[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via c760ed61907 gitlab-ci: Fix the sha1sum from 7a3c368d787 s3: libsmb: Cleanup in get_dc_list() https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit c760ed61907d5ea67b18dc4fa92ff8e287ff48da Author: Andreas Schneider Date: Mon Sep 7 17:36:58 2020 +0200 gitlab-ci: Fix the sha1sum The images where build with an invalid sha1sum. Signed-off-by: Andreas Schneider Reviewed-by: Andrew Bartlett Autobuild-User(master): Andrew Bartlett Autobuild-Date(master): Mon Sep 7 23:57:48 UTC 2020 on sn-devel-184 --- Summary of changes: .gitlab-ci.yml| 2 +- bootstrap/sha1sum.txt | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) Changeset truncated at 500 lines: diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index eac719e5ee5..569120f6f44 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -23,7 +23,7 @@ variables: # Set this to the contents of bootstrap/sha1sum.txt # which is generated by bootstrap/template.py --render # - SAMBA_CI_CONTAINER_TAG: 2b36c89aa12c35958fd95380615dde0ef5a97b9d + SAMBA_CI_CONTAINER_TAG: 0ff8e6d23f6f418ee5af48921754f4073300c1a5 # # We use the ubuntu1804 image as default as # it matches what we have on sn-devel-184. diff --git a/bootstrap/sha1sum.txt b/bootstrap/sha1sum.txt index 28d7e55a73a..fb3adc00797 100644 --- a/bootstrap/sha1sum.txt +++ b/bootstrap/sha1sum.txt @@ -1 +1 @@ -2b36c89aa12c35958fd95380615dde0ef5a97b9d +0ff8e6d23f6f418ee5af48921754f4073300c1a5 -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 6444a743525 s3:libads: Also add a realm entry for the domain name via a5303967287 s3:libads: Only add RC4 if weak crypto is allowed via 9cf1aecd73e s3:libads: Remove DES legacy types for Kerberos from bd9f64d19dc Fixed arrow keys typo to the computer move command utility https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 6444a743525532c70634e2dd4cacadce54ba2eab Author: Andreas Schneider Date: Thu Sep 3 13:49:33 2020 +0200 s3:libads: Also add a realm entry for the domain name This is required if we try to authenticate as Administrator@DOMAIN so it can find the KDC. This fixes 'net ads join' for ad_member_fips if we require Kerberos auth. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14479 Signed-off-by: Andreas Schneider Reviewed-by: Isaac Boukris Autobuild-User(master): Andreas Schneider Autobuild-Date(master): Mon Sep 7 09:25:33 UTC 2020 on sn-devel-184 commit a5303967287cef0c3d0b653e2aca73d25d438cf7 Author: Andreas Schneider Date: Thu Sep 3 11:45:33 2020 +0200 s3:libads: Only add RC4 if weak crypto is allowed Signed-off-by: Andreas Schneider Reviewed-by: Isaac Boukris commit 9cf1aecd73e011ad03ddb072760454379b3f0a32 Author: Andreas Schneider Date: Thu Sep 3 11:11:14 2020 +0200 s3:libads: Remove DES legacy types for Kerberos We already removed DES support for Kerberos in Samba 4.12. Signed-off-by: Andreas Schneider Reviewed-by: Isaac Boukris --- Summary of changes: source3/libads/kerberos.c | 11 --- 1 file changed, 8 insertions(+), 3 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/libads/kerberos.c b/source3/libads/kerberos.c index 3fab68266f2..1db285cd29a 100644 --- a/source3/libads/kerberos.c +++ b/source3/libads/kerberos.c @@ -611,9 +611,10 @@ static char *get_enctypes(TALLOC_CTX *mem_ctx) #endif } - if (lp_kerberos_encryption_types() == KERBEROS_ETYPES_ALL || - lp_kerberos_encryption_types() == KERBEROS_ETYPES_LEGACY) { - legacy_enctypes = "RC4-HMAC DES-CBC-CRC DES-CBC-MD5"; + if (lp_weak_crypto() == SAMBA_WEAK_CRYPTO_ALLOWED && + (lp_kerberos_encryption_types() == KERBEROS_ETYPES_ALL || +lp_kerberos_encryption_types() == KERBEROS_ETYPES_LEGACY)) { + legacy_enctypes = "RC4-HMAC"; } enctypes = @@ -744,11 +745,15 @@ bool create_local_private_krb5_conf_for_domain(const char *realm, "\tdns_lookup_kdc = true\n\n" "[realms]\n\t%s = {\n" "%s\t}\n" + "\t%s = {\n" + "%s\t}\n" "%s\n", realm_upper, enctypes, realm_upper, kdc_ip_string, + domain, + kdc_ip_string, include_system_krb5); if (!file_contents) { -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-13-test updated
The branch, v4-13-test has been updated via 99d555f772a VERSION: Bump version up to 4.13.0rc5... via caa4cf52000 VERSION: Disable GIT_SNAPSHOT for the 4.13.0rc4 release. via 29e15b80541 WHATSNEW: Add release notes for Samba 4.13.0rc4. from be07e26807b build: toggle vfs_snapper using --with-shared-modules https://git.samba.org/?p=samba.git;a=shortlog;h=v4-13-test - Log - commit 99d555f772a93ba2f4d167daaa253c50e7a83210 Author: Karolin Seeger Date: Mon Sep 7 12:47:09 2020 +0200 VERSION: Bump version up to 4.13.0rc5... and re-enable GIT_SNAPSHOT. Signed-off-by: Karolin Seeger commit caa4cf52fda3455cbd7b468132b2b9d528a0 Author: Karolin Seeger Date: Mon Sep 7 12:46:21 2020 +0200 VERSION: Disable GIT_SNAPSHOT for the 4.13.0rc4 release. Signed-off-by: Karolin Seeger commit 29e15b80541ad50ebecd3618ed6b3472f794d549 Author: Karolin Seeger Date: Mon Sep 7 12:45:48 2020 +0200 WHATSNEW: Add release notes for Samba 4.13.0rc4. Signed-off-by: Karolin Seeger --- Summary of changes: VERSION | 2 +- WHATSNEW.txt | 18 +- 2 files changed, 18 insertions(+), 2 deletions(-) Changeset truncated at 500 lines: diff --git a/VERSION b/VERSION index 045cb22a7f3..98143de8e35 100644 --- a/VERSION +++ b/VERSION @@ -87,7 +87,7 @@ SAMBA_VERSION_PRE_RELEASE= # e.g. SAMBA_VERSION_RC_RELEASE=1 # # -> "3.0.0rc1" # -SAMBA_VERSION_RC_RELEASE=4 +SAMBA_VERSION_RC_RELEASE=5 # To mark SVN snapshots this should be set to 'yes'# diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 81d9300df94..6c0cd70e840 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,7 +1,7 @@ Release Announcements = -This is the third release condidate of Samba 4.13. This is *not* +This is the fourth release condidate of Samba 4.13. This is *not* intended for production environments and is designed for testing purposes only. Please report any defects via the Samba bug reporting system at https://bugzilla.samba.org/. @@ -87,6 +87,22 @@ smb.conf changes client use spnego Deprecated yes +CHANGES SINCE 4.13.0rc3 +=== + +o David Disseldorp + * BUG 14437: build: Toggle vfs_snapper using "--with-shared-modules". + +o Volker Lendecke + * BUG 14465: idmap_ad does not deal properly with a RFC4511 section 4.4.1 + response. + +o Stefan Metzmacher + * BUG 14428: PANIC: Assert failed in get_lease_type(). + * BUG 14465: idmap_ad does not deal properly with a RFC4511 section 4.4.1 + response. + + CHANGES SINCE 4.13.0rc2 === -- Samba Shared Repository
