[SCM] Samba Shared Repository - branch master updated

2024-03-14 Thread Andrew Bartlett 
The branch, master has been updated
   via  97a23e57dc8 s4-auth/kerberos: Report errors observed during 
smb_krb5_remove_obsolete_keytab_entries()
   via  9d7a97dc982 samba-tool domain exportkeytab: Refuse to overwrite an 
existing file in full-db export
   via  a0867595fbd s4-libnet: Prepare for a "rolling update" keytab export
   via  7b662a92878 s4-auth/kerberos: Do not add true duplicates to 
exported keytab
   via  3bb215d1946 selftest: Add tests of samba-tool domain export-keytab 
--keep-stale-entries behaviour
   via  f81d7047b6a selftest: Add tests for "samba-tool domain 
exportkeytab" with existing files"
   via  b2dff173666 samba-tool domain exportkeytab: Raise a proper 
CommandError
   via  014f1b561e8 s4-libnet: Raise NTSTATUSError not RuntimeError in 
keytab export
   via  0cb1e4dbf8e samba-tool: Add option --keep-stale-entries to 
"samba-tool domain exportkeytab"
   via  2f97f6fe484 lib/krb5_wrap: Pull already_hashed case out of 
smb_krb5_kt_add_entry()
   via  9fc4070f89d lib/krb5_wrap: Rename confusing add_salt parameter to 
smb_krb5_kt_add_entry()
   via  43ce741d1ff python/tests: Add test that gMSA keytab export works 
and matches direct keytab export
   via  91c05536108 s4-auth/kerberos: Note the good possability that the 
msDS-KeyVersionNumber is wrong
   via  0490aed7168 auth/credentials: Cope with GMSA 5min password preview 
in cli_credentials_set_gmsa_passwords()
   via  bd2edecff06 s4-libnet: Add export of gMSA keys to "samba-tool 
domain exportkeytab"
   via  66a9c1daa86 s4-kdc: Prepare for gMSA support by recording it on the 
entry
   via  48affb137fb auth/credentials: Allow generation of old Kerberos keys 
also
   via  b8308f3fe06 auth/credentials: Make cli_credentials_get_aes256_key 
into generic key access
   via  13d346ce0c4 auth/credentials: Add hook to set credentials from 
msDS-ManagedPassword blob
   via  44063674734 s4-libnet: Pass the full struct smb_krb5_context to 
sdb_kt_copy()
   via  dd993c21703 auth/credentials: Dynamically calculate the salt 
principal (unless speccified)
   via  9fc11e329c9 auth/credentials: Use salt on credentials object for 
Creds.get_aes256_key()
   via  74f9d2e5190 auth/credentials: Add bindings for getting and setting 
the salt principal
   via  f34b910b5bc s4-libnet: Provide hint for "samba-tool domain 
exportkeytab" if used over LDAP without gMSA
   via  d4155f8a998 Make "samba-tool domain exportkeytab" prune old keys
   via  6b3ce044d2d s4-auth/kerberos: Rename create_keytab() to 
smb_krb5_fill_keytab()
   via  2c33862b9e0 s4-auth/kerberos: Add define ENC_STRONG_SALTED_TYPES
   via  a2ed51df7c0 s4-auth/kerberos: Remove unused paremters to 
create_keytab()
   via  9246ee48040 samba-tool domain exportkeytab: Add support for -H to 
point to a different sam.ldb
   via  b6cffcb3fb0 libnet: Prepare to allow "samba-tool domain 
exportkeytab to support -H
   via  7a8c091698e python: Explain strange enable_net_export_keytab() 
behaviour is no longer due Heimdal
  from  c97071726e1 packaging: Provide a systemd service file for samba-bgqd

https://git.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit 97a23e57dc88fe6b4a851bb0e0db09a4ee9b37fb
Author: Andrew Bartlett 
Date:   Thu Mar 14 16:55:19 2024 +1300

s4-auth/kerberos: Report errors observed during 
smb_krb5_remove_obsolete_keytab_entries()

Previously any errors noticed during the main loop would be ignored.

Signed-off-by: Andrew Bartlett 
Reviewed-by: Jo Sutton 

Autobuild-User(master): Andrew Bartlett 
Autobuild-Date(master): Thu Mar 14 23:16:16 UTC 2024 on atb-devel-224

commit 9d7a97dc9820e9f69a25a7321d84eb18cd3c6c08
Author: Andrew Bartlett 
Date:   Thu Mar 7 14:53:53 2024 +1300

samba-tool domain exportkeytab: Refuse to overwrite an existing file in 
full-db export

Since 87f67d336919172845f53067c67d1eab8e7ef18a samba-tool domain 
exportkeytab has
silently unlinked the given target file.  Instead, the administrator now 
needs
to specify a file that does not exist.

Signed-off-by: Andrew Bartlett 
Reviewed-by: Jo Sutton 

commit a0867595fbdb0e59b3c649f80f36e99ca74af41e
Author: Andrew Bartlett 
Date:   Wed Mar 6 17:48:09 2024 +1300

s4-libnet: Prepare for a "rolling update" keytab export

This mode will allow keytabs to be exported with all current keys added
to historical keys, which will be useful in a domain with many gMSA
servers that require wireshark decryption.

Signed-off-by: Andrew Bartlett 
Reviewed-by: Jo Sutton 

commit 7b662a928784c889f0d0e4124b723fa6fd20
Author: Andrew Bartlett 
Date:   Wed Mar 6 17:43:47 2024 +1300

s4-auth/kerberos: Do not add true duplicates to exported keytab

Signed-off-by: Andrew Bartlett 
Reviewed-by: Jo Sutton 

commit

[SCM] Samba Shared Repository - branch master updated

2024-03-14 Thread Günther Deschner 
The branch, master has been updated
   via  c97071726e1 packaging: Provide a systemd service file for samba-bgqd
  from  6ee3f809a54 s3/smbd: If we fail to close file_handle ensure we 
should reset the fd

https://git.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit c97071726e163b40f0e391af70e81b3e6c1ab0eb
Author: Andreas Schneider 
Date:   Mon Mar 4 10:58:23 2024 +0100

packaging: Provide a systemd service file for samba-bgqd

There might be scenarios where the background queue daemon should be
running all the time instead of being started on demand. This makes
especially sense for bigger printing servers with a lot of printers. It
takes ~1 sec to get a printer from cups, so a print server with 100
printers needs 100 seconds to update the printer_list.tdb. The service
will be killed because of idle in the meantime.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15600

Signed-off-by: Andreas Schneider 
Reviewed-by: Guenther Deschner 

Autobuild-User(master): Günther Deschner 
Autobuild-Date(master): Thu Mar 14 12:19:56 UTC 2024 on atb-devel-224

---

Summary of changes:
 packaging/systemd/{samba.service.in => samba-bgqd.service.in} | 9 -
 packaging/wscript_build   | 3 ++-
 2 files changed, 6 insertions(+), 6 deletions(-)
 copy packaging/systemd/{samba.service.in => samba-bgqd.service.in} (50%)


Changeset truncated at 500 lines:

diff --git a/packaging/systemd/samba.service.in 
b/packaging/systemd/samba-bgqd.service.in
similarity index 50%
copy from packaging/systemd/samba.service.in
copy to packaging/systemd/samba-bgqd.service.in
index e4baee1aeec..0254ebd59be 100644
--- a/packaging/systemd/samba.service.in
+++ b/packaging/systemd/samba-bgqd.service.in
@@ -1,17 +1,16 @@
 [Unit]
-Description=Samba AD Daemon
-Documentation=man:samba(8) man:samba(7) man:smb.conf(5)
+Description=Samba Background Queue Daemon for printing-related jobs
+Documentation=man:samba-bgqd(8) man:smb.conf(5)
 Wants=network-online.target
 After=network.target network-online.target
 
 [Service]
 Type=notify
-PIDFile=@PIDDIR@/samba.pid
 LimitNOFILE=16384
+PIDFile=@PIDDIR@/samba-bgqd.pid
 EnvironmentFile=-@SYSCONFDIR@/sysconfig/samba
-ExecStart=@SBINDIR@/samba --foreground --no-process-group $SAMBAOPTIONS
+ExecStart=@LIBEXECDIR@/samba/samba-bgqd --foreground --no-process-group 
$SAMBAOPTIONS
 ExecReload=/bin/kill -HUP $MAINPID
-@systemd_samba_extra@
 
 [Install]
 WantedBy=multi-user.target
diff --git a/packaging/wscript_build b/packaging/wscript_build
index 217bd996348..dc95bebf1c6 100644
--- a/packaging/wscript_build
+++ b/packaging/wscript_build
@@ -4,7 +4,8 @@ systemd_services = [
 'systemd/smb.service',
 'systemd/nmb.service',
 'systemd/winbind.service',
-'systemd/samba.service'
+'systemd/samba.service',
+'systemd/samba-bgqd.service',
 ]
 
 for srv in systemd_services:


-- 
Samba Shared Repository