time and a common prefix. As observed by Jeremy Allison. Thanks for the report! RN: Address flapping dsdb_schema_attributes test BUG: https://bugzilla.samba.org/show_bug.cgi?id=14819 Signed-off-by: Andrew Bartlett Reviewed-by: Jeremy Allison Autobuild-User(master): Jeremy Allison Autobuild-Date(master): Mon Sep 6 02:32:51 UTC 2021 on sn-devel-184 (cherry picked from commit 6590bb0b77c641f0d4686b39c713c1405ffb64f5) commit 207f232abacc872600b4c91847a70bd53618f12b Author: Andrew Bartlett Date: Wed Aug 25 12:03:08 2021 +1200 s4-lsa: Cache sam.ldb handle in lsa_LookupSids3/LookupNames4 Since 5c0345ea9bb34695dcd7be6c913748323bebe937 this would not have been implicitly cached via the ldb_wrap cache, due to the recording of the remote IP address (which is a good thing). This creates a more explicit and direct correct cache on the connection. The common code, including the SCHANNEL check is placed into a helper function. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14807 RN: Fix performance regression in lsa_LookupSids3/LookupNames4 since Samba 4.9 by using an explicit database handle cache Signed-off-by: Andrew Bartlett Reviewed-by: Jeremy Allison Autobuild-User(master): Jeremy Allison Autobuild-Date(master): Sun Sep 5 03:19:26 UTC 2021 on sn-devel-184 (cherry picked from commit ae57d22e45b33537e9fca5969e9b68abd1ad633f) commit 105014ed48bbdab7723fa15e5f9e81b332f34478 Author: Andrew Bartlett Date: Wed Aug 25 09:54:04 2021 + selftest: Add a test for LookupSids3 and LookupNames4 in python BUG: https://bugzilla.samba.org/show_bug.cgi?id=14807 Signed-off-by: Andrew Bartlett Reviewed-by: Jeremy Allison (cherry picked from commit b40761b42e889369599c5eb355028ba377c43b49) commit 59f6d56f4ef4a8cde8a4e50bb6ab1a51093de025 Author: Andrew Bartlett Date: Wed Aug 25 09:41:11 2021 +1200 dsdb: Be careful to avoid use of the expensive talloc_is_parent() The wrong talloc API was selected while addressing a memory leak. commit ee2fe56ba0ef6626b634376e8dc2185aa89f8c99 Author: Aaron Haslett Date: Tue Nov 27 11:07:44 2018 +1300 drepl: memory leak fix Fixes a memory leak where schema reference attached to ldb instance is lost before it can be freed. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14042 Signed-off-by: Aaron Haslett Reviewed-by: Andrew Bartlett Reviewed-by: Garming Sam Autobuild-User(master): Garming Sam Autobuild-Date(master): Wed Jul 17 06:17:10 UTC 2019 on sn-devel-184 By using talloc_get_parent() walking the entire talloc tree is avoided. RN: Address a signifcant performance regression in database access in the AD DC since Samba 4.12 BUG: https://bugzilla.samba.org/show_bug.cgi?id=14806 Signed-off-by: Andrew Bartlett Reviewed-by: Jeremy Allison (cherry picked from commit 8affe4a1e625104de4ca024fdc3e9cd96498aff3) commit
[SCM] Samba Shared Repository - branch v4-15-stable updated
The branch, v4-15-stable has been updated via 9f5b76a42d7 VERSION: Disable GIT_SNAPSHOT for the 4.15.0rc7 release. via 54d6868e169 WHATSNEW: Add release notes for Samba 4.15.0rc7. via 8d4c482410c ctdb-daemon: Don't mark a node as unhealthy when connecting to it via 7c353e6e383 ctdb-daemon: Ignore flag changes for disconnected nodes via 665b380d249 ctdb-daemon: Simplify ctdb_control_modflags() via f340dcbc675 ctdb-recoverd: Mark CTDB_SRVID_SET_NODE_FLAGS obsolete via c8a9f9147c2 ctdb-daemon: Don't bother sending CTDB_SRVID_SET_NODE_FLAGS via 17e0a052da0 ctdb-daemon: Modernise remaining debug macro in this function via 05d2f5e41c7 ctdb-daemon: Update logging for flag changes via e634ddde5e6 ctdb-daemon: Correct the condition for logging unchanged flags via 9f06ec8b108 ctdb-tools: Use disable and enable controls in tool via 772126bd68b ctdb-client: Add client code for disable/enable controls via 8ed5910b847 ctdb_daemon: Implement controls DISABLE_NODE/ENABLE_NODE via b5f8913f359 ctdb-daemon: Start as disabled means PERMANENTLY_DISABLED via c61b5e7b489 ctdb-daemon: Factor out a function to get node structure from PNN via 65d64194b6d ctdb-daemon: Add a helper variable via 675d68caabc ctdb-protocol: Add marshalling for controls DISABLE_NODE/ENABLE_NODE via 84a285851d7 ctdb-protocol: Add new controls to disable and enable nodes via c01d48d7a54 ctdb-recoverd: Push flags for a node if any remote node disagrees via 2cc4b917f78 ctdb-recoverd: Update the local node map before pushing out flags via f8fa33ac320 ctdb-recoverd: Add a helper variable via bddd7db7b2f WHATSNEW: The New VFS via bd730209109 Don't use sysconf(_SC_NGROUPS_MAX) on macOS for getgroups() via 92251109fa2 smbd: fix "ea support = no" via 13ba74a67a3 WHATSNEW: unknown options now trigger an error in all tools via cc39fca1f5a WHATSNEW: clarify the -e and -s handling for ldb tools via b52fdad21fb s4/torture/masktest: don't ignore unknown options via 1eaab01e178 s4/torture/locktest: don't ignore unknown options via 047274d1278 s4/torture/gentest: don't ignore unknown options via 79f231a5484 s4/regtree: don't ignore unknown options via b87f953efb9 s4/regshell: don't ignore unknown options via f377070e75b s4/regpatch: don't ignore unknown options via 9e0b596ab76 s4/regdiff: don't ignore unknown options via c4dc60a7992 s4/cifsdd: don't ignore unknown options via c94c2bb7503 testparm: don't ignore unknown options via 7c0725daaf3 split_tokens: don't ignore unknown options via ece1e503d84 smbtree: don't ignore unknown options via 3e5d5713a10 smbget: don't ignore unknown options via 647e2865eb3 smbcquotas: don't ignore unknown options via 2270e098c02 smbcacls: don't ignore unknown options via eeebabe4067 sharesec: don't ignore unknown options via 9af6e536edd regedit: don't ignore unknown options via 02144f364e6 profiles: don't ignore unknown options via 362c9f28a36 pdbedit: don't ignore unknown options via 609509f8ed1 ntlm_auth: don't ignore unknown options via 84579c965b1 nmblookup: don't ignore unknown options via 99eca1a3329 mvxattr: don't ignore unknown options via df0e4a6b67d log2pcaphex: don't ignore unknown options via 2f8aabd1761 s3/async-tracker: don't ignore unknown options via e5f6c2e25c5 vfstest: don't ignore unknown options via 7bee957378e pdbtest: don't ignore unknown options via 66dd6cc6286 rpcclient: don't ignore unknown options via 424135b1796 s3/param: don't ignore unknown options via 4af952f4ccd source3/lib/smbconf: don't ignore unknown options via a0e860c2360 nmblookup: don't ignore unknown options via 6e320e7f767 s4/smbclient: don't ignore unknown options via 43f57091f7f smbstatus: don't ignore unknown options via 26ccc96a41d texpect: don't ignore unknown options via be8c65fb748 smbclient: don't ignore unknown options via 223ac583cfa selftest: remove unsupported smbcacls option --get via 619baa2390f lib/cmdline: restore s3 option name --max-protocol for MAXPROTOCOL from 4.14 via ec937b7035d manpages: remove duplicate options from smbclient via 4ccc9a4c391 selftest: fix ---configfile option via b2934e2a726 lib/cmdline: fix --configfile handling of POPT_COMMON_CONFIG_ONLY used by ntlm_auth via 35d474c3030 vfs_btrfs: fix btrfs_fget_compression() via a7b9904c90b docs: Avoid duplicate information on USER and PASSWD, reference the common section via 4ad10cf8e82 docs: Document all the other ways to send a password to smbclient et al via 8416bcce6a7 docs: Ensure to rebuild manpages if samba.entities
[SCM] Samba Website Repository - branch master updated
The branch, master has been updated via bbd6860 NEWS[4.15.0rc7]: Samba 4.15.0rc7 Available for Download from a0b4d29 NEWS[4.15.0rc6]: Samba 4.15.0rc6 Available for Download https://git.samba.org/?p=samba-web.git;a=shortlog;h=master - Log - commit bbd686033536a9a94a0180d2b3f033b0f128e5a2 Author: Jule Anger Date: Mon Sep 13 15:44:13 2021 +0200 NEWS[4.15.0rc7]: Samba 4.15.0rc7 Available for Download Signed-off-by: Jule Anger --- Summary of changes: posted_news/20210913-134603.4.15.0rc7.body.html | 12 posted_news/20210913-134603.4.15.0rc7.headline.html | 3 +++ 2 files changed, 15 insertions(+) create mode 100644 posted_news/20210913-134603.4.15.0rc7.body.html create mode 100644 posted_news/20210913-134603.4.15.0rc7.headline.html Changeset truncated at 500 lines: diff --git a/posted_news/20210913-134603.4.15.0rc7.body.html b/posted_news/20210913-134603.4.15.0rc7.body.html new file mode 100644 index 000..c7b3b75 --- /dev/null +++ b/posted_news/20210913-134603.4.15.0rc7.body.html @@ -0,0 +1,12 @@ + +13 September 2021 +Samba 4.15.0rc7 Available for Download + +This is the 7th release candidate of the upcoming Samba 4.15 release series. + + +The uncompressed tarball has been signed using GnuPG (ID AA99442FB680B620). +The source code can be https://download.samba.org/pub/samba/rc/samba-4.15.0rc7.tar.gz;>downloaded now. +See https://download.samba.org/pub/samba/rc/samba-4.15.0rc7.WHATSNEW.txt;>the release notes for more info. + + diff --git a/posted_news/20210913-134603.4.15.0rc7.headline.html b/posted_news/20210913-134603.4.15.0rc7.headline.html new file mode 100644 index 000..0fd071e --- /dev/null +++ b/posted_news/20210913-134603.4.15.0rc7.headline.html @@ -0,0 +1,3 @@ + + 13 September 2021 Samba 4.15.0rc7 Available for Download + -- Samba Website Repository
[SCM] Samba Shared Repository - branch v4-15-test updated
The branch, v4-15-test has been updated via 8d4c482410c ctdb-daemon: Don't mark a node as unhealthy when connecting to it via 7c353e6e383 ctdb-daemon: Ignore flag changes for disconnected nodes via 665b380d249 ctdb-daemon: Simplify ctdb_control_modflags() via f340dcbc675 ctdb-recoverd: Mark CTDB_SRVID_SET_NODE_FLAGS obsolete via c8a9f9147c2 ctdb-daemon: Don't bother sending CTDB_SRVID_SET_NODE_FLAGS via 17e0a052da0 ctdb-daemon: Modernise remaining debug macro in this function via 05d2f5e41c7 ctdb-daemon: Update logging for flag changes via e634ddde5e6 ctdb-daemon: Correct the condition for logging unchanged flags via 9f06ec8b108 ctdb-tools: Use disable and enable controls in tool via 772126bd68b ctdb-client: Add client code for disable/enable controls via 8ed5910b847 ctdb_daemon: Implement controls DISABLE_NODE/ENABLE_NODE via b5f8913f359 ctdb-daemon: Start as disabled means PERMANENTLY_DISABLED via c61b5e7b489 ctdb-daemon: Factor out a function to get node structure from PNN via 65d64194b6d ctdb-daemon: Add a helper variable via 675d68caabc ctdb-protocol: Add marshalling for controls DISABLE_NODE/ENABLE_NODE via 84a285851d7 ctdb-protocol: Add new controls to disable and enable nodes via c01d48d7a54 ctdb-recoverd: Push flags for a node if any remote node disagrees via 2cc4b917f78 ctdb-recoverd: Update the local node map before pushing out flags via f8fa33ac320 ctdb-recoverd: Add a helper variable from bddd7db7b2f WHATSNEW: The New VFS https://git.samba.org/?p=samba.git;a=shortlog;h=v4-15-test - Log - commit 8d4c482410c4de451d26ce004247e9cc10aea832 Author: Martin Schwenke Date: Fri Jul 9 17:25:32 2021 +1000 ctdb-daemon: Don't mark a node as unhealthy when connecting to it Remote nodes are already initialised as UNHEALTHY when the node list is initialised at startup (ctdb_load_nodes_file() calls convert_node_map_to_list()) and when disconnected (ctdb_node_dead()). So, drop this code. RN: Fix CTDB flag/status update race conditions BUG: https://bugzilla.samba.org/show_bug.cgi?id=14784 Signed-off-by: Martin Schwenke Reviewed-by: Amitay Isaacs Autobuild-User(master): Amitay Isaacs Autobuild-Date(master): Thu Sep 9 02:38:34 UTC 2021 on sn-devel-184 (cherry picked from commit 9e7d2d9794af7251c42cb22f23ee9f86c6ea05c1) Autobuild-User(v4-15-test): Jule Anger Autobuild-Date(v4-15-test): Mon Sep 13 12:33:53 UTC 2021 on sn-devel-184 commit 7c353e6e383b408de9d2823b32ff8e0527510d02 Author: Martin Schwenke Date: Tue Jul 27 15:50:54 2021 +1000 ctdb-daemon: Ignore flag changes for disconnected nodes If this node is not connected to a node then we shouldn't know anything about it. The state will be pushed later by the recovery master. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14784 Signed-off-by: Martin Schwenke Signed-off-by: Amitay Isaacs (cherry picked from commit 7f697b1938efb3972f03f25546bf807d5af9a26c) commit 665b380d2490f312c7409a3c9d29572ad3664216 Author: Martin Schwenke Date: Thu Jul 8 11:11:11 2021 +1000 ctdb-daemon: Simplify ctdb_control_modflags() Now that there are separate disable/enable controls used by the ctdb tool this control can ignore any flag updates for the current nodes. These only come from the recovery master, which depends on being able to fetch flags for all nodes. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14784 Signed-off-by: Martin Schwenke Reviewed-by: Amitay Isaacs (cherry picked from commit ae10a8a4b70e53ea3be6257d1f86f2d9a56aa62a) commit f340dcbc675ec0efecaccf3a3258435dde85dd51 Author: Martin Schwenke Date: Wed Jan 17 19:04:34 2018 +1100 ctdb-recoverd: Mark CTDB_SRVID_SET_NODE_FLAGS obsolete CTDB_SRVID_SET_NODE_FLAGS is no longer sent so drop monitor_handler() and replace with srvid_not_implemented(). Mark the SRVID obsolete in its comment. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14784 Signed-off-by: Martin Schwenke Reviewed-by: Amitay Isaacs (cherry picked from commit 916c5ee131dc5c7f1d9c3540147d1f915c8302ad) commit c8a9f9147c2215b14d9b666954948b592b646b12 Author: Martin Schwenke Date: Thu Jul 8 11:32:20 2021 +1000 ctdb-daemon: Don't bother sending CTDB_SRVID_SET_NODE_FLAGS The code that handles this message is ctdb_recoverd.c:monitor_handler(). Although it appears to do something potentially useful, it only logs the flags changes. All changes made are to local structures - there are no actual side-effects. It used to trigger a takeover run when the DISABLED flag changed. This was dropped back in commit 662f06de9fdce7b1bc1772a4fbe43de271564917
[SCM] Samba Shared Repository - branch v4-13-test updated
The branch, v4-13-test has been updated via cea68cbf537 ctdb-daemon: Don't mark a node as unhealthy when connecting to it via 479fc4fee0c ctdb-daemon: Ignore flag changes for disconnected nodes via cc3ce341ee1 ctdb-daemon: Simplify ctdb_control_modflags() via 3ab6be4f7bc ctdb-recoverd: Mark CTDB_SRVID_SET_NODE_FLAGS obsolete via 7c4daa7ffa0 ctdb-daemon: Don't bother sending CTDB_SRVID_SET_NODE_FLAGS via c4d7ed5eac4 ctdb-daemon: Modernise remaining debug macro in this function via 3d2313dc906 ctdb-daemon: Update logging for flag changes via 85372296a7e ctdb-daemon: Correct the condition for logging unchanged flags via c89f30810d3 ctdb-tools: Use disable and enable controls in tool via 75b8b5de3e8 ctdb-client: Add client code for disable/enable controls via ce58aefb4ee ctdb_daemon: Implement controls DISABLE_NODE/ENABLE_NODE via 7aac8fd9e5e ctdb-daemon: Start as disabled means PERMANENTLY_DISABLED via 65f9b5520d2 ctdb-daemon: Factor out a function to get node structure from PNN via e3578ea22cb ctdb-daemon: Add a helper variable via 3d797b570b0 ctdb-protocol: Add marshalling for controls DISABLE_NODE/ENABLE_NODE via ac8bbe2d0ae ctdb-protocol: Add new controls to disable and enable nodes via 74aa5b204e2 ctdb-recoverd: Push flags for a node if any remote node disagrees via e93c885426d ctdb-recoverd: Update the local node map before pushing out flags via 76f8dffb527 ctdb-recoverd: Add a helper variable from 4ada6c24a5c selftest: Add prefix to new schema attributes to avoid flapping dsdb_schema_attributes https://git.samba.org/?p=samba.git;a=shortlog;h=v4-13-test - Log - commit cea68cbf537b6d44eb199126dc2ccf97fd3fff55 Author: Martin Schwenke Date: Fri Jul 9 17:25:32 2021 +1000 ctdb-daemon: Don't mark a node as unhealthy when connecting to it Remote nodes are already initialised as UNHEALTHY when the node list is initialised at startup (ctdb_load_nodes_file() calls convert_node_map_to_list()) and when disconnected (ctdb_node_dead()). So, drop this code. RN: Fix CTDB flag/status update race conditions BUG: https://bugzilla.samba.org/show_bug.cgi?id=14784 Signed-off-by: Martin Schwenke Reviewed-by: Amitay Isaacs Autobuild-User(master): Amitay Isaacs Autobuild-Date(master): Thu Sep 9 02:38:34 UTC 2021 on sn-devel-184 (cherry picked from commit 9e7d2d9794af7251c42cb22f23ee9f86c6ea05c1) Autobuild-User(v4-13-test): Jule Anger Autobuild-Date(v4-13-test): Mon Sep 13 14:13:00 UTC 2021 on sn-devel-184 commit 479fc4fee0c78dd8e6fcab929480d08ec5ccfba2 Author: Martin Schwenke Date: Tue Jul 27 15:50:54 2021 +1000 ctdb-daemon: Ignore flag changes for disconnected nodes If this node is not connected to a node then we shouldn't know anything about it. The state will be pushed later by the recovery master. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14784 Signed-off-by: Martin Schwenke Signed-off-by: Amitay Isaacs (cherry picked from commit 7f697b1938efb3972f03f25546bf807d5af9a26c) commit cc3ce341ee17d46bc8461b8628641d9f7c0c033c Author: Martin Schwenke Date: Thu Jul 8 11:11:11 2021 +1000 ctdb-daemon: Simplify ctdb_control_modflags() Now that there are separate disable/enable controls used by the ctdb tool this control can ignore any flag updates for the current nodes. These only come from the recovery master, which depends on being able to fetch flags for all nodes. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14784 Signed-off-by: Martin Schwenke Reviewed-by: Amitay Isaacs (cherry picked from commit ae10a8a4b70e53ea3be6257d1f86f2d9a56aa62a) commit 3ab6be4f7bc672c719ea6891736ecc6448bab1be Author: Martin Schwenke Date: Wed Jan 17 19:04:34 2018 +1100 ctdb-recoverd: Mark CTDB_SRVID_SET_NODE_FLAGS obsolete CTDB_SRVID_SET_NODE_FLAGS is no longer sent so drop monitor_handler() and replace with srvid_not_implemented(). Mark the SRVID obsolete in its comment. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14784 Signed-off-by: Martin Schwenke Reviewed-by: Amitay Isaacs (cherry picked from commit 916c5ee131dc5c7f1d9c3540147d1f915c8302ad) commit 7c4daa7ffa05c2fb6ef710ba107cdb47a0e57811 Author: Martin Schwenke Date: Thu Jul 8 11:32:20 2021 +1000 ctdb-daemon: Don't bother sending CTDB_SRVID_SET_NODE_FLAGS The code that handles this message is ctdb_recoverd.c:monitor_handler(). Although it appears to do something potentially useful, it only logs the flags changes. All changes made are to local structures - there are no actual side-effects. It used to trigger a takeover run when the DISABLED flag changed
[SCM] Samba Shared Repository - branch v4-15-test updated
The branch, v4-15-test has been updated via bb9e236768f VERSION: Bump version up to Samba 4.15.0rc8... via 9f5b76a42d7 VERSION: Disable GIT_SNAPSHOT for the 4.15.0rc7 release. via 54d6868e169 WHATSNEW: Add release notes for Samba 4.15.0rc7. from 8d4c482410c ctdb-daemon: Don't mark a node as unhealthy when connecting to it https://git.samba.org/?p=samba.git;a=shortlog;h=v4-15-test - Log - commit bb9e236768f3c5811300e234bb716b6f68b3d379 Author: Jule Anger Date: Mon Sep 13 15:37:43 2021 +0200 VERSION: Bump version up to Samba 4.15.0rc8... and re-enable GIT_SNAPSHOT. Signed-off-by: Jule Anger commit 9f5b76a42d76457260b5a63fd498a477558b9180 Author: Jule Anger Date: Mon Sep 13 15:36:56 2021 +0200 VERSION: Disable GIT_SNAPSHOT for the 4.15.0rc7 release. Signed-off-by: Jule Anger commit 54d6868e169825273c0ceb3a83933f50f3923ab8 Author: Jule Anger Date: Mon Sep 13 15:35:52 2021 +0200 WHATSNEW: Add release notes for Samba 4.15.0rc7. Signed-off-by: Jule Anger --- Summary of changes: VERSION | 2 +- WHATSNEW.txt | 26 +- 2 files changed, 26 insertions(+), 2 deletions(-) Changeset truncated at 500 lines: diff --git a/VERSION b/VERSION index efc0c7f02d6..91c60b2b518 100644 --- a/VERSION +++ b/VERSION @@ -87,7 +87,7 @@ SAMBA_VERSION_PRE_RELEASE= # e.g. SAMBA_VERSION_RC_RELEASE=1 # # -> "3.0.0rc1" # -SAMBA_VERSION_RC_RELEASE=7 +SAMBA_VERSION_RC_RELEASE=8 # To mark SVN snapshots this should be set to 'yes'# diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 424859a0f25..bf63cf2b908 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,7 +1,7 @@ Release Announcements = -This is the sixth release candidate of Samba 4.15. This is *not* +This is the seventh release candidate of Samba 4.15. This is *not* intended for production environments and is designed for testing purposes only. Please report any defects via the Samba bug reporting system at https://bugzilla.samba.org/. @@ -356,6 +356,30 @@ smb.conf changes winbind scan trusted domainsChanged No +CHANGES SINCE 4.15.0rc6 +=== + +o Andrew Bartlett + * BUG 14791: All the ways to specify a password are not documented. + +o Ralph Boehme + * BUG 14790: vfs_btrfs compression support broken. + * BUG 14828: Problems with commandline parsing. + * BUG 14829: smbd crashes when "ea support" is set to no. + +o Stefan Metzmacher + * BUG 14825: "{client,server} smb3 {signing,encryption} algorithms" should + use the same strings as smbstatus output. + * BUG 14828: Problems with commandline parsing. + +o Alex Richardson + * BUG 8773: smbd fails to run as root because it belongs to more than 16 + groups on MacOS X. + +o Martin Schwenke + * BUG 14784: Fix CTDB flag/status update race conditions. + + CHANGES SINCE 4.15.0rc5 === -- Samba Shared Repository
[SCM] Samba Shared Repository - annotated tag samba-4.15.0rc7 created
The annotated tag, samba-4.15.0rc7 has been created at e22bbd447523b3de50ff822b98fdc366402cbc96 (tag) tagging 9f5b76a42d76457260b5a63fd498a477558b9180 (commit) replaces samba-4.15.0rc6 tagged by Jule Anger on Mon Sep 13 15:44:01 2021 +0200 - Log - samba: tag release samba-4.15.0rc7 -BEGIN PGP SIGNATURE- iQIzBAABCgAdFiEEgfXigyvSVFoYl7cTqplEL7aAtiAFAmE/VaEACgkQqplEL7aA tiB6Qg//SD18vDlR6qeecgKek9PAh/SlfmYyzcwyz9ZfBj1DFhi5F4rLd3PV3pKs qAAGidcF5DTo9NZb70HCusp815umH9Ld3QtXgoo8AvnOC9BowT2vQk1uh++fNGQz OhM0WTe7WiZeiJkvM1b18oSb8n77HCANWVT0y5sTljaxnhuh3/PqepmUCEOm/x0c c0By8+Sy1UNU7iWt3STGVkB3uj9BxvtcqHvDF1YLNzDr32a59HMtD5rvOVrVRafm LEsClgwwibxy+ndm4s3V9Ng8MRN46IffZ9v01gQkji2JuACkHoOtm5gl62kWG1wO wAIJxRO42GjiGC3RfyJPH6s0j7sODIO4YwnVgbjVUOoI4mDBGhLFHUnrTSryTepv E/XdikYg1nY7GHT+ryQ0F7EWttReV1BZJafcEJ4PXlFTcRIKNmUC0mXZ+Z8aP9QP f9veeVBhofgxKm3uO556MQ9dXERwPcR9hzYic56FvQEZy0mmSzWeu9tlQf831QFi +0pD3YOZ7rxTc2+2fwLwlJNOkz5TtEBngpcx2bvX29SElN36nEjztunPnvwtQB9W FDHjrtNGoFIWCOkQ9HlET72cWQPTCzJlf9uskMNxoLRoR5uPHwHl13klphS4lrvI JmbEQ+GBIZntr2ie59mvmS5QzHkqt9OFLLomr9pvYFoh1suhbz8= =+tqt -END PGP SIGNATURE- Alex Richardson (1): Don't use sysconf(_SC_NGROUPS_MAX) on macOS for getgroups() Andrew Bartlett (3): docs: Ensure to rebuild manpages if samba.entities or samba.version changes docs: Document all the other ways to send a password to smbclient et al docs: Avoid duplicate information on USER and PASSWD, reference the common section Jule Anger (3): VERSION: Bump version up to Samba 4.15.0rc7... WHATSNEW: Add release notes for Samba 4.15.0rc7. VERSION: Disable GIT_SNAPSHOT for the 4.15.0rc7 release. Martin Schwenke (19): ctdb-recoverd: Add a helper variable ctdb-recoverd: Update the local node map before pushing out flags ctdb-recoverd: Push flags for a node if any remote node disagrees ctdb-protocol: Add new controls to disable and enable nodes ctdb-protocol: Add marshalling for controls DISABLE_NODE/ENABLE_NODE ctdb-daemon: Add a helper variable ctdb-daemon: Factor out a function to get node structure from PNN ctdb-daemon: Start as disabled means PERMANENTLY_DISABLED ctdb_daemon: Implement controls DISABLE_NODE/ENABLE_NODE ctdb-client: Add client code for disable/enable controls ctdb-tools: Use disable and enable controls in tool ctdb-daemon: Correct the condition for logging unchanged flags ctdb-daemon: Update logging for flag changes ctdb-daemon: Modernise remaining debug macro in this function ctdb-daemon: Don't bother sending CTDB_SRVID_SET_NODE_FLAGS ctdb-recoverd: Mark CTDB_SRVID_SET_NODE_FLAGS obsolete ctdb-daemon: Simplify ctdb_control_modflags() ctdb-daemon: Ignore flag changes for disconnected nodes ctdb-daemon: Don't mark a node as unhealthy when connecting to it Ralph Boehme (40): vfs_btrfs: fix btrfs_fget_compression() selftest: fix ---configfile option manpages: remove duplicate options from smbclient lib/cmdline: restore s3 option name --max-protocol for MAXPROTOCOL from 4.14 selftest: remove unsupported smbcacls option --get texpect: don't ignore unknown options smbstatus: don't ignore unknown options s4/smbclient: don't ignore unknown options nmblookup: don't ignore unknown options source3/lib/smbconf: don't ignore unknown options s3/param: don't ignore unknown options rpcclient: don't ignore unknown options pdbtest: don't ignore unknown options vfstest: don't ignore unknown options s3/async-tracker: don't ignore unknown options log2pcaphex: don't ignore unknown options mvxattr: don't ignore unknown options nmblookup: don't ignore unknown options ntlm_auth: don't ignore unknown options pdbedit: don't ignore unknown options profiles: don't ignore unknown options regedit: don't ignore unknown options sharesec: don't ignore unknown options smbcacls: don't ignore unknown options smbcquotas: don't ignore unknown options smbget: don't ignore unknown options smbtree: don't ignore unknown options split_tokens: don't ignore unknown options testparm: don't ignore unknown options s4/cifsdd: don't ignore unknown options s4/regdiff: don't ignore unknown options s4/regpatch: don't ignore unknown options s4/regshell: don't ignore unknown options s4/regtree: don't ignore unknown options s4/torture/gentest: don't ignore unknown options s4/torture/locktest: don't ignore unknown options s4/torture/masktest: don't ignore unknown options WHATSNEW: unknown options now trigger an error in all tools smbd: fix "ea support = no" WHATSNEW: The New VFS Stefan Metzmacher (4): docs-xml: use upper case for "{clie
[SCM] Samba Shared Repository - branch v4-14-test updated
The branch, v4-14-test has been updated via 551a39d890a ctdb-daemon: Don't mark a node as unhealthy when connecting to it via 2d6cf082db5 ctdb-daemon: Ignore flag changes for disconnected nodes via 814844538aa ctdb-daemon: Simplify ctdb_control_modflags() via a7ea1ab3e6a ctdb-recoverd: Mark CTDB_SRVID_SET_NODE_FLAGS obsolete via eab3ee12fe0 ctdb-daemon: Don't bother sending CTDB_SRVID_SET_NODE_FLAGS via e3eeffafff8 ctdb-daemon: Modernise remaining debug macro in this function via cfbac3b5ab9 ctdb-daemon: Update logging for flag changes via c906c9a0b39 ctdb-daemon: Correct the condition for logging unchanged flags via 00c1757d92e ctdb-tools: Use disable and enable controls in tool via c8d130f139a ctdb-client: Add client code for disable/enable controls via cb64c64ddb3 ctdb_daemon: Implement controls DISABLE_NODE/ENABLE_NODE via e158aa6d9bd ctdb-daemon: Start as disabled means PERMANENTLY_DISABLED via 116db8d54f8 ctdb-daemon: Factor out a function to get node structure from PNN via 50596cf0029 ctdb-daemon: Add a helper variable via 79961f5a33a ctdb-protocol: Add marshalling for controls DISABLE_NODE/ENABLE_NODE via 88660d4e2f8 ctdb-protocol: Add new controls to disable and enable nodes via c61fe558427 ctdb-recoverd: Push flags for a node if any remote node disagrees via c1e217c0e2e ctdb-recoverd: Update the local node map before pushing out flags via 69f744e539f ctdb-recoverd: Add a helper variable from e9cbf386be7 vfs_btrfs: fix btrfs_fget_compression() https://git.samba.org/?p=samba.git;a=shortlog;h=v4-14-test - Log - commit 551a39d890acb2405a1d1e011e56dc566e8a36f7 Author: Martin Schwenke Date: Fri Jul 9 17:25:32 2021 +1000 ctdb-daemon: Don't mark a node as unhealthy when connecting to it Remote nodes are already initialised as UNHEALTHY when the node list is initialised at startup (ctdb_load_nodes_file() calls convert_node_map_to_list()) and when disconnected (ctdb_node_dead()). So, drop this code. RN: Fix CTDB flag/status update race conditions BUG: https://bugzilla.samba.org/show_bug.cgi?id=14784 Signed-off-by: Martin Schwenke Reviewed-by: Amitay Isaacs Autobuild-User(master): Amitay Isaacs Autobuild-Date(master): Thu Sep 9 02:38:34 UTC 2021 on sn-devel-184 (cherry picked from commit 9e7d2d9794af7251c42cb22f23ee9f86c6ea05c1) Autobuild-User(v4-14-test): Jule Anger Autobuild-Date(v4-14-test): Tue Sep 14 07:37:32 UTC 2021 on sn-devel-184 commit 2d6cf082db51cb5c2748d1cb893e2befc2ae56ef Author: Martin Schwenke Date: Tue Jul 27 15:50:54 2021 +1000 ctdb-daemon: Ignore flag changes for disconnected nodes If this node is not connected to a node then we shouldn't know anything about it. The state will be pushed later by the recovery master. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14784 Signed-off-by: Martin Schwenke Signed-off-by: Amitay Isaacs (cherry picked from commit 7f697b1938efb3972f03f25546bf807d5af9a26c) commit 814844538aaf97aed54082b4d6b9e22b3fe9b220 Author: Martin Schwenke Date: Thu Jul 8 11:11:11 2021 +1000 ctdb-daemon: Simplify ctdb_control_modflags() Now that there are separate disable/enable controls used by the ctdb tool this control can ignore any flag updates for the current nodes. These only come from the recovery master, which depends on being able to fetch flags for all nodes. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14784 Signed-off-by: Martin Schwenke Reviewed-by: Amitay Isaacs (cherry picked from commit ae10a8a4b70e53ea3be6257d1f86f2d9a56aa62a) commit a7ea1ab3e6a32cf1d6a6012f95ef5db7410ad78e Author: Martin Schwenke Date: Wed Jan 17 19:04:34 2018 +1100 ctdb-recoverd: Mark CTDB_SRVID_SET_NODE_FLAGS obsolete CTDB_SRVID_SET_NODE_FLAGS is no longer sent so drop monitor_handler() and replace with srvid_not_implemented(). Mark the SRVID obsolete in its comment. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14784 Signed-off-by: Martin Schwenke Reviewed-by: Amitay Isaacs (cherry picked from commit 916c5ee131dc5c7f1d9c3540147d1f915c8302ad) commit eab3ee12fe01f9fc814e0fd92b28d13dd62c9bf1 Author: Martin Schwenke Date: Thu Jul 8 11:32:20 2021 +1000 ctdb-daemon: Don't bother sending CTDB_SRVID_SET_NODE_FLAGS The code that handles this message is ctdb_recoverd.c:monitor_handler(). Although it appears to do something potentially useful, it only logs the flags changes. All changes made are to local structures - there are no actual side-effects. It used to trigger a takeover run when the DISABLED flag changed. This was dropped back in commit
[SCM] Samba Shared Repository - branch v4-15-test updated
The branch, v4-15-test has been updated via defbbe7127f s4/samba: POPT_COMMON_DAEMON via c65fb0b0a0e winbindd: use POPT_COMMON_DAEMON via 3eef217a9da nmbd: use POPT_COMMON_DAEMON via e1be4413c99 smbd: use POPT_COMMON_DAEMON via 476ed842726 lib/cmdline: restore pre-4.15 logging behaviour for daemons via 29c895c6d8a lib/cmdline: add POPT_COMMON_DAEMON daemon popt options via 4889512c705 s3: smbd: Fix openat_pathref_fsp() to cope with FIFO's in the filesystem. via 5ec6be2ae36 s3: smbd: Add fifo test for the DISABLE_OPATH case. via b5b0471caf3 s3:winbind: Do not start if the priviliged socket path is too long via 915784c099c WHATSNEW: servers are now also logging to stderr at startup via 6bae027bf57 WHATSNEW: fix a typo via 51d64ce925b script/autobuild.py: Restore MIT ADDC tests against fl2008* via 57b266e23c4 s3: smbd: In create_conn_struct_cwd(), don't TALLOC_FREE() an unallocated pointer on error. via 2ed234deee3 s3: mdssvc: Correctly disconnect the VFS connection inside the mds_ctx destructor. via cf4845f9b35 winbind: ensure wb_parent_idmap_setup_send() gets called in winbindd_allocate_uid_send() via 591bd2f3405 winbindd: call wb_parent_idmap_setup_send() in wb_queryuser_send() via 16306431a24 registry: check for running as root in clustering mode via 189bb79ac74 s3/lib/dbwrap: check if global_messaging_context() succeeded via 19485894d4b vfs_gpfs: deal with pathrefs fsps in smbd_gpfs_set_times() via a0fe4423b8e lib/gpfswrap: add gpfs_set_times_path() wrapper via 85e5508c4d9 vfs_gpfs: remove ENOSYS fallback from vfs_gpfs_fntimes() via f626ffdf6d5 vfs_gpfs: pass fsp to smbd_gpfs_set_times() via 3fe4d78f021 vfs_gpfs: deal with pathref fsps in vfs_gpfs_fntimes() via 45a63783526 vfs_gpfs: add sys_proc_fd_path() fallback to vfs_gpfs_fset_dos_attributes() via e07c7110e55 vfs_gpfs: remove ENOSYS fallback from vfs_gpfs_fset_dos_attributes() via ee741bcc44c vfs_gpfs: add path based fallback for gpfswrap_fstat_x() on pathref handles via 896a92e0382 vfs_gpfs: check for O_PATH support in gpfswrap_fstat_x() via 3db79fdfd61 vfs_gpfs: make vfs_gpfs_connect() a no-op on IPC shares via 81fa1a65849 vfs_gpfs: don't check for struct gpfs_config_data in vfs_gpfs_[l]stat() via f171810b970 vfs_gpfs: call SMB_VFS_NEXT_CONNECT() before running some module initialization code via 5b80738ec02 smbd: avoid calling creating a pathref in smb_set_file_dosmode() from 8cc118dacc9 VERSION: Bump version up to 4.15.0rc5... https://git.samba.org/?p=samba.git;a=shortlog;h=v4-15-test - Log - commit defbbe7127fde7c73485b8dea18eb2543cda7973 Author: Ralph Boehme Date: Fri Sep 3 14:04:22 2021 +0200 s4/samba: POPT_COMMON_DAEMON Note: this also changes logging to go to stderr instead of stdout which is the same behaviour as smbd, nmbd and winbindd (starting with 4.15). BUG: https://bugzilla.samba.org/show_bug.cgi?id=14803 RN: smbd/winbindd started in daemon mode generate output on stderr/stdout Signed-off-by: Ralph Boehme Reviewed-by: Volker Lendecke Autobuild-User(master): Ralph Böhme Autobuild-Date(master): Mon Sep 6 14:23:15 UTC 2021 on sn-devel-184 (cherry picked from commit 28686f8713958726085bd38a0889aa7725c95371) Autobuild-User(v4-15-test): Jule Anger Autobuild-Date(v4-15-test): Mon Sep 6 20:17:51 UTC 2021 on sn-devel-184 commit c65fb0b0a0e2867c0656bb5a84606f70d02dbe65 Author: Ralph Boehme Date: Fri Sep 3 12:25:00 2021 +0200 winbindd: use POPT_COMMON_DAEMON Note: this also changes logging to go to stderr instead of stdout which is the same behaviour as smbd and nmbd (starting with 4.15). BUG: https://bugzilla.samba.org/show_bug.cgi?id=14803 Signed-off-by: Ralph Boehme Reviewed-by: Volker Lendecke (cherry picked from commit 9d82454cdfc2b4b8007c7b54b3afd5686f49be19) commit 3eef217a9daba415774680b4f4c0bf1188909edd Author: Ralph Boehme Date: Fri Sep 3 12:14:19 2021 +0200 nmbd: use POPT_COMMON_DAEMON BUG: https://bugzilla.samba.org/show_bug.cgi?id=14803 Signed-off-by: Ralph Boehme Reviewed-by: Volker Lendecke (cherry picked from commit a20f63b384750d389aeafd4bd5e229aed72cb271) commit e1be4413c990f75f7efe9dc2c62a86646f2932d4 Author: Ralph Boehme Date: Fri Sep 3 07:33:39 2021 +0200 smbd: use POPT_COMMON_DAEMON BUG: https://bugzilla.samba.org/show_bug.cgi?id=14803 Signed-off-by: Ralph Boehme Reviewed-by: Volker Lendecke (cherry picked from commit ae22442db437061aada6427adde205cd13f1d202) commit 476ed842726a77cd16a2dafd4dfbc987a12b6cfe Author: Ralph Boehme Date: Fri Sep 3 07:28:45 2021 +0200 lib