[SCM] Samba Shared Repository - annotated tag samba-4.13.0rc4 created
The annotated tag, samba-4.13.0rc4 has been created at d4e9242c6506c3e7cb67428ed9101fd484754a7f (tag) tagging caa4cf52fda3455cbd7b468132b2b9d528a0 (commit) replaces samba-4.13.0rc3 tagged by Karolin Seeger on Mon Sep 7 12:55:15 2020 +0200 - Log - samba: tag release samba-4.13.0rc4 -BEGIN PGP SIGNATURE- iF0EABECAB0WIQRS+8C4bZVLCEMyTNxvM5FbZWi36gUCX1YRkwAKCRBvM5FbZWi3 6gmJAJ9t4VHNyLvRfJyRbcORJ5oB5lPS5gCfWr+3Z91Hr3zeQYgm6djKBwtUHS0= =e2cX -END PGP SIGNATURE- David Disseldorp (1): build: toggle vfs_snapper using --with-shared-modules Karolin Seeger (3): VERSION: Bump version up to 4.13.0rc4... WHATSNEW: Add release notes for Samba 4.13.0rc4. VERSION: Disable GIT_SNAPSHOT for the 4.13.0rc4 release. Stefan Metzmacher (8): idmap_ad: Pass tldap debug messages on to DEBUG() s3:selftest: also run durable_v2_reconnect_delay_msec in samba3.blackbox.durable_v2_delay s3:share_mode_lock: reproduce problem with stale disconnected share mode entries s3:share_mode_lock: let share_mode_forall_entries/share_entry_forall evaluate e.stale first s3:share_mode_lock: consistently debug share_mode_entry records s3:share_mode_lock: add missing 'goto done' in share_mode_cleanup_disconnected() s3:share_mode_lock: make sure share_mode_cleanup_disconnected() removes the record s3:share_mode_lock: remove unused reproducer for bug #14428 Volker Lendecke (13): build: Wrap a long line torture: Test ldap session expiry ldap_server: Add the krb5 expiry to conn->limits ldap_server: Terminate LDAP connections on krb ticket expiry tldap: Only free() ld->pending if "req" is part of it tldap: Fix tldap_msg_received() tldap: Always remove ourselves from ld->pending at cleanup time tldap: Maintain the ldap read request in tldap_context tldap: Centralize connection rundown on error tldap: Make sure all requests are cancelled on rundown tldap: Add PRINTF_ATTRIBUTE declaration to tldap_debug() test: Test winbind idmap_ad ticket expiry behaviour tldap: Receiving "msgid == 0" means the connection is dead --- -- Samba Shared Repository
[SCM] Samba Website Repository - branch master updated
The branch, master has been updated via 1c313e3 NEWS[4.13.0rc4]: Samba 4.13.0rc4 Available for Download from 64546f4 NEWS[4.13.0rc3]: Samba 4.13.0rc3 Available for Download https://git.samba.org/?p=samba-web.git;a=shortlog;h=master - Log - commit 1c313e3f126350a0b198dca66d4f24c5aaabada2 Author: Karolin Seeger Date: Mon Sep 7 12:55:32 2020 +0200 NEWS[4.13.0rc4]: Samba 4.13.0rc4 Available for Download Signed-off-by: Karolin Seeger --- Summary of changes: posted_news/20200907-105633.4.13.0rc4.body.html | 12 posted_news/20200907-105633.4.13.0rc4.headline.html | 3 +++ 2 files changed, 15 insertions(+) create mode 100644 posted_news/20200907-105633.4.13.0rc4.body.html create mode 100644 posted_news/20200907-105633.4.13.0rc4.headline.html Changeset truncated at 500 lines: diff --git a/posted_news/20200907-105633.4.13.0rc4.body.html b/posted_news/20200907-105633.4.13.0rc4.body.html new file mode 100644 index 000..d251303 --- /dev/null +++ b/posted_news/20200907-105633.4.13.0rc4.body.html @@ -0,0 +1,12 @@ + +07 September 2020 +Samba 4.13.0rc4 Available for Download + +This is