[SCM] Samba Shared Repository - branch v4-20-stable updated
The branch, v4-20-stable has been updated
via 569d541c9bb VERSION: Disable GIT_SNAPSHOT for the 4.20.2 release.
via 55cd97dfef1 WHATSNEW: Add release notes for Samba 4.20.2.
via 3dd39600da3 BUG 15569 ldb: Release LDB 2.9.1
via fc318c63e55 auth/credentials: don't ignore "client use kerberos"
and --use-kerberos for machine accounts
via 212b014679f auth/credentials: add tests for
cli_credentials_get_kerberos_state[_obtained]()
via 46ebf66fe96 auth/credentials: add
cli_credentials_get_kerberos_state_obtained() helper
via cccd9c95c8b testprogs/blackbox: add test_ldap_token.sh to test
"client use kerberos" and --use-kerberos
via 694605f52a4 testprogs/blackbox: let test_trust_token.sh check for
S-1-18-1 with kerberos
via 7d69ec93e31 vfs_recycle: remember resolved config->repository in
vfs_recycle_connect()
via f464a85c129 Revert "TMP-REPRODUCE: vfs_recycle: demonstrate memory
corruption in recycle_unlink_internal()"
via 64d7108cddb vfs_recycle: fix memory hierarchy
via 4bb5f8a92aa vfs_recycle: use the correct return in
SMB_VFS_HANDLE_GET_DATA()
via a5d5d83c492 vfs_recycle: use a talloc_stackframe() in
recycle_unlink_internal()
via 69b9c140527 vfs_recycle: directly allocate
smb_fname_final->base_name
via db098ff1aad vfs_recycle: don't unlink on allocation failure
via cf22968a8a1 TMP-REPRODUCE: vfs_recycle: demonstrate memory
corruption in recycle_unlink_internal()
via 7d277c424fc test_recycle.sh: make sure we don't see panics on the
log files
via b3ce5a86489 vfs_default: also call vfs_offload_token_ctx_init in
vfswrap_offload_write_send
via d7e0b5933fa s4:torture/smb2: add smb2.ioctl.copy_chunk_bug15644
via 5b90acbef15 s3/smbd: fix nested chdir into msdfs links on
(widelinks = yes) share
via 4b4b0152fd7 selftest: Add a python blackbox test for some misc
(widelink) DFS tests
via dceb2e56b63 script/autobuild.py: Add test for --vendor-name and
--vendor-patch-revision
via 5d593a735d3 build: Add --vendor-name --vendor-patch-revision
options to ./configure
via f46faceae1f ctdb/docs: Include ceph rados namespace support in man
page
via 9110627bc24 ctdb/ceph: Add optional namespace support for mutex
helper
via df54d3fdda9 s4:dns_server: no-op dns updates with ACCESS_DENIED
should be ignored
via 89817ed2165 s4:dns_server: correctly sign dns update responses with
gss-tsig like Windows
via fdd61d60caa s4:dns_server: dns_verify_tsig should return REFUSED on
error
via f663b386156 s4:dns_server: also search DNS_QTYPE_TKEY in the
answers section if it's the last section
via 3b36f447040 s4:dns_server: use tkey->algorithm if available in
dns_sign_tsig()
via 299818567ea s4:dns_server: use the client provided algorithm for
the fake TSIG structure
via 7ddd758da50 s4:dns_server: only allow gss-tsig and
gss.microsoft.com for TSIG
via 6e395cabf38 s4:dns_server: only allow gss-tsig and
gss.microsoft.com for TKEY
via ed8ef00c297 s4:dns_server: failed dns updates should result in
REFUSED for ACCESS_DENIED
via a7f3293ddf7 python:tests/dns_tkey: add
test_update_tsig_record_access_denied()
via 9137bb66ab4 s4:selftest/tests: pass USERNAME_UNPRIV=$DOMAIN_USER to
samba.tests.dns_tkey
via 5a98bc50263 python:tests/dns_base: add get_unpriv_creds() helper
via ff0afdd1b05 python:tests/dns_tkey: let test_update_tsig_windows()
actually pass against windows 2022
via bda80382eb5 python:tests/dns_base: let verify_packet() work against
Windows
via fdfd4e8adce python:tests/dns_tkey: test bad and changing tsig
algorithms
via 7dabac46b5a python:tests/dns_tkey: add gss.microsoft.com tsig
updates
via 6438249cf1e python:tests/dns_tkey: let us have
test_update_gss_tsig_tkey_req_{additional,answers}()
via 501a25a1f07 python:tests/dns_tkey: test TKEY with gss-tsig,
gss.microsoft.com and invalid algorithms
via c7a936ecd27 python:tests/dns_base: maintain a dict with tkey
related state
via da7c313740d python:tests/dns_base: let dns_transaction_udp() take
allow_{remaining,truncated}=True
via 85784854629 python:tests/dns_base: pass tkey_trans(expected_rcode)
via e58fe908371 python:tests/dns_base: let tkey_trans() take
tkey_req_in_answers
via 12d4e452410 python:tests/dns_base: let tkey_trans() and
sign_packet() take algorithm_name as argument
via 9cfc2e24331 python:tests/dns_tkey: make use of
self.assert_echoed_dns_error()
via f7f0518b46a python:tests/dns_base: add
self.assert_echoed_dns_error()
via c00749edb35 python:tests/dns_base: let dns_transaction_tcp() handle
short receives
via 3bd80a2545a python:tests/dns_base: use ndr_deepcopy() and
ndr_pack() in verify_packet()
via 19fc5bb6b9d python:tests/dns_base:
[SCM] Samba Shared Repository - branch v4-20-stable updated
The branch, v4-20-stable has been updated
via 0ba948cba0b VERSION: Disable GIT_SNAPSHOT for the 4.20.1 release.