[SCM] Samba Shared Repository - branch v4-13-test updated
The branch, v4-13-test has been updated via a7fe21a0d66 VERSION: Bump version up to Samba 4.13.12... via 2119f9f9f66 VERSION: Disable GIT_SNAPSHOT for the 4.13.11 release. via 14acad25bd2 WHATSNEW: Add release notes for Samba 4.13.11. from 20ef0b16ed3 registry: check for running as root in clustering mode https://git.samba.org/?p=samba.git;a=shortlog;h=v4-13-test - Log - commit a7fe21a0d666ec33108cb1507bfd491e21b6e019 Author: Jule Anger Date: Tue Sep 7 08:54:06 2021 +0200 VERSION: Bump version up to Samba 4.13.12... and re-enable GIT_SNAPSHOT. Signed-off-by: Jule Anger commit 2119f9f9f66b66ae07fb6dea84c74f5b8b735880 Author: Jule Anger Date: Tue Sep 7 08:52:16 2021 +0200 VERSION: Disable GIT_SNAPSHOT for the 4.13.11 release. Signed-off-by: Jule Anger commit 14acad25bd2fa7f8b44e17c0c8ea770da099ce69 Author: Jule Anger Date: Tue Sep 7 08:50:15 2021 +0200 WHATSNEW: Add release notes for Samba 4.13.11. Signed-off-by: Jule Anger --- Summary of changes: VERSION | 2 +- WHATSNEW.txt | 58 -- 2 files changed, 57 insertions(+), 3 deletions(-) Changeset truncated at 500 lines: diff --git a/VERSION b/VERSION index 49a0d6e775a..ee13bf3ceef 100644 --- a/VERSION +++ b/VERSION @@ -25,7 +25,7 @@ SAMBA_VERSION_MAJOR=4 SAMBA_VERSION_MINOR=13 -SAMBA_VERSION_RELEASE=11 +SAMBA_VERSION_RELEASE=12 # If a official release has a serious bug # diff --git a/WHATSNEW.txt b/WHATSNEW.txt index c141d32b62e..4b33797845e 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,3 +1,58 @@ + === + Release Notes for Samba 4.13.11 + September 07, 2021 + === + + +This is the latest stable release of the Samba 4.13 release series. + + +Changes since 4.13.10 +- + +o Jeremy Allison + * BUG 14769: smbd panic on force-close share during offload write. + +o Ralph Boehme + * BUG 14731: Fix returned attributes on fake quota file handle and avoid + hitting the VFS. + * BUG 14783: smbd "deadtime" parameter doesn't work anymore. + * BUG 14787: net conf list crashes when run as normal user. + +o Stefan Metzmacher + * BUG 14607: Work around special SMB2 READ response behavior of NetApp Ontap + 7.3.7. + * BUG 14793: Start the SMB encryption as soon as possible. + +o Andreas Schneider + * BUG 14792: Winbind should not start if the socket path for the privileged + pipe is too long. + + +### +Reporting bugs & Development Discussion +### + +Please discuss this release on the samba-technical mailing list or by +joining the #samba-technical IRC channel on irc.freenode.net. + +If you do report problems then please try to send high quality +feedback. If you don't provide vital information to help us track down +the problem then you will probably be ignored. All bug reports should +be filed under the Samba 4.1 and newer product in the project's Bugzilla +database (https://bugzilla.samba.org/). + + +== +== Our Code, Our Bugs, Our Responsibility. +== The Samba Team +== + + +Release notes for older releases follow: + + + === Release Notes for Samba 4.13.10 July 14, 2021 @@ -61,8 +116,7 @@ database (https://bugzilla.samba.org/). == -Release notes for older releases follow: - +-- == -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-15-test updated
The branch, v4-15-test has been updated via a0a96f6ebab VERSION: Bump version up to Samba 4.15.0rc6... via cbfc80e7b7d VERSION: Disable GIT_SNAPSHOT for the 4.15.0rc5 release. via da5c0a93a63 WHATSNEW: Add release notes for Samba 4.15.0rc5. from defbbe7127f s4/samba: POPT_COMMON_DAEMON https://git.samba.org/?p=samba.git;a=shortlog;h=v4-15-test - Log - commit a0a96f6ebab0746ac2463bb82ca0d6f480521427 Author: Jule Anger Date: Tue Sep 7 10:31:03 2021 +0200 VERSION: Bump version up to Samba 4.15.0rc6... and re-enable GIT_SNAPSHOT. Signed-off-by: Jule Anger commit cbfc80e7b7d7cda4b7a0fcc8d39efad2474f2666 Author: Jule Anger Date: Tue Sep 7 10:30:26 2021 +0200 VERSION: Disable GIT_SNAPSHOT for the 4.15.0rc5 release. Signed-off-by: Jule Anger commit da5c0a93a63103ca6c5850fa22da299e4167754f Author: Jule Anger Date: Tue Sep 7 10:29:17 2021 +0200 WHATSNEW: Add release notes for Samba 4.15.0rc5. Signed-off-by: Jule Anger --- Summary of changes: VERSION | 2 +- WHATSNEW.txt | 27 ++- 2 files changed, 27 insertions(+), 2 deletions(-) Changeset truncated at 500 lines: diff --git a/VERSION b/VERSION index 17431e06943..c47655ceb3c 100644 --- a/VERSION +++ b/VERSION @@ -87,7 +87,7 @@ SAMBA_VERSION_PRE_RELEASE= # e.g. SAMBA_VERSION_RC_RELEASE=1 # # -> "3.0.0rc1" # -SAMBA_VERSION_RC_RELEASE=5 +SAMBA_VERSION_RC_RELEASE=6 # To mark SVN snapshots this should be set to 'yes'# diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 2c391cfe801..d2c25df89ff 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,7 +1,7 @@ Release Announcements = -This is the fourth release candidate of Samba 4.15. This is *not* +This is the fifth release candidate of Samba 4.15. This is *not* intended for production environments and is designed for testing purposes only. Please report any defects via the Samba bug reporting system at https://bugzilla.samba.org/. @@ -316,6 +316,31 @@ smb.conf changes winbind scan trusted domainsChanged No +CHANGES SINCE 4.15.0rc4 +=== + +o Jeremy Allison + * BUG 14809: Shares with variable substitutions cause core dump upon + connection from MacOS Big Sur 11.5.2. + * BUG 14816: Fix pathref open of a filesystem fifo in the DISABLE_OPATH + build. + +o Andrew Bartlett + * BUG 14815: A subset of tests from Samba's selftest system were not being + run, while others were run twice. + +o Ralph Boehme + * BUG 14771: Some VFS operations on pathref (O_PATH) handles fail on GPFS. + * BUG 14787: net conf list crashes when run as normal user, + * BUG 14803: smbd/winbindd started in daemon mode generate output on + stderr/stdout. + * BUG 14804: winbindd can crash because idmap child state is not fully + initialized. + +o Stefan Metzmacher + * BUG 14771: Some VFS operations on pathref (O_PATH) handles fail on GPFS. + + CHANGES SINCE 4.15.0rc3 === -- Samba Shared Repository
[SCM] Samba Website Repository - branch master updated
The branch, master has been updated via 87737b2 NEWS[4.13.11]: Samba 4.13.11 Available for Download from e45c559 NEWS[4.15.0rc4]: Samba 4.15.0rc4 Available for Download https://git.samba.org/?p=samba-web.git;a=shortlog;h=master - Log - commit 87737b2a162b87c0f112d6d8c5473225da7745a4 Author: Jule Anger Date: Tue Sep 7 09:09:38 2021 +0200 NEWS[4.13.11]: Samba 4.13.11 Available for Download Signed-off-by: Jule Anger --- Summary of changes: history/samba-4.13.11.html| 53 +++ posted_news/20210907-074442.4.13.11.body.html | 13 ++ posted_news/20210907-074442.4.13.11.headline.html | 3 ++ 3 files changed, 69 insertions(+) create mode 100644 history/samba-4.13.11.html create mode 100644 posted_news/20210907-074442.4.13.11.body.html create mode 100644 posted_news/20210907-074442.4.13.11.headline.html Changeset truncated at 500 lines: diff --git a/history/samba-4.13.11.html b/history/samba-4.13.11.html new file mode 100644 index 000..8b7fab1 --- /dev/null +++ b/history/samba-4.13.11.html @@ -0,0 +1,53 @@ +http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd;> +http://www.w3.org/1999/xhtml;> + +Samba 4.13.11 - Release Notes + + +Samba 4.13.11 Available for Download + +https://download.samba.org/pub/samba/stable/samba-4.13.11.tar.gz;>Samba 4.13.11 (gzipped) +https://download.samba.org/pub/samba/stable/samba-4.13.11.tar.asc;>Signature + + +https://download.samba.org/pub/samba/patches/samba-4.13.10-4.13.11.diffs.gz;>Patch (gzipped) against Samba 4.13.10 +https://download.samba.org/pub/samba/patches/samba-4.13.10-4.13.11.diffs.asc;>Signature + + + + === + Release Notes for Samba 4.13.11 + September 07, 2021 + === + + +This is the latest stable release of the Samba 4.13 release series. + + +Changes since 4.13.10 +- + +o Jeremy Allison j...@samba.org + * BUG 14769: smbd panic on force-close share during offload write. + +o Ralph Boehme s...@samba.org + * BUG 14731: Fix returned attributes on fake quota file handle and avoid + hitting the VFS. + * BUG 14783: smbd deadtime parameter doesnt work anymore. + * BUG 14787: net conf list crashes when run as normal user. + +o Stefan Metzmacher me...@samba.org + * BUG 14607: Work around special SMB2 READ response behavior of NetApp Ontap + 7.3.7. + * BUG 14793: Start the SMB encryption as soon as possible. + +o Andreas Schneider a...@samba.org + * BUG 14792: Winbind should not start if the socket path for the privileged + pipe is too long. + + + + + + diff --git a/posted_news/20210907-074442.4.13.11.body.html b/posted_news/20210907-074442.4.13.11.body.html new file mode 100644 index 000..3d4ac0d --- /dev/null +++ b/posted_news/20210907-074442.4.13.11.body.html @@ -0,0 +1,13 @@ + +07 September 2021 +Samba 4.13.11 Available for Download + +This is the latest stable release of the Samba 4.13 release series. + + +The uncompressed tarball has been signed using GnuPG (ID AA99442FB680B620). +The source code can be https://download.samba.org/pub/samba/stable/samba-4.13.11.tar.gz;>downloaded now. +A https://download.samba.org/pub/samba/patches/samba-4.13.10-4.13.11.diffs.gz;>patch against Samba 4.13.10 is also available. +See https://www.samba.org/samba/history/samba-4.13.11.html;>the release notes for more info. + + diff --git a/posted_news/20210907-074442.4.13.11.headline.html b/posted_news/20210907-074442.4.13.11.headline.html new file mode 100644 index 000..61b9f22 --- /dev/null +++ b/posted_news/20210907-074442.4.13.11.headline.html @@ -0,0 +1,3 @@ + + 07 September 2021 Samba 4.13.11 Available for Download + -- Samba Website Repository
[SCM] Samba Shared Repository - annotated tag samba-4.13.11 created
The annotated tag, samba-4.13.11 has been created at 6650393c8411728b1aa557e111faaf70832b869d (tag) tagging 2119f9f9f66b66ae07fb6dea84c74f5b8b735880 (commit) replaces samba-4.13.10 tagged by Jule Anger on Tue Sep 7 09:08:56 2021 +0200 - Log - samba: tag release samba-4.13.11 -BEGIN PGP SIGNATURE- iQIzBAABCgAdFiEEgfXigyvSVFoYl7cTqplEL7aAtiAFAmE3EAgACgkQqplEL7aA tiCHfQ/+Is1MvmSW01O20H3Z1kayzhLIHhBxgp8q7t1WbnQrwGNOgQXJyYs+gEJU XnJrMU51QCYo5fQY91hjBGC5sfWEDhqIqBRUWP9dPr3GZJaBxwE49iuEpfYKsmMH arwS2Drbcc9SmU+wDqfqeu99UtQqY2pg0n7AniXWItV/zkxaOSLreSY16dir3mrS +cMtyPRxHbCFhTD31D8jjnmxzz2Don3rX8upUnqw7QMAIDsCmd+XK0xWjxWiMlM9 TR56pl2BtQRx08vC/b9nnq7+0oRqCM8b7VqyEHFcG/UTNOegHB7l7fp0IZd3tQB/ WdwdN39WTgA5y0UQAv5UeTjwPrbUduQUE8DxP+qESYqHvyVLl+nh21VEcW6TkcG+ 86X9zuMAH5zQg0yvVmeyFjKGJpM4apmHq+EgxuwDNmKGdAEQEeIWP+HxSImWbyrx 1KFQLMXeUwswa1fopUQANUbrKKBAVcfNYYlfyaDQXHcKxJvjAwOot+51GskS/RqC Gz1RjJAEUu7QxfW5/cjYktveZdSP0foqW4XeZ0p9nZaCw7yx0whESE8IrHLrh/+Z Q3qeLhQlQ3Zn9fPhHnxe2ebeqARvmrvw/fqD8AIbPL+mkj9eXzzy5OvCh3/sA8To 6rHux7Qv4m7q8kJRhSLPAxs9IaGH9IfuwmEAcd20ZjKPqHIMyc8= =RgkY -END PGP SIGNATURE- Andreas Schneider (1): configure: Do not put arguments into double quotes Jeremy Allison (1): s3: smbd: For FSCTL calls that go async, add the outstanding tevent_reqs to the aio list on the file handle. Jule Anger (2): WHATSNEW: Add release notes for Samba 4.13.11. VERSION: Disable GIT_SNAPSHOT for the 4.13.11 release. Karolin Seeger (1): VERSION: Bump version up to Samba 4.13.11... Ralph Boehme (7): smbtorture: verify attributes on fake quota file handle smbd: handle fake file handles in dos_mode() smbd: return correct timestamps for quota fake file selftest: add a test for the "deadtime" parameter s3/rpc_server: track the number of policy handles with a talloc destructor s3/lib/dbwrap: check if global_messaging_context() succeeded registry: check for running as root in clustering mode Stefan Metzmacher (6): s4:torture/smb2: add smb2.read.bug14607 test s3:smbd: introduce a body_size variable in smbd_smb2_request_read_done s3:smbd: implement FSCTL_SMBTORTURE_GLOBAL_READ_RESPONSE_BODY_PADDING8 libcli/smb: make smb2cli_ioctl_parse_buffer() available as smb2cli_parse_dyn_buffer() libcli/smb: allow unexpected padding in SMB2 READ responses s3:libsmb: start encryption as soon as possible after the session setup --- -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-13-stable updated
The branch, v4-13-stable has been updated via 2119f9f9f66 VERSION: Disable GIT_SNAPSHOT for the 4.13.11 release. via 14acad25bd2 WHATSNEW: Add release notes for Samba 4.13.11. via 20ef0b16ed3 registry: check for running as root in clustering mode via 16fc7a12aca s3/lib/dbwrap: check if global_messaging_context() succeeded via 6be92d44bb7 s3/rpc_server: track the number of policy handles with a talloc destructor via f25f3118593 selftest: add a test for the "deadtime" parameter via 23ce76e94e8 s3:libsmb: start encryption as soon as possible after the session setup via 7c9aabe2dd0 s3: smbd: For FSCTL calls that go async, add the outstanding tevent_reqs to the aio list on the file handle. via aa64f02ca94 configure: Do not put arguments into double quotes via 97c6d6fee8a smbd: return correct timestamps for quota fake file via a3dea8a0d08 smbd: handle fake file handles in dos_mode() via 7ecf1650661 smbtorture: verify attributes on fake quota file handle via 5b58f663724 libcli/smb: allow unexpected padding in SMB2 READ responses via f47e9965c77 libcli/smb: make smb2cli_ioctl_parse_buffer() available as smb2cli_parse_dyn_buffer() via d4d9bc847c5 s3:smbd: implement FSCTL_SMBTORTURE_GLOBAL_READ_RESPONSE_BODY_PADDING8 via 5d98e2f2960 s3:smbd: introduce a body_size variable in smbd_smb2_request_read_done via e38295a091e s4:torture/smb2: add smb2.read.bug14607 test via 6fa28f4eb3a VERSION: Bump version up to Samba 4.13.11... from 85bb95881bb VERSION: Disable GIT_SNAPSHOT for the 4.13.10 release. https://git.samba.org/?p=samba.git;a=shortlog;h=v4-13-stable - Log - --- Summary of changes: VERSION | 2 +- WHATSNEW.txt | 58 ++- configure | 2 +- libcli/smb/smb2cli_ioctl.c| 123 -- libcli/smb/smb2cli_read.c | 22 +- libcli/smb/smbXcli_base.c | 91 +++ libcli/smb/smbXcli_base.h | 9 +++ libcli/smb/smb_constants.h| 2 + selftest/knownfail| 1 + source3/lib/dbwrap/dbwrap_open.c | 4 + source3/libsmb/clidfs.c | 44 --- source3/registry/reg_backend_db.c | 9 +++ source3/rpc_server/rpc_handles.c | 20 - source3/script/tests/test_deadtime.sh | 67 + source3/selftest/tests.py | 4 + source3/smbd/dosmode.c| 20 + source3/smbd/filename.c | 5 ++ source3/smbd/globals.h| 4 + source3/smbd/smb2_ioctl.c | 25 +++ source3/smbd/smb2_read.c | 14 +++- source4/torture/smb2/create.c | 63 source4/torture/smb2/read.c | 136 ++ 22 files changed, 596 insertions(+), 129 deletions(-) create mode 100755 source3/script/tests/test_deadtime.sh Changeset truncated at 500 lines: diff --git a/VERSION b/VERSION index d05f3595233..8ab61a550f0 100644 --- a/VERSION +++ b/VERSION @@ -25,7 +25,7 @@ SAMBA_VERSION_MAJOR=4 SAMBA_VERSION_MINOR=13 -SAMBA_VERSION_RELEASE=10 +SAMBA_VERSION_RELEASE=11 # If a official release has a serious bug # diff --git a/WHATSNEW.txt b/WHATSNEW.txt index c141d32b62e..4b33797845e 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,3 +1,58 @@ + === + Release Notes for Samba 4.13.11 + September 07, 2021 + === + + +This is the latest stable release of the Samba 4.13 release series. + + +Changes since 4.13.10 +- + +o Jeremy Allison + * BUG 14769: smbd panic on force-close share during offload write. + +o Ralph Boehme + * BUG 14731: Fix returned attributes on fake quota file handle and avoid + hitting the VFS. + * BUG 14783: smbd "deadtime" parameter doesn't work anymore. + * BUG 14787: net conf list crashes when run as normal user. + +o Stefan Metzmacher + * BUG 14607: Work around special SMB2 READ response behavior of NetApp Ontap + 7.3.7. + * BUG 14793: Start the SMB encryption as soon as possible. + +o Andreas Schneider + * BUG 14792: Winbind should not start if the socket path for the privileged + pipe is too long. + + +### +Reporting bugs & Development Discussion +### + +Please discuss this release on the samba-technical mailing list or by +joining the #samba-technical IRC channel on
[SCM] Samba Website Repository - branch master updated
The branch, master has been updated via cf7aa9d Add Samba 4.13.11. from 87737b2 NEWS[4.13.11]: Samba 4.13.11 Available for Download https://git.samba.org/?p=samba-web.git;a=shortlog;h=master - Log - commit cf7aa9d5f0352c805bf8a327b1a33c2adc7ea057 Author: Jule Anger Date: Tue Sep 7 09:48:29 2021 +0200 Add Samba 4.13.11. Signed-off-by: Jule Anger --- Summary of changes: history/header_history.html | 1 + 1 file changed, 1 insertion(+) Changeset truncated at 500 lines: diff --git a/history/header_history.html b/history/header_history.html index 7ec6a93..3af602b 100755 --- a/history/header_history.html +++ b/history/header_history.html @@ -17,6 +17,7 @@ samba-4.14.2 samba-4.14.1 samba-4.14.0 + samba-4.13.11 samba-4.13.10 samba-4.13.9 samba-4.13.8 -- Samba Website Repository
[SCM] Samba Shared Repository - branch v4-15-test updated
ame, as the name was only based on the time and a common prefix. As observed by Jeremy Allison. Thanks for the report! RN: Address flapping dsdb_schema_attributes test BUG: https://bugzilla.samba.org/show_bug.cgi?id=14819 Signed-off-by: Andrew Bartlett Reviewed-by: Jeremy Allison Autobuild-User(master): Jeremy Allison Autobuild-Date(master): Mon Sep 6 02:32:51 UTC 2021 on sn-devel-184 (cherry picked from commit 6590bb0b77c641f0d4686b39c713c1405ffb64f5) Autobuild-User(v4-15-test): Jule Anger Autobuild-Date(v4-15-test): Wed Sep 8 13:31:05 UTC 2021 on sn-devel-184 commit 1252f2c170cd273d944f70b27584518b3bc8218d Author: Andrew Bartlett Date: Wed Aug 25 12:03:08 2021 +1200 s4-lsa: Cache sam.ldb handle in lsa_LookupSids3/LookupNames4 Since 5c0345ea9bb34695dcd7be6c913748323bebe937 this would not have been implicitly cached via the ldb_wrap cache, due to the recording of the remote IP address (which is a good thing). This creates a more explicit and direct correct cache on the connection. The common code, including the SCHANNEL check is placed into a helper function. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14807 RN: Fix performance regression in lsa_LookupSids3/LookupNames4 since Samba 4.9 by using an explicit database handle cache Signed-off-by: Andrew Bartlett Reviewed-by: Jeremy Allison Autobuild-User(master): Jeremy Allison Autobuild-Date(master): Sun Sep 5 03:19:26 UTC 2021 on sn-devel-184 (cherry picked from commit ae57d22e45b33537e9fca5969e9b68abd1ad633f) commit bb825a909e91c1ba138490691258702744c60f6f Author: Andrew Bartlett Date: Wed Aug 25 09:54:04 2021 + selftest: Add a test for LookupSids3 and LookupNames4 in python BUG: https://bugzilla.samba.org/show_bug.cgi?id=14807 Signed-off-by: Andrew Bartlett Reviewed-by: Jeremy Allison (cherry picked from commit b40761b42e889369599c5eb355028ba377c43b49) commit 86d3397f852e4e6e5fa5096d91c4263e26742d0f Author: Andrew Bartlett Date: Wed Aug 25 09:41:11 2021 +1200 dsdb: Be careful to avoid use of the expensive talloc_is_parent() The wrong talloc API was selected while addressing a memory leak. commit ee2fe56ba0ef6626b634376e8dc2185aa89f8c99 Author: Aaron Haslett Date: Tue Nov 27 11:07:44 2018 +1300 drepl: memory leak fix Fixes a memory leak where schema reference attached to ldb instance is lost before it can be freed. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14042 Signed-off-by: Aaron Haslett Reviewed-by: Andrew Bartlett Reviewed-by: Garming Sam Autobuild-User(master): Garming Sam Autobuild-Date(master): Wed Jul 17 06:17:10 UTC 2019 on sn-devel-184 By using talloc_get_parent() walking the entire talloc tree is avoided. RN: Address a signifcant performance regression in database access in the AD DC since Samba 4.12 BUG: https://bugzilla.samba.org/show_bug.cgi?id=14806 Signed-off-by: Andrew Bartlett Reviewed-by: Jeremy Allison (cherry picked from commit 8affe4a1e625104de4ca024fdc3e9cd96498aff3) commit d18232cdcfc48ed7b03e831bb28ff57140fe5f9a Author: Andrew Bartlett Date: Sat Sep 4 13:11:08 2021 +1200 selftest: Only run samba_tool_drs_showrepl test once This test is not slow, but there is no value running it twice. Running this test twice just increases the chances we might loose a race as it shows and validates live replication data. Signed-off-by: Andrew Bartlett Reviewed-by: Jeremy Allison (cherry picked from commit 75a5ed66731e947fa16af81aab7649d1fddec45f) commit 8c246869e142a8115a6428285d582f0e123a38ff Author: Andrew Bartlett Date: Sat Sep 4 12:28:20 2021 +1200 selftest: Split up targets for samba_tool_drs from samba_tool_drs_showrepl These now run in the disconnected sets schema_dc/schema_pair_dc and ad_dc/vampire_dc/promoted_dc. By aiming at different sets ofservers we can't cause cross-contamination in terms of which servers are listed as outbound connections. Also, by running the tests only once we reduce the chaces of trouble by half. RN: Address flapping samba_tool_drs_showrepl test BUG: https://bugzilla.samba.org/show_bug.cgi?id=14818 Signed-off-by: Andrew Bartlett Reviewed-by: Jeremy Allison (cherry picked from commit e8b4599e0935290c5e59df9fd4f695ad8d6f361c) commit 5cec6963b697b14177f06fd09c95741810d9d25f Author: Andrew Bartlett Date: Wed Sep 8 19:24:29 2021 +1200 WHATSNEW: Update with samba-tool domain backup offline fix Signed-off-by: Andrew Bartlett commit 0cc8a4708f08f36719ea98026b083e481c315fb6 Author: Andrew Bartlett Date: Wed Sep 8 19:20:55 2021 +1200 WHATS
[SCM] Samba Shared Repository - branch v4-15-test updated
The branch, v4-15-test has been updated via 4c85e56501b Bump version up to Samba 4.15.1... via fc8342bd26d VERSION: Disable GIT_SNAPSHOT for the 4.15.0 release. via e671beb5276 WHATSNEW: Add release notes for Samba 4.15.0. from bb9e236768f VERSION: Bump version up to Samba 4.15.0rc8... https://git.samba.org/?p=samba.git;a=shortlog;h=v4-15-test - Log - commit 4c85e56501bae9014e70fb2fb9765804540ea96f Author: Jule Anger Date: Mon Sep 20 09:37:06 2021 +0200 Bump version up to Samba 4.15.1... and re-enable GIT_SNAPSHOT. Signed-off-by: Jule Anger commit fc8342bd26d1c55ca5780b427f675f31147b27f9 Author: Jule Anger Date: Mon Sep 20 09:32:11 2021 +0200 VERSION: Disable GIT_SNAPSHOT for the 4.15.0 release. Signed-off-by: Jule Anger commit e671beb5276d18cb38e2021ea057cf8113eca070 Author: Jule Anger Date: Mon Sep 20 09:31:42 2021 +0200 WHATSNEW: Add release notes for Samba 4.15.0. Signed-off-by: Jule Anger --- Summary of changes: VERSION | 4 ++-- WHATSNEW.txt | 22 +- 2 files changed, 11 insertions(+), 15 deletions(-) Changeset truncated at 500 lines: diff --git a/VERSION b/VERSION index 91c60b2b518..83e51b1136b 100644 --- a/VERSION +++ b/VERSION @@ -25,7 +25,7 @@ SAMBA_VERSION_MAJOR=4 SAMBA_VERSION_MINOR=15 -SAMBA_VERSION_RELEASE=0 +SAMBA_VERSION_RELEASE=1 # If a official release has a serious bug # @@ -87,7 +87,7 @@ SAMBA_VERSION_PRE_RELEASE= # e.g. SAMBA_VERSION_RC_RELEASE=1 # # -> "3.0.0rc1" # -SAMBA_VERSION_RC_RELEASE=8 +SAMBA_VERSION_RC_RELEASE= # To mark SVN snapshots this should be set to 'yes'# diff --git a/WHATSNEW.txt b/WHATSNEW.txt index bf63cf2b908..18cc15dcff5 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,19 +1,15 @@ -Release Announcements -= + == + Release Notes for Samba 4.15.0 + September 20, 2021 + == -This is the seventh release candidate of Samba 4.15. This is *not* -intended for production environments and is designed for testing -purposes only. Please report any defects via the Samba bug reporting -system at https://bugzilla.samba.org/. -Samba 4.15 will be the next version of the Samba suite. +This is the first stable release of the Samba 4.15 release series. +Please read the release notes carefully before upgrading. -UPGRADING -= - Removed SMB (development) dialects --- +== The following SMB (development) dialects are no longer supported: SMB2_22, SMB2_24 and SMB3_10. They are were @@ -32,7 +28,7 @@ explicitly to a specific dialect, just leave them unspecified or specify the value "default". New GPG key +=== The GPG release key for Samba releases changed from: @@ -53,7 +49,7 @@ Starting from Jan 21th 2021, all Samba releases will be signed with the new key. See also GPG_AA99442FB680B620_replaces_6F33915B6568B7EA.txt New minimum version for the experimental MIT KDC - + The build of the AD DC using the system MIT Kerberos, an experimental feature, now requires MIT Kerberos 1.19. An up-to-date -- Samba Shared Repository
[SCM] Samba Shared Repository - annotated tag samba-4.15.0 created
The annotated tag, samba-4.15.0 has been created at 74b591b70639edf85f6d6382f3b9a6bfc616791f (tag) tagging fc8342bd26d1c55ca5780b427f675f31147b27f9 (commit) replaces samba-4.15.0rc7 tagged by Jule Anger on Mon Sep 20 09:44:31 2021 +0200 - Log - samba: tag release samba-4.15.0 -BEGIN PGP SIGNATURE- iQIzBAABCgAdFiEEgfXigyvSVFoYl7cTqplEL7aAtiAFAmFIO98ACgkQqplEL7aA tiBt9xAAg20eMlEztQH57ZQpoGxsT/I1ru9pRJopk6FzUf77N6+K1rIadU2MZClq WP3bmvVEPVV88snv7HohiCNX4d9J8ORixa0tG0PX0k4SrpL2PXzM91eM9oz1mD6s iN5ykprJl2PPkGbf4ctfbQikffWlFGD+JBTsXeIs3n3tWRXwrt2ujIuUTYRxYuaL 0wwE6zuCoryfmvhBeVx8VpIOUndXjuNaAelSUo+t61tEpRzzK002hxsWTYb0j46r QmFof1Yeh7hpjs7J9g7snFJaMdI0P+9bh9LRzAQdXAT9V5juzGQN165wyvIv+OBN g3VxMg64X4D5dIFDx8k3aSYkV6OrPn+5cfEhBU1O21Mo4o5VAxVdknwvnM6AiHZN k3bbt2SM/gVmFziBOKCuQy7iD9eoM/FFAgQOWmCk61/uwgCZlDH9OjVTIQ6rqEOI yPArc/I6CPh/doTFGB7JWI+ErorWv0bOCx5LVwfzJ/9zbHNe4C4N8nmHmNdyECI+ h6O3gzRocPD2XFBYmpLVS8rG90b+F4b9L0eY4LajBvux7WY88nXldiU7XfvrJejn xTwsNBO5x0QFd1MIh/ozhJDiyEon8RBM5BOrNh74RqBtZgKSgXpNgHTMWWvVnK63 C57P0NYe/ugwjcY6bRbbewq+O8VXbNgA3NSBDf+YNtBBd+5AEd0= =50Ib -END PGP SIGNATURE- Jule Anger (3): VERSION: Bump version up to Samba 4.15.0rc8... WHATSNEW: Add release notes for Samba 4.15.0. VERSION: Disable GIT_SNAPSHOT for the 4.15.0 release. --- -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-15-stable updated
The branch, v4-15-stable has been updated via fc8342bd26d VERSION: Disable GIT_SNAPSHOT for the 4.15.0 release. via e671beb5276 WHATSNEW: Add release notes for Samba 4.15.0. via bb9e236768f VERSION: Bump version up to Samba 4.15.0rc8... from 9f5b76a42d7 VERSION: Disable GIT_SNAPSHOT for the 4.15.0rc7 release. https://git.samba.org/?p=samba.git;a=shortlog;h=v4-15-stable - Log - --- Summary of changes: VERSION | 2 +- WHATSNEW.txt | 22 +- 2 files changed, 10 insertions(+), 14 deletions(-) Changeset truncated at 500 lines: diff --git a/VERSION b/VERSION index f57bed5d2a2..0e58d4b399b 100644 --- a/VERSION +++ b/VERSION @@ -87,7 +87,7 @@ SAMBA_VERSION_PRE_RELEASE= # e.g. SAMBA_VERSION_RC_RELEASE=1 # # -> "3.0.0rc1" # -SAMBA_VERSION_RC_RELEASE=7 +SAMBA_VERSION_RC_RELEASE= # To mark SVN snapshots this should be set to 'yes'# diff --git a/WHATSNEW.txt b/WHATSNEW.txt index bf63cf2b908..18cc15dcff5 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,19 +1,15 @@ -Release Announcements -= + == + Release Notes for Samba 4.15.0 + September 20, 2021 + == -This is the seventh release candidate of Samba 4.15. This is *not* -intended for production environments and is designed for testing -purposes only. Please report any defects via the Samba bug reporting -system at https://bugzilla.samba.org/. -Samba 4.15 will be the next version of the Samba suite. +This is the first stable release of the Samba 4.15 release series. +Please read the release notes carefully before upgrading. -UPGRADING -= - Removed SMB (development) dialects --- +== The following SMB (development) dialects are no longer supported: SMB2_22, SMB2_24 and SMB3_10. They are were @@ -32,7 +28,7 @@ explicitly to a specific dialect, just leave them unspecified or specify the value "default". New GPG key +=== The GPG release key for Samba releases changed from: @@ -53,7 +49,7 @@ Starting from Jan 21th 2021, all Samba releases will be signed with the new key. See also GPG_AA99442FB680B620_replaces_6F33915B6568B7EA.txt New minimum version for the experimental MIT KDC - + The build of the AD DC using the system MIT Kerberos, an experimental feature, now requires MIT Kerberos 1.19. An up-to-date -- Samba Shared Repository
[SCM] Samba Website Repository - branch master updated
The branch, master has been updated via f04f713 Add Samba 4.15.0 via fc08fc1 NEWS[4.15.0]: Samba 4.15.0 Available for Download from 6d4ce66 team: Add employer for Martin https://git.samba.org/?p=samba-web.git;a=shortlog;h=master - Log - commit f04f71331b726e745556951a0f04038423235997 Author: Jule Anger Date: Mon Sep 20 09:49:26 2021 +0200 Add Samba 4.15.0 Signed-off-by: Jule Anger commit fc08fc19474183c6d96d3383204f1334e94e6430 Author: Jule Anger Date: Mon Sep 20 09:45:02 2021 +0200 NEWS[4.15.0]: Samba 4.15.0 Available for Download Signed-off-by: Jule Anger --- Summary of changes: history/header_history.html | 1 + history/samba-4.15.0.html| 509 +++ posted_news/20210920-074634.4.15.0.body.html | 12 + posted_news/20210920-074634.4.15.0.headline.html | 3 + 4 files changed, 525 insertions(+) create mode 100644 history/samba-4.15.0.html create mode 100644 posted_news/20210920-074634.4.15.0.body.html create mode 100644 posted_news/20210920-074634.4.15.0.headline.html Changeset truncated at 500 lines: diff --git a/history/header_history.html b/history/header_history.html index 3af602b..0f7c705 100755 --- a/history/header_history.html +++ b/history/header_history.html @@ -9,6 +9,7 @@ Release Notes + samba-4.15.0 samba-4.14.7 samba-4.14.6 samba-4.14.5 diff --git a/history/samba-4.15.0.html b/history/samba-4.15.0.html new file mode 100644 index 000..04d4513 --- /dev/null +++ b/history/samba-4.15.0.html @@ -0,0 +1,509 @@ +http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd;> +http://www.w3.org/1999/xhtml;> + +Samba 4.15.0 - Release Notes + + +Samba 4.15.0 Available for Download + +https://download.samba.org/pub/samba/stable/samba-4.15.0.tar.gz;>Samba 4.15.0 (gzipped) +https://download.samba.org/pub/samba/stable/samba-4.15.0.tar.asc;>Signature + + + + == + Release Notes for Samba 4.15.0 + September 20, 2021 + == + + +This is the first stable release of the Samba 4.15 release series. +Please read the release notes carefully before upgrading. + + +Removed SMB (development) dialects +== + +The following SMB (development) dialects are no longer +supported: SMB2_22, SMB2_24 and SMB3_10. They are were +only supported by Windows technical preview builds. +They used to be useful in order to test against the +latest Windows versions, but its no longer useful +to have them. If you have them explicitly specified +in your smb.conf or an the command line, +you need to replace them like this: +- SMB2_22 = SMB3_00 +- SMB2_24 = SMB3_00 +- SMB3_10 = SMB3_11 +Note that its typically not useful to specify +client max protocol or server max protocol +explicitly to a specific dialect, just leave +them unspecified or specify the value default. + +New GPG key +=== + +The GPG release key for Samba releases changed from: + +pub dsa1024/6F33915B6568B7EA 2007-02-04 [SC] [expires: 2021-02-05] + Key fingerprint = 52FB C0B8 6D95 4B08 4332 4CDC 6F33 915B 6568 B7EA +uid [ full ] Samba Distribution Verification Key samba-b...@samba.org +sub elg2048/9C6ED163DA6DFB44 2007-02-04 [E] [expires: 2021-02-05] + +to the following new key: + +pub rsa4096/AA99442FB680B620 2020-12-21 [SC] [expires: 2022-12-21] + Key fingerprint = 81F5 E283 2BD2 545A 1897 B713 AA99 442F B680 B620 +uid [ultimate] Samba Distribution Verification Key samba-b...@samba.org +sub rsa4096/97EF9386FBFD4002 2020-12-21 [E] [expires: 2022-12-21] + +Starting from Jan 21th 2021, all Samba releases will be signed with the new key. + +See also GPG_AA99442FB680B620_replaces_6F33915B6568B7EA.txt + +New minimum version for the experimental MIT KDC + + +The build of the AD DC using the system MIT Kerberos, an +experimental feature, now requires MIT Kerberos 1.19. An up-to-date +Fedora 34 has this version and has backported fixes for the KDC crash +bugs CVE-2021-37750 and CVE-2021-36222 + + +NEW FEATURES/CHANGES + + +VFS +--- + +The effort to modernize Sambas VFS interface is complete and Samba 4.15.0 ships +with a modernized VFS designed for the post SMB1 world. + +For details please refer to the documentation at source3/modules/The_New_VFS.txt +or visit the https://wiki.samba.org/index.php/The_New_VFS;. + + +Bind DLZ: add the ability to set allow/deny lists for zone transfer clients +-
[SCM] Samba Shared Repository - annotated tag samba-4.15.0rc5 created