the fourth release candidate of the upcoming Samba 4.13 release series. + + +The uncompressed tarball has been signed using GnuPG (ID 6F33915B6568B7EA). +The source code can be https://download.samba.org/pub/samba/rc/samba-4.13.0rc4.tar.gz;>downloaded now. +See https://download.samba.org/pub/samba/rc/samba-4.13.0rc4.WHATSNEW.txt;>the release notes for more info. + + diff --git a/posted_news/20200907-105633.4.13.0rc4.headline.html b/posted_news/20200907-105633.4.13.0rc4.headline.html new file mode 100644 index 000..9b308d2 --- /dev/null +++ b/posted_news/20200907-105633.4.13.0rc4.headline.html @@ -0,0 +1,3 @@ + + 07 September 2020 Samba 4.13.0rc4 Available for Download + -- Samba Website Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 0b742ec6a05 s4:smb_server: Use cli_credentials_init_server() for negprot via 6c94ebf77fd s4:rpc_server: Use cli_credentials_init_server() via 2c00bea2aef auth:creds: Add cli_credentials_init_server() via 515cffb1f20 auth:gensec: If Kerberos is required, keep schannel for machine account auth via a33a40bbc84 auth:gensec: Pass use_kerberos and keep_schannel to gensec_use_kerberos_mechs() via 2186d4131ad auth:gensec: Make gensec_use_kerberos_mechs() a static function via 5e3363e0b82 s4:ldap_server: Use samba_server_gensec_start() in ldapsrv_backend_Init() via b34e8dc8982 auth:gensec: Add gensec_security_sasl_names() via 5fc3a71d0f5 waf: upgrade to 2.0.20 via 896b7bbcf25 bootstrap: install perl-JSON on on rpm distributions via e0e51632cf7 bootstrap: document git push -o ci.variable='SAMBA_CI_REBUILD_IMAGES=yes' via b716dbc9768 python/tests/gpo: this should fix a Popen deadlock from 6444a743525 s3:libads: Also add a realm entry for the domain name https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 0b742ec6a0558397d5cf01b99a401f8e2bc0e2e0 Author: Andreas Schneider Date: Mon Sep 7 09:19:43 2020 +0200 s4:smb_server: Use cli_credentials_init_server() for negprot Signed-off-by: Andreas Schneider Autobuild-User(master): Stefan Metzmacher Autobuild-Date(master): Mon Sep 7 13:22:26 UTC 2020 on sn-devel-184 commit 6c94ebf77fdb7383be2042f5e20ba2ef598cd4a4 Author: Andreas Schneider Date: Fri Sep 4 12:21:36 2020 +0200 s4:rpc_server: Use cli_credentials_init_server() Signed-off-by: Andreas Schneider commit 2c00bea2aefdcc69608dffdafa7ce581d31f9354 Author: Andreas Schneider Date: Fri Sep 4 12:21:21 2020 +0200 auth:creds: Add cli_credentials_init_server() Signed-off-by: Andreas Schneider Reviewed-by: Stefan Metzmacher commit 515cffb1f20eacb041ff7b3d43f8a122a82ddfbd Author: Stefan Metzmacher Date: Fri Sep 4 17:00:45 2020 +0200 auth:gensec: If Kerberos is required, keep schannel for machine account auth Signed-off-by: Stefan Metzmacher Signed-off-by: Andreas Schneider commit a33a40bbc848e5691869cf264009d23a03128f31 Author: Stefan Metzmacher Date: Fri Sep 4 14:41:43 2020 +0200 auth:gensec: Pass use_kerberos and keep_schannel to gensec_use_kerberos_mechs() Signed-off-by: Stefan Metzmacher Reviewed-by: Andreas Schneider commit 2186d4131ad4c7961d0c830bf9d48f3d06d27924 Author: Stefan Metzmacher Date: Fri Sep 4 14:39:15 2020 +0200 auth:gensec: Make gensec_use_kerberos_mechs() a static function Signed-off-by: Stefan Metzmacher Reviewed-by: Andreas Schneider