[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 97a23e57dc8 s4-auth/kerberos: Report errors observed during smb_krb5_remove_obsolete_keytab_entries() via 9d7a97dc982 samba-tool domain exportkeytab: Refuse to overwrite an existing file in full-db export via a0867595fbd s4-libnet: Prepare for a "rolling update" keytab export via 7b662a92878 s4-auth/kerberos: Do not add true duplicates to exported keytab via 3bb215d1946 selftest: Add tests of samba-tool domain export-keytab --keep-stale-entries behaviour via f81d7047b6a selftest: Add tests for "samba-tool domain exportkeytab" with existing files" via b2dff173666 samba-tool domain exportkeytab: Raise a proper CommandError via 014f1b561e8 s4-libnet: Raise NTSTATUSError not RuntimeError in keytab export via 0cb1e4dbf8e samba-tool: Add option --keep-stale-entries to "samba-tool domain exportkeytab" via 2f97f6fe484 lib/krb5_wrap: Pull already_hashed case out of smb_krb5_kt_add_entry() via 9fc4070f89d lib/krb5_wrap: Rename confusing add_salt parameter to smb_krb5_kt_add_entry() via 43ce741d1ff python/tests: Add test that gMSA keytab export works and matches direct keytab export via 91c05536108 s4-auth/kerberos: Note the good possability that the msDS-KeyVersionNumber is wrong via 0490aed7168 auth/credentials: Cope with GMSA 5min password preview in cli_credentials_set_gmsa_passwords() via bd2edecff06 s4-libnet: Add export of gMSA keys to "samba-tool domain exportkeytab" via 66a9c1daa86 s4-kdc: Prepare for gMSA support by recording it on the entry via 48affb137fb auth/credentials: Allow generation of old Kerberos keys also via b8308f3fe06 auth/credentials: Make cli_credentials_get_aes256_key into generic key access via 13d346ce0c4 auth/credentials: Add hook to set credentials from msDS-ManagedPassword blob via 44063674734 s4-libnet: Pass the full struct smb_krb5_context to sdb_kt_copy() via dd993c21703 auth/credentials: Dynamically calculate the salt principal (unless speccified) via 9fc11e329c9 auth/credentials: Use salt on credentials object for Creds.get_aes256_key() via 74f9d2e5190 auth/credentials: Add bindings for getting and setting the salt principal via f34b910b5bc s4-libnet: Provide hint for "samba-tool domain exportkeytab" if used over LDAP without gMSA via d4155f8a998 Make "samba-tool domain exportkeytab" prune old keys via 6b3ce044d2d s4-auth/kerberos: Rename create_keytab() to smb_krb5_fill_keytab() via 2c33862b9e0 s4-auth/kerberos: Add define ENC_STRONG_SALTED_TYPES via a2ed51df7c0 s4-auth/kerberos: Remove unused paremters to create_keytab() via 9246ee48040 samba-tool domain exportkeytab: Add support for -H to point to a different sam.ldb via b6cffcb3fb0 libnet: Prepare to allow "samba-tool domain exportkeytab to support -H via 7a8c091698e python: Explain strange enable_net_export_keytab() behaviour is no longer due Heimdal from c97071726e1 packaging: Provide a systemd service file for samba-bgqd https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 97a23e57dc88fe6b4a851bb0e0db09a4ee9b37fb Author: Andrew Bartlett Date: Thu Mar 14 16:55:19 2024 +1300 s4-auth/kerberos: Report errors observed during smb_krb5_remove_obsolete_keytab_entries() Previously any errors noticed during the main loop would be ignored. Signed-off-by: Andrew Bartlett Reviewed-by: Jo Sutton Autobuild-User(master): Andrew Bartlett Autobuild-Date(master): Thu Mar 14 23:16:16 UTC 2024 on atb-devel-224 commit 9d7a97dc9820e9f69a25a7321d84eb18cd3c6c08 Author: Andrew Bartlett Date: Thu Mar 7 14:53:53 2024 +1300 samba-tool domain exportkeytab: Refuse to overwrite an existing file in full-db export Since 87f67d336919172845f53067c67d1eab8e7ef18a