The annotated tag, samba-4.15.0rc5 has been created at dee382c45cc250213287c943d709a75c985401ee (tag) tagging cbfc80e7b7d7cda4b7a0fcc8d39efad2474f2666 (commit) replaces samba-4.15.0rc4 tagged by Jule Anger on Tue Sep 7 10:36:42 2021 +0200 - Log - samba: tag release samba-4.15.0rc5 -BEGIN PGP SIGNATURE- iQIzBAABCgAdFiEEgfXigyvSVFoYl7cTqplEL7aAtiAFAmE3JJoACgkQqplEL7aA tiDH5A/+PYkzFHAiEgbDwxk/M4WXZS+Vh/8oTDjgFVAhkwjF7YZP7HnONhC2v6KZ 53o7MLg2Vo1Y6Cyvb3PixNIp5PvNPYnBbF9OWKmY4c8Qr4+ZaYZOkDGWQv07akuX hCLCmyqw950dsrbuTu9F53N55XEffkNSK8M5KWNtSedRtV7v2HAE4qH/VaJO/IP8 XMoJJ80poEOdWOyHt2cysnj5iXpVpIf8Jo4BaZQwZ0+KkumogmJgMVymK1EH0iT4 8k/2oSb8PYTKe5L37XJJUcncUuquPdSSx//b2dXY0OPQq+A3x+wdwHeuWHJRl0zR 8ZGPkUoNjSOnHxdEjYKXZOk0xplrBb+q+2M6SpZ8AUd/e4ddcfd1ldc6qfH0vWJi xvZ9fr2p4uIWTIKkRyCJYCbPjeaXo9kOvjLHabf699wrOwEg89LeZo4yLhk660pY b4UFZ2DvrMyOdOOy3NztgBR0rV7WXESCIE3+mHa/xBm9aas25FAArTfsnH7DGTt5 Z7T0/PcH/WUN9SxI2XhKb/oOzcrSm3HsQB6UsiUG+fuCN0QsJ9HZmKzPi0Kle1bC AhAyDnyWg++UXrmiHPSzoTmrGrbKtANLphF20PaPvnJk7UIBSzEDoUF4B/QIcQ0/ wxctKU2CZh30qEzEU0u/IOIXyJ/43UJ4J3ywh0fWB0eK60YlrVg= =ZLoo -END PGP SIGNATURE- Andreas Schneider (1): s3:winbind: Do not start if the priviliged socket path is too long Andrew Bartlett (1): script/autobuild.py: Restore MIT ADDC tests against fl2008* Jeremy Allison (4): s3: mdssvc: Correctly disconnect the VFS connection inside the mds_ctx destructor. s3: smbd: In create_conn_struct_cwd(), don't TALLOC_FREE() an unallocated pointer on error. s3: smbd: Add fifo test for the DISABLE_OPATH case. s3: smbd: Fix openat_pathref_fsp() to cope with FIFO's in the filesystem. Jule Anger (2): WHATSNEW: Add release notes for Samba 4.15.0rc5. VERSION: Disable GIT_SNAPSHOT for the 4.15.0rc5 release. Karolin Seeger (1): VERSION: Bump version up to 4.15.0rc5... Ralph Boehme (24): smbd: avoid calling creating a pathref in smb_set_file_dosmode() vfs_gpfs: call SMB_VFS_NEXT_CONNECT() before running some module initialization code vfs_gpfs: make vfs_gpfs_connect() a no-op on IPC shares vfs_gpfs: check for O_PATH support in gpfswrap_fstat_x() vfs_gpfs: add path based fallback for gpfswrap_fstat_x() on pathref handles vfs_gpfs: remove ENOSYS fallback from vfs_gpfs_fset_dos_attributes() vfs_gpfs: add sys_proc_fd_path() fallback to vfs_gpfs_fset_dos_attributes() vfs_gpfs: deal with pathref fsps in vfs_gpfs_fntimes() vfs_gpfs: pass fsp to smbd_gpfs_set_times() vfs_gpfs: remove ENOSYS fallback from vfs_gpfs_fntimes() lib/gpfswrap: add gpfs_set_times_path() wrapper vfs_gpfs: deal with pathrefs fsps in smbd_gpfs_set_times() s3/lib/dbwrap: check if global_messaging_context() succeeded registry: check for running as root in clustering mode winbindd: call wb_parent_idmap_setup_send() in wb_queryuser_send() winbind: ensure wb_parent_idmap_setup_send() gets called in winbindd_allocate_uid_send() WHATSNEW: fix a typo WHATSNEW: servers are now also logging to stderr at startup lib/cmdline: add POPT_COMMON_DAEMON daemon popt options lib/cmdline: restore pre-4.15 logging behaviour for daemons smbd: use POPT_COMMON_DAEMON nmbd: use POPT_COMMON_DAEMON winbindd: use POPT_COMMON_DAEMON s4/samba: POPT_COMMON_DAEMON Stefan Metzmacher (1): vfs_gpfs: don't check for struct gpfs_config_data in vfs_gpfs_[l]stat() --- -- Samba Shared Repository
[SCM] Samba Website Repository - branch master updated
The branch, master has been updated via 2cc1a93 NEWS[4.15.0rc5]: Samba 4.15.0rc5 Available for Download from cf7aa9d Add Samba 4.13.11. https://git.samba.org/?p=samba-web.git;a=shortlog;h=master - Log - commit 2cc1a9369f16914c3a5273a62bf65edb88687d66 Author: Jule Anger Date: Tue Sep 7 10:36:59 2021 +0200 NEWS[4.15.0rc5]: Samba 4.15.0rc5 Available for Download Signed-off-by: Jule Anger --- Summary of changes: posted_news/20210907-083836.4.15.0rc5.body.html | 12 posted_news/20210907-083836.4.15.0rc5.headline.html | 3 +++ 2 files changed, 15 insertions(+) create mode 100644 posted_news/20210907-083836.4.15.0rc5.body.html create mode 100644 posted_news/20210907-083836.4.15.0rc5.headline.html Changeset truncated at 500 lines: diff --git a/posted_news/20210907-083836.4.15.0rc5.body.html b/posted_news/20210907-083836.4.15.0rc5.body.html new file mode 100644 index 000..ab0062a --- /dev/null +++ b/posted_news/20210907-083836.4.15.0rc5.body.html @@ -0,0 +1,12 @@ + +07 September 2021 +Samba 4.15.0rc5 Available for Download + +This is the fifth release candidate of the upcoming Samba 4.15 release series. + + +The uncompressed tarball has been signed using GnuPG (ID AA99442FB680B620). +The source code can be https://download.samba.org/pub/samba/rc/samba-4.15.0rc5.tar.gz;>downloaded now. +See https://download.samba.org/pub/samba/rc/samba-4.15.0rc5.WHATSNEW.txt;>the release notes for more info. + + diff --git a/posted_news/20210907-083836.4.15.0rc5.headline.html b/posted_news/20210907-083836.4.15.0rc5.headline.html new file mode 100644 index 000..89e5ba2 --- /dev/null +++ b/posted_news/20210907-083836.4.15.0rc5.headline.html @@ -0,0 +1,3 @@ + + 07 September 2021 Samba 4.15.0rc5 Available for Download + -- Samba Website Repository
[SCM] Samba Shared Repository - branch v4-15-stable updated
The branch, v4-15-stable has been updated via cbfc80e7b7d VERSION: Disable GIT_SNAPSHOT for the 4.15.0rc5 release. via da5c0a93a63 WHATSNEW: Add release notes for Samba 4.15.0rc5. via defbbe7127f s4/samba: POPT_COMMON_DAEMON via c65fb0b0a0e winbindd: use POPT_COMMON_DAEMON via 3eef217a9da nmbd: use POPT_COMMON_DAEMON via e1be4413c99 smbd: use POPT_COMMON_DAEMON via 476ed842726 lib/cmdline: restore pre-4.15 logging behaviour for daemons via 29c895c6d8a lib/cmdline: add POPT_COMMON_DAEMON daemon popt options via 4889512c705 s3: smbd: Fix openat_pathref_fsp() to cope with FIFO's in the filesystem. via 5ec6be2ae36 s3: smbd: Add fifo test for the DISABLE_OPATH case. via b5b0471caf3 s3:winbind: Do not start if the priviliged socket path is too long via 915784c099c WHATSNEW: servers are now also logging to stderr at startup via 6bae027bf57 WHATSNEW: fix a typo via 51d64ce925b script/autobuild.py: Restore MIT ADDC tests against fl2008* via 57b266e23c4 s3: smbd: In create_conn_struct_cwd(), don't TALLOC_FREE() an unallocated pointer on error. via 2ed234deee3 s3: mdssvc: Correctly disconnect the VFS connection inside the mds_ctx destructor. via cf4845f9b35 winbind: ensure wb_parent_idmap_setup_send() gets called in winbindd_allocate_uid_send() via 591bd2f3405 winbindd: call wb_parent_idmap_setup_send() in wb_queryuser_send() via 16306431a24 registry: check for running as root in clustering mode via 189bb79ac74 s3/lib/dbwrap: check if global_messaging_context() succeeded via 19485894d4b vfs_gpfs: deal with pathrefs fsps in smbd_gpfs_set_times() via a0fe4423b8e lib/gpfswrap: add gpfs_set_times_path() wrapper via 85e5508c4d9 vfs_gpfs: remove ENOSYS fallback from vfs_gpfs_fntimes() via f626ffdf6d5 vfs_gpfs: pass fsp to smbd_gpfs_set_times() via 3fe4d78f021 vfs_gpfs: deal with pathref fsps in vfs_gpfs_fntimes() via 45a63783526 vfs_gpfs: add sys_proc_fd_path() fallback to vfs_gpfs_fset_dos_attributes() via e07c7110e55 vfs_gpfs: remove ENOSYS fallback from vfs_gpfs_fset_dos_attributes() via ee741bcc44c vfs_gpfs: add path based fallback for gpfswrap_fstat_x() on pathref handles via 896a92e0382 vfs_gpfs: check for O_PATH support in gpfswrap_fstat_x() via 3db79fdfd61 vfs_gpfs: make vfs_gpfs_connect() a no-op on IPC shares via 81fa1a65849 vfs_gpfs: don't check for struct gpfs_config_data in vfs_gpfs_[l]stat() via f171810b970 vfs_gpfs: call SMB_VFS_NEXT_CONNECT() before running some module initialization code via 5b80738ec02 smbd: avoid calling creating a pathref in smb_set_file_dosmode() via 8cc118dacc9 VERSION: Bump version up to 4.15.0rc5... from 8a2c51f268b VERSION: Disable GIT_SNAPSHOT for the 4.15.0rc4 release. https://git.samba.org/?p=samba.git;a=shortlog;h=v4-15-stable - Log - --- Summary of changes: VERSION | 2 +- WHATSNEW.txt | 34 +++- lib/cmdline/cmdline.c| 80 + lib/cmdline/cmdline.h| 29 lib/cmdline/cmdline_private.h| 4 + lib/cmdline/cmdline_s3.c | 11 +- lib/util/gpfswrap.c | 14 ++ lib/util/gpfswrap.h | 1 + script/autobuild.py | 4 +- source3/lib/dbwrap/dbwrap_open.c | 4 + source3/modules/vfs_gpfs.c | 268 ++- source3/nmbd/nmbd.c | 103 +++- source3/registry/reg_backend_db.c| 9 ++ source3/rpc_server/mdssvc/mdssvc.c | 5 + source3/script/tests/test_fifo.sh| 83 ++ source3/selftest/tests.py| 3 + source3/smbd/files.c | 4 + source3/smbd/msdfs.c | 7 +- source3/smbd/server.c| 112 - source3/smbd/trans2.c| 67 source3/winbindd/wb_queryuser.c | 30 +++- source3/winbindd/winbindd.c | 116 ++--- source3/winbindd/winbindd_allocate_uid.c | 44 - source4/samba/server.c | 88 +++--- 24 files changed, 728 insertions(+), 394 deletions(-) create mode 100755 source3/script/tests/test_fifo.sh Changeset truncated at 500 lines: diff --git a/VERSION b/VERSION index b185563e6ae..9dc372ed3ca 100644 --- a/VERSION +++ b/VERSION @@ -87,7 +87,7 @@ SAMBA_VERSION_PRE_RELEASE= # e.g. SAMBA_VERSION_RC_RELEASE=1 # # -> "3.0.0rc1" # -SAMBA_VERSION_RC_RELEASE=4
[SCM] Samba Shared Repository - branch v4-14-test updated
The branch, v4-14-test has been updated via b5cbbf0542c s3: smbd: Fix openat_pathref_fsp() to cope with FIFO's in the filesystem. via 1bb8ed2b619 s3: smbd: Add fifo test for the DISABLE_OPATH case. via 97dc8c0dccc s3: smbd: In create_conn_struct_cwd(), don't TALLOC_FREE() an unallocated pointer on error. via b00fed3b698 s3: mdssvc: Correctly disconnect the VFS connection inside the mds_ctx destructor. via 446f89510f2 winbind: ensure wb_parent_idmap_setup_send() gets called in winbindd_allocate_uid_send() via 7d1dd87a653 winbindd: call wb_parent_idmap_setup_send() in wb_queryuser_send() via 274236ff3db vfs_gpfs: add sys_proc_fd_path() fallback to vfs_gpfs_fset_dos_attributes() via 08f18b66716 vfs_gpfs: remove ENOSYS fallback from vfs_gpfs_fset_dos_attributes() via 4312b6c17da vfs_gpfs: add path based fallback for gpfswrap_fstat_x() on pathref handles via d98e8e0e3f8 vfs_gpfs: check for O_PATH support in gpfswrap_fstat_x() via 4a17f42d00b vfs_gpfs: make vfs_gpfs_connect() a no-op on IPC shares via 994c64d3098 vfs_gpfs: don't check for struct gpfs_config_data in vfs_gpfs_[l]stat() via a4a57724b92 vfs_gpfs: call SMB_VFS_NEXT_CONNECT() before running some module initialization code via 34c20fe3a16 registry: check for running as root in clustering mode via 0e85755f383 s3/lib/dbwrap: check if global_messaging_context() succeeded from a7d66e00fa8 s3: smbd: Fix smbd crash on dangling symlink with posix connection calling several non-posix info levels. https://git.samba.org/?p=samba.git;a=shortlog;h=v4-14-test - Log - commit b5cbbf0542c5f176b8dd07c326430d37e06b3412 Author: Jeremy Allison Date: Thu Sep 2 14:40:53 2021 -0700 s3: smbd: Fix openat_pathref_fsp() to cope with FIFO's in the filesystem. Remove skip test for the DISABLE_OPATH case. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14816 RN: Fix pathref open of a filesystem fifo in the DISABLE_OPATH build Signed-off-by: Jeremy Allison Reviewed-by: Ralph Boehme Autobuild-User(master): Ralph Böhme Autobuild-Date(master): Mon Sep 6 09:51:54 UTC 2021 on sn-devel-184 (cherry picked from commit 2f2c53c4f8f59a497bc33a24e5e0fc15ea076876) Autobuild-User(v4-14-test): Jule Anger Autobuild-Date(v4-14-test): Tue Sep 7 10:48:16 UTC 2021 on sn-devel-184 commit 1bb8ed2b6192bfe6343037fafd0d1bf940db9302 Author: Jeremy Allison Date: Thu Sep 2 15:32:27 2021 -0700 s3: smbd: Add fifo test for the DISABLE_OPATH case. Currently we hang when trying to list a directory containing a fifo when configured with DISABLE_OPATH. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14816 Signed-off-by: Jeremy Allison Reviewed-by: Ralph Boehme (cherry picked from commit a54d9ffc87ebe602a0e7c48e35643ed2ff1a00bc) commit 97dc8c0dcccbcecd3a8f8f3872b47d3a3c6e8036 Author: Jeremy Allison Date: Mon Aug 23 17:42:40 2021 -0700 s3: smbd: In create_conn_struct_cwd(), don't TALLOC_FREE() an unallocated pointer on error. Just return the status - if create_conn_struct_as_root() fails the connection struct never gets returned. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14809 Signed-off-by: Jeremy Allison Reviewed-by: Ralph Boehme Autobuild-User(master): Ralph Böhme Autobuild-Date(master): Wed Aug 25 17:09:23 UTC 2021 on sn-devel-184 (cherry picked from commit 857045f3a236dea125200dd09279d677e513682b) commit b00fed3b698cc78a377d71e0574c878e262c4808 Author: Jeremy Allison Date: Mon Aug 23 17:40:42 2021 -0700 s3: mdssvc: Correctly disconnect the VFS connection inside the mds_ctx destructor. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14809 Signed-off-by: Jeremy Allison Reviewed-by: Ralph Boehme (cherry picked from commit b4d8c62c4e8191e05fd03dd096a0bc989e224ed3) commit 446f89510f2e55a551e2975a6cbf01c6a023ba0c Author: Ralph Boehme Date: Fri Aug 20 15:04:49 2021 +0200 winbind: ensure wb_parent_idmap_setup_send() gets called in winbindd_allocate_uid_send() BUG: https://bugzilla.samba.org/show_bug.cgi?id=14804 RN: winbindd can crash because idmap child state is not fully initialized Signed-off-by: Ralph Boehme Reviewed-by: Volker Lendecke Autobuild-User(master): Volker Lendecke Autobuild-Date(master): Thu Sep 2 15:20:06 UTC 2021 on sn-devel-184 (cherry picked from commit d0f6d54354b02f5591706814fbd1e4844788fdfa) commit 7d1dd87a6538f8c7f1e4938b0ff52cbd231fff90 Author: Ralph Boehme Date: Tue Aug 31 17:04:56 2021 +0200 winbindd: call wb_parent_idmap_setup_send() in wb_queryuser_send() BUG: https://bugzilla.samba.org/show_bug.cgi?id=14804 Signed-off-by: Ralph Boehme Reviewed-by: Volker
[SCM] Samba Shared Repository - branch v4-13-test updated
The branch, v4-13-test has been updated via aa64f02ca94 configure: Do not put arguments into double quotes from 97c6d6fee8a smbd: return correct timestamps for quota fake file https://git.samba.org/?p=samba.git;a=shortlog;h=v4-13-test - Log - commit aa64f02ca944be1a6e7baa552c602b005c8c7d86 Author: Andreas Schneider Date: Mon Aug 2 17:43:01 2021 +0200 configure: Do not put arguments into double quotes BUG: https://bugzilla.samba.org/show_bug.cgi?id=14777 This could create an issue that arguments don't get split by python and then the following could happen: ./configure --libdir=/usr/lib64 --enable-clangdb LIBDIR='/usr/lib64 --enable-clangdb' This ends then up in parameters.all.xml: The python parser then errors out: xml.etree.ElementTree.ParseError: not well-formed (invalid token) Signed-off-by: Andreas Schneider Reviewed-by: Andrew Bartlett Autobuild-User(master): Andreas Schneider Autobuild-Date(master): Tue Aug 3 18:36:37 UTC 2021 on sn-devel-184 (cherry picked from commit e2962b4262fc4a7197a3fcbd010fcfaca781baea) Autobuild-User(v4-13-test): Jule Anger Autobuild-Date(v4-13-test): Mon Aug 9 13:45:32 UTC 2021 on sn-devel-184 --- Summary of changes: configure | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) Changeset truncated at 500 lines: diff --git a/configure b/configure index a6ca50feb47..2b0ffb0dae1 100755 --- a/configure +++ b/configure @@ -13,5 +13,5 @@ export JOBS unset LD_PRELOAD cd . || exit 1 -$PYTHON $WAF configure "$@" || exit 1 +$PYTHON $WAF configure $@ || exit 1 cd $PREVPATH -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-15-test updated
The branch, v4-15-test has been updated via 4467a0ba7f0 smbd: only open full fd for directories if needed via 4f3b6f6b311 smbd: drop requirement for full open for READ_CONTROL_ACCESS, WRITE_DAC_ACCESS and WRITE_OWNER_ACCESS via 9b8e795df6f s3: smbd: Don't leak meta-data about the containing directory of the share root. via 3acccfc764d s3: smbd: Allow async dosmode to cope with ".." pathnames where we close smb_fname->fsp to prevent meta-data leakage. via fccedb4d94a configure: Do not put arguments into double quotes from c933b88dbe1 samba-bgqd: Fix samba-bgqd with "clustering=yes"/"include=registry" https://git.samba.org/?p=samba.git;a=shortlog;h=v4-15-test - Log - commit 4467a0ba7f0764831827645ae4cca22360d7cb70 Author: Ralph Boehme Date: Tue Jun 29 12:47:34 2021 +0200 smbd: only open full fd for directories if needed BUG: https://bugzilla.samba.org/show_bug.cgi?id=14700 RN: File owner not available when file unreadable Signed-off-by: Ralph Boehme Reviewed-by: Jeremy Allison Autobuild-User(master): Jeremy Allison Autobuild-Date(master): Mon Aug 2 18:05:04 UTC 2021 on sn-devel-184 (cherry picked from commit 6d928eb1e8ea44f0d0aea4ec9b1b7c385a281193) Autobuild-User(v4-15-test): Jule Anger Autobuild-Date(v4-15-test): Mon Aug 9 12:05:34 UTC 2021 on sn-devel-184 commit 4f3b6f6b311942e1cf42ed263188384d643f25e6 Author: Ralph Boehme Date: Sat May 8 21:45:25 2021 +0200 smbd: drop requirement for full open for READ_CONTROL_ACCESS, WRITE_DAC_ACCESS and WRITE_OWNER_ACCESS This was needed before we had pathref fsps, with pathref fsps we can do operation requiring WRITE_OWNER_ACCESS, WRITE_DAC_ACCESS and READ_CONTROL_ACCESS on the pathref fsp. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14700 Signed-off-by: Ralph Boehme Reviewed-by: Jeremy Allison (cherry picked from commit e71e373a07e467ff2d2328f39bd2bc285e2ba840) commit 9b8e795df6f61fdf530d3fe85faea8ae2e3c00e9 Author: Jeremy Allison Date: Wed Jul 14 19:11:05 2021 -0700 s3: smbd: Don't leak meta-data about the containing directory of the share root. This is a subtle one. In smbd_dirptr_get_entry() we now open a pathref fsp on all entries - including "..". If we're at the root of the share we don't want a handle to the directory above it, so silently close the smb_fname->fsp for ".." names to prevent it from being used to return meta-data to the client (more than we already have done historically by calling pathname functions on ".."). The marshalling returned entries and async DOS code copes with smb_fname->fsp == NULL perfectly well. Only in master, but will need fixing for 4.15.rc1 or 2. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14759 Signed-off-by: Jeremy Allison Reviewed-by: Ralph Boehme Autobuild-User(master): Ralph Böhme Autobuild-Date(master): Wed Jul 28 15:07:54 UTC 2021 on sn-devel-184 (cherry picked from commit 2acad27686074029ac83c66b42bb37eea380f449) commit 3acccfc764df88bd1400bc8da72b2733ca06cdff Author: Jeremy Allison Date: Wed Jul 14 21:30:09 2021 -0700 s3: smbd: Allow async dosmode to cope with ".." pathnames where we close smb_fname->fsp to prevent meta-data leakage. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14759 Signed-off-by: Jeremy Allison Reviewed-by: Ralph Boehme (cherry picked from commit b004ebb1c62742346b84ecb9d52c783173528fac) commit fccedb4d94abac9909c2ed00b07af6a207b09590 Author: Andreas Schneider Date: Mon Aug 2 17:43:01 2021 +0200 configure: Do not put arguments into double quotes BUG: https://bugzilla.samba.org/show_bug.cgi?id=14777 This could create an issue that arguments don't get split by python and then the following could happen: ./configure --libdir=/usr/lib64 --enable-clangdb LIBDIR='/usr/lib64 --enable-clangdb' This ends then up in parameters.all.xml: The python parser then errors out: xml.etree.ElementTree.ParseError: not well-formed (invalid token) Signed-off-by: Andreas Schneider Reviewed-by: Andrew Bartlett Autobuild-User(master): Andreas Schneider Autobuild-Date(master): Tue Aug 3 18:36:37 UTC 2021 on sn-devel-184 (cherry picked from commit e2962b4262fc4a7197a3fcbd010fcfaca781baea) --- Summary of changes: configure | 2 +- source3/smbd/dir.c | 25 + source3/smbd/dosmode.c | 23 ++- source3/smbd/open.c| 31 +-- 4 f
[SCM] Samba Shared Repository - branch v4-15-test updated
The branch, v4-15-test has been updated via f834da87269 VERSION: Bump version up to Samba 4.15.0rc3... via 16fb5c685a5 VERSION: Disable GIT_SNAPSHOT for the 4.15.0rc2 release. via d872e7f0cd7 WHATSNEW: Add release notes for Samba 4.15.0rc2. from 4467a0ba7f0 smbd: only open full fd for directories if needed https://git.samba.org/?p=samba.git;a=shortlog;h=v4-15-test - Log - commit f834da87269bf5eb1c1048ad455638d7e5aa1b73 Author: Jule Anger Date: Mon Aug 9 15:20:37 2021 +0200 VERSION: Bump version up to Samba 4.15.0rc3... and re-enable GIT_SNAPSHOT. Signed-off-by: Jule Anger Reviewed-by: Stefan Metzmacher commit 16fb5c685a58af1e1d8761ba2c039a6626dabd6a Author: Jule Anger Date: Mon Aug 9 15:15:54 2021 +0200 VERSION: Disable GIT_SNAPSHOT for the 4.15.0rc2 release. Signed-off-by: Jule Anger Reviewed-by: Stefan Metzmacher commit d872e7f0cd7867306fc78765b157d834fe5c80ea Author: Jule Anger Date: Mon Aug 9 15:14:28 2021 +0200 WHATSNEW: Add release notes for Samba 4.15.0rc2. Signed-off-by: Jule Anger Reviewed-by: Stefan Metzmacher --- Summary of changes: VERSION | 2 +- WHATSNEW.txt | 23 ++- 2 files changed, 23 insertions(+), 2 deletions(-) Changeset truncated at 500 lines: diff --git a/VERSION b/VERSION index bc3facf0977..0487096ed57 100644 --- a/VERSION +++ b/VERSION @@ -87,7 +87,7 @@ SAMBA_VERSION_PRE_RELEASE= # e.g. SAMBA_VERSION_RC_RELEASE=1 # # -> "3.0.0rc1" # -SAMBA_VERSION_RC_RELEASE=2 +SAMBA_VERSION_RC_RELEASE=3 # To mark SVN snapshots this should be set to 'yes'# diff --git a/WHATSNEW.txt b/WHATSNEW.txt index ab770634725..074767e3251 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,7 +1,7 @@ Release Announcements = -This is the first release candidate of Samba 4.15. This is *not* +This is the second release candidate of Samba 4.15. This is *not* intended for production environments and is designed for testing purposes only. Please report any defects via the Samba bug reporting system at https://bugzilla.samba.org/. @@ -208,6 +208,27 @@ smb.conf changes winbind scan trusted domainsChanged No +CHANGES SINCE 4.15.0rc1 +=== + +o Andreas Schneider + * BUG 14768: smbd/winbind should load the registry if configured + * BUG 14777: do not quote passed argument of configure script + * BUG 14779: Winbind should not start if the socket path is too long + +o Stefan Metzmacher + * BUG 14607: tree connect failed: NT_STATUS_INVALID_PARAMETER + * BUG 14764: aes-256-gcm and aes-256-ccm doesn't work in the server + +o Ralph Boehme + * BUG 14700: file owner not available when file unredable + +o Jeremy Allison + * BUG 14607: tree connect failed: NT_STATUS_INVALID_PARAMETER + * BUG 14759: 4.15rc can leak meta-data about the directory containing the + share path + + KNOWN ISSUES -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-15-stable updated
The branch, v4-15-stable has been updated via 16fb5c685a5 VERSION: Disable GIT_SNAPSHOT for the 4.15.0rc2 release. via d872e7f0cd7 WHATSNEW: Add release notes for Samba 4.15.0rc2. via 4467a0ba7f0 smbd: only open full fd for directories if needed via 4f3b6f6b311 smbd: drop requirement for full open for READ_CONTROL_ACCESS, WRITE_DAC_ACCESS and WRITE_OWNER_ACCESS via 9b8e795df6f s3: smbd: Don't leak meta-data about the containing directory of the share root. via 3acccfc764d s3: smbd: Allow async dosmode to cope with ".." pathnames where we close smb_fname->fsp to prevent meta-data leakage. via fccedb4d94a configure: Do not put arguments into double quotes via c933b88dbe1 samba-bgqd: Fix samba-bgqd with "clustering=yes"/"include=registry" via c33b18ec92e lib:cmdline: Use lp_load_global() for servers via 2a21ecf1f91 s3:smbd: really support AES-256* in the server via 13839721f06 s4:torture/smb2: add tests to check all signing and encryption algorithms via e606987911e gnutls: allow gnutls_aead_cipher_encryptv2 with gcm before 3.6.15 via 047cbaad5d9 gitlab: Use shorter names for Samba AD DC env with MIT KRB5 via f2b2ecec7fc s3:winbindd: Add a check for the path length of 'winbindd socket directory' via 68bd2229bd4 WHATSNEW: mention the offline domain join feature via 8380f21aadd libcli/smb: allow unexpected padding in SMB2 READ responses via 170b8195507 libcli/smb: make smb2cli_ioctl_parse_buffer() available as smb2cli_parse_dyn_buffer() via b644b297bf8 s3:smbd: implement FSCTL_SMBTORTURE_GLOBAL_READ_RESPONSE_BODY_PADDING8 via 0be68189ffc s3:smbd: introduce a body_size variable in smbd_smb2_request_read_done via 570b3ced84a s4:torture/smb2: add smb2.read.bug14607 test via 81eeb1c6708 VERSION: Bump version up to 4.15.0rc2... from 6a6f6044771 VERSION: Disable GIT_SNAPSHOT for the Samba 4.15.0rc1 release. https://git.samba.org/?p=samba.git;a=shortlog;h=v4-15-stable - Log - --- Summary of changes: .gitlab-ci-main.yml | 12 +- VERSION | 2 +- WHATSNEW.txt| 35 +++- configure | 2 +- lib/cmdline/cmdline.h | 9 + lib/cmdline/cmdline_s3.c| 2 +- libcli/smb/smb2_signing.c | 54 +++-- libcli/smb/smb2cli_ioctl.c | 123 ++-- libcli/smb/smb2cli_read.c | 22 +- libcli/smb/smbXcli_base.c | 91 + libcli/smb/smbXcli_base.h | 9 + libcli/smb/smb_constants.h | 2 + script/autobuild.py | 6 +- selftest/target/Samba3.pm | 1 + source3/printing/samba-bgqd.c | 58 +- source3/smbd/dir.c | 25 +++ source3/smbd/dosmode.c | 23 ++- source3/smbd/globals.h | 4 + source3/smbd/open.c | 31 ++- source3/smbd/smb2_ioctl.c | 10 + source3/smbd/smb2_read.c| 14 +- source3/smbd/smb2_sesssetup.c | 6 + source3/winbindd/winbindd.c | 25 +++ source4/torture/smb2/read.c | 136 + source4/torture/smb2/session.c | 436 wscript_configure_system_gnutls | 10 +- 26 files changed, 976 insertions(+), 172 deletions(-) Changeset truncated at 500 lines: diff --git a/.gitlab-ci-main.yml b/.gitlab-ci-main.yml index 1aee591b068..0979c007dc6 100644 --- a/.gitlab-ci-main.yml +++ b/.gitlab-ci-main.yml @@ -331,10 +331,10 @@ samba-ad-dc-ntvfs: samba-admem-mit: extends: .needs_samba-mit-build -samba-ad-dc-4a-mitkrb5: +samba-addc-mit-4a: extends: .needs_samba-mit-build -samba-ad-dc-4b-mitkrb5: +samba-addc-mit-4b: extends: .needs_samba-mit-build # This task is run first to ensure we compile before we start the @@ -389,7 +389,7 @@ samba-ad-dc-1: samba-nt4: extends: .needs_samba-nt4-build-private -samba-ad-dc-1-mitkrb5: +samba-addc-mit-1: extends: .needs_samba-mit-build-private samba-no-opath1: @@ -421,15 +421,15 @@ pages: - samba-ctdb - samba-ad-dc-ntvfs - samba-admem-mit -- samba-ad-dc-4a-mitkrb5 -- samba-ad-dc-4b-mitkrb5 +- samba-addc-mit-4a +- samba-addc-mit-4b - samba-ad-back1 - samba-ad-back2 - samba-fileserver - samba-ad-dc-1 - samba-nt4 - samba-schemaupgrade -- samba-ad-dc-1-mitkrb5 +- samba-addc-mit-1 - samba-fips - samba-no-opath1 - samba-no-opath2 diff --git a/VERSION b/VERSION index 787b2dd26b0..ba0f12ea840 100644 --- a/VERSION +++ b/VERSION @@ -87,7 +87,7 @@ SAMBA_VERSION_PRE_RELEASE= # e.g. SAMBA_VERSION_RC_RELEASE=1 # # -> "3.0.0rc1" # -SAMBA_VERSION_RC_RELEASE=1 +SAMBA_VERSION_RC_RELEASE=2
[SCM] Samba Shared Repository - branch v4-14-test updated
The branch, v4-14-test has been updated via 340aff1c8f4 s3: lib: sysacls: Fix argument numbers for sys_acl_set_fd() for untested OS builds. via de50dc5c3db configure: Do not put arguments into double quotes from 4801b6c298b VERSION: Bump version up to 4.14.7... https://git.samba.org/?p=samba.git;a=shortlog;h=v4-14-test - Log - commit 340aff1c8f419c5b1ce18fa5f8b080d4426da65f Author: David Gajewski Date: Mon Aug 2 17:06:39 2021 -0700 s3: lib: sysacls: Fix argument numbers for sys_acl_set_fd() for untested OS builds. In the stable release 4.14.6 the prototype for solarisacl_sys_acl_set_fd() in s3/modules/vfs_solarisacl.h is listed with 3 arguments, while the code in s3/modules/vfs_solarisacl.c has 4. This leads to a compile error. The latter reflects the upcoming release, with code in solarisacl_sys_acl_set_fd() checking for the type. The commit was "vfs: add acl type arg to SMB_VFS_SYS_ACL_SET_FD()" that made the partial change. A patch mimicking what was done with posixacl_sys_acl_set_fd() is applied here. solarisacl_sys_acl_set_fd() is only called from sys_acl_set_fd() in s3/lib/sysacls.c which in turn is only called by vfswrap_sys_acl_set_fd() in s3/modules/vfs_default.c when type == SMB_ACL_TYPE_ACCESS. This patch mimics the call to posixacl_sys_acl_set_fd() by setting the type argument to SMB_ACL_TYPE_ACCESS for all the affected OS's that are not tested in ci (tru64 and aix). BUG: https://bugzilla.samba.org/show_bug.cgi?id=14774 Signed-off-by: David Gajewski Reviewed-by: Jeremy Allison Reviewed-by: Ralph Boehme (similar to commit 2867950721993c62a636d754e50d483fda39e19c) Autobuild-User(v4-14-test): Jule Anger Autobuild-Date(v4-14-test): Tue Aug 10 12:41:30 UTC 2021 on sn-devel-184 commit de50dc5c3db243c926b4c10e5355ed47f7b593af Author: Andreas Schneider Date: Mon Aug 2 17:43:01 2021 +0200 configure: Do not put arguments into double quotes BUG: https://bugzilla.samba.org/show_bug.cgi?id=14777 This could create an issue that arguments don't get split by python and then the following could happen: ./configure --libdir=/usr/lib64 --enable-clangdb LIBDIR='/usr/lib64 --enable-clangdb' This ends then up in parameters.all.xml: The python parser then errors out: xml.etree.ElementTree.ParseError: not well-formed (invalid token) Signed-off-by: Andreas Schneider Reviewed-by: Andrew Bartlett Autobuild-User(master): Andreas Schneider Autobuild-Date(master): Tue Aug 3 18:36:37 UTC 2021 on sn-devel-184 (cherry picked from commit e2962b4262fc4a7197a3fcbd010fcfaca781baea) --- Summary of changes: configure| 2 +- source3/lib/sysacls.c| 6 +++--- source3/modules/vfs_solarisacl.h | 1 + source3/modules/vfs_tru64acl.h | 1 + 4 files changed, 6 insertions(+), 4 deletions(-) Changeset truncated at 500 lines: diff --git a/configure b/configure index a6ca50feb47..2b0ffb0dae1 100755 --- a/configure +++ b/configure @@ -13,5 +13,5 @@ export JOBS unset LD_PRELOAD cd . || exit 1 -$PYTHON $WAF configure "$@" || exit 1 +$PYTHON $WAF configure $@ || exit 1 cd $PREVPATH diff --git a/source3/lib/sysacls.c b/source3/lib/sysacls.c index ad970b6299b..ddf7cad0707 100644 --- a/source3/lib/sysacls.c +++ b/source3/lib/sysacls.c @@ -423,7 +423,7 @@ int sys_acl_set_file(vfs_handle_struct *handle, int sys_acl_set_fd(vfs_handle_struct *handle, files_struct *fsp, SMB_ACL_T acl_d) { - return aixacl_sys_acl_set_fd(handle, fsp, acl_d); + return aixacl_sys_acl_set_fd(handle, fsp, SMB_ACL_TYPE_ACCESS, acl_d); } int sys_acl_delete_def_file(vfs_handle_struct *handle, @@ -460,7 +460,7 @@ int sys_acl_set_file(vfs_handle_struct *handle, int sys_acl_set_fd(vfs_handle_struct *handle, files_struct *fsp, SMB_ACL_T acl_d) { - return tru64acl_sys_acl_set_fd(handle, fsp, acl_d); + return tru64acl_sys_acl_set_fd(handle, fsp, SMB_ACL_TYPE_ACCESS, acl_d); } int sys_acl_delete_def_file(vfs_handle_struct *handle, @@ -498,7 +498,7 @@ int sys_acl_set_file(vfs_handle_struct *handle, int sys_acl_set_fd(vfs_handle_struct *handle, files_struct *fsp, SMB_ACL_T acl_d) { - return solarisacl_sys_acl_set_fd(handle, fsp, acl_d); + return solarisacl_sys_acl_set_fd(handle, fsp, SMB_ACL_TYPE_ACCESS, acl_d); } int sys_acl_delete_def_file(vfs_handle_struct *handle, diff --git a/source3/modules/vfs_solarisacl.h b/source3/modules/vfs_solarisacl.h index ce2206cbe5b..8270358a48d 100644 --- a/source3/modules/vfs_solarisacl.h +++ b/source3/modules/vfs_solarisacl.h @
[SCM] Samba Shared Repository - branch v4-14-test updated
The branch, v4-14-test has been updated via 25f3cb8c973 libcli/smb: allow unexpected padding in SMB2 READ responses via a095a2d960a libcli/smb: make smb2cli_ioctl_parse_buffer() available as smb2cli_parse_dyn_buffer() via cee1b839a1f s3:smbd: implement FSCTL_SMBTORTURE_GLOBAL_READ_RESPONSE_BODY_PADDING8 via 0d89ce25acd s3:smbd: introduce a body_size variable in smbd_smb2_request_read_done via d84d0c1095c s4:torture/smb2: add smb2.read.bug14607 test from 9c470eb6cd7 dosmode: retry reading dos attributes as root for unreadable files https://git.samba.org/?p=samba.git;a=shortlog;h=v4-14-test - Log - commit 25f3cb8c9733fb4b667ca2eb59ce3aa70b2b9c86 Author: Stefan Metzmacher Date: Tue Jun 29 15:42:56 2021 +0200 libcli/smb: allow unexpected padding in SMB2 READ responses Make use of smb2cli_parse_dyn_buffer() in smb2cli_read_done() as it was exactly introduced for a similar problem see: commit 4c6c71e1378401d66bf2ed230544a75f7b04376f Author: Stefan Metzmacher AuthorDate: Thu Jan 14 17:32:15 2021 +0100 Commit: Volker Lendecke CommitDate: Fri Jan 15 08:36:34 2021 + libcli/smb: allow unexpected padding in SMB2 IOCTL responses A NetApp Ontap 7.3.7 SMB server add 8 padding bytes to an offset that's already 8 byte aligned. RN: Work around special SMB2 IOCTL response behavior of NetApp Ontap 7.3.7 BUG: https://bugzilla.samba.org/show_bug.cgi?id=14607 Pair-Programmed-With: Volker Lendecke Signed-off-by: Stefan Metzmacher Signed-off-by: Volker Lendecke Autobuild-User(master): Volker Lendecke Autobuild-Date(master): Fri Jan 15 08:36:34 UTC 2021 on sn-devel-184 RN: Work around special SMB2 READ response behavior of NetApp Ontap 7.3.7 BUG: https://bugzilla.samba.org/show_bug.cgi?id=14607 Signed-off-by: Stefan Metzmacher Reviewed-by: Jeremy Allison Autobuild-User(master): Jeremy Allison Autobuild-Date(master): Thu Jul 15 23:53:55 UTC 2021 on sn-devel-184 (cherry picked from commit 155348cda65b441a6c4db1ed84dbf1682d02973c) Autobuild-User(v4-14-test): Jule Anger Autobuild-Date(v4-14-test): Thu Aug 12 09:39:40 UTC 2021 on sn-devel-184 commit a095a2d960af1730342a9fdd71c411a85efc5a67 Author: Stefan Metzmacher Date: Tue Jun 29 15:24:13 2021 +0200 libcli/smb: make smb2cli_ioctl_parse_buffer() available as smb2cli_parse_dyn_buffer() It will be used in smb2cli_read.c soon... BUG: https://bugzilla.samba.org/show_bug.cgi?id=14607 Signed-off-by: Stefan Metzmacher Reviewed-by: Jeremy Allison (cherry picked from commit 1faf15b3d0f41fa8a94b76d1616a4460ce0c6fa4) commit cee1b839a1fd3cb164396b12576e99fcaefdb64d Author: Stefan Metzmacher Date: Mon Jul 5 17:49:00 2021 +0200 s3:smbd: implement FSCTL_SMBTORTURE_GLOBAL_READ_RESPONSE_BODY_PADDING8 This turns the 'smb2.read.bug14607' test from 'skip' into 'xfailure', as the 2nd smb2cli_read() function will now return NT_STATUS_INVALID_NETWORK_RESPONSE. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14607 Signed-off-by: Stefan Metzmacher Reviewed-by: Jeremy Allison (cherry picked from commit ef57fba5dbf359b204ba952451e1e33ed68f1c91) commit 0d89ce25acd1768f54b216450fce754c3af2918c Author: Stefan Metzmacher Date: Mon Jul 5 17:49:00 2021 +0200 s3:smbd: introduce a body_size variable in smbd_smb2_request_read_done This will simplify the following changes. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14607 Signed-off-by: Stefan Metzmacher Reviewed-by: Jeremy Allison (cherry picked from commit 5ecac656fde4e81aa6e51e7b3134ea3fb75f564a) commit d84d0c1095cf8dcb883bbe173bbfce11b713ae12 Author: Stefan Metzmacher Date: Tue Jul 6 16:24:59 2021 +0200 s4:torture/smb2: add smb2.read.bug14607 test This test will use a FSCTL_SMBTORTURE_GLOBAL_READ_RESPONSE_BODY_PADDING8 in order to change the server behavior of READ responses regarding the data offset. It will demonstrate the problem in smb2cli_read*() triggered by NetApp Ontap servers. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14607 Signed-off-by: Stefan Metzmacher Reviewed-by: Jeremy Allison (cherry picked from commit b3c9823d907b91632679e6f0ffce1b7192e4b9b6) --- Summary of changes: libcli/smb/smb2cli_ioctl.c | 123 ++- libcli/smb/smb2cli_read.c | 22 +-- libcli/smb/smbXcli_base.c | 91 + libcli/smb/smbXcli_base.h | 9 +++ libcli/smb/smb_constants.h | 2 + source3/smbd/globals.h
[SCM] Samba Shared Repository - branch v4-15-test updated
The branch, v4-15-test has been updated via c933b88dbe1 samba-bgqd: Fix samba-bgqd with "clustering=yes"/"include=registry" via c33b18ec92e lib:cmdline: Use lp_load_global() for servers via 2a21ecf1f91 s3:smbd: really support AES-256* in the server via 13839721f06 s4:torture/smb2: add tests to check all signing and encryption algorithms via e606987911e gnutls: allow gnutls_aead_cipher_encryptv2 with gcm before 3.6.15 via 047cbaad5d9 gitlab: Use shorter names for Samba AD DC env with MIT KRB5 via f2b2ecec7fc s3:winbindd: Add a check for the path length of 'winbindd socket directory' from 68bd2229bd4 WHATSNEW: mention the offline domain join feature https://git.samba.org/?p=samba.git;a=shortlog;h=v4-15-test - Log - commit c933b88dbe13caf1b8f44751683393504e8516c4 Author: Volker Lendecke Date: Fri Jul 30 11:43:08 2021 +0200 samba-bgqd: Fix samba-bgqd with "clustering=yes"/"include=registry" With the above combination, some flavor of lp_load() already initializes global_event_ctx, for which the closeall_except() later on will happily close the epoll fd for. If we want to close all file descriptors at startup, this must be the very first thing overall. Can't really write a proper test for this with knownfail that is removed with the fix, because if we have clustering+include=registry, the whole clusteredmember environment does not even start up. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14768 Signed-off-by: Volker Lendecke Reviewed-by: Stefan Metzmacher Autobuild-User(master): Stefan Metzmacher Autobuild-Date(master): Sat Jul 31 16:58:41 UTC 2021 on sn-devel-184 (cherry picked from commit 7818513053aabda046645583fa5bb79a03e2b5ac) Autobuild-User(v4-15-test): Jule Anger Autobuild-Date(v4-15-test): Fri Aug 6 15:39:29 UTC 2021 on sn-devel-184 commit c33b18ec92ecf10bae8b19d57a832b62adbb2732 Author: Andreas Schneider Date: Wed Jul 21 16:06:15 2021 +0200 lib:cmdline: Use lp_load_global() for servers As for client we need to enable support for 'config backend = registry'. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14768 Signed-off-by: Andreas Schneider Reviewed-by: Guenther Deschner (cherry picked from commit 7b796b5bb735295bde252cd52283591b720d8d6e) commit 2a21ecf1f9192a3d0fdc84367728e5bf2b3399ee Author: Stefan Metzmacher Date: Thu Jul 15 13:20:22 2021 +0200 s3:smbd: really support AES-256* in the server BUG: https://bugzilla.samba.org/show_bug.cgi?id=14764 Signed-off-by: Stefan Metzmacher Reviewed-by: Jeremy Allison Autobuild-User(master): Jeremy Allison Autobuild-Date(master): Tue Jul 20 16:13:28 UTC 2021 on sn-devel-184 (cherry picked from commit 0ac71061044e2ee47f4de3a319ad2386128066fc) commit 13839721f067874be6b496335fe627877596da8a Author: Stefan Metzmacher Date: Mon Jul 19 18:38:06 2021 +0200 s4:torture/smb2: add tests to check all signing and encryption algorithms BUG: https://bugzilla.samba.org/show_bug.cgi?id=14764 Signed-off-by: Stefan Metzmacher Reviewed-by: Jeremy Allison (cherry picked from commit 407b458242cd11bdb3ab219dc58b3ffb070b0e7c) commit e606987911e556c3275528493473eed70cd023e2 Author: Stefan Metzmacher Date: Tue Mar 9 10:40:04 2021 +0100 gnutls: allow gnutls_aead_cipher_encryptv2 with gcm before 3.6.15 The memory leak bug up to 3.6.14 was only related to ccm, but gcm was fine. This avoids talloc+memcpy on more systems, e.g. ubuntu 20.04, and brings ~ 20% less cpu overhead, see: https://hackmd.io/@asn/samba_crypto_benchmarks BUG: https://bugzilla.samba.org/show_bug.cgi?id=14764 Signed-off-by: Stefan Metzmacher Reviewed-by: Andreas Schneider (cherry picked from commit 5512416a8fbe00a7a5343afe0d50846e0a8f342b) commit 047cbaad5d9fa4bc6d901fece9a284de4f991fb3 Author: Andreas Schneider Date: Tue Aug 3 13:20:40 2021 +0200 gitlab: Use shorter names for Samba AD DC env with MIT KRB5 BUG: https://bugzilla.samba.org/show_bug.cgi?id=14779 Signed-off-by: Andreas Schneider Reviewed-by: Andrew Bartlett Autobuild-User(master): Andrew Bartlett Autobuild-Date(master): Tue Aug 3 20:35:49 UTC 2021 on sn-devel-184 (cherry picked from commit 000f389d09ec9e9906d5e2a0aa317c471c5f5b96) commit f2b2ecec7fc848ce474771ea5a7dcfad08ff392e Author: Andreas Schneider Date: Tue Aug 3 11:04:37 2021 +0200 s3:winbindd: Add a check for the path length of 'winbindd socket directory' BUG: https://bugzilla.samba.org/show_bug.cgi?id=14779 Signed-off-by: Andreas Schneider Reviewed-by: Andrew Bartlett (cherry picked from commit
[SCM] Samba Shared Repository - branch v4-14-test updated
The branch, v4-14-test has been updated via 9c470eb6cd7 dosmode: retry reading dos attributes as root for unreadable files via 99bca25289e vfs: Fix the FreeBSD build via 0fca66858de vfs_default: use fsp_get_io_fd() for copy_file_range() via f9bcec6298d vfs_default: use copy_file_range() via c44d2e8dbdc smbd: use sys_io_ranges_overlap() in fsctl_dup_extents_check_overlap() via a25b75b2ca2 lib: add sys_io_ranges_overlap() via 0772ff448fc vfs_default: properly track written bytes for copy-chunk via d5d6bbaa939 replace: copy_file_range() from 340aff1c8f4 s3: lib: sysacls: Fix argument numbers for sys_acl_set_fd() for untested OS builds. https://git.samba.org/?p=samba.git;a=shortlog;h=v4-14-test - Log - commit 9c470eb6cd7f7782c81fe7bd39dd9b4c4e893747 Author: Björn Jacke Date: Thu Mar 4 19:37:37 2021 +0100 dosmode: retry reading dos attributes as root for unreadable files if there are files that the user can't access, he is still allowed to read the dos attributes information, so we need to try reading them as root also. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14654 Signed-off-by: Bjoern Jacke Reviewed-by: Ralph Boehme Reviewed-by: Jeremy Allison (cherry picked from commit 4288319770bc1bde28b1e9ac4bb287e29853378d) Autobuild-User(v4-14-test): Jule Anger Autobuild-Date(v4-14-test): Wed Aug 11 10:55:24 UTC 2021 on sn-devel-184 commit 99bca25289e0e772afa887f1d70dbe1997f01917 Author: Volker Lendecke Date: Mon Jan 25 09:55:40 2021 +0100 vfs: Fix the FreeBSD build fd_handle is private now Signed-off-by: Volker Lendecke Reviewed-by: Ralph Boehme Autobuild-User(master): Volker Lendecke Autobuild-Date(master): Mon Jan 25 12:16:11 UTC 2021 on sn-devel-184 (cherry picked from commit da3b00f5511d83bdc347eaff9c031390fea41802) commit 0fca66858de2df9b832ac257a2ccd104f90e3b74 Author: Ralph Boehme Date: Thu Jul 1 15:19:56 2021 +0200 vfs_default: use fsp_get_io_fd() for copy_file_range() Unintentionally used fsp_get_pathref_fd() in the initial patchset. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12033 Signed-off-by: Ralph Boehme Reviewed-by: Jeremy Allison Autobuild-User(master): Jeremy Allison Autobuild-Date(master): Thu Jul 1 17:45:49 UTC 2021 on sn-devel-184 (cherry picked from commit 0e3ddc27ed6d603a21cb2b187f3295506d560604) commit f9bcec6298d3ba42963b3c30f280c1f7ff5d20de Author: Ralph Boehme Date: Thu Jun 24 16:21:42 2021 +0200 vfs_default: use copy_file_range() Original file on an XFS filesystem: $ ls -l /mnt/test/1048578-file -rw-rw-r--. 1 slow slow 1048578 Jun 25 11:40 /mnt/test/1048578-file $ xfs_bmap /mnt/test/1048578-file /mnt/test/1048578-file: 0: [0..2055]: 192..2247 Copy created with cp --reflink=never: $ xfs_bmap /mnt/test/1048578-file-reflink-never /mnt/test/1048578-file-reflink-never: 0: [0..2055]: 2248..4303 Copy created with cp --reflink=always $ xfs_bmap /mnt/test/1048578-file-reflink-always /mnt/test/1048578-file-reflink-always: 0: [0..2055]: 192..2247 Copy done from a Windows client: $ xfs_bmap /mnt/test/1048578-file\ -\ Copy /mnt/test/1048578-file - Copy: 0: [0..2055]: 192..2247 BUG: https://bugzilla.samba.org/show_bug.cgi?id=12033 RN: smbd should support copy_file_range() for FSCTL_SRV_COPYCHUNK Signed-off-by: Ralph Boehme Reviewed-by: Jeremy Allison Autobuild-User(master): Jeremy Allison Autobuild-Date(master): Wed Jun 30 17:40:23 UTC 2021 on sn-devel-184 (cherry picked from commit accaa2f1f67a7f064a4ce03a120d7b2f8e847ccf) commit c44d2e8dbdc4e2828e4fb233d67d05bca7bd0779 Author: Ralph Boehme Date: Mon Jun 28 15:50:32 2021 +0200 smbd: use sys_io_ranges_overlap() in fsctl_dup_extents_check_overlap() BUG: https://bugzilla.samba.org/show_bug.cgi?id=12033 Signed-off-by: Ralph Boehme Reviewed-by: Jeremy Allison (cherry picked from commit e72be5213335ab1ea0f9f396ab071669231c151b) commit a25b75b2ca26f02a05ac318a837475bb6835a081 Author: Ralph Boehme Date: Sat Jun 26 12:21:19 2021 +0200 lib: add sys_io_ranges_overlap() BUG: https://bugzilla.samba.org/show_bug.cgi?id=12033 Signed-off-by: Ralph Boehme Reviewed-by: Jeremy Allison (cherry picked from commit 4f1a02909b8694dcc30fd5c7c6772fcfa1092ed9) commit 0772ff448fc054250e580a6e2e48b69485eca506 Author: Ralph Boehme Date: Fri Jun 25 15:47:38 2021 +0200 vfs_default: properly track written bytes for copy-chunk No change in behavour, this just makes the logic slightly more understandable. In theory it would
[SCM] Samba Shared Repository - branch v4-14-test updated
The branch, v4-14-test has been updated via f53c532c229 autobuild: allow AUTOBUILD_FAIL_IMMEDIATELY=0 (say from a gitlab variable) from 53b48cbe9a8 tests/krb5: Allow KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN for a missing sname https://git.samba.org/?p=samba.git;a=shortlog;h=v4-14-test - Log - commit f53c532c2292d07ab3374920bd83c123038e Author: Andrew Bartlett Date: Fri Sep 17 16:43:00 2021 +1200 autobuild: allow AUTOBUILD_FAIL_IMMEDIATELY=0 (say from a gitlab variable) This allows making a push to do a full test ignoring errors without needing "HACK!!!" commits on top. Use like this: git push -o ci.variable='AUTOBUILD_FAIL_IMMEDIATELY=0' RN: Samba CI runs can now continue past the first error if AUTOBUILD_FAIL_IMMEDIATELY=0 is set BUG: https://bugzilla.samba.org/show_bug.cgi?id=14841 Signed-off-by: Andrew Bartlett Reviewed-by: Michael Adam [abart...@samba.org backported from commit b81f6f3d71487085bb355392ce7f8eff2db5bb4d due to changes in 4.15 and later for the autobuild dependent jobs work that avoids rebuilding Samba in each task] Autobuild-User(v4-14-test): Jule Anger Autobuild-Date(v4-14-test): Thu Sep 23 08:54:03 UTC 2021 on sn-devel-184 --- Summary of changes: script/autobuild.py | 9 +++-- 1 file changed, 7 insertions(+), 2 deletions(-) Changeset truncated at 500 lines: diff --git a/script/autobuild.py b/script/autobuild.py index dded5c9dec9..c069e1d3ccd 100755 --- a/script/autobuild.py +++ b/script/autobuild.py @@ -159,7 +159,6 @@ def format_option(name, value=None): def make_test( cmd='make test', -FAIL_IMMEDIATELY=1, TESTS='', include_envs=None, exclude_envs=None): @@ -174,7 +173,13 @@ def make_test( TESTS = (TESTS + ' ' + ' '.join(test_options)).strip() _options = [] -if FAIL_IMMEDIATELY: + +# Allow getting a full CI with +# git push -o ci.variable='AUTOBUILD_FAIL_IMMEDIATELY=0' + +FAIL_IMMEDIATELY = os.getenv("AUTOBUILD_FAIL_IMMEDIATELY", "1") + +if int(FAIL_IMMEDIATELY): _options.append('FAIL_IMMEDIATELY=1') if TESTS: _options.append("TESTS='{}'".format(TESTS)) -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-15-test updated
The branch, v4-15-test has been updated via 4b1e8535610 autobuild: allow AUTOBUILD_FAIL_IMMEDIATELY=0 (say from a gitlab variable) from 4c85e56501b Bump version up to Samba 4.15.1... https://git.samba.org/?p=samba.git;a=shortlog;h=v4-15-test - Log - commit 4b1e8535610bc35c0a0c6575d80e6c0046e615e0 Author: Andrew Bartlett Date: Fri Sep 17 16:43:00 2021 +1200 autobuild: allow AUTOBUILD_FAIL_IMMEDIATELY=0 (say from a gitlab variable) This allows making a push to do a full test ignoring errors without needing "HACK!!!" commits on top. Use like this: git push -o ci.variable='AUTOBUILD_FAIL_IMMEDIATELY=0' RN: Samba CI runs can now continue past the first error if AUTOBUILD_FAIL_IMMEDIATELY=0 is set BUG: https://bugzilla.samba.org/show_bug.cgi?id=14841 Signed-off-by: Andrew Bartlett Reviewed-by: Michael Adam (cherry picked from commit b81f6f3d71487085bb355392ce7f8eff2db5bb4d) Autobuild-User(v4-15-test): Jule Anger Autobuild-Date(v4-15-test): Thu Sep 23 10:28:48 UTC 2021 on sn-devel-184 --- Summary of changes: script/autobuild.py | 9 +++-- 1 file changed, 7 insertions(+), 2 deletions(-) Changeset truncated at 500 lines: diff --git a/script/autobuild.py b/script/autobuild.py index 97731215282..ca9ffb93f68 100755 --- a/script/autobuild.py +++ b/script/autobuild.py @@ -166,7 +166,6 @@ def format_option(name, value=None): def make_test( cmd='make testonly', -FAIL_IMMEDIATELY=1, INJECT_SELFTEST_PREFIX=1, TESTS='', include_envs=None, @@ -182,7 +181,13 @@ def make_test( TESTS = (TESTS + ' ' + ' '.join(test_options)).strip() _options = [] -if FAIL_IMMEDIATELY: + +# Allow getting a full CI with +# git push -o ci.variable='AUTOBUILD_FAIL_IMMEDIATELY=0' + +FAIL_IMMEDIATELY = os.getenv("AUTOBUILD_FAIL_IMMEDIATELY", "1") + +if int(FAIL_IMMEDIATELY): _options.append('FAIL_IMMEDIATELY=1') if TESTS: _options.append("TESTS='{}'".format(TESTS)) -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-14-test updated
The branch, v4-14-test has been updated via 44636fa0378 ctdb-tests: add a comment to the generated public_addresses file used by eventscript UNIT tests via c10d2880356 ctdb-tests: Fix typo in ctdb stub comment matching via a200f88452e ctdb-scripts: filter out comments in public_addresses file via edf50886ec5 s3: smbd: Ensure when we change security context we delete any $cwd cache. via de2150dc762 s3: selftest: Add regression test to show the $cwd cache is misbehaving when we connect as a different user on a share. from 6f10103d076 VERSION: Bump version up to Samba 4.14.9... https://git.samba.org/?p=samba.git;a=shortlog;h=v4-14-test - Log - commit 44636fa037814fe71d2397865ff3cfa88f8fd35c Author: Ralph Boehme Date: Fri Oct 8 05:58:37 2021 +0200 ctdb-tests: add a comment to the generated public_addresses file used by eventscript UNIT tests test stub code has been updated to handle this, so now let's put it to work. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14826 RN: Correctly ignore comments in CTDB public addresses file Signed-off-by: Ralph Boehme Reviewed-by: Martin Schwenke (cherry picked from commit 4e3676cb3c4d24cd4c287703d2cd812a2a8c36ff) Autobuild-User(v4-14-test): Jule Anger Autobuild-Date(v4-14-test): Mon Oct 18 08:41:16 UTC 2021 on sn-devel-184 commit c10d2880356ded48bc7aac1e4540acdc092d34dc Author: Martin Schwenke Date: Tue Oct 12 12:19:27 2021 +1100 ctdb-tests: Fix typo in ctdb stub comment matching BUG: https://bugzilla.samba.org/show_bug.cgi?id=14826 Signed-off-by: Martin Schwenke Reviewed-by: Ralph Boehme (cherry picked from commit 5426c104f5090751c1ea02f0c0667d8d071a4a83) commit a200f88452e6daac6ece9738ab3192470224aac9 Author: Ralph Boehme Date: Wed Sep 8 16:53:12 2021 +0200 ctdb-scripts: filter out comments in public_addresses file Note that order of sed expressions matters: the expression to delete comment lines must come first as the second expression would transform # comment to comment BUG: https://bugzilla.samba.org/show_bug.cgi?id=14826 Signed-off-by: Ralph Boehme Reviewed-by: Martin Schwenke (cherry picked from commit 530e8d4b9e47601b88e20bcaefa2d502efcebe60) commit edf50886ec524a58a8862c04347bbb29a8a29376 Author: Jeremy Allison Date: Thu Oct 7 14:11:25 2021 -0700 s3: smbd: Ensure when we change security context we delete any $cwd cache. This will ensure we *always* call into the VFS_SMB_CHDIR backends on security context switch. The $cwd was an optimization that was only looking at the raw filesystem path. We could delete it completely but that is a patch for another day. Remove knownfail on regression test. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14682 RN: vfs_shadow_copy2: core dump in make_relative_path Signed-off-by: Jeremy Allison Reviewed-by: Ralph Boehme Autobuild-User(master): Ralph Böhme Autobuild-Date(master): Fri Oct 8 21:28:04 UTC 2021 on sn-devel-184 (cherry picked from commit 4fe965836243928ac33eb95a67d3e889fdc15861) commit de2150dc762bb911e320cd352ab5a41a0f92bc72 Author: Jeremy Allison Date: Thu Oct 7 14:08:48 2021 -0700 s3: selftest: Add regression test to show the $cwd cache is misbehaving when we connect as a different user on a share. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14682 Signed-off-by: Jeremy Allison Reviewed-by: Ralph Boehme (cherry picked from commit 954e637ddc6f0f5291d0a15cdbcbc6a4f7a6cb13) --- Summary of changes: ctdb/config/events/legacy/10.interface.script | 3 +- ctdb/config/functions | 3 + ctdb/tests/UNIT/eventscripts/scripts/local.sh | 1 + ctdb/tests/UNIT/eventscripts/stubs/ctdb | 2 +- source3/script/tests/test_chdir_cache.sh | 102 ++ source3/selftest/tests.py | 9 +++ source3/smbd/sec_ctx.c| 8 ++ 7 files changed, 126 insertions(+), 2 deletions(-) create mode 100755 source3/script/tests/test_chdir_cache.sh Changeset truncated at 500 lines: diff --git a/ctdb/config/events/legacy/10.interface.script b/ctdb/config/events/legacy/10.interface.script index 72e0c101d47..d87f6c52c58 100755 --- a/ctdb/config/events/legacy/10.interface.script +++ b/ctdb/config/events/legacy/10.interface.script @@ -25,7 +25,8 @@ fi get_all_interfaces () { # Get all the interfaces listed in the public_addresses file -all_interfaces=$(sed -e 's/^[^\t ]*[\t ]*//' \ +all_interfaces=$(sed -e '/^#.*/d' \ +-e 's/^[^\t ]*[\t ]*//' \ -e 's/,/ /g' \ -e 's
[SCM] Samba Shared Repository - branch v4-15-test updated
The branch, v4-15-test has been updated via 57ffd32d455 s3: smbspool. Remove last use of 'extern char **environ;'. via d3b3aa9e19f Fix detection of rpc/xdr.h on macOS via 0d59b1fb326 vfs_preopen.c: Fix -Wformat error on macOS via 3ded98767d3 source3/smbd/statcache.c: Fix -Wformat build error on macOS via 4c89d9169a4 sec_ctx.c: Fix -Wunused-function warning on macOS via 0daa3af7042 source3/printing/queue_process.c: fix build on macOS via 80e9d89a97b audit_logging.c: fix compilation on macOS via 448f2acdcea charset_macosxfs.c: fix compilation on macOS via d3df31162f0 ctdb-tests: add a comment to the generated public_addresses file used by eventscript UNIT tests via 63a3b7838e1 ctdb-tests: Fix typo in ctdb stub comment matching via 36621069e26 ctdb-scripts: filter out comments in public_addresses file via dffca59ded1 s3: VFS: zfsacl: Ensure we use a pathref fd, not an io fd, for getting/setting ZFS ACLs. via f2455a9023c s3: smbd: Ensure when we change security context we delete any $cwd cache. via a55d4fe2208 s3: selftest: Add regression test to show the $cwd cache is misbehaving when we connect as a different user on a share. from 86738410826 .gitlab-ci: Allow a 1 hour to build Samba https://git.samba.org/?p=samba.git;a=shortlog;h=v4-15-test - Log - commit 57ffd32d455a4cf573eb886a6bde5ac57741c046 Author: Jeremy Allison Date: Wed Oct 13 09:46:07 2021 -0700 s3: smbspool. Remove last use of 'extern char **environ;'. This should come from lib/replace/replace.h to cope with system (MacOSX etc.) differences. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14862 Signed-off-by: Jeremy Allison Reviewed-by: Andrew Bartlett Autobuild-User(master): Andrew Bartlett Autobuild-Date(master): Thu Oct 14 19:51:59 UTC 2021 on sn-devel-184 (cherry picked from commit 1d3e118f6f2274a67cdb8141dc8dade0c571c8f5) Autobuild-User(v4-15-test): Jule Anger Autobuild-Date(v4-15-test): Mon Oct 18 09:07:06 UTC 2021 on sn-devel-184 commit d3b3aa9e19f3b9b3231d75ae56debce36e84d593 Author: Alex Richardson Date: Wed Sep 8 14:42:57 2021 +0100 Fix detection of rpc/xdr.h on macOS We need to include rpc/types.h first to include this header. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14862 Signed-off-by: Alex Richardson Reviewed-by: Andrew Bartlett Reviewed-by: Jeremy Allison Autobuild-User(master): Jeremy Allison Autobuild-Date(master): Wed Oct 13 02:33:05 UTC 2021 on sn-devel-184 (cherry picked from commit fc2347be4ed9a9083a56468ca5e43070059038c5) commit 0d59b1fb326196c1dd58aeaf69c9f2f89311f761 Author: Alex Richardson Date: Wed Sep 8 14:42:25 2021 +0100 vfs_preopen.c: Fix -Wformat error on macOS BUG: https://bugzilla.samba.org/show_bug.cgi?id=14862 Signed-off-by: Alex Richardson Reviewed-by: Andrew Bartlett Reviewed-by: Jeremy Allison (cherry picked from commit 99ee7f3d89cce9b07b8ed3f55f7e8e67baed6ee1) commit 3ded98767d34938c12f2b5d723a41d09391f48ae Author: Alex Richardson Date: Wed Sep 8 13:29:54 2021 +0100 source3/smbd/statcache.c: Fix -Wformat build error on macOS The format string uses PRIx64, so we should be using uint64_t and not uintmax_t. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14862 Signed-off-by: Alex Richardson Reviewed-by: Andrew Bartlett Reviewed-by: Jeremy Allison (cherry picked from commit 1d893f723207040c285ed061db3a690099f8c929) commit 4c89d9169a4173997820e6ad1603bdb30ebfd808 Author: Alex Richardson Date: Wed Sep 8 13:27:41 2021 +0100 sec_ctx.c: Fix -Wunused-function warning on macOS BUG: https://bugzilla.samba.org/show_bug.cgi?id=14862 Signed-off-by: Alex Richardson Reviewed-by: Andrew Bartlett Reviewed-by: Jeremy Allison (cherry picked from commit 6dadf251fc02c2b3237c48d316f5cb8791ab4f76) commit 0daa3af704218656414d1d941425881345bb1b70 Author: Alex Richardson Date: Wed Sep 8 13:25:04 2021 +0100 source3/printing/queue_process.c: fix build on macOS On macOS environ is defined to (*_NSGetEnviron()) in lib/replace/replace.h and otherwise the `extern char **environ` can be found there. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14862 Signed-off-by: Alex Richardson Reviewed-by: Andrew Bartlett Reviewed-by: Jeremy Allison (cherry picked from commit e4eb1f151011d2bd6a2d39b156663ddd9126d345) commit 80e9d89a97baa42f261e75c4f33db84aa79d17bb Author: Alex Richardson Date: Wed Sep 8 12:57:03 2021 +0100 audit_logging.c: fix compilation on macOS On macOS tv_usec is an int so failus the build with -Werror,-Wformat. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14862
[SCM] Samba Shared Repository - branch v4-15-test updated
The branch, v4-15-test has been updated via eb28bd54ac5 pyldb: Avoid use-after-free in msg_diff() via e52ddfbe572 ldb_msg: Don't fail in ldb_msg_copy() if source DN is NULL via db294baff36 pytest:segfault: Add test for ldb.msg_diff() from 4b1e8535610 autobuild: allow AUTOBUILD_FAIL_IMMEDIATELY=0 (say from a gitlab variable) https://git.samba.org/?p=samba.git;a=shortlog;h=v4-15-test - Log - commit eb28bd54ac5c36a9392ef19c49bf97a18b81974e Author: Joseph Sutton Date: Mon Sep 13 11:15:17 2021 +1200 pyldb: Avoid use-after-free in msg_diff() Make a deep copy of the message elements in msg_diff() so that if either of the input messages are deallocated early, the result does not refer to non-existing elements. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642 BUG: https://bugzilla.samba.org/show_bug.cgi?id=14836 Signed-off-by: Joseph Sutton Reviewed-by: Andrew Bartlett Reviewed-by: Douglas Bagnall (cherry picked from commit 19a2af02f57d99db8ed3c6b028c3abdf4b553700) Autobuild-User(v4-15-test): Jule Anger Autobuild-Date(v4-15-test): Wed Sep 29 11:46:33 UTC 2021 on sn-devel-184 commit e52ddfbe5728487cb2c8b8ceeb2f63c5c15a7541 Author: Joseph Sutton Date: Tue Sep 14 11:08:41 2021 +1200 ldb_msg: Don't fail in ldb_msg_copy() if source DN is NULL BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642 BUG: https://bugzilla.samba.org/show_bug.cgi?id=14836 Signed-off-by: Joseph Sutton Reviewed-by: Andrew Bartlett Reviewed-by: Douglas Bagnall (cherry picked from commit c2bbe774ce03661666a1f48922a9ab681ef4f64b) commit db294baff360f1c44c05798f6cda4584166adfd7 Author: Joseph Sutton Date: Mon Sep 13 11:34:56 2021 +1200 pytest:segfault: Add test for ldb.msg_diff() BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642 BUG: https://bugzilla.samba.org/show_bug.cgi?id=14836 Signed-off-by: Joseph Sutton Reviewed-by: Andrew Bartlett Reviewed-by: Douglas Bagnall (cherry picked from commit a99a76722d6046a5d63032e3d2bb3f791da948a6) --- Summary of changes: lib/ldb/common/ldb_msg.c | 6 -- lib/ldb/pyldb.c| 18 -- python/samba/tests/segfault.py | 12 3 files changed, 32 insertions(+), 4 deletions(-) Changeset truncated at 500 lines: diff --git a/lib/ldb/common/ldb_msg.c b/lib/ldb/common/ldb_msg.c index 0179c35659b..57dfc5a04c2 100644 --- a/lib/ldb/common/ldb_msg.c +++ b/lib/ldb/common/ldb_msg.c @@ -876,8 +876,10 @@ struct ldb_message *ldb_msg_copy(TALLOC_CTX *mem_ctx, msg2 = ldb_msg_copy_shallow(mem_ctx, msg); if (msg2 == NULL) return NULL; - msg2->dn = ldb_dn_copy(msg2, msg2->dn); - if (msg2->dn == NULL) goto failed; + if (msg2->dn != NULL) { + msg2->dn = ldb_dn_copy(msg2, msg2->dn); + if (msg2->dn == NULL) goto failed; + } for (i=0;inum_elements;i++) { struct ldb_message_element *el = >elements[i]; diff --git a/lib/ldb/pyldb.c b/lib/ldb/pyldb.c index dadea2a7d6e..c264f361c40 100644 --- a/lib/ldb/pyldb.c +++ b/lib/ldb/pyldb.c @@ -1804,6 +1804,7 @@ static PyObject *py_ldb_msg_diff(PyLdbObject *self, PyObject *args) struct ldb_message *diff; struct ldb_context *ldb; PyObject *py_ret; + TALLOC_CTX *mem_ctx = NULL; if (!PyArg_ParseTuple(args, "OO", _msg_old, _msg_new)) return NULL; @@ -1818,19 +1819,32 @@ static PyObject *py_ldb_msg_diff(PyLdbObject *self, PyObject *args) return NULL; } + mem_ctx = talloc_new(NULL); + if (mem_ctx == NULL) { + PyErr_NoMemory(); + return NULL; + } + ldb = pyldb_Ldb_AS_LDBCONTEXT(self); - ldb_ret = ldb_msg_difference(ldb, ldb, + ldb_ret = ldb_msg_difference(ldb, mem_ctx, pyldb_Message_AsMessage(py_msg_old), pyldb_Message_AsMessage(py_msg_new), ); if (ldb_ret != LDB_SUCCESS) { + talloc_free(mem_ctx); PyErr_SetString(PyExc_RuntimeError, "Failed to generate the Ldb Message diff"); return NULL; } + diff = ldb_msg_copy(mem_ctx, diff); + if (diff == NULL) { + PyErr_NoMemory(); + return NULL; + } + py_ret = PyLdbMessage_FromMessage(diff); - talloc_unlink(ldb, diff); + talloc_free(mem_ctx); return py_ret; } diff --git a/python/samba/tests/segfault.py b/python/samba/tests/segfault.py index 11d3b3134f4..c316bdd5785 100644 --- a/python/samba/tests/segfault.py +++ b/python/samba/tests/segfault
[SCM] Samba Shared Repository - branch v4-15-test updated
The branch, v4-15-test has been updated via c9514648060 samldb: Address birthday paradox adding an RODC from eb28bd54ac5 pyldb: Avoid use-after-free in msg_diff() https://git.samba.org/?p=samba.git;a=shortlog;h=v4-15-test - Log - commit c95146480601a229716dda13b0e8416774bdbeeb Author: Andrew Bartlett Date: Mon Jul 5 15:57:09 2021 +1200 samldb: Address birthday paradox adding an RODC It is possible that the randomly chosen RODC number will be one that is already in use. The samldb_krbtgtnumber_available() function was meant to prevent that, but due to a typo did not. There is no other race here as the whole thing is inside a transaction, and we have duplicate protection on samAccountName, so the failure looked like this: ... Adding CN=krbtgt_TESTRODCDRS5320202,CN=Users,DC=samba,DC=example,DC=com UNEXPECTED(error): samba4.drs.repl_rodc.python(ad_dc_ntvfs).repl_rodc.DrsRodcTestCase.test_msDSRevealedUsers_admin(ad_dc_ntvfs) REASON: Exception: Exception: Traceback (most recent call last): File "/m/abartlet/aMASTER/b1635147/samba-def-build/source4/torture/drs/python/repl_rodc.py", line 111, in setUp self._create_rodc(self.rodc_ctx) File "/m/abartlet/aMASTER/b1635147/samba-def-build/source4/torture/drs/python/repl_rodc.py", line 693, in _create_rodc ctx.join_add_objects() File "bin/python/samba/join.py", line 641, in join_add_objects ctx.add_krbtgt_account() File "bin/python/samba/join.py", line 429, in add_krbtgt_account ctx.samdb.add(rec, ["rodc_join:1:1"]) _ldb.LdbError: (68, "LDAP error 68 LDAP_ENTRY_ALREADY_EXISTS - <2071: samldb: samAccountName krbtgt_4405 already in use!> <>") BUG: https://bugzilla.samba.org/show_bug.cgi?id=14854 Signed-off-by: Andrew Bartlett Reviewed-by: Jeremy Allison Autobuild-User(master): Jeremy Allison Autobuild-Date(master): Fri Oct 1 20:50:37 UTC 2021 on sn-devel-184 (cherry picked from commit b6d60e8f4d06ca9733a4cc3094312a3dc456a656) Autobuild-User(v4-15-test): Jule Anger Autobuild-Date(v4-15-test): Mon Oct 4 12:55:41 UTC 2021 on sn-devel-184 --- Summary of changes: source4/dsdb/samdb/ldb_modules/samldb.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c b/source4/dsdb/samdb/ldb_modules/samldb.c index addb3f4bdf2..e3081cd13dc 100644 --- a/source4/dsdb/samdb/ldb_modules/samldb.c +++ b/source4/dsdb/samdb/ldb_modules/samldb.c @@ -652,7 +652,7 @@ static bool samldb_krbtgtnumber_available(struct samldb_ctx *ac, LDB_SCOPE_SUBTREE, no_attrs, DSDB_FLAG_NEXT_MODULE, ac->req, -"(msDC-SecondaryKrbTgtNumber=%u)", +"(msDS-SecondaryKrbTgtNumber=%u)", krbtgt_number); if (ret == LDB_SUCCESS && res->count == 0) { talloc_free(tmp_ctx); @@ -670,7 +670,7 @@ static int samldb_rodc_add(struct samldb_ctx *ac) int ret; struct ldb_val newpass_utf16; - /* find a unused msDC-SecondaryKrbTgtNumber */ + /* find a unused msDS-SecondaryKrbTgtNumber */ i_start = generate_random() & 0x; if (i_start == 0) { i_start = 1; -- Samba Shared Repository
[SCM] Samba Shared Repository - annotated tag samba-4.13.12 created
The annotated tag, samba-4.13.12 has been created at 7727e31fcfdbf4cb58c6f7aea139dd2e5d40e5b6 (tag) tagging aa756f3f9fc88bbd10c6a3a7c1827ca09a669714 (commit) replaces samba-4.13.11 tagged by Jule Anger on Wed Sep 22 09:00:48 2021 +0200 - Log - samba: tag release samba-4.13.12 -BEGIN PGP SIGNATURE- iQIzBAABCgAdFiEEgfXigyvSVFoYl7cTqplEL7aAtiAFAmFK1KAACgkQqplEL7aA tiAtsQ/9FuBEokyBUKG9EHraPw4No7iulxfaqHl7W3pHxRekvOmMx1LET81QxG46 XHfNNcluv6ALSlg7Ui/P5dDd8w9tejM4jlLTqwtXKNa4m6pOrT4xFoJp0WyzoW2u ItHXEkybk+GVztTBI7Tne6QEkBi5j6PqaOnJvExxBpmrfJRs2sUeo2xXHoDFjnaS tmiaZ9yoVhixTWv8e4nJewfKHC18cYlab6WrQBJRdXIN0olL8rL01wk7uVUDI1E+ CvrMNQWa7PFQLrqRH563LsanuRlGjJEiWwo0+ATc0c8aL1fhwXD2lJyLjrcPjPlo uOWEKZPMXiY4v2GFaT8ugbCGgEc1qeZ+jEBXY7hCLF5SrhCyJ8Ro0Y1DLxrZ3YK/ xmmyqJ1UHgPH612WTMxPHZqw8cQkMWytnxnwPUs7WM1Ax2DW9yR89NvDqlYrjEXu xBryJ6JvzMM+fhmexHFTospu8YPiq1mGcJE1b0K1LkkZkADly0IJOzh2astaSkhZ /JFVQ8RzmE2qnCu+kNgqEZNB1HGqrk3UXG5c1Ldg/1hs0z4tOvc/GMFO32qIfyNR pMqmA+ulxSXoLC8vztsY0rtNUEG83Su5Sb1uWxOgKPEZ05oBWBbQPZ5CDwbakqSv 9XlFzTSNTkEJOdaNuA5kFw+tif0+rnEwWOyaY0SEfiQM1jviZHE= =qOpb -END PGP SIGNATURE- Andreas Schneider (3): selftest: Re-format long lines in selftesthelpers.py selftest: Add support for setting ENV variables in plansmbtorture4testsuite() selftest: Add support for setting ENV variables in plantestsuite() Andrew Bartlett (18): selftest: Split up targets for samba_tool_drs from samba_tool_drs_showrepl selftest: Only run samba_tool_drs_showrepl test once dsdb: Be careful to avoid use of the expensive talloc_is_parent() selftest: Add a test for LookupSids3 and LookupNames4 in python s4-lsa: Cache sam.ldb handle in lsa_LookupSids3/LookupNames4 selftest: Add prefix to new schema attributes to avoid flapping dsdb_schema_attributes selftest: Send enterprise principals tagged as such selftest: Fix flipped machine and user constants selftest: Make as_canonicalization_tests.py easier to run outside "make test" samdb: Add samdb.domain_netbios_name() selftest: Make as_canonicalization_tests.py auto-detect the NT4 domain name selftest: Fix formatting of failure (traceback and options swapped in format string) selftest: Add in encrypted-pa-data from RFC 6806 selftest: Windows 2019 implements the RemoveDollar behaviour for Enterprise principals selftest: add space after --list in output of selftesthelpers.py selftest: Remove knownfail for no_etypes FAST tests tests/krb5: Remove harmful and a-typical return in as_req testcase tests/krb5: Allow KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN for a missing sname Björn Baumbach (1): selftest: add option to pass args to tests to planpythontestsuite() Gary Lockyer (22): selftest: add mit kdc specific known fail tests python krb5: Make PrincipalName_create a class method tests python krb5: Add canonicalize flag to ASN1 tests python krb5: Add python kerberos canonicalization tests selftest: add heimdal kdc specific known fail tests python krb5: Add python kerberos compatability tests tests python krb5: Add constants module tests python krb5: Refactor canonicalization test constants tests python krb5: Refactor compatability test constants tests python krb5: raw_testcase permit RC4 salts tests python krb5: Convert kdc-heimdal to python tests python krb5: refactor compatability tests tests python krb5: add arcfour salt tests tests python krb5: Extra canonicalization tests tests python krb5: Add Authorization data ad-type constants tests python krb5: add test base class tests python krb5: initial TGS tests tests python krb5: Add key usage constants tests python krb5: use key usage constants tests python krb5: PEP8 cleanups tests python krb5: MS-KILE client principal look-up initial FAST tests Joseph Sutton (120): auth:creds: Remove unused variable auth:creds: Fix parameter in creds.set_named_ccache() pygensec: Fix method documentation Revert "s4-test: fixed ndrdump test for top level build" krb5ccache.idl: Add definition for a Kerberos credentials cache librpc: Test parsing a Kerberos 5 credentials cache with ndrdump krb5: Add Python functions to create a credentials cache containing a service ticket python: Add credentials cache test python: Add LDAP credentials cache test python: Add RPC credentials cache test Revert "libsmb: Use sid_parse()" libsmb: Remove overflow check libsmb: Avoid undefined behaviour when parsing whoami state libsmb: Check to see that whoami is not receiving more data than it requested libsmb: Ensure that whoami parses all the data provided to it pylibsmb: Add posix_whoami() pyt