commit 5e3363e0b82193700f91a9bae5080aae0b744e5c Author: Stefan Metzmacher Date: Fri Sep 4 10:48:27 2020 +0200 s4:ldap_server: Use samba_server_gensec_start() in ldapsrv_backend_Init() Signed-off-by: Stefan Metzmacher Reviewed-by: Andreas Schneider commit b34e8dc8982b625d946e2ac8794ee41311bc41c2 Author: Stefan Metzmacher Date: Fri Sep 4 10:47:54 2020 +0200 auth:gensec: Add gensec_security_sasl_names() Pair-Programmed-With: Andreas Schneider Signed-off-by: Andreas Schneider Signed-off-by: Stefan Metzmacher commit 5fc3a71d0f54b176d3cb2e399718d0468507e797 Author: David Mulder Date: Mon Aug 24 13:12:46 2020 -0600 waf: upgrade to 2.0.20 This contain an important change: "Fix gccdeps.scan() returning nodes that no longer exist on disk." https://gitlab.com/ita1024/waf/-/merge_requests/2293 Signed-off-by: David Mulder Reviewed-by: Stefan Metzmacher commit 896b7bbcf25b336a970441396d8e60c3d115a1b9 Author: Stefan Metzmacher Date: Fri Apr 3 12:16:08 2020 +0200 bootstrap: install perl-JSON on on rpm distributions This will be needed for the next heimdal import. Signed-off-by: Stefan Metzmacher Reviewed-by: Andrew Bartlett commit e0e51632cf77be439ebcbcba025a42e8558fa824 Author: Stefan Metzmacher Date: Thu Aug 6 15:27:24 2020 +0200 bootstrap: document git push -o ci.variable='SAMBA_CI_REBUILD_IMAGES=yes' This is much easier than going through the web interface. Signed-off-by: Stefan Metzmacher Reviewed-by: Andrew Bartlett commit b716dbc9768bd6a0ef7d016a9c79e8759e383732 Author: Stefan Metzmacher Date: Mon Sep 7 10:31:36 2020 +0200 python/tests/gpo: this should fix a Popen deadlock It is inspired by commit 5dc773a5b00834c7a53130a73a48f49048bd55e8 Author: Joe Guo Date: Fri Sep 15 16:13:26 2017 +1200 python: use communicate to fix Popen deadlock `Popen.wait()` will deadlock when using stdout=PIPE and/or stderr=PIPE and the child process generates large output to a pipe such that it blocks
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 7a3c368d787 s3: libsmb: Cleanup in get_dc_list() via 170051d61eb s3: libsmb: Now we only have namecache_store_sa(), rename it back to namecache_store(). via 2989d736c4a s3: libsmb: Remove use of struct ip_service from the namecache code. via 9da8d26fe06 s3: libsmb: Remove the last caller of namecache_store(). via 3dad456d8cb s3: libsmb: Add internal conversion function ip_service_to_samba_sockaddr(). via 4c81f39012c s3: winbindd: Use namecache_store_sa() inside dcip_check_name(). via 1593231e0ef s3: libsmb: Use namecache_store_sa() instead of namecache_store(). via 0e59fee2917 s3: libsmb: Add namecache_store_sa(). Doesn't store ports and takes a samba_sockaddr array. via 7835e2cb480 s3: libsmb: Add internal ipstr_list_make_sa(). via 39ecff712f0 s3: libsmb: Cleanup - resolve_name() get names from internal_resolve_names() which is guaranteed not to return zero addresses. via c6cc05f5976 s3: libsmb: Remove commented out wrapper for internal_resolve_name(). via f36a0be9a76 s3: libsmb: Comment out wrapper function internal_resolve_name(). Rename _internal_resolve_name() -> internal_resolve_name(). via 57349b65cc4 s3: libsmb: Remove now unused dup_ip_service_array(). via 68e12688f2b s3: libsmb: Finally change _internal_resolve_name() to return a talloc'ed ip_service