via d01b50ec4f3 WHATSNEW: Add release notes for Samba 4.20.1.
via db658c40f5d s3:utils: Fix Inherit-Only flag being automatically
propagated to children
via d28a889aed2 python/samba/tests/blackbox: Add tests for Inherit-only
flag propagation
via 83da49f3489 tests: Add a test for "all_groups=no" to
test_idmap_ad.sh
via 84f82a09ffd selftest: Add "winbind expand groups = 1" to
setup_ad_member_idmap_ad
via 83701298384 s3:winbindd: Improve performance of lookup_groupmem()
in idmap_ad
via 8857cf29979 docs-xml: Add parameter all_groupmem to idmap_ad
via 215bb9bd48e Do not fail checksums for RFC8009 types
via db60a1947b8 s4:dns_server: less noisy, more informative debug
messages
via 9155d89a2ae packaging: Provide a systemd service file for samba-bgqd
via 077f39baf7c libcli/http: Detect unsupported Transfer-encoding type
via 2fb1bf0205f selftest: Add new test for testing non-chunk transfer
encoding
via 30bf3d1430f selftest: fix potential reference before assigned error
via a70e3a36c82 libcli/http: Handle http chunked transfer encoding
via 7e17e4809d5 tests: add test for chunked encoding with http cli
library
via 26206392153 libcli/http: Optimise reading for content-length
via 71eac5a065f selftest: Add basic content-lenght http tests
via 19250e13ab6 Add simple http_client for use in black box tests (in
following commits)
via eaefe50327d VERSION: Bump version up to Samba 4.20.1...
from 8fdd82c8b9c VERSION: Disable GIT_SNAPSHOT for the 4.20.0 release.
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-20-stable
- Log -
---
Summary of changes:
VERSION| 2 +-
WHATSNEW.txt | 55 +++
auth/kerberos/kerberos_pac.c | 47 ++-
docs-xml/manpages/idmap_ad.8.xml | 10 +
lib/krb5_wrap/krb5_samba.h | 28 ++
libcli/http/http.c | 309 +++-
libcli/http/http_internal.h| 4 +
nsswitch/tests/test_idmap_ad.sh| 22 ++
.../{samba.service.in => samba-bgqd.service.in}| 9 +-
packaging/wscript_build| 3 +-
python/samba/tests/blackbox/http_chunk.py | 129 +++
python/samba/tests/blackbox/http_content.py| 95 +
.../blackbox/smbcacls_propagate_inhertance.py | 108 ++
selftest/target/Samba3.pm | 1 +
selftest/tests.py | 2 +
source3/utils/smbcacls.c | 4 +
source3/winbindd/winbindd_ads.c| 11 +-
source4/client/http_test.c | 401 +
source4/dns_server/dnsserver_common.c | 9 +-
source4/wscript_build | 5 +
20 files changed, 1200 insertions(+), 54 deletions(-)
copy packaging/systemd/{samba.service.in => samba-bgqd.service.in} (50%)
create mode 100644 python/samba/tests/blackbox/http_chunk.py
create mode 100644 python/samba/tests/blackbox/http_content.py
create mode 100644 source4/client/http_test.c
Changeset truncated at 500 lines:
diff --git a/VERSION b/VERSION
index 482360b7d68..cfa7539380b 100644
--- a/VERSION
+++ b/VERSION
@@ -27,7 +27,7 @@ SAMBA_COPYRIGHT_STRING="Copyright Andrew Tridgell and the
Samba Team 1992-2024"
SAMBA_VERSION_MAJOR=4
SAMBA_VERSION_MINOR=20
-SAMBA_VERSION_RELEASE=0
+SAMBA_VERSION_RELEASE=1
# If a official release has a serious bug #
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index 5c97836d36f..8249e9326f9 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,3 +1,58 @@
+ ==
+ Release Notes for Samba 4.20.1
+May 08, 2024
+ ==
+
+
+This is the latest stable release of the Samba 4.20 release series.
+
+
+Changes since 4.20.0
+
+
+o Douglas Bagnall
+ * BUG 15630: dns update debug message is too noisy.
+
+o Alexander Bokovoy
+ * BUG 15635: Do not fail PAC validation for RFC8009 checksums types.
+
+o Pavel Filipenský
+ * BUG 15605: Improve performance of lookup_groupmem() in idmap_ad.
+
+o Anna Popova
+ * BUG 15636: Smbcacls incorrectly propagates inheritance with Inherit-Only
+ flag.
+
+o Noel Power
+ * BUG 15611: http library doesn't support 'chunked transfer encoding'.
+
+o Andreas Schneider
[SCM] Samba Shared Repository - branch v4-20-stable updated
The branch, v4-20-stable has been updated via 8fdd82c8b9c VERSION: Disable GIT_SNAPSHOT for the 4.20.0 release. via 797464b7624 WHATSNEW: Add release notes for Samba 4.20.0. via 5cedf3b5eb0 Revert "token_util.c: prefer capabilities over become_root" via f7491b29941 Revert "dosmode.c: prefer use of capabilities at two places over become_root" via 6ca9461a1db Revert "nfs4_acls.c: prefer capabilities over become_root" via 52b1d9d7cb8 Revert "vfs_acl_common.c: prefer capabilities over become_root" via 6e0986b2c30 Revert "vfs_default.c: prefer capabilities over become_root" via f6d549de47c Revert "vfs_posix_eadb.c: prefer capabilities over become_root" via d0c295e5344 Revert "vfs_recycle.c: prefer capabilities over become_root" via 4f38859f5d8 Revert "open.c: prefer capabilities over become_root" via dc161626303 Revert "posix_acls.c: prefer capabilities over become_root" via bb68b730290 Revert "dosmode: prefer capabilities over become_root" via aee05f11670 s3/smbd: If we fail to close file_handle ensure we should reset the fd via 72f70868257 smbd: simplify handling of failing fstat() after unlinking file via 3be368ff2bc ndr: always attempt ACE coda pull if ACE type suggests a coda via 1273cb7e10b tests/krb5: Add tests for AllowedToAuthenticateTo with an AS-REQ via 28fc1850e5c libcli/security: check again for NULL values via ce78896e262 libcli/security: claims_conversions: check for NULL in claims array via 99b6feac932 WHATSNEW: announce Service Witness Protocol [MS-SWN] and related options via 69b69bb2085 libgpo: Do not segfault if we don't have a valid security descriptor via 72bd247c97d libgpo: Fix trailing spaces in pygpo.c via 4d1536f86b9 VERSION: Bump version up to Samba 4.20.0rc5... from 964c0e97e7a VERSION: Disable GIT_SNAPSHOT for the 4.20.0rc4 release. https://git.samba.org/?p=samba.git;a=shortlog;h=v4-20-stable - Log - --- Summary of changes: VERSION | 2 +- WHATSNEW.txt | 112 +++- libcli/security/claims-conversions.c | 13 + libgpo/pygpo.c| 7 +- librpc/ndr/ndr_sec_helper.c | 5 +- python/samba/tests/krb5/authn_policy_tests.py | 372 ++ selftest/knownfail_mit_kdc| 8 + source3/auth/token_util.c | 4 +- source3/modules/nfs4_acls.c | 4 +- source3/modules/vfs_acl_common.c | 8 +- source3/modules/vfs_default.c | 4 +- source3/modules/vfs_posix_eadb.c | 4 +- source3/modules/vfs_recycle.c | 4 +- source3/smbd/close.c | 1 + source3/smbd/dosmode.c| 16 +- source3/smbd/open.c | 39 +-- source3/smbd/posix_acls.c | 40 +-- 17 files changed, 559 insertions(+), 84 deletions(-) Changeset truncated at 500 lines: diff --git a/VERSION b/VERSION index fcee8581107..482360b7d68 100644 --- a/VERSION +++ b/VERSION @@ -89,7 +89,7 @@ SAMBA_VERSION_PRE_RELEASE= # e.g. SAMBA_VERSION_RC_RELEASE=1 # # -> "3.0.0rc1" # -SAMBA_VERSION_RC_RELEASE=4 +SAMBA_VERSION_RC_RELEASE= # To mark SVN snapshots this should be set to 'yes'# diff --git a/WHATSNEW.txt b/WHATSNEW.txt index dd80f116a10..5c97836d36f 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,16 +1,11 @@ -Release Announcements -= + == + Release Notes for Samba 4.20.0 + March 27, 2024 + == -This is the fourth release candidate of Samba 4.20. This is *not* -intended for production environments and is designed for testing -purposes only. Please report any defects via the Samba bug reporting -system at https://bugzilla.samba.org/. -Samba 4.20 will be the next version of the Samba suite. - - -UPGRADING -= +This is the first stable release of the Samba 4.20 release series. +Please read the release notes carefully before upgrading. NEW FEATURES/CHANGES @@ -191,6 +186,68 @@ The Security Descriptor Definition Language has extensions for conditional ACEs and resource attribute ACEs; these are now supported by Samba. +Service Witness Protocol [MS-SWN] +- + +In a ctdb cluster it is now possible to provide +the SMB witness service that allows clients to +monitor their current
[SCM] Samba Shared Repository - branch v4-20-stable updated
The branch, v4-20-stable has been updated
via 964c0e97e7a VERSION: Disable GIT_SNAPSHOT for the 4.20.0rc4 release.
via f485def8104 WHATSNEW: Add release notes for Samba 4.20.0rc4.
via 03b6dae6630 python:gp: Implement client site lookup in
site_dn_for_machine()
via e51e72dd14a librpc:idl: Make netlogon_samlogon_response public
via a09d0ba6eb2 VERSION: Bump version up to Samba 4.20.0rc4...
from 17bab5c0774 VERSION: Disable GIT_SNAPSHOT for the 4.20.0rc3 release.
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-20-stable
- Log -
---
Summary of changes:
VERSION| 2 +-
WHATSNEW.txt | 9 +-
librpc/idl/nbt.idl | 2 +-
librpc/ndr/ndr_nbt.c | 2 +-
librpc/ndr/ndr_nbt.h | 2 +-
python/samba/gp/gpclass.py | 68 ++
6 files changed, 57 insertions(+), 28 deletions(-)
Changeset truncated at 500 lines:
diff --git a/VERSION b/VERSION
index efcf3f379e6..fcee8581107 100644
--- a/VERSION
+++ b/VERSION
@@ -89,7 +89,7 @@ SAMBA_VERSION_PRE_RELEASE=
# e.g. SAMBA_VERSION_RC_RELEASE=1 #
# -> "3.0.0rc1" #
-SAMBA_VERSION_RC_RELEASE=3
+SAMBA_VERSION_RC_RELEASE=4
# To mark SVN snapshots this should be set to 'yes'#
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index f540dc555c0..dd80f116a10 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,7 +1,7 @@
Release Announcements
=
-This is the third release candidate of Samba 4.20. This is *not*
+This is the fourth release candidate of Samba 4.20. This is *not*
intended for production environments and is designed for testing
purposes only. Please report any defects via the Samba bug reporting
system at https://bugzilla.samba.org/.
@@ -214,6 +214,13 @@ smb.conf changes
acl claims evaluation new AD DC only
+CHANGES SINCE 4.20.0rc3
+===
+
+o Andreas Schneider
+ * BUG 15588: samba-gpupdate: Correctly implement site support.
+
+
CHANGES SINCE 4.20.0rc2
===
diff --git a/librpc/idl/nbt.idl b/librpc/idl/nbt.idl
index 11814e7970e..46be2eae7e2 100644
--- a/librpc/idl/nbt.idl
+++ b/librpc/idl/nbt.idl
@@ -490,7 +490,7 @@ interface nbt
[case(NETLOGON_NT_VERSION_5EX)] NETLOGON_SAM_LOGON_RESPONSE_EX
nt5_ex;
} netlogon_samlogon_response_union;
- typedef [nopush,nopull] struct {
+ typedef [nopush,nopull,noprint,public] struct {
uint32 ntver;
[switch_is(ntver)] netlogon_samlogon_response_union data;
} netlogon_samlogon_response;
diff --git a/librpc/ndr/ndr_nbt.c b/librpc/ndr/ndr_nbt.c
index eb186810785..6f54198ffbc 100644
--- a/librpc/ndr/ndr_nbt.c
+++ b/librpc/ndr/ndr_nbt.c
@@ -392,7 +392,7 @@ _PUBLIC_ enum ndr_err_code
ndr_pull_netlogon_samlogon_response(struct ndr_pull *
return NDR_ERR_SUCCESS;
}
-_PUBLIC_ void ndr_print_netlogon_samlogon_response(struct ndr_print *ndr,
const char *name, struct netlogon_samlogon_response *r)
+_PUBLIC_ void ndr_print_netlogon_samlogon_response(struct ndr_print *ndr,
const char *name, const struct netlogon_samlogon_response *r)
{
ndr_print_struct(ndr, name, "netlogon_samlogon_response");
if (r == NULL) { ndr_print_null(ndr); return; }
diff --git a/librpc/ndr/ndr_nbt.h b/librpc/ndr/ndr_nbt.h
index c38422fff6b..00ee8a17364 100644
--- a/librpc/ndr/ndr_nbt.h
+++ b/librpc/ndr/ndr_nbt.h
@@ -37,6 +37,6 @@ enum ndr_err_code
ndr_pull_NETLOGON_SAM_LOGON_RESPONSE_EX_with_flags(struct ndr_
uint32_t
nt_version_flags);
enum ndr_err_code ndr_push_netlogon_samlogon_response(struct ndr_push *ndr,
ndr_flags_type ndr_flags, const struct netlogon_samlogon_response *r);
enum ndr_err_code ndr_pull_netlogon_samlogon_response(struct ndr_pull *ndr,
ndr_flags_type ndr_flags, struct netlogon_samlogon_response *r);
-void ndr_print_netlogon_samlogon_response(struct ndr_print *ndr, const char
*name, struct netlogon_samlogon_response *r);
+void ndr_print_netlogon_samlogon_response(struct ndr_print *ndr, const char
*name, const struct netlogon_samlogon_response *r);
#endif /* _LIBRPC_NDR_NDR_NBT_H */
diff --git a/python/samba/gp/gpclass.py b/python/samba/gp/gpclass.py
index 26c2386847e..08be472e707 100644
--- a/python/samba/gp/gpclass.py
+++ b/python/samba/gp/gpclass.py
@@ -49,7 +49,7 @@ from samba.dsdb import UF_WORKSTATION_TRUST_ACCOUNT,
UF_SERVER_TRUST_ACCOUNT, GP
from samba.auth import AUTH_SESSION_INFO_DEFAULT_GROUPS,
AUTH_SESSION_INFO_AUTHENTICATED, AUTH_SESSION_INFO_SIMPLE_PRIVILEGES
from samba.dcerpc import security
import
[SCM] Samba Shared Repository - branch v4-20-stable updated
The branch, v4-20-stable has been updated
via 17bab5c0774 VERSION: Disable GIT_SNAPSHOT for the 4.20.0rc3 release.
via f3da62a2bba WHATSNEW: Add release notes for Samba 4.20.0rc3.
via 253c5585c91 s3/rpc_client: Fix array offset check
via 1ab3de6f46e s3/rpc_client: Ensure max possible row buffer size is
not exceeded
via 3e226dd1cd5 idl: Add constant for max rows buffer size
via c1016224041 s3/rpc_client: cleanup unmarshalling of variant types
from row columns
via 77cbdf342ca s3/utils: use full 64 bit address for getrows (with
64bit offsets)
via ec239d16a97 s3/rpc_client: Remove stray unnecessary comment
via 3d47cae71d9 s3/rpc_client: change type of offset to uint64_t
via 7107b233346 ctdb-protocol: Add missing push support for new controls
via 22e56d9ea2d python: Remove ‘typing.Final’
via 9366f554862 python: do not make use of typing.Final for python 3.6
via 858090913e3 docs-xml: document "smb3 share cap:{CONTINUOUS
AVAILABILITY,SCALE OUT,CLUSTER,ASYMMETRIC}"
via d8e056d8b0d smb2_tcon: only announce SMB3 related share
capabilities if SMB3 is used
via 3a8a86adc66 smb2_tcon: only announce SMB2_SHARE_CAP_CLUSTER if
rpcd_witness can run
via 87e56ada0db docs-xml: add details for 'net witness'
via c4e4d41f0ac s3:utils: fix help string for 'net witness
force-response'
via f9c0968743d ctdb/events: add 47.samba-dcerpcd.script
via bc89a069b3c ctdb/events: use 'service "$CTDB_SERVICE_NMB" status'
in 48.netbios.script
via d998b68af68 VERSION: Bump version up to Samba 4.20.0rc3...
from 0167b75a5b2 VERSION: Disable GIT_SNAPSHOT for the 4.20.0rc2 release.
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-20-stable
- Log -
---
Summary of changes:
VERSION | 2 +-
WHATSNEW.txt | 23 +-
ctdb/config/events/legacy/47.samba-dcerpcd.script | 66 +++
ctdb/config/events/legacy/48.netbios.script | 11 +
ctdb/protocol/protocol_control.c | 8 +
ctdb/tests/src/protocol_common_ctdb.c | 33 ++
ctdb/tests/src/protocol_ctdb_test.c | 2 +-
docs-xml/manpages/net.8.xml | 567 ++
docs-xml/smbdotconf/protocol/smb3sharecaps.xml| 202
librpc/idl/wsp_data.idl | 5 +
python/samba/gkdi.py | 16 +-
python/samba/nt_time.py | 8 +-
python/samba/tests/gkdi.py| 4 +-
source3/rpc_client/wsp_cli.c | 127 +++--
source3/smbd/smb2_tcon.c | 20 +-
source3/utils/net_witness.c | 2 +-
source3/utils/wspsearch.c | 22 +-
17 files changed, 1059 insertions(+), 59 deletions(-)
create mode 100755 ctdb/config/events/legacy/47.samba-dcerpcd.script
create mode 100644 docs-xml/smbdotconf/protocol/smb3sharecaps.xml
Changeset truncated at 500 lines:
diff --git a/VERSION b/VERSION
index 12917e08428..efcf3f379e6 100644
--- a/VERSION
+++ b/VERSION
@@ -89,7 +89,7 @@ SAMBA_VERSION_PRE_RELEASE=
# e.g. SAMBA_VERSION_RC_RELEASE=1 #
# -> "3.0.0rc1" #
-SAMBA_VERSION_RC_RELEASE=2
+SAMBA_VERSION_RC_RELEASE=3
# To mark SVN snapshots this should be set to 'yes'#
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index de3b0f03d49..f540dc555c0 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,7 +1,7 @@
Release Announcements
=
-This is the second release candidate of Samba 4.20. This is *not*
+This is the third release candidate of Samba 4.20. This is *not*
intended for production environments and is designed for testing
purposes only. Please report any defects via the Samba bug reporting
system at https://bugzilla.samba.org/.
@@ -214,6 +214,27 @@ smb.conf changes
acl claims evaluation new AD DC only
+CHANGES SINCE 4.20.0rc2
+===
+
+o Rob van der Linde
+ * BUG 15575: Remove unsupported "Final" keyword missing from Python 3.6.
+
+o Stefan Metzmacher
+ * BUG 15577: Additional witness backports for 4.20.0.
+
+o Noel Power
+ * BUG 15579: Error output with wspsearch.
+
+o Martin Schwenke
+ * BUG 15580: Packet marshalling push support missing for
+ CTDB_CONTROL_TCP_CLIENT_DISCONNECTED and
+ CTDB_CONTROL_TCP_CLIENT_PASSED.
+
+o Jo Sutton
+ * BUG 15575: Remove unsupported "Final" keyword missing from Python 3.6.
+
+
CHANGES SINCE 4.20.0rc1
===
diff --git
[SCM] Samba Shared Repository - branch v4-20-stable updated
The branch, v4-20-stable has been updated via 0167b75a5b2 VERSION: Disable GIT_SNAPSHOT for the 4.20.0rc2 release. via f06a06b7132 WHATSNEW: Add release notes for Samba 4.20.0rc2. via f8dfce94822 WHATSNEW: Explain new AD DC Claims, authentication policies and Silos via 4872b0abf6b WHATSNEW: Add some information about new conditional aces feature via 8e8b8fc0548 WHATSNEW: note "acl_claims evaluation" smb.conf option via 7f338d6119a ndr: ignore trailing bytes in ndr_pull_security_ace() via 0f81aec9a19 ndr: ndr_push_security_ace: calculate coda size once via 4808478685c ndr: avoid object ACE push overhead for non-object ACE via 276e67fe174 ndr: avoid object ACE pull overhead for non-object ACE via 5c0f6a20745 ndr: do not push ACE->coda.ignored blob via d4547daf5ee ndr: mark invalid pull ndr_flags as unlikely via 5d0d17a92db ndr: skip talloc when pulling empty DATA_BLOB via e61d447690f ndr: ACE push avoids no-op coda pushes via e4cf11b1b39 ndr: make security_ace push manual via c9974e622bf ndr: short-circuit ace coda if no bytes left via 8787185a6ca ndr: shift ndr_pull_security_ace to manual code via f8014cae2eb pidl: calculate subcontext_size only once per pull via b5289d66e9e perftest: ndr_pack runs in none environment via fb49ce47609 perftest:ndr_pack: spin in do_nothing for a while via 14edd0fd1ef perftest:ndr_pack: use a valid dummy SID via 1287f182167 perftest:ndr_pack_performance: remove irrelevant imports, options via 7f0bdf2b99e perftest:ndr_pack: slightly reduce python overhead via 66fa6885551 perftest: ndr_pack_performance gets more SD types via daf5b5f5eb2 perftest:ndr_pack: rename SD tests with object ACEs via 59365287486 docs-xml: Build and install man page for wspsearch via 9e946a8ddd3 python:gp: Fix logging with gp via 7908c00dec2 VERSION: Bump version up to Samba 4.20.0rc2... from d05af785057 VERSION: Disable GIT_SNAPSHOT for the Samba 4.20.0rc1 release. https://git.samba.org/?p=samba.git;a=shortlog;h=v4-20-stable - Log - --- Summary of changes: VERSION | 2 +- WHATSNEW.txt | 100 +- docs-xml/wscript_build| 1 + librpc/idl/security.idl | 2 +- librpc/ndr/libndr.h | 2 +- librpc/ndr/ndr_basic.c| 6 ++ librpc/ndr/ndr_sec_helper.c | 107 ++- pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm | 5 +- python/samba/gp/util/logging.py | 5 +- selftest/perf_tests.py| 4 +- source4/dsdb/tests/python/ndr_pack_performance.py | 121 ++ 11 files changed, 280 insertions(+), 75 deletions(-) Changeset truncated at 500 lines: diff --git a/VERSION b/VERSION index 3fe7a037533..12917e08428 100644 --- a/VERSION +++ b/VERSION @@ -89,7 +89,7 @@ SAMBA_VERSION_PRE_RELEASE= # e.g. SAMBA_VERSION_RC_RELEASE=1 # # -> "3.0.0rc1" # -SAMBA_VERSION_RC_RELEASE=1 +SAMBA_VERSION_RC_RELEASE=2 # To mark SVN snapshots this should be set to 'yes'# diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 8158a80288c..de3b0f03d49 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,7 +1,7 @@ Release Announcements = -This is the first release candidate of Samba 4.20. This is *not* +This is the second release candidate of Samba 4.20. This is *not* intended for production environments and is designed for testing purposes only. Please report any defects via the Samba bug reporting system at https://bugzilla.samba.org/. @@ -108,6 +108,90 @@ New options added are: and all files/directories below. - '--restore savefile' Restores the stored DACLS to files in directory +Samba-tool extensions for AD Claims, Authentication Policies and Silos +-- + +samba-tool now allows users to be associated with claims. In the +Samba AD DC, claims derive from Active Directory attributes mapped +into specific names. These claims can be used in rules, which are +conditional ACEs in a security descriptor, that decide if a user is +restricted by an authentication policy. + +samba-tool also allows the creation and management of authentication +policies, which are rules about where a user may authenticate from, +if NTLM is permitted, and what services a user may authenticate to. +
[SCM] Samba Shared Repository - branch v4-20-stable updated
The branch, v4-20-stable has been updated
via d05af785057 VERSION: Disable GIT_SNAPSHOT for the Samba 4.20.0rc1
release.
via 8e31cb2007a WHATSNEW: Up to Samba 4.20.0rc1.
via ec91204387b ldb: release 2.9.0 for use in Samba 4.20.x
via 0ba05d5bbb1 tevent: release 0.16.1
via 5032ab712c6 tdb: release 1.4.10
via f28966c1638 talloc: release 2.4.2
from 1f823424418 python:gp: Improve working of log messages to avoid
confusion
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-20-stable
- Log -
---
Summary of changes:
VERSION | 6 +++---
WHATSNEW.txt| 2 +-
lib/ldb/wscript | 2 +-
.../ABI/{pytalloc-util-2.3.0.sigs => pytalloc-util-2.4.2.sigs} | 0
lib/talloc/ABI/{talloc-2.3.5.sigs => talloc-2.4.2.sigs} | 0
lib/talloc/wscript | 2 +-
lib/tdb/ABI/{tdb-1.3.17.sigs => tdb-1.4.10.sigs}| 0
lib/tdb/wscript | 2 +-
lib/tevent/ABI/{tevent-0.15.0.sigs => tevent-0.16.1.sigs} | 0
lib/tevent/wscript | 2 +-
10 files changed, 8 insertions(+), 8 deletions(-)
copy lib/talloc/ABI/{pytalloc-util-2.3.0.sigs => pytalloc-util-2.4.2.sigs}
(100%)
copy lib/talloc/ABI/{talloc-2.3.5.sigs => talloc-2.4.2.sigs} (100%)
copy lib/tdb/ABI/{tdb-1.3.17.sigs => tdb-1.4.10.sigs} (100%)
copy lib/tevent/ABI/{tevent-0.15.0.sigs => tevent-0.16.1.sigs} (100%)
Changeset truncated at 500 lines:
diff --git a/VERSION b/VERSION
index bde2e90dffc..3fe7a037533 100644
--- a/VERSION
+++ b/VERSION
@@ -79,7 +79,7 @@ SAMBA_VERSION_BETA_RELEASE=
# e.g. SAMBA_VERSION_PRE_RELEASE=1 #
# -> "2.2.9pre1" #
-SAMBA_VERSION_PRE_RELEASE=1
+SAMBA_VERSION_PRE_RELEASE=
# For 'rc' releases the version will be#
@@ -89,7 +89,7 @@ SAMBA_VERSION_PRE_RELEASE=1
# e.g. SAMBA_VERSION_RC_RELEASE=1 #
# -> "3.0.0rc1" #
-SAMBA_VERSION_RC_RELEASE=
+SAMBA_VERSION_RC_RELEASE=1
# To mark SVN snapshots this should be set to 'yes'#
@@ -101,7 +101,7 @@ SAMBA_VERSION_RC_RELEASE=
# e.g. SAMBA_VERSION_IS_SVN_SNAPSHOT=yes #
# -> "3.0.0-SVN-build-199" #
-SAMBA_VERSION_IS_GIT_SNAPSHOT=yes
+SAMBA_VERSION_IS_GIT_SNAPSHOT=no
# This is for specifying a release nickname#
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index e2bd54a1d01..8158a80288c 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,7 +1,7 @@
Release Announcements
=
-This is the first pre release of Samba 4.20. This is *not*
+This is the first release candidate of Samba 4.20. This is *not*
intended for production environments and is designed for testing
purposes only. Please report any defects via the Samba bug reporting
system at https://bugzilla.samba.org/.
diff --git a/lib/ldb/wscript b/lib/ldb/wscript
index bb49e95382c..c249a826071 100644
--- a/lib/ldb/wscript
+++ b/lib/ldb/wscript
@@ -1,7 +1,7 @@
#!/usr/bin/env python
APPNAME = 'ldb'
-# For Samba 4.20.x
+# For Samba 4.20.x !
VERSION = '2.9.0'
import sys, os
diff --git a/lib/talloc/ABI/pytalloc-util-2.3.0.sigs
b/lib/talloc/ABI/pytalloc-util-2.4.2.sigs
similarity index 100%
copy from lib/talloc/ABI/pytalloc-util-2.3.0.sigs
copy to lib/talloc/ABI/pytalloc-util-2.4.2.sigs
diff --git a/lib/talloc/ABI/talloc-2.3.5.sigs b/lib/talloc/ABI/talloc-2.4.2.sigs
similarity index 100%
copy from lib/talloc/ABI/talloc-2.3.5.sigs
copy to lib/talloc/ABI/talloc-2.4.2.sigs
diff --git a/lib/talloc/wscript b/lib/talloc/wscript
index 075f1ec4417..8b5e02d36c5 100644
--- a/lib/talloc/wscript
+++ b/lib/talloc/wscript
@@ -1,7 +1,7 @@
#!/usr/bin/env python
APPNAME = 'talloc'
-VERSION = '2.4.1'
+VERSION = '2.4.2'
import os
import sys
diff --git a/lib/tdb/ABI/tdb-1.3.17.sigs b/lib/tdb/ABI/tdb-1.4.10.sigs
similarity index 100%
copy from lib/tdb/ABI/tdb-1.3.17.sigs
copy to lib/tdb/ABI/tdb-1.4.10.sigs
diff --git a/lib/tdb/wscript b/lib/tdb/wscript
index 5e6a928d5bc..2c587fbee44 100644
--- a/lib/tdb/wscript
+++ b/lib/tdb/wscript
@@ -1,7 +1,7 @@
#!/usr/bin/env python
APPNAME = 'tdb'
-VERSION = '1.4.9'
+VERSION = '1.4.10'
import sys, os
diff --git