samba-tool domain exportkeytab has silently unlinked the given target file. Instead, the administrator now needs to specify a file that does not exist. Signed-off-by: Andrew Bartlett Reviewed-by: Jo Sutton commit a0867595fbdb0e59b3c649f80f36e99ca74af41e Author: Andrew Bartlett Date: Wed Mar 6 17:48:09 2024 +1300 s4-libnet: Prepare for a "rolling update" keytab export This mode will allow keytabs to be exported with all current keys added to historical keys, which will be useful in a domain with many gMSA servers that require wireshark decryption. Signed-off-by: Andrew Bartlett Reviewed-by: Jo Sutton commit 7b662a928784c889f0d0e4124b723fa6fd20 Author: Andrew Bartlett Date: Wed Mar 6 17:43:47 2024 +1300 s4-auth/kerberos: Do not add true duplicates to exported keytab Signed-off-by: Andrew Bartlett Reviewed-by: Jo Sutton commit
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via c97071726e1 packaging: Provide a systemd service file for samba-bgqd from 6ee3f809a54 s3/smbd: If we fail to close file_handle ensure we should reset the fd https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit c97071726e163b40f0e391af70e81b3e6c1ab0eb Author: Andreas Schneider Date: Mon Mar 4 10:58:23 2024 +0100 packaging: Provide a systemd service file for samba-bgqd There might be scenarios where the background queue daemon should be running all the time instead of being started on demand. This makes especially sense for bigger printing servers with a lot of printers. It takes ~1 sec to get a printer from cups, so a print server with 100 printers needs 100 seconds to update the printer_list.tdb. The service will be killed because of idle in the meantime. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15600 Signed-off-by: Andreas Schneider Reviewed-by: Guenther Deschner Autobuild-User(master): Günther Deschner Autobuild-Date(master): Thu Mar 14 12:19:56 UTC 2024 on atb-devel-224 --- Summary of changes: packaging/systemd/{samba.service.in => samba-bgqd.service.in} | 9 - packaging/wscript_build | 3 ++- 2 files changed, 6 insertions(+), 6 deletions(-) copy packaging/systemd/{samba.service.in => samba-bgqd.service.in} (50%) Changeset truncated at 500 lines: diff --git a/packaging/systemd/samba.service.in b/packaging/systemd/samba-bgqd.service.in similarity index 50% copy from packaging/systemd/samba.service.in copy to packaging/systemd/samba-bgqd.service.in index e4baee1aeec..0254ebd59be 100644 --- a/packaging/systemd/samba.service.in +++ b/packaging/systemd/samba-bgqd.service.in @@ -1,17 +1,16 @@ [Unit] -Description=Samba AD Daemon -Documentation=man:samba(8) man:samba(7) man:smb.conf(5) +Description=Samba Background Queue Daemon for printing-related jobs +Documentation=man:samba-bgqd(8) man:smb.conf(5) Wants=network-online.target After=network.target network-online.target [Service] Type=notify -PIDFile=@PIDDIR@/samba.pid LimitNOFILE=16384 +PIDFile=@PIDDIR@/samba-bgqd.pid EnvironmentFile=-@SYSCONFDIR@/sysconfig/samba -ExecStart=@SBINDIR@/samba --foreground --no-process-group $SAMBAOPTIONS +ExecStart=@LIBEXECDIR@/samba/samba-bgqd --foreground --no-process-group $SAMBAOPTIONS ExecReload=/bin/kill -HUP $MAINPID -@systemd_samba_extra@ [Install] WantedBy=multi-user.target diff --git a/packaging/wscript_build b/packaging/wscript_build index 217bd996348..dc95bebf1c6 100644 --- a/packaging/wscript_build +++ b/packaging/wscript_build @@ -4,7 +4,8 @@ systemd_services = [ 'systemd/smb.service', 'systemd/nmb.service', 'systemd/winbind.service', -'systemd/samba.service' +'systemd/samba.service', +'systemd/samba-bgqd.service', ] for srv in systemd_services: -- Samba Shared Repository