[SCM] Samba Shared Repository - branch v4-13-test updated
The branch, v4-13-test has been updated via 2b97c11bca6 VERSION: Bump version up to Samba 4.13.13... via aa756f3f9fc VERSION: Disable GIT_SNAPSHOT for the 4.13.12 release. via 4703acc82c8 WHATSNEW: Add release notes for Samba 4.13.12. from b7d16fdc653 tests/krb5: Allow KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN for a missing sname https://git.samba.org/?p=samba.git;a=shortlog;h=v4-13-test - Log - commit 2b97c11bca667e40dd84c36de42cb057dead12ae Author: Jule Anger Date: Wed Sep 22 08:57:14 2021 +0200 VERSION: Bump version up to Samba 4.13.13... and re-enable GIT_SNAPSHOT. Signed-off-by: Jule Anger commit aa756f3f9fc88bbd10c6a3a7c1827ca09a669714 Author: Jule Anger Date: Wed Sep 22 08:56:40 2021 +0200 VERSION: Disable GIT_SNAPSHOT for the 4.13.12 release. Signed-off-by: Jule Anger commit 4703acc82c8840fefbbee62f4485355e48b1d699 Author: Jule Anger Date: Wed Sep 22 08:56:02 2021 +0200 WHATSNEW: Add release notes for Samba 4.13.12. Signed-off-by: Jule Anger --- Summary of changes: VERSION | 2 +- WHATSNEW.txt | 81 ++-- 2 files changed, 80 insertions(+), 3 deletions(-) Changeset truncated at 500 lines: diff --git a/VERSION b/VERSION index ee13bf3ceef..c65285cf4cd 100644 --- a/VERSION +++ b/VERSION @@ -25,7 +25,7 @@ SAMBA_VERSION_MAJOR=4 SAMBA_VERSION_MINOR=13 -SAMBA_VERSION_RELEASE=12 +SAMBA_VERSION_RELEASE=13 # If a official release has a serious bug # diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 4b33797845e..820185349ef 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,3 +1,81 @@ + === + Release Notes for Samba 4.13.12 + September 22, 2021 + === + + +This is the latest stable release of the Samba 4.13 release series. + + +Changes since 4.13.11 +- + +o Andrew Bartlett + * BUG 14806: Address a signifcant performance regression in database access + in the AD DC since Samba 4.12. + * BUG 14807: Fix performance regression in lsa_LookupSids3/LookupNames4 since + Samba 4.9 by using an explicit database handle cache. + * BUG 14817: An unuthenticated user can crash the AD DC KDC by omitting the + server name in a TGS-REQ. + * BUG 14818: Address flapping samba_tool_drs_showrepl test. + * BUG 14819: Address flapping dsdb_schema_attributes test. + +o Björn Baumbach + * BUG 14817: An unuthenticated user can crash the AD DC KDC by omitting the + server name in a TGS-REQ + +o Luke Howard + * BUG 14817: An unuthenticated user can crash the AD DC KDC by omitting the + server name in a TGS-REQ. + +o Volker Lendecke + * BUG 14817: An unuthenticated user can crash the AD DC KDC by omitting the + server name in a TGS-REQ. + +o Gary Lockyer + * BUG 14817: An unuthenticated user can crash the AD DC KDC by omitting the + server name in a TGS-REQ. + +o Stefan Metzmacher + * BUG 14817: An unuthenticated user can crash the AD DC KDC by omitting the + server name in a TGS-REQ. + +o Andreas Schneider + * BUG 14817: An unuthenticated user can crash the AD DC KDC by omitting the + server name in a TGS-REQ. + +o Martin Schwenke + * BUG 14784: Fix CTDB flag/status update race conditions. + +o Joseph Sutton + * BUG 14817: An unuthenticated user can crash the AD DC KDC by omitting the + server name in a TGS-REQ. + + +### +Reporting bugs & Development Discussion +### + +Please discuss this release on the samba-technical mailing list or by +joining the #samba-technical IRC channel on irc.freenode.net. + +If you do report problems then please try to send high quality +feedback. If you don't provide vital information to help us track down +the problem then you will probably be ignored. All bug reports should +be filed under the Samba 4.1 and newer product in the project's Bugzilla +database (https://bugzilla.samba.org/). + + +== +== Our Code, Our Bugs, Our Responsibility. +== The Samba Team +== + + +Release notes for older releases follow: + + + === Release Notes for Samba 4.13.11 September 07, 2021 @@ -49,8 +127,7 @@ database (https://bugzilla.samba.org/). == -Release notes for o
[SCM] Samba Shared Repository - branch v4-13-stable updated
The branch, v4-13-stable has been updated via aa756f3f9fc VERSION: Disable GIT_SNAPSHOT for the 4.13.12 release. via 4703acc82c8 WHATSNEW: Add release notes for Samba 4.13.12. via b7d16fdc653 tests/krb5: Allow KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN for a missing sname via 7a2a6e0bcb0 kdc: KRB5KDC_ERR_{C,S}_PRINCIPAL_UNKNOWN if missing field via 1e27b45f49c tests/krb5: Allow expected_error_mode to be a container type via 57800189c5f tests/krb5: Allow specifying parameters specific to the inner FAST request body via b5e11c10966 tests/krb5: Add tests for omitting sname in request via cabc5b114dc tests/krb5: Check PADATA-PW-SALT element in e-data via 8a8872f7070 tests/krb5: Check e-data element for TGS-REP errors without FAST via bd76f6d47e7 tests/krb5: Remove harmful and a-typical return in as_req testcase via d3a611377bd CVE-2021-3671 tests/krb5: Add tests for omitting sname in outer request via a67cda7159f CVE-2021-3671 HEIMDAL kdc: validate sname in TGS-REQ via 95de6d138ad tests/krb5: Make cname checking less strict via 497b461238b tests/krb5: Make e-data checking less strict via 17c7bc10695 selftest: Remove knownfail for no_etypes FAST tests via 27e964233a5 tests/krb5: Add FAST tests via 576e5ca2e9c initial FAST tests via e7e79028093 tests/krb5: Check PADATA-FX-ERROR in reply via 1fd611e9e7f tests/krb5: Allow generic_check_kdc_error() to check inner FAST errors via 83073237a95 tests/krb5: Check PADATA-PAC-OPTIONS in reply via 48199d18cc9 tests/krb5: Make generic_check_kdc_error() also work for checking TGS replies via 8fa99e31658 tests/krb5: Make check_rep_padata() also work for checking TGS replies via e1c4d715a61 tests/krb5: Check PADATA-FX-COOKIE in reply via 2391eabfcf2 tests/krb5: Check PADATA-ENCRYPTED-CHALLENGE in reply via 40da4ffbf18 tests/krb5: Adjust reply padata checking depending on whether FAST was sent via 0febff53f38 tests/krb5: Check reply FAST padata if request included FAST via ee892faca94 tests/krb5: Check sname is krbtgt for FAST generic error via 2356b4d9b75 tests/krb5: Add get_krbtgt_sname() method via be4977249bc tests/krb5: Remove unused variables via fef9198aafc tests/krb5: Don't expect RC4 in ETYPE-INFO2 for a non-error reply via 087cf5f9504 tests/krb5: Add check_rep_padata() method to check padata in reply via efe112dfa56 tests/krb5: Add generate_simple_fast() method to generate FX-FAST padata via bef5024da8c tests/krb5: Include authdata in kdc_exchange_dict via 8eaa8e10383 tests/krb5: Add expected_cname_private parameter to kdc_exchange_dict via 8a3b41f0483 tests/krb5: Check encrypted-pa-data via 701e5c98399 tests/krb5: Add methods to determine whether elements were included in the request via 64b5183a776 tests/krb5: Add functions to get dicts of request padata via cedfc67ede4 tests/krb5: Check FAST response via 5d39d4b36e8 tests/krb5: Add method to verify ticket checksum for FAST via b551c801193 tests/krb5: Add method to check PA-FX-FAST-REPLY via de8fbf93111 tests/krb5: Allow specifying parameters specific to the outer request body via 3be408a3a83 tests/krb5: Add FAST armor generation to _generic_kdc_exchange() via 52eb693ac31 tests/krb5: Modify generate_ap_req() to also generate FAST armor AP-REQ via 25b6681c3cd tests/krb5: Include authenticator_subkey in AS-REQ exchange dict via a57e79c5fce tests/krb5: Rename generic_check_as_error() to generic_check_kdc_error() via 6264ed42420 tests/krb5: Add methods to calculate keys for FAST via b7562c873e8 tests/krb5: Add method to generate FAST encrypted challenge padata via 0e33a06673b tests/krb5: Add more methods to create ASN1 objects for FAST via dbeafd158a4 tests/krb5: Add more ASN1 definitions for FAST via 1ce82cbc9d6 tests/krb5: Generate AP-REQ for TGS request in _generic_kdc_exchange() via 04a6c902ede tests/krb5: Ensure generated padata is not None via a9e421c4bfa tests/krb5: Add generate_ap_req() method via d9f406518ca tests/krb5: Check nonce in EncKDCRepPart via d81a88a78f4 tests/krb5: Make checking less strict via ee9b0a028c2 tests/krb5: Check version number of obtained ticket via 1e451d724b0 tests/krb5: Assert that more variables are not None via db6495a2377 tests/krb5: Ensure in assertElementPresent() that container elements are not empty via 81408702949 tests/krb5: Only allow specifying one of check_rep_fn and check_error_fn via cc1f6fcddbc tests/krb5: Include kdc_options in kdc_exchange_dict via d82d3a20d32 tests/krb5: Always specify expected error code via 235873ff334 tests/krb5: Add check_reply() method to check for
[SCM] Samba Website Repository - branch master updated
The branch, master has been updated via 764e94a Add Samba 4.13.12 via 802acd9 NEWS[4.13.12]: Samba 4.13.12 Available for Download from f04f713 Add Samba 4.15.0 https://git.samba.org/?p=samba-web.git;a=shortlog;h=master - Log - commit 764e94a629879863573a1d141b95b11fba527a74 Author: Jule Anger Date: Wed Sep 22 09:02:56 2021 +0200 Add Samba 4.13.12 Signed-off-by: Jule Anger commit 802acd94f685ee8b425e24bce52cb0d65107b65c Author: Jule Anger Date: Wed Sep 22 09:01:16 2021 +0200 NEWS[4.13.12]: Samba 4.13.12 Available for Download Signed-off-by: Jule Anger --- Summary of changes: history/header_history.html | 1 + history/samba-4.13.12.html| 76 +++ posted_news/20210922-070225.4.13.12.body.html | 13 posted_news/20210922-070225.4.13.12.headline.html | 3 + 4 files changed, 93 insertions(+) create mode 100644 history/samba-4.13.12.html create mode 100644 posted_news/20210922-070225.4.13.12.body.html create mode 100644 posted_news/20210922-070225.4.13.12.headline.html Changeset truncated at 500 lines: diff --git a/history/header_history.html b/history/header_history.html index 0f7c705..a5d4ecb 100755 --- a/history/header_history.html +++ b/history/header_history.html @@ -18,6 +18,7 @@ samba-4.14.2 samba-4.14.1 samba-4.14.0 + samba-4.13.12 samba-4.13.11 samba-4.13.10 samba-4.13.9 diff --git a/history/samba-4.13.12.html b/history/samba-4.13.12.html new file mode 100644 index 000..a1e9a8f --- /dev/null +++ b/history/samba-4.13.12.html @@ -0,0 +1,76 @@ +http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd;> +http://www.w3.org/1999/xhtml;> + +Samba 4.13.12 - Release Notes + + +Samba 4.13.12 Available for Download + +https://download.samba.org/pub/samba/stable/samba-4.13.12.tar.gz;>Samba 4.13.12 (gzipped) +https://download.samba.org/pub/samba/stable/samba-4.13.12.tar.asc;>Signature + + +https://download.samba.org/pub/samba/patches/samba-4.13.11-4.13.12.diffs.gz;>Patch (gzipped) against Samba 4.13.11 +https://download.samba.org/pub/samba/patches/samba-4.13.11-4.13.12.diffs.asc;>Signature + + + + === + Release Notes for Samba 4.13.12 + September 22, 2021 + === + + +This is the latest stable release of the Samba 4.13 release series. + + +Changes since 4.13.11 +- + +o Andrew Bartlett abart...@samba.org + * BUG 14806: Address a signifcant performance regression in database access + in the AD DC since Samba 4.12. + * BUG 14807: Fix performance regression in lsa_LookupSids3/LookupNames4 since + Samba 4.9 by using an explicit database handle cache. + * BUG 14817: An unuthenticated user can crash the AD DC KDC by omitting the + server name in a TGS-REQ. + * BUG 14818: Address flapping samba_tool_drs_showrepl test. + * BUG 14819: Address flapping dsdb_schema_attributes test. + +o Bjrn Baumbach b...@sernet.de + * BUG 14817: An unuthenticated user can crash the AD DC KDC by omitting the + server name in a TGS-REQ + +o Luke Howard lu...@padl.com + * BUG 14817: An unuthenticated user can crash the AD DC KDC by omitting the + server name in a TGS-REQ. + +o Volker Lendecke v...@samba.org + * BUG 14817: An unuthenticated user can crash the AD DC KDC by omitting the + server name in a TGS-REQ. + +o Gary Lockyer g...@catalyst.net.nz + * BUG 14817: An unuthenticated user can crash the AD DC KDC by omitting the + server name in a TGS-REQ. + +o Stefan Metzmacher me...@samba.org + * BUG 14817: An unuthenticated user can crash the AD DC KDC by omitting the + server name in a TGS-REQ. + +o Andreas Schneider a...@samba.org + * BUG 14817: An unuthenticated user can crash the AD DC KDC by omitting the + server name in a TGS-REQ. + +o Martin Schwenke mar...@meltin.net + * BUG 14784: Fix CTDB flag/status update race conditions. + +o Joseph Sutton josephsut...@catalyst.net.nz + * BUG 14817: An unuthenticated user can crash the AD DC KDC by omitting the + server name in a TGS-REQ. + + + + + + diff --git a/posted_news/20210922-070225.4.13.12.body.html b/posted_news/20210922-070225.4.13.12.body.html new file mode 100644 index 000..8194c39 --- /dev/null +++ b/posted_news/20210922-070225.4.13.12.body.html @@ -0,0 +1,13 @@ + +22 September 2021 +Samba 4.13.12 Available for Download + +This is the latest stable release of the Samba 4.13 release series. + + +The uncompressed tarball has been signed using GnuPG (ID AA99442FB680B620). +The source
[SCM] Samba Shared Repository - branch v4-14-test updated
The branch, v4-14-test has been updated via b66b172bb57 samldb: Address birthday paradox adding an RODC from 5a90b3e832c pyldb: Avoid use-after-free in msg_diff() https://git.samba.org/?p=samba.git;a=shortlog;h=v4-14-test - Log - commit b66b172bb57d0ad0693daac0ec86c49295526de2 Author: Andrew Bartlett Date: Mon Jul 5 15:57:09 2021 +1200 samldb: Address birthday paradox adding an RODC It is possible that the randomly chosen RODC number will be one that is already in use. The samldb_krbtgtnumber_available() function was meant to prevent that, but due to a typo did not. There is no other race here as the whole thing is inside a transaction, and we have duplicate protection on samAccountName, so the failure looked like this: ... Adding CN=krbtgt_TESTRODCDRS5320202,CN=Users,DC=samba,DC=example,DC=com UNEXPECTED(error): samba4.drs.repl_rodc.python(ad_dc_ntvfs).repl_rodc.DrsRodcTestCase.test_msDSRevealedUsers_admin(ad_dc_ntvfs) REASON: Exception: Exception: Traceback (most recent call last): File "/m/abartlet/aMASTER/b1635147/samba-def-build/source4/torture/drs/python/repl_rodc.py", line 111, in setUp self._create_rodc(self.rodc_ctx) File "/m/abartlet/aMASTER/b1635147/samba-def-build/source4/torture/drs/python/repl_rodc.py", line 693, in _create_rodc ctx.join_add_objects() File "bin/python/samba/join.py", line 641, in join_add_objects ctx.add_krbtgt_account() File "bin/python/samba/join.py", line 429, in add_krbtgt_account ctx.samdb.add(rec, ["rodc_join:1:1"]) _ldb.LdbError: (68, "LDAP error 68 LDAP_ENTRY_ALREADY_EXISTS - <2071: samldb: samAccountName krbtgt_4405 already in use!> <>") BUG: https://bugzilla.samba.org/show_bug.cgi?id=14854 Signed-off-by: Andrew Bartlett Reviewed-by: Jeremy Allison Autobuild-User(master): Jeremy Allison Autobuild-Date(master): Fri Oct 1 20:50:37 UTC 2021 on sn-devel-184 (cherry picked from commit b6d60e8f4d06ca9733a4cc3094312a3dc456a656) Autobuild-User(v4-14-test): Jule Anger Autobuild-Date(v4-14-test): Mon Oct 4 10:43:15 UTC 2021 on sn-devel-184 --- Summary of changes: source4/dsdb/samdb/ldb_modules/samldb.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c b/source4/dsdb/samdb/ldb_modules/samldb.c index f1e0b5cf650..f7d65e1bb4f 100644 --- a/source4/dsdb/samdb/ldb_modules/samldb.c +++ b/source4/dsdb/samdb/ldb_modules/samldb.c @@ -652,7 +652,7 @@ static bool samldb_krbtgtnumber_available(struct samldb_ctx *ac, LDB_SCOPE_SUBTREE, no_attrs, DSDB_FLAG_NEXT_MODULE, ac->req, -"(msDC-SecondaryKrbTgtNumber=%u)", +"(msDS-SecondaryKrbTgtNumber=%u)", krbtgt_number); if (ret == LDB_SUCCESS && res->count == 0) { talloc_free(tmp_ctx); @@ -670,7 +670,7 @@ static int samldb_rodc_add(struct samldb_ctx *ac) int ret; struct ldb_val newpass_utf16; - /* find a unused msDC-SecondaryKrbTgtNumber */ + /* find a unused msDS-SecondaryKrbTgtNumber */ i_start = generate_random() & 0x; if (i_start == 0) { i_start = 1; -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-15-test updated
The branch, v4-15-test has been updated via 86738410826 .gitlab-ci: Allow a 1 hour to build Samba from c9514648060 samldb: Address birthday paradox adding an RODC https://git.samba.org/?p=samba.git;a=shortlog;h=v4-15-test - Log - commit 86738410826c6cc4dfd543f166179fa00afef019 Author: Andrew Bartlett Date: Thu Sep 23 11:14:35 2021 +1200 .gitlab-ci: Allow a 1 hour to build Samba I have seen cases where the job is pushed to the private runners (which do not have the ccache) where this takes over 45mins, and a typical job can be 35 mins so this is too tight. Triggering the timeout causes a rebuild from scratch, which is done twice automatically, and is financially costly (we pay per VM start) and a waste of CPU/energy/etc. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14844 Signed-off-by: Andrew Bartlett Reviewed-by: Jeremy Allison Autobuild-User(master): Jeremy Allison Autobuild-Date(master): Fri Oct 1 19:43:16 UTC 2021 on sn-devel-184 (cherry picked from commit 1305ec3ae64e67fa68d3251d35f8a244a4a5be56) Autobuild-User(v4-15-test): Jule Anger Autobuild-Date(v4-15-test): Tue Oct 5 15:55:35 UTC 2021 on sn-devel-184 --- Summary of changes: .gitlab-ci-main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) Changeset truncated at 500 lines: diff --git a/.gitlab-ci-main.yml b/.gitlab-ci-main.yml index 4b2f17938c8..832e8a8b5e7 100644 --- a/.gitlab-ci-main.yml +++ b/.gitlab-ci-main.yml @@ -169,7 +169,7 @@ others: .shared_template_build_only: extends: .shared_template - timeout: 45m + timeout: 1h artifacts: expire_in: 1 week paths: -- Samba Shared Repository
[SCM] Samba Website Repository - branch master updated
The branch, master has been updated via a149f34 Add Samba 4.14.8 via 5c332bb NEWS[4.14.8]: Samba 4.14.8 Available for Download from 764e94a Add Samba 4.13.12 https://git.samba.org/?p=samba-web.git;a=shortlog;h=master - Log - commit a149f343e20cff09965d3f3e54afe94cbcacede0 Author: Jule Anger Date: Tue Oct 5 15:20:51 2021 +0200 Add Samba 4.14.8 Signed-off-by: Jule Anger commit 5c332bbf9a1f241b70c20a82ed1685bd1f2489e3 Author: Jule Anger Date: Tue Oct 5 15:17:43 2021 +0200 NEWS[4.14.8]: Samba 4.14.8 Available for Download Signed-off-by: Jule Anger --- Summary of changes: history/header_history.html | 1 + history/samba-4.14.8.html| 93 posted_news/20211005-131941.4.14.8.body.html | 13 posted_news/20211005-131941.4.14.8.headline.html | 3 + 4 files changed, 110 insertions(+) create mode 100644 history/samba-4.14.8.html create mode 100644 posted_news/20211005-131941.4.14.8.body.html create mode 100644 posted_news/20211005-131941.4.14.8.headline.html Changeset truncated at 500 lines: diff --git a/history/header_history.html b/history/header_history.html index a5d4ecb..c9e2c01 100755 --- a/history/header_history.html +++ b/history/header_history.html @@ -10,6 +10,7 @@ samba-4.15.0 + samba-4.14.8 samba-4.14.7 samba-4.14.6 samba-4.14.5 diff --git a/history/samba-4.14.8.html b/history/samba-4.14.8.html new file mode 100644 index 000..a3bffc4 --- /dev/null +++ b/history/samba-4.14.8.html @@ -0,0 +1,93 @@ +http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd;> +http://www.w3.org/1999/xhtml;> + +Samba 4.14.8 - Release Notes + + +Samba 4.14.8 Available for Download + +https://download.samba.org/pub/samba/stable/samba-4.14.8.tar.gz;>Samba 4.14.8 (gzipped) +https://download.samba.org/pub/samba/stable/samba-4.14.8.tar.asc;>Signature + + +https://download.samba.org/pub/samba/patches/samba-4.14.7-4.14.8.diffs.gz;>Patch (gzipped) against Samba 4.14.7 +https://download.samba.org/pub/samba/patches/samba-4.14.7-4.14.8.diffs.asc;>Signature + + + + == + Release Notes for Samba 4.14.8 + October 05, 2021 + == + + +This is the latest stable release of the Samba 4.14 release series. + + +Changes since 4.14.7 + + +o Jeremy Allison j...@samba.org + * BUG 14742: Python ldb.msg_diff() memory handling failure. + * BUG 14805: OpenDir() loses the correct errno return. + * BUG 14809: Shares with variable substitutions cause core dump upon + connection from MacOS Big Sur 11.5.2. + * BUG 14816: Fix pathref open of a filesystem fifo in the DISABLE_OPATH + build. + +o Andrew Bartlett abart...@samba.org + * BUG 14806: Address a signifcant performance regression in database access + in the AD DC since Samba 4.12. + * BUG 14807: Fix performance regression in lsa_LookupSids3/LookupNames4 since + Samba 4.9 by using an explicit database handle cache. + * BUG 14817: An unuthenticated user can crash the AD DC KDC by omitting the + server name in a TGS-REQ. + * BUG 14818: Address flapping samba_tool_drs_showrepl test. + * BUG 14819: Address flapping dsdb_schema_attributes test. + * BUG 14841: Samba CI runs can now continue past the first error if + AUTOBUILD_FAIL_IMMEDIATELY=0 is set. + * BUG 14854: samldb_krbtgtnumber_available() looks for incorrect string. + +o Ralph Boehme s...@samba.org + * BUG 14771: Some VFS operations on pathref (O_PATH) handles fail on GPFS. + * BUG 14783: smbd deadtime parameter doesnt work anymore. + * BUG 14787: net conf list crashes when run as normal user. + * BUG 14790: vfs_btrfs compression support broken. + * BUG 14804: winbindd can crash because idmap child state is not fully + initialized. + +o Luke Howard lu...@padl.com + * BUG 14817: An unuthenticated user can crash the AD DC KDC by omitting the + server name in a TGS-REQ. + +o Volker Lendecke v...@samba.org + * BUG 14817: An unuthenticated user can crash the AD DC KDC by omitting the + server name in a TGS-REQ. + +o Gary Lockyer g...@catalyst.net.nz + * BUG 14817: An unuthenticated user can crash the AD DC KDC by omitting the + server name in a TGS-REQ. + +o Stefan Metzmacher me...@samba.org + * BUG 14771: Some VFS operations on pathref (O_PATH) handles fail on GPFS. + * BUG 14817: An unuthenticated user can crash the AD DC KDC by omitting the + server name in a TGS-REQ. + +o Andreas Schneider a...@samba.org + * BUG 14817: An unuthenticated user can c
[SCM] Samba Shared Repository - branch v4-14-test updated
The branch, v4-14-test has been updated via 6f10103d076 VERSION: Bump version up to Samba 4.14.9... via d1c9330fa69 VERSION: Disable GIT_SNAPSHOT for the 4.14.8 release. via 83bf8c9c2c5 WHATSNEW: Add release notes for Samba 4.14.8. from b66b172bb57 samldb: Address birthday paradox adding an RODC https://git.samba.org/?p=samba.git;a=shortlog;h=v4-14-test - Log - commit 6f10103d076224cd0aa6fda6eb513d2c63d481f3 Author: Jule Anger Date: Tue Oct 5 15:05:47 2021 +0200 VERSION: Bump version up to Samba 4.14.9... and re-enable GIT_SNAPSHOT. Signed-off-by: Jule Anger commit d1c9330fa69ba6942ab23843e21acc11767d54ee Author: Jule Anger Date: Tue Oct 5 15:05:09 2021 +0200 VERSION: Disable GIT_SNAPSHOT for the 4.14.8 release. Signed-off-by: Jule Anger commit 83bf8c9c2c582d3dbb345d328a03e96f707bc4a0 Author: Jule Anger Date: Tue Oct 5 15:04:18 2021 +0200 WHATSNEW: Add release notes for Samba 4.14.8. Signed-off-by: Jule Anger --- Summary of changes: VERSION | 2 +- WHATSNEW.txt | 96 ++-- 2 files changed, 95 insertions(+), 3 deletions(-) Changeset truncated at 500 lines: diff --git a/VERSION b/VERSION index 56179892aa8..b86286b3ecb 100644 --- a/VERSION +++ b/VERSION @@ -25,7 +25,7 @@ SAMBA_VERSION_MAJOR=4 SAMBA_VERSION_MINOR=14 -SAMBA_VERSION_RELEASE=8 +SAMBA_VERSION_RELEASE=9 # If a official release has a serious bug # diff --git a/WHATSNEW.txt b/WHATSNEW.txt index ed154ee97c6..cdea32de764 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,3 +1,96 @@ + == + Release Notes for Samba 4.14.8 + October 05, 2021 + == + + +This is the latest stable release of the Samba 4.14 release series. + + +Changes since 4.14.7 + + +o Jeremy Allison + * BUG 14742: Python ldb.msg_diff() memory handling failure. + * BUG 14805: OpenDir() loses the correct errno return. + * BUG 14809: Shares with variable substitutions cause core dump upon + connection from MacOS Big Sur 11.5.2. + * BUG 14816: Fix pathref open of a filesystem fifo in the DISABLE_OPATH + build. + +o Andrew Bartlett + * BUG 14806: Address a signifcant performance regression in database access + in the AD DC since Samba 4.12. + * BUG 14807: Fix performance regression in lsa_LookupSids3/LookupNames4 since + Samba 4.9 by using an explicit database handle cache. + * BUG 14817: An unuthenticated user can crash the AD DC KDC by omitting the + server name in a TGS-REQ. + * BUG 14818: Address flapping samba_tool_drs_showrepl test. + * BUG 14819: Address flapping dsdb_schema_attributes test. + * BUG 14841: Samba CI runs can now continue past the first error if + AUTOBUILD_FAIL_IMMEDIATELY=0 is set. + * BUG 14854: samldb_krbtgtnumber_available() looks for incorrect string. + +o Ralph Boehme + * BUG 14771: Some VFS operations on pathref (O_PATH) handles fail on GPFS. + * BUG 14783: smbd "deadtime" parameter doesn't work anymore. + * BUG 14787: net conf list crashes when run as normal user. + * BUG 14790: vfs_btrfs compression support broken. + * BUG 14804: winbindd can crash because idmap child state is not fully + initialized. + +o Luke Howard + * BUG 14817: An unuthenticated user can crash the AD DC KDC by omitting the + server name in a TGS-REQ. + +o Volker Lendecke + * BUG 14817: An unuthenticated user can crash the AD DC KDC by omitting the + server name in a TGS-REQ. + +o Gary Lockyer + * BUG 14817: An unuthenticated user can crash the AD DC KDC by omitting the + server name in a TGS-REQ. + +o Stefan Metzmacher + * BUG 14771: Some VFS operations on pathref (O_PATH) handles fail on GPFS. + * BUG 14817: An unuthenticated user can crash the AD DC KDC by omitting the + server name in a TGS-REQ. + +o Andreas Schneider + * BUG 14817: An unuthenticated user can crash the AD DC KDC by omitting the + server name in a TGS-REQ. + +o Martin Schwenke + * BUG 14784: Fix CTDB flag/status update race conditions. + +o Joseph Sutton + * BUG 14817: An unuthenticated user can crash the AD DC KDC by omitting the + server name in a TGS-REQ. + * BUG 14836: Python ldb.msg_diff() memory handling failure. + + +### +Reporting bugs & Development Discussion +### + +Please discuss this release on the samba-technical mailing list or by +joining the #samba-technical IRC channel on irc.freenode.net. + +If you do report problems t
[SCM] Samba Shared Repository - annotated tag samba-4.14.8 created
The annotated tag, samba-4.14.8 has been created at b88740df312f4fcbd650dcb950ce61b4095170b7 (tag) tagging d1c9330fa69ba6942ab23843e21acc11767d54ee (commit) replaces samba-4.14.7 tagged by Jule Anger on Tue Oct 5 15:17:24 2021 +0200 - Log - samba: tag release samba-4.14.8 -BEGIN PGP SIGNATURE- iQIzBAABCgAdFiEEgfXigyvSVFoYl7cTqplEL7aAtiAFAmFcUGQACgkQqplEL7aA tiA5TBAAhl4lBzgwUpjwOHxyXfJMmylJX5rN7sht/Xsy3OCo8CKFTWOo6peqcJk/ klumM4JjT7h24ptfOEQVEebvDujQ23b718YGnRJ0gZnYf0sitr3dRLULRL/qNwyF omW63gWjcs/xsNhBO7Hucp7ZUyWeJx0ZYZSbjQ+ZZvU7q4nmRxENMdK/gQpsdWjj diz/rYG2iLgwYQ7p42ScnSRGlSdCIaKtLcMbXXf8unIF4yfj+ePcxJCKrvucwZmf 349QIkUFboRswNTSfth+PoIlgHDLpOeqCop1tWA1hpU3H7t1pen3t8MyV4fjuiqU QhzSypg+mdhHGYgRVHGFt1mTrM3v5dNssx6hqx/KuKCDAB25dCFywhd8GuH3dIue kNI59G/uVishLhL0bFZg70nQL6pvCmZZ+ObJ+SDOfL1WaNwUQYfy/i8RwOm1AvVo /rNk9pHbmxfQBWaq1NbI+X2mhTFDg/mmglfw7XbMEuOYWyeCdb3NaiKNAwMLayxh iXpKYCaZavIoEg/dOWez7lBuvdUeDWso7ySsBkvjkkvP0dZ5J+dmXAIGodLTPcn7 mMFXocHvUoWxegeatOd1Do3irHZimd32b2ua4Z9yvG4q/5noD74vuuktDLVJEZaI YC1//IRHrQjkIcD9m3zKdVtVNVJX+VuMSeqUmuwPB4KyJ3jiGWc= =Hp4n -END PGP SIGNATURE- Andreas Schneider (3): selftest: Re-format long lines in selftesthelpers.py selftest: Add support for setting ENV variables in plansmbtorture4testsuite() selftest: Add support for setting ENV variables in plantestsuite() Andrew Bartlett (12): selftest: Split up targets for samba_tool_drs from samba_tool_drs_showrepl selftest: Only run samba_tool_drs_showrepl test once dsdb: Be careful to avoid use of the expensive talloc_is_parent() selftest: Add a test for LookupSids3 and LookupNames4 in python s4-lsa: Cache sam.ldb handle in lsa_LookupSids3/LookupNames4 selftest: Add prefix to new schema attributes to avoid flapping dsdb_schema_attributes selftest: add space after --list in output of selftesthelpers.py selftest: Remove knownfail for no_etypes FAST tests tests/krb5: Remove harmful and a-typical return in as_req testcase tests/krb5: Allow KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN for a missing sname autobuild: allow AUTOBUILD_FAIL_IMMEDIATELY=0 (say from a gitlab variable) samldb: Address birthday paradox adding an RODC Gary Lockyer (2): tests python krb5: MS-KILE client principal look-up initial FAST tests Jeremy Allison (6): s3: smbd: Ensure all returns from OpenDir() correctly set errno. s3: smbd: Fix smbd crash on dangling symlink with posix connection calling several non-posix info levels. s3: mdssvc: Correctly disconnect the VFS connection inside the mds_ctx destructor. s3: smbd: In create_conn_struct_cwd(), don't TALLOC_FREE() an unallocated pointer on error. s3: smbd: Add fifo test for the DISABLE_OPATH case. s3: smbd: Fix openat_pathref_fsp() to cope with FIFO's in the filesystem. Joseph Sutton (123): auth:creds: Remove unused variable auth:creds: Fix parameter in creds.set_named_ccache() pygensec: Fix method documentation Revert "s4-test: fixed ndrdump test for top level build" krb5ccache.idl: Add definition for a Kerberos credentials cache librpc: Test parsing a Kerberos 5 credentials cache with ndrdump krb5: Add Python functions to create a credentials cache containing a service ticket python: Add credentials cache test python: Add LDAP credentials cache test python: Add RPC credentials cache test Revert "libsmb: Use sid_parse()" libsmb: Remove overflow check libsmb: Avoid undefined behaviour when parsing whoami state libsmb: Check to see that whoami is not receiving more data than it requested libsmb: Ensure that whoami parses all the data provided to it pylibsmb: Add posix_whoami() python: Add SMB credentials cache test python: Ensure reference counts are properly incremented python: Fix erroneous increments of reference counts python: Fix ticket timestamp conversion when local timezone is not UTC python: Make credentials cache test run against Windows tests/krb5/kdc_base_test.py: Defer account deletion until tearDownClass() is called tests/krb5/raw_testcase.py: Add get_admin_creds() tests/krb5/kdc_base_test.py: Create database connection only when needed tests/krb5/kdc_base_test.py: Remove 'credentials' class attribute tests/krb5/kdc_base_test.py: Create loadparm only when needed tests/krb5/kdc_base_test.py: Add methods to determine supported encryption types tests/krb5/raw_testcase.py: Add method to obtain Kerberos keys over DRS tests/krb5/raw_testcase.py: Make env_get_var() a standalone method tests/krb5/raw_testcase.py: Add allow_missing_keys parameter for getting creds tests/krb5/raw_testcase.py: Cache obtained credentials tests/krb5/raw_testcase.py: Allow s
[SCM] Samba Shared Repository - branch v4-14-stable updated
The branch, v4-14-stable has been updated via d1c9330fa69 VERSION: Disable GIT_SNAPSHOT for the 4.14.8 release. via 83bf8c9c2c5 WHATSNEW: Add release notes for Samba 4.14.8. via b66b172bb57 samldb: Address birthday paradox adding an RODC via 5a90b3e832c pyldb: Avoid use-after-free in msg_diff() via 9d61f2f2f3e ldb_msg: Don't fail in ldb_msg_copy() if source DN is NULL via 9f79d4256f8 pytest:segfault: Add test for ldb.msg_diff() via f53c532c229 autobuild: allow AUTOBUILD_FAIL_IMMEDIATELY=0 (say from a gitlab variable) via 53b48cbe9a8 tests/krb5: Allow KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN for a missing sname via a21afdbcd7b kdc: KRB5KDC_ERR_{C,S}_PRINCIPAL_UNKNOWN if missing field via 7b4c9eea253 tests/krb5: Allow expected_error_mode to be a container type via 63e5d195a5a tests/krb5: Allow specifying parameters specific to the inner FAST request body via 112e3625253 tests/krb5: Add tests for omitting sname in request via f18cff2b0e1 tests/krb5: Check PADATA-PW-SALT element in e-data via 12c9c5b7d29 tests/krb5: Check e-data element for TGS-REP errors without FAST via 474ddf8fdda tests/krb5: Remove harmful and a-typical return in as_req testcase via 2444c94cb3a CVE-2021-3671 tests/krb5: Add tests for omitting sname in outer request via 5c4de75af50 CVE-2021-3671 HEIMDAL kdc: validate sname in TGS-REQ via c64f0cb102a tests/krb5: Make cname checking less strict via 7a938531dd0 tests/krb5: Make e-data checking less strict via 6b0ac964d78 selftest: Remove knownfail for no_etypes FAST tests via 54afeaec083 tests/krb5: Add FAST tests via 8eafefbce03 initial FAST tests via 6f483eb7c35 tests/krb5: Check PADATA-FX-ERROR in reply via 977d1e068e9 tests/krb5: Allow generic_check_kdc_error() to check inner FAST errors via a4e7e1bd671 tests/krb5: Check PADATA-PAC-OPTIONS in reply via 7dc15c34d9e tests/krb5: Make generic_check_kdc_error() also work for checking TGS replies via 531ed864922 tests/krb5: Make check_rep_padata() also work for checking TGS replies via 2940dfb59c0 tests/krb5: Check PADATA-FX-COOKIE in reply via 1df74663b1e tests/krb5: Check PADATA-ENCRYPTED-CHALLENGE in reply via d8aaacc66d9 tests/krb5: Adjust reply padata checking depending on whether FAST was sent via 7cb152b6ba6 tests/krb5: Check reply FAST padata if request included FAST via e1f7244 tests/krb5: Check sname is krbtgt for FAST generic error via 1e02aaf49c6 tests/krb5: Add get_krbtgt_sname() method via e2e7f2ec556 tests/krb5: Remove unused variables via 4fd7b629abd tests/krb5: Don't expect RC4 in ETYPE-INFO2 for a non-error reply via 9380f54b200 tests/krb5: Add check_rep_padata() method to check padata in reply via ff1d3928e04 tests/krb5: Add generate_simple_fast() method to generate FX-FAST padata via 0f2acee95d2 tests/krb5: Include authdata in kdc_exchange_dict via 14207a42625 tests/krb5: Add expected_cname_private parameter to kdc_exchange_dict via ebd51dc4db4 tests/krb5: Check encrypted-pa-data via b77aed56836 tests/krb5: Add methods to determine whether elements were included in the request via afae6b431b8 tests/krb5: Add functions to get dicts of request padata via 1cecb538d78 tests/krb5: Check FAST response via d2b4a1883a3 tests/krb5: Add method to verify ticket checksum for FAST via 7f8f1202964 tests/krb5: Add method to check PA-FX-FAST-REPLY via 9064e5eb053 tests/krb5: Allow specifying parameters specific to the outer request body via dec428538ca tests/krb5: Add FAST armor generation to _generic_kdc_exchange() via d51b727590f tests/krb5: Modify generate_ap_req() to also generate FAST armor AP-REQ via c4be77e9606 tests/krb5: Include authenticator_subkey in AS-REQ exchange dict via b2aee7dc371 tests/krb5: Rename generic_check_as_error() to generic_check_kdc_error() via 020d1c73af3 tests/krb5: Add methods to calculate keys for FAST via 1b85d721a48 tests/krb5: Add method to generate FAST encrypted challenge padata via 83f8c3f1e18 tests/krb5: Add more methods to create ASN1 objects for FAST via 46f356d0b62 tests/krb5: Add more ASN1 definitions for FAST via ce130f1bdf7 tests/krb5: Generate AP-REQ for TGS request in _generic_kdc_exchange() via 4cca060c4dd tests/krb5: Ensure generated padata is not None via c511763c119 tests/krb5: Add generate_ap_req() method via 383ccffa5eb tests/krb5: Check nonce in EncKDCRepPart via 972111f501f tests/krb5: Make checking less strict via f5c4993213a tests/krb5: Check version number of obtained ticket via 6fea68a9828 tests/krb5: Assert that more variables are not None via fde5967c8dd tests/krb5:
[SCM] Samba Shared Repository - branch v4-14-test updated
The branch, v4-14-test has been updated via 07b062c489f s3/rpc_server: track the number of policy handles with a talloc destructor via 5500f3ab7fe selftest: add a test for the "deadtime" parameter via 4fbd8a22c3d s3: smbd: Ensure all returns from OpenDir() correctly set errno. from e8807cc57e7 VERSION: Bump version up to 4.14.8... https://git.samba.org/?p=samba.git;a=shortlog;h=v4-14-test - Log - commit 07b062c489ffe926f14a65da9540c31aea909315 Author: Ralph Boehme Date: Mon Aug 9 15:12:31 2021 +0200 s3/rpc_server: track the number of policy handles with a talloc destructor BUG: https://bugzilla.samba.org/show_bug.cgi?id=14783 RN: smbd "deadtime" parameter doesn't work anymore Signed-off-by: Ralph Boehme Reviewed-by: Samuel Cabrero Reviewed-by: Jeremy Allison Autobuild-User(master): Jeremy Allison Autobuild-Date(master): Tue Aug 10 18:41:43 UTC 2021 on sn-devel-184 (cherry picked from commit 45a33b25c4e6b1db5d2dfa6297ccb390220a7c80) Autobuild-User(v4-14-test): Jule Anger Autobuild-Date(v4-14-test): Thu Aug 26 16:03:40 UTC 2021 on sn-devel-184 commit 5500f3ab7fe7bbfa8f952e29140f784a0c9bc363 Author: Ralph Boehme Date: Mon Aug 9 12:31:07 2021 +0200 selftest: add a test for the "deadtime" parameter BUG: https://bugzilla.samba.org/show_bug.cgi?id=14783 Signed-off-by: Ralph Boehme Reviewed-by: Samuel Cabrero Reviewed-by: Jeremy Allison (cherry picked from commit 39db53a1391769fc6476fa55b02add08f1b8cd75) commit 4fbd8a22c3df7fe9ac4d0f17590a1b6fbdb906d3 Author: Jeremy Allison Date: Thu Aug 19 15:43:52 2021 -0700 s3: smbd: Ensure all returns from OpenDir() correctly set errno. Complex code paths inside open_internal_dirfsp() can return an NTSTATUS, but trample on the matching errno. We need to make sure if open_internal_dirfsp() fails, errno matches the NTSTATUS return. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14805 Signed-off-by: Jeremy Allison Reviewed-by: Noel Power Autobuild-User(master): Noel Power Autobuild-Date(master): Fri Aug 20 09:56:49 UTC 2021 on sn-devel-184 (cherry picked from commit 72b4fe93f15e414ca3e7d7f0e77a5f0aae90556a) --- Summary of changes: source3/rpc_server/rpc_handles.c | 20 +-- source3/script/tests/test_deadtime.sh | 67 +++ source3/selftest/tests.py | 4 +++ source3/smbd/dir.c| 2 ++ 4 files changed, 91 insertions(+), 2 deletions(-) create mode 100755 source3/script/tests/test_deadtime.sh Changeset truncated at 500 lines: diff --git a/source3/rpc_server/rpc_handles.c b/source3/rpc_server/rpc_handles.c index 9ef93231466..745ea4dd6ef 100644 --- a/source3/rpc_server/rpc_handles.c +++ b/source3/rpc_server/rpc_handles.c @@ -103,18 +103,36 @@ size_t num_pipe_handles(void) data_ptr is TALLOC_FREE()'ed / +struct hnd_cnt { + bool _dummy; +}; + +static int hnd_cnt_destructor(struct hnd_cnt *cnt) +{ + num_handles--; + return 0; +} + bool create_policy_hnd(struct pipes_struct *p, struct policy_handle *hnd, uint8_t handle_type, void *data_ptr) { struct dcesrv_handle *rpc_hnd = NULL; + struct hnd_cnt *cnt = NULL; rpc_hnd = dcesrv_handle_create(p->dce_call, handle_type); if (rpc_hnd == NULL) { return false; } + cnt = talloc_zero(rpc_hnd, struct hnd_cnt); + if (cnt == NULL) { + TALLOC_FREE(rpc_hnd); + return false; + } + talloc_set_destructor(cnt, hnd_cnt_destructor); + if (data_ptr != NULL) { rpc_hnd->data = talloc_move(rpc_hnd, _ptr); } @@ -205,8 +223,6 @@ bool close_policy_hnd(struct pipes_struct *p, TALLOC_FREE(rpc_hnd); - num_handles--; - return true; } diff --git a/source3/script/tests/test_deadtime.sh b/source3/script/tests/test_deadtime.sh new file mode 100755 index 000..68703008f02 --- /dev/null +++ b/source3/script/tests/test_deadtime.sh @@ -0,0 +1,67 @@ +#!/usr/bin/env bash +# +# Test deadtime parameter +# + +if [ $# -lt 1 ]; then +echo Usage: test_deadtime.sh IP +exit 1 +fi + +server=$1 + +incdir=`dirname $0`/../../../testprogs/blackbox +. $incdir/subunit.sh +. $incdir/common_test_fns.inc + +failed=0 + +smbclient="$BINDIR/smbclient" +smbcontrol="$BINDIR/smbcontrol" + +global_inject_conf=$(dirname $SMB_CONF_PATH)/global_inject.conf + +echo "deadtime = 1" > $global_inject_conf +$smbcontrol smbd reload-config + +cd $SELFTEST_T
[SCM] Samba Shared Repository - branch v4-14-test updated
The branch, v4-14-test has been updated via 5a90b3e832c pyldb: Avoid use-after-free in msg_diff() via 9d61f2f2f3e ldb_msg: Don't fail in ldb_msg_copy() if source DN is NULL via 9f79d4256f8 pytest:segfault: Add test for ldb.msg_diff() from f53c532c229 autobuild: allow AUTOBUILD_FAIL_IMMEDIATELY=0 (say from a gitlab variable) https://git.samba.org/?p=samba.git;a=shortlog;h=v4-14-test - Log - commit 5a90b3e832cda88339c5cebca7043e842b348e47 Author: Joseph Sutton Date: Mon Sep 13 11:15:17 2021 +1200 pyldb: Avoid use-after-free in msg_diff() Make a deep copy of the message elements in msg_diff() so that if either of the input messages are deallocated early, the result does not refer to non-existing elements. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642 BUG: https://bugzilla.samba.org/show_bug.cgi?id=14836 Signed-off-by: Joseph Sutton Reviewed-by: Andrew Bartlett Reviewed-by: Douglas Bagnall [abart...@samba.org backported from commit 19a2af02f57d99db8ed3c6b028c3abdf4b553700 due to conflicts in the knownfail.d/python-segfaults file] Autobuild-User(v4-14-test): Jule Anger Autobuild-Date(v4-14-test): Wed Sep 29 13:14:22 UTC 2021 on sn-devel-184 commit 9d61f2f2f3eb3fd79bb2d78da8d64b0f8b66d3aa Author: Joseph Sutton Date: Tue Sep 14 11:08:41 2021 +1200 ldb_msg: Don't fail in ldb_msg_copy() if source DN is NULL BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642 BUG: https://bugzilla.samba.org/show_bug.cgi?id=14836 Signed-off-by: Joseph Sutton Reviewed-by: Andrew Bartlett Reviewed-by: Douglas Bagnall (cherry picked from commit c2bbe774ce03661666a1f48922a9ab681ef4f64b) commit 9f79d4256f8f24127f06f0bf25092c5ca84a7d59 Author: Joseph Sutton Date: Mon Sep 13 11:34:56 2021 +1200 pytest:segfault: Add test for ldb.msg_diff() BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642 BUG: https://bugzilla.samba.org/show_bug.cgi?id=14836 Signed-off-by: Joseph Sutton Reviewed-by: Andrew Bartlett Reviewed-by: Douglas Bagnall [abart...@samba.org backported form from commit a99a76722d6046a5d63032e3d2bb3f791da948a6 due to conflicts with other new segfault tests] --- Summary of changes: lib/ldb/common/ldb_msg.c | 6 -- lib/ldb/pyldb.c| 18 -- python/samba/tests/segfault.py | 11 +++ 3 files changed, 31 insertions(+), 4 deletions(-) Changeset truncated at 500 lines: diff --git a/lib/ldb/common/ldb_msg.c b/lib/ldb/common/ldb_msg.c index 2346e66ec39..7131f013f71 100644 --- a/lib/ldb/common/ldb_msg.c +++ b/lib/ldb/common/ldb_msg.c @@ -876,8 +876,10 @@ struct ldb_message *ldb_msg_copy(TALLOC_CTX *mem_ctx, msg2 = ldb_msg_copy_shallow(mem_ctx, msg); if (msg2 == NULL) return NULL; - msg2->dn = ldb_dn_copy(msg2, msg2->dn); - if (msg2->dn == NULL) goto failed; + if (msg2->dn != NULL) { + msg2->dn = ldb_dn_copy(msg2, msg2->dn); + if (msg2->dn == NULL) goto failed; + } for (i=0;inum_elements;i++) { struct ldb_message_element *el = >elements[i]; diff --git a/lib/ldb/pyldb.c b/lib/ldb/pyldb.c index 813cdb0870e..443b677c2c4 100644 --- a/lib/ldb/pyldb.c +++ b/lib/ldb/pyldb.c @@ -1804,6 +1804,7 @@ static PyObject *py_ldb_msg_diff(PyLdbObject *self, PyObject *args) struct ldb_message *diff; struct ldb_context *ldb; PyObject *py_ret; + TALLOC_CTX *mem_ctx = NULL; if (!PyArg_ParseTuple(args, "OO", _msg_old, _msg_new)) return NULL; @@ -1818,19 +1819,32 @@ static PyObject *py_ldb_msg_diff(PyLdbObject *self, PyObject *args) return NULL; } + mem_ctx = talloc_new(NULL); + if (mem_ctx == NULL) { + PyErr_NoMemory(); + return NULL; + } + ldb = pyldb_Ldb_AS_LDBCONTEXT(self); - ldb_ret = ldb_msg_difference(ldb, ldb, + ldb_ret = ldb_msg_difference(ldb, mem_ctx, pyldb_Message_AsMessage(py_msg_old), pyldb_Message_AsMessage(py_msg_new), ); if (ldb_ret != LDB_SUCCESS) { + talloc_free(mem_ctx); PyErr_SetString(PyExc_RuntimeError, "Failed to generate the Ldb Message diff"); return NULL; } + diff = ldb_msg_copy(mem_ctx, diff); + if (diff == NULL) { + PyErr_NoMemory(); + return NULL; + } + py_ret = PyLdbMessage_FromMessage(diff); - talloc_unlink(ldb, diff); + talloc_free(mem_ctx); return py_ret; } diff --git a/python/
[SCM] Samba Shared Repository - branch v4-15-test updated
The branch, v4-15-test has been updated via be8fb0218af heimdal:kdc: Only check for default salt for des-cbc-crc enctype via cb768d624eb libcli/smb: use MID=0 for SMB2 Cancel with ASYNC_ID and legacy signing algorithms via b299897ab58 docs-xml: Update winbindd(8) manpage via b8c8c2017db s3:winbindd: Fix winbindd child logfile name handling via 9257b637f14 debug: Remove "override_logfile" from 57ffd32d455 s3: smbspool. Remove last use of 'extern char **environ;'. https://git.samba.org/?p=samba.git;a=shortlog;h=v4-15-test - Log - commit be8fb0218af1a1529cd7a349a57a11dbfaeb7368 Author: Joseph Sutton Date: Fri Oct 8 15:53:47 2021 +1300 heimdal:kdc: Only check for default salt for des-cbc-crc enctype Previously, this algorithm was preferring RC4 over AES for machine accounts in the preauth case. This is because AES keys for machine accounts in Active Directory use a non-default salt, while RC4 keys do not use a salt. To avoid this behaviour, only prefer keys with default salt for the des-cbc-crc enctype. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642 BUG: https://bugzilla.samba.org/show_bug.cgi?id=14864 Signed-off-by: Joseph Sutton Reviewed-by: Andrew Bartlett (cherry picked from commit 8e1efd8bd3bf698dc0b6ed2081919f49b1412b53) Autobuild-User(v4-15-test): Jule Anger Autobuild-Date(v4-15-test): Fri Oct 22 08:39:30 UTC 2021 on sn-devel-184 commit cb768d624eb4e9e4bbaec5e1408d59267c5bb475 Author: Stefan Metzmacher Date: Tue Sep 28 22:24:32 2021 +0200 libcli/smb: use MID=0 for SMB2 Cancel with ASYNC_ID and legacy signing algorithms We can only assume that servers with support for AES-GMAC-128 signing will except an SMB2 Cancel with ASYNC_ID and real MID. This strategy is also used by Windows clients, because some vendors don't cope otherwise. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14855 Signed-off-by: Stefan Metzmacher Reviewed-by: Jeremy Allison Autobuild-User(master): Jeremy Allison Autobuild-Date(master): Tue Oct 19 19:23:39 UTC 2021 on sn-devel-184 (cherry picked from commit dd07bb81bb9a570b321bb2e5adab42546736ff9f) commit b299897ab58a22d50c296cc446725ad7aa1b57d3 Author: Pavel Filipenský Date: Fri Oct 8 13:16:05 2021 +0200 docs-xml: Update winbindd(8) manpage BUG: https://bugzilla.samba.org/show_bug.cgi?id=14852 Signed-off-by: Pavel Filipenský Reviewed-by: Ralph Boehme Reviewed-by: Andreas Schneider Autobuild-User(master): Ralph Böhme Autobuild-Date(master): Tue Oct 12 09:30:02 UTC 2021 on sn-devel-184 (cherry picked from commit 12d04d9a9288a9358d5f5aebaec126cc610952b1) commit b8c8c2017dbcfe8debf6fee5d131ff36a0e79a39 Author: Pavel Filipenský Date: Thu Oct 7 12:08:22 2021 +0200 s3:winbindd: Fix winbindd child logfile name handling BUG: https://bugzilla.samba.org/show_bug.cgi?id=14852 Handling of logfile name for main and child winbindd must ensure: 1) Log directory is selected in this order: * -l option of winbindd * "log file" parameter in smb.conf * compile time value '/usr/local/samba/var' 2) Log filename pattern * parent process uses log.winbindd * child uses log.wb- 3) Log reopen works for both parent and child (i.e. log filename is not changed) * kill -HUP * smbcontrol reload-config This commit removes 3 calls of is_default_dyn_LOGFILEBASE() to make sure that: - 1st removal: child uses log.wb- after the fork - 2nd removal: child after HUP signal, does not switch to log.winbindd - 3rd removal: child after smbcontrol reload-config, does not switch to log.winbindd Interesting commits: bfa1b2a8 1484b7f3 3b015a4c d1f7a371 Signed-off-by: Pavel Filipenský Reviewed-by: Ralph Boehme Reviewed-by: Andreas Schneider (cherry picked from commit b92589c31f0eb3eaf2b3b1867e10b759f6a2edda) commit 9257b637f14754427957711fe89d5cb4107881b2 Author: Volker Lendecke Date: Fri Sep 17 10:22:29 2021 +0200 debug: Remove "override_logfile" The only writer to this variable left with c377845d27d4dcd7. The closest match for override_logfile is is_default_dyn_LOGFILEBASE() with the opposite logic. Signed-off-by: Volker Lendecke Reviewed-by: Jeremy Allison Autobuild-User(master): Jeremy Allison Autobuild-Date(master): Sat Sep 18 00:53:28 UTC 2021 on sn-devel-184 (cherry picked from commit cf4a868be50e795889b76b59f7fbe1cca51bcbfa) --- Summary of changes: docs-xml/manpages/winbindd.8.xml | 20 +++- lib/util/debug.c | 10 -- libcli/
[SCM] Samba Shared Repository - branch v4-15-test updated
The branch, v4-15-test has been updated via 6f7e39b0611 smb2_server: skip tcon check and chdir_current_service() for FSCTL_QUERY_NETWORK_INTERFACE_INFO via c22480e2640 s4:torture/smb2: FSCTL_QUERY_NETWORK_INTERFACE_INFO should work on noperm share via f57b3e1 smb2_server: don't let SMB2_OP_IOCTL force FILE_CLOSED for invalid file ids via 2306c9e7d18 s4:torture/smb2: FSCTL_QUERY_NETWORK_INTERFACE_INFO gives INVALID_PARAMETER with invalid file ids via a68e2904eae smb2_ioctl: return BUFFER_TOO_SMALL in smbd_smb2_request_ioctl_done() via 2c4c3867933 s4:torture/smb2: test FSCTL_QUERY_NETWORK_INTERFACE_INFO with BUFFER_TOO_SMALL via 9e182796362 smb2_server: skip tcon check and chdir_current_service() for FSCTL_VALIDATE_NEGOTIATE_INFO via 2209a095dda smb2_server: decouple IOCTL check from signing/encryption states via 4c8c39a7b55 smb2_server: make sure in_ctl_code = IVAL(body, 0x04); reads valid bytes via 685250e6298 s4:torture/smb2: add smb2.ioctl.bug14788.VALIDATE_NEGOTIATE via eba52e21acb libcli/smb: split out smb2cli_raw_tcon* from smb2cli_tcon* from dc59b392111 s3:winbind: Fix possible NULL pointer dereference https://git.samba.org/?p=samba.git;a=shortlog;h=v4-15-test - Log - commit 6f7e39b061134ac2387c1d1ebfbe61c1c1a34422 Author: Stefan Metzmacher Date: Wed Sep 15 19:29:40 2021 +0200 smb2_server: skip tcon check and chdir_current_service() for FSCTL_QUERY_NETWORK_INTERFACE_INFO We should not fail this just because the user doesn't have permissions on the share root. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14788 Signed-off-by: Stefan Metzmacher Reviewed-by: Ralph Boehme Autobuild-User(master): Ralph Böhme Autobuild-Date(master): Wed Dec 1 11:51:50 UTC 2021 on sn-devel-184 (cherry picked from commit f4d0bb164f028da46eab766135bb38175c117deb) Autobuild-User(v4-15-test): Jule Anger Autobuild-Date(v4-15-test): Mon Dec 6 11:36:01 UTC 2021 on sn-devel-184 commit c22480e2640ffc20fb01749f5f6a9ef272d855c8 Author: Stefan Metzmacher Date: Mon Nov 29 19:56:20 2021 +0100 s4:torture/smb2: FSCTL_QUERY_NETWORK_INTERFACE_INFO should work on noperm share Demonstrate that smbd fails FSCTL_QUERY_NETWORK_INTERFACE_INFO only because the user doesn't have permissions on the share root. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14788 Signed-off-by: Stefan Metzmacher Reviewed-by: Ralph Boehme (cherry picked from commit 629d161b8f579bc24acfaf3fe02612a5237345b4) commit f57b3e1478bdf743956e7fef222e4891d508 Author: Stefan Metzmacher Date: Wed Sep 15 20:27:12 2021 +0200 smb2_server: don't let SMB2_OP_IOCTL force FILE_CLOSED for invalid file ids smbd_smb2_request_process_ioctl() already detailed checks for file_ids, which not reached before. .allow_invalid_fileid = true was only used for SMB2_OP_IOCTL. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14788 Signed-off-by: Stefan Metzmacher Reviewed-by: Ralph Boehme (cherry picked from commit 1744dd8c5bc342a74e397951506468636275fe45) commit 2306c9e7d18fe9080a20c2989144a35d43ef2a1d Author: Stefan Metzmacher Date: Mon Nov 29 19:56:20 2021 +0100 s4:torture/smb2: FSCTL_QUERY_NETWORK_INTERFACE_INFO gives INVALID_PARAMETER with invalid file ids An invalid file id for FSCTL_QUERY_NETWORK_INTERFACE_INFO gives INVALID_PARAMETER instead of FILE_CLOSED. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14788 Signed-off-by: Stefan Metzmacher Reviewed-by: Ralph Boehme (cherry picked from commit fb33f145ff598b03a08098b7f12f3c53491f6c04) commit a68e2904eaee1d7185bfe6981193a4bdeae7a2db Author: Stefan Metzmacher Date: Wed Sep 15 20:26:58 2021 +0200 smb2_ioctl: return BUFFER_TOO_SMALL in smbd_smb2_request_ioctl_done() We should not send more data than the client requested. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14788 Signed-off-by: Stefan Metzmacher Reviewed-by: Ralph Boehme (cherry picked from commit aab540503434817cc6b2de1d9c507f9d0b3ad980) commit 2c4c38679338ed62fe309379ee3069605a31bb22 Author: Stefan Metzmacher Date: Mon Nov 29 19:44:12 2021 +0100 s4:torture/smb2: test FSCTL_QUERY_NETWORK_INTERFACE_INFO with BUFFER_TOO_SMALL It seems that we currently don't have BUFFER_TOO_SMALL handling for FSCTL/IOCTL calls. FSCTL_QUERY_NETWORK_INTERFACE_INFO is just an easy example to demonstrate it. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14788 Signed-off-by: Stefan Metzmacher Reviewed-by: Ralph Boehme (cherry picked from commit b3212b359edb78d4c60fed377fa18478c8e75d9a) commit 9e182796362b2ac690556ad28d8a086f4044db8d Author: Stefan Metzmacher Date: Mon Aug 16
[SCM] Samba Shared Repository - branch v4-13-test updated
The branch, v4-13-test has been updated via fadf4963450 IPA DC: add missing checks from b7158d4ce85 s3:winbindd: fix "allow trusted domains = no" regression https://git.samba.org/?p=samba.git;a=shortlog;h=v4-13-test - Log - commit fadf49634500a08392f0625db4062d993ccb0b0a Author: Alexander Bokovoy Date: Fri Nov 12 19:06:01 2021 +0200 IPA DC: add missing checks When introducing FreeIPA support, two places were forgotten: - schannel gensec module needs to be aware of IPA DC - _lsa_QueryInfoPolicy should treat IPA DC as PDC BUG: https://bugzilla.samba.org/show_bug.cgi?id=14903 Signed-off-by: Alexander Bokovoy Reviewed-by: Guenther Deschner Autobuild-User(master): Alexander Bokovoy Autobuild-Date(master): Sat Nov 13 07:01:26 UTC 2021 on sn-devel-184 (cherry picked from commit c69b66f649c1d47a7367f7efe25b8df32369a3a5) Autobuild-User(v4-13-test): Jule Anger Autobuild-Date(v4-13-test): Mon Nov 15 15:33:17 UTC 2021 on sn-devel-184 --- Summary of changes: auth/gensec/schannel.c | 1 + source3/rpc_server/lsa/srv_lsa_nt.c | 1 + 2 files changed, 2 insertions(+) Changeset truncated at 500 lines: diff --git a/auth/gensec/schannel.c b/auth/gensec/schannel.c index 0cdae141ead..6ebbe8f3179 100644 --- a/auth/gensec/schannel.c +++ b/auth/gensec/schannel.c @@ -1080,6 +1080,7 @@ static NTSTATUS schannel_server_start(struct gensec_security *gensec_security) case ROLE_DOMAIN_BDC: case ROLE_DOMAIN_PDC: case ROLE_ACTIVE_DIRECTORY_DC: + case ROLE_IPA_DC: return NT_STATUS_OK; default: return NT_STATUS_NOT_IMPLEMENTED; diff --git a/source3/rpc_server/lsa/srv_lsa_nt.c b/source3/rpc_server/lsa/srv_lsa_nt.c index 198387424e6..08a77c80017 100644 --- a/source3/rpc_server/lsa/srv_lsa_nt.c +++ b/source3/rpc_server/lsa/srv_lsa_nt.c @@ -681,6 +681,7 @@ NTSTATUS _lsa_QueryInfoPolicy(struct pipes_struct *p, switch (lp_server_role()) { case ROLE_DOMAIN_PDC: case ROLE_DOMAIN_BDC: + case ROLE_IPA_DC: name = get_global_sam_name(); sid = dom_sid_dup(p->mem_ctx, get_global_sam_sid()); if (!sid) { -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-15-test updated
The branch, v4-15-test has been updated via bf9fdf5b455 cmdline: Make -P work in clustered mode via f1c064e792a cmdline: Add a callback to set the machine account details via 575e620ad6c lib: Add required includes to source3/include/secrets.h via 3309ab5fa02 selftest: Add reproducer for bug 14908 via 4d68d797f18 s3:modules:recycle - fix crash in recycle_unlink_internal from 9bcba58e4d4 CVE-2020-25717: s3:auth: Fallback to a SID/UID based mapping if the named based lookup fails https://git.samba.org/?p=samba.git;a=shortlog;h=v4-15-test - Log - commit bf9fdf5b45531749d5e533fe91dd957d64f81d6b Author: Volker Lendecke Date: Wed Nov 17 12:27:27 2021 +0100 cmdline: Make -P work in clustered mode Bug: https://bugzilla.samba.org/show_bug.cgi?id=14908 Signed-off-by: Volker Lendecke Reviewed-by: Ralph Boehme Autobuild-User(master): Ralph Böhme Autobuild-Date(master): Wed Nov 17 18:29:09 UTC 2021 on sn-devel-184 (cherry picked from commit cdc0268c1987f36ab400ea01df88d55c02dccfdb) Autobuild-User(v4-15-test): Jule Anger Autobuild-Date(v4-15-test): Fri Nov 19 08:11:05 UTC 2021 on sn-devel-184 commit f1c064e792ae1b9d3cc57380205246dc21e8bb3c Author: Volker Lendecke Date: Wed Nov 17 12:25:58 2021 +0100 cmdline: Add a callback to set the machine account details source3 clients need to work in clustered mode, the default cli_credentials_set_machine_account() only looks at the local secrets.tdb file Bug: https://bugzilla.samba.org/show_bug.cgi?id=14908 Signed-off-by: Volker Lendecke Reviewed-by: Ralph Boehme (cherry picked from commit 63c80f25da8829a7bd3244afea29c13f699efac1) commit 575e620ad6cf57634c3357f8677f8beaf7c12caa Author: Volker Lendecke Date: Wed Nov 17 12:25:05 2021 +0100 lib: Add required includes to source3/include/secrets.h Bug: https://bugzilla.samba.org/show_bug.cgi?id=14908 Signed-off-by: Volker Lendecke Reviewed-by: Ralph Boehme (cherry picked from commit d6270525699fbc856b217cf18ece7f1d063b144d) commit 3309ab5fa0245ca791e66c585c131abb82d24a8b Author: Volker Lendecke Date: Wed Nov 17 16:34:07 2021 +0100 selftest: Add reproducer for bug 14908 Bug: https://bugzilla.samba.org/show_bug.cgi?id=14908 Signed-off-by: Volker Lendecke Reviewed-by: Ralph Boehme (cherry picked from commit 9faa3173193ddcb95905993d960cc10d4366524e) commit 4d68d797f187358e6b328550999ddff5bf755df0 Author: Andrew Walker Date: Thu Oct 28 16:01:42 2021 -0400 s3:modules:recycle - fix crash in recycle_unlink_internal Original logic for separating path from base name assumed that we were using same string to determine offset when getting the parent dir name (smb_fname->base_name). Simplify by using parent_dirname() to split the path from base name. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14888 Signed-off-by: Andrew Walker Reviewed-by: Jeremy Allison Autobuild-User(master): Jeremy Allison Autobuild-Date(master): Sat Oct 30 04:34:53 UTC 2021 on sn-devel-184 (cherry picked from commit be3a47e22ad6be204f4a7d6070f82f990c17e6fb) --- Summary of changes: lib/cmdline/cmdline.c| 16 -- lib/cmdline/cmdline.h| 4 lib/cmdline/cmdline_s3.c | 28 lib/cmdline/wscript | 2 +- source3/include/secrets.h| 3 +++ source3/modules/vfs_recycle.c| 17 +- source3/script/tests/test_net_machine_account.sh | 22 +++ source3/selftest/tests.py| 9 8 files changed, 86 insertions(+), 15 deletions(-) create mode 100755 source3/script/tests/test_net_machine_account.sh Changeset truncated at 500 lines: diff --git a/lib/cmdline/cmdline.c b/lib/cmdline/cmdline.c index 63e81bc0a7f..0c0b3ead7da 100644 --- a/lib/cmdline/cmdline.c +++ b/lib/cmdline/cmdline.c @@ -30,6 +30,11 @@ static struct cli_credentials *cmdline_creds; static samba_cmdline_load_config cmdline_load_config_fn; static struct samba_cmdline_daemon_cfg cmdline_daemon_cfg; +static NTSTATUS (*cli_credentials_set_machine_account_fn)( + struct cli_credentials *cred, + struct loadparm_context *lp_ctx) = + cli_credentials_set_machine_account; + /* PRIVATE */ bool samba_cmdline_set_talloc_ctx(TALLOC_CTX *mem_ctx) { @@ -122,6 +127,13 @@ struct samba_cmdline_daemon_cfg *samba_cmdline_get_daemon_cfg(void) return _daemon_cfg; } +void samba_cmdline_set_machine_account_fn( + NTSTATUS (*fn) (struct cli_credentials *cred, + struct loadparm_context *lp_
[SCM] Samba Shared Repository - branch v4-13-test updated
The branch, v4-13-test has been updated via 105c6a15eff CVE-2020-25717: s3:auth: Fallback to a SID/UID based mapping if the named based lookup fails via 32ba258cd75 CVE-2020-25717: tests/krb5: Add a test for idmap_nss mapping users to SIDs via a40c007fb55 CVE-2020-25717: selftest: turn ad_member_no_nss_wb into ad_member_idmap_nss via 0a56d233bfd CVE-2020-25717: nsswitch/nsstest.c: Lower 'non existent uid' to make room for new accounts via 302bb70ebc9 CVE-2020-25717: tests/krb5: Add method to automatically obtain server credentials via a6eddc3bd7a CVE-2020-25727: idmap_nss: verify that the name of the sid belongs to the configured domain from fadf4963450 IPA DC: add missing checks https://git.samba.org/?p=samba.git;a=shortlog;h=v4-13-test - Log - commit 105c6a15effd118d7cfe9dfa7b1ad4faab9fe224 Author: Andrew Bartlett Date: Fri Nov 12 16:10:31 2021 +1300 CVE-2020-25717: s3:auth: Fallback to a SID/UID based mapping if the named based lookup fails Before the CVE-2020-25717 fixes we had a fallback from getpwnam('DOMAIN\user') to getpwnam('user') which was very dangerous and unpredictable. Now we do the fallback based on sid_to_uid() followed by getpwuid() on the returned uid. This obsoletes 'username map [script]' based workaround adviced for CVE-2020-25717, when nss_winbindd is not used or idmap_nss is actually used. In future we may decide to prefer or only do the SID/UID based lookup, but for now we want to keep this unchanged as much as possible. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14901 Pair-Programmed-With: Stefan Metzmacher Signed-off-by: Andrew Bartlett Signed-off-by: Stefan Metzmacher [me...@samba.org moved the new logic into the fallback codepath only in order to avoid behavior changes as much as possible] Reviewed-by: Ralph Boehme Autobuild-User(master): Ralph Böhme Autobuild-Date(master): Mon Nov 15 19:01:56 UTC 2021 on sn-devel-184 (cherry picked from commit 0a546be05295a7e4a552f9f4f0c74aeb2e9a0d6e) Autobuild-User(v4-13-test): Jule Anger Autobuild-Date(v4-13-test): Wed Nov 17 15:50:53 UTC 2021 on sn-devel-184 commit 32ba258cd753301504bdb4a00624053f08373b95 Author: Joseph Sutton Date: Fri Nov 12 14:22:47 2021 +1300 CVE-2020-25717: tests/krb5: Add a test for idmap_nss mapping users to SIDs BUG: https://bugzilla.samba.org/show_bug.cgi?id=14901 Pair-Programmed-With: Stefan Metzmacher Signed-off-by: Joseph Sutton Signed-off-by: Stefan Metzmacher [me...@samba.org removed unused tests for a feature that was removed before merging] Reviewed-by: Ralph Boehme (cherry picked from commit 494bf7de6ff3e9abeb3753df0635737b80ce5bb7) commit a40c007fb5574cc781b60ab948477dcd9dd05aab Author: Joseph Sutton Date: Fri Nov 12 14:20:45 2021 +1300 CVE-2020-25717: selftest: turn ad_member_no_nss_wb into ad_member_idmap_nss In reality environments without 'nss_winbind' make use of 'idmap_nss'. For testing, DOMAIN/bob is mapped to the local 'bob', while DOMAIN/jane gets the uid based on the local 'jane' vis idmap_nss. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14901 Pair-Programmed-With: Stefan Metzmacher Signed-off-by: Joseph Sutton Signed-off-by: Stefan Metzmacher [me...@samba.org avoid to create a new ad_member_idmap_nss environment and merge it with ad_member_no_nss_wb instead] Reviewed-by: Ralph Boehme (cherry picked from commit 8a9f2aa2c1cdfa72ad50d7c4f879220fe37654cd) commit 0a56d233bfdb48bb891f7abfe054769b2ef2 Author: Joseph Sutton Date: Fri Nov 12 20:53:30 2021 +1300 CVE-2020-25717: nsswitch/nsstest.c: Lower 'non existent uid' to make room for new accounts BUG: https://bugzilla.samba.org/show_bug.cgi?id=14901 Signed-off-by: Joseph Sutton Reviewed-by: Stefan Metzmacher Reviewed-by: Ralph Boehme (cherry picked from commit fdbee5e074ebd76d659613b8b7114d70f938c38a) commit 302bb70ebc9b47d9f1d46212deac17470e64740d Author: Joseph Sutton Date: Fri Nov 12 14:14:55 2021 +1300 CVE-2020-25717: tests/krb5: Add method to automatically obtain server credentials BUG: https://bugzilla.samba.org/show_bug.cgi?id=14901 Signed-off-by: Joseph Sutton Reviewed-by: Stefan Metzmacher Reviewed-by: Ralph Boehme (cherry picked from commit 5ea347d3673e35891613c90ca837d1ce4833c1b0) commit a6eddc3bd7a032e1fd3921cd7ea213b5c48f2eab Author: Stefan Metzmacher Date: Fri Nov 12 15:27:58 2021 +0100 CVE-2020-25727: idmap_nss: verify that the name of the sid belongs to the configured domain We already check the sid belongs to the domain, but checking the name too feels better and make
[SCM] Samba Shared Repository - branch v4-15-test updated
The branch, v4-15-test has been updated via 9bcba58e4d4 CVE-2020-25717: s3:auth: Fallback to a SID/UID based mapping if the named based lookup fails via 5d5e5a1f355 CVE-2020-25717: tests/krb5: Add a test for idmap_nss mapping users to SIDs via ae21fe9c01b CVE-2020-25717: selftest: turn ad_member_no_nss_wb into ad_member_idmap_nss via 3f009a620a3 CVE-2020-25717: nsswitch/nsstest.c: Lower 'non existent uid' to make room for new accounts via ebe18e23ba6 CVE-2020-25717: tests/krb5: Add method to automatically obtain server credentials via 38ddd41e9c6 CVE-2020-25727: idmap_nss: verify that the name of the sid belongs to the configured domain via ad6af1bb831 s3: smbd: Ensure in the directory scanning loops inside rmdir_internals() we don't overwrite the 'ret' variable. via 728c9b83564 s3: smbtorture3: Add test for setting delete on close on a directory, then creating a file within to see if delete succeeds. via 89903ed1e32 s3: smbd: dirfsp is being used uninitialized inside rmdir_internals(). via 6aae2575b38 smbd: get rid of get_file_handle_for_metadata() from c357c1b2024 lib/cmdline: setup default file logging for servers https://git.samba.org/?p=samba.git;a=shortlog;h=v4-15-test - Log - commit 9bcba58e4d42f6107ad8f9fa3faf892f9426a0ec Author: Andrew Bartlett Date: Fri Nov 12 16:10:31 2021 +1300 CVE-2020-25717: s3:auth: Fallback to a SID/UID based mapping if the named based lookup fails Before the CVE-2020-25717 fixes we had a fallback from getpwnam('DOMAIN\user') to getpwnam('user') which was very dangerous and unpredictable. Now we do the fallback based on sid_to_uid() followed by getpwuid() on the returned uid. This obsoletes 'username map [script]' based workaround adviced for CVE-2020-25717, when nss_winbindd is not used or idmap_nss is actually used. In future we may decide to prefer or only do the SID/UID based lookup, but for now we want to keep this unchanged as much as possible. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14901 Pair-Programmed-With: Stefan Metzmacher Signed-off-by: Andrew Bartlett Signed-off-by: Stefan Metzmacher [me...@samba.org moved the new logic into the fallback codepath only in order to avoid behavior changes as much as possible] Reviewed-by: Ralph Boehme Autobuild-User(master): Ralph Böhme Autobuild-Date(master): Mon Nov 15 19:01:56 UTC 2021 on sn-devel-184 (cherry picked from commit 0a546be05295a7e4a552f9f4f0c74aeb2e9a0d6e) Autobuild-User(v4-15-test): Jule Anger Autobuild-Date(v4-15-test): Wed Nov 17 16:12:28 UTC 2021 on sn-devel-184 commit 5d5e5a1f3558b52776ada0c1fabfa87c0adafd2d Author: Joseph Sutton Date: Fri Nov 12 14:22:47 2021 +1300 CVE-2020-25717: tests/krb5: Add a test for idmap_nss mapping users to SIDs BUG: https://bugzilla.samba.org/show_bug.cgi?id=14901 Pair-Programmed-With: Stefan Metzmacher Signed-off-by: Joseph Sutton Signed-off-by: Stefan Metzmacher [me...@samba.org removed unused tests for a feature that was removed before merging] Reviewed-by: Ralph Boehme (cherry picked from commit 494bf7de6ff3e9abeb3753df0635737b80ce5bb7) commit ae21fe9c01b50232ca3223cca0096f8001786395 Author: Joseph Sutton Date: Fri Nov 12 14:20:45 2021 +1300 CVE-2020-25717: selftest: turn ad_member_no_nss_wb into ad_member_idmap_nss In reality environments without 'nss_winbind' make use of 'idmap_nss'. For testing, DOMAIN/bob is mapped to the local 'bob', while DOMAIN/jane gets the uid based on the local 'jane' vis idmap_nss. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14901 Pair-Programmed-With: Stefan Metzmacher Signed-off-by: Joseph Sutton Signed-off-by: Stefan Metzmacher [me...@samba.org avoid to create a new ad_member_idmap_nss environment and merge it with ad_member_no_nss_wb instead] Reviewed-by: Ralph Boehme (cherry picked from commit 8a9f2aa2c1cdfa72ad50d7c4f879220fe37654cd) commit 3f009a620a32fc02e26f7056b2c53cb940b7bbd4 Author: Joseph Sutton Date: Fri Nov 12 20:53:30 2021 +1300 CVE-2020-25717: nsswitch/nsstest.c: Lower 'non existent uid' to make room for new accounts BUG: https://bugzilla.samba.org/show_bug.cgi?id=14901 Signed-off-by: Joseph Sutton Reviewed-by: Stefan Metzmacher Reviewed-by: Ralph Boehme (cherry picked from commit fdbee5e074ebd76d659613b8b7114d70f938c38a) commit ebe18e23ba62e99295661584ce72942ce214aa4c Author: Joseph Sutton Date: Fri Nov 12 14:14:55 2021 +1300 CVE-2020-25717: tests/krb5: Add method to automatically obtain server credentials BUG: https://bugzilla.samba.org/show_bug.cgi?id=14901 Signed-off
[SCM] Samba Shared Repository - branch v4-15-test updated
The branch, v4-15-test has been updated via 962b7b0f92d s3-winexe: Fix winexe core dump (use-after-free) via f926586544e vfs_fruit: remove a fsp check from ad_fset() via 3a34628266f lib/dbwrap: reset deleted record to tdb_null via 8bb5f0911a8 CI: add a test for bug 14882 via a16283466ba s3/libsmb: check for global parametric option "libsmb:client_guid" via a549dc219cb s3: docs-xml: Clarify the "delete veto files" paramter. via 5023dbc04bf s3: smbd: Fix logic in can_delete_directory_fsp() to cope with dangling symlinks. via 4793c4d5307 s3: smbd: Fix logic in rmdir_internals() to cope with dangling symlinks. via e00fe095e8c s3: smbd: Fix rmdir_internals() to do an early return if lp_delete_veto_files() is not set. via 0dba0917fd9 s3: VFS: xattr_tdb. Allow unlinkat to cope with dangling symlinks. via 7a4173809a8 s3: VFS: streams_depot. Allow unlinkat to cope with dangling symlinks. via 359517877d6 s3: smbd: Add two tests showing the ability to delete a directory containing a dangling symlink over SMB2 depends on "delete veto files" setting. via 9f76641627f s3: smbd: Fix recursive directory delete of a directory containing veto file and msdfs links. via dab3fa1d8c2 s3: smbd: Add two tests showing recursive directory delete of a directory containing veto file and msdfs links over SMB2. via 71792ae9886 bootstrap: Debian 11 has liburing-dev via 6ea70022f20 bootstrap: Add Debian 11 via 651d79f109b lib:cmdline: Fix -k option which doesn't expect anything via d700a676cad testprogs: Use new cmdline option for kerberos via c99eecaf2fb lib: handle NTTIME_THAW in nt_time_to_full_timespec() via 204f1488e2c torture: add a test for NTTIME_FREEZE and NTTIME_THAW via 6e42b2a1670 lib: add a test for null_nttime(NTTIME_THAW) via bfb893f5efc lib: update null_nttime() of -1: -1 is NTTIME_FREEZE via 0b7c1089d12 lib: use NTTIME_FREEZE in a null_nttime() test via 60adfb19d9d lib: fix null_nttime() tests via 0acbd644fcd lib: add NTTIME_THAW from bdc33fa61f8 VERSION: Bump version up to Samba 4.15.3... https://git.samba.org/?p=samba.git;a=shortlog;h=v4-15-test - Log - commit 962b7b0f92d37867296b8e30c5ae659e9544a16f Author: Günther Deschner Date: Thu Nov 4 22:22:44 2021 +0100 s3-winexe: Fix winexe core dump (use-after-free) BUG: https://bugzilla.samba.org/show_bug.cgi?id=14893 Guenther Signed-off-by: Guenther Deschner Reviewed-by: Andreas Schneider Autobuild-User(master): Günther Deschner Autobuild-Date(master): Fri Nov 5 11:43:57 UTC 2021 on sn-devel-184 (cherry picked from commit e9495d2ed28a26899dc3dd77bdfe56e284980218) Autobuild-User(v4-15-test): Jule Anger Autobuild-Date(v4-15-test): Wed Nov 10 17:05:18 UTC 2021 on sn-devel-184 commit f926586544e8c92b58ccba133992f75f8c33c5a1 Author: Ralph Boehme Date: Tue Nov 2 05:34:59 2021 +0100 vfs_fruit: remove a fsp check from ad_fset() This comes from times before we had pathref fsps. Back then if you wanted to check if fsp->fh->fd contained a valid value != -1, you'd also first check that the passed in fsp and fsp->fh are non NULL. With pathref fsps we don't need this anymore. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14890 RN: Crash in vfs_fruit asking for fsp_get_io_fd() for an XATTR call Signed-off-by: Ralph Boehme Reviewed-by: Jeremy Allison (cherry picked from commit 50c550e1ad422a1220d0862a3f637e5fb774f288) commit 3a34628266f8df1513092ec8bdf0c391b6afc7c4 Author: Ralph Boehme Date: Fri Oct 29 22:03:42 2021 +0200 lib/dbwrap: reset deleted record to tdb_null This allows the calling the following sequence of dbwrap functions: dbwrap_delete_record(rec); data = dbwrap_record_get_value(rec); without triggering the assert rec->value_valid inside dbwrap_record_get_value(). Note that dbwrap_record_storev() continues to invalidate the record, so this change somewhat blurs our semantics. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14882 Signed-off-by: Ralph Boehme Reviewed-by: Volker Lendecke Autobuild-User(master): Jeremy Allison Autobuild-Date(master): Thu Nov 4 19:49:47 UTC 2021 on sn-devel-184 (cherry picked from commit 8082e2eb7e33c0993135791c03823886f5aa8496) commit 8bb5f0911a8504bb8e4c89282c43d651b690fa78 Author: Ralph Boehme Date: Fri Oct 29 06:27:38 2021 +0200 CI: add a test for bug 14882 BUG: https://bugzilla.samba.org/show_bug.cgi?id=14882 Signed-off-by: Ralph Boehme Reviewed-by: Jeremy Allison (cherry picked from commit 1fa006f1f71cce03d92e76efda3ff055aae4eb91) commi
[SCM] Samba Shared Repository - branch v4-14-test updated
The branch, v4-14-test has been updated via 4a106c2322c lib: handle NTTIME_THAW in nt_time_to_full_timespec() via 4e2c7c66c96 torture: add a test for NTTIME_FREEZE and NTTIME_THAW via 7e1a65ed980 lib: add a test for null_nttime(NTTIME_THAW) via 38ac4c09474 lib: update null_nttime() of -1: -1 is NTTIME_FREEZE via f8fec80020e lib: use NTTIME_FREEZE in a null_nttime() test via 43f873d52ab lib: fix null_nttime() tests via ac6f4c093b8 lib: add NTTIME_THAW from a1dae6a208a VERSION: Bump version up to Samba 4.14.11... https://git.samba.org/?p=samba.git;a=shortlog;h=v4-14-test - Log - commit 4a106c2322c5f69f008707701ca54904b51cb297 Author: Ralph Boehme Date: Tue Oct 5 15:10:33 2021 +0200 lib: handle NTTIME_THAW in nt_time_to_full_timespec() Preliminary handling of NTTIME_THAW to avoid NTTIME_THAW is passed as some mangled value down to the VFS set timestamps function. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14127 RN: Avoid storing NTTIME_THAW (-2) as value on disk Signed-off-by: Ralph Boehme Reviewed-by: Jeremy Allison (cherry picked from commit 6ed71ad7e6aa98a34cfde95d7d62c46694d58469) Autobuild-User(v4-14-test): Jule Anger Autobuild-Date(v4-14-test): Wed Nov 10 15:54:35 UTC 2021 on sn-devel-184 commit 4e2c7c66c9699276f3fb1b81c4a6f574068d7141 Author: Ralph Boehme Date: Thu Oct 28 12:55:39 2021 +0200 torture: add a test for NTTIME_FREEZE and NTTIME_THAW BUG: https://bugzilla.samba.org/show_bug.cgi?id=14127 Signed-off-by: Ralph Boehme Reviewed-by: Jeremy Allison (cherry picked from commit 0659069f8292996be475d407b53d161aa3f35554) commit 7e1a65ed980afe6d5c987baf98d6f3700bbb9145 Author: Ralph Boehme Date: Thu Oct 28 10:18:54 2021 +0200 lib: add a test for null_nttime(NTTIME_THAW) BUG: https://bugzilla.samba.org/show_bug.cgi?id=14127 Signed-off-by: Ralph Boehme Reviewed-by: Jeremy Allison (cherry picked from commit 194faa76161a12ae1eae2b471d6f159d97ef75a8) commit 38ac4c094749d880ae8b1e25942ebb7b1c182c49 Author: Ralph Boehme Date: Thu Oct 28 10:18:17 2021 +0200 lib: update null_nttime() of -1: -1 is NTTIME_FREEZE NTTIME_FREEZE is not a nil sentinel value, instead it implies special, yet unimplemented semantics. Callers must deal with those values specifically and null_nttime() must not lie about their nature. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14127 Signed-off-by: Ralph Boehme Reviewed-by: Jeremy Allison (cherry picked from commit 5503bde93bddf3634b183e665773399c110251d4) commit f8fec80020e8aadba8b49a3f0247009534ab7410 Author: Ralph Boehme Date: Thu Oct 28 10:17:01 2021 +0200 lib: use NTTIME_FREEZE in a null_nttime() test No change in behaviour. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14127 Signed-off-by: Ralph Boehme Reviewed-by: Jeremy Allison (cherry picked from commit e2740e4868f2a49877a86a8666d26226b5657317) commit 43f873d52ab9e17209595677c4672de19da7c65a Author: Ralph Boehme Date: Wed Oct 27 17:02:48 2021 +0200 lib: fix null_nttime() tests The test was checking -1 twice: torture_assert(tctx, null_nttime(-1), "-1"); torture_assert(tctx, null_nttime(-1), "-1"); The first line was likely supposed to test the value "0". BUG: https://bugzilla.samba.org/show_bug.cgi?id=14127 Signed-off-by: Ralph Boehme Reviewed-by: Jeremy Allison (cherry picked from commit d84779302cc54a7b84c05ccc458e04b27fd142f4) commit ac6f4c093b82501a3282c142b4912c501b2c2999 Author: Ralph Boehme Date: Tue Oct 5 15:10:10 2021 +0200 lib: add NTTIME_THAW BUG: https://bugzilla.samba.org/show_bug.cgi?id=14127 Signed-off-by: Ralph Boehme Reviewed-by: Jeremy Allison (cherry picked from commit f73aff502cadabb7fe6b94a697f0a2256d1d4aca) --- Summary of changes: lib/util/tests/time.c | 5 +- lib/util/time.c | 8 +- lib/util/time.h | 1 + source4/torture/smb2/timestamps.c | 208 ++ 4 files changed, 216 insertions(+), 6 deletions(-) Changeset truncated at 500 lines: diff --git a/lib/util/tests/time.c b/lib/util/tests/time.c index fce0eef5e2e..d94f50355d0 100644 --- a/lib/util/tests/time.c +++ b/lib/util/tests/time.c @@ -34,8 +34,9 @@ static bool test_null_time(struct torture_context *tctx) static bool test_null_nttime(struct torture_context *tctx) { - torture_assert(tctx, null_nttime(-1), "-1"); - torture_assert(tctx, null_nttime(-1), "-1"); + torture_assert(tctx, null_nttime(0), "0"); + torture_assert(tctx
[SCM] Samba Shared Repository - branch v4-15-test updated
The branch, v4-15-test has been updated via c357c1b2024 lib/cmdline: setup default file logging for servers via 47c00820819 lib/cmdline: remember config_type in samba_cmdline_init() via 38736e88728 lib/cmdline: fix indentation via 371c723e4d8 lib/debug: in debug_set_logfile() call reopen_logs_internal() via cda7fb2a057 lib/debug: fix fd check before dup'ing to stderr via 9462c39eab8 winbindd: remove is_default_dyn_LOGFILEBASE() logic via 006aa720c54 samba-bgqd: fix startup and logging via c9b5ca53eba source3: move lib/substitute.c functions out of proto.h from 0d3842697b4 IPA DC: add missing checks https://git.samba.org/?p=samba.git;a=shortlog;h=v4-15-test - Log - commit c357c1b20249d006d1aa4fc33d311e519895135c Author: Ralph Boehme Date: Mon Nov 8 12:09:43 2021 +0100 lib/cmdline: setup default file logging for servers BUG: https://bugzilla.samba.org/show_bug.cgi?id=14897 RN: samba process doesn't log to logfile Signed-off-by: Ralph Boehme Reviewed-by: Andreas Schneider Autobuild-User(master): Ralph Böhme Autobuild-Date(master): Thu Nov 11 14:42:13 UTC 2021 on sn-devel-184 (cherry picked from commit 06ed4ccba6cfe08aef061866f98b1d1da26682b8) Autobuild-User(v4-15-test): Jule Anger Autobuild-Date(v4-15-test): Tue Nov 16 16:56:19 UTC 2021 on sn-devel-184 commit 47c00820819df91053ad322935ce69340826e6cd Author: Ralph Boehme Date: Mon Nov 8 12:09:16 2021 +0100 lib/cmdline: remember config_type in samba_cmdline_init() BUG: https://bugzilla.samba.org/show_bug.cgi?id=14897 Signed-off-by: Ralph Boehme Reviewed-by: Andreas Schneider (cherry picked from commit 97592f16bfb8590efbd2ed31fc9883d747ec650f) commit 38736e887287cdaa88cb62b489fa9680b0aa94ee Author: Ralph Boehme Date: Mon Nov 8 12:08:47 2021 +0100 lib/cmdline: fix indentation s/whitespace/tab/ BUG: https://bugzilla.samba.org/show_bug.cgi?id=14897 Signed-off-by: Ralph Boehme Reviewed-by: Andreas Schneider (cherry picked from commit 120a598e53173aacc0994318223bdac33dac4fbd) commit 371c723e4d816c76aa1c41bed94bfb6fda1cbfad Author: Ralph Boehme Date: Mon Nov 8 19:41:50 2021 +0100 lib/debug: in debug_set_logfile() call reopen_logs_internal() This simplifies the logging API for callers that typically would want to set logging by just setup_logging() once without bothering that typically configuration is loaded (via some lpcfg_load*() or lp_load*() varient) which will only then pick up the configured logfile from smb.conf without actually applying the new logifle to the logging subsytem. Therefor our daemons will additionally call reopen_logs() explicitly in their startup code after config is loaded, eg setup_logging(getprogname(), DEBUG_FILE); ... lpcfg_load(lp_ctx, config_file); ... reopen_logs(); By calling reopen_logs_internal() implicitly from debug_set_logfile() there's no need to call reopen_logs() explicitly anymore to apply the logfile. As reopen_logs() will also apply other logging configuration options, we have to keep the explicit calls in the daemon code. But at least this allows consistent logging setup wrt to the logfile in the new cmdline library. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14897 Signed-off-by: Ralph Boehme Reviewed-by: Andreas Schneider (cherry picked from commit fa9d9974d068897d35539e5316f606a15e8b38de) commit cda7fb2a0578f2fb809fc134628e89eac616b40f Author: Ralph Boehme Date: Wed Nov 10 14:13:11 2021 +0100 lib/debug: fix fd check before dup'ing to stderr Before I added per-class logfile and we had only one fd for the logfile the code looked like this: /* Take over stderr to catch output into logs */ if (state.fd > 0) { if (dup2(state.fd, 2) == -1) { /* Close stderr too, if dup2 can't point it - at the logfile. There really isn't much that can be done on such a fundamental failure... */ close_low_fd(2); } } In the current code the equivalent to state.fd is dbgc_config[DBGC_ALL].fd. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14897 Signed-off-by: Ralph Boehme Reviewed-by: Andreas Schneider (cherry picked from commit 948a82bd2651e73e4e669a89dc77ba93abbb9b2f) commit 9462c39eab8d22a1ffd15dd0ca8aabbfc9e02a28 Author: Ralph Boehme Date: Wed Nov 10 18:27:08 2021 +0100 winbindd: remove is_default_dyn_LOGFILEBASE() logic Handling of -l commandline parameter is already implemented by
[SCM] Samba Shared Repository - branch v4-15-test updated
The branch, v4-15-test has been updated via f15232d28ec auth:creds: Guess the username first via getpwuid(my_id) from db4e342291f s3:winbindd: fix "allow trusted domains = no" regression https://git.samba.org/?p=samba.git;a=shortlog;h=v4-15-test - Log - commit f15232d28ecf37a0ad3c026c37c4b7a7d0898e66 Author: Andreas Schneider Date: Wed Nov 10 12:06:51 2021 +0100 auth:creds: Guess the username first via getpwuid(my_id) If we have a container, we often don't have USER or LOGNAME set. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14883 Tested-by: Anoop C S Signed-off-by: Andreas Schneider Reviewed-by: Stefan Metzmacher (cherry picked from commit c28be4067463e582e378df402f812e510883d606) Autobuild-User(v4-15-test): Jule Anger Autobuild-Date(v4-15-test): Mon Nov 15 11:34:06 UTC 2021 on sn-devel-184 --- Summary of changes: auth/credentials/credentials.c | 13 + 1 file changed, 13 insertions(+) Changeset truncated at 500 lines: diff --git a/auth/credentials/credentials.c b/auth/credentials/credentials.c index 02a3cf3b354..c5a6ba6940c 100644 --- a/auth/credentials/credentials.c +++ b/auth/credentials/credentials.c @@ -30,6 +30,7 @@ #include "tevent.h" #include "param/param.h" #include "system/filesys.h" +#include "system/passwd.h" /** * Create a new credentials structure @@ -1159,6 +1160,7 @@ _PUBLIC_ bool cli_credentials_guess(struct cli_credentials *cred, { const char *error_string; const char *env = NULL; + struct passwd *pwd = NULL; bool ok; if (lp_ctx != NULL) { @@ -1168,6 +1170,17 @@ _PUBLIC_ bool cli_credentials_guess(struct cli_credentials *cred, } } + pwd = getpwuid(getuid()); + if (pwd != NULL) { + size_t len = strlen(pwd->pw_name); + + if (len > 0 && len <= 1024) { + (void)cli_credentials_parse_string(cred, + pwd->pw_name, + CRED_GUESS_ENV); + } + } + env = getenv("LOGNAME"); if (env != NULL) { size_t len = strlen(env); -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-14-test updated
The branch, v4-14-test has been updated via 8ccb26c679b CVE-2020-25717: s3:auth: Fallback to a SID/UID based mapping if the named based lookup fails via ff3798418e8 CVE-2020-25717: tests/krb5: Add a test for idmap_nss mapping users to SIDs via 9bef6bc6cf0 CVE-2020-25717: selftest: turn ad_member_no_nss_wb into ad_member_idmap_nss via f00c993f0c7 CVE-2020-25717: nsswitch/nsstest.c: Lower 'non existent uid' to make room for new accounts via 8bed2c3f7a9 CVE-2020-25717: tests/krb5: Add method to automatically obtain server credentials via 1bd06f8cb35 CVE-2020-25727: idmap_nss: verify that the name of the sid belongs to the configured domain via 75ab0a306fc IPA DC: add missing checks from 5b1d789632f s3:winbindd: fix "allow trusted domains = no" regression https://git.samba.org/?p=samba.git;a=shortlog;h=v4-14-test - Log - commit 8ccb26c679ba0b909cbba654d00797f99580679f Author: Andrew Bartlett Date: Fri Nov 12 16:10:31 2021 +1300 CVE-2020-25717: s3:auth: Fallback to a SID/UID based mapping if the named based lookup fails Before the CVE-2020-25717 fixes we had a fallback from getpwnam('DOMAIN\user') to getpwnam('user') which was very dangerous and unpredictable. Now we do the fallback based on sid_to_uid() followed by getpwuid() on the returned uid. This obsoletes 'username map [script]' based workaround adviced for CVE-2020-25717, when nss_winbindd is not used or idmap_nss is actually used. In future we may decide to prefer or only do the SID/UID based lookup, but for now we want to keep this unchanged as much as possible. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14901 Pair-Programmed-With: Stefan Metzmacher Signed-off-by: Andrew Bartlett Signed-off-by: Stefan Metzmacher [me...@samba.org moved the new logic into the fallback codepath only in order to avoid behavior changes as much as possible] Reviewed-by: Ralph Boehme Autobuild-User(master): Ralph Böhme Autobuild-Date(master): Mon Nov 15 19:01:56 UTC 2021 on sn-devel-184 (cherry picked from commit 0a546be05295a7e4a552f9f4f0c74aeb2e9a0d6e) Autobuild-User(v4-14-test): Jule Anger Autobuild-Date(v4-14-test): Thu Nov 18 07:39:38 UTC 2021 on sn-devel-184 commit ff3798418e8a77492d50dfd32deed4f11f7ba7ce Author: Joseph Sutton Date: Fri Nov 12 14:22:47 2021 +1300 CVE-2020-25717: tests/krb5: Add a test for idmap_nss mapping users to SIDs BUG: https://bugzilla.samba.org/show_bug.cgi?id=14901 Pair-Programmed-With: Stefan Metzmacher Signed-off-by: Joseph Sutton Signed-off-by: Stefan Metzmacher [me...@samba.org removed unused tests for a feature that was removed before merging] Reviewed-by: Ralph Boehme (cherry picked from commit 494bf7de6ff3e9abeb3753df0635737b80ce5bb7) commit 9bef6bc6cf027c3b61498b4944388940e23e7a1c Author: Joseph Sutton Date: Fri Nov 12 14:20:45 2021 +1300 CVE-2020-25717: selftest: turn ad_member_no_nss_wb into ad_member_idmap_nss In reality environments without 'nss_winbind' make use of 'idmap_nss'. For testing, DOMAIN/bob is mapped to the local 'bob', while DOMAIN/jane gets the uid based on the local 'jane' vis idmap_nss. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14901 Pair-Programmed-With: Stefan Metzmacher Signed-off-by: Joseph Sutton Signed-off-by: Stefan Metzmacher [me...@samba.org avoid to create a new ad_member_idmap_nss environment and merge it with ad_member_no_nss_wb instead] Reviewed-by: Ralph Boehme (cherry picked from commit 8a9f2aa2c1cdfa72ad50d7c4f879220fe37654cd) commit f00c993f0c74de38d58766b1050bb13f78b42c9a Author: Joseph Sutton Date: Fri Nov 12 20:53:30 2021 +1300 CVE-2020-25717: nsswitch/nsstest.c: Lower 'non existent uid' to make room for new accounts BUG: https://bugzilla.samba.org/show_bug.cgi?id=14901 Signed-off-by: Joseph Sutton Reviewed-by: Stefan Metzmacher Reviewed-by: Ralph Boehme (cherry picked from commit fdbee5e074ebd76d659613b8b7114d70f938c38a) commit 8bed2c3f7a970dc8933a5215e2d9ba041c9a8759 Author: Joseph Sutton Date: Fri Nov 12 14:14:55 2021 +1300 CVE-2020-25717: tests/krb5: Add method to automatically obtain server credentials BUG: https://bugzilla.samba.org/show_bug.cgi?id=14901 Signed-off-by: Joseph Sutton Reviewed-by: Stefan Metzmacher Reviewed-by: Ralph Boehme (cherry picked from commit 5ea347d3673e35891613c90ca837d1ce4833c1b0) commit 1bd06f8cb357df0c3f3f25899cda38b6f842c659 Author: Stefan Metzmacher Date: Fri Nov 12 15:27:58 2021 +0100 CVE-2020-25727: idmap_nss: verify that the name of the sid belongs to the configured domain We alr
[SCM] Samba Shared Repository - branch v4-15-test updated
The branch, v4-15-test has been updated via 0d3842697b4 IPA DC: add missing checks from f15232d28ec auth:creds: Guess the username first via getpwuid(my_id) https://git.samba.org/?p=samba.git;a=shortlog;h=v4-15-test - Log - commit 0d3842697b44a821ccfba72b35fbbde2804c59cf Author: Alexander Bokovoy Date: Fri Nov 12 19:06:01 2021 +0200 IPA DC: add missing checks When introducing FreeIPA support, two places were forgotten: - schannel gensec module needs to be aware of IPA DC - _lsa_QueryInfoPolicy should treat IPA DC as PDC BUG: https://bugzilla.samba.org/show_bug.cgi?id=14903 Signed-off-by: Alexander Bokovoy Reviewed-by: Guenther Deschner Autobuild-User(master): Alexander Bokovoy Autobuild-Date(master): Sat Nov 13 07:01:26 UTC 2021 on sn-devel-184 (cherry picked from commit c69b66f649c1d47a7367f7efe25b8df32369a3a5) Autobuild-User(v4-15-test): Jule Anger Autobuild-Date(v4-15-test): Mon Nov 15 14:34:34 UTC 2021 on sn-devel-184 --- Summary of changes: auth/gensec/schannel.c | 1 + source3/rpc_server/lsa/srv_lsa_nt.c | 1 + 2 files changed, 2 insertions(+) Changeset truncated at 500 lines: diff --git a/auth/gensec/schannel.c b/auth/gensec/schannel.c index 0cdae141ead..6ebbe8f3179 100644 --- a/auth/gensec/schannel.c +++ b/auth/gensec/schannel.c @@ -1080,6 +1080,7 @@ static NTSTATUS schannel_server_start(struct gensec_security *gensec_security) case ROLE_DOMAIN_BDC: case ROLE_DOMAIN_PDC: case ROLE_ACTIVE_DIRECTORY_DC: + case ROLE_IPA_DC: return NT_STATUS_OK; default: return NT_STATUS_NOT_IMPLEMENTED; diff --git a/source3/rpc_server/lsa/srv_lsa_nt.c b/source3/rpc_server/lsa/srv_lsa_nt.c index d6d606ddeca..36774be3e32 100644 --- a/source3/rpc_server/lsa/srv_lsa_nt.c +++ b/source3/rpc_server/lsa/srv_lsa_nt.c @@ -683,6 +683,7 @@ NTSTATUS _lsa_QueryInfoPolicy(struct pipes_struct *p, switch (lp_server_role()) { case ROLE_DOMAIN_PDC: case ROLE_DOMAIN_BDC: + case ROLE_IPA_DC: name = get_global_sam_name(); sid = dom_sid_dup(p->mem_ctx, get_global_sam_sid()); if (!sid) { -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-14-test updated
/raw_testcase.py: add assertElement*() via e089c45d44d tests/krb5/raw_testcase.py: introduce STRICT_CHECKING=0 in order to relax the checks in future via d48196e12f4 tests/krb5/raw_testcase.py: Add get_{client,server,krbtgt}_creds() via e63908db368 tests/krb5/rfc4120.asn1: Improve definitions to allow expanded testing via e9a2916b5f3 Rename python/samba/tests/krb5/{rfc4120_pyasn1_regen.sh => pyasn1_regen.sh} via 8958105aa80 auth/credentials: allow credentials.Credentials to act as base class via 72606c02824 python: Make credentials cache test run against Windows via 29d8bacc8a4 python: Fix ticket timestamp conversion when local timezone is not UTC via 0b937a91422 python: Fix erroneous increments of reference counts via de40f47cfac python: Ensure reference counts are properly incremented via 795e2b4d487 python: Add SMB credentials cache test via 7439b5a91db pylibsmb: Add posix_whoami() via e2b0cdcb507 libsmb: Ensure that whoami parses all the data provided to it via 728d13309df libsmb: Check to see that whoami is not receiving more data than it requested via 72a11b5eb38 libsmb: Avoid undefined behaviour when parsing whoami state via 9dea3dd8b8e libsmb: Remove overflow check via 76047162bb0 Revert "libsmb: Use sid_parse()" via f8c0dff5b08 python: Add RPC credentials cache test via 8667e6bcdd3 python: Add LDAP credentials cache test via 876fe2503fe python: Add credentials cache test via 43e20ad3ea2 krb5: Add Python functions to create a credentials cache containing a service ticket via e7ec9b0779a librpc: Test parsing a Kerberos 5 credentials cache with ndrdump via 0d08a120e77 krb5ccache.idl: Add definition for a Kerberos credentials cache via c7525b69fe1 Revert "s4-test: fixed ndrdump test for top level build" via b1ed4f5ff37 pygensec: Fix method documentation via 6d7dbe77a9e auth:creds: Fix parameter in creds.set_named_ccache() via c222cf2cd4f auth:creds: Remove unused variable via b5d279057f6 tests python krb5: MS-KILE client principal look-up via b30947fc856 librpc: Add py_descriptor_richcmp() equality function from 551a39d890a ctdb-daemon: Don't mark a node as unhealthy when connecting to it https://git.samba.org/?p=samba.git;a=shortlog;h=v4-14-test - Log - commit 53b48cbe9a8e20007f45568519c81f95c172a5ad Author: Andrew Bartlett Date: Tue Aug 31 22:38:01 2021 +1200 tests/krb5: Allow KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN for a missing sname This allows our code to still pass with the error code that MIT and Heimdal have chosen BUG: https://bugzilla.samba.org/show_bug.cgi?id=14770 BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 Signed-off-by: Andrew Bartlett Reviewed-by: Andreas Schneider Autobuild-User(master): Andreas Schneider Autobuild-Date(master): Thu Sep 2 14:28:31 UTC 2021 on sn-devel-184 [abart...@samba.org: Backported from 10baaf08523200e47451aa1862430977b0365b59 to Samba 4.14 due to conflicts in knownfail as the test which crashes older MIT KDC versions is omitted] Autobuild-User(v4-14-test): Jule Anger Autobuild-Date(v4-14-test): Thu Sep 16 08:02:51 UTC 2021 on sn-devel-184 commit a21afdbcd7bd921341ae38b972914ec93e3d56c7 Author: Luke Howard Date: Tue Aug 31 17:38:16 2021 +1200 kdc: KRB5KDC_ERR_{C,S}_PRINCIPAL_UNKNOWN if missing field If missing cname or sname in AS-REQ, return KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN and KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN. This matches MIT behaviour. [abart...@samba.org Backported from Heimdal commit 892a1ffcaad98157e945c540b81f65edb14d29bd and knownfail added. Further adapted knownfail for 4.14 due to conflicts as the patch that adds a test which crashes old MIT versions is omitted] BUG: https://bugzilla.samba.org/show_bug.cgi?id=14770 BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 Signed-off-by: Andrew Bartlett Reviewed-by: Andreas Schneider commit 7b4c9eea2534d04917d3272c34ad42f6c1378209 Author: Joseph Sutton Date: Tue Aug 31 19:42:33 2021 +1200 tests/krb5: Allow expected_error_mode to be a container type This allows a range of possible error codes to be checked against, for cases when the particular error code returned is not so important. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14770 BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 Signed-off-by: Joseph Sutton Reviewed-by: Andreas Schneider (cherry picked from commit ebd673e976aea5dd481a75f180fd526995c4fda0) commit 63e5d195a5a258b45b7f2556e2b2188c97d5616d Author: Joseph Sutton Date: Fri Aug 27 13:26:45 2021 +1200 tests/krb5: Allow specify
[SCM] Samba Shared Repository - branch v4-13-test updated
code to still pass with the error code that MIT and Heimdal have chosen BUG: https://bugzilla.samba.org/show_bug.cgi?id=14770 BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 Signed-off-by: Andrew Bartlett Reviewed-by: Andreas Schneider Autobuild-User(master): Andreas Schneider Autobuild-Date(master): Thu Sep 2 14:28:31 UTC 2021 on sn-devel-184 [abart...@samba.org: Backported from 10baaf08523200e47451aa1862430977b0365b59 to Samba 4.14 due to conflicts in knownfail as the test which crashes older MIT KDC versions is omitted] Autobuild-User(v4-13-test): Jule Anger Autobuild-Date(v4-13-test): Thu Sep 16 08:54:13 UTC 2021 on sn-devel-184 commit 7a2a6e0bcb0f9508322e940360b95eae52572cb2 Author: Luke Howard Date: Tue Aug 31 17:38:16 2021 +1200 kdc: KRB5KDC_ERR_{C,S}_PRINCIPAL_UNKNOWN if missing field If missing cname or sname in AS-REQ, return KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN and KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN. This matches MIT behaviour. [abart...@samba.org Backported from Heimdal commit 892a1ffcaad98157e945c540b81f65edb14d29bd and knownfail added. Further adapted knownfail for 4.14 due to conflicts as the patch that adds a test which crashes old MIT versions is omitted] BUG: https://bugzilla.samba.org/show_bug.cgi?id=14770 BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 Signed-off-by: Andrew Bartlett Reviewed-by: Andreas Schneider commit 1e27b45f49c1a6d610ec498e48b4ed4f6e85c772 Author: Joseph Sutton Date: Tue Aug 31 19:42:33 2021 +1200 tests/krb5: Allow expected_error_mode to be a container type This allows a range of possible error codes to be checked against, for cases when the particular error code returned is not so important. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14770 BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 Signed-off-by: Joseph Sutton Reviewed-by: Andreas Schneider (cherry picked from commit ebd673e976aea5dd481a75f180fd526995c4fda0) commit 57800189c5f4a92058ff293f8583805ebcf9928d Author: Joseph Sutton Date: Fri Aug 27 13:26:45 2021 +1200 tests/krb5: Allow specifying parameters specific to the inner FAST request body BUG: https://bugzilla.samba.org/show_bug.cgi?id=14770 BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 Signed-off-by: Joseph Sutton Reviewed-by: Andreas Schneider (cherry picked from commit c6d7e19ecfb264c6f79df5a20e830e4ea6fdb340) commit b5e11c10966dcbb9ca4e751c6c378e2f9ed6e358 Author: Joseph Sutton Date: Fri Aug 27 13:02:04 2021 +1200 tests/krb5: Add tests for omitting sname in request BUG: https://bugzilla.samba.org/show_bug.cgi?id=14770 BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 Signed-off-by: Joseph Sutton Reviewed-by: Andreas Schneider (cherry picked from commit 13caf7bd2440c80f4f4775725b7863d16a5b) commit cabc5b114dc094e36b4c052ed524757990ec6321 Author: Joseph Sutton Date: Fri Aug 27 13:00:37 2021 +1200 tests/krb5: Check PADATA-PW-SALT element in e-data BUG: https://bugzilla.samba.org/show_bug.cgi?id=14770 BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 Signed-off-by: Joseph Sutton Reviewed-by: Andreas Schneider (cherry picked from commit 1e4d757394a0bbda587d5ff91801f88539b712b1) commit 8a8872f7070a6f2c89e2ba38d89df0e27bca9f71 Author: Joseph Sutton Date: Fri Aug 27 13:00:21 2021 +1200 tests/krb5: Check e-data element for TGS-REP errors without FAST BUG: https://bugzilla.samba.org/show_bug.cgi?id=14770 BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 Signed-off-by: Joseph Sutton Reviewed-by: Andreas Schneider (cherry picked from commit e373c6461a88c44303ea8cdbebc2d78dd15dec4a) commit bd76f6d47e756692243a77e7628324e333c566a0 Author: Andrew Bartlett Date: Wed Sep 1 10:43:06 2021 +1200 tests/krb5: Remove harmful and a-typical return in as_req testcase A test in a TestCase class should not return a value, the test is determined by the assertions raised. Other changes will shortly cause kdc_exchange_dict[preauth_etype_info2] to not always be filled, so we need to remove this rudundent code. This also fixes a *lot* of tests against the MIT KDC BUG: https://bugzilla.samba.org/show_bug.cgi?id=14770 BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 Signed-off-by: Andrew Bartlett Reviewed-by: Andreas Schneider (cherry picked from commit 3330eaf39c6174f2d90fe4d8e016efb97005d1e5) commit d3a611377bdda70e6940b6f3fff03cc6240f6a5b Author: Joseph Sutton Date: Thu Jul 29 12:25:06 2021 +1200 CVE-2021-3671 tests/krb5: Add tests for omitting sname in outer request Note: Without the previous patch, 'test_fast_tgs_outer_no_sname' would crash the Heimdal KDC.
[SCM] Samba Website Repository - branch master updated
The branch, master has been updated via a682773 Add Samba 4.15.1 via f81fe8a NEWS[4.15.1]: Samba 4.15.1 Available for Download from 9718fc0 team: add Jule https://git.samba.org/?p=samba-web.git;a=shortlog;h=master - Log - commit a682773b8dcdb38d8bd9e45a59569fee0a855af9 Author: Jule Anger Date: Wed Oct 27 14:59:04 2021 +0200 Add Samba 4.15.1 Signed-off-by: Jule Anger commit f81fe8a9d2923a0bc649d3515a459fb09f73e2ff Author: Jule Anger Date: Wed Oct 27 14:56:16 2021 +0200 NEWS[4.15.1]: Samba 4.15.1 Available for Download Signed-off-by: Jule Anger --- Summary of changes: history/header_history.html | 1 + history/samba-4.15.1.html| 105 +++ posted_news/20211027-125806.4.15.1.body.html | 13 +++ posted_news/20211027-125806.4.15.1.headline.html | 3 + 4 files changed, 122 insertions(+) create mode 100644 history/samba-4.15.1.html create mode 100644 posted_news/20211027-125806.4.15.1.body.html create mode 100644 posted_news/20211027-125806.4.15.1.headline.html Changeset truncated at 500 lines: diff --git a/history/header_history.html b/history/header_history.html index c9e2c01..cdbffe5 100755 --- a/history/header_history.html +++ b/history/header_history.html @@ -9,6 +9,7 @@ Release Notes + samba-4.15.1 samba-4.15.0 samba-4.14.8 samba-4.14.7 diff --git a/history/samba-4.15.1.html b/history/samba-4.15.1.html new file mode 100644 index 000..a4504d8 --- /dev/null +++ b/history/samba-4.15.1.html @@ -0,0 +1,105 @@ +http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd;> +http://www.w3.org/1999/xhtml;> + +Samba 4.15.1 - Release Notes + + +Samba 4.15.1 Available for Download + +https://download.samba.org/pub/samba/stable/samba-4.15.1.tar.gz;>Samba 4.15.1 (gzipped) +https://download.samba.org/pub/samba/stable/samba-4.15.1.tar.asc;>Signature + + +https://download.samba.org/pub/samba/patches/samba-4.15.0-4.15.1.diffs.gz;>Patch (gzipped) against Samba 4.15.0 +https://download.samba.org/pub/samba/patches/samba-4.15.0-4.15.1.diffs.asc;>Signature + + + + == + Release Notes for Samba 4.15.1 + October 27, 2021 + == + + +This is the latest stable release of the Samba 4.15 release series. + + +Changes since 4.15.0 + + +o Jeremy Allison j...@samba.org + * BUG 14682: vfs_shadow_copy2: core dump in make_relative_path. + * BUG 14685: Log clutter from filename_convert_internal. + * BUG 14862: MacOSX compilation fixes. + +o Douglas Bagnall douglas.bagn...@catalyst.net.nz + * BUG 14868: rodc_rwdc test flaps. + +o Andrew Bartlett abart...@samba.org + * BUG 14642: Provide a fix for MS CVE-2020-17049 in Samba [SECURITY] Bronze + bit S4U2Proxy Constrained Delegation bypass in Samba with embedded + Heimdal. + * BUG 14836: Python ldb.msg_diff() memory handling failure. + * BUG 14845: in operator on ldb.Message is case sensitive. + * BUG 14848: Release LDB 2.4.1 for Samba 4.15.1. + * BUG 14854: samldb_krbtgtnumber_available() looks for incorrect string. + * BUG 14871: Fix Samba support for UF_NO_AUTH_DATA_REQUIRED. + * BUG 14874: Allow special chars like @ in samAccountName when generating + the salt. + +o Ralph Boehme s...@samba.org + * BUG 14826: Correctly ignore comments in CTDB public addresses file. + +o Isaac Boukris ibouk...@gmail.com + * BUG 14642: Provide a fix for MS CVE-2020-17049 in Samba [SECURITY] Bronze + bit S4U2Proxy Constrained Delegation bypass in Samba with embedded + Heimdal. + +o Viktor Dukhovni vik...@twosigma.com + * BUG 12998: Fix transit path validation. + +o Pavel Filipenský pfili...@redhat.com + * BUG 14852: Fix that child winbindd logs to log.winbindd instead of + log.wb-DOMAIN. + +o Luke Howard lu...@padl.com + * BUG 14642: Provide a fix for MS CVE-2020-17049 in Samba [SECURITY] Bronze + bit S4U2Proxy Constrained Delegation bypass in Samba with embedded + Heimdal. + +o Stefan Metzmacher me...@samba.org + * BUG 14855: SMB3 cancel requests should only include the MID together with + AsyncID when AES-128-GMAC is used. + +o Alex Richardson alexander.richard...@cl.cam.ac.uk + * BUG 14862: MacOSX compilation fixes. + +o Andreas Schneider a...@samba.org + * BUG 14870: Prepare to operate with MIT krb5 = 1.20. + +o Martin Schwenke mar...@meltin.net + * BUG 14826: Correctly ignore comments in CTDB public addresses file. + +o Joseph Sutton josephsut...@catalyst.net.nz + * BUG 14642: Provide a fix for MS CVE-2020-17049 in Samba
[SCM] Samba Shared Repository - branch v4-15-stable updated
The branch, v4-15-stable has been updated via 5850ae94ba6 VERSION: Disable GIT_SNAPSHOT for the 4.15.1 release. via 3caf4af915a WHATSNEW: Add release notes for Samba 4.15.1. via a795e0c8459 Release ldb 2.4.1 via 9e2da222f7f pyldb: Make ldb.Message containment testing consistent with indexing via b4601d0db20 pyldb: Add tests for ldb.Message containment testing via 2311987af25 pyldb: Raise TypeError for an invalid ldb.Message index via bef676475fe pyldb: Add test for an invalid ldb.Message index type via ba4032b73a4 s4/torture/drs/python: Fix attribute existence check via d32f732c796 pyldb: Fix deleting an ldb.Control critical flag via 3b6c8bd55b3 pytest:segfault: Add test for deleting an ldb.Control critical flag via 6db664a07da pyldb: Fix deleting an ldb.Message dn via f4ca03b0cc2 pytest:segfault: Add test for deleting an ldb.Message dn via 34d50f415ae Fix Python docstrings via 753e0dfc6c9 lib/krb5_wrap: Fix missing error check in new salt code via c72b210cdca dsdb: Allow special chars like "@" in samAccountName when generating the salt via b1dbaecb2ec tests/krb5: Add tests for account salt calculation via 798ac7ff1ba tests/krb5: Fix account salt calculation to match Windows via fcd11a480e7 tests/krb5: Allow specifying the UPN for test accounts via 8c0296c8956 tests/krb5: Allow creating machine accounts without a trailing dollar via 4cedeb32538 tests/krb5: Allow specifying prefix or suffix for test account names via cd1b3cbce50 tests/krb5: Decrease length of test account prefix via 3affd02a83a selftest/Samba3: replace (winbindd => "yes", skip_wait => 1) with (winbindd => "offline") via 057e6d872db selftest/Samba3: remove unused close(USERMAP); calls via f901e3dc08c waf: Allow building with MIT KRB5 >= 1.20 via 28630a31be8 selftest: Improve error handling and perl style when setting up users in Samba4.pm via cd04ce50ac3 selftest: Remove duplicate setup of $base_dn and $ldbmodify via 175dde8ab48 pytest: s3_net_join: avoid name clash via 63e688099b4 selftest: krb5 account creation: clarify account type as an enum via c4b15874037 pytest: dynamic tests optionally add __doc__ via e17d54554c9 selftest: Increase account lockout windows to make test more realiable via 140ec12e25e pytest/rodc_rwdc: try to avoid race. via dc768d84f02 HEIMDAL:kdc: Fix transit path validation CVE-2017-6594 via a7dcff14bdd tests/krb5: Add tests for constrained delegation to NO_AUTH_DATA_REQUIRED service via 54d9b9e0406 tests/krb5: Ensure PAC is not present if expect_pac is false via 19e770f04ea kdc: Correctly strip PAC, rather than error on UF_NO_AUTH_DATA_REQUIRED for servers via 30b2a47af03 kdc: Remove UF_NO_AUTH_DATA_REQUIRED from client principals via ce53ffc660e tests/krb5: Add tests for requesting a service ticket without a PAC via 3f89f5d3e09 tests/krb5: Add method to get the PAC from a ticket via 3c2cf8200d2 tests/krb5: Allow specifying whether to expect a PAC with _test_as_exchange() via 34e3b8e09f4 tests/krb5: Allow get_tgt() to request including or omitting a PAC via bab70b995a1 heimdal:kdc: Fix ticket signing without a PAC via af42d3fa44c selftest/dbcheck: Fix up RODC one-way links (use correct dbcheck rule) via 9a25efd54aa gitlab-ci: Do not download artifacts of unrelated builds via 64f81e2e589 gitlab-ci: Do not retry for job_execution_timeout via 2cf612f8096 krb5: Fix PAC signature leak affecting KDC via 276820695a9 s4:kdc: Check ticket signature via 1d764175725 heimdal: Make _krb5_pac_get_kdc_checksum_info() into a global function via 03ababc0de6 s4/heimdal/lib/krb5/pac.c: Align PAC buffers to match Windows via e735b36fcc1 kdc: correctly generate PAC TGS signature via 329054bc433 kdc: use ticket client name when signing PAC via 4cdcbc761c3 kdc: only set HDB_F_GET_KRBTGT when requesting TGS principal via 7df64eb0189 krb5: return KRB5KRB_AP_ERR_INAPP_CKSUM if PAC checksum fails via 764c7d74090 krb5: rework PAC validation loop via 060abb2f1b4 krb5: allow NULL parameter to krb5_pac_free() via 4b2890412c9 kdc: sign ticket using Windows PAC via 79278289cf3 kdc: remove KRB5SignedPath, to be replaced with PAC via 2e20aefce2c s4/torture: Expect ticket checksum PAC buffer via 8ba2b8aef8a s4:kdc: Fix debugging messages via 9edf3d6d810 s4:kdc: Simplify samba_kdc_update_pac_blob() to take ldb_context as parameter via d8871802eb2 tests/krb5: Fix duplicate account creation via 7b8d569aefc tests/krb5: Allow bypassing cache when creating accounts via f90bc484f49 tests/krb5: Don't include empty AD-IF-RELEVANT via
[SCM] Samba Shared Repository - branch v4-14-test updated
The branch, v4-14-test has been updated via 0e4837eb0d4 VERSION: Bump version up to Samba 4.14.10... via c1bd376c357 VERSION: Disable GIT_SNAPSHOT for the 4.14.9 release. via d9c91656442 WHATSNEW: Add release notes for Samba 4.14.9. from c1d2a0570df ldb: Release ldb 2.3.1 https://git.samba.org/?p=samba.git;a=shortlog;h=v4-14-test - Log - commit 0e4837eb0d4d284b6457cf9a5480ed5e929b6cb2 Author: Jule Anger Date: Wed Oct 27 15:15:55 2021 +0200 VERSION: Bump version up to Samba 4.14.10... and re-enable GIT_SNAPSHOT. Signed-off-by: Jule Anger commit c1bd376c357425c6f23c18126218623f5ce51551 Author: Jule Anger Date: Wed Oct 27 15:14:59 2021 +0200 VERSION: Disable GIT_SNAPSHOT for the 4.14.9 release. Signed-off-by: Jule Anger commit d9c91656442b49347489f00f9245605a8020b62d Author: Jule Anger Date: Wed Oct 27 14:27:35 2021 +0200 WHATSNEW: Add release notes for Samba 4.14.9. Signed-off-by: Jule Anger --- Summary of changes: VERSION | 2 +- WHATSNEW.txt | 104 +-- 2 files changed, 103 insertions(+), 3 deletions(-) Changeset truncated at 500 lines: diff --git a/VERSION b/VERSION index b86286b3ecb..8710c8f64a0 100644 --- a/VERSION +++ b/VERSION @@ -25,7 +25,7 @@ SAMBA_VERSION_MAJOR=4 SAMBA_VERSION_MINOR=14 -SAMBA_VERSION_RELEASE=9 +SAMBA_VERSION_RELEASE=10 # If a official release has a serious bug # diff --git a/WHATSNEW.txt b/WHATSNEW.txt index cdea32de764..e41ee1dabb4 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,3 +1,104 @@ + == + Release Notes for Samba 4.14.9 + October 27, 2021 + == + + +This is the latest stable release of the Samba 4.14 release series. + + +Changes since 4.14.8 + + +o Jeremy Allison + * BUG 14682: vfs_shadow_copy2: core dump in make_relative_path. + +o Douglas Bagnall + * BUG 14868: rodc_rwdc test flaps. + * BUG 14881: Backport bronze bit fixes, tests, and selftest improvements. + +o Andrew Bartlett + * BUG 14836: Python ldb.msg_diff() memory handling failure. + * BUG 14642: Provide a fix for MS CVE-2020-17049 in Samba [SECURITY] 'Bronze + bit' S4U2Proxy Constrained Delegation bypass in Samba with embedded + Heimdal. + * BUG 14845: "in" operator on ldb.Message is case sensitive. + * BUG 14848: Release LDB 2.3.1 for Samba 4.14.9. + * BUG 14870: Prepare to operate with MIT krb5 >= 1.20. + * BUG 14871: Fix Samba support for UF_NO_AUTH_DATA_REQUIRED. + * BUG 14874: Allow special chars like "@" in samAccountName when generating + the salt. + * BUG 14881: Backport bronze bit fixes, tests, and selftest improvements. + +o Ralph Boehme + * BUG 14826: Correctly ignore comments in CTDB public addresses file. + +o Isaac Boukris + * BUG 14642: Provide a fix for MS CVE-2020-17049 in Samba [SECURITY] 'Bronze + bit' S4U2Proxy Constrained Delegation bypass in Samba with embedded + Heimdal. + * BUG 14881: Backport bronze bit fixes, tests, and selftest improvements. + +o Viktor Dukhovni + * BUG 12998: Fix transit path validation. + * BUG 14881: Backport bronze bit fixes, tests, and selftest improvements. + +o Luke Howard + * BUG 14642: Provide a fix for MS CVE-2020-17049 in Samba [SECURITY] 'Bronze + bit' S4U2Proxy Constrained Delegation bypass in Samba with embedded + Heimdal. + * BUG 14881: Backport bronze bit fixes, tests, and selftest improvements. + +o Stefan Metzmacher + * BUG 14881: Backport bronze bit fixes, tests, and selftest improvements. + +o Andreas Schneider + * BUG 14870: Prepare to operate with MIT krb5 >= 1.20. + * BUG 14881: Backport bronze bit fixes, tests, and selftest improvements. + +o Martin Schwenke + * BUG 14826: Correctly ignore comments in CTDB public addresses file. + +o Joseph Sutton + * BUG 14642: Provide a fix for MS CVE-2020-17049 in Samba [SECURITY] 'Bronze + bit' S4U2Proxy Constrained Delegation bypass in Samba with embedded + Heimdal. + * BUG 14845: "in" operator on ldb.Message is case sensitive. + * BUG 14868: rodc_rwdc test flaps. + * BUG 14871: Fix Samba support for UF_NO_AUTH_DATA_REQUIRED. + * BUG 14874: Allow special chars like "@" in samAccountName when generating + the salt. + * BUG 14881: Backport bronze bit fixes, tests, and selftest improvements. + +o Nicolas Williams + * BUG 14642: Provide a fix for MS CVE-2020-17049 in Samba [SECURITY] 'Bronze + bit' S4U2Proxy Constrained Delegation bypass in Samba with embedded +
[SCM] Samba Shared Repository - annotated tag samba-4.14.9 created
The annotated tag, samba-4.14.9 has been created at d1652faade518b8ca875f7014123955372e4cf9d (tag) tagging c1bd376c357425c6f23c18126218623f5ce51551 (commit) replaces ldb-2.3.1 tagged by Jule Anger on Wed Oct 27 15:20:26 2021 +0200 - Log - samba: tag release samba-4.14.9 -BEGIN PGP SIGNATURE- iQIzBAABCgAdFiEEgfXigyvSVFoYl7cTqplEL7aAtiAFAmF5UhoACgkQqplEL7aA tiCG9w/+MWvrb6rPvG/qTBn7g7hR3dQrFXSvpSAthUIkNnCCb/D9+qfJGnwUmkad 9scsLFBL8eLGxYBT/7Wl3WDMPWLQ7MwCnYeuJQhf4/lb7r0CzCpM/G3HxGH6j+ao ideQ0uqcSpzlQ3NTTyAxyMOJv6MFEekjF5S/sefzGaPQq8ZbFEPpBxiDRmLucCMo aGkmUtC15TRZYx5tscOI2b/VyvUAIVsbW7Fq1+LhzlzHxKpNYzawrR24nwZrcwxj PWFj8NgT6aqv2IrW0GmqYJY3ue2OToDrK7mu6tBNybM+I8KtWUcCU+3nqU7+XmES 1m9K/rqsSVBworKkIKuiBlit4B22CS8QejfIyJN70UxhU0yE+zr8AQOeqT8Nv+M8 p25YUjU2ucmmyZA3nuztk/bur2lzXJXVNXlGmqvrV7qPENGBJUnwKPTJCvdiTWdd ajoXOa2piQ+EvD/f4KC+v5zsNS2kvY5g6/PtldOZ6aw61WsFi335ULmfvgPzqxxg EoiuKYzY3hPIGqvAevJZ/AXmrwoNes+N3AmMjsCI2S9d4Fy3hp3TXxxYOJalljgu 8WcofjQHHpM0yHeUY0E4XVVL2HFuRfwqYt1WoBW0X2GHJXkpiqZmxfD8H2gI2cjn OhbZIbhZADnoTHvgTlPOx9oSh8efAh78gDvhIJ3MUiRTjqZ+4ds= =hq8O -END PGP SIGNATURE- Jule Anger (2): WHATSNEW: Add release notes for Samba 4.14.9. VERSION: Disable GIT_SNAPSHOT for the 4.14.9 release. --- -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-15-test updated
The branch, v4-15-test has been updated via 19f0172708e VERSION: Bump version up to Samba 4.15.2... via 5850ae94ba6 VERSION: Disable GIT_SNAPSHOT for the 4.15.1 release. via 3caf4af915a WHATSNEW: Add release notes for Samba 4.15.1. from a795e0c8459 Release ldb 2.4.1 https://git.samba.org/?p=samba.git;a=shortlog;h=v4-15-test - Log - commit 19f0172708e315360b87bc966aabf10ed1e439fb Author: Jule Anger Date: Wed Oct 27 14:51:32 2021 +0200 VERSION: Bump version up to Samba 4.15.2... and re-enable GIT_SNAPSHOT. Signed-off-by: Jule Anger commit 5850ae94ba6dc90850772084a8d7c3d60b01dbd2 Author: Jule Anger Date: Wed Oct 27 14:50:42 2021 +0200 VERSION: Disable GIT_SNAPSHOT for the 4.15.1 release. Signed-off-by: Jule Anger commit 3caf4af915a54226c3c34837284f696817f77697 Author: Jule Anger Date: Wed Oct 27 14:36:42 2021 +0200 WHATSNEW: Add release notes for Samba 4.15.1. Signed-off-by: Jule Anger --- Summary of changes: VERSION | 2 +- WHATSNEW.txt | 105 +++ 2 files changed, 106 insertions(+), 1 deletion(-) Changeset truncated at 500 lines: diff --git a/VERSION b/VERSION index 83e51b1136b..7aaed9b5009 100644 --- a/VERSION +++ b/VERSION @@ -25,7 +25,7 @@ SAMBA_VERSION_MAJOR=4 SAMBA_VERSION_MINOR=15 -SAMBA_VERSION_RELEASE=1 +SAMBA_VERSION_RELEASE=2 # If a official release has a serious bug # diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 18cc15dcff5..73cc1613bef 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,3 +1,108 @@ + == + Release Notes for Samba 4.15.1 + October 27, 2021 + == + + +This is the latest stable release of the Samba 4.15 release series. + + +Changes since 4.15.0 + + +o Jeremy Allison + * BUG 14682: vfs_shadow_copy2: core dump in make_relative_path. + * BUG 14685: Log clutter from filename_convert_internal. + * BUG 14862: MacOSX compilation fixes. + +o Douglas Bagnall + * BUG 14868: rodc_rwdc test flaps. + +o Andrew Bartlett + * BUG 14642: Provide a fix for MS CVE-2020-17049 in Samba [SECURITY] 'Bronze + bit' S4U2Proxy Constrained Delegation bypass in Samba with embedded + Heimdal. + * BUG 14836: Python ldb.msg_diff() memory handling failure. + * BUG 14845: "in" operator on ldb.Message is case sensitive. + * BUG 14848: Release LDB 2.4.1 for Samba 4.15.1. + * BUG 14854: samldb_krbtgtnumber_available() looks for incorrect string. + * BUG 14871: Fix Samba support for UF_NO_AUTH_DATA_REQUIRED. + * BUG 14874: Allow special chars like "@" in samAccountName when generating + the salt. + +o Ralph Boehme + * BUG 14826: Correctly ignore comments in CTDB public addresses file. + +o Isaac Boukris + * BUG 14642: Provide a fix for MS CVE-2020-17049 in Samba [SECURITY] 'Bronze + bit' S4U2Proxy Constrained Delegation bypass in Samba with embedded + Heimdal. + +o Viktor Dukhovni + * BUG 12998: Fix transit path validation. + +o Pavel Filipenský + * BUG 14852: Fix that child winbindd logs to log.winbindd instead of + log.wb-. + +o Luke Howard + * BUG 14642: Provide a fix for MS CVE-2020-17049 in Samba [SECURITY] 'Bronze + bit' S4U2Proxy Constrained Delegation bypass in Samba with embedded + Heimdal. + +o Stefan Metzmacher + * BUG 14855: SMB3 cancel requests should only include the MID together with + AsyncID when AES-128-GMAC is used. + +o Alex Richardson + * BUG 14862: MacOSX compilation fixes. + +o Andreas Schneider + * BUG 14870: Prepare to operate with MIT krb5 >= 1.20. + +o Martin Schwenke + * BUG 14826: Correctly ignore comments in CTDB public addresses file. + +o Joseph Sutton + * BUG 14642: Provide a fix for MS CVE-2020-17049 in Samba [SECURITY] 'Bronze + bit' S4U2Proxy Constrained Delegation bypass in Samba with embedded + Heimdal. + * BUG 14836: Python ldb.msg_diff() memory handling failure. + * BUG 14845: "in" operator on ldb.Message is case sensitive. + * BUG 14864: Heimdal prefers RC4 over AES for machine accounts. + * BUG 14868: rodc_rwdc test flaps. + * BUG 14871: Fix Samba support for UF_NO_AUTH_DATA_REQUIRED. + * BUG 14874: Allow special chars like "@" in samAccountName when generating + the salt. + +o Nicolas Williams + * BUG 14642: Provide a fix for MS CVE-2020-17049 in Samba [SECURITY] 'Bronze + bit' S4U2Proxy Constrained Delegation bypass in Samba with embedded + Heimdal. + + +#
[SCM] Samba Shared Repository - annotated tag samba-4.15.1 created
The annotated tag, samba-4.15.1 has been created at 3311030a5dbdfbff3915cc0504c02f5ddf48daea (tag) tagging 5850ae94ba6dc90850772084a8d7c3d60b01dbd2 (commit) replaces ldb-2.4.1 tagged by Jule Anger on Wed Oct 27 14:55:59 2021 +0200 - Log - samba: tag release samba-4.15.1 -BEGIN PGP SIGNATURE- iQIzBAABCgAdFiEEgfXigyvSVFoYl7cTqplEL7aAtiAFAmF5TF8ACgkQqplEL7aA tiCWehAAnViOvfSQAtFU6EgJGW3rKU4SmFNBOerU3/0VplvbxAoUz88gEcbSU76w usxO+7+2sz6BmO30F/9dhbGc0JLIdUsYlLapTN54GqNB1cIXoV7w7s10B4E8rHgc GNXVqf1PReKGZA9ZmaoOPeyMPmxAJyf2ivZA8ewtOk25hT++D3Mg3e9hzVpd+hm8 50T+fizG3/jLvEQP/DSXbgK7TxsL+SnmjqCEh4CkVpPePzaUloSHXL0R5iCnSXzQ 8oMrgfIOqfmhZtmuepG+dHet3n1Xhyti8gYBRcIqzw6Z2R6waGnDeDUEQ/SSJ6Jn OMnmhhqhp7YTly8umypdkIulcej0WSQ2depMjCUzSKUPLlnT5XxAaAbp+FlYdHJe ar7dJkwITrd40I6qaX7Ia7FjzL+Vp3GFbYrulPHf7TExq5ubvwAIRV9vempW9YJR vh8ra2YjckvbApZhMnTUlTHh907zVaCGCetb2XdmMyd47XxcbG61u/kfw1ambPu8 yZm33GIScsNOJ2OZ/4U+WA9m3bDzlSY/JlUyDW8SyGVEClhkWH0x7ic69E/PxSDb VFlesb78uiiI0N+4yC1zhYmAjmF3Mb+cerWSfta9UwWsHJ6bFdTzcvb5UKHnjdZc s/ya2ViRo8L0UD92zvtN1gkWNJZFONPGSBkYJYonWWOpGfsfkmI= =OU/i -END PGP SIGNATURE- Jule Anger (2): WHATSNEW: Add release notes for Samba 4.15.1. VERSION: Disable GIT_SNAPSHOT for the 4.15.1 release. --- -- Samba Shared Repository
[SCM] Samba Website Repository - branch master updated
The branch, master has been updated via bb3fa4e Add Samba 4.14.9 via a11d2a6 NEWS[4.14.9]: Samba 4.14.9 Available for Download from a682773 Add Samba 4.15.1 https://git.samba.org/?p=samba-web.git;a=shortlog;h=master - Log - commit bb3fa4e5734834d3779cf9d94f1ee3e3a91fc402 Author: Jule Anger Date: Wed Oct 27 15:23:04 2021 +0200 Add Samba 4.14.9 Signed-off-by: Jule Anger commit a11d2a6df04d9bfdc9ddb10ba3a437be2cf8a73d Author: Jule Anger Date: Wed Oct 27 15:20:53 2021 +0200 NEWS[4.14.9]: Samba 4.14.9 Available for Download Signed-off-by: Jule Anger --- Summary of changes: history/header_history.html | 1 + history/{samba-4.15.1.html => samba-4.14.9.html} | 46 +++- posted_news/20211027-132226.4.14.9.body.html | 13 +++ posted_news/20211027-132226.4.14.9.headline.html | 3 ++ 4 files changed, 38 insertions(+), 25 deletions(-) copy history/{samba-4.15.1.html => samba-4.14.9.html} (65%) create mode 100644 posted_news/20211027-132226.4.14.9.body.html create mode 100644 posted_news/20211027-132226.4.14.9.headline.html Changeset truncated at 500 lines: diff --git a/history/header_history.html b/history/header_history.html index cdbffe5..b02394c 100755 --- a/history/header_history.html +++ b/history/header_history.html @@ -11,6 +11,7 @@ samba-4.15.1 samba-4.15.0 + samba-4.14.9 samba-4.14.8 samba-4.14.7 samba-4.14.6 diff --git a/history/samba-4.15.1.html b/history/samba-4.14.9.html similarity index 65% copy from history/samba-4.15.1.html copy to history/samba-4.14.9.html index a4504d8..3f182a1 100644 --- a/history/samba-4.15.1.html +++ b/history/samba-4.14.9.html @@ -2,51 +2,51 @@ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd;> http://www.w3.org/1999/xhtml;> -Samba 4.15.1 - Release Notes +Samba 4.14.9 - Release Notes -Samba 4.15.1 Available for Download +Samba 4.14.9 Available for Download -https://download.samba.org/pub/samba/stable/samba-4.15.1.tar.gz;>Samba 4.15.1 (gzipped) -https://download.samba.org/pub/samba/stable/samba-4.15.1.tar.asc;>Signature +https://download.samba.org/pub/samba/stable/samba-4.14.9.tar.gz;>Samba 4.14.9 (gzipped) +https://download.samba.org/pub/samba/stable/samba-4.14.9.tar.asc;>Signature -https://download.samba.org/pub/samba/patches/samba-4.15.0-4.15.1.diffs.gz;>Patch (gzipped) against Samba 4.15.0 -https://download.samba.org/pub/samba/patches/samba-4.15.0-4.15.1.diffs.asc;>Signature +https://download.samba.org/pub/samba/patches/samba-4.14.8-4.14.9.diffs.gz;>Patch (gzipped) against Samba 4.14.8 +https://download.samba.org/pub/samba/patches/samba-4.14.8-4.14.9.diffs.asc;>Signature == - Release Notes for Samba 4.15.1 + Release Notes for Samba 4.14.9 October 27, 2021 == -This is the latest stable release of the Samba 4.15 release series. +This is the latest stable release of the Samba 4.14 release series. -Changes since 4.15.0 +Changes since 4.14.8 o Jeremy Allison j...@samba.org * BUG 14682: vfs_shadow_copy2: core dump in make_relative_path. - * BUG 14685: Log clutter from filename_convert_internal. - * BUG 14862: MacOSX compilation fixes. o Douglas Bagnall douglas.bagn...@catalyst.net.nz * BUG 14868: rodc_rwdc test flaps. + * BUG 14881: Backport bronze bit fixes, tests, and selftest improvements. o Andrew Bartlett abart...@samba.org + * BUG 14836: Python ldb.msg_diff() memory handling failure. * BUG 14642: Provide a fix for MS CVE-2020-17049 in Samba [SECURITY] Bronze bit S4U2Proxy Constrained Delegation bypass in Samba with embedded Heimdal. - * BUG 14836: Python ldb.msg_diff() memory handling failure. * BUG 14845: in operator on ldb.Message is case sensitive. - * BUG 14848: Release LDB 2.4.1 for Samba 4.15.1. - * BUG 14854: samldb_krbtgtnumber_available() looks for incorrect string. + * BUG 14848: Release LDB 2.3.1 for Samba 4.14.9. + * BUG 14870: Prepare to operate with MIT krb5 = 1.20. * BUG 14871: Fix Samba support for UF_NO_AUTH_DATA_REQUIRED. * BUG 14874: Allow special chars like @ in samAccountName when generating the salt. + * BUG 14881: Backport bronze bit fixes, tests, and selftest improvements. o Ralph Boehme s...@samba.org * BUG 14826: Correctly ignore comments in CTDB public addresses file. @@ -55,28 +55,24 @@ o Isaac Boukris ibouk...@gmail.com * BUG 14642: Provide a fix for MS CVE-2020-17049 in Samba [SECURITY