array. via 863ab1af625 s3: libsmb: Make _internal_resolve_name() return a size_t pointer for count. via 31674946b77 s3: libsmb: _internal_resolve_name() code cleanup. via 5e819231b3a s3: libsmb: _internal_resolve_name() code cleanup. via e68e0402cce s3/libsmb: Cleanup coding in convert_ss2service() via 6b0b726105e s3: libsmb: Cleanup coding in convert_ss2service(). via 9e4b5349f23 s3: libsmb: Change convert_ss2service() and it's one caller to take and return unsigned counts. via cb01b5e433d s3: libsmb: Make namecache_store() take an unsigned count. via f39ff1367a1 s3: libsmb: _internal_resolve_name(). Remove unused free(s). via 4d4bf8eedbe s3: libsmb: Convert namecache_fetch() and it's only caller to return a talloc'ed array of struct samba_sockaddr. via 9ffb18856bf s3: libsmb: Cleanup the code to do one address return given an IP address to _internal_resolve_name(). via aa20df217c4 s3: libsmb: Change remove_duplicate_addrs2() to take and return size_t, not int. via e065fc8e284 s3: libsmb: Move talloc_stackframe() initialization to the front of _internal_resolve_name(). via f5bb322e66d s3: libsmb: Rename internal_resolve_name_talloc() -> internal_resolve_name(). via a68d329b407 s3: libsmb: Remove internal_resolve_name() externally. All callers now use internal_resolve_name_talloc(). via e5fd57d6e57 s3/libsmb: Cleanup, don't modify out params except on success via a16d023c15a s3: libsmb: Make discover_dc_netbios() use internal_resolve_name_talloc(). via fed4b6341c9 s3: libsmb: Make get_dc_list() use internal_resolve_name_talloc(). via 37eaee03e0e s3: libsmb: Make get_pdc_ip() use internal_resolve_name_talloc(). via 55b589e9b04 s3: libsmb: Make find_master_ip() use internal_resolve_name_talloc(). via 12e346d9d80 s3/libsmb: resolve_name_list don't update out params except for success via 505272a893d s3: libsmb: Make resolve_name_list() use internal_resolve_name_talloc(). via e18eb94f427 s3: libsmb: namequery - Make resolve_name() use internal_resolve_name_talloc(). via c6fc75a73bd s3: libsmb: namequery - Add internal_resolve_name_talloc(). via c0ccdd7038a s3: libsmb: Make get_dc_list() internal to namequery.c return talloc'ed ip_service array. via 973ca8a5c01 s3: libsmb: Cleanup - use early return in get_dc_list(). via 46f7ab8f370 s3: libsmb: Change get_dc_list() to return a size_t count parameter. via b9bc1e59bd8 s3: libsmb: Change to an early return in get_dc_list(). via 3b3f92a2fa7 s3: libsmb: Cleanup - rename ctx -> frame for a talloc_stackframe to match modern coding standards. via 23fb64f35a6 s3: libsmb: Rename get_sorted_dc_list_talloc() -> get_sorted_dc_list() via a0984e50642 s3: libsmb: Remove get_sorted_dc_list(). via e8b7162415d s3: winbindd: Move callers of get_sorted_dc_list() -> get_sorted_dc_list_talloc(). via 1d6c3c2dea2 s3: net lookup: Move callers of get_sorted_dc_list() -> get_sorted_dc_list_talloc(). via b4164093cfe s3: libsmb: Move callers of get_sorted_dc_list() -> get_sorted_dc_list_talloc(). via fbc2031800c s3: libads: Move callers of get_sorted_dc_list() -> get_sorted_dc_list_talloc(). via f305a140d10 s3: libsmb: Add get_sorted_dc_list_talloc(). via 6deb23c6187 s3: libads: Rename get_kdc_list_talloc() -> get_kdc_list(). via b7182c44176 s3: libsmb: